GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz - - PowerPoint PPT Presentation

GraphCoQL

Certified Programs and Proofs New Orleans, USA — January 2020

Federico Olmedo Tomás Díaz Éric Tanter

A mechanized formalization of GraphQL in Coq

Millennium Institute

Foundational Research on Data

Clases de cátedra

GraphQL

2

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

GraphQL

2

HTTP GET

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { “title” : “Toy Story”, }, { “title” : “Forrest Gump”, }, … ] } }

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { “title” : “Toy Story”, }, { “title” : “Forrest Gump”, }, … ] } }

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { “title” : “Toy Story”, }, { “title” : “Forrest Gump”, }, … ] } }

Clases de cátedra

GraphQL

2

HTTP GET

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Language for specifying the interfaces of web data services and their query mechanism

Clases de cátedra

Industry involvement with GraphQL

3

2012 2015+

Clases de cátedra

First language formalization [Hartig & Pérez, WWW’18]

4

Paper & pencil formalization to study complexity properties.

Jf[]Ku

G =

( f:(u, f[]) if (u, f[]) 2 dom() f:null else. J`:f[]Ku

G =

( `:(u, f[]) if (u, f[]) 2 dom() `:null else. Jf[]{}Ku

G =

       f:[{JK1

G } · · · {JKk G }]

if typeS(f) 2 LT and {1, ... ,k } = {i | (u, f[],i ) 2 E} f:{ JK

G }

if typeS(f) < LT and (u, f[],) 2 E f:null if typeS(f) < LT and there is no 2 N s.t. (u, f[],) 2 E J`:f[]{}Ku

G =

       `:[{JK1

G } · · · {JKk G }]

if typeS(f) 2 LT and {1, ... ,k } = {i | (u, f[],i ) 2 E} `:{ JK

G }

if typeS(f) < LT and (u, f[],) 2 E `:null if typeS(f) < LT and there is no 2 N s.t. (u, f[],) 2 E Jon t{}Ku

G =

       JKu

G

if t 2 OT and (u) = t, or t 2 IT and (u) 2 implementationS(t), or t 2 UT and (u) 2 unionS(t)

• in other case.

J1 · · ·kKu

G = collect(J1Ku G · · · JkKu G )

Figure 5: Semantics of a GraphQL query.

Clases de cátedra

First language formalization [Hartig & Pérez, WWW’18]

4

Paper & pencil formalization to study complexity properties.

Jf[]Ku

G =

( f:(u, f[]) if (u, f[]) 2 dom() f:null else. J`:f[]Ku

G =

( `:(u, f[]) if (u, f[]) 2 dom() `:null else. Jf[]{}Ku

G =

       f:[{JK1

G } · · · {JKk G }]

if typeS(f) 2 LT and {1, ... ,k } = {i | (u, f[],i ) 2 E} f:{ JK

G }

if typeS(f) < LT and (u, f[],) 2 E f:null if typeS(f) < LT and there is no 2 N s.t. (u, f[],) 2 E J`:f[]{}Ku

G =

       `:[{JK1

G } · · · {JKk G }]

if typeS(f) 2 LT and {1, ... ,k } = {i | (u, f[],i ) 2 E} `:{ JK

G }

if typeS(f) < LT and (u, f[],) 2 E `:null if typeS(f) < LT and there is no 2 N s.t. (u, f[],) 2 E Jon t{}Ku

G =

       JKu

G

if t 2 OT and (u) = t, or t 2 IT and (u) 2 implementationS(t), or t 2 UT and (u) 2 unionS(t)

• in other case.

J1 · · ·kKu

G = collect(J1Ku G · · · JkKu G )

Figure 5: Semantics of a GraphQL query.

Missing proofs about fundamental properties

Clases de cátedra

Our contribution

5

First mechanized formalization of GraphQL in the Coq proof assistant

GraphCoQL

Clases de cátedra

Schema

6

Describes how data is structured and queried

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

• bject

type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

interface type

• bject

type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

interface type

• bject

type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

interface type

• bject

type enumeration type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

interface type

• bject

type enumeration type union type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

6

Describes how data is structured and queried

interface type

• bject

type entry points for querying the dataset enumeration type union type

type Artist { id: ID name: String artworks(role:Role): [Artwork] } interface Movie { id: ID title: String year: Int cast: [Artist] } type Fiction implements Movie { … } type Animation implements Movie { … style: Style } enum Role { ACTOR DIRECTOR WRITER } union Artwork = Fiction | Animation | Book type Book { … } type Query { artist(id:ID): Artist movie(id:ID): Movie }

Clases de cátedra

Schema

7

Describes how data is structured and queried

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Artist

id: 1000 name: “Tom Hanks”

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Artist Fiction

id: 2000 title: “Forrest Gump” year: 1994 id: 1000 name: “Tom Hanks”

Animation

id: 2001 title: “Toy Story” year: 1995 style: “3D" artworks[role:ACTOR] artworks[role:ACTOR]

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Artist Fiction

id: 2000 title: “Forrest Gump” year: 1994 id: 1000 name: “Tom Hanks”

Animation

id: 2001 title: “Toy Story” year: 1995 style: “3D" artworks[role:ACTOR] artworks[role:ACTOR] cast cast

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Book Artist Fiction

id: 3000 title: “Uncommon Type” year: 2017 ISBN: 1101946156 id: 2000 title: “Forrest Gump” year: 1994 id: 1000 name: “Tom Hanks”

Animation

id: 2001 title: “Toy Story” year: 1995 style: “3D" artworks[role:ACTOR] artworks[role:ACTOR] cast cast artworks[role:WRITER] author

Clases de cátedra

Graph data model

8

Datasets are modeled as directed property graphs, with labeled edges and typed nodes.

Query Book Artist Fiction

artist[id:1000] id: 3000 title: “Uncommon Type” year: 2017 ISBN: 1101946156 id: 2000 title: “Forrest Gump” year: 1994 id: 1000 name: “Tom Hanks”

Animation

id: 2001 title: “Toy Story” year: 1995 style: “3D" movie[id:2001] movie[id:2000] artworks[role:ACTOR] artworks[role:ACTOR] cast cast artworks[role:WRITER] author

query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation

9

Queries are evaluated by traversing the graph and collecting nodes’ properties

Response (à la JSON) Query Dataset

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } }

Clases de cátedra

Query evaluation

10

Queries are evaluated by traversing the graph and collecting nodes’ properties

Response (à la JSON) Query Dataset

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } } query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation

11

Queries are evaluated by traversing the graph and collecting nodes’ properties

Response (à la JSON) Query Dataset

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } } query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation

12

Queries are evaluated by traversing the graph and collecting nodes’ properties

Response (à la JSON) Query Dataset

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } } query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation

13

Queries are evaluated by traversing the graph and collecting nodes’ properties

Response (à la JSON) Query Dataset

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { “title” : … }, { “title” : … }, ] } } query { artist(id:1000) { name artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation - Peculiarities

14

Query evaluation is not compositional

Clases de cátedra

Query evaluation - Peculiarities

14

Query evaluation is not compositional

query { artist(id:1000) { name } artist(id:1000) { artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation - Peculiarities

14

Query evaluation is not compositional

query { artist(id:1000) { name } artist(id:1000) { artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation - Peculiarities

14

Query evaluation is not compositional

query { artist(id:1000) { name } artist(id:1000) { artworks(role: ACTOR) { title } } } { “artist” : { “name” : “Tom Hanks”, }, “artist” : { “artworks” : [ { … }, { … }, ] } }

Clases de cátedra

Query evaluation - Singularities

15

Selections are “factored-out” in between the recursive calls

Query evaluation is not compositional

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } } query { artist(id:1000) { name } artist(id:1000) { artworks(role: ACTOR) { title } } }

Clases de cátedra

Query evaluation - Singularities

15

Selections are “factored-out” in between the recursive calls

This makes reasoning significantly harder

Query evaluation is not compositional

{ “artist” : { “name” : “Tom Hanks”, “artworks” : [ { … }, { … }, ] } } query { artist(id:1000) { name } artist(id:1000) { artworks(role: ACTOR) { title } } }

Application

Clases de cátedra

Normalization [H&P, WWW’18]

17

Clases de cátedra

Normalization [H&P, WWW’18]

17

Queries admit a normal form that can be evaluated purely compositionally and significantly simplifies reasoning

Clases de cátedra

Normalization [H&P, WWW’18]

17

Queries admit a normal form that can be evaluated purely compositionally and significantly simplifies reasoning

👏

Normalization procedure not provided

👏

No correctness proof

But….

Clases de cátedra

Query normalization

18

Clases de cátedra

Query normalization

18

• Certified normalization algorithm

e with

u σs. Theorem normalize_preserves_semantics : ∀ (φ : query) (s : wfGraphQLSchema) (g : conformedGraph s), eval_query (normalize s φ) g s = eval_query φ g s. Theorem normalized_query_is_in_nf : ∀ (φ : query) (s : wfGraphQLSchema), is_in_normal_form s (normalize s φ).

Clases de cátedra

Query normalization

18

• Certified normalization algorithm
• Simplified evaluation for queries in normal form

e with

u σs. Theorem normalize_preserves_semantics : ∀ (φ : query) (s : wfGraphQLSchema) (g : conformedGraph s), eval_query (normalize s φ) g s = eval_query φ g s. Theorem normalized_query_is_in_nf : ∀ (φ : query) (s : wfGraphQLSchema), is_in_normal_form s (normalize s φ). Theorem simpl_eval_correctness : ∀ (φ : query) (s : wfGraphQLSchema) (g : conformedGraph s), is_in_normal_form s φ -> eval_query φ g s = simpl_eval_query φ g s.

Formalization evaluation and details

Clases de cátedra

Evaluation

20

Effectivity Uncovered two issues in H&P formalization:

• Flawed definition of normal form
• Incomplete set of equivalence rules for normalization

Clases de cátedra

Evaluation

20

Effectivity Uncovered two issues in H&P formalization:

• Flawed definition of normal form
• Incomplete set of equivalence rules for normalization

Faithfulness Validated with a series of examples from different sources:

• Examples (41) from the SPEC validation section*
• Star Wars example from GraphQL reference implementation
• Example used in H&P

* https://graphql.github.io/graphql-spec/June2018/#sec-Validation

Clases de cátedra

Conclusion

21

• First mechanized formalization of GraphQL in the Coq proof assistant
• Certified query normalization algorithm
• Uncover issues in initial formalization [H&P, WWW18]

Contribution

Clases de cátedra

Conclusion

21

• First mechanized formalization of GraphQL in the Coq proof assistant
• Certified query normalization algorithm
• Uncover issues in initial formalization [H&P, WWW18]
• Further GraphQL features
• Extraction (certified reference implementation)
• More general data models

Contribution Future work

Clases de cátedra

Conclusion

21

• First mechanized formalization of GraphQL in the Coq proof assistant
• Certified query normalization algorithm
• Uncover issues in initial formalization [H&P, WWW18]

Thanks!

• Further GraphQL features
• Extraction (certified reference implementation)
• More general data models

Contribution Future work