Results 1  10
of
23
ProofCarrying Code
, 1997
"... This paper describes proofcarrying code (PCC), a mechanism by which a host system can determine with certainty thatitissafetoexecute a program supplied (possibly in binary form) by anuntrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that ..."
Abstract

Cited by 1097 (24 self)
 Add to MetaCart
This paper describes proofcarrying code (PCC), a mechanism by which a host system can determine with certainty thatitissafetoexecute a program supplied (possibly in binary form) by anuntrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that attests to the code's adherence to a previously de ned safety policy. The host can then easily and quickly validate the proof without using cryptography and without consulting any external agents. In order to gain preliminary experience with PCC, we have performed several case studies. We showinthis paper how proofcarrying code mightbeusedtodevelop safe assemblylanguage extensions of ML programs. In the context of this case study, we present and prove the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation. Finally, we brie y discuss how we use proofcarrying code to develop network packet lters that are faster than similar lters developed using other techniques and are formally guaranteed to be safe with respect to a given operating system safety policy.
A MultipleConclusion MetaLogic
 In Proceedings of 9th Annual IEEE Symposium On Logic In Computer Science
, 1994
"... The theory of cutfree sequent proofs has been used to motivate and justify the design of a number of logic programming languages. Two such languages, λProlog and its linear logic refinement, Lolli [12], provide data types, higherorder programming) but lack primitives for concurrency. The logic pro ..."
Abstract

Cited by 86 (7 self)
 Add to MetaCart
The theory of cutfree sequent proofs has been used to motivate and justify the design of a number of logic programming languages. Two such languages, λProlog and its linear logic refinement, Lolli [12], provide data types, higherorder programming) but lack primitives for concurrency. The logic programming language, LO (Linear Objects) [2] provides for concurrency but lacks abstraction mechanisms. In this paper we present Forum, a logic programming presentation of all of linear logic that modularly extends the languages λProlog, Lolli, and LO. Forum, therefore, allows specifications to incorporate both abstractions and concurrency. As a metalanguage, Forum greatly extends the expressiveness of these other logic programming languages. To illustrate its expressive strength, we specify in Forum a sequent calculus proof system and the operational semantics of a functional programming language that incorporates such nonfunctional features as counters and references. 1
Inductively Defined Types in the Calculus of Constructions
 IN: PROCEEDINGS OF THE FIFTH CONFERENCE ON THE MATHEMATICAL FOUNDATIONS OF PROGRAMMING SEMANTICS. SPRINGER VERLAG LNCS
, 1989
"... We define the notion of an inductively defined type in the Calculus of Constructions and show how inductively defined types can be represented by closed types. We show that all primitive recursive functionals over these inductively defined types are also representable. This generalizes work by Böhm ..."
Abstract

Cited by 43 (2 self)
 Add to MetaCart
We define the notion of an inductively defined type in the Calculus of Constructions and show how inductively defined types can be represented by closed types. We show that all primitive recursive functionals over these inductively defined types are also representable. This generalizes work by Böhm & Berarducci on synthesis of functions on term algebras in the secondorder polymorphiccalculus (F2). We give several applications of this generalization, including a representation of F2programs in F3, along with a definition of functions reify, reflect, and eval for F2 in F3. We also show how to define induction over inductively defined types and sketch some results that show that the extension of the Calculus of Construction by induction principles does not alter the set of functions in its computational fragment, F!. This is because a proof by induction can be realized by primitive recursion, which is already de nable in F!.
LanguageBased Security
 IN MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE
, 1999
"... Security of mobile code is a major issue in today's global computing environment. When you download a program from an untrusted source, how can you be sure it will not do something undesirable? In this paper I will discuss a particular approach to this problem called languagebased security. In th ..."
Abstract

Cited by 28 (0 self)
 Add to MetaCart
Security of mobile code is a major issue in today's global computing environment. When you download a program from an untrusted source, how can you be sure it will not do something undesirable? In this paper I will discuss a particular approach to this problem called languagebased security. In this approach, security information is derived from a program written in a highlevel language during the compilation process and is included in the compiled object. This extra security information can take the form of a formal proof, a type annotation, or some other form of certificate or annotation. It can be downloaded along with the object code and automatically verified before running the code locally, giving some assurance against certain types of failure or unauthorized activity. The verifier must be trusted, but the compiler, code, and certificate need not be. Java bytecode verification is an example of this approach. I will give an overview of some recent work in this area, including...
A module calculus for Pure Type Systems
, 1996
"... Several proofassistants rely on the very formal basis of Pure Type Systems. However, some practical issues raised by the development of large proofs lead to add other features to actual implementations for handling namespace management, for developing reusable proof libraries and for separate verif ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Several proofassistants rely on the very formal basis of Pure Type Systems. However, some practical issues raised by the development of large proofs lead to add other features to actual implementations for handling namespace management, for developing reusable proof libraries and for separate verification of distincts parts of large proofs. Unfortunately, few theoretical basis are given for these features. In this paper we propose an extension of Pure Type Systems with a module calculus adapted from SMLlike module systems for programming languages. Our module calculus gives a theoretical framework addressing the need for these features. We show that our module extension is conservative, and that type inference in the module extension of a given PTS is decidable under some hypotheses over the considered PTS.
Higher Order Logic
 In Handbook of Logic in Artificial Intelligence and Logic Programming
, 1994
"... Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Definin ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Defining data types : : : : : : : : : : : : : : : : : : : : : 6 2.4 Describing processes : : : : : : : : : : : : : : : : : : : : : 8 2.5 Expressing convergence using second order validity : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.6 Truth definitions: the analytical hierarchy : : : : : : : : 10 2.7 Inductive definitions : : : : : : : : : : : : : : : : : : : : : 13 3 Canonical semantics of higher order logic : : : : : : : : : : : : 15 3.1 Tarskian semantics of second order logic : : : : : : : : : 15 3.2 Function and re
NuprlLight: An implementation framework for higherorder logics
 IN 14TH INTERNATIONAL CONFERENCE ON AUTOMATED DEDUCTION
, 1997
"... Recent developments in higherorder logics and theorem prover design have led to an ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
Recent developments in higherorder logics and theorem prover design have led to an
A Modal Lambda Calculus with Iteration and Case Constructs
 TYPES FOR PROOFS AND PROGRAMS: INTERNATIONAL WORKSHOP, TYPES ’98, KLOSTER IRSEE
, 1997
"... An extension of the simplytyped lambdacalculus allowing iteration and case reasoning over terms defined by means of higher order abstract syntax has recently been introduced by Joëlle Despeyroux, Frank Pfenning and Carsten Schürmann. This thorny mixing is achieved thanks to the help of the operato ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
An extension of the simplytyped lambdacalculus allowing iteration and case reasoning over terms defined by means of higher order abstract syntax has recently been introduced by Joëlle Despeyroux, Frank Pfenning and Carsten Schürmann. This thorny mixing is achieved thanks to the help of the operator ` ' of modal logic IS4. Here we give a new presentation of their system, with reduction rules, instead of evaluation judgments, that compute the canonical forms of terms. Our presentation is based on a modal lambdacalculus that is better from the user's point of view, is more concise and we do not impose a particular strategy of reduction during the computation. Our system enjoys the decidability of typability, soundness of typed reduction with respect to typing rules, the ChurchRosser and strong normalization properties. Finally it is a conservative extension of the simplytyped lambdacalculus.