3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2025-10-25 00:44:36 +00:00
z3/src
Nikolaj Bjorner a099972354 fix #5714
It is not unlike other fuzz bugs: it exercises some behavior that applications are unlikely to expose. In this case, a rule body expanded into a conjunction with more than 1M formulas (with a lot of repetition). The original rule representation assumed silently that the number of constraints in a body would fit within 20 bits, but reality allowed bodies with as many as 2^{32} - 1 constraints.
So "minimizing" the bug as @agurfinkel asks for seems not to make too much sense.

Just running the samples in debug mode  points to the root cause.

Since fuzz bugs are not from applications and fuzz tools have the potential for creating a large number of issues, I find it reasonable to push some basic pro-active asks on filers:

- reproduce bug in debug builds to assess whether a debug assert triggers.
- minimize or keep it simpler when possible (in this case it does not apply)
- perform basic diagnostics/triage. I am basically asking to push this part of the work on to the fuzzer. Otherwise, addressing random bugs doesn't scale. Triaging should have pointed to the root cause.

Now, there tends to be something to learn from bugs. In this case, the question was: "can we avoid constraints with duplications"? In particular, it points to a basic inefficiency of extracting conjunctions (and disjunctions). The function didn't deduplicate. So I added deduplication into this function. It is used throughout z3 code base so could expose latent issues. We will see.
2021-12-16 10:20:53 -08:00
..
ackermannization add tactic name 2021-12-07 13:37:57 -08:00
api remove EnumToNative as it drops reference counts, fixes #5713 2021-12-16 03:22:54 -08:00
ast fix #5714 2021-12-16 10:20:53 -08:00
cmd_context fix performance regression after adding user declared functions to model 2021-10-28 05:49:15 +02:00
math na 2021-12-08 09:04:13 -08:00
model Add and fix a few general compiler warnings. (#5628) 2021-10-29 15:42:32 +02:00
muz fix #5714 2021-12-16 10:20:53 -08:00
nlsat add tactic name 2021-12-07 13:37:57 -08:00
opt fix #5663 2021-11-12 11:36:42 -08:00
params Added 16 bit string-encoding (#5540) 2021-09-09 11:35:16 +02:00
parsers cleanups 2021-07-31 11:32:47 -07:00
qe add tactic name 2021-12-07 13:37:57 -08:00
sat add tactic name 2021-12-07 13:37:57 -08:00
shell CNF conversion refactoring (#5547) 2021-09-20 08:53:10 -07:00
smt fix #5715 2021-12-16 09:35:54 -08:00
solver add tactic name 2021-12-07 13:37:57 -08:00
tactic na 2021-12-07 14:25:07 -08:00
test include atomic 2021-12-13 11:40:45 -08:00
util support threading for TRACE mode 2021-10-25 13:35:32 +02:00
CMakeLists.txt rounding mode sort removed for incompatibility 2021-05-21 16:18:43 -07:00