Robust Programs with Filtered Iterators
|
|
- Ellen Riley
- 5 years ago
- Views:
Transcription
1 Robust Programs with Filtered Iterators Jiasi Shen, Martin Rinard MIT EECS & CSAIL 1
2 Standard Scenario Input file Program Output 2
3 Structured Input Units Input Input unit Input unit Input unit unit Program Output 3
4 Request Request Request Request Server 4
5 Video Video Videoframe Videoframe frame frame Video player 5
6 Data analytics 6
7 Unanticipated Corner Cases Input Input unit Input unit Input unit unit Program Output 7
8 Unanticipated Corner Cases Input Input unit Input unit Input unit unit Program Output 8
9 Unanticipated Corner Cases Input Input unit Input unit Input unit unit Program 9
10 Easy to avoid? 10
11 User Study 11
12 Small Programming Task Original image Thumbnail 12
13 Small Programming Task Example input Img Img Img Img Example output Img1 2 Img Img3 Img4 3 13
14 Small Programming Task Original image Img Image Name Scaling factor Height Width Pixels 14
15 Small Programming Task Original image Img Image Name Scaling factor Height Width Pixels
16 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 16
17 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 17
18 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 3 _ ( ) / 4 = 3 18
19 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 3 5 ( ) / 4 = 5 19
20 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels _ ( ) / 4 = 4 20
21 Small Programming Task Original image Thumbnail Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels ( ) / 4 = 3 21
22 Your program should be able to handle arbitrary inputs by skipping malformed images. 22
23 Defects by MIT Participants Defect Participant 1 Participant 2 Participant 3 Participant 4 Participant 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X MP X X X MS X X WP X X WS X X WM X X X X WA X X Total
24 Defect AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X MP X X X MS X X WP X X WS X X WM X X X X WA X X Total s = 0;... while ( c!= '\n' ){... s = s * 10 + c-'0';... c = read(f); } redh = h/s; Illegal input, unanticipated 24
25 Defect AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X MP X X X MS X X WP X X WS X X WM X X X X WA X X Total imgsize = h * w; img = malloc(imgsize);... nh = h / s; nw = w / s; while(i<nh) {... while(j<nw) {... res = res + img[(i*s+ni)* w + (j*s+nj)];... Legal input, extreme cases 25
26 Defect AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X MP X X X MS X X WP X X WS X X WM X X X X WA X X Total fn = malloc(11);... while (i < 11) { c = read(f);... if (c == ' ') { break; }... fn[i] = c; i = i+1; } fn[i] = 0; Legal input, developer mistake 26
27 Input Units and Defects All possible input units Legal input units Illegal input units Extreme cases Developer mistakes Program doesn t crash on these input units Unanticipated 27
28 Bad Input Units Cause Crashes All possible input units Legal input units Illegal input units Program crashes on these bad input units 28
29 Unanticipated Corner Cases Input Input unit Input unit Input unit unit Program 29
30 Fix: Discard and Continue Execution Discard Input Input unit Input unit Input unit unit New program Output 30
31 Fix: Discard and Continue Execution Discard Input Input unit Input unit Input unit unit Continue execution New program Output 31
32 Fix: Discard and Continue Execution As if the bad input unit never existed Input unit Input unit Input unit Continue execution New program Output 32
33 Behavior Appears Repeatedly Applications and input units Wireshark (packets) GIMP (images) Claws Mail (message options) Chromium (CSS attributes) Fixed bugs by conceptually discarding the bad input units and continuing execution Other potential applications Embedded systems (events) Network routers (packets) Other input formats with input units (chunks, files, objects, ) Servers (requests) Data analytics (rows) Video players (frames) Document editors (lines, data sheets) F. Long et al, Automatic Runtime Error Repair and Containment via Recovery Shepherding, PLDI 14 33
34 Goal: Automatically Discard Bad Input Units Discard Input Input unit Input unit Input unit unit Continue execution Program Output 34
35 Goal: Automatically Discard Bad Input Units Program doesn t crash on any input unit Illegal input units Legal input units Automatically skip these input units Process these input units 35
36 Provide the Abstraction as a Language Construct 36
37 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 37
38 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 38
39 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 39
40 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 40
41 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 41
42 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { abort transaction } else{ commit transaction release outputs }}} 42
43 Schema of Filtered Iterators split input into input units iterate over input units { atomic transaction { delay outputs until commit process input unit if unhandled exception or assertion failure { }}} abort transaction } else{ commit transaction release outputs Continue execution as if bad input units never existed 43
44 Input Input unit Input unit Input unit unit split input into input units process input unit Output 44
45 Filter Out Bad Input Units Based on Execution Errors Discard Input Input unit Input unit Input unit unit split input into input units Continue execution process input unit Output 45
46 All possible input units Legal input units Illegal input units Program doesn t crash on these input units 46
47 Achieved: Automatically Recover from Bad Input Units Program doesn t crash on any input unit Illegal input units Legal input units Automatically skip these bad input units process input unit 47
48 Achieved: Automatically Recover from Bad Input Units Discard Input Input unit Input unit Input unit unit split input into input units Continue execution process input unit Output 48
49 Achieved: Automatically Recover from Bad Input Units As if the bad input unit never existed Input unit Input unit Input unit split input into input units Continue execution process input unit Output 49
50 All possible input units Legal input units Illegal input units Program doesn t crash on these input units 50
51 Not A Goal: Discard All Illegal Input Units All possible input units Legal input units Illegal input units Not a goal to discard all illegal input units Program doesn t crash on these input units 51
52 Not A Goal: Produce Correct Outputs for All Processed Input Units All possible input units Legal input units Illegal input units Program doesn t crash on these input units Not a goal to be logically correct 52
53 RIFL (Robust Input Filtering Language) Research Vehicle 53
54 Syntax for Text Files inspectt (e, f, du) { } process input unit e loop condition f input file handle du end-of-unit delimiter 54
55 CSV Example A,B,C 1,2,3 inspectt (!end(f), f, \n ) {... inspectt (..., f,, ) {... }} A,B,C 1,2,3 A B C 55
56 Syntax for Binary Files inspectb (e, f, o, w) { } process input unit e loop condition f input file handle o offset of length field w width of length field 56
57 PCAP Example Packet n 12 bytes 4 bytes n bytes Packet inspectb (true, f, 12, 4) { }... 57
58 Consequences of Filtered Iterators 58
59 User Study Participants: Computer science graduate students and post-docs at MIT RIFL group Control group: RIFL excluding filtered iterators Thumbnail generator task Time: Unlimited (took minutes) 59
60 Images are Input Units Example input Img Img Img Img Example output Img1 2 Img Img3 Img4 3 Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 60
61 Benign Input Units Example input Img Img CharS b CharPix a4 BufOvfVeryLongName Div0S Div0H HeapOvf BufOvfInt Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 61
62 Illegal Input Units Example input Img Img CharS b CharPix a4 BufOvfVeryLongName Div0S Div0H HeapOvf BufOvfInt Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 62
63 Tricky Input Units Example input Img Img CharS b CharPix a4 BufOvfVeryLongName Div0S Div0H HeapOvf BufOvfInt Img Img Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 63
64 Handle arbitrary inputs by skipping malformed images Example input Img Img CharS b CharPix a4 BufOvfVeryLongName Div0S Div0H HeapOvf BufOvfInt Img Img Example output Img1 2 Img Img3 Img4 3 Image Name Scaling factor Height Width Pixels Thumbnail Name Pixels 64
65 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
66 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
67 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
68 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
69 Possible Fatal Defects Defect AWL AWO ARL ARO DS DD NA IL Description Out-of-bounds array write when reading input, triggered by input fields that are longer than an input buffer. Out-of-bounds array write when reading input, triggered by an integer overflow that causes overly small memory allocation. Out-of-bounds array read during computation, triggered by image dimensions that are too large for an input buffer. Out-of-bounds array read during computation, triggered by an integer overflow that causes overly small memory allocation. Division by zero during computation, triggered by a zero scaling factor. Division by zero when checking integer over ow, triggered by a zero dimension. Null array access when reading input, triggered by failed memory allocation. Infinite loop when reading illegal input units. 69
70 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
71 Possible Other Defects Defect MP MS WP WS WM WA Description Memory leak even when processing common legal input units. Memory leak when skipping input units. Wrong behavior from producing partial outputs for illegal input units. Wrong behavior from desynchronization for at least one input unit after illegal input units. Wrong behavior from misusing illegal input units and producing outputs for these illegal input units as if they are legal. Wrong behavior from aborting on illegal input units. 71
72 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
73 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
74 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
75 Data Corruption or Input Desynchronization Defect Control 1 Control 2 Control 3 Control 4 Control 5 Input CharTrail b Img AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X Output CharTrail 2 IL X Fatal MP X X X MS X X Img5 2 WP X X WS X X WM X X X X WA X X Other Total
76 Undesirable Partial Output Defect Control 1 Control 2 Control 3 Control 4 Control 5 Input Short Img AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Output Short2EEEEE 2 2 Fatal MP X X X MS X X WP X X WS X X WM X X X X WA X X Other Total
77 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
78 Fewer Defects with Filtered Iterators Defect RIFL 1 RIFL 2 RIFL 3 RIFL 4 RIFL 5 Control 1 Control 2 Control 3 Control 4 Control 5 AWL X X X AWO ARL X ARO X X X X DS X X X X DD NA X X X X X IL X Fatal MP X X X X X MS X X X WP X X WS X X WM X X X X X X X WA X X Other Total
79 Fatal and Non-Fatal Defects in Control Group All possible input units Legal input units Illegal input units Program doesn t crash on these input units 79
80 Non-Fatal Defects in RIFL Group Program doesn t crash on any input unit Illegal input units Legal input units Automatically skip these bad input units process input unit 80
81 RIFL group (filtered iterators) Control group More Correct Behavior with Filtered Iterators 81
82 Simpler Code with Filtered Iterators 50 Cyclomatic Complexity RIFL group Control group 82
83 Simpler Code with Filtered Iterators 50 Cyclomatic Complexity RIFL group Control group 83
84 Simpler Code with Filtered Iterators 50 Cyclomatic Complexity RIFL group Control group 84
85 Simpler Code with Filtered Iterators 50 Cyclomatic Complexity RIFL group Control group 85
86 Simpler Code with Filtered Iterators Cyclomatic Complexity Lines of Code RIFL group Control group RIFL group Control group Omit unnecessary checks for crashes Check semantic errors with assertions without having to elaborate error recovery Focus on main functionality 86
87 Automatically Handle Errors That Would Otherwise Cause Crashes or Assertion Failures 87
88 Automatically Handle Corner Cases That Developers Don t Want to Handle Exhaustively 88
89 Potential Limitations Debugging Can make unintentional mistakes silent Error log or IDE support Assumptions Structured input units Obtaining partial results is preferable to terminating 89
90 Related Work Exception handling J. B. Goodenough. Exception Handling: Issues and a Proposed Notation. Commun. ACM 1975 Recovery by manipulating execution M. Rinard et al. Enhancing Server Availability and Security Through Failure-oblivious Computing. OSDI 2004 S. Sidiroglou and A. D. Keromytis. Using Execution Transactions To Recover From Buffer Overflow Attacks. Technical Report 2004 Language designs involving transactions A. Shinnar et al. Integrating support for undo with exception handling. Technical Report 2004 B. Demsky and A. Dash. Bristlecone: A Language for Robust Software Systems. ECOOP 2008 A. Warth et al. Worlds: Controlling the Scope of Side Effects. ECOOP
91 Conclusion Filtered iterators Iterate over input units Filter out bad input units when errors occur Atomic rollback of updates Inspired by developer bug fixes Enable more robust and simpler programs Abilities verified by user study 91
A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING
A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING Do-Hyung Kim School of Computer Science and Engineering Sungshin Women s s University CONTENTS Bibliographic Information and Organization
More informationClojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014
Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,
More informationComp 11 Lectures. Mike Shah. July 26, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures July 26, / 40
Comp 11 Lectures Mike Shah Tufts University July 26, 2017 Mike Shah (Tufts University) Comp 11 Lectures July 26, 2017 1 / 40 Please do not distribute or host these slides without prior permission. Mike
More informationCoordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.
Coordination Failures and Consensus If the solution to availability and scalability is to decentralize and replicate functions and data, how do we coordinate the nodes? data consistency update propagation
More informationCOMP 204. Exceptions continued. Yue Li based on material from Mathieu Blanchette, Carlos Oliver Gonzalez and Christopher Cameron
COMP 204 Exceptions continued Yue Li based on material from Mathieu Blanchette, Carlos Oliver Gonzalez and Christopher Cameron 1 / 27 Types of bugs 1. Syntax errors 2. Exceptions (runtime) 3. Logical errors
More informationCOP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen Assertions and Preconditions Assertions are used by programmers to verify run-time execution An assertion is a
More informationStatic Program Analysis
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken s Michael D. Ernst s Sorin Lerner s A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem
More informationDistributed Consensus
Distributed Consensus Reaching agreement is a fundamental problem in distributed computing. Some examples are Leader election / Mutual Exclusion Commit or Abort in distributed transactions Reaching agreement
More informationComputer Science Introductory Course MSc - Introduction to Java
Computer Science Introductory Course MSc - Introduction to Java Lecture 1: Diving into java Pablo Oliveira ENST Outline 1 Introduction 2 Primitive types 3 Operators 4 5 Control Flow
More information1 st Semester 2007/2008
Chapter 17: System Departamento de Engenharia Informática Instituto Superior Técnico 1 st Semester 2007/2008 Slides baseados nos slides oficiais do livro Database System c Silberschatz, Korth and Sudarshan.
More information10:00 12:30. Do not open this problem booklet until the start of the examination is announced.
21 I 20 8 26 10:00 12:30 (1),. Do not open this problem booklet until the start of the examination is announced. (2) 4.. Answer the following 4 problems. Use the designated answer sheet for each problem.
More informationFACTORS AFFECTING CONCURRENT TRUNCATE
T E C H N I C A L N O T E FACTORS AFFECTING CONCURRENT TRUNCATE DURING BATCH PROCESSES Prepared By David Kurtz, Go-Faster Consultancy Ltd. Technical Note Version 1.00 Thursday 2 April 2009 (E-mail: david.kurtz@go-faster.co.uk,
More informationVerified Characteristic Formulae for CakeML. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 18, 2017
Verified Characteristic Formulae for CakeML Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 18, 2017 CakeML Has: references, modules, datatypes, exceptions, a FFI,... Doesn t have:
More informationFailure detectors Introduction CHAPTER
CHAPTER 15 Failure detectors 15.1 Introduction This chapter deals with the design of fault-tolerant distributed systems. It is widely known that the design and verification of fault-tolerent distributed
More informationUniversity of Toronto Faculty of Applied Science and Engineering Final Examination
University of Toronto Faculty of Applied Science and Engineering Final Examination ECE 24S - Digital Systems Examiner: Belinda Wang, Jianwen Zhu 2: - 4:3pm, April 26th, 24 Duration: 5 minutes (2.5 hours)
More informationITI Introduction to Computing II
(with contributions from R. Holte) School of Electrical Engineering and Computer Science University of Ottawa Version of January 11, 2015 Please don t print these lecture notes unless you really need to!
More informationHoare Calculus and Predicate Transformers
Hoare Calculus and Predicate Transformers Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at
More informationAn Automotive Case Study ERTSS 2016
Institut Mines-Telecom Virtual Yet Precise Prototyping: An Automotive Case Study Paris Sorbonne University Daniela Genius, Ludovic Apvrille daniela.genius@lip6.fr ludovic.apvrille@telecom-paristech.fr
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationLeveraging Transactional Memory for a Predictable Execution of Applications Composed of Hard Real-Time and Best-Effort Tasks
Leveraging Transactional Memory for a Predictable Execution of Applications Composed of Hard Real-Time and Best-Effort Tasks Stefan Metzlaff, Sebastian Weis, and Theo Ungerer Department of Computer Science,
More informationDecision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Winter Term 2016/17
Decision Procedures Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg Winter Term 2016/17 Jochen Hoenicke (Software Engineering) Decision Procedures Winter Term 2016/17 1 / 436 Program
More informationSpeculative Parallelism in Cilk++
Speculative Parallelism in Cilk++ Ruben Perez & Gregory Malecha MIT May 11, 2010 Ruben Perez & Gregory Malecha (MIT) Speculative Parallelism in Cilk++ May 11, 2010 1 / 33 Parallelizing Embarrassingly Parallel
More informationParallelization of the QC-lib Quantum Computer Simulator Library
Parallelization of the QC-lib Quantum Computer Simulator Library Ian Glendinning and Bernhard Ömer VCPC European Centre for Parallel Computing at Vienna Liechtensteinstraße 22, A-19 Vienna, Austria http://www.vcpc.univie.ac.at/qc/
More informationDatabase Systems SQL. A.R. Hurson 323 CS Building
SQL A.R. Hurson 323 CS Building Structured Query Language (SQL) The SQL language has the following features as well: Embedded and Dynamic facilities to allow SQL code to be called from a host language
More informationCompilers. Lexical analysis. Yannis Smaragdakis, U. Athens (original slides by Sam
Compilers Lecture 3 Lexical analysis Yannis Smaragdakis, U. Athens (original slides by Sam Guyer@Tufts) Big picture Source code Front End IR Back End Machine code Errors Front end responsibilities Check
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 9, CSCI 5535, Spring 2009 Announcements Homework 3 is out, due Mon Feb 16 No domain theory! Homework 1 is graded Feedback attached 14.2 (mean), 13 (median),
More informationFinally the Weakest Failure Detector for Non-Blocking Atomic Commit
Finally the Weakest Failure Detector for Non-Blocking Atomic Commit Rachid Guerraoui Petr Kouznetsov Distributed Programming Laboratory EPFL Abstract Recent papers [7, 9] define the weakest failure detector
More informationModule 10.1: nag polynom eqn Roots of Polynomials. Contents
Nonlinear Equations Module Contents Module 10.1: nag polynom eqn Roots of Polynomials nag polynom eqn provides a procedure for computing the roots of a polynomial with real or complex coefficients. Contents
More informationAxiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationAGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:
AGREEMENT PROBLEMS (1) AGREEMENT PROBLEMS Agreement problems arise in many practical applications: agreement on whether to commit or abort the results of a distributed atomic action (e.g. database transaction)
More informationAxiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
More informationIntroduction to Computer Programming
Introduction to Computer Programming Lecture 01 Software engineering is a field of engineering, for designing and writing programs for computers or other electronic devices. A software engineer, or programmer,
More informationCSE613: Parallel Programming, Spring 2012 Date: May 11. Final Exam. ( 11:15 AM 1:45 PM : 150 Minutes )
CSE613: Parallel Programming, Spring 2012 Date: May 11 Final Exam ( 11:15 AM 1:45 PM : 150 Minutes ) This exam will account for either 10% or 20% of your overall grade depending on your relative performance
More informationOn the weakest failure detector ever
On the weakest failure detector ever The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Guerraoui, Rachid
More informationLecture Notes on Compositional Reasoning
15-414: Bug Catching: Automated Program Verification Lecture Notes on Compositional Reasoning Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 4 1 Introduction This lecture will focus on
More informationInformation and Entropy. Professor Kevin Gold
Information and Entropy Professor Kevin Gold What s Information? Informally, when I communicate a message to you, that s information. Your grade is 100/100 Information can be encoded as a signal. Words
More informationDeductive Verification
Deductive Verification Mooly Sagiv Slides from Zvonimir Rakamaric First-Order Logic A formal notation for mathematics, with expressions involving Propositional symbols Predicates Functions and constant
More informationHoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
More informationVerifying Properties of Parallel Programs: An Axiomatic Approach
Verifying Properties of Parallel Programs: An Axiomatic Approach By Susan Owicki and David Gries (1976) Nathan Wetzler nwetzler@cs.utexas.edu University of Texas, Austin November 3, 2009 Outline Introduction
More informationThe Weighted Byzantine Agreement Problem
The Weighted Byzantine Agreement Problem Vijay K. Garg and John Bridgman Department of Electrical and Computer Engineering The University of Texas at Austin Austin, TX 78712-1084, USA garg@ece.utexas.edu,
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationI. Numerical Computing
I. Numerical Computing A. Lectures 1-3: Foundations of Numerical Computing Lecture 1 Intro to numerical computing Understand difference and pros/cons of analytical versus numerical solutions Lecture 2
More informationSection 5. TADS Data Reporting Instruction Manual DRAFT Section 5 and Associated Appendices With Proposed Event Type Numbers
Section 5 TADS Data Reporting Instruction Manual DRAFT Section 5 and Associated Appendices With Proposed Event Type Numbers Rev. 5/10/2010 1 Section 5 Form for Event ID and Event Type Number Data TO s
More informationCOMPUTER SCIENCE TRIPOS
CST0.2017.2.1 COMPUTER SCIENCE TRIPOS Part IA Thursday 8 June 2017 1.30 to 4.30 COMPUTER SCIENCE Paper 2 Answer one question from each of Sections A, B and C, and two questions from Section D. Submit the
More informationTime. To do. q Physical clocks q Logical clocks
Time To do q Physical clocks q Logical clocks Events, process states and clocks A distributed system A collection P of N single-threaded processes (p i, i = 1,, N) without shared memory The processes in
More informationAn analogy from Calculus: limits
COMP 250 Fall 2018 35 - big O Nov. 30, 2018 We have seen several algorithms in the course, and we have loosely characterized their runtimes in terms of the size n of the input. We say that the algorithm
More informationQuiz 2. Due November 26th, CS525 - Advanced Database Organization Solutions
Name CWID Quiz 2 Due November 26th, 2015 CS525 - Advanced Database Organization s Please leave this empty! 1 2 3 4 5 6 7 Sum Instructions Multiple choice questions are graded in the following way: You
More informationVäxjö University. Software Security Testing. A Flexible Architecture for Security Testing. School of Mathematics and System Engineering
School of Mathematics and System Engineering Reports from MSI - Rapporter från MSI Växjö University Software Security Testing A Flexible Architecture for Security Testing Martin Andersson Aug 2008 MSI
More information416 Distributed Systems
416 Distributed Systems RAID, Feb 26 2018 Thanks to Greg Ganger and Remzi Arapaci-Dusseau for slides Outline Using multiple disks Why have multiple disks? problem and approaches RAID levels and performance
More informationG54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV
G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV Henrik Nilsson University of Nottingham, UK G54FOP: Lecture 17 & 18 p.1/33 These Two Lectures Revisit attempt to define denotational
More informationProblem One: Order Relations i. What three properties does a binary relation have to have to be a partial order?
CS103 Handout 16 Fall 2011 November 4, 2011 Extra Practice Problems Many of you have expressed interest in additional practice problems to review the material from the first four weeks of CS103. This handout
More informationCOMS 6100 Class Notes
COMS 6100 Class Notes Daniel Solus September 20, 2016 1 General Remarks The Lecture notes submitted by the class have been very good. Integer division seemed to be a common oversight when working the Fortran
More informationFAIRNESS FOR INFINITE STATE SYSTEMS
FAIRNESS FOR INFINITE STATE SYSTEMS Heidy Khlaaf University College London 1 FORMAL VERIFICATION Formal verification is the process of establishing whether a system satisfies some requirements (properties),
More informationAxiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE
Axiomatic Semantics Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE 6341 1 Outline Introduction What are axiomatic semantics? First-order logic & assertions about states Results (triples)
More informationMAT 243 Test 2 SOLUTIONS, FORM A
MAT Test SOLUTIONS, FORM A 1. [10 points] Give a recursive definition for the set of all ordered pairs of integers (x, y) such that x < y. Solution: Let S be the set described above. Note that if (x, y)
More informationJuly 20, The day software bugs nearly lost us the moon. July 20, 2004
July 20, 1969 The day software bugs nearly lost us the moon July 20, 2004 1 This day, 35 years ago 35 years today 2 (of course, it never happened ) Flag waving in vacuum English writing on rocks 3 Guidance
More informationProbabilistic Guarded Commands Mechanized in HOL
Probabilistic Guarded Commands Mechanized in HOL Joe Hurd joe.hurd@comlab.ox.ac.uk Oxford University Joint work with Annabelle McIver (Macquarie University) and Carroll Morgan (University of New South
More informationHoare Logic: Part II
Hoare Logic: Part II COMP2600 Formal Methods for Software Engineering Jinbo Huang Australian National University COMP 2600 Hoare Logic II 1 Factorial {n 0} fact := 1; i := n; while (i >0) do fact := fact
More informationInteger Clocks and Local Time Scales
Integer Clocks and Local Time Scales Part I Part II Adrien Guatto ENS - PARKAS SYNCHRON 2014 Adrien Guatto (ENS - PARKAS) Integer Clocks and Local Time Scales SYNCHRON 2014 1 / 31 Part I Adrien Guatto
More informationDatabases. DBMS Architecture: Hashing Techniques (RDBMS) and Inverted Indexes (IR)
Databases DBMS Architecture: Hashing Techniques (RDBMS) and Inverted Indexes (IR) References Hashing Techniques: Elmasri, 7th Ed. Chapter 16, section 8. Cormen, 3rd Ed. Chapter 11. Inverted indexing: Elmasri,
More informationList reversal: back into the frying pan
List reversal: back into the frying pan Richard Bornat March 20, 2006 Abstract More than thirty years ago Rod Burstall showed how to do a proof of a neat little program, shown in a modern notation in figure
More informationDeadlock. CSE 2431: Introduction to Operating Systems Reading: Chap. 7, [OSC]
Deadlock CSE 2431: Introduction to Operating Systems Reading: Chap. 7, [OSC] 1 Outline Resources Deadlock Deadlock Prevention Deadlock Avoidance Deadlock Detection Deadlock Recovery 2 Review: Synchronization
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationLoop Convergence. CS 536: Science of Programming, Fall 2018
Solved Loop Convergence CS 536: Science of Programming, Fall 2018 A. Why Diverging programs aren t useful, so it s useful to know how to show that loops terminate. B. Objectives At the end of this lecture
More informationThese are special traffic patterns that create more stress on a switch
Myths about Microbursts What are Microbursts? Microbursts are traffic patterns where traffic arrives in small bursts. While almost all network traffic is bursty to some extent, storage traffic usually
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationEarly stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination
TRB for benign failures Early stopping: the idea Sender in round : :! send m to all Process p in round! k, # k # f+!! :! if delivered m in round k- and p " sender then 2:!! send m to all 3:!! halt 4:!
More informationImplementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links
Implementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links Jialin Zhang Tsinghua University zhanggl02@mails.tsinghua.edu.cn Wei Chen Microsoft Research Asia weic@microsoft.com
More informationA study of online construction of fragment replicas. Fernanda Torres Pizzorno
A study of online construction of fragment replicas Fernanda Torres Pizzorno June 30, 2005 Preface In this report, I present the hovedoppgave of my 5 th year in the Siv. ing. i Datateknikk course at NTNU.
More informationCS 16 Fall 2009 Mid-term exam
CS 16 Fall 2009 Mid-term exam This is a closed-book, closed-note exam. Answer all of the questions clearly, completely, and concisely. You have 50 minutes, so be sure to use your time wisely. All work
More informationcs/ee/ids 143 Communication Networks
cs/ee/ids 143 Communication Networks Chapter 5 Routing Text: Walrand & Parakh, 2010 Steven Low CMS, EE, Caltech Warning These notes are not self-contained, probably not understandable, unless you also
More informationDistributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour
Distributed Algorithms (CAS 769) Week 1: Introduction, Logical clocks, Snapshots Dr. Borzoo Bonakdarpour Department of Computing and Software McMaster University Dr. Borzoo Bonakdarpour Distributed Algorithms
More informationCSCI-564 Advanced Computer Architecture
CSCI-564 Advanced Computer Architecture Lecture 8: Handling Exceptions and Interrupts / Superscalar Bo Wu Colorado School of Mines Branch Delay Slots (expose control hazard to software) Change the ISA
More informationLecture Notes on Software Model Checking
15-414: Bug Catching: Automated Program Verification Lecture Notes on Software Model Checking Matt Fredrikson André Platzer Carnegie Mellon University Lecture 19 1 Introduction So far we ve focused on
More informationITI Introduction to Computing II
(with contributions from R. Holte) School of Electrical Engineering and Computer Science University of Ottawa Version of January 9, 2019 Please don t print these lecture notes unless you really need to!
More informationCS505: Distributed Systems
Cristina Nita-Rotaru CS505: Distributed Systems. Required reading for this topic } Michael J. Fischer, Nancy A. Lynch, and Michael S. Paterson for "Impossibility of Distributed with One Faulty Process,
More informationAutomatic Verification of Parameterized Data Structures
Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation
More informationR E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.
R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E
More informationReading and Writing. Mathematical Proofs. Slides by Arthur van Goetham
Reading and Writing Mathematical Proofs Slides by Arthur van Goetham What is a proof? Why explanations are not proofs What is a proof? A method for establishing truth What establishes truth depends on
More informationEECS150 - Digital Design Lecture 27 - misc2
EECS150 - Digital Design Lecture 27 - misc2 May 1, 2002 John Wawrzynek Spring 2002 EECS150 - Lec27-misc2 Page 1 Outline Linear Feedback Shift Registers Theory and practice Simple hardware division algorithms
More informationPractical Provably Correct Voter Privacy Protecting End to End Voting Employing Multiparty Computations and Split Value Representations of Votes
Practical Provably Correct Voter Privacy Protecting End to End Voting Employing Multiparty Computations and Split Value Representations of Votes Michael O. Rabin Columbia University SEAS Harvard University
More informationDiscrete Mathematics and Probability Theory Summer 2015 Chung-Wei Lin Midterm 1
CS 70 Discrete Mathematics and Probability Theory Summer 2015 Chung-Wei Lin Midterm 1 PRINT Your Name:, last) first) SIGN Your Name: PRINT Your Student ID: CIRCLE your exam room: 2050 VLSB 10 EVANS OTHER
More informationCSCI3390-Assignment 2 Solutions
CSCI3390-Assignment 2 Solutions due February 3, 2016 1 TMs for Deciding Languages Write the specification of a Turing machine recognizing one of the following three languages. Do one of these problems.
More informationCoping with disk crashes
Lecture 04.03 Coping with disk crashes By Marina Barsky Winter 2016, University of Toronto Disk failure types Intermittent failure Disk crash the entire disk becomes unreadable, suddenly and permanently
More informationLexical Analysis: DFA Minimization & Wrap Up
Lexical Analysis: DFA Minimization & Wrap Up Automating Scanner Construction PREVIOUSLY RE NFA (Thompson s construction) Build an NFA for each term Combine them with -moves NFA DFA (subset construction)
More informationProgram verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program
Program verification Assertional semantics of a program Meaning of a program: relation between its inputs and outputs; specified by input assertions (pre-conditions) and output assertions (post-conditions)
More informationData byte 0 Data byte 1 Data byte 2 Data byte 3 Data byte 4. 0xA Register Address MSB data byte Data byte Data byte LSB data byte
SFP200 CAN 2.0B Protocol Implementation Communications Features CAN 2.0b extended frame format 500 kbit/s Polling mechanism allows host to determine the rate of incoming data Registers The SFP200 provides
More informationLecture Notes on Invariants for Arbitrary Loops
15-414: Bug Catching: Automated Program Verification Lecture Notes on Invariants for Arbitrary Loops Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 5 1 Introduction The previous lecture
More informationEnhancing the Updatability of Projective Views
Enhancing the Updatability of Projective Views (Extended Abstract) Paolo Guagliardo 1, Reinhard Pichler 2, and Emanuel Sallinger 2 1 KRDB Research Centre, Free University of Bozen-Bolzano 2 Vienna University
More informationCryptography and Security Midterm Exam
Cryptography and Security Midterm Exam Solution Serge Vaudenay 25.11.2015 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication
More informationResilience Management Problem in ATM Systems as ashortest Path Problem
Resilience Management Problem in ATM Systems as ashortest Path Problem A proposal for definition of an ATM system resilience metric through an optimal scheduling strategy for the re allocation of the system
More information1 Introduction. 1.1 The Problem Domain. Self-Stablization UC Davis Earl Barr. Lecture 1 Introduction Winter 2007
Lecture 1 Introduction 1 Introduction 1.1 The Problem Domain Today, we are going to ask whether a system can recover from perturbation. Consider a children s top: If it is perfectly vertically, you can
More informationNew attacks on Keccak-224 and Keccak-256
New attacks on Keccak-224 and Keccak-256 Itai Dinur 1, Orr Dunkelman 1,2 and Adi Shamir 1 1 Computer Science department, The Weizmann Institute, Rehovot, Israel 2 Computer Science Department, University
More informationStatistical Debugging. Ben Liblit, University of Wisconsin Madison
Statistical Debugging Ben Liblit, University of Wisconsin Madison Bug Isolation Architecture Program Source Predicates Sampler Compiler Shipping Application Top bugs with likely causes Statistical Debugging
More informationLecture Notes on SAT Solvers & DPLL
15-414: Bug Catching: Automated Program Verification Lecture Notes on SAT Solvers & DPLL Matt Fredrikson André Platzer Carnegie Mellon University Lecture 10 1 Introduction In this lecture we will switch
More informationComplex Systems Design & Distributed Calculus and Coordination
Complex Systems Design & Distributed Calculus and Coordination Concurrency and Process Algebras: Theory and Practice Francesco Tiezzi University of Camerino francesco.tiezzi@unicam.it A.A. 2014/2015 F.
More informationDO NOT COPY DO NOT COPY
Drill Problems 3 benches. Another practical book is VHDL for Programmable Logic, by Kevin Skahill of Cypress Semiconductor (Addison-esley, 1996). All of the ABEL and VHDL examples in this chapter and throughout
More informationFormal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation
CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Announcements Homework 0 due Friday at 5 PM Heads up: no late days for this one! Homework 1 due Wednesday at 11 PM Using program logic
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2018 Programming Paradigms Functional. (Haskell, SML, OCaml,... ) main paradigm:
More information