Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002.

Published byHugh Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002."— Presentation transcript:

1 Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002

2 2 Motivating questions Is the number of CERT advisories increasing or decreasing? Who can vouch for the correctness of the BLUETOOTH protocol? Will we ever vote electronically? Is the complexity of network protocols increasing or decreasing?

3 3 Safety Architectures Examples  Authentication  Network routing  E-voting  Mobile Code Requirements  Flexible design  Extensibility  Trust

4 4 Type System (toy)

5 5 Type System (real)

6 6 CompilerSource Proof Checker Safety Proof Safety Proof Language Trusted Computing Base Binary Programming Languages

7 7 Complexity Safety proof languages  PCC : 129 rules [Necula, Lee 97]  FPCC : several 100 rules [Appel, Felty 01]  FLINT : ?? rules [Zhao, et al 02] Typed Assembly Language  Type theory: 31 rules [Morrisett, Crary … 98]  Proof Checker: approx 4000 lines Blue Tooth Protocol  Type system: 1000 pages prose

8 8 We need tools to … … control the inherent complexity  design safety architectures  reason about our designs  automate reasoning processes involved  program with our designs

9 9 Dimension 1: Design Logical Frameworks encode  Safety Proof Languages  Type Systems  Security Protocols Benefit:  Storing  Shipping  Checking Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

10 10 Safety Proof Languages  Higher-order logic  Temporal Logic  Modal Logic  Linear Logic  Coq Logic  Type Systems Dimension 1: Design

11 11 Meta logical framework  Consistency  Completeness  Type Safety  Freeness of attacks Benefit:  Trusting  Verifying Dimension 2: Reasoning Is the safety proof language consistent? Can an intruder steal keys? Can somebody steal an e-vote?

12 12 Dimension 2: Reasoning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

13 13 Proof planning [CS, Autexier]  Push buttom technology  Ease of use  Failure interpretation Benefit:  Level of abstraction  Interactive design cycle  Quick response Dimension 3: Automation Proof Planner

14 14 Dimension 3: Automation Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

15 15 Delphin [CS, Yu, Poswolsky]  Compilers [CS, Xi]  Client-server Architecture  Theorem Provers for Proof Carrying Authentication Benefit:  Direct manipulation of derivations  Automatic code generation Dimension 4: Programming

16 16 Dimension 4: Programming Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner Delphin Fun. Programming

17 17 Rest of this Talk Proof Planning in Twelf Used at Yale, CMU, Princeton, Stanford, Harvard (?)…

18 18 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

19 19 Let’s get started Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

20 20 Safety Proof Language Intuitionistic logic: Sequent calculus: [Gentzen 35]  Judgment:  Rules:

21 21 Logical framework LF [Honsell, Harper, Plotkin 93]  Simply typed λ -calculus  Dependent types Paradigm  Judgments as types (assumptions as contexts)  Derivations as objects Representation Logical Framework

22 22 Representation (cont’d) Inference rules as constants axiom : (hyp A -> conc A). impr : (hyp A -> conc B) -> conc (A imp B). impl : conc A -> (hyp B -> conc C) -> (hyp (A imp B) -> conc C). cut : conc A -> (hyp A -> conc C) -> conc C.

23 23 Reasoning about the real world is as good as the encoding is Representation (cont’d) 1-to-1 Logic Logical Framework

24 24 Logical Frameworks Research Focuses on common concepts  Hypotheses  State Enriches logical framework  Substitution (beta reduction)  Update (resource oriented logics)

25 25 Logical Frameworks Research Emphasis 1: Representation Extend frameworks conservatively Terms are not dead, they live! Example: Twelf Emphasis 2: Reasoning Examples: Coq, Isabelle, Lego

26 26 Remarks Elegance  Higher-order representation techniques  Dependent types Benefit for this work:  Variables and substitutions come for free! We can look at the current field of problem solving by computers as a series of ideas about how to present a problem. If a problem can be cast into one of these representations in a natural way, then it is possible to manipulate it and stand some chance of solving it. [Allen Newell]

27 27 Overview Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework

28 28 Is the Logic Consistent? Theorem [Admissibility]: [Gentzen 35] If and then  Fundamental theorem in logic [Gentzen 35]  Consistency of first-order logic  Structural proof [Pfenning 95]  Twelf can prove it automatically

29 29 Meta Logic M w  First-order logic  Induction principles for arbitrary higher-order encodings [CS 00,01] Theorem [Admissibility]: If and then +

30 30 Proof Planning Is the Safety Proof Language Consistent? Meta Logical Framework Proof Checker Safety Proof Safety Proof Language Binary Proof Checker Safety Proof Language Safety Proof Logical Framework Proof Planner

31 31 The Situation What we have:  Logical Framework LF  Proofs by induction How can we find proofs automatically and quickly?

32 32 Pruning the Search Space Formulas Theorems None-Theorems

33 33 Common Operations Splitting ( Case analysis) Recursion ( Induction hypothesis) Filling  Constructing safety proofs  Resolution based techniques D: conc AE: hyp A -> conc BA:oC:o

34 34 Profiling reveals With naïve Prototype implementation:

35 35 Explanation Reason 1: Search spaces enormous Reason 2: Side effect of failure

36 36 Possible Tackles Reason 1: Search spaces enormous  Tabled proof search [Pientka ‘02]  Outsourcing [Vampire?] Reason 2: Side effect of failure  Pruning through proof plans  Decidable criterion

37 37 Approximations Meta Logic Proof Plans  Framework dependent  Problem independent Theorem Approximated Theorem Plan Theorem Prover abstraction search

38 38 Proof Planning Calculus P w  First order logic [CS, Autexier 02]  Propositions approximate type families  Natural deduction  Decidable (because of M2L) +

39 39 Central Insight Exploit information contained in types indices. Example: “We have an object of type family conc containing information on A” “We have another object of type family conc containing information on B once we know …” D: conc AE: hyp A -> conc B

40 40 Observation There is no proof of But  Splitting on (D, E)  Proof plans exist for each case.  Let’s try to prove. SUCCESS!

41 41 A Few Details Abstraction is defined as follows

42 42 Soundness Theorem If without case rules And Then. Proof: by induction on. Benefit: Read it backwards!

43 43 Summary Proof planning calculus P w  Recognizes unpromising states  Provides proof search guidance  Gives a logical explanation to proof plans Failure criterion  Inspects a proof state  Recognizes unpromising ones quickly  Decidable +

44 44 Summary Importance  Push button technology  Network/authentication/e-voting protocols Proof planning system P w  Works for encodings in LF  TI-abstraction [Giungilia, Walsh 91] Implementation is underway +

45 45 Our Goal: Tools to …  design safety architectures  reason about our designs  automate reasoning processes involved  program with our designs We are on the way!

46 46 Future Work Alternative proof techniques  Logical relations [CS, Sarnat]  Coinduction [CS, Momigliano] Application domain  Network protocols  E-Voting Infinite structures  Choice sequences vs. Co-induction  Adequate representation of infinite traces

47 47 Conclusion For more information about Twelf and Delphin check http://www.twelf.org

48 48 Theorem Prover/ Model Checker Compiler Server Authentication Protocols Client Safety proof Language Source Model Safety Proof Trusted Computing Base

Download ppt "Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.

The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)

An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
Mathematical Modeling Carsten Schürmann DemTech April 8, 2015 IEEE-SA VSSC-1622.6.

Mathematical Modeling Carsten Schürmann DemTech April 8, 2015 IEEE-SA VSSC
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
What’s left in the course. The course in a nutshell Logics Techniques Applications.

What’s left in the course. The course in a nutshell Logics Techniques Applications.
Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.

Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.
A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

Similar presentations

Ads by Google