Practical Range Refinement Types with Inference
Pith reviewed 2026-07-02 01:52 UTC · model grok-4.3
The pith
Ranger's bidirectional inference and flow analysis verify integer range properties in imperative code with low annotation overhead.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
Ranger is a refinement type system for bounded integer ranges that integrates with imperative constructs such as variables and loops; it relies on a bidirectional type inference algorithm together with lightweight flow-sensitive static analysis to reduce the need for explicit annotations while still verifying properties such as correct index manipulation and in-bounds data accesses, as demonstrated by its implementation on Licorne and the reported experiments.
What carries the argument
Bidirectional type inference algorithm combined with flow-sensitive static analysis techniques for range properties.
If this is right
- Ranger can express and verify properties such as correct index manipulation that fall outside standard static type systems.
- The system integrates directly with imperative-style code including variables and loops.
- Ranger requires fewer annotations than the Java Checker Framework or Liquid Java for comparable range checks.
- Experiments confirm that the approach works on a variety of range-related verification tasks in the Licorne language.
Where Pith is reading between the lines
- The same inference-plus-flow-analysis pattern could be applied to other refinement properties beyond integer ranges.
- If the low-annotation claim holds, languages with built-in range checking might adopt similar inference to reduce programmer burden.
- The favorable comparison suggests that targeted refinement systems may be more practical than general-purpose ones for common safety properties.
Load-bearing premise
The inference algorithm and flow analysis can precisely capture program behavior for range properties without explicit user annotations in the majority of cases.
What would settle it
A concrete program containing loops or variable updates on array indices where Ranger still demands a large number of manual annotations to verify an in-bounds property that the abstract claims can be handled concisely.
Figures
read the original abstract
Refinement types are a static verification technique that aims at increasing the expressivity of traditional type systems while remaining easy and natural to use. While systems based on refinement types have been developed for several mainstream languages, their practical adoption remains limited by their annotation overhead, which is often a more significant burden than when using the "plain" type annotations of languages like Java or Scala. To improve the state of the art, this paper introduces Ranger: a refinement type system designed to keep the annotation overhead small and to seamlessly integrate with imperative-style constructs like variables and loops. As the name suggests, Ranger focuses on integer range types: a particular kind of refinement types that express bounded integer ranges. Such types are widely useful to verify correct index manipulation and in-bounds data accesses, among others. To combine expressiveness and succinctness, Ranger is based on a bidirectional type system, which runs a type inference algorithm to provide the typechecking pass with information useful to reduce the need for user-written auxiliary annotations. Ranger also integrates other forms of lightweight flow-sensitive static analysis techniques that precisely capture the program's behavior without explicit annotations. We implemented Ranger on top of the Licorne experimental programming language. Our experiments show that Ranger's implementation can concisely express and verify a variety of useful properties that fall beyond the capabilities of standard static type systems like those of Java and Scala, and that Ranger compares favorably to other extended type systems, such as the Java Checker Framework and Liquid Java, that can also check properties about ranges.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper presents Ranger, a refinement type system for integer range properties in imperative code. It combines a bidirectional type system with type inference and lightweight flow-sensitive analysis to minimize annotations, implemented atop the Licorne language. Experiments are claimed to show that Ranger concisely expresses and verifies range properties beyond standard Java/Scala types and compares favorably to the Java Checker Framework and Liquid Java.
Significance. If the implementation details, inference algorithm, and experimental results hold, the work could advance practical adoption of refinement types for a common class of properties (integer ranges) by addressing annotation overhead, a known barrier in the field.
major comments (2)
- [Abstract] Abstract: the central empirical claims rest on 'experiments' demonstrating concise expression, verification success, and favorable comparisons, yet the abstract (and provided description) supplies no information on type rules, inference algorithm correctness, benchmark programs, annotation counts, or evaluation methodology; these details are load-bearing for assessing whether the weakest assumption (precise capture of imperative behavior without most annotations) holds.
- No section or equation is supplied that defines the bidirectional inference rules or proves soundness of the range refinement system; without this, the claim that the system 'precisely capture[s] the program's behavior' cannot be evaluated for internal consistency or edge cases in loops and mutation.
minor comments (1)
- [Abstract] The abstract could more explicitly state the scope of properties handled (e.g., whether only simple bounds or also relations between variables).
Simulated Author's Rebuttal
We thank the referee for their comments on the manuscript. We respond to each major comment below.
read point-by-point responses
-
Referee: [Abstract] Abstract: the central empirical claims rest on 'experiments' demonstrating concise expression, verification success, and favorable comparisons, yet the abstract (and provided description) supplies no information on type rules, inference algorithm correctness, benchmark programs, annotation counts, or evaluation methodology; these details are load-bearing for assessing whether the weakest assumption (precise capture of imperative behavior without most annotations) holds.
Authors: The abstract follows standard conventions for brevity. The full manuscript details the bidirectional type system and inference algorithm in Sections 3 and 4, while Section 5 describes the benchmark programs, annotation counts, evaluation methodology, and comparisons to the Java Checker Framework and Liquid Java. We will revise the abstract to include a brief reference to the experimental evaluation. revision: yes
-
Referee: [—] No section or equation is supplied that defines the bidirectional inference rules or proves soundness of the range refinement system; without this, the claim that the system 'precisely capture[s] the program's behavior' cannot be evaluated for internal consistency or edge cases in loops and mutation.
Authors: The manuscript describes the bidirectional type system, inference algorithm, and flow-sensitive analysis in Sections 3 and 4 using textual explanations and examples, without formal equations or a soundness proof. This reflects the paper's practical focus on implementation in Licorne and empirical results rather than theoretical foundations. The claims regarding precise capture of program behavior are supported by the experiments; a formal proof is outside the intended scope. revision: no
Circularity Check
No significant circularity
full rationale
The paper presents Ranger as an implemented refinement type system whose claims of low annotation overhead, expressiveness for range properties, and favorable comparisons rest on concrete implementation details and reported experiments rather than any closed mathematical derivation. No equations, predictions, or uniqueness theorems are described that reduce by construction to fitted inputs or self-citations; the bidirectional inference and flow-sensitive analysis are design choices justified by the resulting system behavior, not by internal redefinition. The central claims are therefore empirically grounded and self-contained against external benchmarks.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption Refinement types for integer ranges can be integrated with imperative constructs (variables, loops) while preserving practical usability and soundness.
Reference graph
Works this paper leans on
-
[1]
Master’s thesis, EPFL, Lausanne, Switzerland (January 2025), available athttps://valentinaebi.g ithub.io/resources/ms-thesis.pdf
Aebi, V.: Implementation of a gradually compartmentalized programming language. Master’s thesis, EPFL, Lausanne, Switzerland (January 2025), available athttps://valentinaebi.g ithub.io/resources/ms-thesis.pdf
2025
-
[2]
ACM SIGPLAN Notices33(4), 17–20 (1998)
Appel, A.W.: SSA is functional programming. ACM SIGPLAN Notices33(4), 17–20 (1998). https://doi.org/10.1145/278283.278285
-
[3]
Brady, E.: Idris, a general-purpose dependently typed programming language: Design and implementation. J. Funct. Program.23(5), 552–593 (2013).https://doi.org/10.1017/S0 95679681300018X
work page doi:10.1017/s0 2013
-
[4]
In: Symposium on Automatic Demonstration
de Bruijn, N.G.: The mathematical language AUTOMATH, its usage, and some of its extensions. In: Symposium on Automatic Demonstration. Lecture Notes in Mathematics, vol. 125, pp. 29–61. Springer (1970).https://doi.org/10.1007/BFb0060623
-
[5]
Callaú,O.,Robbes,R.,Tanter,E.,Röthlisberger,D.,Bergel,A.:Ontheuseoftypepredicatesin object-oriented software: The case of Smalltalk. In: Proc. 10th ACM Symposium on Dynamic Languages. pp. 135–146. ACM (2014).https://doi.org/10.1145/2661088.2661091
-
[6]
The Checker Framework manual: Custom pluggable types for Java.https://checkerframe work.org/manual/, last accessed 2026/06/27
2026
-
[7]
Coquand, T., Huet, G.P.: The calculus of constructions. Inf. Comput.76(2/3), 95–120 (1988). https://doi.org/10.1016/0890-5401(88)90005-3
-
[8]
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977. pp. 238–252. ACM (1977).https://doi.org/10.1145/512950.512973
-
[9]
Dunfield, J., Krishnaswami, N.: Bidirectional typing. ACM Comput. Surv.54(5), 98:1–98:38 (jun 2021).https://doi.org/10.1145/3450952
-
[10]
Flanagan, C.: Hybrid type checking. In: Proc. 33rd ACM SIGPLAN-SIGACT Symposium on PrinciplesofProgrammingLanguages,POPL2006,Charleston,SouthCarolina,USA,January 11-13, 2006. pp. 245–256. ACM (2006).https://doi.org/10.1145/1111037.1111059
-
[11]
In: International Conference on Parallel Problem Solving from Nature
Fonseca, A., Santos, P., Silva, S.: The usability argument for refinement typed genetic programming. In: International Conference on Parallel Problem Solving from Nature. pp. 18–32. Springer (2020)
2020
-
[12]
SIGPLAN Not.26(6), 268–277 (jun 1991).https://doi.org/10.1145/113446.113468
Freeman, T., Pfenning, F.: Refinement types for ML. SIGPLAN Not.26(6), 268–277 (jun 1991).https://doi.org/10.1145/113446.113468
-
[13]
Furia, C.A.: Software analysis course at USI: course material.https://github.com/bugco unting/software-analysis/
-
[14]
Gamboa, C., Canelas, P., Timperley, C., Fonseca, A.: Usability-oriented design of liquid types for Java. In: Proc. 45th International Conference on Software Engineering (ICSE ’23). pp. 1520–1532. IEEE Press (2023).https://doi.org/10.1109/ICSE48619.2023.00132
-
[15]
In: Lindley, S., McBride, C., Trinder, P.W., Sannella, D
Jones, S.P., Weirich, S., Eisenberg, R.A., Vytiniotis, D.: A reflection on types. In: Lindley, S., McBride, C., Trinder, P.W., Sannella, D. (eds.) A List of Successes That Can Change the World - Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday. pp. 292–317. Lecture Notes in Computer Science, Springer (2016).https://doi.org/10.1007/97...
-
[16]
In: International Conference on Verification, Model Checking, and Abstract Interpretation
Kazerounian,M.,Vazou,N.,Bourgerie,A.,Foster,J.S.,Torlak,E.:RefinementtypesforRuby. In: International Conference on Verification, Model Checking, and Abstract Interpretation. pp. 269–290. Springer International Publishing, Cham (dec 2017)
2017
-
[17]
Kellogg, M., Dort, V., Millstein, S., Ernst, M.D.: Lightweight verification of array indexing. In: Proc. 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018). pp. 3–14. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3213846.3213849 17
-
[18]
Kroening, D., Strichman, O.: Decision Procedures: An Algorithmic Point of View. Springer, 2nd edn. (2016).https://doi.org/10.1007/978-3-662-50497-0
-
[19]
Lehmann, N., Geller, A.T., Vazou, N., Jhala, R.: Flux: Liquid types for Rust. Proc. ACM Program. Lang.7(PLDI), 169:1–169:25 (jun 2023).https://doi.org/10.1145/3591283
-
[20]
Liquidjava - Extending Java with Liquid Types, GitHub repository.https://github.com/l iquid-java/liquidjava, last accessed 2026/06/21
2026
-
[21]
LiquidJava examples, GitHub repository.https://github.com/liquid-java/liquidjava -examples, last accessed 2026/05/20
2026
-
[22]
Open VSX page of the LiquidJava Visual Studio Code extension.https://open-vsx.org/e xtension/AlcidesFonseca/liquid-java, last accessed 2026/06/21
2026
-
[23]
Martin-Löf, P.: Intuitionistic type theory, Studies in proof theory, vol. 1. Bibliopolis (1984)
1984
-
[24]
In: Tools and Algorithms for the Construction and Analysis of Systems
de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2008. Lecture Notes in Computer Science, vol. 4963. Springer, Berlin, Heidelberg (2008).https://doi.org/10.1007/978-3-540-788 00-3_24
-
[25]
Papi, M.M., Ali, M., Correa, T.L., Perkins, J.H., Ernst, M.D.: Practical pluggable types for Java. In: Proc. 2008 International Symposium on Software Testing and Analysis (ISSTA ’08). pp. 201–212. Association for Computing Machinery, New York, NY, USA (2008). https://doi.org/10.1145/1390630.1390656
-
[26]
The MIT Press (2002)
Pierce, B.C.: Types and Programming Languages. The MIT Press (2002)
2002
-
[27]
https://github.com/plume- lib/plume- util , last accessed 2026/06/21
Plume documentation. https://github.com/plume- lib/plume- util , last accessed 2026/06/21
2026
-
[28]
In: International Conference on Computer Aided Verification
Rondon, P., Bakst, A., Kawaguchi, M., Jhala, R.: Csolve: Verifying C with liquid types. In: International Conference on Computer Aided Verification. pp. 744–750. Springer Berlin Heidelberg, Berlin, Heidelberg (jul 2012)
2012
- [29]
-
[30]
Schmid, G.S., Kuncak, V.: SMT-based checking of predicate-qualified types for Scala. In: Proc. 2016 7th ACM SIGPLAN Symposium on Scala (SCALA 2016). pp. 31–40. Association for Computing Machinery, New York, NY, USA (2016).https://doi.org/10.1145/299839 2.2998398
-
[31]
https://github.com/TheAlgorithms/Java , last accessed 2026/06/21
The Algorithms - Java. https://github.com/TheAlgorithms/Java , last accessed 2026/06/21
2026
-
[32]
Tobin-Hochstadt, S., Felleisen, M.: Logical types for untyped languages. In: Proc. 15th ACM SIGPLAN International Conference on Functional Programming, ICFP 2010, Baltimore, Maryland, USA, September 27-29, 2010. pp. 117–128. ACM (2010).https://doi.org/10 .1145/1863543.1863561
-
[33]
Vazou, N., Seidel, E.L., Jhala, R., Vytiniotis, D., Peyton-Jones, S.: Refinement types for Haskell.In:Proc.19thACMSIGPLANInternationalConferenceonFunctionalProgramming (ICFP ’14). pp. 269–282. Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2628136.2628161
-
[34]
Vekris, P., Cosman, B., Jhala, R.: Refinement types for TypeScript. In: Proc. 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’16). pp. 310–325. Association for Computing Machinery, New York, NY, USA (2016).https: //doi.org/10.1145/2908080.2908110
-
[35]
Willsey, M., Nandi, C., Wang, Y.R., Flatt, O., Tatlock, Z., Panchekha, P.: egg: Fast and extensible equality saturation. Proc. ACM Program. Lang.5(POPL), 1–29 (2021).https: //doi.org/10.1145/3434304,https://doi.org/10.1145/3434304 18
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.