Building robust software involves creating a “theory”—a deep understanding that allows us to explain and predict a system’s behavior. In a world of constant change, adapting these theories is crucial. While extensibility is often about adding new features, we rarely address how to evolve data models and queries while maintaining a faithful connection to reality.

This talk introduces a powerful alternative: declarative “theory building” using Deductive Databases, specifically Datalog. Datalog elegantly unites logic programming with data representation, allowing us to explicitly construct our system’s theory. Data is represented as facts (observations) and rules that derive new knowledge. A fixpoint computation then logically deduces all consequences.

Datalog’s declarative and recursive nature makes it ideal for complex graph problems. We see this in domains like static analysis, used to find live variables, and in systems like Rust’s Polonius borrow checker, which uses Datalog to prove memory safety at compile-time. Our approach, Mangle Datalog, extends this to cover all forms of data engineering.

Mangle includes a static type system, blending the benefits of static checking with the flexibility of a declarative approach. By embedding Mangle, the database definition becomes an API boundary, enabling a new level of extensibility and data integration.

We’ll demonstrate this approach in cybersecurity. We’ll show how disparate security logs (facts) can be transformed into a “theory of a cyberattack”. We use rules to identify emergent patterns—like lateral movement, privilege escalation, and data exfiltration—that are often invisible to traditional query tools. This method allows us to discover sophisticated threats by looking for logical connections.

The payoff of Mangle Datalog is significant: it creates models that gracefully adapt to new data without costly schema migrations. It provides a clear yet flexible separation of logic from data and gives us the ability to discover emergent patterns in complex, graph-heavy systems. By moving beyond procedural scripting, Mangle Datalog empowers us to build powerful, declarative theories of our most intricate systems.