Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,"— Presentation transcript:

1 A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://www.cs.stanford.edu/~iliano CS Department, UMBCFebruary 27-28 2003

2 I. Cervesato: A Concurrent Logical Framework1 CLF Where it comes from Logical Frameworks The LF approach What it is True concurrency Monadic encapsulation A canonical approach What’s next?

3 I. Cervesato: A Concurrent Logical Framework2 All about Logical Frameworks Represent and reason about object systems Languages, logics, … Often semi-formalized as deductive systems Reasoning often informal Benefits Formal specification of object system Automate verification of reasoning arguments Feed back into other tools Theorem provers, PCC, …

4 I. Cervesato: A Concurrent Logical Framework3 The LF Way Identify fundamental mechanisms and build them into the framework (soundly!)  done (right) once and for all instead of each time Modular constructions: [  -Algebras] app f a Variable binding,  -renaming, substitution [LF] x. x+1 Disposable, updateable cell [LLF] ^s’. f ^ s True concurrency [CLF]

5 I. Cervesato: A Concurrent Logical Framework4 It’s all about Adequacy Task - complex - long - tedious Object system Representation Automated Informal Adequacy: correctness of the transcription LF: make adequacy as simple as possible rather than (Gödel numbers)

6 I. Cervesato: A Concurrent Logical Framework5 Representation Targets Mottos, mottos, mottos … LF: judgments-as-types / proofs-as-objects 3+5 = 8  N : ev (+ 3 5) 8 LLF: state-as-linear-hypotheses / imperative-computations-as- linear-functions CLF: concurrent-computations-as-monadic-expressions / … nextLF: blablablablablabla -as- blablablablablablablabla / blablablablablablablablabl -as- blablablablablabablablablablablablabla Judgment (a statement we want to make) typeobject

7 I. Cervesato: A Concurrent Logical Framework6 Make it Canonical, Sam Each object of interest has exactly 1 representation Canonical objects:  -long,  -normal _LF term Decidable, computable terms proofs evaluations N:tm N:pf A B N:ev E V Object system _LF 1-1

8 I. Cervesato: A Concurrent Logical Framework7 Types (“asynchronous” constructors of ILL) A ::= a |  x:A. B | A –o B | A & B | T Terms N ::= x | x:A. N | N 1 N 2 ^x:A. N | N 1 ^N 2 | | fst N | snd N | <> Main judgment  ;  |- N : A But what is LLF?But what is LF? Types A ::= a |  x:A. B Terms N ::= x | x:A. N | N 1 N 2 Main judgment  |- N : A

9 I. Cervesato: A Concurrent Logical Framework8 CLF

10 I. Cervesato: A Concurrent Logical Framework9 An Example Security protocol spec. net out (m) net in (m)  x. net out (x)  net in (x) net(m) Security protocol spec. Many instances can be executing concurrently

11 I. Cervesato: A Concurrent Logical Framework10 LLF Encoding net : stepo– net out m o– (net in m –o step). LLF forces continuation-passing style Consider 2 independent applications: n i 1. net ^ n o 1 ^ ( n i 2. net ^ n o 2 ^ C) n i 2. net ^ n o 2 ^ ( n i 1. net ^ n o 1 ^ C) Should be indistinguishable (true concurrency) Equate them at the meta-level same-trace T 1 T 2 o- … Never-ending even for small system!

12 I. Cervesato: A Concurrent Logical Framework11 Encoding in Linear logic  m. net out m –o net in m Much simpler In general, requires “synchronous” operators  and 1 Concurrency given by “commuting conversions” let x 1  y 1 = N 1 in (let x 2  y 2 = N 2 in M) =let x 2  y 2 = N 2 in (let x 1  y 1 = N 1 in M) if x i,y i  FV(R 2- i ) … looks like what we want …

13 I. Cervesato: A Concurrent Logical Framework12 However … Commuting conversions are too wild Allow permutations we don’t care for Synchronous types destroy uniqueness of canonical forms nat:type. z:nat. s:nat->nat. c:1. Natural numbers: z, s z, s ( s z ), … What about let 1 = c in z ? What if c is linear? No good! 

14 I. Cervesato: A Concurrent Logical Framework13 Monadic Encapsulation Separate synchronous and asynchronous types Outside the monad LLF types (asynchronous)  -long,  -normal forms Inside the monad Synchronous types Commuting conversions Concurrency equation  -long,  -normal forms Monad is a sandbox for synchronous behavior

15 I. Cervesato: A Concurrent Logical Framework14 CLF Types A ::= a |  x:A. B | A –o B | A & B | T | {S} S ::= A | !A | S 1  S 2 | 1 |  x:A. S Terms N ::= x | x:A. N | N 1 N 2 | ^x:A. N | N 1 ^N 2 | | fst N | snd N | <> | {E} E ::= M | let {p} = N in E M ::= N | !N | M 1  M 2 | 1 | [N,M] p ::= x | !x | p 1  p 2 | 1 | [x,p]

16 I. Cervesato: A Concurrent Logical Framework15 Example in CLF net : net in m –o { net out m }. Relating the 2 specifications 2 sets of CLF declarations Meta-level definition of trace transformation simplify-net {T i/o } {T} Trivial mapping Permutations handled automatically No need to take action Critical for more complex examples

17 I. Cervesato: A Concurrent Logical Framework16 The Canonical Approach _LF meta-theory: Decidability of type-checking Existence of unique canonical forms Substitution theorem, … A progression of techniques LF: start with equality modulo ,  over all terms ~10 years to prove [several Ph.D. theses, book] LLF: start with equality modulo  over  -long terms ~6 months to prove [thesis] CLF: work only with  -long,  -normal terms ~2 weeks to prove [method is the thesis] Applicable with minimal effort to other languages

18 I. Cervesato: A Concurrent Logical Framework17 Examples and Applications  -calculus Synchronous Asynchronous Concurrent ML Petri nets Execution-sequence semantics Trace semantics MSR security protocol specification language No implementation … yet …

19 I. Cervesato: A Concurrent Logical Framework18 Further Reading Watkins, Cervesato, Pfenning, Walker: A Concurrent Logical Framework: the Propositional Case, Oct. 2002 CPWW: A Concurrent Logical Framework, Jan. 2002 Forthcoming technical reports A Concurrent Logical Framework I: Judgments and Properties A Concurrent Logical Framework II: Examples and Applications NOT the paper in the proceedings

20 I. Cervesato: A Concurrent Logical Framework19 What Next?

21 I. Cervesato: A Concurrent Logical Framework20 Future Work Further development Appropriate operational semantics Irrelevant types Multiple monads, … Further experience More concurrent systems Process algebras Security protocols, … Reasoning Trace-base reasoning Process equivalences, …

22 I. Cervesato: A Concurrent Logical Framework21 Conclusions CLF A logical framework that internalizes true concurrency Monadic encapsulation tames commuting conversions Canonical approach to meta-theory Good number of examples This is just the beginning … plenty more to do!

Download ppt "A Concurrent Logical Framework (Joint work with Frank Pfenning, David Walker, and Kevin Watkins) Iliano Cervesato ITT Industries,"

Similar presentations

1 Knowledge Representation Introduction KR and Logic.

1 Knowledge Representation Introduction KR and Logic.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Introduction The concept of transform appears often in the literature of image processing and data compression. Indeed a suitable discrete representation.

Introduction The concept of transform appears often in the literature of image processing and data compression. Indeed a suitable discrete representation.
Biointelligence Lab School of Computer Sci. & Eng.

Biointelligence Lab School of Computer Sci. & Eng.
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
The lambda calculus David Walker CS 441. the (untyped) lambda calculus a language of functions e ::= x | \x.e | e1 e2 v ::= \x.e there are several different.

The lambda calculus David Walker CS 441. the (untyped) lambda calculus a language of functions e ::= x | \x.e | e1 e2 v ::= \x.e there are several different.
The lambda calculus David Walker CS 441. the lambda calculus Originally, the lambda calculus was developed as a logic by Alonzo Church in 1932 –Church.

The lambda calculus David Walker CS 441. the lambda calculus Originally, the lambda calculus was developed as a logic by Alonzo Church in 1932 –Church.
Timed Automata.

Timed Automata.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.

CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)

Refining Mechanized Metatheory: Subtyping for LF William Lovas (with Frank Pfenning)
1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.

1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.
MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato ITT Industries, NRL Washington,

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato ITT Industries, NRL Washington,
Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.

Twelf: The Quintessential Proof Assistant for Language Metatheory Karl Crary Carnegie Mellon University Joint work with Robert Harper and Michael Ashley-Rollman.
Focusing in Proof-search and Concurrent Synchronization Deepak Garg Carnegie Mellon University (Based on joint work with Frank Pfenning)

Focusing in Proof-search and Concurrent Synchronization Deepak Garg Carnegie Mellon University (Based on joint work with Frank Pfenning)
December 7, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 9: Automated Verification Iliano Cervesato

December 7, 2001DIMI, Universita’ di Udine, Italy Graduate Course on Computer Security Lecture 9: Automated Verification Iliano Cervesato

Similar presentations

Ads by Google