[smt-lemma] without [smtlib] must be disallowed

runtimeverification / k

K Framework Tools 7.0

BSD 3-Clause "New" or "Revised" License

449 stars 149 forks source link

[smt-lemma] without [smtlib] must be disallowed #1364

Closed denis-bogdanas closed 2 years ago

denis-bogdanas commented 4 years ago

To use [smt-lemma] on a rule, all functions used by the rule need some sort of smt translation, like [smt-lemma]. Thus cases like this must be rejected:

syntax Int ::= foo( Int )       [function]
rule foo(_) <Int 2 => true      [simplification, smt-lemma]

Currently compilation passes and in kprove [smt-lemma] is effectively ignored. This leads to hard to detect and time consuming bugs.

Full test: https://github.com/kframework/k/pull/1363 Version with [smtlib] that passes in Haskell: https://github.com/kframework/k/pull/1362

Full test, to put in regression-new/checks/smtLemmaNoSmtlib.k :

module SMTLEMMANOSMTLIB
    imports DOMAINS

    configuration <k> $PGM:Pgm </k>

    syntax Pgm ::= "ok"

    syntax Int ::= foo( Int )       [function]
    rule foo(I) => I %Int 2         [concrete]
    rule foo(_) <Int 2 => true      [simplification, smt-lemma]

endmodule

dwightguth commented 4 years ago

@ttuegel was there a reason you guys followed the Java backend behavior of dropping terms from the SMT that don't have smtlib attributes? is it possible this could be changed so that an smtlib symbol name is automatically generated from the kore symbol name? or would that break something in the backend? I'm hesitant to add a restriction here without first exploring whether or not there is a more user friendly solution.

daejunpark commented 4 years ago

I think one of the main reasons of the java backend having the existing behavior is the lack of comprehensive encoding of multi-sorted functions. But if the haskell backend does not suffer from the same limitation, I think it is a good idea to have an implicit smtlib attribute for all function symbols (in the haskell backend). But then, we may have the compatibility issue later.

denis-bogdanas commented 4 years ago

I guess you mean for all functions required by [smt-lemma]. Otherwise terms translated to z3 might get too big.

ttuegel commented 4 years ago

I think it would not be much trouble to try declaring all function symbols for the solver. We already declare all constructors. This would increase the size of terms sent to the solver, but the total time spent in the solver is pretty small so we have some room to work with.

ehildenb commented 3 years ago

One thing to keep in mind is that if we send all functions to the solver, the smtlib attribute doesn't mean much of anything anymore, except for controlling the symbol name that is sent to the solver (which is useful for smt-prelude options).

We should wait on this for when more of KEVM is migrated to the Haskell backend, because it provides an extensive test-suite for smtlib/smt-hook/smt-lemma.

We could also agree on the encoding technique used to send the symbols to the solver, so that the smt-prelude reason becomes moot.

radumereuta commented 2 years ago

Fixed by: https://github.com/runtimeverification/k/pull/2248