specification mining with few false positives
play

Specification Mining With Few False Positives Claire Le Goues - PowerPoint PPT Presentation

Mar 18, 2024 •475 likes •985 views

1 Specification Mining With Few False Positives Claire Le Goues Westley Weimer University of Virginia March 25, 2009 2 Slide 0.5: Hypothesis We can use measurements of the trustworthiness of source code to mine specifications with

  1. 1 Specification Mining With Few False Positives Claire Le Goues Westley Weimer University of Virginia March 25, 2009

  2. 2 Slide 0.5: Hypothesis We can use measurements of the “trustworthiness” of source code to mine specifications with few false positives.

  3. 3 Slide 0.5: Hypothesis We can use measurements of the “trustworthiness” of source code to mine specifications with few false positives.

  4. 4 Slide 0.5: Hypothesis We can use measurements of the “trustworthiness” of source code to mine specifications with few false positives.

  5. 5 Slide 0.5: Hypothesis We can use measurements of the “trustworthiness” of source code to mine specifications with few false positives.

  6. 6 Outline • Motivation: Specifications • Problem: Specification Mining • Solution: Trustworthiness • Evaluation: 3 Experiments • Conclusions

  7. 7

  8. 8 Why Specifications? • Modifying code, correcting defects, and evolving code account for as much as 90% of the total cost of software projects. • Up to 60% of maintenance time is spent studying existing software. • Specifications are useful for debugging, testing, maintaining, refactoring, and documenting software.

  9. 9 Our Definition (Broadly) A specification is a formal description of some aspect of legal program behavior.

  10. 10 What kind of specification? • We would like specifications that are simple and machine-readable • We focus on partial-correctness specifications describing temporal properties ▫ Describes legal sequences of events, where an event is a function call; similar to an API. • Two-state finite state machines

  11. 11 Example Specification Event A: Mutex.lock() Event B: Mutex.unlock()

  12. 12 Example: Locks Mutex.lock() 1 2 1 Mutex.unlock()

  13. 13 Our Specifications • For the sake of this work, we are talking about this type of two-state temporal specifications. • These specifications correspond to the regular expression (ab)* ▫ More complicated patterns are possible.

  14. 14

  15. 15 Where do formal specifications come from? • Formal specifications are useful, but there aren’t as many as we would like. • We use specification mining to automatically derive the specifications from the program itself.

  16. 16 Mining 2-state Temporal Specifications • Input: program traces – a sequence of events that can take place as the program runs. ▫ Consider pairs of events that meet certain criteria. ▫ Use statistics to figure out which ones are likely true specifications. • Output: ranked set of candidate specifications, presented to a programmer for review and validation.

  17. 17 Problem: False Positives Are Common Event A: Iterator.hasNext() Event B: Iterator.next() • This is very common behavior. • This is not required behavior. ▫ Iterator.hasNext() does not have to be followed eventually by Iterator.next() in order for the code to be correct. • This candidate specification is a false positive.

  18. 18 Previous Work * Adapted from Weimer-Necula, TACAS 2005 Benchmark LOC Candidate Specs False Positive Rate Infinity 28K 10 90% Hibernate 57K 51 82% Axion 65K 25 68% Hsqldb 71K 62 89% Cayenne 86K 35 86% Sablecc 99K 4 100% Jboss 107K 114 90% Mckoi-sql 118K 156 88% Ptolemy2 362K 192 95%

  19. 19 Previous Work * Adapted from Weimer-Necula, TACAS 2005 Benchmark LOC Candidate Specs False Positive Rate Infinity 28K 10 90% Hibernate 57K 51 82% Axion 65K 25 68% Hsqldb 71K 62 89% Cayenne 86K 35 86% Sablecc 99K 4 100% Jboss 107K 114 90% Mckoi-sql 118K 156 88% Ptolemy2 362K 192 95%

  20. 20

  21. 21 The Problem (as we see it) • Let’s pretend we’d like to learn the rules of English grammar. • …but all we have is a stack of high school English papers. • Previous miners ignore the differences between A papers and F papers. • Previous miners treat all traces as though they were all equally indicative of correct program behavior.

  22. 22 Solution: Code Trustworthiness • Trustworthy code is unlikely to exhibit API policy violations. • Candidate specifications derived from trustworthy code are more likely to be true specifications.

  23. 23 What is trustworthy code? Informally… • Code that hasn’t been changed recently • Code that was written by trustworthy developers • Code that hasn’t been cut and pasted all over the place • Code that is readable • Code that is well-tested • And so on.

  24. 24 Can you firm that up a bit? • Multiple surface-level, textual, and semantic features can reveal the trustworthiness of code ▫ Churn, author rank, copy-paste development, readability, frequency, feasibility, density, and others. • Our miner should believe that lock() – unlock() is a specification if it is often followed on trustworthy traces and often violated on untrustworthy ones.

  25. 25 A New Miner • Statically estimate the trustworthiness of each code fragment. • Lift that judgment to program traces by considering the code visited along the trace. • Weight the contribution of each trace by its trustworthiness when counting event frequencies while mining.

  26. 26 Incorporating Trustworthiness • We use linear regression on a set of previously published specifications to learn good weights for the different trustworthiness factors. • Different weights yield different miners.

  27. 27

  28. 28 Experimental Questions • Can we use trustworthiness metrics to build a miner that finds useful specifications with few false positives? • Which trustworthiness metrics are the most useful in finding specifications? • Do our ideas about trustworthiness generalize?

  29. 29 Experimental Questions • Can we use trustworthiness metrics to build a miner that finds useful specifications with few false positives? • Which trustworthiness metrics are the most useful in finding specifications? • Do our ideas about trustworthiness generalize?

  30. 30 Experimental Setup: Some Definitions • False positive : an event pair that appears in the candidate list, but a program trace may contain only event A and still be correct. • Our normal miner balances true positives and false positives (maximizes F-measure) • Our precise miner avoids false positives (maximizes precision)

  31. 31 Experiment 1: A New Miner Normal Miner Precise Miner WN On this dataset: • Our normal Violations Violations Violations False False False miner produces 107 false positive Program specifications. Hibernate 53% 279 17% 153 82% 93 • Our precise Axion 42% 71 0% 52 68% 45 miner produces 1 Hsqldb 25% 36 0% 5 89% 35 The previous • work produces jboss 84% 255 0% 12 90% 94 567. Cayenne 58% 45 0% 23 86% 18 Mckoi-sql 59% 20 0% 7 88% 69 ptolemy 14% 44 0% 13 95% 72 Total 69% 740 5% 265 89% 426

  32. 32 More Thoughts On Experiment 1 • Our normal miner improves on the false positive rate of previous miners by 20%. • Our precise miner offers an order-of-magnitude improvement on the false positive rate of previous work. • We find specifications that are more useful in terms of bug finding: we find 15 bugs per mined specification, where previous work only found 7. • In other words: we find useful specifications with fewer false positives.

  33. 33 Experimental Questions • Can we use trustworthiness metrics to build a miner that finds useful specifications with few false positives? • Which trustworthiness metrics are the most useful in finding specifications? • Do our ideas about trustworthiness generalize?

  34. 34 Experiment 2: Metric Importance Metric F p • Results of an analysis of Frequency 32.3 0.0000 variance (ANOVA). Copy-Paste 12.4 0.0004 Shows the importance of • Code Churn 10.2 0.0014 the trustworthiness Density 10.4 0.0013 metrics. Readability 9.4 0.0021 F is the predictive power • Feasibility 4.1 0.0423 (1.0 means no power). Author Rank 1.0 0.3284 • p is the probability that it Exceptional 10.8 0.0000 Dataflow 4.3 0.0000 had no effect (smaller is Same Package 4.0 0.0001 better). One Error 2.2 0.0288

  35. 35 More Thoughts on Experiment 2 Metric F p • Statically predicted path Frequency 32.3 0.0000 frequency has the strongest Copy-Paste 12.4 0.0004 predictive power. Code Churn 10.2 0.0014 Density 10.4 0.0013 Readability 9.4 0.0021 Feasibility 4.1 0.0423 Author Rank 1.0 0.3284 Exceptional 10.8 0.0000 Dataflow 4.3 0.0000 Same Package 4.0 0.0001 One Error 2.2 0.0288

  36. 36 More Thoughts on Experiment 2 Metric F p • Statically predicted path Frequency 32.3 0.0000 frequency has the strongest Copy-Paste 12.4 0.0004 predictive power. Code Churn 10.2 0.0014 • Author rank has no effect Density 10.4 0.0013 on the model. Readability 9.4 0.0021 Feasibility 4.1 0.0423 Author Rank 1.0 0.3284 Exceptional 10.8 0.0000 Dataflow 4.3 0.0000 Same Package 4.0 0.0001 One Error 2.2 0.0288

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Your Own WAF as a Service and Forgetting about False Positives 1 Building Your Own WAF

Building Your Own WAF as a Service and Forgetting about False Positives 1 Building Your Own WAF

Building Your Own WAF as a Service and Forgetting about False Positives 1 Building Your Own WAF as a Service and Forgetting about False Positives Juan Berner Juan Berner @89berner Lead security developer @Booking.com Blog:

694 views • 58 slides
Post hoc bounds on false positives using Post hoc bounds on false positives using reference

Post hoc bounds on false positives using Post hoc bounds on false positives using reference

Post hoc bounds on false positives using Post hoc bounds on false positives using reference families reference families Pierre Neuvial Pierre Neuvial CNRS and Institut de Mathmatiques de Toulouse (France) CNRS and Institut de Mathmatiques

587 views • 23 slides
PUBLIC POLICY TOWARD ABUSE OF FIRM DOMINANCE Outline Public policy: false positives and

PUBLIC POLICY TOWARD ABUSE OF FIRM DOMINANCE Outline Public policy: false positives and

PUBLIC POLICY TOWARD ABUSE OF FIRM DOMINANCE Outline Public policy: false positives and false negatives Cases Outline Public policy: false positives and false negatives Cases Basic trade-off: Type I and Type II errors Errors

434 views • 21 slides
False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of California, Berkeley Haas School of Business Summer Institute June 2014 Who am I? Experimental psychologist who studies judgment and

1.25k views • 88 slides
Alert classification to reduce false positives in intrusion detection P h D D e f e n s e P r e

Alert classification to reduce false positives in intrusion detection P h D D e f e n s e P r e

Alert classification to reduce false positives in intrusion detection P h D D e f e n s e P r e s e n t a t i o n / 't deu p e'tr ek / Tadeusz Pietraszek tadek@pietraszek.org Albert-Ludwigs-Universitt Freiburg

900 views • 89 slides
An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill Yurcik David Doss Department of Applied Computer Science Illinois State University * Overview 1) the problem 2) software tool 3)

750 views • 20 slides
Evaluating Sensitive Question Techniques An Approach that Detects False Positives oglinger 1

Evaluating Sensitive Question Techniques An Approach that Detects False Positives oglinger 1

source: https://doi.org/10.7892/boris.94192 Evaluating Sensitive Question Techniques An Approach that Detects False Positives oglinger 1 Andreas Diekmann 2 Marc H 1 University of Bern, Institute of Sociology, marc.hoeglinger@soz.unibe.ch 2 ETH

482 views • 21 slides
Rheumatoid Arthritis Diagnosis Avoiding CCP False Positives Through Test Selection Dr. Teresa

Rheumatoid Arthritis Diagnosis Avoiding CCP False Positives Through Test Selection Dr. Teresa

Rheumatoid Arthritis Diagnosis Avoiding CCP False Positives Through Test Selection Dr. Teresa Tarrant Duke University School of Medicine The world leader in serving science Bio Dr. Tarrant is a Clinical Immunologist, board certified in

677 views • 51 slides
Duplicate Payments: Remove the Noise of False Positives Karl Andersson, Founder Phone:

Duplicate Payments: Remove the Noise of False Positives Karl Andersson, Founder Phone:

Duplicate Payments: Remove the Noise of False Positives Karl Andersson, Founder Phone: 508-480-8990 Fax: 781-634-0500 www.technology-insight.com Webcast Logistics Collapse or expand the main menu Full screen or reduced screen Raise hand

263 views • 25 slides
Scoring model for IoCs by combining open intelligence feeds to reduce false positives Authors:

Scoring model for IoCs by combining open intelligence feeds to reduce false positives Authors:

Scoring model for IoCs by combining open intelligence feeds to reduce false positives Authors: Supervisors: Joao de Novais Marques Jelle Ermerins Leandro Velasco Niek van Noort 1 Introduction Indicators of Compromise (IoCs) identify

349 views • 30 slides
Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work with Sam Blackshear, Peter OHearn, Nikos Gorogiannis Key Messages Static analyses for concurrency can be made scalable and precise . Unsound

827 views • 80 slides
Building Your Own WAF as a Service and Forgetting about False Positives Juan Berner 1 About me

Building Your Own WAF as a Service and Forgetting about False Positives Juan Berner 1 About me

Building Your Own WAF as a Service and Forgetting about False Positives Juan Berner 1 About me Lead security developer @Booking.com Twitter: @89berner medium.com/@89berner 2 Building Your Own WAF as a Service and Forgetting

780 views • 56 slides
Harry Xu May 2012 Complex, concurrent software Precision (no false positives) Find real bugs in

Harry Xu May 2012 Complex, concurrent software Precision (no false positives) Find real bugs in

Harry Xu May 2012 Complex, concurrent software Precision (no false positives) Find real bugs in real executions Need to modify JVM (e.g., object layout, GC, or ISA-level code) Need to demonstrate realism (usually performance) Otherwise use

1.05k views • 64 slides
Modeling trade-offs between false positives and negatives Tyler Moore Computer Science &

Modeling trade-offs between false positives and negatives Tyler Moore Computer Science &

Notes Modeling trade-offs between false positives and negatives Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX October 2, 2012 Homework 1 Optimal filter configuration Notes Outline Homework 1 1 Summary

278 views • 9 slides
Bloom Filters Queries False-Positives Analysis Summary Anil Maheshwari anil@scs.carleton.ca

Bloom Filters Queries False-Positives Analysis Summary Anil Maheshwari anil@scs.carleton.ca

Bloom Filters Anil Maheshwari Bloom Filter Data Structure Bloom Filters Queries False-Positives Analysis Summary Anil Maheshwari anil@scs.carleton.ca School of Computer Science Carleton University Canada Outline Bloom Filters Anil

556 views • 13 slides
# of true positives true positive rate = # of known positives (Proportion of actual positives

# of true positives true positive rate = # of known positives (Proportion of actual positives

True positive rate (Sensitivity) # of true positives true positive rate = # of known positives (Proportion of actual positives that are correctly identified) True negative rate (Specificity) # of true negatives true negative rate = # of known

402 views • 18 slides
Acknowledgements Molly Amman, JD Kim Anderson-Drevs, PhD, RN Frederick Calhoun

Acknowledgements Molly Amman, JD Kim Anderson-Drevs, PhD, RN Frederick Calhoun

7/28/2016 Keeping Our Workers Safe: Developing a Comprehensive Program for Prevention and Management of Violence in the Workplace Lynn M. Van Male, PhD Director, Veterans Health Administration (VHA) Workplace Violence Prevention Program VHA

688 views • 48 slides
Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019

Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019

Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019 International Symposium on Physical Design San Francisco, CA Gyuszi Suto, Geoff S. Greenleaf, Phanindra Bhagavatula, Heinrich R. Fischer Sanjay K.

385 views • 27 slides
Computer Science at Lehigh Jeff Trinkle Professor and Chair Department of Computer Science and

Computer Science at Lehigh Jeff Trinkle Professor and Chair Department of Computer Science and

Computer Science at Lehigh Jeff Trinkle Professor and Chair Department of Computer Science and Engineering Jeff.Trinkle@lehigh.edu https://engineering.lehigh.edu/cse 4/10/2020 4/10/2020 1 1 Agenda of CSE Information Session (5 min)

1.86k views • 29 slides
I do not have (nor does any immediate family member

I do not have (nor does any immediate family member

10/1/15 Disclosure Statement I do not have (nor does any immediate family member have) a vested interest in or affiliaFon with any

510 views • 9 slides
Constructions and Applications for Accurate Counting of the Bloom Filter False Positive Free Zone

Constructions and Applications for Accurate Counting of the Bloom Filter False Positive Free Zone

Constructions and Applications for Accurate Counting of the Bloom Filter False Positive Free Zone Ori Rottenstreich Pedro Reviriego Ely Porat S. Muthukrishnan Technion Uni. Carlos III de Madrid Bar Ilan

461 views • 24 slides
Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe]

Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe]

Day 1 Lecture 2 Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe] Binary classification [1, 0] DOG 2 Image Classification 3 Image Classification pipeline Dog 4 Slide credit: Jose M lvarez

339 views • 23 slides
Estimating the false positive percentage of Kepler single systems

Estimating the false positive percentage of Kepler single systems

Estimating the false positive percentage of Kepler single systems from the multi systems Brandon Tingley, Aarhus University Ewan Cameron, Oxford University

364 views • 19 slides
CS 473: Algorithms Chandra Chekuri Ruta Mehta University of Illinois, Urbana-Champaign Fall

CS 473: Algorithms Chandra Chekuri Ruta Mehta University of Illinois, Urbana-Champaign Fall

CS 473: Algorithms Chandra Chekuri Ruta Mehta University of Illinois, Urbana-Champaign Fall 2016 Chandra & Ruta (UIUC) CS473 1 Fall 2016 1 / 22 CS 473: Algorithms, Fall 2016 Fingerprinting Lecture 11 September 28, 2016 Chandra

960 views • 81 slides

More recommend