cmu, oct 4 dpll-based checkers for satisfiability modulo theories cesare tinelli department of...
TRANSCRIPT
CMU, Oct 4
DPLL-based Checkers for Satisfiability Modulo
Theories
Cesare TinelliDepartment of Computer Science
The University of Iowa
Joint work with
Jed Hagen (Iowa) Robert Nieuwenhuis, Albert Oliveras (TUC)
CMU, Oct 4
Talk Plan Propositional satisfiability and the DPLL
procedure
A calculus for DPLL
Satisfiability modulo theories
The DPLL(T1,…Tn) calculus
Implementing the DPLL(T1,…Tn) calculus
Some experimental results
CMU, Oct 4
Background Propositional satisfiability (SAT) is one of the
most fundamental problems in AI and CS.
SAT is decidable, but it is NP-complete.
An effective method for SAT was pioneered by Davis, Putman, Logemann, and Loveland (DPLL).
The best modern SAT solvers (Chaff, Berkmin, Siege, …) are based on DPLL.
CMU, Oct 4
The DPLL Procedure as a Calculus
|Λ − Φ
Context(partial assignment)
{ } { }literals clausesΛ = Φ =
CMU, Oct 4
The DPLL Calculus
( ) | ,if
|
l Cl
Λ − Φ ∨∈Λ
Λ − Φsubsume
( ) | ,if
| ,
l Cl
C
Λ − Φ ∨∈Λ
Λ − Φresolve
( ) | ,if
|
Λ − Φ ⊥Φ ≠ ∅
Λ − ⊥close
{ } { }
, literal , empty clause , clause
literals clauses
l C
Λ = Φ =⊥
CMU, Oct 4
The DPLL Calculus (cont.)
( ) | ,if
, | ,
ll
l l l
∉Λ⎧Λ − Φ ⎪⎨
Λ − Φ ∉Λ⎪⎩assert
( )( )
|if
, | , |
l Lits
ll l
l
⎧∈ ΦΛ − Φ ⎪∉Λ⎨
Λ − Φ Λ − Φ ⎪ ∉Λ⎩
split
Lits(Φ) = { all atoms in Φ and their negation }
CMU, Oct 4
Correctness of DPLL
Φ = { propositional clauses }
Prop. Every derivation tree of |- Φ is finite.
Prop. Φ is satisfiable iff |- Φ has a derivation tree with a successful branch.
CMU, Oct 4
Talk Plan Propositional satisfiability and the DPLL
procedure
A calculus for DPLL
Satisfiability modulo theories
The DPLL(T1,…Tn) calculus
Implementing the DPLL(T1,…Tn) calculus
Some experimental results
CMU, Oct 4
DPLL-based methods can also decide the satisfiability of quantifier-free, first-order formulas
Often, however, one is interested in the satisfiability of a quantifier-free formula in a given FO theory T– Example: Is R(a,b) R(b,c) R(a,c) satisfiable?
What if R stands for a transitive relation?
Applications: planning, scheduling, verification, compiler optimization, …
Satisfiability Modulo Theories
CMU, Oct 4
Current approaches:
Eager translation into SAT– Encode problem and theory into an
equisatisfiable propositional formula– Feed formula to a SAT-solver
Lazy “translation” into SAT– Couple a SAT solver with a decision
procedure for the theory
Checking Satisfiability Modulo Theories
CMU, Oct 4
Fact: Many theories of interest have (efficient) decision procedures for sets of literals.
Problem: in practice, dealing with Boolean combinations of literals is as hard as in the propositional case.
Solution: use propositional satisfiability technology for the Boolean part.
Idea of Lazy Approach
CMU, Oct 4
1 2 3 4
1.
( 1 ) (( ) ( ) ( ))
Abstract into Propositional Logic:
x x x z y x z y x z
p p p p
+ < ∨ = + ∧ = − ∧ ≠↓ ↓ ↓
∨ ∧ ∧¬
Previous Lazy Approaches [Ar00,Aud02,Ba02,deM02,…]
1.
( 1 ) (( ) ( ) ( ))
Abstract into Propositional Logic:
x x x z y x z y x z+ < ∨ = + ∧ = − ∧ ≠
1 1 2 2 3 4{ } { , , }
2. Get propositional model(s) from SAT solver:
M p M p p p= = ¬
1
2
{ 1 }
{ , , }
T
M x x T T
M x z y x z y x z T
= + <= = + = − ≠
3. Use dec. procedure to check model against :
-unsat. (with = real numbers)
-unsat.
CMU, Oct 4
Our Approach [Tin02, ON03]
Embed decision procedures into the SAT solver.
More abstractly:
Embed decision procedures into the DPLL Calculus.
CMU, Oct 4
The DPLL(T) Calculus
- - -
{ - } { - - }
T background theory signature of T
l literal C quantifier free clause
literals quantifier free clauses
= Σ ==Σ = Σ
Λ = Σ Φ = Σ
| T lΛ =iff
every model of T that satisfies Λ also satisfies l
Checked by decision
procedure for T
CMU, Oct 4
The DPLL(T) Calculus
: = theory of real numbers,
{ , 0 } | T
T
z x x y z y= − > = >
Example
- - -
{ - } { - - }
T background theory signature of T
l literal C quantifier free clause
literals quantifier free clauses
= Σ ==Σ = Σ
Λ = Σ Φ = Σ
CMU, Oct 4
The DPLL(T) Calculus
( )( )
|- if |
, |,T
l Lits
T ll
l l
∈ Φ⎧Λ − Φ ⎪
Λ =⎨Λ − Φ ⎪∉Λ ∉Λ⎩
assert
All the DPLL rules plus:
( ) |- if |
| TTΛ − Φ
Λ = ⊥⊥ − Φ
close
CMU, Oct 4
Correctness of DPLL(T)
Φ = {quantifier-free clauses in T’s signature}
Prop. Every derivation tree of |- Φ is finite.
Prop. Φ is T-satisfiable iff |- Φ has a derivation tree with a successful branch.
CMU, Oct 4
Satisfiability Modulo Multiple Theories Let T1,…, Tn be distinct theories with
resp. decision procedures P1,…,Pn
How can we reason over all of them with DPLL(T)?
Quick Solution: – Combine P1,…,Pn with the Nelson-Oppen
method into a decision procedure for T1 … Tn
– Use DPLL(T) with T = T1 … Tn
CMU, Oct 4
Satisfiability Modulo Multiple Theories Let T1,…, Tn be distinct theories with
resp. decision procedures P1,…,Pn
How can we reason over all of them with DPLL(T)?
Better Solution: – Embed the Nelson-Oppen method
directly into the calculus
– Turn DPLL(T) into DPLL(T1,…,Tn )
CMU, Oct 4
The DPLL(T1,…,Tn) Calculus: Preliminaries Let n=2, for simplicity
Let Ti be a theory of signature Σi for i=1,2, with Σ1 Σ2 =
Assume wlog that each input literal has signature Σ1 or Σ2 (no mixed literals)
CMU, Oct 4
The DPLL(T1,…,Tn) Calculus: Notation
Lits(Φ, i) = {Σi-atoms in Φ and their negation}
Λi = { Σi-literals of Λ }
Λs = { x = y | x, y vars(Λ1) vars(Λ2) }
CMU, Oct 4
The DPLL(T1,…,Tn) Calculus
All the DPLL rules but with new
Only change
CMU, Oct 4
The DPLL(T1,…,Tn) Calculus (cont.)
( )( , )
|- if |
, |,
i
s
ii T
l Lits i
T ll
l l
⎧∈ Φ ∪Λ⎪Λ − Φ
Λ =⎨Λ − Φ ⎪
∉Λ ∉Λ⎩
assert
New theory rules (i=1,2):
( ) |- if |
| i
ii TT
Λ − ΦΛ = ⊥
⊥ − Φclose
CMU, Oct 4
Correctness of DPLL(T1,…,Tn)
Φ = { quantifier-free clauses in (T1...Tn)’s signature }
Prop. If T1, …, Tn are• stably-infinite and• pairwise signature-disjoint
then Φ is (T1...Tn)-satisfiable iff |- Φ has a derivation tree with a successful branch.
A theory T is stably infinite iff every T-satisfiable qff is satisfiable in an infinite model of T
A theory T is stably infinite iff every T-satisfiable qff is satisfiable in an infinite model of T
CMU, Oct 4
Talk Plan Propositional satisfiability and the DPLL
procedure
A calculus for DPLL
Satisfiability modulo theories
The DPLL(T1,…Tn) calculus
Implementing the DPLL(T1,…Tn) calculus
Some experimental results
CMU, Oct 4
Making DPLL Efficient
Literal selection strategies
Intelligent backtracking (backjumping)
Learning (lemma generation)
CMU, Oct 4
Making DPLL(T1,…,Tn) Efficient
T-based literal selection strategies
T-based intelligent backtracking
T-based learning
CMU, Oct 4
Implementing DPLL(T1,…,Tn)
In theory,
it suffices to have decision procedures Pi s.t.
Pi({l1, …, ln}) = true
iff
{l1, …, ln} is Ti-unsatisfiable
In practice,
it is better if to have a solver for each Ti with additional functionalities
CMU, Oct 4
Ti-solver Interface
type status = Valid | Unsat | Undeftype lit = sign * pred
Class Solver { attr context : lit list
meth status : pred status meth explanation : pred lit set meth assert : lit lit set meth backtrack : int unit}
CMU, Oct 4
Ti-solver Specification
type status = Valid | Unsat | Undeftype lit = sign * pred
Class Solver { attr context : lit list … meth status (p : pred) : status ensures result = Valid <=> context |=T p & result = Unsat <=> context |=T ~p …}
CMU, Oct 4
Ti-solver Specification
type status = Valid | Unsat | Undeftype lit = sign * pred
Class Solver { attr context : lit list … meth explanation (p : pred) : lit set requires status(p) != Undef ensures result context & status(p) = Valid => result |=T p & status(p) = Unsat => result |=T ~p …}
CMU, Oct 4
Ti-solver Specification
type status = Valid | Unsat | Undeftype lit = sign * pred
Class Solver { attr context : lit list … meth assert ((sign,p) : lit) : lit set requires status(p) = Undef ensures context’ = (sign,p)::context & (sign,p) result & forall (lit result) context’ |=T lit & not(context |=T lit) …}
CMU, Oct 4
Ti-solver Specification
type status = Valid | Unsat | Undeftype lit = sign * pred
Class Solver { attr context : lit list … meth backtrack (n : int) : unit requires 1 <= n & n <= length(context) ensures context = lit1:: … ::litn::context’ …}
CMU, Oct 4
Talk Plan Propositional satisfiability and the DPLL
procedure
A calculus for DPLL
Satisfiability modulo theories
The DPLL(T1,…Tn) calculus
Implementing the DPLL(T1,…Tn) calculus
Some experimental results
CMU, Oct 4
Experimental Results
T = theory of successor and predecessor + free symbols
p(s(x)) = xs(p(x)) = xp(x) = p(y) => x = ys(x) = s(y) => x = y0 pn(x) (for each n > 0)0 sn(x) (for each n > 0)pn(x) pm(x) (for each m,n with m > n > 0)sn(x) sm(x) (for each m,n with m > n > 0)
Popular in hardware verification
CMU, Oct 4
Experimental Results
T-solver based on a novel congruence closure algorithm [ON03]
DPLL(T) engine with:
– Chaff-style literal selection function– 2-watched literal unit propagation– conflict set-based backjumping– 1st-UIP lemma generation
C implementation
CMU, Oct 4
Experimental Results
Benchmarks produced with UCLID tool [BLJ02]
Comparisons with – SVC
– 4 SAT-translation methods by Bryant et al.
Machine: Pentium IV, 2.63 GHz, 512MB RAM Times in seconds, with timeout at 6000s
CMU, Oct 4
See external table
CMU, Oct 4
Conclusions
DPLL(T1,…,Tn) is a sound and complete
calculus for satisfiability modulo T1…Tn.
General framework for integrating decision procedures into the DPLL method.
Decision procedures drive the derivation instead of just validating solutions.
Major optimization techniques from SAT can be lifted to DPLL(T1,…,Tn).
Initial experimental results are very promising
CMU, Oct 4
Further Work (in Progress)
New version of the DPLL(T) calculus, to model more accurately modern SAT engines
Non-clausal version of DPLL(T)
Implementation with more theories
A DPLL(T)-based system for solving integer linear programming (optimization) problems