Z3: Extracting existential model-values

前端 未结 1 1386
臣服心动
臣服心动 2020-12-21 03:52

I\'m playing around with Z3\'s QBVF solver, and wondering if it\'s possible to extract values from an existential assertion. To wit, let\'s say I have the following:

相关标签:
1条回答
  • 2020-12-21 04:21

    In Z3, get-value only allows the user to reference “global” declarations. The existential variable x is a local declaration. Thus, it can’t be accessed using get-value. By default, Z3 eliminates existential variables using a process called “skolemization”. The idea is to replace existential variables with fresh constants and function symbols. For example, the formula

    exists x. forall y. exists z. P(x, y, z)
    

    is converted into

    forall y. P(x!1, y, z!1(y))
    

    Note that z becomes a function because the choice of z may depend on y. Wikipedia has an entry on skolem normal form

    That being said, I never found a satisfactory solution for the problem you described. For example, a formula may have many different existential variables with the same name. So, it is not clear how to reference each instance in the get-value command in a non-ambiguous way.

    A possible workaround for this limitation is to apply the skolemization step “by hand”, or at least for the variables you want to know the value. For example,

    (assert (exists ((x (_ BitVec 16))) (forall ((y (_ BitVec 16))) (bvuge y x))))
    

    is written as:

    (declare-const x (_ BitVec 16))
    (assert (forall ((y (_ BitVec 16))) (bvuge y x)))
    (check-sat)
    (get-value x)
    

    If the existential variable is nested in a universal quantifier such as:

    (assert (forall ((y (_ BitVec 16))) (exists ((x (_ BitVec 16))) (bvuge y x))))
    (check-sat)
    (get-model)
    

    A fresh skolem function can be used to obtain the value of x for each y. The example above becomes:

    (declare-fun sx ((_ BitVec 16)) (_ BitVec 16))
    (assert (forall ((y (_ BitVec 16))) (bvuge y (sx y))))
    (check-sat)
    (get-model)
    

    In this example, sx is the fresh function. The model, produced by Z3, will assign an interpretation for sx. In version 3.0, the interpretation is the identity function. This function can be used to obtain the value of x for each y.

    0 讨论(0)
提交回复
热议问题