Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002.

Similar presentations


Presentation on theme: "Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002."— Presentation transcript:

1 Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002

2 2 Motivating questions Is the number of CERT advisories increasing or decreasing? Who can vouch for the correctness of the BLUETOOTH protocol? Will we ever vote electronically? Is the complexity of network protocols increasing or decreasing?

3 3 Safety Architectures Examples  Authentication  Network routing  E-voting  Mobile Code Requirements  Flexible design  Extensibility  Trust

4 4 Type System (toy)

5 5 Type System (real)

6 6 CompilerSource Proof Checker Safety Proof Safety Proof Language Trusted Computing Base Binary Programming Languages

7 7 Complexity Safety proof languages  PCC : 129 rules [Necula, Lee 97]  FPCC : several 100 rules [Appel, Felty 01]  FLINT : ?? rules [Zhao, et al 02] Typed Assembly Language  Type theory: 31 rules [Morrisett, Crary … 98]  Proof Checker: approx 4000 lines Blue Tooth Protocol  Type system: 1000 pages prose

8 8 We need tools to … … control the inherent complexity  design safety architectures  reason about our designs  automate reasoning processes involved  program with our designs

9 9 Dimension 1: Design Logical Frameworks encode  Safety Proof Languages  Type Systems  Security Protocols Benefit:  Storing  Shipping  Checking Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

10 10 Safety Proof Languages  Higher-order logic  Temporal Logic  Modal Logic  Linear Logic  Coq Logic  Type Systems Dimension 1: Design

11 11 Meta logical framework  Consistency  Completeness  Type Safety  Freeness of attacks Benefit:  Trusting  Verifying Dimension 2: Reasoning Is the safety proof language consistent? Can an intruder steal keys? Can somebody steal an e-vote?

12 12 Dimension 2: Reasoning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

13 13 Proof planning [CS, Autexier]  Push buttom technology  Ease of use  Failure interpretation Benefit:  Level of abstraction  Interactive design cycle  Quick response Dimension 3: Automation Proof Planner

14 14 Dimension 3: Automation Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

15 15 Delphin [CS, Yu, Poswolsky]  Compilers [CS, Xi]  Client-server Architecture  Theorem Provers for Proof Carrying Authentication Benefit:  Direct manipulation of derivations  Automatic code generation Dimension 4: Programming

16 16 Dimension 4: Programming Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner Delphin Fun. Programming

17 17 Rest of this Talk Proof Planning in Twelf Used at Yale, CMU, Princeton, Stanford, Harvard (?)…

18 18 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

19 19 Let’s get started Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

20 20 Safety Proof Language Intuitionistic logic: Sequent calculus: [Gentzen 35]  Judgment:  Rules:

21 21 Logical framework LF [Honsell, Harper, Plotkin 93]  Simply typed λ -calculus  Dependent types Paradigm  Judgments as types (assumptions as contexts)  Derivations as objects Representation Logical Framework

22 22 Representation (cont’d) Inference rules as constants axiom : (hyp A -> conc A). impr : (hyp A -> conc B) -> conc (A imp B). impl : conc A -> (hyp B -> conc C) -> (hyp (A imp B) -> conc C). cut : conc A -> (hyp A -> conc C) -> conc C.

23 23 Reasoning about the real world is as good as the encoding is Representation (cont’d) 1-to-1 Logic Logical Framework

24 24 Logical Frameworks Research Focuses on common concepts  Hypotheses  State Enriches logical framework  Substitution (beta reduction)  Update (resource oriented logics)

25 25 Logical Frameworks Research Emphasis 1: Representation Extend frameworks conservatively Terms are not dead, they live! Example: Twelf Emphasis 2: Reasoning Examples: Coq, Isabelle, Lego

26 26 Remarks Elegance  Higher-order representation techniques  Dependent types Benefit for this work:  Variables and substitutions come for free! We can look at the current field of problem solving by computers as a series of ideas about how to present a problem. If a problem can be cast into one of these representations in a natural way, then it is possible to manipulate it and stand some chance of solving it. [Allen Newell]

27 27 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

28 28 Is the Logic Consistent? Theorem [Admissibility]: [Gentzen 35] If and then  Fundamental theorem in logic [Gentzen 35]  Consistency of first-order logic  Structural proof [Pfenning 95]  Twelf can prove it automatically

29 29 Meta Logic M w  First-order logic  Induction principles for arbitrary higher-order encodings [CS 00,01] Theorem [Admissibility]: If and then +

30 30 Proof Planning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

31 31 The Situation What we have:  Logical Framework LF  Proofs by induction How can we find proofs automatically and quickly?

32 32 Pruning the Search Space Formulas Theorems None-Theorems

33 33 Common Operations Splitting ( Case analysis) Recursion ( Induction hypothesis) Filling  Constructing safety proofs  Resolution based techniques D: conc AE: hyp A -> conc BA:oC:o

34 34 Profiling reveals With naïve Prototype implementation:

35 35 Explanation Reason 1: Search spaces enormous Reason 2: Side effect of failure

36 36 Possible Tackles Reason 1: Search spaces enormous  Tabled proof search [Pientka ‘02]  Outsourcing [Vampire?] Reason 2: Side effect of failure  Pruning through proof plans  Decidable criterion

37 37 Approximations Meta Logic Proof Plans  Framework dependent  Problem independent Theorem Approximated Theorem Plan Theorem Prover abstraction search

38 38 Proof Planning Calculus P w  First order logic [CS, Autexier 02]  Propositions approximate type families  Natural deduction  Decidable (because of M2L) +

39 39 Central Insight Exploit information contained in types indices. Example: “We have an object of type family conc containing information on A” “We have another object of type family conc containing information on B once we know …” D: conc AE: hyp A -> conc B

40 40 Observation There is no proof of But  Splitting on (D, E)  Proof plans exist for each case.  Let’s try to prove. SUCCESS!

41 41 A Few Details Abstraction is defined as follows

42 42 Soundness Theorem If without case rules And Then. Proof: by induction on. Benefit: Read it backwards!

43 43 Summary Proof planning calculus P w  Recognizes unpromising states  Provides proof search guidance  Gives a logical explanation to proof plans Failure criterion  Inspects a proof state  Recognizes unpromising ones quickly  Decidable +

44 44 Summary Importance  Push button technology  Network/authentication/e-voting protocols Proof planning system P w  Works for encodings in LF  TI-abstraction [Giungilia, Walsh 91] Implementation is underway +

45 45 Our Goal: Tools to …  design safety architectures  reason about our designs  automate reasoning processes involved  program with our designs We are on the way!

46 46 Future Work Alternative proof techniques  Logical relations [CS, Sarnat]  Coinduction [CS, Momigliano] Application domain  Network protocols  E-Voting Infinite structures  Choice sequences vs. Co-induction  Adequate representation of infinite traces

47 47 Conclusion For more information about Twelf and Delphin check http://www.twelf.org

48 48 Theorem Prover/ Model Checker Compiler Server Authentication Protocols Client Safety proof Language Source Model Safety Proof Trusted Computing Base


Download ppt "Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002."

Similar presentations


Ads by Google