├── .gitignore ├── ChangeLog.md ├── Data ├── IntSet.hs ├── Map.hs └── Set.hs ├── LICENSE ├── README.md ├── Setup.hs └── containers-verified.cabal /.gitignore: -------------------------------------------------------------------------------- 1 | dist 2 | dist-* 3 | cabal-dev 4 | *.o 5 | *.hi 6 | *.chi 7 | *.chs.h 8 | *.dyn_o 9 | *.dyn_hi 10 | .hpc 11 | .hsenv 12 | .cabal-sandbox/ 13 | cabal.sandbox.config 14 | *.prof 15 | *.aux 16 | *.hp 17 | *.eventlog 18 | .stack-work/ 19 | cabal.project.local 20 | cabal.project.local~ 21 | .HTF/ 22 | .ghc.environment.* 23 | -------------------------------------------------------------------------------- /ChangeLog.md: -------------------------------------------------------------------------------- 1 | # Revision history for containers-verified 2 | 3 | ## 0.6.0.1 -- 2018-06-18 4 | 5 | * Now also verified: `Set.map` and `Set.fromList` (#1) 6 | * Update proofs to `containers-0.6.0.1` 7 | 8 | ## 0.5.11.0 -- 2018-03-15 9 | 10 | * First version. 11 | -------------------------------------------------------------------------------- /Data/IntSet.hs: -------------------------------------------------------------------------------- 1 | {-# OPTIONS_HADDOCK not-home #-} 2 | {-# LANGUAGE PackageImports #-} 3 | {-# LANGUAGE NoImplicitPrelude #-} 4 | 5 | -- | Please see the documentation of for details. 6 | module Data.IntSet ( 7 | -- -- * Strictness properties 8 | -- -- $strictness 9 | 10 | -- * Set type 11 | IntSet -- instance Eq,Show 12 | , Key 13 | 14 | -- * Operators 15 | , (\\) 16 | 17 | -- * Query 18 | , IS.null 19 | , size 20 | , member 21 | , notMember 22 | -- , lookupLT 23 | -- , lookupGT 24 | -- , lookupLE 25 | -- , lookupGE 26 | , isSubsetOf 27 | , isProperSubsetOf 28 | , disjoint 29 | 30 | -- * Construction 31 | , empty 32 | , singleton 33 | , insert 34 | , delete 35 | 36 | -- * Combine 37 | , union 38 | -- , unions 39 | , difference 40 | , intersection 41 | 42 | -- * Filter 43 | , IS.filter 44 | , partition 45 | , split 46 | , splitMember 47 | -- , splitRoot 48 | 49 | -- * Map 50 | -- , IS.map 51 | 52 | -- * Folds 53 | , IS.foldr 54 | , IS.foldl 55 | -- ** Strict folds 56 | , foldr' 57 | , foldl' 58 | -- ** Legacy folds 59 | , fold 60 | 61 | -- -- * Min\/Max 62 | -- , findMin 63 | -- , findMax 64 | -- , deleteMin 65 | -- , deleteMax 66 | -- , deleteFindMin 67 | -- , deleteFindMax 68 | -- , maxView 69 | -- , minView 70 | 71 | -- * Conversion 72 | 73 | -- ** List 74 | , elems 75 | , toList 76 | , fromList 77 | 78 | -- ** Ordered list 79 | , toAscList 80 | , toDescList 81 | -- , fromAscList 82 | -- , fromDistinctAscList 83 | 84 | -- -- * Debugging 85 | -- , showTree 86 | -- , showTreeWith 87 | 88 | ) where 89 | 90 | import "containers" Data.IntSet as IS 91 | -------------------------------------------------------------------------------- /Data/Map.hs: -------------------------------------------------------------------------------- 1 | {-# OPTIONS_HADDOCK not-home #-} 2 | {-# LANGUAGE PackageImports #-} 3 | {-# LANGUAGE NoImplicitPrelude #-} 4 | 5 | -- | Please see the documentation of for details. 6 | module Data.Map 7 | ( 8 | -- * Map type 9 | Map -- instance Eq,Show,Read 10 | 11 | -- * Construction 12 | , empty 13 | , singleton 14 | , fromSet 15 | 16 | -- -- ** From Unordered Lists 17 | -- , fromList 18 | -- , fromListWith 19 | -- , fromListWithKey 20 | 21 | -- -- ** From Ascending Lists 22 | -- , fromAscList 23 | -- , fromAscListWith 24 | -- , fromAscListWithKey 25 | -- , fromDistinctAscList 26 | 27 | -- -- ** From Descending Lists 28 | -- , fromDescList 29 | -- , fromDescListWith 30 | -- , fromDescListWithKey 31 | -- , fromDistinctDescList 32 | 33 | -- * Insertion 34 | , insert 35 | -- , insertWith 36 | -- , insertWithKey 37 | -- , insertLookupWithKey 38 | 39 | -- * Deletion\/Update 40 | , delete 41 | -- , adjust 42 | -- , adjustWithKey 43 | -- , update 44 | -- , updateWithKey 45 | -- , updateLookupWithKey 46 | -- , alter 47 | -- , alterF 48 | 49 | -- * Query 50 | -- ** Lookup 51 | , lookup 52 | -- , (!?) 53 | -- , (!) 54 | -- , findWithDefault 55 | , member 56 | -- , notMember 57 | -- , lookupLT 58 | -- , lookupGT 59 | -- , lookupLE 60 | -- , lookupGE 61 | 62 | -- ** Size 63 | , null 64 | -- , size 65 | 66 | -- * Combine 67 | 68 | -- ** Union 69 | , union 70 | -- , unionWith 71 | -- , unionWithKey 72 | -- , unions 73 | -- , unionsWith 74 | 75 | -- ** Difference 76 | , difference 77 | -- , (\\) 78 | -- , differenceWith 79 | -- , differenceWithKey 80 | 81 | -- ** Intersection 82 | , intersection 83 | -- , intersectionWith 84 | -- , intersectionWithKey 85 | 86 | -- -- ** Unsafe general combining function 87 | -- 88 | -- , mergeWithKey 89 | 90 | -- -- * Traversal 91 | -- -- ** Map 92 | -- , map 93 | -- , mapWithKey 94 | -- , traverseWithKey 95 | -- , traverseMaybeWithKey 96 | -- , mapAccum 97 | -- , mapAccumWithKey 98 | -- , mapAccumRWithKey 99 | -- , mapKeys 100 | -- , mapKeysWith 101 | -- , mapKeysMonotonic 102 | 103 | -- -- * Folds 104 | -- , foldr 105 | -- , foldl 106 | -- , foldrWithKey 107 | -- , foldlWithKey 108 | -- , foldMapWithKey 109 | 110 | -- -- ** Strict folds 111 | -- , foldr' 112 | -- , foldl' 113 | -- , foldrWithKey' 114 | -- , foldlWithKey' 115 | 116 | -- -- * Conversion 117 | -- , elems 118 | -- , keys 119 | -- , assocs 120 | -- , keysSet 121 | 122 | -- ** Lists 123 | -- , toList 124 | 125 | -- ** Ordered lists 126 | -- , toAscList 127 | -- , toDescList 128 | 129 | -- -- * Filter 130 | -- , filter 131 | -- , filterWithKey 132 | -- , restrictKeys 133 | -- , withoutKeys 134 | -- , partition 135 | -- , partitionWithKey 136 | -- , takeWhileAntitone 137 | -- , dropWhileAntitone 138 | -- , spanAntitone 139 | 140 | -- , mapMaybe 141 | -- , mapMaybeWithKey 142 | -- , mapEither 143 | -- , mapEitherWithKey 144 | 145 | , split 146 | -- , splitLookup 147 | -- , splitRoot 148 | 149 | -- -- * Submap 150 | -- , isSubmapOf, isSubmapOfBy 151 | -- , isProperSubmapOf, isProperSubmapOfBy 152 | 153 | -- -- * Indexed 154 | -- , lookupIndex 155 | -- , findIndex 156 | -- , elemAt 157 | -- , updateAt 158 | -- , deleteAt 159 | -- , take 160 | -- , drop 161 | -- , splitAt 162 | 163 | -- -- * Min\/Max 164 | -- , lookupMin 165 | -- , lookupMax 166 | -- , findMin 167 | -- , findMax 168 | -- , deleteMin 169 | -- , deleteMax 170 | -- , deleteFindMin 171 | -- , deleteFindMax 172 | -- , updateMin 173 | -- , updateMax 174 | -- , updateMinWithKey 175 | -- , updateMaxWithKey 176 | -- , minView 177 | -- , maxView 178 | -- , minViewWithKey 179 | -- , maxViewWithKey 180 | 181 | -- , insertWith' 182 | -- , insertWithKey' 183 | -- , insertLookupWithKey' 184 | -- , fold 185 | -- , foldWithKey 186 | ) where 187 | 188 | import "containers" Data.Map 189 | -------------------------------------------------------------------------------- /Data/Set.hs: -------------------------------------------------------------------------------- 1 | {-# OPTIONS_HADDOCK not-home #-} 2 | {-# LANGUAGE PackageImports #-} 3 | {-# LANGUAGE NoImplicitPrelude #-} 4 | 5 | -- | Please see the documentation of for details. 6 | module Data.Set ( 7 | -- * Set type 8 | Set -- instance Eq,Ord,Show,Read,Data,Typeable 9 | 10 | -- * Operators 11 | -- , (\\) 12 | 13 | -- * Query 14 | , S.null 15 | , size 16 | , member 17 | , notMember 18 | -- , lookupLT 19 | -- , lookupGT 20 | -- , lookupLE 21 | -- , lookupGE 22 | , isSubsetOf 23 | -- , isProperSubsetOf 24 | , disjoint 25 | 26 | -- * Construction 27 | , empty 28 | , singleton 29 | , insert 30 | , delete 31 | -- , powerSet 32 | 33 | -- * Combine 34 | , union 35 | , unions 36 | , difference 37 | , intersection 38 | -- , cartesianProduct 39 | -- , disjointUnion 40 | 41 | -- * Filter 42 | , S.filter 43 | -- , takeWhileAntitone 44 | -- , dropWhileAntitone 45 | -- , spanAntitone 46 | , partition 47 | , split 48 | , splitMember 49 | -- , splitRoot 50 | 51 | -- -- * Indexed 52 | -- , lookupIndex 53 | -- , findIndex 54 | -- , elemAt 55 | -- , deleteAt 56 | , S.take 57 | , S.drop 58 | , S.splitAt 59 | 60 | -- -- * Map 61 | , S.map 62 | , mapMonotonic 63 | 64 | -- * Folds 65 | , S.foldr 66 | , S.foldl 67 | -- -- ** Strict folds 68 | -- , foldr' 69 | -- , foldl' 70 | -- -- ** Legacy folds 71 | -- , fold 72 | 73 | -- -- * Min\/Max 74 | , lookupMin 75 | , lookupMax 76 | -- , findMin 77 | -- , findMax 78 | -- , deleteMin 79 | -- , deleteMax 80 | -- , deleteFindMin 81 | -- , deleteFindMax 82 | , maxView 83 | , minView 84 | 85 | -- -- * Conversion 86 | 87 | -- -- ** List 88 | , elems 89 | , toList 90 | , fromList 91 | 92 | -- -- ** Ordered list 93 | , toAscList 94 | , toDescList 95 | , fromAscList 96 | , fromDescList 97 | , fromDistinctAscList 98 | , fromDistinctDescList 99 | ) where 100 | 101 | import Data.Set.Internal as S 102 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018 Joachim Breitner 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included 12 | in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 18 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 19 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 20 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | In the context of the [DeepSpec project](https://deepspec.org/main), parts of the [containers](http://hackage.haskell.org/package/containers) library were 2 | formally verified using [hs-to-coq](https://github.com/antalsz/hs-to-coq) and 3 | the interactive theorem prover Coq. 4 | 5 | This package depends on precisely the verified version of containers and 6 | re-exports the verified parts of the API, with module name and function name 7 | unchanged. 8 | 9 | If you happen to use only the verified subset of the API, then you can simply change 10 | `containers` to `containers-verified` in your `.cabal` file and earn bragging 11 | rights about using verified data structures in your project. Because the 12 | types from `containers` are re-exported, you can still interface with other 13 | libraries that depend on `containers` directly. 14 | 15 | If you happen to need additional modules or functions, you will have to 16 | depend on both `containers` and `containers-verified`, and use [package-qualified imports](https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/glasgow_exts.html#package-qualified-imports) to disambiguate. 17 | 18 | This package does not re-export any of the `….Internals` modules. 19 | 20 | We cannot control which type class instances are re-exported; these therefore 21 | may give you access to unverified code. Also, the `containers` code contains 22 | some CPP directives; these can enable different code on your machine than the 23 | code that we verified (e.g. different bit-widths). 24 | 25 | To learn more about what exactly has been verified, and how wide the 26 | formalization gap is, see the paper “Ready, Set, Verify! Applying hs-to-coq to 27 | non-trivial Haskell code” by Joachim Breitner, Antal Spector-Zabusky, Yao Li, 28 | Christine Rizkallah, John Wiegley and Stephanie Weirich. 29 | 30 | The long-term maintenance plan for this package is not fleshed out yet, and 31 | certainly depends on user-demand. Let us know your needs! (And your technical 32 | or financial abilities to contribute...) 33 | -------------------------------------------------------------------------------- /Setup.hs: -------------------------------------------------------------------------------- 1 | import Distribution.Simple 2 | main = defaultMain 3 | -------------------------------------------------------------------------------- /containers-verified.cabal: -------------------------------------------------------------------------------- 1 | name: containers-verified 2 | version: 0.6.0.1 3 | synopsis: Formally verified drop-in replacement of containers 4 | description: 5 | In the context of the , parts of the 6 | library were 7 | formally verified using and 8 | the interactive theorem prover Coq. 9 | . 10 | This package depends on precisely the verified version of containers and 11 | re-exports the verified parts of the API, with module name and function name 12 | unchanged. 13 | . 14 | If you happen to use only the verified subset of the API, then you can simply change 15 | @containers@ to @containers-verified@ in your @.cabal@ file and earn bragging 16 | rights about using verified data structures in your project. Because the 17 | types from @containers@ are re-exported, you can still interface with other 18 | libraries that depend on @containers@ directly. 19 | . 20 | If you happen to need additional modules or functions, you will have to 21 | depend on both @containers@ and @containers-verified@, and use 22 | to disambiguate. 23 | . 24 | This package does not re-export any of the @….Internals@ modules. 25 | . 26 | We cannot control which type class instances are re-exported; these therefore 27 | may give you access to unverified code. Also, the @containers@ code contains 28 | some CPP directives; these can enable different code on your machine than the 29 | code that we verified (e.g. different bit-widths). 30 | . 31 | To learn more about what exactly has been verified, and how wide the 32 | formalization gap is, see the paper 33 | 34 | by Joachim Breitner, Antal Spector-Zabusky, Yao Li, 35 | Christine Rizkallah, John Wiegley and Stephanie Weirich. 36 | 37 | . 38 | The long-term maintenance plan for this package is not fleshed out yet, and 39 | certainly depends on user-demand. Let us know your needs! (And your 40 | technical or financial abilities to contribute...) 41 | 42 | 43 | homepage: https://github.com/nomeata/containers-verified 44 | license: MIT 45 | license-file: LICENSE 46 | author: Joachim Breitner 47 | maintainer: mail@joachim-breitner.de 48 | copyright: 2018 Joachim Breitner 49 | category: Data 50 | build-type: Simple 51 | extra-source-files: ChangeLog.md 52 | cabal-version: >=1.10 53 | 54 | library 55 | build-depends: containers ==0.6.0.1 56 | default-language: Haskell2010 57 | exposed-modules: 58 | Data.Set 59 | Data.IntSet 60 | Data.Map 61 | -- The following ensures that GHCi will not complain about ambiguous module 62 | -- names when both containers and containers-verified is in a project. 63 | exposed: False 64 | 65 | source-repository head 66 | type: git 67 | location: http://github.com/nomeata/containers-verified 68 | 69 | --------------------------------------------------------------------------------