cvc4 man page

cvc4, pcvc4 — an automated theorem prover


cvc4 [ options ] [ file ]

pcvc4 [ options ] [ file ]


cvc4 is an automated theorem prover for first-order formulas with respect to background theories of interest. pcvc4 is CVC4's "portfolio" variant, which is capable of running multiple CVC4 instances in parallel, configured differently.

With file , commands are read from file and executed. CVC4 supports the SMT-LIB (versions 1.2 and 2.0) input format, as well as its own native “presentation language” (see cvc4(5) ), which is similar in many respects to CVC3's presentation language, but not identical.

If file is unspecified, standard input is read (and the CVC4 presentation language is assumed). If file is unspecified and CVC4 is connected to a terminal, interactive mode is assumed.

Common Options

Each option marked with [*] has a --no-OPTIONNAME variant, which reverses the sense of the option.
--lang=LANG | -L LANG
force input language (default is "auto"; see --lang help)
force output language (default is "auto"; see --output-lang help)
--verbose | -v
increase verbosity (may be repeated)
--quiet | -q
decrease verbosity (may be repeated)
give statistics on exit [*]
dump preprocessed assertions, etc., see --dump=help
all dumping goes to FILE (instead of stdout)
--produce-models | -m
support the get-value and get-model commands [*]
force interactive mode [*]
--incremental | -i
enable incremental solving [*]
enable time limiting (give milliseconds)
enable time limiting per query (give milliseconds)
enable resource limiting (currently, roughly the number of SAT conflicts)
enable resource limiting per query
--version | -V
identify this CVC4 binary
--help | -h
full command line reference
show CVC4 static configuration
be less tolerant of non-conforming inputs [*]

Base Options

in incremental mode, print stats after every satisfiability or validity query [*]
hide statistics which are zero
show statistics even when they are zero (default)
exit after parsing input [*]
exit after preprocessing input [*]
--trace=TAG | -t TAG
trace something (e.g. -t pushpop), can repeat
--debug=TAG | -d TAG
debug something (e.g. -d arith), can repeat
print the "success" output required of SMT-LIBv2 [*]
SMT-LIBv2 compliance mode (implies other options)

Expression Package Options

print exprs to depth N (0 == default, -1 == no limit)
dagify common subexprs appearing > N times (1 == default, 0 == don't dagify)
print types with variables when printing exprs
type check expressions immediately on creation (debug builds only)
type check expressions only when necessary (default)
never type check expressions
try the new remove ite pass that is biased against term ites appearing [*]

Boolean Theory Options

policy for converting Boolean terms

Theory Layer Options

mode for Theory::theoryof() (EXPERTS only)
use alternate theory implementation NAME (--use-theory=help for a list)

Bitvector Theory Options

choose bitblasting mode, see --bitblast=help
bitblast by first converting to AIG (only if --bitblast=eager) [*]
abc command to run AIG simplifications (EXPERTS only)
use bit-vector propagation in the bit-blaster [*]
use the equality engine for the bit-vector theory (only if --bitblast=lazy) [*]
turn on the slicing equality solver for the bit-vector theory (only if --bitblast=lazy)
turn on the inequality solver for the bit-vector theory (only if --bitblast=lazy) [*]
turn on the algebraic solver for the bit-vector theory (only if --bitblast=lazy) [*]
the budget allowed for the algebraic solver in number of SAT conflicts (EXPERTS only)
lift bit-vectors of size 1 to booleans when possible [*]
always return -1 on division by zero [*]
mcm benchmark abstraction (EXPERTS only) [*]
skolemize arguments for bv abstraction (only does something if --bv-abstraction is on) (EXPERTS only) [*]
number of function symbols in conflicts that are generalized (EXPERTS only)
compute bit-blasting propagation explanations eagerly (EXPERTS only) [*]
minimize bv conflicts using the QuickXplain algorithm (EXPERTS only) [*]
introduce bitvector powers of two as a preprocessing pass (EXPERTS only) [*]

Datatypes Theory Options

rewrite incorrectly applied selectors to arbitrary ground term (EXPERTS only) [*]
force the datatypes solver to give specific values to all datatypes terms before answering sat [*]

Arithmetic Theory Options

determines which lemmas to add before solving (default is 'all', see --unate-lemmas=help)
turns on arithmetic propagation (default is 'old', see --arith-prop=help)
the number of times to apply the heuristic pivot rule; if N < 0, this defaults to the number of variables; if this is unset, this is tuned by the logic selection
limits the number of pivots in a single invocation of check() at a non-full effort level using Bland's pivot rule (EXPERTS only)
change the pivot rule for the basic variable (default is 'min', see --pivot-rule help)
the number of pivots to do in simplex before rechecking for a conflict on all variables
sets the number of pivots using --pivot-rule per basic variable per simplex instance before using variable order
sets the maximum row length to be used in propagation
turns off Linear Diophantine Equation solver (Griggio, JSAT 2012)
turns on the preprocessing rewrite turning equalities into a conjunction of inequalities
turns off the preprocessing rewrite turning equalities into a conjunction of inequalities
turns on the preprocessing step of attempting to infer bounds on miplib problems
turns off the preprocessing step of attempting to infer bounds on miplib problems
do substitution for miplib 'tmp' vars if defined in <= N eliminated vars
turns on the integer solving step of periodically cutting all integer variables that have both upper and lower bounds [*]
turns off the integer solving step of periodically cutting all integer variables that have both upper and lower bounds
maximum cuts in a given context before signalling a restart
revert the arithmetic model to a known safe model on unsat if one is cached [*]
turns on degenerate pivot penalties [*]
turns off degenerate pivot penalties
use focusing and converging simplex (FMCAD 2013 submission) [*]
use sum of infeasibility simplex (FMCAD 2013 submission) [*]
have a pivot cap for simplex at effort levels below fullEffort [*]
collect the pivot history [*]
attempt to use an approximate solver [*]
maximum branch depth the approximate solver is allowed to take
let skolem variables for integer divisibility constraints leak from the dio solver [*]
use the new row propagation system [*]
rows shorter than this are propagated as clauses
use quick explain to minimize the sum of infeasibility conflicts [*]
rewrite division and mod when by a constant into linear terms [*]
attempt to use the approximate solve integer method on standard effort [*]
attempt to use external lemmas if approximate solve integer failed [*]
turns in a row dio solver cutting gets
round robin turn
handle dio solver constraints in mass or one at a time [*]
multiples of the depths to try to close the approx log eagerly
number of solve integer attempts to skips after a numeric failure
number of solve integer attempts to skips after a numeric failure
maximum complexity of any coefficient while replaying cuts
maximum complexity of any coefficient while outputing replaying cut lemmas
threshold for a major tolerance failure by the approximate solver
threshold for a major tolerance failure by the approximate solver
threshold for a minor tolerance failure by the approximate solver
threshold for a minor tolerance failure by the approximate solver
threshold for substituting an equality in ppAssert
threshold for attempting to replay a tree
apply pseudo boolean rewrites [*]
threshold of number of pseudoboolean variables to have before doing rewrites

Uninterpreted Functions Theory Options

use UF symmetry breaker (Deharbe et al., CADE 2011) [*]
condense models for functions rather than explicitly representing them [*]
disable region-based method for discovering cliques and splits in uf strong solver
add splits eagerly for uf strong solver [*]
always use totality axioms for enforcing cardinality constraints [*]
apply totality axioms, but only up to cardinality N (-1 == do not apply totality axioms, default)
apply symmetry breaking for totality axioms [*]
tells the uf strong solver a cardinality to abort at (-1 == no limit, default)
use explained clique lemmas for uf strong solver [*]
always use simple clique lemmas for uf strong solver [*]
eagerly propagate disequalities for uf strong solver [*]
disable finding a minimal model in uf strong solver
use cliques instead of splitting on demand to shrink model [*]
finite model finding symmetry breaking techniques [*]
use fair strategy for finite model finding multiple sorts [*]

Arrays Theory Options

turn on optimization for linear array terms (see de Moura FMCAD 09 arrays paper) [*]
turn on optimization to only perform RIntro1 rule lazily (see Jovanovic/Barrett 2012: Being Careful with Theory Combination) [*]
turn on model-based arrray solver [*]
turn on eager index splitting for generated array lemmas [*]
turn on eager lemma generation for arrays [*]

Quantifiers Options

disable miniscope quantifiers
disable miniscope quantifiers for ground subformulas
disable prenexing of quantified formulas
disable simple variable elimination for quantified formulas
disable simple ite lifting for quantified formulas
apply CNF conversion to quantified formulas [*]
apply NNF conversion to quantified formulas [*]
apply clause splitting to quantified formulas [*]
apply skolemization eagerly to bodies of quantified formulas [*]
perform aggressive miniscoping for quantifiers [*]
perform quantifiers macro expansions [*]
perform first-order propagation on quantifiers [*]
disable smart triggers
prefer triggers that are more relevant based on SInE style analysis [*]
choose relational triggers such as x = f(y), x >= f(y) [*]
consider ground terms within bodies of quantified formulas for matching [*]
when to apply instantiation
maximum inst level of terms used to instantiate quantified formulas with (-1 == no limit, default)
apply quantifier instantiation eagerly [*]
when all other quantifier instantiation strategies fail, instantiate with ground terms from relevant domain, then arbitrary ground terms before answering unknown [*]
choose literal matching mode
turns on counterexample-based quantifier instantiation [*]
turns on recursive counterexample-based quantifier instantiation [*]
policy for handling user-provided patterns for quantifier instantiation
turns on flip decision heuristic
disables instantiating with representatives chosen by quantifiers engine
use finite model finding heuristic for quantifier instantiation [*]
choose mode for model-based quantifier instantiation
only add one instantiation per quantifier per round for mbqi [*]
only add instantiations for one quantifier per round for mbqi [*]
use instantiation engine in conjunction with finite model finding [*]
disable Inst-Gen instantiation techniques for finite model finding
only perform Inst-Gen instantiation techniques on one quantifier per round [*]
use fresh distinguished representative when applying Inst-Gen techniques [*]
disable simple models in full model check for finite model finding
finite model finding on bounded integer quantification [*]
enforce bounds for bounded integer quantification lazily via use of proxy variables [*]
policy for instantiating axioms
enable conflict find mechanism for quantifiers [*]
what effort to apply conflict find mechanism
when to invoke conflict find mechanism for quantifiers
enable entailment checks for t-constraints in qcf algorithm [*]
use rewrite rules module [*]
add one instance of rewrite rule per round [*]
apply strengthening for existential quantification over datatypes based on structural induction [*]

Strings Theory Options

experimental features in the theory of strings [*]
the strategy of LB rule application: 0-lazy, 1-eager, 2-no
the finite model finding used by the theory of strings [*]
the eager intersection used by the theory of strings [*]
internal option1 for strings: normal form [*]
internal option2 for strings: constant regexp splitting [*]
the cardinality of the characters used by the theory of strings, default 256 (EXPERTS only)

Sat Layer Options

show all available SAT solvers
sets the frequency of random decisions in the sat solver (P=0.0 by default)
sets the random seed for the sat solver
sets the base restart interval for the sat solver (N=25 by default)
sets the restart interval increase factor for the sat solver (F=3.0 by default)
refine theory conflict clauses (default false) [*]
use Minisat elimination [*]
instead of solving minisat dumps the asserted clauses in Dimacs format [*]

Printing Options

print format mode for models, see --model-format=help
print format mode for instantiations, see --inst-format=help

Smt Layer Options

set the logic, and override all further user attempts to change it (EXPERTS only)
choose simplification mode, see --simplification=help
turn off all simplification (same as --simplification=none)
use static learning (on by default) [*]
after SAT/INVALID/UNKNOWN, check that the generated model satisfies user assertions [*]
output models after every SAT/INVALID/UNKNOWN response [*]
turn on proof generation [*]
after UNSAT/VALID, machine-check the generated proof [*]
output proofs after every UNSAT/VALID response [*]
output instantiations of quantified formulas after every UNSAT/VALID response [*]
support the get-assignment command [*]
turn on ite simplification (Kim (and Somenzi) et al., SAT 2009) [*]
do the ite simplification pass again if repeating simplification [*]
enables simplifyWithCare in ite simplificiation [*]
enables compressing ites after ite simplification [*]
turn on unconstrained simplification (see Bruttomesso/Brummayer PhD thesis) [*]
make multiple passes with nonclausal simplifier [*]
post ite compression enables zombie removal while the number of nodes is above this threshold
calculate sort inference of input problem, convert the input based on monotonic sorts [*]
in models, output arrays (and in future, maybe others) using abstract values, as required by the SMT-LIB standard [*]
in models, output uninterpreted sorts as datatype enumerations [*]
eliminate function applications, rewriting e.g. f(5) to a new symbol f_5 (EXPERTS only) [*]
Force no CPU limit when dumping models and proofs [*]

Decision Heuristics Options

choose decision mode, see --decision=help
ignore all nodes greater than threshold in first attempt to pick decision (EXPERTS only)
use the weight nodes (locally, by looking at children) to direct recursive search (EXPERTS only) [*]
assign random weights to nodes between 0 and N-1 (0: disable) (EXPERTS only)
computer weights of internal nodes using children: off, max, sum, usr1 (meaning evolving) (EXPERTS only)

Driver Options

show all available tags for debugging
show all available tags for tracing
do not run destructors at exit; default on except in debug builds (EXPERTS only) [*]
Total number of threads for portfolio
configures portfolio thread N (0..#threads-1)
stack size for worker threads in MB (0 means use Boost/thread lib default)
don't share (among portfolio threads) lemmas strictly longer than N
Switch to sequential mode (instead of printing an error) if it can't be solved in portfolio mode [*]
Use parallel solver even in incremental mode (may print 'unknown's at times) [*]
continue executing commands, even on error
spin on segfault/other crash waiting for gdb [*]
implement PUSH/POP/multi-query by destroying and recreating SmtEngine (EXPERTS only) [*]
wait for other threads to join before quitting (EXPERTS only) [*]

Parser Options

memory map file input [*]
disable ALL semantic checks, including type checks

Idl Options

enable rewriting equalities into two inequalities in IDL solver (default is disabled)
disable rewriting equalities into two inequalities in IDL solver (default is disabled)

Sets Options

determines whether to propagate learnt facts to Theory Engine / SAT solver [*]
add lemmas even at regular effort [*]

Each option marked with [*] has a --no-OPTIONNAME variant, which reverses the sense of the option.


CVC4 reports all syntactic and semantic errors on standard error.


The CVC4 effort is the culmination of fifteen years of theorem proving research, starting with the Stanford Validity Checker (SVC) in 1996.

SVC's successor, the Cooperating Validity Checker (CVC), had a more optimized internal design, produced proofs, used the Chaff SAT solver, and featured a number of usability enhancements. Its name comes from the cooperative nature of decision procedures in Nelson-Oppen theory combination, which share amongst each other equalities between shared terms.

CVC Lite, first made available in 2003, was a rewrite of CVC that attempted to make CVC more flexible (hence the “lite”) while extending the feature set: CVCLite supported quantifiers where its predecessors did not. CVC3 was a major overhaul of portions of CVC Lite: it added better decision procedure implementations, added support for using MiniSat in the core, and had generally better performance.

CVC4 is the new version, the fifth generation of this validity checker line that is now celebrating fifteen years of heritage. It represents a complete re-evaluation of the core architecture to be both performant and to serve as a cutting-edge research vehicle for the next several years. Rather than taking CVC3 and redesigning problem parts, we've taken a clean-room approach, starting from scratch. Before using any designs from CVC3, we have thoroughly scrutinized, vetted, and updated them. Many parts of CVC4 bear only a superficial resemblance, if any, to their correspondent in CVC3.

However, CVC4 is fundamentally similar to CVC3 and many other modern SMT solvers: it is a DPLL( T ) solver, with a SAT solver at its core and a delegation path to different decision procedure implementations, each in charge of solving formulas in some background theory.

The re-evaluation and ground-up rewrite was necessitated, we felt, by the performance characteristics of CVC3. CVC3 has many useful features, but some core aspects of the design led to high memory use, and the use of heavyweight computation (where more nimble engineering approaches could suffice) makes CVC3 a much slower prover than other tools. As these designs are central to CVC3, a new version was preferable to a selective re-engineering, which would have ballooned in short order.


This manual page refers to CVC4 version 1.4.


A Bugzilla for the CVC4 project is maintained at http://cvc4.cs.nyu.edu/bugzilla3/.


CVC4 is developed by a team of researchers at New York University and the University of Iowa. See the Authors file in the distribution for a full list of contributors.

See Also

libcvc4(3), libcvc4parser(3), libcvc4compat(3)

Additionally, the CVC4 wiki contains useful information about the design and internals of CVC4. It is maintained at http://cvc4.cs.nyu.edu/wiki/.

Referenced By

cvc4(5), libcvc4(3), libcvc4compat(3), libcvc4parser(3).

Explore man page connections for cvc4(1).

pcvc4(1) is an alias of cvc4(1).

CVC4 release 1.4 July 2014