Safe Protocol Updates via Propositional Logic

If values of a given type are stored on disk, or are sent between different executables, then changing that type or its serialization can result in versioning issues. Often such issues are resolved by either making the deserializer more permissive or the serializer more generous and then reasoning “manually” about the situation. For example, if a record type is stored on disk, one might reason that making the deserializer more permissive by adding a new field with a default value is safe, as old serializations will still be readable. However, as type transformations become more complex, it can quickly become too difficult to make and reason about such changes. There are a few sources of difficulty: 1. Libraries for generating serializations from a type may not offer flexible ways for making permissive deserializers and generous serializers. 2. Given a pair of a (possibly permissive) deserializer and a (possibly generous) serializer, determining whether or not they’re compatible can be