Practical Proof Systems for SAT and QBF Marijn J.H. Heule Dagstuhl - - PowerPoint PPT Presentation

1/47

Practical Proof Systems for SAT and QBF

Marijn J.H. Heule Dagstuhl Seminar on SAT and Interactions September 20, 2016

2/47

Introduction to SAT and QBF Proof Checking Clausal Proof Systems for SAT and QBF Abstract Proof System for SAT Inprocessing Clausal Proofs for QBF Preprocessing From Clausal Proofs to Skolem Functions Future Directions and Conclusions

3/47

SAT and QBF solving have many applications...

formal verification planning graph theory combinatorics bioinformatics cryptography train safety rewrite termination

encode decode solver

..., but how can we be sure that their results are correct?

4/47

Motivation for validating unsatisfiability proofs

Satisfiability solvers are used in amazing ways...

◮ Hardware and software verification (Intel and Microsoft) ◮ Hard-Combinatorial problems:

◮ van der Waerden numbers

[Dransfield, Marek, and Truszczynski, 2004; Kouril and Paul, 2008]

◮ Gardens of Eden in Conway’s Game of Life

[Hartman, Heule, Kwekkeboom, and Noels, 2013]

◮ Erdős Discrepancy Problem

[Konev and Lisitsa, 2014]

..., but SAT solvers may have errors and only return yes/no.

◮ Documented bugs in SAT, SMT, and QBF solvers

[Brummayer and Biere, 2009; Brummayer et al., 2010]

◮ Implementation errors often imply conceptual errors ◮ Proofs now mandatory for the annual SAT Competitions. ◮ Mathematical results require a stronger justification than a

simple yes/no by a solver. UNSAT must be checkable.

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula Proof

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula

≡

Proof

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula

≡ ≡

Proof

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula

≡ ≡ ≡

Proof

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula

≡ ≡ ≡ ≡

Proof

5/47

Proofs and Refutations

A clause C is solutions-preserving with respect to a formula F if all solutions of F satisfy C (denoted by ≡). A proof trace is a sequence of solutions-preserving clauses. Solutions-preserving should be checkable in polynomial time.

Formula

≡ ≡ ≡ ≡

⊥ Proof

A refutation is a proof trace containing the empty clause, ⊥.

6/47

Forward versus Backward Proof Checking

• riginal formula

backward checking forward checking ⊥

7/47

Solutions-Preserving Modulo x

Let ϕ be an assignment and x a literal. We denote with ϕ ⊗ x a copy of ϕ in which the assignment to x is flipped. If ϕ does not assign x, then ϕ ⊗ x assigns x to true. A clause C is solutions-preserving modulo x (SPMx) with respect to a formula F if and only if for every solution ϕ of F, ϕ or ϕ ⊗ x satisfies F and C. Example Consider the formula F = (x ∨ y) ∧ (x ∨ ¯ y). The clause (¯ x ∨ y) is solutions-preserving modulo y with respect to F. F has two solutions ϕ1 := {x = 1, y = 1} and ϕ2 := {x = 1, y = 0}. ϕ1 satisfies C (and F) and ϕ2 ⊗ y satisfies F and C. All techniques in state-of-the-art SAT solvers can be expressed using SPMx steps [Järvisalo, Heule, and Biere 2012].

8/47

Introduction to QBF

A quantified Boolean formula (QBF) is a propositional formula where variables are existentially (∃) or universally (∀) quantified. Consider the formula ∀a ∃b, c.(a ∨ b) ∧ (¯ a ∨ c) ∧ (¯ b ∨ ¯ c) A model is:

a b b c c

⊤ ⊤

1 1 1

Consider the formula ∃b ∀a ∃c.(a ∨ b) ∧ (¯ a ∨ c) ∧ (¯ b ∨ ¯ c) A counter-model is:

b a a

⊥

c

⊥ ⊥

1 1 1

9/47

Motivation for our QBF Proof System

Lots of “discrepancies” and unique results in QBF solvers:

◮ i.e., results that disagree with the majority of solvers.

To gain confidence in QBF results they need to be validated:

◮ existing methods cannot validate some QBF preprocessing.

QBF preprocessing is crucial for fast performance:

◮ most state-of-the-art solvers use the preprocessor bloqqer; ◮ current methods can produce exponentially large proofs or

require exponential checking time in worst case;

◮ some techniques cannot be checked with these methods.

10/47

Clause Deletion and Satisfaction

A clause C is unsatisfiability-preserving with respect to a formula F if C does not occur in all unsatisfiable cores of F (denoted by ≡

U N S).

A satisfaction trace is a sequence of unsatisfiability-preserving clause eliminations. Unsatisfiability-preserving should be checkable in polynomial time.

Formula 1 2 3 4 3 1 4 2 Proof

10/47

Clause Deletion and Satisfaction

A clause C is unsatisfiability-preserving with respect to a formula F if C does not occur in all unsatisfiable cores of F (denoted by ≡

U N S).

A satisfaction trace is a sequence of unsatisfiability-preserving clause eliminations. Unsatisfiability-preserving should be checkable in polynomial time.

Formula 1 2 3 4

≡

U N S

1 2 3 4 3 1 1 4 2 Proof

10/47

Clause Deletion and Satisfaction

A clause C is unsatisfiability-preserving with respect to a formula F if C does not occur in all unsatisfiable cores of F (denoted by ≡

U N S).

A satisfaction trace is a sequence of unsatisfiability-preserving clause eliminations. Unsatisfiability-preserving should be checkable in polynomial time.

Formula 1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

1 2 3 4 3 1 1 4 4 2 Proof

10/47

Clause Deletion and Satisfaction

A clause C is unsatisfiability-preserving with respect to a formula F if C does not occur in all unsatisfiable cores of F (denoted by ≡

U N S).

A satisfaction trace is a sequence of unsatisfiability-preserving clause eliminations. Unsatisfiability-preserving should be checkable in polynomial time.

Formula 1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

1 2 3 4 3 1 1 4 4 2 2 Proof

10/47

Clause Deletion and Satisfaction

A clause C is unsatisfiability-preserving with respect to a formula F if C does not occur in all unsatisfiable cores of F (denoted by ≡

U N S).

A satisfaction trace is a sequence of unsatisfiability-preserving clause eliminations. Unsatisfiability-preserving should be checkable in polynomial time.

Formula 1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

1 2 3 4

≡

U N S

3 1 1 4 4 2 2 Proof

A proof of satisfaction removes all clauses, including all added: the formula is unsatisfiability-equivalent to the empty formula. Clause deletion also reduces the costs to check proofs.

11/47

Clausal Proof Systems for SAT and QBF

12/47

Ideal Properties of a Proof System for SAT Solvers

Easy to Emit Compact Checked Efficiently Expressive Resolution Proofs

Zhang and Malik, 2003 Van Gelder, 2008; Biere, 2008

Clausal Proofs

Goldberg and Novikov, 2003 Van Gelder, 2008

Clausal proofs + clause deletion

Heule, Hunt, Jr., and Wetzler [STVR 2014]

Optimized clausal proof checker

Heule, Hunt, Jr., and Wetzler [FMCAD ’13]

Clausal RAT proofs

Heule, Hunt, Jr., and Wetzler [CADE 2013]

RAT proofs + clause deletion

Wetzler, Heule, and Hunt, Jr. [SAT 2014]

13/47

Clausal Proof System

(π.)ψ

Learn: add a clause * Preserve satisfiability Forget: remove a clause * Preserve unsatisfiablity Satisfiable * Forget last clause Unsatisfiable * Learn empty clause init

14/47

Abstract Proof System for SAT Inprocessing

joint work with Matti Järvisalo and Armin Biere

15/47

Inprocessing: Advantages

Interleave burst of preprocessing-style inference steps with conflict-driven clause-learning search Combine various preprocessing techniques

◮ Variable elimination, subsumption, self-subsuming resolution, failed

literals, equivalent literals, blocked clause elimination, hidden tautology elimination, unhiding, . . .

Lingeling ats [Biere, 2013] SAT Competition 2013 Applications SAT+UNSAT instances

300 instances, 1-h timeout per instance Configuration #solved SAT UNSAT flags default 182 90 92 no inprocessing 158 89 69 –inprocessing=0 no pre/inprocessing 144 80 64 –plain=1

16/47

Abstract Inprocessing

Characterize inprocessing solving as a transition system State ϕ [ ρ ] σ

◮ ϕ: current “irredundant” clauses ◮ ρ: current “redundant” clauses ◮ ϕ and ϕ ∧ ρ are satisfiability-equivalent, ϕ |

= ρ is not required

◮ σ: sequence of literal-clause pairs l:C for model reconstruction

Legal next states ϕ′ [ ρ′ ] σ′

• f ϕ [ ρ ] σ expressed by rules:

ϕ [ ρ ] σ ϕ′ [ ρ′ ] σ′

17/47

The Rules

Learn ϕ [ ρ ] σ ϕ [ ρ ∧ C ] σ ♯ Forget ϕ [ ρ ∧ C ] σ ϕ [ ρ ] σ Strengthen ϕ [ ρ ∧ C ] σ ϕ ∧ C [ ρ ] σ Weaken ϕ ∧ C [ ρ ] σ ϕ [ ρ ∧ C ] σ ∪ l:C ♭ Learn new redundant clause C to ρ.

◮ Generic precondition ♯: ϕ ∧ ρ and ϕ ∧ ρ ∧ C

are satisfiability-equivalent. Forget redundant clause C from ρ. Strengthen ϕ by making redundant C irredundant Weaken ϕ by making irredundant C redundant

◮ Generic precondition ♭:

ϕ and ϕ ∧ C are satisfiability-equivalent.

◮ A sound and complete proof system

18/47

Intuition why Learn has to take redundancy into account

Learn ϕ [ ρ ] σ ϕ [ ρ ∧ C ] σ ♯

◮ Q: Could the precondition ♯ of Learn

“ϕ ∧ ρ and ϕ ∧ ρ ∧ C are satisfiability-equivalent” be weakened to “ϕ and ϕ ∧ C are satisfiability-equivalent” i.e., must the redundant clauses be taken into account for Learn?

◮ A: ρ is essential: ignoring ρ breaks main invariant ϕ sat-eq ϕ ∧ ρ

◮ Consider F = (a).

• 1. Initial state (a) [∅]
• 2. Obtain ∅ [(a)] a:(a) through Weaken.
• 3. In case ρ were ignored in ♯:

apply Learn and derive ∅ [(a) ∧ (¯ a)] a:(a).

◮ Does not preserve satisfiability: (a) ∧ (¯

a) is unsatisfiable.

19/47

Towards Practice: Instantiating the Rules

The generic preconditions ♯ and ♭ for Learn and Weaken are impractical: checking satisfiablity-equivalence is NP-complete In practice: procedures are based on polynomial-time computable redundancy properties Moreover: a single polynomial-time computable clause redundancy property is enough for a generic system!

◮ RAT: resolution asymmetric tautologies

20/47

Relationship between Redundancy Properties

T RUP (AT) CDCL learning DP resolution subsumption RAT extended learning bounded variable addition RT extended resolution blocked clauses

preserve logical equivalence preserve satisfiability

All known techniques can be expressed using RAT [IJCAR’12]

21/47

RAT: Resolution Asymmetric Tautologies

Clause C has AT (Asymmetric Tautology) w.r.t. F \ C iff unit propagation derives a conflict in (F \ C) ∧ ¬C.

◮ E.g. (a ∨ b) has AT w.r.t. (a ∨ c) ∧ (¯

c ∨ ¯ d) ∧ (b ∨ d)

◮ Tautologies have AT

Clause C has RAT (Resolution Asymmetric Tautology) w.r.t. F \ C iff

◮ there exists a literal l ∈ C such that

for each clause C ′ ∈ F with ¯ l ∈ C ′ clause (C ′ \ ¯ l) ∪ C has AT w.r.t. F \ C.

◮ E.g. (a) has RAT w.r.t. (a ∨ b) ∧ (¯

a ∨ c) ∧ (¯ b ∨ c)

◮ Clauses with AT w.r.t. F have RAT w.r.t. F

22/47

Capturing Inprocessing Solvers using RAT

Learn ϕ [ ρ ] σ ϕ [ ρ ∧ C ] σ ♯ Forget ϕ [ ρ ∧ C ] σ ϕ [ ρ ] σ Strengthen ϕ [ ρ ∧ C ] σ ϕ ∧ C [ ρ ] σ Weaken ϕ ∧ C [ ρ ] σ ϕ [ ρ ∧ C ] σ ∪ l:C ♭ Polynomial-time computable preconditions:

♯: C has RAT w.r.t. ϕ ∧ ρ. ♭: C has RAT (on l) w.r.t. ϕ.

◮ Simulates generally used inprocessing techniques

◮ Pure literal elimination, clause elimination (including subsumption, blocked

clause elimination, . . . ), clause addition, variable elimination, hyper-binary resolution, self-subsuming resolution, equivalent literal reasoning, hidden literal elimination, clause learning, extended resolution, . . .

◮ Has a unifying linear-time model reconstruction algorithm

covering all these techniques

23/47

Example of incorrect clause elimination

Idea: eliminate C if it is redundant w.r.t. ϕ ∧ ρ.

◮ This would allow using redundant learned clauses in ρ,

which can later be forgotten, for weakening ϕ. Bad Idea:

◮ Consider ρ0 = ∅ and the minimally unsatisfiable formula

ϕ0 = (a ∨ ¯ b) ∧ (¯ a ∨ b) ∧ (¯ a ∨ ¯ b) ∧ (a ∨ b ∨ c) ∧ (a ∨ b ∨ ¯ c)

◮ The clause (a ∨ b) has AT w.r.t. ϕ0 ◮ Applying Learn gives ϕ1 = ϕ0 and ρ1 = (a ∨ b). ◮ (a ∨ b) ∈ ρ1 subsumes (a ∨ b ∨ c) ∈ ϕ1 ◮ Weaken would give ϕ2 = ϕ1 \ (a ∨ b ∨ c) ◮ However, ϕ2 is satisfiable!

Fixed Idea: The clauses in ρ cannot be used to eliminate clauses in ϕ

◮ First move the desired clauses from ρ to ϕ (Strengthen)

24/47

Examples: Simulating Resolution and More

Resolution and Clause Learning

◮ For any ϕ, (C ∨ D) is an AT w.r.t. ϕ ∧ (C ∨ x) ∧ (D ∨ ¯

x)

◮ Thus (C ∨ D) can be learned by applying Learn.

⇒ Covers resolution-based techniques such as hyper-binary resolution

Extended resolution

◮ Extension rule: Introduce fresh definitions of the form x ≡ a ∧ b

i.e. the CNF formula (x ∨ ¯ a ∨ ¯ b) ∧ (¯ x ∨ a) ∧ (¯ x ∨ b)

◮ Simulation:

• 1. (x ∨ ¯

a ∨ ¯ b) has RAT on x w.r.t. ϕ ∧ ρ (Learn);

• 2. (¯

x ∨ a) and (¯ x ∨ b) have RAT on ¯ x w.r.t. ϕ ∧ (x ∨ ¯ a ∨ ¯ b) ∧ ρ (Learn)

Bounded Variable Elimination

◮ Perhaps the most important SAT preprocessing technique ◮ Generate all resolvents w.r.t. variable x, then forget all antecedents ◮ Simulation:

• 1. Learn and Strengthen resolvents; 2. Weaken and Forget antecedents

25/47

Model Reconstruction

Weaken may introduce new models Weaken ϕ ∧ C [ ρ ] σ ϕ [ ρ ∧ C ] σ ∪ l:C ♭ Given a model τ for the current ϕ:

1

while σ is not empty do

2

remove the last literal-clause pair l:C from σ

3

if C is not satisfied by τ then τ := (τ \ {l = 0}) ∪ {l = 1}

4

return τ

26/47

Clausal Proofs for QBF Preprocessing

joint work with Martina Seidl and Armin Biere

27/47

QBF Preprocessing

Preprocessing is crucial to solve most QBF instances efficiently.

Results of DepQBF w/ and w/o bloqqer on QBF Eval 2012

200 400 600 800 1000 1200 20 40 60 80 100 120 140 160 180 200

CPU time (seconds) Number of solved instances

w/o preprocessing w/ preprocessing

28/47

QBF Preprocessing

Preprocessing is crucial to solve most QBF instances efficiently. There exists lots of techniques. The most important ones are:

◮ tautology elimination, subsumption, universal reduction,

existential pure literal elimination, strengthening, blocked clause elimination, unit literal elimination, universal pure literal elimination, covered literal addition, variable elimination, and universal expansion. Existing methods and proof formats have shortcomings:

◮ some techniques require exponentially-sized proofs; and ◮ for some other techniques, it is not even known whether

• ne can construct such a proof.

29/47

Challenges for Quantified Boolean Formulas (QBF)

Preprocessing is crucial to solve most QBF instances efficiently. Proofs are useful for applications and to validate solver output. Main challenges regarding QBF and preprocessing [Janota’13]:

• 1. produce proofs that can be validated in polynomial time;
• 2. develop methods to validate all QBF preprocessing; and
• 3. narrow the performance gap between solving with and

without proof generation. In our IJCAR’14 paper [1], we meet all three challenges!

[1] Marijn J. H. Heule, Matina Seidl and Armin Biere: A Unified Proof System for QBF Preprocessing. IJCAR 2014, LNCS 8562, pp 91-106 (2014)

30/47

QRAT: Quantified Resolution Asymmetric Tautologies

Clause C has AT (Asymmetric Tautology) w.r.t. ψ \ {C} iff unit propagation derives a conflict in (ψ \ {C}) ∧ ¬C.

◮ E.g. (a ∨ b) has AT w.r.t. (a ∨ c) ∧ (¯

c ∨ ¯ d) ∧ (b ∨ d)

◮ Tautologies have AT

Clause C has QRAT (Quantified Resolution Asymmetric Tautology) w.r.t. ψ \ {C} under π iff

◮ there exists a literal l ∈ C such that

for each clause D ∈ ψ with ¯ l ∈ D clause {k | k ∈ D, k <π ¯ l} ∪ C has AT w.r.t. ψ \ C.

◮ E.g. (a) has QRAT w.r.t.

∀b, c∃a.(a ∨ b) ∧ (¯ a ∨ c) ∧ (¯ b ∨ c)

◮ Clauses with AT w.r.t. ψ have QRAT w.r.t. ψ

31/47

Rules of the QRAT Proof System

Rule Preconditions Postconditions (N1) π.ψ π.ψ\{C} C is an asymmetric tautology (N2) π.ψ π′.ψ ∪ {C} C is an asymmetric tautology π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (E1) π.ψ π.ψ\{C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ (E2) π.ψ π′.ψ ∪ {C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (U1) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has QRAT on l w.r.t. ψ (U2) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has EUR on l w.r.t. ψ

32/47

Informal QRAT Example

Consider the false QBF formula π.ψ:

∀a∃b∀c∃d.(a ∨ c ∨ d) ∧ (¯ a ∨ b ∨ ¯ d) ∧ (¯ b ∨ ¯ d) ∧ (a ∨ ¯ b ∨ c) ∧ (b ∨ ¯ c)

Clause C has QRAT on l w.r.t. π.ψ if:

◮ assign all literals in C to false; ◮ apply unit propagation; ◮ check whether all D with ¯

l ∈ D are satisfied on a literal k <π l. ∀a ∃b ∀c ∃d a c d ¯ a b ¯ d ¯ b ¯ d a ¯ b c b ¯ c

32/47

Informal QRAT Example

Consider the false QBF formula π.ψ:

∀a∃b∀c∃d.(a ∨ c ∨ d) ∧ (¯ a ∨ b ∨ ¯ d) ∧ (¯ b ∨ ¯ d) ∧ (a ∨ ¯ b ∨ c) ∧ (b ∨ ¯ c)

Clause C has QRAT on l w.r.t. π.ψ if:

◮ assign all literals in C to false; ◮ apply unit propagation; ◮ check whether all D with ¯

l ∈ D are satisfied on a literal k <π l. ∀a ∃b ∀c ∃d a c d ¯ a b ¯ d ¯ b ¯ d a ¯ b c b ¯ c

32/47

Informal QRAT Example

Consider the false QBF formula π.ψ:

∀a∃b∀c∃d.(a ∨ c ∨ d) ∧ (¯ a ∨ b ∨ ¯ d) ∧ (¯ b ∨ ¯ d) ∧ (a ∨ ¯ b ∨ c) ∧ (b ∨ ¯ c)

Clause C has QRAT on l w.r.t. π.ψ if:

◮ assign all literals in C to false; ◮ apply unit propagation; ◮ check whether all D with ¯

l ∈ D are satisfied on a literal k <π l. ∀a ∃b ∀c ∃d a c d ¯ a b ¯ d ¯ b ¯ d a ¯ b c b ¯ c Clause (a ∨ c ∨ d) has QRAT on d and can thus be removed.

32/47

Informal QRAT Example

Consider the false QBF formula π.ψ:

∀a∃b∀c∃d.(a ∨ c ∨ d) ∧ (¯ a ∨ b ∨ ¯ d) ∧ (¯ b ∨ ¯ d) ∧ (a ∨ ¯ b ∨ c) ∧ (b ∨ ¯ c)

Clause C has QRAT on l w.r.t. π.ψ if:

◮ assign all literals in C to false; ◮ apply unit propagation; ◮ check whether all D with ¯

l ∈ D are satisfied on a literal k <π l. ∀a ∃b ∀c ∃d ¯ a b ¯ d ¯ b ¯ d a ¯ b c b ¯ c Clause (a ∨ c ∨ d) has QRAT on d and can thus be removed.

32/47

Informal QRAT Example

Consider the false QBF formula π.ψ:

∀a∃b∀c∃d.(a ∨ c ∨ d) ∧ (¯ a ∨ b ∨ ¯ d) ∧ (¯ b ∨ ¯ d) ∧ (a ∨ ¯ b ∨ c) ∧ (b ∨ ¯ c)

Clause C has QRAT on l w.r.t. π.ψ if:

◮ assign all literals in C to false; ◮ apply unit propagation; ◮ check whether all D with ¯

l ∈ D are satisfied on a literal k <π l. ∀a ∃b ∀c ∃d ¯ a b ¯ d ¯ b ¯ d a ¯ b c b ¯ c Clause (a ∨ c ∨ d) has QRAT on d and can thus be removed. Clause (a ∨ ¯ b ∨ c) has QRAT on c and can be strengthened.

33/47

Main Theoretical Result

We defined one Forget, one Learn, and two Strengthen rules:

◮ The rules are based on a redundancy property called QRAT ◮ The property QRAT can be computed in polynomial time

We showed that all QBF preprocessing techniques can be translated into a sequence of these Learn and Forget rules

◮ Our proof system can be used to validate all techniques ◮ The validation costs is similar to solving costs

Example ∀x1..xn∃y1..yn.(x1 ∨ ¯ y1) ∧ (¯ x1 ∨ y1)..(xn ∨ ¯ yn) ∧ (¯ xn ∨ yn)

◮ Our Forget rule can eliminate all clauses (linear time) ◮ A model for the formula is exponential in n

34/47

QBF: Universal Expansion Example

Universal expansion eliminates an innermost universal variable x by duplicating the formula inner to x. π∀x∃Y .ψ, C1 ∨ ¯ x, . . . , Ci ∨ ¯ x, D1 ∨ x, . . . , Dj ∨ x, E1, . . . , Ek π∃YY ′.ψ, C1, . . . , Ci, D′

1, . . . , D′ j, E1, . . . , Ek, E ′ 1, . . . , E ′ k

34/47

QBF: Universal Expansion Example

Universal expansion eliminates an innermost universal variable x by duplicating the formula inner to x. π∀x∃Y .ψ, C1 ∨ ¯ x, . . . , Ci ∨ ¯ x, D1 ∨ x, . . . , Dj ∨ x, E1, . . . , Ek π∃YY ′.ψ, C1, . . . , Ci, D′

1, . . . , D′ j, E1, . . . , Ek, E ′ 1, . . . , E ′ k

The true formula ∀a ∃b, c.(¯ a ∨ c) ∧ (a ∨ b) ∧ (¯ b ∨ ¯ c) can be expanded to: ∃b, c, b′, c′.(c) ∧ (b′) ∧ (¯ b ∨ ¯ c) ∧ (¯ b′ ∨ ¯ c′)

34/47

QBF: Universal Expansion Example

Universal expansion eliminates an innermost universal variable x by duplicating the formula inner to x. π∀x∃Y .ψ, C1 ∨ ¯ x, . . . , Ci ∨ ¯ x, D1 ∨ x, . . . , Dj ∨ x, E1, . . . , Ek π∃YY ′.ψ, C1, . . . , Ci, D′

1, . . . , D′ j, E1, . . . , Ek, E ′ 1, . . . , E ′ k

The true formula ∀a ∃b, c.(¯ a ∨ c) ∧ (a ∨ b) ∧ (¯ b ∨ ¯ c) can be expanded to: ∃b, c, b′, c′.(c) ∧ (b′) ∧ (¯ b ∨ ¯ c) ∧ (¯ b′ ∨ ¯ c′) The false formula ∃b ∀a ∃c.(¯ a ∨ c) ∧ (a ∨ b) ∧ (¯ b ∨ ¯ c) can be expanded to: ∃b, c, c′.(c) ∧ (b) ∧ (¯ b ∨ ¯ c) ∧ (¯ b ∨ ¯ c′)

35/47

QBF: Universal Expansion Example with QRAT

π∀x∃Y .ψ, C1 ∨ ¯ x, . . . , Ci ∨ ¯ x, D1 ∨ x, . . . , Dj ∨ x, E1, . . . , Ek π∃YY ′.ψ, C1, . . . , Ci, D′

1, . . . , D′ j, E1, . . . , Ek, E ′ 1, . . . , E ′ k

∀a ∃b, c.(¯ a ∨ c) ∧ (a ∨ b) ∧ (¯ b ∨ ¯ c) ∃b, c, b′, c′.(c) ∧ (b′) ∧ (¯ b ∨ ¯ c) ∧ (¯ b′ ∨ ¯ c′)

35/47

QBF: Universal Expansion Example with QRAT

π∀x∃Y .ψ, C1 ∨ ¯ x, . . . , Ci ∨ ¯ x, D1 ∨ x, . . . , Dj ∨ x, E1, . . . , Ek π∃YY ′.ψ, C1, . . . , Ci, D′

1, . . . , D′ j, E1, . . . , Ek, E ′ 1, . . . , E ′ k

∀a ∃b, c.(¯ a ∨ c) ∧ (a ∨ b) ∧ (¯ b ∨ ¯ c) ∃b, c, b′, c′.(c) ∧ (b′) ∧ (¯ b ∨ ¯ c) ∧ (¯ b′ ∨ ¯ c′)

Phase 1: Learn

• 1. (a ∨ b ∨ ¯

b′)

• 2. (a ∨ ¯

b ∨ b′)

• 3. (a ∨ c ∨ ¯

c′)

• 4. (a ∨ ¯

c ∨ c′)

• 5. (¯

a ∨ ¯ b ∨ ¯ c)

• 6. (a ∨ b′)
• 7. (a ∨ ¯

b′ ∨ ¯ c′) Phase 2: Forget

• 1. (a ∨ b)
• 2. (¯

b ∨ ¯ c)

• 3. (a ∨ b ∨ ¯

b′)

• 4. (a ∨ ¯

b ∨ b′)

• 5. (a ∨ c ∨ ¯

c′)

• 6. (a ∨ ¯

c ∨ c′) Phase 3: Strengthen

• 1. (¯

a ∨ c)

• 2. (a ∨ b′)
• 3. (¯

a ∨ ¯ b ∨ ¯ c)

• 4. (a ∨ ¯

b′ ∨ ¯ c′)

36/47

From Clausal Proofs to Skolem Functions

37/47

Introduction to Skolem functions for QBF

A Skolem function fx(Ux) for a QBF formula π.ψ defines the truth value of an existential variable x based on the set Ux of universal variables that occur earlier in the prefix than x Consider the formula ∀a ∃b, c.(a ∨ b) ∧ (¯ a ∨ c) ∧ (¯ b ∨ ¯ c) A model is:

a b b c c

⊤ ⊤

1 1 1

The set of Skolem functions F (defining all existentials) is F = {fb(a) = ¯ a, fc(a) = a} The set of Skolem functions can be much smaller than a model

38/47

Redundancy Concepts in the QRAT Proof System

Informal definitions of the redundancy concepts in the QRAT proof system. They can be computed in polynomial time. Definition (Asymmetric Tautologies (AT)) An asymmetric tautology is a clause that becomes a tautology after adding “hidden literals”. ATs are logically implied by a formula. Definition (Quantified Resolution AT (QRAT)) A quantified resolution AT is a clause that contains a literal for which all “outer resolvents” are ATs. Definition (Extended Universal Reduction (EUR)) A universal literal is redundant if assigning it to false cannot influence the value of universal literals.

39/47

Rules of the QRAT Proof System

Rule Preconditions Postconditions (N1) π.ψ π.ψ\{C} C is an asymmetric tautology (N2) π.ψ π′.ψ ∪ {C} C is an asymmetric tautology π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (E1) π.ψ π.ψ\{C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ (E2) π.ψ π′.ψ ∪ {C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (U1) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has QRAT on l w.r.t. ψ (U2) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has EUR on l w.r.t. ψ

39/47

Rules of the QRAT Proof System

Rule Preconditions Postconditions (N1) π.ψ π.ψ\{C} C is an asymmetric tautology (N2) π.ψ π′.ψ ∪ {C} C is an asymmetric tautology π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (E1) π.ψ π.ψ\{C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ (E2) π.ψ π′.ψ ∪ {C} C ∈ ψ, Q(π, l) = ∃ C has QRAT on l w.r.t. ψ π′ = π∃X with X = {x |x ∈vars(C), x ∈vars(π)} (U1) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has QRAT on l w.r.t. ψ (U2) π.ψ ∪ {C} π.ψ ∪ {C\{l}} l ∈C, Q(π, l) = ∀, ¯ l ∈ C, C has EUR on l w.r.t. ψ

Preserves Logical Equivalence Preserves Logical Equivalence Weakens the Formula Strengthens the Formula Strengthens the Formula Strengthens the Formula

40/47

Pseudo-Code of Skolem Function Computation

ComputeSkolem (prefix π, QRAT proof P)

1

let ψ be an empty formula

2

foreach existential variable e do fe(U) := ∗ // initialize F

3

while (P is not empty) do

4

rule R, clause C, literal l := P.pop()

5

if (R = E1) then

6

let e be var(l)

7

fe(U) := IfThenElse(F(OF(π, ψ, l))), polarity(l), fe(U))

8

if (R = E1 or R = N1) then // Forget rules

9

ψ := ψ ∪ {C}

10

if (R = E2 or R = N2) then // Learn rules

11

ψ := ψ \ {C}

41/47

Checks to Validate Skolem Functions

Two tests are required to validate Skolem functions:

• 1. Can we falsify a clause in formula ψ while satisfying the

Skolem functions F(U)? solve( ¯ ψ ∧ F(U)) = UNSAT?

• 2. Check that all Skolem functions depend only on universal

variables that occur earlier in the prefix. Problem: our method could create a Skolem function fx(Ux) := fy(Uy) with π(x) < π(y) Solution: convert Skolem functions to And-Inverter-Graphs (AIGs) and check for reachability.

42/47

Check Reachability in AIGs

Consider the formula π.ψ: ∀a∃b∀c∃d, e. (a ∨ b) ∧ (¯ a ∨ ¯ b ∨ d) ∧ (a ∨ c ∨ ¯ d) ∧ (a ∨ ¯ b ∨ ¯ e) ∧ (¯ a ∨ c ∨ e) ∧ (¯ c ∨ ¯ e) Skolem functions for π.ψ:

2 a 6 c 10 b d e

Our algorithm could have produced fb(a) := fd(a, c), but that is not problematic because fd(a, c) does not depend on c. How to simplify the circuit and preserve the dependencies?

43/47

Results Summary

Our approach was able to compute more Skolem functions for formulas that are solvable by preprocessing techniques only as no techniques had to be turned off.

10 100 1000 10000 100000 10 100 1000 10000 100000 bloqqer + RES + DepQBF bloqqer + QRAT

Above the diagonal: Skolem functions from QRAT proofs are smaller

44/47

Future Directions and Conclusions

45/47

All Work Done Regarding SAT Proof Checking? NO

Easy to Emit Compact Checked Efficiently Expressive Resolution Proofs

Zhang and Malik, 2003 Van Gelder, 2008; Biere, 2008

Clausal Proofs

Goldberg and Novikov, 2003 Van Gelder, 2008

Clausal proofs + clause deletion

Heule, Hunt, Jr., and Wetzler [STVR 2014]

Optimized clausal proof checker

Heule, Hunt, Jr., and Wetzler [FMCAD ’13]

Clausal RAT proofs

Heule, Hunt, Jr., and Wetzler [CADE 2013]

RAT proofs + clause deletion

Wetzler, Heule, and Hunt, Jr. [SAT 2014]

45/47

All Work Done Regarding SAT Proof Checking? NO

Easy to Emit Compact Checked Efficiently Expressive Verified Resolution Proofs

Zhang and Malik, 2003 Van Gelder, 2008; Biere, 2008

Clausal Proofs

Goldberg and Novikov, 2003 Van Gelder, 2008

Clausal proofs + clause deletion

Heule, Hunt, Jr., and Wetzler [STVR 2014]

Optimized clausal proof checker

Heule, Hunt, Jr., and Wetzler [FMCAD ’13]

Clausal RAT proofs

Heule, Hunt, Jr., and Wetzler [CADE 2013]

RAT proofs + clause deletion

Wetzler, Heule, and Hunt, Jr. [SAT 2014]

46/47

Future Directions

Novel techniques arise from the proof systems

◮ SAT: Elimination and addition of RAT clauses ◮ SAT: Partial variable elimination ◮ QBF: Elimination of universal RAT literals ◮ Many other options

Efficient expression of all techniques

◮ Main focus: all QBF solving techniques (i.e., not only preprocessing) ◮ Gaussian Elimination ◮ Symmetry breaking ◮ Cardinality / pseudo-Boolean reasoning

47/47

Conclusions

Our Abstract Proof System for SAT Inprocessing

◮ Captures generally used inprocessing and CDCL techniques ◮ Check individual techniques for correctness via the inprocessing rules ◮ Yields a generic and simple model reconstruction algorithm ◮ A basis for developing novel inprocessing techniques

47/47

Conclusions

Our Abstract Proof System for SAT Inprocessing

◮ Captures generally used inprocessing and CDCL techniques ◮ Check individual techniques for correctness via the inprocessing rules ◮ Yields a generic and simple model reconstruction algorithm ◮ A basis for developing novel inprocessing techniques

Our Proof System for QBF Preprocessing

◮ Polynomially-verifiable certificates for true and false QBFs; ◮ Overhead of emitting QRAT proofs is very low; and ◮ All preprocessing techniques used in state-of-the-art QBF tools are

covered by QRAT, including universal expansion.

◮ A basis for developing novel QBF preprocessing techniques

47/47

Conclusions

Our Abstract Proof System for SAT Inprocessing

◮ Captures generally used inprocessing and CDCL techniques ◮ Check individual techniques for correctness via the inprocessing rules ◮ Yields a generic and simple model reconstruction algorithm ◮ A basis for developing novel inprocessing techniques

Our Proof System for QBF Preprocessing

◮ Polynomially-verifiable certificates for true and false QBFs; ◮ Overhead of emitting QRAT proofs is very low; and ◮ All preprocessing techniques used in state-of-the-art QBF tools are

covered by QRAT, including universal expansion.

◮ A basis for developing novel QBF preprocessing techniques

Thanks!