## Efficient Representation and Validation of Proofs (1998)

Citations: | 60 - 7 self |

### BibTeX

@INPROCEEDINGS{Necula98efficientrepresentation,

author = {George C. Necula and Peter Lee},

title = {Efficient Representation and Validation of Proofs},

booktitle = {},

year = {1998},

pages = {93--104},

publisher = {IEEE Computer Society}

}

### Years of Citing Articles

### OpenURL

### Abstract

This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) [5] that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as first-class objects, such as a Proof-Carrying Code [11] system, in which proofs are used to allow the easy validation of properties of safety-critical or untrusted code. Our framework, which we call LF i , inherits from LF the capability to encode various logics in a natural way. In addition, the LF i framework allows proof representations without the high degree of redundancy that is characteristic of LF representations. The missing parts of LF i proof representations can be reconstructed during proof checking by an efficient reconstruction algorithm. We also describe an algorithm that can be used to strip the unnecessary parts of an LF representation of a proof. The experimental data that we gathered in the context of a Proof...

### Citations

1096 | Proof-carrying code
- Necula
- 1997
(Show Context)
Citation Context ...obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as first-class objects, such as a Proof-Carrying Code =-=[11]-=- system, in which proofs are used to allow the easy validation of properties of safety-critical or untrusted code. Our framework, which we call LF i , inherits from LF the capability to encode various... |

696 | A framework for defining logics
- Harper, Honsell, et al.
- 1989
(Show Context)
Citation Context ...er Science Carnegie Mellon University Pittsburgh, Pennsylvania 15213--3891 fnecula,petelg@cs.cmu.edu Abstract This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) =-=[5]-=- that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as first-class objects, such as a... |

398 | Safe kernel extensions without run-time checking
- Necula, Lee
- 1996
(Show Context)
Citation Context ...that cannot be trusted, either because of its unknown origin or because of the high risks that are involved. Some of the published case studies discuss the uses of PCC in extensible operating systems =-=[12]-=-, for safe interaction between components written in safe languages and native code [11] and for systems based on mobilecode agents [14]. The explicit proof object that accompanies the untrusted code ... |

390 | Explicit substitutions
- Abadi, Cardelli, et al.
- 1991
(Show Context)
Citation Context ...nificant improvements in the reconstruction time. A more detailed presentation of the implementation can be found in [13]. Our implementation of LF i reconstruction is based on explicit substitutions =-=[1]-=- and deBruijn indices [2]. This choice simplifies considerably the implementation of substitution and unification. [The rest of this section is missing from the extended abstract due to space constrai... |

303 | N.: Lambda Calculus Notation with Nameless Dummies, a Tool for Automatic Formula Manipulation.; Indag
- Bruijn
- 1972
(Show Context)
Citation Context ...the reconstruction time. A more detailed presentation of the implementation can be found in [13]. Our implementation of LF i reconstruction is based on explicit substitutions [1] and deBruijn indices =-=[2]-=-. This choice simplifies considerably the implementation of substitution and unification. [The rest of this section is missing from the extended abstract due to space constraints.] 7 Experimental Resu... |

287 | A logic programming language with lambda-abstraction, function variables, and simple unification
- Miller
(Show Context)
Citation Context ...irst-order unification that respects bound variables, and (3) all constraints that are generated have the simple rigidrigid or flex-rigid form that can be solved eagerly. The design of the language Ls=-=[9]-=- also relies on syntactic restrictions for the purpose of eliminating the need for higher-order unification during type checking. However, the restrictions of Lsare too strict for our purposes because... |

175 | Logic programming in the LF logical framework
- Pfenning
- 1991
(Show Context)
Citation Context ... because it does not impose any restriction on which terms can be missing from the proof. To achieve this flexibility, Elf type reconstruction uses an incomplete algorithm based on constraint solving =-=[16, 15]-=-. Our proof checking algorithm can be characterized as a special and more efficient case of the Elf's reconstruction algorithm, where enough of the proof structure is present so that: (1) there is not... |

147 |
The LEGO proof development system: A user's manual
- Luo, Pollack
- 1992
(Show Context)
Citation Context ...nd arithmetic (as is always the case in the PCC proofs) the tautology checking problem can easily become undecidable. The argument synthesis and term reconstruction algorithms implemented in the LEGO =-=[6, 18]-=- and Coq [3] proof assistants are less effective than our algorithm, in the sense that fewer proof subterms can be omitted from the proof representation, and therefore more redundancy has to be tolera... |

63 | Unification and anti-unification in the calculus of constructions
- Pfenning
- 1991
(Show Context)
Citation Context ...es that all placeholder variables introduced during constraint collection have been instantiated during local constraint solving. In this respect, our algorithm is less powerful than that used by Elf =-=[16]-=-, which can postpone unsolved constraints. This restriction does not seem to limit the power of our algorithm for reconstructing implicit proof representations while eliminating the need for the machi... |

50 |
The Coq proof assistant user's guide. Version 5.8
- Dowek, Felty, et al.
- 1993
(Show Context)
Citation Context ...s is always the case in the PCC proofs) the tautology checking problem can easily become undecidable. The argument synthesis and term reconstruction algorithms implemented in the LEGO [6, 18] and Coq =-=[3]-=- proof assistants are less effective than our algorithm, in the sense that fewer proof subterms can be omitted from the proof representation, and therefore more redundancy has to be tolerated. This is... |

44 | Efficient representation and validation of logical proofs
- Necula, Lee
- 1998
(Show Context)
Citation Context ...porting the claim that LF i representation is more efficient than the LF representation. For reasons of space, we omit many interesting details that can be found in the expanded version of this paper =-=[13]-=-. 2 The Edinburgh Logical Framework The Edinburgh Logical Framework (also referred to as LF) has been introduced by Harper, Honsell and Plotkin [5] as a metalanguage for high-level specification of lo... |

32 |
A compact representation of proofs
- Miller
- 1987
(Show Context)
Citation Context ...s. 8 Related Work The problem of redundancy in the representation of proofs has been addressed before for the purpose of simplifying the user interface of theorem provers and proof assistants. Miller =-=[10]-=- suggests an extreme approach where the proof object records only the substitutions for the quantifiers, relying on the decidability of the tautology of the resulting matrix. This leads to very compac... |

32 | untrusted agents using proof-carrying code
- Necula, Lee
- 1998
(Show Context)
Citation Context ...studies discuss the uses of PCC in extensible operating systems [12], for safe interaction between components written in safe languages and native code [11] and for systems based on mobilecode agents =-=[14]-=-. The explicit proof object that accompanies the untrusted code as part of a proof-carrying code is the key element that enables the enforcement of a wide variety of safety policies, ranging from simp... |

28 | An empirical study of the runtime behavior of higher-order logic programs
- Michaylov, Pfenning
- 1992
(Show Context)
Citation Context ...rs-check was 44% of the whole reconstruction time, the optimization reduces it to only 2%, thus eliminating over 90% of the cost of occurs checks. These results are consistent with those presented in =-=[7]-=-. As expected, the occurs check optimization does not have any effect when the reconstruction is applied to LF i proofs without placeholders. 8 Related Work The problem of redundancy in the representa... |

24 | Higher-order unification with dependent types - Elliott - 1989 |

20 | Implicit syntax
- Pollack
- 1990
(Show Context)
Citation Context ...nd arithmetic (as is always the case in the PCC proofs) the tautology checking problem can easily become undecidable. The argument synthesis and term reconstruction algorithms implemented in the LEGO =-=[6, 18]-=- and Coq [3] proof assistants are less effective than our algorithm, in the sense that fewer proof subterms can be omitted from the proof representation, and therefore more redundancy has to be tolera... |

13 | Higher-order logic programming as constraint logic programming
- Michaylov, Pfenning
(Show Context)
Citation Context ...wever, the restrictions of Lsare too strict for our purposes because they prevent the free use of higher-order abstract syntax in the representation of predicates and proofs, requiring instead costly =-=[7, 8]-=- explicit implementations of substitution. In our framework we can still make use of all the representation techniques of the full LF language, and thus gain leverage from substitution in the meta-lan... |

8 | Elf: A meta-language for deductive systems (system descrition), in
- Pfenning
- 1994
(Show Context)
Citation Context ...vered from it. Our algorithm is able to synthesize more proof subterms by using information both from the context and from the predicate that the proof is supposed to prove. The implementation of Elf =-=[17]-=-, a logic programming language based on LF, contains a reconstruction algorithm that is similar to the one presented here in the sense that missing application arguments can be recovered both from the... |