Results 1  10
of
54
A Certifying Compiler for Java
 ACM SIGPLAN Notices
, 2000
"... This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler f ..."
Abstract

Cited by 130 (15 self)
 Add to MetaCart
This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler for a large subset of the Java programming language; (2) the compiler is freely able to apply many standard local and global optimizations; and (3) the PCC binaries it produces are of reasonable size and can be rapidly checked for type safety by a small proofchecker. This paper also presents further evidence that PCC provides several advantages for compiler development. In particular, generating proofs of the target code helps to identify compiler bugs, many of which would have been dicult to discover by testing.
CVC: a Cooperating Validity Checker
 In 14th International Conference on ComputerAided Verification
, 2002
"... Decision procedures for decidable logics and logical theories have proven to be useful tools in verification. This paper describes the CVC ("Cooperating Validity Checker") decision procedure. CVC implements a framework for combining subsidiary decision procedures for certain logical theories into a ..."
Abstract

Cited by 113 (18 self)
 Add to MetaCart
Decision procedures for decidable logics and logical theories have proven to be useful tools in verification. This paper describes the CVC ("Cooperating Validity Checker") decision procedure. CVC implements a framework for combining subsidiary decision procedures for certain logical theories into a decision procedure for the theories' union. Subsidiary decision procedures for theories of arrays, inductive datatypes, and linear real arithmetic are currently implemented. Other notable features of CVC are the incorporation of the highperformance Cha solver for propositional reasoning, and the ability to produce independently checkable proofs for valid formulas.
A concurrent logical framework I: Judgments and properties
, 2003
"... The Concurrent Logical Framework, or CLF, is a new logical framework in which concurrent computations can be represented as monadic objects, for which there is an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous con ..."
Abstract

Cited by 73 (25 self)
 Add to MetaCart
The Concurrent Logical Framework, or CLF, is a new logical framework in which concurrent computations can be represented as monadic objects, for which there is an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous connectives# of intuitionistic linear logic, encapsulated in a monad. LLF is itself a conservative extension of LF with the asynchronous connectives #, & and #.
Grammatical Framework: A TypeTheoretical Grammar Formalism
, 2003
"... Grammatical Framework (GF) is a specialpurpose functional language for defining grammars. It uses a Logical Framework (LF) for a description of abstract syntax, and adds to this a notation for defining concrete syntax. GF grammars themselves are purely declarative, but can be used both for lineariz ..."
Abstract

Cited by 72 (19 self)
 Add to MetaCart
Grammatical Framework (GF) is a specialpurpose functional language for defining grammars. It uses a Logical Framework (LF) for a description of abstract syntax, and adds to this a notation for defining concrete syntax. GF grammars themselves are purely declarative, but can be used both for linearizing syntax trees and parsing strings. GF can describe both formal and natural languages. The key notion of this description is a grammatical object, which is not just a string, but a record that contains all information on inflection and inherent grammatical features such as number and gender in natural languages, or precedence in formal languages. Grammatical objects have a type system, which helps to eliminate runtime errors in language processing. In the same way as an LF, GF uses...
TemporalSafety Proofs for Systems Code
, 2002
"... We present a methodology and tool for verifying and certifying systems code. The veri cation is based on the lazyabstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically re ne the a ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
We present a methodology and tool for verifying and certifying systems code. The veri cation is based on the lazyabstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically re ne the abstraction based on counterexample analysis. The certi cation is based on the proofcarrying code paradigm. Lazy abstraction enables the automatic construction of small proof certi cates. The methodology is implemented in Blast, the Berkeley Lazy Abstraction Software veri cation Tool. We describe our experience applying Blast to Linux and Windows device drivers. Given the C code for a driver and for a temporalsafety monitor, Blast automatically generates an easily checkable correctness certi cate if the driver satis es the speci cation, and an error trace otherwise.
Metalogical Frameworks
, 1992
"... In computer science we speak of implementing a logic; this is done in a programming language, such as Lisp, called here the implementation language. We also reason about the logic, as in understanding how to search for proofs; these arguments are expressed in the metalanguage and conducted in the me ..."
Abstract

Cited by 57 (15 self)
 Add to MetaCart
In computer science we speak of implementing a logic; this is done in a programming language, such as Lisp, called here the implementation language. We also reason about the logic, as in understanding how to search for proofs; these arguments are expressed in the metalanguage and conducted in the metalogic of the object language being implemented. We also reason about the implementation itself, say to know it is correct; this is done in a programming logic. How do all these logics relate? This paper considers that question and more. We show that by taking the view that the metalogic is primary, these other parts are related in standard ways. The metalogic should be suitably rich so that the object logic can be presented as an abstract data type, and it must be suitably computational (or constructive) so that an instance of that type is an implementation. The data type abstractly encodes all that is relevant for metareasoning, i.e., not only the term constructing functions but also the...
OracleBased Checking of Untrusted Software
, 2001
"... We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondet ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondeterministic interpretation choices. In this setting, ProofCarrying Code allows the receiver of the code the luxury of using nondeterminism in constructing a simple yet powerful checking procedure. This oraclebased variant of PCC is able to adapt quite naturally to situations when the property being checked is simple or there is a fairly directed search procedure for it. As an example, we demonstrate that if PCC is used to verify type safety of assembly language programs compiled from Java source programs, the oracles that are needed are on the average just 12% of the size of the code, which represents an improvement of a factor of 30 over previous syntactic representations of PCC proofs. ...
A Concurrent Logical Framework II: Examples and Applications
, 2002
"... CLF is a new logical framework with an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous connectives # of intuitionistic linear logic, encapsulated in a monad. LLF is itself a conservative extension of LF with the ..."
Abstract

Cited by 46 (30 self)
 Add to MetaCart
CLF is a new logical framework with an intrinsic notion of concurrency. It is designed as a conservative extension of the linear logical framework LLF with the synchronous connectives # of intuitionistic linear logic, encapsulated in a monad. LLF is itself a conservative extension of LF with the asynchronous connectives #.
An expressive, scalable type theory for certified code
 In ACM International Conference on Functional Programming
, 2002
"... Abstract We present the type theory LTT, intended to form a basis for typed target languages, providing an internal notion of logical proposition and proof. The inclusion of explicit proofs allows the type system to guarantee properties that would otherwise be incompatible with decidable type checki ..."
Abstract

Cited by 35 (4 self)
 Add to MetaCart
Abstract We present the type theory LTT, intended to form a basis for typed target languages, providing an internal notion of logical proposition and proof. The inclusion of explicit proofs allows the type system to guarantee properties that would otherwise be incompatible with decidable type checking. LTT also provides linear facilities for tracking ephemeral properties that hold only for certain program states. Our type theory allows for reuse of typechecking software by casting a variety of type systems within a single language. We provide additional reuse with a framework for modular development of operational semantics. This framework allows independent type systems and their operational semantics to be joined together, automatically inheriting the type safety properties of those individual systems.
A Concurrent Logical Framework: The Propositional Fragment
, 2003
"... We present the propositional fragment CLF0 of the Concurrent Logical Framework (CLF). CLF extends the Linear Logical Framework to allow the natural representation of concurrent computations in an object language. The underlying type theory uses monadic types to segregate values from computations ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
We present the propositional fragment CLF0 of the Concurrent Logical Framework (CLF). CLF extends the Linear Logical Framework to allow the natural representation of concurrent computations in an object language. The underlying type theory uses monadic types to segregate values from computations. This separation leads to a tractable notion of definitional equality that identifies computations di#ering only in the order of execution of independent steps. From a logical point of view our type theory can be seen as a novel combination of lax logic and dual intuitionistic linear logic. An encoding of a small Petri net exemplifies the representation methodology, which can be summarized as "concurrent computations as monadic expressions ".