Results 1  10
of
11
Formal Foundations of Computer Security
 Science for Peace and Security Series D: Information and Communication Security, Vol
, 2008
"... We would like to know with very high confidence that private data in computers is not unintentionally disclosed and that only authorized persons or processes can modify it. Proving security properties of software systems has always been hard because we are trying to show that something bad cannot ha ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
We would like to know with very high confidence that private data in computers is not unintentionally disclosed and that only authorized persons or processes can modify it. Proving security properties of software systems has always been hard because we are trying to show that something bad cannot happen no matter what a hostile adversary tries
Knowledgebased synthesis of distributed systems using event structures
 In Proc. 11th Int. Conf. on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2004), Lecture Notes in Computer Science
, 2005
"... To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a highlevel language that makes it easy for de ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a highlevel language that makes it easy for designers to specify their goals. We consider a highlevel specification language that results from adding knowledge to a fragment of Nuprl specifically tailored for specifying distributed protocols, called event theory. We then show how highlevel knowledgebased programs can be synthesized from the knowledgebased specifications using a proof development system such as Nuprl. Methods of Halpern and Zuck [1992] then apply to convert these knowledgebased protocols to ordinary protocols. These methods can be expressed as heuristic transformation tactics in Nuprl. 1
A graphbased approach towards discerning inherent structures in a digital library of formal mathematics
 In Lecture Notes in Computer Science
, 2004
"... Abstract. As the amount of online formal mathematical content grows, for example through active efforts such as the Mathweb [21], MOWGLI [4], Formal Digital Library, or FDL [1], and others, it becomes increasingly valuable to find automated means to manage this data and capture semantics such as rel ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. As the amount of online formal mathematical content grows, for example through active efforts such as the Mathweb [21], MOWGLI [4], Formal Digital Library, or FDL [1], and others, it becomes increasingly valuable to find automated means to manage this data and capture semantics such as relatedness and significance. We apply graphbased approaches, such as HITS, or HyperlinkInduced Topic Search, [11] used for World Wide Web document search and analysis, to formal mathematical data collections. The nodes of the graphs we analyze are theorems and definitions, and the links are logical dependencies. By exploiting this link structure, we show how one may extract organizational and relatedness information from a collection of digital formal math. We discuss the value of the information we can extract, yielding potential applications in math search tools, theorem proving, and education.
Tracebased Verification of Imperative Programs with I/O
"... In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application develope ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application developed with Ynot, a Coq library for verified imperative programming. We add a dialogbased I/O system to Ynot, and we extend Ynot’s underlying Hoare logic with event traces to reason about I/O and protocol behavior. Expressive abstractions allow the modular verification of both high level specifications like privacy guarantees and low level properties like data structure pointer invariants.
Effectively Nonblocking Consensus Procedures Can Execute Forever – a Constructive Version of FLP
, 2008
"... The FischerLynchPaterson theorem (FLP) says that it is impossible for processes in an asynchronous distributed system to achieve consensus on a binary value when a single process can fail. It is a widely cited theoretical result about network computing. All proofs that I know depend essentially on ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The FischerLynchPaterson theorem (FLP) says that it is impossible for processes in an asynchronous distributed system to achieve consensus on a binary value when a single process can fail. It is a widely cited theoretical result about network computing. All proofs that I know depend essentially on classical (nonconstructive) logic, although they use the hypothetical construction of a nonterminating execution as a main lemma. FLP is also a guide for protocol designers, and in that role there is a connection to an important property of consensus procedures, namely that they should not block, i.e. reach a global state in which no process can decide. A deterministic faulttolerant consensus protocol is effectively nonblocking if from any reachable global state we can find an execution path that decides. In this article we effectively construct a nonterminating execution of such a protocol. That is, given the protocol P and a natural number n, we show how to compute the nth step of an infinitely indecisive computation of P. From this fully constructive result, the classical FLP follows as a corollary as well as a stronger classical result, called here Strong FLP. Moreover, the construction focuses attention on the important role of nonblocking in protocol design.
Expressing and Implementing the Computational Content Implicit in Smullyan’s Account of Boolean Valuations ∗
, 2004
"... In Smullyan’s classic book, FirstOrder Logic [21], the notion of a Boolean valuation is central in motivating his analytical tableau proof system. Smullyan shows that these valuations are unique if they exist, and then he sketches an existence proof. In addition he suggests a possible computational ..."
Abstract
 Add to MetaCart
In Smullyan’s classic book, FirstOrder Logic [21], the notion of a Boolean valuation is central in motivating his analytical tableau proof system. Smullyan shows that these valuations are unique if they exist, and then he sketches an existence proof. In addition he suggests a possible computational procedure for finding a Boolean valuation, but it is not related to to the existence proof. A computer scientist would like to see the obvious explicit recursive algorithm for evaluating propositional formulas and a demonstration that the algorithm has the properties of a Boolean valuation. Ideally, the algorithm would be derived from the existence proof. It turns out to be unexpectedly difficult to find a natural existence proof from which the algorithm can be extracted, and it turns out that the implicit computational content of Smullyan’s argument is not found where one might expect it. We show that using the notion of a very dependent function type, it is possible to specify the Boolean valuation and prove its existence constructively so that the natural recursive algorithm is extracted and is known to have the mathematically required properties by virtue of its construction. We illustrate all of these points using the Nuprl proof development system [9].
RESTRUCTURING FORMAL MATHEMATICS FOR NATURAL TEXTS
, 2004
"... In the presence of growing collections of formal mathematics, and renewed interest in formal mathematics and automated theorem proving for new domains such as hardware or code verification, it is vital to be able to present formal content accessibly to broad audiences. We propose a novel approach to ..."
Abstract
 Add to MetaCart
In the presence of growing collections of formal mathematics, and renewed interest in formal mathematics and automated theorem proving for new domains such as hardware or code verification, it is vital to be able to present formal content accessibly to broad audiences. We propose a novel approach to constructing a content planner for formal mathematics produced by a tacticstyle prover which capitalizes on the inherent structure of the formal proofs. Though it had been posited that highlevel formal structure is unsuitable as a source of information for text generation, due to its heuristic nature and necessary lack of details, we are able to show that this is not the case. Tacticstyle proofs share significant structural commonality with the discourse structure of corresponding texts. These commonalities allow a content planner to be constructed which need only use lowlevel logical content as a supplementary information source to the generation process. To show that this is the case, we collected two corpora of texts generated to communicate the proof content of a series of formal proofs produced by the Nuprl
Abstract Innovations in Computational Type Theory using
"... For twenty years the Nuprl (“new pearl”) system has been used to develop software systems and formal theories of computational mathematics. It has also been used to explore and implement computational type theory (CTT) – a formal theory of computation closely related to MartinLöf’s intuitionistic ..."
Abstract
 Add to MetaCart
For twenty years the Nuprl (“new pearl”) system has been used to develop software systems and formal theories of computational mathematics. It has also been used to explore and implement computational type theory (CTT) – a formal theory of computation closely related to MartinLöf’s intuitionistic type theory (ITT) and to the calculus of inductive constructions (CIC) implemented in the Coq prover. This article focuses on the theory and practice underpinning our use of Nuprl for much of the last decade. We discuss innovative elements of type theory, including new type constructors such as unions and dependent intersections, our theory of classes, and our theory of event structures. We also discuss the innovative architecture of Nuprl as a distributed system and as a transactional database of formal mathematics using the notion of abstract object identifiers. The database has led to an independent project called the Formal Digital Library, FDL, now used as a repository for Nuprl results as well as selected results from HOL, MetaPRL, and PVS. We discuss Howe’s set theoretic semantics that is used to relate such disparate theories and systems as those represented by these provers. 1
Proof Assistants and the Dynamic Nature of Formal Theories
, 2012
"... This article shows that theory exploration arises naturally from the need to progressively modify applied formal theories, especially those underpinning deployed systems that change over time or need to be attacktolerant. Such formal theories require us to explore a problem space with a proof assis ..."
Abstract
 Add to MetaCart
This article shows that theory exploration arises naturally from the need to progressively modify applied formal theories, especially those underpinning deployed systems that change over time or need to be attacktolerant. Such formal theories require us to explore a problem space with a proof assistant and are naturally dynamic. The examples in this article are from our ongoing decadelong effort to formally synthesize critical components of modern distributed systems. Using the Nuprl proof assistant we created event logic and its protocol theories. I also mention the impact over this period of extensions to the constructive type theory implemented by Nuprl. One of them led to our solution of a long standing open problem in constructive logic. Proof exchange among theorem provers is promising for improving the “super tactics” that provide domain specific reasoners for our protocol theories. Both theory exploration and proof exchange illustrate the dynamic nature of applied formal theories built using modern proof assistants. These activities dispel the false impression that formal theories are rigid and brittle artifacts that become less relevant over time in a fast moving field like computer science.