Running the overview onlinew
Installing Liquid Haskell from source
Running the benchmarks
Using docker
Using VM
Motivation: Why verification?
“Airbus A400M crashed due to a software bug.”
— May 2015
“Heartbleed: a security bug in the OpenSSL cryptography library.”
— April 2014
Using Modern Programming Languages (e.g., Haskell, Scala, Ocaml, F#).
Because of Strong Types & Lambda Calculus.
λ> :m +Data.Text Data.Text.Unsafe
λ> let text = pack "hat"
λ> :t takeWord16
takeWord16 :: Int -> Text -> Text
True
is a bad argumentλ> takeWord16 True text
<interactive>:5:12:
Couldn't match expected type ‘Int’ with actual type ‘Bool’
In the first argument of ‘takeWord16’, namely ‘True’
In the expression: takeWord16 True text
10
is a good argument7
extra characters... λ> takeWord16 10 text
"hat\33624\5479\SOH\NUL\60480\5115\5479"
λ> sum [1..1000]
500500
λ> psum [1..1000]
0
To prevent wider class of errors
To enforce program specific properties
Diverse Code Bases
20KLoc
Memory Safety, Termination, Functional Correctness, Program Equivalence
Specifications: 1 / 10 LOC
Library | LOC | Specs | Time |
---|---|---|---|
XMonad.StackSet |
256 | 74 | 27s |
Data.List |
814 | 46 | 26s |
Data.Set.Splay |
149 | 27 | 27s |
Data.Vector.Algorithms |
1219 | 76 | 89s |
HsColour |
1047 | 19 | 196s |
Data.Map.Base |
1396 | 125 | 174s |
Data.Text |
3128 | 305 | 499s |
Data.Bytestring |
3505 | 307 | 294s |
Total | 11512 | 977 | 1336s |
Liquid Types: Automated Verification via SMT
Properties: | Predicates + Types |
Proofs: | SMT Solvers + Subtyping |
https://github.com/ucsd-progsys/liquidhaskell
http://www.refinement-types.org
online demo @ http://goto.ucsd.edu/liquidhaskell