Use fstar.exe to verify F* code and interpret the errors reported
This skill is used when:
# Verify a single file
fstar.exe Module.fst
# With Pulse extension
fstar.exe --include <PULSE_HOME>/out/lib/pulse Module.fst
# With include paths
fstar.exe --include <PULSE_HOME>/out/lib/pulse --include path/to/lib Module.fst
# Show query statistics (find slow/cancelled proofs)
fstar.exe --query_stats Module.fst
# Split queries for isolation
fstar.exe --split_queries always Module.fst
# Log SMT queries for analysis
fstar.exe --log_queries Module.fst
# Refresh Z3 between queries
fstar.exe --z3refresh Module.fst
# Combined debugging
fstar.exe --include <PULSE_HOME>/out/lib/pulse --query_stats --split_queries always --z3refresh Module.fst
# Set rlimit (default varies, target ≤10 for robustness)
# In file: #push-options "--z3rlimit 10"
# Set fuel for recursive functions
# In file: #push-options "--fuel 1 --ifuel 1"
Cause: SMT cannot establish the postcondition from available facts Solutions:
assert statementsSeq.equal/Set.equal for collection equalityFS.all_finite_set_facts_lemma() for FiniteSet reasoningCause: Symbol not in scope Solutions:
open, module X = ...)Cause: Proof too complex for SMT within time limit Solutions:
#push-options "--fuel 0 --ifuel 0"opaque_to_smt and instantiate manuallyCause: Type mismatch, often with refinements Solutions:
Cause: Calling stateful function in ghost context (Pulse-specific) Solutions:
with bindings--query_stats to identify slow queriesassert statements to locate failure pointSeq.equal over == for sequencesFind the directory PoP-in-FStar on the local machine, or locate it