Transcript Lecture 2
Lectures
Wednesday 10:45–12:15
An Introduction to Z3 with Applications
Thursday August 30th 15:45–17:15
Introduction to SAT and SMT
Friday 10:30–10:45
Theories and Solving Algorithms
Friday 15:45–17:15
Advanced: Quantifiers, Arrays, Fixed-points
Plan
I. Logic: Calculus of Computation
II. SAT, First-order Theorem Proving, SMT
III. Introduction to Propositional Logic (SAT):
I. Language, Satisfiability, Validity,
II. Normal forms, CNF,
III. Search, Resolution, DPLL search
IV. Introduction to SMT by example
V. SMT solving, Combining theories
Takeaways
The syntax and semantics of propositional and
predicate logic
Algorithmic principles of modern SAT solvers:
– DPLL algorithm
– Conflict Directed Clause Learning (CDCL)
– Two-watch literal indexing
Principles of modern SMT solvers
Background Reading
Background Reading
September 2011
Logic: Calculus of Computation
Formal Logic:
Language: Precise syntax of well-formed formulas
Examples: propositional logic, equational logic,
first-order logic, higher-order logic, and modal logics.
Model theory: Precise semantics of truth and valid consequences
Proof theory: Axioms and inference rules for truth and consequences
Calculus: Basis for specifications and reasoning about computation
Mechanized Formal Logic:
Symbolic: The art and science of effective symbolic reasoning
Automatic: Computers can automate symbolic calculations
Symbolic Engines: SAT, FTP and SMT
SAT: Propositional Satisfiability.
(Tie Shirt) (Tie Shirt) (Tie Shirt)
FTP: First-order Theorem Proving.
X,Y,Z [X*(Y*Z) = (X*Y)*Z]
X [X*inv(X) = e] X [X*e = e]
SMT: Satisfiability Modulo background Theories
b + 2 = c A[3] ≠ A[c-b+1]
SAT - Milestones
Problems impossible 10 years ago are trivial today
year
Milestone
1960
Davis-Putnam procedure
1962
Davis-Logeman-Loveland
1984
Binary Decision Diagrams
1992
DIMACS SAT challenge
1994
SATO: clause indexing
1997
GRASP: conflict clause learning
1998
Search Restarts
2001
zChaff: 2-watch literal, VSIDS
2005
Preprocessing techniques
2007
Phase caching
2008
Cache optimized indexing
2009
In-processing, clause management
2010
Blocked clause elimination
Concept
2002
Millions of
variables from
HW designs Courtesy Daniel le Berre
2010
FTP - Milestones
Year
Milestone
1930 Hebrand's theorem
1934 Sequent calculi
1934 Inverse method
1955 Semantic tableaux
Herbrand-based theorem
1960 proving
1960 Ordered resolution
1962 DLL
1963 First-order inverse method
1965 Unification
1965 First-order resolution
1965 Subsumption
1967 Orderings
1967 Demodulation or rewriting
1968 Model elimination
1969 Paramodulation
Who
Herbrand
Gentzen
Gentzen
Beth
Wang Hao
Davis; Putnam
Davis; Logemann;
Loveland
Maslov
J. Robinson
J. Robinson
J. Robinson
Slagle
Wos; G. Robinson;
Carson; Shalla
Loveland
G. Robinson; Wos
Some success stories:
- Open Problems (of 25 years):
XCB: X ((X Y) (Z Y)) Z)
is a single axiom for equivalence
- Knowledge Ontologies
GBs of formulas
Year
Milestone
Completion and saturation
1970 procedures
1970 Knuth-Bendix ordering
1971 Selection function
1972 Built-in equational theories
Who
many people and
provers
Knuth; Bendix
Kowalski; Kuehner
Plotkin
1972 Prolog
1974 Saturation algorithms
Colmerauer
Overbeek
1975 Completeness of paramodulation
1975 AC-unification
1976 Resolution as a decision procedure
1979 Basic paramodulation
1980 Lexicographic path orderings
1985 Theory resolution
Definitional clause form
1986 transformation
1988 Superposition
1988 Model construction
1989 Term indexing
Brand
Stickel
Joyner
Degtyarev
Kamin; Levy
Stickel
1990 General theory of redundancy
1992 Basic superposition
1993 First instance-based methods
1993 Discount saturation algorithm
1998 Finite model finding using SAT
2000 First-order DPLL
2003 iProver method
2008 Sine selection
Bachmair; Ganzinger
Nieuwenhuis; Rubio
Billon; Plaisted
Avenhaus; Denzinger
McCune
Baumgartner
Ganzinger; Korovin
Hoder
Plaisted; Greenbaum
Zhang
Zhang
Stickel; Overbeek
Courtesy Andrei Voronkov, U of Manchester
SMT - Milestones
year
Milestone
1977
Efficient Equality Reasoning
1979
Theory Combination Foundations
1979
Arithmetic + Functions
1982
Combining Canonizing Solvers
1992-8
Systems: PVS, Simplify, STeP, SVC
2002
Theory Clause Learning
2005
SMT competition
2006
Efficient SAT + Simplex
2007
Efficient Equality Matching
2009
Combinatory Array Logic, …
Theory
Solvers
1sec
Simplify (of ’01) time
1000
Includes progress from SAT:
SAT
Z3
(of ’07)
Time
On
Boogie
Regression
SMT
15KLOC + 285KLOC = Z3
Z3
100
Time
On
10
VCC
Regression
1
0.1
Nov 08
March 09
Propositional Logic
Syntax, Semantics and Normal Forms
Resolution, Classical DPLL, Modern DPLL
Propositional Logic: Language
Logical symbols: , , , true, false,
- fixed interpretation
Non-logical symbols: p, q, r
- interpretations vary
Well-formed formulas:
built by combining logical and
non-logical symbols
Propositional Logic: Language
Formulas: := p | 1 2 | 1 2 | 1 | 1 2
Examples:
pqqp
p q (p q)
We say p and q are propositional variables.
Propositional Logic
Syntax, Semantics and Normal Forms
Resolution, Classical DPLL, Modern DPLL
Interpretation
An interpretation M assigns values {true, false} to
propositional variables.
Let F and G range over PL formulas.
Satisfiability & Validity
A formula is:
• satisfiable if it has an interpretation that makes
it logically true.
In this case, we say the interpretation is a model.
• unsatisfiable if it does not have any model.
• valid if it is logically true in any interpretation.
• A propositional formula is valid if and only if its
negation is unsatisfiable.
Satisfiability & Validity: examples
pqqp
pqq
p q (p q)
Satisfiability & Validity: examples
pqqp
VALID
pqq
SATISFIABLE
p q (p q)
UNSATISFIABLE
Equivalence
We say two formulas F and G are equivalent if and only if they evaluate
to the same value (true or false) in every interpretation
¬ 𝐹∧𝐺
¬ 𝐹∨𝐺
¬𝐹 ⇒ 𝐺
𝐹∨ 𝐺∧𝐻
𝐹∧ 𝐺∨𝐻
𝑖𝑠 𝑒𝑞𝑢𝑖𝑣𝑎𝑙𝑒𝑛𝑡 𝑡𝑜
𝑖𝑠 𝑒𝑞𝑢𝑖𝑣𝑎𝑙𝑒𝑛𝑡 𝑡𝑜
𝑖𝑠 𝑒𝑞𝑢𝑖𝑣𝑎𝑙𝑒𝑛𝑡 𝑡𝑜
𝑖𝑠 𝑒𝑞𝑢𝑖𝑣𝑎𝑙𝑒𝑛𝑡 𝑡𝑜
𝑖𝑠 𝑒𝑞𝑢𝑖𝑣𝑎𝑙𝑒𝑛𝑡 𝑡𝑜
¬𝐹 ∨ ¬𝐺
¬𝐹 ∧ ¬𝐺
¬𝐺 ⇒ 𝐹
𝐹∨𝐺 ∧ 𝐹∨𝐻
𝐹∧𝐺 ∨ 𝐹∧𝐻
Equisatisfiable
We say formulas A and B are equisatisfiable if
and only if A is satisfiable if and only if B is.
∀𝑥 ∃𝑦 𝑝(𝑥, 𝑦) equisat. ∀𝑥 𝑝(𝑥, 𝑓𝑓𝑟𝑒𝑠ℎ (𝑥))
During this tutorial, we describe transformations
that preserve equivalence and equisatisfiability.
Propositional Logic
Syntax, Semantics, Normal Forms
Resolution, Classical DPLL, Modern DPLL
Normal Forms
Literal – either a propositional atom or its negation
NNF – Negation Normal Form
(( 𝑎 ∧ ¬𝑏 ∨ 𝑐) ∧ 𝑑)
Formula with negation only used for literals
CNF – Conjunctive Normal Form
( ¬𝑎 ∨ 𝑏
Conjunction of disjunctions of literals
∧ ¬𝑐 ∨ 𝑑 )
DNF – Disjunctive Normal Form
( ¬𝑎 ∧ 𝑏
Disjunction of conjunctions of literals
∨ ¬𝑐 ∧ 𝑑 )
Normal Forms
Conditional normal form
Formula with only collectives 𝑖𝑡𝑒, 𝑓𝑎𝑙𝑠𝑒, 𝑡𝑟𝑢𝑒
𝑖𝑡𝑒(𝑖𝑡𝑒 𝑎, 𝑡𝑟𝑢𝑒, 𝑏 , 𝑐, 𝑑)
BDD – (reduced ordered) Binary Decision Diagram
𝑖𝑡𝑒(𝑎, 𝑐, 𝑖𝑡𝑒 𝑏, 𝑐, 𝑑 )
Formula with only collectives 𝑖𝑡𝑒, 𝑓𝑎𝑙𝑠𝑒, 𝑡𝑟𝑢𝑒
𝑖𝑡𝑒 test only uses atoms
Atoms are ordered 𝑎1 , 𝑎2 , 𝑎3 , … . such that 𝑖𝑡𝑒(𝑎𝑖 , 𝑖𝑡𝑒(𝑎𝑗 , … ), … ) 𝑡ℎ𝑒𝑛 𝑖 < 𝑗.
DAG: Share common sub-expressions
Exercises:
• Show that every propositional formula is equivalent to a formula in
– (1) NNF, (2) CNF, (3) DNF, (4) CondNF, (5) BDD
•
•
In each case, what is the size overhead of the conversion?
Show that every n-ary Boolean function
𝑓 ∶ 𝑡𝑟𝑢𝑒, 𝑓𝑎𝑙𝑠𝑒 𝑛 → 𝑡𝑟𝑢𝑒, 𝑓𝑎𝑙𝑠𝑒
can be expressed using ¬ and ∨.
Normal Forms
NNF?
(p q) (q (r p))
Normal Forms
NNF? NO
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
Normal Forms
NNF? NO
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
Normal Forms
NNF? NO
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
Normal Forms
NNF? NO
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
(𝑝 ∨ ¬𝑞) (𝑞 (𝑟 𝑝))
Normal Forms
CNF?
((p s) (q r)) (q p s) (r s)
Normal Forms
CNF? NO
((p s) (q r)) (q p s) (r s)
Normal Forms
CNF? NO
((p s) (q r)) (q p s) (r s)
Distributivity
1. A(BC) (AB)(AC)
2. A(BC) (AB)(AC)
Normal Forms
CNF? NO
((p s) (q r)) (q p s) (r s)
((p s) q)) ((p s) r)) (q p s) (r s)
Distributivity
1. A(BC) (AB)(AC)
2. A(BC) (AB)(AC)
Normal Forms
CNF? NO
((𝑝 𝑠) (𝑞 𝑟)) (𝑞 𝑝 𝑠) (𝑟 𝑠)
((𝑝 𝑠) 𝑞)) ((𝑝 𝑠) 𝑟)) (𝑞 𝑝 𝑠) (𝑟 𝑠)
(𝑝 𝑞) (𝑠 𝑞) ((𝑝 𝑠) 𝑟)) (𝑞 𝑝 𝑠) (𝑟 𝑠)
Distributivity
1. 𝐴(𝐵𝐶) (𝐴𝐵)(𝐴𝐶)
2. 𝐴(𝐵𝐶) (𝐴𝐵)(𝐴𝐶)
Normal Forms
CNF? .. yes
((p s) (q r)) (q p s) (r s)
((p s) q)) ((p s) r)) (q p s) (r s)
(p q) (s q) ((p s) r)) (q p s) (r s)
(p q) (s q) (p r) (s r) (q p s) (r s)
Normal Forms
DNF?
p (p q) (q r)
Normal Forms
DNF? NO, actually this formula is in CNF
p (p q) (q r)
Normal Forms
DNF? NO, actually this formula is in CNF
p (p q) (q r)
Distributivity
1. A(BC) (AB)(AC)
2. A(BC) (AB)(AC)
Normal Forms
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
Distributivity
1. A(BC) (AB)(AC)
2. A(BC) (AB)(AC)
Normal Forms
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
(p q) (q r)
Distributivity
1. A(BC) (AB)(AC)
2. A(BC) (AB)(AC)
Other Rules
1. AA
2. A A
Normal Forms
DNF? … yes
p (p q) (q r)
((p p) (p q)) (q r)
(p q) (q r)
Distributivity
1. A(BC) (AB)(AC)
((p q) q) ((p q) r) 2. A(BC) (AB)(AC)
Other Rules
1. AA
(pq) (p r) (q r)
2. A A
Efficient CNF Translation
CNF translation using distributivity rule is too expensive
(exponential blowup).
Linear time/space translation produces equisatisfiable formula:
𝜑 ℓ 𝑜𝑝 ℓ′
𝜑 ∧ 𝑥 ⇔ ℓ ∧ ℓ′
𝜑 ∧ 𝑥 ⇔ ℓ ∨ ℓ′
↦
↦
↦
𝜑 𝑥 ∧ 𝑥 ⇔ ℓ 𝑜𝑝 ℓ′
𝜑 ∧ ¬𝑥 ∨ ℓ ∧ ¬𝑥 ∨ ℓ′ ∧ ¬ℓ ∨ ¬ℓ′ ∨ 𝑥
𝜑 ∧ ¬𝑥 ∨ ℓ ∨ ℓ′ ∧ ¬ℓ′ ∨ 𝑥 ∧ ¬ℓ ∨ 𝑥
where 𝑥 is a fresh variable.
Exercise: show that each transformation preserves satisfiability.
Exercise: finish the transformation for:
𝜑 ∧ 𝑥 ⇔ ℓ ⇔ ℓ′
↦
𝜑 ∧ ¬𝑥 ∨ ¬ℓ ∨ ℓ′ ∧ ¬𝑥 ∨ ¬ℓ′ ∨ ℓ ∧ ⋯
CNF translation (example)
Propositional Logic
Syntax, Semantics, Normal Forms
Resolution, Classical DPLL, Modern DPLL
Resolution
Formula must be in CNF
Resolution rule:
Example:
𝐶∨𝑝
𝐷∨¬𝑝
𝐶∨𝐷
𝑞∨𝑡∨𝑝
𝑞∨𝑟∨¬𝑝
𝑞∨𝑡∨𝑟
The result of resolution is the resolvent (clause).
Original clauses are kept (not deleted).
Duplicate literals are deleted from the resolvent.
Note:
No branching.
Termination: Only finite number of possible derived clauses.
Resolution (example)
Unit & Input Resolution
Unit resolution:
Input resolution:
𝐶∨ℓ
𝐶
𝐶∨ℓ
¬ℓ
¬ℓ
(𝐶 ∨ ℓ is subsumed by 𝐶)
𝐷∨¬ℓ
𝐶∨𝐷
(𝐶 ∨ ℓ member of input F).
Exercise:
Set of clauses F:
F has an input refutation iff F has a unit refutation.
Propositional Logic
Syntax, Semantics, Normal Forms
Resolution, Classical DPLL, Modern DPLL
DPLL
DPLL: David Putnam Logeman Loveland = Unit resolution + split rule.
𝐹,𝑝
𝐹
| 𝐹,¬𝑝
split 𝑝 𝑎𝑛𝑑 ¬𝑝 𝑎𝑟𝑒 𝑛𝑜𝑡 𝑖𝑛 𝐹
𝐹, 𝐶∨ℓ ,¬ℓ
unit
𝐹,𝐶, ¬ℓ
Ingredient of most efficient SAT solvers
Pure Literals
A literal is pure if only occurs positively or
negatively.
DPLL (as a procedure)
DPLL
M|F
Partial model
Set of clauses
DPLL
Guessing
p | p q, q r
p, q | p q, q r
DPLL
Deducing
p | p q, p s
p, s| p q, p s
DPLL
Backtracking
p, s, q | p q, s q, p q
p, s | p q, s q, p q
Propositional Logic
Syntax, Semantics, Normal Forms
Resolution, Classical DPLL, Modern DPLL
Modern DPLL
•
•
•
•
Non-chronological backtracking (backjumping)
Lemma learning
Efficient indexing (two-watch literal)
…
CDCL – Conflict Directed Clause
Learning
Lemma learning
t, p, q, s | t p q, q s, p s
t, p, q, s | t p q, q s, p s |p s
t, p, q, s | t p q, q s, p s |p q
t, p, q, s | t p q, q s, p s |p t
Core Engine in Z3:
Modern DPLL/CDCL
took
me𝑐𝑙𝑎𝑢𝑠𝑒𝑠
a year to
𝐹“It
𝑖𝑠 𝑎
𝑠𝑒𝑡 𝑜𝑓
Initialize
𝜖| 𝐹
Decide
𝑀
Propagate
𝑀 𝐹, 𝐶 ∨ ℓ ⟹ 𝑀, ℓ𝐶∨ℓ
Sat
𝑀 |𝐹 ⟹ 𝑀
Conflict
𝑀 𝐹, 𝐶 ⟹ 𝑀
𝐹 ⟹ 𝑀, ℓ
𝐹
𝐹, 𝐶 ∨ ℓ
𝐹, 𝐶 | 𝐶
Learn
𝑀 𝐹 | 𝐶 ⟹ 𝑀 𝐹, 𝐶 | 𝐶
We will now motivate
Unsatalgorithm 𝑀 𝐹 ∅ ⟹ 𝑈𝑛𝑠𝑎𝑡
the CDCL
as a cooperative
𝐶∨ℓ 𝐹
Backjump
procedure
between 𝑀𝑀′ 𝐹 | 𝐶 ∨ ℓ ⟹ 𝑀ℓ
model Resolve
and proof search
𝑀 𝐹 | 𝐶′ ∨ ¬ℓ ⟹ 𝑀 𝐹 | 𝐶′ ∨ 𝐶
Forget
𝑀 𝐹, 𝐶 ⟹ 𝑀 𝐹
Restart
𝑀 𝐹⟹ 𝜖
𝐹
understand the Mini-SAT
FUIP code”
Soos
to 𝑀
𝐶 Mate
𝑖𝑠 𝑓𝑎𝑙𝑠𝑒
𝑢𝑛𝑑𝑒𝑟
Niklas Sörenson
𝐹over
𝑡𝑟𝑢𝑒 𝑢𝑛𝑑𝑒𝑟
𝑀 in Trento
ice-cream
ℓ 𝑖𝑠 𝑢𝑛𝑎𝑠𝑠𝑖𝑔𝑛𝑒𝑑
𝐶 𝑖𝑠 𝑓𝑎𝑙𝑠𝑒 𝑢𝑛𝑑𝑒𝑟 𝑀
𝐶 ⊆ 𝑀, ¬ℓ ∈ 𝑀′
ℓ𝐶∨ℓ ∈ 𝑀
𝐶 is a learned clause
[Nieuwenhuis, Oliveras, Tinelli J.ACM 06] customized
literal assignments
Proofs
Conflict Clauses
Propagate
Backjump
Models
Mile High: Modern SAT/SMT search
The Farkas Lemma Dichotomy
1. There is an 𝑥 such that: 𝐴𝑥 = 𝑏 ∧ 𝑥 ≥ 0
2. There is a 𝑦 such that: 𝑦𝐴 ≥ 0 ∧ 𝑦𝑏 < 0
For every matrix 𝐴, vector 𝑏 it is the case that
either (1) or (2) holds (and not both).
A Dichotomy of Models and Proofs
1. There is a model M such that 𝑀 ⊨ 𝐹
2. There is a proof Π such that 𝐹 ⊢Π ∅
For every formula F (set of clauses) it is the case that
either (1) or (2) holds (and not both).
A Dichotomy of Models and Proofs
1. There is 𝑀′ ⊇ 𝑀 such that 𝑀′ ⊨ 𝐹
2. There is 𝑀′ ⊆ 𝑀 and proof Π such that 𝐹 ⊢Π 𝑀′
For every formula F (set of clauses) and partial model 𝑀
it is the case that either (1) or (2) holds (and not both).
A Dichotomy of Models and Proofs
1. There is 𝑀′ ⊇ 𝑀 such that 𝑀′ ⊨ 𝐹
2. There is 𝑀′ ⊆ 𝑀 and proof Π such that 𝐹 ⊢Π 𝑀′
Given 𝑀 can it be extended to 𝑀’ to satisfy (1)?
If not, find subset 𝑀′ to establish (2).
(that is inconsistent with F)
A Dichotomy of Models and Proofs
Corollary:
If 𝐹 ⊢Π 𝐶 then it is not possible to extend 𝐶 to satisfy 𝐹
Corollary:
If 𝑀 ⊨ ¬𝐹 then
- 𝐶, ℓ ⊆ 𝑀 for some 𝐹 ⊢ 𝐶 ∨ ℓ (or 𝐹 contains ∅)
- for every 𝐷, where
- 𝐷, 𝐶 ⊆ 𝑀′ ⊆ 𝑀,
- 𝑀′ ⊢ (𝐷 ∨ ¬ℓ)
it is not possible to extend 𝑀′ to satisfy 𝐹
CDCL Search – Data structures
Partial Model:
Sequence of literals
Decision lits:
case splits
Propagation lits:
only one case
makes sense.
Formula:
set of clauses
𝑀 | 𝐹
Proof: Implicit
Consequences added to F
Invariant:
For state 𝑀 𝐹 𝐶 :
𝐶⊆𝑀
𝐹⊢𝐶
Invariant:
For states 𝑀 | 𝐹 and 𝑀 𝐹 𝐷 where 𝑀 = 𝑀1 ℓ𝐶∨ℓ 𝑀2 :
𝐶 ⊆ 𝑀1
𝐹 ⊢𝐶∨ℓ
CDCL steps
Initialize
𝜖| 𝐹
No model candidate has been fixed
𝐹 𝑖𝑠 𝑎 𝑠𝑒𝑡 𝑜𝑓 𝑐𝑙𝑎𝑢𝑠𝑒𝑠
CDCL steps
Decide
𝑀 𝐹 ⟹ 𝑀, ℓ
𝐹
ℓ 𝑖𝑠 𝑢𝑛𝑎𝑠𝑠𝑖𝑔𝑛𝑒𝑑
Case split on ℓ
If 𝑀can be extended to satisfy 𝐹,
then the extension contains 𝑀, 𝑝 or 𝑀, ¬𝑝
CDCL steps
Propagate
𝑀 𝐹, 𝐶 ∨ ℓ ⟹ 𝑀, ℓ𝐶∨ℓ
𝐹, 𝐶 ∨ ℓ
ℓ must be true if 𝑀 has any chance
of being a model for 𝐹, 𝐶 ∨ ℓ
𝐶 𝑖𝑠 𝑓𝑎𝑙𝑠𝑒 𝑢𝑛𝑑𝑒𝑟 𝑀
CDCL steps
Sat
𝑀 |𝐹 ⟹ 𝑀
Unsat
𝑀 𝐹 ∅ ⟹ 𝑈𝑛𝑠𝑎𝑡
𝐹 𝑡𝑟𝑢𝑒 𝑢𝑛𝑑𝑒𝑟 𝑀
CDCL steps
Conflict
𝑀 𝐹, 𝐶 ⟹ 𝑀
𝐹, 𝐶 | 𝐶
𝐶 𝑖𝑠 𝑓𝑎𝑙𝑠𝑒 𝑢𝑛𝑑𝑒𝑟 𝑀
𝐶 is a sufficient explanation why 𝑀 is not a model of 𝐹
CDCL steps
Resolve
𝑀 𝐹 | 𝐶 ∨ ¬ℓ ⟹ 𝑀
𝐹|𝐶∨𝐷
ℓ𝐷∨ℓ ∈ 𝑀
Recall
Corollary:
If 𝑀 ⊨ ¬𝐹 then
- 𝐶, ℓ ⊆ 𝑀 for some 𝐹 ⊢ 𝐶 ∨ ℓ
(or 𝐹 contains ∅)
- for every 𝐷, where
- 𝐷, 𝐶 ⊆ 𝑀′ ⊆ 𝑀,
- 𝑀′ ⊢ (𝐷 ∨ ¬ℓ)
it is not possible to extend 𝑀′ to satisfy 𝐹
𝐶 ∨ 𝐷 is a sufficient and earlier explanation
why 𝑀 is not a model of 𝐹
CDCL steps
Backjump
𝑀𝑀′ 𝐹 | 𝐶 ∨ ℓ ⟹ 𝑀ℓ𝐶∨ℓ
𝐹
𝐶 ⊆ 𝑀, ¬ℓ ∈ 𝑀′
- 𝐶 ∨ ℓ is a sufficient explanation why 𝑀 is not a model of 𝐹
- Prefixes of 𝑀𝑀′ that contain ¬ℓ cannot become a model of 𝐹
FUIP First Unique Implication Point strategy when # of decision literals in 𝑀 is minimal.
Why is FUIP better?
- Minimizes # of backtracking points before learned fact ℓ𝐶∨ℓ
- What if ℓ𝐶∨ℓ implies negation of removed backtracking point?
- We would forget the learned fact ℓ𝐶∨ℓ during backjumping.
- … only to then re-learn it.
CDCL steps
Forget
𝑀 𝐹, 𝐶 ⟹ 𝑀 𝐹
𝐶 is a learned clause
Don’t forget to forget:
- Learned clauses could turn out to be useless.
- They could hog resources
CDCL steps
Learn
𝑀 𝐹 | 𝐶 ⟹ 𝑀 𝐹, 𝐶 | 𝐶
Re-use proof step for later: build DAG proof instead of TREE proof
CDCL steps
Restart
𝑀 𝐹⟹ 𝜖
𝐹
Avoid getting trapped in one part of search space
Two-watch literals
• Watch literals for Propagate and Conflict
– Naïve: For every literal l maintain map:
• Watch(l) = {C1 … Cm} where l Ci
• If l is assigned to true, check each Cj Watch(l) for
Conflict or Propagate
– But most of the time, some other literal in Cj is
either:
• Unassigned (not yet assigned)
• Assigned to true.
Two watch literals
• Insight:
– No need to include clause C in every set Watch(ℓ)
where ℓ C.
– It suffices to include C in at most 2 such sets.
– Maintain invariant:
• If some literal ℓ in C unassigned, or assigned to true,
then C belongs to the Watch(ℓ’) of some literal that is
unassigned or true.
Two watch literals
Maintaining 2-watch invariant over assignments:
– Set ℓ to true (ℓ to false).
– For each C Watch(ℓ)
• If all literals in C are assigned to false, then Backjump
• Else, if all but one literal in C is assigned to false, then
Propagate
• Else, if the other literal in ℓ’ C where C Watch(ℓ’) is
assigned to true, then do nothing.
• Else, some other literal ℓ’ is true or unassigned, and not
watched. Set
– Watch(ℓ’) Watch(ℓ’) { C },
– Watch(ℓ) Watch(ℓ) \ { C }.
Phase caching
• Heuristic: Phase caching
– Remember the last truth value assigned to
propositional atom.
– If using rule Decide, then re-use the old assignment.
• Why should this be good (in practice)?
– Dependencies follow clusters.
– Truth values in a cluster are dependent.
– Truth values between clusters are independent.
– Decide is mainly used when jumping between clusters.
Modern DPLL - tuning
• Tune between different heuristics:
– Restart frequency
• Why is restarting good?
• Efficient replay trick for frequent restart
– Phase to assign to decision variable
– Which variable to split on
• Use simulated annealing based on activity in conflicts
• Feedback factor from phase changes
– Which lemmas to learn
• Not necessarily unique
• Minimize lemmas
• Sub-sumption
– Blocked clause elimination
– Cache binary propagations
BASIC SMT EXAMPLE
Satisfiability Modulo Theories (SMT)
Is formula satisfiable
modulo theory T ?
SMT solvers have specialized
algorithms for T
Satisfiability Modulo Theories (SMT)
𝑥 + 2 = 𝑦 ⇒ 𝑓 𝑠𝑒𝑙𝑒𝑐𝑡 𝑠𝑡𝑜𝑟𝑒 𝑎, 𝑥, 3 , 𝑦 − 2
Array Theory
Arithmetic
𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎, 𝑖, 𝑣 , 𝑖) = 𝑣
𝑖 ≠ 𝑗 ⇒ 𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎, 𝑖, 𝑣 , 𝑗) = 𝑠𝑒𝑙𝑒𝑐𝑡(𝑎, 𝑗)
= 𝑓(𝑦 − 𝑥 + 1)
Uninterpreted
Functions
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), c-2)) ≠ f(c-b+1)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), c-2)) ≠ f(c-b+1)
Arithmetic
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), c-2)) ≠ f(c-b+1)
Array
Theory
Arithmetic
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), c-2)) ≠ f(c-b+1)
Uninterpreted
Array
Theory
Arithmetic
Functions
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), c-2)) ≠ f(c-b+1)
Substituting c by b+2
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), b+2-2)) ≠ f(b+2-b+1)
Simplifying
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), b)) ≠ f(3)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(select(store(a,b,3), b)) ≠ f(3)
Applying array theory axiom
∀ 𝑎, 𝑖, 𝑣: 𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒(𝑎, 𝑖, 𝑣), 𝑖) = 𝑣
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(3) ≠ f(3)
Inconsistent/Unsatisfiable
SMT SOLVING
SMT : Basic Architecture
SAT
Case Analysis
Theory
Solvers
Equality + UF
Arithmetic
Bit-vectors
…
SMT
T- Propagate
𝑀 𝐹, 𝐶 ∨ ℓ ⟹ 𝑀, ℓ𝐶∨ℓ
T- Conflict
𝑀 𝐹⟹𝑀
T- Propagate
𝐹 | ¬𝑀′
𝑎 > 𝑏, 𝑏 > 𝑐
𝐹, 𝐶 ∨ ℓ
𝐶 𝑖𝑠 𝑓𝑎𝑙𝑠𝑒 𝑢𝑛𝑑𝑒𝑟 𝑇 + 𝑀
𝑀′ ⊆ 𝑀 𝑎𝑛𝑑 𝑀′ 𝑖𝑠 𝑓𝑎𝑙𝑠𝑒 𝑢𝑛𝑑𝑒𝑟 𝑇
| 𝐹, 𝑎 ≤ 𝑐 ∨ 𝑏 ≤ 𝑑 ⟹
𝑎 > 𝑏, 𝑏 > 𝑐, 𝑏 ≤ 𝑑 𝑎≤𝑐∨𝑏≤𝑑 | 𝐹, 𝑎 ≤ 𝑐 ∨ 𝑏 ≤ 𝑑
T- Conflict
𝑀 | 𝐹⟹
𝑀 | 𝐹, 𝑎 ≤ 𝑏 ∨ 𝑏 ≤ 𝑐 ∨ 𝑐 < 𝑎
𝑤ℎ𝑒𝑟𝑒 𝑎 > 𝑏, 𝑏 > 𝑐, 𝑎 ≤ 𝑐 ⊆ 𝑀
Purification
x 2 y f (read ( write(a, x,3), y 2)) f ( y x 1)
x 2 y f (v) f ( y x 1)
read ( write(a, x,3), y 2) v
Note:
read is just another name for select,
write is just another name for store
Purification
x 2 y f (v) f ( y x 1)
read ( write(a, x,3), y 2) v
x 2 y u y x 1
read ( write(a, x,3), y 2) v
f (v) f (u )
Purification
x 2 y u y x 1
read ( write(a, x,3), y 2) v
f (v) f (u )
Arithmetic x 2 y u y x 1 z 3 w y 2
Arrrays
read ( write(a, x, z ), w) v
Functions f (v) f (u )
Propositional Abstraction
x 2 y u y x 1 z 3 w y 2
read ( write(a, x, z ), w) v
f (v) f (u )
x 2 y u y x 1 z 3 w y 2
p1
p2
p3
read ( write(a, x, z ), w) v
p5
f (v) f (u )
p6
p4
Propositional Assignment
x 2 y u y x 1 z 3 w y 2
p1
p2
p3
read ( write(a, x, z ), w) v
p5
f (v) f (u )
p6
p4
p1 true,
p2 true,
p3 true,
p4 true,
Using SAT solver
p5 true,
p6 false
Theory Solving
Arithmetic x 2 y u y x 1 z 3 w y 2
w x
Arrays
read ( write(a, x, z ), w) v
u z 3
z v
Free functions
f (v) f (u )
Theories exchange
equalities between
shared variables.
The running example was easy.
But what about:
Either 𝑥 = 0 or 𝑥 = 1.
𝑦 = 0 or 𝑦 = 1 (𝑥, 𝑦 are integers)
Arithmetic module needs to somehow learn
that 𝑥 ≠ 𝑦.
- Integer linear arithmetic is non-convex.