NSF Award Search: Award # 1521584 - Collaborative Research: Expeditions in Computing: The Science of Deep Specification

National Science Foundation

Award Abstract # 1521584

Collaborative Research: Expeditions in Computing: The Science of Deep Specification

NSF Org:	CCF Division of Computing and Communication Foundations
Awardee:	MASSACHUSETTS INSTITUTE OF TECHNOLOGY
Initial Amendment Date:	December 17, 2015
Latest Amendment Date:	July 24, 2017
Award Number:	1521584
Award Instrument:	Continuing Grant
Program Manager:	Anindya Banerjee abanerje@nsf.gov (703)292-7885 CCF Division of Computing and Communication Foundations CSE Direct For Computer & Info Scie & Enginr
Start Date:	December 15, 2015
End Date:	November 30, 2020 (Estimated)
Total Intended Award Amount:	$1,148,325.00
Total Awarded Amount to Date:	$1,148,325.00
Funds Obligated to Date:	FY 2016 = $676,541.00 FY 2017 = $471,784.00
History of Investigator:	Adam Chlipala (Principal Investigator) adamc@csail.mit.edu
Awardee Sponsored Research Office:	Massachusetts Institute of Technology 77 MASSACHUSETTS AVE Cambridge MA US 02139-4301 (617)253-1000
Sponsor Congressional District:	07
Primary Place of Performance:	Massachusetts Institute of Technology 77 Massachusetts Avenue Cambridge MA US 02139-4307
Primary Place of Performance Congressional District:	07
Unique Entity Identifier (UEI):
Parent UEI:
NSF Program(s):	Expeditions in Computing
Primary Program Source:	040100 NSF RESEARCH & RELATED ACTIVIT 040100 NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s):	7723
Program Element Code(s):	7723
Award Agency Code:	4900
Fund Agency Code:	4900
Assistance Listing Number(s):	47.070

ABSTRACT

In our interconnected world, software bugs and security vulnerabilities pose enormous costs and risks. The Deep Specification ("DeepSpec", deepspec.org) project addresses this problem by showing how to build software that does what it is supposed to do, no less and (just as important) no more: No unintended backdoors that allow hackers in, no bugs that crash your app, your computer, or your car. "What the software is supposed to do" is called its specification. The DeepSpec project will develop new science, technology, and tools--for specifying what programs should do, for building programs that conform to those specifications, and for verifying that programs do behave exactly as intended. The key enabling technology for this effort is modern interactive proof assistants, which support rigorous mathematical proofs about complex software artifacts. Project activities will focus on core software-systems infrastructure such as operating systems, programming-language compilers, and computer chips, with applications such as elections and voting systems, cars, and smartphones.

Better-specified and better-behaved software will benefit us all. Many high-profile security breaches and low-profile intrusions use software bugs as their entry points. Building on decades of previous work, DeepSpec will advance methods for specifying and verifying software so they can be used by the software industry. The project will include workshops and summer schools to bring in industrial collaborators for technology transfer. But the broader use of specifications in engineering also requires software engineers trained in specification and verification--so DeepSpec has a major component in education: the development of introductory and intermediate curriculum in how to think logically about specifications, how to use specifications in building systems-software components, or how to connect to such components. The education component includes textbook and on-line course material to be developed at Princeton, Penn, MIT, and Yale, and to be available for use by students and instructors worldwide. There will also be a summer school to train the teachers who can bring this science to colleges nationwide.

Abstraction and modularity underlie all successful hardware and software systems: We build complex artifacts by decomposing them into parts that can be understood separately. Modular decomposition depends crucially on the artful choice of interfaces between pieces. As these interfaces become more expressive, we think of them as specifications of components or layers. Rich specifications based on formal logic are little used in industry today, but a practical platform for working with them will significantly reduce the costs of system implementation and evolution by identifying vulnerabilities, helping programmers understand the behavior of new components, facilitating rigorous change-impact analysis, and supporting maintainable machine-checked verifications that components are correct and fit together correctly. This Expedition focuses on a particularly rich class of specifications, "deep specifications." These impose strong functional correctness requirements on individual components such that they connect together with rigorous composition theorems. The Expedition's goal is to focus the efforts of the programming languages and formal methods communities on developing and using deep specifications in the large. Working in a formal proof management system, the project will concentrate particularly on connecting infrastructure components together at specification interfaces: compilers, operating systems, program analysis tools, and processor architectures.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 44)

David Costanzo, Zhong Shao, and Ronghui Gu "End-to-End Verification of Information-Flow Security for C and Assembly Programs" 2016 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'16) , 2016 , p.648 10.1145/2980983.2908100

Hao Chen, Xiongnan (Newman) Wu, Zhong Shao, Joshua Lockerman, and Ronghui Gu "Toward Compositional Verification of Interruptible OS Kernels and Device Drivers" Proc. 2016 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'16) , 2016 , p.431 10.1145/2980983.2908101

Leonidas Lampropoulos, Diane Gallois-Wong, C?t?lin Hritcu, John Hughes, Benjamin C. Pierce, and Li-yao Xia "Beginner's Luck: A Language for Random Generators" 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL'17) , 2017

Vilhelm Sjoberg, Jieung Kim, Ronghui Gu, and Zhong Shao "Safety and Liveness of MCS Lock---Layer by Layer" 6th ACM SIGPLAN Conference on Certified Programs and Proofs , 2017

Antal Spector-Zabusky, Christine Rizkallah, Joachim Breitner, John Wiegley, Stephanie Weirich, Yao Li "Ready, set, verify! Applying hs-to-coq to real-world Haskell code" Proceedings of the ACM on Programming Languages. 2 (ICFP) , 2018

Antal Spector-Zabusky, Joachim Breitner, Christine Rizkallah, Stephanie Weirich "Total Haskell is Reasonable Coq" 7th ACM SIGPLAN Conference on Certified Programs and Proofs , 2018

Brent Yorgey, Kenneth Foner "What's the Difference? A Functional Pearl on Subtracting Bijections" Proc. ACM Program. Lang. 2 (ICFP), 101 , 2018

Frederic Besson, Sandrine Blazy, and Pierre Wilke "CompCertS: A Memory-Aware Verified C Compiler Using Pointer as Integer Semantics" 8th International Conference on Interactive Theorem Proving (ITP 2017) , 2017

Gopalan Nadathur and Yuting Wang "Schematic Polymorphism in the Abella Proof Assistant" Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming (PPDP) , 2018

Hao Chen, Xiongnan (Newman) Wu, Zhong Shao, Joshua Lockerman, Ronghui Gu "Toward Compositional Verification of Interruptible OS Kernels and Device Drivers (Extended Version)" Journal of Automated Reasoning. 61 (1-4), 141 , 2018

Jason Gross, Andres Erbsen, Adam Chlipala "Reification by Parametricity: Fast Setup for Proof by Reflection, in Two Lines of Ltac" ITP'18: 9th International Conference on Interactive Theorem Proving , 2018

(Showing: 1 - 10 of 44)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Bugs in computer software and hardware are collectively extremely costly to society today. Mathematical techniques for proving correctness of these systems are promising but have not been deployed too widely so far. The NSF Expedition on the Science of Deep Specification studied foundations for more complete and convincing proof of realistic systems. The project name was based on coined terminology of "deep specification" to crystallize ideas from the research community -- specifications giving very detailed requirements, with associated evidence that can be checked automatically for complete software-hardware systems.

The team across four universities developed new methods for both proving individual parts of systems and connecting those proofs together into full-system results. The individual parts studied included (in order of lower-level pieces to higher-level pieces that build on them) computer processors and other hardware, the C programming language and its compilers, operating systems, code libraries for purposes like networking, and application software like network servers. Cross-cutting approaches for connecting these proofs included the development of interaction trees, a specification formalism for systems that engage in unpredictable input and output with the external world. Specific demonstration systems included a web server with a proof that it implements the associated protocol correctly, where reasoning had to be pushed through the levels of the application, the C programming language, and the operating system.

The Expedition also helped prepare the next generations of engineers to apply these ideas, through (as of this writing) two summer schools, serving about 200 students total. The team also extended a number of popular online books presenting the foundational and practical material, which were in turn used in a number of revamped course offerings that introduced mechanized specifications to traditional subjects like compilers and operating systems.

Highlights from MIT's contribution include tools for cryptography and hardware. The Fiat Cryptography toolchain was developed, to automate generation of intricate low-level code for cryptographic primitives, with mechanized proof of correctness, replacing painstaking effort previously repeated by experts for each new set of numerical parameters for an algorithm. This toolchain has been adopted by a number of prominent open-source projects, for instance with both the Chrome and Firefox browsers using Fiat Cryptography to generate small but important parts of their implementations for TLS, the protocol driving secure browsing, for instance to hide credit-card information in-transit. The MIT team also improved the Kami framework and introduced the new Koika framework for development of proved hardware designs like computer processors. Koika adds both streamlined tools for developers and the ability to reason about lack of timing side channels, as were highlighted by the relatively recent Spectre and Meltdown attacks and their many follow-ons.

Last Modified: 02/10/2021
Modified by: Adam J Chlipala

Please report errors in award information by writing to: awardsearch@nsf.gov.