skip to main content
article

Using Coq to write fast and correct Haskell

Published:07 September 2017Publication History
Skip Abstract Section

Abstract

Correctness and performance are often at odds in the field of systems engineering, either because correct programs are too costly to write or impractical to execute, or because well-performing code involves so many tricks of the trade that formal analysis is unable to isolate the main properties of the algorithm.

As a prime example of this tension, Coq is an established proof environment that allows writing correct, dependently-typed code, but it has been criticized for exorbitant development times, forcing the developer to choose between optimal code or tractable proofs. On the other side of the divide, Haskell has proven itself to be a capable, well-typed programming environment, yet easy-to-read, straightforward code must all too often be replaced by highly optimized variants that obscure the author's original intention.

This paper builds on the existing Fiat refinement framework to bridge this divide, demonstrating how to derive a correct-by-construction implementation that meets (or exceeds) the performance characteristics of highly optimized Haskell, starting from a high-level Coq specification. To achieve this goal, we extend Fiat with a stateful notion of refinement of abstract data types and add support for extracting stateful code via a free monad equipped with an algebra of heap-manipulating operations. As a case study, we reimplement a subset of the popular bytestring library, with little to no loss of performance, while retaining a high guarantee of program correctness.

Skip Supplemental Material Section

Supplemental Material

References

  1. Andreas Abel, Marcin Benke, Ana Bove, John Hughes, and Ulf Norell. 2005. Verifying Haskell Programs Using Constructive Type Theory. In Proceedings of the 2005 ACM SIGPLAN Workshop on Haskell (Haskell ’05). ACM, New York, NY, USA, 62–73. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. S. Awodey. 2006. Category Theory. Ebsco Publishing. https://books.google.com/ books?id=IK_sIDI2TCwCGoogle ScholarGoogle Scholar
  3. Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2015. Using Crash Hoare Logic for Certifying the FSCQ File System. In Proceedings of the 25th Symposium on Operating Systems Principles (SOSP ’15). ACM, New York, NY, USA, 18–37. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Cyril Cohen, Maxime DÃľnÃĺs, and Anders MÃűrtberg. 2013. Refinements for Free! In Certified Programs and Proofs. Springer International Publishing. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Benjamin Delaware, Clément Pit-Claudel, Jason Gross, and Adam Chlipala. 2015. Fiat: Deductive Synthesis of Abstract Data Types in a Proof Assistant. Association for Computing Machinery. http://dspace.mit.edu/handle/1721.1/91993Google ScholarGoogle Scholar
  6. Edsger W. Dijkstra. 1967. A constructive approach to the problem of program correctness. (Aug. 1967). http://www.cs.utexas.edu/users/EWD/ewd02xx/EWD209. PDF Circulated privately.Google ScholarGoogle Scholar
  7. Richard A. Eisenberg. 2016. Dependent Types in Haskell: Theory and Practice. CoRR abs/1610.07978 (2016). https://www.cis.upenn.edu/~sweirich/papers/ eisenberg-thesis.pdfGoogle ScholarGoogle Scholar
  8. Peter Hawkins, Alex Aiken, Kathleen Fisher, Martin Rinard, and Mooly Sagiv. 2011. Data Representation Synthesis. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. He, C.A.R. Hoare, and J.W. Sanders. 1986. Data refinement refined. In ESOP 86, Bernard Robinet and Reinhard Wilhelm (Eds.). Lecture Notes in Computer Science, Vol. 213. Springer Berlin Heidelberg, 187–196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C.A.R. Hoare. 1972. Proof of correctness of data representations. Acta Informatica 1, 4 (1972), 271–281. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Peter Lammich. 2013. Automatic Data Refinement. In Interactive Theorem Proving. Springer Berlin Heidelberg. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Peter Lammich. 2015. Refinement to Imperative/HOL. In Interactive Theorem Proving, Christian Urban and Xingyuan Zhang (Eds.). Lecture Notes in Computer Science, Vol. 9236. Springer International Publishing, 253–269. DOI:Google ScholarGoogle Scholar
  13. Peter Lammich and Thomas Tuerk. 2012. Applying Data Refinement for Monadic Programs to HopcroftâĂŹs Algorithm. In Interactive Theorem Proving, Lennart Beringer and Amy Felty (Eds.). Lecture Notes in Computer Science, Vol. 7406. Springer Berlin Heidelberg, 166–182.Google ScholarGoogle Scholar
  14. Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM 52, 7 (July 2009), 107–115. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Pierre Letouzey. 2003. A New Extraction for Coq. In Proc. TYPES. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Calvin Loncaric, Emina Torlak, and Michael D. Ernst. 2016. Fast Synthesis of Fast Collections. SIGPLAN Not. 51, 6 (June 2016), 355–368. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Robert Paige and Shaye Koenig. 1982. Finite Differencing of Computable Expressions. ACM Trans. Program. Lang. Syst. 4, 3 (July 1982). Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ohad Shacham, Martin Vechev, and Eran Yahav. 2009. Chameleon: Adaptive Selection of Collections. SIGPLAN Not. 44, 6 (June 2009), 408–418. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2016. A New Verified Compiler Backend for CakeML. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP 2016). ACM, New York, NY, USA, 60–73. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Niki Vazou, Eric L. Seidel, and Ranjit Jhala. 2014. LiquidHaskell: Experience with Refinement Types in the Real World. SIGPLAN Not. 49, 12 (Sept. 2014), 39–51. DOI: Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Konstantin Weitz, Steven S. Lyubomirsky, Stefan Heule, Emina Torlak, Michael D. Ernst, and Zachary Tatlock. 2017. SpaceSearch: A Library for Building and Verifying Solver-Aided Tools. In Proc. of the ACM Program. Lang. (ICFP ’17), Vol. 1. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Edward Yang. 2010. How to pick your string library in Haskell. http://blog. ezyang.com/2010/08/strings-in-haskell/ . (2010).Google ScholarGoogle Scholar

Index Terms

  1. Using Coq to write fast and correct Haskell

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 52, Issue 10
      Haskell '17
      October 2017
      211 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/3156695
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        Haskell 2017: Proceedings of the 10th ACM SIGPLAN International Symposium on Haskell
        September 2017
        211 pages
        ISBN:9781450351829
        DOI:10.1145/3122955

      Copyright © 2017 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 7 September 2017

      Check for updates

      Qualifiers

      • article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!