|
325 | 325 | {"key": "rabinovich2017abstract", "year": "2017", "title":"Abstract Syntax Networks for Code Generation and Semantic Parsing", "abstract": "<p>Tasks like code generation and semantic parsing require mapping unstructured (or partially structured) inputs to well-formed, executable outputs. We introduce abstract syntax networks, a modeling framework for these problems. The outputs are represented as abstract syntax trees (ASTs) and constructed by a decoder with a dynamically-determined modular structure paralleling the structure of the output tree. On the benchmark Hearthstone dataset for code generation, our model obtains 79.2 BLEU and 22.7% exact match accuracy, compared to previous state-of-the-art values of 67.1 and 6.1%. Furthermore, we perform competitively on the Atis, Jobs, and Geo semantic parsing datasets with no task-specific engineering.</p>\n", "tags": ["code generation","grammar"] }, |
326 | 326 | {"key": "raghothaman2018user", "year": "2018", "title":"User-guided program reasoning using Bayesian inference", "abstract": "<p>Program analyses necessarily make approximations that often lead them to report true alarms interspersed with many false alarms. We propose a new approach to leverage user feedback to guide program analyses towards true alarms and away from false alarms. Our approach associates each alarm with a confidence value by performing Bayesian inference on a probabilistic model derived from the analysis rules. In each iteration, the user inspects the alarm with the highest confidence and labels its ground truth, and the approach recomputes the confidences of the remaining alarms given this feedback. It thereby maximizes the return on the effort by the user in inspecting each alarm. We have implemented our approach in a tool named Bingo for program analyses expressed in Datalog. Experiments with real users and two sophisticated analyses—a static datarace analysis for Java programs and a static taint analysis for Android apps—show significant improvements on a range of metrics, including false alarm rates and number of bugs found.</p>\n", "tags": ["program analysis"] }, |
327 | 327 | {"key": "rahman2019natural", "year": "2019", "title":"Natural Software Revisited", "abstract": "<p>Recent works have concluded that software is more repetitive and predictable, i.e. more natural, than English texts. These works included “simple/artificial” syntax rules in their language models. When we remove SyntaxTokens we find that code is still repetitive and predictable but only at levels slightly above English. Furthermore, previous works have compared individual Java programs to general English corpora, such as Gutenberg, which contains a historically large range of styles and subjects (e.g. Saint Augustine to Oscar Wilde). We perform an additional comparison of technical StackOverflow English discussions with source code and find that this restricted English is similarly repetitive to code. Although we find that code is less repetitive than previously thought, we suspect that API code element usage will be repetitive across software projects. For example a file is opened and closed in the same manner irrespective of domain. When we restrict our n-grams to those contained in the Java API we find that the entropy is significantly lower than the English corpora. Previous works have focused on sequential sequences of tokens. When we extract program graphs of size 2, 3, and 4 nodes we see that the abstract graph representation is much more concise and repetitive than the sequential representations of the same code. This suggests that future work should focus on statistical graph models that go beyond linear sequences of tokens. Our anonymous replication package makes our scripts and data available to future researchers and reviewers.</p>\n", "tags": [] }, |
328 | | -{"key": "ramakrishnan2020backdoors", "year": "2020", "title":"Backdoors in Neural Models of Source Code", "abstract": "<p>Deep neural networks are vulnerable to a range of adversaries. A particularly pernicious class of vulnerabilities are backdoors, where model predictions diverge in the presence of subtle triggers in inputs. An attacker can implant a backdoor by poisoning the training data to yield a desired target prediction on triggered inputs. We study backdoors in the context of deep-learning for source code. (1) We define a range of backdoor classes for source-code tasks and show how to poison a dataset to install such backdoors. (2) We adapt and improve recent algorithms from robust statistics for our setting, showing that backdoors leave a spectral signature in the learned representation of source code, thus enabling detection of poisoned data. (3) We conduct a thorough evaluation on different architectures and languages, showing the ease of injecting backdoors and our ability to eliminate them.</p>\n", "tags": ["adversarial"] }, |
| 328 | +{"key": "ramakrishnan2020backdoors", "year": "2022", "title":"Backdoors in Neural Models of Source Code", "abstract": "<p>Deep neural networks are vulnerable to a range of adversaries. A particularly pernicious class of vulnerabilities are backdoors, where model predictions diverge in the presence of subtle triggers in inputs. An attacker can implant a backdoor by poisoning the training data to yield a desired target prediction on triggered inputs. We study backdoors in the context of deep-learning for source code. (1) We define a range of backdoor classes for source-code tasks and show how to poison a dataset to install such backdoors. (2) We adapt and improve recent algorithms from robust statistics for our setting, showing that backdoors leave a spectral signature in the learned representation of source code, thus enabling detection of poisoned data. (3) We conduct a thorough evaluation on different architectures and languages, showing the ease of injecting backdoors and our ability to eliminate them.</p>\n", "tags": ["adversarial"] }, |
329 | 329 | {"key": "ray2015naturalness", "year": "2015", "title":"On the “Naturalness” of Buggy Code", "abstract": "<p>Real software, the kind working programmers produce by the kLOC\nto solve real-world problems, tends to be “natural”, like speech or\nnatural language; it tends to be highly repetitive and predictable.\nResearchers have captured this naturalness of software through statistical models and used them to good effect in suggestion engines,\nporting tools, coding standards checkers, and idiom miners. This\nsuggests that code that appears improbable, or surprising, to a good\nstatistical language model is “unnatural” in some sense, and thus\npossibly suspicious. In this paper, we investigate this hypothesis. We consider a large corpus of bug fix commits (ca. 8,296),\nfrom 10 different Java projects, and we focus on its language statistics, evaluating the naturalness of buggy code and the corresponding fixes. We find that code with bugs tends to be more entropic\n(i.e. unnatural), becoming less so as bugs are fixed. Focusing on\nhighly entropic lines is similar in cost-effectiveness to some well-known static bug finders (PMD, FindBugs) and ordering warnings\nfrom these bug finders using an entropy measure improves the cost-effectiveness of inspecting code implicated in warnings. This suggests that entropy may be a valid language-independent and simple\nway to complement the effectiveness of PMD or FindBugs, and\nthat search-based bug-fixing methods may benefit from using entropy both for fault-localization and searching for fixes.</p>\n\n", "tags": ["defect"] }, |
330 | 330 | {"key": "raychev2014code", "year": "2014", "title":"Code Completion with Statistical Language Models", "abstract": "<p>We address the problem of synthesizing code completions for programs using APIs. Given a program with holes, we synthesize completions for holes with the most likely sequences of method calls.</p>\n\n<p>Our main idea is to reduce the problem of code completion to\na natural-language processing problem of predicting probabilities\nof sentences. We design a simple and scalable static analysis that\nextracts sequences of method calls from a large codebase, and\nindex these into a statistical language model. We then employ\nthe language model to find the highest ranked sentences, and use\nthem to synthesize a code completion. Our approach is able to\nsynthesize sequences of calls across multiple objects together with\ntheir arguments.</p>\n\n<p>Experiments show that our approach is fast and effective. Virtually all computed completions typecheck, and the desired completion appears in the top 3 results in 90% of the cases.</p>\n", "tags": ["language model","autocomplete","code generation"] }, |
331 | 331 | {"key": "raychev2015predicting", "year": "2015", "title":"Predicting Program Properties from “Big Code”", "abstract": "<p>We present a new approach for predicting program properties from\nmassive codebases (aka “Big Code”). Our approach first learns a\nprobabilistic model from existing data and then uses this model to\npredict properties of new, unseen programs.</p>\n\n<p>The key idea of our work is to transform the input program into\na representation which allows us to phrase the problem of inferring program properties as structured prediction in machine learning. This formulation enables us to leverage powerful probabilistic\ngraphical models such as conditional random fields (CRFs) in order\nto perform joint prediction of program properties.</p>\n\n<p>As an example of our approach, we built a scalable prediction\nengine called JSNICE 1 for solving two kinds of problems in the\ncontext of JavaScript: predicting (syntactic) names of identifiers\nand predicting (semantic) type annotations of variables. Experimentally, JSNICE predicts correct names for 63% of name identifiers and its type annotation predictions are correct in 81% of the\ncases. In the first week since its release, JSN ICE was used by more\nthan 30,000 developers and in only few months has become a popular tool in the JavaScript developer community.</p>\n\n<p>By formulating the problem of inferring program properties as\nstructured prediction and showing how to perform both learning\nand inference in this context, our work opens up new possibilities\nfor attacking a wide range of difficult problems in the context of\n“Big Code” including invariant generation, de-compilation, synthesis and others.</p>\n", "tags": ["program analysis","naming","types","deobfuscation"] }, |
|
0 commit comments