Programming, at its core, remains deeply rooted in mathematics, despite the extensive abstractions that modern development tools provide. The languages and algorithms that drive our code are built on mathematical foundations that guide our programming practices. While we often see code working as expected, there’s a critical question that often goes unanswered: Can we prove that it works? This is especially vital when it comes to secure coding, where we need not only to trust that the code functions correctly but to prove, mathematically, that it behaves safely under various conditions.
This need for provable code becomes even more crucial in the context of security. When developing applications, we need to identify and prevent issues such as type safety violations, unplanned halting, or memory overruns—any of which can lead to vulnerabilities. These failures can compromise the security of the entire system. Therefore, having a way to mathematically verify that our code can’t reach states that would breach our security model is a necessary step in developing robust, secure software.
In the realm of advanced computer science, there are emerging tools and languages that are specifically designed to bridge the gap between mathematics and code, providing formal verification methods. One such tool is F*, a functional programming language developed by Microsoft Research in collaboration with the French national research center, Inria. F* is designed to help developers write code that can be mathematically verified, enabling static analysis to prove that code will perform as expected across different conditions.
F* is already proving its worth in practical applications. One of the notable projects utilizing F* is Project Everest, which aims to create secure, verified implementations of crucial security protocols, such as HTTPS. By using F* to verify the code for the TLS-1.3 record layer, Project Everest has ensured that the communication layer between applications and HTTPS is secure, forming a vital part of Microsoft’s QUIC HTTP standard implementation. Beyond HTTPS, F* is also involved in the development of high-assurance cryptographic libraries, such as HACL* and ValeCrypt, as well as in other applications like the Signal protocol and WebAssembly tools. F* provides an unprecedented level of security assurance by ensuring that critical systems and protocols are free from vulnerabilities, demonstrating the power of program verification in real-world applications.