Flux (ultimately z3) hangs on trivial constraint.

[vrindisbacher]

@ranjitjhala, here's the constraint from exception_entry that hangs in z3.

l.smt2.txt

[ranjitjhala]

@nilehmann the issue here is this: there is a flux constraint of the form

(forall ... 
  (=> ( = (foo x y z)  (bar x y z)) 
         ( = (foo x y z) (bar x y z)))

The trouble is foo and bar are complicated functions with various bitvectory things going on.

Now, flux expands out the definitions of foo and bar and then fixpoint does some further shenanigans, so then z3 has to do a lot of work to figure out that its just the above, and z3 seems to hang in the process, even though just treating foo and bar as uninterpreted should let it trivially prove the VC.

So, I think its worth exploring leaving all the unfolding just to z3?

i.e. pass the definitions of the functions into fixpoint, which will then pass it into z3, which can chose to unfold or not. Does that make sense?

[nilehmann]

How are functions definitions translated into z3? My understanding is that define-fun is treated as a macro and eagerly expanded but define-fun-rec is not.

[ranjitjhala]

TBH I don’t know the answer - and I wanted to first do a “hand translation” into z3 to see if it could handle the vc with explicit function definitions…

…

On Mon, Dec 16, 2024 at 6:45 PM Nico Lehmann ***@***.***> wrote: How are functions definitions translated into z3? My understanding is that define-fun is treated as a macro and eagerly expanded but define-fun-rec is not. — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2547385121__;Iw!!Mih3wA!B8npOeVi-vX7A8DtNibPv9RFluuodfXdFfEb2O6eqsKDleOdyuPO8ZcvBwCA-ntqObIZOGg5AxeNBnU9wIvKM_Jf$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4OBSQCF4KIZKKXZARFL2F6F27AVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBXGM4DKMJSGE__;!!Mih3wA!B8npOeVi-vX7A8DtNibPv9RFluuodfXdFfEb2O6eqsKDleOdyuPO8ZcvBwCA-ntqObIZOGg5AxeNBnU9wMUacEFJ$> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[ranjitjhala]

Actually, it occurs to me that one relatively simple thing that could be done either in (a) flux, (b) fixpoint or (c) the SMT solver, is our "refinement reflection" trick which is, given a formula P with "applications" inside it, you can
just add all the equalities for the applications, so if your VC is forall x.... p you strengthen it to forall x... eqs &&p where eqs are conjunctions of the form f1(x1..) = e1 && f2(x2..) = e2 && ...

This way you have your cake and eat it too.

If you can trivially prove the formula with just uninterpreted functions, then great.

If instead you need the definitions, then those are also available via the equalities.

What I don't know is whether Z3 and friends do something like this already (in which case we should just pass the folded-up function applications directly) or whether they aggressively inline).

At any rate, maybe the easiest option is to implement this equality-based method in flux to see if it works?

[nilehmann]

My understanding from z3's docs is that define-fun-rec works similar to that trick by incrementally doing more unfolding

https://microsoft.github.io/z3guide/docs/logic/Recursive%20Functions/

I know this is standard smtlib, but I don't know how other solvers handle it.

Ultimately, it's a matter of who is in better position to do the unfolding.

[ranjitjhala]

Very good — based on that doc I think it’s worth trying to kick it all the way to z3. - Ranjit.

…

On Tue, Dec 17, 2024 at 3:51 AM Nico Lehmann ***@***.***> wrote: My understanding from z3's docs is that define-fun-rec works similar to that trick by incrementally doing more unfolding https://microsoft.github.io/z3guide/docs/logic/Recursive%20Functions/ <https://urldefense.com/v3/__https://microsoft.github.io/z3guide/docs/logic/Recursive*20Functions/__;JQ!!Mih3wA!B1xjTbKpP1ALRBzNI-YsqsXCN3taoCTsaCwIGkNRjHoS8L_YsiM04ZbDbaxw8-IaHuaAQ6foyXiwknjAAEfyI64c$> I know this is standard smtlib, but I don't know how other solvers handle it. Ultimately, it's a matter of who is in better position to do the unfolding. — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2548252072__;Iw!!Mih3wA!B1xjTbKpP1ALRBzNI-YsqsXCN3taoCTsaCwIGkNRjHoS8L_YsiM04ZbDbaxw8-IaHuaAQ6foyXiwknjAAMx9Ow0k$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4ODFDEB2ZMQNLFWPV732GAF35AVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBYGI2TEMBXGI__;!!Mih3wA!B1xjTbKpP1ALRBzNI-YsqsXCN3taoCTsaCwIGkNRjHoS8L_YsiM04ZbDbaxw8-IaHuaAQ6foyXiwknjAAD9gLezY$> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[vrindisbacher]

@ranjitjhala @nilehmann I have two other annotations that cause z3 to hang. The constraints are not trivial unfortunately. Would it be helpful to add the smt2 files here? Or maybe the liquid fixpoint smt2 file?

[ranjitjhala]

Lets just keep them here to track them for now?

[vrindisbacher]

Ok i'll edit the issue with their description.

[ranjitjhala]

Btw bit of a Hail Mary but can you try running fixpoint with CVC as the backend to see if that does any better? - Ranjit.

…

On Tue, Dec 17, 2024 at 9:19 AM Vivien Rindisbacher < ***@***.***> wrote: Ok i'll edit the issue with their description. — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2549089712__;Iw!!Mih3wA!AZX8NMqbqEO0PpTIe_YQKq1mi1Ms9X5PiEpY8u2yD6LNgPVEqTtX90hfPyGCflZ201gto3ej2UQu1oxOUTmUUS3J$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4OHFPNIAXCW2AFNENR32GBMI5AVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBZGA4DSNZRGI__;!!Mih3wA!AZX8NMqbqEO0PpTIe_YQKq1mi1Ms9X5PiEpY8u2yD6LNgPVEqTtX90hfPyGCflZ201gto3ej2UQu1oxOUTwsYHaK$> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[vrindisbacher]

ahh interesting... I ran cvc5 on the smt2 file outputted by fixpoint for one of the hanging constraints and it solves everything no problem. I'm going to try this with my other hanging constraints. I did see this issue which seems to indicate z3 is not the best at solving bitvectory things.

[vrindisbacher]

Ya, CVC5 seems to be able to check all assertions that z3 hangs on very quickly.

[ranjitjhala]

Wow including the “trivial” one? - Ranjit.

…

On Tue, Dec 17, 2024 at 9:55 AM Vivien Rindisbacher < ***@***.***> wrote: Ya, CVC5 seems to be able to check all assertions that z3 hangs on very quickly. — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2549197082__;Iw!!Mih3wA!CQKQTE1RXQoExt0pT0rWSmKW36mvZeL9cN2m4x5XcpCSc1_XO3uiYSyD-tv-btO5Fy5_3_r0wbblBg9ZCF16lzbc$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4OEPBJ42QBB74DTYGE32GBQR5AVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBZGE4TOMBYGI__;!!Mih3wA!CQKQTE1RXQoExt0pT0rWSmKW36mvZeL9cN2m4x5XcpCSc1_XO3uiYSyD-tv-btO5Fy5_3_r0wbblBg9ZCBLp6crx$> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[vrindisbacher]

Ya - it smashes the whole smt2 file in less than a second...

[ranjitjhala]

Wow. Ok maybe we should post it as is to the z3 people :-) - Ranjit.

…

On Tue, Dec 17, 2024 at 10:08 AM Vivien Rindisbacher < ***@***.***> wrote: Ya - it smashes the whole smt2 file in less than a second... — Reply to this email directly, view it on GitHub <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2549224869__;Iw!!Mih3wA!EC8TiHJNVC75KImFAcp6SWqxk_ncRKFsTjpGiWkowmdMro0-byb5tVMUkEDa76G6gAHaRCOwy8ERE7gwSEd7tmEs$>, or unsubscribe <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4OA4MBY6X6YF3VZDGKD2GBSBVAVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBZGIZDIOBWHE__;!!Mih3wA!EC8TiHJNVC75KImFAcp6SWqxk_ncRKFsTjpGiWkowmdMro0-byb5tVMUkEDa76G6gAHaRCOwy8ERE7gwSEHH0Tqw$> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[ranjitjhala]

So the only one we’re really blocked on is the one where fixpoint hangs? (For the others maybe the fastest thing for now is to add a flag specifying extra fixpoint flags — eg SMT solver — to use when checking the function?) - Ranjit.

…

On Tue, Dec 17, 2024 at 10:12 AM Ranjit Jhala ***@***.***> wrote: Wow. Ok maybe we should post it as is to the z3 people :-) - Ranjit. On Tue, Dec 17, 2024 at 10:08 AM Vivien Rindisbacher < ***@***.***> wrote: > Ya - it smashes the whole smt2 file in less than a second... > > — > Reply to this email directly, view it on GitHub > <https://urldefense.com/v3/__https://github.com/flux-rs/flux/issues/949*issuecomment-2549224869__;Iw!!Mih3wA!EC8TiHJNVC75KImFAcp6SWqxk_ncRKFsTjpGiWkowmdMro0-byb5tVMUkEDa76G6gAHaRCOwy8ERE7gwSEd7tmEs$>, > or unsubscribe > <https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AAMS4OA4MBY6X6YF3VZDGKD2GBSBVAVCNFSM6AAAAABTXKKNZSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBZGIZDIOBWHE__;!!Mih3wA!EC8TiHJNVC75KImFAcp6SWqxk_ncRKFsTjpGiWkowmdMro0-byb5tVMUkEDa76G6gAHaRCOwy8ERE7gwSEHH0Tqw$> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

[nilehmann]

I'll work on adding a flag for cvc5

[vrindisbacher]

@ranjitjhala, I patched up liquid fixpoint so that I could run it like so fixpoint --solver=cvc5. I created a pr for that here.

[vrindisbacher]

I also manually patched flux to run fixpoint --solver=cvc5 on my machine. It checks the trivial constraint in 1 second :)

[ranjitjhala]

Have posted an issue here Z3Prover/z3#7484