Z3 4.0 Extra Output in Model - z3

When I am trying to get a model string, along with the variables that I define, I get extra output in the model as -
z3name!0=3, z3name!1=-2, z3name!10=0, z3name!11=0, z3name!12=0, z3name!13=0, z3name!14=0, z3name!15=0, z3name!2=0, z3name!3=0, z3name!4=2, z3name!5=2, z3name!6=0, z3name!7=-3, z3name!8=2, z3name!9=0
I want to know that is this erroneous output?
Or is it some intermediate variables that are being used by Z3?
Because the values for the variables I have defined seems okay to me.
I have not seen previously any such output, thus I got this doubt.

Z3 has several preprocessing steps. Some of them introduce new variables. The new variables are usually removed from the resulting model. If they are not, this is a bug. However, this bug does not affect correctness. It is just an inconvenience.
It would be great if you could post your problem. We would be able to identify which preprocessing step is not eliminating the introduced auxiliary variables.

I realize this is an old topic, but I found myself having the same "bug" as Leonardo called it. Since the OP did not post his code, I thought mine could maybe help fix it (even though this extra output is not a problem for me as long as correctness is indeed preserved).
It appears that if I change the "/" in the final assertion for, let's say, a "+" operator, the problem disappears.
(declare-fun fun0!0 () Int)
(declare-fun fun0!-1 () Int)
(declare-fun var0 () Int)
(assert (and
(and
(or (= fun0!0 0) (= fun0!0 1) (= fun0!0 2))
(or (= fun0!-1 0) (= fun0!-1 1) (= fun0!-1 2))
(or (= var0 1) (= var0 -1))
)
(and (or (= var0 0) (= var0 -1)))
))
(define-fun fun0 ((i! Int)) Int
(ite
(= i! 0)
fun0!0
(ite
(= i! -1)
fun0!-1
(- 0 1)
)
)
)
(assert (=
(fun0 var0)
(/ var0 var0)
))
(check-sat)

Related

z3 usage problem in java and strange error

I am using Z3 for the constraints check, and I am currently use the java Z3 package.
What I am doing is that and this is my java code:
Context context = new Context();
Solver s=context.mkSolver();
IntExpr i=context.mkIntConst("i");
IntExpr zero=context.mkInt(1);//int i;
BoolExpr initial=context.mkEq(i,zero);//i=0;
IntExpr one=context.mkInt(1); //initial 1
ArithExpr ipp=context.mkAdd(i,one);//i+1
BoolExpr ippResult=context.mkEq(i,ipp);//i=i+1
BoolExpr gtI=context.mkGe(i,zero);
s.add(initial);
s.add(ippResult);
s.add(gtI);
System.out.println(s+"\n\n");
System.out.println(s.check());
And here is the output I have
(declare-fun i () Int)
(assert (= i 1))
(assert (= i (+ i 1)))
(assert (>= i 1))
UNSATISFIABLE
So I don't know why z3 returns that it is not satisfiable? Since i+1>=1 actually, it is so strange. I don't know what code I am writing wrongly. Thanks!
Your program isn't complete; you use gtI but you never defined it. Probably cut-and-paste error.
In any case, your problem is nicely captured by the SMTLib portion of your output:
(declare-fun i () Int)
(assert (= i 1))
(assert (= i (+ i 1)))
(assert (>= i 1))
The second line says i is 1. Third line says i is equal to i+1. Combining these two, the solver deduces that it must be the case that 1 = 2. Which is clearly not true, and hence you get the UNSATISFIABLE result.
I suspect you wanted to create a new variable and use that in creating i+1, perhaps j? But hard to opine without knowing what it is that you are trying to achieve.

Z3; Simplify with if-then-else

Is there a way to simplify the following expression to "6 < var"?
According to Z3, these expressions are equivalent but simplification does not produce the latter.
I have tried the three parameters since they seem to be related to if-then-else but this also did not help.
(declare-fun var () Int)
(simplify
(exists ((bx Int))
(and
(exists ((byX Int))
(ite (> bx 5) (= byX 0) (&& (> bx 2) (= byX (+ byX 4)))))
(= bx (+ var 1))
(> var 6)
)
)
:push_ite_arith true
:pull_cheap_ite true
:ite_extra_rules true
)
(assert
(not
(iff
(exists ((bx Int))
(and
(exists ((by Int))
(ite (> bx 5) (= by 0) (&& (> bx 2) (= by (+ by 4)))))
(= bx (+ var 1))
(> var 6)
)
)
(< 6 var)
)
)
)
(check-sat)
Not in general, no.
Z3's simplifications and what you would consider "simple" are typically not the same, and it works more or less as a black-box. It won't produce output like what you would get from a symbolic math package or alike: The simplifications are more geared towards making the input "simpler" for further solving; not for "presenting it back to the user" purpose.
You can find many similar questions on stack-overflow, see: https://stackoverflow.com/search?q=%5Bz3%5D+simplify and in particular this answer from Leo: simplification in Z3

Is it possible to use both bit-blast and soft-assert with the z3 solver?

I'm trying to use the z3 smt solver to allocate values to variables subject to constraints. As well as hard constraints I have some soft constraints (e.g. a != c). I expected to be able to specify the hard constraints with assert and the soft constraints as soft-assert and this works if I solve with (check-sat).
Some of the files are large and complex and only solve in a reasonable time if I turn on bit-blasting using (check-sat-using (then simplify solve-eqs bit-blast sat)). When I do this the soft asserts seem to be ignored (example below or at rise4fun). Is this expected? Is it possible to use both bit-blast solving and soft-assert at the same time?
The following SMT code defines 4 bitvectors, a, b, c & d which should all be able to take unique values but are only forced to do so by soft asserts. Using the check-sat (line 39) works as expected but the check-sat-using (line 38) assigns b and d to the same value.
(set-option :produce-models true)
(set-logic QF_BV)
;; Declaring all the variables
(declare-const a (_ BitVec 2))
(declare-const b (_ BitVec 2))
(declare-const c (_ BitVec 2))
(declare-const d (_ BitVec 2))
(assert (or (= a #b00)
(= a #b01)
(= a #b10)
(= a #b11)))
(assert (or (= b #b00)
(= b #b01)
(= b #b10)
(= b #b11)))
(assert (or (= c #b00)
(= c #b01)
(= c #b10)
(= c #b11)))
(assert (or (= d #b00)
(= d #b01)
(= d #b10)
(= d #b11)))
;; Soft constraints to limit reuse
(assert-soft (not (= a b)))
(assert-soft (not (= a c)))
(assert-soft (not (= a d)))
(assert-soft (not (= b c)))
(assert-soft (not (= b d)))
(assert-soft (not (= c d)))
(check-sat-using (then simplify solve-eqs bit-blast sat))
;;(check-sat)
(get-value (a
b
c
d))
Great question! When you use assert-soft the optimization engine kicks in by default. You can see this by using your program with the (check-sat) clause, and running with higher verbosity. I've put your program in a file called a.smt2:
$ z3 -v:3 a.smt2
(optimize:check-sat)
(sat.solver)
(optimize:sat)
(maxsmt)
(opt.maxres [0:6])
(sat.solver)
(opt.maxres [0:0])
found optimum
sat
((a #b01)
(b #b00)
(c #b11)
(d #b10))
So, we can see z3 is treating this as an optimization problem, which takes soft-constraints into account and gives you the "disjointness" you're seeking.
Let's do the same, but this time we'll use the check-sat call that specifies the tactics to use. We get:
$ z3 -v:3 a.smt2
(smt.searching)
sat
((a #b11)
(b #b11)
(c #b11)
(d #b10))
And this confirms your suspicion: When you tell z3 exactly what to do, it doesn't do the optimization pass. In hindsight, this is to be expected, but I do agree that it's rather surprising.
The question is then whether we can tell z3 to do the optimization explicitly. However I'm not sure if this is even possible within the tactic language. I think this question is well worthy of asking at their issues site (https://github.com/Z3Prover/z3/issues) and see if there's a magic incantation you can use to kick off the maxres engine from the tactic language. (This may not be possible due to a number of reasons, but there's no reason to speculate here.) Please report back here what you find out!

Can Z3 output "anything" for unconstrained values of UF?

Some values of uninterpreted functions can be unconstrained during the search. For example, if in smt query only f(1) is called, then f(2), f(3) can be anything. Is there a way (some option may be) to know which values were not used during the solving and therefore can be anything?
For quantifier free problems, you can achieve that by using the option :model-partial to true.
Here is an example (also available here):
(set-option :model-partial true)
(declare-fun f (Int) Int)
(assert (> (f 0) 0))
(assert (< (f 1) 0))
(check-sat)
(get-model)
In this example, we get the output:
sat
(model
(define-fun f ((x!1 Int)) Int
(ite (= x!1 0) 1
(ite (= x!1 1) (- 1)
#unspecified)))
)
BTW, in the next release (Z3 4.3.2), this option is renamed to :model.partial. In the next release, the options are grouped in modules.

simplification in Z3

(declare-datatypes () ((SE BROKEN ON OFF)))
(declare-const s SE)
(declare-const a Int)
(simplify (or (= s ON) (= s OFF) (= s BROKEN)))
(simplify (and (> a 0) (> a 1)))
The result is:
(or (= s ON) (= s OFF) (= s BROKEN))
(and (not (<= a 0)) (not (<= a 1)))
But the expected result was:
1
> a 1
Is it possible to simplify such expressions (the combinations of such expressions) in Z3?
Thank you!
The simplify command is just a bottom-up rewriter. It is fast, but will fail to simplify expressions such as the ones in your post. Z3 allows users to define their own simplification strategies using tactics. They are described in this article, and the Z3 tutorials (Python and SMT 2.0). The following posts also have additional information:
t>=1 or t>=2 => t>=1
Asymmetric behavior in ctx-solver-simplify
what's the difference between "simplify" and "ctx-solver-simplify" in z3
The first query in your example can be simplified using the tactic ctx-solver-simplify (also available online here).
(declare-datatypes () ((SE BROKEN ON OFF)))
(declare-const s SE)
(declare-const a Int)
(assert (or (= s ON) (= s OFF) (= s BROKEN)))
(assert (and (> a 0) (> a 1)))
(apply ctx-solver-simplify)
The command apply applies the tactic ctx-solver-simplify over the set of assertions, and displays the resulting set of goals. Note that, this tactic is way more expensive than the command simplify.

Resources