1 sat genealogy alexander nadel, intel, haifa, israel the technion, haifa, israel july, 3 2012
Post on 27-Dec-2015
223 Views
Preview:
TRANSCRIPT
1
SAT Genealogy
Alexander Nadel, Intel, Haifa, Israel
The Technion, Haifa, IsraelJuly, 3 2012
2
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
3
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
We won’t use implication graphs for explanation, but:Duality between search and resolution
4
What is SAT?
Find a variable assignment (AKA solution or model) that satisfies a propositional formula or prove that there are no solutions
SAT solvers operate on CNF formulas: Any formula can be reduced to a CNF
CNF Formula:
clausenegative literal
positive literal
F = ( a + c ) ( b + c ) (a’ + b’ + c’ )
5
SAT: Theory and Practice
Theory: SAT is the first known NP-complete problem
Stephen Cook, 1971 One can check a solution in polynomial time Can one find a solution in polynomial time?
The P=NP question…
Practice: Amazingly, nowadays SAT solvers can solve industrial
problems having millions of clauses and variables SAT has numerous applications in formal verification,
planning, bioinformatics, combinatorics, …
6
Approaches to SAT Solving
Backtrack search: DFS search for a solution The baseline approach for industrial-strength
solvers. In focus today. Look-ahead: BFS search for a solution
Helpful for certain classes of formulas Recently, there were attempts of combining it with
backtrack search Local search
Helpful mostly for randomly generated formulas
7
Early Days of SAT Solving Agenda
Resolution Backtrack Search
a + b + g + h’ + fa + b + g + h’
Resolution: a Way to Derive New Valid Clauses
Resolution over a pair of clauses with exactly one pivot variable: a variable appearing in different polarities:
a + b + c’ + f g + h’ + c + f
- The resolvent clause is a logical consequence of the two source clauses
• Known to be invented by Davis&Putnam, 1960• Had been invented independently by Lowenheim in early 1900’s (as well as the DP
algorithm, presented next)• According to Chvatal&Szemeredy, 1988 (JACM)
9
DP Algorithm: Davis&Putnam, 1960
(a + b)
(a + b’) (a’ + c) (a’ + c’)
(a + b + c)
(b + c’ + f’)
(b’ + e)
(a + c + e)(c’ + e + f)
(a + e + f)
(a’ + c) (a’ + c’)
(c)
(c’)
( )SATUNSAT
(a)
Remove the variables one-by-one by resolution over all the clauses containing that variable
DP is sound and complete
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + b
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + b
a’
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + b
a’Decision level 1
a is the decision variable;a’ is the decision literal
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + b
a’
b’
Decision level 2
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
a’
b’
A conflict. A blocking clause – a clause, falsified by the current assignment – is encountered.
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
a’
b’ b Backtrack and flip
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c
a’
b’ b
c’
Decision level 1
Decision level 2
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
a’
b’ b
c’ c
Decision level 1
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
a’
b’ b
c’ c
a
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
a’
b’ b
c’ c
a
b
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
b’ + c
a’
b’ b
c’ c
a
b
c’
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
b’ + c b’ + c’
a’
b’ b
c’ c
a
b
c’ c
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
b’ + c b’ + c’
a’ + b
a’
b’ b
c’ c
a
b
c’ c
b’
Backtrack Search or DLL: Davis-Logemann-Loveland, 1962
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
b’ + c b’ + c’
a’ + b
a’
b’ b
c’ c
a
b
c’ c
b’
UNSAT!
24
Core SAT Solving: the Principles
DLL could solve problems with <2000 clauses How can modern SAT solvers solve problems
with millions of clauses and variables? The major principles:
Learning and pruning Block already explored paths
Locality and dynamicity Focus the search on the relevant data
Well-engineered data structures Extremely fast propagation
25
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
Duality between Basic Backtrack Search and Resolution
One can associate a resolution derivation with every invocation of DLL over an unsatisfiable formula
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + ba + b
a’
b’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + ba + b
a’
b’
• A parent clause P(x) is associated with every flip operation for variable x. It contains:• The flipped literal • A subset of previously assigned falsified literals
• The parent clause justifies the flip: its existence proves that the explored subspace has no solutions
b
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c
a’
b’ b
c’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c
a’
b’ b
c’ c
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + ba + b
b’ + c b’ + c’
a’
b’ b
c’ c
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
• Backtracking over a flipped variable x can be associated with a resolution operation:• P = P(x) P• P is to become the parent
clause for the upcoming flip• P is initialized with the last
blocking clause
PoldP(c)
Pnew
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a
b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
• Backtracking over a flipped variable x can be associated with a resolution operation:• P = P(x) P• P is to become the parent
clause for the upcoming flip• P is initialized with the last
blocking clause
Pnew
PoldP(b)
b’ b
c’ c
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a
b’a + b
b’ + c b’ + c’
a’ a
(a)
• The parent clause P(a) is derived by resolution.• The resolution proof (a) of the parent clause is called parent resolution
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a’ a
b
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’ + c
a’ a
b
c’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’ + c
a’ a
b
c’ c
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
P(c)
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’ + c b’ + c’
a’ a
b
c’ c
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’
b’ + c b’ + c’
a’ a
b
c’ c
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
PoldP(c)
Pnew
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’
b’ + c b’ + c’
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’(b)
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
PoldP(b)
Pnew
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
PoldP(a)
Pnew
Duality between Basic Backtrack Search and Resolution
a + b
b’ + c
b’ + c’
a’ + b
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Duality between Basic Backtrack Search and Resolution
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
The final trace of DLL is both a decision tree (top-down view) and a resolution refutation (bottom-up view) Variables associated with the edges are both
decision variables in the tree and pivot variables for the resolution
A forest of parent resolutions is maintained The forest converges to one resolution
refutation in the end (for an UNSAT formula)
Conflict Clause Recording
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
The idea: update the instance with conflict clauses, that is some of the clauses generated by resolution Introduced in SAT by Bayardo&Schrag, 1997
(rel_sat)
Conflict Clause Recording
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Assume the brown clause below was recorded
Conflict Clause Recording
a’
b’
b’ + c b’ + c’
a’ + b
a’ a
b
c’ c
b’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Assume the brown clause below was recorded
The violet part would not have been explored It is redundant
Conflict Clause Recording
a’
a’ + b
a’ a
bb’
b’ b
c’ c
a
b’a + b
b’ + c b’ + c’
Assume the brown clause below was recorded
The violet part would not have been explored It is redundant
Conflict Clause Recording Most of the modern solvers record every
non-trivial parent clause (since Chaff) : recorded : not recorded
a’
b’
c’ c d’ d f’ f g’ g
b e’ e
a
Enhancing CCR: Local Conflict Clause Recording The parent-based scheme is asymmetric
w.r.t polarity selection
a’
b’
c’ c d’ d f’ f g’ g
b e’ e
a
Enhancing CCR: Local Conflict Clause Recording The parent-based scheme is asymmetric w.r.t polarity selection Solution: record an additional local conflict clause: a would-be
conflict clause if the last polarity selection was flipped Dershowitz&Hanna&Nadel, 2007 (Eureka) : local conflict clause
a’
b’
c’ c d’ d f’ f g’ g
b e’ e
a
55
Managing Conflict Clauses
Keeping too many clauses slows down the solver Deleting irrelevant clauses is very important.
Some of the strategies: Size-based: remove too long clauses
Marques-Silva&Sakallah, 1996 (GRASP) Age-based: remove clauses that weren’t used for BCP
Goldberg&Novikov, 2002 (Berkmin) Locality-based (glue): remove clauses, whose literals
are assigned far away in the search tree Audemard&Simon, 2009 (Glucose)
Modern Conflict Analysis
Next, we present the following two techniques, commonly used in modern SAT solvers: Non-chronological backtracking (NCB)
GRASP 1UIP scheme
GRASP&Chaff
Both techniques prune the search tree and the associated forest of parent resolutions
Non-Chronological Backtracking (NCB)
b’ b
c’ c
a + b
b’ + c
b’ + c’
a’ + ba
b’a + b
b’ + c b’ + c’
a’
…
d’
NCB is an additional pruning operation before flipping: eliminate all the decision levels adjacent to the decision level of the flipped literal, so that the parent clause is still falsified
e
(e)
e’
• Assume we are about to flip a
Non-Chronological Backtracking (NCB)
b’ b
c’ c
a + b
b’ + c
b’ + c’
a’ + ba
b’a + b
b’ + c b’ + c’
a’
…
d’
NCB is an additional pruning operation before flipping: eliminate all the decision levels adjacent to the decision level of the flipped literal, so that the parent clause is still falsified
e
(e)
e’
• Assume we are about to flip a• Eliminate irrelevant decision levels
Non-Chronological Backtracking (NCB)
b’ b
c’ c
a + b
b’ + c
b’ + c’
a’ + ba
b’a + b
b’ + c b’ + c’
a’
…
NCB is an additional pruning operation before flipping: eliminate all the decision levels adjacent to the decision level of the flipped literal, so that the parent clause is still falsified
• Assume we are about to flip a• Eliminate irrelevant decision levels• Flip
a
1UIP Scheme
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
P
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
P
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
P
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause
A pruning technique: eliminate all the disconnected variables of the last decision level (along with their parent resolutions)
a + b
b’ + c
b’ + c’
a’ + b b’a + b
b’ + c b’ + c’
a’
b’ b
c’ c
1UIP Scheme 1UIP scheme consists of:
A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable
A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause
A pruning technique: eliminate all the disconnected variables of the last decision level (along with their parent resolutions)
a + b
b’ + c
b’ + c’
a’ + b b’
b’ + c b’ + c’
b
c’ c
b’
68
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
69
The unit clause rule A clause is unit if all of its literals but one are assigned to
0. The remaining literal is unassigned, e.g.:
Boolean Constraint Propagation (BCP) Pick unassigned variables of unit clauses as decisions
whenever possible 80-90% of running time of modern SAT solvers is spent in
BCP Introduced already in the original DLL
a = 0, b = 1, c is unassigned
a + b’ + c
Boolean Constraint Propagation
70
Data Structures for Efficient BCP
Naïve: for each clause hold pointers to all its literals How to minimize the number of clause visits? When can a clause become unit?
All literals in a clause but one are assigned to 0 For an N-literal clause, this can only occur after N-1 of the
literals have been assigned to 0 So, theoretically, one could completely ignore the first N-2
assignments to this clause. The solution: one picks two literals in each clause to watch and
thus can ignore any assignments to the other literals in the clause. Introduced by Zhang, 1997 (SATO solver); enhanced by Moskewicz&
Madigan&Zhao&Zhang&Malik, 2001 (Chaff)
71
Watched Lists : Example
a b c d e f g h
W W
72
Watched Lists : Example
a b c d e f g h
W W
a’
73
Watched Lists : Example
a b c d e f g h
W W
• The clause is visited• The corresponding watch moves to any unassigned literal• No pointers to the previously visited literals are saved
a’
74
Watched Lists : Example
a b c d e f g h
W W
a’
c’
75
Watched Lists : Example
a b c d e f g h
W W
• The clause is not visited!
a’
c’
76
Watched Lists : Example
a b c d e f g h
W W
a’
c’
g’
e’
77
Watched Lists : Example
a b c d e f g h
W W
• The clause is not visited!
a’
c’
g’
e’
78
Watched Lists : Example
a b c d e f g h
W W
a’
c’
g’
e’
h’
79
Watched Lists : Example
a b c d e f g h
W W
• The clause is visited• The corresponding watch moves to any unassigned literal• No pointers to the previously visited literals are saved
a’
c’
e’
g’
h’
80
Watched Lists : Example
a b c d e f g h
W W
a’
c’
e’
g’
h’
f’
81
Watched Lists : Example
a b c d e f g h
W W
a’
c’
e’
g’
h’
f’
82
Watched Lists : Example
a b c d e f g h
W W
a’
c’
e’
g’
h’
f’
b’
83
Watched Lists : Example
a b c d e f g h
W W
• The watched literal b is visited. It is identified that the clause became unit!
a’
c’
e’
g’
h’
f’
b’
84
Watched Lists : Example
a b c d e f g h
W
• b is unassigned : the watches do not move• No need to visit the clause during backtracking!
W
a’
c’
e’
g’
h’
f’
Backtrackb’
85
Watched Lists : Example
• f is unassigned : the watches do not move
Backtrack
a b c d e f g h
WW
a’
c’
e’
g’
h’
f’
b’
86
Watched Lists : Example
a’
c’
e’
g’
h’
• When all the literals are unassigned, the watches pointers do not get back to their initial positions
f’
Backtrack
a b c d e f g h
WW
b’
87
Watched Lists : Caching
Chu&Harwood&Stuckey, 2008
Divide the clauses into various cache levels to improve cache performance Most of the modern solvers put one literal of each
clause in the WL Special data structures for clauses of length 2
and 3
88
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
Decision Heuristics
Which literal should be chosen at each decision point?
Critical for performance!
Old-Days’ Static Decision Heuristics
Go over all clauses that are not satisfied Compute some function f(A) for each literal—
based on frequency Choose literal with maximal f(A)
Variable-based Dynamic Heuristics: VSIDS
VSIDS was the first dynamic heuristic (Chaff) Each literal is associated with a counter
Initialized to number of occurrences in input Counter is increased when the literal participates
in a conflict clause Occasionally, counters are halved Literal with the maximal counter is chosen
Breakthrough compared to static heuristics: Dynamic: focuses search on recently used variables
and clauses Extremely low overhead
92
Enhancements to VSIDS
Adjusting the scope: increase the scores for every literal in the newly generated parent resolution (Berkmin)
Additional dynamicity: multiply scores by 95% after each conflict, rather than occasionally halve the scores Eén&Sörensson, 2003 (Minisat)
The Clause-Based Heuristic (CBH)
The idea: use relevant clauses for guiding the decision heuristic
The Clause-Based Heuristic or CBH (Eureka) All the clauses (both initial and conflict clauses) are
organized in a list The next variable is chosen from the top-most unsatisfied
clause After a conflict:
All the clauses that participate in the newly derived parent resolution are moved to the top, then
The conflict clause is placed at the top
Partial clause-based heuristics: Berkmin, HaifaSAT
94
CBH: More
CBH is even more dynamic than VSIDS: prefers variables from very recent conflicts
CBH tends to pick interrelated variables: Variables whose joint assignment increases the
chances of: Satisfying clauses in satisfiable branches Quickly reaching conflicts in unsatisfiable branches
Variables appearing in the same clause are interrelated: Picking variables from the same clause, results in either
that: the clause becomes satisfied, or there’s a contradiction
95
Polarity Selection
Phase Saving: Strichman, 2000; Pipatsrisawat&Darwiche, 2007
(RSAT) Assign a new decision variable the last polarity it
was assigned: dynamicity rules again
96
Decision Heuristics: the Current Status
Everybody uses phase saving Most of the SAT solvers use VSIDS Intel’s Eureka uses CBH for most of the
instances and VSIDS for tiny instances only We plan to compare VSIDS and CBH
thoroughly in our new solver Fiver
97
Core SAT Solving: the Major Enhancements to DLL
Boolean Constraint Propagation Conflict Analysis and Learning Decision Heuristics Restart Strategies Pre- and Inter- Processing
The slides on restarts are based on Vadim Ryvchin’s SAT’08 presentation
98
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
99
Restarts
Restarts: the solver backtracks to decision level 0, when certain criteria are met crucial impact on performance
Motivation: Dynamicity: refocus the search on relevant data
Variables identified as important will be pick first by the decision heuristic after the restart
Avoid spending too much time in ‘bad’ branches
100
Restart Criteria
Restart after a certain number of conflicts has been encountered either: Since the previous restart: global
Gomes&Selman&Kautz, 1998 Higher than a certain decision level: local
Ryvchin&Strichman, 2008
Next: methods to calculate the threshold on the number of conflicts Holds for both global and local schemes
101
Restarts Strategies
1. Arithmetic (or fixed) series. Parameters: x, y. Init(t) = x Next(t)=t+y
Arithm(2000, 0) , Arithm(1000, 10)
0
500
1000
1500
2000
2500
3000
3500
1 21 41 61 81 101 121 141 161 181 201
Restart NumberT
hre
sh
old
102
Restarts Strategies (cont.)
2. Luby et al. series. Parameter: x. Init(t) = x Next(t) = ti*x
Ruan&Horvitz&Kautz, 2003
Luby(512)
0
5000
10000
15000
20000
1 7 13 19 25 31 37 43 49 55 61 67 73 79 85 91 97
Restart NumberTh
resh
old
ti =1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 16 1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 …
103
Restarts Strategies (cont.)
3. Inner-Outer Geometric series. Parameters: x, y, z. Init(t) = x if (t*y < z)
Next(t) = t*y else
Next(t) = x Next(z) = z*y
Armin Biere, 2007 (Picosat)
Inner-Outer (100, 1.1, 100)
0
500
1000
1500
2000
1 17 33 49 65 81 97 113 129 145 161 177 193
Restart NumberTh
resh
old
104
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
105
Preprocessing and Inprocessing
The idea: Simplify the formula prior (pre-) and during (in-) the search
History: Freeman, 1995 (POSIT): first mentioning of preprocessing in the
context of SAT Eén&Biere, 2005 (SatELite): a commonly used efficient
preprocessing procedure Heule&Järvisalo&Biere (2010-2012): a series of papers on
inprocessing Used in the current state-of-the-art solvers Lingeling and
CryptoMinisat Nadel&Ryvchin&Strichman (2012): apply SatELite in incremental
SAT solving
106
Inprocessing Techniques
SatELite: Subsumption: remove clause (C+D) if (C) exists Self-subsuming resolution: replace (D+l’) by (D), if (C+l)
exists, such that C D Variable elimination: apply DP for variables, whose elimination
does not increase the number of clauses Example: (a+b)(a+b’)(a’+c)(a’+c’) (a)(a’+c)(a’+c’)
Example of other techniques: Failed literal elimination with BCP:
Repeat for a certain subset of literals on decision level 0: Propagate a literal l with BCP. If a conflict emerges, l must be 0 the formula can be simplified
107
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
108
Extensions to SAT
Nowadays, SAT solving is much more than finding one solution to a given problem
Extensions to SAT: Incremental SAT under assumptions Simultaneous SAT (SSAT): SAT over multiple properties at once Diverse solution generation Minimal Unsatisfiable Core (MUC) extraction Push/pop support Model minimization ALL-SAT XOR clauses support ISSAT: assumptions are implications …
109
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
110
Incremental SAT Solving under Assumptions
The challenge: speed-up solving of related SAT instances by enabling re-use of relevant data
Incremental SAT solving has numerous applications
Next, we review a prominent application in Formal Verification of Hardware
111
Reasoning about Circuit Properties with SAT-based Bounded Model Checking (BMC)
BMC: given a circuit and a property, does the property holds for the first n cycles? Unroll: generate a combinational instantiation of
the circuit for each cycle Run a SAT solver for each cycle over:
The translation of unrolled circuit to CNF The negation of the property at that cycle
The property holds for n cycles iff all the SAT solver invocations return UNSAT
BMC Exampleab ch
g
The property: b’h’
BMC Example: Cycle 0
ab h
g
ci
A user-given initial value
ab ch
g
The property: b’h’
BMC Example: Cycle 0
ab h
g
ci
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
b’h
The negation of the property b’h’:
ab ch
g
UNSAT!
The property: b’h’
BMC Example: Cycle 1
ab h
g
ci
ab ch
g
bx hx
cx
ax gx
The property: b’h’
BMC Example: Cycle 1
ab h
g
ci
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
bx’hx
The negation of the property bx’hx’:
ab ch
g
bx hx
cx
cx + h’cx’ + h
ax gx
gx + ax’ + bx’ gx’ + ax
gx’ + bx
hx + gx’ + cx’ hx’ + gx
hx’ + cx
UNSAT!
The property: b’h’
117
Re-Using Relevant Information from Previous Cycles
The property: b’h’ab h
g
ci
bx hx
cx
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
b’h
bx’hx
cx + h’cx’ + h
gx + ax’ + bx’ gx’ + ax
gx’ + bx
hx + gx’ + cx’ hx’ + gx
hx’ + cx
C0: cycle 0 C1: cycle 1
S0: cycle 0-specific
S1: cycle 1-specific
C0 and C1 hold globally
S0 and S1 hold solely for a particular cycle
118
Pervasive Clause Learning; Marques-Silva&Sakallah, 1997 (GRASP); Strichman, 2001
Cycle 0: create a CNF instance C0 S0 and solve it Let C0
* be the set of pervasive conflict clauses, that is conflict clauses that depend only on C0
Cycle 1: create a CNF instance C0 C1 S1 C0* and solve it
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
b’h
bx’hx
cx + h’cx’ + h
gx + ax’ + bx’ gx’ + ax
gx’ + bx
hx + gx’ + cx’ hx’ + gx
hx’ + cx
C0: cycle 0 C1: cycle 1
S0: cycle 0-specific
S1: cycle 1-specific
119
Cycle 0: create a CNF instance C0 S0 and solve it Let C0
* be the set of pervasive conflict clauses, that is conflict clauses that depend only on C0
Cycle 1: create a CNF instance C0 C1 S1 C0* and solve it
a + h’
g
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
b’h
bx’hx
cx + h’cx’ + h
gx + ax’ + bx’ gx’ + ax
gx’ + bx
hx + gx’ + cx’ hx’ + gx
hx’ + cx
C0: cycle 0 C1: cycle 1
S0: cycle 0-specific
S1: cycle 1-specific
C0*
Pervasive Clause Learning; Marques-Silva&Sakallah, 1997 (GRASP); Strichman, 2001
120
Incremental SAT Solving under Assumptions; Eén&Sörensson, 2003 (Minisat)
Cycle 0: create a CNF instance C0 and solve it under the assumptions S0
S0 clauses are not part of the instance, instead:
The literals of S0 are used as the first decision, or assumptions The solver stops, whenever one of the assumptions must be flipped
Cycle 1: add the clauses C1 to the same instance and solve under the assumptions S1
h + g’ + ci’ h’ + gh’ + ci
g + a’ + b’ g’ + ag’ + b
b’h
bx’hx
cx + h’cx’ + h
gx + ax’ + bx’ gx’ + ax
gx’ + bx
hx + gx’ + cx’ hx’ + gx
hx’ + cx
C0: cycle 0 C1: cycle 1
S0: cycle 0-specific
S1: cycle 1-specific
121
Incremental SAT Solving: More
Minisat’s method is the state-of-the-art Advantages:
Re-uses a single solver instance: heuristics are incremental All the clauses are re-used
GRASP’s method advantage Assumptions are unit clauses: preprocessing can use them to
simplify the formula Incremental SAT solving was not compatible with
preprocessing Nadel&Ryvchin&Strichman 2012:
Make incremental SAT solving compatible with SatELite Show a way to treat assumptions efficiently
122
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
123
Simultaneous SAT (SSAT)
A SAT-based algorithm to efficiently solve chunks of related properties in one SAT solver invocation For example, one can solve multiple properties
during BMCKhasidashvili&Nadel&Palti&Hanna, 2005
Khasidashvili&Nadel, 2011
p1p1 p2p2
C2C2C1C1
Example: Solve Both p1 and p2
Incremental SAT-based Approachp1p1 p2p2
C2C2C1C1
Translate C1 to CNF formula F
Solve F under the assumption p1’
Update F with clause projection of C2\C1
Solve F under the assumption p2’
SSAT Approachp1p1 p2p2
C2C2C1C1
Translate both C1 and C2 to CNF formula F
Find the status of both p1 and p2 in the same invocation of the SAT solver
Advantages of SSAT approach to Incremental SAT-based Approach
Looks at all the properties at once One solution can falsify more than one property May find conflict clauses (lemmas) relevant for
solving many POs
128
SSAT: the Algorithm Interface
Input A combinational formula F (in CNF) A list of proof objectives (POs) p1,p2,…,pn
Output Each pi is either
falsifiable A model to F, such that pi = 0, exists (F pi’ is SAT)
valid pi always holds, given F (F pi’ is UNSAT)
129
SSAT Algorithm Interface Example
F = (a + b) c’ a’
POs: a, b, c, a’, b’, c’
a is falsifiable: a = 0; b = 1; c = 0 is the model
b is valid: there is no model to F, where b = 0 In another words, (a + b) c’ a’ b’ is UNSAT
c is falsifiable: a = 0; b = 1; c = 0 is the model
a’ is valid: no model to F where a = 1
b’ is falsifiable with a = 0; b = 1; c = 0
c’ is valid: no model to F where c = 1
• Both l and l’ may be falsifiable
• Example: F = a + b; PO: a
Basic SSAT Algorithm
SSAT(F; P={p1,p2,…,pn}) While (P is non-empty)
Pick any s P Solve F under the assumption s’ If satisfiable by a satisfying assignment
T:={s other POs in P falsified by } Return to the user that the POs T are falsifiable P := P \ T
If unsatisfiable Return that s is valid P := P \ {p}
Initialized with clause projection of the union of cones of all the properties
SSAT: More
How to boost SSAT Take further advantage of reasoning about all the POs at
once Pick all the POs as decision variables and assign them 0
Fairness: rotate unsolved POs Set an internal time threshold for an attempt to solve one PO When the threshold expires:
Move the unresolved PO to the end of unsolved POs list Switch to another PO
SSAT is widely used at Intel Applied as the core reasoning engine for simultaneous
model checking algorithms we developed
132
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
133
DiversekSet: Generating Diverse Solutions
DiversekSet in SAT: generate a user-given number of diverse solutions, given a CNF formula Nadel, 2011
The problem has multiple applications at Intel
New Initial states
New Initial states
New Initial states
initial states
deep bugs
Max
FV bound
Application: Semi-formal FPV
Multi-Threaded Search to Enhance Coverage
Choosing a single path through waypoints may miss the bug
Must search along multiple diverse paths calculated:
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
2
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
12
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
12
3
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
12
3
18
11
2
43
312122
2
),(1 1
mq
D
Q
m
i
m
ijji
Variables Solutions
Hamming Distance
Diversification Quality as the Average Hamming Distance
Quality: the average Hamming distance between the solutions, normalized to [0…1]
a b c1 0 0 02 1 1 03 0 1 14 1 0 0
1 2 3 4
1
2
3
4
Hamming distances matrix
2 2 1
12
3
18
11
2
43
312122
2
),(1 1
mq
D
Q
m
i
m
ijji
Algorithms for DiversekSet in SAT in a Glance
The idea: Adapt a modern CDCL SAT solver for
DiversekSet Make minimal changes to remain efficient
Compact algorithms: Invoke the SAT solver once to generate all the
solutions Restart after a solution is generated Modify the polarity and variable selection
heuristics for generating diverse solutions
Algorithms for DiversekSet in SAT in a Glance Cont.
Polarity-based algorithms: Change solely the polarity selection heuristic pRand: pick the polarity randomly pGuide: pick the polarity so as to improve the
diversification quality Balance the number of 0’s and 1’s assigned to a variable by
picking {0,1} when variable was assigned ’ more times pGuide outperforms pRand in terms of both
diversification quality and performanceQuality can be improved further by taking BCP into
account and adapting the variable ordering
146
Agenda
Introduction Early Days of SAT Solving Core SAT Solving
Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing
Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction
Unsatisfiable Core Extraction
An unsatisfiable core is an unsatisfiable subset of an unsatisfiable set of constraints
An unsatisfiable core is minimal if removal of any constraint makes it satisfiable (local minima)
Has numerous applications
Example Application: Proof-based Abstraction Refinement for Model Checking; McMillan et al.,’03; Gupta et al.,’03
No BugValidModel Check A
BMC(M,P,k)
Cex C at depth k
BugNo
A A latches/gates in the UNSAT core of BMC(M,P,k)
Inputs: model M, property P Output: does P hold under M?
Abstract model A { }
Spurious?
The UNSAT core is used for refinement The UNSAT core is required in terms of latches/gates
Yes
Turn latches/ gates into free
inputs
Example Application 2: Assumption Minimization for Compositional Formal Equivalence Checking (FEC); Cohen et al.,’10
FEC verifies the equivalence between the design (RTL) and its implementation (schematics).
The whole design is too large to be verified at once. FEC is done on small sub-blocks, restricted with assumptions. Assumptions required for the proof of equivalence of sub-
blocks must be proved relative to the driving logic. MUC extraction in terms of assumptions is vital for feasibility.
Inp
uts
Ou
tpu
ts
Assumption Assertion
Traditionally, a Clause-Level UC Extractor is the Workhorse Clause-level UC extraction: given a CNF
formula, extract an unsatisfiable subset of its clauses
F = ( a + b ) ( b’ + c ) (c’ ) (a’ + c ) ( b + c ) ( a + b + c’ )
U1 = ( a + b ) (b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )
U2 = ( a + b ) ( b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )U3 = ( a + b ) ( b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )
Dozens of papers on clause-level UC extraction since 2002
Traditional UC Extraction for Practical Needs: the Input
An interesting constraint The remainder (the rest of the formula)
The user is interested in a MUC in terms of these constraints
Traditional UC Extraction: Example Input 1
An unrolled latch The rest of the unrolled circuit
Proof-based abstraction refinement
Traditional UC Extraction: Example Input 1
An assumption
Equivalence between sub-block RTL and implementation
Assumption minimization for FEV
Traditional UC Extraction:Stage 1: Translate to Clauses
An interesting constraint The remainder (the rest of the formula)
Each small square is a propositional clause, e.g. (a + b’)
Traditional UC Extraction:Stage 2: Extract a Clause-Level UC
An interesting constraint The remainder (the rest of the formula)
Colored squares belong to the clause-level UC
Traditional UC Extraction:Stage 3: Map the Clause-Level UC Back to the Interesting Constraints
An interesting constraint The remainder (the rest of the formula)
The UC contains three interesting constraints
High-Level Unsatisfiable Core Extraction
Real-world applications require reducing the number of interesting constraints in the core rather than clauses Latches for abstraction refinement Assumptions for compositional FEV
Most of the algorithms for UC extraction are clause-level
High-level UC: extracting a UC in terms of interesting constraints only Liffiton&Sakallah, 2008; Nadel, 2010; Ryvchin&Strichman,
2011
Small/Minimal Clause-Level UC Small/Minimal High-Level UC
A small clause-level UC, but the high-level UC is the largest possible:
A large clause-level UC, but the high-level UC is empty:
High-Level Unsatisfiable Core Extraction: Main Results
Minimal UC extraction: high-level algorithms solve Intel families that are out of reach for clause-level algorithms
Non-minimal UC extraction: high-level algorithms are preferable 2-3x boost on difficult benchmarks
160
Thanks!
top related