似乎关于XOR的推理会导致Z3使用爆炸性内存(提交210bca8f456361f696152be909e33a4e8b58607f2)。例如,从AC等效于a+b+c的某些内容派生a+b+c+x+x+y+y+z+z:
(declare-fun known (Bool) Bool)
(declare-fun p (Bool Bool Bool) Bool)
; Lift xor
(assert (forall ((x Bool) (y Bool))
(=> (and (known x) (known y)) (known (xor x y)))))
; Can reason about xor well
(assert (exists ((a1 Bool) (b1 Bool) (c1 Bool) (ra Bool) (rb Bool) (rc Bool))
(and (p a1 b1 c1)
(known (xor a1 (xor ra rc)))
(known (xor b1 (xor rb ra)))
(known (xor c1 (xor rc rb))))))
; Assert that we can derive a+b+c.
; Note: The behavior (non-termination) is the same when this example is
; inverted (forall ... not ...)
(assert (exists ((a1 Bool) (b1 Bool) (c1 Bool))
(and (p a1 b1 c1)
(known (xor a1 (xor b1 c1))))))
(check-sat)
这是一个公认的限制吗?是否有替代配方我可以使用Z3来回答这样的查询?
连续性:我有previously misused HORN逻辑用于此任务。
答案 0 :(得分:4)
问题在于断言
(assert (forall ((x Bool) (y Bool))
(=> (and (known x) (known y)) (known (xor x y)))))
对于电子匹配引擎来说非常糟糕。这是用于处理Z3中量词的引擎之一。 有许多可能的解决方法。
1)使用量词消除。您只需将(check-sat)替换为(check-sat-using (then qe smt))
2)使用:weight属性注释量词。电子匹配引擎将提前停止生成新实例。这是一个例子:
(assert (forall ((x Bool) (y Bool))
(! (=> (and (known x) (known y)) (known (xor x y)))
:weight 10)))
3)禁用E-matching引擎。然后,Z3将仅使用MBQI(基于模型的量词实例化)引擎,这对于这种问题更有效。要禁用E匹配,我们应该使用
(set-option :smt.ematching false)
备注:在Z3版本< = 4.3.1中,此选项称为(set-option :ematching false)