This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unknown
for a very simple failing assertion
#158
Comments
Here's the full SMT2 file:
The fact that this produces For Verus debugger purposes, it's troubling that even the very simplest prefix of our prelude pushes us into @Chris-Hawblitzel , @odedp: Do you have any insight into what might be happening here? Is it worth inquiring with the Z3 folks? |
I get this SMT file:
which generates:
As far as I know, this is what's supposed to happen. Are you seeing something different? |
For the file Bryan posted, if I just cut out all the configurations and run z3 on:
Then I get SAT in < 1s. Same with cvc4 (even without flags).
I think this may depend more on our specific choice of solver options than on the actual capabilities of solvers today. We got used to a mode of work where we never get models, and now we just configure z3 in a way that may improve the UNSAT performance at the expense of the SAT performance. I think it's pretty crazy that for Chris's example Verus says unknown instead of "you have an error, here's a counterexample". I think for such examples counterexamples are useful. It may be that we want one solver configuration that is well-suited to the UNSAT case (like we have today) and another configuration (or another solver) that is well-suited to getting counterexamples and showing them to the user. I'd like to put this on the stack for the "multi-solver" or "solver-manager" project, which I would say should just run both configs in parallel. |
I'm still not sure I understand what the problem is. Z3 did generate a counterexample for the Verus code above. It says, for example: |
What's the meaning of getting a model after an |
I think |
But then what's the meaning of the model you get from |
(I'm trying to get a |
After some more experimentation I managed to get
What I did was basically manually cutting out all the prelude and then putting things back only based on errors I got. I guess another thing a "solver-manager" can do is prune smt queries based on dependencies. |
The model in the Just to reemphasize this: we expect Z3 to say |
In the tiny example file I posted (#158 (comment)), Z3 does fail to produce a model (unless you uncomment the line that produces I guess we can hope that in larger Verus examples, even when we get an |
@parno The file you posted uses Z3 in a slightly different way than Verus/AIR/Dafny/Boogie/F*, because it never uses
Z3 says:
but with a
output:
|
Whoa, that's very interesting (and surprising)! Thanks for pointing out the difference. |
There's some more information here: https://stackoverflow.com/questions/16422018/how-incremental-solving-works-in-z3 |
Also here: https://stackoverflow.com/questions/23736269/what-are-the-benefits-of-incremental-solving . "When push/pop commands are present, Z3 essentially switches to a completely different solver, because it detects that it needs support for incrementality. The incremental solver is usually (but not always) slower on non-incremental queries, but in turn can take advantage of incrementality." |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
After running Verus with the below example, Z3 gives
unknown
with(:reason-unknown "(incomplete quantifiers)")
. I am wondering if this behavior is expected.I expected to see
sat
for this example but I was a bit surprised to seeunknown
.@jaybosamiya and I looked into the prelude a bit and found the prelude itself ends in
unknown
. There are several axioms that giveunknown
itself. For example, the firstassert
in the prelude also givesunknown
.The text was updated successfully, but these errors were encountered: