(set-option :produce-unsat-cores true) (declare-datatypes () ((TriangleType EQUILATERAL ISOSCELES ACUTE OBTUSE RIGHT ILLEGAL))) ; this is the buggy triangle classifier (define-fun classify ((a Int)(b Int)(c Int)) TriangleType (if (and (>= a b) (>= b c)) (if (or (= a c) (= b c)) (if (and (= a b) (= a c)) EQUILATERAL ISOSCELES) (if (not (= (* a a) (+ (* b b) (* c c)))) (if (< (* a a) (+ (* b b) (* c c))) ACUTE OBTUSE) RIGHT)) ILLEGAL)) ; precondition: triangle sides must be positive and ; must observe the triangular inequality (define-fun pre ((a Int)(b Int)(c Int)) Bool (and (> a 0) (> b 0) (> c 0) (< a (+ b c)))) ; our postcondition is based on a debugged version of classify ; Exercise: try alternative postconditions (define-fun spec ((a Int)(b Int)(c Int)) TriangleType (if (and (>= a b) (>= b c)) (if (or (= a b) (= b c)) (if (and (= a b) (= a c)) EQUILATERAL ISOSCELES) (if (not (= (* a a) (+ (* b b) (* c c)))) (if (< (* a a) (+ (* b b) (* c c))) ACUTE OBTUSE) RIGHT)) ILLEGAL)) (define-fun post ((a Int)(b Int)(c Int)(y TriangleType)) Bool (= y (spec a b c))) ; the verification condition (declare-const x Int) (declare-const y Int) (declare-const z Int) (assert (and (pre x y z) (not (post x y z (classify x y z))))) (check-sat) (get-model)