Automating Type Soundness Proofs for Domain-Specific Languages

Type systems for static programming languages are supposed to ensure the absence of type errors in code prior to execution. Type systems that meet this expectation are called sound type systems in the literature. In practice, however, many type systems are unsound, i.e. they successfully type-check programs with type errors which get stuck during execution due to undefined behavior. To reliably ensure that a type system is sound, a sub-area in programming languages research proposes to develop type soundness proofs: One proves a soundness property for a logical specification of a type system via logical deduction. The mechanization of such a proof shall ensure the absence of human-made deduction errors within the different reasoning steps: A verification system checks that all steps within a proof a correct with regard to the rules within the used logic. However, developing mechanized type soundness proofs with the tool support and methodologies available today is a cumbersome task even for verification experts: The available support often requires to spell out a large number of "trivial" steps within such proofs manually, which necessitates a certain level of skills and expertise in the area of mechanized verification. Often, language developers and researchers who are experts in conducting type soundness proofs on paper are not necessarily also well-versed in using tool support for mechanized verification. These developers and researchers are typically quickly frustrated by the effort required for mechanized verification and hence often do not attempt it. The main goal of this thesis is to raise the degree of automation for mechanizing type soundness proofs. To this end, we first study existing mechanization efforts for type soundness proofs from the literature. We use our observations on the one hand to restrict the set of languages we consider in this thesis: We focus on domain-specific languages (DSLs) without first-class binders. On the other hand, we use our observations to identify general shortcomings of existing verification systems regarding how well they support experts in different verification domains in developing domain-specific, automated proof strategies for their domain. Based on our observations, we propose a generic verification infrastructure called VeriTaS for the automation of domain-specific verification tasks: VeriTaS is a lightweight library in Scala for combining high-level automated domain-specific proof strategies with existing automated theorem provers for the verification of individual, low-level proof steps. VeriTaS is generic in a format for input specifications. Hence, the infrastructure may be instantiated for different verification domains. We instantiate our VeriTaS verification infrastructure for generating type soundness proofs of DSLs: We provide a domain-specific input format for type system specifications and basic tactics for creating low-level proof steps. Furthermore, we present automated proof strategies that generate proof structures for type soundness proofs. We evaluate our proof strategies on two case studies, both type systems of representative DSLs. Also, we conduct an empirical study to compare different encoding strategies for low-level proof problems. We used the results of our empirical study to raise the degree of automation provided by our proof strategies for type soundness proofs of DSLs further. Our case studies show that our instantiation of VeriTaS for type soundness proofs of DSLs achieves a higher degree of automation for such proofs than existing systems