sat and smt solvers ayrat khalimov (based on georg hofferek‘s slides) akdv 2014
TRANSCRIPT
SAT and SMT solversAyrat Khalimov
(based on Georg Hofferek‘s slides)
AKDV 2014
Motivation
Institute for Applied Information Processing and Communications 2
• SAT solvers: They rocketed the model checking
• First-Order Theories Very expressive Efficient SMT Solvers
But:
• What are they?
• How do solvers work?
Outline
Institute for Applied Information Processing and Communications 3
• Propositional SAT solver DPLL algorithm
• Predicate Logic (aka. First-Order Logic) Syntax Semantics
• First Order Logic• First-Order Theories• SMT solver
Eager Encoding Lazy Encoding DPLL(T)
Scope of Solvers
propositional logicSAT solvers
first order logic
theory of equality
difference logic
Theorem provers
SMT solvers
linear integer arithmetic
…
theory of arrays
Notation• propositional variables
e.g., a, b, c, d, …
• literal is a variable or its negation e.g., a, b, …
• partial assignment A is a conjunction of literals e.g., A = a d
• clause is a disjunction of literals e.g., c = a b
• is a CNF formula (i.e. conjunction of clauses): e.g., = (a b d) c
• [A] is with all variables set according to A e.g., [A] = (FALSE b TRUE) c = b c
SAT Solver
SAT Solver
Formula in CNF
Satisfiable(+ model)
Unsatisfiable(+ refutation
proof)
DPLL Algorithm
• Due to Davis, Putnam, Loveland, Logemann
two papers: 1960, 1962
• Basis for all modern SAT solvers
CNF as a Set of Clauses
• Formula: • Set Representation
Idea of DPLL-based SAT Solvers
• Recursively search an A: [A] is TRUE
• Proves satisfiable• “A” is a satisfying model
• No such A exists is unsatisfiable
Setting Literals
• Compute [l], for a literal l:
Remove all clauses that contain l:• They are true
Remove all literals l: • They are false (i.e., becomes a, becomes empty)
An empty clause is false
An empty set of clauses is true
Truth Value of a CNF
• At least one clause is empty: FALSE
• Clause set empty: TRUE
• Otherwise: Unassigned Literals left
DPLL Algorithm
// sat(, A)=TRUE iff [A] is satisfiable// sat(, true)=TRUE iff is satisfiablesat(, A){ if([A] = true) return TRUE; if([A] = false) return FALSE; // Some unassigned variables left l = pick unassigned variable; AT = A l; if(sat(, AT)) return TRUE; AF = A l; if(sat(, AF)) return TRUE; return FALSE;}
DPLL Example
• Formula to check: (a b) (b c) (c a)
1. sat((a b) (b c) (c a), true)2. sat( (a b) (b c) (c a), a)
3. sat( (a b) (b c) (c a), ab)4. sat( (a b) (b c) (c a), abc) unsat5. sat( (a b) (b c) (c a), abc) unsat
6. sat( (a b) (b c) (c a), ab) unsat7. sat( (a b) (b c) (c a), a)
8. sat((a b) (b c) (c a), ab)9. sat((a b) (b c) (c a), abc) sat
Boolean Constraint Propagation (BCP)
• Unit clause: a clause with a single unassigned literal Examples:
• (a)• (b)
• Unit Clause exists set its literal Very simple but very important heuristic!
DPLL with BCP
sat(, A){
while(unit clause occurs){ // l is only unassigned literal in // unit clause; A = A l; } if([A] = true) return TRUE; if([A] = false) return FALSE; l = pick unassigned variable; AT = A l; if(sat(, AT)) return TRUE; AF = A l; if(sat(, AF)) return TRUE; return FALSE;}
Example
• Formula to check: (a b) (b c) (c a)
1. sat((a b) (b c) (c a), true)2. sat( (a b) (b c) (c a), a)3. [BCP]: sat( (a b) (b c) (c a), ab)4. [BCP]: sat( (a b) (b c) (c a), abc) unsat5. sat( (a b) (b c) (c a), a)
6. sat( (a b) (b c) (c a), ab)7. sat((a b) (b c) (c a), abc) sat
Can we do better?
sat(, A){ while(unit clause occurs){ // l is only unassigned literal in // unit clause; A = A l; } if([A] = true) return TRUE; if([A] = false) return FALSE; l = pick unassigned variable; AT = A l; if(sat(, AT)) return TRUE; AF = A l; if(sat(, AF)) return TRUE; return FALSE;}
Pure Literals
• Pure literal: Literal for unassigned variable The variable appears in one phase only
• Pure literals true them
DPLL with BCP and Pure Literals
sat(, A){ while(unit clause occurs){ // BCP let l be only unassigned literal in c; A = A l; }
while(pure literal l exists){ // Pure literals A = A l; } if([A] = true) return TRUE; if([A] = false) return FALSE; l = pick a literal that does not occur in A; AT = A l; if(sat(, AT)) return TRUE; AL = A l; if(sat(, AL)) return TRUE; return FALSE;}
Example
• Formula to check: (a b) (b c) (c a)
1. sat((a b) (b c) (c a), true) [a pure]2. sat( (a b) (b c) (c a), a) [b pure]3. sat( (a b) (b c) (c a), ab) sat
Can we do better?
Institute for Applied Information Processing and Communications 21
sat(, A){ while(unit clause l occurs) A = A l; while(pure literal l exists) A = A l; if([A] = true) return TRUE; if([A] = false) return FALSE; l = pick a literal that does not occur in A; AT = A l; if(sat(, AT)) return TRUE; AL = A l; if(sat(, AL)) return TRUE; return FALSE;}
• Whenever we get the conflict analyze it
• add clauses to avoid in future
2013-03-08 Institute for Applied Information Processing and Communications
Learning: informal
Learning
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)
c
a
UNSAT
Learning
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)
c
a
UNSAT
a
UNSAT
The problem is with a: no need to set c=true!
a
UNSAT
a
UNSAT
Without learning
Learning
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)
c
a
UNSAT
a false7
We learn: a
b6
Learning & Backtracking
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)8. a
c
a
UNSAT
Jump back to level 0 is smart
LEVEL 0
LEVEL 1
LEVEL 2a false
7
We learn: a
b6
Learning & Backtracking
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)8. a
c
a
UNSAT
a
Jump back to level 0 is smart
LEVEL 0
LEVEL 1
LEVEL 2
Learning & Backtracking
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)8. a
c
a
UNSAT
a b4 false5 LEVEL 0
LEVEL 1
LEVEL 2
Learning & Backtracking
1. (a c)2. (b c)3. (a b c)4. (a b)5. (a b)6. (a b)7. (a b)8. a
c
a
UNSAT
a b4 false5
UNSAT
We learn: UNSAT, becauseno decision was necessary
LEVEL 0
LEVEL 1
LEVEL 2
Backtrack Level
• Three important possibilities1. Backtrack as usual2. Restart for every learned clause3. Go to the earliest level in which the conflict
clause is a unit clause
• Option 3 often performs better
Can we do better? (learning is not shown)
31
sat(, A){ while(unit clause l occurs) A = A l; while(pure literal l exists) A = A l; if([A] = true) return TRUE; if([A] = false) return FALSE; l = pick a literal that does not occur in A; AT = A l; if(sat(, AT)) return TRUE; AF = A l; if(sat(, AF)) return TRUE; return FALSE;}
how to pick literals?
Institute for Applied Information Processing and Communications 32Source: Armin Biere’s slides: http://fmv.jku.at/rerise14/rerise14-sat-slides.pdf
Effect of picking heuristics on SAT solver performance
Can we do better? -- Special cases
2013-03-08 Institute for Applied Information Processing and Communications 33
• Horn clauses can be solved in polynomial time• Cut width algorithm
source: http://gauss.ececs.uc.edu/SAT/
Syntax of Predicate Logic
• Two sorts:
Objects• Numbers• Strings• Elements of sets• …
Truth values• IsEven(42)
“Terms”
“Formulas”
From Terms to Formulas
Term Term
Formula
Predicate
FOL formulae: informal definition
quantifiers over variables
unary
predicates: binary , etc.
functions
• can FO formulae quantify over functions/predicates?
• can FO formulae have free (non-quantified) variables?
• * can FO formulae have ‘uninterpreted’ functions?
• * can FO formula has infinite number of atoms?
Syntax of Predicate Logic
• Variables 𝕍 x, y, z, …
• Functions 𝔽 f, g, h, … (arity > 0) constants (arity = 0)
• Predicates ℙ P, Q, R, … (with arity > 0)
• Terms and Formulae defined next𝕋
Terms 𝕋
• Variable is a term
• Constant is a term
• If are terms, is -ary function then is a term
Formulae
Preconditions:
• Terms
• -ary predicate symbol
• formulae
• Variable
True and False FO formulae
• Functions and predicates in FO formulae are ‘uninterpreted’ they can be any
• Variables in FO formulae have no domains what can x, y be?
• What does it mean that this formula is true? or false?
• Depends..
Model for ( , , )𝔽 ℙ 𝕍
• Non-empty set Domain for variables Possibly infinite Non-empty
• For constansts : concrete element • For functions : concrete function • For predicates : subset ℙ (of arity n)
i.e., set of tuples on which is true
Semantics of Predicate Logic
• Formula Over , , 𝔽 ℙ 𝕍
• Model For , , 𝔽 ℙ 𝕍
• ? ( has no free variables)
Inductive Definition
Semantics of Predicate Logic• For of the form
iff , for all
• For of the form iff , for at least one
• For of the form , , Like in propositional logic
• No free variables => any predicate has concrete arguments
• Let model M be: D = {1,2} , others gives F f(1, ..)=1, f(2, 1)=1, f(2,2)=2
Does
2013-03-08 Institute for Applied Information Processing and Communications
Examples
Satisfiable FO formulae is sat
means there is a model:• there is a non-empty domain D for x, y
for example, D={1,2}• there is predicate P, function :
for example, i.e. P(1,2)=true, P(2,.)=false for example, , i.e.
such that
Valid FO formulae
is validiff it is satisfied by any model
Let us check for example the model:• D={1,2}• P={1,2}
i.e., P(1)=P(2)=T• function is any from {1,2} to {1,2}
Some facts about our world
• Gödel proved that every valid FO formula has a finite proof.
• Church-Turing proved that no algorithm exists that can decide if FO formula is invalid
proof
deductionalgorithm
FO formula
may never terminate
if valid
if invalid
Notion of “Theory”
Application Domain
Structures & Objects
Predicates &Functions
ArithmeticNumbers (Integers,
Rationals, Reals)
ComputerPrograms
Arrays, BitvectorsArray-Read,
Array-Write, …
Definition of a Theory
First-Order Theory :
1. Signature Constants Predicates Functions
2. Set of Axioms Sentences (=Formulas without free variables) with
symbols from only
-formula:(non-logic) symbols
from only
: possibly infinite
Example: Theory of Equality
• Signature
Binary equality predicate
Arbitrary constant symbols (no function/predicate symbols!)
• Axioms :
1. (reflexivity)
2. (symmetry)
3. (transitivity)
Model View
• We check satisfiability and validity only wrt models that satisfy axioms “Satisfiability modulo (=‘with respect to’) theories”
All possible Models
Models satisfying all axioms
-Satisfiability
• Green: Models Satisfying all Axioms• Violet: Models Satisfying Formula in Question
-Satisfiable
-Satisfiable
Not -Satisfiable
-Validity
• Green: Models Satisfying all Axioms• Violet: Models Satisfying Formula in Question
-Valid
-Valid
Not -Valid
Theory Formulas vs. FO Formulas
TheoryFormula
𝒜→𝝓 𝒜∧𝝓
equiv
alid
equisatisfiable
Fragment of a Theory
• Syntactically restricted subset
Quantifier-free fragment
Conjunctive fragment • e.g.:
Scope of Solvers
propositional logicSAT solvers
first order logic
theory of equality
difference logic
Theorem provers
SMT solvers
linear integer arithmetic
…
theory of arrays
Deciding Satisfiability (quantifier free theory): main methods
1. Eager Encoding
Equisatisfiable
propositional formula
one fat SAT call
2. Lazy Encoding
Theory Solver
Conjunctive Fragment
Blocking Clauses
numerous SAT calls
3. DPLL (T)
Example: Theory of Uninterpreted Functions and Equality
• Signature Binary equality predicate Arbitrary constant- and function-symbols
• Axioms :
1.-3. same as in (reflexivity), (symmetry), (transitivity)
4.
(function congruence)Axiom Schema: Template for (infinite number of) axioms
Two-Stage Eager Encoding
(quant.-free) formula
equisatisfiable formula
equisatisfiablepropositional formula
Ackermann’s Reduction
Graph-based Reduction
SAT Solver
Ackermann’s Reduction (from to
• Fresh Variables
, , ...
• Functional Constraints
• formula:
Perform Ackermann’s Reduction for
Graph-Based Reduction (from to propositional)
• Non-Polar Equality Graph
Node per variable
Edge per (dis)equality
• Make it chordal
No chord-free cycles (size > 3)
a
b
c
de
f
g
Graph-Based Reduction (from to propositional)
• Fresh Propositional Variables
Order!
• Triangle : Transitivity Constraints
𝒄 𝒃
𝒂
SAT Solver
Perform Graph-Based Reduction for
Summary: Eager Encoding
(quant.-free) formula
equisatisfiable formula
equisatisfiablepropositional formula
Ackermann’s Reduction
Graph-based Reduction
SAT Solver
𝝓𝑬=𝝓𝑭𝑪∧ �̂�𝑼𝑬
𝝓𝒑𝒓𝒐𝒑=𝝓𝑻𝑪∧ �̂�𝑬
Lazy Encoding
SAT Solver
Theory Solver
Assignment of Literals
Blocking Clause
𝒔𝒌𝒆𝒍 (𝝓)
SATUNSAT
Conjunctive (quant-free) Fragment of
• Conjunction of theory literals, where literals
are:
Congruence-Closure Algorithm
• Equivalence Classes introduce class for each term
: merge classes of into one larger class
two classes shared terms -- merge classes! (repeat)
from same class:
Merge classes of (repeat)
• Check Disequalities in same class: UNSAT!
Otherwise: SAT!
Perform Congruence Closure for
Lazy Encoding
SAT Solver
Theory Solver
Assignment of Literals
Blocking Clause
𝒔𝒌𝒆𝒍 (𝝓)
SATUNSAT
DPLL(T)
Decide
Start
full assignmentSAT
BCP/PL
partial assignment
Analyze Conflict
conflictUNSAT
Learn & Backtrack
Theory Solver Add Clauses
partial assignment
theory propagation / conflict
partial assignment
Scope of Solvers
propositional logicSAT solvers
first order logic
theory of equality
difference logic
Theorem provers
SMT solvers
linear integer arithmetic
…
theory of arrays
Summary
75
• Propositional SAT Problem DPLL
• First-Order Theories Examples:
• Satisfiability modulo theories Eager Encoding Lazy Encoding DPLL(T)
Self-check: learning targets
Institute for Applied Information Processing and Communications 76
• Explain Satisfiability Modulo Theories• Describe Theory of Uninterpreted Functions
and Equality• Explain and use
Ackermann’s Reduction Graph-based Reduction Congruence Closure DPLL DPLL(T)
• History of satisfiability: http://gauss.ececs.uc.edu/SAT/articles/FAIA185-0003.pdf
• SAT basics: http://gauss.ececs.uc.edu/SAT/articles/sat.pdf
• Conflict Driven Clause Learning: http://gauss.ececs.uc.edu/SAT/articles/FAIA185-0131.pdf
• Armin Biere’s slides: http://fmv.jku.at/rerise14/rerise14-sat-slides.pdf
• SAT game http://www.cril.univ-artois.fr/~roussel/satgame/satgame.php?level=1&lang=eng
• Logic and Computability classes by Georg http://www.iaik.tugraz.at/content/teaching/bachelor_courses/logik_und_berechenbarkeit/ Institute for Applied Information Processing and Communications
some reading