Z3

问题 Some time ago I asked how I could use Z3 to get models for constraints involving sets (Is there a way to use Z3 to get models for constraints involving sets?). For this the extended array theory works well in my case. Now I have got the same issue with sequences (with operations length, membership, (in-)equality, perhaps slicing) and maps. I.e. axiomatization leads to the same problem as for sets. I have been thinking of encoding sequences and maps using the extended array theory as well but

问题 It looks like z3 expression has a hash() method but not __hash__() . Is there a reason why not using __hash__() ? This allows the expression to be hashable. 回答1: There is no reason for not calling it __hash__() . I called it hash() because I'm new to Python. I will add __hash__() in the next release (Z3 4.2). EDIT: as pointed out in the comments, we also need __eq__ or __cmp__ to be able to use a Z3 object as a key in a Python dictionary. Unfortunately, the __eq__ method (defined at ExprRef )

问题 This is a simple bit vector problem: import z3 s = z3.Tactic('bv').solver() m = z3.Function('m', z3.BitVecSort(32), z3.BitVecSort(32)) a, b = z3.BitVecs('a b', 32) axioms = [ a == m(12432), z3.Not(a == b) ] s.add(axioms) print(s.check()) Python crashes with error code 139. Please note that, this is not my real problem, so I must use bit vector tactic in my project, though it doesn't have any problem with smt tactic or even qfbv tactic. 回答1: It seems to be a bug in 4.4.0. With 4.4.0 and Ubuntu

问题 Is it possible to ask Z3 to prove satisfiability of a system of integer polynomial inequalities with 2 different variables (or in general case) by approximating the original system with a system of linear inequalities? 回答1: By default, Z3 will try to solve a nonlinear integer problem as a linear one. The basic trick is to treat nonlinear terms such as x*y as new "variables". Nonlinear integer arithmetic is not well supported in Z3, the following post has a summary on how Z3 handles nonlinear

问题 Is division by zero included in QF_NRA? The SMT-LIB standard is confusing in this matter. The paper where the standard is defined simply does not discuss this point, in fact NRA and QF_NRA do not appear anywhere in that document. Some information is provided on the standard website. Reals are defined as including: - all terms of the form (/ m n) or (/ (- m) n) where - m is a numeral other than 0, - n is a numeral other than 0 and 1, - as integers, m and n have no common factors besides 1.

问题 I am using Z3opt. The majority of my model can be expressed in standard SMTLIB but part of it needs to be implemented in a general purpose programming language with constructs like string processing, associative arrays etc. Is it possible to use an externally defined function in a Z3 model? I know this would kill solver performance but it would only be a small part of the model. -- edit for clarification -- I wish to supply the implementation of a constraint (as a function pointer or

问题 It seems that the substitute(f,t) function in Z3Py performs simplification on f first before doing the substitution. Is there a way to disallow this? I would like the following behavior to occur: f = And(x,Not(x)) result = substitute(f,*[(Not(x),BoolVal(True))]) #sub Not(x) => True #if we simplify f first then the result = False, but if we do the substitution first then result = x 回答1: Unfortunately, the substitute procedure is implemented using the simplifier which can apply substitutions

问题 I am inferring a Function(var1) and I only care about the values of this function when 0 <= var1 <= 10 and I know, when 0 <= var <= 10, 0 <= Function(var1) <= 10. A common way (I guess) to constrain the search space of the Function is something like asserting constraints like (in z3py): for i in range(11): solver.add(And(Function(i)>=0,Function(i)<=10)) My question is that: is there a better way so that I can constrain the search space of Function? Something like setting upperbound/lowerbound

问题 Suppose we have the following C annotated code: #define L 3 int a[L] = {0}; /*@ requires \valid(a+(0..(L - 1))); ensures \forall int j; 0 <= j < L ==> (a[j] == j); */ int main() { int i = 0; /*@ loop assigns i, a[0..(i-1)]; loop invariant inv1: 0 <= i <= L; loop invariant inv2: \forall int k; 0 <= k < i ==> a[k] == k; */ while (i < L) { a[i] = i; i++; } /*@ assert final_progress: \forall int k; 0 < k < L ==> a[k] == a[k-1] + 1; assert final_c: a[2] == a[1] - 1; */ return 0; } Why Alt-Ergo/Z3

问题 I am using the Z3 SMT solver by Microsoft, and I am trying to define constants of a custom sort. It seems like such constants are not unequal by default. Suppose you have the following program: (declare-sort S 0) (declare-const x S) (declare-const y S) (assert (= x y)) (check-sat) This will give "sat", because it is of course perfectly possible that two constants of the same sort are equal. Since I am making model in which constants have to be different from each other, this means that I