List of verification and synthesis tools. Please clone, contribute and send pull requests. Minimal markdown knowledge needed to add links:

- [Tool name](link url) (license, coded in language): brief description (Institution/other maintainer)

Please list only Open Source/research tools, proprietary ones are not widely and unconditionally useful. Conditionally (sufficiently) free tools are welcome, e.g., some closed source tools, provided they remain free for educational/research use.

Would you like to suggest a/your tool for addition, but skip cloning/pull requests, please email jfilippidis@gmail.com.

To the extent possible under law, the authors have waived all copyright and related or neighboring rights to this text. You should have received a copy of the CC0 Public Domain Dedication along with this text. If not, see https://creativecommons.org/publicdomain/zero/1.0/.

Table of Contents

Verification
Synthesis
- Open Systems (Games: System and Uncontrolled Environment)
Timed Systems
Hybrid Systems
Theorem Provers
Software Synthesis
Runtime Verification
Yet un-categorized
TypeSetting
Other tool lists
databases and benchmarks
(non-common) abbreviations

Verification

Closed Systems (Everything controlled)

Enumerative

SPIN (BSD-3, C): LTL model checking for closed systems in Promela (JPL/Caltech, Bell Labs)
- modex (FUSC, C): C -> Promela: model extractor (JPL/Caltech, Bell Labs)
- spin: Debian Linux package, apt install spin
- spinja (Apache-2.0, Java): Promela model checker (Univ. of Twente, TNO)
  - SpinS (Apache-2.0, Java): an LTSmin language frontend for Promela (Univ. of Twente)
- HSF-SPIN: SPIN directed model checking extension (IMT Lucca)
- Promela Vim Syntax (?, VimL): highlighting plugin
- Promela Vim Indent (?, VimL)
- Promela Emacs major mode (?, Emacs LISP)
- Promela for Sublime Text 3 (MIT, several): Sublime Text 3 syntax highlighting of Promela
- Promela -> NuSMV (?, C): translator (Peking Univ.)
- Promela -> Timed automata with discrete data: translator, part of Verics
- Promela -> C (OCaml): translator (Uppsala Univ.)
- Promela -> C: translator (Univ. Stuttgart)
- Promela -> Java (?, Java): translator (TU Delft)
- LLVM -> Promela (C++, MIT): LLVM-to-Promela Compiler
- jSpin (GPLv2, Java): GUI for SPIN and Erigone (The Weizmann Institute of Science)
- Erigone (GPLv2, Ada/Java): partial SPIN re-implementation for educational purposes (The Weizmann Institute of Science)
- EpiSpin: Eclipse plug-in for editing and verifying Promela using Spin (TU Delft)
- promela parser (BSD-3, Python): parser for Promela using PLY (Python lex-yacc) (Caltech)
- language-promela (MIT, CoffeeScript): Promela support in Atom
- Eclipse Pug-In for SPIN (?): (Univ. Maribor, TU Braunschweigin)
- st2msc (?, Java): SPIN trail -> Message Sequence Chart (Univ. Maribor)
- Real-Time SPIN: quantitative dense time SPIN extension using Real-Time Promela (VERIMAG/CNRS)
- nano-Promela: tools for nano-Promela language
- v-Promela: visual Promela (Albert-Ludwigs-Univ. Freiburg)
- promela-metamodel: used to generate Promela from BPEL
- Promela library (BSD-3, OCaml): types for Promela expressions, statements, procs and models as OCaml datastructures, with export to Promela for model checking with SPIN (TU Munchen)
- LWAASpin (SPIN's license): SPIN modified to use linear weak alternating automata instead of Buchi automata (Univ. Munchen)
- Hugo/RT (? src by email): XMI or ArgoUML or UTE -> Promela or UPPAAL or KIV or Java or SystemC or Smile machines or UTE model or dot (state machines or interactions) and SPIN or UPPAAL trail -> UML run: UML model translator for model checking, theorem proving, code generation (Univ. Munchen, LORIA/INRIA Nancy)
- Pi2Promela (?, C/Java): compiler from pi-calculus models to Promela, includes GUI (Chinese Acad. Sciences)
- pspin (?, Python/C): Parallel PROMELA model checker
- prob-Promela: Promela Compiler / Interpreter for ProB (Dusseldorf Univ.)
- Promela parser/pretty printer (?, Haskell)
- sudoku-Promela (EUPL, Shell): mini-project about generating Sudoku grids in Promela
- VMSSG: Model checker state space visualization (Ludwig-Maximilians Univ. Munchen)
- promela-metamodel (GPL-3)
- 3Spin (FUSC, C): modified version of the Spin model checker version 5.1.7 with advances in the efficiency, configurability, and usability of probabilistic state storage (Northeastern Univ.)
- POR (FUSC, C): partial-order reduction package for SPIN (Univ. de Liege)
- ARINC tester (?, Java): GUI for SPIN to verify application that contain API calls compliant to ARINC 653 (UMalaga)
- SpinRCP (?, Java): An Eclipse-based IDE for Spin. (Univ. of Maribor)
- DTSpin (FUSC, C): extension of Spin with discrete time, is intended for verification of concurrent systems that depend on timing parameters, and uses the specification language DTPromela (Eindhoven Univ. of Technology)
  - Dtp2dtp (?, ?): translator from discrete-time Promela to discrete-time Promela, for proving an embedding of nondeterministic transitions that automatically closes open systems
- CPOR-Spin (FUSC, C): extension of Spin which exploits the hierarchy of the verified system for more efficient verification, using Clustered Partial Order Reduction (CPOR) (Eindhoven Univ. of Technology)
- MPI-Spin (GPLv3, C): extension of Spin that adds to Promela functions, types, and constants for modeling parallel programs that use the Message Passing Interface (Univ. of Delaware)
TLA+: The Temporal Logic of Actions for specifying systems (Microsoft Research)
- The TLA+ Video Course: Lectures about writing specifications, by Leslie Lamport
- PlusCal: An algorithm language with a translator to TLA+
  - Distributed PlusCal (Java): extension of PlusCal with threads within processes and variables that represent communication channels
- TLA+ Tools, (MIT, Java): Tools for working with TLA+ specifications:
  - TLC (MIT, Java): Model checker for TLA+ specifications
  - SANY (MIT, Java): Parser and semantic analyzer for TLA+ (ANTLR-based)
  - TLATeX (MIT, Java): Program for typesetting TLA+ specs
  - The TLA Toolbox (MIT, Java): An IDE for the TLA+ tools (Eclipse-based), includes TLC, SANY, TLATeX, and the PlusCal translator
  - TLAPS: See automated theorem provers section.
  - Tools for working with TLA+ proofs: See automated theorem provers section.
- tla_tools (MIT, Shell): Helper tools for using TLA+ (wrappers etc.) (GitHub)
- tla-bin (MIT, Shell): Command line binaries for the TLA+ language
- tla related tools (Dusseldorf Univ.)
- TEM (GPL, Emacs): TLA+ major mode for GNU EMACS 19 (TU Dortmund)
- language-tla-pluscal (MIT, CoffeeScript): TLA+ and PlusCal Language Support in Atom (Heinrich-Heine-Univ.)
- TLAGrammar (MIT): Textmate-compatible grammar for TLA+ (used to highlight TLA+ on github)
- vim-scripts/TLA (GPL, VimL): TLA+ plugin for Gvim
- vim-scripts/tla.vim (?, VimL): Vim syntax highlighting for TLA+
- tla.vim (MIT, VimL): Vim plugin for TLA+ and PlusCal
- eTLA (EPL): TLA+ plugin for Eclipse
- textadept-TLA- (MIT, Lua): TLA+ and PlusCal syntax highlighting for Textadept
- vscode-tlaplus (MIT, TypeScript): adds support for TLA+ to VS Code
- specifica (MIT, Haskell): TLA+ parser, evaluator, and pretty-printer
- tla-parser-s (MIT, Ruby): TLA+ parser (Helsinki)
- TLA+ examples:
  - TLA Tools examples (MIT, TLA+): a collection of TLA+ specifications of varying complexities
  - CommunityModules (MIT, TLA+/Java): TLA+ snippets, operators, and modules contributed and curated by the TLA+ community
  - TLAPS examples: TLA+ modules of example specifications distributed with TLAPS
  - TLAPS library: TLA+ modules distributed with TLAPS and intended to be extended
  - MultiPaxos
  - Egalitarian Paxos (CMU, Intel Labs)
  - Leaderless Byzantine Paxos (UNSW)
  - Flexible Paxos (MIT, TLA+): specification and TLC model checking configuration for single shot Flexible Paxos
  - Raft consensus algorithm
  - TLA-Library
  - Azure Cosmos DB (MIT, TLA+): specifications (Microsoft)
  - MongoDB: simplified part of MongoDB replication system (MongoDB)
  - Convergence locking
  - TLA+ in TiDB (Apache-2.0, TLA+): specifications for TiDB, an open source distributed HTAP database compatible with the MySQL protocol
  - Elasticsearch (Apache-2.0, TLA+/Isabelle): Formal models of core Elasticsearch algorithms
- tTLA+ Browser (FUSC, C): old project about a TLA+ IDE (TU Dortmund)
- Tools for TLA: old TLA+-related project (TU Dortmund)
- TLA within ProB: (Heinrich Heine Univ. Düsseldorf)
  - tla2b (EPL, Java)
  - tla2bAST (EPL, Java)
  - tlc4b (EPL, Java)
- tla-dafny (Apache-2.0, Dafny): An embedding of TLA+ in Dafny
LTSmin (BSD-3): model checking, LTS minimization, interface to other tools (Univ. Twente)
MoonWalker (Apache-2, C#): model check CIL bytecode programs (Mono .NET platform apps), MoonWalker src(Univ. Twente)
DIVINE (Open Source, C++): Parallel LTL model checker (Masaryk Univ.)
PRISM (GPLv2, Java/C): Probabilistic Model Checker: discrete/continuous-time Markov chains, timed automata, etc. (Univ. Birmingham, Univ. Oxford)
- PRISM tools
- prism-games (GPLv2, Java/C): an extension of PRISM which supports stochastic games
STORM (GPL-3, C++): Probabilistic model checker: Markov chains, MDPs, Markov automata, SMPT, (MI)LP, LP, Bellman, games, parameter synthesis, discrete-time MDPs
- stormpy: Python interface
ePMC (GPLv3, Java/C): an extendible probabilistic model checker, reasons about continuous- anhd discrete-time Markov chains, Markov decision processes, stochastic multi-player games, probabilistic parity games, the logics PCTL, PLTL, PCTL*, with input in formats PRISM and JANI, is successor of the model checker IscasMC (Institute of Software Chinese Academy of Sciences)
SPOT (GPL, C++/Python): object-oriented model checking library using TGBA
JPF (NOSA-1.3): Java Pathfinder: Java model checking and extensions (NASA Ames)
- JPL-nhandler (GPL-3, Java): JPF extension to delegate execution of SUT methods to host JVM (York Univ.)
HELENA (GPL-2): high-level Petri nets (Paris 13 Univ.)
StEAM (C++ ?): C++ model checker (deadlocks, segmentation faults, out of range variables and non-terminating loops) (LS5 Univ. Dortmund)
Tulip: LTL model checker of interval Markov chains (recursive also) (Univ. Oxford)
PROD (GPL): efficient reachability analysis (Helsinki Univ. Tech.)
KBDD: BDD-based satisfiability solver for modal logic K
neco (LGPL, Python/Cython): Petri Net compiler and LTL model checker (Univ. d'Evry-Val d'Essonne, Univ. Evry)
PEP (GPL-2): modelling and verification framework for parallel systems, interfaces to SPIN, SMV, INA, FC2Tools (SDL, Petri nets)
cunf (GPL-3): Toolset for unfolding-based verification of Petri nets extended with read arcs (ENS Cachan)
daj (GPLv2, Java): interactive, visual aid for studying execution of distributed algorithms (The Weizmann Institute of Science)
FC2Tools and Autograph: implementation of process algebra theory, verification by compositional reductions and abstraction, explicit/implicit BDD, FC2 file exchange format (INRIA, Ecole des Mines/CMA)
Murphi, original Murphi (BSD-like, C++): enumerative, own input language (Unity style: guard -> action), e.g. used by Microprocessor industry to verify cache coherence protocols (Univ. Utah, Stanford)
- Eddy Murphi: parallel version of Murphi (Univ. Utah)
- CMurphy (Univ. Roma)
- CMurphi (L'Aquila Univ.)
- PReach (BSD, Erlang): Distributed Explicit State Model Checker based on Erlang and Murphi (Univ. British Columbia, Intel)
- MPI Murphi port (Univ. Utah)
APMC (FUSC, C/Java): approximate distributed for fully probabilistic systems, PCTL, PLTL (Univ. de Caen Basse-Normandie)
Vaucanson (GNU, C++): finite state machine manipulation platform, lib of tools on top (EPITA)
Genealogy of Emptiness-Checking Algorithms (EPITA)
NIPS (GNU, C/Perl): A virtual machine for state space generation (RWTH Aachen)
VMSSG Statespace Converter (GPL, Java): process, analyze, display statespace graphs produced by modified VMSSG virtual machine, state space gallery, (Univ. Munchen)
Synet (OCaml): Synthesizer of distributable bounded Petri nets from Finite Automata (INRIA/IRISA)
Motion Grammar Kit (BSD-2, Common Lisp/C): Automata manipulation, supervisory control, C code generation (Georgia Tech.)
PAT (?, C#): Process Analysis Toolkit, a model checker, with GUI, model editor, simulator, POR, symmetry reduction (Nat. Univ. Singapore)
NorMC (BSD-3, Haskell): Norm compliance temporal logic model checker (Univ. Bergen)
Copper (FUSC, ?): MC for concurrent message-passing C programs (CMU)
Magic (?): Check C language conformance between component specifications and their implementations using counterexample guided abstraction refinement, concurrent and compositional (CMU, Univ. Wisconsin, Univ. Oxford, TU Vienna, Univ. Lugano)
Bogor
BLAST (Apache, OCaml/C): MC for C programs using counterexample-driven automatic abstraction refinement (UC Berkeley, EPFL, UCSD, UCLA, Simon Fraser Univ.)
Scoot (?): Static analysis of SystemC, model extraction to pass to SatAbs or CBMC, C++ re-synthesis (ETH)
VCEGAR (?): Check safety (assertions) of Verilog, using word level predicate abstraction and refinement (CMU, Oxford Univ.)
GMC (LGPL, C/C++): MC for C/C++ taking GIMPLE as input (Charles Univ. Prague)
AIR (?): Safety MC of Assembly using predicate abstraction and counterexample guided abstraction refinement (CMU)
FShell (Apache): Interactive and Scripting testing environment for C programs, frontend for software model checkers, dispatches queries to analysis tools (TU Wien)
CPA/Tiger (?): Predicate-abstraction based test input generator for C programs, uses CPAchecker (TU Wien)
CPAchecker (Apache-2.0, SWIG/Java/C): Configurable software verification (Univ. Passau)
crest (BSD-3): Automatic test generation tool for C, inserts instrumentation code and solves the generated symbolic constraints using Yices (UC Berkeley)
- ConCREST (?): Concolic testing tool for multi-threaded C programs (Univ. Toronto, TU Wien)
ByMC (?, OCaml): Byzantine MC for parameterized model checking of (threshold-guarded) fault-tolerant distributed algorithms in Promela extension using SPIN, Yices (TU Wien)
iLTL (BSD): MC for iLTL, which specifies temporal changes of expected rewards of a Markov process (UIUC)
Copilot (BSD-3, Haskell): A (Haskell DSL) stream language for generating hard real-time C code (NASA, Galois Inc., National Inst. Aerospace, Ecole Normale Superieure, TU Ilmenau, Univ. Copenhagen)
mCRL2 (Boost Software License, C++): Formal specification language with an associated toolset for modelling, validation and verification of concurrent systems and protocols: linearisation, simulation, state-space exploration, visualization and tools to optimise and analyse specifications, μ-calculus (TU Eindhoven, LaQuSo, CWI, Univ. Twente)
Mobility Workbench (?, SML): π-calculus MC for mobile concurrent systems (Uppsala Univ.)
MMC (?, ?): π-calculus and alternation-free μ-calculus Local MC, implemented using the XSB tabled logic programming system (Stony Brook Univ.)
XMC (?, ?): Local MC for processes specified in XL, a version of value-passing CCS, and the alternation-free modal μ-calculus, implemented using the XSB tabled logic programming system (Stony Brook Univ.)
MMCsp (?, C/Java): Compiler from simple probabilistic π-calculus to PRISM models, built on XSB (Ecole Polytechnique, Oxford, INRIA)
ASTG (?, OCaml/C): TLCE-based symbolic test generator (Chinese Acad. Sciences)
LMNtal, LaViT (BSD, C/C++/Java): MC and graphical tools LMNTal language based on hierarchical graph rewriting (Waseda Univ.)
Finite Automata Model Checker (CCAS-3, C++)
v-n (GPL-2, Java): NDFA visualization and (random or guided) simulation, find and display accepting computations (The Weizmann Institute of Science)
py-powerset-construction (GPL-3, Python): convert NFA-\lambda to DFA, using dot as input
Zing (MIT, C#): State exploration of concurrent software systems (Microsoft Research)
SeaHorn (BSD, C): an LLVM based verification framework
SCRAM(GPL-3, C++/Python): Probabilistic risk analysis (static fault trees, common cause failure models, Monte Carlo) with input from and output to Open-PSA model exchange format files
RISCAL (GPL-3, Java): Specification language and software system for describing mathematical algorithms, and validating their correctness by execution/evaluation (JKU/RISC)
Properties of State Spaces
symmetrytools (?, Java): Tools for symmetry reduction in model checking (Univ. of Glasgow)
Mscgen (GPLv2, C): Message Sequence Chart Renderer (wiki entry)
- mscgen-preview (GPLv3, CoffeeScript/JavaScript): Write and preview sequence charts with MscGen and its brethren with ctrl-shift-G
- sphinxcontrib-mscgen (Public Domain, Python): Allow mscgen-formatted Message Sequence Chart (MSC) graphs to be included in Sphinx-generated documents inline
TTool (CeCILL, Java/C++): toolkit dedicated to the edition of UML and SysML diagrams, and to the simulation and formal verification (safety, security, performance) of those diagrams
Gadara (?, Java): discrete-control synthesis from Petri nets (Univ. of Michigan):
- Petri net generator
- multi-threaded Petri net verifier: single-bit unique encoding of states that are enumerated to explore the state set
PROD (GPLv2, C): reachability analyzer for Pr/T-nets with: stubborn sets, sleep sets, on-the-fly tester based verification, on-the-fly LTL model checking, CTL model checking (Helsinki Univ. of Technology)

Symbolic

Apalache (Apache-2, Scala): symbolic model checker for TLA+
SMV (?): CTL symbolic model checker (CMU)
- Cadence SMV (FUSC): CMU SMV extension: backward compatible more expressive mode description language, synthesizable VERILOG, compositional verification, CTL or LTL or FSA or embedded assertions, GUI (Cadence)
NuSMV (LGPL): Symbolic model checking (FBK, CMU, Univ. Genoa, Univ. Trento)
- PyNuSMV (LGPL-2, Python): python interface to NuSMV (UCLouvain)
- SMView (BSD, JavaScript/Python): web interface to NuSMV (TU Eindhoven)
- gNuSMV (LGPL, ?): GUI for NuSMV v2 (FBK)
- nusmv-tools: two metamodels based on Eclipse modeling framework, Eclipse editor, model analyzer, Java API to NuSMV
- nuseen: Eclipse-based environment for NuSMV
nuXmv: extends NuSMV using state-of-the-art SAT-based algorithms and MathSAT5 (Fondazione Bruno Kessler)
abc (FOSS, C): System for Sequential Logic Synthesis and Formal Verification: A growing software system for synthesis and verification of binary sequential logic circuits appearing in synchronous hardware designs; ABC combines scalable logic optimization based on And-Inverter Graphs (AIGs), optimal-delay DAG-based technology mapping for look-up tables and standard cells, and innovative algorithms for sequential synthesis and verification (UC Berkeley)
Mocha, also here (BSD, two implementations: Java, C/Tcl/Tk): Interactive environment for system specification (reactive modules language), execution (randomized, guided, mixed), requirement specification (Alternating Temporal Logic, superset of CTL), ATL MC, implementation verification (EPFL, UC Berkeley, UPenn, SUNYSB)
CBMC (BSD-4, SWIG/C++/C): Bounded model checker for ANSI-C, C++, SystemC, Scoot, uses Boolector or MathSAT or Z3 (CMU, Oxford Univ.)
- Eclipse plugin (EPL, Java): Eclipse plugin for CBMC
- Visual Studio plugin
- JBMC (BSD-4, C++): bounded model checking tool for verifying Java bytecode
- Symex (BSD-4, C++): symbolic execution tool for C and C++ programs, based on CBMC. It supports C89, C99, most of C11 and most compiler extensions provided by gcc and Visual Studio (CMU, Oxford Univ.)
- EBMC and HW-CBMC (BSD-3, C++): bounded model checker for the Verilog language (and other HW specification languages), based on CBMC (CMU, Oxford Univ.)
- 2LS (BSD-4, C++): Static Analyzer and Verifier for C programs, built upon the CPROVER framework (CMU, Oxford Univ.)
- k-induction (MIT, Python): enables any C bounded model checker to be employed for k-induction over one-loop embedded-style C programs. Tested with CBMC.
- ESBMC (several, C++): context-bounded model checker based on a satisfiability modulo theories (SMT) solver for the verification of single- and multi-threaded C/C++ programs, with Python and C++ APIs, and based on CBMC (Federal Univ. of Amazonas, Univ. of Bristol, Univ. of Manchester, Univ. of Stellenbosch, and Univ. of Southampton)
EBMC (BSD-5): Bounded Model Checker for hardware designs, inputs: Netlists/ISCAS89 or Verilog or SMV, exports: DIMACS CNF or SMT-LIB (CMU, ETHZ, Oxford Univ.)
jStar (BSD-3, OCaml): (Queen Mary Univ. London, Cambridge Univ., ETH)
coreStar (BSD-3, OCaml): symbolic execution engine for analysis and verification with separation logic (Queen Mary Univ. London, Univ. Cambridge)
JSCert JuS: Certified JavaScript (Imperial College, INRIA)
- jabstr (LGPL, Ocaml): jStar plugin for numerical abstractions
LStar (BSD-3, OCaml): automatic prover for programs written in bitcode using separation logic (UCL)
VIS: logic circuit simulation, circuit verification, fair CTL model checking, logic synthesis via hierarchy restructuring [UC Berkeley, Univ. Colorado at Boulder, Univ. Texas at Austin]
VerICS (FUSC, Java): SAT verification of timed and multi-agent systems modeled by networks of communicating automata (Polish Academy of Sciences)
Augur 2 (GPL-2, C++): verification of systems described by (attributed) graph transformations using approximated unfoldings (Univ. Duisburg-Essen)
Mercury: Parallel Local Sub-CTL Model Checking [LAAS-CNRS]
Boogie (Ms-PL, F#/C#): Intermediate verification language, intended as a layer on which to build program verifiers for other languages (Microsoft Research)
- SymDiff: Language-independent differential program analysis (C, Boogie front-ends available) (Microsoft Research)
VCC (MIT, C#/F#/C/Perl): static verifier for concurrent C programs (Microsoft Research)
HAVOC (?): for C in the presence of pointer manipulations, unsafe casts and dynamic memory allocation (Microsoft Research)
Dafny (MIT, C#): imperative object-based language with built-in specification constructs and static program verifier for functional correctness, try it online (Microsoft Research)
- vim plugin (MS-PL, Vim script): Vim plugin for Dafny, with .dfy file extension, syntax highlighting, syntax checking
- vim-dafny (BSD-3, Vim script): Dafny language plugin for vim, based on the previous tool
- sublime Dafny: Sublime Text 2 plugin for Dafny. Provides verifing and syntax highlighting (Imperial College London)
- Dafny VSCode (MIT, TypeScript): infrastructure necessary to support Dafny for Visual Studio Code
- eclipse-dafny (GPLv3, Java): enables Dafny language support in Eclipse
- spacemacs-boogie-friends (GPLv3, Emacs Lisp): Spacemacs layer for working with Dafny, Boogie, and Z3
- DIVE (GPLv3, Java): graphical proof front end for programs written and specified in Dafny that supports different types of user guidance for proofs
- DafnyR (MIT, C#): experimental tool for sequential program specification and verification. Variant of Dafny inspired by region logic. Built on a fine-grained region logic, allows one to use several styles of specifying the frame properties in sequential programs: dynamic frames, region logic and separation logic.
- dfydoc (?, Scala): documentation generator for Dafny
- python-to-dafny-converter (GPLv3, Python): translates Python code to Dafny (UC Berkeley)
- dafny-to-c (?, Shell): basic sed-based translator from Dafny to C
- Dione (NCSA, Python/Dafny): protocol verification system built with Dafny for Input/Output Automata (UIUC)
CakeML (BSD-3, ML): a verified implementation of ML: functional programming language and an ecosystem of proofs and tools built around the language, including a proven-correct compiler that can bootstrap itself
Idris (BSD-3, Haskell/C): a dependently typed functional programming language that allows propositional equalities to be declared, so that theorems about programs can be stated and proved (Univ. of St Andrews)
Spec# (FUSC, C#): Object-oriented .NET programming language with design-by-contract features for method pre-/postconditions and object invariants, non-null type system (Microsoft Research)
Whiley (BSD-3, Java/C/): Object-oriented and functional programming language with static checking, including: divide-by-zero, array out-of-bounds and null dereference errors (Victoria Univ. of Wellington)
Why3 (GPl-2, OCaml): platform for deductive program verification in WhyML, uses external theorem provers, extracts OCaml from WhyML (INRIA, Univ. Paris Sud, CNRS, LRI)
- EasyCrypt (?, OCaml): toolset for reasoning about relational properties of probabilistic computations with adversarial code (IMDEA Software Institute, Microsoft Research)
- GNATprove (GPL): Ada 2012 prover
- Krakatoa: Java verification
- BWare: discharging proof obligations generated by Atelier B using multiple provers
- MiniMaple (GPL-3, Java): Software for formal specification and verification of Maple programs by translation to Why3ML (JKU)
KeY (GPL, Java): Formal verifier with input HML or OCL specs for JAVA, via dynamic logic thms (Karlsruhe Inst. Tech., TU Darmstadt, Chalmers Univ. Tech.)
- KeY-Hoare (GPL, Java): Hoare calculus with updates, extension of KeY (KIT, TUD, Chalmers)
- KeYmaera (GPL, Java): Theorem prover for hybrid systems: deductive, real algebraic, and computer algebraic prover technologies (CMU)
- KeYmaeraD, its github (BSD-3, Scala): Distributed theorem prover for distributed hybrid systems using Quantified differential dynamic logic (QdL) (CMU)
- SPHINX (?): Eclipse plugin for textual and graphical modeling editors to define cyber-physical system structure, discrete/continuous dynamics (CMU)
j-algo (GPL, Java): Algorithm visualization tool (TU Dresden)
Verus (?): Language for real-time systems, CTL symbolic MC, compilation into state-transition graph (CMU)
UCLID (BSD-like): Model and verify nfinite-state systems with variables of integer, Boolean, function, and array types, term-level bounded model checking, correspondence checking, deductive verification, and predicate abstraction-based verification, and stand-alone decision procedure for the theories of uninterpreted functions and equality, integer linear arithmetic, and arrays (CMU, UC Berkeley)
CBMC-GC (?): C compiler in the context of Secure Two-party Computation (STC) (TU Wien, TU Darmstadt, CASED, CrypTool Project)
Chic (BSD, Java): Modular verifier for behavioral compatibility checking of hardware and software systems (UC Berkeley)
BLAST (Apache, OCaml): software MC for C using Lazy abstraction (UC Berkeley, EPFL, UCSD, UCLA, Simon Fraser Univ.)
CRefine (?, Java): Verifies Circus specs purely by applying various well-proved refinement laws, requires veriT (Univ. York)
UTP and Cirus Theories in ProofPower-Z (?, ?): embedding the theories (relations, designs, reactive processes) of UTP in the theorem prover ProofPower-Z, formal proofs can be mechanically constructed (Univ. York)
Circus Type Checker (? , Java): Syntax type checker for Circus specifications (Univ. York, UFPCI)
JCircus (?, Java): Automatically translate Circus programs into Java, for the purpose of animation and simulation (Univ. York)
ClawCircus (?, Java): Java-based tools primarily for generating Circus models from Simulink (Univ. York)
Circus Parser (GPL-2, Java): Included in Community Z tools (Univ. York)
Rodin (EPL, Eclipse): Eclipse-based platform for refinement and mathematical proof of Event-B (Univ. Southampton)
CheckFence (BSD, OCaml): SAT-based analysis of C code implementing concurrent data types (UPenn)
Daikon (MIT, Java): Dynamic invariant detection for C/C++, Eiffel, IOA, Perl (MIT)
Tip (?, C++/C): (Temporal Induction Prover) SAT based model checker (Chalmers Univ.)
alloy: Language inspired by Z spec language and Tarski's relational calculus for implicitly describing structures and tool for exploring and generating counterexamples (MIT)
Kodkod (MIT, Java): SAT-based constraint solver for first order logic with relations, transitive closure, bit-vector arithmetic, and partial models, with finite model finder and minimal unsatisfiable core extractor (MIT)
Rebeca (GPLv2, Java): Reactive Objects Language is an actor-based language with a formal foundation, designed in an effort to bridge the gap between formal verification approaches and real applications, with a set of tools
IVy (MIT, Python): A tool for specifying, modeling, implementing and verifying protocols (MSR, Tel Aviv Univ., UCB)
mypyvy (MIT, Python): language for symbolic transition systems, inspired by Ivy, and tool that takes an input file describing a symbolic transition system and can perform various tasks such as inductive invariant checking and inference (Univ. of Washington)
PyCSP (MIT, Python): communicating sequential processes in Python (Aarhus Univ.)
FDR2: Refinement checker for communicating sequential processes (Oxford Univ.)
KRATOS: MC for sequential and cooperative multi-threaded C programs, verifying safety properties (Bruno Kessler Found.)
Mr. Waffles (GPL-2, Python): bare-bones CTL MC (Nancy Univ., LHS/LORIA, ESEC R&D)
Peirce-Logic (BSD-3, JS): Existential Graph proof system (RPI)
VSE: verification support environment (DFKI, IST, Univ. Ulm, DASA)
- VSE II: Enhancing VSE with concurrency, structural deduction, and an integrated theorem prover
Leon (Scala): automated synthesis and verification of Scala programs (EPFL)
Eldarica (Java): predicate abstraction engine, generates Abstract Reachability Tree (ART) using lazy abstraction (EPFL)
- Eldarica-P (?, Java): reachability checker for unbounded Petri nets (EPFL)
Bug-Assist (?): error localization in ANSI-C solving MAX-SAT (Max Planck Inst.)
CADP (FUSC): compilers, equivalence checking tools, model-checkers for temporal logics and μ-calculus, verifications: enumerative, on-the-fly, symbolic using BDD, etc. (INRIA)
MONA (GPL-2, C/C++): Decision procedure for monadic second-order logic on finite strings and trees (Aarhus Univ.)
Boom (BSD): Model checking of Boolean programs (ETHZ, Oxford Univ.)
MCTK (LGPL, C): model checker for epistemic logic as modification of CUDD and NuSMV (Griffith Univ.)
SMCDEL (GPL-2, Haskell): model checker for Dynamic Epistemic Logic. (ILLC, University of Amsterdam)
SymDIVINE (MIT, C++): a tool for control explicit/data symbolic bit-precise LTL verification of parallel C/C++ programs using LLVM bitcode as intermediate representation Masaryk Univ.
IC3 (MIT, C++): IC3 reference implementation (Stanford)
Overture (GPL-3.0, Java): An IDE for developing and analyzing VDM models.
Smallfoot (QPL, OCaml): Automatic verification tool that checks separation logic specifications of sequential and concurrent programs that manipulate recursive dynamically-allocated (linked) data structures.
Cave (BSD-style, OCaml): automated verification tool for proving memory safety and linearizability (that is, atomicity and functional correctness) of concurrent data structures
sally (GPLv2, C++): Model checker for infinite-state systems described as transition systems, includes BMC, k-induction, IC3 (SRI/CSL)
Sviss (?, C++): Symbolic CTL model checker with symmetry reduction, using CUDD 2.4.1 (ETHZ, UT Austin, Univ. of Oxford)
Symbolic Java Pathfinder (Apache-2.0, Java): symbolic execution for Java bytecode (NASA, Univ. of Nebraska)
OpenJML (GPLv2, Java): program verification tool for Java programs that allows checking specifications of programs annotated in the Java Modeling Language, using SMT solvers including Z3, CVC4, and Yices. Includes both static checking and runtime assertion checking facilities. (Univ. of Central Florida)
ProVerif (GPLv2, OCaml): automatic cryptographic protocol verifier, in the Dolev-Yao model. Based on a representation of the protocol by Horn clauses. It can handle many different cryptographic primitives, including shared- and public-key cryptography (encryption and signatures), hash functions, and Diffie-Hellman key agreements, specified both as rewrite rules or as equations. Can prove secrecy, authentication, strong secrecy, equivalences between processes that differ only by terms (Inria, École Polytechnique)
- StateVerif (GPLv2, OCaml): extends the ProVerif process calculus with constructs for explicit state, in order to be able to reason about protocols that manipulate global state
- ProVerif-ATP (MIT and GPLv2, OCaml): Combining ProVerif and Automated Theorem Provers for Security Protocol Verification
CryptoVerif (CeCILL-B, OCaml): automatic protocol prover sound in the computational model. It can prove secrecy, correspondences, which include in particular authentication. It can handle in particular symmetric encryption, message authentication codes, public-key encryption, signatures, hash functions. (Inria)
- cryptoverif-completion (?, Configure/Makefile): Using the readline wrapper rlwrap it introduces line editing, history and also some very basic completion support to the interactive mode in CryptoVerif without the need to modify CryptoVerif itself.
- CyrptoVerif fork (CeCILL-B, OCaml): Python implementations for CryptoVerif 1.23
- Cyrptoverif fork Python library (MIT and CeCILL-B, Python): contains the supporting library for the CryptoVerif Python implementations fork
FS2PV (FUSC, F#/OCaml): verification tool that compiles cryptographic-protocol implementations in a first-order subset of F# to a formal pi-calculus model. This pi-calculus model then can be analyzed using ProVerif to prove the desired security properties or to find security flaws. (Microsoft Research)
TulaFale: specification language for writing machine-checkable descriptions of SOAP-based security protocols and their properties, based on the pi calculus plus XML syntax, logical predicates, and correspondence assertions. The tool compiles TulaFale into the applied pi calculus, and then runs Blanchet's resolution-based protocol verifier. (Microsoft Research)
sqifc (?, C/C++): symbolic quantitative information flow analysis for C
QILURA (GPLv3, Java): quantifying information leaks using reliability analysis, using Symbolic PathFinder, z3, Omega, Latte
KITTeL/KoAT (Apache-2.0, F*/OCaml):
- KITTeL: automatic termination prover for integer transition systems and imperative programs written in a fragment of Simple
- KoAT: automatic complexity analyzer taking the same kinds of inputs as KITTeL
llvm2KITTeL (NCSA, C++): converter from LLVM's intermediate representation into a format that can be handled by the automatic termination prover KITTeL (UIUC)
TVLA (FUSC, Java): language for expressing concrete semantics, automatic generation of abstract interpreters from concrete semantics, tunable abstractions and tunable transformers (Tel Aviv Univ.)
SAFE (EPL, Java): Scalable And Flexible Error detection and verification of Java programs with respect to a set of specifications, applying static program analysis (Tel Aviv Univ.)
Tools:
- boundsmodels (GPLv2, C++): LTL-X model checker for 1-safe Petri nets, which generates logic programs with stable model semantics from the Petri nets. It supports step and interleaving semantics. (Helsinki Univ. of Technology)
- punroll (GPLv2, C++): bounded reachability checker which generates constrained Boolean circuits from 1-bounded Petri nets. It supports process, step, and interleaving semantics. (Helsinki Univ. of Technology)
- unfsmodels (GPLv2, C++): LTL-X model checker with net unfoldings (Helsinki Univ. of Technology)
- mcsmodels (GPLv2, C++): deadlock and reachability checker using finite complete prefixes generated by the PEP tool from 1-bounded Petri nets. It uses the smodels constraint-based logic programming system as its computational engine. (Helsinki Univ. of Technology)
  - dlsmodels (GPLv2, C++): older version of mcsmodels limited to deadlock checking only (Helsinki Univ. of Technology)
Smodels (GPLv2, C++): implementation of the stable model semantics for logic programs (Helsinki Univ. of Technology)
TASS (GPLv3, C/Java): tools for the formal verification of programs used in computational science, including message-passing-based parallel programs. It uses symbolic execution and model checking techniques to verify a number of standard safety properties (such as absence of deadlocks and out-of-bound references), and can establish that two programs are functionally equivalent. (Univ. of Delaware)
RAPID (?, C++): transforms a program and a correctness property to a FOL encoding in SMTLIB

logic -> automata and automata tools

LTL -> *BA

ltl2ba: LTL -> BA (ENS de Cachan)
- LTL2BA4J (GPL-3, Java): version of ltl2ba for Java
- ltl3ba (GPL-2, C): LTL -> BA (Masaryk Univ.)
LTL -> NBA (Python)
lbtt (GPL): tool for testing programs translating LTL -> BA
Wring (Perl): LTL -> GBA (TU Graz)
Temporal Massage Parlor: Optimized Translator of an Extended Linear Temporal Logic into Büchi automata and Promela (Bell Labs)
LBT: LTL-> BA
ltl2tgba: LTL or PSL-> Transition-based GBA or BA (part of SPOT)
LTL2AUT (C++): LTL-> BA
DBA Minimizer (FUSC, C++): uses external SAT solver for DBA minimization
Wring (Perl): translate LTL formulae to generalized Buechi automata (TU Graz)
GOAL: graphical interactive tool for defining and manipulating Büchi automata and temporal logic formulae (NTU)
LTL -> Buchi Genealogy (EPITA)
LTSA (?, Java): Labelled Transition System Analyzer (Imperial College London)
- OLTSA: ontology-based LTSA extension (INRIA)
WDBA (BSD, OCaml): Reads safety property BA and negation BA as SPIN never claims -> outputs weak deterministic BA (ETHZ)
psl2ba (BSD-3, OCaml/uses CUDD): Translator from Property Specification Language (PSL) or LTL -> BA for SMV or SPIN (ETHZ)
rltl2ba (BSD, OCaml/C++/uses psl2ba, CUDD): Translator from Regular LTL (RLTL) -> BA (IMDEA)
aalta: LTL -> BA using obligation sets (East China Normal Univ.)

LTL -> DRA

ltl2dstar (GPL): LTL -> DRA (deterministic Rabin) (Univ. Bonn)
- online interface (Caltech.CDS)
Rabinizer (Disclaimer, Java): LTL -> DRA with generalized Rabin pairs (TUM)
LTL3DRA (GPL-2, C): fragment of LTL -> DRA based on LTL3BA (Masaryk Univ.)

other

dk.brics.automaton (BSD-3, Java): DFA/NFA implementation with UTF16 alphabet and support for operations on regular expressions
FSA function library (MATLAB): doc here (ISR-Lisbon)
Hessen (?, C++): Automata Library (TU Wien)
FSME, FSMC, FSMD (GPL-2, Qt): FSM editor, compiler, debugger for drawing, exports: XML, C++, Python
Kermeta (EPL): Metamodel programming environment: editor, OCL, compiler to Java or OSGI, kermeta <-> ecore models or XMI (IRISA)
Papyrus (EPL): Graphical UML2 modeling in Eclipse (CEA LIST)
Topcased (EPL): Graphical editors for: Ecore, UML, SAM, AADL, SysML, and doc generator, model transformations (INRIA)
- Topcased verification tools
MARTE: UML extension for model-driven development of real-time and embedded systems (OMG)
timesquare (EPL): Model development kit as Eclipse plugings based on formal Clock Constraint Specification Language (CCSL) to manipulate logical time (INRIA)
libalf (LGPL-3, C++/C/Java): Learning finite-state automata: DFA: Angluin's L*, L* (adding counter-examples to columns), Kearns / Vazirani, Rivest / Schapire, Regular positive negative inference (RPNI), Biermann and Feldman's algorithm (using SAT-solving), and NFA: NL*, DeLeTe2, Biermann and Feldman's (RWTH Aachen Univ., ENS Cachan, TU Munchen)
- AMoRE (GPL-2, C/Java): Automata, Monoids, and Regular Expressions (RWTH Aaachen Univ., Univ. Kiel)
- [libmVCA]
- [liblangen]
- [finite automata tool]
APHMIN (?, ?): Tools to generate, manipulate, and minimize acyclic phase-type representations (Saarland Univ.)
FlowSim (GPL-3, ?): Measure resources needed to find maximal strong simulation relation for a model under different optimizations (Saarland Univ.)
fc2symbmin: Finite State Mealy Machine analyzer (INRIA)
PyFMI (LGPL-3, Python): Load and interact with Functional Mock-Up Units (FMU)
FMU SDK (?, C): FMU SDK (Qtronic)
hoaf (?, text): Text file format for omega-automata (Masaryk Univ., EPITA, IST Austria, TU Dresden)
JFLAP: experiment with NFA, NPA, multi-tape Turing machines
ltlmp_sat (?, Python): LTL mean-payoff satisfiability checker
LtlSharp (MIT, C#): Library for parsing and manipulating LTL formulae (U Catholique Louvain)
safety (?, C++): tool to translate co-safety linear temporal logic formulas into finite automata
RABIT and Reduce (?, Java):
- RABIT (LGPL, Java): checks language inclusion between Buchi automata and Nondeterministic Finite Automata (NFA), and thus also language equivalence and language universality, using generalized simulation relations, and the Ramsey method for finding counterexamples.
- Reduce: minimizes Buchi automata, and NFA
- BA inclusion testing (?, Java): Ramsey-based Buchi Automata inclusion testing
automata-lib (MIT, Python): library for finite automata, pushdown automata, and Turing machines, available on PyPI
automata-python (GPLv3, Python): library implementing finite automata, finite automata with output, pushdown automata and Turing machines
python-automata (BSD-3, Python): library for deterministic finite automata, including simulation, negation, classical minimization, DFCA minimization, generalized cross-product, including union, intersection, and symmetric difference
Sage (GPLv3, Python): finite state machines, automata, transducers
python-statemachine (MIT, Python): package for finite state machines
roll-library (GPLv3, Java): Regular Omega Language Learning, library of learning algorithms for ω-regular languages (Institute of Software Chinese Academy of Sciences)

Term rewrite systems

Autowrite (?, Lisp): check properties of term rewrite systems and manipulate tree automata
Timbuk (GPL-2, OCaml): Tools for reachability proofs over term rewriting systems and manipulate bottom-up non-deterministic finite tree automata (IRISA)
JITty (C): term rewriter with strategy annotations
K: rewrite-based executable semantic framework (UIUC)
ELAN: Rule based programming using strategic rewriting (LORIA)

Open Systems

Synchronous Languages

Synthesis in this context refers to compilation from source, not from temporal logic. This distinguishes it from synthesis from temporal logic by solving games. In some sense the latter is from an "even more declarative" problem description.

Imperative

Esterel, old, old: Synchronous reactive programming language and compiler to FSM (C language), Graphical symbolic debugger, explicit/BDD verification for bisimulation reduction or safety checking (Ecole des Mines de Paris, INRIA)
- CEC (BSD-3, C++/ANTLR): Esterel V5 compiler to C or Verilog or BLIF (Columbia Univ.)
- scdata (?): Boolean datapath generator for Esterel: translates action calls in sc code over boolean variables into standard nets also in sc (INRIA, Ecole des Mines de Paris)
- Ocjava (?): Esterel Java code generator (INRIA)
Quartz: derivative of Esterel that includes: - non-determinism - asynchronous execution - hybrid systems (Kaiserslautern Univ.)
- Averest: Synchronous programming language Quartz and compiler to TS, symbolic model checker, tool for hardware/software synthesis from Quartz (TU Kaiserslautern)
- ECL (RSCPL, Java): system-level specification language for HW/SW designs and is based on Esterel and C. The ECL compiler parses ECL, writes Esterel and C, and uses the Esterel compiler to produce an implementation. (Cadence Berkeley Labs)
Xeve: Esterel verification environment (INRIA)

Declarative

Lustre: Declarative, synchronous dataflow programminglanguage for reactive systems
- Lustre (?, OCaml): Lustre interpreter
- Lustre-V6 (CeCILL, OCaml): the Lustre V6 compiler (Verimag)
- Zustre (BSD-3, Python): SMT-based PDR-style verification engine for Lustre programs, also an engine for generating assume/guarantee contracts (NASA/CMU/SEI)
- MATOU (?): Implementation of mode-automata on top of Lustre (VERIMAG)
  - KIND (BSD-3, OCaml): K-induction based for safety properties of Lustre programs, Automatic invariant generation, parallel: PKIND (Univ. Iowa, NASA/CMU, ONERA)
- KIND2 (Apache-2, OCaml/C++): Multi-engine SMT-based automatic model checker for safety properties of Lustre programs, successor of KIND (Univ. Iowa)
- JKind (BSD-3, Java): SMT-based infinite-state model checker for safety properties in Lustre, based on k-induction and property-directed reachability (Rockwell Collins)
  - SpeAR (BSD-3, Java): Specification and Analysis for Requirements tool, a frontend for writing formal specifications, translating them to Lustre, and then using the model checker JKind (Rockwell Collins, AFRL)
  - jkind-xtext (BSD-3, Java): Lustre Plug-in for Eclipse with JKind Analysis Support (Rockwell Collins)
  - AGREE (BSD-3, Java): Assume Guarantee REasoning Environment, compositional, assume-guarantee-style model checker for AADL models, using k-induction (Collins Aerospace)
  - SIMPAL (?, Java): Static IMPerative AnaLyzer, performs compositional reasoning of imperative programs written in Limp (Lustre imperative), which it translates to Lustre, and analyzes this with JKind
NBAC (OCaml): Co-/Reachability, slicing of synchronous deterministic reactive systems with Boolean, numerical variables (VERIMAG)
- lus2nbac: Convert Lustre to NBAC (VERIMAG)
- nbac2lucky: Convert counterexamples to Ludic debugger (VERIMAG)
- autoc2auto, auto2nbac, nbac2auto: Analyze AUTOC/AUTO hybrid automata (VERIMAG)
SIGNAL: Synchronized data-flow programming language for systems with multiple clocks (INRIA)
- Polychrony / SME (GPL, Eclipse Public License): SIGNAL IDE (IRISA)
Sigali, old (FUSC): Model check implicit labeled transition systems (INRIA)
TGV (?): Generation of conformance test suites for protocols, based on I/O transition systems (IOLTS) (IRISA)

Statecharts

PlayGo (The Weizmann Institute of Science)
Time Rover
SyncCharts: Graphical formalism for reactive modeling (Univ. Nice Sophia-Antipolis)
- SPORTS Project (FUSC): SyncCharts tools
- SCC): SyncCharts Compiler Collection for XML or BLIF or C output (Univ. Nice Sophia-Antipolis, INRIA)

Synthesis

Open Systems (Games: System and Uncontrolled Environment)

Discrete games

GR(1) games

GR(1) means Generalized Reactivity 1.

gr1c (BSD-3, C, uses CUDD): checking realizability of and synthesizing strategies for GR(1) specifications and much more (Caltech.CDS)
gr1py (BSD-3, Python): an enumerative reactive synthesis tool for the GR(1) fragment of LTL (Caltech CDS, rerobots)
omega (BSD-3, Python): Specify and synthesize systems using symbolic algorithms (Caltech CDS)
slugs (BSD-3, C++, uses CUDD): a stand-alone reactive synthesis tool for GR(1) synthesis (Cornell)
JTLV (LGPLv2, Java/C): unified framework for the development of formal verification algorithms in Java, with GR(1) and GR(k) synthesizers, uses JavaBDD, can interface to BDD libraries in C, has parsers for SMV and FDS written using ANTLR v3 (The Weizmann Institute of Science)
- TLV (?, C): based on the SMV model checker, with a scripting language called TLV-Basic, users can write TLV-Basic procedures for implementing model checking or deductive verification rules, predecessor of JTLV (NYU)
  - synthesis.tlv (?, TLV): GR(1) synthesis implemented in TLV (The Weizmann Institute of Science)
RATSY (LGPL-2+, Python/PyGTK): PSL or BA specs -> gr1 synthesis, game-based debug approach, circuit synthesis (TU Graz)
- Anzu (Perl, uses CUDD): synthesizes Verilog (TU Graz)
- RAT (?, Python): RATSY's pedecessor (FBK, TU Graz)
- marduk (Python, needs NuSMV): game solver used by RATSY
NuGAT (LGPL-2+): Game solver on top NuSMV
- chameleon-debaets (GPL-3, Java): Java interface to NuGAT
AspectLTL (?, Java): Aspect programming paradigm language (The Weizmann Institute of Science)
open Promela (BSD-3, Python): synthesize reactive(1) designs from multi-paradigm specifications written in an extension of Promela for open systems (Caltech)

Full LTL games

Acacia+ (GPL, Python/C): LTL Realizability check and winning strategy synthesis using AntiChains repo (Univ. Mons)
- Acacia (GPL-2, Perl)
- Alaska (GPL-2, Python): Antichains for Logic, Automata and Symbolic Kripke structure Analysis (predecessor of Acacia) (ULB)
- jorro (?, Java/Perl): visualize transition systems synthesized by Acacia+ and Lily
- ltl2aig (GPL, Python): LTL -> And-inverter graph format
Lily (Perl): synthesizes from PSL or LTL and I/O signal partition, works on top of Wring, outputs VERILOG or dot (TU Graz)
GAVS+ (GPL-3, Java): visualize algorithmic games used in verification and synthesis (TU Munchen)
Unbeast (C++, FUSC) symbolic bounded synthesis, depends on either ltl2ba or spot (Saarland Univ.)
GASt experimental platform:
- NBA determinization:
  - Safra
  - Muller-Schupp
  - improved Muller-Schupp
  - Miyano/Hayashi breakpoint construction
- game synthesis:
  - reachability
  - safety
  - weak parity
  - Staiger-Wagner
  - request-response
  - Buchi
  - generalized Buchi
  - parity
  - Muller
  - simple Streett
  - Streett
  - mean payoff
- live sequence charts
(RRWTH Aaachen)
Rabin (?, C++): Rabin game solver (Masaryk Univ.)
BoSy (Swift): Constraint-based (SAT,SMT,QBF,DQBF) bounded synthesis (Saarland Univ.)

Safety specs (controller synthesis)

AbsSynthe (GPL-3, C/Python): controller synthesis from succinct safety specs
demiurge (GLGPL3, C++): SAT based controller synthesizer from SYNTCOMP specs (TU Graz)
SafetySynth (Swift): symbolic BDD-based safety game solver for SYNTCOMP (Saarland Univ.)
Reglisse (GPL-2, OCaml): Generate hardware description from safety conditions given by regular languages

Parity Game solvers

PGSolver (OCaml): tools for generating, manipulating and solving parity games (Univ. Muchich, Univ. Kassel)
PDSolver (OCaml): evaluating both mu-calculus formulas over pushdown systems and pushdown parity games (Oxford Univ.)
alpaga and github (Python, uses PyCUDD): solver parity games with imperfect information using antichains (ULB)
oink (Apache-2.0, C++): High-performance implementations of state-of-the-art algorithms representing different approaches to solving parity games (JKU)

Quantitative games

Quasy (Scala, Java, C++): Quantitative synthesis of reactive systems from qualitative and quantitative GOAL specs, in/out: GOAL format (IST Austria)
GIST (?): solving probabilistic games with ω-regular objectives qualitatively (IST Austria)
mpg-solver (GPL-2, C/C++/Python): Mean-payoff game solver (Univ. Libre de Bruxelles)

Other

MLSolver (?, OCaml): solving the satisfiability and validity problems for modal fixpoint logics (Univs. Munich, Kassel)
aisy (?, Python): safety synthesis from AIGER circuits format, using PyCUDD
BluSTL (BSD-3, MATLAB): BluSTL (pronounced "blue steel") is a MATLAB toolkit for automatically generating hybrid controllers from specifications written in Signal Temporal Logic.
G4LTL-ST (BSD, Java): automatically generates industrial control software (supporting IEC-61131-3 Structure Text) from extended logic specifications.

Hybrid games

TuLiP (BSD-3, Python): Receding Horizon Temporal Logic Planning Toolbox (Caltech.CDS)
LTLMoP (GPL-3, Python): designing, testing, and implementing hybrid controllers generated automatically from task specifications written in Structured English or Temporal Logic (Cornell)
- SLURP (GPL-3, Python): situation and language understanding robot platform, uses LTLmop (UPenn)
Tools from Boston Univ. (?, MATLAB)
Tools from Saarland University (Saarland Univ.)
Synthia (GPL-3, C/C++): Verification certificates (deductive proofs) and synthesis for partially implemented systems, abstraction refinement (Saarland Uni.)
PESSOA (FUSC, MATLAB): synthesis of correct-by-design embedded control software based on approximate bisimulations (UCLA)
TALIRO (GPL, MATLAB) (ASU)
SCOTS (BSD-3, C++/MATLAB): computation of discrete abstractions and symbolic controllers (TUM)
ARCS (MIT, C/MATLAB): abstraction-refinement-based incremental synthesis for switched systems (Univ. of Michigan)

Contracts

Mica (CeCILL-C-1, OCaml): Modal Interface algebra for contract based design (INRIA/IRISA)
OCRA (closed, ?): verification of logic-based contract refinement, uses NuSMV3 (Bruno Kessler Found.)
- AF3-OCRA: OCRA plug-in for Autfocus
- FoReVer

Hardware

Yosys (ISC, C++): a framework for RTL synthesis tools
Clash (?, Haskell) generates VHDL from Haskell
Lava (BSD-3, Haskell): generates circuits from FSMs, behavioural specifications (VHDL, Verilog), and verification via NuSMV (University of Kansas)
Chisel (?, Scala): supports advanced hardware design using highly parameterized generators and layered domain-specific hardware languages; Chisel can generate a high-speed C++-based cycle-accurate software simulator, or low-level Verilog designed to pass on to standard ASIC or FPGA tools for synthesis and place and route

Other

Times (?): Tool for Modeling and Implementation of Embedded Systems (GUI editor, simulator, verifier for schedulability analysis) (Uppsala Univ.)
BigMC (GPL, C++/C/PHP/...): Bigraphical reactive systems (IT Univ. Copenhagen)
Ticc (GPL-2, ?): Interface compatibility and composition, components specify own behavior and that expected by others, CTL properties checked and propagated (UCSC)

Timed Systems

UPPAAL, UPPAAL-Tiga (FUSC): Timed automata (Uppsala Univ., Aalborg Univ.)
- manipulate UPPAAL XML (GPL-3, Python)
- Yggdrasil (?, ?): UML (subset) -> Uppaal, intended for test generation (Aalborg Univ.)
- METAMOC (GPL-3, Python): WCET Analysis of ARM Processors using Real-Time model-checking (Aalborg Univ.)
- SARTS (?, Java): Model Based Schedulability Analysis of Real-Time Systems, SCJ2, UPPAAL (Aalborg Univ.)
- UPPAAL DBM Library (GPLv2, C++): efficient data structures to represent clock constraints in timed automata (Aalborg Univ.)
  - Python bindings (GPLv3, Python/SWIG/C): to UPPAAL (Aalborg Univ.)
  - Ruby bindings (GPLv2, Ruby/C++): to UPPAAL (Aalborg Univ.)
  - udbml (AGPL-3, C++/OCaml): OCaml wrapper for the UPPAAL DBM library
OPAAL (GPL-3, Python): distributed/parallel (discrete time) model checker for networks of timed automata using MPI
ECDAR (FUSC): timed interface theory (Aalborg, INRIA, ITU)
PyECDAR (GPL-2, Python): solve timed games based on timed automata models (ITU)
IOA (MIT, Java): I/O automata formal language (MIT)
TEMPO (closed, Java): Formal language for modeling distributed systems with or without timing constraints as collections of interacting state machines, i.e., timed input/output automata (TIOA) (UIUC)
- Tempo2HSal (?, Python): Tempo (.tioa) -> HybridSAL (.hsal) translator (SRI)
ATAS (GPL-3, Python): Alternating 1-clock (fully decidable) Timed Automata Solver
PPL binding (GPL-2, Python): for Parma Polyhedral Lib features some specific methods for Timed Automata analysis
MCPTA (FUSC, ?): Probabilistic Timed Automata model checker for MoDeST, UPPAAL, PRISM - maps on PRISM (Saarland Univ.)
SAAtRE (?): Abstraction refinement model checker for Timed Automata based on extended SAT-solving, UPPAAL-like input format (Univ. Oldenburg, CWI)
Fortuna (GPL-3, C++/Eclipse): MC priced probabilistic timed automata (PPTAs) (Univ. Twente)
COSPAN (?, ?): Automata-theoretic verification of coordinating processes with timing constraints (UPenn)
Romeo: timed Petri nets (IRCCyN)
ExSched: develop operating system schedulers for VxWorks and Linux w/o modifying the underlying kernel ([Malardalen Univ.]http://www.es.mdh.se/staff/197-Mikael__sberg))
RTComposer (Java): classes and utilities for predictable real-time scheduling (BenGurion, UPenn)
ASTRAL: MC of real-time systems (UCSB)
PAT (?, C#): simulator, MC, refinement checker for concurrent and RT systems (Nanyang Tech. Univ.)
HCMC (? , C++): Compositional model checking for real-time systems (ENS-Cachan)
IMITATOR (GPLv3, OCaml/Python): is a tool for parametric verification and robustness analysis of real-time systems. It relies on the formalism of networks of parametric timed automata, augmented with integer variables and stopwatches (LORIA, Univ. de Lorraine, Inria, CNRS, LIPN, LSV, Sorbonne Univ., Univ. Pierre et Marie Curie, ENS Cachan, Aarhus Univ.)
CoVerTS (Scala): compositional verification of state properties for timed systems

Hybrid Systems

Ptolemy (BSD-3, Java): modeling, simulation, and design of concurrent, real-time, embedded systems (UC Berkeley)
HyLink (FUSC, Python): Restricted Simulink/Stateflow models -> HyXML-> HyTech or UPPAAL (UIUC)
CHARON (?, Java): Language and implementation (editor, model browser, visual simulator) for modular specification of interacting hybrid systems based on the notions of agent and mode (UPenn)
CARTS (FUSC, Java): Compositional Analysis of Real-Time Systems (UPenn)
START: time-bounded static analysis of concurrency properties of Real-Time Embedded Software
IF (FUSC): static analysis, model-checking, test generation, Open-Kronos, Kronos: TCTL verification of Timed Automata (VERIMAG)
CIF: Compositional Interchange Format for Hybrid Systems toolset
Passel (closed, C#/Python): invariant synthesis and inductive invariant proving (UIUC)
Rabbit (Apache): RTS modular spec: timed (and hybrid) automata: CottbusTimed Automata, MC for reachability analysis and refinement check (Bradenburg TU)
Mobius (?, Java/C++): Model-based environment for validation of system reliability, availability, security, and performance (UIUC)
[HYMITATOR](GLP, OCaml) (https://lipn.univ-paris13.fr/~andre/software/hymitator/): is a tool dedicated to the synthesis of parameters for hybrid automata

Linear

HyTech (FUSC, C): computes condition under which a linear hybrid system satisfies a temporal requirement (UC Berkeley)
d/dt (?, ?): Reachability analysis of Continuous and Hybrid Systems with linear differential inclusions (VERIMAG)
HARE (?): Abstraction refinement for safety
PHAVer (GPL-2, C++): verifying safety properies of hybrid systems (exact arithmetic, on-the-fly over-approximation of PWA dynamics, compositional and assume-guarantee reasoning) (Verimag)
- vim highlight, its github
- ProHVer (GPL-3, C++): Unbounded reachability probability for probabilistic hybrid automata (Univ. Saarland)
CheckMate (MATLAB) modeling, simulation and investigation, demos
HYSDEL (GPL, C++/MATLAB): (Hybrid Systems Description Language) HYSDEL -> MLD compiler, also language to model interconnected linear systems and automata (ETHZ)
Hybrid Toolbox for MATLAB (FUSC, MATLAB/Simulink): Modeling, simulation, verification, constrained MPC, generate linear and hybrid MPC PWA control laws (IMT Lucca)
Ellipsoidal Toolbox for MATLAB (BSD-3, MATLAB): External and internal ellipsoidal approximations of geometric (Minkowski) sums and differences of ellipsoids, intersections of ellipsoids and intersections of ellipsoids with halfspaces and polytopes; distances between ellipsoids, between ellipsoids and hyperplanes, between ellipsoids and polytopes; and projections onto given subspaces. For forward and backward reach sets of continuous- and discrete-time PWA systems (UC Berkeley)
MATISSE (GPL-3, MATLAB): Approximate bisimulations: safety verification and reachable set computation of large dimensional, constrained linear systems. Needs: MPT, YALMIP, SEDUMI (UPenn, IMAG)
BACH: bounded model checker for Linear Hybrid Systems (Nanjing Univ.)
tltk-mtl (?, Python): tool for computing Metric Temporal logic robustness

Non-Linear

HTV (closed, MATLAB): verify systems from their simulation and run-time traces using imprecise samples and possibly incomplete models to compute overapproximations of bounded reach sets (UIUC)
SpaceEx (GPL-3, C++): Reachability and safety verification (Verimag, Lab Jean Kuntzmann, DGA-MI)
Ariadne (GPL-3, C++/Python): Dynamical systems set-based analysis (reachability analysis, robust simulation, safety verification - reset, flow, guard predicates given by nonlinear functions) (Univ. Udine, PARADES, CWI, Univ. Verona)
MPT (GPL, MATLAB): Design, analysis and deployment of optimal controllers for constrained linear, nonlinear and hybrid systems (ETHZ)
HybridSal (GPLv2, Java/Python): Language extension to SAL for specifying Hybrid Systems and hybrid abstraction tool to discrete SAL specifications for model checking with other SAL tools (SRI)
- Relational Abstraction (GPL-2, LISP): creating relational abstractions of HybridSAL models (SRI)
- hsal2xml (GPL-2, Java): HybridSAL -> XML
NLToolbox (u, C/C++): Non-linear dynamical system reachability: polynomial using Bernstein expansion, more general using hybridization (VERIMAG)
Flow* (GPL-3, C++): Over-approximation Taylor model flowpipes: polynomial ODEs, polynomial invariants, guards, resets (RWTH Aaachen, Univ. Colorado Boulder)
HSolver (LGPL): based on RSOLVER constraint solver, correctness does not depend on floating point rounding errors, handles non-linear ODEs (Academy of Sciences Czech Republic)
AMC (?, Mathematica): model checker for non-linear hybrid systems based on the abstraction refinement framework (CMU, Univ. Oldenburg)
pyHybridAnalysis (LGPL-3, Python): ε-semantics reachability (VERIMAG, Udine Univ., Trieste Univ.)
LtlOpt (BSD-3, MATLAB): optimal control of high-dimensional, nonlinear systems using LTL specs (Caltech)
reasys (BSD-3, MATLAB): Reactive synthesis for nonlinear systems (Cornell, Toyota)
c2e2 (?, Assembly): tool for verifying bounded-time invariant properties of Stateflow models (UIUC)
HyST (LGPLv3, Java / Python / Matlab): transformation and semantics-preserving translation (to Flow*, dReach, HyComp, HyCreate) of hybrid automata networks from SpaceEx format (AFRL, IST, UTA)
VeriSiMPL (GPLv3, C++): constructs finite abstractions of autonomous Max-Plus-Linear (MPL) systems over R^n, as finite-state Labeled Transition Systems (LTS), exported to the NuSMV language for verification using NuSMV
HyCOMP (FUSC, ?): model checker for asynchronous hybrid systems, built on top of the nuXmv model checker, and of the Mathsat5 SMT solver (FBK)

Stochastic

MoToR (GPL, ?): Macro-preprocessor for MoDeST, a stochastic real-time systems formalism, interfacing to UPPAAL, CADP, Eclipse, Mobius (Univ. Saarlandes)
- Eclipse plugin (Univ. Saarlandes)
MRMC (GPL-3, C): MC for: Discrete/Continuous Markov Chains, Reward models, decision processes (Univ. Twente, RWTH Aachen)
PASS (bin, ?): CEGAR MC for infinite-state probabilistic models, MDPs (Saarland Univ.)
INFAMY (bin, ?): CSL Model Checker for infinite-state Markov chains - CTMCs (Saarland Univ.)
PARAM (GPL-3, C++): Reachability probability computation for parametric Markov chains - DTMCs (Saarland Univ.)

Theorem Provers

TLAPS (BSD-2, OCaml/Isabelle): Theorem prover for TLA+ using: Isabelle, ls4, Zenon, Z3 (INRIA/MSR)
- pf2 (LaTeX): package for writing structured proofs of the form described in "How to write a 21st century proof"
- pfnum (C): Rewrites structured proofs in a LaTeX file to renumber proofs steps as they will appear after typesetting
- pf2html home (GPL-2, Perl): adds functionality to LATEX2HTML such that LATEX documents written with pf.sty can be viewed in a web browser up to the desired level of detail for each branch of a structured proof (TU Wien)
- hyperpf (C): HyperTeXt structured proof reader
- Verifying TLA+ invariants using ACL2 (UT Austin)
Isabelle (BSD-3, ML/Scala/Isabelle, mirror): (Univ. Cambridge, TU Munchen, Univ. Paris-Sud)
- Isabelle/TLA github: encoding of Lamport's TLA in Isabelle, ships with Isabelle's standard distribution (INRIA)
- AFP: Archive of Formal Proofs
- Isabelle/eclipse (EPL-1.0, Python/Scala): Eclipse integration for the Isabelle proof assistant
- VHDL semantics (BSD-2, Isabelle): formalization of the language VHDL in the Isabelle theorem prover (Nanyang Technological Univ.)
- PSL (CSIRO, Isabelle/ML): implementation of proof strategy language (PSL) and its default strategy, for Isabelle (CSIRO)
- ismt (BSD-3, Isabelle/ML): integration of Yices SMT solver in Isabelle/HOL (Galois Inc.)
- IsaFol (?, Isabelle): a repository of formalizations of logical calculi and related topics, such as DPLL, CDCL, and resolution
- IsaFoR (LGPLv3, Isabelle): Isabelle/HOL formalization of rewriting for certified tool assertions
- CeTA (LGPLv3, Haskell: tool that certifies (non)termination or (non)confluence or completion or complexity proofs provided by some automated tool
HOL (BSD-3/Open Source, ML): Interative Theorem proving in higher-order logic (Univ. Cambridge)
- Holfoot (BSD, ML): Implementation of Smallfoot inside of HOL 4
- HOLBDDlib (BSD-3, ML): kernel of representation judgement rules as infrastructure for building fully-expansive combinations of HOL theorem proving and BDD-based symbolic calculation algorithms, uses the BuDDy BDD package
HOL Light (BSD-2, OCaml): Interactive Theorem Proving in higher-order logic (Cambridge Univ., AWS)
HOL Zero (BSD, OCaml): Basic theorem prover for the HOL logic for checking and/or consolidating proofs created on other theorem provers, and a pedagogical example
- HOL Zero (BSD, F#): port to F#
HOL-Omega (BSD-3, ML: Merging of HOL4, HOL2P by Völker, and major aspects of System Fω from chapter 30 of Types and Programming Languages by Pierce, implements a new logic, which is an extension of the existing higher order logic of the HOL4 system
Coq (LGPL-2.1, OCaml): formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs. (INRIA, Ecole Polytechnique, Paris-Sud 11 Univ., Paris Diderot Univ., CNRS)
- Vim:
  - Coqtail (MIT, Python/Vim script): interactive Coq Proofs in Vim
  - Coquille (ISC, Vim script/Python): interactive theorem proving with Coq in vim
- IDE:
  - JsCoq (several, JavaScript): online Integrated Development Environment for the Coq proof assistant that runs in a browser (MINES ParisTech)
  - coq_jupyter (Apache-2.0, Python/JavaScript): Jupyter kernel for Coq, try it online
  - VsCoq (MIT, TypeScript): Visual Studio Code extension for Coq
- Libraries:
  - HoTT library (BSD-2, Coq): a formalization of homotopy type theory in the Coq proof assistant
  - UniMath (FOSS, Coq): a library that aims to formalize a substantial body of mathematics using the univalent point of view.
  - Coq-Polyhedra (CeCILL-B, Coq): Formalizing convex polyhedra in Coq (INRIA/École Polytechnique)
  - ControlHTT (?, Coq): an adaptation of Hoare Type Theory for control software (Galois Inc.)
  - Categories (?, Coq): a formalization of category theory in the Coq proof assistant (Aarhus Univ.)
  - fourcolor (?, Coq): formalization of the four-color theorem
  - odd-order (?, Coq): formal proof of the odd-order theorem
  - infotheo (LGPL-2.1): formalization of information theory and linear error-correcting codes
  - proofs (MIT, Coq): a selection of formal proofs in Coq (Google)
  - GeoCoq (LGPL-3.0, Coq): formalization of geometry in Coq, based on Tarski's axiom system
- Embeddings:
  - TLA^{Coq} (?, Coq): Deep embedding of TLA in Coq (Univ. of Oregon, Sandia)
- Tools:
  - Ynot (BSD-3, Coq/OCaml): library for the Coq proof assistant which turns it into a full-fledged environment for writing and verifying imperative programs (Harvard Univ.)
  - verdi (BSD-2, Coq): framework for formally verifying distributed systems implementations in Coq
  - coq-lit (?, Python): script that processes special commands inside comments in Coq source files to produce Markdown and raw HTML that generates a blog post (Univ. of Washington)
  - CompCert (FUSC, Coq/OCaml): a formally-verified compiler for a large subset of the C programming language that generates code for the PowerPC, ARM, x86 and RISC-V processors, the compiler has been verified in Coq (Inria)
  - SMTCoq (CeCILL-C, Coq/OCaml): a Coq plugin that checks proof witnesses coming from the external SAT and SMT solvers ZChaff, CVC4, veriT, and decision procedures that discharge Coq goals to these solvers
PVS (GPL-3, Common LISP/C/Emacs LISP/others): Specification language and theorem prover, based on Church's type theory extended with dependent types (SRI CSL)
- NASA PVS Library (Various, Python/Lisp): Collection of formal PVS developments (NASA Langley)
- Invariant-Checker: predicate abstraction and verification of invariance reactive properties using theorem-proving and MC, front to PVS (IMAG)
- PVSPackrat (?, PVS): PVS proofs for PEG grammars and Packrat parsers (SRI CSL)
Lean (Apache-2, C++/Python): Theorem prover (Microsoft Research)
- mathlib (Apache-2.0, Lean): library of mathematics and programming infrastructure for Lean
- lean-ga (MIT, Lean): formalization of geometric algebra in Lean
- Spectral (Apache-2.0, Lean): Formalization of the Serre spectral sequence in Lean 2.
Zenon (BSD-3, OCaml): FOL with equality based on tableau, reads Coq, Focal, TPTP, Zenon, and generates Coq, Isar (and in other formats) proofs, includes TLA+ theory extension OPAM (INRIA)
- Zenon arith (BSD-3, OCaml): extension to handle linear arithmetic (INRIA)
- Zenon modulo (BSD-3, OCaml: extension to deduction modulo (INRIA)
- Super Zenon (?, ?): extension using superdeduction (CEDRIC/CNAM, Siemens IC-MOL)
AIMA logic.py (MIT, Python): Artificial Intelligence - A Modern Approach: Representations and Inference for Logic (UC Berkeley, Google)
Nunchaku (BSD-2, OCaml): A counter-example finder for higher-order logic, designed to be used from various proof assistants (INRIA)
Nitpick (BSD-3, Isabelle): Counterexample generator for Isabelle/HOL
Walnut (GPLv3, Java): Automated Theorem Prover for Automatic Words
Phox (LGPL-3.0, OCaml): Proof assistant based on High Order logic which is eXtensible (Université de Savoie)
Dedukti (CecILL-B, OCaml): Implementation of the λΠ-calculus modulo rewriting
- Dedukti libraries (?, Dedukti): A collection of hand-written files for Dedukti
- Lamdapi (CeCILL-2.1, OCaml): Proof assistant based on the λΠ-calculus modulo rewriting, mostly compatible with the proof checker Dedukti
Automath (?, ?): One of the first formal proof languages and proof checker (Eindhoven Univ.)
- Modern Automath implementation (?, C): Languages AUT-68, AUT-QE (Radboud Univ. Nijmegen)
TPS: (CMU)
ALF (Univ. Goterborg/Chalmers)
Alfa: successor of ALF
Agda (MIT and BSD-2, Haskell): An interactive system for writing and checking proofs, based on intuitionistic type theory. A dependently typed functional programming language.
- HoTT-Agda (MIT, Agda): A library of homotopy type theory and univalent foundations
Cedille (MIT, Agda/Haskell): interactive theorem-prover and dependently typed programming language, based on extrinsic (aka Curry-style) type theory
ACL2 (BSD-3, Lisp): logic and programming language in which you can model computer systems, together with a tool to help you prove properties of those models. "ACL2" denotes "A Computational Logic for Applicative Common Lisp", part of Boyer-Moore family of provers (Univ. Texas at Austin)
- Nqthm (GPL-2, ?): Boyer–Moore TP using Pure LISP variant, precursor to ACL2 (Univ. Texas, Austin)
- Milawa (MIT, Lisp): "Self-verifying" theorem prover for an ACL2-like logic (UT Austin)
- Jitawa (?, Lisp): Verified Lisp runtime that hosts Milawa and ensures its soundness, as formally proved (Cambridge Univ.)
- ivy (BSD-3, Lisp): Preprocessor and proof checker for resolution/paramodulation theorem provers, coded in ACL2 and proved sound for finite interpretations (Univ. of New Mexico)
INKA5, INKA: Inductive Theorem Prover
Otter and Mace2: first-order and equational logic
Prover9 and Mace4: Successors of Otter and Mace2
EQP: first-order equational logic: associative-commutative unification and matching, a variety of strategies for equational reasoning, and fast search
TWELF (BSD-2, ML): a language used to specify, implement, and prove properties of deductive systems such as programming languages and logics
Maude (GPLv2, ?): high-performance reflective language and system supporting both equational and rewriting logic specification and programming for a wide range of applications, with tools (UIUC)
- Maude ITP: Inductive Theorem Prover
- C-Reducer: Automatic c-reduction of object based modules for the Maude system (IMT Lucca)
- MESSI: Design, validation and performance evaluation of self-assembly strategies with Maude (IMT Lucca)
- Circ: automated behavioral prover based on the circularity principle for Maude (UIUC)
- LTLR: LTL rewriting model checker within Maude (UIUC)
- IMaude (?, NewLisp/Maude/C/Python): Interactive Maude (SRI CSL)
LP: Larch Prover (?): Multisorted first-order logic, interactive (MIT)
- Larch Shared Language (LSL) Checker
- Larch/C++ (?): Interface Specification Language for C++ (Iowa State Univ.)
- Larch/Smalltalk (?): Behavioral interface specification language for Smalltalk-80 (Iowa State Univ.)
SAL (GPL-2, Scheme): Language for specifying concurrent systems in a compositional way. BDD-based and SAT-based MC, experimental "Witness" MC, "infinite" bounded MC based on SMT solving, simulator, deadlock checker, automated test generator (SRI, Stanford, Berkeley)
- Z2SAL (?, Java): transator that generates a SAL automaton from a single Z specification (Univ. of Sheffield)
Gappa (GPL-3, CeCILL): for numerical programs dealing with floating-point or fixed-point arithmetic (INRIA)
Mizar
NuPRL: Formal Digital Library (Cornell)
MuPRL (BSD-3, Haskell): small, mainly instructional, proof assistant in the style of NuPRL
MetaPRL
Matita (GPLv3, OCaml): Interactive theorem prover based on calculus of inductive constructions (Univ. of Bologna)
Gandalf
E-SETHEO: strategy-parallel compositional theorem prover for first-order logic with equality
SPASS: First-Order Logic with Equality (Max Planck Inst. Inf.)
Omega (?, Isabelle/Lisp): for higher-order logic based on proof planning
Omega (BSD-3): cross between a purely functional programming language and a theorem prover
Zipperposition (BSD-2, OCaml): automatic theorem prover for typed higher-order logic with equality, datatypes and arithmetic, based on superposition and rewriting
wikipedia list
this thread
jImp (binary, Java): based on set of support and ordered resolution for first-order logic, supports: clause indexing techniques, subsumption, and tautology elimination, Davis-Putnam-Loveland-Logemann (DPLL) inference procedure (CMU)
QEPCAD and github (BSD-like, C): Quantifier elimination by partial cylindrical algebraic decomposition (US Naval Academy, Drexel Univ., North Carolina State Univ.)
- Mac OS X 10.6, 10.7 binaries (Cambridge Univ.)
E (GPL-2, C): Full first-order logic with equality (TU Munchen)
Community Z Tools (GPL-2, Java): Tools for editing, typechecking and animating Z specifications and related notations, including Java framework for building formal methods tools (Univ. Oxford, contrib)
ProofPower (GPL, ?): Tool suite supporting specification and proof in HOL and Z notation (Lemma 1 Ltd)
ClawZ (?, ?): Simulink -> Z notation (Lemma 1 Ltd)
Waldmeister (FUSC, ?): TP for unit equational logic (Max Planck Inst. Informatik)
Spear (?, ?): fast bit-vector arithmetic theorem prover (Google)
Metamath: Tiny language based on ZFC, and also database of proved theorems
Theorema (GPLv3, Mathematica): a system for automated reasoning (theorem proving) and automated theory exploration based on Mathematica (JKU)
Princess (GPL-3, Scala): FOL modulo linear integer arithmetic
- Seneschal (GPL-3, Java): synthesising linear ranking functions for programs expressible in Presburger arithmetic
FOL prover (BSD, Python): automated theorem prover for first-order logic, guaranteed to prove any provable formula (MIT)
hemera (?, Python): yet another simple theorem prover (PUC-Rio)
FLiP (GPL, Python): Library for defining logics and writing theorem prover applications, e.g., a proof checker for natural deduction proofs (Univ. Wasignton)
ATS (GPL-3, C): A statically typed multiparadigm programming language that unifies implementation with formal specification, using theorem proving (Boston Univ.)
F* (Apache 2.0, OCaml, F#): ML-like functional programming language aimed at program verification. Its type system includes polymorphism, dependent types, monadic effects, refinement types, and a weakest precondition calculus (MSR, INRIA)
proofcheck (GPL, Python): Checks mathematical proofs written in La/TeX, attempts to handle mathematical language formalized according to the author's preferences as much as possible (PyPI) (Widener Univ.)
ProofPeer (MIT, Scala/Isabelle): Collaborative theorem proving (Edinburgh Univ.)
Nitpick (?): Checker for Z specifications (CMU)
Abella (GPLv3, OCaml): Interactive theorem prover based on lambda-tree syntax, well-suited for reasoning about the meta-theory of programming languages and other logical systems that manipulate objects with binding (Univ. of Minnesota, LIX/École polytechnique, INRIA/Saclay)
GAPT (GPLv3, Scala): Framework for transforming and processing proofs, and interfaces to automated reasoning tools (provers, SMT solvers, SAT solvers)
homotopy.io (CC BY-NC 3.0, JavaScript): A proof assistant for n-categories
Andromeda (BSD-2, OCaml): A proof assistant for general type theories, LCF-style, with statically typed meta-language Andromeda ML
Cyclist (BSD-3, OCaml/C++: framework for building cyclic theorem provers based on a sequent calculus (Facebook, Middlesex Univ.)
LaTTe (MIT, Clojure): proof assistant designed as a library for the Clojure programming language and environment, based on a simple dependent-typed lambda-calculus (a variant of λD)
Alg (BSD-2, OCaml): A program that generates all finite models of a first-order theory. It is optimized for equational theories.
RZ (MIT, OCaml): A tool for automatic generation of specifications based on realizability theory
LEGO (?, ML): an interactive proof development system (proof assistant), implementing various related type systems: the Edinburgh Logical Framework (LF), the Calculus of Constructions (CC), the Generalized Calculus of Constructions (GCC) and the Unified Theory of Dependent Types (UTT) (Univ. of Edinburgh)
IMPS (MITRE, Perl/Lisp): Intended to provide mechanical support for traditional mathematical techniques and styles of practice, with underlying logic simple type theory (MITRE)
Museum of theorem provers: front-end to a collection of source code repositories for theorem provers, hosted on GitHub
Scriptie (?, Python): theorem prover for Lambek-Grishin calculus
set-theory-prover (BSD-3, Haskell): simple LCF-style proof assistant for ZFC
Jape (GPLv2, OCaml/Java): a configurable proof editor, best at natural deduction and sequent calculus
Geo (GPLv3, C++): prover for full-first order logic, based on geometric resolution calculus (Univ. of Wrocław)
UTP2 (GPLv2, Haskell): a theorem proving assistant for 2nd-order predicate calculus, designed to support foundational proof work in the Unifying Theories of Programming (UTP) framework
UTP-Calculator (MIT, Haskell): a tool that supports rapid prototyping of new theories in the Unifying Theories of Programming paradigm, by supporting an easy way to very quickly perform test calculations
holpy (BSD-3, Python): implementation of higher-order logic in Python (Institute of Software, Chinese Academy of Sciences)
llprover (?, Prolog): Linear logic prover that searches for cut-free proofs of two-sided sequents of first-order linear logic
seqprover (?, Prolog): Sequent prover that searches for a cut-free proof of the given sequent of first-order logic

Theorem provers for modal logics

ls4 (MIT, C++, C): PLTL prover based on labelled superposition with partial model guidance, with MiniSAT behind, and used as backend by TLAPS (Univ. Manchester)
T2 (F#, Mono, MIT): Prover of CTL* of programs, with z3 behind (replaces TERMINATOR) (MSR, UCL)
TRP++ files (GPL-2, C++): theorem prover for PLTL based on the temporal resolution calculus (Univ. Liverpool)
- TRP (?, Prolog): earlier implementation of TRP++
LWB (EPL, Clojure): The Logics Workbench, prover for propositional, predicate and linear temporal logic
- lwb-gui (EPL, Clojure): simple GUI for the Logic Workbench lwb
TRS (?, ?): Resolution-based theorem prover for PLTL, online interface only (UBC)
TLPVS: PVS implementation of an LTL verification system (NYU)
STeP: Stanford temporal prover
CTLSAT (?, C++): CTL satisfiability solver
MLSolver (?, Ocaml): Solver for satisfiability and validity of modal fixpoint logics (Univ. Munich, Univ. Kassel)
Leviathan (BSD-3, C++): Tableau prover for LTL satisfiability (Univ. Udine)
PLTLProvers: (?, OCaml): 3 PLTL theorem prover variants
LoTREC (FSLA): Generic tableau prover
MleanTAP (?, Prolog): Sound and complete theorem prover based on free-variable semantic tableaux extended by an additional prefix unification (logics: D, T, S4, S5) (TU Darmstadt)
List of tools for modal logics (Univ. Manchester)
Schuppan-Darmawan benchmark results of LTL satisfiability solvers
TPTP: Problem library for automated theorem proving (Univ. Miami)
QMLTP: Benchmarking results for theorem provers for first-order modal logics
Modal Logic Playground (MIT, JavaScript, HTML): a graphical semantic calculator for modal propositional logic

QBF

QBF Solvers (C++)
RAReQS (GPL, C++/uses MiniSAT): Recursive abstraction refinement QBF solver (INESC-ID Lisboa)
Quantor (BSD-4, C): QDIMACS input (ETHZ, JKU)
DepQBF (GPL, C): search-based (TU Wien, JKU)
nenofex (GPL, C): expansion-based for NNF (TU Wien, JKU)
CAQE (Apache-2, C): certifying solver based on CEGAR-based clausal abstraction (Saarland Univ., UC Berkeley)
QBFLIB: Collection of benchmark problems, solvers, and tools related to Quantified Boolean Formula (QBF) satisfiability (Univ. Michigan)

SAT

SAT Live: news outlet

CDCL

MiniSat and its github (MIT, C++/C): minimalistic high-performance solver to help get started (Chalmers Univ.)
- simplesat (BSD-3, Python): Python implementation based on MiniSat, for handling package dependencies
- ruby-minisat (MIT, Ruby): bindings
- qmaxsat (MIT, C/C++): Q-dai MaxSAT Solver, based on MiniSat
- MiniMarch
- Glucose: CDCL with new scoring scheme for clause learning (CRIL)
- MiniSAT+
Lingeling, Plingeling, Treengeling
PicoSAT (MIT, C)
- Python bindings (MIT, Python)
- pigosat (BSD, Go): bindings
cadical (MIT, C++): satisfiability solver that is intended to be understood and changed
Sat4j (EPL or LGPL, Java): SAT, MAXSAT, Pseudo-Boolean, MUS (Artois Univ., CNRS, CRIL)

Stochastic local search

UBCSAT: (Univ. British Columbia)
clsat (GPLv2, C++): small, incomplete, stochastic local search, OpenCL-based SAT solver

Parallel

PeneLoPe (BSD-like C++) (CRIL)
CombiSAT (?, Python): Portfolio solver running multiple sequential solvers with different strategies (EPFL)
PWBO

Unsorted

zChaff (Princeton Open Source): Chaff algorithm (Princeton)
SATABS (BSD, C): ANSI-C, C++ verification via Boolean program abstraction (Univ. Oxford, Imperial College, Univ. Lugano, CMU)
NanoSAT (BSD): (JKU)
Boppo (?): MC for Boolean programs featuring: POR, Fixpoint detection using QBF, support for constraint construct (Univ. Oxford, Microsoft Research, Univ. Lugano, CMU)
CSIsat (Apache): Interpolating decision procedure for the quantifier-free theory of rational linear arithmetic and equality with uninterpreted function symbols (EPFL, SFU)
MSUnCore: solving (Weighted) (Partial) Maximum Satisfiability (MaxSAT)
antom (C++): Lib solving: SAT, Unweighted MaxSAT, Partial MaxSAT, #SAT (Uni. Freiburg)
SCIP: Mixed int programming (MIP), constraint int programming and branch-cut-and-price
- scip-maxsat (ZIB, C++): Max-SAT frontend for SCIP
GLPK
- MaxSAT frontend for GLPK
PrecoSAT (MIT-like)
RSat
fss (GPL-3, C++/GAlib): Genetic algorithms
MiFuMaX (GPL-3)
Shaowei Cai solvers
algorithms
WBO: Weighted Boolean Optimization Solver that extends Weighted-Partial MaxSAT and Pseudo-Boolean Optimization
- open-WBO (MIT, C++): open source version of WBO
ToulBar2 (GPL, C++): weighted constraint satisfaction solver (INRA)
march: DPLL with lookahead heuristics (TU Delft)
march_eq: (TU Delft)
march_dl: (TU Delft)
CryptoMiniSat, its github (LGPL, C++, Python)
WinSAT
HyperSAT (FUSC, C): research SAT solver written to experiment with B-cubing search space pruning
iSAT: DPLL-style solver developed for large Boolean combinations of non-linear arithmetic constraints involving transcendental functions
HySAT
Scarab (BSD, Scala): SAT-based constraint programming
Limboole (Unlicense, ?): satisfiability of arbitrary structural formulas, not just CNF
MiFuMaX
UBCSAT (FUSC, C): Stochastic local search solver (Univ. British Columbia)
QNF2z3 (FUSC, Python/Bash): invoking Z3 on QDIMACS instances (INESC Lisboa)
ToughSAT: generates "difficult" SAT instances
minibones (FUSC): computing backbone literals
SBSAT: state-based (U Cincinnati)
satsolver (?, Python): DPLL implementation for educational purposes
Potassco: answer set programming collection: Clasp, Gringo, Clingo, Aspcud, Clingcon, claspfolio, coala solvers
miniC2D (?): knowledge compilation and model counting based on exhaustive DPLL (UCLA)
toulbar2 (GPL, C++): Exact solver for cost function networks (INRIA, Barcelona)

SMT

CVC5:
- CVC5 (BSD-3, C++): successor of CVC4 (Stanford, NYU, Univ. Iowa, EPFL, Joseph Fourier Univ., Oxford Univ., SRI)
- CVC4 (BSD-3, C++): built-in base theories, quantifiers, interactive text-based interface, interfaces to: C/C++, Python, Java, OCaml, PHP, Perl, Ruby, Tcl, model generation, predecessor of CVC5 (Stanford, NYU, Univ. Iowa)
- LFSC (BSD-style, C++): proof checker for LFSC proofs generated by CVC4 (Univ. of Iowa)
- rlfsc (MIT/Apache and LGPLv3, Rust): a checker for the LFSC proof language
- CVC3 (BSD-3, C++): predecessor of CVC4 (Stanford, NYU, Univ. Iowa)
- CVC Lite (?, C++): predecessor of CVC3, successor of CVC (Stanford, NYU)
- CVC (open, C/C++): Cooperating Validity Checker, predecessor of CVC Lite (Stanford)
- SVC (GPLv2, C/C++): predecessor of CVC (Stanford)
- CVCHOL (BSD-3, OCaml): proof translator that translates CVC3 theorems into HOL Light theorems (NYU)
Z3 (MIT, C++/Python): .smt2, .dimacs, .cnf, .dl, .smt (Microsoft Research)
- Z3_Haskell (BSD, Haskell): bindings for Z3 (Cambridge Univ.)
- hz3 (BSD, Haskell): bindings to low-level API for Z3
- ScalaZ3 (Apache-2.0, Scala): bindings for Z3 (EPFL)
- bapa-z3 (BSD, Scala): Boolean algebra with Presburger arithmetic constraints plug-in for Z3 (EPFL)
- Z3-str (MIT, C++/Python): string theory plug-in for Z3 (Purdue)
- Z3Fs (MIT, F#): DSL for SMT problems using Z3 API in F#
- z3-turnkey (ISC, Kotlin/Java): Build system for Z3 that creates a self-unpacking, standalone JAR file that ships all required native support code and automatically unpacks it at runtime
- z3-floating-point-proofs (MIT, Python): automated proofs about floating-point numbers using the Z3 theorem prover
iZ3 (FUSC, C++/Python): Interpolating, supports: arithmetic, arrays, uninterpreted functions, and quantifiers (Microsoft Research)
Yices (GPLv3, C): SMT solver that decides the satisfiability of formulas containing uninterpreted function symbols with equality, real and integer arithmetic, bitvectors, scalar types, and tuples. Supports both linear and nonlinear arithmetic. Reads input from SMT-LIB or Yices' own specification language, includes Python bindings (SRI/CSL)
- yices (MIT, Python): Python bindings for yices2 (SRI CSL)
Boolector (GPL-3): bit-vectors and arrays (Johannes Kepler Univ. Linz, Upper Austrian Univ. of Applied Sciences)
MathSAT (FUSC, C++, Python/Java bindings): Theories: equality and uninterpreted functions, linear arithmetic, bit-vectors, and arrays, and Functionalities: computation of Craig interpolants, extraction of unsatisfiable cores, generation of models and proofs, and the ability of working incrementally (FBK, Univ. Trento)
SMT-LIB (?, C++): format for Finite lists, sets, maps (Oxford Univ.)
Alt-ERGO (FUSC, OCaml): built upon CC(X) algorithm (INRIA, Univ. Paris Sud, CNRS, LRI)
mSAT (Apache-2.0, OCaml): Modular SAT/SMT solver with proof output, derives from ERGO (INRIA)
veriT (BSD-2, C/C++): proof-producing SMT solver, complete for quantifier-free formulas with uninterpreted functions and difference logic on real numbers and integers (2017 version) (INRIA, Nancy Univ., UFRN, CNPq, Loria)
- haRVey (LGPL/BSD-2, C/C++): Predecessor of veriT: haRVey-FOL (LGPL), haRVey-SAT (BSD-2) (INRIA, Nancy Univ., UFRN, CNPq, Loria)
dReal (Apache-2.0, C++): SMT solver for nonlinear theories of reals, produces proofs for unsat cases, includes a semi-algorithm for proof-checking, has Python bindings (PyPI)
SMT-RAT (MIT, C++): Toolbox for strategic and parallel satisfiability-modulo-theories solving (RWTH)
Vampire: proof-producing theorem prover that can read SMT-LIB input, see section on Theorem Provers
archsat (MIT, OCaml): proof-producing SMT/McSAT solver, handling polymorphic first-order logic, using an SMT/McSat core extended using tableaux, superposition, and rewriting
BEAGLE (BSD, Scala): theorem prover for first-order logic with equality over linear integer/rational/real arithmetic that takes input in SMT-LIB 2.0, FOF, TFF, TFF-INT formats (NICTA)
Fx7 (?, Nemerle): prover based on C# port of MiniSAT
Simplify, its github (?, Modula-III): (SRC)
Beaver (BSD, OCaml): for the theory of quantifier-free finite-precision bit-vector arithmetic (UC Berkeley)
SBV (BSD-3, Haskell): SMT based verification in Haskell: Express properties about Haskell programs and automatically prove them using SMT solvers (ABC, Boolector, CVC4, MathSAT, Yices, Z3). (Intel)
list of SMT solvers (Univ. Iowa)
Decision Procedures: An Algorithmic Point of View (BSD-4, C++): software that accompanies the book Decision Procedures
llvm2smt (MIT, OCaml): Experimental translation of LLVM (3.5ish) IR to SMT-LIB (SRI CSL)
JavaSMT (Apache-2.0, Java/C): unified Java API for SMT solvers
bv2epr (GPLv3, C): tool for translating a QF_BV formula in SMT2 format into an EPR clause set in TPTP format (JKU)
PySMT (Apache-2.0, Python): a library for SMT formulae manipulation and solving, with interfaces to z3, MathSAT, CVC4, Yices, CUDD, PicoSAT, Boolector, and any solver that reads SMT-LIB (includes SMT-LIB parser written in Python)
ddSMT (GPLv3, Python): a delta debugger for SMT benchmarks in SMT-LIB v2, it serves as an input minimizer for SMT benchmarks on which a given executable shows unexpected or faulty behavior and supports all SMT-LIB v2 logics (includes SMT-LIB parser written in Python)
smtpp (MIT, OCaml): a preprocessor for SMT-LIB 2.0 scripts with extensions for lambda-terms and polymorphic types in scripts (Inria, Universite de Nancy 2, Universidade Federal do Rio Grande do Norte)
SMTtoTPTP (GPLv3, Scala): a translator for problems written in the SMT-LIB language, version 2, to the TPTP TFF language, supporting quantified formulas over the combined theories of of free symbols, arrays, integer and real arithmetic. It also supports Z3-style datatype declarations and some other extensions.

Constraint Solving Problem (CSP) solvers

constraint (BSD-2, Python): Constraint Solving Problem resolver for Python (on PyPI) (Canonical)
Cassowary: incremental constraint solving toolkit that efficiently solves systems of linear equalities and inequalities. Constraints may be either requirements or preferences. Client code specifies the constraints to be maintained, and the solver updates the constrained variables to have values that satisfy the constraints, site source on GitHub
- Cassowary (LGPLv2, C++): (original implementation) incremental constraint solving toolkit that efficiently solves systems of linear equalities and inequalities. Constraints may be either requirements or preferences. Re-solving the system happens rapidly, supporting UI applications. (Univ. of Washington)
- RHEA (MIT, C++): modernized C++ version of the original Cassowary implementation
- Kiwi (BSD-3, C++/Python): new implementation of the algorithm based on the Cassowary paper, 10x to 500x faster than the original, with Python bindings (Nucleic Development Team)
- cassowary (BSD-3 and Apache-2.0, Python): pure python implementation of the Cassowary constraint solving algorithm, available on PyPI (Auburn Univ.)
- Casuarius (LGPLv2.1, C++/Python): Cython bindings for the Cassowary Constraint Solving Toolkit version 0.6
- Aqt.Cassowary (MIT, QML/C++/JavaScript): Qt plugin that allows running an incremental linear constraint solver in QML applications, and wraps RHEA
Babelsberg:
- Babelsberg/JS (BSD-3, JavaScript): object constraint programming language and implementation, using the solvers Z3, DeltaBlue, and Cassowary
- pybelsberg (BSD-3, Python): implementation of Babelsberg allowing constraint-based programming in Python, using the Z3 theorem prover

Other solvers

RSolver (LGPL, OCaml/C/Java): Quantified inequality constraints (Academy of Sciences Czech Republic)
ROSETTE: Framework for designing solver-aided languages, realized embedded in Racket (UC Berkeley, MIT)

Logic programming

miniKanren
logpy

Software Synthesis

Leon, its github (BSD-2, Scala): Automated system for synthesizing and verifying functional Scala programs (EPFL)
- COMFUSY (BSD-2, Scala): tool for synthesizing executable code from specifications in linear integer arithmetic and constraints on sets of objects (EPFL)
- Kaplan (?, Scala): Scala extension that supports constraint-solving (EPFL)
- RegSy (?, Scala): synthesis tool that can be used to build functions from specification written in WS1S (EPFL)
AutoBayes (NOSA, Prolog): automatic generation of customized algorithms from compact, declarative specifications in the data analysis domain, requires SWI Prolog, generates OCtave/Matlab code (NASA)
Jeeves (MIT, Python): programming language for automatically enforcing privacy policies and Python implementation (MIT)
MCGP (?, ?): automatic generation and correction of programs, based on model cheking and genetic programming (Bar-Ilan Univ.)

Runtime Verification

MOP (Java): Monitoring-Oriented Programming (UIUC)
- JavaMOP (MIT, Java): Runtime verification system for Java, using AspectJ for instrumentation (UIUC)
- ROSMOP (?, Java): Monitor Oriented Programming for ROS (UIUC)
CHIMP: LTL -> monitors: nondeterministic finite-word automata that accept all illegal executions (Rice Univ.)
LTL_3 (GPL): LTL -> Moore FSM monitor
TOPL (OCaml): monitor Java programs
Breach Toolbox(BSD-3, MATLAB/C++): Simulation-based design of dynamical, cyber-physical, and hybrid systems (UC Berkeley, Decyphir)
JTorX (BSD-3, Java): Model-based testing: Spec: Aldebaran or GraphML or dot or Jararaca or .sax or muCRL or .bcg or LOTOS, Implementation either these or real program (Univ. Twente)
TorX (Apache, ?): Conformance testing of reactive software (Univ. Twente, TU Eindhoven, Philips, Lucent)
MonPoly (?, OCaml): a prototype monitoring tool that checks compliance of log files with respect to policies specified in MFOTL (Metric First-Order Temporal Logic)
Montre (GPL-3, Pure/C++): A timed regular expression matcher (Verimag)
ROSRV (NCSA, C++/Java): runtime verification framework for the Robot Operating System (ROS) (Univ. of Illinois at Urbana-Champaign)

Yet un-categorized

Matching Logic: regard a language through both operational and axiomatic lenses at the same time (UIUC)
Separation logic and local reasoning: wiki and tools list Max Planck Inst. for Soft. Sys.
QMRes: Multi-resolution with ZDDs implementation
MTSA (Public): Modal Transition Systems Analyser (Imperial College London, Univ. Buenos Aires)
MoTraS (?, C++): verification of (disjunctive) modal transition systems, using ltl2dstar for LTL to Rabin automaton translation
FoCs
COMPASS: correctness, modeling and preformance of aerospace systems
VeriSoft: systematic software testing (Bell Labs)
FTS: featured transition systems
PdTrav
seL4 (GPLv2, BSD-2, C): A microkernel formally proved correct, with proofs in Isabelle/HOL
Cogent (BSD-2, Isabelle/Haskell/C): code and proof co-generation from a purely functional language, on top the seL4 microkernel (CSIRO)
Theory of X-Machines: X-machines were introduced in 1974 by Samuel Eilenberg

TypeSetting

LTL (LPPL, LaTeX/TikZ): Configurable LTL math operators with LaTeX and TikZ or LTLFonts
fsmtex (?, Perl/TeX): FSM drawing in LaTeX using TikZ (Univ. Marseille)

Other tool lists

Wikipedia
Yahoda [Masaryk Univ.]
wikia (by Jonathan Bowen)
formal methods wiki (older version of the above)
UPenn Hybrid System Tools Repository
VERIMAG Tools
verification tools for industrial automation
Carloni et al.
Networked Control Systems Repository
rise4fun
CMU tools
SRI tools and older page
SYNALP: SYNchronous Applications, Languages, and Programs
ARS: Database of Automated Reasoning Systems (Stanford)
AVACS
Quasimodo: Quantitative system properties in model-driven-design of embedded systems
Tools list at SMT-LIB
Max-SAT 2013 solvers
SAT competition
JKU tools
Freek Wiedijk
- Formalizing 100 Theorems: which theorems have been formalized in which prover
Proof Assistants, Wikipedia
Univ. Utah tools
SV-COMP 2014: competition on software verification at TACAS 2014
Every Proof Assistant Seminar: series of (online) seminars

databases and benchmarks

Model checking benchmarking scripts (NASA SA, Perl): details on the experiments described in "LTL satisfiability checking" (NASA)
VLTS: MC benchmarks (CWI/SEN2, INRIA/VASY)
BEEM: MC benchmarks (Masaryk Univ.)
Mutual Exclusion Promela Source Codes: (Waseda Univ.)
Buchi Store
Promela Database: (IMT Lucca)
Spec Patterns: patterns commonly occuring in specs of concurrent/reactive systems (LTL, CTL, GIL, QRE, ACTL, RAFMC) (Univ. Massachusetts Amherst)
Hybrid system safety verification benchmarks
TPTP: Thousands of Problems for Theorem Provers (Univ. Miami)
Benchmark Verification Tasks: Benchmark verification tasks in software verification, as used in SV-COMP
Larry Wos' Notebooks: series of notebooks presenting some of Larry Wos’s most recent and hitherto unpublished research in automated reasoning (also in 1st order logic) (Argon Nat. Lab)
SMT-LIB: benchmarks for SMT
DPPD: The Dozens of Problems for Partial Deduction (DPPD) Library of Benchmarks aims at being a standard suite of benchmarks for partial deduction (Univ. Dusseldorf)
QMLTP: Quantified Modal Logics Theorem Proving (QMLTP) library provides a platform for testing and benchmarking ATP systems for first-order modal logics (Univ. Potsdam)
ILTP: Intuitionistic Logic Theorem Proving (ILTP) library provides a platform for testing and benchmarking ATP systems for first-order and propositional intuitionistic logic (Univ. Potsdam)
asparagus: Environment for submitting and archiving benchmarking Answer-Set Programming (ASP) problems and instances (Univ. Potsdam)
TPDB: Termination Problems Database of test problems for termination provers: term rewrite systems and logic programs (LRI)
CSPLib: Benchmark library of problems for constraint solvers (Izmir Univ. Economics, Univ. St Andrews, Univ. New South Wales)
OR-library: Test data sets for a variety of Operations Research (OR) problems (Imperial College London)
SATLIB: Benchmark problems, solvers, and tools for SAT related research (TU Darmstadt, Univ. British Columbia)
SatEx: Experiments and execution traces of SAT solvers, on all benchmarks that are provided
FEVS: set of programs designed to be used as a test suite for tools that verify functional equivalence (Univ. of Delaware)

Abbreviations

u: unspecified license
FUSC: Free Under Specific Condition (wikipedia term), usually free for academic/research use
open: open source license
closed: no source available, common situation: jar files
LPPL: LaTeX Project Public License
EPL: Eclipse Public License
BA: Buchi Automaton
GBA: Generalized BA
TP: Theorem Prover
ATP: Automatic TP
RTS: Real-time System(s)
PWA: PieceWise-Affine
MLD: Mixed Logical Dynamical
TU: Technical University
UT: University of Technology
MSR: Microsoft Research
FOL: First-order logic
HOL: Higher-order logic
bin: binary, no sources available/found
?: absent either due to time-constrained browsing (please complete) or not found

Files

verification_synthesis.md

Latest commit

History

verification_synthesis.md

File metadata and controls

Verification

Closed Systems (Everything controlled)

Enumerative

Symbolic

logic -> automata and automata tools

LTL -> *BA

LTL -> DRA

other

Term rewrite systems

Open Systems

Synchronous Languages

Imperative

Declarative

Statecharts

Synthesis

Open Systems (Games: System and Uncontrolled Environment)

Discrete games

GR(1) games

Full LTL games

Safety specs (controller synthesis)

Parity Game solvers

Quantitative games

Other

Hybrid games

Contracts

Hardware

Other

Timed Systems

Hybrid Systems

Linear

Non-Linear

Stochastic

Theorem Provers

Theorem provers for modal logics

QBF

SAT

CDCL

Stochastic local search

Parallel

Unsorted

SMT

Constraint Solving Problem (CSP) solvers

Other solvers

Logic programming

Software Synthesis

Runtime Verification

Yet un-categorized

TypeSetting

Other tool lists

databases and benchmarks

Abbreviations