
SEL4: Mathematically Verified Software Kernels (2014) [pdf] - setra
http://sel4.systems/Info/Docs/GD-NICTA-whitepaper.pdf
======
ZenoArrow
If you're reading this, there's a decent chance you'll be interested in
Robigalia, which is an OS that couples SEL4 with a Rust userland:

[https://robigalia.org/](https://robigalia.org/)

Aside from the security approach of the OS design, I believe the plan is to
formally verify the Rust code once tools for verifying Rust are ready for
production use.

[https://robigalia.org/blog/2016/11/15/verfication.html](https://robigalia.org/blog/2016/11/15/verfication.html)

~~~
elcritch
Very promising looking project. I was looking into it last week and read
through some code, but it seems somewhat fragmented. They're undertaking a lot
but don't appear to have a large active community.

Still there are a number of projects and they look to have a full GUI running.
Impressive, perhaps it speaks to the productivity of Rust.

All in all, hopefully the project continues forward. It'd be great to try!

~~~
Animats
"Create a highly reliable persistent capability OS, continuing the heritage of
EROS and Coyotos".

That's nice, but the long, long history of EROS and its successors makes Gnu
HURD look like a fast-moving project. Get Rust onto SEL4 for embedded systems
and you'll have something. Get a router on that and you'll have a business.

------
kmicklas
I would bet pretty good money that automated theorem proving is better than
the best humans within 10 years.

There's still not a lot of good research in combining machine learning and
theorem proving, and intuitively it seems feasible. It's clearly somewhere
between beating Go and general AI, and probably closer to Go since it's
basically just a tree search with heuristics.

If this happens, it would radically change the software industry. High level
application development might not change that much since the problems are
usually poorly specified. But it might dramatically reduce the cost of writing
system software. We'd see innovation in that space we haven't seen since the
70s. Unix and its abstractions that dominate the whole market might look as
antiquated as punch cards.

Additionally, professional mathematicians might become more like philosophers,
guiding the procession of mathematics and deciding what is interesting to
prove.

~~~
cyberpunk
Do you have any good resources for someone wanting to understand that a bit
more? I'm super interested but this all seems a bit hard to get my head
around..

~~~
wolfgke
If you want to have a look into the state of the art of axiomatic systems that
can be (and have been) used for proofs that can be checked by a computer, it
surely is not a bad idea to read the Homotopy Type Theory (HoTT) book, which
is freely available at

> [https://homotopytypetheory.org/book/](https://homotopytypetheory.org/book/)

If you prefer a more "established" way:

Common systems for computer-checked proofs are Isabelle/HOL, Coq and Agda (the
latter is often commonly "only" called a programming language, but also has
been used for this purpose).

For Isabelle/HOL ([https://isabelle.in.tum.de/](https://isabelle.in.tum.de/))
I only know the official documentation as a resource:
[https://isabelle.in.tum.de/documentation.html](https://isabelle.in.tum.de/documentation.html)

For Coq ([https://coq.inria.fr/](https://coq.inria.fr/)) a good book book is
"Coq'Art: The Calculus of Inductive Constructions" by Yves Bertot and Pierre
Castéran. Unluckily it is not (legally) freely available.

Finally for Agda
([http://wiki.portal.chalmers.se/agda/pmwiki.php](http://wiki.portal.chalmers.se/agda/pmwiki.php))
I recommend reading Ulf Norell's PhD thesis "Towards a practical programming
language based on dependent type theory" and the more introductory paper
"Dependently Typed Programming in Agda". Both texts are available at
[http://www.cse.chalmers.se/~ulfn/](http://www.cse.chalmers.se/~ulfn/)

~~~
cmrx64
The best resource for getting started with Isabelle/HOL is
[http://www.concrete-semantics.org/](http://www.concrete-semantics.org/).
Freely available.

------
reirob
I didn't read through the linked PDF, but in relationship to work on SEL4, I
found [1], it builds on the work that has been done for SEL4, and improves the
tools further. As a first example they they implement verified file systems.
They managed to implement two file systems: ext2fs and BillyFS. These file
systems can be deployed in Linux. Their aim is reduce the cost of verified
systems software.

[1]:
[https://ts.data61.csiro.au/projects/TS/cogent.pml](https://ts.data61.csiro.au/projects/TS/cogent.pml)

------
antiquark
The $200-400 per LOC really puts it out of reach for any non-trivial project.
Like additional millions of dollars in cost.

