to interaction trees
play

to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia - PowerPoint PPT Presentation

May 28, 2023 •380 likes •578 views

Specifying, Testing and Verifying a Networked Server From C to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia Lennart Beringer, Wolf Honor, William Mansky Benjamin C. Pierce, Steve Zdancewic January 14, 2019 (CPP) 1

  1. Specifying, Testing and Verifying a Networked Server From C to Interaction Trees Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia Lennart Beringer, Wolf Honoré, William Mansky Benjamin C. Pierce, Steve Zdancewic January 14, 2019 (CPP) 1

  2. Verification from RFCs to transistors Application One theorem to verify… OS … and test! More projects at deepspec.org… Hardware 01011... 2

  3. Towards a verified web server HTTP Server OS Hardware 01011... 3

  4. Towards a verified web server Swap Server Today: a simplified server OS Hardware 01011... 4

  5. Main contributions • Verifying a networked C program using VST, which can run in CertiKOS • Specification describes what a client can observe over the network • Testable specification, using QuickChick 5

  6. Swap server specification Cat Bat Client 1 Bat Cat Dog Dog Elk Server Client 2 Cat Elk Client 3 Dog 6

  7. Swap server: in the real world Cat • Messages on different connections can be Dog reordered • Messages can be Clients Bat Server / delayed indefinitely Elk Tester Dog 7

  8. Network refinement Observable behavior Specification by clients Network semantics ∪ I network-refi fines Observable behavior Implementation by clients Network semantics Adaptation of Observational refinement/Linearizability 8

  9. *: concepts defined in the paper Overview: proof architecture Specification* Written in Coq Written in C Server implementation Socket API CertiKOS 9

  10. *: concepts defined in the paper Overview: proof architecture Linear Specification* VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 10

  11. Interaction trees *: concepts defined in the paper A unifying specification language Different spec. styles Different abstraction levels Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 11

  12. Interaction trees: example (aka. Free monads) One branch for each possible result ReadBit 0 1 WriteBit 0 ReadBit Shorthand notation for two or more branches tt b2 : bit Ret 1 Ret b2 Type of effects ioE : Inductive ioE : Type -> Type := | ReadBit : ioE bit Result type | WriteBit : bit -> ioE unit . 12

  13. Interaction trees: definition (aka. Free monads) Type of effects (e.g., ioE ) Type of results CoInductive itree ( E : Type -> Type) (R : Type) : Type := | Vis : ∀ Y, E Y -> (Y -> itree E R) -> itree E R | Ret : R -> itree E R | Tau : itree E R -> itree E R . Effect Continuation 13

  14. Interaction trees *: concepts defined in the paper A unifying specification language Different spec. styles Different abstraction levels Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 14

  15. The Swap server “linear specification” CoFixpoint loop (open_conns : list conns) (last_msg : bytes) : itree serverE unit := c <- choose open_conns ;; new_msg <- recv_msg c ;; send_msg c last_msg ;; loop open_conns new_msg. Simplified version (see paper) 15

  16. Interaction trees *: concepts defined in the paper Overview: proof architecture Linear Specification* testing VST-level network-refines* Socket spec.* validates* Implementation model* CertiKOS-level Socket spec.* refines* network-refines* assumed by Written in Coq implements Written in C Server implementation Socket API CertiKOS 16

  17. Refinement: from C to ITrees Hoare triple: { pre1 * … * preN } C_program { post1 * … * postN } Separating conjunction Interactions allowed by Assertions on C memory the environment { ITree(impl_model ) * … } C_program { … } Example of a networked C program with its implementation model: { ITree(msg <- Recv c ;; Send c msg ;; Implementation model (itree) t) * … } recv(c, buf, len); . C implementation send(c, buf, len); . { ITree (t) * … } Simplified triples (see paper) 17

  18. The Swap server correctness theorem { ITree(impl_model) } C_prog { … } Theorem correct_server : exists impl_model, refines C_prog impl_model /\ network_refines impl_model linear_spec. ∪ I 19

  19. Complete Summary and next steps connection • Verifying a networked C program using VST, which can run in CertiKOS • The specification describes a client can observe over the network • The specification is testable, using QuickChick and Interaction trees Scale up: Improve proof Swap server -> and testing HTTP Server techniques Add more interfaces: filesystem, encryption… New library https://github.com/DeepSpec/InteractionTrees 20

Recommend

( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees

( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees

B- B -Trees Trees B B- -Trees Trees Search for key R ( ( ) ) ( ) ( ) = = Work = h log t n B- B -Trees Trees B B- -Trees Trees Each Disk-Read or Disk-Write = one Basic unit of work O(1) Typical Node x

287 views • 4 slides
Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire

Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire

Edifices: B ohm Trees for the Symmetric Interaction Combinators Damiano Mazza Laboratoire dInformatique de Paris Nord Universit e Paris 13 Journ ees LAC, GDR Informatique Math ematique Chamb ery, February 9, 2007

307 views • 16 slides
Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010,

Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010,

Treatment Interaction Trees (TINT) Elise Dusseldorp &amp; Iven van Mechelen Compstat 2010, Aug 26 CNAM, Paris Aim Insight: For which problems can we use TINT? Knowledge: How does TINT work? Inspiration: New ways to evaluate

1.26k views • 15 slides
/ + - * * 5 3 2 6 5 2 Examples Binary Trees BSTs Augmenting BinExpr General Trees

/ + - * * 5 3 2 6 5 2 Examples Binary Trees BSTs Augmenting BinExpr General Trees

Trees Readings: HtDP , sections 14, 15, 16. Topics: Introductory examples and terminology Binary trees Binary search trees Augmenting trees Binary expression trees General arithmetic expression trees Nested lists Examples Binary Trees

1.19k views • 31 slides
Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees,

Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees,

Trees Eric McCreath Overview In this lecture we will explore: general trees, binary trees, binary search trees, and AVL and B-Trees. 2 Trees Trees are recursive data structures. They are useful for: representing items that have a tree

622 views • 27 slides
2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes

2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes

CS 16: Balanced Trees 2-3-4 Trees and Red- Black Trees 204 erm CS 16: Balanced Trees 2-3-4 Trees Revealed Nodes store 1, 2, or 3 keys and have 2, 3, or 4 children, respectively All leaves have the same depth k n r b e h n r b e

800 views • 31 slides
Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees)

Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees)

Algorithms and Data Structures Balanced Trees (AVL-Trees, (a,b)-Trees, Red-Black-Trees) Albert-Ludwigs-Universitt Freiburg Prof. Dr. Rolf Backofen Bioinformatics Group / Department of Computer Science Algorithms and Data Structures, January

884 views • 55 slides
the interaction physical characteristics of interaction interaction styles the

the interaction physical characteristics of interaction interaction styles the

The Interaction interaction models chapter 3 translations between user and system ergonomics the interaction physical characteristics of interaction interaction styles the nature of user/ system dialog context

506 views • 12 slides
the interaction The Interaction interaction models translations between user and system

the interaction The Interaction interaction models translations between user and system

chapter 3 the interaction The Interaction interaction models translations between user and system ergonomics physical characteristics of interaction interaction styles the nature of user/ system dialog context

733 views • 24 slides
AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees

AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees

AVL TREES Height Balance : AVL Trees h 1 h 2 | h - h | 1 AVL AVL 2 1 non-AVL trees AVL trees S. Prasitjutrakul 1994 AVL Trees : I nsertion m m k k k u u k k m m v t u m m t t u k m u k u p v t k p v v

320 views • 16 slides
Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees

Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees

Trees I think that I shall never see Trees I A poem lovely as a tree -- J. Kilmer Trees Anatomy of a Tree a In CS, we look at trees Node from the bottom up Basic element of the tree b c Contains a piece of

321 views • 5 slides
Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck

Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck

Trees Russell Impagliazzo and Miles Jones Thanks to Janine Tiefenbruck http://cseweb.ucsd.edu/classes/sp16/cse21-bd/ April 29, 2016 Another Special Type of Graph: Trees Trees 1. Definitions of trees 2. Properties of trees 3. Revisiting uses of

837 views • 37 slides
Trees a tree represents a hierarchy - organization structure of a corporation Electronics

Trees a tree represents a hierarchy - organization structure of a corporation Electronics

T REES trees binary trees traversals of trees template method pattern data structures for trees Trees 1 Trees a tree represents a hierarchy - organization structure of a corporation Electronics RUs R&amp;D

434 views • 18 slides
Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees

Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees

Trees Applied Multivariate Statistics Spring 2012 Overview Intuition for Trees Regression Trees Classification Trees 1 Idea of Trees: Regression Trees Continuous response Binary Tree y Y=1.2 X 1 X&gt;1 Y=1.4 Y=0.7 2 X

767 views • 17 slides
Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition

Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition

1 CSCI 104 B-Trees (2-3, 2-3-4) and Red/Black Trees Mark Redekopp David Kempe 2 An example of B-Trees 2-3 TREES 3 Definition 2-3 Tree is a tree where a 2 Node 4 Non-leaf nodes have 1 value &amp; 2 children or 2 values and 3

998 views • 75 slides
Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections

Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections

Splay Trees and B-Trees CSE 373 Data Structures Lecture 9 Readings Reading Sections 4.5-4.7 4/14/03 Splay Trees and B-Trees - 2 Lecture 9 Self adjusting Trees Ordinary binary search trees have no balance conditions what

371 views • 33 slides
A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many

A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many

A Datatype for Binary Trees Functions on Trees Amtoft from Hatcliff Binary Trees One of many possible definitions (no interior values) Examples General Trees datatype b i t r e e = Leaf i n t of | Node of b i t r e e b i t r e e

536 views • 8 slides
Visualizing Networks and Trees Arrange Networks and Trees

Visualizing Networks and Trees Arrange Networks and Trees

Visualizing Networks and Trees Arrange Networks and Trees Node-Link Diagrams for Trees The most common visual representa&gt;on Nodes: point marks;

519 views • 15 slides
The number of spanning trees of random 2 -trees Stephan Wagner (joint work with Elmar Teufl)

The number of spanning trees of random 2 -trees Stephan Wagner (joint work with Elmar Teufl)

The number of spanning trees of random 2 -trees Stephan Wagner (joint work with Elmar Teufl) Stellenbosch University AofA15 Strobl, 8 June, 2015 2 -trees 2 -trees are constructed recursively: Spanning trees of 2 -trees S. Wagner,

822 views • 61 slides
The project INTERACTION Driver INTERACTION with in-vehicle technologies EU 7 th framework

The project INTERACTION Driver INTERACTION with in-vehicle technologies EU 7 th framework

Interaction with IVT-systems Results from driving behaviour observations from the EU-project INTERACTION The project INTERACTION Driver INTERACTION with in-vehicle technologies EU 7 th framework programme 2008 to 2012 Partners

272 views • 15 slides
Trees Chapter 11 Chapter Summary Introduction to Trees Applications of Trees Tree

Trees Chapter 11 Chapter Summary Introduction to Trees Applications of Trees Tree

Trees Chapter 11 Chapter Summary Introduction to Trees Applications of Trees Tree Traversal Spanning Trees Minimum Spanning Trees Introduction to Trees Section 11.1 Section Summary Introduction to Trees Rooted Trees

639 views • 42 slides
Trees &amp; Binary Search Trees Department of Computer Science University of Maryland, College

Trees &amp; Binary Search Trees Department of Computer Science University of Maryland, College

CMSC 132: Object-Oriented Programming II Trees &amp; Binary Search Trees Department of Computer Science University of Maryland, College Park Trees Trees are hierarchical data structures One-to-many relationship between elements

737 views • 29 slides
CS 220: Discrete Structures and their Applications Trees Chapter 11 in zybooks trees A tree is

CS 220: Discrete Structures and their Applications Trees Chapter 11 in zybooks trees A tree is

CS 220: Discrete Structures and their Applications Trees Chapter 11 in zybooks trees A tree is an undirected graph that is connected and has no cycles. rooted trees Rooted trees. Given a tree T, choose a root node r and orient each edge

814 views • 52 slides
AVL Trees AVL Trees K08

AVL Trees AVL Trees K08

AVL Trees AVL Trees K08 / 1 Balanced trees Balanced trees O ( h ) We saw that most of the algorithms in BSTs

1.2k views • 50 slides

More recommend