a formally verified interpreter for a shell like
play

A Formally Verified Interpreter for a Shell-like Programming - PowerPoint PPT Presentation

Nov 27, 2022 •173 likes •1.59k views

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas Jeannerod Ralf Treinen Vals seminar, July 7, 2017 Nicolas Jeannerod VALS Seminar July 7, 2017 1 / 61 The CoLiS project Correctness of Linux

  1. Language CoLiS Requirements Intermediary language (not a replacement of Shell); “Cleaner” than Shell (no eval for instance); Well-defined and easily understandable semantics: Some typing (strings vs. string lists), Variables and functions declared in a header, Dangers made more explicit; “Close enough” to Shell: A reader must be convinced that it shares the same semantics as the Shell, Target of an automated translation from Shell. Nicolas Jeannerod VALS Seminar July 7, 2017 10 / 61

  2. Language CoLiS Requirements Intermediary language (not a replacement of Shell); “Cleaner” than Shell (no eval for instance); Well-defined and easily understandable semantics: Some typing (strings vs. string lists), Variables and functions declared in a header, Dangers made more explicit; “Close enough” to Shell: A reader must be convinced that it shares the same semantics as the Shell, Target of an automated translation from Shell. Nicolas Jeannerod VALS Seminar July 7, 2017 10 / 61

  3. Language CoLiS Requirements Intermediary language (not a replacement of Shell); “Cleaner” than Shell (no eval for instance); Well-defined and easily understandable semantics: Some typing (strings vs. string lists), Variables and functions declared in a header, Dangers made more explicit; “Close enough” to Shell: A reader must be convinced that it shares the same semantics as the Shell, Target of an automated translation from Shell. Nicolas Jeannerod VALS Seminar July 7, 2017 10 / 61

  4. Language CoLiS Requirements Intermediary language (not a replacement of Shell); “Cleaner” than Shell (no eval for instance); Well-defined and easily understandable semantics: Some typing (strings vs. string lists), Variables and functions declared in a header, Dangers made more explicit; “Close enough” to Shell: A reader must be convinced that it shares the same semantics as the Shell, Target of an automated translation from Shell. Nicolas Jeannerod VALS Seminar July 7, 2017 10 / 61

  5. Language CoLiS Syntax – 1 String variables x s ∈ SVar x l ∈ LVar List variables ∈ F Procedures names c vdecl ∗ pdecl ∗ program t p ::= Programs ::= varstring x s | varlist x l Variables decl. vdecl Procedures decl. pdecl ::= proc c is t Nicolas Jeannerod VALS Seminar July 7, 2017 11 / 61

  6. Language CoLiS Syntax – 2 Terms t ::= true | false | fatal | return t | exit t | x s := s | x l := l | t ; t | if t then t else t | for x s in l do t | while t do t | process t | pipe t into t | call l | shift Nicolas Jeannerod VALS Seminar July 7, 2017 12 / 61

  7. Language CoLiS Syntax – 3 String expressions s ::= nil s | f s :: s ::= σ | x s | n | t String fragments f s l ::= nil l | f l :: l List expressions ::= s | split s | x l List fragments f l Nicolas Jeannerod VALS Seminar July 7, 2017 13 / 61

  8. Language CoLiS Semantics – First definitions Behaviours: terms b ∈ { True , False , Fatal , Return True Return False , Exit True , Exit False } Behaviours: expressions β ∈ { True , Fatal , None } SEnv � [ SVar ⇀ String ] Environments: strings LEnv � [ LVar ⇀ StringList ] Environments: lists Contexts Γ ∈ FS × String × StringList × SEnv × LEnv In a context: file system, standard input, arguments line, string environment, list environment. Nicolas Jeannerod VALS Seminar July 7, 2017 14 / 61

  9. Language CoLiS Semantics – First definitions Behaviours: terms b ∈ { True , False , Fatal , Return True Return False , Exit True , Exit False } Behaviours: expressions β ∈ { True , Fatal , None } SEnv � [ SVar ⇀ String ] Environments: strings LEnv � [ LVar ⇀ StringList ] Environments: lists Contexts Γ ∈ FS × String × StringList × SEnv × LEnv In a context: file system, standard input, arguments line, string environment, list environment. Nicolas Jeannerod VALS Seminar July 7, 2017 14 / 61

  10. Language CoLiS Semantic judgments ⇓ Judgments: terms t / Γ σ ⋆ b / Γ ′ Judgments: string fragment f s / Γ ⇓ σ ⋆ β / Γ ′ sf s / Γ ⇓ Judgments: string expression σ ⋆ β / Γ ′ s Judgments: list fragment f l / Γ ⇓ lf λ ⋆ β / Γ ′ Judgments: list expression l / Γ ⇓ l λ ⋆ β / Γ ′ Nicolas Jeannerod VALS Seminar July 7, 2017 15 / 61

  11. Language CoLiS A few rules – Sequence Sequence-Normal t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { True , False } t 2 / Γ 1 ⇓ σ 2 ⋆ b 2 / Γ 2 ( t 1 ; t 2 ) / Γ ⇓ σ 1 σ 2 ⋆ b 2 / Γ 2 Sequence-Exception t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { Fatal , Return , Exit } ( t 1 ; t 2 ) / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 16 / 61

  12. Language CoLiS A few rules – Sequence Sequence-Normal t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { True , False } t 2 / Γ 1 ⇓ σ 2 ⋆ b 2 / Γ 2 ( t 1 ; t 2 ) / Γ ⇓ σ 1 σ 2 ⋆ b 2 / Γ 2 Sequence-Exception t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { Fatal , Return , Exit } ( t 1 ; t 2 ) / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 16 / 61

  13. Language CoLiS A few rules – Branching Branching-True t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 = True t 2 / Γ 2 ⇓ σ 2 ⋆ b 2 / Γ 2 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 2 ⋆ b 2 / Γ 2 Branching-False t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { False , Fatal } t 3 / Γ 3 ⇓ σ 3 ⋆ b 3 / Γ 3 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 3 ⋆ b 3 / Γ 3 Branching-Exception t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { Return , Exit } ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 17 / 61

  14. Language CoLiS A few rules – Branching Branching-True t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 = True t 2 / Γ 2 ⇓ σ 2 ⋆ b 2 / Γ 2 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 2 ⋆ b 2 / Γ 2 Branching-False t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { False , Fatal } t 3 / Γ 3 ⇓ σ 3 ⋆ b 3 / Γ 3 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 3 ⋆ b 3 / Γ 3 Branching-Exception t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { Return , Exit } ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 17 / 61

  15. Language CoLiS A few rules – Branching Branching-True t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 = True t 2 / Γ 2 ⇓ σ 2 ⋆ b 2 / Γ 2 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 2 ⋆ b 2 / Γ 2 Branching-False t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { False , Fatal } t 3 / Γ 3 ⇓ σ 3 ⋆ b 3 / Γ 3 ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 σ 3 ⋆ b 3 / Γ 3 Branching-Exception t 1 / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 b 1 ∈ { Return , Exit } ( if t 1 then t 2 else t 3 ) / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 17 / 61

  16. Language CoLiS How behaviours are handled n n e e l r r a t t s u u e e u e i e i t x x l s s t u t u r a a e e l E E l T F F r a r a R T R T F F Pipe Normal Sequence Normal Exception Test True False Exception Function call Success Failure Success Failure Exception Subprocess Success Failure Success Failure Success Failure Nicolas Jeannerod VALS Seminar July 7, 2017 18 / 61

  17. Language CoLiS A few rules – Mutual recursion Terms depend on string expressions: Assignment-String s / Γ ⇓ s σ ⋆ β / Γ ′ x := s / Γ ⇓ “” ⋆ β / Γ ′ [ senv =Γ ′ . senv [ x ← σ ]] and string fragments depend on terms: String-Subprocess t / Γ ⇓ σ ⋆ b / Γ ′ t / Γ ⇓ sf σ ⋆ b / Γ ′ if b ∈ { True , Return True , Exit True } b := True | Fatal otherwise Nicolas Jeannerod VALS Seminar July 7, 2017 19 / 61

  18. Language CoLiS A few rules – Mutual recursion Terms depend on string expressions: Assignment-String s / Γ ⇓ s σ ⋆ β / Γ ′ x := s / Γ ⇓ “” ⋆ β / Γ ′ [ senv =Γ ′ . senv [ x ← σ ]] and string fragments depend on terms: String-Subprocess t / Γ ⇓ σ ⋆ b / Γ ′ t / Γ ⇓ sf σ ⋆ b / Γ ′ if b ∈ { True , Return True , Exit True } b := True | Fatal otherwise Nicolas Jeannerod VALS Seminar July 7, 2017 19 / 61

  19. Language Mechanised version Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 20 / 61

  20. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  21. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  22. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  23. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  24. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  25. Language Mechanised version Why3 Platform for deductive program verification; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Support of imperative traits: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VALS Seminar July 7, 2017 21 / 61

  26. Language Mechanised version Syntax type term = | TTrue with sexpr = list sfrag | TFalse | TFatal with sfrag = | TReturn term | SLiteral string | TExit term | SVar svar | TAsString svar sexpr | SArg int | TAsList lvar lexpr | SProcess term | TSeq term term | TIf term term term with lexpr = list lfrag | TFor svar lexpr term | TWhile term term with lfrag = | TProcess term | LSingleton sexpr | TCall lexpr | LSplit sexpr | TShift | LVar lvar | TPipe term term Nicolas Jeannerod VALS Seminar July 7, 2017 22 / 61

  27. Language Mechanised version Semantic judgments inductive eval_term term context string behaviour context with eval_sexpr sexpr context string bool context with eval_sfrag sfrag context string (option bool) context with eval_lexpr lexpr context (list string) bool context with eval_lfrag lfrag context (list string) (option bool) context Nicolas Jeannerod VALS Seminar July 7, 2017 23 / 61

  28. Language Mechanised version A few rules – Sequence | EvalT_Seq_Normal : forall t 1 Γ σ 1 b 1 Γ 1 t 2 σ 2 b 2 Γ 2 . eval_term t 1 Γ σ 1 (BNormal b 1 ) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term (TSeq t 1 t 2 ) Γ (concat σ 1 σ 2 ) b 2 Γ 2 | EvalT_Seq_Error : forall t 1 Γ σ 1 b 1 Γ 1 t 2 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BNormal _ -> false | _ -> true end) -> eval_term (TSeq t 1 t 2 ) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 24 / 61

  29. Language Mechanised version A few rules – Sequence | EvalT_Seq_Normal : forall t 1 Γ σ 1 b 1 Γ 1 t 2 σ 2 b 2 Γ 2 . eval_term t 1 Γ σ 1 (BNormal b 1 ) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term (TSeq t 1 t 2 ) Γ (concat σ 1 σ 2 ) b 2 Γ 2 | EvalT_Seq_Error : forall t 1 Γ σ 1 b 1 Γ 1 t 2 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BNormal _ -> false | _ -> true end) -> eval_term (TSeq t 1 t 2 ) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 24 / 61

  30. Language Mechanised version A few rules – Branching | EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3 . eval_term t 1 Γ σ 1 (BNormal True) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 2 ) b 2 Γ 2 | EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BNormal False | BFatal -> true | _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 3 ) b 3 Γ 3 | EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BReturn _ | BExit _ -> true | _ -> false end) - eval_term (TIf t 1 t 2 t 3 ) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 25 / 61

  31. Language Mechanised version A few rules – Branching | EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3 . eval_term t 1 Γ σ 1 (BNormal True) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 2 ) b 2 Γ 2 | EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BNormal False | BFatal -> true | _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 3 ) b 3 Γ 3 | EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BReturn _ | BExit _ -> true | _ -> false end) - eval_term (TIf t 1 t 2 t 3 ) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 25 / 61

  32. Language Mechanised version A few rules – Branching | EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3 . eval_term t 1 Γ σ 1 (BNormal True) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 2 ) b 2 Γ 2 | EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BNormal False | BFatal -> true | _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term (TIf t 1 t 2 t 3 ) Γ (concat σ 1 σ 3 ) b 3 Γ 3 | EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3 . eval_term t 1 Γ σ 1 b 1 Γ 1 -> (match b 1 with BReturn _ | BExit _ -> true | _ -> false end) - eval_term (TIf t 1 t 2 t 3 ) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VALS Seminar July 7, 2017 25 / 61

  33. Language Mechanised version A few rules – Mutual recursion | EvalT_AsString : forall s Γ σ β Γ ’ Γ ’’ x s . eval_sexpr s Γ σ β Γ ’ -> Γ ’’ = update_senv Γ ’ x s σ -> eval_term (TAsString x s s) Γ empty_string (if β then BFatal) Γ ’’ BNormal True else | EvalSF_Process : forall t Γ σ b Γ ’. eval_term t Γ σ b Γ ’ -> eval_sfrag_opt (SProcess t) Γ σ (Some (match b with BNormal True | BReturn True | BExit Tru { Γ with c_fs = Γ ’.c_fs ; c_input = Γ ’.c_input} Nicolas Jeannerod VALS Seminar July 7, 2017 26 / 61

  34. Language Mechanised version A few rules – Mutual recursion | EvalT_AsString : forall s Γ σ β Γ ’ Γ ’’ x s . eval_sexpr s Γ σ β Γ ’ -> Γ ’’ = update_senv Γ ’ x s σ -> eval_term (TAsString x s s) Γ empty_string (if β then BFatal) Γ ’’ BNormal True else | EvalSF_Process : forall t Γ σ b Γ ’. eval_term t Γ σ b Γ ’ -> eval_sfrag_opt (SProcess t) Γ σ (Some (match b with BNormal True | BReturn True | BExit Tru { Γ with c_fs = Γ ’.c_fs ; c_input = Γ ’.c_input} Nicolas Jeannerod VALS Seminar July 7, 2017 26 / 61

  35. A sound interpreter Why? Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 27 / 61

  36. A sound interpreter Why? Why? For fun; Helps detecting the potential mistakes; We can compare the observational behaviour of our interpreter with known implementations of the POSIX Shell; It gives us a way to test an automated translation from Shell to CoLiS. Nicolas Jeannerod VALS Seminar July 7, 2017 28 / 61

  37. A sound interpreter Why? Why? For fun; Helps detecting the potential mistakes; We can compare the observational behaviour of our interpreter with known implementations of the POSIX Shell; It gives us a way to test an automated translation from Shell to CoLiS. Nicolas Jeannerod VALS Seminar July 7, 2017 28 / 61

  38. A sound interpreter Why? Why? For fun; Helps detecting the potential mistakes; We can compare the observational behaviour of our interpreter with known implementations of the POSIX Shell; It gives us a way to test an automated translation from Shell to CoLiS. Nicolas Jeannerod VALS Seminar July 7, 2017 28 / 61

  39. A sound interpreter Why? Why? For fun; Helps detecting the potential mistakes; We can compare the observational behaviour of our interpreter with known implementations of the POSIX Shell; It gives us a way to test an automated translation from Shell to CoLiS. Nicolas Jeannerod VALS Seminar July 7, 2017 28 / 61

  40. A sound interpreter Let us see some code Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 29 / 61

  41. A sound interpreter Let us see some code Spirit of the code Set of mutually recursive functions; ML-style with imperative traits; Fatal, Return and Exit are exceptions; stdout is a reference. exception EFatal context exception EReturn (bool ,context) exception EExit (bool ,context) let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) with interp_sexpr_aux (s: sexpr) ( Γ : context) (previous: bool) : (string , bool , context) with interp_sfrag_aux ( f s : sfrag) ( Γ : context) (previous: bool) : (string , bool , context) ... Nicolas Jeannerod VALS Seminar July 7, 2017 30 / 61

  42. A sound interpreter Let us see some code Spirit of the code Set of mutually recursive functions; ML-style with imperative traits; Fatal, Return and Exit are exceptions; stdout is a reference. exception EFatal context exception EReturn (bool ,context) exception EExit (bool ,context) let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) with interp_sexpr_aux (s: sexpr) ( Γ : context) (previous: bool) : (string , bool , context) with interp_sfrag_aux ( f s : sfrag) ( Γ : context) (previous: bool) : (string , bool , context) ... Nicolas Jeannerod VALS Seminar July 7, 2017 30 / 61

  43. A sound interpreter Let us see some code Body – Sequence and branching let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) = match t with | TSeq t 1 t 2 -> let (_, Γ 1 ) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout | TIf t 1 t 2 t 3 -> let ( b 1 , Γ 1 ) = try interp_term t 1 Γ stdout with EFatal Γ 1 -> (false , Γ 1 ) end in interp_term (if b 1 then t 2 else t 3 ) Γ 1 stdout Nicolas Jeannerod VALS Seminar July 7, 2017 31 / 61

  44. A sound interpreter Let us see some code Body – Sequence and branching let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) = match t with | TSeq t 1 t 2 -> let (_, Γ 1 ) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout | TIf t 1 t 2 t 3 -> let ( b 1 , Γ 1 ) = try interp_term t 1 Γ stdout with EFatal Γ 1 -> (false , Γ 1 ) end in interp_term (if b 1 then t 2 else t 3 ) Γ 1 stdout Nicolas Jeannerod VALS Seminar July 7, 2017 31 / 61

  45. A sound interpreter Let us see some code Body – Mutual recursion let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) = match t with | TAsString xs s -> let ( σ , b, Γ ’) = interp_sexpr s Γ in let Γ ’’ = update_senv Γ ’ xs σ in if b then (true , Γ ’’) else raise (EFatal Γ ’’) ... with interp_sfrag_aux ( f s : sfrag) ( Γ : context) (previous: bool) : (string , bool , context) = match f s with | SProcess t -> let ( σ , b, fs , input) = interp_process t Γ in ( σ , b, { Γ with c_fs = fs; c_input = input }) ... Nicolas Jeannerod VALS Seminar July 7, 2017 32 / 61

  46. A sound interpreter Let us see some code Body – Mutual recursion let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) = match t with | TAsString xs s -> let ( σ , b, Γ ’) = interp_sexpr s Γ in let Γ ’’ = update_senv Γ ’ xs σ in if b then (true , Γ ’’) else raise (EFatal Γ ’’) ... with interp_sfrag_aux ( f s : sfrag) ( Γ : context) (previous: bool) : (string , bool , context) = match f s with | SProcess t -> let ( σ , b, fs , input) = interp_process t Γ in ( σ , b, { Γ with c_fs = fs; c_input = input }) ... Nicolas Jeannerod VALS Seminar July 7, 2017 32 / 61

  47. A sound interpreter Let us see some code Soundness of the interpreter We write t / Γ �→ σ ⋆ b / Γ ′ for: “ on the input consisting of t, Γ and a reference, the interpreter writes σ at the end of that reference and terminates: normally and outputs ( b , Γ ′ ) ; with an exception corresponding to the behaviour b that carries Γ ′ .” Theorem (Soundness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ �→ σ ⋆ b / Γ ′ then t / Γ ⇓ σ ⋆ b / Γ ′ Nicolas Jeannerod VALS Seminar July 7, 2017 33 / 61

  48. A sound interpreter Let us see some code Soundness of the interpreter We write t / Γ �→ σ ⋆ b / Γ ′ for: “ on the input consisting of t, Γ and a reference, the interpreter writes σ at the end of that reference and terminates: normally and outputs ( b , Γ ′ ) ; with an exception corresponding to the behaviour b that carries Γ ′ .” Theorem (Soundness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ �→ σ ⋆ b / Γ ′ then t / Γ ⇓ σ ⋆ b / Γ ′ Nicolas Jeannerod VALS Seminar July 7, 2017 33 / 61

  49. A sound interpreter Let us see some code Contract interp_term (t: term) ( Γ : context) let rec (stdout: ref string) : (bool , context) diverges returns { (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ } raises { EFatal Γ ’ -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ BFatal Γ ’ } raises { EReturn (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BReturn b) Γ ’ } raises { EExit (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BExit b) Γ ’ } Nicolas Jeannerod VALS Seminar July 7, 2017 34 / 61

  50. A sound interpreter Let us see some code Contract interp_term (t: term) ( Γ : context) let rec (stdout: ref string) : (bool , context) diverges returns { (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ } raises { EFatal Γ ’ -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ BFatal Γ ’ } raises { EReturn (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BReturn b) Γ ’ } raises { EExit (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BExit b) Γ ’ } Nicolas Jeannerod VALS Seminar July 7, 2017 34 / 61

  51. A sound interpreter Proof Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 35 / 61

  52. A sound interpreter Proof Why it is hard stdout is a reference: exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ Usual fix: provide a witness as a ghost return value. Cannot work here because of exceptions: we would need to catch them all and all the time! Never mind, there are provers based on superposition, let’s use them. Nicolas Jeannerod VALS Seminar July 7, 2017 36 / 61

  53. A sound interpreter Proof Why it is hard stdout is a reference: exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ Usual fix: provide a witness as a ghost return value. Cannot work here because of exceptions: we would need to catch them all and all the time! Never mind, there are provers based on superposition, let’s use them. Nicolas Jeannerod VALS Seminar July 7, 2017 36 / 61

  54. A sound interpreter Proof Why it is hard stdout is a reference: exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ Usual fix: provide a witness as a ghost return value. Cannot work here because of exceptions: we would need to catch them all and all the time! Never mind, there are provers based on superposition, let’s use them. Nicolas Jeannerod VALS Seminar July 7, 2017 36 / 61

  55. A sound interpreter Proof Why it is hard stdout is a reference: exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ Usual fix: provide a witness as a ghost return value. Cannot work here because of exceptions: we would need to catch them all and all the time! Never mind, there are provers based on superposition, let’s use them. Nicolas Jeannerod VALS Seminar July 7, 2017 36 / 61

  56. A sound interpreter Proof Why it is hard stdout is a reference: exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ Usual fix: provide a witness as a ghost return value. Cannot work here because of exceptions: we would need to catch them all and all the time! Never mind, there are provers based on superposition, let’s use them. Nicolas Jeannerod VALS Seminar July 7, 2017 36 / 61

  57. A sound interpreter Proof But it works! 117 proof obligations; 190s on my machine; Uses Alt-Ergo, Z3 and E (crucial); No Coq proof. Nicolas Jeannerod VALS Seminar July 7, 2017 37 / 61

  58. A sound interpreter Proof But it works! 117 proof obligations; 190s on my machine; Uses Alt-Ergo, Z3 and E (crucial); No Coq proof. Nicolas Jeannerod VALS Seminar July 7, 2017 37 / 61

  59. A sound interpreter Proof But it works! 117 proof obligations; 190s on my machine; Uses Alt-Ergo, Z3 and E (crucial); No Coq proof. Nicolas Jeannerod VALS Seminar July 7, 2017 37 / 61

  60. A sound interpreter An other sound interpreter Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 38 / 61

  61. A sound interpreter An other sound interpreter An other sound interpreter let rec interp_term (t: term) ( Γ : context) (stdout: ref string) : (bool , context) diverges returns { (b, Γ ’) -> exists σ . !stdout = concat (old !stdout) σ /\ eval_term t Γ σ (BNormal b) Γ ’ } ... = while true do () done Nicolas Jeannerod VALS Seminar July 7, 2017 39 / 61

  62. A complete interpreter Which formulation? Table of Contents 1. Language Elements of Shell CoLiS Mechanised version 2. A sound interpreter Why? Let us see some code Proof An other sound interpreter 3. A complete interpreter Which formulation? Heights and sizes Skeletons Nicolas Jeannerod VALS Seminar July 7, 2017 40 / 61

  63. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  64. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  65. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  66. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  67. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  68. A complete interpreter Which formulation? Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ : if t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ On paper: We have the soundness, We can prove functionality of the predicate, Thanks to them, we can prove the termination, All of that gives us the completeness. Nicolas Jeannerod VALS Seminar July 7, 2017 41 / 61

  69. A complete interpreter Which formulation? Completeness of the interpreter – In Why3? Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ , if: t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ In Why3: We have the soundness, but we can’t use it in the termination, We can prove the functionality, Thanks to it, and by re-proving the soundness on-the-fly, we can prove the termination, Nicolas Jeannerod VALS Seminar July 7, 2017 42 / 61

  70. A complete interpreter Which formulation? Completeness of the interpreter – In Why3? Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ , if: t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ In Why3: We have the soundness, but we can’t use it in the termination, We can prove the functionality, Thanks to it, and by re-proving the soundness on-the-fly, we can prove the termination, Nicolas Jeannerod VALS Seminar July 7, 2017 42 / 61

  71. A complete interpreter Which formulation? Completeness of the interpreter – In Why3? Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ , if: t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ In Why3: We have the soundness, but we can’t use it in the termination, We can prove the functionality, Thanks to it, and by re-proving the soundness on-the-fly, we can prove the termination, Nicolas Jeannerod VALS Seminar July 7, 2017 42 / 61

  72. A complete interpreter Which formulation? Completeness of the interpreter – In Why3? Theorem (Completeness of the interpreter) For all t, Γ , σ , b and Γ ′ , if: t / Γ ⇓ σ ⋆ b / Γ ′ then t / Γ �→ σ ⋆ b / Γ ′ In Why3: We have the soundness, but we can’t use it in the termination, We can prove the functionality, Thanks to it, and by re-proving the soundness on-the-fly, we can prove the termination, Nicolas Jeannerod VALS Seminar July 7, 2017 42 / 61

  73. A complete interpreter Which formulation? Functionality and termination Theorem (Functionnality of the predicate) For all t, Γ , σ 1 , σ 2 , b 1 , b 2 , Γ 1 , Γ 2 , if: t / Γ ⇓ σ 1 ⋆ b 1 / Γ 1 and t / Γ ⇓ σ 2 ⋆ b 2 / Γ 2 then: σ 1 = σ 2 and b 1 = b 2 and Γ 1 = Γ 2 Theorem (Termination of the interpreter) For all t, Γ , σ , b, Γ ′ , if: t / Γ ⇓ σ ⋆ b / Γ ′ then the interpreter terminates when given t, Γ and a reference. Nicolas Jeannerod VALS Seminar July 7, 2017 43 / 61

  74. A complete interpreter Which formulation? Why we need the soundness and the functionality in the proof of termination Case of the sequence (with non-exceptional behaviours): | TSeq t 1 t 2 -> let (_, Γ 1 ) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout We know that: ∃ σ b Γ ′′ . ( t 1 ; t 2 ) / Γ ⇓ σ ⋆ b / Γ ′′ t 1 / Γ ⇓ σ ′ ⋆ b ′ / Γ ′ ∧ ( ∃ σ ′ b ′ Γ ′ . ∧ t 2 / Γ ′ ⇓ σ ⋆ b / Γ ′′ b ′ ∈ { True , False } ) ∧ But we need to say that that Γ ′ is in fact Γ 1 . Hence the need for the soundness and the functionality. Nicolas Jeannerod VALS Seminar July 7, 2017 44 / 61

  75. A complete interpreter Which formulation? Why we need the soundness and the functionality in the proof of termination Case of the sequence (with non-exceptional behaviours): | TSeq t 1 t 2 -> let (_, Γ 1 ) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout We know that: ∃ σ b Γ ′′ . ( t 1 ; t 2 ) / Γ ⇓ σ ⋆ b / Γ ′′ t 1 / Γ ⇓ σ ′ ⋆ b ′ / Γ ′ ∧ ( ∃ σ ′ b ′ Γ ′ . ∧ t 2 / Γ ′ ⇓ σ ⋆ b / Γ ′′ b ′ ∈ { True , False } ) ∧ But we need to say that that Γ ′ is in fact Γ 1 . Hence the need for the soundness and the functionality. Nicolas Jeannerod VALS Seminar July 7, 2017 44 / 61

  76. A complete interpreter Which formulation? Why we need the soundness and the functionality in the proof of termination Case of the sequence (with non-exceptional behaviours): | TSeq t 1 t 2 -> let (_, Γ 1 ) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout We know that: ∃ σ b Γ ′′ . ( t 1 ; t 2 ) / Γ ⇓ σ ⋆ b / Γ ′′ t 1 / Γ ⇓ σ ′ ⋆ b ′ / Γ ′ ∧ ( ∃ σ ′ b ′ Γ ′ . ∧ t 2 / Γ ′ ⇓ σ ⋆ b / Γ ′′ b ′ ∈ { True , False } ) ∧ But we need to say that that Γ ′ is in fact Γ 1 . Hence the need for the soundness and the functionality. Nicolas Jeannerod VALS Seminar July 7, 2017 44 / 61

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas Jeannerod Ralf Treinen VSTTE, July 22, 2017 Nicolas Jeannerod VSTTE17 July 22, 2017 1 / 36 General goal The CoLiS project. Correctness

1.27k views • 94 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter

C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter

C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter developed under BSD UNIX. It incorporates features of other shells and a history mechanism. Tcsh development is currently maintained by tcsh.org.

737 views • 25 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands 2 School of Computer Science Open University The Netherlands

778 views • 62 slides
Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The

Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The

Fall 2009 Lecture 9 Operating Systems: Configuration & Use CIS345 T HE B OURNE A GAIN S HELL Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The Bourne Again Shell is a command interpreter and high-

1.59k views • 134 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
Sliding-Window Aggregation in Worst-Case Constant Time Martin Hirzel, IBM Research AI 30 October

Sliding-Window Aggregation in Worst-Case Constant Time Martin Hirzel, IBM Research AI 30 October

Sliding-Window Aggregation in Worst-Case Constant Time Martin Hirzel, IBM Research AI 30 October 2017 Dagstuhl Seminar on Big Stream Processing Systems Streaming Engines Telco Medical Science Finance , Streaming engine Insights Actions

418 views • 6 slides
POSIX Threads In the UNIX environment a thread: Exists within a process and uses the process

POSIX Threads In the UNIX environment a thread: Exists within a process and uses the process

POSIX Threads In the UNIX environment a thread: Exists within a process and uses the process POSIX Threads resources. Has its own independent flow of control as long as its parent process exists or the OS supports it. HUJI May

311 views • 8 slides
Introduction to Logic Programming Foundations, First-Order Language Temur Kutsia Research

Introduction to Logic Programming Foundations, First-Order Language Temur Kutsia Research

Introduction to Logic Programming Foundations, First-Order Language Temur Kutsia Research Institute for Symbolic Computation Johannes Kepler University Linz, Austria kutsia@risc.jku.at What is a Logic Program Logic program is a set of certain

1.57k views • 80 slides
Motivation to Learn GPGPU Julius Parulek Why to Learn About GPU? Computational power of GPU vs.

Motivation to Learn GPGPU Julius Parulek Why to Learn About GPU? Computational power of GPU vs.

Motivation to Learn GPGPU Julius Parulek Why to Learn About GPU? Computational power of GPU vs. CPU Why to Learn About GPU? NVIDIA GPU relative performances Why to Learn About GPU? Hardware Why to Learn About GPU? Interactive rendering

852 views • 46 slides
Rare Earth Elements Processing ; Current and Emerging Technologies, and evolving needs within

Rare Earth Elements Processing ; Current and Emerging Technologies, and evolving needs within

Rare Earth Elements Processing ; Current and Emerging Technologies, and evolving needs within the Manufacturing Sector, Alaska Strategic and Critical Minerals Summit September 30, 2011 Fairbanks Princess Riverside Lodge Fairbanks, Alaska

511 views • 13 slides
Make Your Reports Look Great with the Versatile Proc Tabulate Ben Cochran The Bedford Group

Make Your Reports Look Great with the Versatile Proc Tabulate Ben Cochran The Bedford Group

Make Your Reports Look Great with the Versatile Proc Tabulate Ben Cochran The Bedford Group bencochran@nc.rr.com A Silver Member of the SAS Alliance Make Your Reports Look Great with the Versatile Proc Tabulate by Ben Cochran Bio:

547 views • 32 slides
Control Expressions and Statements Control Control is the study of the semantics of

Control Expressions and Statements Control Control is the study of the semantics of

Control Expressions and Statements Control Control is the study of the semantics of execution paths through code. What gets executed, When, and In what order? 2 Control Control is achieved by two major ways: The use of

461 views • 45 slides
Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda Introduction What are Lessons Learned? Value to the Project Process and Organization Keanes Approach to Lessons Learned Keys to

261 views • 24 slides

More recommend