Cleaner handling of step limit #936
Conversation
Stevendeo
force-pushed
the
steps-timeout
branch
from
38c2bd0
to
a84336e
Compare
Stevendeo
requested review from
bclement-ocp,
Halbaroth and
hra687261
and removed request for
bclement-ocp and
Halbaroth
src/bin/js/worker_js.ml
Outdated
| | Errors.Run_error r -> begin | ||
| match r with | ||
| | Steps_limit _ -> | ||
| returned_status := | ||
| Worker_interface.LimitReached "Steps limit" | ||
| | _ -> returned_status := Worker_interface.Error "Run error" | ||
| end |
There was a problem hiding this comment.
Suggestion:
| Errors.Run_error _ ->
returned_status := Worker_interface.Error "Run error"
Stevendeo
force-pushed
the
steps-timeout
branch
2 times, most recently
from
0cbc57f
to
ef1d4a4
Compare
Stevendeo
force-pushed
the
steps-timeout
branch
2 times, most recently
from
61064d8
to
8e45db1
Compare
There was a problem hiding this comment.
I don't think we can do this this way (see also #946 )
For satML in particular we would need to make sure that whenever the "step limit reached" exception is raised it cannot leave the solver in an invalid intermediate state, which we will very probably mess up. I have made comments on that fact wrt push but I now realize that it applies more generally — the sat solver was written with the fact that it could get interrupted by an exception at any time and then re-used. Trying to make it do so is probably a recipe for many bugs ranging from crashes to soundness holes.
Fixing this properly would be a huge amount of extremely error-prone work and frankly I don't think that it is worth it. I'd be in favor of simply putting the solver in a "imited" state once the steps limit (or time limit, for that matter) is exhausted, and make it reject all commands except for diagnostic ones (e.g. get-info). This would fix #934 without an equivalent implicit requirement (you really shouldn't keep using the solver once the steps limit has been exceeded because its output can be complete garbage at that point).
src/bin/common/solving_loop.ml
Outdated
| Steps.set_steps_bound i; | ||
| State.set steps_bound i st | ||
| with | ||
| Invalid_argument _ -> (* Raised by Steps.set_steps_bound*) |
There was a problem hiding this comment.
I this is raised by Steps.set_steps_bound the try .. with .. block should only include Steps.set_steps_bound here.
There was a problem hiding this comment.
If set_steps_bound fails, we do not want State.set to be called. It was written initially when I put "recoverable_error" instead of "fatal_error" in the next line.
There was a problem hiding this comment.
In that case, the best way to write the code in modern OCaml is to use match .. exception:
match Steps.set_steps_bound i with
| () -> State.set steps_bound i st
| exception Invalid_argument _ ->
fatal_error "..."This helps controlling the scope of exception handling (I make the remark here because for standard exceptions such as Not_found, Failure, or Invalid_argument it is very easy to include an unrelated function in the try .. with .. block that could also raise that same exception and cause puzzling bugs).
src/bin/js/worker_js.ml
Outdated
| match r with | ||
| | Steps_limit _ -> | ||
| returned_status := | ||
| Worker_interface.LimitReached "Steps limit" | ||
| | _ -> returned_status := Worker_interface.Error "Run error" |
There was a problem hiding this comment.
@hra687261's suggestion of removing the match here still applies.
src/lib/reasoners/fun_sat.ml
Outdated
| (* If we reached the step limit while pushing, we have to cancel the | ||
| push. | ||
| TODO: properly cancel the push. *) | ||
| env |
There was a problem hiding this comment.
Can you explain why the steps limit increases while pushing? We call: E.fresh_name, save_guard_and_refs (which only pushes things on a stack), mk_gf (which is just a dumb record constructor) and ME.add, none of which seem to increase the step count.
There was a problem hiding this comment.
I thought fun_sat and satml_frontend had the same behavior regarding the steps; I was wrong.
src/lib/reasoners/satml_frontend.ml
Outdated
| | Util.Step_limit_reached _ -> | ||
| (* If we reached the step limit while pushing, we have to cancel the | ||
| push. | ||
| TODO: properly cancel the push. *) | ||
| env |
There was a problem hiding this comment.
Returning env here is not correct for satML. Because the underlying satml solver uses mutability, it is shared between env and acc; if we reach the steps limit here, new_vars (called through create_guard) can leave the satml solver in an inconsistent state with variables partially added. Plus, env will be out of sync with the content of the satml solver and weird things will follow.
I see two solutions here — either we make sure that new_vars returns a valid environment here, so that acc is correct in the exception handler and we can then pop a corresponding amount, or we temporarily disable the step limit while pushing. I'd prefer the second option (even though it can cause going slightly over the step limit) because the first one is opening up a can of worms where we will mess up and introduce subtle bugs in the future.
There was a problem hiding this comment.
Returning env here is not correct for satML.
That's the point of the TODO, we need to actually cancel the push instead of just returning the env. But disabling the step limit is a better idea, I'll go for it.
There was a problem hiding this comment.
What I mean by "not correct" here is worse — it will cause the type of crashes that we see in #946 , see my toplevel comment.
Note that this really only applies to satML, not to the Tableaux solver, since the Tableaux solver is purely functional and won't get stuck in an intermediate invalid state. But satML is the default solver that 99% of users will use, so… |
Well and even then only "pure" Tableaux, not Tableaux-CDCL, which has an internal CDCL solver that could potentially end up in an invalid state as well! |
|
Just in case, I disactivated the steps exception at the Frontend level to make sure we never break any invariant in the future. |
| (* This function should be called without step limit | ||
| (see Steps.apply_without_step_limit) *) | ||
| assert false |
There was a problem hiding this comment.
Why not directly call Steps.apply_without_step_limit from inside Satml_frontend.push?
There was a problem hiding this comment.
Just in case, I disactivated the steps exception at the Frontend level to make sure we never break any invariant in the future.
For this reason
src/lib/reasoners/satml_frontend.ml
Outdated
| | Util.Step_limit_reached _ -> | ||
| (* When reaching the step limit on an assume, we do not want to | ||
| answer 'unknown' right away. *) | ||
| env |
There was a problem hiding this comment.
By blocking the instructions at the frontend level, we ensure the environment cannot be used in a wrong way. Besides, we may want to display information from the invalid environment when the step limit is reached, so I would rather keep it like that.
There was a problem hiding this comment.
But if Step_limit_reached was raised, the env is potentially invalid to use. How do you avoid it being reused in this case?
src/lib/frontend/frontend.ml
Outdated
| let push = handle_sat_exn internal_push | ||
|
|
||
| let pop = handle_sat_exn internal_pop |
There was a problem hiding this comment.
These also need wrap_f
There was a problem hiding this comment.
I did not put the wrapper on these because I did not want to silently fail (fail = do nothing) on push and pop.
There was a problem hiding this comment.
Ah, I did not catch this, but the wrapper should not silently fail, it should return an error.
If the underlying state of the SAT solver is invalid, there is no guarantee that push and pop are correct either, so this could possibly crash as well.
There was a problem hiding this comment.
Not now push can no longer fail with the disabled steps check
There was a problem hiding this comment.
Oh I see your point sorry, we may push a wrong environment; but is it really an issue?
There was a problem hiding this comment.
Oh I see your point sorry, we may push a wrong environment; but is it really an issue?
If a step limit is reached, there may or may not be some invariants in the environment that are broken. Without looking at the code, I don't know which invariants are broken, or how calling push or pop interacts with those broken invariants. It might be that this is perfectly fine, it might not be, but we won't know without tracking all the invariants that can potentially get broken, and even then if we can only call push and pop it is not very interesting, so we should just prevent that.
There was a problem hiding this comment.
The sat environment should keep track of its own inconsistency wrt the steps; with this, we could actually save invalid environments, update the step number and make sure we don't ever work with invalid environments. What do you think?
There was a problem hiding this comment.
Nevermind, it's pretty much what is already done. When the unknown_reason is Some (Step_limit _) we should not be able to do anything
There was a problem hiding this comment.
I am not sure I understand why updating the step number seems to be such a huge issue. Once we have an unknown reason with Step_limit updating the step number is not going to change that unknown reason. What am I missing here?
There was a problem hiding this comment.
Now we use the Limit step as a reason not to keep using the environment, it is not an issue anymore.
Stevendeo
force-pushed
the
steps-timeout
branch
from
74e4ed8
to
9eee5e1
Compare
src/lib/reasoners/satml_frontend.ml
Outdated
| | Util.Step_limit_reached _ -> | ||
| env |
There was a problem hiding this comment.
I believe that this is still leaking a potentially invalid environment into the wild without protecting it with an unknown reason. This should raise i_dont_know and it should be caught in handle_sat_exn in the frontend to set the state there to `Unknown and following operations will be protected by wrap_f.
There was a problem hiding this comment.
If we raise I_dont_know we will answer unknown during an assertion; is that really what we want to do? I would rather update the environment with the correct unknown_reason
There was a problem hiding this comment.
If we raise I_dont_know we will answer unknown during an assertion
If we raise I_dont_know I think it should be caught by the frontend which will update the unknown reason as needed, and only display unknown once the solving loop is done processing, but worth checking.
There was a problem hiding this comment.
The unknown reason is on the sat solver side
There was a problem hiding this comment.
Ah right — yeah returning the env with Step_limit unknown reason is what needs to happen then.
Stevendeo
force-pushed
the
steps-timeout
branch
from
9eee5e1
to
115830a
Compare
There was a problem hiding this comment.
There are still some issues with the smt interface, see inline comments.
I wonder if we should call the option steps-bound. I know that this is the name of the CLI flag, but we use "limit" for the time limit and the Fourier-Motzkin cross-limit (not sure what that limits) and "limit" is closer to what it actually do. The other place we use "bound" is for the "age bound" that controls the behavior of matching and is not a resource limit. If we change the name, it should also be changed for the CLI options, so best to keep "steps-bound" for now and do the rename everywhere in a separate PR.
|
(Waiting for the benches currently running on |
Stevendeo
force-pushed
the
steps-timeout
branch
from
c4b4ffb
to
872f8ff
Compare
CHANGES: ### Command-line interface - Enable FPA theory by default (OCamlPro/alt-ergo#1177) - Remove deprecated output channels (OCamlPro/alt-ergo#782) - Deprecate the --use-underscore since it produces models that are not SMT-LIB compliant (OCamlPro/alt-ergo#805) - Add --dump-models-on to dump models on a specific output channel (OCamlPro/alt-ergo#838) - Use consistent return codes (OCamlPro/alt-ergo#842) - Add --continue-on-error flag to set the SMT-LIB error behavior (OCamlPro/alt-ergo#853) - Make dolmen the default value for the --frontend option (OCamlPro/alt-ergo#857) - Restore functionality to broken `--profiling` option (OCamlPro/alt-ergo#947) - Add bare-bones support for interactive input in SMT-LIB format (OCamlPro/alt-ergo#949) - Less confusing behavior on timeout (OCamlPro/alt-ergo#982, OCamlPro/alt-ergo#984) - Add `--strict` option for SMT-LIB compliant mode (OCamlPro/alt-ergo#916, OCamlPro/alt-ergo#1133) - Deprecate `sum`, `typing` and `warnings` debug flags (OCamlPro/alt-ergo#1204) ### SMT-LIB support - Add support for the many new SMT-LIB commands (OCamlPro/alt-ergo#837, OCamlPro/alt-ergo#848, OCamlPro/alt-ergo#852, OCamlPro/alt-ergo#863, OCamlPro/alt-ergo#911, OCamlPro/alt-ergo#942, OCamlPro/alt-ergo#945, OCamlPro/alt-ergo#961, OCamlPro/alt-ergo#975, OCamlPro/alt-ergo#1069) - Expose the FPA rounding builtin in the SMT-LIB format (OCamlPro/alt-ergo#876, OCamlPro/alt-ergo#1135) - Allow changing the SAT solver using (set-option) (OCamlPro/alt-ergo#880) - Add support for the `:named` attribute (OCamlPro/alt-ergo#957) - Add support for quoted identifiers (OCamlPro/alt-ergo#909, OCamlPro/alt-ergo#972) - Add support for naming lemmas in SMT-LIB syntax (OCamlPro/alt-ergo#1141, OCamlPro/alt-ergo#1143) ### Model generation - Use post-solve SAT environment in model generation, fixing issues where incorrect models were generated (OCamlPro/alt-ergo#789) - Restore support for records in models (OCamlPro/alt-ergo#793) - Use abstract values instead of dummy values in models where the actual value does not matter (OCamlPro/alt-ergo#804, OCamlPro/alt-ergo#835) - Use fresh names for all abstract values to prevent accidental captures (OCamlPro/alt-ergo#811) - Add support for model generation with the default CDCL solver (OCamlPro/alt-ergo#829) - Support model generation for the BV theory (OCamlPro/alt-ergo#841, OCamlPro/alt-ergo#968) - Add support for optimization (MaxSMT / OptiSMT) with lexicographic Int and Real objectives (OCamlPro/alt-ergo#861, OCamlPro/alt-ergo#921) - Add a SMT-LIB printer for expressions (OCamlPro/alt-ergo#952, OCamlPro/alt-ergo#981, OCamlPro/alt-ergo#1082, OCamlPro/alt-ergo#931, OCamlPro/alt-ergo#932) - Ensure models have a value for all constants in the problem (OCamlPro/alt-ergo#1019) - Fix a rare soundness issue with integer constraints when model generation is enabled (OCamlPro/alt-ergo#1025) - Support model generation for the ADT theory (OCamlPro/alt-ergo#1093, OCamlPro/alt-ergo#1153) ### Theory reasoning - Add word-level propagators for the BV theory (OCamlPro/alt-ergo#944, OCamlPro/alt-ergo#1004, OCamlPro/alt-ergo#1007, OCamlPro/alt-ergo#1010, OCamlPro/alt-ergo#1011, OCamlPro/alt-ergo#1012, OCamlPro/alt-ergo#1040, OCamlPro/alt-ergo#1044, OCamlPro/alt-ergo#1054, OCamlPro/alt-ergo#1055, OCamlPro/alt-ergo#1056, OCamlPro/alt-ergo#1057, OCamlPro/alt-ergo#1065, OCamlPro/alt-ergo#1073, OCamlPro/alt-ergo#1144, OCamlPro/alt-ergo#1152) - Add interval domains and arithmetic propagators for the BV theory (OCamlPro/alt-ergo#1058, OCamlPro/alt-ergo#1083, OCamlPro/alt-ergo#1084, OCamlPro/alt-ergo#1085) - Native support for bv2nat of bit-vector normal forms (OCamlPro/alt-ergo#1154) - Fix incompleteness issues in the BV solver (OCamlPro/alt-ergo#978, OCamlPro/alt-ergo#979) - Abstract more arguments of AC symbols to avoid infinite loops when they contain other AC symbols (OCamlPro/alt-ergo#990) - Do not make irrelevant decisions in CDCL solver, improving performance slightly (OCamlPro/alt-ergo#1041) - Rewrite the ADT theory to use domains and integrate the enum theory into the ADT theory (OCamlPro/alt-ergo#1078, OCamlPro/alt-ergo#1086, OCamlPro/alt-ergo#1087, OCamlPro/alt-ergo#1091, OCamlPro/alt-ergo#1094, OCamlPro/alt-ergo#1138) - Rewrite the Intervals module entirely (OCamlPro/alt-ergo#1108) - Add maximize/minimize terms for matching (OCamlPro/alt-ergo#1166) - Internalize `sign_extend` and `repeat` (OCamlPro/alt-ergo#1192) - Run cross-propagators to completion (OCamlPro/alt-ergo#1221) - Support binary distinct on arbitrary bit-widths (OCamlPro/alt-ergo#1222) - Only perform optimization when building a model (OCamlPro/alt-ergo#1224) - Make sure domains do not overflow the default domain (OCamlPro/alt-ergo#1225) - Do not build unnormalized values in `zero_extend` (OCamlPro/alt-ergo#1226) ### Internal/library changes - Rewrite the Vec module (OCamlPro/alt-ergo#607) - Move printer definitions closer to type definitions (OCamlPro/alt-ergo#808) - Mark proxy names as reserved (OCamlPro/alt-ergo#836) - Use a Zarith-based representation for numbers and bit-vectors (OCamlPro/alt-ergo#850, OCamlPro/alt-ergo#943) - Add native support for (bvnot) in the BV solver (OCamlPro/alt-ergo#856) - Add constant propagators for partially interpreted functions (OCamlPro/alt-ergo#869) - Remove `Util.failwith` in favor of `Fmt.failwith` (OCamlPro/alt-ergo#872) - Add more `Expr` smart constructors (OCamlPro/alt-ergo#877, OCamlPro/alt-ergo#878) - Do not use existential variables for integer division (OCamlPro/alt-ergo#881) - Preserve `Subst` literals to prevent accidental incompleteness (OCamlPro/alt-ergo#886) - Properly start timers (OCamlPro/alt-ergo#924) - Compute a concrete representation of a model instead of performing (OCamlPro/alt-ergo#925) - Allow direct access to the SAT API in the Alt-Ergo library computations during printing (OCamlPro/alt-ergo#927) - Better handling for step limit (OCamlPro/alt-ergo#936) - Add a generic option manager to deal with the dolmen state (OCamlPro/alt-ergo#951) - Expose an imperative SAT API in the Alt-Ergo library (OCamlPro/alt-ergo#962) - Keep track of the SMT-LIB mode (OCamlPro/alt-ergo#971) - Add ability to decide on semantic literals (OCamlPro/alt-ergo#1027, OCamlPro/alt-ergo#1118) - Preserve trigger order when parsing quantifiers with multiple trigger (OCamlPro/alt-ergo#1046). - Store domains inside the union-find module (OCamlPro/alt-ergo#1119) - Remove some polymorphic hashtables (OCamlPro/alt-ergo#1219) ### Build and integration - Drop support for OCaml <4.08.1 (OCamlPro/alt-ergo#803) - Use dune-site for the inequalities plugins. External pluginsm ust now be registered through the dune-site plugin mechanism in the `(alt-ergo plugins)` site to be picked up by Alt-Ergo (OCamlPro/alt-ergo#1049). - Add a release workflow (OCamlPro/alt-ergo#827) - Add a Windows workflow (OCamlPro/alt-ergo#1203) - Mark the dune.inc file as linguist-generated to avoid huge diffs (OCamlPro/alt-ergo#830) - Use GitHub Actions badges in the README (OCamlPro/alt-ergo#882) - Use `dune build @check` to build the project (OCamlPro/alt-ergo#887) - Enable warnings as errors on the CI (OCamlPro/alt-ergo#888) - Uniformization of internal identifiers generation (OCamlPro/alt-ergo#905, OCamlPro/alt-ergo#918) - Use an efficient `String.starts_with` implementation (OCamlPro/alt-ergo#912) - Fix the Makefile (OCamlPro/alt-ergo#914) - Add `Logs` dependency (OCamlPro/alt-ergo#1206) - Use `dynamic_include` to include the generated file `dune.inc` (OCamlPro/alt-ergo#1199) - Support Windows (OCamlPro/alt-ergo#1184,OCamlPro/alt-ergo#1189,OCamlPro/alt-ergo#1195,OCamlPro/alt-ergo#1199,OCamlPro/alt-ergo#1200) - Wrap the library `Alt_ergo_prelude` (OCamlPro/alt-ergo#1223) ### Testing - Use --enable-assertions in tests (OCamlPro/alt-ergo#809) - Add a test for push/pop (OCamlPro/alt-ergo#843) - Use the CDCL solver when testing model generation (OCamlPro/alt-ergo#938) - Do not test .smt2 files with the legacy frontend (OCamlPro/alt-ergo#939) - Restore automatic creation of .expected files (OCamlPro/alt-ergo#941) ### Documentation - Add a new example for model generation (OCamlPro/alt-ergo#826) - Add a Pygments lexer for the Alt-Ergo native language (OCamlPro/alt-ergo#862) - Update the current authors (OCamlPro/alt-ergo#865) - Documentation of the `Enum` theory (OCamlPro/alt-ergo#871) - Document `Th_util.lit_origin` (OCamlPro/alt-ergo#915) - Document the CDCL-Tableaux solver (OCamlPro/alt-ergo#995) - Document Windows support (OCamlPro/alt-ergo#1216) - Remove instructions to install Alt-Ergo on Debian (OCamlPro/alt-ergo#1217) - Document optimization feature (OCamlPro/alt-ergo#1231)
CHANGES: ### Command-line interface - Enable FPA theory by default (OCamlPro/alt-ergo#1177) - Remove deprecated output channels (OCamlPro/alt-ergo#782) - Deprecate the --use-underscore since it produces models that are not SMT-LIB compliant (OCamlPro/alt-ergo#805) - Add --dump-models-on to dump models on a specific output channel (OCamlPro/alt-ergo#838) - Use consistent return codes (OCamlPro/alt-ergo#842) - Add --continue-on-error flag to set the SMT-LIB error behavior (OCamlPro/alt-ergo#853) - Make dolmen the default value for the --frontend option (OCamlPro/alt-ergo#857) - Restore functionality to broken `--profiling` option (OCamlPro/alt-ergo#947) - Add bare-bones support for interactive input in SMT-LIB format (OCamlPro/alt-ergo#949) - Less confusing behavior on timeout (OCamlPro/alt-ergo#982, OCamlPro/alt-ergo#984) - Add `--strict` option for SMT-LIB compliant mode (OCamlPro/alt-ergo#916, OCamlPro/alt-ergo#1133) - Deprecate `sum`, `typing` and `warnings` debug flags (OCamlPro/alt-ergo#1204) ### SMT-LIB support - Add support for the many new SMT-LIB commands (OCamlPro/alt-ergo#837, OCamlPro/alt-ergo#848, OCamlPro/alt-ergo#852, OCamlPro/alt-ergo#863, OCamlPro/alt-ergo#911, OCamlPro/alt-ergo#942, OCamlPro/alt-ergo#945, OCamlPro/alt-ergo#961, OCamlPro/alt-ergo#975, OCamlPro/alt-ergo#1069) - Expose the FPA rounding builtin in the SMT-LIB format (OCamlPro/alt-ergo#876, OCamlPro/alt-ergo#1135) - Allow changing the SAT solver using (set-option) (OCamlPro/alt-ergo#880) - Add support for the `:named` attribute (OCamlPro/alt-ergo#957) - Add support for quoted identifiers (OCamlPro/alt-ergo#909, OCamlPro/alt-ergo#972) - Add support for naming lemmas in SMT-LIB syntax (OCamlPro/alt-ergo#1141, OCamlPro/alt-ergo#1143) ### Model generation - Use post-solve SAT environment in model generation, fixing issues where incorrect models were generated (OCamlPro/alt-ergo#789) - Restore support for records in models (OCamlPro/alt-ergo#793) - Use abstract values instead of dummy values in models where the actual value does not matter (OCamlPro/alt-ergo#804, OCamlPro/alt-ergo#835) - Use fresh names for all abstract values to prevent accidental captures (OCamlPro/alt-ergo#811) - Add support for model generation with the default CDCL solver (OCamlPro/alt-ergo#829) - Support model generation for the BV theory (OCamlPro/alt-ergo#841, OCamlPro/alt-ergo#968) - Add support for optimization (MaxSMT / OptiSMT) with lexicographic Int and Real objectives (OCamlPro/alt-ergo#861, OCamlPro/alt-ergo#921) - Add a SMT-LIB printer for expressions (OCamlPro/alt-ergo#952, OCamlPro/alt-ergo#981, OCamlPro/alt-ergo#1082, OCamlPro/alt-ergo#931, OCamlPro/alt-ergo#932) - Ensure models have a value for all constants in the problem (OCamlPro/alt-ergo#1019) - Fix a rare soundness issue with integer constraints when model generation is enabled (OCamlPro/alt-ergo#1025) - Support model generation for the ADT theory (OCamlPro/alt-ergo#1093, OCamlPro/alt-ergo#1153) ### Theory reasoning - Add word-level propagators for the BV theory (OCamlPro/alt-ergo#944, OCamlPro/alt-ergo#1004, OCamlPro/alt-ergo#1007, OCamlPro/alt-ergo#1010, OCamlPro/alt-ergo#1011, OCamlPro/alt-ergo#1012, OCamlPro/alt-ergo#1040, OCamlPro/alt-ergo#1044, OCamlPro/alt-ergo#1054, OCamlPro/alt-ergo#1055, OCamlPro/alt-ergo#1056, OCamlPro/alt-ergo#1057, OCamlPro/alt-ergo#1065, OCamlPro/alt-ergo#1073, OCamlPro/alt-ergo#1144, OCamlPro/alt-ergo#1152) - Add interval domains and arithmetic propagators for the BV theory (OCamlPro/alt-ergo#1058, OCamlPro/alt-ergo#1083, OCamlPro/alt-ergo#1084, OCamlPro/alt-ergo#1085) - Native support for bv2nat of bit-vector normal forms (OCamlPro/alt-ergo#1154) - Fix incompleteness issues in the BV solver (OCamlPro/alt-ergo#978, OCamlPro/alt-ergo#979) - Abstract more arguments of AC symbols to avoid infinite loops when they contain other AC symbols (OCamlPro/alt-ergo#990) - Do not make irrelevant decisions in CDCL solver, improving performance slightly (OCamlPro/alt-ergo#1041) - Rewrite the ADT theory to use domains and integrate the enum theory into the ADT theory (OCamlPro/alt-ergo#1078, OCamlPro/alt-ergo#1086, OCamlPro/alt-ergo#1087, OCamlPro/alt-ergo#1091, OCamlPro/alt-ergo#1094, OCamlPro/alt-ergo#1138) - Rewrite the Intervals module entirely (OCamlPro/alt-ergo#1108) - Add maximize/minimize terms for matching (OCamlPro/alt-ergo#1166) - Internalize `sign_extend` and `repeat` (OCamlPro/alt-ergo#1192) - Run cross-propagators to completion (OCamlPro/alt-ergo#1221) - Support binary distinct on arbitrary bit-widths (OCamlPro/alt-ergo#1222) - Only perform optimization when building a model (OCamlPro/alt-ergo#1224) - Make sure domains do not overflow the default domain (OCamlPro/alt-ergo#1225) - Do not build unnormalized values in `zero_extend` (OCamlPro/alt-ergo#1226) ### Internal/library changes - Rewrite the Vec module (OCamlPro/alt-ergo#607) - Move printer definitions closer to type definitions (OCamlPro/alt-ergo#808) - Mark proxy names as reserved (OCamlPro/alt-ergo#836) - Use a Zarith-based representation for numbers and bit-vectors (OCamlPro/alt-ergo#850, OCamlPro/alt-ergo#943) - Add native support for (bvnot) in the BV solver (OCamlPro/alt-ergo#856) - Add constant propagators for partially interpreted functions (OCamlPro/alt-ergo#869) - Remove `Util.failwith` in favor of `Fmt.failwith` (OCamlPro/alt-ergo#872) - Add more `Expr` smart constructors (OCamlPro/alt-ergo#877, OCamlPro/alt-ergo#878) - Do not use existential variables for integer division (OCamlPro/alt-ergo#881) - Preserve `Subst` literals to prevent accidental incompleteness (OCamlPro/alt-ergo#886) - Properly start timers (OCamlPro/alt-ergo#924) - Compute a concrete representation of a model instead of performing (OCamlPro/alt-ergo#925) - Allow direct access to the SAT API in the Alt-Ergo library computations during printing (OCamlPro/alt-ergo#927) - Better handling for step limit (OCamlPro/alt-ergo#936) - Add a generic option manager to deal with the dolmen state (OCamlPro/alt-ergo#951) - Expose an imperative SAT API in the Alt-Ergo library (OCamlPro/alt-ergo#962) - Keep track of the SMT-LIB mode (OCamlPro/alt-ergo#971) - Add ability to decide on semantic literals (OCamlPro/alt-ergo#1027, OCamlPro/alt-ergo#1118) - Preserve trigger order when parsing quantifiers with multiple trigger (OCamlPro/alt-ergo#1046). - Store domains inside the union-find module (OCamlPro/alt-ergo#1119) - Remove some polymorphic hashtables (OCamlPro/alt-ergo#1219) ### Build and integration - Drop support for OCaml <4.08.1 (OCamlPro/alt-ergo#803) - Use dune-site for the inequalities plugins. External pluginsm ust now be registered through the dune-site plugin mechanism in the `(alt-ergo plugins)` site to be picked up by Alt-Ergo (OCamlPro/alt-ergo#1049). - Add a release workflow (OCamlPro/alt-ergo#827) - Add a Windows workflow (OCamlPro/alt-ergo#1203) - Mark the dune.inc file as linguist-generated to avoid huge diffs (OCamlPro/alt-ergo#830) - Use GitHub Actions badges in the README (OCamlPro/alt-ergo#882) - Use `dune build @check` to build the project (OCamlPro/alt-ergo#887) - Enable warnings as errors on the CI (OCamlPro/alt-ergo#888) - Uniformization of internal identifiers generation (OCamlPro/alt-ergo#905, OCamlPro/alt-ergo#918) - Use an efficient `String.starts_with` implementation (OCamlPro/alt-ergo#912) - Fix the Makefile (OCamlPro/alt-ergo#914) - Add `Logs` dependency (OCamlPro/alt-ergo#1206) - Use `dynamic_include` to include the generated file `dune.inc` (OCamlPro/alt-ergo#1199) - Support Windows (OCamlPro/alt-ergo#1184,OCamlPro/alt-ergo#1189,OCamlPro/alt-ergo#1195,OCamlPro/alt-ergo#1199,OCamlPro/alt-ergo#1200) - Wrap the library `Alt_ergo_prelude` (OCamlPro/alt-ergo#1223) ### Testing - Use --enable-assertions in tests (OCamlPro/alt-ergo#809) - Add a test for push/pop (OCamlPro/alt-ergo#843) - Use the CDCL solver when testing model generation (OCamlPro/alt-ergo#938) - Do not test .smt2 files with the legacy frontend (OCamlPro/alt-ergo#939) - Restore automatic creation of .expected files (OCamlPro/alt-ergo#941) ### Documentation - Add a new example for model generation (OCamlPro/alt-ergo#826) - Add a Pygments lexer for the Alt-Ergo native language (OCamlPro/alt-ergo#862) - Update the current authors (OCamlPro/alt-ergo#865) - Documentation of the `Enum` theory (OCamlPro/alt-ergo#871) - Document `Th_util.lit_origin` (OCamlPro/alt-ergo#915) - Document the CDCL-Tableaux solver (OCamlPro/alt-ergo#995) - Document Windows support (OCamlPro/alt-ergo#1216) - Remove instructions to install Alt-Ergo on Debian (OCamlPro/alt-ergo#1217) - Document optimization feature (OCamlPro/alt-ergo#1231)
This PR aims at cleanly stop when the step limit is reached instead of returning a Fatal Error