4

I'm trying out some of the examples of a Z3 tutorial that involve recursive functions. I've tried out the following example.

  1. Fibonacci (Section 8.3)
  2. IsNat (Section 8.3)
  3. Inductive (Section 10.5)

Z3 times out on all of the above examples. But, the tutorial seems to imply that only Inductive is non-terminating.

Can Z3 check the satisfiability of formulas that contain recursive functions or it cannot handle any inductive facts?

Leonardo de Moura
  • 21,065
  • 2
  • 47
  • 53
reprogrammer
  • 14,298
  • 16
  • 57
  • 93

1 Answers1

10

These examples from the Z3 tutorial are there to illustrate limitations of the technology behind Z3.

Z3 fails on these examples for two reasons:

  1. The models produced by Z3 assign an interpretation for each uninterpreted function symbol. The models can be viewed as functional programs. The current version does not produce recursive definitions. The first example is satisfiable, but Z3 fails to produce an interpretation for fib because it does not support recursive definitions. We have plans to extend Z3 in this direction.

  2. Z3 does not support proofs by induction. Examples 2 and 3 are unsatisfiable, but Z3 fails because it does not support proof by induction. We also have plans to add basic support for that.

Although these items are on my TODO list, I will not start working on them this year.

perror
  • 7,071
  • 16
  • 58
  • 85
Leonardo de Moura
  • 21,065
  • 2
  • 47
  • 53
  • Thank you very much for your quick response. Do you know of any SMT solver that supports recursive functions? – reprogrammer Aug 03 '11 at 17:40
  • Are SMT solvers inherently limited in supporting recursive functions because the underlying congruence closure algorithm instantiates the formula for too many values? – reprogrammer Aug 03 '11 at 17:41
  • Is the fixed-point extension of Z3 (http://research.microsoft.com/en-us/um/redmond/projects/z3/fixedpoints-index.html) meant to address the limitation of Z3 in handling recursive functions? – reprogrammer Aug 03 '11 at 17:43
  • 4
    I'm not aware of any SMT solver that can reason about recursive functions. You may try the ACL2 theorem prover. They have a huge collection of heuristics for performing proofs by induction automatically. Another reference is Philippe Suter, he has an extension on top of Z3 to reason about recursive programs: [link](http://lara.epfl.ch/~psuter/) – Leonardo de Moura Aug 03 '11 at 20:42
  • 1
    The congruence closure algorithm is not the limiting factor. Proofs by induction are hard because they very often need a "creative" step. That is, one may need to strength the property. So, a lot of heuristics are needed. – Leonardo de Moura Aug 03 '11 at 20:44
  • Proofs by induction is not the main target of the fixed-point extension of Z3. We decided to do it because we observed many users were performing static analysis of programs using Z3, and needed to compute fixed points. This new engine can compute fixed-points of finite domains, and approximated fixed-points using domains such as intervals and pentagons. For finite domains, the extensions are very similar to a Datalog engine. – Leonardo de Moura Aug 03 '11 at 20:47