reflections on rousting rust?

cs4414 Fall 2013University of Virginia

David Evans

CLASS 13: REFLECTIONS ON RUSTING RUST?

April 12, 2023 University of Virginia cs4414 2

Plan for Today

• Backdoors in Linux and Rust?• Nishant’s Talk Today• Midterm– Last chance to ask questions on anything we’ve

covered so far (until after Midterm)• Dining Philosophers

April 12, 2023 University of Virginia cs4414 3

Is there a backdoor in the Linux kernel?

April 12, 2023 University of Virginia cs4414 4

Detected Nearly Successful Attempt (2003)

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

Code added to wait4 (kernel-level) program to “support new options for root-level user”:

April 12, 2023 University of Virginia cs4414 5

April 12, 2023 University of Virginia cs4414 6

April 12, 2023 University of Virginia cs4414 7

Could this happen with Rust?

if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { retval = -EINVAL; }

gash> rustc assign.rsassign.rs:9:42: 9:60 error: mismatched types: expected `bool` but found `()` (expected bool but found ())assign.rs:9 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { ^~~~~~~~~~~~~~~~~~error: aborting due to previous error

April 12, 2023 University of Virginia cs4414 8

How hard would it be to place a “backdoor” in Rust?

Constructing a backdoor in Rust: any Rust program that does not use unsafe, but for which the compiler outputs a binary that is not type safe.

April 12, 2023 University of Virginia cs4414 9

Ken Thompson’s 1983 Turing Award Acceptance Speech

April 12, 2023 University of Virginia cs4414 10

Thompson’s “Trusting Trust”

Introduce a compiler bug will recognize “login” and compile it to include a backdoor login

Bootstrap compiler

Remove evidence of bug – its baked into future compilers through the bootstrapped binary!

April 12, 2023 University of Virginia cs4414 11

Possible project idea: verify or (more likely) disprove this!

April 12, 2023 University of Virginia cs4414 12

Nishant’s Talk Today!

6pm, Olsson 120

April 12, 2023 University of Virginia cs4414 13

Midterm Exam

Out now: https://docs.google.com/forms/d/113q31QJ3X-56XGXrElH_BCZts31qzKFxRbN57Cuyt0k/

(Easier to follow link will be available shortly after class today.)

6 short answer questions (taken or adapted from the class notes)1 longer answer synthesis question1 programming question

April 12, 2023 University of Virginia cs4414 14

Efficient Grading Algorithmuse std::rand;

fn grade_midterm(answers: [~str]) -> float { let numq = answers.length; let urand = rand::random::<uint>() % numq;

if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers }}

April 12, 2023 University of Virginia cs4414 15

Efficient Grading Algorithm + Don’t Miss Interesting Answers

use std::rand;fn grade_midterm(answers: [~str]) -> float { if (/* answered question 9 */) return great_answer(answers[9]) && possibly look at other answers let numq = answers.length; let urand = rand::random::<uint>() % numq;

if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers }}

April 12, 2023 University of Virginia cs4414 16

Questions about Midterm

April 12, 2023 University of Virginia cs4414 17

Edsger Dijkstra (1930-2002) Sir Tony Hoare (born 1934)

April 12, 2023 University of Virginia cs4414 18

April 12, 2023 University of Virginia cs4414 19

Heraclitus

Socrates

Plato

Aristotle

Euclid

5 Dining Philosophers5 Chopsticks (one between each pair)Need 2 chopsticks to eat

April 12, 2023 University of Virginia cs4414 20

Djikstra’s (Hygenic) VersionIn the canonical problem of the five dining philosophers, the philosophers, each of which alternatingly “thinks” and “eats”, are arranged cyclically, and no two neighbours may eat simultaneously. This constraint can be represented by placing the philosophers at the edges of a regular pentagon, each edge representing a pair-wise exclusion constraint between the two philosophers situated at its ends.

Is this equivalent to the shared chopsticks?

April 12, 2023 University of Virginia cs4414 21

Solution Desiderata

• No communication required• No deadlock• No starvation: everyone gets to eat eventually• Fair: each philosopher has equal likelihood of

getting to eat

April 12, 2023 University of Virginia cs4414 22

Heraclitus

Socrates

Plato

Aristotle

Euclid

Could all the philosophers starve?

April 12, 2023 University of Virginia cs4414 23

April 12, 2023 University of Virginia cs4414 24

Dijkstra’s Solution (Idea)

Number the chopsticks, always grab lower-numbered stick first

Does it matter how the chopsticks are numbered?

April 12, 2023 University of Virginia cs4414 25

How does UVaCOLLAB solve this?

“UVaCollab is an advanced web-based course and collaboration environment”

April 12, 2023 University of Virginia cs4414 26

“Best Practices for Working in UVaCollab”

• Don't allow multiple graders to grade the same students at the same time, although it's fine to grade different sections of students.

• Don't open multiple browser tabs and windows while engaged in grading activities.

• Avoid double-clicking links and buttons in UVaCollab as doing so may slow down response times. A single-click is all it takes.

April 12, 2023 University of Virginia cs4414 27

The Real Challenge was to “Invent the Chopstick”

Binary SemaphoreLock that can be held by up to one process

April 12, 2023 University of Virginia cs4414 28

type Semaphore = Option<uint> ; // either None (available) or owner

static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None;

fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id);}fn release_lock() { lock = None; }

fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock();}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }

April 12, 2023 University of Virginia cs4414 29

type Semaphore = Option<uint> ; // either None (available) or owner

static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None;

fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id);}fn release_lock() { lock = None; }

fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock();}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }

FAIL! This is unsafe:semaphore.rs:9:11: 9:15 error: use of mutable static requires unsafe function or blocksemaphore.rs:9 while (lock.is_some()) {…

April 12, 2023 University of Virginia cs4414 30

type Semaphore = Option<uint> ; // either None (available) or owner

static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None;

fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } }

fn release_lock() { unsafe { lock = None; } }

fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); }}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } }}

What will the final count be?

April 12, 2023 University of Virginia cs4414 31

gash> ./semaphore > run1.txtgash> ./semaphore > run2.txtgash> ./semaphore > run3.txtgash> tail -1 run1.txtCount updated by 8u: 9968ugash> tail -1 run2.txtCount updated by 9u: 9951ugash> tail -1 run3.txtCount updated by 9u: 9950u

April 12, 2023 University of Virginia cs4414 32

type Semaphore = Option<uint> ; // either None (available) or owner

static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None;

fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } }

fn release_lock() { unsafe { lock = None; } }

fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); }}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } }}

April 12, 2023 University of Virginia cs4414 33

fn update_count(id: uint) { unsafe { grab_lock(id); assert!(match lock { None => false, Some(lockee) => lockee == id});

count += 1;println(fmt!("Count updated by %?: %?", id, count));release_lock();

}}

Count updated by 1u: 710uCount updated by 2u: 710uCount updated by 1u: 711uCount updated by 2u: 713uCount updated by 1u: 713u

Count updated by 2u: 714uCount updated by 2u: 715utask <unnamed> failed at 'assertion failed: match lock { None => false, Some(lockee) => \lockee == id }', semaphore.rs:26Count updated by 2u: 716uCount updated by 2u: 717u

April 12, 2023 University of Virginia cs4414 34

http:

//ro

sett

acod

e.or

g/w

iki/

Din

ing_

philo

soph

ers

April 12, 2023 University of Virginia cs4414 35

Charge

• If you don’t want to do the midterm, contribute a satisfactory Dining Philosophers in Rust to rosettacode.org

• Otherwise (unless you are already exempt by solving a challenge), submit the midterm by 11:59pm Monday, October 14