Issue #354. Fix unsoundness in Array theory based on missing propagation of selects over ite expressions

Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2025-04-28 03:15:50 +00:00 · 2016-01-10 17:11:12 -08:00 · 2016-01-10 17:11:12 -08:00 · fce286db91
commit fce286db91
parent 0df4931c4b
10 changed files with 112 additions and 10 deletions
--- a/src/smt/proto_model/proto_model.cpp
+++ b/src/smt/proto_model/proto_model.cpp
@ -174,6 +174,13 @@ bool eval(func_interp & fi, simplifier & s, expr * const * args, expr_ref & resu
    return true;
 }

+bool proto_model::is_select_of_model_value(expr* e) const {
+    return 
+        is_app_of(e, m_afid, OP_SELECT) && 
+        is_as_array(to_app(e)->get_arg(0)) &&
+        has_interpretation(array_util(m_manager).get_as_array_func_decl(to_app(to_app(e)->get_arg(0))));
+}
+
 /**
   \brief Evaluate the expression e in the current model, and store the result in \c result.
   It returns \c true if succeeded, and false otherwise. If the evaluation fails,
@ -257,7 +264,7 @@ bool proto_model::eval(expr * e, expr_ref & result, bool model_completion) {
                        m_simplifier.mk_app(f, num_args, args.c_ptr(), new_t);
                        TRACE("model_eval", tout << mk_pp(t, m_manager) << " -> " << new_t << "\n";);
                        trail.push_back(new_t);
-                        if (!is_app(new_t) || to_app(new_t)->get_decl() != f) {
+                        if (!is_app(new_t) || to_app(new_t)->get_decl() != f || is_select_of_model_value(new_t)) {
                            // if the result is not of the form (f ...), then assume we must simplify it.
                            expr * new_new_t = 0;
                            if (!eval_cache.find(new_t.get(), new_new_t)) {
@ -588,7 +595,7 @@ void proto_model::register_value(expr * n) {
    }
 }

-bool proto_model::is_array_value(expr * v) const {
+bool proto_model::is_as_array(expr * v) const {
    return is_app_of(v, m_afid, OP_AS_ARRAY);
 }

--- a/src/smt/proto_model/proto_model.h
+++ b/src/smt/proto_model/proto_model.h
@ -59,6 +59,7 @@ class proto_model : public model_core {
    void remove_aux_decls_not_in_set(ptr_vector<func_decl> & decls, func_decl_set const & s);
    void cleanup_func_interp(func_interp * fi, func_decl_set & found_aux_fs);

+    bool is_select_of_model_value(expr* e) const;

 public:
    proto_model(ast_manager & m, simplifier & s, params_ref const & p = params_ref());
@ -68,7 +69,7 @@ public:

    bool eval(expr * e, expr_ref & result, bool model_completion = false);

-    bool is_array_value(expr * v) const;
+    bool is_as_array(expr * v) const;
    
    value_factory * get_factory(family_id fid);