I am working on a benchmark with Quantified BitVector formulas with bit-vector arithmetic. The benchmark produces with Z3 4.3.0 a segmentation fault in Linux 64 bit. I think the problem occurs because of a transitive use of equality.
...
(assert (= (bvadd (capacity this) (_ bv1 5)) (EAO.length (elements this)) ))
(assert (= (EAO.length (elements this)) (IKAO.length (heap this)) ))
The complete benchmark in question can be found here:
example
Thanks for reporting the crash. I fixed the bug. The fix is already available in the unstable (working-in-progress) branch. Here are instructions on how to build the unstable branch. The fix will also be available tomorrow in the Z3 nightly builds.
The nightly build can be downloaded at: http://z3.codeplex.com/releases. We have to click at the "Planned" link. I wrote some instructions here.
Related
Are there specific tactics I should consider for quantifier-free sequence problems? I am getting unknown satisfiability solving problems like the one below (find a sequence containing one value but not another).
I am using version 4.8.5.0 of z3.
(declare-const l (Seq Int))
(declare-const x Int)
(declare-const y Int)
(assert (not (seq.contains l (seq.unit y))))
(assert (seq.contains l (seq.unit x)))
(check-sat)
[result is unknown]
Sequence logic recently went through a bunch of changes. When I try your benchmark with a fresh build of z3 from their github sources, it successfully reports sat. See here: https://github.com/Z3Prover/z3
Before reaching out for new tactics, would be great if you can use the github version.
I was trying out examples from the article Z3: a tutorial. There is an example demonstrating that all functions are total, including "div":
(push)
(assert (= 1 (div 0 0)))
(check-sat)
;sat (pop)
I noticed that z3 version 4.8.5 returns different results depending on whether one uses "push" or not.
With the code below, z3 returns unknown:
(get-info :version)
;(push)
(assert (= 1 (div 0 0)))
(check-sat)
The output from z3 is:
(:version "4.8.5 - build hashcode 8c085f1a1850")
unknown
In contrast, with the code below, z3 returns sat:
(get-info :version)
(push)
(assert (= 1 (div 0 0)))
(check-sat)
(get-model)
The output from z3 is:
(:version "4.8.5 - build hashcode 8c085f1a1850")
sat
(model
)
In the rise4fun tutorial, it says that "The command push creates a new scope by saving the current stack size", it seems that the usage of "push" should not cause different results here since there is only one assertion?
Strictly speaking unknown and sat are not contradictory: The solver is allowed to bail out at any moment and say unknown. For instance, this sort of behavior can happen if you explicitly use tactics.
But you're absolutely correct that it's bizarre push is causing this discrepancy. Please file a ticket at the z3 github issues site: https://github.com/Z3Prover/z3/issues and let us know what you find out!
There are several posts regarding the conversion of bit vectors
to integers (and vice versa) in z3. See for example here,
here and here.
The documentation says that Z3_mk_bv2int is uninterpreted:
"...This function is essentially treated as uninterpreted.
So you cannot expect Z3 to precisely reflect the semantics of this
function when solving constraints with this function..."
However, I could not find a simple example where it does fail
to reflect the expected semantics.
For instance, whenever I use queries like this:
(declare-const s String)
(declare-const someBitVec10 (_ BitVec 10))
(assert (= s "74g\x00!!#2#$$"))
(assert (str.in.re (str.at s (bv2int someBitVec10)) (re.range "1" "3")))
(check-sat)
(get-value (s someBitVec10))
I get a correct answer (index should 7, and it is)
sat
((s "74g\x00!!#2#$$")
(someBitVec10 #b0000000111))
Could anyone please provide a simple example where z3's
bv2int and/or int2bv fail?? thanks!
This issue is now resolved, as it turns out that both int2bv and bv2int are indeed interpreted. The documentation hasn't been updated, and this might have caused the confusion (at least in my case it did). All the details are in this GitHub/z3/issues post.
I'm currently trying to write an SMT script using define-fun-rec. I've tested with both Z3, version 4.4.2, and CVC4, version 1.4. As far as I can tell, these are the most recent versions of both, and both support the feature*. However, both do not seem to recognize the command.
(I made some changes to this based on Nikolaj's reply. It still gives the error messages.) Specifically, given:
(define-fun-rec
fac ((x Int)) Int
(
ite (<= x 1)
1
(* x (fac (- x 1)))
)
)
(assert (= (fac 4) 24))
(check-sat)
Z3 outputs:
unsupported
; define-fun-rec
(error "line 10 column 17: unknown function/constant fac")
sat
And CVC4 outputs:
(error "Parse Error: fac.smt2:1.15: expected SMT-LIBv2 command, got `define-fun-rec'.
(define-fun-rec
^
")
My best guess is that there is some sort of flag I need to set or I need to be using some specific logic, but I've had a lot of trouble finding any sort of detailed instructions or examples with define-fun-rec. Any advice would be appreciated. Thanks!
*Z3 has support: How to deal with recursive function in Z3?
CVC4 has support: http://lara.epfl.ch/~reynolds/pres-smt15.pdf
The latest version of CVC4 can be downloaded under "Development versions" (on the right hand side) of:
http://cvc4.cs.nyu.edu/downloads/
The latest development version has support for recursive function definitions. You can use the cvc4 command line option "--fmf-fun" to enable a technique that finds small models for problems involving recursive function applications, assuming definitions are admissible.
(Although, unfortunately your example with factorial also requires non-linear arithmetic, which CVC4 does not yet support.)
Don't set the logic to LIA. This is not in the LIA fragment and Z3 will use the wrong tactic to solve the problem.Just remove the set-logic line.
It helps to not use an undefined function "f" inside the definition of "fib".
I would suggest that you call the function "fac" and not "fib" since you are defining a factorial function.
Thus,
(define-fun-rec
fac ((x Int)) Int
(
ite (<= x 1)
1
(* x (fac (- x 1)))
)
)
(assert (= (fac 4) 24))
(check-sat)
z3 -version
Z3 version 4.4.2
z3 fac.smt2
sat
If you change 24 to 25 you get unsat.
I was trying out the PDR engine in Z3 and I'm not sure which version of Z3 to use.
The "official" master branch from git seems to work but is dated Nov 2012. I'm sure there have been improvements since then. The unstable branch, on the other hand, "may contain unstable and/or untested code", which seems to be true.
What would be the most recent "stable" version of the engine?
For example
(declare-rel R (Real Real))
(declare-var x Real)
(declare-var y Real)
(rule
(=> (and (= x 0) (= y 0)) (R x y))
)
(rule
(=> (R x y) (R (+ x 1) (+ y 1)))
)
(query
(and (R x y) (not (= x y)))
)
Above works in master, returning unsat, but in the unstable branch the engine wanders off not solving the problem. Same holds for the example from a recent CAV paper.
This is somewhat of a regression and thanks for pointing this out.
The older version of PDR used predicates from the query when checking for inductiveness. The updated version omits this feature and diverges even though the property is very easily seen as inductive.
Using predicates from the query isn't very general and I have tried to replace this with other means. For example you can do a "magic-set" transformation that should push opportune predicates down.