2022-04915 - PhD Position F/M Compositional verification of system program modules in Rust
Le descriptif de l’offre ci-dessous est en Anglais

Type de contrat : CDD

Niveau de diplôme exigé : Bac + 5 ou équivalent

Fonction : Doctorant

A propos du centre ou de la direction fonctionnelle

The Inria Rennes - Bretagne Atlantique Centre is one of Inria's eight centres and has more than thirty research teams. The Inria Center is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institute, etc.

Contexte et atouts du poste

Project RIOT-fp [b] is an Inria Challenge with the objective of developing future-proof operating system libraries [1,2,4] for application to IoT: RIOT [a].  Our PhD project is interested in one of the futures of RIOT: RIOT-rs, implemented in Rust [c]. This computing base provides access to a vast ecosystem of analysis, code generation, verification and proof tools [d,e,f]. It offers us to rethink a system software validation process that would suit both system programming and verification requirements (as one may expect from using, e.g., a theorem prover).

Mission confiée

The notion of contract [3] is one ideal such interface between the development and verification of system programs in Rust.  A contract allows, on one hand, to formally document the hypothesis and guarantees of system modules, functions, artifacts, with respect to global safety ad security requirements.  Contracts can be sufficiently abstract and comprehensible for system programmers, and adequately refined to meet the strongest requirements of mechanized verification.

Principales activités

Our project will focus on the development of such a modular validation flow by case-studying the core of RIOT's implementation in Rust [riot-rs-core].  We define and exercise this workflow to characterize and validate global requirements ranging from race-condition, deadlock avoidance, priority management and schedulability, and/or memory isolation, faul isolation, information flow control.

[a] RIOT: http://www.riot-os.org
[b] RIOT-fp: https://future-proof-iot.github.io/RIOT-fp
[c] riot-rs-core: https://github.com/future-proof-iot/RIOT-rs/tree/main/src/riot-rs-core/src
[d] F*: https://www.fstar-lang.org
[e] Lean: https://leanprover.github.io
[f] Electrolysis: https://kha.github.io/electrolysis

[1] "Verified Functional Programming of an Abstract Interpreter". Static Analysis Symposium. ACM, 2021.
[2] "Verified Functional Programming of an IoT operating system’s boot-loader". International Conference on Formal Methods and Models for System Design. ACM, 2021.
[3] "A Mechanically Verified Theory of Contracts". International Colloquium on Theoretical Aspects of Computing. Springer, 2021.
[4] "End-to-end Mechanized Proof of an eBPF Virtual Machine for Microcontrollers". International Conference on Computer Aided Verification, 2022.


It requires a Master degree with solid background in proof theory and mathematical logic, programming languages and type theory, as well as motivation and interest in both the implementation and verification of operating systems.  Prior knowledge and experiences with both Rust, F*, Coq, Lean will stand out.


  • Subsidized meals
  • Partial reimbursement of public transport costs
  • Possibility of teleworking (90 days per year) and flexible organization of working hours
  • partial payment of insurance costs


Monthly gross salary amounting to 1982 euros for the first and second years and 2085 euros for the third year