Upgrade to Pro — share decks privately, control downloads, hide ads and more …

When Types are Not Enough

Lars Hupel
September 22, 2015
Programming
1
760

When Types are Not Enough

Live code: https://gist.github.com/larsrh/d931ae84e48b2089d981

It is well-known that tests provide an existential guarantee (if the test fails, there is a bug), and that types provide a universal guarantee (the program can't go wrong). Combined, both are useful tools to gain more confidence in the correctness of a given program. However, not all languages provide a sophisticated type system which is able to encode strong properties. Some do, but the syntax is cumbersome. Luckily, there are tools which help to verify code without having to resort to rewriting it completely in a different language.

In this talk, we’ll explore the meanings of specification and implementation, how to formally specify programs, and how to create a connection between these two. We will also look at how to produce one from the other, and present some of the existing tools.

Lars Hupel

September 22, 2015
Tweet

More Decks by Lars Hupel

See All by Lars Hupel
Der Digitale Euro: Was, Warum, Wie?
larsrh
0
17
Digital Cash: What It Is and How It Works
larsrh
0
25
When testing just doesn't cut it (Lambda Days edition)
larsrh
0
20
Designing CBDCs for Seamless Integration with External DLTs: Strategies and Solutions
larsrh
0
29
1000 auf einen Streich
larsrh
0
62
When testing just doesn't cut it
larsrh
0
18
The Role of DSLs in Architecture Design
larsrh
0
24
Was Kubernetes-Ingress-Regeln mit der Chomsky-Hierarchie zu tun haben
larsrh
0
45
Mayday, we're syncing!
larsrh
0
21

Other Decks in Programming

See All in Programming
Rubyでたのしむクリエイティブコーディング/Enjoy Creative coding with Ruby
chobishiba
1
170
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
코틀린으로 멀티플랫폼 만들기
pangmoo
0
140
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
240
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
170
サイコロで理解する統計的仮説検定の考え方
tatamiya
4
850
What We Can Learn From OSS
inouehi
0
420
CQRS/ES avec Symfony, c’est (trop) bien !
jeremyfreeagent
1
640
Micro Frontends for Java Microservices - Devnexus 2024
mraible
PRO
0
470
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
100
入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2
genkiogasawara
1
320

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.3k
Thoughts on Productivity
jonyablonski
57
3.8k
Clear Off the Table
cherdarchuk
83
310k
Faster Mobile Websites
deanohume
298
30k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
Ruby is Unlike a Banana
tanoku
96
10k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
A Philosophy of Restraint
colly
196
16k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Adopting Sorbet at Scale
ufuk
67
8.6k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
16
6.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
115
18k

Transcript

  1. When Types are Not Enough Lars Hupel September 22nd, 2015

  2. So ware Development ▶ there are many methodologies out there

    ... ▶ in Scala: universal agreement that types and tests should be used for correctness ▶ What is correctness? ▶ Who defines correctness? 2

  3. Example Task Implement a func on which sorts a list

    of numbers. 3

  4. Example Task Implement a func on which sorts a list

    of numbers. Solu on? ▶ numbers? 3

  5. Example Task Implement a func on which sorts a list

    of numbers. Solu on? ▶ numbers? ▶ sort? 3

  6. Example Task Implement a func on which sorts a list

    of numbers. Solu on? ▶ numbers? ▶ sort? ▶ duplicates? ordering? stability? 3

  7. Specifica ons 4

  8. Specifica ons 4

  9. Assump ons ▶ There is a clear specifica on. ▶

    ... if only for a subsystem. ▶ The specifica on makes sense. ▶ The specifica on doesn’t contradict itself. 5

  10. Specifica on vs. Implementa on How to check adherence of

    an implementa on to a specifica on? tests “in these cases, the output is correct” types “for all inputs, the output is wellformed” proofs “for all inputs, the output is correct” 6

  11. Specifica on vs. Implementa on How to check adherence of

    an implementa on to a specifica on? tests “in these cases, the output is correct” types “for all inputs, the output is wellformed” proofs “for all inputs, the output is correct” 6 It looks like you want to prove something. Need help with that?

  12. What can types do? “ A type system is a

    tractable syntac c method of proving the absence of certain program behaviors by classifying phrases according to the kinds of values they compute. Benjamin Pierce ” 7

  13. Types vs. Proofs ▶ Curry-Howard tells us that types are

    proposi ons and values are proofs ▶ Dependently-typed languages: unified values & types ▶ process of construc ng values entails proving correctness ▶ intrinsic connec on 8

  14. Example data Color = Red | Black data Tree a

    = Leaf | Node color (Tree a) a (Tree a) isRBT :: Tree a -> Bool 9

  15. Example data Color = Red | Black data Nat =

    Z | S Nat data Tree :: * -> Color -> Nat -> * where Leaf :: Tree a Black Z NodeR :: a -> Tree a Black n -> Tree a Black n -> Tree a Red n NodeB :: a -> Tree a c n -> Tree a c’ n -> Tree a Black (S n) 9

  16. Programming & Proving systems Type expressiveness Proof suitability 10

  17. Example data Color = Red | Black data Nat =

    Z | S Nat data Tree :: * -> Color -> Nat -> * where Leaf :: Tree a Black Z NodeR :: a -> Tree a Black n -> Tree a Black n -> Tree a Red n NodeB :: a -> Tree a c n -> Tree a c’ n -> Tree a Black (S n) 11

  18. Proving with Simple Types ▶ even without fancy types, proofs

    are s ll possible ▶ enforces separa on of terms and proposi ons 12

  19. Q & A  larsr h  larsrh