Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solution soundness bug in FP logic #4880

Closed
muchang opened this issue Dec 9, 2020 · 9 comments · Fixed by #6077
Closed

Solution soundness bug in FP logic #4880

muchang opened this issue Dec 9, 2020 · 9 comments · Fixed by #6077
Assignees
@wintersteiger
Labels
Floats

Comments

@muchang
Copy link

muchang commented Dec 9, 2020

For this formula, z3 gives an incorrect sat, while the model validator cannot detect.

[503] % cvc4 -q small.smt2
unsat
[504] % z3release model_validate=true small.smt2
sat
[505] % cat small.smt2
(assert (forall ((a Float32)) (not (fp.isNegative (fp.min a (_ +zero 8 24))))))
(check-sat)
[506] %

Commit: 621e992
@NikolajBjorner
Copy link
Contributor

MBQI doesn't integrate with model updates in

z3/src/ast/fpa/bv2fpa_converter.cpp

Line 408 in 173257b

void bv2fpa_converter::convert_min_max_specials(model_core * mc, model_core * target_model, obj_hashtable<func_decl> & seen) {

There, a definition for fp.min is added to the model, it gets used to specialize the formula passed into MBQI.

z3 4880.smt2 /v:1 smt.relevancy=0 /tr:quantifier /tr:model_checker /tr:smt_model_checker /tr:model /tr:bv2fpa

@rainoftime
Copy link
Contributor

rainoftime commented Aug 2, 2021
edited
Loading

Another soundness issue with BVFP

(assert (forall ((Y (_ FloatingPoint 8 24))) (or (distinct (_ bv1 8) ((_ fp.to_sbv 8) roundNearestTiesToEven Y)) (fp.eq Y (fp (_ bv0 1) (_ bv0 8) (_ bv0 23))))))
(check-sat)

@wintersteiger
Copy link
Contributor

I'm not sure CVC is right here, surely min(a, 0) is allowed to be negative for some a. The min is also unspecified when both arguments are zero, that's what those specials are for.

@rainoftime: the formula you just added has nothing to do with fp.min, nor does it come with a bug description. What's wrong with that one?

@NikolajBjorner
Copy link
Contributor

Regarding the assertion:

(assert (forall ((a Float32)) (not (fp.isNegative (fp.min a (_ +zero 8 24))))))

It is unsat, right?
Z3 reports sat.

@zhendongsu
Copy link

zhendongsu commented Aug 2, 2021
edited
Loading

Yes, it should be unsat since if a = (_ -oo 8 24) for example, (not (fp.isNegative (fp.min a (_ +zero 8 24)))) evaluates to false.

[524] % z3 t.smt2 
unsat
[525] % cvc5 -q t.smt2 
unsat
[526] % cat t.smt2 
(assert (not (fp.isNegative (fp.min (_ -oo 8 24) (_ +zero 8 24)))))
(check-sat)
[527] %

@NikolajBjorner
Copy link
Contributor

yes, thanks a lot for the example.

@rainoftime
Copy link
Contributor

rainoftime commented Aug 2, 2021
edited
Loading

@wintersteiger

It is another formula that may trigger "Solution soundness bug in FP logic" (Perhaps it could be filed in another issue?)

NikolajBjorner added a commit that referenced this issue Sep 17, 2021
@NikolajBjorner
#4880 add interpreted versions of to_bv functions for MBQI quantifier…
d36c3fa 
… models
@NikolajBjorner
Copy link
Contributor

maybe to_ieee and to_real also need interpreted versions for MBQI to be sound.
But above cases are now handled (second diverges, but that is separate from being unsound).

@wintersteiger wintersteiger mentioned this issue Jun 4, 2022
Merged
@wintersteiger
Copy link
Contributor

I've added the remaining ones in #6077. Although, to be honest, I would much prefer to teach MBQI to handle partially unspecified functions, I just don't have the time right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wintersteiger wintersteiger

Labels
Floats
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add interpreted versions of fp.to_ieee_bv and fp.to_real wintersteiger/z3
5 participants
@rainoftime @NikolajBjorner @muchang @zhendongsu @wintersteiger