Profile picture
ShriramKrishnamurthi
@ShriramKMurthi
, 28 tweets, 6 min read Read on Twitter
This man literally has no idea what he's talking about. Stay in your lane, dude.
I got called out by @paulg for not explaining my comment. Fair point, though sometimes it's exhausting. Maybe that means one unwilling to explain their reasoning shouldn't comment at all. Topic for another day. Let me explain my response a bit here. »
Note that I'm assuming a SOUND type system. (Please look that up. E.g.: Pierce's TAPL or my PLAI [plai.org].) Otherwise many bets are off; depending on level of unsoundness, effectively a dynamic language (or worse). »
A static type system's soundness guarantee tells us that certain bad things simply can't happen. Therefore, not only is there nothing to test, the type system literally won't let you write that ill-typed test to explore outside the space. »
<sidebar>
To play the opposition for a moment, that is also a problem. In an era of hardware attacks, soundness may not quite hold. BUT, this is NOT a type-specific issue. The real fault is a failure of *safety*, not *soundness*. The same problem applies to, say, Ruby/Python. »
They too assume certain bad things can't happen in the runtime. So they won't let you write certain code: e.g., you can't get the address of a closure, go into it, find the environment pointer, and change it. A hardware attack could do that, buy you can't test for it. »
Safety and soundness routinely get conflated and confused. A sound type system invariably depends on a safe runtime. A safe runtime doesn't need a non-trivial type soundness (eg, dynamic languages). »
If you really want to understand this better, Felleisen and I wrote an unpublished paper about this.
www2.ccs.neu.edu/racket/pubs/tr…
</sidebar> [thread resumes »]
So, back to types and tests. A sound type system literally precludes certain behaviors, so the set of tests you write when they are precluded not only can be different, in the extreme, it must be (e.g., you can't write that ill-typed test). »
<sidebar>
This is related to what I feel is a common misunderstanding of what type soundness means. We explain this in our "Progressive Types" paper. Just read the intro.
cs.brown.edu/~sk/Publicatio…
</sidebar> [thread resumes »]
But I can imagine a reader thinking, "Okay, but that's pretty weak sauce". So let me give you two much more interesting examples. »
1. As others have also pointed, parametricity is a case in point. If I have a language with relational parametricity, a parametric type (e.g., forall T . <something involving type T>) is a universal quantifier with a strong guarantee about ALL T. I don't need to test them all. »
Curiously, there's *value* to doing so at multiple types for T, because it provides explanatory power to the reader reading the tests to understand the function (e.g., in docs). In fact, @PyretLang's test-based type inference infers quantifiers from such polymorphic uses! »
Nevertheless, this is a case where the type system literally does change your testing. You CAN (always) write more tests than necessary, but one test of a parametric-typed function literally corresponds to an infinite number of tests without that type guarantee. »
2. Let me move on to a more interesting case. Suppose you're writing a device driver, packet filter, etc. One thing you care about deeply is termination. So one of the things you'd like to test for is termination. »
Termination is fun: runs exactly into proof-vs-testability, as in the original thread. You can't prove it always terminates. You can only run several tests and make sure they all did. You need a timeout. That only says "didn't terminate quickly". May have done so a bit later. »
I feel another sidebar coming on.
<sidebar>
Proving termination is of course impossible (Halting Problem). And I feel the HP is literally the thing that makes CS a truly distinct discipline from any other (eg, math). »
We study processes. They have behavior. Our processes are non-trivial. So non-trivial that Halting is even a question (and important). And so non-trivial that we cannot build a decision procedure for it. It's like our "original sin" that keeps recurring.
</sidebar> [thread»]
Except, of course, that I'm lying and set you up. The HP is undecidable *for a certain language*. You can easily solve the HP if you change the language. One of my fun puzzles in a model checking class is to encode the HP and show that it appears trivially decidable. WAT. »
So let's bring this back to types. One of the canonical languages of study in PL is the Simply-Typed Lambda Calculus (STLC). And the STLC has this glorious property that every program in it is guaranteed to terminate. It enjoys that property *because of the type system*. »
This is a rather awesome result. You can have a pretty powerful language, EVEN with full-fledged lambdas, and no matter what you do, you can't make it go into an infinite loop. (Exercise: try encoding the Y combinator [to bring this back to @paulg] and see what goes wrong.) »
At any rate, I believe this constitutes a definitive refutation: "The number of tests you write and execute is [most certainly affected] by the type system of your language." Before I go … »
If all this is news to you, I suggest reading any of the PL resources mentioned above. You can also get such content from my on-line PL course, with @joepolitz.
cs.brown.edu/courses/cs173/…
Just for the fun of it, I'm going to add TWO MORE interesting type properties! »
3. Ownership/aliasing. If you care about the which objects hold which others (e.g., for resource-mgmt or object capability analysis), you can do this automatically through some modern type systems. Think about testing for that. Now think about NOT having to write those tests. »
4. Non-interference/information flow. The idea here is you want to make sure that high-security data don't flow to low-security entities. Many systems actually have this property (e.g., on a Web site, the password mustn't leak to the Web page). Do you test for these? »
Really interesting: turns out these properties actually belong to a class called "hyperproperties". These are things that can't be checked of a *single* run of a program: they need multiple runs. Essentially: without that, you can't tell if something *leaked* or was legit. »
So there's solid math that says just how hard/impossible (depending on your definition) it is to test such a property. But an information-flow type system gives you this guarantee automatically. Voilà, no need to write those tests. Because of your type system.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to ShriramKrishnamurthi
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ShriramKMurthi see all

Profile picture
ShriramKrishnamurthi
@ShriramKMurthi
This line changed my life.
Here's some context for my comment. My Indian educational system put a lot of store in rote learning. Being able to memorize a large quantity of information accurately, index it well, and reproduce it accurately conferred significant advantages. »
This was reinforced in some odd ways. In high school, I participated a lot (and well) in trivia competitions (which we called "quizzes"). Here knowing facts, names, and classifications was a superpower. »
Read 25 tweets
Profile picture
ShriramKrishnamurthi
@ShriramKMurthi
I didn't actually *answer* the original question, so let me try to write a few tweets about it here. It really depends on what you're starting with. Some would (very reasonably) argue that you should co-design a language and its type system. »
That would seem to work well if (a) you're designing a language from scratch and (b) you want that language to be typed. However, it's a smart idea to do it *even if you don't want the language to be typed right now, but might in the future*. That's what we did with @PyretLang: »
We asked, "What kind of type system might we someday want for this language", which also included (VERY CRUCIALLY) "What kind of type system do we NOT want for this language", and then designed it around that intended type system. »
Read 18 tweets
Profile picture
ShriramKrishnamurthi
@ShriramKMurthi
@madeofmistak3 Yes: I've done a ton of work on error messages too (some of which others working on errors have read):
cs.brown.edu/~sk/Publicatio…
cs.brown.edu/~sk/Publicatio…
So that's not really the point I'm making.
@madeofmistak3 Let's read what the slide says: the error message should make it "obvious" how to fix "the" problem. Both of those words are very problematic and suggest an incomplete understanding of the issues or of very sloppy writing or sloganeering. »
@madeofmistak3 Let's first assume there isn't some very advanced AI is running between the error and message generation. Because sometimes it will be spectacularly right and sometimes spectacularly wrong, and in latter case will totally fail this criterion. So assume "traditional" messages. »
Read 15 tweets

Related threads

Profile picture
Patrick Healy
@patrickhealynyt
Today we published a story about Kamala Harris and black voters. The story drew praise and criticism from readers on nytimes.com; we replied to some individual comments there, and I wanted to share and talk about the story here. nyti.ms/2HAohf6?smid=n…
Over the last few months, in talking to voters about a possible Harris candidacy, several of my reporters noticed that many black voters were thrilled; many others were wary, for a variety of reasons. Far more black men than black women were wary. So we decided to report out why:
Read 9 tweets
Profile picture
Quinn Cummings
@quinncy
A Small Story:

Consort is very bright, reflexively optimistic, far kinder and only slightly less funny than I am. This is why I accept that about certain things, he is mulishly wrong.

So wrong.
Like, “Being wrong is his side hustle but it’s starting to pay the mortgage” levels of work ethic in his wrongness.
Let us now speak of toilet paper. And it’s not the “Over/under business,” because Consort would never traffic in such obvious fare. Our house is nearly a hundred years old. Many things have been replaced or upgraded, but a few original elements remain.
Read 24 tweets
Profile picture
John Hetts
@jjhetts
1/If you love libraries, treat yourself & read this piece on life-altering impact of #publiclibraries & librarians, featuring fantastic reflections by @neilhimself @amytan & other brilliant authors/illustrators

nytimes.com/2018/10/15/boo…

Go read their tales & then I’ll share...
@neilhimself @AmyTan 2/Welcome back! Their stories were amazing, #amiright? I’m not going to be able to match their powerfully resonant tales but I’ll share my favorite library as a long +1 to the importance of libraries to regular folks too & hope a few of you might share your favorite library too.
@neilhimself @AmyTan 3/So, I’d like to take a minute, just sit there please,
I’ll tell you how I fell in love with public libraries
(apologies to @djjazzyjeff215 and #TheFreshPrince and everyone reading this thread)
Read 52 tweets
Profile picture
Jonathan Cristol
@jonathancristol
OK fine. I will live-tweet Trump's speech in Ohio that is supposed to start any moment. But I'm opening a can a wine to do it.
(That's right, you heard correctly. It's a can of Underwood Pinot Gris.)
I'm even watching Fox, bc I know they won't cut off a single-word of their Lord and Savior's speech.
Read 91 tweets
Profile picture
T. Greg Doucette
@greg_doucette
Theoretically, but I doubt it (and certainly not for $10M)

Without seeing the suit, here's my thoughts...

1/
(For folks who find this thread later, it's in reference to this tweet by @aya_elamroussi that Tyrone Hankerson — who embezzled oodles of money from Howard University — is now going to sue over the University leaking that info)

2/
As a baseline, nearly all educational records for universities that receive federal student loan money (meaning almost everyone) are confidential under a federal law called FERPA

3/
Read 61 tweets
Profile picture
Tauriq Moosa
@tauriqmoosa
Peter Hitchens: Calling out & opposing sexual harassers & assaulters makes you as bad as... militant islamists.
This is so true: Look how just one allegation stopped Donald Trump from being President, Casey Affleck from winning an Oscar...
Congrats to the... feminist overlords of Britain, who, unlike Hitchens, can care about more than one thing at a time.
Read 16 tweets

Trending hashtags

#ThiefTDP #YJweek18 #Pray4PresidentTrump #MalcomX #MAGA #actually #FutureProvesPast #PeakTV #ThiefTP #Dishonored #Lane #Called #day1 #SaturdayMorning #Yoonmin #Stay #SpeakTruth #Hilo #MigrantCaravan #PaulMcCartney #Hitman #SheThePeople #ItsTime #amiright #literally
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!