pmaf an algebraic framework for static analysis of
play

PMAF : AN ALGEBRAIC FRAMEWORK FOR STATIC ANALYSIS OF PROBABILISTIC - PowerPoint PPT Presentation

Mar 06, 2023 •168 likes •969 views

PMAF : AN ALGEBRAIC FRAMEWORK FOR STATIC ANALYSIS OF PROBABILISTIC PROGRAMS Di Wang 1 , Jan Hoffmann 1 , Thomas Reps 2 1 Carnegie Mellon University 2 University of Wisconsin; GrammaTech, Inc. PROBABILISTIC PROGRAMS Draw random data from

  1. PMAF : AN ALGEBRAIC FRAMEWORK FOR STATIC ANALYSIS OF PROBABILISTIC PROGRAMS Di Wang 1 , Jan Hoffmann 1 , Thomas Reps 2 1 Carnegie Mellon University 2 University of Wisconsin; GrammaTech, Inc.

  2. PROBABILISTIC PROGRAMS Draw random data from distributions Condition control-flow at random

  3. PROBABILISTIC PROGRAMS b1 ~ Bernoulli (0.5); b2 ~ Bernoulli (0.7); while (b1 && b2) do if prob (0.6) then True randomness b1 ~ Bernoulli (0.5) else b2 ~ Bernoulli (0.7) Distributions on executions fi ; tick (1.0) od ; return (b1, b2)

  4. BAYESIAN NETWORKS Conditional distributions Pollution Smoker Query about the posterior Cancer Xray Res Dyspnea

  5. BAYESIAN NETWORKS Conditional distributions Pollution Smoker Query about the posterior Cancer Prob [ Cancer ∣ Smoker ∧ Xray Res ] = ? Xray Res Dyspnea

  6. BAYESIAN NETWORKS AS PROB. PROG. p b1 b2 0.6 0.5 0.7 p b1 b2 0.6 0.5 0.7

  7. BAYESIAN NETWORKS AS PROB. PROG. if prob (0.6) then p b1 ~ Bernoulli (0.5) else b1 b2 0.6 b2 ~ Bernoulli (0.7) fi 0.5 0.7 p b1 b2 0.6 0.5 0.7

  8. BAYESIAN NETWORKS AS PROB. PROG. 0.5 0.7 b1 ~ Bernoulli (0.5); ret b2 ~ Bernoulli (0.7); b1 b2 while (b1 && b2) do if prob (0.6) then b1 ~ Bernoulli (0.5) else && b2 ~ Bernoulli (0.7) fi ; tick (1.0) od ; p p return (b1, b2) b1 b1 b2 b2 0.6 0.6 0.5 0.5 0.7 0.7

  9. BAYESIAN NETWORKS AS PROB. PROG. 0.5 0.7 b1 ~ Bernoulli (0.5); ret b2 ~ Bernoulli (0.7); b1 b2 while (b1 && b2) do if prob (0.6) then b1 ~ Bernoulli (0.5) else && b2 ~ Bernoulli (0.7) fi ; tick (1.0) od ; p p return (b1, b2) b1 b1 b2 b2 0.6 0.6 Query: probability that b1 and b2 are both false ? 0.5 0.5 0.7 0.7

  10. BAYESIAN NETWORKS AS PROB. PROG. 0.5 0.7 b1 ~ Bernoulli (0.5); ret b2 ~ Bernoulli (0.7); b1 b2 while (b1 && b2) do if prob (0.6) then b1 ~ Bernoulli (0.5) else && b2 ~ Bernoulli (0.7) fi ; tick (1.0) od ; p p return (b1, b2) b1 b1 b2 b2 0.6 0.6 Query: expected termination time? 0.5 0.5 0.7 0.7

  11. SAMPLING-BASED TECHNIQUES Simulation & frequency count sample Flexible & universal Potentially unsound & inefficient approximate

  12. SAMPLING-BASED TECHNIQUES Simulation & frequency count sample Flexible & universal Potentially unsound & inefficient approximate What about static analysis ?

  13. ABSTRACT INTERPRETATION Cousot et al. proposed Probabilistic Abstract Interpretation 1 Sound , flexible, and universal 1 P . Cousot and M. Monerau. Probabilistic Abstract Interpretation. In ESOP’12 .

  14. ABSTRACT INTERPRETATION Cousot et al. proposed Probabilistic Abstract Interpretation 1 Sound , flexible, and universal Their concrete semantics resolves probabilities prior to nondeterminism 1 P . Cousot and M. Monerau. Probabilistic Abstract Interpretation. In ESOP’12 .

  15. ABSTRACT INTERPRETATION Cousot et al. proposed Probabilistic Abstract Interpretation 1 Sound , flexible, and universal Their concrete semantics resolves probabilities prior to nondeterminism Sometimes desirable to revolve nondeterminism prior to probabilities 1 P . Cousot and M. Monerau. Probabilistic Abstract Interpretation. In ESOP’12 .

  16. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi

  17. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi with prob. 1 4

  18. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi

  19. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi with prob. 1 4

  20. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi

  21. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi with prob. 1 4

  22. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi

  23. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi with prob. 1 4

  24. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi

  25. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi else if prob (0.5) then tick (1.0) else tick (2.0) fi fi Their concrete semantics yields 𝔽 [ T ] ∈ 1 4 ⋅ {1} + 1 4 ⋅ {2} + 1 4 ⋅ {1,2} + 1 4 ⋅ {1,2} = {1.25,1.5,1.75}

  26. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi Identical! else if prob (0.5) then tick (1.0) else tick (2.0) fi fi Their concrete semantics yields 𝔽 [ T ] ∈ 1 4 ⋅ {1} + 1 4 ⋅ {2} + 1 4 ⋅ {1,2} + 1 4 ⋅ {1,2} = {1.25,1.5,1.75}

  27. COUSOT ET AL.’S SEMANTICS * denotes nondeterministic choice tick(q) increases by q T if * then if prob (0.5) then tick (1.0) else tick (2.0) fi Identical! else if prob (0.5) then tick (1.0) else tick (2.0) fi fi Their concrete semantics yields 𝔽 [ T ] ∈ 1 4 ⋅ {1} + 1 4 ⋅ {2} + 1 4 ⋅ {1,2} + 1 4 ⋅ {1,2} = {1.25,1.5,1.75} while our semantics yields 𝔽 [ T ] = 1.5

  28. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs PMAF Recursion Unstructured control-flow Divergence Nondeterminism …

  29. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs PMAF

  30. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs PMAF Implement Prove Design

  31. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs PMAF

  32. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs Existing PMAF Bayesian Inference Markov Decision Problem

  33. CONTRIBUTIONS A denotational semantics with nondeterminism resolved first An algebraic framework for interprocedural dataflow analysis of first-order probabilistic programs Existing New PMAF Bayesian Inference Expectation-Invariant Analysis Markov Decision Problem

  34. EXAMPLE ANALYSES b1 ~ Bernoulli (0.5); Our framework can be b2 ~ Bernoulli (0.7); instantiated to prove : while (b1 && b2) do if prob (0.6) then b1 ~ Bernoulli (0.5) the probability that b1 and b2 else are both false at the end of b2 ~ Bernoulli (0.7) the program = 0.15 fi ; tick (1.0) the expected termination time od ; (ticks) = 5/6 return (b1, b2)

  35. OVERVIEW Motivation The Algebraic Framework Hyper-Graph Analysis Evaluation

  36. THE ALGEBRAIC FRAMEWORK Any static analysis method performs reasoning in some space of program properties and property operations Sequencing Cond.-choice Actions Prob.-choice Semantic Nondet.-choice skip Function Program x := x + 5 Properties b ~ Bernoulli (0.4) tick (1.0) …

  37. THE ALGEBRAIC FRAMEWORK Concrete Concrete Semantic Function Semantics Actions Concrete Operations skip Sound x := x + 5 Abstraction b ~ Bernoulli (0.4) tick (1.0) Abstract … Abstract Semantic Abstract Operations Function Semantics

  38. THE ALGEBRAIC FRAMEWORK Characterize program properties and property operations by algebraic laws

  39. THE ALGEBRAIC FRAMEWORK Characterize program properties and property operations by algebraic laws ⟨ M , ⊑ , ⊗ , φ ⋄ , p ⊕ , ⋓ , ⊥ , 1 ⟩

  40. THE ALGEBRAIC FRAMEWORK Characterize program properties and property operations by algebraic laws ⟨ M , ⊑ , ⊗ , φ ⋄ , p ⊕ , ⋓ , ⊥ , 1 ⟩ Program properties and approximation order

  41. THE ALGEBRAIC FRAMEWORK Characterize program properties and property operations by algebraic laws ⟨ M , ⊑ , ⊗ , φ ⋄ , p ⊕ , ⋓ , ⊥ , 1 ⟩ Program properties and approximation order Sequencing, cond.-choice, prob.-choice, and nondet.-choice

Recommend

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
rev.ng A unified static binary analysis framework Alessandro Di Federico PhD student at

rev.ng A unified static binary analysis framework Alessandro Di Federico PhD student at

rev.ng A unified static binary analysis framework Alessandro Di Federico PhD student at Politecnico di Milano LLVM developers meeting 2016 November 3, 2016 Index Introduction A peek inside Recovery of switch cases Function detection

908 views • 53 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

490 views • 37 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that Martin Steffen IfI UiO Spring 2014 Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on progress/interest

2.15k views • 194 slides
CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu February 1, 2017 Static Analysis Static Analysis is the process of documenting your observations about what identifying characteristics a

575 views • 8 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on

938 views • 69 slides
A Novel Algebraic Geometry Compiling Framework for Adiabatic Quantum Computation Raouf Dridi 1

A Novel Algebraic Geometry Compiling Framework for Adiabatic Quantum Computation Raouf Dridi 1

Algebraic geometry in optimization Algebraic geometry for Graph Minor Theory Applications A Novel Algebraic Geometry Compiling Framework for Adiabatic Quantum Computation Raouf Dridi 1 Hedayat Alghassi 1 Sridhar Tayur 1 1 Quantum Computing

548 views • 51 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile philip@tecnocode.co.uk July 30, 2017 MANCHESTER What is static analysis? Compile-time testing of all possible code paths. Whats Coverity static analysis

236 views • 12 slides
Outline t t Why static analysis? t t What is it? Underlying technology t Some

Outline t t Why static analysis? t t What is it? Underlying technology t Some

2005-05-04 Static Analysis methods and tools An industrial study t Pr Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU t itle Outline t t Why static analysis? t t What is it? Underlying technology t Some tools

438 views • 19 slides
Algebraic Analysis of AES Carlos Cid Information Security Group, Royal Holloway, University of

Algebraic Analysis of AES Carlos Cid Information Security Group, Royal Holloway, University of

Algebraic Analysis of AES Carlos Cid Information Security Group, Royal Holloway, University of London ECRYPT II AES Day 18 Oct 2012 Algebraic Analysis of AES Carlos Cid Algebraic Analysis of AES AES is an algorithm with a simple and very

558 views • 23 slides
Introduction to the Summer School Algebra, Algorithms and Algebraic Analysis Viktor Levandovskyy,

Introduction to the Summer School Algebra, Algorithms and Algebraic Analysis Viktor Levandovskyy,

Operator algebras, partial classification More general framework: G -algebras Systems, modules, solutions Introduction to the Summer School Algebra, Algorithms and Algebraic Analysis Viktor Levandovskyy, Daniel Andres Lehrstuhl D f ur

1.09k views • 79 slides
Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Tid rum Static Execution Time Analysis Niklas Holsti Space Systems Finland Ltd (now) Tidorum Ltd(to be) Overview Area of interest Current state Work in progress What to do next 1 bo Akademi, ES lab, 2003-10-03 Tid rum

466 views • 12 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

487 views • 33 slides
Static Analysis with Demand-Driven Value Refinement Benno Stein, Benjamin Barslev Nielsen,

Static Analysis with Demand-Driven Value Refinement Benno Stein, Benjamin Barslev Nielsen,

Static Analysis with Demand-Driven Value Refinement Benno Stein, Benjamin Barslev Nielsen, Bor-Yuh Evan Chang & Anders Mller Sound static analysis for JavaScript Static analysis for JavaScript is very challenging o[m]() 2 /17

605 views • 36 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI

Introduction to Static Analysis for Assurance John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Static Analysis for Assurance: 1 Overview What is static analysis? Examples of some techniques

732 views • 34 slides

More recommend