CertAlloc–An O(1) memory allocator formally verified -TLA+ and CBMC · HackerLangs