Post on 26-Aug-2020
A Proof-Producing CSP Solver1
Michael VekslerOfer Strichman
Technion - Israel Institute of Technology
CSP − SAT
June 18, 2011
1Originally presented at AAAI’10
IntroductionCSP proofs
It is easy to validate a solution,
... but difficult to validate UNSAT.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 2 / 36
IntroductionCSP proofs
It is easy to validate a solution,
... but difficult to validate UNSAT.
We introduce a CSP solver which produces a machine-checkabledeductive proof.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 2 / 36
IntroductionCSP proofs
It is easy to validate a solution,
... but difficult to validate UNSAT.
We introduce a CSP solver which produces a machine-checkabledeductive proof.
This also gives us a better unsatisfiable core,
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 2 / 36
IntroductionCSP proofs
It is easy to validate a solution,
... but difficult to validate UNSAT.
We introduce a CSP solver which produces a machine-checkabledeductive proof.
This also gives us a better unsatisfiable core,
... and facilitates developments as in the SAT world.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 2 / 36
CSP proofsWhy bother?
SAT solvers produce such proofs.
Several killer-applications:
(cont’d...)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 3 / 36
CSP proofsWhy bother?
SAT solvers produce such proofs.
Several killer-applications:
Validate UNSAT results.
(cont’d...)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 3 / 36
CSP proofsWhy bother?
SAT solvers produce such proofs.
Several killer-applications:
Validate UNSAT results.
Uses of the proof itself:
Interpolation-based model checking [M03].
(cont’d...)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 3 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Selective uses of the UNSAT core:
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Selective uses of the UNSAT core:
Abstraction-refinement in model-checking [AM03],
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Selective uses of the UNSAT core:
Abstraction-refinement in model-checking [AM03],
Identify environment assumptions that are used in the proof [KKB09],
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Selective uses of the UNSAT core:
Abstraction-refinement in model-checking [AM03],
Identify environment assumptions that are used in the proof [KKB09],
Faster solving of bitvector formulas [BKOSSB07].
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
CSP proofsWhy bother?
... Several killer-applications (... cont’d):
Selective uses of the UNSAT core:
Abstraction-refinement in model-checking [AM03],
Identify environment assumptions that are used in the proof [KKB09],
Faster solving of bitvector formulas [BKOSSB07].
Can we foresee usage for proofs in CSP ?
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 4 / 36
Introduction to proofs
A deductive proof DAG c1 c2 c3
i1 i2
⊥
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 5 / 36
Introduction to proofs
A deductive proof DAG
The roots: c ∈ CSP.
c1 c2 c3
i1 i2
⊥
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 5 / 36
Introduction to proofs
A deductive proof DAG
The roots: c ∈ CSP.
The sink represents ⊥.
c1 c2 c3
i1 i2
⊥
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 5 / 36
Introduction to proofs
A deductive proof DAG
The roots: c ∈ CSP.
The sink represents ⊥.
The nodes in between are derived.
c1 c2 c3
i1 i2
⊥
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 5 / 36
Introduction to proofs
A deductive proof DAG
The roots: c ∈ CSP.
The sink represents ⊥.
The nodes in between are derived.
c1 c2 c3
i1 i2
⊥
〈parent 1〉 · · · 〈parent n〉
〈consequent 〉[〈rule name〉]
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 5 / 36
Resolution based proofs
SAT solvers generate proofs:
From initial clauses to ( ).Inference is via the binary-resolution rule.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 6 / 36
Resolution based proofs
SAT solvers generate proofs:
From initial clauses to ( ).Inference is via the binary-resolution rule.
Unlike SAT solvers, CSPs:
have non-Boolean domains, andnon-clausal constraints.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 6 / 36
Resolution based proofs
SAT solvers generate proofs:
From initial clauses to ( ).Inference is via the binary-resolution rule.
Unlike SAT solvers, CSPs:
have non-Boolean domains, andnon-clausal constraints.
Can this gap be bridged?
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 6 / 36
Resolution based proofsSigned CNF [BHM00] - definition
Let s be a set of values.
A positive signed literal: a ∈ s, e.g., a ∈ {1, 2, 3}.
Alternative notations: a ∈ [1..3], a = 4.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 7 / 36
Resolution based proofsSigned CNF [BHM00] - definition
Let s be a set of values.
A positive signed literal: a ∈ s, e.g., a ∈ {1, 2, 3}.
Alternative notations: a ∈ [1..3], a = 4.
A negative signed literal: a ∈ s, e.g., a ∈ {4}.
Alternative notations: a 6∈ {4}, a 6= 4.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 7 / 36
Resolution based proofsSigned CNF [BHM00] - definition
Let s be a set of values.
A positive signed literal: a ∈ s, e.g., a ∈ {1, 2, 3}.
Alternative notations: a ∈ [1..3], a = 4.
A negative signed literal: a ∈ s, e.g., a ∈ {4}.
Alternative notations: a 6∈ {4}, a 6= 4.
A signed clause is a disjunction of signed literals. e.g.,(a ∈ [1..3] ∨ b ∈ {4})
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 7 / 36
Resolution based proofsSigned CNF - resolution
A binary-resolution rule for signed-CNF:
(Literals1 ∨ x ∈ A) (x ∈ B ∨ Literals2)
(Literals1 ∨ x ∈ A ∩ B ∨ Literals2)(sRes(x))
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 8 / 36
Resolution based proofsSigned CNF - resolution
A binary-resolution rule for signed-CNF:
(Literals1 ∨ x ∈ A) (x ∈ B ∨ Literals2)
(Literals1 ∨ x ∈ A ∩ B ∨ Literals2)(sRes(x))
This can be used with constraints given as signed-clauses.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 8 / 36
Resolution based proofsSigned CNF - resolution
A binary-resolution rule for signed-CNF:
(Literals1 ∨ x ∈ A) (x ∈ B ∨ Literals2)
(Literals1 ∨ x ∈ A ∩ B ∨ Literals2)(sRes(x))
This can be used with constraints given as signed-clauses.
But what about other constraints?e.g. 6=,≤, allDifferent(v1, . . . , vk)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 8 / 36
CSP unsatisfiability proofsThe challenge
Q: Why not convert constraints to signed clauses?
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 9 / 36
CSP unsatisfiability proofsThe challenge
Q: Why not convert constraints to signed clauses?
A: A clause representation is inefficient.
e.g., x 6= y requires:(x 6=1 ∨ y 6=1) ∧ (x 6=2 ∨ y 6=2) ∧ · · ·
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 9 / 36
CSP unsatisfiability proofsThe solution
Solution: introduce clauses lazily.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 10 / 36
CSP unsatisfiability proofsThe solution
Solution: introduce clauses lazily.
Consider a general constraint c , such that:
In the context of l1 ∧ l2 ∧ · · · ∧ ln,
propagation of c implies l :
(l1 ∧ · · · ∧ ln ∧ c)→ l
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 10 / 36
Explanation clausesThe requirements
(l1 ∧ · · · ∧ ln ∧ c)→ l
Find an explanation clause e such that:
e is not too strong: c → e
e is strong enough: (l1 ∧ · · · ∧ ln ∧ e)→ l
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 11 / 36
The structure of a PCS proof
sRessRes
sRes
sRes
sRes
sRes
6= ≤ =
()
e1 e2 e3
x y
e1, e2, e3 – explanation clauses.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 12 / 36
Explanation rules
For every constraint there is an explanation clause:
〈constraint〉
〈explanation clause〉(〈rule name〉)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 13 / 36
Explanation rule – example 1
Constraint: x 6= y
x 6= y
(x 6=m ∨ y 6=m)(Ne(m))
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 14 / 36
Explanation rule – example 1
Propagation:
context: l1 : (x = 1), l2 : (y ∈ [1..100]).
constraint: c : x 6= y .
implies: l : (y ∈ [2..100]).
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 15 / 36
Explanation rule – example 1
Propagation:
context: l1 : (x = 1), l2 : (y ∈ [1..100]).
constraint: c : x 6= y .
implies: l : (y ∈ [2..100]).
Explanation:
e : (x 6=1 ∨ y 6=1) // = Ne(1)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 15 / 36
Explanation rule – example 1
Propagation:
context: l1 : (x = 1), l2 : (y ∈ [1..100]).
constraint: c : x 6= y .
implies: l : (y ∈ [2..100]).
Explanation:
e : (x 6=1 ∨ y 6=1) // = Ne(1)
... indeed:
cNe(1)−→ e
(l1 ∧ l2 ∧ e) −→ l
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 15 / 36
Explanation rule – example 2
Constraint: x ≤ y
x ≤ y
(x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))(LE (m))
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 16 / 36
Explanation rule – example 2
Propagation:
context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])
constraint: c : x ≤ y .
implies: l : x ∈ [1..2]
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 17 / 36
Explanation rule – example 2
Propagation:
context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])
constraint: c : x ≤ y .
implies: l : x ∈ [1..2]
Explanation:
e : (x ∈ (−∞, 2] ∨ y ∈ [3,∞)). // = LE (2)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 17 / 36
Explanation rule – example 2
Propagation:
context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])
constraint: c : x ≤ y .
implies: l : x ∈ [1..2]
Explanation:
e : (x ∈ (−∞, 2] ∨ y ∈ [3,∞)). // = LE (2)
...indeed:
cLE(2)−→ e
(l1 ∧ l2 ∧ e) −→ l
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 17 / 36
Rule instantiation
Q: How does PCS instantiate the rules?
Consider the last example (LE (m)). We took m = max(Domain(y)).
Should we consider other values?
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 18 / 36
Rule instantiation
Q: How does PCS instantiate the rules?
Consider the last example (LE (m)). We took m = max(Domain(y)).
Should we consider other values?
Yes! (to be shown later)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 18 / 36
Each constraint has its rule
Constraint Name Inference rule
a 6= b Ne(m)a 6= b
(a 6= m ∨ b 6= m)
x ≤ y LE(m)x ≤ y
(x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))
a = b Eq(D)a = b
(a 6∈ D ∨ b ∈ D)
a ≤ b + c LE+(m, n)a ≤ b + c
(a ∈ (−∞,m + n] ∨ b ∈ [m + 1,∞) ∨ c ∈ [n + 1,∞))
a = b + c EQa+
(lb , ub, lc , uc )
a = b + c
(a ∈ [lb + lc , ub + uc ] ∨ b 6∈ [lb, ub] ∨ c 6∈ [lc , uc ])
AllDiff(v1, . . . , vk) AD(D,V )|D|+1 = |V |
AllDiff(v1, . . . , vk)
(∨
v∈Vv 6∈ D)
......
...
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 19 / 36
The structure of a PCS proof
sRessRes
sRes
sRes
sRes
sRes
6=
Ne(1
)
LE
(3)
≤ =
Eq(4
)
()
e1 e2 e3
x y
e1, e2, e3 – explanation clauses.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 20 / 36
But constraints are not axioms...
So far we assumed that the constraints are axioms (unconditioned).
Constraints can be conditioned, e.g., (b ∨ x ≤ y).
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 21 / 36
But constraints are not axioms...
So far we assumed that the constraints are axioms (unconditioned).
Constraints can be conditioned, e.g., (b ∨ x ≤ y).
Each of the above rules can be extended trivially to handle disjunction,e.g.,
b ∨ x ≤ y
b ∨ (x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 21 / 36
PCS: architecture
Decide
assignmentfull
conflict
SAT
UNSAT
bl ≥ 0
BackTrack
Analyze-Conflict
CPconflictno
partialassignment
bl < 0
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 22 / 36
From search to proof
PCS is inspired by modern CDCL2 SAT solvers.
The learning mechanism is used for constructing a resolution proof.
2Conflict-driven Clause-LearningMichael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 23 / 36
From search to proof
PCS is inspired by modern CDCL2 SAT solvers.
The learning mechanism is used for constructing a resolution proof.
⇒ Constraints propagation can be depicted in an implication graph.
.. which is called a conflict graph in case of a conflict.
2Conflict-driven Clause-LearningMichael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 23 / 36
From search to proof
PCS is inspired by modern CDCL2 SAT solvers.
The learning mechanism is used for constructing a resolution proof.
⇒ Constraints propagation can be depicted in an implication graph.
.. which is called a conflict graph in case of a conflict.
⇐ Analyze-Conflict learns a new clause from the conflict graph.
2Conflict-driven Clause-LearningMichael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 23 / 36
From search to proof
PCS is inspired by modern CDCL2 SAT solvers.
The learning mechanism is used for constructing a resolution proof.
⇒ Constraints propagation can be depicted in an implication graph.
.. which is called a conflict graph in case of a conflict.
⇐ Analyze-Conflict learns a new clause from the conflict graph.
If unsat:
⇐ Starting from the empty clause, find the proof ‘cone’.⇐ Reconstruct a full proof.
2Conflict-driven Clause-LearningMichael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 23 / 36
Implication graph (=>)
Shows the context of implications.
Example
a
b c
D(a) = {1, 2}
D(b) = {1, 2} D(c) = {1, 2}
6=
6=
6=Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a
b c
a = 1@1
D(b) = {1, 2} D(c) = {1, 2}
6=
6=
6=
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a
b c
a = 1@1
D(b) = {�1, 2} D(c) = {1, 2}
6=
6=
6=
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
a 6=b
a 6=b
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a
b c
a = 1@1
D(b) = { , 2} D(c) = {�1, 2}
6=
6=
6=
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
a 6=b
a 6=b
a 6=c
a 6=c
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a
b c
a = 1@1
D(b) = { ,�2} D(c) = { ,�2}
6=
6=
6=
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
contextimplied
constraint
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
contextimplied
constraint
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
Implication graph (=>)
Shows the context of implications.
Example
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
contextimplied
constraint
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
e = (b 6= 2 ∨ c 6= 2)
cl =
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
front
cl = (b 6= 2 ∨ c 6= 2)
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
front
e = (a 6= 1 ∨ c 6= 1)
cl = (b 6= 2 ∨ c 6= 2)
cl ← Resolve(cl , e, c)
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
front
cl = (a 6= 1 ∨ b 6= 2 ∨ c 6∈ {1, 2})
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
front
e = (a 6= 1 ∨ b 6= 1)
cl = (a 6= 1 ∨ b 6= 2 ∨ c 6∈ {1, 2})
cl ← Resolve(cl , e, b)
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)
a=1@1
b∈{1, 2}@0
c∈{1, 2}@0
b=2@1
c =2@1
conflict
a 6=b
a 6=b
a 6=c
a 6=c
b 6=c
b 6=c
front
cl = (a 6= 1 ∨ b 6∈ {1, 2} ∨ c 6∈ {1, 2})
Invariant: cl contradicts the literals of front.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 25 / 36
ANALYZE-CONFLICT (<=)The resulting proof
b 6= c
a 6= c
a 6= b
(b 6=2 ∨ c 6=2)
NE(2)
(a 6=1 ∨ c 6=1)NE(1)
(a 6=1 ∨ b 6=2 ∨ c 6∈{1, 2})
R(c)R(c)
(a 6=1 ∨ b 6=1)
NE(1)
(a 6=1 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})
R(b)
R(b)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 26 / 36
ANALYZE-CONFLICT (<=)The resulting proof
b 6= c
a 6= c
a 6= b
(b 6=2 ∨ c 6=2)
NE(2)
(a 6=1 ∨ c 6=1)NE(1)
(a 6=1 ∨ b 6=2 ∨ c 6∈{1, 2})
R(c)R(c)
(a 6=1 ∨ b 6=1)
NE(1)
(a 6=1 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})
R(b)
R(b)
(b 6=1 ∨ c 6=1)
NE(1)
(a 6=2 ∨ c 6=2)NE(2)
(a 6=2 ∨ b 6=1 ∨ c 6∈{1, 2})
R(c)R(c)
(a 6=2 ∨ b 6=2)
NE(2)
(a 6=2 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})
R(b)
R(b)
(a 6∈{1, 2} ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})R(a) R(a)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 26 / 36
ANALYZE-CONFLICT (<=The resulting proof (2)
(a 6∈{1, 2} ∨ b 6∈{1, 2} ∨ c 6∈{1, 2}) (a∈{1, 2})
(b∈{1, 2})
(c∈{1, 2})
(b 6∈{1, 2} ∨ c 6∈{1, 2})
R(a)R(a)
(c 6∈{1, 2})
R(b)
R(b)
()
R(c)
R(c)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 27 / 36
Optimization 1: augmented explanation
Propagation:
context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])
constraint: c : x ≤ y .
implies: l : x ∈ [1..3]
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 28 / 36
Optimization 1: augmented explanation
Propagation:
context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])
constraint: c : x ≤ y .
implies: l : x ∈ [1..3]
Explanation:
e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 28 / 36
Optimization 1: augmented explanation
Propagation:
context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])
constraint: c : x ≤ y .
implies: l : x ∈ [1..3]
Explanation:
e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)
But we now continue to resolve e with cl .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 28 / 36
Optimization 1: augmented explanation
Propagation:
context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])
constraint: c : x ≤ y .
implies: l : x ∈ [1..3]
Explanation:
e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)
But we now continue to resolve e with cl .
Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).
Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 28 / 36
Optimization 1: augmented explanation
Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).
Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 29 / 36
Optimization 1: augmented explanation
Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).
Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .
Now consider LE (5):
e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 29 / 36
Optimization 1: augmented explanation
Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).
Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .
Now consider LE (5):
e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)
Resolve with cl :
Resolve(e ′, cl , x) = (y ∈ [6,∞] ∨ z ∈ [1, 2])
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 29 / 36
Optimization 1: augmented explanation
Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).
Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .
Now consider LE (5):
e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)
Resolve with cl :
Resolve(e ′, cl , x) = (y ∈ [6,∞] ∨ z ∈ [1, 2])
e ′ is not an explanation, but it is good enough.
We call it an augmented explanation.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 29 / 36
Optimization 1: formalization
Assume that l1 ∧ · · · ∧ ln ∧ c → l .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 30 / 36
Optimization 1: formalization
Assume that l1 ∧ · · · ∧ ln ∧ c → l .
Let l ′ ∈ cl be a literal such that var(l ′) = var(l).
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 30 / 36
Optimization 1: formalization
Assume that l1 ∧ · · · ∧ ln ∧ c → l .
Let l ′ ∈ cl be a literal such that var(l ′) = var(l).
e ′ is an augmented explanation if
c → e ′
(l1 ∧ · · · ∧ ln ∧ e ′)→ ¬l ′
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 30 / 36
Optimization 1: formalization
Assume that l1 ∧ · · · ∧ ln ∧ c → l .
Let l ′ ∈ cl be a literal such that var(l ′) = var(l).
e ′ is an augmented explanation if
c → e ′
(l1 ∧ · · · ∧ ln ∧ e ′)→ ¬l ′
We choose e ′ that results in the strongest resolvent.
In particular:
Resolve(e ′, cl , var(l)) → Resolve(e, cl , var(l)) .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 30 / 36
Optimization 2: Only consider relevant nodes
Observation: vars(explanation) ⊆ vars(predecessors).
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 31 / 36
Optimization 2: Only consider relevant nodes
Observation: vars(explanation) ⊆ vars(predecessors).
Example: AllDiff (x , y , z).
y ∈ [1, 3]
z ∈ [1, 2]
x = 1
z = 2
y ∈ [2, 3] ...
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 31 / 36
Optimization 2: Only consider relevant nodes
Observation: vars(explanation) ⊆ vars(predecessors).
Example: AllDiff (x , y , z).
y ∈ [1, 3]
z ∈ [1, 2]
x = 1
z = 2
y ∈ [2, 3] ...
z becomes irrelevant.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 31 / 36
Optimization 3: Only consider distinct nodes
Consider a conflict graph that includes a chain:
x ∈ [1..3]@3 x ∈ [1..2]@4x ∈ [1..4]@2 . . .
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 32 / 36
Optimization 3: Only consider distinct nodes
Consider a conflict graph that includes a chain:
x ∈ [1..3]@3 x ∈ [1..2]@4x ∈ [1..4]@2 . . .
Only right-most node matters.Others will not change the resolvent.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 32 / 36
Performance
PCS participated in CSC’09
For n-ary constraints, out of 14:
category rank rank rank
SAT UNSAT total
extension 9/14 6/14 9/14
intention 4/14 1/14 4/14
2-ary constraints PCS got poor results.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 33 / 36
New results (2011)
PCS is now ≈on-par with Mistral.
Out of 2847 supported CSC’09 test cases (t/o is 200 secs)
Mistral PCS
shared shared shared
case time * success time success success
all 4.62 2187 9.23 (x2.0) 2104 (-83) 1963
with tables 4.38 1216 12.7 (x2.9) 1112 (-104) 1069
w/o tables 4.91 971 3.88 (x0.79) 992 (+21) 894
with ≤ 6.44 576 3.69 (x0.57) 628 (+52) 547
∗Shared time - average time on cases solved by both.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 34 / 36
Future work
Non-clausal conflict analysis,
Interpolation algorithms (X),
Word-level model checking?
Performance, performance, performance.
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 35 / 36
Summary
PCS is a COOL CSP solver, which
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 36 / 36
Summary
PCS is a COOL CSP solver, which
... performs similar to Mistral, but
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 36 / 36
Summary
PCS is a COOL CSP solver, which
... performs similar to Mistral, but
... produces machine-checkable proofs.
PCS: http://tx.technion.ac.il/∼mveksler/PCS/index.html
Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 36 / 36