Results 1  10
of
11
Proving Security Protocols With Model Checkers By Data Independence Techniques
, 1999
"... Model checkers such as FDR have been extremely effective in checking for, and finding, attacks on cryptographic protocols  see, for example [16, 20] and many of the papers in [7]. Their use in proving protocols has, on the other hand, generally been limited to showing that a given small instanc ..."
Abstract

Cited by 59 (9 self)
 Add to MetaCart
Model checkers such as FDR have been extremely effective in checking for, and finding, attacks on cryptographic protocols  see, for example [16, 20] and many of the papers in [7]. Their use in proving protocols has, on the other hand, generally been limited to showing that a given small instance, usually restricted by the finiteness of some set of resources such as keys and nonces, is free of attacks. While for specific protocols there are frequently good reasons for supposing that this will find any attack, it leaves a substantial gap in the method. The purpose of this paper is to show how techniques borrowed from data independence and related fields can be used to achieve the illusion that nodes can call upon an infinite supply of different nonces, keys, etc., even though the actual types used for these things remain finite. It is thus possible to create models of protocols in which nodes do not have to stop after a small number of runs, and to claim that a finitestate r...
The complexity of type inference for higherorder typed lambda calculi
 In. Proc. 18th ACM Symposium on the Principles of Programming Languages
, 1991
"... We analyse the computational complexity of type inference for untyped X,terms in the secondorder polymorphic typed Xcalculus (F2) invented by Girard and Reynolds, as well as higherorder extensions F3,F4,...,/ ^ proposed by Girard. We prove that recognising the i^typable terms requires exponential ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
We analyse the computational complexity of type inference for untyped X,terms in the secondorder polymorphic typed Xcalculus (F2) invented by Girard and Reynolds, as well as higherorder extensions F3,F4,...,/ ^ proposed by Girard. We prove that recognising the i^typable terms requires exponential time, and for Fa the problem is nonelementary. We show as well a sequence of lower bounds on recognising the i^typable terms, where the bound for Fk+1 is exponentially larger than that for Fk. The lower bounds are based on generic simulation of Turing Machines, where computation is simulated at the expression and type level simultaneously. Nonaccepting computations are mapped to nonnormalising reduction sequences, and hence nontypable terms. The accepting computations are mapped to typable terms, where higherorder types encode reduction sequences, and firstorder types encode the entire computation as a circuit, based on a unification simulation of Boolean logic. A primary technical tool in this reduction is the composition of polymorphic functions having different domains and ranges. These results are the first nontrivial lower bounds on type inference for the Girard/Reynolds
Outline of a Proof Theory of Parametricity
 Proc. 5th International Symposium on Functional Programming Languages and Computer Architecture
, 1991
"... Reynolds' Parametricity Theorem (also known as the Abstraction Theorem), a result concerning the model theory of the second order polymorphic typed calculus (F 2 ), has recently been used by Wadler to prove some unusual and interesting properties of programs. We present a purely syntactic version o ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
Reynolds' Parametricity Theorem (also known as the Abstraction Theorem), a result concerning the model theory of the second order polymorphic typed calculus (F 2 ), has recently been used by Wadler to prove some unusual and interesting properties of programs. We present a purely syntactic version of the Parametricity Theorem, showing that it is simply an example of formal theorem proving in second order minimal logic over a first order equivalence theory on terms. We analyze the use of parametricity in proving program equivalences, and show that structural induction is still required: parametricity is not enough. As in Leivant's transparent presentation of Girard's Representation Theorem for F 2 , we show that algorithms can be extracted from the proofs, such that if a term can be proven parametric, we can synthesize from the proof an "equivalent" parametric term that is moreover F 2 typable. Given that Leivant showed how proofs of termination, based on inductive data types and s...
Bisimilarity of Open Terms
, 2000
"... Traditionally, in process calculi, relations over open terms, i.e., terms with free process variables, are defined as extensions of closedterm relations: two open terms are related if and only if all their closed instantiations are related. Working in the context of bisimulation, in this paper we s ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
Traditionally, in process calculi, relations over open terms, i.e., terms with free process variables, are defined as extensions of closedterm relations: two open terms are related if and only if all their closed instantiations are related. Working in the context of bisimulation, in this paper we study a different approach; we define semantic models for open terms, socalled conditional transition systems, and define bisimulation directly on those models. It turns out that this can be done in at least two different ways, one giving rise to De Simone's formal hypothesis bisimilarity and the other to a variation which we call hypothesispreserving bisimilarity (denoted t fh and t hp, respectively). For open terms, we have (strict) inclusions t fh /t hp / t ci (the latter denoting the standard ``closed instance' ' extension); for closed terms, the three coincide. Each of these relations is a congruence in the usual sense. We also give an alternative characterisation of t hp in terms of nonconditional transitions, as substitutionclosed bisimilarity (denoted t sb). Finally, we study the issue of recursion congruence: we prove that each of the above relations is a congruence with respect to the recursion operator; however, for t ci this result holds under more restrictive conditions than for tfh and thp.]
MultiLevel LambdaCalculi: an Algebraic Description
 In Partial Evaluation International Seminar, Dagstuhl
, 1996
"... . Twolevel #calculi have been heavily utilised for applications such as partial evaluation, abstract interpretation and code generation. Each of these applications pose di#erent demands on the exact details of the twolevel structure and the corresponding inference rules. We therefore formulate a ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
. Twolevel #calculi have been heavily utilised for applications such as partial evaluation, abstract interpretation and code generation. Each of these applications pose di#erent demands on the exact details of the twolevel structure and the corresponding inference rules. We therefore formulate a number of existing systems in a common framework. This is done in such a way as to conceal those di#erences between the systems that are not essential for the multilevel ideas (like whether or not one restricts the domain of the type environment to the free identifiers of the expression) and thereby to reveal the deeper similarities and di#erences. In their most general guise the multilevel #calculi defined here allow multilevel structures that are not restricted to (possibly finite) linear orders and thereby generalise previous treatments in the literature. 1 Introduction The concept of twolevel languages is at least a decade old [7, 4] and the concept of multilevel languages at leas...
Data Independence with Generalised Predicate Symbols
 Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA '99), Volume I, 319325, CSREA
, 1999
"... Where a concurrent system Impl is parameterised by a data type X with respect to which it is data independent, it is often possible to prove that Impl has a property Spec for all X by verifying it for a nite number of instantiations of X (a threshold collection). In this paper we show how to extend ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Where a concurrent system Impl is parameterised by a data type X with respect to which it is data independent, it is often possible to prove that Impl has a property Spec for all X by verifying it for a nite number of instantiations of X (a threshold collection). In this paper we show how to extend the denition of data independence for CSP to allow concurrent systems to include symbols representing generalised predicates, i.e. mappings from the type X to xed nite types such as the twoelement type of booleans. Some of the main theorems that provide threshold collections, which were originally proved for data independence without these symbols, are revised for this extension. Keywords: data independence, symbolic execution, predicate symbols, model checking, CSP 1 Introduction As the technology of model checking advances and it is used in practical system developments, the greatest obstacle is the state explosion problem. For this reason, a considerable amount of eort is dire...
Logical Relations and Data Abstraction
 Proc. Computer Science Logic, CSL 2000, Fischbachau. Springer LNCS 1862
, 1996
"... We prove, in the context of simple type theory, that logical relations are sound and complete for data abstraction as given by equational specifications. Specifically, we show that two implementations of an equationally specified abstract type are equivalent if and only if they are linked by a suita ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We prove, in the context of simple type theory, that logical relations are sound and complete for data abstraction as given by equational specifications. Specifically, we show that two implementations of an equationally specified abstract type are equivalent if and only if they are linked by a suitable logical relation. This allows us to introduce new types and operations of any order on those types, and to impose equations between terms of any order. Implementations are required to respect these equations up to a general form of contextual equivalence, and two implementations are equivalent if they produce the same contextual equivalence on terms of the enlarged language. Logical relations are introduced abstractly, soundness is almost automatic, but completeness is more difficult, achieved using a variant of Jung and Tiuryn's logical relations of varying arity. The results are expressed and proved categorically.
Linear L"auchli semantics
 Annals Pure Appl. Logic
, 1996
"... Dedicated to the memory of Moez Alimohamed ..."
MultiLevel Languages: a Descriptive Framework
, 1996
"... Twolevel #calculi have been heavily utilised for applications such as partial evaluation, abstract interpretation and code generation. Each of these applications pose di#erent demands on the exact details of the twolevel structure and the corresponding inference rules. We therefore formulate a nu ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Twolevel #calculi have been heavily utilised for applications such as partial evaluation, abstract interpretation and code generation. Each of these applications pose di#erent demands on the exact details of the twolevel structure and the corresponding inference rules. We therefore formulate a number of existing systems in a common framework so as to conceal those di#erences between the systems that are not essential for the multilevel ideas, and so as to reveal the deeper similarities and di#erences. The multilevel #calculi defined here allow multilevel structures that are not restricted to the (possibly finite) linear orders found in most of the literature. Finally, we generalise our approach so as to be applicable to a much wider class of programming languages. 1 Introduction Twolevel languages are at least a decade old [9, 6] and multilevel languages at least four years old [13]. In particular twolevel languages have been used extensively in the development of partial ev...