skip to main content
research-article
Public Access

LMS-Verify: abstraction without regret for verified systems programming

Published:01 January 2017Publication History
Skip Abstract Section

Abstract

Performance critical software is almost always developed in C, as programmers do not trust high-level languages to deliver the same reliable performance. This is bad because low-level code in unsafe languages attracts security vulnerabilities and because development is far less productive, with PL advances mostly lost on programmers operating under tight performance constraints. High-level languages provide memory safety out of the box, but they are deemed too slow and unpredictable for serious system software.

Recent years have seen a surge in staging and generative programming: the key idea is to use high-level languages and their abstraction power as glorified macro systems to compose code fragments in first-order, potentially domain-specific, intermediate languages, from which fast C can be emitted. But what about security? Since the end result is still C code, the safety guarantees of the high-level host language are lost.

In this paper, we extend this generative approach to emit ACSL specifications along with C code. We demonstrate that staging achieves ``abstraction without regret'' for verification: we show how high-level programming models, in particular higher-order composable contracts from dynamic languages, can be used at generation time to compose and generate first-order specifications that can be statically checked by existing tools. We also show how type classes can automatically attach invariants to data types, reducing the need for repetitive manual annotations.

We evaluate our system on several case studies that varyingly exercise verification of memory safety, overflow safety, and functional correctness. We feature an HTTP parser that is (1) fast (2) high-level: implemented using staged parser combinators (3) secure: with verified memory safety. This result is significant, as input parsing is a key attack vector, and vulnerabilities related to HTTP parsing have been documented in all widely-used web servers.

References

  1. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity. In ACM Conference on Computer and Communications Security, pages 340–353. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. S. Amani, A. Hixon, Z. Chen, C. Rizkallah, P. Chubb, L. O’Connor, J. Beeren, Y. Nagashima, J. Lim, T. Sewell, J. Tuong, G. Keller, T. C. Murray, G. Klein, and G. Heiser. Cogent: Verifying high-assurance file system implementations. In ASPLOS, pages 175–188. ACM, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. S. P. Amarasinghe. Petabricks: a language and compiler based on autotuning. In M. Katevenis, M. Martonosi, C. Kozyrakis, and O. Temam, editors, High Performance Embedded Architectures and Compilers, 6th International Conference, HiPEAC 2011, Heraklion, Crete, Greece, January 24-26, 2011. Proceedings, page 3. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. ARMmbed. PolarSSL security advisory 2014-04, 2015.Google ScholarGoogle Scholar
  5. https: //tls.mbed.org/tech-updates/security-advisories/polarsslsecurity-advisory-2014-04.Google ScholarGoogle Scholar
  6. M. Barnett, B. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In FMCO, volume 4111 of Lecture Notes in Computer Science, pages 364–387. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. Specification and verification: the spec# experience. Commun. ACM, 54(6):81–91, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Baudin, P. Cuoq, J.-C. Filliâtre, C. Marché, B. Monate, Y. Moy, and V. Prevosto. ACSL: ANSI/ISO C Specification Language, reference manual, version 1.11, 2009-2016. http://frama-c.com/download/acsl.pdf.Google ScholarGoogle Scholar
  9. S. Bauman, C. F. Bolz, R. Hirschfeld, V. Kirilichev, T. Pape, J. G. Siek, and S. Tobin-Hochstadt. Pycket: a tracing JIT for a functional language. In K. Fisher and J. H. Reppy, editors, Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming, ICFP 2015, Vancouver, BC, Canada, September 1-3, 2015, pages 22–34. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. O. Beckmann, A. Houghton, M. R. Mellor, and P. H. J. Kelly. Runtime code generation in C++ as a foundation for domain-specific optimisation. In Domain-Specific Program Generation, pages 291–306, 2003.Google ScholarGoogle Scholar
  11. J. Berdine, B. Cook, and S. Ishtiaq. Slayer: Memory safety for systems-level code. In CAV, volume 6806 of Lecture Notes in Computer Science, pages 178–183. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. T. Boyland, editor. 29th European Conference on Object-Oriented Programming, ECOOP 2015, July 5-10, 2015, Prague, Czech Republic, volume 37 of LIPIcs. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2015.Google ScholarGoogle Scholar
  13. S. Bratus, M. L. Patterson, and A. Shubina. The bugs we have to kill. ; login:: the magazine of USENIX & SAGE, 40(4):4–10, 2015.Google ScholarGoogle Scholar
  14. K. J. Brown, A. K. Sujeeth, H. Lee, T. Rompf, H. Chafi, M. Odersky, and K. Olukotun. A heterogeneous parallel framework for domainspecific languages. PACT, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Calcagno, W. Taha, L. Huang, and X. Leroy. Implementing multistage languages using asts, gensym, and reflection. GPCE, pages 57– 76, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. Carette, O. Kiselyov, and C. chieh Shan. Finally tagless, partially evaluated: Tagless staged interpreters for simpler typed languages. J. Funct. Program., 19(5):509–543, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. H. Chen, D. Ziegler, T. Chajed, A. Chlipala, M. F. Kaashoek, and N. Zeldovich. Using crash hoare logic for certifying the FSCQ file system. In E. L. Miller and S. Hand, editors, Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015, pages 18–37. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Chlipala. The bedrock structured programming system: combining generative metaprogramming and hoare logic in an extensible program verifier. In G. Morrisett and T. Uustalu, editors, ACM SIGPLAN International Conference on Functional Programming, ICFP’13, Boston, MA, USA - September 25 - 27, 2013, pages 391–402. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Chlipala. From network interface to multithreaded web applications: A case study in modular program verification. In S. K. Rajamani and D. Walker, editors, Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015, pages 609–622. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. U. Costa. Correct sorting with Frama-C and some thoughts on formal methdos, Feb 2011. ulissesaraujo.wordpress.com.Google ScholarGoogle Scholar
  21. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The astreé analyzer. In ESOP, volume 3444 of Lecture Notes in Computer Science, pages 21–30. Springer, 2005.Google ScholarGoogle Scholar
  22. P. Cuoq, F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski. Frama-C, pages 233–247. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012.Google ScholarGoogle Scholar
  23. P. Cuoq, B. Monate, A. Pacalet, V. Prevosto, J. Regehr, B. Yakobowski, and X. Yang. Testing static analyzers with randomly generated programs. In NASA Formal Methods, volume 7226 of Lecture Notes in Computer Science, pages 120–125. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. CVE. 2002-0392: Apache security advisory. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002- 0392.Google ScholarGoogle Scholar
  25. CVE. 2013-2028: nginx security advisory. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013- 2028.Google ScholarGoogle Scholar
  26. B. Delaware, C. Pit-Claudel, J. Gross, and A. Chlipala. Fiat: Deductive synthesis of abstract data types in a proof assistant. In POPL, pages 689–700. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Dimoulas and M. Felleisen. On contract satisfaction in a higherorder world. ACM Trans. Program. Lang. Syst., 33(5):16, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. C. Elliott, S. Finne, and O. de Moor. Compiling embedded languages. J. Funct. Program., 13(3):455–481, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. T. Elliott, L. Pike, S. Winwood, P. C. Hickey, J. Bielman, J. Sharp, E. L. Seidel, and J. Launchbury. Guilt free ivory. In B. Lippmeier, editor, Proceedings of the 8th ACM SIGPLAN Symposium on Haskell, Haskell 2015, Vancouver, BC, Canada, September 3-4, 2015, pages 189–200. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Felleisen, R. B. Findler, M. Flatt, S. Krishnamurthi, E. Barzilay, J. A. McCarthy, and S. Tobin-Hochstadt. The racket manifesto. In T. Ball, R. Bodík, S. Krishnamurthi, B. S. Lerner, and G. Morrisett, editors, 1st Summit on Advances in Programming Languages, SNAPL 2015, May 3-6, 2015, Asilomar, California, USA, volume 32 of LIPIcs, pages 113–128. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2015.Google ScholarGoogle Scholar
  31. R. B. Findler and M. Felleisen. Contracts for higher-order functions. In M. Wand and S. L. P. Jones, editors, Proceedings of the Seventh ACM SIGPLAN International Conference on Functional Programming (ICFP ’02), Pittsburgh, Pennsylvania, USA, October 4-6, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. , pages 48–59. ACM, 2002.Google ScholarGoogle Scholar
  33. K. Fisher. HACMS: high assurance cyber military systems. In HILT, pages 51–52. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. D. Frampton, S. M. Blackburn, P. Cheng, R. Garner, D. Grove, J. E. B. Moss, and S. I. Salishev. Demystifying magic: high-level low-level programming. In A. L. Hosking, D. F. Bacon, and O. Krieger, editors, Proceedings of the 5th International Conference on Virtual Execution Environments, VEE 2009, Washington, DC, USA, March 11-13, 2009, pages 81–90. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. M. Frigo. A fast fourier transform compiler. In PLDI, pages 169–180, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Y. Futamura. Partial evaluation of computation process, revisited. Higher-Order and Symbolic Computation, 12(4):377–380, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. Hanger, T. A. Johansen, G. K. Mykland, and A. Skullestad. Dynamic model predictive control allocation using CVXGEN. In 9th IEEE International Conference on Control and Automation, ICCA 2011, Santiago, Chile, December 19-21, 2011, pages 417–422. IEEE, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  38. T. A. Henzinger, R. Jhala, and R. Majumdar. The BLAST software verification system. In SPIN, volume 3639 of Lecture Notes in Computer Science, pages 25–26. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. P. C. Hickey, L. Pike, T. Elliott, J. Bielman, and J. Launchbury. Building embedded systems with embedded dsls. In Jeuring and Chakravarty {40}, pages 3–9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. C. Hofer, K. Ostermann, T. Rendel, and A. Moors. Polymorphic embedding of DSLs. In Y. Smaragdakis and J. G. Siek, editors, GPCE, pages 137–148. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. Verifast: A powerful, sound, predictable, fast verifier for C and java. In NASA Formal Methods, volume 6617 of Lecture Notes in Computer Science, pages 41–55. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. J. Jeuring and M. M. T. Chakravarty, editors. Proceedings of the 19th ACM SIGPLAN international conference on Functional programming, Gothenburg, Sweden, September 1-3, 2014. ACM, 2014. Google ScholarGoogle ScholarCross RefCross Ref
  43. J. Jeuring and P. Jansson. Polytypic programming. In Advanced Functional Programming, volume 1129 of Lecture Notes in Computer Science, pages 68–114. Springer, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. Jonnalagedda. Staged parser combinators and recursion, Sep 2015. manojo.github.io.Google ScholarGoogle Scholar
  45. M. Jonnalagedda, T. Coppey, S. Stucki, T. Rompf, and M. Odersky. Staged parser combinators for efficient data processing. In A. P. Black and T. D. Millstein, editors, Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014, pages 637–653. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. M. Keil and P. Thiemann. Treatjs: Higher-order contracts for javascripts. In Boyland {11}, pages 28–51.Google ScholarGoogle Scholar
  47. B. Kernighan and R. Pike. A regular expression matcher. In G. Wilson and A. Oram, editors, Beautiful Code, chapter 1. O’Reilly, 2007.Google ScholarGoogle Scholar
  48. G. Klein, J. Andronick, K. Elphinstone, T. C. Murray, T. Sewell, R. Kolanski, and G. Heiser. Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst., 32(1):2, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Y. Klonatos, C. Koch, T. Rompf, and H. Chafi. Building efficient query engines in a high-level language. PVLDB, 7(10):853–864, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. V. Kuncak. Developing verified software using leon. In NFM, volume 9058 of Lecture Notes in Computer Science, pages 12–15. Springer, 2015.Google ScholarGoogle Scholar
  51. J. R. Larus and G. C. Hunt. The singularity system. Commun. ACM, 53(8):72–79, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. H. Lee, K. J. Brown, A. K. Sujeeth, H. Chafi, T. Rompf, M. Odersky, and K. Olukotun. Implementing domain-specific languages for heterogeneous parallel computing. IEEE Micro, 31(5):42–53, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. D. Leijen and E. Meijer. Domain specific embedded compilers. In DSL, pages 109–122, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In LPAR (Dakar), volume 6355 of Lecture Notes in Computer Science, pages 348–370. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. X. Leroy. Formal verification of a realistic compiler. Commun. ACM, 52(7):107–115, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. N. D. Matsakis and F. S. Klock, II. The Rust language. Ada Lett., 34(3):103–104, Oct. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. B. Meyer. Eiffel: A language and environment for software engineering. Journal of Systems and Software, 8(3):199–246, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. B. Meyer. Eiffel as a framework for verification. In VSTTE, volume 4171 of Lecture Notes in Computer Science, pages 301–307. Springer, 2005.Google ScholarGoogle Scholar
  59. C. Newcombe, T. Rath, F. Zhang, B. Munteanu, M. Brooker, and M. Deardeuff. How amazon web services uses formal methods. Communications of the ACM, 58(4):66–73, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. P. C. Nguyen, S. Tobin-Hochstadt, and D. V. Horn. Soft contract verification. In Jeuring and Chakravarty {40}, pages 139–152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. P. C. Nguyen, S. Tobin-Hochstadt, and D. V. Horn. Higher-order symbolic execution for contract verification and refutation. 2015.Google ScholarGoogle Scholar
  62. nodejs & nginx. HTTP parser. https://github.com/nodejs/http-parser.Google ScholarGoogle Scholar
  63. G. Ofenbeck, T. Rompf, A. Stojanov, M. Odersky, and M. Püschel. Spiral in scala: towards the systematic construction of generators for performance libraries. In J. Järvi and C. Kästner, editors, Generative Programming: Concepts and Experiences, GPCE’13, Indianapolis, IN, USA - October 27 - 28, 2013, pages 125–134. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. L. Pike, P. C. Hickey, J. Bielman, T. Elliott, T. DuBuisson, and J. Launchbury. Programming languages for high-assurance autonomous vehicles: extended abstract. In N. A. Danielsson and B. Jacobs, editors, Proceedings of the 2014 ACM SIGPLAN Workshop on Programming Languages meets Program Verification, PLPV 2014, January 21, 2014, San Diego, California, USA, Co-located with POPL ’14, pages 1–2. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. M. Püschel, J. M. F. Moura, B. Singer, J. Xiong, J. Johnson, D. A. Padua, M. M. Veloso, and R. W. Johnson. Spiral: A generator for platform-adapted libraries of signal processing alogorithms. IJHPCA, 18(1):21–45, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. J. Ragan-Kelley, A. Adams, S. Paris, M. Levoy, S. P. Amarasinghe, and F. Durand. Decoupling algorithms from schedules for easy optimization of image processing pipelines. ACM Trans. Graph., 31(4):32, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. J. Ragan-Kelley, C. Barnes, A. Adams, S. Paris, F. Durand, and S. P. Amarasinghe. Halide: a language and compiler for optimizing parallelism, locality, and recomputation in image processing pipelines. In H. Boehm and C. Flanagan, editors, ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’13, Seattle, WA, USA, June 16-19, 2013, pages 519–530. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. J. Regehr. Comments on a formal verification of PolarSSL, 2015. http://blog.regehr.org/archives/1261.Google ScholarGoogle Scholar
  69. J. Reynolds. User-defined types and procedural data structures as complementary approaches to data abstraction. 1975.Google ScholarGoogle Scholar
  70. C. Rizkallah, J. Lim, Y. Nagashima, T. Sewell, Z. Chen, L. O’Connor, T. C. Murray, G. Keller, and G. Klein. A framework for the automatic formal verification of refinement from cogent to C. In ITP, volume 9807 of Lecture Notes in Computer Science, pages 323–340. Springer, 2016.Google ScholarGoogle Scholar
  71. T. Rompf. Lightweight Modular Staging and Embedded Compilers: Abstraction Without Regret for High-Level High-Performance Programming. PhD thesis, EPFL, 2012.Google ScholarGoogle Scholar
  72. T. Rompf, N. Amin, A. Moors, P. Haller, and M. Odersky. Scalavirtualized: Linguistic reuse for deep embeddings. Higher-Order and Symbolic Computation (Special issue for PEPM’12). Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. T. Rompf, K. J. Brown, H. Lee, A. K. Sujeeth, M. Jonnalagedda, N. Amin, G. Ofenbeck, A. Stojanov, Y. Klonatos, M. Dashti, C. Koch, M. Püschel, and K. Olukotun. Go meta! A case for generative programming and dsls in performance critical systems. In SNAPL, 2015.Google ScholarGoogle Scholar
  74. T. Rompf and M. Odersky. Lightweight modular staging: a pragmatic approach to runtime code generation and compiled dsls. Commun. ACM, 55(6):121–130, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. T. Rompf, A. K. Sujeeth, N. Amin, K. Brown, V. Jovanovic, H. Lee, M. Jonnalagedda, K. Olukotun, and M. Odersky. Optimizing data structures in high-level programs. POPL, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. T. Rompf, A. K. Sujeeth, H. Lee, K. J. Brown, H. Chafi, M. Odersky, and K. Olukotun. Building-blocks for performance oriented dsls. DSL, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  77. Scala-LMS. Tutorial: Automata-based regex matcher. http://scala-lms.github.io/tutorials/automata.html.Google ScholarGoogle Scholar
  78. Scala-LMS. Tutorial: From interpreter to compiler. http://scala-lms.github.io/tutorials/regex.html.Google ScholarGoogle Scholar
  79. A. Slesarenko, A. Filippov, and A. Romanov. First-class isomorphic specialization by staged evaluation. In WGP, pages 35–46. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. C. Strachey. Fundamental concepts in programming languages. Higher-Order and Symbolic Computation, 13(1/2):11–49, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. T. S. Strickland, C. Dimoulas, A. Takikawa, and M. Felleisen. Contracts for first-class classes. ACM Trans. Program. Lang. Syst., 35(3):11, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. T. S. Strickland, S. Tobin-Hochstadt, R. B. Findler, and M. Flatt. Chaperones and impersonators: run-time support for reasonable interposition. In G. T. Leavens and M. B. Dwyer, editors, Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2012, part of SPLASH 2012, Tucson, AZ, USA, October 21-25, 2012, pages 943–962. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. A. K. Sujeeth, H. Lee, K. J. Brown, T. Rompf, M. Wu, A. R. Atreya, M. Odersky, and K. Olukotun. OptiML: an implicitly parallel domainspecific language for machine learning. In Proceedings of the 28th International Conference on Machine Learning, ICML, 2011.Google ScholarGoogle Scholar
  84. A. K. Sujeeth, T. Rompf, K. J. Brown, H. Lee, H. Chafi, V. Popic, M. Wu, A. Prokopec, V. Jovanovic, M. Odersky, and K. Olukotun. Composition and reuse with compiled domain-specific languages. In ECOOP, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. J. Svenningsson and E. Axelsson. Combining deep and shallow embedding for EDSL. In TFP, 2012.Google ScholarGoogle Scholar
  86. L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In IEEE Symposium on Security and Privacy, pages 48–62. IEEE Computer Society, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. W. Taha and T. Sheard. Metaml and multi-stage programming with explicit annotations. Theor. Comput. Sci., 248(1-2):211–242, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. A. Takikawa, D. Feltey, E. Dean, M. Flatt, R. B. Findler, S. Tobin-Hochstadt, and M. Felleisen. Towards practical gradual typing. In Boyland {11}, pages 4–27.Google ScholarGoogle Scholar
  89. A. Takikawa, D. Feltey, B. Greenman, M. New, J. Vitek, and M. Felleisen. Is sound gradual typing dead? In POPL, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  90. S. Tobin-Hochstadt and M. Felleisen. The design and implementation of typed scheme. In G. C. Necula and P. Wadler, editors, Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January 7-12, 2008, pages 395–406. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  91. TrustInSoft. PolarSSL 1.1.8 verification kit, 2015. http://trust-in-soft.com/polarSSL_demo.pdf.Google ScholarGoogle Scholar
  92. P. Wadler and S. Blott. How to make ad-hoc polymorphism less adhoc. In POPL, pages 60–76, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  93. X. Wang, D. Lazar, N. Zeldovich, A. Chlipala, and Z. Tatlock. Jitk: A trustworthy in-kernel interpreter infrastructure. In J. Flinn and H. Levy, editors, 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI ’14, Broomfield, CO, USA, October 6-8, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  94. , pages 33–47. USENIX Association, 2014.Google ScholarGoogle Scholar
  95. R. C. Whaley, A. Petitet, and J. Dongarra. Automated empirical optimizations of software and the ATLAS project. Parallel Computing, 27(1-2):3–35, 2001.Google ScholarGoogle ScholarDigital LibraryDigital Library
  96. J. Yang and C. Hawblitzel. Safe to the last instruction: automated verification of a type-safe operating system. Commun. ACM, 54(12):123– 131, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. LMS-Verify: abstraction without regret for verified systems programming

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 52, Issue 1
      POPL '17
      January 2017
      901 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/3093333
      Issue’s Table of Contents
      • cover image ACM Conferences
        POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages
        January 2017
        901 pages
        ISBN:9781450346603
        DOI:10.1145/3009837

      Copyright © 2017 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 1 January 2017

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!