SampleableExt Class

This class permits the creation samples of a given type controlling the size of those values using the Gen monad.

Shrinkable Class

This class helps minimize examples by creating smaller versions of given values.

When testing a proposition like ∀ n : Nat, Prime n → n ≤ 100, Plausible requires that Nat have an instance of SampleableExt and for Prime n to be decidable. Plausible will then use the instance of SampleableExt to generate small examples of Nat and progressively increase in size. For each example n, Prime n is tested. If it is false, the example will be rejected (not a test success nor a failure) and Plausible will move on to other examples. If Prime n is true, n ≤ 100 will be tested. If it is false, n is a counter-example of ∀ n : Nat, Prime n → n ≤ 100 and the test fails. If n ≤ 100 is true, the test passes and Plausible moves on to trying more examples.

Main definitions

• SampleableExt class
• Shrinkable class

SampleableExt

SampleableExt can be used in two ways. The first (and most common) is to simply generate values of a type directly using the Gen monad, if this is what you want to do then SampleableExt.mkSelfContained is the way to go.

Furthermore it makes it possible to express generators for types that do not lend themselves to introspection, such as Nat → Nat. If we test a quantification over functions the counter-examples cannot be shrunken or printed meaningfully. For that purpose, SampleableExt provides a proxy representation proxy that can be printed and shrunken as well as interpreted (using interp) as an object of the right type. If you are using it in the first way, this proxy type will simply be the type itself and the interp function id.

Shrinkable

Given an example x : α, Shrinkable α gives us a way to shrink it and suggest simpler examples.

Shrinking

Shrinking happens when Plausible finds a counter-example to a property. It is likely that the example will be more complicated than necessary so Plausible proceeds to shrink it as much as possible. Although equally valid, a smaller counter-example is easier for a user to understand and use.

The Shrinkable class, , has a shrink function so that we can use specialized knowledge while shrinking a value. It is not responsible for the whole shrinking process however. It only has to take one step in the shrinking process. Plausible will repeatedly call shrink until no more steps can be taken. Because shrink guarantees that the size of the candidates it produces is strictly smaller than the argument, we know that Plausible is guaranteed to terminate.

Tags

random testing

References

• https://hackage.haskell.org/package/QuickCheck

class Plausible.Shrinkable (α : Type u) : Type u

Given an example x : α, Shrinkable α gives us a way to shrink it and suggest simpler examples.

• shrink (x : α) : List α

class Plausible.SampleableExt (α : Sort u) : Sort (max u (v + 2))

SampleableExt can be used in two ways. The first (and most common) is to simply generate values of a type directly using the Gen monad, if this is what you want to do then SampleableExt.mkSelfContained is the way to go.

Furthermore it makes it possible to express generators for types that do not lend themselves to introspection, such as Nat → Nat. If we test a quantification over functions the counter-examples cannot be shrunken or printed meaningfully. For that purpose, SampleableExt provides a proxy representation proxy that can be printed and shrunken as well as interpreted (using interp) as an object of the right type.

• proxy : Type v
• proxyRepr : Repr (proxy α)
• shrink : Shrinkable (proxy α)
• sample : Gen (proxy α)
• interp : proxy α → α

def Plausible.SampleableExt.mkSelfContained {α : Type u_1} [Repr α] [Shrinkable α] (sample : Gen α) : SampleableExt α

Use to generate instance whose purpose is to simply generate values of a type directly using the Gen monad

def Plausible.SampleableExt.interpSample (α : Type u) [SampleableExt α] : Gen α

First samples a proxy value and interprets it. Especially useful if the proxy and target type are the same.

instance Plausible.instShrinkableSum {α : Type u_1} {β : Type u_2} [Shrinkable α] [Shrinkable β] : Shrinkable (α ⊕ β)

instance Plausible.Unit.shrinkable : Shrinkable Unit

@[irreducible]

def Plausible.Nat.shrink (n : Nat) : List Nat

Nat.shrink' n creates a list of smaller natural numbers by successively dividing n by 2 . For example, Nat.shrink 5 = [2, 1, 0].

instance Plausible.Nat.shrinkable : Shrinkable Nat

instance Plausible.Fin.shrinkable {n : Nat} : Shrinkable (Fin n.succ)

instance Plausible.BitVec.shrinkable {n : Nat} : Shrinkable (BitVec n)

instance Plausible.UInt8.shrinkable : Shrinkable UInt8

instance Plausible.UInt16.shrinkable : Shrinkable UInt16

instance Plausible.UInt32.shrinkable : Shrinkable UInt32

instance Plausible.UInt64.shrinkable : Shrinkable UInt64

instance Plausible.USize.shrinkable : Shrinkable USize

instance Plausible.Int.shrinkable : Shrinkable Int

Int.shrinkable operates like Nat.shrinkable but also includes the negative variants.

instance Plausible.Bool.shrinkable : Shrinkable Bool

instance Plausible.Char.shrinkable : Shrinkable Char

instance Plausible.Option.shrinkable {α : Type u_1} [Shrinkable α] : Shrinkable (Option α)

instance Plausible.Prod.shrinkable {α : Type u_1} {β : Type u_2} [shrA : Shrinkable α] [shrB : Shrinkable β] : Shrinkable (α × β)

instance Plausible.Sigma.shrinkable {α : Type u_1} {β : Type u_2} [shrA : Shrinkable α] [shrB : Shrinkable β] : Shrinkable ((_ : α) × β)

instance Plausible.List.shrinkable {α : Type u_1} [Shrinkable α] : Shrinkable (List α)

Shrink a list of a shrinkable type, either by discarding an element or shrinking an element.

instance Plausible.ULift.shrinkable {α : Type u_1} [Shrinkable α] : Shrinkable (ULift α)

instance Plausible.String.shrinkable : Shrinkable String

instance Plausible.Array.shrinkable {α : Type u_1} [Shrinkable α] : Shrinkable (Array α)

instance Plausible.Subtype.shrinkable {α : Type u} {β : α → Prop} [Shrinkable α] [(x : α) → Decidable (β x)] : Shrinkable { x : α // β x }

instance Plausible.Sum.SampleableExt {α : Type u_1} {β : Type u_2} [Plausible.SampleableExt α] [Plausible.SampleableExt β] : Plausible.SampleableExt (α ⊕ β)

instance Plausible.Unit.sampleableExt : SampleableExt Unit

instance Plausible.instSampleableExtSigma {α : Type u_1} {β : Type u_2} [SampleableExt α] [SampleableExt β] : SampleableExt ((_ : α) × β)

instance Plausible.Nat.sampleableExt : SampleableExt Nat

instance Plausible.Fin.sampleableExt {n : Nat} : SampleableExt (Fin n.succ)

instance Plausible.BitVec.sampleableExt {n : Nat} : SampleableExt (BitVec n)

instance Plausible.UInt8.SampleableExt : Plausible.SampleableExt UInt8

instance Plausible.UInt16.SampleableExt : Plausible.SampleableExt UInt16

instance Plausible.UInt32.SampleableExt : Plausible.SampleableExt UInt32

instance Plausible.UInt64.SampleableExt : Plausible.SampleableExt UInt64

instance Plausible.USize.SampleableExt : Plausible.SampleableExt USize

instance Plausible.Int.sampleableExt : SampleableExt Int

instance Plausible.Bool.sampleableExt : SampleableExt Bool

def Plausible.Char.sampleable (length : Nat) (chars : List Char) (pos : 0 < chars.length) : SampleableExt Char

This can be specialized into customized SampleableExt Char instances. The resulting instance has 1 / length chances of making an unrestricted choice of characters and it otherwise chooses a character from chars with uniform probabilities.

instance Plausible.Char.sampleableDefault : SampleableExt Char

instance Plausible.Option.sampleableExt {α : Type u_1} [SampleableExt α] : SampleableExt (Option α)

instance Plausible.Prod.sampleableExt {α : Type u} {β : Type v} [SampleableExt α] [SampleableExt β] : SampleableExt (α × β)

instance Plausible.Prop.sampleableExt : SampleableExt Prop

instance Plausible.List.sampleableExt {α : Type u_1} [SampleableExt α] : SampleableExt (List α)

instance Plausible.ULift.sampleableExt {α : Type u_1} [SampleableExt α] : SampleableExt (ULift α)

instance Plausible.String.sampleableExt : SampleableExt String

instance Plausible.Array.sampleableExt {α : Type u_1} [SampleableExt α] : SampleableExt (Array α)

def Plausible.NoShrink (α : Type u) : Type u

An annotation for values that should never get shrunk.

def Plausible.NoShrink.mk {α : Type u_1} (x : α) : NoShrink α

def Plausible.NoShrink.get {α : Type u_1} (x : NoShrink α) : α

instance Plausible.NoShrink.inhabited {α : Type u_1} [inst : Inhabited α] : Inhabited (NoShrink α)

instance Plausible.NoShrink.repr {α : Type u_1} [inst : Repr α] : Repr (NoShrink α)

instance Plausible.NoShrink.shrinkable {α : Type u_1} : Shrinkable (NoShrink α)

instance Plausible.NoShrink.sampleableExt {α : Type u_1} [SampleableExt α] [Repr α] : SampleableExt (NoShrink α)

def Plausible.printSamples {t : Type u} [Repr t] (g : Gen t) : IO PUnit

Print (at most) 10 samples of a given type to stdout for debugging.

def Plausible.«command#sample_» : Lean.ParserDescr

#sample type, where type has an instance of SampleableExt, prints ten random values of type type using an increasing size parameter.

#sample Nat
-- prints
-- 0
-- 0
-- 2
-- 24
-- 64
-- 76
-- 5
-- 132
-- 8
-- 449
-- or some other sequence of numbers

#sample List Int
-- prints
-- []
-- [1, 1]
-- [-7, 9, -6]
-- [36]
-- [-500, 105, 260]
-- [-290]
-- [17, 156]
-- [-2364, -7599, 661, -2411, -3576, 5517, -3823, -968]
-- [-643]
-- [11892, 16329, -15095, -15461]
-- or whatever