abstract read permissions
play

Abstract Read Permissions Fractional Permissions without the - PowerPoint PPT Presentation

Nov 19, 2023 •16 likes •436 views

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

  1. Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Müller ETH Zurich Microsoft Research ETH Zurich

  2. Overview • Verification of (race-free) concurrent programs using fractional permissions • Background • Identify the problem • Abstract read permissions • Handling calls, fork/join • Permission expressions • Conclusions

  3. Fractional Permissions Boyland , SAS’03 • Provide a way of describing disciplined (race-free) use of shared memory locations • Many readers ✓ one writer ✓ never both • Heap locations are managed using permissions • Permission amounts are fractions p from [0,1] ▫ p=0 (no permission) ▫ 0<p<1 (read permission) ▫ p=1 (read/write permission) • Permissions are passed between methods/threads ▫ can be split and recombined, never duplicated

  4. Notation • Examples shown using Implicit Dynamic Frames assertions [Smans’09]. • Permissions represented in assertions by “accessibility predicates”: acc(x.f, p) ▫ means we have permission p to location x.f • Permissions treated multiplicatively; i.e., ▫ acc(x.f, p) && acc(x.f, p) ≡ acc(x.f, 2p) • Related to Sep. Logic [Parkinson/Summers’12] p ▫ Roughly: read acc(x.f,p) as x.f | _ • This work applies to any such program logic • We use Chalice language syntax [Leino/Müller]

  5. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  6. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  7. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  8. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  9. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  10. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  11. Inhale and Exhale • “ inhale P ” and “ exhale P ” are used to encode transfers between threads/calls • “ inhale P ” means: void m() ▫ assume heap properties in p requires P ▫ gain permissions in p ensures Q { • “ exhale P ” means: // inhale P ▫ assert heap properties in p ... // exhale P ▫ check and give up permissions call m() ▫ havoc heap locations to which // inhale Q ... no permission is now held // exhale Q }

  12. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee method evaluate(Cell c) requires acc (c.f , ? ) ensures acc (c.f , ? ) { /* ... calculations ... */ }

  13. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee method evaluate(Cell c) method main(Cell c) requires acc (c.f , 2/3 ) requires acc (c.f, 1/2 ) ensures acc (c.f , 2/3 ) { { call evaluate(c) ✘ /* ... calculations ... */ } }

  14. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen method equals(Cell c) requires acc (this.f , ? ) && acc (c.f , ? ) ensures acc (this.f , ? ) && acc (c.f , ? ) { /* ... comparisons ... */ }

  15. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen What if method equals(Cell c) this = c ? requires acc (this.f , 2/3 ) && acc (c.f , 2/3 ) ensures acc (this.f , 2/3 ) && acc (c.f , 2/3 ) { /* ... comparisons ... */ }

  16. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen method equals(Cell c) requires acc (this.f , 1/3 ) && acc (c.f , 1/3 ) && (this != c ==> acc (this.f , 1/3 ) && acc (c.f , 1/3 )) ensures acc (this.f , 1/3 ) && acc (c.f , 1/3 ) && (this != c ==> acc (this.f , 1/3 ) && acc (c.f , 1/3 )) { /* ... comparisons ... */ }

  17. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen • Recursive methods require parameterisation method m(Cell c) requires acc (c.f , ? ) ensures acc (c.f, ? ) { // do stuff call m(c) // do more stuff }

  18. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen • Recursive methods require parameterisation method m(Cell c, Perm p ) requires acc (c.f , ? ) ensures acc (c.f, ? ) { // do stuff call m(c) // do more stuff }

  19. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen • Recursive methods require parameterisation method m(Cell c, Perm p ) requires acc (c.f , p ) ensures acc (c.f, p ) { // do stuff call m(c) // do more stuff }

  20. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen • Recursive methods require parameterisation method m(Cell c, Perm p ) requires acc (c.f , p ) ensures acc (c.f, p ) { // do stuff call m(c, p/2 ) // do more stuff }

  21. Difficulties with Fractional Permissions • Concrete fractions cause tension: caller vs callee ▫ Reuse can be made difficult ▫ Framing may be compromised • Aliasing information is relevant to values chosen • Recursive methods require parameterisation • Manual book-keeping is tedious ▫ Creates “noise” in specifications and new mistakes ▫ Programmers ideally only need care about:  when does a thread have full (write) permission?  when does a thread have some (read) permission?  … and differences in amounts of permission (…later)

  22. Example: Workers Tree Worker 1 class Node { Worker 2 Worker 3 Node l, r Outcome method work(Data data) Worker 4 Worker 5 Worker 6 Worker 8 requires «permission to data.f» ensures «permission to data.f» { Outcome out := new Outcome() How much permission? if (l != null ) left := fork l.work(data) if (r != null ) right := fork r.work(data) /* perform work on this node, using data.f */ if (l != null ) out.combine( join left) if (r != null ) out.combine( join right) return out } }

  23. Abstract Read Permissions • Introduce abstract read permissions: acc(o.f,rd) ▫ corresponds to a fixed, positive, and unknown fraction ▫ positive amount: allows reading the location o.f • Specifications are written using ▫ acc(o.f,1) to represent the full permission (read/write) ▫ acc(o.f,rd) for read permissions • In general, different read permissions can correspond to different fractions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions Owners, Group Members, and Everyone Else Read, Writing, and Executing Digression: Number Systems chmod - Change

280 views • 14 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
AAAA2020 Abstract Submission Deadline : March 13 th , 2020 Please read all submission guidelines,

AAAA2020 Abstract Submission Deadline : March 13 th , 2020 Please read all submission guidelines,

AMERICAN ACADEMY of ANESTHESIOLOGIST ASSISTANTS Student Poster Presentation Descriptions and Guidelines AAAA2020 Abstract Submission Deadline : March 13 th , 2020 Please read all submission guidelines, utilize the AAAA abstract submission

221 views • 4 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA

Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA

Consumer Credit Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA will write to firms giving them a 3mth window for full applications Firms will be able to apply to vary their permissions and use

274 views • 8 slides
The Internet 192.168.178.1/24 DHCP 192.168.178.42/24 GW: 192.168.178.1 The

The Internet 192.168.178.1/24 DHCP 192.168.178.42/24 GW: 192.168.178.1 The

iNNOVO Cloud Can You Read this? Red Blue Magenta White Yellow Green -All colors visible? Can You Read this? -All circles round? Can You Read this? -All edges Can You Read this? visible? Can You Read this? Beamer Testpicture 16:9 1

1.3k views • 43 slides
Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read

Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read

Paper Reading and Presentation CMPS 7010 Research Seminar A Three-Phase Approach How to read a paper by Srinivasan Keshav, University of Waterloo Phase 1 (5-10 min) Carefully read the title, abstract, and intro Read the section and

496 views • 22 slides
Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run

459 views • 29 slides
CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes Week 3 : Users, Permissions, Processes, and Pipes Module Leader: Dr Gordon Russell Lecturers: G. Russell, R.Ludwiniak Aliases: CSN11122 (Distance

644 views • 51 slides
Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009 Regions and Permissions for Data Invariants 1 / 1 Motivation preservation of data invariants in pointer programs ownership system of Spec#

301 views • 29 slides
ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f

ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f

ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f e e l c l e v e r WHAT IS ABSTRACT OF RESEARCH PAPER? An abstract summarizes, usually in one paragraph of 300 words or less, the major aspects

263 views • 10 slides
Lecture 14 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn

Lecture 14 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn

Lecture 14 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Advanced Operating Systems 9 January, 2013 SOA/OS Lecture No, Android Permissions Demystified 1/41 Introduction Android

422 views • 41 slides
multi-threaded programs Authors: K. Rustan Leino, P. Mller Speaker: Martin Lanter 1

multi-threaded programs Authors: K. Rustan Leino, P. Mller Speaker: Martin Lanter 1

A Basis for Verifying multi-threaded programs Authors: K. Rustan Leino, P. Mller Speaker: Martin Lanter 1 Challenges in multi-threading Fine-grained locking Thread-local and shared objects Distinguish between read and write access

420 views • 25 slides
Having an Effective Annual Career Conference (ACC) Center for Faculty Development Goals To

Having an Effective Annual Career Conference (ACC) Center for Faculty Development Goals To

Having an Effective Annual Career Conference (ACC) Center for Faculty Development Goals To facilitate effective annual career conferences To provide resources for those running and having an annual career conference Leadership Training

305 views • 14 slides
Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David

Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David

Automatic Generation of Efficient Accelerator Designs for Reconfigurable Hardware David Koeplinger Raghu Prabhakar Yaqi Zhang Christina Delimitrou Christos Kozyrakis Kunle Olukotun Stanford University ISCA 2016 FPGAs in Data Centers

299 views • 26 slides
Polly-ACC: Transparent Compilation to Heterogeneous Hardware Torsten Hoefler (with Tobias Grosser)

Polly-ACC: Transparent Compilation to Heterogeneous Hardware Torsten Hoefler (with Tobias Grosser)

spcl.inf.ethz.ch @spcl_eth Polly-ACC: Transparent Compilation to Heterogeneous Hardware Torsten Hoefler (with Tobias Grosser) 1 spcl.inf.ethz.ch @spcl_eth Evading various ends the hardware view 2 spcl.inf.ethz.ch @spcl_eth

481 views • 26 slides
A New DSP Approach for 5G and AI Albert Camilleri VP Business Development North America VSORA

A New DSP Approach for 5G and AI Albert Camilleri VP Business Development North America VSORA

A New DSP Approach for 5G and AI Albert Camilleri VP Business Development North America VSORA Inc. Company Background Company founded in 2015 Headquarters: France Paris Each founder has more than 10 years experience in Digital

168 views • 12 slides
Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas Carlini Google Research Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Lessons Learned from Evaluating the

1.28k views • 127 slides
Mapping Observed Variability in TeV Blazars to Possible Causes Adam Higuera, Markos

Mapping Observed Variability in TeV Blazars to Possible Causes Adam Higuera, Markos

Mapping Observed Variability in TeV Blazars to Possible Causes Adam Higuera, Markos Georganopoulos, Demosthenes Kazanas, Eric Perlman TeV Blazars Introduction Radio-loud active galactic nucleus with a relativistic jet pointed directly

384 views • 23 slides
Network in Network (NiN) Network in Network (NiN) In [1]: import d2l from mxnet import gluon,

Network in Network (NiN) Network in Network (NiN) In [1]: import d2l from mxnet import gluon,

2/27/2019 nin slides Network in Network (NiN) Network in Network (NiN) In [1]: import d2l from mxnet import gluon, init, nd from mxnet.gluon import nn http://127.0.0.1:8000/nin.slides.html?print-pdf/#/ 1/4 2/27/2019 nin slides In [2]: def

194 views • 4 slides

More recommend