Contact Information - Publications [BibTeX] - CV: HTML, PDF

Startup update: Nectry is my startup based on Ur/Web and UPO, with a "no-code" product that sets people across the business world free to build their own "enterprise-software" apps quickly, without knowing a thing about programming. It combines a tasteful component architecture in richly typed functional programming with a large-language-model AI frontend that makes "programming" like chatting with a person who is building your app while you watch. We're in the earliest stages of setting up pilots with customers, so pointers to potential enthusiastic early adopters are very welcome; and we may be able to hire more engineers soon to do work related to compilers, language design, and IDEs. I'm on 80% leave from MIT through the end of 2024, primarily working on Nectry.

Broad Research Interests

My traditional research-area home is the intersection of programming languages and formal methods (especially with the Coq proof assistant). Most projects I do involve compilers that are proved in some way or another. Early in my time at MIT, I also picked up an interest in digital hardware designs (and the tools for writing, verifying, and compiling them), which makes up about half of my research today.

My first run of years as faculty was focused on deriving the highest formal assurance of correctness and security for digital systems. In service of completeness of formal reasoning, it was often convenient to choose relatively simple but important code bases. A good example would be a critical piece of library code, whose verified compilation we supported in the Fiat Cryptography project, producing intricate cryptographic arithmetic code today included in the TLS libraries of all major web browsers. Another favorite strategy was focusing on embedded systems, including theorems spanning hardware and software (as in our verified IoT lightbulb) and end-to-end proof of a bare-metal software image for a cryptographic server (as in our verified garage-door opener).

Top Interests Today

I'm trying to focus lately on the full stack of high-performance parallel computing: software and hardware, language design, compilers, and verification tools. Partly this choice comes from wanting to do formal methods on the most impactful kinds of systems. However, I also think the experience of developing high-performance code has stagnated, in a way that industry is unlikely to escape from on its own. My cheeky summary of the problem is that "assembly language is over," basically suggesting that a lowest-level software language will fail to serve us well in the near future if it (1) is inherently sequential (one instruction after another) or (2) hides data movement (through caching systems for memory). We should be able to do a lot better by rethinking abstractions and tools, along the whole path from very high-level languages (perhaps even high-level enough to say they are for "specifications") to gate-level hardware designs. I want to build unified machine-checked proofs that span this whole gap, while also innovating in all of the layers involved. So, I'm especially glad to recruit students who, ideally, have strong experience implementing and debugging compilers and low-level software/hardware systems, as well as carrying out machine-checked proofs of significant artifacts!

The specific shape of this work today is clustered roughly around: (1) unified languages for building highly parallel systems that are at least "hardware-style," with modular verification tools and verified compilation; and (2) verified compilers translating more "software-style" programs to run on such substrates, where those source programs take advantage of nice programming abstractions, certainly with nothing as grungy as ad-hoc use of locks to protect shared memory. I hope these lines of work eventually merge together, through identifying good shared intermediate languages for compiling software, hardware, and the interface between them.

For Prospective Students

When I started as faculty, I didn't know what the heck people meant when asking about my advising style, but now I have some answers. My recruiting these days is mostly focused at the PhD level and below, though I might be persuaded to hire a postdoc with just the right match of expertise. Current MIT students (undergrad, MEng, PhD) interested in working together should e-mail me, while for others I suggest following our normal PhD application process. (I won't usually agree to an ad-hoc interview call with a candidate not yet at MIT, since evidence from social science indicates interviews decrease decision quality by promoting irrational bias.)

Research Students

PhD

• Stella Lau [since Fall 2018]
• Dustin Jamner [since Fall 2020]
• Master's thesis: A Framework for Modular, Extensible, Equivalence-Preserving Compilation
• Amanda Liu (coadvised with Jonathan Ragan-Kelley) [since Fall 2020]
• Master's thesis: Verified Scheduling Via High-Level Scheduling Rewrites
• Jiazheng Liu [since Summer 2022]
• Master's thesis: Formally Verifying a Programmable Network Switch
• Paul Mure [since Fall 2023]
• Xin (Amanda) Zhang [since Fall 2023]
• Joonhyup Lee [since Fall 2024]
• Julia Turcotti [since Fall 2024]

Master's

• Andrew Tockman [Spring 2021 and since Fall 2023]
• Julian Zanders [since Fall 2023]
• Pleng Chomphoochan [Winter-Spring 2023 and since Fall 2024]
• Christian Teshome [since Spring 2024]
• Jon Rosario [since Fall 2024]
• Anna Zhang [since Fall 2024]

Undergraduate

• Owen Conoly [since Summer 2022]
• Ritam Nag [since Fall 2022]
• Pratyush Venkatakrishnan [Winter-Summer 2023 and since Winter 2024]
• Matthew Habtezgi [since Fall 2023]
• Felix Prasanna [since Fall 2024]

Past students

Teaching

Spring 2024: 6.1010: Fundamentals of Programming* (also Fall 2022, Fall 2021 [as 6.009], Fall 2020 [as 6.009], Spring 2019 [as 6.009], Fall 2017 [as 6.009], Fall 2016 [as 6.009], and Fall 2015 [as 6.S04])

Spring 2023: 6.5120: Formal Reasoning About Programs* (also Spring 2022 [as 6.822], Spring 2021 [as 6.822], Spring 2020 [as 6.822], Spring 2018 [as 6.822], Spring 2017 [as 6.887], and Spring 2016 [as 6.887])

Spring 2015: 6.042: Mathematics for Computer Science (also Spring 2012)

Fall 2014: 6.170: Software Studio

Fall 2013: 6.820: Foundations of Program Analysis

Spring 2013: 6.033: Computer Systems Engineering [recitation instructor]

Fall 2012: 6.005: Software Construction

Fall 2011: 6.892: Interactive Computer Theorem Proving*

(An "*" indicates a class I [co]created.)

Books

Certified Programming with Dependent Types: A Pragmatic Introduction to the Coq Proof Assistant An introduction to the Coq proof assistant, assuming just familiarity with rigorous math and functional programming. Presents the techniques needed to scale to large formal developments in program verification and other domains, including scripted proof automation and expressive types for embedded programs.

FRAP

Formal Reasoning About Programs Introducing Coq simultaneously with semantics and program proof methods. Emphasizes commonalities through casting (almost) everything in terms of invariants on transition systems, with abstraction and modularity as our standard tools for simplifying invariant proofs. Presents ideas in parallel as chapters of a PDF with standard math notation and in Coq source files, mixing in bits of proof-automation wizardry at the author's whim. [I've used this book so far in six iterations of a graduate class, and I do believe the materials are now ready to be picked up and used pretty directly elsewhere!]

Advisory-Board Memberships

BlueRock Systems (formerly BedRock Systems) [since 2018]: verified systems software for safety-critical computing

DARPA Information Science and Technology (ISAT) study group [2018-2022]

SiFive [since 2018]: rapid development of custom hardware solutions, based on RISC-V

Former

krypt.co [2016-2019]: smarter management for cryptographic keys (acquired by Akamai)

How to Pronounce my Last Name

Pretend the first "l" isn't there ("Chipala") and you'll get close enough.

Recommended Reading

I'm straying pretty off-topic here, but, especially for all the students who might be reading this far down the page, I'd like to recommend a few books that have had big influences on me and that I wish I'd been told about as a student.

• Everything we do in trying to debug problems in the world today depends on understanding how we and other people think, and I've found that evolutionary psychology provides a crucial toolbox for making sense of it all. As a general starting point, I recommend The Moral Animal.
  • An important subtopic is the roots of the ideological differences that divide us, which lately seem to be especially hard to dislodge. The Righteous Mind explains how genes influence moral intuitions and makes a good case for not demonizing people with opposing intuitions. (And, straying even more off-topic, for a fascinating [but North-America-specific] take on regional culture as another source of differences, see American Nations.)
  • And here's my most recent addition to this list: a lot of people are talking past each other in the U.S. today, not so much because of traditional political divides but more because life has been getting more and more different in different parts of the socioeconomic spectrum. I found Of Boys and Men to be a very illuminating summary of one slice of that problem and what we might do to fix it.
• Many of the choices we make have significant environmental consequences, and it's important to have a sound scientific basis for evaluating them. Sustainable Energy -- Without the Hot Air is a good source for the quantitative details. The most striking takeaway for me was, for my own carbon footprint, the total dominance of air travel, which is why it's super-cool that there is a SIGPLAN Climate Change committee now, to help us get this excessive conference-going under control. (I'm in favor of one conference per research area per year, with as many parallel tracks as needed!)
• One of the consequential kinds of choices we make is about what to eat.
• On the environmental-impact side, I have to admit I haven't found one book that summarizes the evidence and then makes recommendations without worrying too much about inertia and people's supposed unwillingness to change. Just Food is a start, though.
• The standard American diet also has huge problems for promoting good health. The best starter source of information there is How Not to Die.
• Our transportation customs (in the USA, at least) also have some remarkably bad but underappreciated consequences. Personally, I support dramatically curtailing use of vehicles that run on roads, in favor of much more walking and vehicles that run on rails, which are fundamentally more energy-efficient (as I learned in Without the Hot Air). For a fascinating analysis of the implicit subsidy on cars via legal minimum standards on parking spaces, see The High Cost of Free Parking.
• There's a lot of hand-wringing these days about how hard it is to "make it" financially starting as a student. That may very well be true, but for the elite audience likely to read this page, with strong skills in computing (broadly construed), things are pretty rosy. The challenge and opportunity is to reconsider norms about how much stuff we really want in our lives, and whether it is worth the cost in money, health, and whatever else. See the blog Mr. Money Mustache for a firehose of suggestions, or The Simple Path to Wealth for a gentler introduction.
• Finally, relatively on-topically, anyone out there who is into programming and hasn't yet tried proof assistants should seriously consider grabbing a good introduction like Software Foundations! This technology is going mainstream any year now, and in the mean time it's great fun and mental exercise, which I'd like to think prepares us for solid rational analysis of all sorts of big questions in the world.

More content and links....