SMT程序以稍微迂回的方式进一步向下编码(错误定义的)函数定义∀ s · wild(s) = 1 + wild(s)(应用Dafny" s"有限函数"递归函数编码)然后试图证明wild(emp) = 1 + wild(emp)。但是,Z3 4.6.0(以及最近的4.7.0每晚)意外地收益unknown而不是unsat。
(set-option :auto_config false) ;; true -> no change in behaviour
(set-option :smt.mbqi false) ;; true -> no change in behaviour
(declare-sort Snap) ;; In the full example, this is ...
(declare-const emp Snap) ;; ... declared using declare-datatypes
(declare-fun wild (Snap) Int)
(declare-fun wild%limited (Snap) Int)
(assert (forall ((s Snap)) (! ;; AX-1
(= (wild%limited s) (wild s))
:pattern ((wild s))
)))
(assert (forall ((s Snap)) (! ;; AX-2
(=
(wild s)
(+ 1 (wild%limited emp)))
:pattern ((wild s))
)))
(push) ;; Full examples uses incremental mode
(assert
(not
(=
(wild emp)
(+ 1 (wild emp)))))
(check-sat) ;; UNKNOWN --- but why?
(pop)
鉴于我对Z3和触发器的理解,我希望能够实现以下证明步骤:
¬(wild(emp) = 1 + wild(emp)) // Source assertion
≡ ¬(1 + wild%limited(emp) = 1 + wild(emp)) // By AX-2
≡ ¬(1 + wild%limited(emp) = 1 + wild%limited(emp)) // By AX-1
≡ ¬(true) // Done: UNSAT
但这似乎不会发生。我的猜测是公理没有被实例化 - 事实上,get-info :all-statistics报告没有量化的实例化。
有人可以对此有所了解吗?
答案 0 :(得分:1)
最后一个断言简化为" true",因此没有地面出现(wild emp)会触发量化实例化。