From base48
Jump to: navigation, search

"Life is too short to C" -- Adluc

There are now serveral ways to generate C code for embedded applications with domain specific languages embedded in Haskell. This allows us to use type system and powerful compiler to catch errors sooner and get close to 'if it compiles it works' experience for embedded world.



Ivory Tower

The Ivory Language is an eDSL for safe systems programming. You can think of Ivory as a safer C, embedded in Haskell.

The Tower Language is an eDSL for composing Ivory programs into real-time systems. Tower programs specify communication channels, tasks, and signal handlers, and generate Ivory code which implements scheduling and communication for real-time operating systems.

Work in progress book:




Local projects


UART2CAN bridge (with kernel support via SLCAN protocol) and CAN development board/firmware.

ODrive experimental firmware

Brushless DC motor controller firmware for ODrive board.

HEXAMON Firmware

Beehive monitoring node firmware.


Working with Ivory Tower

Prepare environment

Install stack first - http://docs.haskellstack.org/en/stable/install_and_upgrade/

mkdir embedded
cd embedded
git clone  https://github.com/GaloisInc/ivory/
git clone  https://github.com/GaloisInc/tower/
git clone https://github.com/GaloisInc/ivory-tower-stm32/
Running UART test

Test application located in

cd ivory-tower-stm32/ivory-bsp-tests
# set platform to f4 discovery
cat > default.conf

make bsp-uart-test
cd bsp-uart-test
# now look around carefuly
# oO
# Oo
# ...
# then flash it
arm-none-eabi-gdb --ex 'target extended-remote /dev/f4gdb' \
  --ex 'monitor swdp_scan' \
  --ex 'attach 1' \
  --ex 'load' image'

# try talking to /dev/f4uart
# bsp-uart-test app accepts characters '1' for output on and '2' for output off
screen /dev/f4uart 115200


Atom is a Haskell EDSL for designing hard realtime embedded software. Based on guarded atomic actions (similar to STM), Atom enables highly concurrent programming without the need for mutex locking. In addition, Atom performs compile-time task scheduling and generates code with deterministic execution time and constant memory use, simplifying the process of timing verification and memory consumption in hard realtime applications. Without mutex locking and run-time task scheduling, Atom eliminates the need and overhead of RTOSes for many embedded applications.


Copilot is a stream (i.e., infinite lists) domain-specific language (DSL) in Haskell that compiles into embedded C. Two compiler backends are available, both of which generate constant-time and constant-space C code:

  • copilot-c99 targets Atom language
  • copilot-sbv targets SBV language



Ion is a (heavily experimental) Haskell EDSL for concurrent, realtime, embedded programming. It performs compile-time scheduling, and produces scheduling code with constant memory usage and deterministic execution (i.e. no possibility for divergence).

Ion targets Ivory to perform code generation. It generates scheduling code to be called at regular intervals (e.g. from an interrupt).