A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

Slides:



Advertisements
Similar presentations
1 Knowledge Representation Introduction KR and Logic.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Introduction The concept of transform appears often in the literature of image processing and data compression. Indeed a suitable discrete representation.
Biointelligence Lab School of Computer Sci. & Eng.
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
The lambda calculus David Walker CS 441. the (untyped) lambda calculus a language of functions e ::= x | \x.e | e1 e2 v ::= \x.e there are several different.
The lambda calculus David Walker CS 441. the lambda calculus Originally, the lambda calculus was developed as a logic by Alonzo Church in 1932 –Church.
Timed Automata.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)
1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.
MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato ITT Industries, NRL Washington,
Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.
Focusing in Proof-search and Concurrent Synchronization Deepak Garg Carnegie Mellon University (Based on joint work with Frank Pfenning)
December 7, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 9: Automated Verification Iliano Cervesato
Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.
Fault Tree Representation of Security Requirements0.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
Proof by Deduction. Deductions and Formal Proofs A deduction is a sequence of logic statements, each of which is known or assumed to be true A formal.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
December 6, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 8: Intruder Models Iliano Cervesato
1 Type-Directed Concurrency Deepak Garg, Frank Pfenning {dg+, Carnegie Mellon University.
Propositional Calculus Math Foundations of Computer Science.
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
JS Arrays, Functions, Events Week 5 INFM 603. Agenda Arrays Functions Event-Driven Programming.
Requirements Expression and Modelling
Systems Architecture I1 Propositional Calculus Objective: To provide students with the concepts and techniques from propositional calculus so that they.
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Lambda Calculus History and Syntax. History The lambda calculus is a formal system designed to investigate function definition, function application and.
Unit 6 vocabulary Test over words next week, it will benefit you to study and understand what there words mean.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
WSMX Execution Semantics Executable Software Specification Eyal Oren DERI
Joseph Cordina 1/11 The Use of Model-Checking for the Verification of Concurrent Algorithms Joseph Cordina Department of C.S.&A.I.
A Locally Nameless Theory of Objects 1.Introduction:  -calculus and De Bruijn notation 2.locally nameless technique 3.formalization in Isabelle and proofs.
Towards Automatic Verification of Safety Architectures Carsten Schürmann Carnegie Mellon University April 2000.
Honors Geometry Intro. to Deductive Reasoning. Reasoning based on observing patterns, as we did in the first section of Unit I, is called inductive reasoning.
 Solve and algebraic equation and provide a justification for each step.  Identify which property of equality or congruence is being used.
Propositional Calculus CS 270: Mathematical Foundations of Computer Science Jeremy Johnson.
CSE 230 The -Calculus. Background Developed in 1930’s by Alonzo Church Studied in logic and computer science Test bed for procedural and functional PLs.
Theory of Programming Languages Introduction. What is a Programming Language? John von Neumann (1940’s) –Stored program concept –CPU actions determined.
CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification.
Non-interference in Constructive Authorization Logic Deepak Garg and Frank Pfenning Carnegie Mellon University.
Algebraic Proof Addition:If a = b, then a + c = b + c. Subtraction:If a = b, then a - c = b - c. Multiplication: If a = b, then ca = cb. Division: If a.
Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)
Warm Up. Warm Up Answers Theorem and Proof A theorem is a statement or conjecture that has been shown to be true. A theorem is a statement or conjecture.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
Duminda WijesekeraSWSE 623: Introduction1 Introduction to Formal and Semi- formal Methods Based on A Specifier's Introduction to Formal Methods (J. Wing)
Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University
A Mechanized Model of the Theory of Objects 1.Functional  -calculus in Isabelle 2.Confluence Proof in Isabelle 3.Ongoing Work, Applications, Conclusion.
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
1 Aspectual Caml an Aspect-Oriented Functional Language Hideaki Tatsuzawa Hidehiko Masuhara Akinori Yonezawa University of Tokyo.
Intro to Proofs Unit IC Day 2. Do now Solve for x 5x – 18 = 3x + 2.
Adding Concurrency to a Programming Language Peter A. Buhr and Glen Ditchfield USENIX C++ Technical Conference, Portland, Oregon, U. S. A., August 1992.
Iliano Cervesato ITT Industries, NRL Washington, DC
2.5 and 2.6 Properties of Equality and Congruence
Introduction to Logic for Artificial Intelligence Lecture 1
Department of Computer Science Abdul Wali Khan University Mardan
Non-preemptive Semantics for Data-race-free Programs
OBJ first-order functional language based on equational logic
CHARACTERIZATIONS OF INVERTIBLE MATRICES
Presentation transcript:

A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries, NRL Washington, DC CS Department, UMBCFebruary

I. Cervesato: A Concurrent Logical Framework1 CLF Where it comes from Logical Frameworks The LF approach What it is True concurrency Monadic encapsulation A canonical approach What’s next?

I. Cervesato: A Concurrent Logical Framework2 All about Logical Frameworks Represent and reason about object systems Languages, logics, … Often semi-formalized as deductive systems Reasoning often informal Benefits Formal specification of object system Automate verification of reasoning arguments Feed back into other tools Theorem provers, PCC, …

I. Cervesato: A Concurrent Logical Framework3 The LF Way Identify fundamental mechanisms and build them into the framework (soundly!)  done (right) once and for all instead of each time Modular constructions: [  -Algebras] app f a Variable binding,  -renaming, substitution [LF] x. x+1 Disposable, updateable cell [LLF] ^s’. f ^ s True concurrency [CLF]

I. Cervesato: A Concurrent Logical Framework4 It’s all about Adequacy Task - complex - long - tedious Object system Representation Automated Informal Adequacy: correctness of the transcription LF: make adequacy as simple as possible rather than (Gödel numbers)

I. Cervesato: A Concurrent Logical Framework5 Representation Targets Mottos, mottos, mottos … LF: judgments-as-types / proofs-as-objects 3+5 = 8  N : ev (+ 3 5) 8 LLF: state-as-linear-hypotheses / imperative-computations-as- linear-functions CLF: concurrent-computations-as-monadic-expressions / … nextLF: blablablablablabla -as- blablablablablablablabla / blablablablablablablablabl -as- blablablablablabablablablablablablabla Judgment (a statement we want to make) typeobject

I. Cervesato: A Concurrent Logical Framework6 Make it Canonical, Sam Each object of interest has exactly 1 representation Canonical objects:  -long,  -normal _LF term Decidable, computable terms proofs evaluations N:tm N:pf A B N:ev E V Object system _LF 1-1

I. Cervesato: A Concurrent Logical Framework7 Types (“asynchronous” constructors of ILL) A ::= a |  x:A. B | A –o B | A & B | T Terms N ::= x | x:A. N | N 1 N 2 ^x:A. N | N 1 ^N 2 | | fst N | snd N | <> Main judgment  ;  |- N : A But what is LLF?But what is LF? Types A ::= a |  x:A. B Terms N ::= x | x:A. N | N 1 N 2 Main judgment  |- N : A

I. Cervesato: A Concurrent Logical Framework8 CLF

I. Cervesato: A Concurrent Logical Framework9 An Example Security protocol spec. net out (m) net in (m)  x. net out (x)  net in (x) net(m) Security protocol spec. Many instances can be executing concurrently

I. Cervesato: A Concurrent Logical Framework10 LLF Encoding net : stepo– net out m o– (net in m –o step). LLF forces continuation-passing style Consider 2 independent applications: n i 1. net ^ n o 1 ^ ( n i 2. net ^ n o 2 ^ C) n i 2. net ^ n o 2 ^ ( n i 1. net ^ n o 1 ^ C) Should be indistinguishable (true concurrency) Equate them at the meta-level same-trace T 1 T 2 o- … Never-ending even for small system!

I. Cervesato: A Concurrent Logical Framework11 Encoding in Linear logic  m. net out m –o net in m Much simpler In general, requires “synchronous” operators  and 1 Concurrency given by “commuting conversions” let x 1  y 1 = N 1 in (let x 2  y 2 = N 2 in M) =let x 2  y 2 = N 2 in (let x 1  y 1 = N 1 in M) if x i,y i  FV(R 2- i ) … looks like what we want …

I. Cervesato: A Concurrent Logical Framework12 However … Commuting conversions are too wild Allow permutations we don’t care for Synchronous types destroy uniqueness of canonical forms nat:type. z:nat. s:nat->nat. c:1. Natural numbers: z, s z, s ( s z ), … What about let 1 = c in z ? What if c is linear? No good! 

I. Cervesato: A Concurrent Logical Framework13 Monadic Encapsulation Separate synchronous and asynchronous types Outside the monad LLF types (asynchronous)  -long,  -normal forms Inside the monad Synchronous types Commuting conversions Concurrency equation  -long,  -normal forms Monad is a sandbox for synchronous behavior

I. Cervesato: A Concurrent Logical Framework14 CLF Types A ::= a |  x:A. B | A –o B | A & B | T | {S} S ::= A | !A | S 1  S 2 | 1 |  x:A. S Terms N ::= x | x:A. N | N 1 N 2 | ^x:A. N | N 1 ^N 2 | | fst N | snd N | <> | {E} E ::= M | let {p} = N in E M ::= N | !N | M 1  M 2 | 1 | [N,M] p ::= x | !x | p 1  p 2 | 1 | [x,p]

I. Cervesato: A Concurrent Logical Framework15 Example in CLF net : net in m –o { net out m }. Relating the 2 specifications 2 sets of CLF declarations Meta-level definition of trace transformation simplify-net {T i/o } {T} Trivial mapping Permutations handled automatically No need to take action Critical for more complex examples

I. Cervesato: A Concurrent Logical Framework16 The Canonical Approach _LF meta-theory: Decidability of type-checking Existence of unique canonical forms Substitution theorem, … A progression of techniques LF: start with equality modulo ,  over all terms ~10 years to prove [several Ph.D. theses, book] LLF: start with equality modulo  over  -long terms ~6 months to prove [thesis] CLF: work only with  -long,  -normal terms ~2 weeks to prove [method is the thesis] Applicable with minimal effort to other languages

I. Cervesato: A Concurrent Logical Framework17 Examples and Applications  -calculus Synchronous Asynchronous Concurrent ML Petri nets Execution-sequence semantics Trace semantics MSR security protocol specification language No implementation … yet …

I. Cervesato: A Concurrent Logical Framework18 Further Reading Watkins, Cervesato, Pfenning, Walker: A Concurrent Logical Framework: the Propositional Case, Oct CPWW: A Concurrent Logical Framework, Jan Forthcoming technical reports A Concurrent Logical Framework I: Judgments and Properties A Concurrent Logical Framework II: Examples and Applications NOT the paper in the proceedings

I. Cervesato: A Concurrent Logical Framework19 What Next?

I. Cervesato: A Concurrent Logical Framework20 Future Work Further development Appropriate operational semantics Irrelevant types Multiple monads, … Further experience More concurrent systems Process algebras Security protocols, … Reasoning Trace-base reasoning Process equivalences, …

I. Cervesato: A Concurrent Logical Framework21 Conclusions CLF A logical framework that internalizes true concurrency Monadic encapsulation tames commuting conversions Canonical approach to meta-theory Good number of examples This is just the beginning … plenty more to do!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.