Section: New Software and Platforms

The Alt-Ergo theorem prover

Participants : Sylvain Conchon [contact] , Évelyne Contejean, Alain Mebsout, Mohamed Iguernelala.

Criteria for Software Self-Assessment: A-3-up, SO-4, SM-4-up, EM-4, SDL-5, OC-4.

Alt-Ergo is an automated proof engine, dedicated to program verification, whose development started in 2006. It is fully integrated in the program verification tool chain developed in our team. It solves goals that are directly written ina Why's annotation language; this means that Alt-Ergo fully supports first order polymorphic logic with quantifiers. Alt-Ergo also supports the standard [116] defined by the SMT-lib initiative.

It is currently used in our team to prove correctness of C and Java programs as part of the Why platform and the new Why3 system. It is used as back-end prover in the environments Frama-C and CAVEAT for static analysis of C developed at CEA. In this context, Alt-Ergo has been qualified by Airbus and is integrated in the next generation of Airbus development process. Alt-Ergo is usable as a back-end prover in the SPARK verifier for ADA programs, since Oct 2010, and is also the main back-end prover of the new SPARK2014.

Alt-Ergo is integrated in several other tools and platforms: the Bware platform for discharging VCs generated by Atelier B, the EasyCrypt environment for verifying cryptographic protocols, the Pangolin programming language http://code.google.com/p/pangolin-programming-language/ , etc.

Last but not least, Alt-Ergo is the solver used by the Cubicle model checker described below.

Alt-Ergo is distributed as open source, under the CeCILL-C license, at URL http://alt-ergo.lri.fr/ , and in the OPAM packaging system http://opam.ocaml.org/packages/alt-ergo/alt-ergo.0.95.2/ . Latest public version is 0.99.1, released in Dec. 2014. Maintenance is done by the OcamlPro company http://alt-ergo.ocamlpro.com/ .