reflections on rousting rust?

cs4414 Fall 2013University of Virginia

David Evans

CLASS 13: REFLECTIONS ON RUSTING RUST?

April 12, 2023 University of Virginia cs4414 2

Plan for Today

• Backdoors in Linux and Rust?• Nishant’s Talk Today• Midterm– Last chance to ask questions on anything we’ve

covered so far (until after Midterm)• Dining Philosophers


Is there a backdoor in the Linux kernel?


Detected Nearly Successful Attempt (2003)

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

Code added to wait4 (kernel-level) program to “support new options for root-level user”:


Could this happen with Rust?

if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { retval = -EINVAL; }

gash> rustc assign.rsassign.rs:9:42: 9:60 error: mismatched types: expected `bool` but found `()` (expected bool but found ())assign.rs:9 if ((options == (__WCLONE|__WALL)) && (current_uid = 0)) { ^~~~~~~~~~~~~~~~~~error: aborting due to previous error


How hard would it be to place a “backdoor” in Rust?

Constructing a backdoor in Rust: any Rust program that does not use unsafe, but for which the compiler outputs a binary that is not type safe.


Ken Thompson’s 1983 Turing Award Acceptance Speech

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf


Thompson’s “Trusting Trust”

Introduce a compiler bug will recognize “login” and compile it to include a backdoor login

Bootstrap compiler

Remove evidence of bug – its baked into future compilers through the bootstrapped binary!


Possible project idea: verify or (more likely) disprove this!


Nishant’s Talk Today!

6pm, Olsson 120


Midterm Exam

Out now: https://docs.google.com/forms/d/113q31QJ3X-56XGXrElH_BCZts31qzKFxRbN57Cuyt0k/

(Easier to follow link will be available shortly after class today.)

6 short answer questions (taken or adapted from the class notes)1 longer answer synthesis question1 programming question


Efficient Grading Algorithmuse std::rand;

fn grade_midterm(answers: [~str]) -> float { let numq = answers.length; let urand = rand::random::<uint>() % numq;

if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers }}


Efficient Grading Algorithm + Don’t Miss Interesting Answers

use std::rand;fn grade_midterm(answers: [~str]) -> float { if (/* answered question 9 */) return great_answer(answers[9]) && possibly look at other answers let numq = answers.length; let urand = rand::random::<uint>() % numq;

if good_answer(answers[urand]) { 1.0 } else if good_answer(answers[(urand + 1) % numq]) && good_answer(answers[(urand + 2) % numq]) { 1.0 } else { … // grade all answers }}


Questions about Midterm


Edsger Dijkstra (1930-2002) Sir Tony Hoare (born 1934)


Heraclitus

Socrates

Plato

Aristotle

Euclid

5 Dining Philosophers5 Chopsticks (one between each pair)Need 2 chopsticks to eat


Djikstra’s (Hygenic) VersionIn the canonical problem of the five dining philosophers, the philosophers, each of which alternatingly “thinks” and “eats”, are arranged cyclically, and no two neighbours may eat simultaneously. This constraint can be represented by placing the philosophers at the edges of a regular pentagon, each edge representing a pair-wise exclusion constraint between the two philosophers situated at its ends.

Is this equivalent to the shared chopsticks?


Solution Desiderata

• No communication required• No deadlock• No starvation: everyone gets to eat eventually• Fair: each philosopher has equal likelihood of

getting to eat


Heraclitus

Socrates

Plato

Aristotle

Euclid

Could all the philosophers starve?


Dijkstra’s Solution (Idea)

Number the chopsticks, always grab lower-numbered stick first

Does it matter how the chopsticks are numbered?


How does UVaCOLLAB solve this?

“UVaCollab is an advanced web-based course and collaboration environment”


“Best Practices for Working in UVaCollab”

• Don't allow multiple graders to grade the same students at the same time, although it's fine to grade different sections of students.

• Don't open multiple browser tabs and windows while engaged in grading activities.

• Avoid double-clicking links and buttons in UVaCollab as doing so may slow down response times. A single-click is all it takes.

https://collab.itc.virginia.edu/portal/site/b509ff12-456d-4e48-000d-c3d85a57258b


The Real Challenge was to “Invent the Chopstick”

Binary SemaphoreLock that can be held by up to one process


type Semaphore = Option<uint> ; // either None (available) or owner

static mut count: uint = 0; // protected by lock static mut lock: Semaphore = None;

fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id);}fn release_lock() { lock = None; }

fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock();}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }




fn grab_lock(id: uint) { while (lock.is_some()) { ; } // wait for lock lock = Some(id);}fn release_lock() { lock = None; }

fn update_count(id: uint) { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock();}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } } }

FAIL! This is unsafe:semaphore.rs:9:11: 9:15 error: use of mutable static requires unsafe function or blocksemaphore.rs:9 while (lock.is_some()) {…




fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } }

fn release_lock() { unsafe { lock = None; } }

fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); }}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } }}

What will the final count be?


gash> ./semaphore > run1.txtgash> ./semaphore > run2.txtgash> ./semaphore > run3.txtgash> tail -1 run1.txtCount updated by 8u: 9968ugash> tail -1 run2.txtCount updated by 9u: 9951ugash> tail -1 run3.txtCount updated by 9u: 9950u




fn grab_lock(id: uint) { unsafe { while (lock.is_some()) { ; } lock = Some(id); } }

fn release_lock() { unsafe { lock = None; } }

fn update_count(id: uint) { unsafe { grab_lock(id); count += 1; println(fmt!("Count updated by %?: %?", id, count)); release_lock(); }}

fn main() { for num in range(0u, 10) { do spawn { for _ in range(0u, 1000) { update_count(num); } } }}


fn update_count(id: uint) { unsafe { grab_lock(id); assert!(match lock { None => false, Some(lockee) => lockee == id});

count += 1;println(fmt!("Count updated by %?: %?", id, count));release_lock();

}}

Count updated by 1u: 710uCount updated by 2u: 710uCount updated by 1u: 711uCount updated by 2u: 713uCount updated by 1u: 713u

Count updated by 2u: 714uCount updated by 2u: 715utask <unnamed> failed at 'assertion failed: match lock { None => false, Some(lockee) => \lockee == id }', semaphore.rs:26Count updated by 2u: 716uCount updated by 2u: 717u


http:

//ro

sett

acod

e.or

g/w

iki/

Din

ing_

philo

soph

ers

http://rosettacode.org/wiki/Dining_philosophers





Charge

• If you don’t want to do the midterm, contribute a satisfactory Dining Philosophers in Rust to rosettacode.org

• Otherwise (unless you are already exempt by solving a challenge), submit the midterm by 11:59pm Monday, October 14

reflections on rousting rust?

Technology

university of virginia

numq good

midterm dining philosophers

rand fn grade

uvacollab dont

rust program

wall currentuid

shared chopsticks