Coverage Types for Resource-Based Policies
Angelo Passarelli, Gian-Luigi Ferrari
TL;DR
This work tackles the challenge of statically verifying resource policies while ensuring the completeness of input-test generators in Property-Based Testing. It introduces History Expressions to model latent resource effects (over-approximation) and Coverage Types to guarantee that input generators cover all relevant values (under-approximation), further enhanced by Extended Coverage Types that couple both aspects via a History Expression. A core language $\lambda^{\mathbf{TG}}$ is developed, featuring resource types, refinement types, and a history-aware type system that proves correctness and completeness together with policy verification, supported by algorithmic typing tools and a case study on palindromic word generation. The framework enables compositional reasoning about resource usage and generator coverage, with practical implications for secure API usage and robust PBT workflows, and points to future work in implementing the system and integrating it with existing PBT pipelines and theorem provers.
Abstract
Coverage Types provide a suitable type mechanism that integrates under-approximation logic to support Property-Based Testing. They are used to type the return value of a function that represents an input test generator. This allows us to statically assert that an input test generator not only produces valid input tests but also generates all possible ones, ensuring completeness. In this paper, we extend the coverage framework to guarantee the correctness of Property-Based Testing with respect to resource usage in the input test generator. This is achieved by incorporating into Coverage Types a notion of effect, which represents an over-approximation of operations on relevant resources. Programmers can define resource usage policies through logical annotations, which are then verified against the effect associated with the Coverage Type.