In Rustan Leino’s ideal world, computer software always works as intended. In the real world, however, he knows that software engineers are people like him – they make mistakes to write code. Some of these error -standing escapes detection. As a result, the world is full of buggy software.
Leino is a senior main application scientist in the automated reasoning group at Amazon Web Services (AWS) in Seattle. He specializes in program confirmation, the science of mathematical evidence that a software program always works properly. The process of program confirmation, he naked, is expensive in terms of the hours spent on it – including training. Becaus of it, it is done selectively.
“Software that is very important is a great place for verification, and AWS has Mary pieces of its infrastructure where you just want someone,” he said. “If you want to send a rocket to Mars you get a chance. You really want it to work. AWS is a bit like that – you really want it to work.”
Leino spent more than 20 years in industrial research laboratories studying and developing methods and programming languages for program confirmation. He joined the AWS in 2017 for the opportunity to use program confirmation in a framework of reality in the real world while continuing to research.
“It’s a very happy place for me and a good match with the magic forms that I have expertise in, and AWS will do,” he said.
Math programming
Unknown by Leino, he was the way to a career in program verification as a pre-tea in the early 1980s. He loved math and found a parallel interest in the logic of computer programming. He spent hours every day writing gaming software in programming language basic. When he went to the University of Texas in Austin (UT Austin) for his bachelor’s degree, he knew he would study computers.
“I don’t think I really knew what computer science was anything but the programming involved, but there was a wealth of computer science that was dreaming for me in college,” he said. “There was a class I took that had to do with program confirmation, and I really like.”
Program confirmation is a way to catch the errors that software engineers make when writing programs. At one level, automated program confirmation tools work in a similar way as a spell checking works in a text therapist.
Rustan Leino on Writing Confirmed Software for Production
“But in the word processing forth there is no equivalent tool for something that says,” I try to get my program to do the following, “or” I try to make sure my program always makes this particular owl, “Leino explained.
Such properties, he explained, called Invariants. In order for sweating invariants, specification programmers write – that is, definitions of what a program should do. Program confirmation tools called Verifiers compare a software program with its indispensable offerings and try to find discussed or bugs.
“If you can mathematically prove that the program always lives up to these offers – what you are trying to establish – then you say you verify the program or that you are the program correctly,” Leino said.
From industry to academia and back
After graduating from UT Austin in 1989, Leino got a job as a software developer at Microsoft, where he worked on the Windows operating system. While he was there, he became convinced that formally provinction program correct would become more important as computers became more and more interconnected.
At that time, program verification was limited to academic and industrial research laboratories. Leino went to the California Institute of Technology to study it, serve a master’s degree and PhD. in computer science along the way.
“When I think back to what on earth did I know about research at the time? I don’t know, but somehow in my head I thought that’s what I really wanted to do,” he remembered.
Sweet Face Photography
Under an internship at Digital Equipment Corporation (Dec) The World of the World with the late Greg Nelson, a computer scientist who was a pioneer in program verification. Dec hired Leino out of the graduate school, and he, Nelson, and their colleagues developed tools such as the extended static checker to Java, a verifier that checks for errors in programs written in Java.
“When a mentor believes in you and lets you develop what you are good at, it really makes it a tremendous one,” Leino said of his time working with Nelson. “He did it for me.”
Leino returned to Microsoft in 2001 to join the company’s research laboratory. There he developed the intermediate verification language Boogie, which is a building block for many modern verifiers. Boogie also supports the programming language Dafny that Leino developed as a framework for performing program confirmation from the bottom of, the indetade of awkward bolt tools in existing languages.
Research and scientific community found Dafny useful to tackle a rotting of specification challenges. Leino uses it to teach program confirmation to computer scientists and notes that the built -in tools encourage programmers to write correct code. Over time, he added several functionalitites to Dafny to tackle other specification challenges of interest in the research community.
“One day I woke up and realized this Dafny thing, it really can do a lot,” he said.
Applied science on AWS
AWS recruited Leino to apply his research to program verification in the Java programs, which are mission -critical for both internal and external AWS customers. The company saw the value of program verification for its customers and was willing to invest in the science behind it, Leino said.
What is exciting is that we have now moved the needle from using Dafny in research projects to using it in projects with industrial impact.
A few years ago he worked on a project at AWS, which appears well sued for the capacities in Dafny. Since then he has worked at Dafny full time.
“What is exciting is that we have now moved the needle from using Dafny in research projects to using it in projects with industrial influence,” Leino said.
For example, his team worked with an engineering group to use Dafny to write Open Source AWS Encryption Software Development Kit (SDK) for the .NET Developer platform. AWS encryption SDK is a customer-page encryption library that simplifies the tasks of encryption and decryption of data in sky applications.
“It is difficult to use encryption correctly,” Naded Leino. “If customers want to rely on this library, it makes sense to go beyond the strict test of Alreni, as software engineers always do. Program confirmation draws up the game by providing evidence that the library has certain speeds.”
For example, the specification for part of the library claims that when complaint data is encrypted and divided into smaller packages for transfer on one cord from one place to another, then rea sissing of these packages will properly result in the original Plassext.
“We have proven that there are no errors in the assembly/rea Soundy algorithms,” Leino said. In Univered Software, he explained, encryption keys could be used in the wrong order during the collection, which would make Reat as.
This proof, he added, could give AWS customers greater confidence in applications built with the tool. Although there may be other pieces of software in the application that do not have through the rigor in the program verification and thus could have errors, the piece of the application related to how encryption is used and the packages are assembled correctly.
Mentor for the times
Program confirmation remains an active area of academic research where new issues emerge when discipline becomes more widespread. Leino is submerged in this research community and in this capacity of regular guests internal to work allongsoid him. During his career, 35 have accepted the invitation.
“I tend to work very closely with my trainees,” he said. “Most trainees I met every day, and many of 35 Perse, we worked summarizing for an hour every day.”
It was the experience of the Gaurav Parthasarathy, a Ph.D. -Students in the programming methodics group at the Department of Computer Science in Eth Zurich in Switzerland, who interdied with Leino during the summer of 2022. His research focuses on strengthening Boogie, the verification tool that developed and used to build Dafny.
“Once a weekend we had long discussions on the White Board. It was often him who presented something or me who presented my progress, and then we tried to brainstorm how we could solve certain problem men, Parthasarathy said.
Leino said he would often leave these discussions that were energetic to experimenting himself, and sets off several hours for programming in search of solutions to problems. He looks after a similar passion with his trainees.
“Most of the projects I carry out involve a lot of programming. We rent scientific trainees to do programming, it’s not the poenget,” Leino said. “The point is to explore the ideas you have. To try them, you have to do a lot of programming. And then for me personally it always has Wors Worket conveys when programming is something the trainees are doing very fluently.”
Leino’s passion for programming, experimentation and discussion of the details of program confirmation at Nausum hit a chord with Parthasarathy.
“I always thought that if you construct or a scientist in the industry and you reach the age of Rustan, you move into the leadership position and you might lose some of the passion,” Partahasarathy said. “Rustan showed me that this doesn’t have to be the case. He still implements core features that are really hard to implement – he is perhaps the only one who can even do it. He is a real scientist in his heart.”