Semantic-Type-Guided Bug Finding

TL;DR

A semantic type refuter is defined which refutes semantic typings for a simple functional language and is proved to be co-recursively enumerable, and that it is sound and complete with respect to a semantic typing notion.

Abstract

In recent years, there has been an increased interest in tools that establish \emph{incorrectness} rather than correctness of program properties. In this work we build on this approach by developing a novel methodology to prove incorrectness of \emph{semantic typing} properties of functional programs, extending the incorrectness approach to the model theory of functional program typing. We define a semantic type refuter which refutes semantic typings for a simple functional language. We prove our refuter is co-recursively enumerable, and that it is sound and complete with respect to a semantic typing notion. An initial implementation is described which uses symbolic evaluation to efficiently find type errors over a functional language with a rich type system.

Figures (18)

• Figure 1: Core Language Grammar
• Figure 2: Operational Semantics for the Core Language
• Figure 3: Extended Grammar with Refinement and Dependent Function Types
• Figure 4: Additional Operational Semantics Rules for $\texttt{\small mzero}$
• Figure 5: Extended Grammar for Parametric Polymorphism

Theorems & Definitions (49)

• definition 1: Pattern Match
• definition 2
• definition 3: Semantic Types for the Core Language
• definition 4: Checker for Core
• definition 5: Generator for Core
• definition 6: Type Checker for Core
• lemma 1
• theorem 1: Soundness and Completeness
• lemma 2
• lemma 3: Completeness