Results 1 
2 of
2
OracleBased Checking of Untrusted Software
, 2001
"... We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondet ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondeterministic interpretation choices. In this setting, ProofCarrying Code allows the receiver of the code the luxury of using nondeterminism in constructing a simple yet powerful checking procedure. This oraclebased variant of PCC is able to adapt quite naturally to situations when the property being checked is simple or there is a fairly directed search procedure for it. As an example, we demonstrate that if PCC is used to verify type safety of assembly language programs compiled from Java source programs, the oracles that are needed are on the average just 12% of the size of the code, which represents an improvement of a factor of 30 over previous syntactic representations of PCC proofs. ...
A SemiFunctional Implementation of a HigherOrder Logic Programming Language
 Topics in Advanced Language Implementation
, 1991
"... ions *) and varbind = Varbind of string * term (* Variable binders , Type *) In the implementation of the term language and the type checker, we have two constants type and pi. And, yes, type is a type, though this could be avoided by introducing universes (see [16]) without any changes to the code ..."
Abstract

Cited by 35 (0 self)
 Add to MetaCart
ions *) and varbind = Varbind of string * term (* Variable binders , Type *) In the implementation of the term language and the type checker, we have two constants type and pi. And, yes, type is a type, though this could be avoided by introducing universes (see [16]) without any changes to the code of the unifier. As is customary, we use A ! B as an abbreviation for \Pix : A: B if x does not occur free in B. Also, however, \Pix : A: B is an abbreviation for the application pi A (x : A: B). In our formulation, then, the constant pi has type \PiA : type: ((A ! type) ! type). As an example consider a predicate constant eq of type \PiA : type: A ! A ! o (where o is the type of formulas as indicated in Section 9). The single clause eqAM M: correctly models equality, that is, a goal of the form eq AM N will succeed if M and N are unifiable. The fact that unification now has to branch can be seen by considering the goal eq int (F 1 1) 1 which has three solutions for the functional logic var...