Results 1  10
of
223
System Description: Twelf  A MetaLogical Framework for Deductive Systems
 Proceedings of the 16th International Conference on Automated Deduction (CADE16
, 1999
"... . Twelf is a metalogical framework for the specification, implementation, and metatheory of deductive systems from the theory of programming languages and logics. It relies on the LF type theory and the judgmentsastypes methodology for specification [HHP93], a constraint logic programming interp ..."
Abstract

Cited by 348 (54 self)
 Add to MetaCart
(Show Context)
. Twelf is a metalogical framework for the specification, implementation, and metatheory of deductive systems from the theory of programming languages and logics. It relies on the LF type theory and the judgmentsastypes methodology for specification [HHP93], a constraint logic programming interpreter for implementation [Pfe91], and the metalogic M2 for reasoning about object languages encoded in LF [SP98]. It is a significant extension and complete reimplementation of the Elf system [Pfe94]. Twelf is written in Standard ML and runs under SML of New Jersey and MLWorks on Unix and Window platforms. The current version (1.2) is distributed with a complete manual, example suites, a tutorial in the form of online lecture notes [Pfe], and an Emacs interface. Source and binary distributions are accessible via the Twelf home page http://www.cs.cmu.edu/~twelf. 1 The Twelf System The Twelf system is a tool for experimentation in the theory of programming languages and logics. It supports...
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hea ..."
Abstract

Cited by 185 (14 self)
 Add to MetaCart
(Show Context)
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
A metanotation for protocol analysis
 in: Proc. CSFW’99
, 1999
"... Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the w ..."
Abstract

Cited by 166 (39 self)
 Add to MetaCart
(Show Context)
Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the way that existential quantification provides a succinct way of choosing new values, such as new keys or nonces. We define a class of theories in this formalism that correspond to finitelength protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role (e.g., client, server, initiator, or responder). Undecidability is proved for a restricted class of these protocols, and PSPACEcompleteness is claimed for a class further restricted to have no new data (nonces). Since it is a fragment of linear logic, we can use our notation directly as input to linear logic tools, allowing us to do proof search for attacks with relatively little programming effort, and to formally verify protocol transformations and optimizations. 1
Reasoning with higherorder abstract syntax in a logical framework
, 2008
"... Logical frameworks based on intuitionistic or linear logics with highertype quantification have been successfully used to give highlevel, modular, and formal specifications of many important judgments in the area of programming languages and inference systems. Given such specifications, it is natu ..."
Abstract

Cited by 103 (26 self)
 Add to MetaCart
Logical frameworks based on intuitionistic or linear logics with highertype quantification have been successfully used to give highlevel, modular, and formal specifications of many important judgments in the area of programming languages and inference systems. Given such specifications, it is natural to consider proving properties about the specified systems in the framework: for example, given the specification of evaluation for a functional programming language, prove that the language is deterministic or that evaluation preserves types. One challenge in developing a framework for such reasoning is that higherorder abstract syntax (HOAS), an elegant and declarative treatment of objectlevel abstraction and substitution, is difficult to treat in proofs involving induction. In this paper, we present a metalogic that can be used to reason about judgments coded using HOAS; this metalogic is an extension of a simple intuitionistic logic that admits higherorder quantification over simply typed λterms (key ingredients for HOAS) as well as induction and a notion of definition. The latter concept of definition is a prooftheoretic device that allows certain theories to be treated as “closed ” or as defining fixed points. We explore the difficulties of formal metatheoretic analysis of HOAS encodings by considering encodings of intuitionistic and linear logics, and formally derive the admissibility of cut for important subsets of these logics. We then propose an approach to avoid the apparent tradeoff between the benefits of higherorder abstract syntax and the ability to analyze the resulting encodings. We illustrate this approach through examples involving the simple functional and imperative programming languages PCF and PCF:=. We formally derive such properties as unicity of typing, subject reduction, determinacy of evaluation, and the equivalence of transition semantics and natural semantics presentations of evaluation.
A type system for certified binaries
 In ACM Symposium on Principles of Programming Languages
, 2002
"... A certified binary is a value together with a proof that the value satisfies a given specification. Existing compilers that generate certified code have focused on simple memory and controlflow safety rather than more advanced properties. In this paper, we present a general framework for explicitly ..."
Abstract

Cited by 86 (12 self)
 Add to MetaCart
(Show Context)
A certified binary is a value together with a proof that the value satisfies a given specification. Existing compilers that generate certified code have focused on simple memory and controlflow safety rather than more advanced properties. In this paper, we present a general framework for explicitly representing complex propositions and proofs in typed intermediate and assembly languages. The new framework allows us to reason about certified programs that involve effects while still maintaining decidable typechecking. We show how to integrate an entire proof system (the calculus of inductive constructions) into a compiler intermediate language and how the intermediate language can undergo complex transformations (CPS and closure conversion) while preserving proofs represented in the type system. Our work provides a foundation for the process of automatically generating certified binaries in a typetheoretic framework. 1
A concurrent logical framework I: Judgments and properties
, 2003
"... The Concurrent Logical Framework, or CLF, is a new logical framework in which concurrent computations can be represented as monadic objects, for which there is an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous con ..."
Abstract

Cited by 86 (30 self)
 Add to MetaCart
(Show Context)
The Concurrent Logical Framework, or CLF, is a new logical framework in which concurrent computations can be represented as monadic objects, for which there is an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous connectives# of intuitionistic linear logic, encapsulated in a monad. LLF is itself a conservative extension of LF with the asynchronous connectives #, & and #.
On Equivalence and Canonical Forms in the LF Type Theory
"... Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different ..."
Abstract

Cited by 79 (16 self)
 Add to MetaCart
Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different approach, directly proving the correctness of a practical equivalance algorithm based on the shape of terms. Neither approach appears to scale well to richer languages with, for example, unit types or subtyping, and neither provides a notion of canonical form suitable for proving adequacy of encodings. In this paper we present a new, typedirected equivalence algorithm for the LF type theory that overcomes the weaknesses of previous approaches. The algorithm is practical, scales to richer languages, and yields a new notion of canonical form sufficient for adequate encodings of logical systems. The algorithm is proved complete by a Kripkestyle logical relations argument similar to that suggested by Coquand. Crucially, both the algorithm itself and the logical relations rely only on the shapes of types, ignoring dependencies on terms.
Secure distributed programming with valuedependent types
 In: Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP
, 2011
"... Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed sidebyside with development. However, as recursion, effects, and rich librar ..."
Abstract

Cited by 73 (15 self)
 Add to MetaCart
Distributed applications are difficult to program reliably and securely. Dependently typed functional languages promise to prevent broad classes of errors and vulnerabilities, and to enable program verification to proceed sidebyside with development. However, as recursion, effects, and rich libraries are added, using types to reason about programs, specifications, and proofs becomes challenging. We present F ⋆ , a fullfledged design and implementation of a new dependently typed language for secure distributed programming. Unlike prior languages, F ⋆ provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms. The key mechanism is a new kind system that tracks several sublanguages within F ⋆ and controls their interaction. F ⋆ subsumes two previous languages, F7 and Fine. We prove type soundness (with proofs mechanized in Coq) and logical consistency for F ⋆. We have implemented a compiler that translates F ⋆ to.NET bytecode, based on a prototype for Fine. F ⋆ provides access to libraries for concurrency, networking, cryptography, and interoperability with C#, F#, and the other.NET languages. The compiler produces verifiable binaries with 60 % code size overhead for proofs and types, as much as a 45x improvement over the Fine compiler, while still enabling efficient bytecode verification. To date, we have programmed and verified more than 20,000 lines of F ⋆ including (1) new schemes for multiparty sessions; (2) a zeroknowledge privacypreserving payment protocol; (3) a provenanceaware curated database; (4) a suite of 17 webbrowser extensions verified for authorization properties; and (5) a cloudhosted multitier web application with a verified reference monitor.
Multiset Rewriting and the Complexity of Bounded Security Protocols
 Journal of Computer Security
, 2002
"... We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the ..."
Abstract

Cited by 73 (10 self)
 Add to MetaCart
(Show Context)
We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the complexity of the secrecy problem under various restrictions. We prove that, even for the case where we restrict the size of messages and the depth of message encryption, the secrecy problem is undecidable for the case of an unrestricted number of protocol roles and an unbounded number of new nonces. We also identify several decidable classes, including a dexpcomplete class when the number of nonces is restricted, and an npcomplete class when both the number of nonces and the number of roles is restricted. We point out a remaining open complexity problem, and discuss the implications these results have on the general topic of protocol analysis.
A Proof Theory for Generic Judgments
, 2003
"... this paper, we do this by adding the #quantifier: its role will be to declare variables to be new and of local scope. The syntax of the formula # x.B is like that for the universal and existential quantifiers. Following Church's Simple Theory of Types [Church 1940], formulas are given the ..."
Abstract

Cited by 73 (20 self)
 Add to MetaCart
(Show Context)
this paper, we do this by adding the #quantifier: its role will be to declare variables to be new and of local scope. The syntax of the formula # x.B is like that for the universal and existential quantifiers. Following Church's Simple Theory of Types [Church 1940], formulas are given the type o, and for all types # not containing o, # is a constant of type (# o) o. The expression # #x.B is ACM Transactions on Computational Logic, Vol. V, No. N, October 2003. 4 usually abbreviated as simply # x.B or as if the type information is either simple to infer or not important