Post on 27-Mar-2015
1234567890
From Propositional SAT to SMTHossein M. Sheini and Karem A. Sakallah
SAT 2006
August 13, 2006
Seattle
2
1234567890
Propositional Satisfiability
• DPLL: systematic backtracking search• Branch
• [Pure literal rule]
• Propagate• Unit propagation Boolean Constraint Propagation (BCP)
• Backtrack
• Modern implementations of DPLL• Conflict analysis
• Clause learning
• Non-chronological backtracking
• Efficient propagation• Two watched literals per clause
• Adaptive branching• VSIDS
• Restarts
3
1234567890
Quantifier-Free First-Order Logic
Boolean combination of atoms from background theories
4
1234567890
Decidable Quantifier-Free FOL Theories
• Empty• QF_UF: uninterpreted functions with equality (aka EUF)
• Linear Real Arithmetic• QF_LRA• QF_RDL: real difference logic• UTVPI
• Linear Integer Arithmetic• QF_LIA• QF_IDL: integer difference logic
• Data Structures• QF_A: arrays• QF_BV: bit vectors• Lists, etc.
5
1234567890
QF_UF Atoms
term ::= const | var | func-symbol(term, ,term)
atom ::= propositional-var | term = term
literal::= atom | atom
f a,b a
f f a,b ,b f a,b
f g x,y ,z ,h f a,b y
6
1234567890
Linear Real Arithmetic Atoms
R1 1 n n i ia x a x ~ b a ,x ,b ,~ , ,QF_LRA:
Rx y d x,y ,dQF_RDL:
R 0 1ax by c x,y ,c ,a,b ,UTVPI:
7
1234567890
Linear Integer Arithmetic Atoms
Z1 1 n n i ia x a x ~ b a ,x ,b ,~ , ,QF_LIA:
Zx y d x,y ,dQF_IDL:
Z 0 1ax by c x,y ,c ,a,b ,IUTVPI:
8
1234567890
Chronology of SAT for Quantifier-Free FOL
• Late 70s to mid 80s• Congruence closure algorithms• Combination strategies for disjoint theories
• Mid 80s to mid 90s• Not much!
• Mid to late 90s• Initial attempts at improved propositional reasoning
• Early 21st Century• Significant activity across many fields
9
1234567890
Reasoning About Equality
• To prove validity of EUF formula • Construct disjunctive normal form (DNF) of ¬• Prove unsatisfiability of each conjunct of ¬ using congruence closure
[Shostak 78][NelsonOppen 80]
Logic of equality with uninterpreted functions and predicates (EUF)
10
1234567890
Congruence Closure Prove f a,b a f f a,b ,b a
f a,b a f f a,b ,b a
a b
f
f
is unsatisfiable is valid
[NelsonOppen 80]
11
1234567890
Reasoning About Integer Arithmetic
• To prove validity of QF Presburger formula • Construct disjunctive normal form (DNF) of ¬• Prove unsatisfiability of each conjunct of ¬ using integer linear
programming (ILP)
Quantifier-Free Presburger Arithmetic
[Shostak 79]
12
1234567890
QF Presburger Arithmetic Example 3 2 1x y x x y
3 2 1x y x x y
Negate
Invalid!
3 1 1 1 1 1x y x x x y y x
“Normalize”
3 1 1 1 1
3 1 1 1 1
x y x x x y
x y x x y x
Convert to DNF
Solve ILPs
1 0x ,y[Shostak 79]
13
1234567890
Deciding Combinations of Theories
• Eliminate UFs and UPs using “Ackermann’s reduction” (adding consistency “axioms”) to get a pure equality formula
• Convert complement to DNF• Solve each conjunct as an integer linear program (ILP)• Formula explodes
[Shostak 79]
Quantifier-Free Presburger Arithmetic + EUF
Add all functional consistency axioms(aka substitutivity axioms of equality)
14
1234567890
QF Presburger Arithmetic + EUF Example
0 1 4 3 2 1 0h z z g y z f g y f z h
1 1 3 2 3 2
0 1 4 3 2 1 0
z h z h g y z f g y f z
h z z g y z f g y f z h
Add functional consistency axioms
1 2 3 4 5
1 3 4 5 2
1 3 2
0 1 4 0
z x x x z x x
x z x z x x x
Eliminate function symbols
[Shostak 79]
15
1234567890
Alternatively …
• Add all functional consistency axioms• Eliminate UFs and UPs using “Ackermann’s reduction”
(adding consistency “axioms”) to get a pure equality formula• Convert complement to DNF• Solve each conjunct as an integer linear program (ILP)• Formula explodes
• Add functional consistency axioms as needed• Ignore functional consistency and solve as before• Check functional consistency for symbols with different
values; if violated, add axiom and repeat• Has the flavor of “learning” on demand• ILPs can be solved incrementally
[Shostak 79]
16
1234567890
Deciding Combinations of Theories
• Convert negation to DNF• Add variables to purify different theory conjuncts• Solve separately• Propagate equalities• Split in case no equalities can be inferred• Supported theories:
• Real numbers under + and leq: Simplex• Arrays under store and select• List structures with car, cdr, cons, and atom: congruence
closure• Equality with UF: congruence closure
[NelsonOppen 79]
17
1234567890
Example of Nelson-Oppen Procedure
car cons 0 0x y y x ,x P h x h y P
ListsEUFLRA
2 1 5
1 5
2 3 4 3
5 4
true car cons
false
0
x y P g g g ,x
y x g P g
g g g g h x
g g h y
[NelsonOppen 79]
18
1234567890
Example of Nelson-Oppen Procedure
1 5car consg g ,x
5 0g
1 5g g
5 FP g
1 0g 1y x g
y x x y
x y
h x h y
3g h x 4g h y
2 3 4g g g
2 TP g
3 4g g
2 0g
2 5g g
[NelsonOppen 79]
19
1234567890
Deciding Combinations of Theories
• Generalizes Nelson-Oppen method by eliminating the need for extra variables
• Congruence closure is extended to handle different theories as long as they have “canonizers” and solvers
• Found to be “buggy” and not as general as N-O
[Shostak 84]
20
1234567890
Disadvantages of “Old” Combination Methods
• Need to convert to DNF• Inefficient handling of Boolean structure• Can be viewed as lazy integration with an open
feedback loop between a propositional enumerator and the theory solvers
21
1234567890
Disadvantages of “Old” Combination Methods
SAT
No
SMT Instance
DNFConverter
DNF Instance
Yes
MoreConjuncts?
Conjunction
of
Theory Atoms
Theory Solvers
UNSAT
22
1234567890
Improved Propositional Reasoning
• Convert SMT instance to equi-satisfiable propositional form and apply Boolean reasoning techniques (BDDs or SAT)• Small-domain encoding• Per-constraint encoding
• Add more sophisticated Boolean reasoning, but keep background theories intact• Re-write rules and better Boolean splits• Add full-fledged SAT or BDD solvers to handle the Boolean skeleton
• Very Lazy: theory solver returns a conflict clause to SAT solver
• Lazy: theory solver invoked incrementally but does not propagate
• Eager: theory solver propagates and learns etc.
• Variants
• Layered
23
1234567890
Reasoning About Equality: Revisited
MoreConjuncts?
CongruenceClosure
SAT
No
YesUNSAT
EUF Formula
DNFConverter
DNF of = and ≠ Conjuncts
Conjunction of= and ≠
24
1234567890
Reasoning About Equality: Revisited
SAT/BDDSolver
SATUNSAT
EUF Formula
Reduction
E Formula
Range Analysis&
Boolean Encoding
25
1234567890
Bryant’s “ite” Reduction
1 1
2 1 2
3 1 1 1 2 3
4 3 1 3 2 3 1 3 4
4 3 3 2 1
F f
F x y,f ,f
F F x,f , F y ,f ,f
F F x,f , F y ,f , F F ,f ,f
F F F F y F
ite
ite ite
ite ite ite
★
★
★ ★ ★
★ ★ ★ ★ ★
★ ★ ★ ★ ★
Reasoning About Equality: Revisited F F F x F F x F F x F y y F x
CongruenceClosure
x y
F1
F4
F3
F2
Ackermann’sReduction
1 2
1 1 3
3 1 4
1 2 3
3 2 4
1 3 3 4
4 3 3 2 1
x y f f
x f f f
x f f f
y f f f
y f f f
f f f f
f f f f y f
26
1234567890
Pros/Cons of SMT-to-SAT Conversion
Loss of theory semantics (e.g., arithmetic)
Black-box use of modern SAT solversLeveraging of performance/capacity improvementsin SAT solvers
Increase of instance sizes
27
1234567890
Combine SAT and Theory Solvers
SAT
UNSAT
SMT Instance
SAT Solver
PropositionalAbstraction
SAT Instance
SAT
Theory Atoms
Theory Solvers
AbstractionRefinement
UNSAT
28
1234567890
Propositional Abstraction
29
1234567890
Spectrum of Integration
• Very lazily: theory solver does not feedback any info to SAT solver; no refinement
• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in
conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional
formula; no abstraction
How aggressively is refinement done?
30
1234567890
Very Lazy Integration
Boolean Solver
1A 1B
2A 2B
3A 3B
4A 4B
61B
71B
31
1234567890
Very Lazy Integration
Integer Solver
1
2
3
4
61
71
5
6
0
12
1
2
B u w
B v w
B z
B u v
B x z
B y z
5
6
0
12
1
2
u w
v w
z
u v
x z
y z
UNSAT
32
1234567890
Spectrum of Integration
• Very lazily: theory solver does not feedback any info to SAT solver; no refinement
• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in
conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional
formula; no abstraction
How aggressively is refinement done?
33
1234567890
Lazy Integration
1A 1B
2A 2B
3A 3B
4A 4B
61B
71B
Boolean Solver
34
1234567890
Lazy Integration
11u v 0 1
5u w 1B
6v w 2B
12u v
1
2
3
4
61
71
5
6
0
12
1
2
B u w
B v w
B z
B u v
B x z
B y z
Integer Solver
3B 0z
Create conflict clause
and return to Boolean solver
1 2 4B B B 61B
71B
4B
1B
2B
4B
35
1234567890
Spectrum of Integration
• Very lazily: theory solver does not feedback any info to SAT solver; no refinement
• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in
conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional
formula; no abstraction
How aggressively is refinement done?
36
1234567890
Eager Integration: Incremental Propagation
1A 1B
2A 2B
3A 3B
4A 4B
11u v
0 1
5u w
6v w
12u v
0z
1B
2B
4B
1 2 4B B B
37
1234567890
Eager Integration: Incremental Propagation
1A 1B
2A 2B
3A 4B
11u v
5u w
6v w
3B
0z
4A
61B
71B
1x z
2y z
1x
2y
38
1234567890
Integration Trade-offs
• Must balance cost of generating new “facts” against utility of such facts in pruning the search space• E.g., a priori generation of transitivity constraints for all
possible equalities is overkill• Suggests an “on-demand” learning strategy analogous to
conflict analysis in modern SAT solvers
• On-demand learning requires incremental backtrackable theory solvers that maintain state
• Cost of propagation for various theories and sub-theories:• EUF: congruence closure is O(n log n) • Difference constraints: negative cycle detection is O(nm)• UTVPI: transitive closure is O(n3)• Real arithmetic: incremental Simplex
39
1234567890
Offline Integration of LRA Solver
1A 1B
2A 2B
3A 4B
11u v
5u w
6v w
3B
0z
4A
61B
71B
1x z
2y z
1x
2y
40
1234567890
Offline Integration of LRA Solver
1A 1B
2A 2B
3A 4B
11u v
5u w
6v w
3B
0z
4A
61B
71B
1x z
2y z
1x
2y
41
1234567890
Offline Integration of LRA Solver
5
6
0
1
2
11
1
2
4 4 0
u w
v w
z
x z
y z
u
u v x
v
y
x
y
11
1
2
4 4 0
u v
x
y
u v x y
5
6
0
1
2
1
2
11
4 4 0
u
u w
v w
z
x z
y z
x
v
u v y
y
x
11
1
4 4
5
0
2
0
6
1
2
u v
x
u w
v w
z
x z
y z
y
u v x y
11
1
2
4 4
5
0
0
6
1
2
u v
x
u
y
u v x y
w
v w
z
x z
y z
42
1234567890
Learning Strategies
• CNF clauses: disjunctions of existing atoms (in terms of their indicator variables)
• Introduction of new theory atoms: cutting planes
43
1234567890
Introduction of New Atoms
1A 1B
2A 2B11u v
5u w
6v w
4 4 0u v x y
2x y
8BNEW
1 2 8B B B 1 2 8B B B
44
1234567890
Offline Integration of LRA Solver
1A 1B
2A 2B
3A 4B
11u v
5u w
6v w
3B
0z
4A
61B 1x z
1x
8B 2x y
1y
71B 72B 73B
45
1234567890
DPLL(T) Framework
• Declarative “calculus” for tight integration of a solver for theory T within a propositional DPLL solver
• Inspired by CLP(X)
• Defines SolverT as an abstract data type with the following methods:• Initialize(L: Literal set)• SetTrue(l: L-literal): L-literal set• IsTrue?(l: L-literal): Boolean• Backtrack(n: Natural)• Explanation(l: L-literal): L-literal set
[Tinelli 02][Nieuwenhuis-Oliveras 03]
GETFOL1993
KSAT1996
MATH-SAT2001
MATH-SAT2002
MATH-SAT2005
LPSAT1999
CVC Lite2004
Nelson-Oppen1979
Shostak1984
SVC1996
CVC2002/2004
Verifun2003
Simplify1998?
ICS2001
ICS+Chaff2002
Simplics2005
DPLL(T)2002
Sammy2005
BarcelogicTools2005
Yices2006
Ario2005
Nelson-Oppen1979
MATH-SAT2001
KSAT1996
GETFOL1993
MATH-SAT2002
MATH-SAT2005
LPSAT1999
SVC1996
CVC2002/2004
CVC Lite2004
Shostak1984
Simplify1998?
Verifun2003
ICS2001
Simplics2005
ICS+Chaff2002
DPLL(T)2002
Sammy2005
BarcelogicTools2005
Yices2006
Ario2005
48
1234567890
2005 Competition Results: QF_UF
49
1234567890
2005 Competition Results: QF_RDL
50
1234567890
2005 Competition Results: QF_IDL
51
1234567890
2005 Competition Results: QF_UFIDL
52
1234567890
2005 Competition Results: QF_LRA
53
1234567890
2005 Competition Results: QF_LIA
54
1234567890
2005 Competition Results: QF_AUFLIA
55
1234567890
Conclusions
• SAT does it again!• Modern SAT technology critical enabler of SMT solvers
• Clear winner: tight integration of SAT and Theory solvers• Incremental propagation• Incremental conflict analysis and learning• Careful tuning
• SMT is bringing different communities together (SAT, CP, AI, OR)
• Competition is good