Download presentation
Presentation is loading. Please wait.
Published byHugh Leonard Modified over 9 years ago
1
Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002
2
2 Motivating questions Is the number of CERT advisories increasing or decreasing? Who can vouch for the correctness of the BLUETOOTH protocol? Will we ever vote electronically? Is the complexity of network protocols increasing or decreasing?
3
3 Safety Architectures Examples Authentication Network routing E-voting Mobile Code Requirements Flexible design Extensibility Trust
4
4 Type System (toy)
5
5 Type System (real)
6
6 CompilerSource Proof Checker Safety Proof Safety Proof Language Trusted Computing Base Binary Programming Languages
7
7 Complexity Safety proof languages PCC : 129 rules [Necula, Lee 97] FPCC : several 100 rules [Appel, Felty 01] FLINT : ?? rules [Zhao, et al 02] Typed Assembly Language Type theory: 31 rules [Morrisett, Crary … 98] Proof Checker: approx 4000 lines Blue Tooth Protocol Type system: 1000 pages prose
8
8 We need tools to … … control the inherent complexity design safety architectures reason about our designs automate reasoning processes involved program with our designs
9
9 Dimension 1: Design Logical Frameworks encode Safety Proof Languages Type Systems Security Protocols Benefit: Storing Shipping Checking Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework
10
10 Safety Proof Languages Higher-order logic Temporal Logic Modal Logic Linear Logic Coq Logic Type Systems Dimension 1: Design
11
11 Meta logical framework Consistency Completeness Type Safety Freeness of attacks Benefit: Trusting Verifying Dimension 2: Reasoning Is the safety proof language consistent? Can an intruder steal keys? Can somebody steal an e-vote?
12
12 Dimension 2: Reasoning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework
13
13 Proof planning [CS, Autexier] Push buttom technology Ease of use Failure interpretation Benefit: Level of abstraction Interactive design cycle Quick response Dimension 3: Automation Proof Planner
14
14 Dimension 3: Automation Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner
15
15 Delphin [CS, Yu, Poswolsky] Compilers [CS, Xi] Client-server Architecture Theorem Provers for Proof Carrying Authentication Benefit: Direct manipulation of derivations Automatic code generation Dimension 4: Programming
16
16 Dimension 4: Programming Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner Delphin Fun. Programming
17
17 Rest of this Talk Proof Planning in Twelf Used at Yale, CMU, Princeton, Stanford, Harvard (?)…
18
18 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner
19
19 Let’s get started Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework
20
20 Safety Proof Language Intuitionistic logic: Sequent calculus: [Gentzen 35] Judgment: Rules:
21
21 Logical framework LF [Honsell, Harper, Plotkin 93] Simply typed λ -calculus Dependent types Paradigm Judgments as types (assumptions as contexts) Derivations as objects Representation Logical Framework
22
22 Representation (cont’d) Inference rules as constants axiom : (hyp A -> conc A). impr : (hyp A -> conc B) -> conc (A imp B). impl : conc A -> (hyp B -> conc C) -> (hyp (A imp B) -> conc C). cut : conc A -> (hyp A -> conc C) -> conc C.
23
23 Reasoning about the real world is as good as the encoding is Representation (cont’d) 1-to-1 Logic Logical Framework
24
24 Logical Frameworks Research Focuses on common concepts Hypotheses State Enriches logical framework Substitution (beta reduction) Update (resource oriented logics)
25
25 Logical Frameworks Research Emphasis 1: Representation Extend frameworks conservatively Terms are not dead, they live! Example: Twelf Emphasis 2: Reasoning Examples: Coq, Isabelle, Lego
26
26 Remarks Elegance Higher-order representation techniques Dependent types Benefit for this work: Variables and substitutions come for free! We can look at the current field of problem solving by computers as a series of ideas about how to present a problem. If a problem can be cast into one of these representations in a natural way, then it is possible to manipulate it and stand some chance of solving it. [Allen Newell]
27
27 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework
28
28 Is the Logic Consistent? Theorem [Admissibility]: [Gentzen 35] If and then Fundamental theorem in logic [Gentzen 35] Consistency of first-order logic Structural proof [Pfenning 95] Twelf can prove it automatically
29
29 Meta Logic M w First-order logic Induction principles for arbitrary higher-order encodings [CS 00,01] Theorem [Admissibility]: If and then +
30
30 Proof Planning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner
31
31 The Situation What we have: Logical Framework LF Proofs by induction How can we find proofs automatically and quickly?
32
32 Pruning the Search Space Formulas Theorems None-Theorems
33
33 Common Operations Splitting ( Case analysis) Recursion ( Induction hypothesis) Filling Constructing safety proofs Resolution based techniques D: conc AE: hyp A -> conc BA:oC:o
34
34 Profiling reveals With naïve Prototype implementation:
35
35 Explanation Reason 1: Search spaces enormous Reason 2: Side effect of failure
36
36 Possible Tackles Reason 1: Search spaces enormous Tabled proof search [Pientka ‘02] Outsourcing [Vampire?] Reason 2: Side effect of failure Pruning through proof plans Decidable criterion
37
37 Approximations Meta Logic Proof Plans Framework dependent Problem independent Theorem Approximated Theorem Plan Theorem Prover abstraction search
38
38 Proof Planning Calculus P w First order logic [CS, Autexier 02] Propositions approximate type families Natural deduction Decidable (because of M2L) +
39
39 Central Insight Exploit information contained in types indices. Example: “We have an object of type family conc containing information on A” “We have another object of type family conc containing information on B once we know …” D: conc AE: hyp A -> conc B
40
40 Observation There is no proof of But Splitting on (D, E) Proof plans exist for each case. Let’s try to prove. SUCCESS!
41
41 A Few Details Abstraction is defined as follows
42
42 Soundness Theorem If without case rules And Then. Proof: by induction on. Benefit: Read it backwards!
43
43 Summary Proof planning calculus P w Recognizes unpromising states Provides proof search guidance Gives a logical explanation to proof plans Failure criterion Inspects a proof state Recognizes unpromising ones quickly Decidable +
44
44 Summary Importance Push button technology Network/authentication/e-voting protocols Proof planning system P w Works for encodings in LF TI-abstraction [Giungilia, Walsh 91] Implementation is underway +
45
45 Our Goal: Tools to … design safety architectures reason about our designs automate reasoning processes involved program with our designs We are on the way!
46
46 Future Work Alternative proof techniques Logical relations [CS, Sarnat] Coinduction [CS, Momigliano] Application domain Network protocols E-Voting Infinite structures Choice sequences vs. Co-induction Adequate representation of infinite traces
47
47 Conclusion For more information about Twelf and Delphin check http://www.twelf.org
48
48 Theorem Prover/ Model Checker Compiler Server Authentication Protocols Client Safety proof Language Source Model Safety Proof Trusted Computing Base
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.