Z3求解器为什么相互排斥返回SAT？

Question

我不明白我哪里出错了。相互排除是由Z3求解器中的SAT返回的。我犯了错误吗？我在图片中的四个位置使用四个数组，我想检查没有两个进程同时进入临界区。

(declare-const p0 (Array Int Int))
(declare-const p1 (Array Int Int))
(declare-const p2 (Array Int Int))
(declare-const p3 (Array Int Int))
(declare-const p4 (Array Int Int))
(define-fun t0 ((i Int)) Bool
 (and
  (= (select p1 (+ i 1)) (- (select p1 i) 1))
  (>= (select p1 i) 1)
  (= (select p2 (+ i 1)) (- (select p2 i) 1))
  (>= (select p2 i) 1)
  (= (select p0 (+ i 1)) (+ (select p0 i) 1))
 )
)
(define-fun t1 ((i Int)) Bool
 (and
  (= (select p0 (+ i 1)) (- (select p0 i) 1))
  (>= (select p0 i) 1)
  (= (select p1 (+ i 1)) (+ (select p1 i) 1))
  (= (select p2 (+ i 1)) (+ (select p2 i) 1))
 )
)
(define-fun t2 ((i Int)) Bool
 (and
  (= (select p4 (+ i 1)) (- (select p4 i) 1))
  (>= (select p4 i) 1)
  (= (select p2 (+ i 1)) (- (select p2 i) 1))
  (>= (select p2 i) 1)
  (= (select p3 (+ i 1)) (+ (select p3 i) 1))
 )
)
(define-fun t3 ((i Int)) Bool
 (and
  (= (select p3 (+ i 1)) (- (select p3 i) 1))
  (>= (select p3 i) 1)
  (= (select p4 (+ i 1)) (+ (select p4 i) 1))
  (= (select p2 (+ i 1)) (+ (select p2 i) 1))
 )
)
(define-fun prop0 ((i Int)) Bool
 (and
  (> (select p0 i) 0)
  (> (select p3 i) 0)
 )
)
(define-fun prop1 ((i Int)) Bool
  (> (select p0 i) 0)
)
(assert (= (select p0 0) 0))
(assert (= (select p1 0) 1))
(assert (= (select p2 0) 1))
(assert (= (select p3 0) 0))
(assert (= (select p4 0) 1))

(assert (or (t0 0) (t1 0)))
;(assert (or (t0 1) (t1 1)))
;(assert (or (t0 2) (t1 2)))
;(assert (or (t0 3) (t1 3)))
;(assert (or (t0 4) (t1 4)))
;(assert (or (t0 5) (t1 5)))

;(assert (or (prop0 0) (prop0 1) (prop0 2)))
;(assert (and (or (t0 0) (t1 0)) (prop1 0)))
(assert (or (t0 1) (t1 1)))

;here i check p0 and p3 are never in critical section together
(assert (or (prop0 0) (prop0 1)))
(check-sat)

Answer 1

Z3工作得很好。问题是令牌减量没有正确地形式化。 t0和t1可以同时触发，根据规范，只有一个令牌将从p2减少。 你有：

t0＆lt; =＆gt;减少p2和......

t2＆lt; =＆gt;减少p2和......

但是，两个同时减少一个并不意味着减少两个。

此外，您应该注意更多的事情，例如在没有火灾的情况下不变的令牌数量等。