1 / 48

Proof Planning in Logical Frameworks

Proof Planning in Logical Frameworks. Carsten Schürmann Yale University September 2002. Motivating questions. Is the number of CERT advisories increasing or decreasing? Who can vouch for the correctness of the BLUETOOTH protocol? Will we ever vote electronically?

quinn-robinson
Download Presentation

Proof Planning in Logical Frameworks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proof Planning in Logical Frameworks Carsten Schürmann Yale University September 2002

  2. Motivating questions • Is the number of CERT advisories increasing or decreasing? • Who can vouch for the correctness of the BLUETOOTH protocol? • Will we ever vote electronically? • Is the complexity of network protocols increasing or decreasing?

  3. Safety Architectures • Examples • Authentication • Network routing • E-voting • Mobile Code • Requirements • Flexible design • Extensibility • Trust

  4. Type System (toy)

  5. Type System (real)

  6. Proof Checker Safety Proof Safety Proof Language Trusted Computing Base Programming Languages Binary Source Compiler

  7. Complexity • Safety proof languages • PCC : 129 rules [Necula, Lee 97] • FPCC : several 100 rules [Appel, Felty 01] • FLINT: ?? rules [Zhao, et al 02] • Typed Assembly Language • Type theory: 31 rules[Morrisett, Crary … 98] • Proof Checker: approx 4000 lines • Blue Tooth Protocol • Type system: 1000 pages prose

  8. We need tools to … • … control the inherent complexity • design safety architectures • reason about our designs • automate reasoning processes involved • program with our designs

  9. Proof Checker Proof Checker Safety Proof Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Language Safety Proof Safety Proof Language Dimension 1: Design • Logical Frameworks encode • Safety Proof Languages • Type Systems • Security Protocols • Benefit: • Storing • Shipping • Checking Binary

  10. Dimension 1: Design • Safety Proof Languages • Higher-order logic • Temporal Logic • Modal Logic • Linear Logic • Coq Logic • Type Systems

  11. Dimension 2: Reasoning • Meta logical framework • Consistency • Completeness • Type Safety • Freeness of attacks • Benefit: • Trusting • Verifying Is the safety proof language consistent? Can somebody steal an e-vote? Can an intruder steal keys?

  12. Meta Logical Framework Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Dimension 2: Reasoning

  13. Proof Planner Dimension 3: Automation • Proof planning [CS, Autexier] • Push buttom technology • Ease of use • Failure interpretation • Benefit: • Level of abstraction • Interactive design cycle • Quick response

  14. Meta Logical Framework Proof Planner Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Dimension 3: Automation

  15. Dimension 4: Programming • Delphin [CS, Yu, Poswolsky] • Compilers [CS, Xi] • Client-server Architecture • Theorem Provers for Proof Carrying Authentication • Benefit: • Direct manipulation of derivations • Automatic code generation

  16. Meta Logical Framework Proof Planner Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Delphin Fun. Programming Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Dimension 4: Programming

  17. Rest of this Talk • Proof Planning • in • Twelf • Used at Yale, CMU, Princeton, Stanford, Harvard (?)…

  18. Meta Logical Framework Proof Planner Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Overview

  19. Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Let’s get started

  20. Safety Proof Language • Intuitionistic logic: • Sequent calculus: [Gentzen 35] • Judgment: • Rules:

  21. Representation • Logical framework LF[Honsell, Harper, Plotkin 93] • Simply typed λ-calculus • Dependent types • Paradigm • Judgments as types (assumptions as contexts) • Derivations as objects Logical Framework

  22. axiom : (hyp A -> conc A). impr : (hyp A -> conc B) -> conc (A imp B). impl : conc A -> (hyp B -> conc C) -> (hyp (A imp B) -> conc C). cut : conc A -> (hyp A -> conc C) -> conc C. Representation (cont’d) • Inference rules as constants

  23. Representation (cont’d) • Reasoning about the real world • is as good as the encoding is Logic Logical Framework 1-to-1

  24. Logical Frameworks Research • Focuses on common concepts • Hypotheses • State • Enriches logical framework • Substitution (beta reduction) • Update (resource oriented logics)

  25. Logical Frameworks Research • Emphasis 1: Representation • Extend frameworks conservatively • Terms are not dead, they live! • Example: Twelf • Emphasis 2: Reasoning • Examples: Coq, Isabelle, Lego

  26. Remarks We can look at the current field of problem solving by computers as a series of ideas about how to present a problem. If a problem can be cast into one of these representations in a natural way, then it is possible to manipulate it and stand some chance of solving it. [Allen Newell] • Elegance • Higher-order representation techniques • Dependent types • Benefit for this work: • Variables and substitutions come for free!

  27. Meta Logical Framework Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Overview

  28. Is the Logic Consistent? • Theorem [Admissibility]:[Gentzen 35] • If and then • Fundamental theorem in logic [Gentzen 35] • Consistency of first-order logic • Structural proof [Pfenning 95] • Twelf can prove it automatically

  29. + Meta Logic Mw • First-order logic • Induction principles for arbitrary higher-order encodings [CS 00,01] Theorem [Admissibility]: If and then

  30. Meta Logical Framework Proof Planner Is the Safety Proof Language Consistent? Proof Checker Safety Proof Logical Framework Binary Proof Checker Safety Proof Language Safety Proof Safety Proof Language Proof Planning

  31. The Situation • What we have: • Logical Framework LF • Proofs by induction • How can we find proofs • automatically and quickly?

  32. None-Theorems Formulas Theorems Pruning the Search Space

  33. Common Operations • Splitting (Case analysis) • Recursion (Induction hypothesis) • Filling • Constructing safety proofs • Resolution based techniques A:o C:o D: conc A E: hyp A -> conc B

  34. Profiling reveals • With naïve Prototype implementation:

  35. Explanation • Reason 1: Search spaces enormous • Reason 2: Side effect of failure

  36. Possible Tackles • Reason 1: Search spaces enormous • Tabled proof search [Pientka ‘02] • Outsourcing [Vampire?] • Reason 2: Side effect of failure • Pruning through proof plans • Decidable criterion

  37. Approximations • Meta Logic Proof Plans Framework dependent Problem independent Approximated Theorem Plan search Theorem Prover abstraction Theorem

  38. + Proof Planning Calculus Pw • First order logic [CS, Autexier 02] • Propositions approximate type families • Natural deduction • Decidable (because of M2L)

  39. Central Insight • Exploit information contained in types indices. • Example: • “We have an object of type family conc containing information on A” • “We have another object of type family conc containing information on B once we know …” D: conc A E: hyp A -> conc B

  40. Observation • There is no proof of • But • Splitting on (D, E) • Proof plans exist for each case. • Let’s try to prove. SUCCESS!

  41. A Few Details • Abstraction is defined as follows

  42. Soundness Theorem If without case rules And Then . • Proof: by induction on . • Benefit: Read it backwards!

  43. Summary + • Proof planning calculus Pw • Recognizes unpromising states • Provides proof search guidance • Gives a logical explanation to proof plans • Failure criterion • Inspects a proof state • Recognizes unpromising ones quickly • Decidable

  44. Summary • Importance • Push button technology • Network/authentication/e-voting protocols • Proof planning system Pw • Works for encodings in LF • TI-abstraction [Giungilia, Walsh 91] • Implementation is underway +

  45. Our Goal: Tools to … • design safety architectures • reason about our designs • automate reasoning processes involved • program with our designs • We are on the way!

  46. Future Work • Alternative proof techniques • Logical relations [CS, Sarnat] • Coinduction [CS, Momigliano] • Application domain • Network protocols • E-Voting • Infinite structures • Choice sequences vs. Co-induction • Adequate representation of infinite traces

  47. Conclusion • For more information about • Twelf and Delphin • check http://www.twelf.org

  48. Trusted Computing Base Authentication Protocols Client Compiler Source Server Theorem Prover/ Model Checker Model Safety Proof Safety proof Language

More Related