Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Refine your types!

Romain Ruetschi
May 31, 2018
Research
0
86

Refine your types!

I describe what refinement types are, and how they can help us write better software, while showcasing a few concrete examples written in LiquidHaskell.

In the second part of the talk, I take a closer look at the theory behind refinement types.

At last, I show how to build your own programming language with refinement types, by making use of Inox, a powerful interface for SMT solvers.

Romain Ruetschi

May 31, 2018
Tweet

More Decks by Romain Ruetschi

See All by Romain Ruetschi
Formal verification of Scala programs with Stainless
romac
0
330
Formal verification of Scala programs with Stainless
romac
0
140
Formal verification in Scala with Leon
romac
0
130
An encoding of Any for Leon
romac
0
41

Other Decks in Research

See All in Research
【RESEARCH Conference 2023】LINEのユーザーファースト企画。それを実現するリサーチ活用術
researchconf
0
280
量子コンピュータ開発について
forest1040
1
460
Volume Expression GGX(Microfacet)
kinakomoti321
1
660
[IR Reading 2023春 論文紹介] A Unified Framework for Learned Sparse Retrieval (ECIR 2023) /IR-Reading-2023-spring
koheishinden
0
190
エッジコンピューティングとelixir
kikuzo
3
190
20230923_Kaggler_meetup_LT_ya9do.pdf
ya9do
2
870
ACL2023レポート − LLMの動向を中心に
misonuma
4
830
使用済燃料の貯蔵状況と対策(2023年3月末時点)
hide2kano
0
110
O-RAN OAM 整合SMO 以及 用 ONAP 部屬 SMO 介紹
thc1006
0
140
WhitenedCSE: Whitening-based Contrastive Learning of Sentence Embeddings
hpprc
2
280
How to write a good CHI paper (that might just get accepted)
codingconduct
1
1.7k
大学生の学習における生成系AI活用方法と今後の課題点 (2023.09.05)
kuanyi_n_n
0
220

Featured

See All Featured
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
215
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
Product Roadmaps are Hard
iamctodd
42
8.7k
Making Projects Easy
brettharned
104
5.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
880
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
[RailsConf 2023] Rails as a piece of cake
palkan
15
2.8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.3k
The Language of Interfaces
destraynor
149
22k
Ruby is Unlike a Banana
tanoku
93
9.9k
Git: the NoSQL Database
bkeepers
PRO
420
61k
WebSockets: Embracing the real-time Web
robhawkes
58
6.5k

Transcript

  1. Refine your types!
    Romain Ruetschi
    31.05.2018
    Romain Ruetschi Refine your types! 31.05.2018 1 / 30

    View Slide

  2. Two words about me
    Hi, my name is Romain Ruetschi, but you can also call me Romac.
    I am usually found online under various spellings of “romac”.
    Twitter: https://twitter.com/_romac
    GitHub: https://github.com/romac
    Homepage: https://romac.me
    Romain Ruetschi Refine your types! 31.05.2018 2 / 30

    View Slide

  3. Refinement types
    Romain Ruetschi Refine your types! 31.05.2018 3 / 30

    View Slide

  4. Outline
    Refinement types
    1 A quick introduction
    2 Under the hood
    3 In the wild
    Romain Ruetschi Refine your types! 31.05.2018 4 / 30

    View Slide

  5. A quick introduction
    A quick introduction
    Romain Ruetschi Refine your types! 31.05.2018 5 / 30

    View Slide

  6. A quick introduction
    Types
    Int
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  7. A quick introduction
    Types
    Int
    Boolean
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  8. A quick introduction
    Types
    Int
    Boolean
    List[Int]
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  9. A quick introduction
    Types
    Int
    Boolean
    List[Int]
    List[A] → Int
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  10. A quick introduction
    Types
    3 : Int
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  11. A quick introduction
    Types
    3 : Int
    true : Boolean
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  12. A quick introduction
    Types
    3 : Int
    true : Boolean
    List(1, 2, 3) : List[Int]
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  13. A quick introduction
    Types
    3 : Int
    true : Boolean
    List(1, 2, 3) : List[Int]
    (xs: List[A]) => xs.length : List[A] → Int
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  14. A quick introduction
    Refinement types
    { x : T | p }
    Romain Ruetschi Refine your types! 31.05.2018 8 / 30

    View Slide

  15. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  16. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    { xs : List[A] | !xs.isEmpty }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  17. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    { xs : List[A] | !xs.isEmpty }
    { t : Tree | isBalanced(t) }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  18. A quick introduction
    Refinement types
    { xs : List[A] | xs.length = 0} → A
    Romain Ruetschi Refine your types! 31.05.2018 10 / 30

    View Slide

  19. A quick introduction
    Refinement types
    { xs : List[A] | xs.length = 0} → A
    List[A] → { n : Int | n ≥ 0}
    Romain Ruetschi Refine your types! 31.05.2018 10 / 30

    View Slide

  20. A quick introduction
    Refinement types
    A → { n : Int | x ≥ 0} → { xs : List[A] | xs.length = n }
    Romain Ruetschi Refine your types! 31.05.2018 11 / 30

    View Slide

  21. A quick introduction
    Relation with dependent types
    Not easy to precisely define either system. One view is that:
    With dependent types, types can refer to terms, the calculus is
    normalizing.
    With refinement types, types don’t necessarily need to be able to refer
    to terms, and the calculus does not need to be normalizing, because
    proofs are discharged to a solver.
    In practice, it is natural to allow refinement types to refer to terms.
    Romain Ruetschi Refine your types! 31.05.2018 12 / 30

    View Slide

  22. A quick introduction
    Relation with dependent types, continued
    If we restrict ourselves to the view that dependent types ≈ Coq and
    refinement types ≈ LiquidHaskell, then:
    Dependent types are more expressive than refinement types, ie. one
    can model pretty much any kind of mathematics using dependent
    types, tactics, and manual proofs.
    Refinement types are more suited for automation, as predicates are
    drawn from a decidable logic, and proof obligations can thus be
    discharged to an SMT solver.
    Romain Ruetschi Refine your types! 31.05.2018 13 / 30

    View Slide

  23. Under the hood
    Under the hood
    Romain Ruetschi Refine your types! 31.05.2018 14 / 30

    View Slide

  24. Under the hood
    Subtyping
    Refinement types rest on the following notion of subtyping:
    Γ { x : A | p } { y : A | q }

    Valid Γ ∧ p ⇒ q

    CheckSat ¬( Γ ∧ p ⇒ q ) = UNSAT
    Romain Ruetschi Refine your types! 31.05.2018 15 / 30

    View Slide

  25. Under the hood
    Subtyping (example)
    { val x: Int = 42 } { y: Int | y > x } { z: Int | z > 0 }

    Valid (x = 42 ∧ y > x ∧ z = y) ⇒ z > 0)

    CheckSat ¬((x = 42 ∧ y > x ∧ z = y) ⇒ z > 0) = UNSAT
    Romain Ruetschi Refine your types! 31.05.2018 16 / 30

    View Slide

  26. Under the hood
    Contracts
    This function
    def f(x: Int { x > 0 }): { y: Int | y < 0 } = 0 - x
    is correct if
    { x: Int | x > 0 } { z: Int | z = 0 - x } { y: Int | y < 0 }

    Valid (x > 0 ∧ (z = 0 − x) ∧ (y = z)) ⇒ y < 0
    Romain Ruetschi Refine your types! 31.05.2018 17 / 30

    View Slide

  27. Under the hood
    Solving constraints with SMT solvers
    Satisfiability Modulo Theories: Akin to a SAT solver with support for
    additional theories: algebraic data types, integer arithmetic, real
    arithmetic, bitvectors, sets, etc.
    Can choose from Z3, CVC4, Yices, Princess, and others.
    In practice, cannot just translate from the host language into SMT
    because of quantifiers, recursive functions, polymorphism, etc.
    Lots of work, difficult to get right (ie. sound and complete).
    Romain Ruetschi Refine your types! 31.05.2018 18 / 30

    View Slide

  28. Under the hood
    Solving constraints with Inox2
    1 Solver for higher-order functional programs which provides first-class
    support for features such as:
    1 Recursive and first-class functions
    2 ADTs, integers, bitvectors, strings, set-multiset-map abstractions
    3 Quantifiers
    4 ADT invariants
    2 Implements a very involved unfolding strategy to deal with all of the
    above [1, 2, 3]
    3 Interfaces with various SMT solvers (Z3, CVC4, Princess)
    4 Powers Stainless, a verification system for Scala1
    1https://github.com/epfl-lara/stainless
    2https://github.com/epfl-lara/inox
    Romain Ruetschi Refine your types! 31.05.2018 19 / 30

    View Slide

  29. Under the hood
    Write your own language with refinement types
    Demo
    Romain Ruetschi Refine your types! 31.05.2018 20 / 30

    View Slide

  30. In the wild
    In the wild
    Romain Ruetschi Refine your types! 31.05.2018 21 / 30

    View Slide

  31. In the wild
    LiquidHaskell
    Modern incarnation of refinement types for Haskell, ie. Liquid types [4]
    Refinement are quantifier-free predicates drawn from a decidable logic.
    [4]
    Type refinement are specified as comments in the source code.
    Romain Ruetschi Refine your types! 31.05.2018 22 / 30

    View Slide

  32. In the wild
    LiquidHaskell
    Demo
    Romain Ruetschi Refine your types! 31.05.2018 23 / 30

    View Slide

  33. In the wild
    F∗
    General-purpose dialect of ML with effects aimed at program
    verification.
    Dependently-typed language with refinements, type checking done via
    an SMT solver.
    Can be extracted to efficient OCaml, F, or C code.
    Initially developed at Microsoft Research.
    Romain Ruetschi Refine your types! 31.05.2018 24 / 30

    View Slide

  34. In the wild
    F∗
    Part of Project Everest, an in-progress verified implementation of
    HTTPS, TLS, X.509, and cryptographic algorithms.3
    3https://project-everest.github.io
    Romain Ruetschi Refine your types! 31.05.2018 25 / 30

    View Slide

  35. In the wild
    Scala 3 (one day?)
    Ongoing effort by Georg Schmid to add refinement types to
    Dotty/Scala 3[5]
    Romain Ruetschi Refine your types! 31.05.2018 26 / 30

    View Slide

  36. In the wild
    Acknowledgement
    Many thanks to Georg Schmid for his insights and for taking time to answer
    my questions.
    Go check out his work! [5]
    Romain Ruetschi Refine your types! 31.05.2018 27 / 30

    View Slide

  37. In the wild
    Thanks!
    Romain Ruetschi Refine your types! 31.05.2018 28 / 30

    View Slide

  38. In the wild
    References I
    [1] P. Suter, A. S. Köksal, and V. Kuncak, “Satisfiability modulo recursive
    programs,” in Proceedings of the 18th International Conference on
    Static Analysis, SAS’11, Springer-Verlag, 2011.
    [2] N. Voirol and V. Kuncak, “Automating verification of functional
    programs with quantified invariants,” p. 17, 2016.
    [3] N. Voirol and V. Kuncak, “On satisfiability for quantified formulas in
    instantiation-based procedures,” 2016.
    [4] R. Jhala, “Refinement types for haskell,” in Proceedings of the ACM
    SIGPLAN 2014 Workshop on Programming Languages Meets Program
    Verification, PLPV ’14, pp. 27–27, ACM, 2014.
    Romain Ruetschi Refine your types! 31.05.2018 29 / 30

    View Slide

  39. In the wild
    References II
    [5] G. S. Schmid and V. Kuncak, “Smt-based checking of
    predicate-qualified types for scala,” in Proceedings of the 2016 7th ACM
    SIGPLAN Symposium on Scala, SCALA 2016, pp. 31–40, ACM, 2016.
    Romain Ruetschi Refine your types! 31.05.2018 30 / 30

    View Slide