Certified HLints with Isabelle/HOLCF-Prelude

We present the HOLCF-Prelude, a formalization of a large part of Haskell’s standard prelude in Isabelle/HOLCF. Applying this formalization to the hints suggested by HLint allows us to certify them formally. In pure functional languages such as Haskell, equational reasoning is a valuable tool for refactoring, to improve both efficiency and aesthetics. For example, an experienced programmer would replace reverse ".txt" `isPrefixOf` reverse filename with the more readable (and more efficient) ".txt" `isSuffixOf` filename. In this paper we call such a replacement a rewrite. We only want to apply rewrites that are valid and thus some natural questions arise: Is the original expression equivalent to the replaced expression? With a language like Haskell, this entails the question: What about when infinite or undefined values are involved? To highlight some of the issues, consider another example. Assuming the definition reverse [] = [] reverse (x:xs) = reverse xs ++ [x] can we safely apply the following rewrite? reverse (reverse xs) = xs (?) Let us try to prove (?) by induction: • Base case (xs = []). Just apply the definition of reverse. • Step case (xs = y:ys). We have: reverse (reverse (y:ys)) = reverse (reverse ys ++ [y]) (by definition of reverse) = reverse [y] ++ reverse (reverse ys) (using an auxiliary lemma) = reverse [y] ++ ys (by induction hypothesis) = y:ys Such fast-and-loose reasoning [2] is oftentimes useful, but may fail for lazy languages: The above rewrite is neither valid for infinite xs, nor when xs contains undefined values on the spine. In addition to the above cases, we should have considered the undefined input ⊥ (pronounced bottom) and made sure that the desired property is admissible for our setting. These extra requirements can be tricky to follow, so automated assistance would be welcome. Such assistance is available using higher-order logic for computable functions (HOLCF, [5]). HOLCF is based on the higher-order logic (HOL) instance of the proof assistant Isabelle [7] that provides functions, recursive definitions, (data) types, type classes, etc.; and constitutes a domain-theoretic framework that allows us to generate types in HOL that match the denotation ∗Supported by the Deutsche Telekom Stiftung. †Supported by the Austrian Science Fund (FWF): J3202. 1See [5] for a formal definition of admissibility.