We describe a monadic interface to low-level hardware features that is a suitable basis for building operating systems in Haskell. The interface includes primitives for controlling memory management hardware, user-mode process execution, and low-level device I/O. The interface enforces memory safety in nearly all circumstances. Its behavior is specified in part by formal assertions written in a programming logic called P-Logic. The interface has been implemented on bare IA32 hardware using the Glasgow Haskell Compiler (GHC) runtime system. We show how a variety of simple O/S kernels can be constructed on top of the interface, including a simple separation kernel and a demonstration system in which the kernel, window system, and all device drivers are written in Haskell.

Abstract. We present a scalable, practical Hoare Logic and refinement calculus for the nondeterministic state monad with exceptions and failure in Isabelle/HOL. The emphasis of this formalisation is on large-scale verification of imperative-style functional programs, rather than expressing monad calculi in full generality. We achieve scalability in two dimensions. The method scales to multiple team members working productively and largely independently on a single proof and also to large programs with large and complex properties. We report on our experience in applying the techniques in an extensive (100,000 lines of proof) case study—the formal verification of an executable model of the seL4 operating system microkernel. 1

The wide availability of cloud computing offers an unprecedented opportunity to rethink how we construct applications. The cloud is currently mostly used to package up existing software stacks and operating systems (e.g. LAMP) for scaling out websites. We instead view the cloud as a stable hardware platform, and present a programming framework which permits applications to be constructed to run directly on top of it without intervening software layers. Our prototype (dubbed Mirage) is unashamedly academic; it extends the Objective Caml language with storage extensions and a custom run-time to emit binaries that execute as a guest operating system under Xen. Mirage applications exhibit significant performance speedups for I/O and memory handling versus the same code running under Linux/Xen. Our results can be generalised to offer insight into improving more commonly used languages such as PHP, Python and Ruby, and we discuss lessons learnt and future directions. aged binary images, bolt-on “accelerators ” which dynamically optimise scripting code such as PHP, and automated security update infrastructure. In this paper we propose departing from this approach of layering systems, instead developing a software stack designed explicitly for use in the cloud. Standard interfaces such as POSIX are less relevant in this highly distributed environment, and a fresh software stack can also help to exploit the new capabilities of virtualisation more effectively, such as live relocation. Software efficiency now brings direct financial rewards in cloud environments, providing a much greater impetus to improve on the current state-of-the-art and reducing resistance to change from the open source community (e.g. the “NoSQL ” movement [15]). This paper makes several contributions: (i) the motivation for constructing a new software stack (§2), and its architecture (§3); 1

We describe our work to port the SML/NJ implementation of SML to run on a bare machine, that is, a machine with no other underlying operating system. We have used SML to build a small operating system, Hello. To our knowledge, Hello is the first operating system to be written in SML, and the first system with device drivers written in an advanced, strongly typed language. The focus of this paper is on the techniques used to port SML/NJ to the bare machine, generalizing the lessons we learned and describing the final programming environment available to kernel programmers.