1 / 24

CLF: A Concurrent Logical Framework

CLF: A Concurrent Logical Framework. David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins). Outline. What is a logical framework? Logical frameworks & security CLF: a concurrent logical framework. Logical Frameworks.

domani
Télécharger la présentation

CLF: A Concurrent Logical Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

  2. Outline • What is a logical framework? • Logical frameworks & security • CLF: a concurrent logical framework

  3. Logical Frameworks • a logical framework is a meta-language for representing deductive systems • sample deductive systems • logics of all kinds • first-order logic, higher-order logic, temporal logic,... • programming languages • ML, lambda calculus, pi calculus • specification languages • set theory, type theory, multi-set rewriting, ... • compilers • translations between languages or logics

  4. Logical Frameworks meta-logical frameworks represent properties of logics Twelf, Nuprl, HOL, ... logical frameworks Automath, Nuprl, HOL, LF, ... represent logics logics FOL, linear logic, temporal logic represent proofs proofs (A and B) => C

  5. Logical Frameworks meta-logical frameworks represent properties of programming langs Twelf, Nuprl, HOL, ... logical frameworks Automath, Nuprl, HOL, LF, ... represent programming langs programming languages C, ML, Java lambda calculus represent programs programs if (n > 17) {...}

  6. Tasks for Logical Frameworks • Represent syntax • of a logic • of a programming language • Represent valid rules of inference • inference rules (modus ponens, law of the excluded middle) of a logic • typing rules, operational rules of a language • Represent valid deductions • valid proofs • well-typed programs, valid executions

  7. Outline • What is a logical framework? • Logical frameworks & security • CLF: a concurrent logical framework

  8. Application I: proof-carrying X • Proof-carrying code [Necula, Lee] • Attach a proof of some safety property to mobile code • Represent and check the proof in LF • Proof-carrying authentication [Appel, Felten] • Attach a proof of access rights to database query, service request • Represent and check the proof in LF

  9. Application II: Mechanical Reasoning • Increase our confidence in system properties through the following process • Represent algorithm, deductive system • Prove adequacy of representation • Prove security properties within the framework • LF normally small, simple and trustworthy • eg: LF has two type constructors • Appel et al. (100k lines LF, 0 soundness bugs) • Step 2 is least trustworthy

  10. Application II: Mechanical Reasoning • Authentication protocols • Extremely difficult to get correct • Highly concurrent • Errors are costly • Many different specification languages • informal notation, security logics, MSR, spi calculus,... • Represent protocols, languages & their properties/relationships in a logical fwrk

  11. Outline • What is a logical framework? • Logical frameworks & security • CLF: a concurrent logical framework

  12. Logical framework design • Logical framework design resembles programming language design • Simple logical frameworks are like simple programming languages • few features = simple, trustworthy implementation but limited expressiveness • expressive enough in principle but awkward and unmanageable in practice • adequacy may be unclear, difficult to prove

  13. The LF family of Logical Frameworks • Automath [De Bruijn], LF [Harper et al.] • Dependent types, intuitionistic functions • Represents pure PL, logics • Higher-order abstract syntax • Linear LF [Cervesato, Pfenning] • LF + linear functions, additive pairs • Represents state, effectful programming paradigms • Resource-conscious logics

  14. Concurrent LF (CLF) • Linear LF + a concurrency monad • The monad encapsulates a concurrent computation • Represents concurrent programming paradigms • MSR specifications of security protocols, pi-calculus, CML, Petri nets

  15. CLF types • Linear LF types + concurrency monad • Represent the state of a concurrent computation A,B ::= a | x:A.B | A -o B | T | A & B | {S} S ::= A | 1 | S1 S2 | x:A.S | !A

  16. Pure CLF terms • Pure Linear LF terms + concurrent computations • A monad encapsulates computations within the pure language pure terms M,N ::= c | x:A.M | M N | ... | {E}

  17. Effectful CLF computations • Computation E processes the ambient state • A let expression represents a step in a computation • Patterns p introduce new state computations E ::= let {p} = M in E | F patterns p ::= x:A | 1 | p1 p2 | x:A.p | !x states F ::= M | 1 | F1 F2 | [M,F] | !M

  18. Example CLF signature: Valid Computation: { let {m:wire M} = send M in let {m’:wire M’} = send M’ in let {1} = rec M’ m’ in let {1} = rec M m in ... } key : type. msg : type. encrypt : key -> msg -> msg. wire : msg -> type. send : M:msg.{wire M}. rec : M:msg.wire M -o {1}.

  19. Concurrency equations • LF and related dependent type theories provide a notion of definitional equality • When MN, the framework cannot distinguish M and N • We extend the LF equality: • The framework cannot distinguish the order of independent computation steps let {p} = M in let {p’} = M’ in E  let {p’} = M’ in let {p} = M in E (M,M’ do not contain variables in p,p’)

  20. Example Valid Computation: Equivalent Computation: { let {m:wire M} = send M in let {1} = rec M m in let {m’:wire M’} = send M’ in let {1} = rec M’ m’ in ... } { let {m:wire M} = send M in let {m’:wire M’} = send M’ in let {1} = rec M’ m’ in let {1} = rec M m in ... }

  21. Results • Definition and meta-theory of CLF • A new presentation of LF dependent type theory based on canonical forms • Decidability of type checking • Examples and applications • Representation of Petri nets, synchronous and asynchronous pi-calculus with proofs of adequacy • Novel, modular representation of CML in CLF • Representation of MSR & examples

  22. Further reading • Cervesato, Pfenning, Walker, Watkins. A concurrent logical framework. January 2002 (submitted). • Forthcoming technical reports: • Watkins et al. A concurrent logical framework I: Judgments and properties. • Cervesato et al. A concurrent logical framework II: Examples and applications.

  23. Future work • Implementation and logic programming operational semantics for CLF • Represent, check and execute concurrent computations • Meta-logical reasoning about concurrent computations • Properties of concurrent computations, bisimulation • Automatic proof search

  24. Conclusions • Study of logical frameworks is an important aspect of the development of secure and reliable systems • CLF enables concise and adequate representations of concurrent languages

More Related