Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safely Supporting Probabilistic Data: PL Techniques as Part of the Story Dan Grossman University of Washington.

Published byΦῆλιξ Λαγός Modified over 5 years ago

Similar presentations

Presentation on theme: "Safely Supporting Probabilistic Data: PL Techniques as Part of the Story Dan Grossman University of Washington."— Presentation transcript:

1 Safely Supporting Probabilistic Data: PL Techniques as Part of the Story Dan Grossman University of Washington

2 Executive summary Language design+implementation to help wrangle uncertainty PL concepts+tools are a huge help But also need to learn from statisticians Validate these claims with UW’s approximate computing work Acknowledgments: 9 co-authors [papers at end] Especially Adrian Sampson, Luis Ceze Including Kathryn and Todd

3 Background (1/2): PL bread-and-butter
Types for information flow int<H> x; int<L> y; if(x) y = 7; Symbolic execution z: z = x; if(x!=0) z = x*y; ? : == x * y Type inference let f =  y. y+7 let z = f 9 let q = z && true Function inlining/specialization int f(int x, int y){ return x*y; } f(0,a) f(3,b) f(3,b) f(1,c) c

4 Background (2/2): Approximation
Full bit-precision is unnecessary and wastes energy Allowing probabilistic [in]correctness can work! Let ALUs and memory produce garbage with low-nonzero probability But most code/programmers want nothing to do with that…

5 EnerJ (and EnerC) a la 2011 Information flow is exactly the right high-level abstraction Type qualifier Explicit endorse as needed Convenient: Opt-in with precise default Overloaded operations and methods Strong guarantee: Approximate data has no effect on precise data except via endorse (classic non-interference theorem) @approx int x = 12; int y = 27; y = x*2; x = y*3; @approx int z = f(x); if(looks_okay(z)) int w = endorse(z);

6 EnerJ limitations Only “best effort” semantics for approximate computation Encapsulated all the probability, and then ignored it! No approximate control-flow (without endorse) Stronger limitation to ensure non-interference, no crashes, no extra non-termination, …

7 Adding probabilities (2015)
Address limitation #1 directly: @approx<p> int: static guarantee that at run-time value will be correct with at least probability p Operator uses (e.g., +) also have correctness probability Precise Natural t t if p >= q [See also Mike’s Rely and Chisel work (2014)]

8 Essential additions Type inference, part 1:
Programmer states probabilities at key points (inputs, outputs) Automatic solver fills in the rest, and/or programmer can provide more annotations Type inference, part 2: Problem often under-constrained; goal is to save as much energy as possible within constraints We use Microsoft’s Z3 solver with a custom objective function

9 Essential additions Type inference, part 1:
Programmer states probabilities at key points (inputs, outputs) Automatic solver fills in the rest, and/or programmer can provide more annotations Type inference, part 2: Problem often under-constrained; goal is to save as much energy as possible within constraints We use Microsoft’s Z3 solver with a custom objective function Method specialization Up to k approximation settings for each method Opt-in dynamic tracking for loop-carried dependencies

10 Still not much statistics
Additions are all “PL bread-and-butter” Uses only one trivial statistical fact: Result type is precise if x, y, (and addition) are independent Result type is sound regardless of [in]dependence Other panelists all make much better use of statistics, like in our probabilistic assertions work… @approx<p1> int x = …; @approx<p2> int y = …; x +<p3> y

11 Probabilistic assertions (2014)
Much richer setting: Inputs/values can have arbitrary distributions, not just “Bernouilli failure” Dependence tracked via symbolic execution, even through if-statements and some loops Evaluate arbitrary probabilistic assertions: passert(e,p,c) Key insight: Data-structure produced by symbolic execution is an “expression DAG” and a “Bayesian network” So apply compiler and statistical optimizations to it Followed by hypothesis testing

12 The limitation EnerJ and follow-on work gave static guarantees regardless of input Probabilistic assertions either revalidates for each input (testing) or needs probabilistic assumptions (distributions) of inputs Need more research on: Bridging this gap Supporting unbounded loops by soundly trimming low- probability paths

13 The big context “Early days”
Excited by the panel’s work, but many open questions… Technical questions: (loops, modularity, scale, …) Tools questions, also with some preliminary work Debugging, profiling, monitoring Error messages Is “adding statistical properties” to modern language design The True Way Forward or a local optimum to avoid?

14 To learn more EnerJ: Approximate Data Types for Safe and General Low-Power Computation. Adrian Sampson, Werner Dietl, Emily Fortuna, Danushen Gnanapragasam, Luis Ceze, Dan Grossman. PLDI2011 Expressing and Verifying Probabilistic Assertions. Adrian Sampson, Pavel Panchekha, Todd Mytkowicz, Kathryn S. McKinley, Dan Grossman, Luis Ceze. PLDI2014 Probability Type Inference for Flexible Approximate Programming. Brett Boston, Adrian Sampson, Dan Grossman, Luis Ceze. OOPSLA 2015

Download ppt "Safely Supporting Probabilistic Data: PL Techniques as Part of the Story Dan Grossman University of Washington."

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Programming Abstractions for Approximate Computing Michael Carbin with Sasa Misailovic, Hank Hoffmann, Deokhwan Kim, Stelios Sidiroglou, Martin Rinard.

Programming Abstractions for Approximate Computing Michael Carbin with Sasa Misailovic, Hank Hoffmann, Deokhwan Kim, Stelios Sidiroglou, Martin Rinard.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.

CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.

A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.
Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.

Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
Composing Dataflow Analyses and Transformations Sorin Lerner (University of Washington) David Grove (IBM T.J. Watson) Craig Chambers (University of Washington)

Composing Dataflow Analyses and Transformations Sorin Lerner (University of Washington) David Grove (IBM T.J. Watson) Craig Chambers (University of Washington)
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.

CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.

1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
Type Systems CS 6340 1. 2 Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.

Type Systems CS Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs By Koen Claessen, Juhn Hughes ME: Mike Izbicki.

QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs By Koen Claessen, Juhn Hughes ME: Mike Izbicki.

Similar presentations

Ads by Google