3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2026-07-05 14:56:11 +00:00
z3/src
Nikolaj Bjorner 3d29d81607 Fix TPTP polymorphism crashes in final-check and model checking
Root-caused and fixed 261 debug-assertion crashes found by running Z3
across the TPTP benchmarks (-tptp -T:5 model_validate=true):

1. theory_polymorphism::final_check_eh returned FC_DONE after assigning
   the negation of its (already-true) theory assumption, which creates a
   conflict. Returning FC_DONE reported l_true while the context was
   inconsistent, tripping SASSERT(status != l_true || !inconsistent())
   in context::restart. Return FC_CONTINUE so conflict resolution turns
   it into l_false and the normal research loop runs.

2. model_evaluator::get_macro, polymorphic branch: def = subst(def)
   assigned an expr_ref temporary to a raw expr*&; the temporary freed
   the freshly substituted term, leaving def dangling (use-after-free
   during model evaluation). Pin the substituted def in m_pinned, as the
   as-array path already does.

3. smt_model_checker::add_instance: relax stale
   SASSERT(!m.is_model_value(sk_term)); get_inv may legitimately return a
   model value in polymorphic settings, already handled downstream by
   get_type_compatible_term.

Unit tests: 92 passed, 0 failed. All 261 assertion crashes resolved;
the 3 remaining files are controlled ERR_PARSER (exit 103) rejections.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-03 20:32:04 -07:00
..
ackermannization block ackermann over nested selects 2026-06-19 10:41:56 -07:00
api Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
ast Fix memory leaks in polymorphism instantiation engine 2026-07-03 16:34:57 -07:00
cmd_context TPTP: encode $tType quantification as polymorphism; guard dependent types 2026-07-03 16:34:56 -07:00
math Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
model Fix TPTP polymorphism crashes in final-check and model checking 2026-07-03 20:32:04 -07:00
muz Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
nlsat Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
opt Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
params Porting seq_split to master (#9840) 2026-06-30 10:18:28 -07:00
parsers Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
qe Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
sat Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
shell Fixes necessary to compile z3 included in clang-tidy via FetchContents. (#9768) 2026-06-08 19:44:01 -07:00
smt Fix TPTP polymorphism crashes in final-check and model checking 2026-07-03 20:32:04 -07:00
solver Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
tactic Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
test [snapshot-regression-fix] Keep symbolic re.range non-empty; fix soundness regression on range membership (#10017) 2026-07-02 14:00:51 -07:00
util Remove unnecessary semicolons (Attempt 2) (#10020) 2026-07-02 12:47:29 -07:00
CMakeLists.txt git bindings v1.0 2026-02-18 21:02:25 -08:00