Associate Professor of Computer Science
Programming Languages & Verification Group (more PL at MIT)
Computer Science and Artificial Intelligence Laboratory
Department of Electrical Engineering and Computer Science
I'm in a transitional period, in terms of simple descriptions of my research interests. My traditional areas are programming languages and formal methods, but my interests have broadened to include other aspects of computer-system design and implementation. I like the idea of doing clean-slate redesign of computing stacks with current security and privacy concerns front-and-center, which I do believe involves, in a central way, my traditional focus of mechanized mathematical proofs, especially with the Coq proof assistant. However, I also spend a fair amount of time now thinking more generally about pleasant interfaces (e.g., hardware instruction sets, OS system-call interfaces, programming languages) and efficient implementations of hardware and software systems, including through tinkering with traditional boundaries between layers.
I try to organize my research group as something like a startup company looking to produce one convincing unified demo of a clean-slate-ish full-stack, practical computer system. (Like startup companies, we expect to pivot often based on what we learn!) We are looking at simple embedded applications now, where the scope of machine-checked proofs and unified interface redesign reaches from RTL to relational specifications of network protocols. I'm interested in recruiting students to contribute. I do sometimes hire postdocs, though most of my recruiting strategy is centered on students (PhD, master's, undergrad). Ideal candidates have strong backgrounds in both rigorous mathematical reasoning and software/hardware systems implementation. There tends to be a bad match with students who use the word "theory" to describe their interests within programming languages or formal methods, to the point where our PhD program generally won't admit those people (they'd be better-served elsewhere!). Current MIT students interested in working together should e-mail me, while for others I suggest following our normal PhD application process.
For a bit more info on what I work on, two low-time-investment overviews (of the mechanized-proofs part) are my blog post on the surprising security benefits of formal proofs and video of a talk I gave at the 34th Chaos Communication Congress in December 2017.
|needs logo||Unnamed (and somewhat incipient) umbrella project to build demonstration software/hardware systems with end-to-end mechanized proofs. I started my time as faculty developing the Bedrock library for verified multilanguage programming, but that project is largely over; we are working on a replacement project now that shares the name but makes very different design decisions, still supporting separation-logic-verified low-level programs (in a tasteful language, not C!) processed by a verified compiler, which I would like to use to explore alternative and drastically simplified OS-like functionality. The programming layer on top is meant to involve our Fiat system for automatic and correct-by-construction program derivation from specifications, which we are currently experimenting with using to generate code for practical network servers, a convenient domain for trying to make high-level programming more like relational-database programming but without the usual rough edges. Beneath the level of assembly language, we have work in the Kami project on modular hardware verification and verified compilation, where development is proceeding now jointly with industry, and where I'm especially interested in exploring alternative concurrency support in general-purpose processors. One of the cross-cutting focuses now is cryptography, including in our Fiat Cryptography project that centers on what is essentially a verified domain-specific compiler for finite-field arithmetic, which should soon be included in the build process for Google Chrome (to produce some of the code to validate SSL connections).|
|The Science of Deep Specification, a National Science Foundation Expedition in Computing, 2016-2021, promoting similar full-stack-verification research to what I described above, but on more conventional architectures|
|Ur/Web, a domain-specific functional programming language for modern Web applications. I started working on it when I was a grad student, and it's pretty much done research-wise, yielding a production-quality tool suite that a fair number of people enjoy using.|
|Lambda Tamer, an umbrella library for the experiments in compiler verification that I started as a grad student. The most concrete outcome of the work was the parametric higher-order abstract syntax (PHOAS) encoding of program syntax, which we still put to use in many of my projects, where different kinds of compilers remain frequent ingredients in novel system designs.|
|FSCQ, a file system verified in Coq using a separation logic for reasoning about crash safety, mostly carried out these days by colleagues in the PDOS group|
(An "*" indicates a class I [co]created.)
An introduction to the Coq proof assistant, assuming just familiarity with rigorous math and functional programming. Presents the techniques needed to scale to large formal developments in program verification and other domains, including scripted proof automation and expressive types for embedded programs.
Introducing Coq simultaneously with semantics and program proof methods. Emphasizes commonalities through casting (almost) everything in terms of invariants on transition systems, with abstraction and modularity as our standard tools for simplifying invariant proofs. Presents ideas in parallel as chapters of a PDF with standard math notation and in Coq source files, mixing in bits of proof-automation wizardry at the author's whim. [I've used this book so far in three iterations of a graduate class and plan to fine-tune it through at least one more offering before declaring it beta-quality; but, for intrepid instructors of related classes, it could be worth experimenting with already!]
I'm straying pretty off-topic here, but, especially for all the students who might be reading this far down the page, I'd like to recommend a few books that have had big influences on me and that I wish I'd been told about as a student.