Small Proof Witnesses for LF - PowerPoint PPT Presentation

About This Presentation
Title:

Small Proof Witnesses for LF

Description:

Generalize Substitution Trees. Example: A Natural Deduction Logic. alli : prov (forall x. P x) ... alli. alle. impe. alle. impi. impe. alle. impe. u (1/3 ) (2/3 ) ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 25
Provided by: Susmit
Learn more at: http://www.cs.cmu.edu
Category:
Tags: lli | proof | witnesses

less

Transcript and Presenter's Notes

Title: Small Proof Witnesses for LF


1
Small Proof Witnesses for LF
  • Susmit Sarkar
  • Brigitte Pientka
  • Karl Crary

2
Motivation Untrusted Code
  • Want execute untrusted code

Internet
Code Consumer
Code
3
Solution Certified Code
  • Solution Certificate with Code
  • Proof Carrying Code Necula

Internet
Code Consumer
Code
Certificate
4
What is a Certificate?
  • Prove Code is Safe
  • Easily checkable by Code Consumer
  • First Answer Proof in a Logic

5
Logical Framework (LF)
  • Uniformly represent logics (and proofs)
  • Well-studied properties
  • Used extensively PCC, FPCC, TALT,
  • Problem Proofs are BIG!

6
Use Proof Search?
  • Ask Code Consumer to search for proof
  • Caveat Higher-order Logic Programming
  • Advantage Zero proof size
  • Disadvantage Large time required

7
Idea Proof Search with Guidance
  • Do Proof Search
  • Look at proof to resolve Dont Know choices
  • All we really require are the choices
  • Encode as oracle Necula and Rahul

8
What is a Certificate? contd.
  • New Answer Sequence of choices made (as a
    position number from available choices)
  • Can be efficiently encoded
  • Time to check sufficiently low

9
Our Contributions
  • Oracles for higher-order logic programming
  • Handle the entire LF language (as implemented in
    Twelf)
  • Previous efforts Necula et al, Wu et al
    restricted to a subset
  • Generic oracle creation/verification for a
    variety of logics
  • Efficient Term-Indexing strategies

10
Rest of Talk
  • Higher-order Logic Programming
  • Challenges
  • Instrumentation to generate / verify oracle
  • Experimental results

11
Higher-order Logic Programming
  • Goals may have nested implications and universal
    quantifiers
  • Depth-First Search (like Prolog)
  • New Issues
  • Dynamic Assumptions added (Scoping rules)
  • Term language is higher-order (Requires Higher
    Order Unification)
  • Efficient Term Indexing strategies needed

12
Proof Search (producing proof)
  • Have set of dynamic assumptions ?
  • Case Goal is 8 x. G
  • Solve G a/x in ? (a is new parameter)
  • Get proof M a/x for subgoal
  • Proof for goal is ? x. M

13
Proof Search contd.
  • Case Goal is G1 ¾ G2
  • Add clause uG1 to ?
  • Solve for G2 under this extended set of
    assumptions
  • Get proof M for subgoal
  • Proof for goal is ? u. M

14
Proof Search contd.2
  • Case Goal is Atomic
  • Choose clause C (from program or dynamic
    assumptions) matching goal
  • Solve subgoals of clause
  • Get proof M for subgoals
  • Proof for goal is C . M
  • records C used, and M for rest

15
Higher-Order Term Indexing
  • Term Indexing strategy important
  • Reduction of choices is efficient for oracle size
  • Our strategy Higher-order Substitution Trees
    Pientka
  • Generalize Substitution Trees

16
Example A Natural Deduction Logic
  • alli prov (forall ? x. P x)
  • lt- (? x. prov (P x)).
  • alle prov (P T)
  • lt- prov (forall ? x. P x).
  • impi prov (imp P1 P2)
  • lt- (prov P1 -gt prov P2).
  • impe prov P
  • lt- prov (imp P1 P)
  • lt- prov P1.

17
Example Query

prov (forall ? y. (imp (forall ? x. p x) (p y)))
alli
alle
impe
(1/3 )
? a. prov (imp (forall ? x. p x) (p a))
prov (imp (forall ? x. p x) (p a))
impe
(2/3 )
impi
alle
prov (forall ? x. p x) ¾ prov (p a)
uprov (forall ? x. p x) prov (p a)
impe
alle
u
(1/3 )
uprov (forall ? x. p x) prov (forall ? x. p x)
18
Oracle Generation / Verification
  • Generating Oracle assumes Proof Term available
  • Verifying Oracle assumes Oracle available
  • Follow complementary procedures
  • Similar to proof search procedure sketched out

19
Instrumented Proof Search
  • Case Goal is 8 x. G
  • Solve a/x G
  • No choice to be made
  • Case Goal is G1 ¾ G2
  • Solve G2 in extended set of dynamic assumptions
  • No choice to be made

20
Atomic Goal Generation
  • Case Goal is atomic
  • Choose clause C. Solve its subgoals
  • During Generation,
  • Look at proof term (records choice)
  • Count choices available
  • Oracle records number of choice made

21
Atomic Goal Verification
  • Case Goal is atomic
  • Choose clause C. Solve its subgoals
  • During Verification,
  • Look at oracle (records positional number of
    choice)
  • Count choices available
  • Take indicated choice

22
Results Time
Proof Search Time (sec) Witness Checking Time (sec) Speedup
Refinement Multiplication 5.81 1.10 5.3
Refinement Square 12.55 1.85 6.8
FPCC Closure 12.26 0.47 26.1
FPCC Increment 11.55 0.70 18.3
23
Results Proof Size
Proof Size (bytes) Witness Size (bytes) Size Reduction
Refinement Multiplication 15,654 169 92.6
Refinement Square 25,303 242 104.6
FPCC Closure 201,910 638 316.5
FPCC Increment 441,965 703 628.7
24
Conclusions
  • Instrumented a proof search procedure to produce
    / verify small witnesses
  • Handle all of LF (higher-order logic programming
    required)
  • Experimental Study of technique
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Small Proof Witnesses for LF" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!