* Make spacer_sem_matcher::reset() public
* Add .clang-format for src/muz/spacer
* Mark substitution::get_bindings() as const
* Fix in spacer_antiunify
* Various helper methods in spacer_util
Minor functions to compute number of free variables, detect presence of certain
sub-expressions, etc.
The diff is ugly because of clang-format
* Add spacer_cluster for clustering lemmas
A cluster of lemmas is a set of lemmas that are all instances of the same
pattern, where a pattern is a qff formula with free variables.
Currently, the instances are required to be explicit, that is, they are all
obtained by substituting concrete values (i.e., numbers) for free variables of
the pattern.
Lemmas are clustered in cluster_db in each predicate transformer.
* Integrate spacer_cluster into spacer_context
* Custom clang-format pragmas for spacer_context
spacer_context.(cpp|h) are large and have inconsistent formatting. Disable
clang-format for them until merge with main z3 branch and re-format.
* Computation of convex closure and matrix kernel
Various LA functions. The implementations are somewhat preliminary.
Convex closure is simplemented via syntactic convex closure procedure.
Kernel computation considers many common cases.
spacer_arith_kernel_sage implements kernel computation by call external
Sage binary. It is used only for debugging and experiments. There is no
link dependence on Sage. If desired, it can be removed.
* Add spacer_concretize
* Utility methods for spacer conjecture rule
* Add spacer_expand_bnd_generalizer
Generalizes arithmetic inequality literals of the form x <= c,
by changing constant c to other constants found in the problem.
* Add spacer_global_generalizer
Global generalizer checks every new lemma against a cluster
of previously learned lemmas, and, if possible, conjectures
a new pob, that, when blocked, generalizes multiple existing
lemmas.
* Remove fp.spacer.print_json option
The option is used to dump state of spacer into json for debugging.
It has been replaced by `fp.spacer.trace_file` that allows dumping an execution
of spacer. The json file can be reconstructed from the trace file elsewhere.
* Workaround for segfault in spacer_proof_utils
Issue #3 in hgvk94/z3
Segfault in some proof reduction. Avoid by bailing out on reduction.
* Revert bug for incomplete models
* Use local fresh variables in spacer_global_generalizer
* Cleanup of spacer_convex_closure
* Allow arbitrary expressions to name cols in convex_closure
* WIP: convex closure
* WIP: convex closure
* Fix bindings order in spacer_global_generalizer
The matcher creates substitution using std_order, which is
reverse of expected order (variable 0 is last). Adjust the code
appropriately for that.
* Increase verbosity level for smt_context stats
* Dead code in qe_mbp
* bug fixes in spacer_global_generalizer::subsumer
* Partially remove dependence of size of m_alphas
I want m_alphas to potentially be greater than currently used alpha variables.
This is helpful for reusing them across multiple calls to convex closure
* Subtle bug in kernel computation
Coefficient was being passed by reference and, therefore, was
being changed indirectly.
In the process, updated the code to be more generic to avoid rational
computation in the middle of matrix manipulation.
* another test for sparse_matrix_ops::kernel
* Implementation of matrix kernel using Fraction Free Elimination
Ensures that the kernel is int for int matrices. All divisions are exact.
* clang-format sparse_matrix_ops.h
* another implementation of ffe kernel in sparse_matrix_ops
* Re-do arith_kernel and convex_closure
* update spacer_global_generalization for new subsumer
* remove spacer.gg.use_sage parameter
* cleanup of spacer_global_generalizer
* Removed dependency on sage
* fix in spacer_convex_closure
* spacer_sem_matcher: consider an additional semantic matching
disabled until it is shown useful
* spacer_global_generalizer: improve do_conjecture
- if conjecture does not apply to pob, use lemma instead
- better normalization
- improve debug prints
* spacer_conjecture: formatting
* spacer_cluster: improve debug prints
* spacer_context: improve debug prints
* spacer_context: re-queue may pobs
enabled even if global re-queue is disabled
* spacer_cluster print formatting
* reset methods on pob
* cleanup of print and local variable names
* formatting
* reset generalization data once it has been used
* refactored extra pob creation during global guidance
* fix bug copying sparse matrix into spacer matrix
* bug fix in spacer_convex_closure
* formatting change in spacer_context
* spacer_cluster: get_min_lvl
chose level based on pob as well as lemmas
* spacer_context: add desired_level to pob
desired_level indicates at which level pob should be proved.
A pob will be pushed to desired_level if necessary
* spacer_context: renamed subsume stats
the name of success/failed was switched
* spacer_convex_closure: fix prototype of is_congruent_mod()
* spacer_convex_closure: hacks in infer_div_pred()
* spacer_util: do not expand literals with mod
By default, equality literal t=p is expanded into t<=p && t>=p
Disable the expansion in case t contains 'mod' operator since such
expansion is usually not helpful for divisibility
* spacer_util: rename m_util into m_arith
* spacer_util: cleanup normalize()
* spacer_util: formatting
* spacer_context: formatting cleanup on subsume and conjecture
* spacer_context: fix handling may pobs when abs_weakness is enabled
A pob might be undef, so weakness must be bumped up
* spacer_arith_kernel: enhance debug print
* spacer_global_generalizer: improve matching on conjecture
* spacer_global_generalizer: set desired level on conjecture pob
* spacer_global_generalizer: debug print
* spacer_global_generalizer: set min level on new pobs
the new level should not be higher than the pob that was generalized
* spacer_global_generalizer: do no re-create closed pobs
If a generalized pob exist and closed, do not re-create it.
* spacer_context: normalize twice
* spacer_context: forward propagate only same kind of pobs
* sketch of inductive generalizer
A better implementation of inductive generalizer that in addition to dropping
literals also attempts to weaken them.
Current implementation is a sketch to be extended based on examples/requirements.
* fix ordering in spacer_cluster_util
* fix resetting of substitution matcher in spacer_conjecture
Old code would forget to reset the substitution provided to the sem_matcher.
Thus, if the substitution was matched once (i.e., one literal of interest is
found), no other literal would be matched.
* add spacer_util is_normalized() method
used for debugging only
* simplify normalization of pob expressions
pob expressions are normalized to increase syntactic matching.
Some of the normalization rules seem out of place, so removing them for now.
* fix in spacer_global_generalizer
If conjecture fails, do not try other generalization strategies -- they will not apply.
* fix in spacer_context
do not check that may pob is blocked by existing lemmas.
It is likely to be blocked. Our goal is to block it again and generalize
to a new lemma.
This can be further improved by moving directly to generalization when pob is
blocked by existing lemmas...
Co-authored-by: hgvk94 <hgvk94@gmail.com>
COI model converter has to use constraints from the body and work in disjunctive mode. It needs a pre-condition that the body does not depend on other rules, in the case that it is used in a different pre-processing step for in-lining. The in-lined occurrence of the predicate has to correspond to the model construction version.
It is not unlike other fuzz bugs: it exercises some behavior that applications are unlikely to expose. In this case, a rule body expanded into a conjunction with more than 1M formulas (with a lot of repetition). The original rule representation assumed silently that the number of constraints in a body would fit within 20 bits, but reality allowed bodies with as many as 2^{32} - 1 constraints.
So "minimizing" the bug as @agurfinkel asks for seems not to make too much sense.
Just running the samples in debug mode points to the root cause.
Since fuzz bugs are not from applications and fuzz tools have the potential for creating a large number of issues, I find it reasonable to push some basic pro-active asks on filers:
- reproduce bug in debug builds to assess whether a debug assert triggers.
- minimize or keep it simpler when possible (in this case it does not apply)
- perform basic diagnostics/triage. I am basically asking to push this part of the work on to the fuzzer. Otherwise, addressing random bugs doesn't scale. Triaging should have pointed to the root cause.
Now, there tends to be something to learn from bugs. In this case, the question was: "can we avoid constraints with duplications"? In particular, it points to a basic inefficiency of extracting conjunctions (and disjunctions). The function didn't deduplicate. So I added deduplication into this function. It is used throughout z3 code base so could expose latent issues. We will see.
The fix is to remove a hack that used a theory rewriter to simplify
the conversion. Now the conversion happens less often than possible.
Will need more thinking to fix properly.
The unsoundness at this point would cause SPACER to generate lemmas
that do not block a proof obligation and then get stuck in an infinite loop
blocking and generating the same lemma.
* When pretty-printing SMTLIB2, ensure that Z3 uses the correct syntax for 'push'
Signed-off-by: Andrew V. Jones <andrew.jones@vector.com>
* When pretty-printing SMTLIB2, ensure that Z3 uses the correct syntax for 'pop'
Signed-off-by: Andrew V. Jones <andrew.jones@vector.com>
* flag when quantified lemmas are added to smt_context
* When solver returns unknown but cannot create child, return unknown
* handle unknowns when qlemmas and weak_abs are turned on
Spacer has a different defintion of is_clause() than ast_util.
It is currently only used in assertions.
Main difference:
x=y
where x and y are Bool atoms is considered to be an atom, so that
(or (= x y) (not (= z y)))
is a literal
Co-authored-by: Arie Gurfinkel <arie.gurfinkel@uwaterloo.ca>
