Generating Good Generators for Inductive Relations POPL 2018 - - PowerPoint PPT Presentation

Generating Good Generators for Inductive Relations

POPL 2018 Leonidas Lampropoulos1 Zoe Paraskevopoulou2 Benjamin Pierce1

1University of Pennsylvania 2Princeton University

Generating Good Generators for Inductive Relations in a property-based random testing tool for Coq

1 / 21

Testing with QuickChick

• ∀(x : A). P(x)

P(a)? More confidence! Counterexample!

• ✓

✗

2 / 21

Testing with QuickChick

• ∀(x : A).Q(x) ⇒ P(x)

Q(a)? P(a)? More confidence! Counterexample!

• ✓

✗ ✓ ✗

3 / 21

Sparse Preconditions Q

4 / 21

∀ → →

• Random data generator for
• Type inference function
• as a function
• Decidability for

5 / 21

∀ → →

• More confidence?

6 / 21

• λ N

λ (N→N)→N.x6 λ N λ N

• λ N

λ (N→N)→N λ N

• λ N

λ N λ N λ (N→N)→(N→N)λ N λ N→N λ N λ N→N

• λ N
• λ Nλ Nλ N→N

7 / 21

• λ N

λ (N→N)→N.x6 λ N λ N

• λ N

λ (N→N)→N λ N

• λ N

λ N λ N λ (N→N)→(N→N)λ N λ N→N λ N λ N→N

• λ N
• λ Nλ Nλ N→N

7 / 21

Testing with Good Generators

• ∀(x : A).Q(x) ⇒ P(x)

P(a)? More confidence! Counterexample!

such that Q() ✓ ✗

8 / 21

Q

Counterexample

9 / 21

• ∀(x : A).Q(x) ⇒ P(x)

is good if

Soundness x ∈ range(gen) ⇒ Q(x)

and

Completeness x ∈ Q(x) ⇒ range(gen)

10 / 21

Generate only well-typed terms! → → such that e ∈ range(gen_term Γ t) ⇒ Γ ⊢ e : t Make sure that all of them can be generated! Γ ⊢ e : t ⇒ e ∈ range(gen_term Γ t)

11 / 21

:=

• ←

←

• ←

←

• ←
• ←

← ←

• Testing an Optimising Compiler by Generating Random Lambda Terms.

Michal H. Palka, Koen Claessen, Alejandro Russo, and John Hughes. AST ’11

12 / 21

:=

• ←

←

• ←

←

• ←
• ←

← ←

• Testing an Optimising Compiler by Generating Random Lambda Terms.

Michal H. Palka, Koen Claessen, Alejandro Russo, and John Hughes. AST ’11

12 / 21

Generating Good Generators

1 →2 → 2 1 → and ∀ a1, range(gen_A2 a1) ≡ {a2 | Q a1 a2}

13 / 21

Generating Good Generators

→→→ →→

14 / 21

Γ :=

• 15 / 21

Γ :=

• ∀ Γ Γ →

Γ

15 / 21

Γ :=

• ∀ Γ Γ →

Γ

15 / 21

Γ :=

• ∀ Γ Γ →

Γ

15 / 21

Γ := ∀ Γ Γ → Γ

15 / 21

Γ := ∀ Γ Γ → Γ

15 / 21

Γ := ← Γ ∀ Γ Γ → Γ

15 / 21

∀ → →

• 16 / 21

Generating Provably Good Generators

∀Γt, range(genterm Γ t) ≡ {e | Γ ⊢ e : t}

• 17 / 21

Generating Provably Good Generators

∀Γt, range(genterm Γ t) ≡ {e | Γ ⊢ e : t}

• 17 / 21

Generating Provably Good Generators

∀Γt, range(genterm Γ t) ≡ {e | Γ ⊢ e : t}

• 17 / 21

Evaluation

Is the class of inductive definitions large/general/useful? Are the generators efficient? Do they achieve good coverage and distribution of test cases?

18 / 21

Evaluation

Applicability

• Tested specifications from textbook
• 83% of suitable-for-testing theorems could be tested with our approach

19 / 21

Evaluation

Applicability

• Tested specifications from textbook
• 83% of suitable-for-testing theorems could be tested with our approach

19 / 21

Evaluation

Applicability

• Tested specifications from textbook
• 83% of suitable-for-testing theorems could be tested with our approach

∀ → →

19 / 21

Evaluation

Performance

• Compared to handwritten generators used in IFC case study by Hritcu et al.

(2013, 2016)

• 1.75× slower that handwritten generators
• Same bug-finding performance (counterexamples/sec)

20 / 21

Conclusion

Sound and complete generators for inductive relations for free! What’s next?

• larger class of inductive definitions
• derive decidability instances
• derive shrinkers

Find us on GitHub!

21 / 21