version3-proposal.shtml

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Design by http://www.bluewebtemplates.com
Released for free under a Creative Commons Attribution 3.0 License
-->
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title>SMT-LIB The Satisfiability Modulo Theories Library</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <link href="style.css" rel="stylesheet" type="text/css" />
  <style>
.collapsible {
  background-color: #777;
  color: white;
  cursor: pointer;
  padding: 18px;
  width: 100%;
  border: none;
  text-align: left;
  outline: none;
  font-size: 15px;
}

.active, .collapsible:hover {
  background-color: #555;
}

.coll_content {
  padding: 0 18px;
  max-height: 0;
  overflow: hidden;
  transition: max-height 0.2s ease-out;
  background-color: #f1f1f1;
}
  </style>

<!-- CuFon: Enables smooth pretty custom font rendering. 100% SEO friendly. To disable, remove this section -->
 <script type="text/javascript" src="js/cufon-yui.js"></script>
 <script type="text/javascript" src="js/arial.js"></script>
 <script type="text/javascript" src="js/cuf_run.js"></script>
<!-- CuFon ends -->
<link href="code-prettify/prettify.css" type="text/css" rel="stylesheet" />
<script src="code-prettify/run_prettify.js?lang=smt3&amp;skin=default"></script>
 </head>

 <body onload="PR.prettyPrint()">
  <div class="main">
   <div class="header">
    <div class="header_resize">
     <div class="menu_nav">
      <ul>
       <li><a href="index.shtml">Home</a></li>
       <li><a href="about.shtml">About</a></li>
       <li><a href="news.shtml">News</a></li>
       <li><a href="standard.shtml">Standard</a></li>
       <li><a href="benchmarks.shtml">Benchmarks</a></li>
       <li><a href="software.shtml">Software</a></li>
       <li><a href="credits.shtml">Credits</a></li>
      </ul>
     </div>

     <div class="clr"></div>
     <div class="logo">
      <h1><a href="index.shtml">SMT-LIB <br/>
        <small>The Satisfiability Modulo Theories Library</small></a>
      </h1>
     </div>
         </div>
   </div>
<div class="content">
<div class="content_resize">
<div class="mainbar">

<h2>SMT-LIB Version 3.0 - Preliminary Proposal</h2>
<h4>by C. Barrett, P. Fontaine, and C. Tinelli</h4>
      
<b>Last updated:</b> 2026-03-26

<h3>Overview</h3>

<p>This page contains a high-level proposal for SMT-LIB Version 3.
While some aspects of the language are still being worked out, 
this document is a fairly accurate description of the new format.
A reference document is under construction and will contain 
a description of the proposal in full detail.
This page focuses on the most salient aspects of the proposal, 
for a quicker overview.
More content will be added with time as needed.    
</p>

<h4>Preamble</h4>

<em>The great majority of the changes described below will affect 
the way theories and logics are defined.
It will minimally affect scripts that rely on (the equivalent of) 
SMT-LIB 2.7 logics.
</em>
This means that most of the features of the Version 3 will not have 
to be supported by current SMT solvers.  
Support for some of new features of SMT-LIB 3 can be introduced gradually
over time in a solver as a consequence of deciding to support new theories
and logics that rely on those features.


<h4>New underlying logic</h4>

<p>The main new aspect of the proposed new version is the move from 
(an extension of) many-sorted first-order logic as the underlying logic 
of SMT-LIB to a higher-order logic with polymorphism and dependent types 
but classical semantics.
An important aspect of this change is that the new language for SMT-LIB 
scripts strives to be as backward-compatible as possible to that 
of Version 2.7.
This is achieved in two ways: 
<ol>
<li>Giving new meaning to old syntax as needed.</li>
<li>Defining the formal semantics so that it is essentially the same as 
  the old one over the old syntax.</li>
</ol>
For example, monomorphic sorts from SMT-LIB 2.7 are interpreted 
as simple types, and polymorphic sorts are interpreted as polymorphic types;
maps from Version 2.7 are identified with functions,  which are now 
first class and can be passed to and returned by other functions;
sorted constant and function symbols are interpreted as typed constants,
with function symbols of arity > 1 becoming higher-order constants, 
Curry-style;
index symbols, as in 
<code class="prettyprint lang-smt3">(_ extract i j)</code> 
or
<code class="prettyprint lang-smt3">(_ BitVec 4)</code>, 
are now seen as syntactic sugar for symbols with a dependent type/kind.
As in SMT-LIB 2, a number of additional syntactic restrictions on scripts 
are imposed to obtain various fragments of interests or <em>logics</em>, 
in SMT-LIB 2 terminology. 
</p>

<p>The underlying logic of SMT-LIB 3 has many elements of the Calculus 
of Inductive Constructions (CIC), which are at the basis of the formal
foundation of proof assistants like Rocq and Lean.
The main restriction is allowing only rank-1 (prenex) polymorphism and 
not having a <code class="prettyprint lang-smt3">Prop</code>-like kind 
for (constructive) propositions. 
So, contrary to CIC, formulas are not types and instead continue to be
expressed as terms of a two-element <code class="prettyprint
lang-smt3">Bool</code> type; 
this is more similar to the logic of the PVS proof assistant or 
proof assistants of the HOL family. 
However, as in SMT-LIB 2.7, type polymorphism is approximated 
by having global (i.e., top-level) type variables,
as opposed to actual quantification over types, and so making 
polymorphic constants actually families of overloaded symbols.
In addition to being polymorphic, and contrary to Version 2.7,
types can now depend on values as in dependently-typed logics.
</p>

     
<h3>Motivation</h3>

<p>
The main motivation for the move to a CIC-like logic is manyfold.
<ol>
<li>Having a more expressive underlying logic considerably simplifies 
the design and the formal foundations of the SMT-LIB standard.
It obviates the need for most of the ad-hoc extensions to many-sorted 
first-order logic we had to introduce in Version 2 while also providing 
enough expressive power to define most theories formally, 
as opposed to textually as is done in SMT-LIB 2.
That includes theories that are not easily definable in Version 2 
such as the theory of parametric bit vectors.
</li>
<li>It facilitates the definition of a <em>single</em> language 
to define theories, logics, and benchmarks.
</li>
<li>It extends the possibility for SMT solvers to provide support 
for higher-order reasoning, facilitating their integration 
as automated reasoning back ends into higher-order theorem provers
<!--, such as 
<a href="http://page.mi.fu-berlin.de/lex/leo3/">Leo III</a>,
--> 
and into proof assistants,
<!--
   such as 
<a href="https://coq.inria.fr">Coq</a>, 
<a href="https://hol-theorem-prover.org">HOL4</a>,
<a href="https://isabelle.in.tum.de">Isabelle/HOL</a>, 
and 
<a href="https://leanprover.github.io">Lean</a>
-->
which are also based on a higher-order logic.
Current integrations rely on complex encodings from the higher-order logics
supported by these tools to the many-sorted logic of SMT-LIB 2.
Moving to a higher-order logic should dramatically simplify these encodings,
improving the trustworthiness of the integration.
Natively reasoning with higher-order constructs 
(e.g., via higher-order equational reasoning) by the SMT solver could also
considerably improve solving times on goals coming from these tools.
</li>
<li>It enables the introduction of a number of new SMT-LIB theories 
(for sets, relations, database tables, sequences) which benefit
from the availability of second-order functions such as as fold, map, 
filter and so on, both to define common operations and to reason about them. 
</li>
</ol>
</p>

<p>The move to the new logic maintains backward compatibility
with SMT-LIB 2.7 to a very large extent. 
In particular, it should minimally affect SMT-LIB 2.7-compliant solvers
whose developers choose not to support the new features.
</p>

<h3>The core language</h3>

<p>
Technically, the core language of SMT-LIB 3 is a higher-order logic
with dependent types and rank-1 polymorphism</a>.
Terms in this logic are built out of variables, constants, applications,
Π-abstractions, and λ-abstractions, as in the CIC calculus.
There are three classes of (well-formed) terms in the language: 
<ul>
<li>terms denoting <em>values</em>, such as 
<code class="prettyprint lang-smt3">3</code>, 
<code class="prettyprint lang-smt3">(+ x 3)</code>, 
<code class="prettyprint lang-smt3">(lambda ((x Int)) (+ x 3))</code>;
</li>
<li>terms denoting <em>types</em>, such as 
<code class="prettyprint lang-smt3">Bool</code>,
<code class="prettyprint lang-smt3">Int</code>,
<code class="prettyprint lang-smt3">(-> Int Real)</code>,
<code class="prettyprint lang-smt3">(Array Int Bool)</code>,
<code class="prettyprint lang-smt3">(List Int)</code>,
<code class="prettyprint lang-smt3">(BitVec 3)</code>;
</li>
<li>terms denoting <em>kinds</em>, such as
<code class="prettyprint lang-smt3">Type</code>,
<code class="prettyprint lang-smt3">(-> Int Type)</code>.
</li>
</ul>

Types classify values and kinds classify types.
Except for <code class="prettyprint lang-smt3">Type</code>, 
the kind of all types, kinds are actually not directly expressible 
in the concrete syntax of SMT-LIB 3, as that is not necessary.
They appear only in abtract syntax where they are used to specify 
the logic's type system.
The symbol <code class="prettyprint lang-smt3">-></code>,
which in Version 2.7 denotes the constructor of the map sort,
now denotes the function type/kind constructor 
(as maps and functions are idenfitied in Version 3).
We will write it as <code class="prettyprint lang-smt3">→</code> 
in this document from now on, for readability.
</p>

<p>
Well-formed value terms have an associated type term (or, simply, type). 
Well-formed type terms have an associated kind term (or, simply, kind).
For instance, 
<ul>
<li>
<code class="prettyprint lang-smt3">3</code>
is a constant of type 
<code class="prettyprint lang-smt3">Int</code>, 
which has kind 
<code class="prettyprint lang-smt3">Type</code>;
</li>
<li>
<code class="prettyprint lang-smt3">not</code>
is a constant of type
<code class="prettyprint lang-smt3">(→ Bool Bool)</code>, 
which has kind
<code class="prettyprint lang-smt3">Type</code>;
</li>
<li>
<code class="prettyprint lang-smt3">List</code>
is a type constant of kind
<code class="prettyprint lang-smt3">(→ Type Type)</code>;
</li>
<li>
<code class="prettyprint lang-smt3">BitVec</code>
is a type constant of kind
<code class="prettyprint lang-smt3">(→ Int Type)</code>.
</li>
</ul>

Note that <code class="prettyprint lang-smt3">→</code> is both a type and 
a kind constant.
The syntax <code class="prettyprint lang-smt3">(→ α β)</code> can be understood 
as an abbreviation of the CIC type or kind Π x:α β. 
The constant
<code class="prettyprint lang-smt3">→</code>
can be used as a multiarity right-associative symbol.
This allows one, for example, to write the type
<code class="prettyprint lang-smt3">(→ A (→ B C))</code>
as
<code class="prettyprint lang-smt3">(→ A B C)</code>,
and the kind 
<code class="prettyprint lang-smt3">(→ Type (→ Int Type))</code>
as
<code class="prettyprint lang-smt3">(→ Type Int Type)</code>.

Function symbols of rank 
<code class="prettyprint lang-smt3">(τ₁ ⋅⋅⋅ τᵢ)</code> 
in Version 2.7 become constants of type 
<code class="prettyprint lang-smt3">(→ τ₁ ⋅⋅⋅ τᵢ)</code>
in Version 3.
This means that function symbols with more than one argument become
higher-order in Version 3. 
For instance, the integer addition operator 
<code class="prettyprint lang-smt3">+</code> 
now has type 
<code class="prettyprint lang-smt3">(→ Int Int Int)</code>, 
that is,
<code class="prettyprint lang-smt3">(→ Int (→ Int Int))</code>.
</p>

<p>
With the shift to seeing funtion symbols as constants of
<code class="prettyprint lang-smt3">→</code>
type, the command 
<code class="prettyprint lang-smt3">declare-const</code> 
becomes primitive, and 
<code class="prettyprint lang-smt3">declare-fun</code>
and
<code class="prettyprint lang-smt3">define-fun</code>
are now derived from it. 

For example, following commands
<pre class="prettyprint lang-smt3">
  (declare-fun h (Int Real) Real)
  (define-fun avg ((x Real) (y Real)) Real (/ (+ x y) 2.0))
</pre>
are defined as having the same effect as 
<pre class="prettyprint lang-smt3">
  (declare-const h (→ Int Real Real))
  (define-const avg (→ Real Real Real)
    (lambda ((x Real) (y Real)) (/ (+ x y) 2.0)))
</pre>

For similar reasons,
<code class="prettyprint lang-smt3">define-fun-rec</code>
is now defined in terms of the new primitive command
<code class="prettyprint lang-smt3">define-const-rec</code>.
(See the Commands section below for more details on commands.)
</p>

<h4>Name Space and Shadowing</h4>

<p>
There is a single name space for identifiers, regardless of whether 
they are used as value constants, type constants, or variables. 
Within this name space, bound variables, that is, variables local 
to a specific binder, can shadow any identifier with the same name, 
including other variables, in accordance with the standard 
lexical scoping discipline.
Note that this policy is more flexible than in Version 2,
where bound variables cannot have the same name as, and so cannot shadow,
theory symbols.
</p>



<h4>Dependent Types</h4>
<p>
In Version 3, constants that have a type τ dependent on a value take 
as extra argument also the value that τ depends on. 
For instance, bit vector function symbols take as argument also the size 
of the bit vector. 
For conciseness and backward compatibility, however, 
such arguments are declared as <em>implicit</em> 
any time they can be inferred from later arguments. 
</p>

<p>
Concretely, dependent function types are expressed with the syntax 
illustrated in this example:

<pre class="prettyprint lang-smt3">
  (→ (! Int :var n) (BitVec n) (BitVec (+ n 1)))
</pre>

This expression denotes the type of a function that takes as input 
an integer 
<code class="prettyprint lang-smt3">n</code> 
and returns a function that takes a bit vector of size 
<code class="prettyprint lang-smt3">n</code>, 
and returns a bit vector of size 
<code class="prettyprint lang-smt3">n + 1</code>.
Note that 
<code class="prettyprint lang-smt3">(! Int :var n)</code> 
uses the same term annotation syntax as in Version 2 
but extended to type terms as well.
The new predefined 
<code class="prettyprint lang-smt3">:var</code> 
attribute annotating 
<code class="prettyprint lang-smt3">Int</code> 
in this case provides a name 
(<code class="prettyprint lang-smt3">n</code>)
for the first input. 
The general syntax for dependent types is 
<pre class="prettyprint lang-smt3">
  (→ (! <i>τ₁</i> :var <i>x</i>) <i>τ₂</i>) 
</pre>
where 
<code class="prettyprint lang-smt3"><i>x</i></code>
is a bound variable whose scope is 
<code class="prettyprint lang-smt3">τ₂</code>.
An alternative syntax, more reminiscent of that of dependently type logics,
might have been:
</p>

<p style="text-align: center;">
<code class="prettyprint lang-smt3">(Pi (<i>x</i> <i>τ₁</i>) <i>τ₂</i>)
</code>
or
<code class="prettyprint lang-smt3">(Forall (<i>x</i> <i>τ₁</i>) <i>τ₂</i>)
</code>
</p>

which perhaps makes it clearer that 
<code class="prettyprint lang-smt3"><i>x</i></code> 
is a variable bound by the binder 
<code class="prettyprint lang-smt3">Pi</code>
or
<code class="prettyprint lang-smt3">Forall</code> 
in the scope 
<code class="prettyprint lang-smt3"><i>τ₂</i></code>.
However, the annotation-based syntax is possibly more legible and, 
more importantly, more flexible because it allows the annotation 
of function inputs with further attributes. 
In particular, it allows one to declare an input argument as implicit.
This is done with the new valueless attribute 
<code class="prettyprint lang-smt3">:implicit</code> 
that can be associated to a function argument.
For example,

<pre class="prettyprint lang-smt3">
  (→ (! Int :var n :implicit) (BitVec n) (BitVec n))
</pre>

makes the first argument implicit &mdash; in the sense that 
it is not needed in applications of functions of that type. 
This is sensible since the value of the first argument can be inferred 
from the type of the second argument.
</p>
<p>A further attribute, 
<code class="prettyprint lang-smt3">:restrict</code>,
permits the imposition of semantic restrictions on input and output values 
of a function, something that, in its full generality, effectively allows 
the definition of PVS-style predicate subtypes (aka, refinement types). 
For instance, in type

<pre class="prettyprint lang-smt3">
  (→ (! Int :var n :implicit :restrict (> n 0)) (BitVec n) (BitVec n))
</pre>

the implicit argument
<code class="prettyprint lang-smt3">n</code>
is required to be a positive integer.
In PVS syntax, this would be the dependent type 
<pre class="prettyprint lang-smt3">
  [n: {m : Int | m > 0} → BitVec(n) → BitVec(n)]
</pre>
This notation can also express relational constraints on the input and 
output types, as for instance, in

<pre class="prettyprint lang-smt3">
  (→ (! Int :var m :implicit :restrict (> m 0)) 
     (! Int :var n :implicit :restrict (> n m)) 
     (BitVec m) (BitVec n) (BitVec (- n m)))
</pre>

Yet another attribute, 
<code class="prettyprint lang-smt3">:syntax</code>, 
allows the introduction of <em>syntactic restrictions</em> on input terms:

<pre class="prettyprint lang-smt3">
  (→ (! Int :var n :implicit :restrict (> n 0) :syntax <.numeral.>) 
     (BitVec n) (BitVec n))
</pre>

The additional restriction 
<code class="prettyprint lang-smt3">:syntax <.numeral.></code>
specifies that the only permitted applications of functions 
of the type above are those where the argument
<code class="prettyprint lang-smt3">n</code> 
is (αβ-reducible to) a concrete constant 
(<code class="prettyprint lang-smt3">0</code>,
<code class="prettyprint lang-smt3">1</code>,
<code class="prettyprint lang-smt3">2</code>, ...)
and not a symbolic term 
(<code class="prettyprint lang-smt3">x</code>,
<code class="prettyprint lang-smt3">(+ x 1)</code>, ...).
This is convenient, for instance, when defining the current SMT-LIB 2 logics
with bit vectors, where bit vector sizes cannot be symbolic.
The language includes constructs to define syntactic categories like
<code class="prettyprint lang-smt3"><.numeral.></code> (see later).
</p>


<h4>Polymorphic Types</h4>

<p>
Polymorphic types reproduce the polymorphic sorts of Version 2.7 
through the introduction of globally-declared <em>type variables</em>.
A polymorphic type is either a type variable, a nullary type constant,
or the application of a non-nullary type constant to value terms and/or 
polymorphic types. 
For instance, if 
<code class="prettyprint lang-smt3">X</code>
and 
<code class="prettyprint lang-smt3">Y</code>
are type variables, and
<code class="prettyprint lang-smt3">Int</code>
and 
<code class="prettyprint lang-smt3">Array</code>
are type constants, then 
<code class="prettyprint lang-smt3">(Array Int Int)</code>, 
<code class="prettyprint lang-smt3">(Array Int Y)</code>,
<code class="prettyprint lang-smt3">(Array X Int)</code>,
and 
<code class="prettyprint lang-smt3">(Array X Y)</code>
are all polymorphic types.
A <em>monomorphic type</em> is a polymorphic type with no occurrences
of type variables. 
For example, 
<code class="prettyprint lang-smt3">(Array Int Int)</code>
is a polymorphic type that is also monomorphic.
</p>

<p>Note that this version of polymorphism is (intentionally) not equivalent
to polymorphism in logics like CIC, where polymorphic functions take types
as input.
For example, the array <code class="prettyprint lang-smt3">select</code> function in <b>does not</b> have type:

<pre class="prettyprint lang-smt3">
  (→ (! Type :var I :implicit) (! Type :var E :implicit) (Array I E) I E) 
</pre>

where the first two, implicit arguments
<code class="prettyprint lang-smt3">I</code>
and 
<code class="prettyprint lang-smt3">E</code>
are types.
In contrast, and in full analogy with SMT-LIB 2.7, it has type

<pre class="prettyprint lang-smt3">
  (→ (Array I E) I E) 
</pre>

where
<code class="prettyprint lang-smt3">I</code>
and
<code class="prettyprint lang-smt3">E</code>
are two previously declared type variables.

The difference between the two types is subtle but significant. 
A constant of type
<code class="prettyprint lang-smt3">(→ (Array I E) I E)</code>
does not denote a single function but a <em>family</em> of functions
of monomorphic type, one for each monomorphic instance of
<code class="prettyprint lang-smt3">(→ (Array I E) I E)</code>.
This effectively allows <em></em>only prenex</em> polymorphism, 
in contrast to the unrestricted polymorphism of logics like CIC. 
In fact, it does not even allow (ML-style) let-polymorphism
since the 
<code class="prettyprint lang-smt3">let</code>
binder does not locally bind type variables. 


<h4>Terms</h4>

<p>
A consequence of identifying functions and maps from Version 2.7
is that the
<code class="prettyprint lang-smt3">lambda</code>
binder of Version 2.7 can now be used to construct
the lamba abstractions for all types, not just map types.
Its general form is now

<pre class="prettyprint lang-smt3">
  (lambda ((<i>x</i> <i>τ₁</i>)) <i>t</i>)
</pre>

where <i>t</i> is a value term and <i>x</i> is a bound variable of type
<i>τ₁</i> with scope <i>t</i>.
As usual, the abstraction has type 
<code class="prettyprint lang-smt3">(→ τ₁ τ₂)</code>
if <i>t</i> has type τ₂ in the typing context that assigns type τ₁ to <i>x</i>.
For instance, this allows the construction of lambda abstractions such as

<pre class="prettyprint lang-smt3">
  (lambda ((x A)) (lambda ((y A)) (not (= x y))))
</pre>

or, more concisely,
<code class="prettyprint lang-smt3">(lambda ((x A) (y A)) (not (= x y))</code>,
of type 
<code class="prettyprint lang-smt3">(→ A Bool)</code>.
</p>

<p>Since a constant <code class="prettyprint lang-smt3">f</code> of type
<code class="prettyprint lang-smt3">(→ σ₁ ⋅⋅⋅ σᵢ)</code>
is a higher-order function when i > 2, partial applications of such constants,
e.g., 
<code class="prettyprint lang-smt3">(f t)</code>,
are meaningful and legal.
The syntax
<code class="prettyprint lang-smt3">(f t₁ ⋅⋅⋅ tᵢ)</code> 
for the full application of
<code class="prettyprint lang-smt3">f</code>
remains the same as in Version 2.7 although it is now seen as an abbreviation of
<code class="prettyprint lang-smt3">( ⋅⋅⋅ ((f t₁) t₂) ⋅⋅⋅ tᵢ)</code>.
</p>

<p>
Version 2.7 allows the application of maps via the <em>apply</em> operator  
<code class="prettyprint lang-smt3">@</code>, 
as in 
<code class="prettyprint lang-smt3">(@ f a)</code>.
This syntax is maintained but is now extended to all functions,
because of the identification of maps with functions.
</p>


<h4>Formulas</h4>

<p>
As in Version 2, formulas are terms of type 
<code class="prettyprint lang-smt3">Bool</code>.
Predefined constants include 

<ul>
<li>the constants
  <code class="prettyprint lang-smt3">true</code> and
  <code class="prettyprint lang-smt3">false</code> of type 
  <code class="prettyprint lang-smt3">Bool</code>,
</li>
<li>the equality operator
  <code class="prettyprint lang-smt3">=</code>,
  now a polymorphic constant of type 
  <code class="prettyprint lang-smt3">(→ <i>α</i> <i>α</i> Bool)</code>,
</li>
<li> the 
  <code class="prettyprint lang-smt3">ite</code>
  operator, now a polymorphic constant of type 
  <code class="prettyprint lang-smt3">(→ Bool <i>α</i> <i>α</i> <i>α</i>)</code>,
</li>
</ul>
where <i>α</i> is a type variable.
</p>

<p>A core language of commands allows one to declare new type variables, 
type constants, and value constants, and to assert formulas.

<pre class="prettyprint lang-smt3">
  (declare-type-var X)  ; declares a new type variable 
  (declare-type A ())   ; declares a new simple type (a nullary type constant) 
  (declare-type B ()) 
  (declare-const a A)        ; declares a constant of type A
  (declare-const f (→ A B))  ; declares a constant of type (→ A B)
  (declare-const g (→ A B))
  (declare-const p (→ A B Bool))
  (declare-const id (→ X X)) ; a polymorphic function 

  (assert (= b (f a))) 
  (assert (= f g))                                   ; higher-order assertion
  (assert (= p (lambda ((x A) (y B)) (= (g x) y))))  ; higher-order assertion
  (assert (forall ((x X)) (= x (id x))))             ; polymorphic assertion
</pre>

Constants for polymorphic/dependent types can be declared 
as in the examples below:
<pre class="prettyprint lang-smt3">
  (declare-type Collection (Type))
  (declare-type Pair (Type Type)) 
  (declare-type BitVec (Int)) 
  (declare-type Vector (Type Int)) 
</pre>

All these constants take types and/or values as input and construct a type.
This means that type constant <code class="prettyprint lang-smt3">Collection</code> 
has kind 
<code class="prettyprint lang-smt3">(→ Type Type)</code>.
Type constant <code class="prettyprint lang-smt3">Pair</code> has kind 
<code class="prettyprint lang-smt3">(→ Type Type Type)</code>.
Type constant <code class="prettyprint lang-smt3">BitVec</code> 
has kind <code class="prettyprint lang-smt3">(→ Int Type)</code>.
<br>
Type constant <code class="prettyprint lang-smt3">Vector</code> 
has kind <code class="prettyprint lang-smt3">(→ Type Int Type)</code>.
If <code class="prettyprint lang-smt3">X</code> is a type variable,
the type 
<code class="prettyprint lang-smt3">
  (→ (! Int :var n) (Vector X n))
</code>
is both polymorphic (in 
<code class="prettyprint lang-smt3">X</code>), 
and dependent (on 
<code class="prettyprint lang-smt3">n</code>).
</p>

<p>
Note that since 
<code class="prettyprint lang-smt3">declare-type</code>
is essentially a constant declaration but the at level of kinds, 
the command 
<code class="prettyprint lang-smt3">(declare-type Vector (Type Int))</code>,
say, could be understood as an abbreviation of 
<code class="prettyprint lang-smt3">
 (declare-const Vector (→ Type Int Type))</code>, 
although the latter syntax is not actually allowed.
</p> 

<h4>Semantic restrictions on types</h4>

<p>
While semantic restrictions on types yield the full power 
of predicate subtyping, their intended use in SMT-LIB 3 is 
to document precisely the input domain over which a partial function or 
type constant is defined.
<em>So they are meant to be used as formal documentation,
not as the definition of a subtype.</em>
The type system SMT-LIB 3 remains without subtypes which means that 
semantic restrictions on types can be completely ignored 
for type checking purposes.
That said, solvers can use type restriction information to provide 
more informative messages in case of scripts that use 
partial functions outside of their domain of definition.
As an example, the integer division operator in Version 3 is defined 
as follows

<pre class="prettyprint lang-smt3">
  (declare-const div (→ Int (! Int :var n :restrict (distinct n 0)) Int) 
</pre>

A solver could use the knowledge of the <em>official</em> restriction above
for instance to issue a warning when it returns a model that gives value 0 
to a term occurring as the second argument of a
<code class="prettyprint lang-smt3">div</code>
application in an assertion. 
Alternatively, it could try to determine statically, 
before solving an input problem, if all applications of partial functions
in the problem are provably to values within the function's domain, and
issue a warning otherwise.
</p>

<p>
Semantic restrictions can be introduced in declarations and
definitions, and can apply also to the returned value,
as shown in the following example.

<pre class="prettyprint lang-smt3">
  (declare-const f 
    (-> (! Int :var m1 :restrict (> m1 0)) 
        (! Int :var m2 :restrict (> m2 m1)) 
        (! Int :var n :restrict (exists ((x Int)) (= n (* 2 x)))))
  )
</pre>
or, equivalently
<pre class="prettyprint lang-smt3">
  (declare-fun f ((m1 Int :restrict (> m1 0)) (m2 Int :restrict (> m2 m1)))
    (! Int :var n :restrict (exists ((x Int)) (= n (* 2 x))))
  )
</pre>

Both commands introduce a function 
<code class="prettyprint lang-smt3">f</code> 
that takes two integers as input and returns an integer.
The semantic restrictions indicate that the function is not arbitrary:
whenever the first argument is greater than 0 and the second argument is
greater than the first, the returned value is an even integer.
Note how in the case of
<code class="prettyprint lang-smt3">declare-fun</code>
the 
<code class="prettyprint lang-smt3">:restrict</code>
attribute is added directly to the declaration of each named input, 
making the 
<code class="prettyprint lang-smt3">:var</code>
attribute is unnecessary.
</p>

<p>
As another example, the bit vector type 
in the theory of bit vectors could be defined as follows:

<pre class="prettyprint lang-smt3">
  (declare-type BitVec ((! Int :var m :restrict (>= m 0)))
</pre>

Since the parameter
<code class="prettyprint lang-smt3">m</code>
expresses the size of the vector, the added restriction limits the value of 
<code class="prettyprint lang-smt3">m</code>
to the positive integers.
</p>


<h4>Syntactic restrictions on types</h4>

<p>
Syntactic restrictions on types are orthogonal to semantic ones and
have a different purpose: to restrict the set of expressible terms and
formulas in a benchmark so as to achieve decidability 
of the satisfiability problem or some other computational objective &mdash; 
as done, for instance, in the various BV logics of SMT-LIB 2.
Concretely, in modules corresponding to SMT-LIB logics (see later), 
the parameter
<code class="prettyprint lang-smt3">m</code> of the bit vector type above 
is further constrained  to be a numeral, as opposed to an arbitrary
<code class="prettyprint lang-smt3">Int</code>
integer term, as follows:

<pre class="prettyprint lang-smt3">
  (declare-type BitVec ((! Int :var m :restrict (>= m 0) :syntax <.numeral.>)))
</pre>

This means that, in those logics, the 
<code class="prettyprint lang-smt3">BitVec</code> 
constant can be applied only to terms that evaluate (that is, αβ-reduce) 
to numerals.
The same mechanism is applied in logics of linear integer arithmetic 
to restrict applications of the multiplication operator 
to linear multiplications.
For instance, in linear integer arithmetic, multiplication could be defined 
as follows (the actual definition is more elaborate):

<pre class="prettyprint lang-smt3">
  (define-fun-rec * ((x Int :syntax <.signed_numeral.>) (y Int)) 
    (ite (= x 0) 0
      (ite (< x 0) (* (- x) y) 
        (+ x (* ((- x 1) y)))))
   :left-assoc)
</pre>

where  
<code class="prettyprint lang-smt3"><.signed numeral.></code>
denotes the set of numerals and negated positive numerals
(<code class="prettyprint lang-smt3">(- 1)</code>,
<code class="prettyprint lang-smt3">(- 2)</code>,
...).
Note that the first argument in the recursive calls in the definition of  
<code class="prettyprint lang-smt3">*</code>
are terms that reduce to a term in 
<code class="prettyprint lang-smt3"><.signed numeral.></code>
whenever the value of argument
<code class="prettyprint lang-smt3">x</code>
is a term in that set.
</p>

<p>
Contrary to semantic restrictions, syntactic restrictions must be enforced
by compliant SMT solvers.
</p>


<h3>Commands</h3>

<p>The SMT-LIB 3 language contains almost all commands in Version 2.7
as well as an additional number of new constructs and commands.
A large number of them, however, are defined in terms of the core language
above.
This includes all the commands from Version 2.7, none of which change 
semantics in practice in Version 3.
Most of them become syntactic sugar of <em>core</em> Version 3 commands.
Some of them will be deprecated and eventually phased out.
For instance,
<code class="prettyprint lang-smt3">declare-const</code> 
is now a core command while 
<code class="prettyprint lang-smt3">declare-fun</code> 
is not.
The SMT-LIB 2.7 expression 

<pre class="prettyprint lang-smt3">
  (declare-fun <i>f</i> (τ₁ ⋅⋅⋅ τᵢ) τ)
</pre>

with i > 0 is now an abbreviation of 

<pre class="prettyprint lang-smt3">
  (declare-const <i>f</i> (→ τ₁ ⋅⋅⋅ τᵢ τ))
</pre>

Similarly,
<pre class="prettyprint lang-smt3">
  (define-fun <i>f</i> ((<i>x₁</i> τ₁) ⋅⋅⋅ ((<i>xᵢ</i> τᵢ)) τ <i>t</i>)
</pre>
and
<pre class="prettyprint lang-smt3">
  (define-fun-rec <i>f</i> ((<i>x₁</i> τ₁) ⋅⋅⋅ ((<i>xᵢ</i> τᵢ)) τ <i>t</i>)
</pre> 
are now respective abbreviations of 

<pre class="prettyprint lang-smt3">
  (define-const <i>f</i> (→ τ₁ ⋅⋅⋅ τᵢ τ) (lambda ((<i>x₁</i> τ₁) ⋅⋅⋅ ((<i>xᵢ</i> τᵢ)) <i>t</i>))
</pre>

and

<pre class="prettyprint lang-smt3">
  (define-const-rec <i>f</i> (→ τ₁ ⋅⋅⋅ τᵢ τ) (lambda ((<i>x₁</i> τ₁) ⋅⋅⋅ ((<i>xᵢ</i> τᵢ)) <i>t</i>))
</pre>
where 
<code class="prettyprint lang-smt3">define-const-rec</code> 
is a new core command.
</p>

<p>In a similar vein, sorts are not primitive anymore and become types.
Correspondingly,
<code class="prettyprint lang-smt3">declare-sort</code> 
is now a special case of the new core command 
<code class="prettyprint lang-smt3">declare-type</code>.
For instance, 

<pre class="prettyprint lang-smt3">
  (declare-sort <i>S</i> <i>n</i>)
</pre>

with <i>n</i> ≥ 0 now becomes an alternative syntax for 

<pre class="prettyprint lang-smt3">
  (declare-type <i>S</i> (Type ⋅⋅⋅ Type))
</pre>

with <i>n</i> occurrences of <code class="prettyprint lang-smt3">Type</code>.
Similarly, 

<pre class="prettyprint lang-smt3">
  (define-sort <i>S</i> (<i>u</i>₁ ⋅⋅⋅ <i>u</i>ᵢ) σ)
</pre>

now becomes an alternative syntax for 
<pre class="prettyprint lang-smt3">
  (define-type <i>S</i> ((<i>u</i>₁ Type) ⋅⋅⋅ (<i>u</i>ᵢ Type)) σ)
</pre>

Note that 
<code class="prettyprint lang-smt3">declare-type</code> 
and 
<code class="prettyprint lang-smt3">define-type</code>
are more general than their Version 2 counterparts 
because they can introduce (value) dependent types as well.

<pre class="prettyprint lang-smt3">
  (declare-type Vector (Type (! Int :var m :restrict (>= m 0)))
  (define-type NonEmptyRealVector ((n Int :restrict (> n 0))) (Vector Real n))
  (define-type RealVector8 () (NonEmptyRealVector 8))
</pre>
</p>

<h4>Command attributes</h4>

The syntax of commands is extended with the addition 
of optional attributes which can inserted in arbitrary order
after the command's arguments.
This is most useful for 
<code class="prettyprint lang-smt3">declare-const</code>
and similar commands as it allows the incorporation 
of Version 2 attributes from the theory definition sublanguage,
as well as new ones.

<pre class="prettyprint lang-smt3">
  (declare-type-var A)
  ...
  (declare-const = (-> A A Bool)
   :pairwise 
   :builtin 
   "= denotes the identity function, which returns true iff 
    its two arguments are identical.") 

  (define-fun or ((b1 Bool) (b2 Bool)) Bool
    (ite b1 true b2) 
   :left-assoc)
</pre>

The full list of attributes per command will be provided
in the reference document.
More examples can be found in the sample theory modules below.

<h3>Binders</h3>

<p>The primitive binders in Version 3 are 
<ul>
<li>
<code class="prettyprint lang-smt3">let</code>, 
the parallel version of local definitions 
(<code class="prettyprint lang-smt3">(let ((<i>x₁ t₁</i>) ⋅⋅⋅ (<i>x<sub>n</sub> t<sub>n</sub></i>)) <i>t</i>)</code>);
</li>
<li>
<code class="prettyprint lang-smt3">lambda</code>, 
for function (λ) abstraction
(<code class="prettyprint lang-smt3">(lambda ((<i>x₁ τ₁</i>) ⋅⋅⋅ (<i>x<sub>n</sub> τ<sub>n</sub></i>)) <i>t</i>)</code>).
</li>
</ul>

The 
<code class="prettyprint lang-smt3">let</code> 
binder is the same as in Version 2 with the addition that now it can be used 
to define higher-order variables. 
The <code class="prettyprint lang-smt3">lambda</code> 
binder is an extension to functions of the corresponding binder of Version 2.7.
</p>

<p>
The other binders are the following:
<ul>
<li>
<code class="prettyprint lang-smt3">match</code>, 
for cases analysis of algebraic datatypes; 
</li>
<li>
<code class="prettyprint lang-smt3">forall</code>, 
the universal quantifier;
</li>
<li>
<code class="prettyprint lang-smt3">exists</code>, 
the existential quantifier;
</li>
<li>
<code class="prettyprint lang-smt3">choose</code>, 
the Hilbert choice operator ε.
</li>
</ul>
They are non-primitive as they can be defined in terms of the primitive ones.
The
<code class="prettyprint lang-smt3">match</code> 
binder has the same syntax as in Version 2.7 and is defined in terms of
<code class="prettyprint lang-smt3">let</code>, 
also as in Version 2.7.
The
<code class="prettyprint lang-smt3">forall</code> 
and
<code class="prettyprint lang-smt3">exists</code> 
quantifiers have the same syntax as in Version 2, however,
they are not primitive anymore and are instead defined as higher-order functions.
Their binder syntax is now syntactic sugar for terms based on 
<code class="prettyprint lang-smt3">lambda</code>.
For instance, 
<code class="prettyprint lang-smt3">forall</code>
is now defined as the polymorphic function

<pre class="prettyprint lang-smt3">
  (lambda ((p (→ A bool))) (= p (lambda ((x A)) true)))))
</pre>

of type
<code class="prettyprint lang-smt3">(→ (→ A Bool) Bool)</code>
where 
<code class="prettyprint lang-smt3">A</code> is a type-variable.
The binder syntax, with expressions of the form 

<pre class="prettyprint lang-smt3">
  (forall ((x₁ τ₁) ⋅⋅⋅ (xᵢ τᵢ)) φ) 
</pre>

is understood as an abbreviation of

<pre class="prettyprint lang-smt3">
  (forall (lambda ((x₁ τ₁) ⋅⋅⋅ (xᵢ τᵢ)) φ)) 
</pre>

The 
<code class="prettyprint lang-smt3">exists</code>
binder is defined similarly.
The
<code class="prettyprint lang-smt3">choose</code>
binder is new.
It too is a second-order function that can be used with a binder syntax.
The expression

<pre class="prettyprint lang-smt3">
  (choose (x τ) φ)
</pre>

abbreviates

<pre class="prettyprint lang-smt3">
  (choose (lambda ((x τ)) φ))
</pre>

where the function
<code class="prettyprint lang-smt3">choose</code>
has the polymorphic type
<code class="prettyprint lang-smt3">(→ (→ A bool) A)</code>.
The function is defined axiomatically in terms of 
<code class="prettyprint lang-smt3">exists</code>, 
as usual.
</p>


<h3>Polymorphism in declarations, definitions and assertions</h3>

Exactly as in Version 2.7, polymorphic functions can be introduced 
only globally, with the commands for declaring or defining constants.
It is not possible to have (let-introduced) polymorphic variables
or to pass polymorphic functions as argument to other functions.
In contrast, it is possible to make polymorphic assertions.
This is illustrated by the following example,
where we (illegally) name the type variable α, for emphasis:

<pre class="prettyprint lang-smt3">
  (declare-type-var α)
  (declare-const f (→ α α))

  (assert (forall ((a α)) (= (f a) a)))

  (define-fun g1 ((a α) (p (→ α Bool))) Bool (p a)) 
  (define-fun g2 ((a α) (p (→ α Bool))) Bool (p 6)) ; ill typed

  (assert 
    (let ((id (lambda ((x α)) x)))
      (= 1 (id 1))                                  ; ill typed
    )
  )
</pre>

Function
<code class="prettyprint lang-smt3">f</code>
is polymorphic.
Its type, in math notation, is ∀α.(α → α).
So it stands for the family of all functions
whose type is a monomorphic instance of α → α
(<code class="prettyprint lang-smt3">(→ Bool Bool)</code>,
<code class="prettyprint lang-smt3">(→ Int Int)</code>, 
...).
Correspondingly,
the first assertion stands for a family of assertions, again
one for each monomorphic instance of (α → α).
</p>

<p>
Function
<code class="prettyprint lang-smt3">g1</code> 
is also polymorphic, with type ∀α.(α → (α → Bool) → Bool).
However, note that its input predicate
<code class="prettyprint lang-smt3">p</code> 
is not polymorphic: for each monomorphic instance of 
<code class="prettyprint lang-smt3">g1</code> 
of type (τ → (τ → Bool) → Bool),
the input function 
<code class="prettyprint lang-smt3">p</code> 
is of type τ → Bool, not ∀α.(α → Bool).
This means that function
<code class="prettyprint lang-smt3">g2</code>
has in fact an ill-typed body 
since its instance of type (String → (String → Bool) → Bool),
say, applies its input function to a value whose type is not String.
</p>

<p>
The argument of the last assert is ill-typed in a similar way, 
since the variable 
<code class="prettyprint lang-smt3">id</code>
has type α → α, not ∀α.(α → α).
In more technical terms then, Version 3's type system does not allow
let-polymorphism.
Only globally defined symbols can be polymorphic.
</p>


<h3>Overloading</h3>

<p>
Within an SMT-LIB 3 script, some symbols can be <em>overloaded</em> 
by redeclaring them, others cannot. 
Specifically, type constants and type variables cannot be overloaded.
In particular, they cannot be redeclared as a type constant, 
type variable, value constant or local variable.
In contrast, value constants can always be redeclared.
We say that a constant <i>f</i> has a, possibly polymorphic, 
<em>principal type</em> τ in a script if the script contains 
a declaration or definition of <i>f</i> with type τ. 
A constant has more than one principal type in a script if and only if 
it is overloaded.

As in previous versions, Version 3 enforces a type discipline 
that allows simple bottom-up typing, with no need for type inference.
If a constant <i>f</i> is overloaded, the type of each occurrence 
of <i>f</i> in a term is determined as follows:

<ol>
<li> 
If <i>f</i> occurs in a function position, as in (<i>f t₁ ··· tₙ</i>), 
the type of <i>f</i> is the one in the most recent declaration of <i>f</i> 
that makes (<i>f t₁ ··· tₙ</i>) well typed;
</li>
<li>
If <i>f</i> occurs as an argument, as in (<i>t₁ ··· f ··· tₙ</i>), 
its type is the one in the most recent declaration of <i>f</i>.
</li>
</ol>
</p>

<p>
This disambiguation policy can be overridden by explicitly ascribing 
to <i>f</i> one of its types using the
<code class="prettyprint lang-smt3">as</code>
operator, in an expression of the form 
<code class="prettyprint lang-smt3">(as <i>f</i> τ)</code>
where τ is the intended type of that occurrence, that is, 
an instance of a principal type of <i>f</i>. 
Specifically, the <i>f</i> selected by 
<code class="prettyprint lang-smt3">(as <i>f</i> τ)</code>
is the most recently declared <i>f</i> whose type has τ as an instance.

<pre class="prettyprint lang-smt3">
  (declare-type-var X)
  (declare-const f (→ (List X) X))    ; variant 1, polymorphic
  (declare-const f (→ Int Real Int))  ; variant 2
  (declare-const f (→ Int Int))       ; variant 3
  (declare-const f (→ Int Real))      ; variant 4
  (declare-const p (→ X Bool))

  (assert (f 5 4.3))  ; no ambiguity, variant 2 of f inferred here
  (assert (f 8))      ; ambiguity resolved in favor of variant 4, the most recent
  (assert (p f))      ; ambiguity resolved in favor of variant 4, the most recent
</pre>

Constant 
<code class="prettyprint lang-smt3">f</code>
in the script fragment above is both polymorphic and overloaded. 
In the first assertion, the 
<code class="prettyprint lang-smt3">f</code>
in question is variant 2, the only one with an
<code class="prettyprint lang-smt3">Int</code>
and a 
<code class="prettyprint lang-smt3">Real</code>
input.
In contrast, the application
<code class="prettyprint lang-smt3">(f 5)</code>
in the second assertion cannot be disambiguated among variants 2, 3 and 4.
(For variant 2, note that its actual type is 
<code class="prettyprint lang-smt3">(→ Int (→ Real Int))</code>
and partial applications are permitted.)
In this case, variant 4, the most recent, is the default.
If variant 3, say, was meant, the application should have been written as
<code class="prettyprint lang-smt3">((as f (→ Int Int)) 8)</code>.
In the last assertion, where 
<code class="prettyprint lang-smt3">f</code>
is not applied but is passed as an argument,
the ambiguity is resolved again in favor of variant 4;
the use of 
<code class="prettyprint lang-smt3">as</code>
is necessary to pass a different variant.
</p>

<p>In extensions of the script above with later commands,
<code class="prettyprint lang-smt3">f</code>
cannot be reintroduced with type
<code class="prettyprint lang-smt3">(→ Int Real Int)</code>,
<code class="prettyprint lang-smt3">(→ Int Int)</code>,
<code class="prettyprint lang-smt3">(→ Int Real)</code>,
or
<code class="prettyprint lang-smt3">(→ (List τ) τ)</code>
for any type τ, since such types would all be instances of a type
already assigned to 
<code class="prettyprint lang-smt3">f</code>.
</p>

<p>Note that 
<code class="prettyprint lang-smt3">as</code> 
is now the standard ascription operator (:).
It is replaces the 
<code class="prettyprint lang-smt3">as</code>
from Version 2, which provides only the return type of the function.
The different use of
<code class="prettyprint lang-smt3">as</code> 
in SMT-LIB 3 versus Version 2 represents one of the few changes 
that break backward compatibility with Version 2.7.
However, this is not a serious concern since
<code class="prettyprint lang-smt3">as</code>
has been used mostly for 0-arity constants (like the 
<code class="prettyprint lang-smt3">nil</code> 
list constructor) where the new and the old use coincide.
</p>


<h3>New language constructs</h3>

<p>
Some of the new constructs for terms, such as <code class="prettyprint lang-smt3">lambda</code> and <code class="prettyprint lang-smt3">choose</code>,
are specific to the move to higher-order logic.
Other novel constructs are orthogonal to that extension and are motivated by a desire to unify in a <em>single</em> language the various sublanguages of SMT-LIB 2.7 for theory definitions, logic definitions, and command scripts.  
This is done by extending the command language to allow the definition of theory symbols in the same style as user-defined symbols and by introducing a notion of <em>module</em> that can be used to define both theories and logics.
</p>

<h4>Modules</h4>

<p>
Modules are a general construct to structure scripts in units 
with their own name space and provide a basic form of encapsulation and
information hiding. 
For the medium term, modules will not be allowed in user scripts.
The hope, however, is that with time they will be supported by SMT solvers 
and so will eventually be available to regular users.
For now, they will be used only to define SMT-LIB theories and logics. 

<pre class="prettyprint lang-smt3">
(define-module M (
  (declare-type-var A)
  (declare-type ping ()) 
  (declare-type pong ()) 
  (declare-const a ping)
  (declare-const f (→ A pong))  
  ; The scope (visibility) of the symbols 
  ; A, ping, pong, a, and f is limited to module M
  )
)
; A, ping, pong, a, and f are not directly accessible here
</pre>

A module is introduced by the 
<code class="prettyprint lang-smt3">define-module</code>
command which takes two arguments: a symbol, 
which constitutes the name of the module, and a list of SMT-LIB commands.
The set of commands allowed in a module is restricted.
The main ones are
<code class="prettyprint lang-smt3">assert</code>
and all the commands that introduce new types and constants.
</p>

<p>
The scope (that is, the visibility), of symbols introduced in a module 
is limited to the module. 
Such symbols can be accessed outside the module only if they are exported 
by the module’s interface and only with a qualified name of the form 
<.module name.>::<.symbol.> (e.g., 
<code class="prettyprint lang-smt3">M::ping</code>).
</p>


<h4>Module Interfaces</h4>

<p>
By default, all the symbols (i.e., constants and type constants) declared or
defined in a module <em>M</em> are <em>public</em>, i.e., visible by modules
importing <em>M</em>.
Optionally, however, it is possible to specify explicitly 
an <em>interface</em> for the module, which selects the symbols 
that are <em>exported</em>, that is, made visible. 
Interfaces are used to construct modules that correspond to logics 
in the sense of SMT-LIB 2.

The interface is specified with two attributes in a module definition:  
<ul>
  <li><code class="prettyprint lang-smt3">:type-vars</code> 
    whose value is the list of exported type variables,</li>
  <li><code class="prettyprint lang-smt3">:types</code> 
    whose value is the list of exported type constants 
    with their associated input kind or type, if any, and</li>
  <li><code class="prettyprint lang-smt3">:consts</code> 
    whose value is the list of exported constants 
    with their associated type.</li>
</ul>
(The type/kind constant 
<code class="prettyprint lang-smt3">→</code> 
does not need to be exported because it a primitive symbol 
of the underlying logic.)
</p>

<p>
<pre class="prettyprint lang-smt3">
(define-module M (
  (declare-type-var X)
  (declare-type-var Y)
  (declare-type A ())
  (declare-type B ())
  (declare-type C ()) 
  (declare-type Pair (Type Type))   

  (declare-const a A)
  (declare-const b B)
  (declare-const f (→ A B))
  (declare-const g (→ B A)) 
  (declare-const c (→ A C))
  (declare-const d (→ X Y X))

  (define-const  h (→ A A) (lambda ((x A)) (g (f x))))
  )
 :type-vars ( X )
 :types ( A B (Pair (Type Type)) )
 :consts ( (a A) (f (→ A B)) (h (→ A A)) (d (→ X X X)) )
)
</pre>

In the example above, only one of the type variables,
three of the type constants and four of the constants are exported.
The list of exported type constants contain a constant directly
if it is nullary (as in the case of
<code class="prettyprint lang-smt3">A</code>
and
<code class="prettyprint lang-smt3">B</code>), 
otherwise it contains a pair consisting of the constant 
and the list of kinds/types of its inputs
(as in the case of
<code class="prettyprint lang-smt3">Pair</code>).

Note that the types of the exported value constants must be constructible 
from the exported type variables and type constants for the interface 
to be well formed.
However, these types can be restricted to be instances
of the constant's principal type.

Also note that any relationship among the exported constants 
established in the module through non-exported constants 
(or through assertions) is maintained when the module is imported. 
For example, the formula 

<pre class="prettyprint lang-smt3">
  (forall ((x1 A) (x2 A)) (=> (= (f x1) (f x2)) (= (h x1) (h x2))))
</pre>

is valid not just in the module 
<code class="prettyprint lang-smt3">M</code> 
above but also in any module that imports 
<code class="prettyprint lang-smt3">M</code>.
Concretely, this means that importing a module has always the effect 
of executing <em>every</em> command in the module. 
The only effect of the interface is to prohibit in the importing module 
any direct reference to non-exported symbols.
</p>

<p>
All three interface attributes are optional.
The absence of the 
<code class="prettyprint lang-smt3">:types</code>
attribute, say, causes all <em>all</em> type constants 
in the module are exported in their full generality.
In contrast, giving it value 
<code class="prettyprint lang-smt3">()</code>
causes <em>no</em> type constants to be exported.
The same policy applies to 
<code class="prettyprint lang-smt3">:type-vars</code>
and
<code class="prettyprint lang-smt3">:consts</code>.
When a datatype constant (e.g.,
<code class="prettyprint lang-smt3">List</code>)
is exported, the datatype's recursor and all of its 
constructors, selectors, and testers are exported
by default.
</p>

<p>
The reason constants are listed in a module's interface 
with an associated type is that its is possible to assign them 
a more restricted type than the one they have in the module.
For instance, the array 
<code class="prettyprint lang-smt3">select</code>
function, which has type

<pre class="prettyprint lang-smt3">
  (→ (Array I E) I E) 
</pre>

in the module declaring it, where 
<code class="prettyprint lang-smt3">I</code>
and
<code class="prettyprint lang-smt3">E</code>
are type variables, could be exported as follows: 

<pre class="prettyprint lang-smt3">
  :type-vars ( I E ) 
  :types ( Bool Int (Array (Type Type)) ... ) 
  :consts ( (select (→ (Array Int E) Int E))
            (select (→ (Array I Bool) I Bool))
            ... ; constants other than select 
          )
</pre>

This would limit the application of 
<code class="prettyprint lang-smt3">select</code> 
only to values of the listed types.
Note that the interface above is not exporting two 
<code class="prettyprint lang-smt3">select</code>
functions;
rather, it is exporting the same polymorphic function
but with two (disjunctive) restrictions on its instances. 
</p>

<p>
The exported type constants can be restricted in similar way, 
disallowing in the importing modulo any terms 
whose types does not conform to the restrictions.
For example, a module having a type constant 
<code class="prettyprint lang-smt3">Seq</code> 
(for generic sequences of len 
<code class="prettyprint lang-smt3">n</code>) 
of kind:
<code class="prettyprint lang-smt3">
  (→ (! Int :var n :restrict (>= n 0)) Type Type)
</code>
could export it as follows:

<pre class="prettyprint lang-smt3">
  :types 
  ( (Seq (! Int :var n :syntax <.numeral.> :restrict (even n)) Type)
    ... 
  )
</pre>

which (cumulatively) restricts the application of 
<code class="prettyprint lang-smt3">Seq</code>
only to even numerals.
The general rule is that the restrictions imposed on an exported symbol 
in a module interface are <em>in addition</em> to any restrictions 
already imposed on the symbol within the module.
The meaning of multiple syntactic restrictions is the intersection 
of the languages denoted by the individual restrictions.
The meaning of multiple semantic restrictions is the conjunction
of the individual restrictions.
</p>

<p>
For polymorphic types, it is possible to impose instantiation 
restrictions on the type parameters, using a similar syntax using 
a (limited) language of constraints over types.

<pre class="prettyprint lang-smt3">
(define-module M2 (
  ...
  (declare-type Array (Type Type))
  ...
  )
 :types ( ... (Array (! I Type :restrict (= I Int)) Type) ... )
 :consts ( ... )
)
</pre>

Module
<code class="prettyprint lang-smt3">M2</code>
restricts the exported 
<code class="prettyprint lang-smt3">Array</code>
type constant to take only type
<code class="prettyprint lang-smt3">Int</code>
as its first input.
</p>

<p>A natural question is why add restrictions on an exported symbol 
(type constant or constant) in the interface of a module and 
not directly inside the module when the symbol is declared.
The reason is that a module can import a symbol from another module and 
export a restricted version of it.
This approach is followed in defining modules that correspond 
to SMT-LIB 2 logics.
Such modules import symbols from theory modules in their full generality 
and then export them with restrictions.
For instance, a linear integer arithmetic module would import 
the arithmetic symbols from the module defining the integers and export 
the multiplication symbol with the additional restriction 
that at least one of its arguments is a (concrete) integer value:

<pre class="prettyprint lang-smt3">
  :consts 
  ( (* (→ (! Int :syntax <.int_value.>) Int Int))
    (* (→ Int (! Int :syntax <.int_value.>) Int)
    ... 
  )
</pre>
</p>


<h4>Module Imports</h4>

<p>Modules can be imported into another module or at the top level 
in an SMT-LIB 3 script with the new command
<code class="prettyprint lang-smt3">import-modules</code>
which lists all the modules to be imported.

At most one import command is allowed in a module. 
Moreover, the command has to occur before any command that modifies 
the context (declarations, assertions, ...).
At the top level, later import commands are allowed only if interleaved
with 
<code class="prettyprint lang-smt3">reset</code>
commands.

<pre class="prettyprint lang-smt3">
  (import-modules (M1 M2)) 
  ...
  (reset)
  (import-modules (M3)) 
  ...
</pre>
</p>

<h4>Qualified names</h4>

<p>Every module automatically defines a name space corresponding to it.
The name space is reflected in the generation of qualified names 
for the symbols exported by a module. 
Qualified names have the form <i>M::s</i> where <i>M</i> is 
the module's name and <i>s</i> is a symbol exported by <i>M</i>.
Note that using 
<code class="prettyprint lang-smt3">::</code>
as a separator in qualified names does not break backward compatibility 
because
<code class="prettyprint lang-smt3">::</code> 
is not allowed in Version 2.7 identifiers.

<pre class="prettyprint lang-smt3">
  (import-modules (Ints Reals))

  (declare-const n Ints::Int)
  (declare-const x Reals::Real)
  (define-const i Ints::Int (Ints::+ n Ints::2))
  (define-const y Reals::Real (Reals::+ x Reals::4.3))
</pre>   

<!--
The <code class="prettyprint lang-smt3">import</code> command allows also the introduction of an alias for each imported module.
In that case, qualified names can be constructing using the alias as the prefix instead of the original name.

<pre class="prettyprint lang-smt3">
  ; Example
  (import (FixedSizeBitVectors :as BVs))
  ; Can use BVs::xxx instead of FixedSizeBitVectors::xxx
  (declare-const b (BVs::BitVec 3))
</pre>   
-->
</p>

<p>The new command
<code class="prettyprint lang-smt3">open-module</code> can be used 
to allow unqualified names for the (exported) symbols of an imported module.

<pre class="prettyprint lang-smt3">
;; Example 1
(define-module M1 (
  (declare-type A ())
  (declare-type B ())
  (declare-type C ()) 
  (declare-const a A)
  (declare-const f (→ A B)) 
  (declare-const P (→ A B Bool))
  (assert (P b (f a)))
 )
 :types (A B)
 :consts ((a A) (f (→ A B)))
)

(import-modules (M1))
; all exported symbols of M1 are now visible with their fully qualified name
; all assertions in M1 are now in the assertion context.

(declare-const a1 M1::A) ; declares a1 in the top-level namespace
(assert (= a1 M1::a))    ; adds this equality to the assertion context
(open-module M1) 

; now all symbols of M1 can be used without qualification
(declare-const b2 B) 
(assert (= b2 (f a))) ; B, f and a are from M1
</pre>

<p>The effect of opening a module <i>M</i> is to create a local alias 
for each symbol exported by <i>M</i>. 
In Example 1 above, 
<code class="prettyprint lang-smt3">(open-module M1)</code> 
can be understood as an abbreviation of 

<pre class="prettyprint lang-smt3">
  (define-type A () M1::A)
  (define-type B () M1::B)
  (define-const a A M1::a)
  (define-const f (→ A B) M1::f)
</pre>
</p>

<p>
Opening one of more modules creates the possibility of overloading 
at the level of the importing module, as in the example below.
That overloading is resolved with the same policy as 
for overloading caused by local declarations.
Since the policy is based on the order in which two constants
with the same name are introduced,
the order in which two modules are open is then meaningful. 

<pre class="prettyprint lang-smt3">
; Example 2
(import-modules (Ints Reals))
(open-module Ints)
(open-module Reals)
(declare-const n Int)           ; Int is an alias of Ints::Int
(declare-const x Real)          ; Real is an alias of Reals::Real
(define-const i Int (+ n 2))    ; + and 2 are aliases of Ints::+ and Ints::2
(define-const y Real (+ x 4.3)) ; + and 4.3 are aliases of Reals::+ and Reals::4.3
</pre>
</p>

<p>A module <i>M</i> importing a module <i>N</i> can export the symbols
exported by <i>N</i> as if they were its own. 
It has the option, however, to export them with stronger restrictions.
The name used in <i>M</i>'s interface to export <i>N</i>'s symbols can be
its fully qualified name (with the prefix <i>N::</i>) or its short version
if <i>N</i> is opened in <i>M</i>.
</p>
 
<p>An important point is that all module imports declare their symbols 
at the top level, which means that qualified names are never nested.
Importing a module <i>M</i> at the top level that in turn imports 
a module <i>N</i> internally has the effect of first importing <i>N</i> 
at the top level and then <i>M</i>.
However, since <i>M</i> is the module being <em>directly</em> imported 
at the top level, the only symbols of <i>N</i> visible 
(that is, usable in later commands) are those re-exported by <i>M</i>, 
if any.
If <i>M</i> opens <i>N</i>, the module prefix of the fully qualified names
of the re-exported symbols of <i>N</i> is indifferently <i>M::</i> or 
<i>N::</i>.
Concretely, if <i>s</i> is a type constant or constant exported 
by <i>N</i> and then re-exported by <i>M</i>,  
it is accessible at the top level as <i>N::s</i> or as <i>M::s</i>, 
or simply as <i>s</i> once <i>M</i> has been opened;
it is <em>not</em> accessible as <i>M::N::c</i>.
(The latter would be the case if <i>N</i>'s definition itself was inside
<i>M</i>'s which is, however, not allowed since all modules are defined 
at the top level.)
</p>

<h4>Import Graph</h4>

<p>
Considering the top level as an implicit (special) module, let's say that 
a module <i>N</i> is imported <em>directly</em> by a module <i>M</i> 
if <i>N</i> appears explicitly in an import command in <i>M</i>. 
We say that <i>N</i> is imported <em>indirectly</em> by <i>M</i> 
if <i>N</i> is imported, directly or indirectly, by a module imported 
by <i>M</i>.
Circular import dependencies are disallowed, that is, a module cannot 
import itself, directly or indirectly. 
In other words, the "directly imports" relation always defines 
a direct acyclic graph over modules.
</p>

<p>
Without interleaving calls to the 
<code class="prettyprint lang-smt3">reset</code> 
command, a module <i>N</i> can be imported directly at most once 
but can be imported indirectly many times as a result of importing 
several modules that in turn import <i>N</i>.

Another consequence on the import structure is that a module's symbol can be
imported in a module multiple times and with different restrictions.
The effect of two imports of symbols from the same module is additive: 
symbols imported with the second import that had not already been imported
with the first are added to the top level;
however, no already imported symbols are removed.
</p>

<p>
If the same dependent constant <i>c</i> is imported once 
with a (restricted) type
<code class="prettyprint lang-smt3">τ₁</code>
and then with a (restricted) type
<code class="prettyprint lang-smt3">τ₂</code>
then it can be used with either type.
(Note that <i>c</i> is not overloaded in this case because type
<code class="prettyprint lang-smt3">τ₁</code>
and 
<code class="prettyprint lang-smt3">τ₂</code> 
both are restrictions of the same principal type that <i>c</i> has 
in the module it originally was introduced in.) 
</p>

<p>
<pre class="prettyprint lang-smt3">
(define-module M0 (
  (declare-type-var X)
  (declare-type-var Y)
  (declare-const p (→ X Y Bool))
  )
 ; X, Y and p are exported in full generality
)
(define-module M1 (
  (import-modules (M0))
  (open-module M0)
  (declare-type A ())
  )
 :type-vars (Y)
 :consts (p (→ A Y Bool))
)
(define-module M2 (
  (import-modules (M0))
  (open-module M0)
  (declare-type B ())
  )
 :type-vars (X)
 :consts (p (→ X B Bool))
)
(define-module M3 (
  (import-modules (M1 M2))
  (open-module M1)
  (open-module M2)
  ...
  )
)
</pre>   

Module 
<code class="prettyprint lang-smt3">M3</code>
above imports (the same) constant  
<code class="prettyprint lang-smt3">p</code> 
twice.
The net effect is that 
<code class="prettyprint lang-smt3">p</code>
has two principal (polymorphic) types in 
<code class="prettyprint lang-smt3">M3</code>:
<code class="prettyprint lang-smt3">(→ A Y Bool)</code>
and
<code class="prettyprint lang-smt3">(→ X B Bool)</code>.
</p>


<h4>Algebraic Data Types</h4>

<p>
Algebraic data types in SMT-LIB 3 are unchanged from version 2.7,
both in syntax and semantics.

<pre class="prettyprint lang-smt3">
  (declare-datatypes ((Size 0) (Option 1) (List 1) (Pair 2)) ()
    ; Size
    ((small) (medium) (large))
    ; Option
    (par (V) ((none) (some (val V)) ))
    ; List
    (par (E) ((nil) (cons (head E) (tail (List E)))))
    ; Pair
    (par (A B) ((pair (first A) (second B))))
    )
  )

  (declare-datatype BinTree (par (X)
    ((leaf) (node (left (BinTree X) (val X) (right (BinTree X)))))
  )
</pre>

In the commands above, the only difference is that now we refer 
to the local symbols introduced by the 
<code class="prettyprint lang-smt3">par</code>
binder (such as 
<code class="prettyprint lang-smt3">V</code>),
as <em>type variables</em> instead of sort parameters.
</p>

<p>
A consequence of maintaining the old syntax from Version 2.7 is that,
while algebraic datatypes can be polymorphic, they cannot be dependent
(on values).
This restriction is intentional but could be lifted in future releases
of Version 3.
Another restriction is that constructors of arity greater than 1,
which are now higher-order functions, <em>can be applied only in full</em>.
For example, a term like
<code class="prettyprint lang-smt3">(node leaf)</code>
is not well-formed, whereas one like 
<code class="prettyprint lang-smt3">(node leaf 4 leaf)</code>
is.
</p>

<!-- 
<h5>Namespaces</h5>
<p>Each inductive type <i>D</i> implicitly creates its own namespace similarly to modules. 
  The fully qualified name for a constant or selector <i>f</i> for a inductive type <i>D</i> is <code class="prettyprint lang-smt3"><i>D</i>::<i>f</i></code>.
For instance, for the constant the <code class="prettyprint lang-smt3">Pair</code> type defined above id <code class="prettyprint lang-smt3">Pair::pair</code> and the selectors are <code class="prettyprint lang-smt3">Pair::first</code> and <code class="prettyprint lang-smt3">Pair::second</code>.

Short names can be used after <em>opening</em> the type, as with modules, with the <code class="prettyprint lang-smt3">open</code> command:

<pre class="prettyprint lang-smt3">
  (open Pair)
</code>

The same rule on overloading apply as for modules.
</p>
-->

<h5>Testers</h5>

<p>
Every inductive type definition induces an implicit definition 
of <em>testers</em> for each constant as well as general
<em>recursor</em>  for the type.
For example, for the 
<code class="prettyprint lang-smt3">List</code>
type defined above there would be the following tester functions 

<pre class="prettyprint lang-smt3">
  (is-nil (→ (List E) Bool))
  (is-cons (→ (List E) Bool))
</pre>

where
<code class="prettyprint lang-smt3">E</code>
is a type variable.

Note that the syntax for testers is different from SMT-LIB 2.7,
where those two functions would have an indexed name:
 <code class="prettyprint lang-smt3">(_ is nil)</code>
and
<code class="prettyprint lang-smt3">(_ is cons)</code>,
respectively.
The indexed-name form is still allowed as syntactic sugar
for backward compatibility but is deprecated.
</p>

<h5>Recursors</h5>

<p>
Recursors are a new feature in SMT-LIB 3.
Using again as an example the 
<code class="prettyprint lang-smt3">List</code>
datatype introduced above,
its definition also automatically defines
the recursor 
<code class="prettyprint lang-smt3">reduce</code>
of type 
<code class="prettyprint lang-smt3">(→ Y (→ X (List X) Y Y) (List X) Y)</code>
where 
<code class="prettyprint lang-smt3">X</code>
and 
<code class="prettyprint lang-smt3">Y</code>
are type variables.
The
<code class="prettyprint lang-smt3">List</code>
recursor behaves as if it had been directly defined as follows

<pre class="prettyprint lang-smt3">
  (declare-type-var X)
  (declare-type-var Y)
  (define-fun-rec reduce 
    ( (y0 Y) (comb (→ X (List X) Y Y)) (l (List X)) ) ; input vars
    Y                                                 ; output type
    (match l ( 
      (nil y0)
      ((cons h t) (comb h t (reduce y0 comb t))))))
</pre>

The recursor above reduces any list
<code class="prettyprint lang-smt3">l</code> of type 
<code class="prettyprint lang-smt3">(List X)</code>
to a value of type 
<code class="prettyprint lang-smt3">Y</code>
with the aid of a value 
<code class="prettyprint lang-smt3">y0</code> 
of type 
<code class="prettyprint lang-smt3">Y</code>
for the case where
<code class="prettyprint lang-smt3">l</code>
is empty, and of a function
<code class="prettyprint lang-smt3">comb</code>
that computes the reduction in the non-empty case from the head
<code class="prettyprint lang-smt3">h</code>
and tail
<code class="prettyprint lang-smt3">t</code>
of
<code class="prettyprint lang-smt3">l</code>
and the (recursively computed) reduction of
<code class="prettyprint lang-smt3">t</code>.  

Analogously, the recursor for the 
<code class="prettyprint lang-smt3">BinTree</code>
datatype defined above would defined as follow
<pre class="prettyprint lang-smt3">
  (define-fun-rec reduce 
    ( (y0 Y) (comb (→ (BinTree X) X (BinTree X) Y Y Y)) (t (Tree X)) ) Y
    (match t ( 
      (leaf y0)
      ((node t1 v t2) (comb t1 v t2 (reduce y0 comb t1) (reduce y0 comb t2))))))
</pre>
</p>

<p>
For each datatype, the recursor can be defined automatically
based on the datatype's constructors and their type.
The rationale for having recursors supported directly by the SMT solver 
is that a wealth of functions over a recursive datatype can be defined, 
non-recursively, by the user in terms of 
<code class="prettyprint lang-smt3">reduce</code>.
This in principle should facilitate reasoning about functions 
over datatypes since the solver can concentrate on reasoning about 
<code class="prettyprint lang-smt3">reduce</code>.

For the 
<code class="prettyprint lang-smt3">List</code>
datatype, the functions that can be defined with 
<code class="prettyprint lang-smt3">reduce</code>
include the following:

<pre class="prettyprint lang-smt3">
  ; Sum over the elements of an Int list
  (define-const sum ((l (List Int))) Int
    (reduce 0 (lambda ((n Int) (t (List Int)) (s Int)) (+ n s)) l) 
  )
  ; Length of a list
  (declare-type-var A)
  (define-fun len ((l (List A))) Int
    (reduce 0 (lambda ((a A) (t (List A)) (n Int)) (+1 n)) l)
  )
  ; List concatenation
  (define-fun append ((l1 (List A))) (l2 (List A)) (List A)
    (reduce l2 (lambda ((a A) (t (List A)) (r (List A))) (cons a r)) l1)
  )
  ; List reverse
  (define-fun reverse ((l (List A))) (List A)
    (reduce (as nil (List A)) 
      (lambda ((a A) (t (List A)) (r (List A)))
        (append r (cons a (as nil (List A))))) l)
  )
  ; List of elements of input list that satisfy input predicate
  (define-fun filter ((p (-> A Bool)) (l (List A))) (List A)
    (reduce (as nil (List A)) 
      (lambda ((a A) (t (List A)) (r (List A))) (ite (p a) (cons a r) r)) l)
  )
  (declare-type-var B)
  ; List map function
  (define-fun map ((f (→ A B)) (l (List A))) (List B)
    (reduce (as nil (List A)) 
      (lambda ((a A) (t (List A)) (r (List B))) (cons (f a) r)) l)
  )
</pre>
</p>


<h4>External Symbols</h4>

<p>When defining new theories there is sometimes the need for two theories 
to refer to each other's symbols. 
This cannot be done with imports because it would create 
a circular dependency.
<!-- This would force one to define two theories together as one single module. -->
To address this issue while keeping theories in separate modules 
the language allows the definition of <em>external</em> types and constants 
in a module.
</p>

<p>
More generally, one imports a module <i>A</i> in a module <i>B</i> 
if <i>B</i> is meant to be an extension of <i>A</i>.
If, on the other hand, <i>A</i> and <i>B</i> are conceptually 
separate modules where, however, one module may need to use a type or
a constant in the other, then they can be introduced as external.
Types constants and constants in module can be declared as external with an
<code class="prettyprint lang-smt3">:extern</code>
attribute which connects them to symbols exported by another module. 
</p>

<p>
Suppose a module
<code class="prettyprint lang-smt3">Ints</code>
defines the integer theory with its usual operators and
a unary operator 
<code class="prettyprint lang-smt3">+1</code> 
for the integer successor function.
A module for the theory of lists may be defined as follows.

<pre class="prettyprint lang-smt3">
(define-module Lists (
  (declare-datatype List (par (X)
    ((nil) (cons (head X) (tail (List X))))))
  ...
  (declare-type Int () :extern Ints::Int)
  (declare-const 0 Int :extern Ints::0)
  (declare-const +1 (→ Int Int) :extern Ints::+1)
  (define-fun len ((l (List A))) Int
    (reduce 0 (lambda ((a A) (t (List A)) (n Int)) (+1 n)) l))
  ...
  )
  :type-vars ( E )
  :types ( (List Type) )
  :consts ( ... (len (→ (List E) Ints::Int) )
)
</pre>

Using the 
<code class="prettyprint lang-smt3">:extern</code> 
attribute, the type 
<code class="prettyprint lang-smt3">Int</code> 
in the module 
<code class="prettyprint lang-smt3">Lists</code>
above is declared to be external and a proxy for 
<code class="prettyprint lang-smt3">Ints::Int</code>. 
The constants 
<code class="prettyprint lang-smt3">0</code>
and
<code class="prettyprint lang-smt3">+1</code>
are introduced similarly.
</p>

<p>In general, symbols declared as
<code class="prettyprint lang-smt3">:extern</code>
in a module <i>M</i> <em>cannot</em> be exported by <i>M</i>.
This entails that if <i>M</i> exports a symbol <i>s</i> that depends 
on external symbols from a module <i>N</i>, a module importing 
<i>M</i> can use <i>s</i> in a command only if it imports <i>N</i> 
too.
[To do: define precisely what it means for a symbol to depend 
on external ones.]
</p>

<p>
In the example above, since 
<code class="prettyprint lang-smt3">Lists</code>
exports a function whose type and definition depend on external symbols 
from module 
<code class="prettyprint lang-smt3">Ints</code>, 
any module importing
<code class="prettyprint lang-smt3">Lists</code>
must also import
<code class="prettyprint lang-smt3">Ints</code>
so that the reference to the external symbols in
<code class="prettyprint lang-smt3">Lists</code>
can be resolved.

<pre class="prettyprint lang-smt3">
  ; Example 1
  (import-modules (Lists))
  ; Illegal import since Lists::len depends on Ints.
  ...
</pre>

<pre class="prettyprint lang-smt3">
  ; Example 2
  (import-modules (Ints Lists))
  ; Lists::len can be used here
  ...
</pre>
</p>

<h3>Syntactic categories for syntax restrictions</h3>

<p>[To do: definition of <.int_value.> <.pos_numeral.> and 
so on via an attribute grammar.
Syntax categories can be defined in modules and should be exported 
like types and constants.]
</p>

<h3>SMT-LIB 3 Theories</h3>

<p>The standard SMT-LIB 3 theories are now defined just as modules.
A first draft of the new definition for some of the standard theories
in Version 2.7 is available below.
Note that the modules are still at the pre-proposal stage. 
They are incomplete and subject to change.
However, they should offer a pretty good idea of the expressive
power of SMT-LIB 3.
The theories are defined intentionally to be rather rich.
Any restriction on theory signature and language is left to modules 
that define restricted logics.  
</p>

<p>
In the current formalization, the theories below are essentially
conservative extensions of the corresponding SMT-LIB 2.7 theories,
that is, they have more symbols and richer types but do not change 
the semantics of the old ones in any meaningful way.
</p>

<button type="button" class="collapsible">Core</button>
<div class="coll_content">
<pre class="prettyprint lang-smt3">
; Core SMT-LIB theory
(define-module Core ( 
  (set-info :smt-lib-version 3.0)
  (set-info :smt-lib-release "2026-XX-XX")
  (set-info :written-by "Pascal Fontaine and Cesare Tinelli")
  (set-info :date "2026-03-15")
  (set-info :last-updated "2026-03-15")
  (set-info :update-history
   "TODO.")

  (declare-type-var A)
  (declare-type-var B)
  (declare-type-var C)

  ;-----------------
  ; Builtin symbols
  ;----------------- 

  ; Booleans
  (declare-datatype Bool ((true) (false)))

  ; Equality  
  (declare-const = (-> A A Bool)
   :pairwise 
   :builtin 
   "= denotes the identity function, which returns true iff 
    its two arguments are identical.")

  ;-------------------
  ; Defined constants
  ;------------------- 
  ; Apply
  (define-fun @ ((f (-> A B)) (a A)) B
    (f a)
   :left-assoc) ; (@ f a b) = (@ (@ f a) b)
  ; Identity
  (define-const iden ((a A)) A
    a)
  ; if-the-else 
  (define-fun ite ((b Bool) (a1 A) (a2 A)) A
    (match b (true a1) (false a2))) 
  ; not
  (define-fun not ((b Bool)) Bool
    (ite b false true))
  ; !=
  (define-fun != ((a1 A) (a2 A)) Bool 
    (not (= a1 a2)))
  ; distinct
  (define-fun distinct ((a1 A) (a2 A)) Bool 
    (!= a1 a2)
   :pairwise)
  ; or
  (define-fun or ((b1 Bool) (b2 Bool)) Bool
    (ite b1 true b2) 
   :left-assoc)
  ; and
  (define-fun and ((b1 Bool) (b2 Bool)) bool
    (ite b1 b2 false)
   :left-assoc)
  ; implies
  (define-fun => ((b1 Bool) (b2 Bool)) Bool
    (ite b1 b2 true)
   :right-assoc)
  ; iff
  (define-fun <=> ((b1 Bool) (b2 Bool)) Bool
    (= b1 b2)
   :right-assoc)
  ; xor
  (define-fun xor ((b1 Bool) (b2 Bool)) Bool 
    (!= b1 b2)
   :left-assoc)
  ; forall
  (define-fun forall ((p (-> A Bool))) Bool
    (= p (lambda ((x A)) true)))
  ;
  (set-info :notation 
   "(forall ((x τ)) φ) abbreviates 
    (forall (lambda ((x τ)) φ))
  
    (forall ((x₁ τ₁) ⋅⋅⋅ (xᵢ τᵢ)) φ) abbreviates 
    (forall ((x₁ τ₁)) ⋅⋅⋅ (forall ((xᵢ τᵢ)) φ))")
  ; exists
  (define-fun exists ((p (-> A Bool))) Bool
    (!= p (lambda ((x A)) false)))
  ;
  (set-info :notation 
   "(exists ((x τ)) φ) abbreviates 
    (exists (lambda ((x τ)) φ))

    (exists ((x₁ τ₁) ⋅⋅⋅ (xᵢ τᵢ)) φ) abbreviates 
    (exists ((x₁ τ₁)) ⋅⋅⋅ (exists ((xᵢ τᵢ)) φ))")
  ; Hilbert's choice (ε)
  (declare-const choose (-> A Bool) A)
  ; choose is defined axiomatically   
  (assert (forall ((p (-> A Bool))) (<=> (exists p) (p (choose p)))))
  ;
  (set-info :notation 
   "(choose (x τ) φ)  abbreviates  (choose (lambda ((x τ)) φ))")
  ; compose
  (define-fun compose ((f (-> B C)) (g (-> A B))) (-> A C)
    (lambda ((a A)) (f (g a)))
    :note 
    "compose is not declared left-associative on purpose otherwise
     there would be ambiguity between (compose f g h) where f g and h 
     are functions to be composed and (compose f g a) where a is 
     the input of g.")

  ;-----------------------
  ; Abstract value syntax
  ;-----------------------
  (define-syntax 
    ; non-terminals
    ( <.abstract_value.> <.bool_value.> )
    ; production rules
    ( (<.bool_value.> (true false))
      (<.abstract_value.> ((! <.symbol.> :restrict "starts with @")))))

  ;-------------
  ; Bool values
  ;-------------
  (define-values <.bool_value.> () Bool)


  ;-------------------
  ; Import Attributes
  ;-------------------

  (set-info :FOL
   "The import attribute :FOL restricts Core
      to the first-order applicative fragment:
      - no lambdas
      - no partial applications: 
        the first argument of an application can only be a constant
      - all arguments of an application have a type of order 0
      - can only declare or define constants whose type has order <= 1
      - can use forall, exists, and choose only in their
        abbreviated form.
   ")

  (set-info :no-new-types 
   "The import attribute :no-new-types disallows the use  
    of the declare-type command.")

  (set-info :no-new-functions 
   "The import attribute :no-new-functions disallows the declaration 
    of constants of arrow type.")
))
</pre>
(<a href="Version3/Core.smt3">raw file</a>)
</div>

<button type="button" class="collapsible">Ints</button>
<div class="coll_content">
<pre class="prettyprint lang-smt3">
(define-module Ints (
  (set-info :smt-lib-version 3.0)
  (set-info :smt-lib-release "2026-XX-XX")
  (set-info :written-by "Pascal Fontaine and Cesare Tinelli")
  (set-info :date "2026-03-15")
  (set-info :last-updated "2026-03-15")
  (set-info :update-history
   "TODO.
   "
  )
  (set-info :notes 
   "Integer arithmetic")
 
  (import (Core))
  (open Core)

  ;---------------
  ; Builtin types
  ;--------------- 
  ; Int
  (declare-type Int () :builtin 
  "Int denotes the set of all integer numbers.")

  ;-------------------
  ; Builtin constants
  ;------------------- 
  ; 0, 1, 2, ...
  (declare-consts <.numeral.> Int 
   :builtin "Each numeral denotes the corresponding integer as usual.") 
  ; successor
  (declare-const +1 (-> Int Int) 
   :builtin "+1 denotes the integer successor function")
  ; predecessor
  (declare-const -1 (-> Int Int) 
   :builtin "-1 denotes the integer predecessor function")
  ; <
  (declare-const < (-> Int Int Bool)
   :builtin "< denotes the standard strict total ordering over the integers."
   :chainable)

  ;-----------------------------------
  ; Axiomatized and defined constants
  ;----------------------------------- 

  ; <=
  (define-fun <= ((x Int) (y Int)) Bool
    (or (= x y) (< x y))
   :chainable)
  ; >
  (define-fun > ((x Int) (y Int)) Bool
    (< y x)
   :chainable)
  ; >=
  (define-fun >= ((x Int) (y Int)) Bool
    (or (= x y) (> x y))
   :chainable)
  ; unary -
  (define-fun-rec - ((x Int)) Int
    (ite (< x 0) (+1 (- (+1 x))) 
      (ite (= x 0) 0
        (-1 (- (-1 x))))))
  ; +
  (define-fun-rec + ((x Int) (y Int)) Int
    (ite (< y 0) (-1 (+ x (+1 y))) 
      (ite (= y 0) x 
        (+1 (+ x (-1 y)))))
   :left-assoc)
  ; binary -
  (define-fun - ((x Int) (y Int)) Int
    (+ x (- y))
   :left-assoc
   :no-partial 
   ; this constant cannot be applied partially:
   ; (- t) is not allowed but ((as - (-> Int Int Int)) t) is allowed
   )
  ; * 
  (define-fun-rec * ( (x Int) (y Int) ) Int
    (ite (< y 0) (- (* x (- y))) 
      (ite (= y 0) 0
        (+ x (* x (-1 y)))))
   :left-assoc)
  ; abs
  (define-fun abs ((x Int)) Int
    (ite (>= x 0) x (- x)))

  ; div 
  (declare-const div (-> Int (! Int :var n :restrict (!= n 0)) Int) 
   :left-assoc)
  ; mod
  (declare-fun mod (-> Int Int Int))
  ; div/mod axiom
  (assert (forall ((m Int) (n Int)) (=> (!= n 0)
    (let ((q (div m n)) (r (mod m n)))
      (and (= m (+ (* n q) r))
           (<= 0 r (-1 (abs n))))))))
      
  ; divisible by constant n
  (define-fun divisible ( (m Int) (n Int :restrict (> n 0)) ) Bool
    (= (mod m n) 0))


  (set-info :notes
   "The axiomatization of div and mod is based on [1].
   
    Regardless of the sign of m, 
    - when n is positive, (div m n) is the floor of the rational number m/n;
    - when n is negative, (div m n) is the ceiling of m/n.

    This contrasts with alternative but less robust definitions of div and mod
    where (div m n) is 
    - always the integer part of m/n (rounding towards 0), or 
    - always the floor of x/y (rounding towards -infinity).

    [1] Boute, Raymond T. (April 1992). 
        The Euclidean definition of the functions div and mod. 
        ACM Transactions on Programming Languages and Systems (TOPLAS) 
        ACM Press. 14 (2): 127 - 144. doi:10.1145/128861.128862.
   ")

  ; summation
  (define-fun-rec sum ((a Int) (b Int) (f (-> Int Int))) Int
    (ite (> a b) 0 
      (+ (f a) (sum (+1 a) b f))))

  ;-------- 
  ; Values
  ;--------
  ; The set of values for type Int consists of 
  ;  - all numerals,
  ;  - all terms of the form (- n) where n is a numeral other than 0.
  (define-syntax 
    ; non-terminals
    (<.int_value.> <.pos_numeral.>) 
    ; production rules
    ((<.int_value.> (<.numeral.> ("(" "-" <.pos_numeral.> ")")))
     (<.pos_numeral.> ((! <.numeral.> :syntax "numeral other than 0")))))

  (define-values () Int <.int_value.>)

  ;-------------------------------
  ; External and Bridging symbols
  ;-------------------------------
  ; Real
  (declare-type Real () :extern Reals::Real)

  (declare-const to_int (-> Real Int) 
   :builtin 
   "to_int denotes the function that maps each real number r 
    to its integer part, that is, to the largest integer n 
    that satisfies (<= (to_real n) r).")
))
</pre>
(<a href="Version3/Ints.smt3">raw file</a>)
</div>

<button type="button" class="collapsible">Reals</button>
<div class="coll_content">
<pre class="prettyprint lang-smt3">
(define-module Reals (
  (set-info :smt-lib-version 3.0)
  (set-info :smt-lib-release "2026-XX-XX")
  (set-info :written-by "Pascal Fontaine and Cesare Tinelli")
  (set-info :date "2026-03-15")
  (set-info :last-updated "2026-03-15")
  (set-info :update-history
   "TODO.
   "
  )
  (set-info :notes  "Real arithmetic")

  (import (Core))
  (open Core)

  ;---------------
  ; Builtin types
  ;---------------
  ; Real
  (declare-type Real () 
   :builtin "Real denotes the set of all real numbers."
  )

  ;-------------------------------
  ; External and Bridging symbols
  ;-------------------------------
  ; Int
  (declare-type Int () :extern Ints::Int)

  (declare-const to_real (-> Int Real) 
   :builtin "to_real as the standard injection of the integers into the reals.")

  ;-------------------
  ; Builtin constants
  ;------------------- 
  ; Decimals
  (declare-consts <.decimal.> Real 
   :builtin
   "Each <.decimal.> denotes the corresponding real number as usual.")

  ; negation
  (declare-const - (-> Real Real) :builtin "Unary negation.")
  ; +
  (declare-const + (-> Real Real Real) :left-assoc :builtin "Addition.")
  ; *
  (declare-const * (-> Real Real Real) :left-assoc :builtin "Multiplication.")
  ; <=
  (declare-const <= (-> Real Real Bool) 
   :chainable 
   :builtin "Usual non-strict total ordering over the reals.")
  ; is_int
  (declare-const is_int (-> Real Bool)
   :builtin "is_int maps whole real numbers to true and all the other reals to false.")

  ;-----------------------
  ; Axiomatized constants
  ;----------------------- 

  ; subtraction -
  (define-fun - ((x Real) (y Real)) Real
    (+ x (- y))
   :left-assoc)
  ; division /
  (declare-const / (-> Real Real Real) :left-assoc :restrict (!= y 0.0))
  (assert (forall ((x Real) (y Real)) (=> (distinct y 0.0)
    (= x (* y (/ x y))))))
  ; <
  (define-fun < ((x Real) (y Real)) Bool
    (and (<= x y) (!= x y))
   :chainable)
  ; >
  (define-const > ((x Real) (y Real)) Bool
    (< y x)
   :chainable)
  ; >=
  (define-const >= ((x Real) (y Real)) Bool
    (<= y x)
   :chainable)
  ; Summation 
  ; we use a step different from 1 and provide it as additional input
  (define-fun-rec sum ((a Real) (b Real) (f (-> Real Real))) Real
    (ite (> a b)  0.0 
      (+ (f a) (sum (+ a 1.0) b f))))
  ; rational constants
  (define-const / ((n Int :value) (d Int :value :restrict (> (to_real d) 0.0))) Real
    (/ (to_real n) (to_real d)))


  ;-------------
  ; Real values
  ;-------------

  ; The set of values for the sort Real consists of 
  ;  - an abstract value for each irrational algebraic number
  ;  - all decimals of the form n.0
  ;  - all terms of the form (- n.0) where n is a <.numeral.> other than 0
  ;  - all terms of the form (/ m n) or (- (/ m n)) where 
  ;    - m is a <.numeral.> other than 0,
  ;    - n is a <.numeral.> other than 0 and 1,
  ;    - as integers, m and n have no common factors besides 1.
  (define-syntax 
    ; non-terminals
    (<.real_value.> <.p.> <.f.> <.m.> <.n.>) 
    ; production rules
    ((<.real_value.> (<.abstract.> ; for irrational algebraic numbers
                      "0.0"
                      <.p.>
                      "(" "-" <.p.> ")"
                      <.f.>
                      "(" "-" <.f.> ")")
     (<.f.> ((! "(" "/" <.m.> <.n.> ")" :syntax 
                          "as integers, <.m.> and <.n.> have no common factors besides 1")))
     (<.p.> ((! <.decimal.> :syntax "it has the form n.0 except for 0.0")))
     (<.m.> ((! <.numeral.> :syntax "it is not 0")))
     (<.n.> ((! <.numeral.> :syntax "it is neither 0 nor 1"))))))

  (define-values () Real <.real_value.>)

  (set-info :notes
   "In Real values decimals are used only for whole numbers, e.g., 42.0. 
   For all other rational numbers the fractional notation is necessary, e.g., (/ 1 2).
   This way, there is unique value for each rational."
  )

  (set-info :notes
   "The restriction of Reals over the signature having just the symbols 
    (0.0 Real)
    (1.0 Real)
    (- (-> Real Real))
    (+ (-> Real Real Real))
    (* (-> Real Real Real))
    (<= (-> Real Real Bool))
    (<  (-> Real Real Bool))
    coincides with the theory of real closed fields, axiomatized by
    the formulas below: 

    - associativity of +
      (forall ((x Real) (y Real) (z Real)) (= (+ (+ x y) z) (+ x (+ y z))))

    - commutativity of +
      (forall ((x Real) (y Real)) (= (* x y) (* y x)))

    - 0.0 is the right (and by commutativity, left) unit of +
      (forall ((x Real)) (= (+ x 0.0) x))

    - right (and left) inverse wrt +
      (forall ((x Real)) (= (+ x (- x)) 0.0))

    - associativity of *
      (forall ((x Real) (y Real) (z Real)) (= (* (* x y) z) (* x (* y z))))

    - commutativity of *
      (forall ((x Real) (y Real)) (= (* x y) (* y x)))

    - 1.0 is the right (and by commutativity, left) unit of *
      (forall ((x Real)) (= (* x 1.0) x))

    - existence of right (and left) inverse wrt *
      (forall ((x Real)) (or (= x 0) (exists (y Real) (= (* x y) 1.0))))

    - left distributivity of * over +
      (forall ((x Real) (y Real) (z Real)) (= (* x (+ y z)) (+ (* x y) (* x z))))

    - right distributivity of * over +
      (forall ((x Real) (y Real) (z Real)) (= (* (+ x y) z) (+ (* x z) (* y z))))

    - non-triviality
      (!= 0.0 1.0)

    - all positive elements have a square root
      (forall ((x Real)) (exists ((y Real))
        (or (= x (* y y)) (= (- x) (* y y)))))

    - axiom schemas for all n > 0
      (forall ((x_1 Real) ... (x_n Real))
        (distinct (- 1) (+ (* x_1 x_1) (+ ... (* x_n x_n))))) 

    - axiom schemas for all odd n > 0 where (^ y n) abbreviates
      the n-fold product of y with itself
      (forall ((x_1 Real) ... (x_n Real)) (exists ((y Real))
        (= 0 (+ (^ y n) (+ (* x_1 (^ y n-1)) (+  ... (+ (* x_{n-1} y) x_n)))))))

    - reflexivity of <=
      (forall ((x Real)) (<= x x))

    - antisymmetry of <=
      (forall ((x Real) (y Real)) (=> (and (<= x y) (<= y x)) (= x y)))

    - transitivity of <=
      (forall ((x Real) (y Real) (z Real)) (=> (<= x y z)) (<= x z))

    - totality of <=
      (forall ((x Real) (y Real)) (or (<= x y) (<= y x)))
    
    - monotonicity of <= wrt +
      (forall ((x Real) (y Real) (z Real)) (=> (<= x y) (<= (+ x z) (+ y z))))

    - monotonicity of <= wrt *
      (forall (x Real) (y Real) (z Real) 
        (=> (and (<= x y) (<= 0 z)) (<= (* z x) (* z y))))

    - definition of <
      (forall ((x Real) (y Real)) 
        (= (< x y) (and (<= x y) (distinct x y))))

    References:
    1) W. Hodges. Model theory. Cambridge University Press, 1993.
    2) PlanetMath, http://planetmath.org/encyclopedia/RealClosedFields.html
  ")
))
</pre>
 (<a href="Version3/Reals.smt3">raw file</a>)
</div>

<button type="button" class="collapsible">Bit Vectors</button>
<div class="coll_content">
<pre class="prettyprint lang-smt3">
[Coming soon.]
</pre>
<!-- (<a href="Version3/FixedSizeBitVectors.smt3">raw file</a>) -->
</div>

<button type="button" class="collapsible">Unicode Strings</button>
<div class="coll_content">
<pre class="prettyprint lang-smt3">
[Coming soon.]
</pre>
 <!-- (<a href="Version3/UnicodeStrings.smt3">raw file</a>) -->
</div>


<h3>SMT-LIB 3 Logics</h3>

<p>
One of the goals of SMT-LIB 3 is to get rid of the notion of SMT-LIB logic 
(such as QF_UF, LIA, and so on) and provide users the ability, in effect, 
to construct logics on the fly by importing the right modules 
with the right restrictions at the beginning of an SMT-LIB script.
</p>

<p>
With some limitations, modules, interfaces and imports provide 
a suitable mechanism for indicating to an SMT solver a specific fragment 
in which to reason, allowing the solver to apply the best reasoning techniques
at its disposal for that fragment, or recognize it as unsupported.
</p>
  
<p>
SMT-LIB logics, however, have been used historically also 
for another, orthogonal purpose: 
providing a way to index/structure the SMT-LIB benchmark library.
Concurrently, they have also been used by the SMT-COMP competition 
as a convenient way to structure the competition in divisions.
These uses of logics make them still necessary. 
So the 
<code class="prettyprint lang-smt3">set-logic</code>
will not go away.
However, in SMT-LIB 3 it becomes an abbreviation of a particular 
sequence of module declarations and imports.
</p>

<p>
For example, 
<code class="prettyprint lang-smt3">
(set-logic QF_UF)
</code>   
could become an abbreviation of

<pre class="prettyprint lang-smt3">
(define-module QF_UF (
  (import (Core))
  (open Core) 
 )  
 :type-vars (A)
 :types (Bool)
 :consts (
    (true Bool)
    (false Bool)
    (ite (→ Bool A A A))
    (not (→ Bool Bool))
    (= (→ A A Bool) :pairwise)
    (!= (→ A A Bool))
    (distinct (→ (A A Bool)) :pairwise)
    (=> (→ Bool Bool Bool) :right-assoc)
    (and (→ Bool Bool Bool) :left-assoc)
    (or (→ Bool Bool Bool) :left-assoc)
    (xor (→ Bool Bool Bool) :left-assoc)
    (<=> (→ Bool Bool Bool) :left-assoc)
    ; quantifiers and other higher-order constants are not exported
 )
 :FOL ; only FOL syntax allowed
)
(import (QF_UF))
(open QF_UF)
...
</pre>

The command
<code class="prettyprint lang-smt3">(set-info :FOL)</code>
is a (imperfect) solution of the problem of capturing the Version 2.7 
restriction for terms to be in the <em>applicative fragment</em>
where all function symbols (i.e., non-nullary constants of type 
(→ τ₁ ⋅⋅⋅ τᵢ)) are fully applied (i,e., applied to exactly i arguments).

<!--
So, we might need to introduce some labels to capture restriction 
that are not expressible at the signature level as above.
An example would be to introduce 
<code class="prettyprint lang-smt3">
:applicative
</code>   
or 
<code class="prettyprint lang-smt3">
:FOL
</code>
as an additional attribute for 
<code class="prettyprint lang-smt3">
import,
</code>
with the latter perhaps also including the restriction to first-order quantification.
This way,
<code class="prettyprint lang-smt3">
(set-logic QF_UF)
</code>   
would be and abbreviation of
<pre class="prettyprint lang-smt3">
  (import (Core) 
 :except-consts ( 
  ; no quantifiers
  (forall (par (A) (→ (→ A bool) Bool)))
  (exists (par (A) (→ (→ A bool) Bool)) )
  (choose (par (A) (→ (→ A bool) A)))
 )
 :FOL  ; applicative fragment, no partial applications
)
(open Core)
</pre>   
-->
</p>

<p>
Similarly, for the logic LIA 
<code class="prettyprint lang-smt3">(set-logic LIA)</code>
would be and abbreviation of

<pre class="prettyprint lang-smt3">
(define-module LIA (
  (import (Core Ints))
  (open Core)
  (open Ints)
 )
 :type-vars (A)
 :types (Bool Int)
 :consts (
    (<.numeral.> Int)
    (+ (→ Int Int Int) :left-assoc)
    (- (→ Int Int Int) :left-assoc)
    (* (→ (! Int :syntax <.int_value.>) (! Int :syntax <.symbol.>) Int)) ; linear mul.
    (* (→ (! Int :syntax <.symbol.>) (! Int :syntax <.int_value.>) Int)) ; linear mul.
    (* (→ (! Int :syntax <.symbol.>) (! Int :syntax <.symbol.>) Int)
      :left-assoc) ; linear mul.
    (> (→ Int Int Bool) :chainable)
    (>= (→ Int Int Bool) :chainable)
    (< (→ Int Int Bool) :chainable)
    (<= (→ Int Int Bool) :chainable)
    (true Bool)
    (false Bool)
    (ite (→ Bool A A A))
    (not (→ Bool Bool))
    (= (→ A A Bool) :pairwise)
    (!= (→ A A Bool))
    (distinct (→ (A A Bool)) :pairwise)
    (=> (→ Bool Bool Bool) :right-assoc)
    (and (→ Bool Bool Bool) :left-assoc)
    (or (→ Bool Bool Bool) :left-assoc)
    (xor (→ Bool Bool Bool) :left-assoc)
    (<=> (→ Bool Bool Bool) :left-assoc)
    (forall (→ (→ A Bool) Bool))
    (exists (→ (→ A Bool) Bool))
 )
 :FOL ; only FOL syntax allowed
)
(import (LIA))
(open LIA)
</pre>   

Note that the linearity restriction does not need an ad-hoc attribute 
thanks to the restriction imposed on the type of the multiplication symbol
<code class="prettyprint lang-smt3">*</code>
requiring at leas one of its two arguments to be a concrete integer value.
Also note that 
<code class="prettyprint lang-smt3">*</code>
is (intentionally) not given a 
<code class="prettyprint lang-smt3">:left-assoc</code>
designation as terms like
<code class="prettyprint lang-smt3">(* 3 x y)</code>
would not satisfy the linearity restrictions.
</p>
</div>
</div>

    <div class="clr">
    </div>
    <div class="footer">
     <div class="footer_resize">
      <p class="lf">
        &copy; Copyright The SMT-LIB Initiative <br>
        Based on a design by 
        Blue <a href="http://www.bluewebtemplates.com">Web Templates</a>
        </p>
   <ul class="fmenu">
       <li><a href="index.shtml">Home</a></li>
       <li><a href="about.shtml">About</a></li>
       <li><a href="news.shtml">News</a></li>
       <li class="active"><a href="standard.shtml">Standard</a></li>
       <li><a href="benchmarks.shtml">Benchmarks</a></li>
       <li><a href="software.shtml">Software</a></li>
       <li><a href="credits.shtml">Credits</a></li>
      </ul>
      <div class="clr"></div>
     </div>
    </div>
    </div>
  </div>

<script>
var coll = document.getElementsByClassName("collapsible");
var i;

for (i = 0; i < coll.length; i++) {
  coll[i].addEventListener("click", function() {
    this.classList.toggle("active");
    var coll_content = this.nextElementSibling;
    if (coll_content.style.maxHeight){
      coll_content.style.maxHeight = null;
    } else {
      coll_content.style.maxHeight = coll_content.scrollHeight + "px";
    } 
  });
}

</script>
 </body>
</html>