a formally verified interpreter for a shell like
play

A Formally Verified Interpreter for a Shell-like Programming - PowerPoint PPT Presentation

Oct 01, 2022 •312 likes •1.27k views

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas Jeannerod Ralf Treinen VSTTE, July 22, 2017 Nicolas Jeannerod VSTTE17 July 22, 2017 1 / 36 General goal The CoLiS project. Correctness

  1. A Formally Verified Interpreter for a Shell-like Programming Language Claude March´ e Nicolas Jeannerod Ralf Treinen VSTTE, July 22, 2017 Nicolas Jeannerod VSTTE’17 July 22, 2017 1 / 36

  2. General goal The CoLiS project. “Correctness of Linux Scripts” Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true; then cmd=’echo foo ’; fi" ( cmd="$cmd bar" ) exit 1 | $cmd "$cmd" Nicolas Jeannerod VSTTE’17 July 22, 2017 2 / 36

  3. General goal The CoLiS project. “Correctness of Linux Scripts” Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true; then cmd=’echo foo ’; fi" ( cmd="$cmd bar" ) exit 1 | $cmd "$cmd" Nicolas Jeannerod VSTTE’17 July 22, 2017 2 / 36

  4. General goal The CoLiS project. “Correctness of Linux Scripts” Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true; then cmd=’echo foo ’; fi" ( cmd="$cmd bar" ) exit 1 | $cmd "$cmd" Nicolas Jeannerod VSTTE’17 July 22, 2017 2 / 36

  5. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  6. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  7. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  8. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  9. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  10. Big picture Nicolas Jeannerod VSTTE’17 July 22, 2017 3 / 36

  11. Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE’17 July 22, 2017 4 / 36

  12. Language CoLiS Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE’17 July 22, 2017 5 / 36

  13. Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE’17 July 22, 2017 6 / 36

  14. Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE’17 July 22, 2017 6 / 36

  15. Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE’17 July 22, 2017 6 / 36

  16. Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE’17 July 22, 2017 6 / 36

  17. Language CoLiS A glimpse of the language var fruits : list var fruit : string var line : string begin fruits="banana apple .." fruits ::= [ ’banana ’ ; ’apple ’ ; .. ] { pipe for fruit in $fruits for fruit in [fruits] do do echo "$fruit" call [ ’echo ’ ; {fruit} ] ; done done } | { into while read line while call [ ’read ’ ; ’line ’ ] do do echo "- $line" call [ ’echo ’ ; {’- ’ , line} ] ; done end } end Nicolas Jeannerod VSTTE’17 July 22, 2017 7 / 36

  18. Language CoLiS A glimpse of the language var fruits : list var fruit : string var line : string begin fruits="banana apple .." fruits ::= [ ’banana ’ ; ’apple ’ ; .. ] { pipe for fruit in $fruits for fruit in [fruits] do do echo "$fruit" call [ ’echo ’ ; {fruit} ] ; done done } | { into while read line while call [ ’read ’ ; ’line ’ ] do do echo "- $line" call [ ’echo ’ ; {’- ’ , line} ] ; done end } end Nicolas Jeannerod VSTTE’17 July 22, 2017 7 / 36

  19. Language CoLiS How behaviours are handled n n e l r r e t t a s u u e e u e i e i t l s x x s t u t u r a a l E E l T e e F F r a r a R T R T F F Normal Pipe Normal Exception Sequence Test Success Failure Exception Function call Success Failure Success Failure Exception Subprocess Success Failure Success Failure Success Failure Nicolas Jeannerod VSTTE’17 July 22, 2017 8 / 36

  20. Language CoLiS Interactions between Do-While and Fatal DoWhile-Test-Fatal t 1 / Γ ⇓ σ 1 ⋆ True / Γ 1 t 2 / Γ 1 ⇓ σ 2 ⋆ Fatal / Γ 2 do t 1 while t 2 / Γ ⇓ σ 1 σ 2 ⋆ True / Γ 2 DoWhile-Body-Fatal t 1 / Γ ⇓ σ 1 ⋆ Fatal / Γ 1 do t 1 while t 2 / Γ ⇓ σ 1 ⋆ Fatal / Γ 1 Nicolas Jeannerod VSTTE’17 July 22, 2017 9 / 36

  21. Language CoLiS Interactions between Do-While and Fatal DoWhile-Test-Fatal t 1 / Γ ⇓ σ 1 ⋆ True / Γ 1 t 2 / Γ 1 ⇓ σ 2 ⋆ Fatal / Γ 2 do t 1 while t 2 / Γ ⇓ σ 1 σ 2 ⋆ True / Γ 2 DoWhile-Body-Fatal t 1 / Γ ⇓ σ 1 ⋆ Fatal / Γ 1 do t 1 while t 2 / Γ ⇓ σ 1 ⋆ Fatal / Γ 1 Nicolas Jeannerod VSTTE’17 July 22, 2017 9 / 36

  22. Language Mechanised version Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE’17 July 22, 2017 10 / 36

  23. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  24. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  25. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  26. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  27. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  28. Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE’17 July 22, 2017 11 / 36

  29. Language Mechanised version Syntax type term = | TTrue with sexpr = list sfrag | TFalse | TFatal with sfrag = | TReturn term | SLiteral string | TExit term | SVar svar | TAsString svar sexpr | SArg int | TAsList lvar lexpr | SProcess term | TSeq term term | TIf term term term with lexpr = list lfrag | TFor svar lexpr term | TDoWhile term term with lfrag = | TProcess term | LSingleton sexpr | TCall lexpr | LSplit sexpr | TShift | LVar lvar | TPipe term term Nicolas Jeannerod VSTTE’17 July 22, 2017 12 / 36

Recommend

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas

A Formally Verified Interpreter for a Shell-like Programming Language Claude March e Nicolas Jeannerod Ralf Treinen Vals seminar, July 7, 2017 Nicolas Jeannerod VALS Seminar July 7, 2017 1 / 61 The CoLiS project Correctness of Linux

1.59k views • 140 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter

C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter

C Shell CIS 218 C Shell overview Csh (new version tchs) is a command language interpreter developed under BSD UNIX. It incorporates features of other shells and a history mechanism. Tcsh development is currently maintained by tcsh.org.

737 views • 25 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands 2 School of Computer Science Open University The Netherlands

778 views • 62 slides
Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The

Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The

Fall 2009 Lecture 9 Operating Systems: Configuration & Use CIS345 T HE B OURNE A GAIN S HELL Mo Most staf afa a Z. Ali Z. Ali mzali@just.edu.jo 1-1 The Bourne Again Shell The Bourne Again Shell is a command interpreter and high-

1.59k views • 134 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model Patrick Lincoln and John Rushby Computer Science Laboratory SRI International Menlo Park CA USA FTCS 93 1 Summary What we have

494 views • 25 slides
Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line

Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line

Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line arguments For loops Conditionals Shell customization Environment variables Aliases Shells A Unix shell is a command-line interpreter

475 views • 18 slides
Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime Dns Nick Giannarakis Ctlin Hricu Benjamin C. Pierce Antal Spector-Zabusky Andrew Tolmach May 20, 2015 1 How can we design secure

900 views • 79 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
The devil shell (dsh) COMPSCI210 Recitation 4th Feb 2013 Vamsi Thummala Shell Interactive

The devil shell (dsh) COMPSCI210 Recitation 4th Feb 2013 Vamsi Thummala Shell Interactive

The devil shell (dsh) COMPSCI210 Recitation 4th Feb 2013 Vamsi Thummala Shell Interactive command interpreter A high level language (scripting) Interface to the OS Provides support for key OS ideas Isolation Concurrency

522 views • 22 slides
Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi

Towards a formally verified obfuscating compiler Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 1.9/2.15, 2015-07-16 1 Background: verifying a compiler Compiler + proof that the compiler does not introduce bugs

553 views • 24 slides
Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels,

Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels,

Securing Existing Software using Formally Verified Libraries Tobias Reiher FOSDEM, Brussels, 2020-02-01 Software Security Security Vulnerabilities CVE-1999-0015 5.0 MEDIUM HP-UX, CVE-2017-14315 7.5 HIGH iOS Windows,

538 views • 22 slides

More recommend