Difference between revisions of "User Manual"
(→CVC4's input languages) |
(→CVC4's support for the SMT-LIB language) |
||
Line 241: | Line 241: | ||
CVC4 tries to automatically recognize the input language based on the file's extension: cvc for CVC4's native language, smt2 for SMT-LIB 2.0 and smt for SMT-LIB 1.0. If the file extension does not match one of the previously mentioned ones you can specify the input language via the command line flag --lang. To see all language options type: | CVC4 tries to automatically recognize the input language based on the file's extension: cvc for CVC4's native language, smt2 for SMT-LIB 2.0 and smt for SMT-LIB 1.0. If the file extension does not match one of the previously mentioned ones you can specify the input language via the command line flag --lang. To see all language options type: | ||
$ cvc4 --lang help | $ cvc4 --lang help | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Every effort has been made to make CVC4 compliant with the SMT-LIB 2.0 | Every effort has been made to make CVC4 compliant with the SMT-LIB 2.0 |
Revision as of 11:20, 27 November 2012
This manual includes lots of information about how to use CVC4.
It is a work in-progress.
Contents
- 1 What is CVC4?
- 2 Obtaining and compiling CVC4
- 3 Using the CVC4 binary
- 4 CVC4's input languages
- 5 The CVC4 library interface (API)
- 6 Upgrading from CVC3 to CVC4
- 7 Useful command-line options
- 8 Dumping API calls or preprocessed output
- 9 Changing the output language
- 10 Proof support
- 11 Portfolio solving
- 12 Emacs support
What is CVC4?
CVC4 is the last of a long line of SMT solvers that started with SVC and includes CVC, CVC-Lite and CVC3. Technically, it is an automated validity checker for a many-sorted (i.e., typed) first-order logic with built-in theories. The current built-in theories are the theories of:
- equality over free (aka uninterpreted) function and predicate symbols,
- real and integer linear arithmetic (with some support for non-linear arithmetic),
- bit vectors,
- arrays,
- tuples,
- records,
- user-defined inductive data types.
CVC4 checks whether a given formula is valid in the built-in theories under a given set of assumptions, a context. More precisely, it checks whether
that is, whether is a logical consequence in of the set of formulas , where is the union of CVC4's built-in theories.
Roughly speaking, when is a universal formula and is a set of existential formulas (i.e., when and contain at most universal, respectively existential, quantifiers), CVC4 is a decision procedure: it is guaranteed (modulo bugs and memory limits) to return a correct "valid" or "invalid" answer eventually. In all other cases, CVC4 is deductively sound but incomplete: it will never say that an invalid formula is valid, but it may either never return or give up and return "unknown" for some formulas.
Currently, when CVC4 returns "valid" for a query formula under a context it provides no evidence to back its claim. Future versions will also return a proof certificate, a formal proof that for some subset of .
When CVC4 returns "invalid" it can return both a counter-example to 's validity under the context and a counter-model. Both a counter-example and a counter-model are a set of additional formulas consistent with in , but entailing the negation of . Formally:
and .
The difference is that a counter-model is given as a set of equations providing a concrete assignment of values for the free symbols in and (see the section on CVC4's native input language for more details).
Obtaining and compiling CVC4
CVC4 is distributed in the following ways:
Obtaining binary packages
Binary packages are available for CVC4. Nightly builds:
Obtaining source packages
Sources are available from the same site as the binaries.
Source repository
The CVC4 source repository is currently hosted by CIMS and requires a CIMS account. Please contact a member of the development team for access. Please see the additional instructions for here.
Building from source
To compile from a source package:
- Install antlr
- Configure cvc4
- Compile cvc4
- Install cvc4 [optional]
cd contrib ./get-antlr-3.4 cd .. ./configure --with-antlr-dir=`pwd`/antlr-3.4 ANTLR=`pwd`/antlr-3.4/bin/antlr3 make make check [recommended] make install [optional]
(To build from a repository checkout, see here.)
For more detailed build instructions and dependencies see Building CVC4 from source
Using the CVC4 binary
Once installed, the CVC4 driver binary ("cvc4") can be executed to directly enter into interactive mode:
$ cvc4 cvc4 1.0 assertions:off CVC4>
You can then enter commands into CVC4 interactively:
CVC4> OPTION "incremental"; CVC4> OPTION "produce-models"; CVC4> TRANSFORM 25*25; 625 CVC4> x, y : INT; CVC4> QUERY x = y; invalid CVC4> COUNTERMODEL; x : INT = -1; y : INT = 0; CVC4> ASSERT x >= 0; CVC4> QUERY x = y; invalid CVC4> COUNTERMODEL; x : INT = 0; y : INT = 1; CVC4>
The above example shows two useful options, incremental and produce-models.
- The incremental option allows you to issue multiple QUERY (or CHECKSAT) commands, and allows the use of the PUSH and POP commands. Without this option, CVC4 optimizes itself for a single QUERY or CHECKSAT command (though you may issue any number of ASSERT commands). The incremental option may also be given by passing the -i command line option to CVC4.
- The produce-models option allows you to query the model (here, with the COUNTERMODEL command) after an "invalid" QUERY (or "satisfiable" CHECK-SAT). Without it, CVC4 doesn't do the bookkeeping necessary to support model generation. The produce-models option may also be given by passing the -m command line option to CVC4.
So, if you invoke CVC4 with -im, you don't need to pass those options at all:
$ cvc4 -im cvc4 1.0 assertions:off CVC4> x, y : INT; CVC4> QUERY x = y; invalid CVC4> COUNTERMODEL; x : INT = -1; y : INT = 0; CVC4> ASSERT x >= 0; CVC4> QUERY x = y; invalid CVC4> COUNTERMODEL; x : INT = 0; y : INT = 1; CVC4>
By default, CVC4 operates in CVC-language mode. If you enter something that looks like SMT-LIB, it will suggest that you use the "--lang smt" command-line option for SMT-LIB mode:
CVC4> (declare-fun x () Int) Parse Error: <shell>:1.7: In CVC4 presentation language mode, but SMT-LIB format detected. Use --lang smt for SMT-LIB support. CVC4>
Verbosity
CVC4 has various levels of verbosity. By default, CVC4 is pretty quiet, only reporting serious warnings and notices. If you're curious about what it's doing, you can pass CVC4 the -v option:
$ cvc4 -v file.smt2 Invoking: (set-logic AUFLIRA) Invoking: (set-info :smt-lib-version 2.000000) Invoking: (set-info :category "crafted") Invoking: (set-info :status unsat) Invoking: (declare-fun x () Real) etc...
For even more verbosity, you can pass CVC4 an additional -v:
$ cvc4 -vv file.smt2 Invoking: (set-logic AUFLIRA) Invoking: (set-info :smt-lib-version 2.000000) Invoking: (set-info :category "crafted") Invoking: (set-info :status unsat) Invoking: (declare-fun x () Real) etc... expanding definitions... constraining subtypes... applying substitutions... simplifying assertions... doing static learning... etc...
Internally, verbosity is just an integer value. It starts at 0, and with every -v on the command line it is incremented; with every -q, decremented. It can also be set directly. From CVC language:
CVC4> OPTION "verbosity" 2;
Or from SMT-LIB language:
CVC4> (set-option :verbosity 2)
Getting statistics
Statistics can be dumped on exit (both normal and abnormal exits) with the --statistics command line option.
$ cvc4 --statistics foo.smt2 sat sat::decisions, 0 sat::propagations, 3 sat::starts, 1 theory::uf::TheoryUF::functionTermsCount, 2 theory::uf::TheoryUF::mergesCount, 2 theory::uf::TheoryUF::termsCount, 6 theory<THEORY_UF>::propagations, 1 driver::filename, foo.smt2 driver::sat/unsat, sat driver::totalTime, 0.02015373 [many others]
Many statistics name-value pairs follow, one comma-separated pair per line.
Exit status
The exit status of CVC4 depends on the last QUERY or CHECK-SAT. If you wish to call CVC4 from a program (e.g., a shell script) and care only about the satisfiability or validity of a single formula, you can pass the -q option (as described above, under verbosity) and check the exit code. With -q, CVC4 should not produce any output unless it encounters a fatal error.
QUERY asks a validity question, and CHECK-SAT a satisfiability question, and these are dual problems; hence the terminology is different, but really "sat" and "invalid" are the same internally, as are "unsat" and "valid":
Solver's last result | Exit code | Notes |
---|---|---|
sat or invalid | 10 | |
unsat or valid | 20 | |
unknown | 0 | could be for any reason: time limit exceeded, no memory, incompleteness.. |
no result | 0 | no query or check-sat command issued |
parse errors | 0 (in interactive mode) 1 (otherwise) | see below |
other errors | 1 (usually) | see below |
Most "normal errors" return a 1 as the exit code, but out of memory conditions, and others, can produce different exit codes. In interactive mode, parse errors are ignored and the next line read; so in interactive mode, you may see an exit code of 0 even in the presence of such an error.
In SMT-LIB mode, an SMT-LIB command script that sets its status via "set-info :status" also affects the exit code. So, for instance, the following SMT-LIB script returns an exit code of 10 even though it contains no "check-sat" command:
(set-logic QF_UF) (set-info :status sat) (exit)
Without the "set-info," it would have returned an exit code of 0.
CVC4's input languages
When not used in interactive mode, CVC4 can read its input from an external file. It accepts the following input languages:
- CVC4's native language (see this for a language description)
- SMT-LIB 2.0 (see David Cok's SMT-LIB tutorial)
- SMT-LIB 1.0
CVC4 tries to automatically recognize the input language based on the file's extension: cvc for CVC4's native language, smt2 for SMT-LIB 2.0 and smt for SMT-LIB 1.0. If the file extension does not match one of the previously mentioned ones you can specify the input language via the command line flag --lang. To see all language options type:
$ cvc4 --lang help
Every effort has been made to make CVC4 compliant with the SMT-LIB 2.0 standard (http://smtlib.org/). However, when parsing SMT-LIB input, certain default settings don't match what is stated in the official standard. To make CVC4 adhere more strictly to the standard, use the "--smtlib" command-line option. Even with this setting, CVC4 is somewhat lenient; some non-conforming input may still be parsed and processed.
The CVC4 library interface (API)
Using CVC4 in a C++ project
Using CVC4 from Java
The compatibility interface
Upgrading from CVC3 to CVC4
Features not supported by CVC4 (yet)
Type Correctness Conditions (TCCs)
Type Correctness Conditions (TCCs), and the checking of such, are not supported by CVC4 1.0. Thus, a function defined only on integers can be applied to REAL (as INT is a subtype of REAL), and CVC4 will not complain, but may produce strange results. For example:
f : INT -> INT; ASSERT f(1/3) = 0; ASSERT f(2/3) = 1; CHECKSAT; % sat COUNTEREXAMPLE; % f : (INT) -> INT = LAMBDA(x1:INT) : 0;
CVC3 can be used to produce TCCs for this input (with the +dump-tcc option). The TCC can be checked by CVC3 or another solver. (CVC3 can also check TCCs while solving with +tcc.)
If you were using the text interfaces of CVC3
The native language of all solvers in the CVC family, referred to as the "presentation language," has undergone some revisions for CVC4. The most notable is that CVC4 does _not_ add counterexample assertions to the current assertion set after a SAT/INVALID result. For example:
x, y : INT; ASSERT x = 1 OR x = 2; ASSERT y = 1 OR y = 2; ASSERT x /= y; CHECKSAT; % sat QUERY x = 1; % invalid QUERY x = 2; % invalid
Here, CVC4 responds "invalid" to the second and third queries, because each has a counterexample (x=2 is a counterexample to the first, and x=1 is a counterexample to the second). However, CVC3 will respond with "valid" to one of these two, as the first query (the CHECKSAT) had the side-effect of locking CVC3 into one of the two cases; the later queries are effectively querying the counterexample that was found by the first. CVC4 removes this side-effect of the CHECKSAT and QUERY commands.
CVC4 supports rational literals (of type REAL) in decimal; CVC3 did not support decimals.
CVC4 does not have support for the IS_INTEGER predicate.
If you were using the library ("in-memory") interface of CVC3
If you were using CVC3 from C
If you were using CVC3 from Java
Useful command-line options
Statistics
Statistics can be dumped on exit (both normal and abnormal exits) with the --statistics command line option.
Time and resource limits
CVC4 can be made to self-timeout after a given number of milliseconds. Use the --tlimit command line option to limit the entire run of CVC4, or use --tlimit-per to limit each individual query separately. Preprocessing time is not counted by the time limit, so for some large inputs which require aggressive preprocessing, you may notice that --tlimit does not work very well. If you suspect this might be the case, you can use "-vv" (double verbosity) to see what CVC4 is doing.
Time-limited runs are not deterministic; two consecutive runs with the same time limit might produce different results (i.e., one may time out and responds with "unknown", while the other completes and provides an answer). To ensure that results are reproducible, use --rlimit or --rlimit-per. These options take a "resource count" (presently, based on the number of SAT conflicts) that limits the search time. A word of caution, though: there is no guarantee that runs of different versions of CVC4 or of different builds of CVC4 (e.g., two CVC4 binaries with different features enabled, or for different architectures) will interpret the resource count in the same manner.
CVC4 does not presently have a way to limit its memory use; you may opt to run it from a shell after using "ulimit" to limit the size of the heap.
Dumping API calls or preprocessed output
Changing the output language
Proof support
CVC4 1.0 has limited support for proofs, and they are disabled by default. (Run the configure script with --enable-proof to enable proofs). Proofs are exported in LFSC format and are limited to the propositional backbone of the discovered proof (theory lemmas are stated without proof in this release).
Portfolio solving
If enabled at configure-time (./configure --with-portfolio), a second CVC4 binary will be produced ("pcvc4"). This binary has support for running multiple instances of CVC4 in different threads. Use --threads=N to specify the number of threads, and use --thread0="options for thread 0" --thread1="options for thread 1", etc., to specify a configuration for the threads. Lemmas are *not* shared between the threads by default; to adjust this, use the --filter-lemma-length=N option to share lemmas of N literals (or smaller). (Some lemmas are ineligible for sharing because they include literals that are "local" to one thread.)
Currently, the portfolio **does not work** with quantifiers or with the theory of inductive datatypes. These limitations will be addressed in a future release.
Emacs support
For a suggestion of editing CVC4 source code with emacs, see the file contrib/editing-with-emacs. For a CVC language mode (the native input language for CVC4), see contrib/cvc-mode.el.