Abstract
Good tools can bring mechanical verification to programs written in mainstream functional languages. We use <pre>hs-to-coq</pre> to translate significant portions of Haskell’s <pre>containers</pre> library into Coq, and verify it against specifications that we derive from a variety of sources including type class laws, the library’s test suite, and interfaces from Coq’s standard library. Our work shows that it is feasible to verify mature, widely-used, highly optimized, and unmodified Haskell code. We also learn more about the theory of weight-balanced trees, extend <pre>hs-to-coq</pre> to handle partiality, and – since we found no bugs – attest to the superb quality of well-tested functional code.
Supplemental Material
- Stephen Adams. 1992. Implementing sets efficiently in a functional language,. Research Report CSTR 92-10. University of Southampton.Google Scholar
- Andrew W. Appel, Lennart Beringer, Adam Chlipala, Benjamin C. Pierce, Zhong Shao, Stephanie Weirich, and Steve Zdancewic. 2017. Position paper: the science of deep specification. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences 375, 2104 (2017).Google Scholar
- Ana Bove, Peter Dybjer, and Ulf Norell. 2009. A Brief Overview of Agda - A Functional Language with Dependent Types. In Theorem Proving in Higher Order Logics, 22nd International Conference, TPHOLs 2009, Munich, Germany, August 17-20, 2009. Proceedings (Lecture Notes in Computer Science), Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.), Vol. 5674. Springer, 73–78. Google Scholar
Digital Library
- Edwin Brady. 2017. Type-driven Development With Idris. Manning.Google Scholar
- Joachim Breitner, Antal Spector-Zabusky, Yao Li, Christine Rizkallah, John Wiegley, and Stephanie Weirich. 2018. Ready, Set, Verify! Applying hs-to-coq to real-world Haskell code. CoRR abs/1803.06960 (2018). arXiv: 1803.06960 http: //arxiv.org/abs/1803.06960 Google Scholar
Digital Library
- Arthur Charguéraud. 2010. The Optimal Fixed Point Combinator. In Proceedings of the First International Conference on Interactive Theorem Proving (ITP’10). Springer-Verlag, Berlin, Heidelberg, 195–210. Google Scholar
Digital Library
- Koen Claessen and John Hughes. 2000. QuickCheck: a lightweight tool for random testing of Haskell programs. In ICFP. ACM, 268–279. Google Scholar
Digital Library
- Nils Anders Danielsson, John Hughes, Patrik Jansson, and Jeremy Gibbons. 2006. Fast and loose reasoning is morally correct. In POPL. ACM, 206–217. Google Scholar
Digital Library
- Yoichi Hirai and Kazuhiko Yamamoto. 2011. Balancing weight-balanced trees. Journal of Functional Programming 21, 3 (2011), 287–307. Google Scholar
Digital Library
- Alexander Krauss. 2006. Partial Recursive Functions in Higher-Order Logic. In IJCAR (LNCS), Vol. 4130. Springer, 589–603. Google Scholar
Digital Library
- Daniel Kröning, Philipp Rümmer, and Georg Weissenbacher. 2009. A proposal for a theory of finite sets, lists, and maps for the SMT-LIB standard. In Informal proceedings, 7th International Workshop on Satisfiability Modulo Theories at CADE, Vol. 22.Google Scholar
- The Coq development team. 2016. The Coq proof assistant reference manual. LogiCal Project. http://coq.inria.fr Version 8.6.1.Google Scholar
- Donald R. Morrison. 1968. PATRICIA&Mdash;Practical Algorithm To Retrieve Information Coded in Alphanumeric. J. ACM 15, 4 (Oct. 1968), 514–534. Google Scholar
Digital Library
- Jürg Nievergelt and Edward M. Reingold. 1972. Binary Search Trees of Bounded Balance. In STOC. ACM, 137–142. Google Scholar
Digital Library
- Tobias Nipkow and Stefan Dirix. 2018. Weight-Balanced Trees. Archive of Formal Proofs (March 2018). http://isa-afp.org/ entries/Weight_Balanced_Trees.html , Formal proof development.Google Scholar
- Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel. 2002. Isabelle/HOL - A Proof Assistant for Higher-Order Logic. Lecture Notes in Computer Science, Vol. 2283. Springer. Google Scholar
Digital Library
- Chris Okasaki. 1999. Purely functional data structures. Cambridge University Press. Google Scholar
Digital Library
- Chris Okasaki and Andrew Gill. 1998. Fast Mergeable Integer Maps. In In Workshop on ML. 77–86.Google Scholar
- Simon Peyton Jones, Andrew Tolmach, and Tony Hoare. 2001. Playing by the rules: rewriting as a practical optimisation technique in GHC. In Haskell Workshop.Google Scholar
- Antal Spector-Zabusky, Joachim Breitner, Christine Rizkallah, and Stephanie Weirich. 2018. Total Haskell is reasonable Coq. In CPP. ACM, 14–27. Google Scholar
Digital Library
- Milan Straka. 2010. The Performance of the Haskell Containers Package. In Proceedings of the Third ACM Haskell Symposium on Haskell (Haskell ’10). ACM, New York, NY, USA, 13–24. Google Scholar
Digital Library
- Niki Vazou, Leonidas Lampropoulos, and Jeff Polakow. 2017. A Tale of Two Provers: Verifying Monoidal String Matching in Liquid Haskell and Coq. In Haskell Symposium. ACM, 63–74. Google Scholar
Digital Library
- Niki Vazou, Patrick M. Rondon, and Ranjit Jhala. 2013. Abstract Refinement Types. In Proceedings of the 22Nd European Conference on Programming Languages and Systems (ESOP’13). Springer-Verlag, Berlin, Heidelberg, 209–228. Google Scholar
Digital Library
- Niki Vazou, Eric L. Seidel, Ranjit Jhala, Dimitrios Vytiniotis, and Simon Peyton-Jones. 2014. Refinement Types for Haskell. In ICFP. ACM, 269–282. Google Scholar
Digital Library
- Niki Vazou, Anish Tondwalkar, Vikraman Choudhury, Ryan G. Scott, Ryan R. Newton, Philip Wadler, and Ranjit Jhala. 2018. Refinement reflection: complete verification with SMT. PACMPL 2, POPL (2018), 53:1–53:31. Google Scholar
Digital Library
Index Terms
Ready, set, verify! applying hs-to-coq to real-world Haskell code (experience report)
Recommendations
Total Haskell is reasonable Coq
CPP 2018: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and ProofsWe would like to use the Coq proof assistant to mechanically verify properties of Haskell programs. To that end, we present a tool, named <tt>hs-to-coq</tt>, that translates total Haskell programs into Coq programs via a shallow embedding. We apply our ...
xmonad in Coq (experience report): programming a window manager in a proof assistant
Haskell '12: Proceedings of the 2012 Haskell SymposiumThis report documents the insights gained from implementing the core functionality of xmonad, a popular window manager written in Haskell, in the Coq proof assistant. Rather than focus on verification, this report outlines the technical challenges ...
xmonad in Coq (experience report): programming a window manager in a proof assistant
Haskell '12This report documents the insights gained from implementing the core functionality of xmonad, a popular window manager written in Haskell, in the Coq proof assistant. Rather than focus on verification, this report outlines the technical challenges ...






Comments