behavioural type based static verification framework for
play

Behavioural Type-Based Static Verification Framework for Go Julien - PowerPoint PPT Presentation

Nov 04, 2022 •146 likes •375 views

Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien

  1. Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  2. The Go Programming Language Developed by Google for multicore programming Statically typed, natively compiled, concurrent PL Supports channel-based message passing for concurrency In use by major technology companies etc.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  3. Concurrency in Go Basic primitives and philosophy Do not communicate by sharing memory; Instead, share memory by communicating — Go language proverb Message-passing concurrency primitives Buffered I/O communication over channels Lightweight thread spawning (goroutines) Non-deterministic selection construct Inspired by Hoare’s CSP/process calculi Encourages message-passing over locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  4. Concurrency in Go Concurrency primitives func main() { ch := make(chan int) // Create channel. go send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { // Channel as parameter. ch <- 1 // Send to channel. } Send/receive blocks goroutines if channel full/empty resp. Channel buffer size specified at creation: make(chan int, 1) Other primitives: Close a channel close(ch) Guarded choice select { case <-ch:; case <-ch2: } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  5. Run program: $ go run main.go fatal error: all goroutines are asleep - deadlock! Concurrency in Go Deadlock detection func main() { ch := make(chan int) // Create channel. send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { ch <- 1 } Missing ’go’ keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  6. Concurrency in Go Deadlock detection func main() { ch := make(chan int) // Create channel. send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { ch <- 1 } Run program: $ go run main.go fatal error: all goroutines are asleep - deadlock! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  7. Deadlock NOT detected Concurrency in Go Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it import _ ”net” // Load ”net” package func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  8. Concurrency in Go Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it import _ ”net” // Load ”net” package Add benign import func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 } Deadlock NOT detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  9. Verification framework for Go Overview (2) Model (3) Termina- Address type and Check safety and process gap liveness checking tion checking Pass to termination Create input model Transform and verify prover and formula Behavioural types (1) Type inference SSA IR Go source code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  10. Behavioural Types Types for process calculi, e.g. CCS, π -calculus (Milner 1980, 1992) CSP (Hoare 1978) Model concurrent systems behaviours e.g. Process (thread) creations e.g. (a)sync. send/recv message passing Guarantees free of deadlocks etc. Typically powerful but complex This work instead aims to make behavioural type accessible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  11. Type Abstraction Program/Process Types Analyse Types Analyse “directly” + relate Process ↔ Types e.g. send( x: int ) Data abstracted away Evaluate expressions e.g. send int / bool Accurate but Expensive Check Data needed in some cases ! x == 1 Check x == 2 Process/types mismatch Check x == … 3 classes of processes → State Explosion → (POPL’17) More concrete More abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  12. Type Abstraction Program/Process Types Analyse Types Analyse “directly” + termination check e.g. send( x: int ) Data abstracted away Evaluate expressions e.g. send int / bool Accurate but Expensive Check Data needed in some cases ! x == 1 Check x == 2 Process/types mismatch Check x == … 3 classes of processes → State Explosion → (POPL’17) More concrete More abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  13. Abstracting Go with Behavioural Types Type syntax u | u | τ := α T , S α ; T | T ⊕ S | � { α i ; T i } i ∈ I | ( T | S ) | 0 := ( new a ) T | close u ; T | t ⟨ ˜ u ⟩ | y i ) = T i } i ∈ I in S T { t (˜ := Types of a CCS-like process calculi Abstracts Go concurrency primitives Send/Recv, new (channel), parallel composition (spawn) Go-specific: Close channel, Select (guarded choice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  14. Verification framework for Go (1) Type inference by example func main() { ch := make(chan int) // Create channel go sendFn(ch) // Run as goroutine x := recvVal(ch) // Function call for i := 0; i < x; i++ { print(i) } close(ch) // Close channel } func sendFn(c chan int) { c <- 3 } // Send to channel c func recvVal(c chan int) int { return <-c } // Receive from c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  15. Verification framework for Go (1) Program in Static Single Assignment (SSA) form package main func main.main() func main.sendFn(c) entry entry 0 0 t0 = make chan int 0:int send c <- 42:int go sendFn(t0) return t1 = recvVal(t0) return jump 3 func main.recvVal(c) 3 entry 0 t5 = phi [0: 0:int, 1: t3] #i t0 = <-c t6 = t5 < t1 return t0 i f t6 goto 1 else 2 return for.loop for.done 1 Block of instructions 2 t2 = print(t5) Function boundary t4 = close(t0) t3 = t5 + 1:int Package boundary return jump 3 return Context-sensitive analysis to distinguish channel variables Skip over non-communication code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 , Nicholas Ng 2 , Bernardo Toninho 3 , Nobuko Yoshida 2 1 University of Kent 2 Imperial College London 3 Universidade Nova de Lisboa 1 /26 Julien

506 views • 47 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy Inria Paris-Rocquencourt TYPES meeting, 2014-05-14 X. Leroy (Inria) Verified static analyzer 2014-05-14 1 / 57 In memoriam Radhia Cousot, 2014

647 views • 63 slides
Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of Computer Science CAV 2017 ETH Zurich July 22-28, Heidelberg Writing a Static Analyzer Framework for Java Static Type Checker Static Type

805 views • 46 slides
Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation Jacques-Henri Jourdan, Vincent Laporte Sandrine Blazy, Xavier Leroy , David Pichardie Inria / U. Rennes 1 / ENS Rennes Workshop on Realistic Program

885 views • 63 slides
COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static verification Find defects early Work on incomplete components Work on non-executable items N.B. Testing and debugging cannot start until executable

498 views • 21 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston University md@bu.edu 9 May 2013 What do we want? Correctness Flexibility Responsiveness Practicality Predictability What do we want?

370 views • 26 slides
Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are the values of the static type? C. What are the operations of this type? Oberon Types Rules (Phase I Checks) Numeric types The INTEGER and REAL types

468 views • 12 slides
Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA Rocquencourt &amp; Trusted Logic 1 Outline 1. What makes strongly typed programs more secure? 2. Enforcing strong typing (bytecode verification). 3.

828 views • 45 slides
Static program checking and verification Correctness class ArraySet implements Set { class

Static program checking and verification Correctness class ArraySet implements Set { class

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

445 views • 18 slides
A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for

A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for

A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for Computing in High Energy and Nuclear Physics 13-17 Feb. 2006 Mumbai, India Presented by Andrei Kazarov CERN-ATD/PNPI Petersburg Presentation contents

892 views • 24 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
Applications of Petri Nets in Manufacturing Computational Models for Complex Systems Paolo

Applications of Petri Nets in Manufacturing Computational Models for Complex Systems Paolo

Applications of Petri Nets in Manufacturing Computational Models for Complex Systems Paolo Milazzo Dipartimento di Informatica, Universit` a di Pisa http://pages.di.unipi.it/milazzo milazzo di.unipi.it Laurea Magistrale in Informatica A.Y.

621 views • 25 slides
Announcements Project 2a: Graded see Learn@UW; contact your TA if questions Part 2b will be

Announcements Project 2a: Graded see Learn@UW; contact your TA if questions Part 2b will be

10/27/16 Announcements Project 2a: Graded see Learn@UW; contact your TA if questions Part 2b will be graded end of next week Exam 2: Wednesday 11/9 7:15 9:15 Humanities 3650. If you have an academic conflict, fill out form.

602 views • 24 slides
CMPSCI 377: Operating Systems Discussion 7 Department of Computer Science Administrivia

CMPSCI 377: Operating Systems Discussion 7 Department of Computer Science Administrivia

CMPSCI 377: Operating Systems Discussion 7 Department of Computer Science Administrivia Lab 1 will be graded by the end of the week Lab 2 will be posted today Due two weeks from Friday (November 2) As always, start early

437 views • 6 slides
Deadlock DM519 Concurrent Programming 1 But First: Repetition Monitors and Condition

Deadlock DM519 Concurrent Programming 1 But First: Repetition Monitors and Condition

Chapter 6 Deadlock DM519 Concurrent Programming 1 But First: Repetition Monitors and Condition Synchronisation DM519 Concurrent Programming 2 Monitors &amp; Condition Synchronisation Concepts : monitors: encapsulated data +

805 views • 33 slides
Object Oriented Programming and Design in Java Session 18 Instructor: Bert Huang Announcements

Object Oriented Programming and Design in Java Session 18 Instructor: Bert Huang Announcements

Object Oriented Programming and Design in Java Session 18 Instructor: Bert Huang Announcements Homework 4 due Mon. Apr. 19 No multithreading in programming part Final Exam Monday May 10, 9 AM - noon, 173 MACY (this room) Review

760 views • 24 slides
Vikram Murali Learning from Mistakes A Comprehensive study on Real World Concurrency Bug

Vikram Murali Learning from Mistakes A Comprehensive study on Real World Concurrency Bug

SUPPORT FOR DETERMINISM IN A CONCURRENT PROGRAMMING ENVIRONMENT Vikram Murali Learning from Mistakes A Comprehensive study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo, and Yuanyuan Zhou, 2008 WHY

1.23k views • 66 slides
Parallel and Concurrent Programming Jacob Sparre Andersen JSA Research &amp; Innovation October

Parallel and Concurrent Programming Jacob Sparre Andersen JSA Research &amp; Innovation October

Definitions Failure-modes Solutions Tips and tricks Parallel and Concurrent Programming Jacob Sparre Andersen JSA Research &amp; Innovation October 2017 Jacob Sparre Andersen Parallel and Concurrent Programming Definitions Failure-modes

416 views • 38 slides
A New Linear Logic for Deadlock-Free Session-Typed Processes Ornela Dardha and Simon J. Gay

A New Linear Logic for Deadlock-Free Session-Typed Processes Ornela Dardha and Simon J. Gay

A New Linear Logic for Deadlock-Free Session-Typed Processes Ornela Dardha and Simon J. Gay School of Computing Science, University of Glasgow, United Kingdom {Ornela.Dardha,Simon.Gay}@glasgow.ac.uk Abstract. The -calculus, viewed as a

875 views • 17 slides

More recommend