FStarLang

FStarLang/FStar

F* Apache-2.0 Security

A Proof-oriented Programming Language

3.1k stars
257 forks
active
GitHub

3.1k

Stars

257

Forks

564

Open issues

30

Contributors

AI Analysis

F* is a proof-oriented programming language designed for program verification and formal methods, enabling developers to write code with machine-checked proofs of correctness. It serves researchers, security teams, and organizations requiring formal verification of critical systems—particularly those implementing cryptographic protocols, concurrent code, or assembly-level components. It is not a general-purpose language for typical application development; it requires specialized expertise in...

Security Research Project Discovery value: 6/10
Documentation 9/10
Activity 9/10
Community 8/10
Code quality 7/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

formal-verification dependent-types proof-assistant program-correctness theorem-proving
Actively maintained Well documented Niche/specialized use case Educational Production ready
Deep Analysis · Based on README and public signals
3d ago

Proof-oriented language for formal verification, used in cryptography and systems security

F* is a dependently typed language designed for writing and verifying cryptographic code and systems software. It combines verification with code extraction to OCaml, F#, C, or Rust. Used primarily by academic researchers, security teams at Microsoft and industry labs, and cryptographic libraries. Not a general-purpose language; solves a specific, demanding problem: proving correctness of security-critical code at compile time.

Origin

F* began in 2014 as a Microsoft Research project focusing on verified cryptography. It evolved from earlier work in proof assistants and dependent types, positioning itself between theorem provers (Coq, Lean) and practical programming languages. The language matured through contributions from MSR, INRIA, and collaborating academic institutions, establishing a research-focused ecosystem rather than an industry-first one.

Growth

Growth has been steady but niche. The project gained traction through high-profile applications: Project Everest (formally verified TLS), HACL* (verified cryptographic library), and Pulse (concurrent imperative DSL within F*). Recent momentum appears driven by AI agent integration (Copilot, Claude) and tooling maturation (VSCode support, proof-copilot plugin). Star growth is modest (3,062 total, 0 in last 7 days) because the target audience is specialized.

In production

Project Everest (verified TLS implementation) and HACL* (cryptographic library) demonstrate real-world formal verification deployments. HACL* is used in production environments (Mozilla Firefox, WireGuard integration efforts). However, adoption outside cryptography and academic verification is limited. Adoption not verified in mainstream systems programming or general enterprise software development.

Code analysis
Architecture

Based on README, F* is structured as: (1) a proof checker with dependent type system, (2) code extraction backends to multiple targets (OCaml, F#, C/Rust via KaRaMeL, ASM via Vale), (3) domain-specific languages layered on top (Pulse for imperative code). Likely uses an SMT solver for discharge of proof obligations. Appears modular with separate extraction and DSL tools maintained in companion repositories.

Tests

not documented in README. README references an online editor and tutorial environment but does not describe test infrastructure or coverage metrics.

Maintenance

Last push 2026-07-06 (same day as evaluation date) indicates active maintenance. Repository created 2014, 12 years of continuous development. 3,062 stars and 257 forks suggest stable, niche adoption. Issue tracker referenced and Zulip chat community active. No signs of abandonment; appears to be maintained by core team at MSR/academia. Slow star growth typical of specialized tools, not a decay signal.

Honest verdict

ADOPT IF: you are building cryptographic or security-critical systems where formal verification is non-negotiable, you have expertise in dependent types, and your targets include OCaml, F#, C, or Rust. Project Everest and HACL* demonstrate viability. AVOID IF: you need a general-purpose language, lack specialized verification expertise, or work in environments without resources for steep learning curve. Avoid if your codebase is already committed to a different verification framework. MONITOR IF: you are evaluating formal methods for a new project and considering multiple tools; F* is solid for its niche but not a default choice. Monitor AI agent integration (Copilot, Claude) to see if it lowers adoption friction.

Independent dimensions

Mainstream potential

3/10

Technical importance

8/10

Adoption evidence

6/10

Risks
  • Narrow target audience limits potential user base growth and ecosystem development. Fewer third-party libraries and tools compared to general-purpose languages.
  • Steep learning curve due to dependent types and proof obligations; high barrier to entry for teams without formal methods background.
  • Extraction quality and performance depend on target language (OCaml, F#, C, Rust); not guaranteed to produce optimal code in all backends.
  • Research-driven maintenance model may prioritize academic interests over production user needs; long-term commercial support unclear.
  • Community size is small relative to mainstream languages; limited third-party training, tutorials, and vendor support may slow adoption.
Prediction

F* will likely remain a niche but established tool in formal verification and cryptography for the next 3–5 years. Recent AI agent integration (Copilot, Claude support via proof-copilot) may accelerate adoption among teams using those tools. Mainstream potential remains low; F* solves a permanent, specialized problem rather than aiming for broad adoption. Expected trajectory: steady maintenance, slow growth, increasing relevance in security-critical domains.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

F*
91.8%
OCaml
3.2%
Rust
1%
Makefile
0.9%
Shell
0.9%
Python
0.8%
C
0.8%
F#
0.3%

Information

Language
F*
License
Apache-2.0
Last updated
4d ago
Created
149mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

dotnet

dotnet/fsharp

This is the official F# compiler, standard library, and Visual Studio language...

4.3k F# Dev Tools
fable-compiler

fable-compiler/Fable

Fable is a compiler that transpiles F# code to multiple target languages...

3.1k F# Dev Tools
nasa

nasa/fprime

F´ is a NASA-developed, flight-proven component-based framework for building...

11.3k C++ IoT
fallow-rs

fallow-rs/fallow

Fallow is a static analysis tool for TypeScript and JavaScript codebases that...

4.1k Rust Dev Tools
marpple

marpple/FxTS

FxTS is a functional programming library for TypeScript/JavaScript that...

1.2k TypeScript Dev Tools
vs. alternatives
Coq

Both are proof assistants with dependent types. Coq has larger ecosystem and community; F* trades purity for practical code extraction and quicker verification turnaround. Coq stronger in pure mathematics, F* in systems/crypto verification.

Lean 4

Lean emphasizes foundation flexibility and tooling ergonomics; F* is more specialized for program verification with tighter integration to code generation. Lean has broader mathematical library; F* has stronger C/Rust extraction.

Dafny

Dafny targets imperative program verification with simpler syntax; F* is more expressive but steeper learning curve. Dafny integrates with existing languages; F* requires commitment to F* ecosystem.

Why3

Why3 is a verification platform for multiple languages; F* is a language first. Why3 offers broader language compatibility; F* offers deeper verification within its domain.

Agda

Agda is a dependently typed language emphasizing interactive theorem proving; F* prioritizes practical extraction and automation. Both are research tools; Agda has more academic adoption in type theory.