Z3 fixes and enhancements #658
Conversation
to guess it means timeout but I'm not 100% sure about this.
into `Z3Builder.cpp` so they can be called from in gdb.
There was a problem hiding this comment.
@delcypher thanks for your work!
Besides some small changes I would apply, looks good to me.
lib/Solver/Z3Builder.cpp
Outdated
| if (z3LogInteractionFileArg) | ||
| this->z3LogInteractionFile = std::string(z3LogInteractionFileArg); | ||
| if (z3LogInteractionFile.length() > 0) { | ||
| llvm::errs() << "Logging Z3 API interaction to \"" << z3LogInteractionFile |
There was a problem hiding this comment.
I would use klee_message for consistency with other messages.
There was a problem hiding this comment.
The Z3Solver is also used in the kleaver tool. Are you sure you want this change? Same applies for the other comments.
There was a problem hiding this comment.
Well, if I'm not wrong we already use klee_warning in both STPSolver.cpp and Z3Solver.cpp.
There was a problem hiding this comment.
So we do. I didn't put them there though...
I'll go ahead and make the changes then.
| #include <string> | ||
|
|
||
| namespace klee { | ||
| llvm::raw_fd_ostream *klee_open_file(std::string &path, std::string &error); |
There was a problem hiding this comment.
I belive that we can now use this new functionality in many other places.
There was a problem hiding this comment.
@delcypher this is just a comment btw
There was a problem hiding this comment.
Thanks for clarifying.
lib/Solver/Z3Solver.cpp
Outdated
| std::string error; | ||
| dumpedQueriesFile = klee_open_file(Z3QueryDumpFile, error); | ||
| if (!error.empty()) { | ||
| llvm::errs() << "Error creating file for dumping Z3 queries:" << error |
There was a problem hiding this comment.
I would use klee_error for consistency.
|
@delcypher I forgot to mention that 84464e9 and bcb498a should me squashed together in my opinion. |
Agreed. I'll do that once we've reached a decision on your other suggested changes. |
`klee_open_output_file()` function so that it can be used by the Z3Solver.
delcypher
force-pushed
the
z3_fixes_and_enhancements
branch
from
528fc39
to
8a56389
Compare
|
@andreamattavelli I've made your suggested changes. I also renamed |
|
@delcypher Great! I don't have any more comments. I give @ccadar the opportunity to comment before merging. |
|
This looks ok, but it would be useful to describe the new options in the documentation before merging. |
|
If they change, the documentation will change with them. I don't see this as a reason not to document them. Also, the unwritten convention is to name validation/debugging techniques using the prefix |
I don't want people to rely on something that is likely to change quite soon.
Not really but for selfish reasons
If you insist I can change them. |
|
Documentation written: klee/klee.github.io#85 It documents options as they are now and also a bunch of options for the other solver backends too. |
is useful for getting access to the constraints being stored in the Z3 solver in the SMT-LIBv2.5 format.
This can be enabled by passing the command line option `-debug-z3-validate-models`. Although Z3 has a global parameter `model_validate` (off by default) I don't trust it so do the validation manually. This also means we can potentially do validation on a per Z3Solver instance basis rather than globally. When failing to validate a Z3 model the solver state and model are dumped to standard error.
Add `-debug-z3-log-api-interaction` option to allow Z3 API calls to be logged to a file. The files logged by this option can be replayed by the `z3` binary (using its `-log` option). This is incredibly useful because it allows to exactly replay Z3's behaviour outside of KLEE.
solver. This is to avoid tampering with the cache of the builder the solver is using.
My discussions [1] with the Z3 team have revealed that `Z3_mk_simple_solver()` is the wrong solver to use. That solver basically runs the `simplify` tactic and then the `smt` tactic. This by-passes Z3's attempt to probe for different logics and apply its own specialized tactic. Using `Z3_mk_solver()` should be closer to the behaviour of the Z3 binary. This partially addresses klee#653. We still need to try rolling our own custom tactic. [1] Z3Prover/z3#1035
…:<N>` option. This lets us see what Z3 is doing execution (e.g. which tactic is being applied) which is very useful for debugging.
delcypher
force-pushed
the
z3_fixes_and_enhancements
branch
from
8a56389
to
540a3e5
Compare
|
@ccadar Options have been renamed. |
|
@delcypher @ccadar I think we are ready to merge as I don't see any reason to not do it. |
|
This LGTM too. I think @delcypher wanted to squash some commits, otherwise we're ready to merge. |
|
@ccadar I've already done all the squashing I wanted. Merging now. |
options for the Z3 solver from klee/klee#658
options for the Z3 solver from klee/klee#658
This upstreams a bunch of enhancements for working with Z3 from my fork.
@ccadar This includes the Z3 API logging I mentioned to you (see
-z3-log-interactionoption).It also starts to address #653. I won't continue doing that until this PR is merged.