behavioural type based static verification framework for
play

Behavioural Type-Based Static Verification Framework for Go Julien - PowerPoint PPT Presentation

Nov 04, 2022 •146 likes •375 views

Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien

  1. Behavioural Type-Based Static Verification Framework for Go Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  2. The Go Programming Language Developed by Google for multicore programming Statically typed, natively compiled, concurrent PL Supports channel-based message passing for concurrency In use by major technology companies etc.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  3. Concurrency in Go Basic primitives and philosophy Do not communicate by sharing memory; Instead, share memory by communicating — Go language proverb Message-passing concurrency primitives Buffered I/O communication over channels Lightweight thread spawning (goroutines) Non-deterministic selection construct Inspired by Hoare’s CSP/process calculi Encourages message-passing over locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  4. Concurrency in Go Concurrency primitives func main() { ch := make(chan int) // Create channel. go send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { // Channel as parameter. ch <- 1 // Send to channel. } Send/receive blocks goroutines if channel full/empty resp. Channel buffer size specified at creation: make(chan int, 1) Other primitives: Close a channel close(ch) Guarded choice select { case <-ch:; case <-ch2: } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  5. Run program: $ go run main.go fatal error: all goroutines are asleep - deadlock! Concurrency in Go Deadlock detection func main() { ch := make(chan int) // Create channel. send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { ch <- 1 } Missing ’go’ keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  6. Concurrency in Go Deadlock detection func main() { ch := make(chan int) // Create channel. send(ch) // Spawn as goroutine. print(<-ch) // Recv from channel. } func send(ch chan int) { ch <- 1 } Run program: $ go run main.go fatal error: all goroutines are asleep - deadlock! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  7. Deadlock NOT detected Concurrency in Go Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it import _ ”net” // Load ”net” package func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  8. Concurrency in Go Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it import _ ”net” // Load ”net” package Add benign import func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 } Deadlock NOT detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  9. Verification framework for Go Overview (2) Model (3) Termina- Address type and Check safety and process gap liveness checking tion checking Pass to termination Create input model Transform and verify prover and formula Behavioural types (1) Type inference SSA IR Go source code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  10. Behavioural Types Types for process calculi, e.g. CCS, π -calculus (Milner 1980, 1992) CSP (Hoare 1978) Model concurrent systems behaviours e.g. Process (thread) creations e.g. (a)sync. send/recv message passing Guarantees free of deadlocks etc. Typically powerful but complex This work instead aims to make behavioural type accessible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  11. Type Abstraction Program/Process Types Analyse Types Analyse “directly” + relate Process ↔ Types e.g. send( x: int ) Data abstracted away Evaluate expressions e.g. send int / bool Accurate but Expensive Check Data needed in some cases ! x == 1 Check x == 2 Process/types mismatch Check x == … 3 classes of processes → State Explosion → (POPL’17) More concrete More abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  12. Type Abstraction Program/Process Types Analyse Types Analyse “directly” + termination check e.g. send( x: int ) Data abstracted away Evaluate expressions e.g. send int / bool Accurate but Expensive Check Data needed in some cases ! x == 1 Check x == 2 Process/types mismatch Check x == … 3 classes of processes → State Explosion → (POPL’17) More concrete More abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  13. Abstracting Go with Behavioural Types Type syntax u | u | τ := α T , S α ; T | T ⊕ S | � { α i ; T i } i ∈ I | ( T | S ) | 0 := ( new a ) T | close u ; T | t ⟨ ˜ u ⟩ | y i ) = T i } i ∈ I in S T { t (˜ := Types of a CCS-like process calculi Abstracts Go concurrency primitives Send/Recv, new (channel), parallel composition (spawn) Go-specific: Close channel, Select (guarded choice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  14. Verification framework for Go (1) Type inference by example func main() { ch := make(chan int) // Create channel go sendFn(ch) // Run as goroutine x := recvVal(ch) // Function call for i := 0; i < x; i++ { print(i) } close(ch) // Close channel } func sendFn(c chan int) { c <- 3 } // Send to channel c func recvVal(c chan int) int { return <-c } // Receive from c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

  15. Verification framework for Go (1) Program in Static Single Assignment (SSA) form package main func main.main() func main.sendFn(c) entry entry 0 0 t0 = make chan int 0:int send c <- 42:int go sendFn(t0) return t1 = recvVal(t0) return jump 3 func main.recvVal(c) 3 entry 0 t5 = phi [0: 0:int, 1: t3] #i t0 = <-c t6 = t5 < t1 return t0 i f t6 goto 1 else 2 return for.loop for.done 1 Block of instructions 2 t2 = print(t5) Function boundary t4 = close(t0) t3 = t5 + 1:int Package boundary return jump 3 return Context-sensitive analysis to distinguish channel variables Skip over non-communication code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julien Lange, Nicholas Ng , Bernardo Toninho, Nobuko Yoshida mrg.doc.ic.ac.uk Behavioural Type-Based Static Verification Framework for Go

Recommend

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 ,

A Static Verification Framework for Message Passing in Go using Behavioural Types Julien Lange 1 , Nicholas Ng 2 , Bernardo Toninho 3 , Nobuko Yoshida 2 1 University of Kent 2 Imperial College London 3 Universidade Nova de Lisboa 1 /26 Julien

506 views • 47 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy Inria Paris-Rocquencourt TYPES meeting, 2014-05-14 X. Leroy (Inria) Verified static analyzer 2014-05-14 1 / 57 In memoriam Radhia Cousot, 2014

647 views • 63 slides
Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of Computer Science CAV 2017 ETH Zurich July 22-28, Heidelberg Writing a Static Analyzer Framework for Java Static Type Checker Static Type

805 views • 46 slides
Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation Jacques-Henri Jourdan, Vincent Laporte Sandrine Blazy, Xavier Leroy , David Pichardie Inria / U. Rennes 1 / ENS Rennes Workshop on Realistic Program

885 views • 63 slides
COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static

COSC345 Week 17 Static verification 4 August 2015 Richard A. O Keefe 1 Aim of static verification Find defects early Work on incomplete components Work on non-executable items N.B. Testing and debugging cannot start until executable

498 views • 21 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston University md@bu.edu 9 May 2013 What do we want? Correctness Flexibility Responsiveness Practicality Predictability What do we want?

370 views • 26 slides
Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are

Quiz: Types A. What is the static type of: int f(int x, float y) { return x y; } B. What are the values of the static type? C. What are the operations of this type? Oberon Types Rules (Phase I Checks) Numeric types The INTEGER and REAL types

468 views • 12 slides
Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA Rocquencourt &amp; Trusted Logic 1 Outline 1. What makes strongly typed programs more secure? 2. Enforcing strong typing (bytecode verification). 3.

828 views • 45 slides
Static program checking and verification Correctness class ArraySet implements Set { class

Static program checking and verification Correctness class ArraySet implements Set { class

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

445 views • 18 slides
A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for

A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for

A rule-based Control and Verification framework in ATLAS Trigger-DAQ 2006 Conference for Computing in High Energy and Nuclear Physics 13-17 Feb. 2006 Mumbai, India Presented by Andrei Kazarov CERN-ATD/PNPI Petersburg Presentation contents

892 views • 24 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 third-party ad third-party ad 4 Who is running code in your browser? 5 Who is running

1.26k views • 95 slides
An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning

An Open-Source Python-Based Hardware Generation, Simulation, and Verification Framework Shunning Jiang, Christopher Torng, Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University 1

465 views • 19 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
framework to operationalise behavioural determinants for planning, implementation and results

framework to operationalise behavioural determinants for planning, implementation and results

Using FOAM to scale up HWWS - a framework to operationalise behavioural determinants for planning, implementation and results Yolande Coombes Why Handwashing ? 70 Diarrhea is one of the major Reduction in diarrhea morbidity (%) Previous

190 views • 15 slides
Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90: Software Security Symbolic Execution Ahmed Rezine Hoare Triples and Deductive Reasoning IDA, Linkpings Universitet Hsttermin 2014 Static

373 views • 6 slides
A Closed-loop Model-based Design Approach Based On Automatic Verification and Transformation

A Closed-loop Model-based Design Approach Based On Automatic Verification and Transformation

A Closed-loop Model-based Design Approach Based On Automatic Verification and Transformation Kun Zhang Jonathan Sprinkle Eclipse: fix a fat-finger or type change automatically Electrical and Computer Engineering 2 Eclipse: make warnings go

380 views • 18 slides
Improving Data Management Practices of Researchers by Using a Behavioural Framework Malcolm

Improving Data Management Practices of Researchers by Using a Behavioural Framework Malcolm

Improving Data Management Practices of Researchers by Using a Behavioural Framework Malcolm Wolski and Joanna Richardson http://visual.ly/big-data THETA: The Higher Education Technology Agenda. Gold Coast, Australia: 11-13 May 2015 2

507 views • 25 slides
Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe

Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe

Rigorous Timing, Static occam , and Classic CSP: Formal Verification for IoT A Fringe Presentation for CPA2017 by Lawrence J. Dickson Space Sciences Corporation Lemitar, NM, USA Jeremy M. R. Martin Lloyds London, UK Ground Truth

359 views • 20 slides

More recommend