# Z3 tutorial

This is an interactive document. You can follow along on the cloud, change, play, go deeper into the code.

To create your own copy:
 
 1. Go to https://notebooks.azure.com/nbjorner/projects/z3examples
 2. Create an Azure Notebooks account
 3. **Clone** `Z3Examples` project into your space
 4. Start `TutorialISPRAS2019.ipynb` notebook
 
If you get an error about `z3` package not being found, wait a little and try again. It takes some time for the underlying virtual machine to get provisioned with all the necessary pacakges.

## Outline

* Using Z3 from Python
* SAT in a nutshell 
* Example Sudoko - model enumeration
* Example Pebble Games - Bounded Model Checking
* SMT: EUF, Arrays, Arithmetic; Quantifiers
* Services: Unsat cores, Optimization, Consequences
* Control: Parameters, Tactics, Parallelization

In [1]:
# !pip install "z3-solver"
from z3 import *

# Z3 - a bird's eye view

![Z3Overall.png](attachment:Z3Overall.png)

In [2]:
Tie, Shirt = Bools('Tie Shirt')
s = Solver()
s.add(Or(Tie, Shirt), Implies(Tie, Shirt), Implies(Shirt, Not(Tie)))
print(s.check())
print(s.model())

sat
[Tie = False, Shirt = True]


## Example - Sudoko

![sudoko.png](attachment:sudoko.png)

In [3]:
# sudoku instance, we use '0' for empty cells
instance = ((0,0,0,0,9,4,0,3,0),
            (0,0,0,5,1,0,0,0,7),
            (0,8,9,0,0,0,0,4,0),
            (0,0,0,0,0,0,2,0,8),
            (0,6,0,2,0,1,0,5,0),
            (1,0,2,0,0,0,0,0,0),
            (0,7,0,0,0,0,5,2,0),
            (9,0,0,0,6,5,0,0,0),
            (0,4,0,9,7,0,0,0,0))

In [4]:
 # 9x9 matrix of integer variables
X = [ [ Int("x_%s_%s" % (i+1, j+1)) for j in range(9) ]
      for i in range(9) ]

# each cell contains a value in {1, ..., 9}
cells_c  = [ And(1 <= X[i][j], X[i][j] <= 9)
             for i in range(9) for j in range(9) ]

# each row contains a digit at most once
rows_c   = [ Distinct(X[i]) for i in range(9) ]

# each column contains a digit at most once
cols_c   = [ Distinct([ X[i][j] for i in range(9) ])
             for j in range(9) ]

# each 3x3 square contains a digit at most once
sq_c     = [ Distinct([ X[3*i0 + i][3*j0 + j]
                        for i in range(3) for j in range(3) ])
             for i0 in range(3) for j0 in range(3) ]

sudoku_c = cells_c + rows_c + cols_c + sq_c

Cells in the *instance* that have non-zero values are fixed. 

In [5]:
instance_c = [ X[i][j] == instance[i][j] for i in range(9) for j in range(9) if not (instance[i][j] == 0) ]

### Solvers
Add *sudoko_c* constraints and *instance_c* to a solver

* Create a Solver
* Add constraints to a solver
* Extract a model
* Evaluate values in a model

In [6]:
s = Solver()
s.add(sudoku_c + instance_c )
if s.check() == sat:
    m = s.model()
    r = [ [ m.evaluate(X[i][j]) for j in range(9) ]
          for i in range(9) ]
    print_matrix(r)
else:
    print("failed to solve")

[[7, 1, 5, 8, 9, 4, 6, 3, 2],
 [2, 3, 4, 5, 1, 6, 8, 9, 7],
 [6, 8, 9, 7, 2, 3, 1, 4, 5],
 [4, 9, 3, 6, 5, 7, 2, 1, 8],
 [8, 6, 7, 2, 3, 1, 9, 5, 4],
 [1, 5, 2, 4, 8, 9, 7, 6, 3],
 [3, 7, 6, 1, 4, 8, 5, 2, 9],
 [9, 2, 8, 3, 6, 5, 4, 7, 1],
 [5, 4, 1, 9, 7, 2, 3, 8, 6]]


### Multiple solutions

* Turning values from a model into constraints
* You can incrementally add constraints to a solver

In [7]:
# Let us remove 9 from the first row and see if there is more than one solution

instance = ((0,0,0,0,0,4,0,3,0),
            (0,0,0,5,1,0,0,0,7),
            (0,8,9,0,0,0,0,4,0),
            (0,0,0,0,0,0,2,0,8),
            (0,6,0,2,0,1,0,5,0),
            (1,0,2,0,0,0,0,0,0),
            (0,7,0,0,0,0,5,2,0),
            (9,0,0,0,6,5,0,0,0),
            (0,4,0,9,7,0,0,0,0))
    
instance_c = [ If(instance[i][j] == 0,
                  True,
                  X[i][j] == instance[i][j])
               for i in range(9) for j in range(9) ]    
    
def n_solutions(n):
    s = Solver()
    s.add(sudoku_c + instance_c)
    count = 0
    while s.check() == sat and count < n:
        m = s.model()
        print(count)
        for i in range(9):
            print([ m.evaluate(X[i][j]) for j in range(9)])
        print("\n")
        fml = And([X[i][j] == m.evaluate(X[i][j]) for i in range(9) for j in range(9)])
        s.add(Not(fml))
        count += 1
        
n_solutions(10)


0
[6, 1, 7, 8, 2, 4, 9, 3, 5]
[2, 3, 4, 5, 1, 9, 6, 8, 7]
[5, 8, 9, 6, 3, 7, 1, 4, 2]
[7, 9, 3, 4, 5, 6, 2, 1, 8]
[4, 6, 8, 2, 9, 1, 7, 5, 3]
[1, 5, 2, 7, 8, 3, 4, 9, 6]
[3, 7, 6, 1, 4, 8, 5, 2, 9]
[9, 2, 1, 3, 6, 5, 8, 7, 4]
[8, 4, 5, 9, 7, 2, 3, 6, 1]


1
[5, 1, 7, 6, 8, 4, 9, 3, 2]
[2, 3, 4, 5, 1, 9, 6, 8, 7]
[6, 8, 9, 3, 2, 7, 1, 4, 5]
[4, 9, 3, 7, 5, 6, 2, 1, 8]
[7, 6, 8, 2, 9, 1, 3, 5, 4]
[1, 5, 2, 4, 3, 8, 7, 9, 6]
[8, 7, 6, 1, 4, 3, 5, 2, 9]
[9, 2, 1, 8, 6, 5, 4, 7, 3]
[3, 4, 5, 9, 7, 2, 8, 6, 1]


2
[5, 1, 6, 7, 8, 4, 9, 3, 2]
[2, 3, 4, 5, 1, 9, 6, 8, 7]
[7, 8, 9, 6, 2, 3, 1, 4, 5]
[4, 9, 7, 3, 5, 6, 2, 1, 8]
[8, 6, 3, 2, 9, 1, 7, 5, 4]
[1, 5, 2, 8, 4, 7, 3, 9, 6]
[6, 7, 1, 4, 3, 8, 5, 2, 9]
[9, 2, 8, 1, 6, 5, 4, 7, 3]
[3, 4, 5, 9, 7, 2, 8, 6, 1]


3
[5, 1, 6, 7, 8, 4, 9, 3, 2]
[2, 3, 4, 5, 1, 9, 6, 8, 7]
[7, 8, 9, 3, 2, 6, 1, 4, 5]
[4, 9, 7, 6, 5, 3, 2, 1, 8]
[8, 6, 3, 2, 9, 1, 7, 5, 4]
[1, 5, 2, 8, 4, 7, 3, 9, 6]
[6, 7, 1, 4, 3, 8, 5, 2, 9]
[9, 2, 8, 1, 6, 5, 4, 7, 3]
[3, 4,


![sudokomix.png](attachment:sudokomix.png)

https://github.com/PKHG/doc/blob/master/3x9%20Mix%20Sudoku%20Solved%20Tubantia%205%20juni.ipynb

https://yurichev.com/writings/SAT_SMT_by_example.pdf

![yurichev.png](attachment:yurichev.png)

## Encoding pebble games

![image.png](attachment:image.png)

* Cardinality constraints

* Encoding the pebble transition relation

* Bounded Model Checking

* Horn Clauses


In [8]:
x, y, z, u, a, b, c, d, e, f = Bools('x y z u a b c d e f')
x0, y0, z0, u0, a0, b0, c0, d0, e0, f0 = Bools('x0 y0 z0 u0 a0 b0 c0 d0 e0 f0')
x1, y1, z1, u1, a1, b1, c1, d1, e1, f1 = Bools('x1 y1 z1 u1 a1 b1 c1 d1 e1 f1')


In [9]:


init = And([x0, y0, z0, u0, Not(a0), Not(b0), Not(c0), Not(d0), Not(e0), Not(f0)])

final = And([x0, y0, z0, u0, Not(a0), Not(b0), Not(c0), Not(d0), e0, f0])



* If the pebbling state changes on a node, then both children must be pebbled.

In [10]:
edges = [(x0,f0),(y0,a0),(z0,a0),(z0,c0),(z0,d0),(z0,b0),(u0,b0),(a0,f0),(a0,c0),(b0,d0),(d0,e0),(c0,e0)]

next = { x0 : x1, y0 : y1, z0 : z1, u0 : u1, a0 : a1, b0 : b1, c0 : c1, d0 : d1, e0 : e1, f0 : f1 }

add_pebble = [Implies(Xor(parent, next[parent]), And(child, next[child])) for (child, parent) in edges]

In [11]:
def transition(bound):
    max_pebbles = AtMost(x0,y0,z0,u0,a0,b0,c0,d0,e0,f0, bound)
    return And(add_pebble + [max_pebbles])

In [12]:
def bmc(init, trans, goal, fvs0, x0s):
    xs = [fresh(0, x) for x in x0s]
    xns = [fresh(1, x) for x in x0s]
    fvs = fvs0
    s = Solver()
    s.add(init)
    p0 = Bool('p')
    count = 1
    while True:
        print("iteration ", count)
        count += 1
        p = fresh(count, p0)
        s.add(Implies(p, goal))
        if sat == s.check(p):
            return s.model()
        s.add(trans)
        ys = [fresh(count, x) for x in x0s]
        nfvs = [fresh(count, x) for x in fvs0]
        trans = substitute(trans, 
                           zipp(xns + xs + fvs, ys + xns + nfvs))
        goal = substitute(goal, zipp(xs, xns))
        xs, xns, fvs = xns, ys, nfvs
        
def fresh(round, x):
    s = x.sort()
    return Const("%s%d" % (x,round), s)

def zipp(xs, ys):
    return [p for p in zip(xs, ys)]

In [13]:
model = bmc(init, transition(5), final, [], [x, y, z, u, a, b, c, d, e, f])

iteration  1
iteration  2
iteration  3
iteration  4
iteration  5
iteration  6
iteration  7
iteration  8
iteration  9
iteration  10
iteration  11
iteration  12


In [14]:
def display_model(m, vs):
    count = 0
    while True:
        xs = [fresh(count, x) for x in vs]
        if True in [x.decl() in m for x in xs]: 
            print([m[x] for x in xs])
            count += 1
        else:
            break
            
display_model(model, [x, y, z, u, a, b, c, d, e, f])

        

[True, True, True, True, False, False, False, False, False, False]
[False, True, True, True, True, True, False, False, False, False]
[False, True, True, False, True, True, True, False, False, False]
[False, True, True, False, False, True, True, True, False, False]
[False, False, True, False, False, True, True, True, True, False]
[False, False, True, True, False, True, True, False, True, False]
[False, True, True, True, False, False, True, False, True, False]
[False, True, True, False, True, False, True, False, True, False]
[True, True, True, False, True, False, False, False, True, False]
[True, False, True, False, True, False, False, False, True, True]
[False, True, True, False, True, False, False, False, True, True]
[True, True, True, True, False, False, False, False, True, True]


* Graphical representation for a larger example

![image.png](attachment:image.png)

## As Horn Clauses

In [15]:
def horn_solver(init, transition, final, fvs0, xs):
    fp = SolverFor("HORN")
    Inv = Function('I', [x.sort() for x in xs] + [BoolSort()])
    xs0 = [fresh(0, x) for x in xs]
    xs1 = [fresh(1, x) for x in xs]
    fp.add(ForAll(xs0, Implies(init, Inv(xs0))))
    fp.add(ForAll(xs0+xs1+fvs0, Implies(And(Inv(xs0), transition), Inv(xs1))))
    fp.add(ForAll(xs0, Implies(Inv(xs0), Not(final))))
    #print(fp.sexpr())
    print(fp.check())
    print(fp.model())
    
horn_solver(init, transition(4), final,  [], [x, y, z, u, a, b, c, d, e, f])

sat
[I = [else -> Or(Var(7), Var(4), Not(Var(9)), Not(Var(8)))]]


## Fixedpoint solver

In [16]:
def horn_fp(init, transition, final, fvs0, xs, engine='spacer'):
    fp = Fixedpoint()
    Inv = Function('I', [x.sort() for x in xs] + [ BoolSort() ])    
    Q   = Function('Q', [x.sort() for x in xs] + [ BoolSort() ])
    fp.register_relation(Inv, Q)
    xs0 = [fresh(0, x) for x in xs]
    xs1 = [fresh(1, x) for x in xs]   
    fp.set(engine=engine)
    fp.declare_var(xs0 + xs1 + fvs0)
    fp.add_rule(Inv(xs0), init)
    fp.add_rule(Inv(xs1), And(Inv(xs0), transition)) 
    fp.add_rule(Q(xs0),   And(Inv(xs0), final))
    #print(fp)
    print(fp.query(Q))
    print(fp.get_answer())
    
horn_fp(init, transition(4), final, [], [x, y, z, u, a, b, c, d, e, f])

unsat
ForAll([A, B, C, D, E, F, G, H, K, L],
       I(A, B, C, D, E, F, G, H, K, L) ==
       Or(G, Not(L), Not(K), E))


In [17]:
horn_fp(init, transition(5), final, [], [x, y, z, u, a, b, c, d, e, f], 'bmc')

sat
hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(hyper-res(asserted(Implies(I(True,
                                        True,
                                        True,
                                        True,
                                        False,
                                        False,
                                        False,
                                        False,
                                        True,
                                        True),
                                        query!32(True,
                                        True,
                                        False,
                                        False,
                                        False,
                                        False,
                                        True,
                                        True,
                                        True,
     

## SMT in a nutshell

* Integer sort declaration
* Function declaration
* Integer constant declaration
* *prove* command

In [18]:
Z = IntSort()
f = Function('f', Z, Z)
x, y = Ints('x y')
A = Array('A',Z,Z)
fml = Implies(x + 2 == y, f(Store(A, x, 3)[y - 2]) == f(y - x + 1))
prove(fml)

proved


What is *prove* ?

* A formula *fml* is valid if and only if *Not(fml)* is unsatisfiable

## SMT Theories

* Uninterpreted functions
* Arithmetic
* Arrays
* Bit-vectors
* IEEE floating point numbers
* Algebraic Datatypes
* Sequences/Strings
* Partial Orders
* Transitive Relations


* Quantification


## Theory of uninterpreted functions

* Union-find
* Congruence closure

In [19]:
  S = DeclareSort('S')
  f = Function('f', S, S)
  x = Const('x', S)
  solve(f(f(x)) == x, f(f(f(x))) == x)

[x = S!val!0, f = [else -> S!val!0]]


Conventions:

* S is a free sort.
* f is a free unary function from S to S.
* x is a free constant of sort S.

The conjunction _f(f(x)) = x, f(f(f(x)) = x_ is satisfiable.

Union of equal terms:

* { _x, f(f(x)),  f(f(f(x))_}

Union find maintains equivalence classes


Then by congruence closure:

* _f(f(x)) = x_ implies _f(f(f(x)) = f(x)_

New congruence class

* { _x, f(x), f(f(x)), f(f(f(x))_ }


Congruence closure algorithm recovers equal children under _f(f(f(x))_ and _f(x)_

Implied congruences

* { _x, f(x), f(f(x)), f(f(f(x)), f(f(f(f(x))), f(f(f(f(f(x))))), ..._ }

In [20]:
  solve(f(f(x)) == x, f(f(f(x))) == x, f(x) != x)

no solution


## Arithmetic

In [21]:
x, y = Reals('x y')
solve([x >= 0, Or(x + y <= 2, x + 2*y >= 6), Or(x + y >= 2, x + 2*y > 4)])

[y = 3, x = 0]


Z3 introduces auxiliary variables $s_1, s_2$ and represents the formula as

$
  s_1 \equiv x + y, s_2 \equiv x + 2y,
  x \geq 0, (s_1 \leq 2 \vee s_2 \geq 6), (s_1 \geq 2 \vee s_2 > 4)
$ 

Only bounds (e.g., $s_1 \leq 2$) are asserted during search.

In [22]:
x, y, s1, s2 = Reals('x y s1 s2')
solve([s1 == x + y, s2 == x + 2*y, x >= 0, Or(s1 <= 2, s2 >= 6), Or(s1 >= 2, s2 > 4)])

[s2 = 6, y = 3, x = 0, s1 = 3]


Normal form:
$
{s_1} - x - y = 0, \   
{s_2} - x - 2y = 0
$  

where ${s_1, s_2}$ are basic (dependent) and $x, y$ are non-basic.

* Initial values: 
$x = y = s_1 = s_2 = 0$

* Bounds $x \geq 0, s_1 \leq 2, s_1 \geq 2$. 

* Then value of $s_1$ violates bound. Make $y$ basic:
$
{y} + x - s_1 = 0, \ {s_2} + x - 2s_1 = 0
$


* The new tableau updates the assignment of variables to
$x = 0, s_1 = 2, s_2 = 4, y = 2$. The resulting assignment
is a model for the original formula.

## Bit-vectors

In [23]:
def is_power_of_two(x):
    return And(x != 0, 0 == (x & (x - 1)))
x = BitVec('x', 4)
prove(is_power_of_two(x) == Or([x == 2**i for i in range(4)]))

proved


The absolute value of a variable can be obtained using addition and xor with a sign bit.

In [24]:
v = BitVec('v',32)
mask = v >> 31
prove(If(v >= 0, v, -v) >= 0)

counterexample
[v = 2147483648]


## Algebraic Datatypes

In [25]:
Tree = Datatype('Tree')
Tree.declare('Empty')
Tree.declare('Node', ('left', Tree), ('data', Z), ('right', Tree))
Tree = Tree.create()
t = Const('t', Tree)
solve(t != Tree.Empty)

[t = Node(Empty, 0, Empty)]


In [26]:
prove(t != Tree.Node(t, 0, t))

proved


## IEEE Floating Point numerals

In [27]:
x = FP('x', FPSort(3, 4))
y = FP('y', FPSort(3, 4))
solve(10 * x == y, y == 3)

[y = 1.5*(2**1), x = 1.25*(2**-2)]


## Strings

In [28]:
s, t, u = Strings('s t u')
prove(Implies(And(PrefixOf(s, t), SuffixOf(u, t), 
                  Length(t) == Length(s) + Length(u)), 
             t == Concat(s, u)))


# One can concatenate single elements to a sequence as units:

s, t = Consts('s t', SeqSort(IntSort()))
solve(Length(s) >= 3, Concat(s, Unit(IntVal(2))) == Concat(Unit(IntVal(1)), t))
prove(Concat(s, Unit(IntVal(2))) != Concat(Unit(IntVal(1)), s))

proved
[s = Concat(Unit(1), Concat(Unit(8), Unit(10))),
 t = Concat(Unit(8), Concat(Unit(10), Unit(2)))]
proved


## Arrays

In [29]:
A = ArraySort(IntSort(), IntSort())
a, b, c = Consts('a b c', A)
solve(a == Store(b, 1, 2), c == Store(b, 2, 3), b == Store(a, 1, 3))

[a = Store(K(Int, 0), 1, 2),
 c = Store(Store(K(Int, 0), 1, 3), 2, 3),
 b = Store(K(Int, 0), 1, 3)]


In [30]:
#  A = Array(Index, Elem) # array sort 
#  
#  a[i]             # index array 'a' at index 'i'
#                   # Select(a, i)
#  
#  Store(a, i, v)   # update array 'a' with value 'v' at index 'i'
#                   # = lambda j: If(i == j, v, a[j])
#    
#  Const(v, A)      # constant array
#                   # = lambda j: v
#  
#  Map(f, a)        # map function 'f' on values of 'a'
#                   # = lambda j: f(a[j])
#
#  Ext(a, b)        # Extensionality
#                   # Implies(a[Ext(a, b)] == b[Ext(a, b)], a == b)

## Quantifiers 102 - a sorted heap

* function _ref_ represents a pointer at an address. 

* function _deref_ dereferences pointers.

Properties:

* Values within a fixed range are sorted

* Pointer _p0_ that is not part of range

* Introduce heap _newH_ that is updated at position _p1_

* New heap _hewH_ is _not_ sorted

* Is it possible that _p0 = p1_ ?



In [31]:
Ptr = DeclareSort('Ptr')
ref = Function('ref', Z, Ptr)
deref = Function('deref', Ptr, Z)
n, x, x1, x2 = Ints('n x x1 x2')

# The following formula states that the values referenced by the
# pointers stored in ref at positions [0, n] are sorted.

s = Solver()
s.add(ForAll([x1,x2], Implies(And(0 <= x1, x1 <= x2, x2 <= n), deref(ref(x1)) <= deref(ref(x2)))))

p0 = Const('p0', Ptr)

# ref does not contain the pointer p0 in the interval [0, n].
s.add(ForAll(x, Implies(And(0 <= x, x <= n), ref(x) != p0)))

In [32]:
# newH is the new heap with position p1 containing value a.
# newH = deref[p1 <- a]
newH = Function('newH', Ptr, Z)
p, p1 = Consts('p p1', Ptr)
a = Const('a', Z)
s.add(newH(p1) == a)
s.add(ForAll(p, Or(p == p1, newH(p) == deref(p))))

# The new heap is not sorted
s.add(Not(ForAll([x1,x2], Implies(And(0 <= x1, x1 <= x2, x2 <= n), newH(ref(x1)) <= newH(ref(x2))))))

print(s.check())
print(s.model())

sat
[p1 = Ptr!val!2,
 n = 1,
 p0 = Ptr!val!1,
 a = 1,
 newH = [Ptr!val!2 -> 1,
         Ptr!val!0 -> 0,
         else -> deref(Var(0))],
 deref = [else -> 0],
 ref = [else -> If(1 <= Var(0), Ptr!val!0, Ptr!val!2)]]


In [33]:
s.add(p0 == p1)
print(s.check())

unsat


# Logical Services
* Unsat Cores
* Optimization
* Cube and Conquer
* Consequences

## Unsat Cores

In [34]:
s = Solver()
s.add(Not(q))
s.add(Implies(p, q))
s.add(Implies(v, r))
print(s.check([p,v]))
print(s.unsat_core())

NameError: name 'q' is not defined

In [35]:
p, q, r, v = Bools('p q r v')
s = Solver()
s.add(Not(q))
s.assert_and_track(q, p)
s.assert_and_track(r, v)
print(s.check())
print(s.unsat_core())

unsat
[p]


### Tracking literals

* Literals $p, v$ are asserted at level 1 before case split decisions.
* If the solver encounters a conflict at level 1, collect set of literals used in the conflict.

* Unsat core is not necessarily minimal.
   * s.set("sat.core.minimize","true")  - For Bit-vector theories
   * s.set("smt.core.minimize","true")  - For general SMT 
   
* Tracking literals prevent simplification, add overhead.
   * For SAT solver can use DRAT-trim to extract core


## Optimization

In [39]:
def tt(s, f):
    return is_true(s.model().eval(f))

def add_def(s, fml):
    name = Bool("%s" % fml)
    s.add(name == fml)
    return name

def relax_core(s, core, Fs):
    prefix = BoolVal(True)
    Fs -= { f for f in core }
    for i in range(len(core)-1):
        prefix = add_def(s, And(core[i], prefix))
        Fs |= { add_def(s, Or(prefix, core[i+1])) }

def maxsat(s, Fs):
    cost = 0
    Fs0 = Fs.copy()
    while unsat == s.check(Fs):
        cost += 1
        relax_core(s, s.unsat_core(), Fs)    
    return cost, { f for f in Fs0 if tt(s, f) }


In [40]:
s = Solver()
a, b, c, d = Bools('a b c d')
s.add(Or(a,b), Or(Not(a), Not(b)), Or(Not(c), Not(d), Not(a)))
cost, soln = maxsat(s, set([a,b,c,d]))
print(cost,soln)

1 {b, d, c}


Lemma: 
* The maxsat solution to Fs after relax_core is 1 + maxsat solution to original problem

Sketch: 
* Suppose $M$ evaluates $core := f_1, f_2, f_3, f_4, \ldots$, as $\top, \bot, \bot, \top, \top$.
* New Fs is of the form $f_1 \vee f_2, f_3 \vee (f_2 \wedge f_1), f_4 \vee (f_3 \wedge (f_2 \wedge f_1)), \ldots$
* Then $M$ evaluates $Fs$ as $\top, \bot, \top, \top, \ldots$
* First $i$, such that $F(f_i) = \bot$ is removed.

In [41]:
# Built-in optimization support

s = Optimize()
a, b, c, d = Bools('a b c d')
s.add(Or(a,b), Or(Not(a), Not(b)), Or(Not(c), Not(d), Not(a)))
s.add_soft(a)
s.add_soft(b)
s.add_soft(c)
s.add_soft(d)
print(s.check())
print(s.model())

sat
[a = False, b = True, d = True, c = True]


## Consequences

In [42]:
a, b, c, d = Bools('a b c d')

s = Solver()
s.add(Implies(a, b), Implies(c, d))   # background formula
print(s.consequences([a, c],          # assumptions
                     [b, c, d]))      # target literals: what is implied?


(sat, [Implies(c, c), Implies(a, b), Implies(c, d)])


### Algorithm

* Retrieve a model $M$ of solver state s.
* Prefer case split on target literals to be opposite of model $M$.
* If case split is conflicting, learn it as a backbone
* If a new model $M'$ is found, then remove target literal $a$ where $M(a) \neq M'(a)$.

In [43]:
# Control
* Tactics
* Parallelization
* (Configuration)

SyntaxError: can't use starred expression here (<ipython-input-43-679ddbe30b03>, line 2)

In [45]:
s = Tactic('qsat').solver()
Nat = Datatype('Nat')
Nat.declare('Z')
Nat.declare('S', ('pred', Nat))
Nat = Nat.create()
Z = Nat.Z
S = Nat.S
def move(x, y):
    return Or(x == S(y), x == S(S(y)))
def win(x, n):
    if n == 0:
        return False
    y = FreshConst(Nat)
    return Exists(y, And(move(x, y), Not(win(y, n - 1))))

s.add(win(S(S(S(S(Z)))), 3))
print(s.check())

sat


### QSAT

* Procedure for quantified formulas

* Uses 
  * Model based projection for backjumping
  * Strategies for forward prunings
  

### Model based projection

* Want to compute small $\exists x \ . \ (2y \leq x \wedge y - z \leq x \wedge x \leq z)$.


* Note $\equiv (y - z \leq 2y \leq z) \vee (2y \leq y - z \leq z)$


* Say $M = [x \mapsto 3, y \mapsto 1, z \mapsto 6]$


* $Mbp(M, x, 2y \leq x \wedge y - z \leq x \wedge x \leq z)$


* $(2y > y - z)^M = \top$ since $2y^M = 2$, $(y-z)^M = -5$


* $Mbp(M, x, 2y \leq x \wedge y - z \leq x \wedge x \leq z) = y - z \leq 2y \leq z$


* $y - z \leq 2y \leq z \ \Rightarrow \ \exists x \ . \ (2y \leq x \wedge y - z \leq x \wedge x \leq z)$


In [44]:
x, y = Reals('x y')
g  = Goal()
g.add(2 < x, Exists(y, And(y > 0, x == y + 2)))
print(g)

t1 = Tactic('qe-light')
t2 = Tactic('simplify')
t  = Then(t1, t2)
print(t(g))

[x > 2, Exists(y, And(y > 0, x == y + 2))]
[[Not(x <= 2)]]


## SMT Architecture

![SMTArch.png](attachment:SMTArch.png)

## Decision Procedure Integration - Architecture

![SMTNuthsell.png](attachment:SMTNuthsell.png)

![TheorySolvers1.png](attachment:TheorySolvers1.png)

### Sharing Equalities

Recall:
* Each shared occurrences of $a, b$: 
   * Assert $a[\mbox{Ext}(a, b)] = b[\mbox{Ext}(a,b)] \ \implies \ a = b$.
   

What happens if we don't add this axiom?

* Hint $M(a) := \left[ M(i) \mapsto M(a[i])\; \mid\; a[i] \in \mathcal{T}; \ \mbox{else}\ \mapsto \diamond_{\mbox{default}} \right]$

### Disjoint Theories

* Two theories are disjoint if they do not share function/constant and predicate symbols.
$=$ is the only exception.

* Example:

  * The theories of arithmetic and arrays are disjoint.
 
  * Arithmetic symbols: $\{0, -1, 1, -2, 2, \ldots, +, -, \times, >, <,  =, \geq \}$.
  * Array symbols: $\{ Select, Store \}$

### Combining Disjoint Theories

* To check satisfiability of conjunction $\Gamma$, split into theory disjoint parts


* $\Gamma := \Gamma_1 \wedge \Gamma_2 \wedge x = y \wedge y \neq z \wedge x \neq z$


* Equalities and disequalities on common variables are _shared_ between $\Gamma_1, \Gamma_2$.

### Stably infinite Theories

* A theory is stably infinite if every satisfiable QFF is satisfiable in an infinite model.


* EUF and arithmetic are stably infinite.


* Bit-vectors are not

### Sharing Equalities - Combining Theories

In practice, we need a combination of theories.


* $b + 2 = c  \wedge  f(Select(Store(a,b,3), c-2)) \neq f(c-b+1)$

A theory is a set (potentially infinite) of first-order sentences.

Main questions:
  * Is the union of two theories $T_1 \cup T_2$ consistent?
  * Given a solvers for $T_1$ and $T_2$, 
    how can we build a solver for $T_1 \cup T_2$?


### Nelson-Oppen combination

Let $\mathcal{T}_1$ and $\mathcal{T}_2$ be consistent, stably infinite theories
over disjoint (countable) signatures. Assume satisfiability of conjunction of
literals can be decided in $O(\mathcal{T}_1(n))$ and
$O(\mathcal{T}_2(n))$ time respectively.
Then

1. The combined theory $\mathcal{T}$ is consistent and stably infinite.


2. Satisfiability of quantifier free conjunction of literals can be decided
in $O(2^{n^2} \times (\mathcal{T}_1(n) + \mathcal{T}_2(n)))$.


3. If $\mathcal{T}_1$ and $\mathcal{T}_2$ are consistent, then so is
$\mathcal{T}$ and satisfiability in $\mathcal{T}$ is
in $O(n^3 \times (\mathcal{T}_1(n) + \mathcal{T}_2(n)))$.


### Purification

$
   \color{red}{b + 2 = c},\ \color{blue}{f}(\color{green}{Select}(\color{green}{Store}\color{red}{(a,b,3), c-2})) \neq \color{blue}{f}(\color{red}{c-b+1})
$


becomes

$
\begin{array}{ll}
  \mathrm{Arithmetic:} & \color{red}{b + 2 + c, v_2 \equiv c - b + 1, v_4 \equiv c-2,  v_5 \equiv 2}\\[2em]
  \mathrm{EUF:}        & \color{blue}{f(v_1) \neq f(v_2)}\\[2em]
  \mathrm{Arrays:}     & \color{green}{v_1 \equiv Select(v_3, v_4), v_3 \equiv Store(a,b,v_5)}
\end{array}
$


### Combining Theories in Practice (Model based)


* Suppose $M_i \models \Gamma_i \cup \mathcal{T}_i$

* Guess equalities implied by $M_i$: 
    
    * If $M_i \models \mathcal{T}_i \cup \Gamma_i \cup \{ u = v \}$ then guess $u = v$

* Backtrack on guesses that disagree with other theories.



## Solving the Theory of Arrays

Example `Store(a, i, v)`    

* Each occurrence of `Store(a, i, v)` and `b[j]` in quantifier-free Solver assertions.
   * Assert `Store(a, i, v)[j] == If(i == j, v, a[j])`
   * Assert `Store(a, i, v)[i] == v`
   
   
* Each shared occurrences of $a, b$: 
   * Assert $a[\mbox{Ext}(a, b)] = b[\mbox{Ext}(a,b)] \ \implies \ a = b$.



* Suppose we are given a model $M$ satisfying all asserted equalities in Solver.
   * $M$ assigns values to $a[i]\in \mathcal{T}$ terms.
   * Extend: $M(a) := \left[ M(i) \mapsto M(a[i])\; \mid\; a[i] \in \mathcal{T}; \ \mbox{else}\ \mapsto \diamond_{\mbox{default}} \right]$
   * __Claim__: $M(a)$ satisfies `Store` axioms.

# Some active areas

* Theory Solvers
  * Floating points, sequences/strings, regular languages
  * Non-linear arithmetic
  * _Boolean theories_
  * Inprocessing, pre-processing
  
* Quantifiers 
  * Horn clauses, QBF techniques and SMT
  
* Cube and conquer ... and SMT
  * MIP branch and bound heuristics vs. lookahead heuristics
  
* Controlling search heuristics 
  * Learn priorities on clauses, branch variables