Results 1  10
of
11
A Proof of the ChurchRosser Theorem and its Representation in a Logical Framework
, 1992
"... We give a detailed, informal proof of the ChurchRosser property for the untyped lambdacalculus and show its representation in LF. The proof is due to Tait and MartinLöf and is based on the notion of parallel reduction. The representation employs higherorder abstract syntax and the judgmentsast ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
We give a detailed, informal proof of the ChurchRosser property for the untyped lambdacalculus and show its representation in LF. The proof is due to Tait and MartinLöf and is based on the notion of parallel reduction. The representation employs higherorder abstract syntax and the judgmentsastypes principle and takes advantage of term reconstruction as it is provided in the Elf implementation of LF. Proofs of metatheorems are represented as higherlevel judgments which relate sequences of reductions and conversions.
A Symbiotic Relationship Between Formal Methods and Security
 IN PROCEEDINGS COMPUTER SECURITY, DEPENDABILITY, AND ASSURANCE: FROM NEEDS TO SOLUTIONS
, 1998
"... Security played a significant role in the development of formal methods in the 70s and early 80s. Have the tables turned? Are formal methods now ready to play a significant role in the development of more secure systems? While not a panacea, the answer is yes, formal methods can and should play su ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
Security played a significant role in the development of formal methods in the 70s and early 80s. Have the tables turned? Are formal methods now ready to play a significant role in the development of more secure systems? While not a panacea, the answer is yes, formal methods can and should play such a role. In this paper I first review the limits of formal methods. Then after a brief historical excursion, I summarize some recent results on how model checking and theorem proving tools revealed new and known flaws in authentication protocols. Looking to the future I discuss the challenges and opportunities for formal methods in analyzing the security of systems, above and beyond the protocol level.
Theory Generation for Security Protocols
, 1999
"... We introduce theory generation, a new generalpurpose technique for performing automated verification. Theory generation draws inspiration from, and complements, both automated theorem proving and symbolic model checking, the two approaches that currently dominate mechanical reasoning. At the core o ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
We introduce theory generation, a new generalpurpose technique for performing automated verification. Theory generation draws inspiration from, and complements, both automated theorem proving and symbolic model checking, the two approaches that currently dominate mechanical reasoning. At the core of this approach is the notion of producing a finite representation of a theoryall the facts derivable from a set of assumptions. We present an algorithm for producing compact theory representations for an expressive class of simple logics. Securitysensitive protocols are widely used today, and the growing popularity of electronic commerce is leading to increasing reliance on them. Though simple in structure, these protocols are notoriously difficult to design properly. Since specifications of these protocols typically involve only a small number of principals, keys, nonces, and messages, and since many properties of interest can be expressed in "little logics" such as the Burro...
Fast, Automatic Checking of Security Protocols
 PROC. OF THE USENIX 1996 WORKSHOP ON ELECTRONIC COMMERCE
, 1996
"... Protocols in electronic commerce and other securitysensitive applications require careful reasoning to demonstrate their robustness against attacks. Several logics have been developed for doing this reasoning formally,but protocol designers usually do the proofs by hand, a process which is timecon ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Protocols in electronic commerce and other securitysensitive applications require careful reasoning to demonstrate their robustness against attacks. Several logics have been developed for doing this reasoning formally,but protocol designers usually do the proofs by hand, a process which is timeconsuming and errorprone. We present a new approach, theory checking, to analyzing and verifying properties of security protocols. In this approach we generate the entire finite theory, Th, of a logic for reasoning about a security protocol; determining whether it satisfies a property, OE, is thus a simple membership test: OE 2 Th. Our approach relies on (1) modeling a finite instance of a protocol in the way that the security community naturally, though informally, presents a security protocol, and (2) placing restrictions on a logic's rules of inference to guarantee that our algorithm terminates, generating a finite theory. A novel benefit to our approach is that because of these restriction...
A games semantics for reductive logic and proofsearch
 GaLoP 2005: Games for Logic and Programming Languages
, 2005
"... Abstract. Theorem proving, or algorithmic proofsearch, is an essential enabling technology throughout the computational sciences. We explain the mathematical basis of proofsearch as the combination of reductive logic together with a control régime. Then we present a games semantics for reductive l ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Theorem proving, or algorithmic proofsearch, is an essential enabling technology throughout the computational sciences. We explain the mathematical basis of proofsearch as the combination of reductive logic together with a control régime. Then we present a games semantics for reductive logic and show how it may be used to model two important examples of control, namely backtracking and uniform proof. 1 Introduction to reductive logic and proofsearch Theorem proving, or algorithmic proofsearch, is an essential enabling technology throughout the computational sciences. We explain the mathematical basis of proofsearch as the combination of reductive logic together with a control régime. Then we present a games semantics for reductive logic and show how it may be used to model two important
On Generic Representation of Implicit Induction Procedures
, 1996
"... We develop a generic representation of implicit induction proof procedures within the cover set induction framework. Our work further develops the approach of cover set induction on propositional orderings. We show that in order to represent a substantially wide range of implicit induction proced ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We develop a generic representation of implicit induction proof procedures within the cover set induction framework. Our work further develops the approach of cover set induction on propositional orderings. We show that in order to represent a substantially wide range of implicit induction procedures it is necessary to generalize the induction on formulas (propositions) to the induction on formula instances. We present a generic induction procedure which captures virtually all the existing implicit induction procedures developed from the inductive completion framework. We establish the formal relationship between the generic induction procedure and the cover set induction scheme. We also demonstrate that the developed generic framework allows for easy generalization/modification of the existing procedures. CR Subject Classification (1991): I.2.3, I.1.3. Keywords & Phrases: automated induction, algebraic specifications, term rewriting. Note: The author was supported by the N...
University of California–Berkeley and
"... In this paper, the authors describe their initial investigations in computational metaphysics. Our method is to implement axiomatic metaphysics in an automated reasoning system. In this objects is implemented in prover9 (a firstorder automated reasoning system which is the successor to otter). Afte ..."
Abstract
 Add to MetaCart
In this paper, the authors describe their initial investigations in computational metaphysics. Our method is to implement axiomatic metaphysics in an automated reasoning system. In this objects is implemented in prover9 (a firstorder automated reasoning system which is the successor to otter). After reviewing the secondorder, axiomatic theory of abstract objects, we show (1)howtorepresentafragmentofthattheoryinprover9’s firstorder syntax, and (2) how prover9 then finds proofs of interesting theorems of metaphysics, such as that every possible world is maximal. We conclude the paper by discussing some issues for further research. 1.
A SelfVerifying Theorem Prover Committee:
"... Allen Emerson, John Harrison, Warren Hunt, Matt Kaufmann, Vladimir Lifschitz, and J Moore for their time, expertise, advice, suggestions, and encouragement. This work would not have been started, let alone finished, without them. I thank Dave Greve, Robert Krug, Sandip Ray, Erik Reeber, and Eric Smi ..."
Abstract
 Add to MetaCart
Allen Emerson, John Harrison, Warren Hunt, Matt Kaufmann, Vladimir Lifschitz, and J Moore for their time, expertise, advice, suggestions, and encouragement. This work would not have been started, let alone finished, without them. I thank Dave Greve, Robert Krug, Sandip Ray, Erik Reeber, and Eric Smith, each of whom has played a significant role in my learning to use ACL2. I also thank Andrew Gacek, John Matthews, and Bill Young for their special interest in this project and for useful feedback. I thank the many people I have worked with at Rockwell Collins and Centaur
Towards Proof Planning for ...
, 2002
"... This paper describes the proof planning system # for the meta theorem prover implemented in Twelf. The main contributions include a formal system that approximates the flow of information between universal and existential quantified assumptions within a meta proof, a set of inference rules to rea ..."
Abstract
 Add to MetaCart
This paper describes the proof planning system # for the meta theorem prover implemented in Twelf. The main contributions include a formal system that approximates the flow of information between universal and existential quantified assumptions within a meta proof, a set of inference rules to reason about those approximations, and a soundness proof that guarantees that the proof planner does not reject promising proof states.
A Computational Induction Principle
, 1991
"... It is critical to have an induction method for reasoning about recursive programs expressed as fixed points, for otherwise our reasoning ability is severely impaired. The fixed point induction rule developed by deBakker and Scott is one such well known principle. Here we propose a new induction meth ..."
Abstract
 Add to MetaCart
It is critical to have an induction method for reasoning about recursive programs expressed as fixed points, for otherwise our reasoning ability is severely impaired. The fixed point induction rule developed by deBakker and Scott is one such well known principle. Here we propose a new induction method, computational induction, which is an induction on the computation process. Computational induction is founded on different principles than the fixed point induction principleit can only be defined in deterministic settings, and it cannot be modeled denotationally. Fixed point induction and computational induction prove many of the same facts; the relation between the two is examined in detail. 1 Introduction In a theory for reasoning about programs, in particular recursive functions defined via fixed points, there must exist induction principles if interesting results are to be proven. A number of different induction principles have been developed; for a review, see [Man74]. Author'...