Lecture 23: Verification

preparation

• Read the Jitk paper and answer the following two questions.
  • How does Jitk avoid the bugs described in Section 3?
  • Can you describe one bug that Jitk cannot prevent?
• (optional) Read the Dune paper. Compare the sandbox described in §5.1 to Jitk.

administrivia

• Lab X: if you would like to do a demo
  • email us to schedule a project meeting by the end of today
  • project meeting: Wednesday in 560
  • demo: Friday here
• final

running untrusted extensions

• review what we have learned so far
• context: running extensions in browsers, OS kernels, etc. - examples?
• what can go wrong? - see §3 of the Jitk paper
• goals
  • safe execution of extensions
  • performance
  • functional correctness of the extension - when do we need this
• approaches - draw a table of the goals & examples
  • trust the extensions & hope for the best (examples?)
  • testing (e.g., run klee from last lecture - how?)
  • virtual machine/process isolation
  • software-based fault isolation: NativeClient
  • safe languages: Rust, SPIN OS, Singularity
  • formal verification: Jitk, proof-carrying code, etc.
• courses
  • advanced OS topics: take 551 or next spring’s 599
  • advanced PL topics: take 505 or 507
• slides