Learn More
Proof-carrying code (PCC) is a general framework for verifying the safety properties of machine-language programs. PCC proofs are usually written in a logic extended with language-specific typing rules; they certify safety but only if there is no bug in the typing rules. In foundational proof-carrying code (FPCC), on the other hand, proofs are constructed(More)
Though attractive as a model for elastic on-demand service, cloud computing solutions based on existing hypervisors cannot guarantee that the provider will service a user's requests correctly, and will not leak sensitive information to unauthorized parties. We introduce <b>CertiKOS</b> (<b>Certi</b>fied <b>K</b>it <b>O</b>perating <b>S</b>ystem), a(More)
The FLINT project at Yale aims to build a state-of-the-art systems environment for modern type-safe languages. One important component of the FLINT system is a high-performance type-directed compiler for SML'97 (extended with higher-order modules). The FLINT/ML compiler provides several new capabilities that are not available in other type-based compilers:(More)
A <i>certified binary</i> is a value together with a proof that the value satisfies a given specification. Existing compilers that generate certified code have focused on simple memory and control-flow safety rather than more advanced properties. In this article, we present a general framework for explicitly representing complex propositions and proofs in(More)
Many modern compilers implement function calls (or returns) in two steps: first, a <italic>closure</italic> environment is properly installed to provide access for free variables in the target program fragment; second, the control is transferred to the target by a &#8220;jump with arguments (or results)&#8221;. <italic>Closure conversion</italic>, which(More)
Runtime stacks are critical components of any modern software--they are used to implement powerful control structures such as function call/return, stack cutting and unwinding, coroutines, and thread context switch. Stack operations, however, are very hard to reason about: there are no known formal specifications for certifying C-style setjmp/longjmp, stack(More)
Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higher-order logic and supply explicit machine-checkable proof objects. Unfortunately, large scale proof development in these proof assistants is still an extremely difficult and time-consuming task. One major(More)
This article describes a novel quantitative proof technique for the modular and local verification of lock-freedom. In contrast to proofs based on temporal rely-guarantee requirements, this new quantitative reasoning method can be directly integrated in modern program logics that are designed for the verification of safety properties. Using a single(More)
Tert-butylhydroquinone (tBHQ), an Nrf2 activator, has demonstrated neuroprotection against brain trauma and ischemic stroke in vivo. However, little work has been done with respect to its effect on early brain injury (EBI) after subarachnoid hemorrhage (SAH). At the same time, as an oral medication, it may have extensive clinical applications for the(More)