pragmatic typestate verification with permissions
play

Pragmatic Typestate Verification with Permissions - PowerPoint PPT Presentation

Jan 24, 2023 •291 likes •1.13k views

Pragmatic Typestate Verification with Permissions with Kevin Bierhoff, with Kevin Bierhoff, Nels Beckman, Sven

  1. Pragmatic Typestate Verification with Permissions ���������������� �������������������������� with Kevin Bierhoff, with Kevin Bierhoff, Nels Beckman, Sven Stork, and Yoon Phil Kim Spring 2010 (Yoon Phil Kim not pictured)

  2. Software development today heavily relies on re%usable APIs APIs in this talk include libraries and frameworks APIs in this talk include libraries and frameworks Many APIs require clients to follow ��������� that allow API implementations to work correctly Protocols in this work are defined based on ���������� ���������������� ����������������������� �

  3. Protocol Examples: Iterators and InputStreams ��������� ������������ • Return all elements • Read from a of a sequence character stream read() read() available hasNext() is ���� close() next() open closed hasNext() is ����� end External choice: read() or close() Internal choice: Return value available or end ���������������� ����������������������� � ���������������������������������������������������������������������

  4. APIs are hard to use and implement ������������������ ���������������� • Difficult to understand • Documentation consistent correct usage with actual code • Incorrect use does not • Consistent runtime tests to always lead to clear errors protect against misuse • Hard to guarantee protocol • Shared objects might be is followed on all paths is followed on all paths modified unexpectedly modified unexpectedly • Code modifications may • Reentrancy introduce new errors • Unexpected overriding and open recursion ��������������������������!������������������������ ���������������� ����������������������� �

  5. Automatically check API designers specify code against protocols API protocols Interactive protocol violation warnings ���������������� ����������������������� �

  6. Checking protocol compliance is hard s = new BufferedInputStream(); Problem: What if there are other while((c = s.read()) >= 0) references to the object c? ��������� " #�������������$ s.close(); read() read() private void fill() { private void process(int c) { private void process(int c) { pos = 0; pos = 0; if(valid(c)) { B } int cnt = underlyingStream.read(B); open closed open closed close() close() else s.close(); count = pos + cnt; } } ����������������������$ public synchronized int read() { if (pos >= count) { Problems: Does this object use ����� " other objects correctly? What if if (pos >= count) return %1; } multiple threads are involved? return buf[pos++] & 0xff; } ���������������� ����������������������� �

  7. Key Challenges in Previous Work Previous work provides ��������������� checking of both ������� and ��������������� But, previous work had serious limitations: • Limited tracking of ������� state • ���������������� state changes • • ����������� ����������� • Dynamic ����������� • States with ��������������� and �������� • Verifying ��������� code • �������� states in subclasses • ������� superclasses that are in different states • ������������ typestate ���������������� ����������������������� �

  8. Contributions Previous work provides ��������������� checking of both ������� and ��������������� Our contributions • New modular approaches to tracking ������� state • ���������������� state changes • • ����������� ����������� • Dynamic ����������� • States with ��������������� and �������� • Verifying ��������� code • �������� states in subclasses • ������� superclasses that are in different states • ������������ typestate ���������������� ����������������������� �

  9. Outline Previous work provides ��������������� checking of both �������� and ��������������� Our contributions • New modular approaches to tracking ������� state • ���������������� state changes • • ����������� ����������� • Dynamic ����������� • States with ��������������� and �������� ���������������� ����������������������� �

  10. Typestate Specification ������� open, closed • Declare states open, closed ������ StreamProtocol { ���� ⇒ ⇒ ���%�� ( ���� ) ��� open ⇒ ⇒ • Constructor returns ���%�� ������� StreamProtocol() { B } permission to open stream ���� ( ���� ) ��� open • Read requires ���� (exclusive ⇒ ���� ( ���� ) ��� open ⇒ ⇒ ⇒ ⇒ ⇒ ⇒ ���� ( ���� ) ��� open ⇒ write) access to open stream ����������� read() { B } ���� ( ���� ) ��� open • Close transitions from open ⇒ ⇒ ���� ( ���� ) ��� closed ⇒ ⇒ to closed �������&���� close() { B } } ���������������� ����������������������� ��

  11. Typestate Verification ������� open, closed StreamProtocol s = ��!� StreamProtocol(); ������ StreamProtocol { ���%�� ( � ) ��� open ���� ⇒ ⇒ ���%�� ( ���� ) ��� open ⇒ ⇒ !���� (s.available() > 0) ������� StreamProtocol() { B } s.read(); ������������������������� ���%�� ( � ) ��� open ���� ( ���� ) ��� open s.close(); ⇒ ⇒ ⇒ ⇒ ���� ( ���� ) ��� open ⇒ ⇒ ⇒ ⇒ ���� ( ���� ) ��� open ���%�� ( � ) ��� closed ���%�� ( � ) ��� closed ����������� read() { B } ���������������������������� s.read(); ���� ( ���� ) ��� open ⇒ ⇒ ���� ( ���� ) ��� closed ⇒ ⇒ �������&���� close() { B } } ���������������� ����������������������� ��

  12. Modular Typestate Verification ���� ( � ) ��� open ⇒ ⇒ ���� ( � ) ��� open ⇒ ⇒ ������� open, closed ������ StreamProtocol { &���� process(StreamProtocol s) { ���� ⇒ ⇒ ���%�� ( ���� ) ��� open ⇒ ⇒ ���� ( � ) ��� open ������� StreamProtocol() { B } s.read(); ������������������������� ���� ( � ) ��� open ���� ( ���� ) ��� open } ⇒ ⇒ ���� ( ���� ) ��� open ⇒ ⇒ ⇒ ���� ( ���� ) ��� open ⇒ ⇒ ⇒ ����������� read() { B } StreamProtocol s = ��!� StreamProtocol(); ���%�� ( � ) ��� open ���� ( ���� ) ��� open !���� (s.available() > 0) ⇒ ⇒ ���� ( ���� ) ��� closed ⇒ ⇒ ������������������������� process(s); �������&���� close() { B } ���%�� ( � ) ��� open } s.close(); ���%�� ( � ) ��� closed ���������������� ����������������������� ��

  13. DEMONSTRATION % PLURAL • Plural.test.StreamProtocol ���������������� ����������������������� ��

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

436 views • 42 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Pragmatic Agility Pragmatic Agility Presented by: Andy Hunt The Pragmatic Programmers

Pragmatic Agility Pragmatic Agility Presented by: Andy Hunt The Pragmatic Programmers

W11 Concurrent Session Wednesday 11/12/2008 12:45 PM 2:15 PM Pragmatic Agility Pragmatic Agility Presented by: Andy Hunt The Pragmatic Programmers Presented at: Agile Development Practices 2008 November 10 - 14, Orlando, FL., USA 330

61 views • 3 slides
Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
DESIGN OF PRAGMATIC TRIALS Ana Quiones, PhD & Jonathan Jackson, PhD April 16, 2020

DESIGN OF PRAGMATIC TRIALS Ana Quiones, PhD & Jonathan Jackson, PhD April 16, 2020

National Institute on Aging (NIA) IMbedded Pragmatic Alzheimers Disease (AD) and AD-Related Dementias (AD/ADRD) Clinical Trials (IMPACT) Collaboratory (NIA U54AG063546) HEALTH EQUITY AS FOUNDATIONAL TO THE DESIGN OF PRAGMATIC TRIALS Ana

642 views • 31 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
Pragmatic Evolution of Super 6 and Sky Bet for Resiliency M i c h a e l M a i b a u m S k y B

Pragmatic Evolution of Super 6 and Sky Bet for Resiliency M i c h a e l M a i b a u m S k y B

Pragmatic Evolution of Super 6 and Sky Bet for Resiliency M i c h a e l M a i b a u m S k y B e t t i n g & G a m i n g @ m m a i b a u m Pragmatic and Achievable Focus is on pragmatic, achievable improvements in availability

824 views • 47 slides
COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions Owners, Group Members, and Everyone Else Read, Writing, and Executing Digression: Number Systems chmod - Change

280 views • 14 slides
The HiLo Pragmatic Clinical Trial Myles Wolf, MD, MMSc HILO: PRAGMATIC TRIAL OF HIGHER VS LOWER

The HiLo Pragmatic Clinical Trial Myles Wolf, MD, MMSc HILO: PRAGMATIC TRIAL OF HIGHER VS LOWER

Duke Nephrology The HiLo Pragmatic Clinical Trial Myles Wolf, MD, MMSc HILO: PRAGMATIC TRIAL OF HIGHER VS LOWER SERUM PHOSPHATE TARGETS IN PATIENTS UNDERGOING HEMODIALYSIS Funded under RFA-RM-16-019: NIH Health Care Systems Research

2.59k views • 35 slides
Pragmatic insights Pragmatic insights on the evolution of language evolution of language on the

Pragmatic insights Pragmatic insights on the evolution of language evolution of language on the

Summer Institute in Cognitive Science 2010: The Origins of Language - UQUAM June 27, 2010 Dan Sperber www.dan.sperber.fr Pragmatic insights Pragmatic insights on the evolution of language evolution of language on the Collaborators: Deirdre

860 views • 49 slides
Social (Pragmatic) Communication Disorder Nosheen Qadeer Introduction Social (pragmatic)

Social (Pragmatic) Communication Disorder Nosheen Qadeer Introduction Social (pragmatic)

Social (Pragmatic) Communication Disorder Nosheen Qadeer Introduction Social (pragmatic) communication disorder is characterized by difficulty with the use of social language and communication skills (also called pragmatic communication by

281 views • 14 slides
Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA

Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA

Consumer Credit Update Consumer Credit timeline 1 st April applied for interim permissions 1 st May FCA will write to firms giving them a 3mth window for full applications Firms will be able to apply to vary their permissions and use

274 views • 8 slides
What did Polya Know about One Way Functions and Quantum Randomness Steve Meyer - Pragmatic C

What did Polya Know about One Way Functions and Quantum Randomness Steve Meyer - Pragmatic C

What did Polya Know about One Way Functions and Quantum Randomness Steve Meyer - Pragmatic C Software Corp (sjmeyer@pragmatic-c.com) I. Problem background observation from Leonid Levin paper. Cf. The tale of one way functions (available

358 views • 4 slides
Pragmatic Trials for Uncommon Conditions? Laura M. Dember, M.D. University of Pennsylvania

Pragmatic Trials for Uncommon Conditions? Laura M. Dember, M.D. University of Pennsylvania

Pragmatic Trials for Uncommon Conditions? Laura M. Dember, M.D. University of Pennsylvania Perelman School of Medicine September 27, 2013 Model for 1 st wave of Collaboratory demonstration projects Pragmatic trials conducted within a small

681 views • 20 slides
IT350 Web & Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and

IT350 Web & Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and

IT350 Web & Internet Programming Fall 2015 Set 2: Introduction to HTML5 Introduction and Editing HTML5 HTML 5 (HyperText Markup Language 5) A markup language that specifies the structure and content of documents Separates

784 views • 23 slides
Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency

Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency

Data Structures & Algorithms Skip Lists CS-323 Lecture 07 Spring 2010 Emory University/Dr. Joan A. Smith Looking for Efficiency Dynamic (supports inserts and deletes) Efficient ==> guaranteed logarithmic time for execution Treaps

582 views • 16 slides
First-Class Subkinds in Haskell Subkind emulation Closing subkinds Wolfgang Jeltsch TT U K

First-Class Subkinds in Haskell Subkind emulation Closing subkinds Wolfgang Jeltsch TT U K

First-Class Subkinds in Haskell Wolfgang Jeltsch Recapitulation Subkinds needed First-Class Subkinds in Haskell Subkind emulation Closing subkinds Wolfgang Jeltsch TT U K uberneetika Instituut Teooriaseminar October 27, 2011

456 views • 21 slides
CSE 255 Lecture 13 Data Mining and Predictive Analytics Triadic closure; strong & weak

CSE 255 Lecture 13 Data Mining and Predictive Analytics Triadic closure; strong & weak

CSE 255 Lecture 13 Data Mining and Predictive Analytics Triadic closure; strong & weak ties Monday Random models of networks: Erdos Renyi random graphs (picture from Wikipedia

1.09k views • 59 slides
CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles

CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles

CS 251 Fall 2019 CS 251 Spring 2020 Topics Principles of Programming Languages Principles of Programming Languages Ben Wood Ben Wood Lexical vs dynamic scope Lexical Scope Closures implement lexical scope. Design

410 views • 9 slides
Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 Hillel Kugler 2 1 Massachusetts

Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 Hillel Kugler 2 1 Massachusetts

Motivation Approach Software Model Checking Evaluation Summary Model Checking Using SMT and Theory of Lists Aleksandar Milicevic 1 Hillel Kugler 2 1 Massachusetts Institute of Technology Cambridge, MA 2 Microsoft Research Cambridge, UK Third

945 views • 65 slides
Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed

Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed

1 Today Prolog interpreter algorithms Beyond Pure Prolog: meta-predicates Closed World Assumption & Negation as Failure. Alan Smaill Logic Programming Nov 09 2009 2 Algorithms for definite clause interpreter We have seen

430 views • 20 slides
Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S

Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S

Marker-Based Filtering of Bilingual Phrase Pairs for SMT nez Andy Way Felipe S anchez-Mart Dept. Llenguatges i Sistemes Inform` NCLT, School of Computing atics Universitat dAlacant Dublin City University E-03071

720 views • 17 slides

More recommend