11 |
11 |
12 subsection {* Triggers for quantifier instantiation *} |
12 subsection {* Triggers for quantifier instantiation *} |
13 |
13 |
14 text {* |
14 text {* |
15 Some SMT solvers support patterns as a quantifier instantiation |
15 Some SMT solvers support patterns as a quantifier instantiation |
16 heuristics. Patterns may either be positive terms (tagged by "pat") |
16 heuristics. Patterns may either be positive terms (tagged by "pat") |
17 triggering quantifier instantiations -- when the solver finds a |
17 triggering quantifier instantiations -- when the solver finds a |
18 term matching a positive pattern, it instantiates the corresponding |
18 term matching a positive pattern, it instantiates the corresponding |
19 quantifier accordingly -- or negative terms (tagged by "nopat") |
19 quantifier accordingly -- or negative terms (tagged by "nopat") |
20 inhibiting quantifier instantiations. A list of patterns |
20 inhibiting quantifier instantiations. A list of patterns |
21 of the same kind is called a multipattern, and all patterns in a |
21 of the same kind is called a multipattern, and all patterns in a |
22 multipattern are considered conjunctively for quantifier instantiation. |
22 multipattern are considered conjunctively for quantifier instantiation. |
23 A list of multipatterns is called a trigger, and their multipatterns |
23 A list of multipatterns is called a trigger, and their multipatterns |
24 act disjunctively during quantifier instantiation. Each multipattern |
24 act disjunctively during quantifier instantiation. Each multipattern |
25 should mention at least all quantified variables of the preceding |
25 should mention at least all quantified variables of the preceding |
26 quantifier block. |
26 quantifier block. |
27 *} |
27 *} |
28 |
28 |
29 typedecl 'a symb_list |
29 typedecl 'a symb_list |
44 |
44 |
45 subsection {* Higher-order encoding *} |
45 subsection {* Higher-order encoding *} |
46 |
46 |
47 text {* |
47 text {* |
48 Application is made explicit for constants occurring with varying |
48 Application is made explicit for constants occurring with varying |
49 numbers of arguments. This is achieved by the introduction of the |
49 numbers of arguments. This is achieved by the introduction of the |
50 following constant. |
50 following constant. |
51 *} |
51 *} |
52 |
52 |
53 definition fun_app :: "'a \<Rightarrow> 'a" where "fun_app f = f" |
53 definition fun_app :: "'a \<Rightarrow> 'a" where "fun_app f = f" |
54 |
54 |
55 text {* |
55 text {* |
56 Some solvers support a theory of arrays which can be used to encode |
56 Some solvers support a theory of arrays which can be used to encode |
57 higher-order functions. The following set of lemmas specifies the |
57 higher-order functions. The following set of lemmas specifies the |
58 properties of such (extensional) arrays. |
58 properties of such (extensional) arrays. |
59 *} |
59 *} |
60 |
60 |
61 lemmas array_rules = ext fun_upd_apply fun_upd_same fun_upd_other fun_upd_upd fun_app_def |
61 lemmas array_rules = ext fun_upd_apply fun_upd_same fun_upd_other fun_upd_upd fun_app_def |
62 |
62 |
63 |
63 |
64 subsection {* Normalization *} |
64 subsection {* Normalization *} |
65 |
65 |
66 lemma case_bool_if[abs_def]: "case_bool x y P = (if P then x else y)" |
66 lemma case_bool_if[abs_def]: "case_bool x y P = (if P then x else y)" |
67 by simp |
67 by simp |
68 |
|
69 lemma nat_int': "\<forall>n. nat (int n) = n" by simp |
|
70 lemma int_nat_nneg: "\<forall>i. i \<ge> 0 \<longrightarrow> int (nat i) = i" by simp |
|
71 lemma int_nat_neg: "\<forall>i. i < 0 \<longrightarrow> int (nat i) = 0" by simp |
|
72 |
|
73 lemma nat_zero_as_int: "0 = nat 0" by simp |
|
74 lemma nat_one_as_int: "1 = nat 1" by simp |
|
75 lemma nat_numeral_as_int: "numeral = (\<lambda>i. nat (numeral i))" by simp |
|
76 lemma nat_less_as_int: "op < = (\<lambda>a b. int a < int b)" by simp |
|
77 lemma nat_leq_as_int: "op \<le> = (\<lambda>a b. int a <= int b)" by simp |
|
78 lemma Suc_as_int: "Suc = (\<lambda>a. nat (int a + 1))" by (rule ext) simp |
|
79 lemma nat_plus_as_int: "op + = (\<lambda>a b. nat (int a + int b))" by (rule ext)+ simp |
|
80 lemma nat_minus_as_int: "op - = (\<lambda>a b. nat (int a - int b))" by (rule ext)+ simp |
|
81 lemma nat_times_as_int: "op * = (\<lambda>a b. nat (int a * int b))" by (simp add: nat_mult_distrib) |
|
82 lemma nat_div_as_int: "op div = (\<lambda>a b. nat (int a div int b))" by (simp add: nat_div_distrib) |
|
83 lemma nat_mod_as_int: "op mod = (\<lambda>a b. nat (int a mod int b))" by (simp add: nat_mod_distrib) |
|
84 |
|
85 lemma int_Suc: "int (Suc n) = int n + 1" by simp |
|
86 lemma int_plus: "int (n + m) = int n + int m" by (rule of_nat_add) |
|
87 lemma int_minus: "int (n - m) = int (nat (int n - int m))" by auto |
|
88 |
68 |
89 lemmas Ex1_def_raw = Ex1_def[abs_def] |
69 lemmas Ex1_def_raw = Ex1_def[abs_def] |
90 lemmas Ball_def_raw = Ball_def[abs_def] |
70 lemmas Ball_def_raw = Ball_def[abs_def] |
91 lemmas Bex_def_raw = Bex_def[abs_def] |
71 lemmas Bex_def_raw = Bex_def[abs_def] |
92 lemmas abs_if_raw = abs_if[abs_def] |
72 lemmas abs_if_raw = abs_if[abs_def] |
152 The current configuration can be printed by the command |
132 The current configuration can be printed by the command |
153 @{text smt2_status}, which shows the values of most options. |
133 @{text smt2_status}, which shows the values of most options. |
154 *} |
134 *} |
155 |
135 |
156 |
136 |
157 |
|
158 subsection {* General configuration options *} |
137 subsection {* General configuration options *} |
159 |
138 |
160 text {* |
139 text {* |
161 The option @{text smt2_solver} can be used to change the target SMT |
140 The option @{text smt2_solver} can be used to change the target SMT |
162 solver. The possible values can be obtained from the @{text smt2_status} |
141 solver. The possible values can be obtained from the @{text smt2_status} |
163 command. |
142 command. |
164 |
143 |
165 Due to licensing restrictions, Z3 is not enabled by default. Z3 is free |
144 Due to licensing restrictions, Z3 is not enabled by default. Z3 is free |
166 for non-commercial applications and can be enabled by setting Isabelle |
145 for non-commercial applications and can be enabled by setting Isabelle |
167 system option @{text z3_non_commercial} to @{text yes}. |
146 system option @{text z3_non_commercial} to @{text yes}. |
168 *} |
147 *} |
169 |
148 |
170 declare [[smt2_solver = z3]] |
149 declare [[smt2_solver = z3]] |
171 |
150 |
172 text {* |
151 text {* |
173 Since SMT solvers are potentially non-terminating, there is a timeout |
152 Since SMT solvers are potentially nonterminating, there is a timeout |
174 (given in seconds) to restrict their runtime. A value greater than |
153 (given in seconds) to restrict their runtime. |
175 120 (seconds) is in most cases not advisable. |
|
176 *} |
154 *} |
177 |
155 |
178 declare [[smt2_timeout = 20]] |
156 declare [[smt2_timeout = 20]] |
179 |
157 |
180 text {* |
158 text {* |
181 SMT solvers apply randomized heuristics. In case a problem is not |
159 SMT solvers apply randomized heuristics. In case a problem is not |
182 solvable by an SMT solver, changing the following option might help. |
160 solvable by an SMT solver, changing the following option might help. |
183 *} |
161 *} |
184 |
162 |
185 declare [[smt2_random_seed = 1]] |
163 declare [[smt2_random_seed = 1]] |
186 |
164 |
187 text {* |
165 text {* |
188 In general, the binding to SMT solvers runs as an oracle, i.e, the SMT |
166 In general, the binding to SMT solvers runs as an oracle, i.e, the SMT |
189 solvers are fully trusted without additional checks. The following |
167 solvers are fully trusted without additional checks. The following |
190 option can cause the SMT solver to run in proof-producing mode, giving |
168 option can cause the SMT solver to run in proof-producing mode, giving |
191 a checkable certificate. This is currently only implemented for Z3. |
169 a checkable certificate. This is currently only implemented for Z3. |
192 *} |
170 *} |
193 |
171 |
194 declare [[smt2_oracle = false]] |
172 declare [[smt2_oracle = false]] |
195 |
173 |
196 text {* |
174 text {* |
197 Each SMT solver provides several commandline options to tweak its |
175 Each SMT solver provides several commandline options to tweak its |
198 behaviour. They can be passed to the solver by setting the following |
176 behaviour. They can be passed to the solver by setting the following |
199 options. |
177 options. |
200 *} |
178 *} |
201 |
179 |
202 declare [[cvc3_new_options = ""]] |
180 declare [[cvc3_new_options = ""]] |
203 declare [[cvc4_new_options = ""]] |
181 declare [[cvc4_new_options = ""]] |
205 |
183 |
206 text {* |
184 text {* |
207 The SMT method provides an inference mechanism to detect simple triggers |
185 The SMT method provides an inference mechanism to detect simple triggers |
208 in quantified formulas, which might increase the number of problems |
186 in quantified formulas, which might increase the number of problems |
209 solvable by SMT solvers (note: triggers guide quantifier instantiations |
187 solvable by SMT solvers (note: triggers guide quantifier instantiations |
210 in the SMT solver). To turn it on, set the following option. |
188 in the SMT solver). To turn it on, set the following option. |
211 *} |
189 *} |
212 |
190 |
213 declare [[smt2_infer_triggers = false]] |
191 declare [[smt2_infer_triggers = false]] |
214 |
192 |
215 text {* |
193 text {* |
216 Enable the following option to use built-in support for div/mod, datatypes, |
194 Enable the following option to use built-in support for div/mod, datatypes, |
217 and records in Z3. Currently, this is implemented only in oracle mode. |
195 and records in Z3. Currently, this is implemented only in oracle mode. |
218 *} |
196 *} |
219 |
197 |
220 declare [[z3_new_extensions = false]] |
198 declare [[z3_new_extensions = false]] |
221 |
199 |
222 |
200 |
225 text {* |
203 text {* |
226 By setting the option @{text smt2_certificates} to the name of a file, |
204 By setting the option @{text smt2_certificates} to the name of a file, |
227 all following applications of an SMT solver a cached in that file. |
205 all following applications of an SMT solver a cached in that file. |
228 Any further application of the same SMT solver (using the very same |
206 Any further application of the same SMT solver (using the very same |
229 configuration) re-uses the cached certificate instead of invoking the |
207 configuration) re-uses the cached certificate instead of invoking the |
230 solver. An empty string disables caching certificates. |
208 solver. An empty string disables caching certificates. |
231 |
209 |
232 The filename should be given as an explicit path. It is good |
210 The filename should be given as an explicit path. It is good |
233 practice to use the name of the current theory (with ending |
211 practice to use the name of the current theory (with ending |
234 @{text ".certs"} instead of @{text ".thy"}) as the certificates file. |
212 @{text ".certs"} instead of @{text ".thy"}) as the certificates file. |
235 Certificate files should be used at most once in a certain theory context, |
213 Certificate files should be used at most once in a certain theory context, |
236 to avoid race conditions with other concurrent accesses. |
214 to avoid race conditions with other concurrent accesses. |
237 *} |
215 *} |
239 declare [[smt2_certificates = ""]] |
217 declare [[smt2_certificates = ""]] |
240 |
218 |
241 text {* |
219 text {* |
242 The option @{text smt2_read_only_certificates} controls whether only |
220 The option @{text smt2_read_only_certificates} controls whether only |
243 stored certificates are should be used or invocation of an SMT solver |
221 stored certificates are should be used or invocation of an SMT solver |
244 is allowed. When set to @{text true}, no SMT solver will ever be |
222 is allowed. When set to @{text true}, no SMT solver will ever be |
245 invoked and only the existing certificates found in the configured |
223 invoked and only the existing certificates found in the configured |
246 cache are used; when set to @{text false} and there is no cached |
224 cache are used; when set to @{text false} and there is no cached |
247 certificate for some proposition, then the configured SMT solver is |
225 certificate for some proposition, then the configured SMT solver is |
248 invoked. |
226 invoked. |
249 *} |
227 *} |
250 |
228 |
251 declare [[smt2_read_only_certificates = false]] |
229 declare [[smt2_read_only_certificates = false]] |
252 |
230 |
253 |
231 |
254 |
|
255 subsection {* Tracing *} |
232 subsection {* Tracing *} |
256 |
233 |
257 text {* |
234 text {* |
258 The SMT method, when applied, traces important information. To |
235 The SMT method, when applied, traces important information. To |
259 make it entirely silent, set the following option to @{text false}. |
236 make it entirely silent, set the following option to @{text false}. |
260 *} |
237 *} |
261 |
238 |
262 declare [[smt2_verbose = true]] |
239 declare [[smt2_verbose = true]] |
263 |
240 |
271 |
248 |
272 |
249 |
273 subsection {* Schematic rules for Z3 proof reconstruction *} |
250 subsection {* Schematic rules for Z3 proof reconstruction *} |
274 |
251 |
275 text {* |
252 text {* |
276 Several prof rules of Z3 are not very well documented. There are two |
253 Several prof rules of Z3 are not very well documented. There are two |
277 lemma groups which can turn failing Z3 proof reconstruction attempts |
254 lemma groups which can turn failing Z3 proof reconstruction attempts |
278 into succeeding ones: the facts in @{text z3_rule} are tried prior to |
255 into succeeding ones: the facts in @{text z3_rule} are tried prior to |
279 any implemented reconstruction procedure for all uncertain Z3 proof |
256 any implemented reconstruction procedure for all uncertain Z3 proof |
280 rules; the facts in @{text z3_simp} are only fed to invocations of |
257 rules; the facts in @{text z3_simp} are only fed to invocations of |
281 the simplifier when reconstructing theory-specific proof steps. |
258 the simplifier when reconstructing theory-specific proof steps. |