Program verification with F*
Guest lecture and accompanying lab sessions for the Advanced Programming Course (ITT8060) at the Tallinn University of Technology.
Lecture slides (20.11.2019)
Lab exercises (20-21.11.2019)
These exercises are mostly independent of each other, so you do not need to do them in the given order, but the earlier ones are generally more basic.
Out of all of them, Exercise 7 is probably the most involved. It lets you simultaneously practice the verification of both pure and stateful programs.
Verifying purely functional programs
- Exercise 1: Summing 1 + 2 + 3 + ...
- Exercise 2: Simply typed stacks
- Exercise 3: Refined stacks
Verifying stateful programs
- Exercise 4: Stateful summing 1 + 2 + 3 + ...
- Exercise 5: Stateful factorial 1 * 2 * 3 * ...
- Exercise 6: Stateful Fibonacci 1 , 1 , 2 , 3 , 5 , 8 , ...
Verifying purely functional and stateful programs
- Exercise 7: Functional and mutable binary search trees
Verifying monotonic stateful programs
- Exercise 8: Initializable and freezable references
Useful code snippets
- Ackermann function, interfaces, and decreases metrics: Ackermann.fsti, Ackermann.fst
- List reversal: Rev.fst
- Potential divergence:Divergence.fst
- F*'s ML-style garbage-collected memory model: FStar.Heap.fst, FStar.ST.fst
- F*'s low-level memory model: FStar.HyperStack.fst, FStar.HyperStack.ST.fst
- Stateful increment function: IncrST.fst, Incr2ST.fst
- Reference swapping: SwapRefsST.fst
- Stateful counting: CountST.fst
- Low-level code example: BufferAlloc.fst, BufferAlloc.c
- F*'s witnessed modality: FStar.Monotonic.Witnessed.fsti, FStar.Monotonic.Witnessed.fst
- F*'s monotonic ML-style memory model: FStar.Monotonic.Heap.fst, FStar.ST.fst, FStar.Ref.fst
- F*'s monotonic low-level memory model: FStar.Monotonic.HyperStack.fst, FStar.HyperStack.ST.fst
- Classical logic in F*: FStar.Classical.fsti, FStar.Classical.fst, FStar.StrongExcludedMiddle.fst
- Monotonic counters: CounterMST.fst
- Monotonic logs: SimpleLogMST.fst
- Temporarily violating monotonicity with snapshots: Snapshots.fst
Using F* in your browser
Deploying F* on your computer
For people who want to get F* installed on their computer with little fuzz there are 4 easy options:
- Using the binary releases
(documentation on this):
- WARNING: The most recent (development) version of F* and its libraries are often not compatible with these binary releases.
- In order to get more recent, but also more experimental binary builds please look at the automatically generated weekly builds (Linux and Windows only).
- Using the OPAM package
(especially for people already using OCaml):
- WARNING: As with the binary releases, the stable version of F* on OPAM is often not compatible with with the most recent (develoment) version of F* and its libraries.
- In order to install the recent (development) version of F* through OPAM, please follow the instructions.
- IMPORTANT: You need to additionally download and add to your PATH a supported version of the Z3 SMT-solver, see the instructions.
Using the Homebrew formula (if you are a macOS user):
- WARNING: As with the binary releases, the stable version of F* on Homebrew is often not compatible with with the most recent (develoment) version of F* and its libraries.
- In order to install the recent (development) version of F* through Homebrew, please follow the instructions.
Using a Docker container (especially for people who already have Docker on their computer):
Get the F* Docker container:
$ docker pull fstarlang/fstar-emacs
NOTE: This gets you the most recent F* build, the supported version of Z3, and also the Emacs fstar-mode (to use Emacs with GUI, follow these instructions).
In order to persist your work between subsequent docker and container runs, create a volume to keep your exercises and code:
$ docker volume create fstar-vol
Run the container and log into it:
$ docker run -i -t --mount source=fstar-vol,target=/fstar-vol fstarlang/fstar-emacs
When logged into the container, change the owner of the /fstar-vol volume to build:build:
$ sudo chown -R build:build /fstar-vol
And you should be all set to start writing and veirfying programs in F*:
$ cd /fstar-vol ; cp ~/FStar/examples/hello/Hello.fst . ; emacs Hello.fst
If needed for the exercises, you can find the F* standard library in ~/FStar/ulib and various examples in ~/FStar/examples.
After you exit the container, you can restart it by looking up its ID using
$ docker ps -a and running
$ docker start -i CONTAINER_ID.
People who are more motivated and more adventurous can of course also build F* directly from its sources, see the documentation.
Using F* interactively
If you are familiar with the Emacs text editor, it is recommended getting
fstar-mode for it to make the most of F*'s interactive features.