Project-Team Prosecco
Personnel
Overall Objectives
Research Program
Application Domains
Highlights of the Year
New Software and Platforms
New Results
Partnerships and Cooperations
Dissemination
Bibliography
XML PDF e-pub
PDF e-Pub

previous Previous | up Home | Next next

Section: New Results

The F* programming language

Participants : Danel Ahman, Benjamin Beurdouche, Karthikeyan Bhargavan, Barry Bond [Microsoft Research] , Tej Chajed [MIT] , Antoine Delignat-Lavaud [Microsoft Research] , Victor Dumitrescu, Cédric Fournet [Microsoft Research] , Catalin Hritcu, Qunyan Mangus [Microsoft Research] , Markulf Kohlweiss [Microsoft Research] , Kenji Maillard, Asher Manning [McGill University] , Guido Martínez [CIFASIS-CONICET Rosario] , Zoe Paraskevopoulou [Princeton University] , Clément Pit-Claudel [MIT] , Jonathan Protzenko [Microsoft Research] , Tahina Ramananandro [Microsoft Research] , Aseem Rastogi [Microsoft Research] , Jared Roesch [University of Washington] , Nikhil Swamy [Microsoft Research] , Christoph M. Wintersteiger [Microsoft Research] , Santiago Zanella-Béguelin [Microsoft Research] .

F* is an ML-like functional programming language aimed at program verification. Its type system includes polymorphism, dependent types, monadic effects, refinement types, and a weakest precondition calculus. Together, these features allow expressing precise and compact specifications for programs, including functional correctness and security properties. The F* type-checker aims to prove that programs meet their specifications using a combination of SMT solving and manual proofs. Programs written in F* can be translated to OCaml, F#, or C for execution.

The latest version of F* is written entirely in F*, and bootstraps in OCaml and F#. It is open source and under active development on http://github.com/FStarLang/FStar. A detailed description of this new F* version is available in a series of POPL papers  [62], [22], [14].

The main ongoing use case of F* is building a verified, drop-in replacement for the whole HTTPS stack in Project Everest [25]. This includes verified implementations of TLS 1.2 and 1.3 including the underlying cryptographic primitives. Moreover, while F* is extracted to OCaml by default, we have devised a subset of F* that can be compiled to C for efficiency [18].

We released two versions of the software this year.


previous Previous | up Home | Next next