3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2025-10-25 00:44:36 +00:00
Commit graph

18426 commits

Author SHA1 Message Date
Guido Martínez
7c380fd6a0
bool_rewriter: fix possible segfault when disabling rewriter.sort_disjunctions (#6779)
After introducing the rewriter.sort_disjunctions option (#6774), I
noticed a segfault in a Z3 run that was working fine for me before the
PR.

I traced the difference to a slight discrepancy between the first patch
I submitted and the one we ended up merging: my first version would skip
sorting the disjuncts in mk_nflat_core, but still return BR_DONE, while
the patch in master returns BR_FAILED instead.

This patch fixes that problem, and it makes slightly more sense to me to
return a BR_DONE since, if `s` is true, some disjunct (e.g. a `false`
or a repeat) might have been simplified away. However I don't fully
understand this code.

... and I can't say I understand why the segfault happens. Perhaps that
is a separate issue?

This is the file to reproduce:
 https://gist.github.com/mtzguido/b7360c74d3d2e42d89f1bd9149ad26f6

Here's a stack trace of the failure, mk_nflat_or_core is not involved.
```
 (gdb) where
 #0  0x0000555555b98497 in smt::context::get_lit_assignment(unsigned int) const ()
 #1  0x0000555555b984cb in smt::context::get_assignment(sat::literal) const ()
 #2  0x0000555555b98504 in smt::context::get_assignment(unsigned int) const ()
 #3  0x0000555555ca83b8 in smt::context::get_assignment_core(expr*) const ()
 #4  0x0000555555c9af5a in smt::context::get_assignment(expr*) const ()
 #5  0x0000555555d7bd1d in (anonymous namespace)::has_child_assigned_to(smt::context&, app*, lbool, expr*&, unsigned int) ()
 #6  0x0000555555d7c413 in (anonymous namespace)::rel_case_split_queue::next_case_split_core(ptr_vector<expr>&, unsigned int&, unsigned int&, lbool&) ()
 #7  0x0000555555d7c589 in (anonymous namespace)::rel_case_split_queue::next_case_split(unsigned int&, lbool&) ()
 #8  0x0000555555c9c1b7 in smt::context::decide() ()
 #9  0x0000555555ca39fd in smt::context::bounded_search() ()
 #10 0x0000555555ca30c2 in smt::context::search() ()
 #11 0x0000555555ca273d in smt::context::check(unsigned int, expr* const*, bool) ()
 #12 0x0000555555cb166a in smt::kernel::check(unsigned int, expr* const*) ()
 #13 0x0000555555cb9695 in (anonymous namespace)::smt_solver::check_sat_core2(unsigned int, expr* const*) ()
 #14 0x00005555560dc0c6 in solver_na2as::check_sat_core(unsigned int, expr* const*) ()
 #15 0x00005555560d73f3 in combined_solver::check_sat_core(unsigned int, expr* const*) ()
 #16 0x00005555560d34e3 in solver::check_sat(unsigned int, expr* const*) ()
 #17 0x0000555556097b26 in cmd_context::check_sat(unsigned int, expr* const*) ()
 #18 0x0000555556082ff0 in smt2::parser::parse_check_sat() ()
 #19 0x0000555556084dc0 in smt2::parser::parse_cmd() ()
 #20 0x00005555560861b6 in smt2::parser::operator()() ()
 #21 0x00005555560757e6 in parse_smt2_commands(cmd_context&, std::basic_istream<char, std::char_traits<char> >&, bool, params_ref const&, char const*) ()
 #22 0x00005555555e8f68 in read_smtlib2_commands(char const*) ()
 #23 0x00005555555ee6f6 in main ()
 (gdb)
```
2023-06-23 11:45:29 -07:00
Nikolaj Bjorner
1b263f85e4 compile numeral constants into separate variables in the new core
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-21 09:36:20 -07:00
Guido Martínez
3517361a73
Adding some options in support of F* (#6774)
* patterns: add option for pattern decomposition (pi.decompose_patterns)

True by default, retaining current behavior.

* rewriter: add option for sorting of disjunctions (rewriter.sort_disjunctions)

True by default, retaining current behavior.
2023-06-20 16:10:37 -07:00
Nikolaj Bjorner
eb1caee18a compile constants into different variables instead of reusing a single variable 1 and coefficients. It delays introducing large coefficients and allows more efficient bounds propagation
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-20 16:09:34 -07:00
Lev Nachmanson
32ec02778e
use heap to track infeasible columns. (#6771)
* use heap to track infeasible columns

* fix the formatting

Signed-off-by: Lev Nachmanson <levnach@hotmail.com>

---------

Signed-off-by: Lev Nachmanson <levnach@hotmail.com>
2023-06-19 13:50:14 -07:00
Nikolaj Bjorner
4d44e60c33 fix #6757 2023-06-18 16:36:26 -07:00
Nikolaj Bjorner
df77541aae #6758
check-assumptions with compound formulas create fresh proxy variables both during compilation to internal format and for the assumptions. These fresh variables may occur in lemmas that are created during search. The lemmas are garbage for future check-sats, but the solver needs to be allowed to invoke GC. Adding a GC call before a check-sat with assumptions allows removing some lemmas every time a new assumptions are used. Eager GC when using assumptions is used elsewhere, for example in cube&conquer scenarios where lemmas learned from one set of assumptions are less likely to be useful for other assumptions.

With the GC invocation memory grows at a lesser pace. However, it is not entirely free of memory increases. To avoid memory bloat, have the solver pre-compile the assumptions by defining them as propositional variables, add assertions that the propositional variables are equivalent to the compound formulas and use the propositional variables as assumptions. The same propositional variables come with no extra overhead when invoking check-assumptions. The lemmas are then over the same fixed vocabulary. It is generally a good idea to recycle useful lemmas during the enumeration pass.
2023-06-18 16:21:41 -07:00
Nikolaj Bjorner
5f22e98396 fix #6766
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-18 10:05:34 -07:00
tcely
b93171de78
pattern_inference.h: include rewriter_def.h (#6765)
Needed to use the `rewriter_tpl` constructor.
2023-06-16 08:46:40 -07:00
Nikolaj Bjorner
cc4ac0e65a add guard for eq adapter 2023-06-13 16:39:53 -07:00
Nikolaj Bjorner
ac00306355 fix context simplification
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-09 11:30:56 -07:00
Nikolaj Bjorner
d0085b41c1 disable breaking change
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-09 11:15:54 -07:00
Nikolaj Bjorner
555ccc8aab simplify bounds by subsumption checks
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-09 10:21:45 -07:00
Lev Nachmanson
1006955215
get cached tv value (#6756) 2023-06-08 19:46:38 -07:00
Lev Nachmanson
f7ec5c5c64
fix sort_non_basis (#6755)
Signed-off-by: Lev Nachmanson <levnach@hotmail.com>
2023-06-08 13:08:09 -07:00
Nikolaj Bjorner
1d62964c58 avoid name clash for multiple special relations #6743 2023-06-07 17:55:11 -07:00
Nikolaj Bjorner
ab4b7c50ed fix #6749 2023-06-07 16:09:50 -07:00
Nikolaj Bjorner
06a8987314 fix #6748
destructive equality resolution uses an occurs check function that is only safe for quantifier-free formulas. In the special case where a bound variable is Boolean and occurs on a side of an equality the other side cannot have a quantifier.
2023-06-07 15:59:39 -07:00
Jakob Rath
57e92b2a59
Fix bvnego (#6750) 2023-06-07 11:24:40 -07:00
Nikolaj Bjorner
73c3f34d66 remove debug output
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-06 16:37:24 -07:00
Nikolaj Bjorner
2bff0a6b8a regression on quantifier weight computation when weights are 0 vs non-0. It modifies a change made for the fix of #2667. That fix caused a regression in F*. Reported @mtzguido
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-06 16:35:37 -07:00
Nikolaj Bjorner
68f43ac7a4 make der selective to configuration. For F*, quantifiers are hand or machine generated in specific formats and the tool depends on e-matching to use precisely the format of the quantifiers that have been entered. For other cases of quantifiers, destructive equality resolution (der) can be expected to offer simplifications
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-06-06 16:15:04 -07:00
Nikolaj Bjorner
81068981aa fix #6746, fix type errors in java bindings 2023-06-03 09:41:29 +02:00
Clemens Eisenhofer
82667bd86b
Fix UP's decide callback (#6707)
* Query Boolean Assignment in the UP

* UP's decide ref arguments => next_split

* Fixed wrapper

* More fixes
2023-06-02 09:52:54 +02:00
Nikolaj Bjorner
d59bf55539 fix formatting bug reported by Alex Nutz
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-30 22:19:42 +02:00
Nikolaj Bjorner
621f1f8a85 sanity check parameters #6737
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-30 09:44:06 +02:00
Manuel Carrasco
230306ddfc
Add solver::interrupt to Python's API. (#6739) 2023-05-28 21:04:36 +02:00
Nikolaj Bjorner
5e1869d8eb fix #6734
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-26 09:48:58 +01:00
ditto
11264c38d8
Java user propagator interface (#6733)
* Java API: user propagator interface

* Java API: improved user propagator interface

* Java API: Add UserPropagatorBase.java

* Remove redundant header file

* Initialize `JavaInfo` object and error handling

* Native.UserPropagatorBase implements AutoCloseable

* Add Override annotation
2023-05-24 18:27:28 +01:00
Nikolaj Bjorner
2c21072c99 remove stub class, it may as well go into NativeStatic.txt as C++
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-22 18:23:10 +01:00
Nikolaj Bjorner
b93529997e more stubs #6097
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-22 16:25:54 +01:00
Nikolaj Bjorner
7963ecaf63 stubs for #6097
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-22 16:21:34 +01:00
Nikolaj Bjorner
a68f91f0a6 fix #6729
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-22 14:07:12 +01:00
Nikolaj Bjorner
06ea765b82 fix #6721
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-13 09:46:49 -07:00
Michał Górny
c9d8e646ed
fix missing <cstdint> include (#6720)
Fix missing <cstdint> include in src/util/tptr.h that causes build
failure with GCC 13:

```
In file included from /tmp/z3/src/util/region.cpp:53:
/tmp/z3/src/util/region.cpp: In member function ‘void* region::allocate(size_t)’:
/tmp/z3/src/util/tptr.h:29:62: error: ‘uintptr_t’ does not name a type
   29 | #define ALIGN(T, PTR) reinterpret_cast<T>(((reinterpret_cast<uintptr_t>(PTR) >> PTR_ALIGNMENT) + \
      |                                                              ^~~~~~~~~
/tmp/z3/src/util/region.cpp:82:22: note: in expansion of macro ‘ALIGN’
   82 |         m_curr_ptr = ALIGN(char *, new_curr_ptr);
      |                      ^~~~~
/tmp/z3/src/util/region.cpp:57:1: note: ‘uintptr_t’ is defined in header ‘<cstdint>’; did you forget to ‘#include <cstdint>’?
   56 | #include "util/page.h"
  +++ |+#include <cstdint>
   57 |
```
2023-05-13 09:37:57 -07:00
Tomasz Kłoczko
520e692a43
Fix building with gcc 13 (#6723)
Trivial fix to build with gcc 13 reported in #6722.

Signed-off-by: Tomasz Kłoczko <kloczek@github.com>
2023-05-13 09:37:35 -07:00
Nikolaj Bjorner
f928b44606 update version number
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-12 14:53:52 -07:00
Nikolaj Bjorner
e417f7d785 updated release notes for 12.2
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-12 12:59:04 -07:00
Nikolaj Bjorner
ba911009e4 disable publish
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-11 16:54:40 -07:00
Nikolaj Bjorner
046b80f6a4 remove output
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-11 12:31:05 -07:00
Nikolaj Bjorner
f6ab5a61ac reformat code to remove brackets 2023-05-11 12:31:05 -07:00
Antti Hyvärinen
12e45c9d17
Implement proposed smtlib2 bitvector overflow predicates (#6715)
* Logical names for function declarations in c++

Currently, for example, the function declaration symbol member for
checking whether multiplication *does not* overflow is called
`m_bv_smul_ovfl`.  Since we are introducing the upcoming smtlib2 symbols
that check that multpliciation *does* overflow, the not overflow check
symbols are renamed to `m_bv_smul_no_ovfl` etc.

* Implement smtlib overflow preds for multiplication

Smtlib2 is being extended to include overflow predicates for bit
vectors (see https://groups.google.com/u/1/g/smt-lib/c/J4D99wT0aKI).
This commit introduces the predicates `bvumulo` and `bvsmulo` that
return `true` if the unsigned multiplication overflows or the signed
multiplication underflows or overflows, respectively.

* Move mul overflow predicates to BV logic

* Add a todo on illogical argument order

* Implement mk_unary_pred for bv

* Implement bvnego

* Implement bvuaddo

* Implement bvsaddo

* Implement bvusubo

* Implement bvssubo

* Implement bvsdivo
2023-05-09 10:37:46 -07:00
Nikolaj Bjorner
62e1ec0698 Merge branch 'master' of https://github.com/z3prover/z3 2023-05-08 12:24:30 -07:00
Nikolaj Bjorner
2e441e38c9 fix #6713 fix #6714
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-08 12:24:20 -07:00
Guillaume Bagan
0c9a5f69fd
JS/TS: add Optimize class (#6712)
* implement  Optimize class for the high level Typescript API

* javascript and wasm: add _malloc to exported functions

fix the bug https://github.com/Z3Prover/z3/issues/6709

* javascript: add tests for the Optimize class

* javascript: no reason that minimize and optimize must be constants
2023-05-06 11:53:43 -07:00
Nikolaj Bjorner
6c24a70c44 remove debug output
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-05-02 13:05:08 -07:00
Nikolaj Bjorner
f17691715b make default argument to ensure_def and mk_def explicit
- insert also macro definitions into models
2023-05-02 12:18:31 -07:00
Nikolaj Bjorner
c64d61bd0a formatting updates 2023-05-02 12:17:32 -07:00
Nikolaj Bjorner
392266c278 fix processing of else expression for model table 2023-05-02 12:16:58 -07:00
Nikolaj Bjorner
d5231f8b33 fix regressions #6703
Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
2023-04-27 08:43:59 -07:00