advances in logical programming environments
DESCRIPTION
Advances in Logical Programming Environments. Programming. Logic. Communications. Secure software infrastructure. Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph Kreitz Lori Lorigo. Project goals. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/1.jpg)
![Page 2: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/2.jpg)
Stuart Allen Mark Bickford Robert Constable
Richard Eaton Christoph Kreitz Lori Lorigo
Secure software infrastructure
Logic
Programming
Communications
Advances in Advances in Logical Programming Logical Programming
EnvironmentsEnvironments
![Page 3: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/3.jpg)
Build open Logical Programming
Environment
- integrate programming language and logic
- share libraries of formalized mathematics
- enable cooperation among formal systems
- local reflection and code transformations
Project goals
Application to reliable embedded systems
- semantics-based transformation and optimization
- high-assurance software components and
systems - formal component design
![Page 4: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/4.jpg)
• Nuprl LPE - new implementation with open architecture - formal documentation mechanisms - development of class theory - local reflection for weaving aspects
Progress
• Application to networked systems - optimization of protocol stacks - compositional protocol verification -- formal designformal design of adaptive of adaptive
systemssystems
![Page 5: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/5.jpg)
• Cooperating processes
• Library as persistent database - basis for sharing mathematics
• Ability to connect to external systems
• Cooperating inference engines
• Multiple user interfaces
• Reflective system structure
LPE LPE ArchitectureArchitecture
![Page 6: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/6.jpg)
• Comments contain references to objects - formal content browsable while reading text
• Display objects determine term presentation - print representation (screen/LaTeX macros) - suppressing formal parameters - preferences vs. parentheses
Formal Formal DocumentationDocumentation
• Create documentation from formal objects - formal design expertise in “readable” form - screen display, LaTeX articles, HTML documents
![Page 7: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/7.jpg)
• Provides expressive type constructs - Union, Intersection, Subtyping, Records, Modules
• Supports formalization and composition of - Abstract specifications + concrete code of components - Modular verifications
IOA
Ocaml (Ensemble)
External System Formalizes JVM
Java/JVM
Ocaml Language Formalized in Nuprl
Class theory provides IOA formalisms
Formal Class Formal Class TheoryTheory
• Extends Nuprl’s type theory
![Page 8: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/8.jpg)
• Add properties to code Message Message Passing Passing
with with Total OrderTotal Order
Fault Fault TolerantTolerant
System with System with Total OrderTotal Order
Transform Total Order code to include rejoining &
view-change code
Fault Fault ToleranceTolerance
• Weaving as formal method requires local reflection - thms about semantical effect of syntactical transformations
- reasoning about refinement + meta-properties
Weaving and local Weaving and local reflectionreflection
![Page 9: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/9.jpg)
• Optimize component-based network systems
Formal Formal OptimizationOptimization
Fast, abstract, verifiably correct results, speedup factor 3-4
(demo available)• Automate with Nuprl LPE• Identify Common Case Predicates
• Component code + CCP -> optimization theorem • System composition -> theorem composition • Composed theorem -> new system code
• generate fast-path for common case• compress message headers
![Page 10: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/10.jpg)
Incremental through proof inheritance:
• (A = P) (A B = P)
A B intersects:
• states, actions
• initial states, transitionsInduction:
1. A I = I2. B I = I3. A.init B.init
I A B = I
View = view
View
ETO
ETO = total view
Total = total
Total
Compositional Protocol Compositional Protocol Verification Verification
![Page 11: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/11.jpg)
• Adapt system to suit run-time dynamics - system upgrades
- changing conditions (higher security levels, …)
- use optimal implementations of components
• Usually complicatedswitch
spec spec• Building block approach - generic switching protocol
constructs hybrid protocols from simpler ones
- flexible, easy to prove correct
Formal Design of Adaptive SystemsJoint work with Robbert Van Renesse, Xiaoming Liu, Ken Birman
![Page 12: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/12.jpg)
• Normal mode - forward messages to current protocol
- receive messages from current protocol
Switching Protocol
P1 P2
• Switching Mode - deliver messages from previous protocol
- buffer messages sent in the new protocol
Switching Protocols: basic Switching Protocols: basic modelmodel
![Page 13: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/13.jpg)
What kind of properties What kind of properties will be preserved by will be preserved by switching? switching?
In other words, what are the properties of these properties ?
Reliability?
Total Order?Integrity?Confidentiality?
Prioritized Delivery?
Virtual Synchrony?
propertiespropertiesmeta-meta-
Inject formal methods at earliest design Inject formal methods at earliest design stagestage
![Page 14: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/14.jpg)
we proved that six meta-properties are sufficient for protocols to work correctly under a switching protocol
switch
specspec
spec
networknetwork
Using Using the Nuprlthe Nuprl LPELPE
![Page 15: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/15.jpg)
Formal Model of Formal Model of CommunicationCommunication
• Communication property
- predicate P on traces
• Trace - List tr of send and receive events Send(p,m) : message p sent by process m
Deliver(p,m) : message p received by process m
![Page 16: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/16.jpg)
• Confidentiality qT. Deliver(q,m) tr pT. Send(p,m) tr )
• Reliability p,m. Send(p, m) tr q. Deliver(q,m) tr
Properties, formalizedProperties, formalized
• Integrity (T: set of trusted processes)
qT. Deliver(q,m) tr pT. Send(p,m) tr
• Total order q1,q2,m1,m2. Deliver(q1,m1) tr Deliver(q2,m1) tr Deliver(q1,m2) tr Deliver(q2,m2) tr Deliver(q1,m1) < Deliver(q1, m2)
Deliver(q2,m1) < Deliver(q2, m2)
![Page 17: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/17.jpg)
• Expressed by relation R between traces tru,trl above and below a protocol layer
M(P) tru,trl. P(trl) trl R tru P(tru)
Meta-propertyMeta-property
• Predicate M on properties of protocols
• Requires capability for higher order reasoning
![Page 18: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/18.jpg)
Meta-properties for Meta-properties for SwitchingSwitching
}}
Layered Communication
Protocol Switching
Rsend-e (tru ,trl) tru = trl @ [Send(p1,m1),..,Send(pn,mn)]
Rasync (tru ,trl) swap-adjacent(trl ,tru) for e1,e2
with process(e1) process(e2)
Rdelay (tru ,trl) swap-adjacent(trl ,tru) for e1,e2
with
e1=Send(p,m1) e2 =
Deliver(p,m2)
Rsafety (tru ,trl) trl truRcomposable (tru ,trl1,trl2 ) trl1trl2=[] interleave(tru,trl1,trl2) …
Rmemoryless (tru ,trl) tru = trl - [e | msg(e){m1,..,mn}]
Switchable(P) Msafety (P) … Mcomposable
(P)
AsynchronySafety
DelayableSend-enabled
Composable
Memoryless
![Page 19: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/19.jpg)
Formal design at same pace as Formal design at same pace as “informal” one“informal” one
Verifying Hybrid Verifying Hybrid ProtocolsProtocols
P.tru,trl. switch_invariant(tru,trl)
Switchable(P)
(P(pr1(trl)) P(pr2(trl))) P(tru)Switchable properties are preserved if the switch implementation satisfies a switch invariant• tru results from swapping trl events with different
origin • messages sent by different protocols must be delivered
in the same order
Nuprl proof developed in parallel to implementation
![Page 20: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/20.jpg)
Lessons learned
• Employing formal techniques at every design stage is of great use for building efficient network systems
• The LPE is capable of supporting “real” design - its theory is very expressive - reflection supports reasoning about program transformation• Automation still needs to be increased
• More experience from applications is necessary
• The component-based approach is ideal for building adaptive systems
![Page 21: Advances in Logical Programming Environments](https://reader030.vdocuments.mx/reader030/viewer/2022032313/56812bca550346895d901f85/html5/thumbnails/21.jpg)
• Extend scope of automation - Domain-specific reasoning strategies - Connect external inference engines - Formalize design knowledge (e.g. as theorems) - Techniques for automated system (code) synthesis
• Develop and deploy full reflection mechanism
• Build formal infrastructure for practitioners - Include library of formally documented mathematics
Plans
• Design & verification of new programs - New hybrid protocols (adaptivity) - Probabilistic protocols (scalability)