compliance 52 1 Istio Security Audit, 2023 Executive summary In September and October 2022 Ada Logics carried out a security audit of the Istio project. The audit was sponsored by the CNCF and facilitated Perform a SLSA review of Istio. The audit was started with a kickoff meeting, and following that, Ada Logics had weekly meetings with the Istio team to discuss questions and issues that came out throughout vulnerability and assigned it CVE-2022-41721. 3 Istio Security Audit, 2023 Project summary Ada Logics auditors Name Title Email Adam Korczynski Security Engineer Adam@adalogics.com David Korczynski

Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was a new component of Vitess security posture of Vitess from different perspectives, they also offered a level of synergy; Ada Logics found two CVEʼs during the audit which the threat model goal helped to assess. The threat model was meeting between Ada Logics, the Vitess maintainers and OSTIF. A�er that, all three parties met regularly to discuss issues and questions as they arose during the audit. Ada Logics shared issues of higher

Semantics • Type System • The own Predict • Exclusive Ownership & Mutable Borrow Examples • Rc Logics • Hoare Logic • Separation Logic Background ERC Project "RustBelt" 2015-2021 Unlike C/C++, Hoare Logic Logics C Precondition Postcondition Program Given the precondition “P”, if we execute the program “C” and it terminates, it will hold the postcondition “Q”. {P} {Q} Logics {True} let let x = 10 {x = 10} {x = 3} x += 1 {x = 4} {True} loop {} {False} Hoare Logic Logics P: x ↦ v Ownership We own “x”, and “x” points to “v”. Disjointness Given “(x ↦ v) ∗ (y ↦ w)”, we know

Supply-chain mitigations 45 1 Dapr security audit 2023 Executive summary In May and June 2023, Ada Logics carried out a security audit for the Dapr project. The high-level goal was to complete a holistic Summary The auditors of Ada Logics were: Name Title Email Adam Korczynski Security Engineer, Ada Logics Adam@adalogics.com David Korczynski Security Researcher, Ada Logics David@adalogics.com The Dapr case the InvokeRequest is trusted. 14 Dapr security audit 2023 Fuzzing During the audit, Ada Logics wrote five new fuzzers for Dapr. We added the fuzzers to Daprs OSS-Fuzz integration so that they

queries are welcome. 1 https://github.com/google/oss-fuzz Executive summary In this engagement, Ada Logics worked on creating a fuzzing suite for Dapr. At the time of this engagement, Dapr was doing no fuzzing build the fundamental infrastructure and improve the fuzzing efforts in a continuous manner. Ada Logics did that by first integrating Dapr into OSS-Fuzz and add fuzzers for important APIʼs of the Dapr fuzzers are running continuously by way of OSS-Fuzz which will report if they find any crashes. Ada Logics wrote a total of 39 fuzzers that found 3 issues - 2 of which had their root cause in 3rd-party libraries

Layer Drivers handling LayerProcesses & Logics Separate the logic layer from the hardware layer Application Layer Drivers handling LayerProcesses & Logics Hardware Handling Separate the logic

formalism. In this context, “formal” means “logical” or “logic-based.” Logicians—the mathematicians of logics—carried out formal proofs on papers decades before the advent of computers, but nowadays formal proofs Dependent Types Dependent types are the defining feature of the dependent type theory family of logics. Although you may not be familiar with the terminology, you are likely to be familiar with the concept properties may seem obvious, and yet there exist proof assistants built on weaker, intuitionistic logics in which the properties do not generally hold. In Chapter 4, we saw a diagram depicting the interpretation

src/controller/*.js ），放在 think.app.controllers 对 基础功能 象上。 加载项目里的 logic 文件（ src/logic/*.js ），放在 think.app.logics 对象上。 加载项目里的 model 文件（ src/model/*.js ），放在 think.app.models 对象上。 加载项目里的 service 文件（ src/service/* think.app.modules 模块列表，单模块项目下为空数组 think.app.controllers 存放项目下的 controller 文件，便于后续快速调用 think.app.logics 存放项目下的 logic 文件 think.app.models 存放项目下的模型文件 think.app.services 存放 service 文件 think.app.routers

String) -> Bool {} func validateEmail(name: String) -> Bool {} UI Net Utils Logic Logic // Logics func presentLoginController() { } func showSharingPage() { } func pushWebViewController(url: String)

unify the refCnt of both HFileBlock and BucketEntry as one refCnt. And for the previous recycle logics: 1. BucketCache#returnBlock; 2. BucketCache#freeSpace; 3. …. All of them can be done by