Results 1  10
of
357
Foundational ProofCarrying Code
, 2001
"... Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axio ..."
Abstract

Cited by 252 (9 self)
 Add to MetaCart
Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axioms, using the simplest possible verifier and the smallest possible runtime system. I will describe many of the mathematical and engineering problems to be solved in the construction of a foundational proofcarrying code system.
A Linear Logical Framework
, 1996
"... We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. ..."
Abstract

Cited by 234 (48 self)
 Add to MetaCart
We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. LLF combines the expressive power of dependent types with linear logic to permit the natural and concise representation of a whole new class of deductive systems, namely those dealing with state. As an example we encode a version of MiniML with references including its type system, its operational semantics, and a proof of type preservation. Another example is the encoding of a sequent calculus for classical linear logic and its cut elimination theorem. LLF can also be given an operational interpretation as a logic programming language under which the representations above can be used for type inference, evaluation and cutelimination. 1 Introduction A logical framework is a formal system desig...
ProofCarrying Authentication
 In Proceedings of the 6th ACM Conference on Computer and Communications Security
, 1999
"... We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these framework ..."
Abstract

Cited by 202 (6 self)
 Add to MetaCart
(Show Context)
We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these frameworks, all in the same concise and efficient system. Because our logic has no decision procedure  although proof checking is simple  users of the framework must submit proofs with their requests.
An Indexed Model of Recursive Types for Foundational ProofCarrying Code
 ACM Transactions on Programming Languages and Systems
, 2000
"... The proofs of "traditional" proof carrying code (PCC) are typespecialized in the sense that they require axioms about a specific type system. In contrast, the proofs of foundational PCC explicitly define all required types and explicitly prove all the required properties of those types as ..."
Abstract

Cited by 154 (13 self)
 Add to MetaCart
The proofs of "traditional" proof carrying code (PCC) are typespecialized in the sense that they require axioms about a specific type system. In contrast, the proofs of foundational PCC explicitly define all required types and explicitly prove all the required properties of those types assuming only a fixed foundation of mathematics such as higherorder logic. Foundational PCC is both more flexible and more secure than typespecialized PCC.
A semantic model of types and machine instructions for proofcarrying code
 In Principles of Programming Languages
"... Proofcarrying code is a framework for proving the safety of machinelanguage programs with a machinecheckable proof. Such proofs have previously defined typechecking rules as part of the logic. We show a universal type framework for proofcarrying code that will allow a code producer to choose a p ..."
Abstract

Cited by 130 (19 self)
 Add to MetaCart
(Show Context)
Proofcarrying code is a framework for proving the safety of machinelanguage programs with a machinecheckable proof. Such proofs have previously defined typechecking rules as part of the logic. We show a universal type framework for proofcarrying code that will allow a code producer to choose a programming language, prove the type rules for that language as lemmas in higherorder logic, then use those lemmas to prove the safety of a particular program. We show how to handle traversal, allocation, and initialization of values in a wide variety of types, including functions, records, unions, existentials, and covariant recursive types. 1
Engineering formal metatheory
 In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in th ..."
Abstract

Cited by 116 (11 self)
 Add to MetaCart
(Show Context)
Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations
A syntactic approach to foundational proofcarrying code
 In Seventeenth IEEE Symposium on Logic in Computer Science
, 2002
"... ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verifie ..."
Abstract

Cited by 94 (19 self)
 Add to MetaCart
ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verified using strictly the foundations of mathematical logic, with no typespecific axioms. FPCC is more flexible and secure because it is not tied to any particular type system and it has a smaller trusted base. Foundational proofs, however, are much harder to construct. Previous efforts on FPCC all required building sophisticated semantic models for types. In this paper, we present a syntactic approach to FPCC that avoids the difficulties of previous work. Under our new scheme, the foundational proof for a typed machine program simply consists of the typing derivation plus the formalized syntactic soundness proof for the underlying type system. We give a translation from a typed assembly language into FPCC and demonstrate the advantages of our new system via an implementation in the Coq proof assistant. 1.
On Equivalence and Canonical Forms in the LF Type Theory
"... Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different ..."
Abstract

Cited by 79 (15 self)
 Add to MetaCart
Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different approach, directly proving the correctness of a practical equivalance algorithm based on the shape of terms. Neither approach appears to scale well to richer languages with, for example, unit types or subtyping, and neither provides a notion of canonical form suitable for proving adequacy of encodings. In this paper we present a new, typedirected equivalence algorithm for the LF type theory that overcomes the weaknesses of previous approaches. The algorithm is practical, scales to richer languages, and yields a new notion of canonical form sufficient for adequate encodings of logical systems. The algorithm is proved complete by a Kripkestyle logical relations argument similar to that suggested by Coquand. Crucially, both the algorithm itself and the logical relations rely only on the shapes of types, ignoring dependencies on terms.
An Effective Theory of Type Refinements
, 2002
"... We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic ..."
Abstract

Cited by 71 (5 self)
 Add to MetaCart
We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic of type refinements to check more precise properties of program behavior. Our logic is a fragment of intuitionistic linear logic, which gives programmers the ability to reason locally about changes of program state. We provide a generic resource semantics for our logic as well as a sound, decidable, syntactic refinementchecking system. We also prove that refinements give rise to an optimization principle for programs. Finally, we illustrate the power of our system through a number of examples.
Languages of the Future
 In OOPSLA ’04: Companion to the 19th annual ACM SIGPLAN conference on Objectoriented programming systems, languages, and applications
, 2004
"... This paper explores a new point in the design space of formal reasoning systems  part programming language, part logical framework. The system is built on a programming language where the user expresses equality constraints between types and the type checker then enforces these constraints. This si ..."
Abstract

Cited by 69 (3 self)
 Add to MetaCart
(Show Context)
This paper explores a new point in the design space of formal reasoning systems  part programming language, part logical framework. The system is built on a programming language where the user expresses equality constraints between types and the type checker then enforces these constraints. This simple extension to the type system allows the programmer to describe properties of his program in the types of witness objects which can be thought of as concrete evidence that the program has the property desired. These techniques and two other rich typing mechanisms, rankN polymorphism and extensible kinds, create a powerful new programming idiom for writing programs whose types enforce semantic properties. A language with these features is both a practical programming language and a logic. This marriage between two previously separate entities increases the probability that users will apply formal methods to their programming designs. This kind of synthesis creates the foundations for the languages of the future.