Jonathan Protzenko
YOU?
Author Swipe
View article: Charon: An Analysis Framework for Rust
Charon: An Analysis Framework for Rust Open
View article: Compiling C to Safe Rust, Formalized
Compiling C to Safe Rust, Formalized Open
The popularity of the Rust language continues to explode; yet, many critical codebases remain authored in C, and cannot be realistically rewritten by hand. Automatically translating C to Rust is thus an appealing course of action. Several …
View article: Charon: An Analysis Framework for Rust
Charon: An Analysis Framework for Rust Open
With the explosion in popularity of the Rust programming language, a wealth of tools have recently been developed to analyze, verify, and test Rust programs. Alas, the Rust ecosystem remains relatively young, meaning that every one of thes…
View article: StarMalloc: Verifying a Modern, Hardened Memory Allocator
StarMalloc: Verifying a Modern, Hardened Memory Allocator Open
We present StarMalloc, a verified, efficient, security-oriented, and concurrent memory allocator. Using the Steel separation logic framework, we show how to specify and verify a multitude of low-level patterns and delicate security mechani…
View article: Sound Borrow-Checking for Rust via Symbolic Semantics
Sound Borrow-Checking for Rust via Symbolic Semantics Open
The Rust programming language continues to rise in popularity, and as such, warrants the close attention of the programming languages community. In this work, we present a new foundational contribution towards the theoretical understanding…
View article: Sound Borrow-Checking for Rust via Symbolic Semantics (Long Version)
Sound Borrow-Checking for Rust via Symbolic Semantics (Long Version) Open
The Rust programming language continues to rise in popularity, and as such, warrants the close attention of the programming languages community. In this work, we present a new foundational contribution towards the theoretical understanding…
View article: StarMalloc: A Formally Verified, Concurrent, Performant, and Security-Oriented Memory Allocator
StarMalloc: A Formally Verified, Concurrent, Performant, and Security-Oriented Memory Allocator Open
In this work, we present StarMalloc, a verified, security-oriented, concurrent memory allocator that can be used as a drop-in replacement in real-world projects. Using the Steel separation logic framework, we show how to specify and verify…
View article: Modularity, Code Specialization, and Zero-Cost Abstractions for Program Verification
Modularity, Code Specialization, and Zero-Cost Abstractions for Program Verification Open
For all the successes in verifying low-level, efficient, security-critical code, little has been said or studied about the structure, architecture and engineering of such large-scale proof developments. We present the design, implementatio…
View article: Aeneas: Rust verification by functional translation
Aeneas: Rust verification by functional translation Open
We present Aeneas, a new verification toolchain for Rust programs based on a lightweight functional translation. We leverage Rust’s rich region-based type system to eliminate memory reasoning for a large class of Rust programs, as long as …
View article: Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations
Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations Open
International audience
View article: Catala: a programming language for the law
Catala: a programming language for the law Open
Law at large underpins modern society, codifying and governing many aspects of citizens' daily lives. Oftentimes, law is subject to interpretation, debate and challenges throughout various courts and jurisdictions. But in some other areas,…
View article: A modern compiler for the French tax code
A modern compiler for the French tax code Open
In France, income tax is computed from taxpayers' individual returns, using an algorithm that is authored, designed and maintained by the French Public Finances Directorate (DGFiP). This algorithm relies on a legacy custom language and com…
View article: Zero-cost meta-programmed stateful functors in F.
Zero-cost meta-programmed stateful functors in F. Open
Writing code is hard; proving it correct is even harder. As the scale of verified software projects reaches new heights, the problem of efficiently verifying large amounts of software becomes more and more salient. Nowhere is this issue mo…
View article: Modularity, Code Specialization, and Zero-Cost Abstractions for Program Verification
Modularity, Code Specialization, and Zero-Cost Abstractions for Program Verification Open
For all the successes in verifying low-level, efficient, security-critical code, little has been said or studied about the structure, architecture and engineering of such large-scale proof developments. We present the design, implementatio…
View article: HACLxN: Verified Generic SIMD Crypto (for all your favourite platforms)
HACLxN: Verified Generic SIMD Crypto (for all your favourite platforms) Open
We present a new methodology for building formally verified cryptographic libraries that are optimized for multiple architectures. In particular, we show how to write and verify generic crypto code in the F* programming language that explo…
View article: EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider
EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider Open
International audience
View article: Formally Verified Cryptographic Web Applications in WebAssembly
Formally Verified Cryptographic Web Applications in WebAssembly Open
International audience
View article: Meta-F $$^\star $$ : Proof Automation with SMT, Tactics, and Metaprograms
Meta-F $$^\star $$ : Proof Automation with SMT, Tactics, and Metaprograms Open
International audience
View article: Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms
Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms Open
We introduce Meta-F*, a tactics and metaprogramming framework for the F* program verifier. The main novelty of Meta-F* is allowing the use of tactics and metaprogramming to discharge assertions not solvable by SMT, or to just simplify them…
View article: Meta-F*: Metaprogramming and Tactics in an Effectful Program Verifier.
Meta-F*: Metaprogramming and Tactics in an Effectful Program Verifier. Open
Verification tools for effectful programming languages often rely on automated theorem provers such as SMT solvers to discharge their proof obligations, usually with very limited facilities for user interaction. When the need arises for lo…
View article: Functional Pearl: the Proof Search Monad
Functional Pearl: the Proof Search Monad Open
We present the proof search monad, a set of combinators that allows one to write a proof search engine in a style that resembles the formal rules closely. The user calls functions such as premise, prove or choice; the library then takes ca…
View article: A monadic framework for relational verification: applied to information security, program equivalence, and optimizations
A monadic framework for relational verification: applied to information security, program equivalence, and optimizations Open
International audience
View article: HACL*: A Verified Modern Cryptographic Library
HACL*: A Verified Modern Cryptographic Library Open
HACL* is a verified portable C cryptographic library that implements modern cryptographic primitives such as the ChaCha20 and Salsa20 encryption algorithms, Poly1305 and HMAC message authentication, SHA-256 and SHA-512 hash functions, the …
View article: Verified low-level programming embedded in F*
Verified low-level programming embedded in F* Open
We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependen…
View article: Implementing and Proving the TLS 1.3 Record Layer
Implementing and Proving the TLS 1.3 Record Layer Open
International audience
View article: Verified Low-Level Programming Embedded in F*
Verified Low-Level Programming Embedded in F* Open
We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependen…
View article: A Monadic Framework for Relational Verification (Functional Pearl).
A Monadic Framework for Relational Verification (Functional Pearl). Open
Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much atten…
View article: A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimizations
A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimizations Open
Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much atten…
View article: HACL*: A Verified Modern Cryptographic Library.
HACL*: A Verified Modern Cryptographic Library. Open
International audience
View article: Dijkstra monads for free
Dijkstra monads for free Open
Dijkstra monads enable a dependent type theory to be enhanced with support for specifying and verifying effectful code via weakest preconditions. Together with their closely related counterparts, Hoare monads , they provide the basis on wh…