[Issue Backlog] Backlog Analysis - 2026-03-21

[github-actions[bot]]

Issue Backlog Analysis - 2026-03-21

Executive Summary

• Total open issues analyzed: 139
• Issues recommended for closure: 0 (conservative; no confirmed resolutions found)
• Potential duplicates / merge candidates: 19 across 4 clusters
• Issues with suggested fixes: 13
• Issues commented on (this run): 2 (Free variable in the model #9063, Python installation on ARM64 doesn't work on M3 #9056)
• Issues commented on (previous runs, skipped): Unsound model with ABV logic #7132, Refutational Soundness issue  #7135, Incorrect model #7842, Wrong verdict with (set-option :sat.smt true) #7990, PartialOrder hangs when reasoning about bottom element #7592, String solver performance regression in 4.16 #8893

---

Issues Recommended for Closure

No issues were recommended for closure in this run. All open soundness and bug issues appear to still reproduce on current Z3 versions based on the reports and lack of fix confirmations.

---

Potential Duplicates / Merge Candidates

Cluster 1 — Floating-Point Invalid Model / Soundness

These issues share a root cause in Z3's floating-point theory model generation and BV+FP interaction:

Issue	Title	Notes
#7135	Refutational Soundness issue (QF_BVFP)	Z3 says unsat, cvc5 says sat with validated model
#7162	Invalid model on float formula	fp.fma + RNA rounding
#7321	Invalid model on floats	fp.eq + fp.to_real through intermediate variable
#7431	Invalid model with fp.to_fp	RTZ rounding corner case
#7842	Incorrect model (FP + datatypes)	Model assigns NaN despite distinct constraint
#8185	Incorrect model mixed FP/Real	Triggered by :produce-proofs true + String constraint
#9022	FPA soundness in incremental solving	PR #8712 did not fully fix #8345
#6078	Unsoundness of fp.to_fp with sat.euf=true	Different solver path

Root component: src/smt/theory_fpa.cpp, src/ast/fpa/fpa_rewriter.cpp, src/smt/smt_model_generator.cpp

Cluster 2 — String Solver Invalid Model

Issue	Title	Notes
#6346	Invalid model on incremental string formula	Incremental QF_S
#6982	Invalid model on incremental QF_SLIA	str.substr + str.to_int
#7223	Invalid model on String theory	Nested str.replace / str.from_int
#7841	Incorrect model for QF_SLIA	Platform-dependent (Linux vs macOS)
#7593	Invalid model with sequences: foldl, nth, ++	Sequence combinators
#7664	Invalid model with recursive function over sequences	define-fun-rec over Seq
#9063	Free variable in model	Internal seq.nth_i k!0 leaking out

Root component: src/smt/seq_model.cpp, src/smt/seq_*.cpp

Cluster 3 — Performance Regressions

Issue	Title	Regression From → To
#7700	Loops forever	4.8.14 → 4.15.1
#7735	Memory/time blow-up	4.15.1 → 4.15.2
#7991	Infinite loop	4.15.3
#8740	unknown instead of sat	4.15.4 → 4.15.8
#8893	String solver 25× slowdown	4.15.2 → 4.16.0

Cluster 4 — Spacer / HORN Soundness

Issue	Title	Notes
#7417	Wrong sat answer on HORN	Expected unsat, Eldarica confirms
#7730	Spacer returns sat instead of unsat	fp.spacer.native_mbp=true triggers it
#7611	Spacer unsoundness with inductive datatypes	Validates to unknown when fp.validate=true
#4008	Soundness bug in HORN logic	Long-standing open

Root component: src/muz/spacer/, src/muz/bmc/

---

Issues with Suggested Fixes

#9063 — Free variable in the model

• Component: Sequence theory model generation
• Relevant source files: src/smt/seq_model.cpp, src/smt/smt_model_generator.cpp
• Suggested fix direction: The seq.nth_i k!0 0 term reveals that a Skolem variable (k!0) introduced during solving is not being concretized in the model. The model builder for sequences involving parametric datatypes fails to substitute a concrete value for the sequence element. Fix: ensure all seq.nth_i applications are eliminated during model completion.

#9022 — FPA soundness issue in incremental solving (still exists)

• Component: FP theory, quantifier instantiation, incremental solving
• Relevant source files: src/smt/theory_fpa.cpp, src/smt/smt_context.cpp
• Suggested fix direction: PR Fix FPA soundness issue in incremental (push/pop) solving #8712 did not fully address the push/pop interaction with quantifier pattern triggers for the FP theory. When push is called after FP quantifier instantiation, the instantiation history may not be properly backtracked. Investigate whether the FP theory's push_scope/pop_scope correctly resets quantifier trigger caches.

#7842 — Incorrect model (FP + datatypes)

• Component: Datatype theory + FP theory model construction
• Relevant source files: src/smt/theory_datatypes.cpp, src/smt/theory_fpa.cpp
• Suggested fix direction: The model assigns x = (Flt (_ NaN 8 24)) despite (distinct x (Flt (_ NaN 8 24))). The datatype + FP path does not check distinct constraints when assigning canonical NaN. Fix: ensure the datatype model builder propagates FP distinctness constraints.

#7990 — Wrong verdict with sat.smt=true

• Component: SAT-based SMT solver (src/sat/smt/)
• Relevant source files: src/sat/smt/euf_solver.cpp, src/sat/smt/ theory plugins
• Suggested fix direction: The wrong verdict appears only on the final check-sat in an incremental sequence with sat.smt=true. This suggests a state management issue in incremental inprocessing — possibly irredundant clauses being incorrectly deleted or not reconstructed. The sat.smt mode is still experimental.

#7132 — Unsound model with ABV logic

• Component: Array theory model generation with BV indices
• Relevant source files: src/smt/theory_array.cpp, src/smt/smt_model_generator.cpp
• Suggested fix direction: The model builds id.ma as as-array k!143 where composed functions yield 0 for values that should be 6 or 8. Fix: verify that the as-array interpretation correctly handles composed partial functions for large BV-indexed arrays (possible off-by-one in bit-vector range evaluation).

#8740 — Z3 Regression: unknown instead of sat

• Component: Arithmetic solver (LP backend)
• Relevant source files: src/math/lp/, src/smt/theory_arith.cpp
• Suggested fix direction: Regression between 4.15.4 and 4.15.8 in QF_LIA. cvc5 confirms sat. The constraint system is a product-of-integers modular arithmetic problem. This may be a regression in the LP/NLA solver boundary or arithmetic tactic selection.

#8893 — String solver performance regression in 4.16

• Component: String/sequence solver
• Relevant source files: src/smt/seq_regex.cpp, src/smt/theory_seq.cpp
• Suggested fix direction: 25× slowdown in QF_SLIA between 4.15.2 and 4.16.0 on a regex membership + length constraint. Likely a regression in regex automaton construction or the interaction between the new nseq solver introduced in 4.16 and legacy benchmarks. Bisect commits between these tags.

#7592 — PartialOrder hangs with bottom element

• Component: Python API + MBQI quantifier solver
• Relevant source files: src/api/python/z3/z3.py (PartialOrder definition)
• Suggested fix direction: The PartialOrder helper generates quantified axioms without explicit :pattern triggers, leading MBQI to loop when chaining the transitivity axiom. Add :pattern annotations to the generated axioms or document that PartialOrder should not be used with ground quantifier queries.

#7730 — Spacer returns sat instead of unsat

• Component: Spacer HORN engine
• Relevant source files: src/muz/spacer/spacer_context.cpp, src/muz/spacer/spacer_mbc.cpp
• Suggested fix direction: Setting fp.spacer.native_mbp=false produces correct unsat in earlier versions. The native MBP path (fp.spacer.native_mbp=true, now default) has a soundness regression. Investigate changes to the native MBP implementation between 4.13.3 and 4.15.2.

#6982 / #7841 — Incremental string solver invalid models

• Component: String solver, incremental push/pop
• Relevant source files: src/smt/theory_seq.cpp, src/smt/seq_*.cpp
• Suggested fix direction: Both involve str.substr + str.to_int in push/pop sequences. The model validator fails, suggesting that after backtracking, the string solver does not correctly re-derive string values. Review theory_seq's pop_scope to ensure substring interpretation is reset.

#7417 — Z3 returning wrong sat answer on HORN

• Component: HORN / Spacer
• Relevant source files: src/muz/spacer/, src/muz/bmc/
• Suggested fix direction: Eldarica gives unsat with a proof. The CHC involves Array Int Int operations within Horn invariants. Check whether the interpolation procedure handles array theories soundly in the context of Spacer's model-guided unfolding.

#7135 — Refutational soundness issue (QF_BVFP)

• Component: FP theory, BV+FP conversion
• Relevant source files: src/smt/theory_fpa.cpp, src/ast/fpa/fpa_rewriter.cpp, src/util/mpf.cpp
• Suggested fix direction: Z3 returns unsat for a QF_BVFP formula that cvc5 shows is satisfiable. The formula involves to_fp_unsigned + bvsdiv + fp.sqrt/fp.mul chains. This may be a corner case in to_fp_unsigned conversion or the interaction between fp.sqrt and fp.sub.

---

Issues Needing More Information

Issue	Title	Missing Information
#9056	Python ARM64 doesn't work on M3	Whether Python 3.14 itself is arm64 or x86_64 (file $(which python3))
#7700	4.8.14 → 4.15.1 loop forever	Minimized test case (ddSMT failed; other minimizers may help)
#7826	Performance regression (Arrays)	More context on what changed between versions
#7837	Z3 for solving CHC datalog rules	Unclear what behavior is expected; may be a usage question
#8052	Unsat only with unnecessary asserts	Version-specific; needs repro on 4.16

---

Notable Issues Deserving Attention

Issues that are particularly impactful, long-standing, or high-severity:

Issue	Title	Age	Notes
#7135	Refutational Soundness (QF_BVFP)	~2 years	Critical: Z3 proves unsatisfiable a formula that is SAT
#7132	Unsound model with ABV	~2 years	Critical: model fails to satisfy asserted constraints
#9022	FPA soundness incremental	4 days	Prior fix (#8712) confirmed insufficient
#7990	Wrong verdict sat.smt=true	5 months	Unsound result in experimental mode
#7730	Spacer returns sat vs expected unsat	8 months	Spacer soundness regression
#8740	unknown instead of sat regression	4 weeks	Completeness regression affecting users
#8893	String solver 25× slowdown in 4.16	2 weeks	Performance regression on upgrade
#578	Infinite loop, recursive datatypes	10 years	Ancient; unclear if still relevant
#438	QF_ABV query causes hang	10 years	Ancient; may be fixed or out of scope

---

Automated Workflow Notes

• Previous run (2026-03-17) commented on: PartialOrder hangs when reasoning about bottom element #7592
• Previous runs (2026-03-13 to 2026-03-15) commented on: Unsound model with ABV logic #7132, Refutational Soundness issue  #7135, Incorrect model #7842, Wrong verdict with (set-option :sat.smt true) #7990, String solver performance regression in 4.16 #8893
• This run commented on: Free variable in the model #9063, Python installation on ARM64 doesn't work on M3 #9056
• Issues [aw] No-Op Runs #9055 ([aw] No-Op Runs) and [code-simplifier] Simplify extract_var_bound in qe_lite_tactic.cpp via operator normalization #9061 ([code-simplifier]) are automation-generated and tracked separately

---

Automated by Issue Backlog Processor — runs every 2 days

AI generated by Issue Backlog Processor · history

• expires on Mar 28, 2026, 12:21 AM UTC