Dependent types and multi-monadic effects in F*

We present a new, completely redesigned, version of F*, a language that works both as a proof assistant as well as a general-purpose, verification-oriented, effectful programming language. In support of these complementary roles, F* is a dependently typed, higher-order, call-by-value language with _primitive_ effects including state, exceptions, divergence and IO. Although primitive, programmers choose the granularity at which to specify effects by equipping each effect with a monadic, predicate transformer semantics. F* uses this to efficiently compute weakest preconditions and discharges the resulting proof obligations using a combination of SMT solving and manual proofs. Isolated from the effects, the core of F* is a language of pure functions used to write specifications and proof terms---its consistency is maintained by a semantic termination check based on a well-founded order. We evaluate our design on more than 55,000 lines of F* we have authored in the last year, focusing on three main case studies. Showcasing its use as a general-purpose programming language, F* is programmed (but not verified) in F*, and bootstraps in both OCaml and F#. Our experience confirms F*'s pay-as-you-go cost model: writing idiomatic ML-like code with no finer specifications imposes no user burden. As a verification-oriented language, our most significant evaluation of F* is in verifying several key modules in an implementation of the TLS-1.2 protocol standard. For the modules we considered, we are able to prove more properties, with fewer annotations using F* than in a prior verified implementation of TLS-1.2. Finally, as a proof assistant, we discuss our use of F* in mechanizing the metatheory of a range of lambda calculi, starting from the simply typed lambda calculus to System F-omega and even micro-F*, a sizeable fragment of F* itself---these proofs make essential use of F*'s flexible combination of SMT automation and constructive proofs, enabling a tactic-free style of programming and proving at a relatively large scale.

[1]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[2]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[3]  J. J. Horning,et al.  Report on the programming language Euclid , 1977, SIGP.

[4]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[5]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[6]  Frank Pfenning,et al.  Refinement types for ML , 1991, PLDI '91.

[7]  Reasoning about Aliasing , 1996 .

[8]  Mads Tofte,et al.  Region-based Memory Management , 1997, Inf. Comput..

[9]  Natarajan Shankar,et al.  Subtypes for Specifications: Predicate Subtyping in PVS , 1998, IEEE Trans. Software Eng..

[10]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.

[11]  Thorsten Altenkirch,et al.  Monadic Presentations of Lambda Terms Using Generalized Inductive Types , 1999, CSL.

[12]  Ana Bove,et al.  Simple General Recursion in Type Theory , 2001, Nord. J. Comput..

[13]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[14]  Andreas Abel foetus - Termination Checker for Simple Functional Programs , 2002 .

[15]  Robin Adams Formalized Metatheory with Terms Represented by an Indexed Family of Types , 2004, TYPES.

[16]  Luís Pinto,et al.  Type-based termination of recursive definitions , 2004, Mathematical Structures in Computer Science.

[17]  Chiyan Chen,et al.  Combining programming with theorem proving , 2005, ICFP '05.

[18]  Matthieu Sozeau,et al.  Subset Coercions in Coq , 2006, TYPES.

[19]  Andreas Abel,et al.  Type-based termination: a polymorphic lambda-calculus with sized higher-order types , 2006 .

[20]  U. Norell,et al.  Towards a practical programming language based on dependent type theory , 2007 .

[21]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[22]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[23]  Lars Birkedal,et al.  Hoare type theory, polymorphism and separation1 , 2008, Journal of Functional Programming.

[24]  Pierre Letouzey Extraction in Coq: An Overview , 2008, CiE.

[25]  Adam Chlipala,et al.  Effective interactive proofs for higher-order imperative programs , 2009, ICFP.

[26]  Robert Atkey,et al.  Parameterised notions of computation , 2006, J. Funct. Program..

[27]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[28]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[29]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2011, Journal of Functional Programming.

[30]  Chung-Kil Hur,et al.  Strongly Typed Term Representations in Coq , 2011, Journal of Automated Reasoning.

[31]  Jürgen Giesl,et al.  Termination of Isabelle Functions via Termination of Rewriting , 2011, ITP.

[32]  Stephanie Weirich,et al.  Equational reasoning about programs with general recursion and call-by-value semantics , 2012, PLPV '12.

[33]  Robert Harper,et al.  Practical Foundations for Programming Languages , 2012 .

[34]  Edwin Brady,et al.  Programming and reasoning with algebraic effects and dependent types , 2013, ICFP.

[35]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[36]  Viktor Vafeiadis,et al.  Mtac: a monad for typed tactic programming in Coq , 2013, ICFP.

[37]  Juan Chen,et al.  Verifying higher-order programs with the dijkstra monad , 2013, PLDI.

[38]  Alfredo Pironti,et al.  Implementing TLS with Verified Cryptographic Security , 2013, 2013 IEEE Symposium on Security and Privacy.

[39]  Stephanie Weirich,et al.  Combining proofs and programs in a dependently typed language , 2014, POPL.

[40]  Ranjit Jhala,et al.  Refinement types for Haskell , 2014, ICFP.

[41]  Gert Smolka,et al.  Autosubst: Reasoning with de Bruijn Terms and Parallel Substitutions , 2015, ITP.