
Introducing F*: Secure Distributed Programming with Value-Dependent Types - buro9
http://research.microsoft.com/apps/pubs/?id=141708
======
buro9
Warning for those downloading the PDF on that page, it's 1.6MB.

There is also a compiler project here: <http://research.microsoft.com/en-
us/projects/fstar/>

And you can try out F* (by validating code) on the web here:
<http://rise4fun.com/FStar>

And for anyone who has noticed my submissions in the last couple of days, I'm
basically reading my way through the SIGPLAN papers for ICFP 2011 and picking
out interesting things that others might like too:
<http://www.icfpconference.org/icfp2011/accepted.html>

~~~
wladimir
It seems that Microsoft is doing extremely interesting fundamental CS research
(especially into automated verification/program correctness/security) these
days. I'm enthusiastic about it, though I somehow fear the end result will at
most be some expensive proprietary extension to Visual Studio only targeting
.NET instead of an open implementation benefiting everyone.

~~~
acangiano
> I somehow fear the end result will at most be some expensive proprietary
> extension

That hasn't been the case with their research, so far. See F#'s download page
for an example: [http://research.microsoft.com/en-
us/um/cambridge/projects/fs...](http://research.microsoft.com/en-
us/um/cambridge/projects/fsharp/release.aspx)

~~~
wladimir
Pretty cool. From that page they even provide instructions for Linux and Mac:
<http://functional-variations.net/crossplatform/> . So the F# "source drop" is
licensed under the Apache2 license?

I guess I should give them the benefit of the doubt, it's just a bit difficult
for me given their track record.

------
DanWaterworth
Hmmm, they didn't verify the correctness of the translator or CLR?

~~~
hamidpalo
If you verify the correctness of the CLR, by the same reasoning don't you have
to verify the correctness of Windows as well?

~~~
DanWaterworth
Yes, I hadn't thought of that. The point is that proving part of a process
correct without proving correct the entire stack, is no guarantee that it does
anything like what it's supposed to.

~~~
larsberg
But, if you don't even try to prove part of a process correct, it's almost
certainly wrong. See the excellent work that John Regehr's group is doing
related to compiler and optimization verification/testing
(<http://www.cs.utah.edu/~regehr/research/> ), much of which has been talked
about here.

There are other folks who have successfully done formal verification of
operating systems, device drivers, hardware design, etc. It's a big, hard
problem, but we'll get to the "whole stack" eventually.

