SMT cache values and handle z3 errors

[TGWDB]

This PR contains a fix for problems due to cbmc being able to send expressions with quantifiers to z3. This creates a problem where a sat result can be followed by an attempt to (get-value |XXX|) for various identifiers XXX. However, when z3 has a quantifier in one of these identifiers this raises an error.

This PR addresses this problem by doing three things:

1. When we pass the solver input of the form (assert |XXX|) via the set_to function that is in turn referring to something in defined_expressions, then we also store what value we set this identifier to in set_values. (This covers various expressions, but most importantly here quantifier questions which z3 will fail to handle with (get-value |XXX|).)
2. When we parse output from the SMT solver if we hit an error relating to quantifiers after z3 has determined the result is sat, then we ignore this error. This would lead to us missing results from the (get-value ...) expressions except for
3. When parsing results, if we already know the correct response for sat because we stored it in the set_values in 1 (above), then use this instead of parsing and checking the result from the solver. This also solves the problem with z3 not being able to return the result and it being skipped in 2 (above).

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #6215 (e66aa29) into develop (d125b1a) will increase coverage by 0.07%.
The diff coverage is 89.41%.

@@             Coverage Diff             @@
##           develop    #6215      +/-   ##
===========================================
+ Coverage    75.12%   75.20%   +0.07%     
===========================================
  Files         1458     1458              
  Lines       161402   161431      +29     
===========================================
+ Hits        121261   121408     +147     
+ Misses       40141    40023     -118     

Impacted Files	Coverage Δ
src/solvers/smt2/smt2_conv.h	100.00% <ø> (ø)
src/solvers/smt2/smt2_dec.cpp	74.77% <80.76%> (+3.34%)	⬆️
src/solvers/smt2/smt2_conv.cpp	67.16% <93.22%> (-0.03%)	⬇️
src/goto-programs/link_goto_model.cpp	0.00% <0.00%> (-77.97%)	⬇️
src/ansi-c/c_typecheck_typecast.cpp	55.00% <0.00%> (-15.00%)	⬇️
src/ansi-c/literals/parse_float.cpp	83.65% <0.00%> (-12.50%)	⬇️
src/ansi-c/c_typecheck_code.cpp	72.44% <0.00%> (-5.89%)	⬇️
src/goto-instrument/code_contracts.cpp	86.57% <0.00%> (+0.01%)	⬆️
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 54c385e...e66aa29. Read the comment docs.

[TGWDB]

@peterschrammel @tautschnig I would appreciate codeowner review (and ideally approved) here. I've tried to explain in the PR why this is done this way and what problem it solves. I'm also aware of critique regarding handling specific z3 errors and special cases, but since we already give this input to z3 (including in regression tests) I would argue that handling it in some form is better than simply reporting errors due to what cbmc creates internally. Also this is part of a series of fixes that AWS has found useful on a branch (https://github.com/NlightNFotis/cbmc/tree/smt_fast_response), so there is also argument from usage that this is valuable.

[peterschrammel]

Should be is NOT satisfiable ?

[kroening]

It's wrong for get to return the symbol that it's asked to provide a model for.
The API is meant to return nil when no value is available.

[TGWDB]

This appears to have been caught from another PR/merging problem with git (and is already merged in #6210 ). That said, this fixes missing symbols in arrays when printing traces from SMT solvers.

[kroening]

This is a horrible hack to work around a bug in Z3.
I would much prefer to raise this with the developers of Z3.

[martin-cs]

I appreciate that "maybe do something else" is not a particularly helpful review comment but some general thoughts:

• In SMT-LIB 2.* there is little standarization of the representation of models and values. For simple variables it is simple but for things like arrays and quantifiers it rapidly gets less obvious.
• This may change in SMT-LIB 3.0. One of the reasons for adding things like lambdas to the language is to help create a way of outputting arrays and quantifiers.
• As such the output is quite solver-specific.
• (get-model) is a generally preferred interface than (get-value).

So, maybe the correct way to handle this is to call (get-model) and then do a solver-specific parsing of what you get?

[martin-cs]

Why does this break?

[TGWDB]

These appear to have been broken before, previous version of cbmc have errors here.

[TGWDB]

Broadly I agree on the points raised by both @kroening and @martin-cs , the ideal would be to do something better and not have this hack. However, the main concern here (and hence my raising this PR with the above comments/discussion) is that we are already sending "bad" input to z3 (and other solvers). The goal here is to (better) handle where we send bad input to z3 and in particular do this without major changes to how to invoke solvers. That said, feedback and commentary on how to do this right are welcome as the larger project (overview here #6134 ) can benefit from this.