| dc.contributor.author | Tockman, Andy | |
| dc.contributor.author | Singh, Pratap | |
| dc.contributor.author | Erbsen, Andres | |
| dc.contributor.author | Gruetter, Samuel | |
| dc.contributor.author | Chlipala, Adam | |
| dc.date.accessioned | 2026-02-02T19:53:38Z | |
| dc.date.available | 2026-02-02T19:53:38Z | |
| dc.date.issued | 2026-01-08 | |
| dc.identifier.isbn | 979-8-4007-2341-4 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/164710 | |
| dc.description | CPP ’26, Rennes, France | en_US |
| dc.description.abstract | Some important domains of software demand concrete bounds on how long functions may run, for instance for real-time cyberphysical systems where missed deadlines may damage industrial machinery. Such programs may interact with external devices throughout execution, where time deadlines ought to depend on, for instance, sensor readings (e.g. we only scramble to close a valve immediately when a sensor reports that a tank is about to overflow). We present the first software-development toolchain that delivers first-principles proofs of meaningful time bounds for interactive machine code, while allowing all per-application programming and verification to happen at the source-code level. We allow C-like programs to be proved against separation-logic specifications that also constrain their running time, and such proofs are composed with verification of a compiler to RISC-V machine code. All components are implemented and proved inside the Rocq proof assistant, producing final theorems whose statements depend only on machine-language formal semantics and some elementary specification constructions for describing running time. As a capstone case study, we extended a past verification (of a real microcontroller-based cyberphysical system) to bound time between arrival of network packets and actuation of an attached device. | en_US |
| dc.publisher | ACM|Proceedings of the 15th ACM SIGPLAN International Conference on Certified Programs and Proofs | en_US |
| dc.relation.isversionof | https://doi.org/10.1145/3779031.3779088 | en_US |
| dc.rights | Creative Commons Attribution | en_US |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en_US |
| dc.source | Association for Computing Machinery | en_US |
| dc.title | Foundational Verification of Running-Time Bounds for Interactive Programs | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Andy Tockman, Pratap Singh, Andres Erbsen, Samuel Gruetter, and Adam Chlipala. 2026. Foundational Verification of Running-Time Bounds for Interactive Programs. In Proceedings of the 15th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP '26). Association for Computing Machinery, New York, NY, USA, 187–200. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.identifier.mitlicense | PUBLISHER_CC | |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2026-02-01T08:47:34Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | The author(s) | |
| dspace.date.submission | 2026-02-01T08:47:34Z | |
| mit.license | PUBLISHER_CC | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
