To create a Sets of 3 elements (1,2,3) in Z3, I am using the follows code:
(define-sort Set () ( Array Int Bool ) )
(declare-const s Set )
( assert ( and ( = ( select s 1 ) true ) ( = ( select s 2 ) true )
( = ( select s 3 ) true ) ) )
The Model I am getting is as follows :
(model
(define-fun s () (Array Int Bool)
(_ as-array k!0))
(define-fun k!0 ((x!1 Int)) Bool
(ite (= x!1 2) true
(ite (= x!1 3) true
(ite (= x!1 1) true
true))))
)
But instead how can I get a model of the form :
(model (define-fun s () (Array Int Bool)
(_ as-array k!0)) (define-fun k!0 ((x!1 Int)) Bool
(ite (= x!1 2) true
(ite (= x!1 3) true
(ite (= x!1 1) true
false)))) )
So that elements other than the set members are not included in the set.
You can achieve this by starting from the empty set, i.e. the array that is defined to be false everywhere.
Here is an example:
(declare-const s1 (Array Int Bool))
(assert (= s1
(store
(store
(store
((as const (Array Int Bool)) false)
1 true)
2 true)
3 true)
))
(check-sat)
(get-model)
Related
I created this file which is supposed to represent Dekker's algorithm
Given a variable Turn of type proc and two arrays want and crit mapping proc to bools
The initial state is want[p] = false and crit[p] = false for all proc p
I can non deterministically take one of the three transitions below :
req : if there exists a proc p such that want[p] = false then want'[p] = true
enter : if there exists a proc p such that want[p] = true and turn = p then crit'[p] = true
exit : if there exists a proc p such that crit[p] = true then want'[p] = false, crit'[p] = false and turn = ? (? represent the fact that any proc p' can be attributed to turn).
A state is unsafe if there exists two proc p1 and p2 such that crit[p1] = crit[p2] = true
I represented it like this :
(set-logic HORN)
(define-sort proc () Int)
(define-sort myarray () (Array proc Bool))
(declare-var turn proc)
(declare-var want myarray)
(declare-var crit myarray)
(declare-fun reachable (proc myarray myarray) Bool)
;; Init
(rule
(=>
(forall ((z proc))
(and
(= (select want z) false)
(= (select crit z) false)
)
)
(reachable turn want crit)
)
)
;; Unsafe
(assert
(exists ((z1 proc) (z2 proc))
(=>
(and
(not (= z1 z2))
(= (select want z1) true)
(= (select want z2) true)
)
(reachable turn want crit)
)
)
)
;; Req
(assert
(exists ((z proc))
(=>
(and
(= (select want z) false)
(reachable turn want crit)
)
(reachable turn (store want z true) crit)
)
)
)
;; Enter
(assert
(exists ((z proc))
(=>
(and
(= (select want z) true)
(= turn z)
(reachable turn want crit)
)
(reachable turn want (store crit z true))
)
)
)
;; Exit
(assert
(exists ((z1 proc)
(z2 proc)
)
(=>
(and
(= (select crit z1) true)
(reachable turn want crit)
)
(and
(reachable
z2
(store want z1 false)
(store crit z1 false)
)
)
)
)
)
(check-sat)
But when I call z3 dekker.smt2 it gives me unknown as an answer.
If I try to do it like this :
(set-logic HORN)
(declare-fun reachable (Int
(Array Int Bool)
(Array Int Bool)) Bool)
;; Init
(assert
(forall ((Turn Int)
(Want (Array Int Bool))
(Crit (Array Int Bool))
)
(=>
(forall ((z Int))
(and
(= (select Want z) false)
(= (select Crit z) false)
))
(reachable Turn Want Crit)
)))
;; Unsafe
(assert
(forall ((Turn Int)
(Want (Array Int Bool))
(Crit (Array Int Bool))
)
(=>
(reachable Turn Want Crit)
(not
(exists ((z1 Int) (z2 Int))
(and (not (= z1 z2))
(= (select Crit z1) true)
(= (select Crit z2) true)
)
)
)
)
)
)
;; Transitions
(assert
(forall (
(Turn Int)
(Want (Array Int Bool))
(Crit (Array Int Bool))
(Turn_ Int)
(Want_ (Array Int Bool))
(Crit_ (Array Int Bool))
)
(=>
(and
(reachable Turn Want Crit)
(or
;;req
(exists ((n Int))
(and (= (select Want n) false)
(= Turn_ Turn)
(= Want_ (store Want n true))
(= Crit_ Crit)
)
)
;;req
(exists ((n Int))
(and (= (select Want n) true)
(= Turn n)
(= Turn_ Turn)
(= Want_ Want)
(= Crit_ (store Crit n true))
)
)
;;req
(exists ((n Int) (n2 Int))
(and (= (select Crit n) true)
(= Turn_ n2)
(= Want_ (store Want n false))
(= Crit_ (store Crit n false))
)
)
)
)
(reachable Turn_ Want_ Crit_)
)
)
)
(check-sat)
I get this answer :
PDR cannot solve non-ground tails: (let ((a!1 (forall ((z Int))
(and (= (select reachable_1_n z) false)
(= (select reachable_2_n z) false)))))
(= a!1 true))
unknown
The problem in relational algebra REL051+1.p reads
File : REL051+1 : TPTP v6.1.0. Released v4.0.0.
% Domain : Relation Algebra
% Problem : Dense linear ordering
Using TPTP syntax with fof the corresponding code is
fof(f01,axiom,(
! [A] : o(A,A) )).
fof(f02,axiom,(
! [A,B] :
( ( A != B
& o(A,B) )
=> ~ o(B,A) ) )).
fof(f03,axiom,(
! [A,B,C] :
( ( o(A,B)
& o(B,C) )
=> o(A,C) ) )).
fof(f04,axiom,(
! [A,B] :
( ( A != B
& o(A,B) )
=> ( o(A,f(A,B))
& o(f(A,B),B) ) ) )).
fof(f05,axiom,(
! [A,B] :
( f(A,B) != A
& f(A,B) != B ) )).
fof(f06,axiom,(
! [A,B] :
( o(A,B)
| o(B,A) ) )).
As you can see in TPTP all ATPs are unable to prove such problem.
This theorem was refuted with Z3 using the following SMT-LIB
(declare-sort S)
(declare-fun o (S S) Bool)
(declare-fun f (S S) S)
(assert (forall ((A S)) (o A A) ))
(assert (forall ((A S) (B S)) (implies (and (distinct A B) (o A B))
(not (o B A))) ) )
(assert (forall ((A S) (B S) (C S)) (implies (and (o A B) (o B C))
(o A C)) ) )
(assert (forall ((A S) (B S)) (implies (and (distinct A B) (o A B))
(and (o A (f A B)) (o (f A B) B))) ) )
(declare-fun B () S)
(assert (forall ((A S)) (and (distinct (f A B) A)
(distinct (f A B) B)) ) )
(assert (not (forall ((A S)) (or (o A B) (o B A)) ) ))
(check-sat)
(get-model)
and the corresponding output is
sat
(model
;; universe for S:
;; S!val!0 S!val!3 S!val!1 S!val!2
;; -----------
;; definitions for universe elements:
(declare-fun S!val!0 () S)
(declare-fun S!val!3 () S)
(declare-fun S!val!1 () S)
(declare-fun S!val!2 () S)
;; cardinality constraint:
(forall ((x S)) (or (= x S!val!0) (= x S!val!3) (= x S!val!1) (= x S!val!2)))
;; -----------
(define-fun B () S
S!val!1)
(define-fun A!0 () S
S!val!0)
(define-fun f!47 ((x!1 S) (x!2 S)) S
(ite (and (= x!1 S!val!2) (= x!2 S!val!1)) S!val!3
S!val!2))
(define-fun k!46 ((x!1 S)) S
(ite (= x!1 S!val!2) S!val!2
(ite (= x!1 S!val!0) S!val!0
(ite (= x!1 S!val!3) S!val!3
S!val!1))))
(define-fun f ((x!1 S) (x!2 S)) S
(f!47 (k!46 x!1) (k!46 x!2)))
(define-fun o!48 ((x!1 S) (x!2 S)) Bool
(ite (and (= x!1 S!val!1) (= x!2 S!val!1)) true
(ite (and (= x!1 S!val!0) (= x!2 S!val!0)) true
(ite (and (= x!1 S!val!2) (= x!2 S!val!2)) true
(ite (and (= x!1 S!val!3) (= x!2 S!val!3)) true
false)))))
(define-fun o ((x!1 S) (x!2 S)) Bool
(o!48 (k!46 x!1) (k!46 x!2)))
)
Please run this example online here
My question is: This refutation with Z3 is correct?
I am trying to use Z3 to produce a model for a set of SAT assertions describing a partial order theory. I tried the subtype example in Z3 guide but it seems I cannot get a concrete model. Is there a way that Z3 can produce a model that describes the orders among elements and satisfies all assertions I made?
For example, following are the constraints for "subtype". Is it possible that Z3 may produce a model like "int-type *<* real-type *<* complex-type *<* obj-type *<* root-type" and "string-type *<* obj-type *<* root-type" (if I use "*<*" to denote subtype relation)?
(set-option :produce-models true)
(declare-sort Type)
(declare-fun subtype (Type Type) Bool)
(assert (forall ((x Type)) (subtype x x)))
(assert (forall ((x Type) (y Type))
(=> (and (subtype x y) (subtype y x))
(= x y))))
(assert (forall ((x Type) (y Type) (z Type))
(=> (and (subtype x y) (subtype y z))
(subtype x z))))
(assert (forall ((x Type) (y Type) (z Type))
(=> (and (subtype x y) (subtype x z))
(or (subtype y z) (subtype z y)))))
(declare-const obj-type Type)
(declare-const int-type Type)
(declare-const real-type Type)
(declare-const complex-type Type)
(declare-const string-type Type)
(assert (forall ((x Type)) (subtype x obj-type)))
(assert (subtype int-type real-type))
(assert (subtype real-type complex-type))
(assert (not (subtype string-type real-type)))
(declare-const root-type Type)
(assert (subtype obj-type root-type))
(check-sat)
(get-model)
Currently, I got
sat
(model
;; universe for Type:
;; Type!val!0 Type!val!3 Type!val!2 Type!val!4 Type!val!1
;; -----------
;; definitions for universe elements:
(declare-fun Type!val!0 () Type)
(declare-fun Type!val!3 () Type)
(declare-fun Type!val!2 () Type)
(declare-fun Type!val!4 () Type)
(declare-fun Type!val!1 () Type)
;; cardinality constraint:
(forall ((x Type))
(or (= x Type!val!0)
(= x Type!val!3)
(= x Type!val!2)
(= x Type!val!4)
(= x Type!val!1)))
;; -----------
(define-fun complex-type () Type
Type!val!2)
(define-fun real-type () Type
Type!val!1)
(define-fun obj-type () Type
Type!val!4)
(define-fun root-type () Type
Type!val!4)
(define-fun string-type () Type
Type!val!3)
(define-fun int-type () Type
Type!val!0)
(define-fun subtype!73 ((x!1 Type) (x!2 Type)) Bool
(ite (and (= x!1 Type!val!3) (= x!2 Type!val!1)) false
(ite (and (= x!1 Type!val!2) (= x!2 Type!val!3)) false
(ite (and (= x!1 Type!val!4) (= x!2 Type!val!1)) false
(ite (and (= x!1 Type!val!4) (= x!2 Type!val!3)) false
(ite (and (= x!1 Type!val!2) (= x!2 Type!val!1)) false
(ite (and (= x!1 Type!val!1) (= x!2 Type!val!3)) false
(ite (and (= x!1 Type!val!4) (= x!2 Type!val!0)) false
(ite (and (= x!1 Type!val!4) (= x!2 Type!val!2)) false
(ite (and (= x!1 Type!val!0) (= x!2 Type!val!3)) false
(ite (and (= x!1 Type!val!2) (= x!2 Type!val!0)) false
(ite (and (= x!1 Type!val!1) (= x!2 Type!val!0)) false
(ite (and (= x!1 Type!val!3) (= x!2 Type!val!0)) false
true)))))))))))))
(define-fun k!72 ((x!1 Type)) Type
(ite (= x!1 Type!val!1) Type!val!1
(ite (= x!1 Type!val!4) Type!val!4
(ite (= x!1 Type!val!3) Type!val!3
(ite (= x!1 Type!val!0) Type!val!0
Type!val!2)))))
(define-fun subtype ((x!1 Type) (x!2 Type)) Bool
(subtype!73 (k!72 x!1) (k!72 x!2)))
)
Thank you in advance for any help you could give.
I think that your line
(assert (forall ((x Type)) (subtype x obj-type)))
is wrong.
The correct is
(assert (forall ((x Type)) (subtype x root-type)))
The possible correct model is obtained here
When I combine arrays and quantifiers, Z3 often produces models containing applications of array-ext. For example, this test case produces the following model:
(define-fun pipeid () (Array Int Int)
(_ as-array k!2))
(define-fun valid () (Array Int Bool)
(_ as-array k!0))
(define-fun ispipe () (Array Int Bool)
(_ as-array k!1))
(define-fun pipeid_ab () Int
2)
(define-fun fd () Int
0)
(define-fun k!3 ((x!1 Int)) Int
(ite (= x!1 0) 0
(array-ext (_ as-array k!0) (_ as-array k!1))))
(define-fun k!0!4 ((x!1 Int)) Bool
(ite (= x!1 3) false
true))
(define-fun k!0 ((x!1 Int)) Bool
(k!0!4 (k!3 x!1)))
(define-fun k!1 ((x!1 Int)) Bool
true)
(define-fun k!2!5 ((x!1 Int)) Int
(ite (= x!1 3) 4
1))
(define-fun k!2 ((x!1 Int)) Int
(k!2!5 (k!3 x!1)))
First, what does the array-ext in k!3 mean? I've pieced together that (array-ext a b) is some index x for which a[x] != b[x], but either what I've pieced together is incorrect or I can't wrap my head around the circular definitions of k!0 and k!3 above.
Second, how can I extract concrete values from such models? I know that it's not in general possible to represent the concrete value of an array directly in the model, but I would like to at least understand what its concrete value is and be able to extract it in some form from the model. Even querying for individual array indices doesn't seem to help:
model.evaluate(pipeid[1]) => If(array-ext(as-array, as-array) = 3, 4, 1)
Thanks.
array-ext is an internal function symbol. It is used to implement array extensionality.
That being said, it should not appear in models. The model-based-quantifier-instantiation (MBQI) module accidentally "leaks" the array-ext into the model. I fixed the problem.
http://z3.codeplex.com/SourceControl/changeset/185f125f7a3d356192df272bfb2339ad36d3cdf9
The fix is already available in the unstable (work-in-progress) branch.
It will also be available in the nightly builds.
Here is the output after the bug fix:
(define-fun pipeid () (Array Int Int)
(_ as-array k!2))
(define-fun valid () (Array Int Bool)
(_ as-array k!0))
(define-fun ispipe () (Array Int Bool)
(_ as-array k!1))
(define-fun pipeid_ab () Int
2)
(define-fun fd () Int
0)
(define-fun k!3 ((x!1 Int)) Int
0)
(define-fun k!0!4 ((x!1 Int)) Bool
(ite (= x!1 3) false
true))
(define-fun k!0 ((x!1 Int)) Bool
(k!0!4 (k!3 x!1)))
(define-fun k!1 ((x!1 Int)) Bool
true)
(define-fun k!2!5 ((x!1 Int)) Int
(ite (= x!1 3) 4
1))
(define-fun k!2 ((x!1 Int)) Int
(k!2!5 (k!3 x!1)))
pipeid[0] => 1
pipeid[1] => 1
Is there any way to apply simplifications to uninterpreted functions defined in z3, rather than the goals and subgoals ?
I have the following z3 code :
(declare-fun f (Bool Bool) Bool)
(assert (forall ((b1 Bool) (b2 Bool))
(implies b2 (f b1 b2))))
(assert (exists ((b1 Bool) (b2 Bool))
(not (f b1 b2))))
(check-sat)
(get-model)
And I get the following output:
sat
(model
(define-fun b1!1 () Bool
false)
(define-fun b2!0 () Bool
false)
(define-fun k!7 ((x!1 Bool)) Bool
false)
(define-fun f!8 ((x!1 Bool) (x!2 Bool)) Bool
(ite (and (= x!1 false) (= x!2 true)) true
false))
(define-fun k!6 ((x!1 Bool)) Bool
(ite (= x!1 false) false
true))
(define-fun f ((x!1 Bool) (x!2 Bool)) Bool
(f!8 (k!7 x!1) (k!6 x!2)))
)
It turns out that by applying rewrite rules to the definition of f, we can get that
f is equal to the second argument (x!2) by the following derivation:
(f!8 (k!7 x!1) (k!6 x!2))
= (f!8 false (k!6 x!2))
= (f!8 false x!2)
=(x!2)
Is there any way to get z3 to produce the following definition automatically ?
(define-fun f ((x!1 Bool) (x!2 Bool)) Bool
(x!2))
Thanks for your help.
Regards,
Oswaldo.
One option is to ask Z3 to evaluate the expression (f x y) where x and y are fresh Boolean constants. The eval command will evaluated (f x y) in the current model, and will produce y in your example. Here is the complete example (also available online here):
(declare-fun f (Bool Bool) Bool)
; x and y are free Boolean constants that will be used to create the expression (f x y)
(declare-const x Bool)
(declare-const y Bool)
(assert (forall ((b1 Bool) (b2 Bool))
(implies b2 (f b1 b2))))
(assert (exists ((b1 Bool) (b2 Bool))
(not (f b1 b2))))
(check-sat)
(eval (f x y))