Say given a formula
(t1>=2 or t2>=3) and (t3>=1)
I wish to get its disjunctive normal form
(t1>=2 and t3>=1) or (t2>=3 and t3>=1)
How to achieve this in Z3?
Z3 does not have an API or tactic for converting formulas into DNF. However, it has support for breaking a goal into many subgoals using the tactic split-clause. Given an input formula in CNF, if we apply this tactic exhaustively, each output subgoal can be viewed as a big conjunction. Here is an example on how to do it.
http://rise4fun.com/Z3/zMjO
Here is the command:
(apply (then simplify (repeat (or-else split-clause skip))))
The repeat combinator keeps applying the tactic until it does not perform any modification.
The tactic split-clause fails if the input does not have a clause. That is why we use an or-else combinator with the skip (do nothing) tactic. We can improve the command by using tactics that apply simplifications (e.g., simplify, solve-eqs) after each clause is split into cases.
Note that, the script above assumes the input formula is in CNF.
Related
Related: CNF simplification (in fact, I think the submitter of that question might have been after what I want here)
A number of tools exist for simplifying (or "preprocessing" before solving) DIMACS format CNF formulas, and most SAT solvers incorporate some. However, all that I am aware of simplify a trivially satisfiable formula into a trivially satisfiable CNF with zero or one variables, i.e. they only attempt to preserve the satisfiability of the formula. I have tried at least SatELite and cryptominisat's preprocess mode.
However, for constructing CNF of a large problem, it seems to me that it would be quite useful to simplify a well-defined subset of the problem at a time, which may then be repeated a large number of times in the final CNF with additional constraints between some variables in these subformulas.
So, do any tools exist, or can ordinary SAT solvers (or other solvers like Z3, which I'm using to produce the CNF I would like to minimize) be somehow used with some cleverness, to simplify a CNF formula while preserving all solutions wrt a given set of variables?
The Coprocessor SAT preprocessor can do what you want. It can be given an optional variable scope and will only apply equivalence-preserving simplifications within that scope. Outside that scope, it will apply stronger, satisfiability-preserving simplifications. At least that was the case in version 2.
Perhaps not quite what you are looking for, but the espresso system (http://embedded.eecs.berkeley.edu/pubs/downloads/espresso/) can do boolean simplification. It's over 20 years old by now, but is still used in the industry for what it does.
Another approach is to convert the CNF into an And-Inverter-Graph (AIG) and apply methods from logic synthesis to restructure and simplify the AIG.
This is done in the ABC suite of programs, developed at the University of Berkeley. One method is structural hashing: find common (equivalent) subexpressions within the AIG and tie them together to prune the graph.
The University of Linz in Austria provides an AIGER tool-set especially devoted to And-Inverter Graphs.
I see that I can create goals, add them to a tactic, and create a solver from the tactic.
What is the advantage of this approach over simply creating a z3::solver instance and adding my expressions to it?
Tactics have a different purpose. You can create a goal that contains your assertions/constraints and then you run a Tactic ON the goal, the result of which will be a new set of (sub-)goals, i.e., new assertions/constraints. Solvers determine satisfiability and won't produce new (sub-)goals.
Tactics can be converted into solvers, such that the resulting solver will run the tactic, and if the result is conclusive (trivial sat/unsat), it will return that result. If the sub-goals produced by the tactic are not conclusive, it will return "unknown".
A formula with quantifiers contains declaration of trans function. Z3 successfully finds the model and prints it. But it also prints models for functions like trans!1!4464, trans!7!4463 .. which are not used anywhere in the model. What is it? How can I disable this output?
Here is the query: http://dl.dropbox.com/u/444947/asyn_arbiter_bound_16.smt2
and here is Z3's output - http://dl.dropbox.com/u/444947/asyn_arbiter_bound_16_result.txt
Recall that the models returned by Z3 can be viewed as simple functional programs.
Your formula is in the UFBV fragment. Z3 uses several modules to decide this fragment. Each module converts a formula F into a "simpler" formula F', and produces a procedure that converts a model for F' into a model for F. We call these procedures: "model converters". Model converters will, for example, eliminate interpretations for auxiliary functions and constants introduced in the F to F' conversion. Some auxiliary definitions can't be removed seems they are used to give interpretation of other definitions. We should view them as "auxiliary functions". They also create an interpretation for symbols that have been eliminated..
In your example, the following happens: the last module produces a model that contains the trans!... and k!... symbols. This model is for a formula that does not even contain trans. The function trans has been eliminated. As we apply the model converters, the interpretation for trans is constructed based on the interpretation of all trans!.... At this point, trans!... and k!... symbols are still being used since the interpretation of trans has a reference to all trans!... symbols and the interpretation of the trans!... functions have references to the k!... function symbols. At this step, there are no unnecessary symbols in the model. However, in a later step, the interpretation of trans is simplified by unfolding the definitions of trans!... and k!.... So, after this simplification step, trans!... and k!... are essentially "dead code".
That being said, the model returned by Z3 is correct, that is, it is a model for your formula. I acknowledge that these extra symbols are annoying and unnecessary. To eliminate them, we have apply the equivalent of a "dead code" elimination step. We are really close to the next release. So, this feature will not be available in the next release, but I will add it for the release following the next one.
I am running Z3 on UFBV queries. Currently the query contains 2 calls check-sat.
If I put push 1 just after check-sat, Z3 solves the query in 30sec. If I don't put any push 1 at all, thus have two calls check-sat without any push 1 between them, then Z3 solves it in 200sec.
Interesting. Any specific reasons or just a coincidence?
Z3 3.x has a "strategy specification language" based on tactics and tacticals. I'm not "advertising" that yet because it is working in progress.
The basic idea is described in this slide deck.
We have a different built-in strategy for each logic. The strategies usually do not support incremental solving, because they may apply transformations that use a "closed-world" assumption. Example, we have transformations that map 0-1 linear integer arithmetic into SAT. Whenever Z3 detects that the user "wants" incremental solving (e.g., multiple check-sat commands, push&pop commands), it switches to a general purpose solver. In future versions, we will provide more features for controlling Z3 behavior.
BTW, if you have two consecutive (check-sat) (check-sat) commands, Z3 not necessarily enters in incremental mode. It will enter only if there is an assert or push command between the two calls.
Now, suppose your query is of the form: (check-sat) <assertions> (check-sat), and your second query is of the form (check-sat) <assertions> (push) (check-sat). In both cases, Z3 will be in incremental mode in the second (check-sat). However, the behavior is still not the same. The incremental solver "compiles" the asserted formulas to an internal format, and its behavior is affected if a push command has been executed. For example, it will use a more efficient encoding of binary clauses only if there is no user scope. By user scope, I mean, the number of push commands - number of pop commands. It does that because the data-structure used in the more efficient encoding does not have an efficient undo/inverse operation.
I know that Z3 cannot check the satisfiability of formulas that contain recursive functions. But, I wonder if Z3 can handle such formulas over bounded data structures. For example, I've defined a list of length at most two in my Z3 program and a function, called last, to return the last element of the list. However, Z3 does not terminate when asked to check the satisfiability of a formula that contains last.
Is there a way to use recursive functions over bounded lists in Z3?
(Note that this related to your other question as well.) We looked at such cases as part of the Leon verifier project. What we are doing there is avoiding the use of quantifiers and instead "unrolling" the recursive function definitions: if we see the term length(lst) in the formula, we expand it using the definition of length by introducing a new equality: length(lst) = if(isNil(lst)) 0 else 1 + length(tail(lst)). You can view this as a manual quantifier instantiation procedure.
If you're interested in lists of length at most two, doing the manual instantiation for all terms, then doing it once more for the new list terms should be enough, as long as you add the term:
isCons(lst) => ((isCons(tail(lst)) => isNil(tail(tail(lst))))
for each list. In practice you of course don't want to generate these equalities and implications manually; in our case, we wrote a program that is essentially a loop around Z3 adding more such axioms when needed.
A very interesting property (very related to your question) is that it turns out that for some functions (such as length), using successive unrollings will give you a complete decision procedure. Ie. even if you don't constrain the size of the datastructures, you will eventually be able to conclude SAT or UNSAT (for the quantifier-free case).
You can find more details in our paper Satisfiability Modulo Recursive Programs, or I'm happy to give more here.
You may be interested in the work of Erik Reeber on SULFA, the ``Subclass of Unrollable List Formulas in ACL2.'' He showed in his PhD thesis how a large class of list-oriented formulas can be proven by unrolling function definitions and applying SAT-based methods. He proved decidability for the SULFA class using these methods.
See, e.g., http://www.cs.utexas.edu/~reeber/IJCAR-2006.pdf .