le lever eragin aging g rust types es for modular lar
play

Le Lever eragin aging g Rust Types es for Modular lar Speci - PowerPoint PPT Presentation

Sep 16, 2023 •261 likes •451 views

Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification Vytautas Astrauskas Peter Mller Federico Poli Alexander J. Summers Department of Computer Science Analogy with C verification void client(list *

  1. Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification Vytautas Astrauskas Peter Müller Federico Poli Alexander J. Summers Department of Computer Science

  2. Analogy with C verification void client(list * a, list * b) Functional properties { int old_len = b->len; Memory Errors append(a, 100); assert(b->len == old_len); Aliasing } C Data Races 1

  3. Verification Ingredients Predicates Memory * list(a) list(b) Auxiliary annotations Disjointness … acc(b.len) of memory Ownership / Permissions What is this like to use? 2

  4. Verification Ingredients at Scale Owned field Predicate Requires an expert Auxiliary Owned field Disjointness Predicate annotation Disjointness Disjointness Owned field Predicate Disjointness Predicate Auxiliary Predicate Auxiliary annotation Owned field annotation Auxiliary annotation Auxiliary Owned field Predicate annotation Auxiliary Owned field annotation Auxiliary Disjointness Auxiliary annotation annotation Auxiliary Predicate annotation Disjointness Auxiliary Auxiliary annotation Predicate These steps are mandatory annotation Disjointness Auxiliary Auxiliary Disjointness Predicate annotation annotation Disjointness Auxiliary Auxiliary annotation annotation Auxiliary annotation Auxiliary Auxiliary Predicate Auxiliary annotation annotation annotation Auxiliary Predicate annotation Auxiliary annotation Auxiliary Auxiliary Predicate annotation annotation “Core proof” Auxiliary Auxiliary annotation annotation Predicate Disjointness 3

  5. Rust, and its type system fn client(a: &mut List, b: &mut List) Functional properties { let old_len = b.len(); No Memory Errors Memory Errors? append(a, 100); assert!(b.len() == old_len); Controlled Aliasing Aliasing? } Rust No Data Races Data Races? Can we exploit this type system for verification ? 4

  6. Wha What woul uld d we like? 5

  7. Prusti: An Overview Specs Leveraging Rust Types for Modular Specification and Verification To appear at OOPSLA 2019, Athens, Greece (next week) 6 https://www.rust-lang.org/logos/rust-logo-blk.svg is licensed under CC BY 4.0

  8. The Prusti Approach Rust Verification Ingredients Predicates and Types Ownership Signature Pre/postconditions Compiler analyses Auxiliary annotations (e.g. borrow checker) U s a n b o l n e User specifications - e b Functional specification x y p (optional) e r t s 7

  9. Core Proofs: Behind the Scenes Owned field Ownership, Predicates, Annotations Predicate Requires an expert Auxiliary Owned field Disjointness Predicate annotation Disjointness Disjointness all generated automatically Owned field Predicate Disjointness Predicate Auxiliary Predicate Auxiliary annotation Owned field annotation Auxiliary annotation Auxiliary Owned field Predicate annotation Auxiliary Owned field annotation Auxiliary Disjointness Auxiliary annotation annotation Auxiliary Predicate annotation Disjointness Users write functional specifications Auxiliary Auxiliary annotation Predicate These steps are mandatory annotation Disjointness Auxiliary Auxiliary Disjointness (optionally) Predicate annotation annotation Disjointness Auxiliary Auxiliary annotation annotation Auxiliary annotation Auxiliary Auxiliary Predicate Auxiliary annotation annotation annotation Auxiliary Predicate annotation Auxiliary annotation Auxiliary Auxiliary Predicate annotation annotation Abstraction level: Rust expressions Auxiliary Auxiliary annotation annotation Predicate Disjointness 8

  10. Type Encoding struct List { val: i32 , next: Option < Box <List>> } Rust predicate List(self: Ref ) List { acc (self.val) ⁎ i32 val acc (self.next) ⁎ self i32(self.val) ⁎ next OptionBoxList OptionBoxList(self.next) } Viper 9

  11. Signature Encoding fn client(a: &mut List, b: &mut List) Rust * a: List b: List method client(a: Ref , b: Ref ) method client(a: Ref , b: Ref ) requires List(a) ⁎ List(b) requires List(a) ⁎ List(b) && a.sorted() && … ensures List(a) ⁎ List(b) ensures List(a) ⁎ List(b) && a.sorted() Viper 10

  12. Reborrowing Challenges fn get(t: &mut BinaryTree) -> &mut BinaryTree { // traverse somehow; return a subtree } Rust Mutable Frozen For the caller: Mutable 11

  13. Reborrowing Challenges fn get(t: &mut BinaryTree) -> &mut BinaryTree { // traverse somehow; return a subtree } Rust Permissions? Combined effect? 12

  14. Reborrowing Challenges fn get(t: &mut BinaryTree) -> &mut BinaryTree { fn get(t: &mut BinaryTree) -> &mut BinaryTree { // return a subtree // traverse somehow; return a subtree } } Rust Permissions: magic wand Novel specification: pledges (see OOPSLA paper for details…) ( ) ꟷ * * s s 13

  15. Evaluation (no specifications) 500 most 11’791 (21%) 100% of functions: downloaded supported core proof verifies packages (crates) functions No specification Total: ~40K loc Total: 1M lines of Viper Auxiliary annotations: 100K 14 https://www.rust-lang.org/logos/cargo.png is licensed under CC BY 4.0

  16. Evaluation with specifications rosettacode.org + Specification 15

  17. What else is in the paper? VIPER ENCODING AUTOMATION PLEDGES RUST SUBSET Leveraging Rust Types for Modular Specification and Verification To appear at OOPSLA 2019, Athens, Greece (next week) 16

  18. Conclusion Plenty more to work on! e.g. closures, unsafe code, reference counting, standard libraries, … Dramatically simplifies Rust verification Enables verification by developers On the lookout for Master’s (ETH/UBC) and PhD students (UBC) - get in touch! prusti.ethz.ch 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lever everaging Open- aging Open-Sour Source P ce Power Measur ower Measuremen ement Standar

Lever everaging Open- aging Open-Sour Source P ce Power Measur ower Measuremen ement Standar

Embedded Linux C Embedded Linux Confer onference Eur ence Europe ope Oc October 15th, 2014 tober 15th, 2014 Dsseldor Dsseldorf, , German Germany Lever everaging Open- aging Open-Sour Source P ce Power Measur ower Measuremen

726 views • 25 slides
Starting Rust from a Scripting Background Run Rust Deploy, Write, and Improve Rust Write Rust

Starting Rust from a Scripting Background Run Rust Deploy, Write, and Improve Rust Write Rust

http://talks.edunham.net/scale15x Rust 101 E. Dunham @qedunham Intro Starting Rust from a Scripting Background Run Rust Deploy, Write, and Improve Rust Write Rust Improve Rust E. Dunham @qedunham March 5, 2017

865 views • 75 slides
Caring for an Aging Parent Be Prepared Caring For An Aging Parent Caring for an Aging Parent

Caring for an Aging Parent Be Prepared Caring For An Aging Parent Caring for an Aging Parent

Caring for an Aging Parent Be Prepared Caring For An Aging Parent Caring for an Aging Parent Todays Agenda Demographics Caregiving: Yesterday and Today Consequences of Caregiving Types of Care and Options Legal and Financial

787 views • 30 slides
Rivington Terraced Gardens www.rivingtonheritagetrust.co.uk Overview Rivington before Lever

Rivington Terraced Gardens www.rivingtonheritagetrust.co.uk Overview Rivington before Lever

West Pennine Moors AMC 15 th July 2015 Rivington Terraced Gardens www.rivingtonheritagetrust.co.uk Overview Rivington before Lever Lever and Mawson Roynton Cottage and Phase 1 The Bungalow and Phase 2 Post-Lever Magee to

268 views • 23 slides
The Rust Programming Language Ben Goldberg Rust A Programming Language for the Future Thank You

The Rust Programming Language Ben Goldberg Rust A Programming Language for the Future Thank You

The Rust Programming Language Ben Goldberg Rust A Programming Language for the Future Thank You Thank you to rust-lang.org for providing content and examples! Overview The sales pitch Use cases The Rust language Other Languages

1.18k views • 63 slides
www.rust-lang.org An Overview of the Rust Programming Language Jim Royer CIS 352 April 29,

www.rust-lang.org An Overview of the Rust Programming Language Jim Royer CIS 352 April 29,

www.rust-lang.org An Overview of the Rust Programming Language Jim Royer CIS 352 April 29, 2019 CIS 352 Rust Overview 1 / 1 CIS 352 Rust Overview 2 / 1 References Sample code: Factorial, 1 The Rust Programming Language by S. Klabnik and

589 views • 7 slides
Using Rust on RIOT OS Christian M. Ams uss &lt;ca@etonomy.org&gt; 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss &lt;ca@etonomy.org&gt; 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss &lt;ca@etonomy.org&gt; 2019-09-05 RIOT Summit, Helsinki Outline The Rust language and ecosystem Rust on embedded systems Rust on RIOT Simple things: functions and variables fn

804 views • 24 slides
Rust: Reach F us th es ! Nich om as Matsakis 1 Q. What is Rust? Q. Why should I care? 2 Q.

Rust: Reach F us th es ! Nich om as Matsakis 1 Q. What is Rust? Q. Why should I care? 2 Q.

Rust: Reach F us th es ! Nich om as Matsakis 1 Q. What is Rust? Q. Why should I care? 2 Q. What is Rust? A. High-level code, low-level performance Q. Why should I care? 3 Decisions GC Control, flexibility

1.15k views • 67 slides
#02: Mining Before we start Download and install Rust if you want to code along:

#02: Mining Before we start Download and install Rust if you want to code along:

Blockchain In Rust #02: Mining Before we start Download and install Rust if you want to code along: https://www.rust-lang.org/ If youre on Windows, youll also need Microsoft Visual C++ Build Tools 2017:

372 views • 11 slides
JAKIN ETA EREIN Aldaketa klimatikoa eta planetaren energia Erein?, sembrar -&gt; Eragin: promover

JAKIN ETA EREIN Aldaketa klimatikoa eta planetaren energia Erein?, sembrar -&gt; Eragin: promover

JAKIN ETA EREIN Aldaketa klimatikoa eta planetaren energia Erein?, sembrar -&gt; Eragin: promover Jakintsua da erein/eragiten duena EREIN BERAKATZA -&gt; DAKIENA DA EREITEN DUENA, BASERRITARRA !! The broad remit of IPBES requires it to engage

397 views • 12 slides
Extending Python with Rust Introduction and a hands-on demo of writing Python extension in Rust

Extending Python with Rust Introduction and a hands-on demo of writing Python extension in Rust

Extending Python with Rust Introduction and a hands-on demo of writing Python extension in Rust This talk Why? Why Rust? Binginds Dynamic library Web service example Docker example Compile and distribute

336 views • 14 slides
MODULAR PREFAB BUILDING INNOVATIONS SP SPUR Emerging Building Types Ju June e 5 th th , ,

MODULAR PREFAB BUILDING INNOVATIONS SP SPUR Emerging Building Types Ju June e 5 th th , ,

MODULAR PREFAB BUILDING INNOVATIONS SP SPUR Emerging Building Types Ju June e 5 th th , , 2019 Dean Lewis, PE SE - Associate DCI ENGINEERS Licensed in all 50 States with projects in Canada, Central &amp; South America, China, and Japan

735 views • 39 slides
sled and rio Rust DB + io_uring = @sadisticsystems sled.rs who am I building Rust databases

sled and rio Rust DB + io_uring = @sadisticsystems sled.rs who am I building Rust databases

sled and rio Rust DB + io_uring = @sadisticsystems sled.rs who am I building Rust databases since 2014 previously worked at some social media &amp; infrastructure companies for fun, I build and destroy distributed databases

1.58k views • 52 slides
TESTING IN RUST A PRIMER IN TESTING AND MOCKING @donald_whyte FOSDEM 2018 ABOUT ME Soware

TESTING IN RUST A PRIMER IN TESTING AND MOCKING @donald_whyte FOSDEM 2018 ABOUT ME Soware

TESTING IN RUST A PRIMER IN TESTING AND MOCKING @donald_whyte FOSDEM 2018 ABOUT ME Soware Engineer @ Engineers Gate Real-time trading systems Scalable data infrastructure Python/C++/Rust developer MOTIVATION Rust focuses on memory

1.47k views • 100 slides
Rust In It for the Long Haul Carol (Nichols || Goulding) @carols10cents is.gd/rustLH Online

Rust In It for the Long Haul Carol (Nichols || Goulding) @carols10cents is.gd/rustLH Online

Rust In It for the Long Haul Carol (Nichols || Goulding) @carols10cents is.gd/rustLH Online Print Manning liveVideo Integer 32 Rust Core Team (yep, Im biased) Plan Railroad industry C Rust What the software

1.66k views • 140 slides
Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team;

Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team;

Should you Rust in embedded yet? Who am I? Simonas Kazlauskas; Member of the Rust compiler team; Day job: fjrmware for electricity meters; kazlauskas.me; @nagisa on GitHub, @simukis on Twitter. Why does embedded matter? Embedded is virtually

382 views • 16 slides
Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick

Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick

Joint Probabilistic Matching Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick Ian Reid 1 Introduction One-to-One Graph Matching in Computer Vision Action Recognition Feature Point

809 views • 45 slides
Securing the connected world Flexible and scalable embedded security IP Pieter Willems

Securing the connected world Flexible and scalable embedded security IP Pieter Willems

Securing the connected world Flexible and scalable embedded security IP Pieter Willems pieter.willems@silexinsight.com V2.0 2019 Overview Silex Insight Introduction Embedded security markets and applications Security

590 views • 15 slides
Ab initio cryo-EM structure determination as a validation problem Pawel A. Penczek The

Ab initio cryo-EM structure determination as a validation problem Pawel A. Penczek The

Ab initio cryo-EM structure determination as a validation problem Pawel A. Penczek The University of Texas Houston Medical School, Department of Biochemistry Thursday, November 13, 14

893 views • 48 slides
Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich

Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich

Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich Joint work with Uri Juhasz, Ioannis Kassios, Peter Mller, Milos Novacek, Malte Schwerhoff (and many students) 16 th July 2015, Imperial Concurrency

842 views • 14 slides
OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen

OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen

OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen Group DBIS Albert-Ludwigs-Universit at Freiburg June 11, 2006 T. Hornung, K.Simon, G.Lausen (DBIS) OntoGather PPSWR 06 1 / 5 Classic Web search

564 views • 8 slides
You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was

You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was

Pastor Patrick D. Owens You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was called Malta. 2 The islanders showed us extraordinary kindness. They kindled a fire and welcomed all of us because it was

453 views • 16 slides
Towards A New Type of Prover: On the Benefits of Discovering Sequences of Related Proofs

Towards A New Type of Prover: On the Benefits of Discovering Sequences of Related Proofs

Towards A New Type of Prover: On the Benefits of Discovering Sequences of Related Proofs David M. Cerna April 10 th , 2019 slide 1/29 State of this work Disclaimer: This investigation is in a very early stage. Essentially, we have

803 views • 38 slides
OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

VIPER SCREENING BUCKETS Made in Finland by Ajutech Oy OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted partner both among AM and OEM customers Product range includes ten basic models of

412 views • 10 slides

More recommend