
The Z3 theorem prover is now open source - taocp
http://research.microsoft.com/en-us/um/people/leonardo/blog/2012/10/02/open-z3.html
======
ot
This is great news! When I was at MSR I heard the rumor that they wanted to
_sell_ Z3, not open-source it!

Some context, as not everybody may have heard about it.

Z3 is an SMT [1] solver. Since SMT generalizes SAT, it is clearly NP-hard, so
a number of heuristics are needed. In particular, Z3 won several SMT speed
competitions, so it has been for long the fastest SMT solver.

You can play with it online using its Lisp-like native language [2] or using
the Python bindings [3]

The reason SMT is important is that several static analysis tools work by
encoding the program constraints (such as pre/post conditions, invariants,
...) into a big formula. The satisfiability of this formula determines the
correctness of the program, and sometimes assignments can be translated back
to counterexamples to program correctness.

[1] <http://en.wikipedia.org/wiki/Satisfiability_Modulo_Theories>

[2] <http://rise4fun.com/Z3/bit-count>

[3] <http://rise4fun.com/Z3Py/nonlinear>

~~~
wiradikusuma
what is the practical uses of this (or SMT in general)? i've read the
referenced Wikipedia but still don't understand.

~~~
tptacek
Solvers are somewhat popular in software security, both for automatically
uncovering invariants (and exploitable lack of invariants), and also for
modeling program binaries and solving for collections of basic blocks that can
executed during a memory corruption attack to accomplish attacker goals.

~~~
krenoten
Things like automatic exploit generation[1] and exploit hardening[2] in
particular rely on SMT solvers to accomplish their goals. They allow for some
truly remarkable things to be done. Expect skynet to utilize them heavily in
its distributed automatic exploit generation (global autopwn) tooling!

1\. <http://security.ece.cmu.edu/aeg/> 2\.
[http://users.ece.cmu.edu/~ejschwar/bib/schwartz_2011_rop-
abs...](http://users.ece.cmu.edu/~ejschwar/bib/schwartz_2011_rop-
abstract.html)

------
gojomo
The limitation to non-commercial use means it's not quite 'open source' in the
common meaning established by the Open Source Initiative. (Discrimination
against a 'field of endeavor', such as business use, is not allowable under
their definition.)

~~~
lucian1900
It's not open source by any stretch of the imagination. The Microsoft blog is
quite simply lying.

~~~
seanmcdirmid
Or the poster doesn't understand what open source really is, or their
definition of open source is different from yours. Honestly, GPL screws up
commercial use almost as much as a non commercial use restrictions. But I
totally agree that open source are not the right words to use in this
situation.

Full disclosure, I work for Microsoft.

~~~
josephlord
GPL has no restrictions at all on commercial use and in commercial use places
no obligations on you at all.

If you distribute GPL code you then become subject to its restrictions and
must provide the code.

~~~
seanmcdirmid
Sure, I'm aware of this. My point was that GPL is almost as poisonous as a non
commercial use restriction in terms of distributing software. GPL works great
on the server where this isn't a concern, but doesn't work for almost any
other commercial use case. Very arbitrary but at least very clear.

~~~
josephlord
You seem to have a VERY narrow definition of commercial use which involves
selling software or being a software service provider. There are a vast
majority of companies manufacturing/distributing/retailing and providing
services for whom the GPL imposes no restriction at all. The MS release seems
to prevent all commercial use not just commercial redistribution/binary
release making it a FAR broader restriction than the GPL.

For MS and a surprisingly small (in terms of total global economy) number of
other businesses selling closed source software (or software dependent on
other non-Free software components) the GPL imposes very real restrictions.

I would argue that they are in no way arbitrary but have a clear purpose and
objective to further increase the amount of Free software in the world. You
may or may not support or want to assist this objective but it certainly
doesn't feel arbitrary to me (I've taken the 'capricious; unreasonable;
unsupported' definition of arbitrary from Dictionary.com as my interpretation
of your meaning).

Edit/reply:

Can't reply to you for some reason. No citation but you have missed my point.
I wasn't comparing Open Source Industry to closed source software industry but
really the software industry to ALL Other industries (and individuals) in the
world. Basically software consumers rather than producers (of which closed
source companies like MS form a large part).

~~~
seanmcdirmid
Citation needed on how the open source software industry is so much larger
(money wise) than the closed source software industry. I'm sure its much more
of a mix, plus closed source software is more often sold, meaning more money
is involved in say oracle DB vs. MySQL. Also, most of the OSS industry prefers
apache/BSD style licenses that aren't viral.

If RMS was true to his principles, he would make GPL more viral to cover every
deployment and co-deployment. But they leave this huge server hole instead.
That is what I mean by arbitrary. Why a hole there and not elsewhere?

~~~
josephlord
I don't say anything of the sort. Please read again. I am saying that total
global commerce and use of computers is greater than the software industry
(not the world's greatest insight I know).

Don't want to answer for RMS. I can't think of less arbitrary way of achieving
their aims.

------
ajb
Non-commercial only. There are several similar projects some of which are
_really_ open source: <http://smtlib.cs.uiowa.edu/solvers.html>

~~~
sanxiyn
Sadly, none as good as Z3. I'd want to _study_ Z3, even if I'd rather _use_
something else. The current license is good enough for studying.

------
jhartmann
I think one of the problems with it not being true open source is that they
are selling a commercial version @ the microsoft store for 14,950. I suspect
this is why they choose this license.

I'd be interested if they would provide different terms for the source for the
people that bought the commercial version, or if you would just be stuck with
the binaries.

Here is the link to buy the commercial version:
[http://www.microsoftstore.com/store/msstore/pd/Microsoft-
Res...](http://www.microsoftstore.com/store/msstore/pd/Microsoft-
Research-Z3-Theorem-Prover/productID.242666500)

------
jmartinpetersen
It seemed really exciting until I realized that it is only available for non-
commercial purposes.

~~~
wladimir
IMO it's still exciting. Sure, you cannot use it directly for commercial
purposes, but having the source for something like this is great to learn
from.

And it means that it can be ported to platforms it's currently not available
for.

~~~
praptak
> Sure, you cannot use it directly for commercial purposes, but having the
> source for something like this is great to learn from.

As long as nobody sees you, otherwise you are vulnerable to a lawsuit. If I
had serious plans to make my own implementation I would purposefully avoid
even running this program.

~~~
wladimir
Right, if you intend to make your own implementation and profit from it, it's
wise to avoid it. But for the rest of us it isn't that black and white...

~~~
Jach
Do you think Microsoft will be around in 10-20 years? Do you have a good idea
of what you'll be working on (or interested in) in 10-20 years? Do you think
laws regarding the forms of IP will be much better in 10-20 years? Do you
think you'd get caught now or in the next 10-20 years if you do use this as
research (or even rip code directly from it) and get sued for making money off
it? Plug in your guestimations and make a decision. I looked at it, myself.

------
tluyben2
That's excellent (good to learn from, shame it's only non commercial; it's a
step forward though)! I was accidentally checking rise4fun for open source
just last week. I hope they open source more; unfortunately the project I'm
most curious about at the moment (quickcode) will not be open sourced as it is
officially part of Excel now.

------
subleq
As a plain old programmer, would a tool like this be useful to me? How can I
use a theorem prover to improve my code, or make it easier to write my code on
a day to day basis? I've heard that Z3 is used for demonstrating security
properties, how would I apply this to ensure my own systems are secure?

------
contextfree
Wish someone would update the topic here, since it's not open source as per
the generally understood definition ... (as the article's source has updated /
corrected on his blog)

------
timtadh
Anyone able to find a link to the code? I have been looking around but I can
only seem to find the binaries.

~~~
apawloski
It's on codeplex
[http://z3.codeplex.com/SourceControl/changeset/view/9823ee3b...](http://z3.codeplex.com/SourceControl/changeset/view/9823ee3b4481)

------
zvrba
People bitching about MS misusing the term "open-source" are, IMO, ungrateful
SOBs who have never attempted to implement a non-trivial algorithm based on
nothing but a stack of academic papers.

For me, the greatest value in having the source is to _learn_ from it, not to
hijack it.

~~~
algorias
I think a lot of people appreciate the move MS made while simultaneously
condemning them for their casual appropriation of a term having a well-
established meaning. They've updated the blog post in the meantime, so this is
a non-issue.

Resorting to ad-hominems does nothing to strengthen your argument, btw.

~~~
zvrba
Care to show some signs of appreciation by those who complain?

------
elviejo
Could this be used to tes ZED models?

------
derleth
From the license text:

> Microsoft is granted back, without any restrictions or limitations, a non-
> exclusive, perpetual, irrevocable, royalty-free, assignable and sub-
> licensable license, to reproduce, publicly perform or display, install, use,
> modify, post, distribute, make and have made, sell and transfer your
> modifications to and/or derivative works of the Software source code or
> data, for any purpose.

The above I can understand. MSFT claims ownership of any modifications you
make to its software. Be aware.

> [A]ny feedback about the Software provided by you to us is voluntarily
> given, and Microsoft shall be free to use the feedback as it sees fit
> without obligation or restriction of any kind, even if the feedback is
> designated by you as confidential.

This I don't get. Why would MSFT want to publish confidential feedback?

> That if you breach this MSR-LA or if you sue anyone over patents that you
> think may apply to or read on the Software or anyone's use of the Software,
> this MSR-LA (and your license and rights obtained herein) terminate
> automatically. Upon any such termination, you shall destroy all of your
> copies of the Software immediately. Sections 3, 4, 5, 6, 7, 8, 11 and 12 of
> this MSR-LA shall survive any termination of this MSR-LA.

This part I certainly understand. "Sue us and you can't use our toys anymore."

> That the patent rights, if any, granted to you in this MSR-LA only apply to
> the Software, not to any derivative works you make.

This, again, is unsurprising, but good to keep in mind.

~~~
nwatson
The 'confidential feedback' boilerplate language would especially apply to
projects with potential security implications. Your 'confidential feedback'
might be disclosure of a security vulnerability and they'd want to choose to
patch or not patch and publicly divulge or not divulge the vulnerability your
feedback reveals.

