Stack Overflow
Stack Overflow

Questions tagged [fstar]

F* (pronounced F star) is an ML-like functional programming language aimed at program verification.

F* (pronounced F star) is an ML-like functional programming language aimed at program verification. Its type system includes polymorphism, dependent types, monadic effects, refinement types, and a weakest precondition calculus. Together, these features allow expressing precise and compact specifications for programs, including functional correctness and security properties. The F* type-checker aims to prove that programs meet their specifications using a combination of SMT solving and manual proofs. Programs written in F* can be translated to OCaml or F# for execution.

For more information see the F* language homepage.

30 questions
1
vote
1 answer

Assume val and opaque type constructs in F*

I'm new to F* and although the tutorial is well-written I'm missing some good API page for reference. So I need the precise meaning for the following constructs: assume val name: type I'd say this line registers into the solver the name being…
user1868607
  • 2,558
  • 1
  • 17
  • 38
0
votes
1 answer

How can I display the value and/or type of an fstar expression?

I'm going through the fstar tutorial using the emacs fstar-mode. Is there a way to evaluate an expression or its type? What I'm looking for is an equivalent to Lean's #check or #eval.
azani
  • 486
  • 3
  • 14
0
votes
2 answers

Why isn't this FStar function accepted?

I'd like to understand why this function is not accepted as a terminating one: val while_items: ni: nat -> ni_max: nat -> nw: nat -> bool let rec while_items ni ni_max nw = (if ni < ni_max then while_items (ni + nw) ni_max nw else…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

FStar function strange behavior

It seems incorrect that the following simple function is accepted as a terminating one: val fnc : (nw: nat) -> (ni: nat) -> (ni_max: nat) -> bool let rec fnc nw ni ni_max = match ni with | ni_max -> false | _ -> fnc nw (nw + ni)…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

Trouble verifying simple programs in F* (FStar)

I'm using F* 0.9.6.0 and I can't get this simple program to pass subtyping checks: module Test open FStar.String let minlen s n = strlen s >= n let maxlen s n = strlen s <= n let isLanguageValid s = (minlen s 2) && (maxlen s 8) type language = s…
steve richey
  • 497
  • 3
  • 16
0
votes
1 answer

Trying to understand indexed types

I'm trying to understand the vector type from the FStar tutorial: type vector (a: Type) : nat -> Type = | Nil : vector a 0 | Cons : hd: a -> n: nat -> tl: vector a n -> vector a (n + 1) Constructing a vector - similarly to constructing…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

Hint on FStar proof dead end

Can I get a brief explanation why this proof effort fails? In my studies I'm trying to recognize simple patterns in generated lists of integers. The generator below produces a list of alternating 0s and 1s. I'd like to prove that items at even…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

Issue with a simple assertion in FStar

I've just started to study FStar. I'd like to express the fact that for every natural number there exists a bigger one. let _ = assert (forall (m:nat). exists (n: nat). n > m) It fails and I'd like to know why. Thank you.
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

This lemma slows down FStar/Emacs

It takes about 2 minutes for FStar to prove this lemma and what is worse, Emacs becomes intolerably slow as long as it's present. Other, apparently more complicated lemmas do not cause this problem. let lemma_1 (n: nat) (m: nat) : Lemma (n <= m || n…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

How to resolve this type conflict in FStar?

Here's a simple pattern generator that returns a list of 1:nat. lemma_1 proves that there's a 1 in every position of generated lists of arbitrary length. The lng argument for nth_1 had to be introduced because otherwise n would be constrained as…
Attila Karoly
  • 951
  • 5
  • 13
0
votes
1 answer

Mutually Inductive Datatypes with Type Parameters

I am trying to write a declaration of two mutually inductive datatypes that both take a type parameter as arguments as follows: noeq type foo 'a = | FooA: x: 'a -> foo 'a | Foob: y: bar 'a -> foo 'a and bar 'b = | BarA: x: int -> bar 'b …
Andrew Ferraiuolo
  • 47
  • 4
0
votes
1 answer

Use meta-programming in F* for a syntactic check on a function argument

I would like to write a function that enforces that its argument is, syntactically, a constant string. Here's what I tried: module Test module R = FStar.Reflection let is_literal (t: R.term) = match R.inspect_ln t with | R.Tv_Const (R.C_String…
Jonathan Protzenko
  • 1,709
  • 8
  • 13
0
votes
1 answer

Applicative functor in F*: Type checking error

As an experiment while trying to get familiar with F*, I tried implementing an applicative functor. I'm stuck at a weird-looking type checking error. I'm not sure yet if this is due to some feature / logic in the type checking that I'm not aware of,…
madidier
  • 196
  • 9
0
votes
1 answer

Some questions about weakest pre-condition notation in the F* tutorial

Chapter 9 in the F* tutorial has an example: b ::= x | true | false e ::= b | let x = e1 in e2 | assert b | if b then e1 else e2 WP b P = P b WP (let x = e1 in e2) P = WP e1 (fun x -> WP e2 P) WP (assert b) P =…
Olle Härstedt
  • 3,799
  • 1
  • 24
  • 57
-2
votes
1 answer

Starting out with Fstar

I have been reading about F-star from some of its paper and the F-star tutorial, but I find myself quite lost trying to understand its concepts. For example, dependently type, Dijkstra monads, etc. What are the pre-requisites to properly understand…
pleen85
  • 11
1
2