Presentation is loading. Please wait.

Presentation is loading. Please wait.

Machine Learning for Program Language Research Yao Peisen Prism Group, HKUST

Published byLynne Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Machine Learning for Program Language Research Yao Peisen Prism Group, HKUST"— Presentation transcript:

1 Machine Learning for Program Language Research Yao Peisen Prism Group, HKUST rainoftime@gmail.com

2 Outline Overview – Potential applications – Intermediate Representation – Probabilistic model Statistical Code Completion Learning to Recognize Functions in Binary Code Bias-Variance Tradeoffs in program analysis Conclusion

3 Marriage of ML and PL SLANG: Code completion[PLDI 14] PL Translation[Onward 14] More Application: Program bug detection Program invariants inference PL design: Probabilistic PL Binary analysis........ JSNice: Type Predication[POPL 15]

4 Intermediate Representation Sequences Trees Graphical Models Feature Vectors Other IRs in PL research: AST, CFG, CDG, DDG, PDG. SSA, CPS.....

5 Extract program representation with Program Analysis SLANG: alias and typestate analysis JSNice: scope and alias analysis, type analysis...... Other application: Use type inference to get trained labels Use SAT Solver to check path condition....

6 What's the suitable probabilistic model? N-gram language model [PLDI 14] Probabilistic context-free grammers [ICSE 12] Netural networks Support vector machine Conditional Ramdom Fields[POPL 15]...... Same like the IR, it's dependent on the application.

7 ML for PL [Picture from Martin Vechec's slide]

8 Outline Overview – Potential applications – Intermediate Representation – Probabilistic model Statistical code completion Learning to Recognize Functions in Binary Code Bias-Variance Tradeoffs in program analysis Conclusions

9 Statistical Code Completion [SLANG, V.Raychev et al' PLDI 14] Key insight: Regularities in code are similar to regularities in natural language

10 Techniques in SLANG IR: Sequences (setences) Program Analysis: typestate analysis, alias analysis Trained Model: Netural Network, N-gram language model Some smoothing techniques

11 N-gram language model Conditional probability only on previous n-1 words Training is achieved by counting n-grams. Time complexity for each word encountreed in training is constant, so training is usually fast. Other models used: Recurrent Netural Network(RNN). RNN can learn dependencies beyond the prior several words, but usually slower

12 Outline Overview – Potential applications – Intermediate Representation – Probabilistic model Statistical code completion Learning to Recognize Functions in Binary Code Bias-Variance Tradeoffs in program analysis Conclusion

13 Learning to Recognize Functions in Binary Code [Tiffany Bao et al' Usenix Security 14] When we use gcc with -O3, the function information may be stripped. Can we automatically and accurately recover function information from binaries?

14 Example: GCC #include int fac(int x){ if (x == 1) return 1; else return x * fac(x - 1); } void main(int argc, char **argv){ printf("%d", fac(10)); }

15 Example: GCC default -O0 08048443 : push %ebp mov %esp,%ebp and $0xfffffff0,%esp sub $0x10,%esp … 0804841c : push %ebp mov %esp,%ebp sub $0x18,%esp cmpl $0x1,0x8(%ebp) jne 804842f mov $0x1,%eax …

16 -O1 -O2 0804841c : push %ebx sub $0x18,%esp mov 0x20(%esp),%ebx mov $0x1,%eax cmp $0x1,%ebx … 08048330 : mov $0x1,%edx mov $0xa,%eax lea 0x0(%esi),%esi … push %ebp mov %esp,%ebp and $0xfffffff0,%esp sub $0x10,%esp …

17 ByteWeight A machine learning + program analysis approach to function identification Training: Creates a model of function start patterms using supervised learning Usage: – Use trained models to match function start on stripped binaries — Function Start Identification – Use program analysis to identify all bytes associated with a function — Function Identification

18 [Picture from Bao's slide]

19 Outline Overview – Potential applications – Intermediate Representation – Probabilistic model Statistical code completion Learning to Recognize Functions in Binary Code Bias-Variance Tradeoffs in program analysis Conclusions

20 Problems of Program analysis Program have unbounded behaviors Program analysis – Analyze all behaviors – Run for a finite time In finite time, observe only finite behaviors Need to generalize

21 Generalization in Program Analyais Abstraction interpretation: widening operator[ CEGAR: interpolants Parameter tuning of tools(flow, path sensitivity, etc) Lots of folk knowledge, heuristics,...

22 Generalization in Machine Learning “It’s all about generalization” I A famous concept in Computational learning theory – Complexity and Feasibility of learning Learn a function from observations Hope that the function generalizes

23 Bias-variance Tradeofs in Program analysis [Aiken, POPL 14] Model the generalization process – Probably Approximately Correct(PAC) model – Bias: Empirical error of best available hypothesis – Variance: O(VC-d) Explain know observations by this model Use this model to obtain better tools(in ASTREE, Yogi Project..)

24 Outline Overview – Potential applications – Intermediate Representation – Probabilistic model Statistical code completion Learning to Recognize Functions in Binary Code Bias-Variance Tradeoffs in program analysis Conclusions

25 Combine ML and PL Research Already lots of work in: POPL, PLDI, SOSP, OSDI, Usenix Security.... Lots of applications and theories to be found. Combination with other fileds: System, Security..

26 Thank you !

Download ppt "Machine Learning for Program Language Research Yao Peisen Prism Group, HKUST"

Similar presentations

Active Appearance Models

Active Appearance Models
ByteWeight: Learning to Recognize Functions in Binary Code

ByteWeight: Learning to Recognize Functions in Binary Code
Type Analysis and Typed Compilation Stephanie Weirich Cornell University.

Type Analysis and Typed Compilation Stephanie Weirich Cornell University.
CHAPTER 2: Supervised Learning. Lecture Notes for E Alpaydın 2004 Introduction to Machine Learning © The MIT Press (V1.1) 2 Learning a Class from Examples.

CHAPTER 2: Supervised Learning. Lecture Notes for E Alpaydın 2004 Introduction to Machine Learning © The MIT Press (V1.1) 2 Learning a Class from Examples.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.

Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.
ETHEM ALPAYDIN © The MIT Press, 2010 Lecture Slides for.

ETHEM ALPAYDIN © The MIT Press, Lecture Slides for.
Greg MorrisettFall 2013.  Compilers.  (duh)  Translating one programming language into another.  Also interpreters.  Translating and running a language.

Greg MorrisettFall  Compilers.  (duh)  Translating one programming language into another.  Also interpreters.  Translating and running a language.
Learning From Data Chichang Jou Tamkang University.

Learning From Data Chichang Jou Tamkang University.
Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,

Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,
From Cooper & Torczon1 Implications Must recognize legal (and illegal) programs Must generate correct code Must manage storage of all variables (and code)

From Cooper & Torczon1 Implications Must recognize legal (and illegal) programs Must generate correct code Must manage storage of all variables (and code)
UBC104 Embedded Systems Functions & Pointers.

UBC104 Embedded Systems Functions & Pointers.
Data Mining CS 341, Spring 2007 Lecture 4: Data Mining Techniques (I)

Data Mining CS 341, Spring 2007 Lecture 4: Data Mining Techniques (I)
C Prog. To Object Code text text binary binary Code in files p1.c p2.c

C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Statistical Learning: Pattern Classification, Prediction, and Control Peter Bartlett August 2002, UC Berkeley CIS.

Statistical Learning: Pattern Classification, Prediction, and Control Peter Bartlett August 2002, UC Berkeley CIS.
INTRODUCTION TO Machine Learning ETHEM ALPAYDIN © The MIT Press, 2004 Lecture Slides for.

INTRODUCTION TO Machine Learning ETHEM ALPAYDIN © The MIT Press, Lecture Slides for.
Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber.

Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Part I: Classification and Bayesian Learning

Part I: Classification and Bayesian Learning
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.

Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Classification and Prediction: Regression Analysis

Classification and Prediction: Regression Analysis

Similar presentations

Ads by Google