F* (pronounced F star) is a general-purpose functional programming language with effects aimed at program verification. It puts together the automation of an SMT-backed deductive verification tool with the expressive power of a proof assistant based on dependent types. After verification, F* programs can be extracted to efficient OCaml, F#, or C code. This enables verifying the functional correctness and security of realistic applications, such as a verified HTTPS stack.

F*'s type system includes dependent types, monadic effects, refinement types, and a weakest precondition calculus. Together, these features allow expressing precise and compact specifications for programs, including functional correctness and security properties. The F* type-checker aims to prove that programs meet their specifications using a combination of SMT solving and interactive proofs.

The latest version of F* is written entirely in F*, and bootstraps in OCaml and F#. It is open source and under active development on GitHub. A detailed description of this new F* version is available in a series of POPL papers (2016, 2017, and 2018). You can learn more about F* by following the online tutorial. Materials from recent talks are available below. Read our blog to keep up to date with the latest news on F*.

The main ongoing use case of F* is building a verified, drop-in replacement for the whole HTTPS stack in Project Everest. This includes verified implementations of TLS 1.2 and 1.3 including the underlying cryptographic primitives. Moreover, while F* is extracted to OCaml by default, a subset of F* can be compiled to C for efficiency (ICFP 2017).

Previous versions of F* could also be translated to JavaScript. We have used these previous versions in a number of projects, ranging from verifying implementations of cryptographic constructions and protocols, implementations of web browser extensions, formalizing the semantics of other languages (including JavaScript and a compiler from a subset of F* to JavaScript, and TS*, a secure subset of TypeScript), and even certifying the correctness of the core of F* type-checker itself.


The sources of F* are hosted on GitHub. Binary packages are available for multiple platforms.


F* is distributed under the Apache 2.0 license.

F* Tutorial

Click the image below to start the F* tutorial.

F* Tutorial


F* is a state-of-the-art research project under active development; as such, it contains a number of known bugs.

For documentation please refer to the tutorial and the GitHub wiki.

If you encounter a problem with F*, we encourage you to report it to the GitHub issue tracker. Please understand that we may not have the necessary manpower to address new feature requests - as an open source project, we welcome your contributions to help improve F*.

The fstar-club mailing list is dedicated to F* users. Here is where all F* announcements are made to the general public (e.g. for releases, new papers, etc) and where users can ask questions, ask for help, discuss, provide feedback, announce jobs requiring at least 10 years of F* experience, etc. List archives are public, but only members can post. Join here!


F* is a joint project between Microsoft Research, INRIA, and the community at large.

Current team

Past contributors


15 results
[15] Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms (, , , , , , , , , , , , ), arXiv:1803.06547, . [bibtex] [pdf]
[14] Recalling a Witness: Foundations and Applications of Monotonic State (, , , , , ), In PACMPL, volume 2, . [bibtex] [pdf]
[13] A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimizations (, , , , , , , , , ), In The 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, . [bibtex] [pdf]
[12] Verified Low-Level Programming Embedded in F* (, , , , , , , , , , ), In PACMPL, volume 1, . [bibtex] [pdf] [doi]
[11] Everest: Towards a Verified, Drop-in Replacement of HTTPS (, , , , , , , , , , , , , , , , , , , , , ), In 2nd Summit on Advances in Programming Languages, . [bibtex] [pdf]
[10] Dijkstra Monads for Free (, , , , , , , ), In 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), ACM, . [bibtex] [pdf] [doi]
[9] Dependent Types and Multi-Monadic Effects in F* (, , , , , , , , , , , ), In 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), ACM, . [bibtex] [pdf]
[8] Wys*: A Verified Language Extension for Secure Multi-party Computations (, , ), . [bibtex] [pdf]
[7] Gradual typing embedded securely in JavaScript (, , , , , , ), In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Suresh Jagannathan, Peter Sewell, eds.), ACM, . [bibtex] [pdf] [doi]
[6] Probabilistic relational verification for cryptographic implementations (, , , , , ), In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Suresh Jagannathan, Peter Sewell, eds.), ACM, . [bibtex] [pdf] [doi]
[5] Fully Abstract Compilation to JavaScript (, , , , , ), In 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, . [bibtex] [pdf]
[4] Verifying Higher-order Programs with the Dijkstra Monad (, , , , ), In Proceedings of the 34th annual ACM SIGPLAN conference on Programming Language Design and Implementation, . [bibtex] [pdf]
[3] Secure distributed programming with value-dependent types (, , , , , ), In J. Funct. Program., volume 23, . [bibtex] [pdf]
[2] Self-Certification: Bootstrapping Certified Typecheckers in F* with Coq (, , , ), In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, . [bibtex] [pdf]
[1] Secure distributed programming with value-dependent types (, , , , , ), In Proceeding of the 16th ACM SIGPLAN international conference on Functional Programming (Manuel M. T. Chakravarty, Zhenjiang Hu, Olivier Danvy, eds.), ACM, . [bibtex] [pdf] [doi]