Z3

问题 I am using Z3 4.1 C-API on linux. I want to specify a timeout for a solver. I am using following commands, however I get a segmentation fault in the command Z3_solver_set_params(). Z3_context ctx = mk_context(); Z3_solver s = Z3_mk_solver(ctx); Z3_params params = Z3_mk_params(ctx); Z3_symbol r = Z3_mk_string_symbol(ctx, ":timeout"); Z3_params_set_uint(ctx, params, r, static_cast<unsigned>(10)); Z3_solver_set_params(ctx, s, params); It seems that I am not using APIs correctly. I couldn't find

问题 I'm aware that there is a simplex solver implemented in z3. Is it possible to use the solver for linear optimization? Where is the interface for the solver located in the z3 source code? 回答1: Yes, Z3 has a solver based on the Simplex method. It is implemented in the files src\smt\theory_arith* . The main files are src\smt\theory_arith.h and src\smt\theory_arith_core.h . This solver has very basic support for optimization in the file src\smt\theory_arith_aux.h . This functionality is not

问题 In my tool, I use conditions that compare constants to integer variables (for example y < 100). Often, there are multiple conditions for one variable and I want to simplify those cases. For example: y < 100 && y != 99 should become y < 99. The simplify tactic does not do this and none of the arguments for simplify sound like they can help. In Code: context c; goal g(c); expr x = c.int_const("x"); expr y = c.int_const("y"); solver s(c); expr F = y < 100 && y != 99; g.add(F); tactic t = tactic

问题 I am trying to compile the OCaml binding for z3 in Linux. I tried using the provided Makefile: I did "make ocamlrelease" but it aborts with the error cp: cannot stat `ml_release/build-lib.sh': No such file or directory I also read the included readme.txt in the ml directory and it says to use SLAM and SDT, but these seem to work only in Windows, not Linux. How can I compile the OCaml binding? Thanks, José 回答1: We are currently working on this issue. It should be fixed soon. Right now, the ML

问题 I want to find a maximal interval in which an expression e is true for all x . A way to write such a formula should be: Exists d : ForAll x in (-d,d) . e and ForAll x not in (-d,d) . !e . To get such a d , the formula f in Z3 (looking at the one above) could be the following: from z3 import * x = Real('x') delta = Real('d') s = Solver() e = And(1/10000*x**2 > 0, 1/5000*x**3 + -1/5000*x**2 < 0) f = ForAll(x, And(Implies(And(delta > 0, -delta < x, x < delta, x != 0), e), Implies(And(delta > 0,

问题 I'm building a symbolic execution engine for Python using Z3 with it's Python module. I need to reason about strings, but it doesn't appear to be supported in the current API for Python I found it can be done somehow: https://github.com/cs-au-dk/Artemis/tree/master/contrib/Z3-str How can I get Z3 to reason about strings using it's python API? (maybe extend it?) If not possible, though I may try to implement it as arrays of ints (where each int represents a char in the string) and write some

问题 I notice that the Z3 C++ (and C) API allows you to supply the logic to be used. I have two questions about this that I couldn't answer by looking online: Are these supposed to be the standard SMT-LIB logics i.e. QF_LRA When are these worth supplying i.e. when will Z3 actually use this information My context is mainly QF no BV but everything else possible, I am using the SMT solver incrementally and I can always work out what logic I will be in at the start. 回答1: Z3 will also try to figure out

问题 I know that both bv2int and int2bv are handled as uninterpreted functions in Z3. Still, I am looking for a best practice in solving the following problem: given a "small" (< 10 bits) bitvector index, how to efficiently cast it to Int, and use in queries like this one: (declare-const s String) (declare-const someInt Int) (declare-const someBitVec10 (_ BitVec 10)) (assert (= s "74g\x00!!#2#$$")) ;(assert (str.in.re (str.at s someBitVec10) (re.range "a" "z"))) ( assert (str.in.re (str.at s

问题 I am trying to use Z3 to produce a model for a set of SAT assertions describing a partial order theory. I tried the subtype example in Z3 guide but it seems I cannot get a concrete model. Is there a way that Z3 can produce a model that describes the orders among elements and satisfies all assertions I made? For example, following are the constraints for "subtype". Is it possible that Z3 may produce a model like "int-type *<* real-type *<* complex-type *<* obj-type *<* root-type" and "string

问题 I am accessing the managed API from F#. I can construct Z3 expressions using ctx.MkFalse, MkImplies, MkMul etc. but how do i traverse a Z3 expression to discover its structure? Is there something like e.Op or e.IsFalse, e.IsImplies etc. 回答1: You should take a look at documentation of Expr.cs. Here is a simple F# example that traverses through an expression: let traverse (expr: Expr) = printfn "num args: %O" expr.NumArgs printfn "children: %A" expr.Args printfn "1st child: %O" expr.Args.[0]