Contact Information - Publications [BibTeX] - CV: HTML, PDF

Startup update: Including during sabbatical recently (which ended in late 2019), I've been developing a startup company based on Ur/Web and UPO. We are empowering "normal folks" without programming training to create full-featured, database-backed web apps quickly. Watch this space for a link to the company web site when one exists! Do let me know if you're an expert in subjects like dependent types or compilers and might be interested in joining our engineering team.

I'm in a transitional period, in terms of simple descriptions of my research interests. My traditional areas are programming languages and formal methods, but my interests have broadened to include other aspects of computer-system design and implementation. I like the idea of doing clean-slate redesign of computing stacks with current security and privacy concerns front-and-center, which I do believe involves, in a central way, my traditional focus of mechanized mathematical proofs, especially with the Coq proof assistant. However, I also spend a fair amount of time now thinking more generally about pleasant interfaces (e.g., hardware instruction sets, OS system-call interfaces, programming languages) and efficient implementations of hardware and software systems, including through tinkering with traditional boundaries between layers.

When I started as faculty, I didn't know what the heck people meant when asking about my advising style, but now I have some answers. My recruiting these days is mostly focused at the PhD level and below, though I might be persuaded to hire a postdoc with just the right match of expertise. Current MIT students (undergrad, MEng, PhD) interested in working together should e-mail me, while for others I suggest following our normal PhD application process.

For a bit more info on what I work on, two low-time-investment overviews (of the mechanized-proofs part) are my blog post on the surprising security benefits of formal proofs and video of a talk I gave at the 34th Chaos Communication Congress in December 2017.

Current Research

needs logo

Unnamed (and somewhat incipient) umbrella project to build demonstration software/hardware systems with end-to-end mechanized proofs. I started my time as faculty developing the Bedrock library for verified multilanguage programming, but that project is largely over; we are working on a replacement project now that shares the name but makes very different design decisions, still supporting separation-logic-verified low-level programs (in a tasteful language, not C!) processed by a verified compiler, which I would like to use to explore alternative and drastically simplified OS-like functionality. The programming layer on top is meant to involve our Fiat system for automatic and correct-by-construction program derivation from specifications, which we are currently experimenting with using to generate code for practical network servers, a convenient domain for trying to make high-level programming more like relational-database programming but without the usual rough edges. Beneath the level of assembly language, we have work in the Kami project on modular hardware verification and verified compilation, where development is proceeding now jointly with industry, and where I'm especially interested in exploring alternative concurrency support in general-purpose processors. One of the cross-cutting focuses now is cryptography, including in our Fiat Cryptography project that centers on what is essentially a verified domain-specific compiler for finite-field arithmetic, which should soon be included in the build process for Google Chrome (to produce some of the code to validate SSL connections).

The Science of Deep Specification, a National Science Foundation Expedition in Computing, 2016-2021, promoting similar full-stack-verification research to what I described above, but on more conventional architectures

Some Old Research

	Ur/Web, a domain-specific functional programming language for modern Web applications. I started working on it when I was a grad student, and it's pretty much done research-wise, yielding a production-quality tool suite that a fair number of people enjoy using.
	Lambda Tamer, an umbrella library for the experiments in compiler verification that I started as a grad student. The most concrete outcome of the work was the parametric higher-order abstract syntax (PHOAS) encoding of program syntax, which we still put to use in many of my projects, where different kinds of compilers remain frequent ingredients in novel system designs.
	FSCQ, a file system verified in Coq using a separation logic for reasoning about crash safety, mostly carried out these days by colleagues in the PDOS group

Research Students

PhD

• Samuel Gruetter [since Fall 2017]
• Stella Lau [since Fall 2018]
• Dustin Jamner [since Fall 2020]
• Master's thesis: A Framework for Modular, Extensible, Equivalence-Preserving Compilation
• Amanda Liu (coadvised with Jonathan Ragan-Kelley) [since Fall 2020]
• Master's thesis: Verified Scheduling Via High-Level Scheduling Rewrites
• Jiazheng Liu (coadvised with Arvind) [since Summer 2022]

Master's

• Jason Chen [since Spring 2022]
• Gabriel Kammer [since Spring 2022]
• Mahmoud Sobier [since Spring 2023]

Undergraduate

• Samuel Tian [since Spring 2022]
• Owen Conoly [since Summer 2022]
• Nathan Sheffield [since Summer 2022]
• Arthur Reiner De Belen [since Fall 2022]
• Ritam Nag [since Fall 2022]
• Steven Reyes [since Fall 2022]
• Andrew Spears [since Fall 2022]
• Pleng Chomphoochan [since Winter 2023]
• Leo Gagnon [since Winter 2023]
• Mohit Hulse [since Winter 2023]
• Yue Chen Li [since Winter 2023]
• Pratyush Venkatakrishnan [since Winter 2023]
• Vishruti Ganesh [since Spring 2023]
• Chai Lewgasamsarn [since Spring 2023]

Past students

Teaching

Spring 2023: 6.5120: Formal Reasoning About Programs* (also Spring 2022 [as 6.822], Spring 2021 [as 6.822], Spring 2020 [as 6.822], Spring 2018 [as 6.822], Spring 2017 [as 6.887], and Spring 2016 [as 6.887])

Fall 2022: 6.1010: Fundamentals of Programming* (also Fall 2021 [as 6.009], Fall 2020 [as 6.009], Spring 2019 [as 6.009], Fall 2017 [as 6.009], Fall 2016 [as 6.009], and Fall 2015 [as 6.S04])

Spring 2015: 6.042: Mathematics for Computer Science (also Spring 2012)

Fall 2014: 6.170: Software Studio

Fall 2013: 6.820: Foundations of Program Analysis

Spring 2013: 6.033: Computer Systems Engineering [recitation instructor]

Fall 2012: 6.005: Software Construction

Fall 2011: 6.892: Interactive Computer Theorem Proving*

(An "*" indicates a class I [co]created.)

Books

Certified Programming with Dependent Types: A Pragmatic Introduction to the Coq Proof Assistant An introduction to the Coq proof assistant, assuming just familiarity with rigorous math and functional programming. Presents the techniques needed to scale to large formal developments in program verification and other domains, including scripted proof automation and expressive types for embedded programs.

FRAP

Formal Reasoning About Programs Introducing Coq simultaneously with semantics and program proof methods. Emphasizes commonalities through casting (almost) everything in terms of invariants on transition systems, with abstraction and modularity as our standard tools for simplifying invariant proofs. Presents ideas in parallel as chapters of a PDF with standard math notation and in Coq source files, mixing in bits of proof-automation wizardry at the author's whim. [I've used this book so far in six iterations of a graduate class, and I do believe the materials are now ready to be picked up and used pretty directly elsewhere!]

Advisory-Board Memberships

BedRock Systems [since 2018]: verified systems software for safety-critical computing

DARPA Information Science and Technology (ISAT) study group [2018-2022]

SiFive [since 2018]: rapid development of custom hardware solutions, based on RISC-V

Former

krypt.co [2016-2019]: smarter management for cryptographic keys (acquired by Akamai)

How to Pronounce my Last Name

Pretend the first "l" isn't there ("Chipala") and you'll get close enough.

Recommended Reading

I'm straying pretty off-topic here, but, especially for all the students who might be reading this far down the page, I'd like to recommend a few books that have had big influences on me and that I wish I'd been told about as a student.

• Everything we do in trying to debug problems in the world today depends on understanding how we and other people think, and I've found that evolutionary psychology provides a crucial toolbox for making sense of it all. As a general starting point, I recommend The Moral Animal.
  • An important subtopic is the roots of the ideological differences that divide us, which lately seem to be especially hard to dislodge. The Righteous Mind explains how genes influence moral intuitions and makes a good case for not demonizing people with opposing intuitions. (And, straying even more off-topic, for a fascinating [but North-America-specific] take on regional culture as another source of differences, see American Nations.)
• Many of the choices we make have significant environmental consequences, and it's important to have a sound scientific basis for evaluating them. Sustainable Energy -- Without the Hot Air is a good source for the quantitative details. The most striking takeaway for me was, for my own carbon footprint, the total dominance of air travel, which is why it's super-cool that there is a SIGPLAN Climate Change committee now, to help us get this excessive conference-going under control. (I'm in favor of one conference per research area per year, with as many parallel tracks as needed!)
• One of the consequential kinds of choices we make is about what to eat.
• On the environmental-impact side, I have to admit I haven't found one book that summarizes the evidence and then makes recommendations without worrying too much about inertia and people's supposed unwillingness to change. Just Food is a start, though.
• The standard American diet also has huge problems for promoting good health. The best starter source of information there is How Not to Die.
• Our transportation customs (in the USA, at least) also have some remarkably bad but underappreciated consequences. Personally, I support dramatically curtailing use of vehicles that run on roads, in favor of much more walking and vehicles that run on rails, which are fundamentally more energy-efficient (as I learned in Without the Hot Air). For a fascinating analysis of the implicit subsidy on cars via legal minimum standards on parking spaces, see The High Cost of Free Parking.
• There's a lot of hand-wringing these days about how hard it is to "make it" financially starting as a student. That may very well be true, but for the elite audience likely to read this page, with strong skills in computing (broadly construed), things are pretty rosy. The challenge and opportunity is to reconsider norms about how much stuff we really want in our lives, and whether it is worth the cost in money, health, and whatever else. See the blog Mr. Money Mustache for a firehose of suggestions, or The Simple Path to Wealth for a gentler introduction.
• Finally, relatively on-topically, anyone out there who is into programming and hasn't yet tried proof assistants should seriously consider grabbing a good introduction like Software Foundations! This technology is going mainstream any year now, and in the mean time it's great fun and mental exercise, which I'd like to think prepares us for solid rational analysis of all sorts of big questions in the world.

More content and links....