Refinements of Futures Past: Higher-Order Specification with Implicit Refinement Types (Extended Version)

TL;DR

This paper introduces Implicit Refinement Types, a novel approach that automates the synthesis of ghost variables, enabling higher-order specifications and lightweight verification in programming languages.

Contribution

It presents Implicit Refinement Types that transform ghost variables into implicit types, allowing automatic value synthesis and enhanced expressiveness for higher-order specifications.

Findings

Enables modular specification of higher-order protocols

Automates verification of resource usage and access control

Improves expressiveness of refinement types for complex properties

Abstract

Refinement types decorate types with assertions that enable automatic verification. Like assertions, refinements are limited to binders that are in scope, and hence, cannot express higher-order specifications. Ghost variables circumvent this limitation but are prohibitively tedious to use as the programmer must divine and explicate their values at all call-sites. We introduce Implicit Refinement Types which turn ghost variables into implicit pair and function types, in a way that lets the refinement typechecker automatically synthesize their values at compile time. Implicit Refinement Types further take advantage of refinement type information, allowing them to be used as a lightweight verification tool, rather than merely as a technique to automate programming tasks. We evaluate the utility of Implicit Refinement Types by showing how they enable the modular specification and automatic verification of various higher-order examples including stateful protocols, access control, and resource usage.