# Proof format: AletheLF

Using the flag proof-format-mode=alf, cvc5 outputs proofs in the AletheLF (ALF) proof format.

The ALF proof format is based on the SMT-LIB 3 language. An efficient C++ proof checker for ALF is available here. For details on the checker and a comprehensive overview of the AletheLF language supported by the checker, see the user manual here.

For a quick start, the cvc5 repository contains a script which will download and install the ALF proof checker (alfc), and create scripts for generating proofs with cvc5 and checking them with the ALF proof checker.

The AletheLF language is a meta-framework, meaning that the proof rules used by cvc5 are defined in signature files. The signature files are contained within the cvc5 repository in this directory. Based on these signatures, cvc5 provides basic support for ALF proofs over all theories that it supports.

Note that several proof rules in the internal calculus are not yet supported in ALF signatures. Steps that use such rules are printed as trust steps in the ALF proof. A trust step proves an arbitrary formula with no provided justification. The ALF proof contains warnings for trust steps that indicate which internal proof rules were recorded as trust steps in the ALF proof.

To get more fine-grained proofs, the additional option proof-granularity=theory-rewrite can be passed to cvc5. This often will result in ALF proofs with more detail, and whose trust steps correspond only to equalities corresponding to theory rewrites.

A simple example of cvc5 producing a proof in ALF proof format:

```
$ bin/cvc5 --dump-proofs --proof-format-mode=alf --proof-granularity=theory-rewrite ../test/regress/cli/regress0/proofs/qgu-fuzz-1-bool-sat.smt2
unsat
(declare-const c Bool)
(declare-const b Bool)
(declare-const d Bool)
(define @t1 () (= b d))
(define @t2 () (or b d))
(define @t3 () (ite d c false))
(define @t4 () (@list true false))
(assume @p1 (and (or d b) (= c d) (not @t3) (= @t2 @t1)))
(step @p2 :rule and_elim :premises (@p1) :args (0))
(step @p3 :rule reordering :premises (@p2) :args (@t2))
; WARNING: add trust step for TRUST_THEORY_REWRITE
; trust TRUST_THEORY_REWRITE
(step @p4 :rule trust :premises () :args ((= (and d d) d)))
(step @p5 :rule cong :premises (@p4) :args (not))
(step @p6 :rule and_elim :premises (@p1) :args (1))
(step @p7 :rule refl :args (d))
(step @p8 :rule nary_cong :premises (@p7 @p6) :args (and))
(step @p9 :rule cong :premises (@p8) :args (not))
(step @p10 :rule trans :premises (@p9 @p5))
; trust TRUST_THEORY_REWRITE
(step @p11 :rule trust :premises () :args ((= @t3 (and d c))))
(step @p12 :rule cong :premises (@p11) :args (not))
(step @p13 :rule trans :premises (@p12 @p10))
(step @p14 :rule and_elim :premises (@p1) :args (2))
(step @p15 :rule eq_resolve :premises (@p14 @p13))
(step @p16 :rule chain_resolution :premises (@p3 @p15) :args ((@list true) (@list d)))
(step @p17 :rule cnf_equiv_pos1 :args (@t1))
(step @p18 :rule reordering :premises (@p17) :args ((or d (not b) (not @t1))))
(step @p19 :rule chain_resolution :premises (@p18 @p15 @p16) :args (@t4 (@list d b)))
(step @p20 :rule and_elim :premises (@p1) :args (3))
(step @p21 :rule equiv_elim1 :premises (@p20))
(step @p22 :rule reordering :premises (@p21) :args ((or @t1 (not @t2))))
(step @p23 false :rule chain_resolution :premises (@p22 @p19 @p3) :args (@t4 (@list @t1 @t2)))
```