Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Polymorphic Coverage Types

Zhe Zhou, Ashish Mishra, Benjamin Delaware, Suresh Jagannathan

TL;DR

The paper reframes test-input generator coverage as a type-theoretic underapproximation problem by introducing coverage types, a must-style refinement system that inverts traditional subtyping. It develops a core ML-like language with higher-order constructs, inductive datatypes, and a bidirectional typing algorithm that supports polymorphism and monadic generator combinators, enabling static verification of generator completeness. The authors implement an OCaml coverage-type checker, conduct extensive evaluations on hand-written and synthesized generators, and demonstrate practical utility across real-world PBT applications and monadic combinators. Overall, the approach provides a scalable, automated mechanism to certify that generators exhaustively cover the intended input space, with potential to guide repairs and improve documentation of generator behavior.

Abstract

Test input generators are an important part of property-based testing (PBT) frameworks, and a key expectation is that they be capable of producing all acceptable elements that satisfy both the function's input type and the generator-provided constraints. However, it is not readily apparent how to validate whether a particular generator's output satisfies this coverage requirement. In practice, developers typically rely on manual inspection and post-mortem analysis of test runs to determine whether a generator provides sufficient coverage; these approaches are error-prone and difficult to scale as generators grow more complex. To address this problem, we present a new refinement-type-based verification procedure for validating the coverage provided by input test generators, based on a novel interpretation of types that embeds "must-style" underapproximate reasoning principles as a fundamental part of the type system. In our formulation, the types associated with expressions capture the set of values guaranteed to be produced by the expression, rather than the usual interpretation in which types represent the set of values an expression may produce. We formalize the notion of coverage types in a rich core language supporting higher-order functions and inductive datatypes. To better support real-world test generators, we extend this type system with type and qualifier polymorphism, enabling static verification of coverage guarantees for test input generators constructed using the monadic combinators found in most PBT frameworks. Finally, we have implemented a coverage type checker for OCaml programs based on this core calculus and present a detailed evaluation of its utility using a corpus of benchmarks drawn from both the PBT literature and open-source projects.

Polymorphic Coverage Types

TL;DR

The paper reframes test-input generator coverage as a type-theoretic underapproximation problem by introducing coverage types, a must-style refinement system that inverts traditional subtyping. It develops a core ML-like language with higher-order constructs, inductive datatypes, and a bidirectional typing algorithm that supports polymorphism and monadic generator combinators, enabling static verification of generator completeness. The authors implement an OCaml coverage-type checker, conduct extensive evaluations on hand-written and synthesized generators, and demonstrate practical utility across real-world PBT applications and monadic combinators. Overall, the approach provides a scalable, automated mechanism to certify that generators exhaustively cover the intended input space, with potential to guide repairs and improve documentation of generator behavior.

Abstract

Test input generators are an important part of property-based testing (PBT) frameworks, and a key expectation is that they be capable of producing all acceptable elements that satisfy both the function's input type and the generator-provided constraints. However, it is not readily apparent how to validate whether a particular generator's output satisfies this coverage requirement. In practice, developers typically rely on manual inspection and post-mortem analysis of test runs to determine whether a generator provides sufficient coverage; these approaches are error-prone and difficult to scale as generators grow more complex. To address this problem, we present a new refinement-type-based verification procedure for validating the coverage provided by input test generators, based on a novel interpretation of types that embeds "must-style" underapproximate reasoning principles as a fundamental part of the type system. In our formulation, the types associated with expressions capture the set of values guaranteed to be produced by the expression, rather than the usual interpretation in which types represent the set of values an expression may produce. We formalize the notion of coverage types in a rich core language supporting higher-order functions and inductive datatypes. To better support real-world test generators, we extend this type system with type and qualifier polymorphism, enabling static verification of coverage guarantees for test input generators constructed using the monadic combinators found in most PBT frameworks. Finally, we have implemented a coverage type checker for OCaml programs based on this core calculus and present a detailed evaluation of its utility using a corpus of benchmarks drawn from both the PBT literature and open-source projects.
Paper Structure (46 sections, 5 theorems, 56 equations, 23 figures, 7 tables, 3 algorithms)

This paper contains 46 sections, 5 theorems, 56 equations, 23 figures, 7 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Overview
  3. Base types
  4. Control Flow
  5. Function types
  6. Function Application
  7. Summary
  8. Language
  9. Terms
  10. Types
  11. Qualifiers
  12. Type System
  13. Type Soundness
  14. Type Denotations
  15. Type Denotations under a Type Context
  16. ...and 31 more sections

Key Result

Theorem 5.3

[Type Soundness] For all type contexts $\Gamma$, terms $e$ and coverage types $\tau$, $\Gamma \vdash e : \tau \implies e \in \denot{\tau}_{\Gamma}$.

Figures (23)

  • Figure 1: A BST generator. Failing to uncomment line 6 results in the generator never producing trees that contain only a subset of the elements in the interval between lo and hi, which is inconsistent with the developer's intent.
  • Figure 2: A tree generator expressed using QCheck.
  • Figure 3: An even number generator defined in terms of an integer number generator.
  • Figure 4: This function generates a BST with a supplied lower bound, low.
  • Figure 5: syntax.
  • ...and 18 more figures

Theorems & Definitions (14)

  • Example 5.1
  • Example 5.2
  • Theorem 5.3
  • Example 6.1
  • Example 6.2
  • Theorem 6.3
  • Theorem 6.4
  • Example 7.1
  • Example 7.2
  • Theorem 7.3
  • ...and 4 more