Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Refine your types!

Romain Ruetschi
May 31, 2018
Research
0
78

Refine your types!

I describe what refinement types are, and how they can help us write better software, while showcasing a few concrete examples written in LiquidHaskell.

In the second part of the talk, I take a closer look at the theory behind refinement types.

At last, I show how to build your own programming language with refinement types, by making use of Inox, a powerful interface for SMT solvers.

Romain Ruetschi

May 31, 2018
Tweet

More Decks by Romain Ruetschi

See All by Romain Ruetschi
Formal verification of Scala programs with Stainless
romac
0
290
Formal verification of Scala programs with Stainless
romac
0
130
Formal verification in Scala with Leon
romac
0
110
An encoding of Any for Leon
romac
0
38

Other Decks in Research

See All in Research
第23回チャンピオンズミーティング・ピスケス杯ラウンド1集計 / Umamusume Aquarius 2023 Round1
kitachan_black
0
980
論文解説 InstructGPT : Training language models to follow instructions with human feedback
koharite
0
180
サービスメッシュを用いたマイクロサービス型分散システムの運用管理/servicemesh in hitachi
ido_kara_deru
1
280
ピッチコールの公平性と観客の存在:MLBの投球データ分析
ontime11
0
280
Dangerous ‘Deep Decarbonization’ (Krebs PowerPoint to Cooler Heads Coalition)
gkehr1
0
780
サイボウズのUXリサーチャーについて
cybozuinsideout
PRO
0
560
ABEMAにおけるサムネイル検証とOPE活用
ebisawahayata
2
1k
傾向スコアのモデルに含める共変量選択のアプローチ
tomoshige_n
1
900
再現性問題 再入門
arumakan
0
160
20221219TXPMedical勉強会
tadook
1
380
アナログが世界を救う? アナログコンピューティングの応用と課題
kentaroy47
0
160
ICH E9 (R1) 臨床試験のための統計的原則〜中間事象に対するストラテジー
shuntaros
1
250

Featured

See All Featured
WebSockets: Embracing the real-time Web
robhawkes
58
6.1k
Facilitating Awesome Meetings
lara
34
4.7k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Building an army of robots
kneath
300
41k
Gamification - CAS2011
davidbonilla
75
4.2k
GraphQLとの向き合い方2022年版
quramy
22
10k
It's Worth the Effort
3n
177
26k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
The Invisible Side of Design
smashingmag
292
49k
No one is an island. Learnings from fostering a developers community.
thoeni
12
1.6k
Ruby is Unlike a Banana
tanoku
93
9.6k

Transcript

  1. Refine your types!
    Romain Ruetschi
    31.05.2018
    Romain Ruetschi Refine your types! 31.05.2018 1 / 30

    View Slide

  2. Two words about me
    Hi, my name is Romain Ruetschi, but you can also call me Romac.
    I am usually found online under various spellings of “romac”.
    Twitter: https://twitter.com/_romac
    GitHub: https://github.com/romac
    Homepage: https://romac.me
    Romain Ruetschi Refine your types! 31.05.2018 2 / 30

    View Slide

  3. Refinement types
    Romain Ruetschi Refine your types! 31.05.2018 3 / 30

    View Slide

  4. Outline
    Refinement types
    1 A quick introduction
    2 Under the hood
    3 In the wild
    Romain Ruetschi Refine your types! 31.05.2018 4 / 30

    View Slide

  5. A quick introduction
    A quick introduction
    Romain Ruetschi Refine your types! 31.05.2018 5 / 30

    View Slide

  6. A quick introduction
    Types
    Int
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  7. A quick introduction
    Types
    Int
    Boolean
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  8. A quick introduction
    Types
    Int
    Boolean
    List[Int]
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  9. A quick introduction
    Types
    Int
    Boolean
    List[Int]
    List[A] → Int
    Romain Ruetschi Refine your types! 31.05.2018 6 / 30

    View Slide

  10. A quick introduction
    Types
    3 : Int
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  11. A quick introduction
    Types
    3 : Int
    true : Boolean
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  12. A quick introduction
    Types
    3 : Int
    true : Boolean
    List(1, 2, 3) : List[Int]
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  13. A quick introduction
    Types
    3 : Int
    true : Boolean
    List(1, 2, 3) : List[Int]
    (xs: List[A]) => xs.length : List[A] → Int
    Romain Ruetschi Refine your types! 31.05.2018 7 / 30

    View Slide

  14. A quick introduction
    Refinement types
    { x : T | p }
    Romain Ruetschi Refine your types! 31.05.2018 8 / 30

    View Slide

  15. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  16. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    { xs : List[A] | !xs.isEmpty }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  17. A quick introduction
    Refinement types
    { n : Int | n > 0 }
    { xs : List[A] | !xs.isEmpty }
    { t : Tree | isBalanced(t) }
    Romain Ruetschi Refine your types! 31.05.2018 9 / 30

    View Slide

  18. A quick introduction
    Refinement types
    { xs : List[A] | xs.length = 0} → A
    Romain Ruetschi Refine your types! 31.05.2018 10 / 30

    View Slide

  19. A quick introduction
    Refinement types
    { xs : List[A] | xs.length = 0} → A
    List[A] → { n : Int | n ≥ 0}
    Romain Ruetschi Refine your types! 31.05.2018 10 / 30

    View Slide

  20. A quick introduction
    Refinement types
    A → { n : Int | x ≥ 0} → { xs : List[A] | xs.length = n }
    Romain Ruetschi Refine your types! 31.05.2018 11 / 30

    View Slide

  21. A quick introduction
    Relation with dependent types
    Not easy to precisely define either system. One view is that:
    With dependent types, types can refer to terms, the calculus is
    normalizing.
    With refinement types, types don’t necessarily need to be able to refer
    to terms, and the calculus does not need to be normalizing, because
    proofs are discharged to a solver.
    In practice, it is natural to allow refinement types to refer to terms.
    Romain Ruetschi Refine your types! 31.05.2018 12 / 30

    View Slide

  22. A quick introduction
    Relation with dependent types, continued
    If we restrict ourselves to the view that dependent types ≈ Coq and
    refinement types ≈ LiquidHaskell, then:
    Dependent types are more expressive than refinement types, ie. one
    can model pretty much any kind of mathematics using dependent
    types, tactics, and manual proofs.
    Refinement types are more suited for automation, as predicates are
    drawn from a decidable logic, and proof obligations can thus be
    discharged to an SMT solver.
    Romain Ruetschi Refine your types! 31.05.2018 13 / 30

    View Slide

  23. Under the hood
    Under the hood
    Romain Ruetschi Refine your types! 31.05.2018 14 / 30

    View Slide

  24. Under the hood
    Subtyping
    Refinement types rest on the following notion of subtyping:
    Γ { x : A | p } { y : A | q }

    Valid Γ ∧ p ⇒ q

    CheckSat ¬( Γ ∧ p ⇒ q ) = UNSAT
    Romain Ruetschi Refine your types! 31.05.2018 15 / 30

    View Slide

  25. Under the hood
    Subtyping (example)
    { val x: Int = 42 } { y: Int | y > x } { z: Int | z > 0 }

    Valid (x = 42 ∧ y > x ∧ z = y) ⇒ z > 0)

    CheckSat ¬((x = 42 ∧ y > x ∧ z = y) ⇒ z > 0) = UNSAT
    Romain Ruetschi Refine your types! 31.05.2018 16 / 30

    View Slide

  26. Under the hood
    Contracts
    This function
    def f(x: Int { x > 0 }): { y: Int | y < 0 } = 0 - x
    is correct if
    { x: Int | x > 0 } { z: Int | z = 0 - x } { y: Int | y < 0 }

    Valid (x > 0 ∧ (z = 0 − x) ∧ (y = z)) ⇒ y < 0
    Romain Ruetschi Refine your types! 31.05.2018 17 / 30

    View Slide

  27. Under the hood
    Solving constraints with SMT solvers
    Satisfiability Modulo Theories: Akin to a SAT solver with support for
    additional theories: algebraic data types, integer arithmetic, real
    arithmetic, bitvectors, sets, etc.
    Can choose from Z3, CVC4, Yices, Princess, and others.
    In practice, cannot just translate from the host language into SMT
    because of quantifiers, recursive functions, polymorphism, etc.
    Lots of work, difficult to get right (ie. sound and complete).
    Romain Ruetschi Refine your types! 31.05.2018 18 / 30

    View Slide

  28. Under the hood
    Solving constraints with Inox2
    1 Solver for higher-order functional programs which provides first-class
    support for features such as:
    1 Recursive and first-class functions
    2 ADTs, integers, bitvectors, strings, set-multiset-map abstractions
    3 Quantifiers
    4 ADT invariants
    2 Implements a very involved unfolding strategy to deal with all of the
    above [1, 2, 3]
    3 Interfaces with various SMT solvers (Z3, CVC4, Princess)
    4 Powers Stainless, a verification system for Scala1
    1https://github.com/epfl-lara/stainless
    2https://github.com/epfl-lara/inox
    Romain Ruetschi Refine your types! 31.05.2018 19 / 30

    View Slide

  29. Under the hood
    Write your own language with refinement types
    Demo
    Romain Ruetschi Refine your types! 31.05.2018 20 / 30

    View Slide

  30. In the wild
    In the wild
    Romain Ruetschi Refine your types! 31.05.2018 21 / 30

    View Slide

  31. In the wild
    LiquidHaskell
    Modern incarnation of refinement types for Haskell, ie. Liquid types [4]
    Refinement are quantifier-free predicates drawn from a decidable logic.
    [4]
    Type refinement are specified as comments in the source code.
    Romain Ruetschi Refine your types! 31.05.2018 22 / 30

    View Slide

  32. In the wild
    LiquidHaskell
    Demo
    Romain Ruetschi Refine your types! 31.05.2018 23 / 30

    View Slide

  33. In the wild
    F∗
    General-purpose dialect of ML with effects aimed at program
    verification.
    Dependently-typed language with refinements, type checking done via
    an SMT solver.
    Can be extracted to efficient OCaml, F, or C code.
    Initially developed at Microsoft Research.
    Romain Ruetschi Refine your types! 31.05.2018 24 / 30

    View Slide

  34. In the wild
    F∗
    Part of Project Everest, an in-progress verified implementation of
    HTTPS, TLS, X.509, and cryptographic algorithms.3
    3https://project-everest.github.io
    Romain Ruetschi Refine your types! 31.05.2018 25 / 30

    View Slide

  35. In the wild
    Scala 3 (one day?)
    Ongoing effort by Georg Schmid to add refinement types to
    Dotty/Scala 3[5]
    Romain Ruetschi Refine your types! 31.05.2018 26 / 30

    View Slide

  36. In the wild
    Acknowledgement
    Many thanks to Georg Schmid for his insights and for taking time to answer
    my questions.
    Go check out his work! [5]
    Romain Ruetschi Refine your types! 31.05.2018 27 / 30

    View Slide

  37. In the wild
    Thanks!
    Romain Ruetschi Refine your types! 31.05.2018 28 / 30

    View Slide

  38. In the wild
    References I
    [1] P. Suter, A. S. Köksal, and V. Kuncak, “Satisfiability modulo recursive
    programs,” in Proceedings of the 18th International Conference on
    Static Analysis, SAS’11, Springer-Verlag, 2011.
    [2] N. Voirol and V. Kuncak, “Automating verification of functional
    programs with quantified invariants,” p. 17, 2016.
    [3] N. Voirol and V. Kuncak, “On satisfiability for quantified formulas in
    instantiation-based procedures,” 2016.
    [4] R. Jhala, “Refinement types for haskell,” in Proceedings of the ACM
    SIGPLAN 2014 Workshop on Programming Languages Meets Program
    Verification, PLPV ’14, pp. 27–27, ACM, 2014.
    Romain Ruetschi Refine your types! 31.05.2018 29 / 30

    View Slide

  39. In the wild
    References II
    [5] G. S. Schmid and V. Kuncak, “Smt-based checking of
    predicate-qualified types for scala,” in Proceedings of the 2016 7th ACM
    SIGPLAN Symposium on Scala, SCALA 2016, pp. 31–40, ACM, 2016.
    Romain Ruetschi Refine your types! 31.05.2018 30 / 30

    View Slide