Haskell in an Industrial ContextAndy Moran

Haskell, Galois, and the FutureGalois use of Haskell: why and whereChallenges in continuing to use HaskellHow do we meet these challengesSome suggestions

Galois SummaryMission: Advanced technology development for Information AssuranceExpertiseCrypto development and validationMulti-level and cross-domain securitySecure middlewareCapabilitiesHigh assurance engineeringAbstract modeling & analysisApplication of relevant theoretical researchRapid prototype developmentDomain-specific language development

Corporate BackgroundFounded in 1999; spun off from funded OGI researchProfitable last 8 quarters, >50% CAGRFundingSelf-funded from revenues90% employee owned6 Active ProjectsMix of research and product developmentClientsU.S govt, multiple primes20 employees total15 technical staffAdditional contract employees and subcontractors

High Assurance EngineeringHigh Assurance means:Formal and semi-formal specifications, designs, modelsFormal and semi-formal correspondence argumentsNot necessarily mathematical proofsTraditional testingMany non-functional, non-technical requirements about:Physical security of codeSoftware process documentationChange managementRelease managementHigh Assurance is not complete formal verificationWhich is why we think we have a chance Its all about gathering evidence that the product does what it shouldIts not about proving that it always does

Galois and HaskellGalois focus is High Assurance developmentWith two exceptions, every project weve ever done or are now doing have uses HaskellWe delivered tools that are being used heavily:CryptolGUI debugger for a specialized chipSyntax extension tool for clients own language (suped-up Happy + OCaml P4)Our biggest project relies upon HaskellHigh assurance arguments predicated upon use of HaskellAnother project is about HaskellAll others benefit from using Haskell

Why Haskell: Technical BenefitsType system very strong, expressiveType system exposes effectsLaziness encourages combinatorial designNatural for many problems, particularly compilersHaskell is very high-levelPromotes design-level programmingHaskell programs look like designs to non-practitionersEnables us to try out creative solutions that might not be tractable with traditional languagesAble to express more complex algorithmsDesign-level debuggingTrivial bugs disallowed by type systemGet straight to the real bugsWere very familiar with HaskellBut these arguments do not a business case make!

The Big Win: High AssuranceHaskell is close to its semanticsProviding evidence for H.A. properties is possibleHaskell is amenable to formal techniquesHaskells type system can express and enforce desirable H.A. properties (such as data separation)Good handle on H.A. correspondence arguments:Specification, design, model: all in Haskell

Indirect Business BenefitsHigh productivity:We can prototype products/tools very quicklyCompetition:Not many companies out there using Haskell as an enabling technologyFamiliarity:Most of Galois has been using Haskell since day 1Possibilities:Allows greater scope for high assurance developmentWe can build in more functionality, to higher assuranceQuality of Staff:Haskell practitioners tend to be extremely bright

Its Not All Beer and Skittles There are problems with relying upon Haskell:Technical issuesSupportLong-term viabilityCustomer needsCustomer perceptionStaffingSpecial government client needs

Development IssuesWere surrounded by nailsWhen all youve got is a hammer Happily, its a Swiss Army hammerDebugging can be a painEspecially debugging in the IO monadExisting debuggers tend not to support language extensionsLibraries only scratch library writers itchNot designed with industrial applications in mindHaskell encourages abstraction addictionIts very easy to get tied up in knotsToo much abstraction leads to maintenance headaches

Support IssuesVolunteer-based support for compiler onlyCant depend on getting that showstopper fixed in time to meet your deadlineWe push GHC to its limits, and so expose problems in the RTSWithout Sigbjrn Finne on the payroll, at least three of our projects would have been held up indefinitelyThreaded RTS, Asynchronous I/O for Windows, elusive GC bugNo 24 hour hotlineOnly common platforms get any supportNo industrial-grade tool supportProfilers limited; debuggers very limitedLibraries not tuned for performanceLibraries, language extensions documented mainly in research papers, if at allGHC user manual gives reference-level documentation to extensionsIDEs very limited

Long-Term ViabilityReliant upon Simon and SimonWhat if they start working on Word 2006?Others starting to play larger role, but still small handful of key playersStill a research languageExists to be test bed for experiments:Language design (Template Haskell, exotic type systems)Compiler implementation (eval-apply, CMM back-end)This is A Good ThingBut we need a stable language too

General Business IssuesCustomers see problems:How are they going to maintain the code we built for them?Will this weird language even be around next year?Customer perception:Whats Haskell?Whats Functional Programming?Functional programs are slow!Why is it better than Java?If its so great, why isnt everyone using it?Staffing:Not that many Haskell practitioners out thereCurrently, we also need U.S. citizens

Government IssuesPedigree of compiler sourceCorralled repositoryWho worked on it before corrallingSecurity of compiler sourceWho has write accessHow is repository protectedPhysical (key card access to server room)NetworkHow patches are vetted before being appliedHow many trusted eyes have reviewed compiler source?These questions are asked of any tool being used to develop sensitive applicationsIf tool source changes often, the burden is increasedEspecially if we also need to update formal arguments and models each time there is a change

Are We Alone?

How Might We Solve These Problems Together?

Whats Been Tried Before?

Why Didnt It Work?

Haskell ConsortiumAn affiliation of companies that use Haskell, together fundingProviding technical support for compilers and toolsTimely bug-fixesPatch release managementVersion, platform managementKeeping up with GHC patchesEvaluating GHC enhancements for inclusionPursuing industrial-grade developmentDeveloping new toolsEnhancing existing toolsDeveloping experimental compilers, interpreters, run-time systemsFunding could be augmented:Members clients? Government? Charity?

Explaining what we do to non-computer scientists what we do has always been a challenge, but I expect this audience probably understands it pretty well. That said, we spend a lot of time trying to refine and sharpen our technical focus.