Abstract
Haskell has many delightful features. Perhaps the one most beloved by its users is its type system that allows developers to specify and verify a variety of program properties at compile time. However, many properties, typically those that depend on relationships between program values are impossible, or at the very least, cumbersome to encode within the existing type system. Many such properties can be verified using a combination of Refinement Types and external SMT solvers. We describe the refinement type checker liquidHaskell, which we have used to specify and verify a variety of properties of over 10,000 lines of Haskell code from various popular libraries, including containers, hscolour, bytestring, text, vector-algorithms and xmonad. First, we present a high-level overview of liquidHaskell, through a tour of its features. Second, we present a qualitative discussion of the kinds of properties that can be checked -- ranging from generic application independent criteria like totality and termination, to application specific concerns like memory safety and data structure correctness invariants. Finally, we present a quantitative evaluation of the approach, with a view towards measuring the efficiency and programmer effort required for verification, and discuss the limitations of the approach.
- C. Barrett, C. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. CVC4. In CAV, 2011. Google Scholar
Digital Library
- C. Barrett, A. Stump, and C. Tinelli. The SMT-LIB Standard: Version 2.0. 2010.Google Scholar
- G. Barthe, M. J. Frade, E. Giménez, L. Pinto, and T. Uustalu. Typebased termination of recursive definitions. In MSCS, 2004. Google Scholar
Digital Library
- J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. ACM TOPLAS, 2011. Google Scholar
Digital Library
- Y. Bertot and P. Castéran. Coq-Art: The Calculus of Inductive Constructions. Springer Verlag, 2004.Google Scholar
- M. Bozzano, R. Bruttomesso, A. Cimatti, T. Junttila, P. Rossum, S. Schulz, and R. Sebastiani. MathSAT: Tight integration of SAT and mathematical decision procedures. J. Autom. Reason., 2005. Google Scholar
Digital Library
- E. Brady. Idris: general purpose programming with dependent types. In PLPV, 2013. Google Scholar
Digital Library
- M. T. Chakravarty, G. Keller, and S. L. Peyton-Jones. Associated type synonyms. In ICFP, 2005. Google Scholar
Digital Library
- D. Coutts, R. Leshchinskiy, and D. Stewart. Stream fusion: from lists to streams to nothing at all. In ICFP, 2007. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. 2008.Google Scholar
- J. Dunfield. Refined typechecking with Stardust. In PLPV, 2007. Google Scholar
Digital Library
- R. A. Eisenberg and S.Weirich. Dependently typed programming with singletons. In Haskell, 2012. Google Scholar
Digital Library
- C. Flanagan. Hybrid type checking. In POPL, 2006. Google Scholar
Digital Library
- C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI, 2002. Google Scholar
Digital Library
- J. Giesl, M. Raffelsieper, P. Schneider-Kamp, S. Swiderski, and R. Thiemann. Automated termination proofs for Haskell by term rewriting. In TPLS, 2011. Google Scholar
Digital Library
- G. P. Huet. The Zipper. J. Funct. Program., 1997. Google Scholar
Digital Library
- J. Hughes, L. Pareto, and A. Sabry. Proving the correctness of reactive systems using sized types. In POPL, 1996. Google Scholar
Digital Library
- N. D. Jones and N. Bohr. Termination analysis of the untyped lambacalculus. In RTA, 2004.Google Scholar
- S. Kahrs. Red-black trees with types. J. Funct. Program., 2001. Google Scholar
Digital Library
- M. Kawaguchi, P. Rondon, and R. Jhala. Type-based data structure verification. In PLDI, 2009. Google Scholar
Digital Library
- S. Lindley and C. McBride. Hasochism: the pleasure and pain of dependently typed Haskell programming. In Haskell, 2013. Google Scholar
Digital Library
- A. Löh, C. McBride, and W. Swierstra. A tutorial implementation of a dependently typed lambda calculus. Fundam. Inform., 2010. Google Scholar
Digital Library
- C. McBride. Faking it: Simulating dependent types in Haskell. J. Funct. Program., 2002. Google Scholar
Digital Library
- N. Mitchell and C. Runciman. Not all patterns, but enough - an automatic verifier for partial but sufficient pattern matching. In Haskell, 2008. Google Scholar
Digital Library
- G. Nelson. Techniques for program verification. Technical Report CSL81-10, Xerox Palo Alto Research Center, 1981.Google Scholar
- U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers, 2007.Google Scholar
- S. Owre, J.M. Rushby, and N. Shankar. PVS: A prototype verification system. In CADE, 1992. Google Scholar
Digital Library
- S. L. Peyton-Jones, D. Vytiniotis, S. Weirich, and G. Washburn. Simple unification-based type inference for GADTs. In ICFP, 2006.Google Scholar
Digital Library
- P. Rondon, M. Kawaguchi, and R. Jhala. Liquid types. In PLDI, 2008. Google Scholar
Digital Library
- J. Rushby, S. Owre, and N. Shankar. Subtypes for specifications: Predicate subtyping in pvs. IEEE TSE, 1998. Google Scholar
Digital Library
- T. Schrijvers, S. L. Peyton-Jones, M. Sulzmann, and D. Vytiniotis. Complete and decidable type inference for GADTs. In ICFP, 2009. Google Scholar
Digital Library
- D. Sereni and N.D. Jones. Termination analysis of higher-order functional programs. In APLAS, 2005. Google Scholar
Digital Library
- T. Sheard. Type-level computation using narrowing in omega. In PLPV, 2006. Google Scholar
Digital Library
- W. Sonnex, S. Drossopoulou, and S. Eisenbach. Zeno: An automated prover for properties of recursive data structures. In TACAS, 2012. Google Scholar
Digital Library
- M. Sulzmann, M. M. T. Chakravarty, S. L. Peyton-Jones, and K. Donnelly. System F with type equality coercions. In TLDI, 2007. Google Scholar
Digital Library
- N. Swamy, J. Chen, C. Fournet, P-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In ICFP, 2011. Google Scholar
Digital Library
- W. Swierstra. Xmonad in Coq (experience report): Programming a window manager in a proof assistant. In Haskell Symposium, 2012. Google Scholar
Digital Library
- N. Vazou, P. Rondon, and R. Jhala. Abstract refinement types. In ESOP, 2013. Google Scholar
Digital Library
- N. Vazou, E. L. Seidel, R. Jhala, D. Vytiniotis, and S. Peyton-Jones. Refinement types for Haskell. In ICFP, 2014. Google Scholar
Digital Library
- D. Vytiniotis, S.L. Peyton-Jones, K. Claessen, and D. Rosén. Halo: Haskell to logic through denotational semantics. In POPL, 2013. Google Scholar
Digital Library
- H. Xi. Dependent types for program termination verification. In LICS, 2001. Google Scholar
Digital Library
- H. Xi and F. Pfenning. Eliminating array bound checking through dependent types. In PLDI, 1998. Google Scholar
Digital Library
- D. N. Xu, S. L. Peyton-Jones, and K. Claessen. Static contract checking for Haskell. In POPL, 2009. Google Scholar
Digital Library
- C. Zenger. Indexed types. TCS, 1997. Google Scholar
Digital Library
Index Terms
LiquidHaskell: experience with refinement types in the real world
Recommendations
Refinement reflection: complete verification with SMT
We introduce Refinement Reflection, a new framework for building SMT-based deductive verifiers. The key idea is to reflect the code implementing a user-defined function into the function’s (output) refinement type. As a consequence, at uses of the ...
LiquidHaskell: experience with refinement types in the real world
Haskell '14: Proceedings of the 2014 ACM SIGPLAN symposium on HaskellHaskell has many delightful features. Perhaps the one most beloved by its users is its type system that allows developers to specify and verify a variety of program properties at compile time. However, many properties, typically those that depend on ...
Programmed Strategies for Program Verification
Plover is an automated property-verifier for Haskell programs that has been under development for the past three years as a component of the Programatica project. In Programatica, predicate definitions and property assertions written in P-logic, a ...







Comments