Vellvm – Verifying the LLVM

Thursday, July 12, 2018

Abstract: In this talk, I’ll give a high-level overview of Penn’s Vellvm (Verified LLVM) project, which aims to build formal semantics in Coq for the LLVM IR. I’ll sketch some of our past results, in which we verified memory safety transformations and a variant of LLVM’s mem2reg optimization, focusing on the structure of the proof techniques.  Along the way, […]

Read More

Canceled: Reasoning about Critical Systems using Refinement

Tuesday, June 5, 2018

Abstract: Verification is often the dominant cost in the design of critical systems. In this talk, we advocate the use of refinement to reason about critical systems. The idea is that a system is correct if all of its observable behaviors are allowed by an abstract system that acts as the specification. For example, to […]

Read More

Linux-Kernel Memory Ordering: Help Arrives At Last!

Thursday, May 10, 2018

Abstract: It has been said that Documentation/memory-barriers.txt can be used to frighten small children [1], and perhaps this is true. However, it is woefully inefficient.  After all, there are a very large number of children in this world, and it would take a huge amount of time and effort to read it to all of them. This situation clearly […]

Read More

New Applications of Software Synthesis: Firewall Repair and Verification of Configuration Files

Tuesday, January 30, 2018

Abstract: In this talk we present a systematic effort that can automatically repair firewalls, using the programming by example approach. Firewalls are widely employed to manage and control enterprise networks. Because enterprise-scale firewalls contain hundreds or thousands of policies, ensuring the correctness of firewalls – whether the policies in the firewalls meet the specifications of […]

Read More

JaVerT: a JavaScript Verification Toolchain

Monday, January 15, 2018

Abstract: The dynamic nature of JavaScript and its complex semantics make it a difficult target for logic-based verification. In this talk, I will describe JaVerT, a semi-automatic JavaScript Verification Toolchain based on separation logic. JaVerT is aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code. The specification challenge is to […]

Read More

Tree-Sitter: A New Parsing System for Programming Tools

Monday, December 11, 2017

Abstract: Developer tools that support multiple languages generally have very limited regex-based code-analysis capabilities. Tree-sitter is a new parsing system that aims to change this paradigm. We’re in the process of integrating Tree-sitter into both GitHub.com and Atom, which will allow us to analyze code accurately and in real-time, paving the way for better syntax […]

Read More

An Update on the Habit Programming Language

Monday, December 4, 2017

Abstract: Habit is a high-level programming language, originally based on Haskell, that was designed to meet the needs of high assurance, very low-level software development. The most recent version of the language report was completed in 2010, and an initial working prototype implementation was developed by the HASP group at PSU. However, there has not […]

Read More

RustBelt: Securing the Foundations of the Rust Programming Language

Friday, October 6, 2017

Abstract: Rust is a new systems programming language that promises to overcome the seemingly fundamental tradeoff between high-level safety guarantees and low-level control over resource management. Unfortunately, none of Rust’s safety claims have been formally proven, and there is good reason to question whether they actually hold. Specifically, Rust employs a strong, ownership-based type system, but then extends the expressive power […]

Read More

RustBelt: Securing the Foundations of the Rust Programming Language

Friday, October 6, 2017

Abstract: Rust is a new systems programming language that promises to overcome the seemingly fundamental tradeoff between high-level safety guarantees and low-level control over resource management. Unfortunately, none of Rust’s safety claims have been formally proven, and there is good reason to question whether they actually hold. Specifically, Rust employs a strong, ownership-based type system, but then extends the expressive power […]

Read More

Robust Artificial Intelligence and Anomaly Detection

Friday, June 16, 2017

Abstract: Recent progress in AI and machine learning is stimulating interest in applying AI in high stakes applications such as self-driving cars, surgical robots, and autonomous weapons systems. These applications require high levels of software assurance and resilience, but virtually all AI research has focused on raw performance without paying attention to questions of robustness […]

Read More