Why3 Where Programs Meet Provers

Overview

Why3 is a platform for deductive program verification. It provides a rich language for specification and programming, called WhyML, and relies on external theorem provers, both automated and interactive, to discharge verification conditions. (See the list of supported provers below.) Why3 comes with a standard library of logical theories (integer and real arithmetic, Boolean operations, sets and maps, etc.) and basic programming data structures (arrays, queues, hash tables, etc.). A user can write WhyML programs directly and get correct-by-construction OCaml programs through an automated extraction mechanism. WhyML is also used as an intermediate language for the verification of C, Java, or Ada programs. (See Projects using Why3 below.) Why3 can be easily extended with support for new theorem provers. Why3 can be used as a software library, through an OCaml API.

Try Why3 in your browser

Why3 is developed in the team-project Toccata (formerly ProVal) at Inria Saclay-Île-de-France / LRI Univ Paris-Saclay / CNRS.





Documentation and Examples

Related Publications

Examples, Galleries of Verified Programs

Lecture Notes

Other Student Lectures using Why3

Projects using Why3

Some papers from users of Why3

External Provers

why3 config --detect

This section gives a few tips to download, install and/or configure external provers. Each time a new prover is installed, you must rerun the command. Using the latest version is recommended (except for Yices, see below) and the config tool above will tell you if the version detected is supported or not.

For beginners with Why3, we recommend to install Alt-Ergo, CVC4, and Z3. They are free software, available for many architectures, and all together provide a fairly efficient prover support.

For more advanced use, installing Coq is also good to discharge complex VCs. It is also useful to understand why VCs are not proved, that is to debug the input program or its specification.

Automatic provers

Interactive provers, a.k.a. Proof assistants