How to make z3 generate proof of unsatisfiability? - z3

I am trying to use z3 from the command line as a SAT solver, but I can't figure out how to make it generate a proof of unsatisfiability. No matter what I do, it just prints "unsat" with no explanation, and nothing I can find online has helped. I tried passing proof=true on the command line, but nothing changed.
../z3-4.8.6-x64-ubuntu-16.04/bin/z3 proof=true unsat_core=true test_tx.cnf
unsat

z3 can generate proofs in SMTLib mode (though the proof format is rather unspecified.) I'm not sure if it can even generate proofs in the CNF mode at all, though it certainly should be possible. Your best bet might be to file an issue at https://github.com/Z3Prover/z3/issues and see if this is supported.

Related

dafny corresponding SMT queries

I'm trying to inspect a simple looping program that finds the maximal element in an integer array. Here is the permalink here. Everything works fine, but I'm really interested in
the resulting SMT file, so I extracted it using:
$ dafny /compile:3 /proverLog:./mySMT.smt myCode.dfy
Then ran with z3 as follows:
$ z3 ./mySMT.smt
I got 3 unsat responses and I was wondering what are the corresponding 3 queries?
I looked at the *.smt file and found 11K of machine-generated SMT.
Any tips on deciphering the smt file? thanks!
If you want the resulting SMT file, then that 11K file is your answer. I imagine that looking at it will lead you to the conclusion that you don't actually want to look at the resulting SMT file.
So, I don't know what it is that you want to accomplish. If you want to learn more about your program, then the best way is to work (only) from the Dafny program text. For example, you can add more assert statements to, essentially, ask the verifier if the given condition is provable at the location of the statement.
If you're interested in how Dafny encodes its verification conditions (that is, if you yourself are a tool developer and want to learn how to generate good verification conditions), then I suggest you use the /print switch to generate the Boogie program that Dafny generates. With some understanding of the Boogie intermediate verification language, the Boogie code is readable. For a more tutorial account of how to encode a Dafny-like language into Boogie, I recommend:
"Specification and verification of object-oriented software",
K. Rustan M. Leino.
Lecture note, Marktoberdorf 2008.
Rustan
PS. Unless you insist on particular formatting, you can print your array elements without using a loop if you first convert the array's element to a sequence:
print "a = ", a[..], "\n";

Right set of tactics to use in Z3 to solve these inequalities

Here x and k are integers
and the formula is: (50<=x+k Ʌ x+k<51)
Can it get simplified to "x+k=50"
I want the right set of tactics to solve this conjunction of inequalities.
Z3 is not a general purpose symbolic engine to simplify such expressions. Even if you got a good combination of tactics to give you what you need today, the results might change in further releases of the tool. You should look at other systems. Even a symbolic-engine like wolfram-alpha may not produce what you exactly want; but it might give you some alternative forms that might be easier to work with. See here: http://www.wolframalpha.com/input/?i=50%3C%3Dx%2Bk+%26%26+x%2Bk%3C51

Setting logic for solver in Z3 (API)

I notice that the Z3 C++ (and C) API allows you to supply the logic to be used.
I have two questions about this that I couldn't answer by looking online:
Are these supposed to be the standard SMT-LIB logics i.e. QF_LRA
When are these worth supplying i.e. when will Z3 actually use this information
My context is mainly QF no BV but everything else possible, I am using the SMT solver incrementally and I can always work out what logic I will be in at the start.
Z3 will also try to figure out what the logic is (when run with default options), but it doesn't have custom tactics for all combinations of theories (see default_tactic.cpp and smt_strategic_solver.cpp). When you are not sure what Z3 will decide to do, then it's best to set the tactic right up front, so that you will get errors if you try to use things that are not in that logic. It will also use that information to set up the smt kernel, e.g., enabling various preprocessors, various solver features, and chosing heuristics (see e.g., smt_setup.cpp).
Try it out and see!
Usually it does make a big difference. Setting the logic means the solver will use a specialized tactic to solve the formula, instead of going through the generic loop. Z3 will also try to guess the logic, but it's usually better to just provide it upfront.

Does ctx-solver-simplify (and similar tactics) produce equivalent formulas, or just SAT-equivalent, or am I doing things completely wrong?

I'm trying to make z3 (I'm using z3py) to simplify some formulas for me (so that I can have more or less human-readable output). Using ctx-solver-simplify tactic seemed a good choice for me since in a couple of passes it would produce nice compact formulas. But soon I've run into a situation when the output of ctx-solver-simplify does not seem to be equivalent to the original formula (it looks more like being satisfiability-equivalent or so). Also, it might be the case that I'm not dealing with tactics correctly.
Here's what I was trying to do: http://rise4fun.com/Z3Py/g5sX. So, I construct a formula Set2 (everything before the definition of Set2 is just a setup needed to define it) which has a particular satisfying assignment. After applying ctx-solver-simplify, I get a single formula (as a goal) for which this assignment is not satisfying. So what am I dong wrong?
Am I wrong assuming that ctx-solver-simplify would produce an equivalent formula?
Am I handling the tactics and their output in the wrong way?
Anything else?
Thanks.
I have been looking into this, but have so far been unable to reproduce the bug directly
with our current branch. A bug in the context simplifier was fixed a little while ago, and it could
be manifesting itself with the online version of Z3.
There are still a few things I can do to double check if we can reproduce the bug
and I will update this post with what I find.

printing internal solver formulas in z3

The theorem proving tool z3 is taking a lot of time to solve a formula, which I believe it should be able to handle easily. To understand this better and possibly optimize my input to z3, I wanted to see the internal constraints that z3 generates as part of its solving process.
How do I print the formula that z3 produces for its back-end solvers, when using z3 from the command line?
Z3 command line tool does not have such option. Moreover, Z3 contains several solvers and pre-processing steps. It is unclear which step would be useful for you. The Z3 source code is available at https://github.com/Z3Prover/z3. When Z3 is compiled in debug mode, it provides an extra command line option -tr:<tag>. This option can be used to selectively dump information. For example, the source file nlsat_solver.cpp contains the following instruction:
TRACE("nlsat", tout << "starting search...\n"; display(tout);
tout << "\nvar order:\n";
display_vars(tout););
The command line option -tr:nlsat will instruct Z3 to execute the instruction above. tout is the trace output stream. It will be stored in the file .z3-trace. The Z3 source is full of these TRACE commands. Since the code is available, we can also add our own trace commands in the code.
If you post your example, I can tell you which Z3 components are used to preprocess and solve it.
Then, we can select which "tags" we should enable for tracing.
EDIT (after the constraints were posted):
Your example is in the mixed integer & real nonlinear arithmetic.
The new nonlinear arithmetic solver (nlsat) in Z3 does not support to_int.
Thus, the Z3 general purpose solver is used to solve your problem.
Although this solver accepts almost everything, it is not even complete for nonlinear real arithmetic. The nonlinear support on this solver is based on: interval analysis and Grobner basis computations.
This solver is implemented in the folder src/smt (in the unstable branch).
The arithmetic module is implemented in the files theory_arith*.
A good tracing command line option is -tr:after_reduce. It will display the set of constraints after pre-processing.
The bottleneck is the arithmetic module (theory_arith*).
Additional Remarks:
The problem is in a undecidable fragment: mixed integer & real nonlinear arithmetic. That is, it is impossible to write a sound and complete solver for this fragment. Of course, we can write a solver that solves instances we find in practice. I believe it is possible to extend nlsat to handle the to_int.
If you avoid to_int, you will be able to use nlsat. The problem will be in the nonlinear real arithmetic fragment. I understand that this may be hard, since the to_int seems to be a key thing in your encoding.
The code in the "unstable" branch at z3.codeplex.com is much better organized than the official version in the "master" branch. I will merge it with the "master" branch soon. You can retrieve the "unstable" branch if you want to play with the source code.
The "unstable" branch uses a new build system. You can build the release version with tracing support. You just have to use the option -t when generating the Makefile.
python scripts/mk_make.py -t
When Z3 is compiled in debug mode, the option AUTO_CONFIG=false by default. Thus, to reproduce the behavior of "release" mode, you must provide the command line option AUTO_CONFIG=true.

Resources