Toward a verified relational database management system

We report on our experience implementing a lightweight, fully ver- ified relational database management system (RDBMS). The func- tional specification of RDBMS behavior, RDBMS implementation, and proof that the implementation meets the specification are all written and verified in Coq. Our contributions include: (1) a com- plete specification of the relational algebra in Coq; (2) an efficient realization of that model (B+ trees) implemented with the Ynot ex- tension to Coq; and (3) a set of simple query optimizations proven to respect both semantics and run-time cost. In addition to describ- ing the design and implementation of these artifacts, we highlight the challenges we encountered formalizing them, including the choice of representation for finite relations of typed tuples and the challenges of reasoning about data structures with complex shar- ing. Our experience shows that though many challenges remain, building fully-verified systems software in Coq is within reach.