Fix constant array UNSAT missed for small-domain store chains (#9907)

mirrors/z3

mirror of https://github.com/Z3Prover/z3 synced 2026-06-20 15:40:37 +00:00

Z3 incorrectly returns SAT for formulas like `store(store(const(x), i0,
e0), i1, e1) = store(store(const(y), i0, e0), i1, e1) ∧ x ≠ y` when the
index sort has a small finite domain (e.g. `(_ BitVec 2)` = 4 elements).
The quantifier-based encoding of the same constraint correctly returns
UNSAT.

## Changes

### `src/sat/smt/array_solver.cpp` — `add_parent_lambda()`

When a store is added to an array's `m_parent_lambdas` after that array
already has `m_has_default = true` (i.e., a `default(array)` term
already exists in the e-graph), the default axiom for the new store was
silently dropped. This breaks the propagation chain:

```
default(const(x)) = x
  ↓ [via store default axiom]
default(store(const(x), i, v)) = x
  ↓ [via store default axiom]
default(store(store(const(x), ...), ...)) = x
  ↓ [EUF congruence from store equality]
x = y  →  contradiction
```

Fix: push `default_axiom(lambda)` in `add_parent_lambda` when
`m_has_default` is already set, so late-arriving stores still get their
default axioms instantiated.

```cpp
void solver::add_parent_lambda(theory_var v_child, euf::enode* lambda) {
    auto& d = get_var_data(find(v_child));
    ctx.push_vec(d.m_parent_lambdas, lambda);
    if (should_prop_upward(d))
        propagate_select_axioms(d, lambda);
    if (d.m_has_default)           // new: fire default axiom retroactively
        push_axiom(default_axiom(lambda));
}
```

### Known remaining gap

`mk_eq_core` in `array_rewriter.cpp` also has a related issue: the
unconditional store-chain expansion fires only when `domain_size >
num_lhs + num_rhs` (line 893), but the correct threshold is `domain_size
> max(num_lhs, num_rhs)`. With 4-element domain and 2 stores per side,
`2+2 = 4` equals the domain size so the expansion is skipped. The
variant gated by `m_expand_store_eq` already uses `max()` correctly
(line 911); the unconditional path needs the same fix.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Nikolaj Bjorner <nbjorner@microsoft.com>

This commit is contained in:

Copilot

2026-06-19 18:31:44 -06:00

• committed by

Nikolaj Bjorner

parent 8d6fdcd3ee

commit 5dfe836d38

1 changed files with 2 additions and 0 deletions

									
										2

src/sat/smt/array_solver.cpp
									
										View file
										
				@ -203,6 +203,8 @@ namespace array {

				        ctx.push_vec(d.m_parent_lambdas, lambda);

				        if (should_prop_upward(d))        

				            propagate_select_axioms(d, lambda);

				        if (d.m_has_default)

				            push_axiom(default_axiom(lambda));

				    }

				    void solver::add_parent_default(theory_var v) {

Rows
Columns

Fix constant array UNSAT missed for small-domain store chains (#9907)

2 src/sat/smt/array_solver.cpp Unescape Escape View file

2

src/sat/smt/array_solver.cpp

View file