to interaction trees
play

to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia - PowerPoint PPT Presentation

May 28, 2023 •380 likes •578 views

Specifying, Testing and Verifying a Networked Server From C to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia Lennart Beringer, Wolf Honor, William Mansky Benjamin C. Pierce, Steve Zdancewic January 14, 2019 (CPP) 1

  1. Specifying, Testing and Verifying a Networked Server From C to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia Lennart Beringer, Wolf Honoré, William Mansky Benjamin C. Pierce, Steve Zdancewic January 14, 2019 (CPP) 1

  2. Verification from RFCs to transistors Application One theorem to verify… OS … and test! More projects at deepspec.org… Hardware 01011... 2

  3. Towards a verified web server HTTP Server OS Hardware 01011... 3

  4. Towards a verified web server Swap Server Today: a simplified server OS Hardware 01011... 4

  5. Main contributions • Verifying a networked C program using VST, which can run in CertiKOS • Specification describes what a client can observe over the network • Testable specification, using QuickChick 5

  6. Swap server specification Cat Bat Client 1 Bat Cat Dog Dog Elk Server Client 2 Cat Elk Client 3 Dog 6

  7. Swap server: in the real world Cat • Messages on different connections can be Dog reordered • Messages can be Clients Bat Server / delayed indefinitely Elk Tester Dog 7

  8. Network refinement Observable behavior Specification by clients Network semantics ∪ I network-refi fines Observable behavior Implementation by clients Network semantics Adaptation of Observational refinement/Linearizability 8

  9. *: concepts defined in the paper Overview: proof architecture Specification* Written in Coq Written in C Server implementation Socket API CertiKOS 9

  10. *: concepts defined in the paper Overview: proof architecture Linear Specification* VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 10

  11. Interaction trees *: concepts defined in the paper A unifying specification language Different spec. styles Different abstraction levels Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 11

  12. Interaction trees: example (aka. Free monads) One branch for each possible result ReadBit 0 1 WriteBit 0 ReadBit Shorthand notation for two or more branches tt b2 : bit Ret 1 Ret b2 Type of effects ioE : Inductive ioE : Type -> Type := | ReadBit : ioE bit Result type | WriteBit : bit -> ioE unit . 12

  13. Interaction trees: definition (aka. Free monads) Type of effects (e.g., ioE ) Type of results CoInductive itree ( E : Type -> Type) (R : Type) : Type := | Vis : ∀ Y, E Y -> (Y -> itree E R) -> itree E R | Ret : R -> itree E R | Tau : itree E R -> itree E R . Effect Continuation 13

  14. Interaction trees *: concepts defined in the paper A unifying specification language Different spec. styles Different abstraction levels Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 14

  15. The Swap server “linear specification” CoFixpoint loop (open_conns : list conns) (last_msg : bytes) : itree serverE unit := c <- choose open_conns ;; new_msg <- recv_msg c ;; send_msg c last_msg ;; loop open_conns new_msg. Simplified version (see paper) 15

  16. Interaction trees *: concepts defined in the paper Overview: proof architecture Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 16

  17. Refinement: from C to ITrees Hoare triple: { pre1 * … * preN } C_program { post1 * … * postN } Separating conjunction Interactions allowed by Assertions on C memory the environment { ITree(impl_model ) * … } C_program { … } Example of a networked C program with its implementation model: { ITree(msg <- Recv c ;; Send c msg ;; Implementation model (itree) t) * … } recv(c, buf, len); . C implementation send(c, buf, len); . { ITree (t) * … } Simplified triples (see paper) 17

  18. The Swap server correctness theorem { ITree(impl_model) } C_prog { … } Theorem correct_server : exists impl_model, refines C_prog impl_model /\ network_refines impl_model linear_spec. ∪ I 19

  19. Complete Summary and next steps connection • Verifying a networked C program using VST, which can run in CertiKOS • The specification describes a client can observe over the network • The specification is testable, using QuickChick and Interaction trees Scale up: Improve proof Swap server -> and testing HTTP Server techniques Add more interfaces: filesystem, encryption… New library https://github.com/DeepSpec/InteractionTrees 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees

( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees

B- B -Trees Trees B B- -Trees Trees Search for key R ( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees Trees Each Disk-Read or Disk-Write = one Basic unit of work O(1) Typical Node x

287 views • 4 slides
Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire

Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire

Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire dInformatique de Paris Nord Universit e Paris 13 Journ ees LAC, GDR Informatique Math ematique Chamb ery, February 9, 2007

307 views • 16 slides
Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010,

Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010,

Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010, Aug 26 CNAM, Paris Aim Insight: For which problems can we use TINT? Knowledge: How does TINT work? Inspiration: New ways to evaluate

1.26k views • 15 slides
/ + - * * 5 3 2 6 5 2 Examples Binary Trees BSTs Augmenting BinExpr General Trees

/ + - * * 5 3 2 6 5 2 Examples Binary Trees BSTs Augmenting BinExpr General Trees

Trees Readings: HtDP , sections 14, 15, 16. Topics: Introductory examples and terminology Binary trees Binary search trees Augmenting trees Binary expression trees General arithmetic expression trees Nested lists Examples Binary Trees

1.19k views • 31 slides
Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees,

Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees,

Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees, binary search trees, and AVL and B-Trees. 2 Trees Trees are recursive data structures. They are useful for: representing items that have a tree

622 views • 27 slides
2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes

2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes

CS 16: Balanced Trees 2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes store 1, 2, or 3 keys and have 2, 3, or 4 children, respectively All leaves have the same depth k n r b e h n r b e

800 views • 31 slides
Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees)

Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees)

Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees) Albert-Ludwigs-Universitt Freiburg Prof. Dr. Rolf Backofen Bioinformatics Group / Department of Computer Science Algorithms and Data Structures, January

884 views • 55 slides
the interaction physical characteristics of interaction interaction styles the

the interaction physical characteristics of interaction interaction styles the

The Interaction interaction models chapter 3 translations between user and system ergonomics the interaction physical characteristics of interaction interaction styles the nature of user/ system dialog context

506 views • 12 slides
the interaction The Interaction interaction models translations between user and system

the interaction The Interaction interaction models translations between user and system

chapter 3 the interaction The Interaction interaction models translations between user and system ergonomics physical characteristics of interaction interaction styles the nature of user/ system dialog context

733 views • 24 slides
AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees

AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees

AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees AVL trees S. Prasitjutrakul 1994 AVL Trees : I nsertion m m k k k u u k k m m v t u m m t t u k m u k u p v t k p v v

320 views • 16 slides
Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees

Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees

Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees Anatomy of a Tree a In CS, we look at trees Node from the bottom up Basic element of the tree b c Contains a piece of

321 views • 5 slides
Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck

Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck

Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck http://cseweb.ucsd.edu/classes/sp16/cse21-bd/ April 29, 2016 Another Special Type of Graph: Trees Trees 1. Definitions of trees 2. Properties of trees 3. Revisiting uses of

837 views • 37 slides
Trees a tree represents a hierarchy - organization structure of a corporation Electronics

Trees a tree represents a hierarchy - organization structure of a corporation Electronics

T REES trees binary trees traversals of trees template method pattern data structures for trees Trees 1 Trees a tree represents a hierarchy - organization structure of a corporation Electronics RUs R&amp;D

434 views • 18 slides
Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees

Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees

Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees Regression Trees Classification Trees 1 Idea of Trees: Regression Trees Continuous response Binary Tree y Y=1.2 X 1 X&gt;1 Y=1.4 Y=0.7 2 X

767 views • 17 slides
Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition

Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition

1 CSCI 104 B-Trees (2-3, 2-3-4) and Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition 2-3 Tree is a tree where a 2 Node 4 Non-leaf nodes have 1 value &amp; 2 children or 2 values and 3

998 views • 75 slides
Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections

Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections

Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections 4.5-4.7 4/14/03 Splay Trees and B-Trees - 2 Lecture 9 Self adjusting Trees Ordinary binary search trees have no balance conditions what

371 views • 33 slides
HAPPY LUNAR NEW YEAR 1 IEEE SSCS-2007 Portable Power Management Challenges and Solutions

HAPPY LUNAR NEW YEAR 1 IEEE SSCS-2007 Portable Power Management Challenges and Solutions

IEEE SSCS-2007 HAPPY LUNAR NEW YEAR 1 IEEE SSCS-2007 Portable Power Management Challenges and Solutions Jinrong Qian Portable Power Management Applications Feb 16, 2007 2 IEEE SSCS-2007 Portable Device Market Cellular Phone Unit

472 views • 44 slides
Cricket Activity Detection Ashok Kumar(11164) Javesh Garg(11334) IIT Kanpur March 4, 2014 AI

Cricket Activity Detection Ashok Kumar(11164) Javesh Garg(11334) IIT Kanpur March 4, 2014 AI

AI Project Introduction Our Approach Dataset Collection Future Work References Cricket Activity Detection Ashok Kumar(11164) Javesh Garg(11334) IIT Kanpur March 4, 2014 AI Project Introduction Our Approach Dataset Collection Future

254 views • 22 slides
A Modeling Framework for Future Energy Systems Gran Andersson, ETH Zrich ETH Power Systems

A Modeling Framework for Future Energy Systems Gran Andersson, ETH Zrich ETH Power Systems

A Modeling Framework for Future Energy Systems Gran Andersson, ETH Zrich ETH Power Systems Laboratory Content Energy Hub - Multi energy-carrier systems Power Node - Incorporation of fluctuating power sources - Incorporation of

304 views • 26 slides
eBATS is open to public submission of BATs Which public-key systems (Benchmarkable Asymmetric

eBATS is open to public submission of BATs Which public-key systems (Benchmarkable Asymmetric

eBATS is open to public submission of BATs Which public-key systems (Benchmarkable Asymmetric are smallest? Fastest? Tools). eBATS (ECRYPT Benchmarking e.g. submit encrypting BAT of Asymmetric Systems): with three functions: new project to

100 views • 7 slides
RegEx 1 Readings SUN regexps tutorial

RegEx 1 Readings SUN regexps tutorial

A Quick Introduction to Regular Expressions in Java Lecture 10a RegEx 1 Readings SUN regexps tutorial http://java.sun.com/docs/books/tutorial/extra/regex/index.html Java.util.regex API

356 views • 10 slides
Lets Practice Pronunciation wk 5 HELPS Weekly workshops. Monday to Friday for 15

Lets Practice Pronunciation wk 5 HELPS Weekly workshops. Monday to Friday for 15

HELPS Higher Education Language &amp; Presentation Support Lets Practice Pronunciation wk 5 HELPS Weekly workshops. Monday to Friday for 15 minute Drop In advice, 1:1 consultations, Conversations, Buddy Program and Write Now

440 views • 7 slides
UNDERSTANDING AND PROTESTING YOUR PROPERTY TAX APPRAISAL Bra Brandy Mann Manning Long-Weaver

UNDERSTANDING AND PROTESTING YOUR PROPERTY TAX APPRAISAL Bra Brandy Mann Manning Long-Weaver

5/17/2020 UNDERSTANDING AND PROTESTING YOUR PROPERTY TAX APPRAISAL Bra Brandy Mann Manning Long-Weaver &amp; Manning, LLP 222 S. Main St. Big Spring, TX 79720 Phone: 432.219.4383 1 2 2 1 5/17/2020 So Whats Your Problem?

525 views • 15 slides
Aspects of Higgs portal DM models: light scalar singlet and intense -ray from hidden vector

Aspects of Higgs portal DM models: light scalar singlet and intense -ray from hidden vector

Aspects of Higgs portal DM models: light scalar singlet and intense -ray from hidden vector Thomas Hambye Univ. of Brussels (ULB), Belgium Firenze, 19/05/2010 Higgs portal interaction the DM particle L H H where

663 views • 40 slides

More recommend