Contact Information - Publications [BibTeX] - CV: HTML, PDF

Startup update: Nectry is my startup based on Ur/Web and UPO, with a "no-code" product that sets people across the business world free to build their own "enterprise-software" apps quickly, without knowing a thing about programming. It combines a tasteful component architecture in richly typed functional programming with a large-language-model AI frontend that makes "programming" like chatting with a person who is building your app while you watch. We're in the earliest stages of setting up pilots with customers, so pointers to potential enthusiastic early adopters are very welcome; and we may be able to hire more engineers soon to do work related to compilers, language design, and IDEs.

I'm interested in redeveloping the full stack of tools used by engineers to create hardware-software systems. My traditional areas are programming languages and formal methods (especially with the Coq proof assistant), but I often work on problems at the interfaces with cybersecurity, computer architecture, databases, and operating systems.

When I started as faculty, I didn't know what the heck people meant when asking about my advising style, but now I have some answers. My recruiting these days is mostly focused at the PhD level and below, though I might be persuaded to hire a postdoc with just the right match of expertise. Current MIT students (undergrad, MEng, PhD) interested in working together should e-mail me, while for others I suggest following our normal PhD application process.

For a bit more info on what I work on, two low-time-investment overviews (of the mechanized-proofs part) are my blog post on the surprising security benefits of formal proofs and video of a talk I gave at the 34th Chaos Communication Congress in December 2017.

Current Research

End-to-end hardware-software verification	My main interest is in codesigning development tools and system components, across complete digital stacks (hardware and software), for delivering full systems that have unified, machine-checked correctness proofs (usually in Coq). I split my research time about evenly between software and hardware projects, which almost all involve embedding different languages and formal-methods approaches in Coq, with occasional efforts to integrate them together into demos. Our first unified demo was the verified IoT lightbulb, connecting together proofs of a RISC-V microcontroller, the compiler for the Bedrock2 low-level software language, and device drivers and application code written in Bedrock2. Our second unified demo is the verified garage-door opener, which is software-only but includes an implementation of a cryptographic protocol, where most software is generated automatically from functional programs in a variety of ways. The second demo incorporates our Fiat Cryptography project, a domain-specific verified compiler and one of the highest-impact formal-methods projects yet by number of devices that have installed software produced with it (e.g., Fiat Cryptography code ships with essentially all web browsers and mobile platforms in their TLS libraries).
End-to-end side-channel security	We are also working toward proofs of timing side-channel security for full hardware-software stacks, tackling both of the main techniques: programming with constant time and using combinations of hardware and software to implement strong process isolation.
High-performance computing	I'm ramping up the share of my research attention spent on high-performance computing, broadly construed, including programming with tensors and online transaction processing, with high parallel scaling. I believe multicore hardware architectures as we know them today offer both terrible programming experiences and poor performance scaling, and I'm excited about what comes next, which I'm investigating from the perspectives of both new (verified) software compiler styles and tools for rapid development of new (verified) highly concurrent hardware designs.

Some Old Research

	Ur/Web, a domain-specific functional programming language for modern Web applications. I started working on it when I was a grad student, and it's pretty much done research-wise, yielding a production-quality tool suite that a fair number of people enjoy using.
	Lambda Tamer, an umbrella library for the experiments in compiler verification that I started as a grad student. The most concrete outcome of the work was the parametric higher-order abstract syntax (PHOAS) encoding of program syntax, which we still put to use in many of my projects, where different kinds of compilers remain frequent ingredients in novel system designs.
	FSCQ, a file system verified in Coq using a separation logic for reasoning about crash safety, mostly carried out these days by colleagues in the PDOS group
	The Science of Deep Specification, a National Science Foundation Expedition in Computing, 2016-2021, promoting similar full-stack-verification research to what I described above, butf on more conventional architectures

Research Students

PhD

• Samuel Gruetter [since Fall 2017]
• Stella Lau [since Fall 2018]
• Dustin Jamner [since Fall 2020]
• Master's thesis: A Framework for Modular, Extensible, Equivalence-Preserving Compilation
• Amanda Liu (coadvised with Jonathan Ragan-Kelley) [since Fall 2020]
• Master's thesis: Verified Scheduling Via High-Level Scheduling Rewrites
• Jiazheng Liu (coadvised with Arvind) [since Summer 2022]
• Paul Mure [since Fall 2023]
• Xin (Amanda) Zhang [since Fall 2023]

Master's

• Mahmoud Sobier [since Spring 2023]
• Arthur Reiner De Belen [since Fall 2022]
• Andrew Tockman [Spring 2021 and since Fall 2023]
• Julian Zanders [since Fall 2023]

Undergraduate

• Owen Conoly [since Summer 2022]
• Ritam Nag [since Fall 2022]
• Leo Gagnon [since Winter 2023]
• Yue Chen Li [since Winter 2023]
• Pratyush Venkatakrishnan [Winter-Summer 2023 and since Winter 2024]
• Chai Lewgasamsarn [since Spring 2023]
• Sarah Mokhtar Abdella [since Fall 2023]
• Ali Backour [since Fall 2023]
• Matthew Habtezgi [since Fall 2023]
• Michelle Touma [since Fall 2023]

Past students

Teaching

Spring 2024: 6.1010: Fundamentals of Programming* (also Fall 2022, Fall 2021 [as 6.009], Fall 2020 [as 6.009], Spring 2019 [as 6.009], Fall 2017 [as 6.009], Fall 2016 [as 6.009], and Fall 2015 [as 6.S04])

Spring 2023: 6.5120: Formal Reasoning About Programs* (also Spring 2022 [as 6.822], Spring 2021 [as 6.822], Spring 2020 [as 6.822], Spring 2018 [as 6.822], Spring 2017 [as 6.887], and Spring 2016 [as 6.887])

Spring 2015: 6.042: Mathematics for Computer Science (also Spring 2012)

Fall 2014: 6.170: Software Studio

Fall 2013: 6.820: Foundations of Program Analysis

Spring 2013: 6.033: Computer Systems Engineering [recitation instructor]

Fall 2012: 6.005: Software Construction

Fall 2011: 6.892: Interactive Computer Theorem Proving*

(An "*" indicates a class I [co]created.)

Books

Certified Programming with Dependent Types: A Pragmatic Introduction to the Coq Proof Assistant An introduction to the Coq proof assistant, assuming just familiarity with rigorous math and functional programming. Presents the techniques needed to scale to large formal developments in program verification and other domains, including scripted proof automation and expressive types for embedded programs.

FRAP

Formal Reasoning About Programs Introducing Coq simultaneously with semantics and program proof methods. Emphasizes commonalities through casting (almost) everything in terms of invariants on transition systems, with abstraction and modularity as our standard tools for simplifying invariant proofs. Presents ideas in parallel as chapters of a PDF with standard math notation and in Coq source files, mixing in bits of proof-automation wizardry at the author's whim. [I've used this book so far in six iterations of a graduate class, and I do believe the materials are now ready to be picked up and used pretty directly elsewhere!]

Advisory-Board Memberships

BedRock Systems [since 2018]: verified systems software for safety-critical computing

DARPA Information Science and Technology (ISAT) study group [2018-2022]

SiFive [since 2018]: rapid development of custom hardware solutions, based on RISC-V

Former

krypt.co [2016-2019]: smarter management for cryptographic keys (acquired by Akamai)

How to Pronounce my Last Name

Pretend the first "l" isn't there ("Chipala") and you'll get close enough.

Recommended Reading

I'm straying pretty off-topic here, but, especially for all the students who might be reading this far down the page, I'd like to recommend a few books that have had big influences on me and that I wish I'd been told about as a student.

• Everything we do in trying to debug problems in the world today depends on understanding how we and other people think, and I've found that evolutionary psychology provides a crucial toolbox for making sense of it all. As a general starting point, I recommend The Moral Animal.
  • An important subtopic is the roots of the ideological differences that divide us, which lately seem to be especially hard to dislodge. The Righteous Mind explains how genes influence moral intuitions and makes a good case for not demonizing people with opposing intuitions. (And, straying even more off-topic, for a fascinating [but North-America-specific] take on regional culture as another source of differences, see American Nations.)
• Many of the choices we make have significant environmental consequences, and it's important to have a sound scientific basis for evaluating them. Sustainable Energy -- Without the Hot Air is a good source for the quantitative details. The most striking takeaway for me was, for my own carbon footprint, the total dominance of air travel, which is why it's super-cool that there is a SIGPLAN Climate Change committee now, to help us get this excessive conference-going under control. (I'm in favor of one conference per research area per year, with as many parallel tracks as needed!)
• One of the consequential kinds of choices we make is about what to eat.
• On the environmental-impact side, I have to admit I haven't found one book that summarizes the evidence and then makes recommendations without worrying too much about inertia and people's supposed unwillingness to change. Just Food is a start, though.
• The standard American diet also has huge problems for promoting good health. The best starter source of information there is How Not to Die.
• Our transportation customs (in the USA, at least) also have some remarkably bad but underappreciated consequences. Personally, I support dramatically curtailing use of vehicles that run on roads, in favor of much more walking and vehicles that run on rails, which are fundamentally more energy-efficient (as I learned in Without the Hot Air). For a fascinating analysis of the implicit subsidy on cars via legal minimum standards on parking spaces, see The High Cost of Free Parking.
• There's a lot of hand-wringing these days about how hard it is to "make it" financially starting as a student. That may very well be true, but for the elite audience likely to read this page, with strong skills in computing (broadly construed), things are pretty rosy. The challenge and opportunity is to reconsider norms about how much stuff we really want in our lives, and whether it is worth the cost in money, health, and whatever else. See the blog Mr. Money Mustache for a firehose of suggestions, or The Simple Path to Wealth for a gentler introduction.
• Finally, relatively on-topically, anyone out there who is into programming and hasn't yet tried proof assistants should seriously consider grabbing a good introduction like Software Foundations! This technology is going mainstream any year now, and in the mean time it's great fun and mental exercise, which I'd like to think prepares us for solid rational analysis of all sorts of big questions in the world.

More content and links....