我有一个非常简单的问题,我在这里提到相关部分:
;; All variables are declared to be of type Real
(assert (and (<= 1.0 var1-r) (< var1-r 4.0)))
;;following defines var1-r
(assert (= var1-r (+ a b)))
;;following defines var1-e
(assert (=> (and (<= 1.0 var1-r) (< var1-r 2.0)) (= var1-e 8388608.0)))
(assert (=> (and (<= 2.0 var1-r) (< var1-r 4.0)) (= var1-e 4194304.0)))
;;following defines var1
(assert (= var1 (/ (foo (* var1-r var1-e)) var1-e)))
;;Similarly for var2-r, var2-e, var2
(assert (and (<= 1.0 var2-r) (< var2-r 4.0)))
(assert (= var2-r (+ b a)))
(assert (=> (and (<= 1.0 var2-r) (< var2-r 2.0)) (= var2-e 8388608.0)))
(assert (=> (and (<= 2.0 var2-r) (< var2-r 4.0)) (= var2-e 4194304.0)))
(assert (= var2 (/ (foo (* var2-r var2-e)) var2-e)))
这里,foo()是一个简单的解释函数,例如,foo (x) = (to_real (to_int x))
请注意,var1和var2相同。原因:var1-r和var2-r相等(Reals的交换),因此var2-e和var1-e相等,导致var1和var2成为等于。但是,我无法使用z3证明(not (= var1 var2))不可满足。事实上,如果将var2-r定义为(+ a b),情况也是如此。 [请注意,var1和var2相等实际上也与foo()]的定义无关。