Haskell Library Reports

INTRODUCTION

Developers today need to identify the right libraries to use for a given problem. FP Complete’s code audit includes analysis and review of the appropriateness of libraries by identifying redundant or duplicate solutions, highlighting the use of unnecessary dependencies, assessing the maturity of libraries and reviewing the quality and frequency of library maintenance as well as tracking any open issues.

Beyond this high level analysis, a thorough code review of these libraries and their potential vulnerabilities is now being done as a separate formal audit by FP Complete. This involves automated testing practices, manual code review, and leveraging existing static analysis tools in Haskell.

Within the Cardano-sl code base, there are currently over 370 individual library dependencies, all under review as part of the code audit. FP Complete’s code audit therefore presents a unique opportunity to review libraries and code that is used more widely by the Haskell community and in some cases, code reviews that span multiple versions of the same library.

As a commitment to the Haskell community and the open source software movement in general, Cardano Foundation together with FP Complete will release regular audit reports reviewing various Haskell libraries as it continues to review the development of the Cardano more specifically.

About FP Complete

FP Complete is an advanced open source server-side software development and DevOps consulting company. They specialize in helping FinTech companies solve unique sets of problems related to data and information integrity, data security, architectural design, systems integration, and regulatory compliance. FP Complete are recognized worldwide for their contributions to the functional programming community using the Haskell programming language. Their people and processes have helped countless companies increase the velocity and quality of their delivered software products. From fortune 500 biotech companies to small blockchain FinTech software companies they have solved unique and complicated problems with expert results.

Reports

Haskell "Binary" Report

Carried out by FP Complete in conjunction with Cardano Foundation
July 2018

This report is based on the following commit:

github.com/kolmodin/binary: 333f8366f86a5af86062e94897eec8ef9aee4d1d

This is not a final report, but a snapshot of what has been reviewed thus far.

Notice

NOTE: This report is intended for public distribution.

This audit report should be considered preliminary work only. It is known to be incomplete. Crucial information for the project has not yet been reviewed. Some statements within may be incorrect. We will strive to improve on these areas in future iterations of the report.

Back to top