Satisfiability Modulo Linear Arithmetic Combinatorial Problem - - PowerPoint PPT Presentation

Satisfiability Modulo Linear Arithmetic

Combinatorial Problem Solving (CPS)

Albert Oliveras Enric Rodr´ ıguez-Carbonell

May 31, 2019

Linear Arithmetic Theories

2 / 29

■

In linear arithmetic theories, atoms are of the form: a1x1 + . . . + anxn ⊲ ⊳ b where ⊲ ⊳ is one of: =, =, <, >, ≤, ≥ All symbols are interpreted with their usual meaning in arithmetic

■

Example of atom: x + y + 2z ≥ 10

■

Example of formula: x ≥ 0 ∧ (x + y ≤ 2 ∨ x − y ≥ 6) ∧ (x + y ≥ 1 ∨ x − y ≥ 4)

■

Variables can be of real sort (R) or integer sort (Z)

■

If all vars are R we have a problem of Linear Real Arithmetic (LRA)

■

If all vars are Z we have a problem of Linear Integer Arithmetic (LIA)

Overview of the Lecture

3 / 29

■

De Moura & Dutertre’s Algorithm for LRA

■

LIA

De Moura & Dutertre’s Algorithm

4 / 29

■

Problem: given an input formula φ of LRA, is φ SAT?

■

Assume for the time being φ only contains linear constraints of the form cT x ≤ d

De Moura & Dutertre’s Algorithm

4 / 29

■

Problem: given an input formula φ of LRA, is φ SAT?

■

Assume for the time being φ only contains linear constraints of the form cT x ≤ d

■

Preprocessing: transform φ into ˆ φ ∧ Ax = 0, where: 1. ˆ φ is obtained from φ by replacing each cT x ≤ d by s ≤ d, where s is fresh variable 2. Ax = 0 consists of all definitions s = cT x

De Moura & Dutertre’s Algorithm

4 / 29

■

Problem: given an input formula φ of LRA, is φ SAT?

■

Assume for the time being φ only contains linear constraints of the form cT x ≤ d

■

Preprocessing: transform φ into ˆ φ ∧ Ax = 0, where: 1. ˆ φ is obtained from φ by replacing each cT x ≤ d by s ≤ d, where s is fresh variable 2. Ax = 0 consists of all definitions s = cT x

■

Example: x ≥ 0 ∧ (x + y ≤ 2 ∨ x − y ≥ 6) ∧ (x + y ≥ 1 ∨ x − y ≥ 4) x ≥ 0 ∧ (s1 ≤ 2 ∨ s2 ≥ 6) ∧ (s1 ≥ 1 ∨ s2 ≥ 4) ∧ (s1 = x + y ∧ s2 = x − y)

De Moura & Dutertre’s Algorithm

5 / 29

■

Consistency checking is based on dual bounded simplex

■

Theory solver handles feasibility problems of the form Ax = 0 ∧ ℓ ≤ x ≤ u

■

Only bounds asserted during search: Ax = 0 is asserted before any decision There is no addition/deletion of rows!

De Moura & Dutertre’s Algorithm

5 / 29

■

Consistency checking is based on dual bounded simplex

■

Theory solver handles feasibility problems of the form Ax = 0 ∧ ℓ ≤ x ≤ u

■

Only bounds asserted during search: Ax = 0 is asserted before any decision There is no addition/deletion of rows!

■

Free variables (those without any bound in the formula) can be eliminated before starting search by means of Gaussian elimination

■

E.g.: if y is free then equation y = x − s2 is not asserted x ≥ 0 ∧ (s1 ≤ 2 ∨ s2 ≥ 6) ∧ (s1 ≥ 1 ∨ s2 ≥ 4) ∧ (s1 = 2x − s2 ∧ y = x − s2)

Basic Solver

6 / 29

■

For solving Ax = 0 ∧ ℓ ≤ x ≤ u, theory solver stores:

◆

A tableau: xi =

xj∈R αijxj,

xi ∈ B

◆

For each variable xi, the strongest asserted lower bound ℓi the strongest asserted upper bound ui

◆

An assignment β such that

■

Aβ = 0

■

For each xj ∈ R: ℓj ≤ β(xj) ≤ uj

Basic Solver

6 / 29

■

For solving Ax = 0 ∧ ℓ ≤ x ≤ u, theory solver stores:

◆

A tableau: xi =

xj∈R αijxj,

xi ∈ B

◆

For each variable xi, the strongest asserted lower bound ℓi the strongest asserted upper bound ui

◆

An assignment β such that

■

Aβ = 0

■

For each xj ∈ R: ℓj ≤ β(xj) ≤ uj

■

Maybe for some xi ∈ B, ℓi > β(xi) or β(xi) > uj

■

Maybe for some xi ∈ R, ℓi < β(xi) < uj

■

Supports two types of consistency checks: light-weight and heavy-weight

Light-Weight Consistency Check

7 / 29

■

Ensures non basic vars satisfy bounds and Aβ = 0

◆

If returns SAT : Then model is consistent

◆

If returns UNSAT: Then model is inconsistent

◆

If returns UNKNOWN: Don’t know assert lower(xj ≥ cj) if cj ≤ ℓj then return SAT if cj > uj then return UNSAT ℓj := cj; if xj ∈ R ∧ β(xj) < ℓj then update(xj, ℓj) return UNKNOWN update(xj, v) for each xi ∈ B, β(xi) := β(xi) + αij(v − β(xj)) β(xj) := v

Light-Weight Consistency Check

7 / 29

■

Ensures non basic vars satisfy bounds and Aβ = 0

◆

If returns SAT : Then model is consistent

◆

If returns UNSAT: Then model is inconsistent

◆

If returns UNKNOWN: Don’t know assert upper(xj ≤ cj) if cj ≥ uj then return SAT if cj < ℓj then return UNSAT uj := cj; if xj ∈ R ∧ β(xj) > uj then update(xj, uj) return UNKNOWN update(xj, v) for each xi ∈ B, β(xi) := β(xi) + αij(v − β(xj)) β(xj) := v

Heavy-Weight Consistency Check

8 / 29

■

Light-weight consistency check is performed first (since it is cheaper)

■

The only possible cases of unfeasibility that are left: bounds of basic vars

■

Dual Bounded Simplex (with null objective function) is employed to get feasible basis

■

Constraints are handled in blocks (as opposed to one at a time)

Heavy-Weight Consistency Check

9 / 29

check() loop select basic variable xi such that βi < ℓi or βi > ui if there is no such xi then return SAT if βi < ℓi then select non-basic variable xj such that (αij > 0 ∧ β(xj) < uj) ∨ (αij < 0 ∧ β(xj) > ℓj) if there is no such xj then return UNSAT pivot and update(xi, xj, ℓi) if βi > ui then select non-basic variable xj such that (αij < 0 ∧ β(xj) < uj) ∨ (αij > 0 ∧ β(xj) > ℓj) if there is no such xj then return UNSAT pivot and update(xi, xj, ui) /* pivot and update(xi, xj, v): set basic xi to v, adjust non-basic xj and other basic vars as needed, swap xi and xj in the basis */

Heavy-Weight Consistency Check

10 / 29

pivot and update(xi, xj, v) /* set basic xi to v, adjust non-basic xj and other basic vars as needed, swap xi and xj in the basis */ Θ := v−β(xi)

αij

β(xi) := v β(xj) := β(xj) + Θ for each xk ∈ B ∧ xk = xi, β(xk) := β(xk) + αkjΘ pivot(xi, xj)

■

Recall Bland’s anticycling rule in dual pricing and dual ratio test:

◆

Set an order between variables

◆

Always take the least possible variable

■

• THEOREM. This strategy guarantees termination

Conflict Explanations

11 / 29

■

check() detects an inconsistency when:

◆

If βi < ℓi and for all non-basic xj (αij > 0 → β(xj) ≥ uj) ∧ (αij < 0 → β(xj) ≤ ℓj)

◆

If βi > ui and for all non-basic xj (αij < 0 → β(xj) ≥ uj) ∧ (αij > 0 → β(xj) ≤ ℓj)

■

Let R+ = {xj ∈ R | αij > 0} and R− = {xj ∈ R | αij < 0}

■

Since β satisfies all bounds on non-basic vars:

◆

If β(xi) < ℓi

■

for all xj ∈ R+, β(xj) = uj

■

for all xj ∈ R−, β(xj) = ℓj

◆

If β(xi) > ui

■

for all xj ∈ R+, β(xj) = ℓj

■

for all xj ∈ R−, β(xj) = uj

Conflict Explanations

12 / 29

■

Assume β(xi) < ℓi.

■

So for all xj ∈ R+, β(xj) = uj and for all xj ∈ R−, β(xj) = ℓj

■

Hence β(xi) =

xj∈R+ αijuj + xj∈R− αijℓj

■

So for any x such that Ax = b β(xi) − xi =

xj∈R+ αij(uj − xj) + xj∈R− αij(ℓj − xj)

■

From this we can derive the implication

• xj∈R+ xj ≤ uj ∧

xj∈R− xj ≥ ℓj ⇒ xi ≤ β(xi)

■

Since β(xi) < ℓi this is inconsistent with xi ≥ ℓi

■

The explanation of the conflict is {xj ≤ uj | xj ∈ R+} ∪ {xj ≥ ℓj | xj ∈ R−} ∪ {xi ≥ ℓi} which is minimal (with respect to set inclusion)

Conflict Explanations

13 / 29

■

Assume β(xi) > ui.

■

So for all xj ∈ R+, β(xj) = ℓj and for all xj ∈ R−, β(xj) = uj

■

Hence β(xi) =

xj∈R+ αijℓj + xj∈R− αijuj

■

So for any x such that Ax = b β(xi) − xi =

xj∈R+ αij(ℓj − xj) + xj∈R− αij(uj − xj)

■

From this we can derive the implication

• xj∈R+ xj ≥ ℓj ∧

xj∈R− xj ≤ uj ⇒ xi ≥ β(xi)

■

Since β(xi) > ui this is inconsistent with xi ≤ ui

■

The explanation of the conflict is {xj ≥ ℓj | xj ∈ R+} ∪ {xj ≤ uj | xj ∈ R−} ∪ {xi ≤ ui} which is minimal (with respect to set inclusion)

Backtracking

14 / 29

■

Number of backtrackings is often very large: needs to be efficiently implemented

■

The algorithm only requires, for each variable xi,

◆

• ne stack for lower bounds ℓi

◆

• ne stack for upper bounds ui

■

No need to save successive β on a stack! Only one assignment β is kept

■

Recall: for each xj ∈ R, then ℓj ≤ β(xj) ≤ uj Maybe for some xi ∈ R, ℓi < β(xi) < uj

■

Does not require pivoting: very cheap

Theory Propagation

15 / 29

■

Simple propagation: x ≥ c implies x ≥ c′ for all c′ ≤ c

■

Bound refinement: given an equation xi = αjxj that holds for any x solution to Ax = 0, then we can deduce bounds: xi ≥

αj>0 αjℓj + αj<0 αjuj

xi ≤

αj>0 αjuj + αj<0 αjℓj

■

Might not be better bounds than those already asserted

■

Used with tableau rows (but can be used with rows of original problem

• r any linear combination of them)

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU s1 = −x + y s2 = x + y

■

ASSIGNMENT x → y → s1 → s2 →

■

BOUNDS

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU s1 = −x + y s2 = x + y

■

ASSIGNMENT x → −4 y → s1 → 4 s2 → −4

■

BOUNDS x ≤ −4

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU s1 = −x + y s2 = x + y

■

ASSIGNMENT x → −4 y → s1 → 4 s2 → −4

■

BOUNDS −8 ≤ x ≤ −4

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU

• y

= x + s1 s2 = 2x + s1

■

ASSIGNMENT x → −4 y → −3 s1 → 1 s2 → −7

■

BOUNDS −8 ≤ x ≤ −4 s1 ≤ 1

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU

• y

= x + s1 s2 = 2x + s1

■

ASSIGNMENT x → −4 y → −3 s1 → 1 s2 → −7

■

BOUNDS −8 ≤ x ≤ −4 s1 ≤ 1 −3 ≤ s2

Example

16 / 29

Assert literals x ≤ −4, x ≥ −8, −x + y ≤ 1, x + y ≥ −3

■

TABLEAU

• y

= x + s1 s2 = 2x + s1

■

ASSIGNMENT x → −4 y → −3 s1 → 1 s2 → −7

■

BOUNDS −8 ≤ x ≤ −4 s1 ≤ 1 −3 ≤ s2 Conflict between x ≤ −4, s1 ≤ 1, −3 ≤ s2!

Strict Inequalities and Disequalities

17 / 29

■

• LEMMA. A set of linear arithmetic literals Γ containing strict inequalities

S = {p1 > 0, . . . , pn > 0} is satisfiable iff there exists a rational number δ > 0 s.t. for all δ′ s.t. 0 < δ′ ≤ δ, Γδ = (Γ ∪ Sδ) − S is satisfiable, where Sδ = {p1 ≥ δ, . . . , pn ≥ δ}

■

Strict inequalities are transformed into non-strict ones using an infinitesimal positive symbolic value δ: x > a − → x ≥ a + δ x < a − → x ≤ a − δ

■

Disequalities cT x = d have to be split into cTx < d ∨ cT x > d while parsing

■

Equalities cT x = d have to be split into cTx ≤ d ∧ cT x ≥ d while parsing

Strict Inequalities and Disequalities

18 / 29

■

δ is not given a concrete value Just treated symbolically!

■

Values are pairs of rationals with ordering:

◆

a + b δ ≤ a′ + b′ δ iff a < a′, or a = a′ and b ≤ b′

■

Arithmetic operations are defined pairwise:

◆

(a + b δ) + (a′ + b′ δ) = (a + a′) + (b + b′) δ

◆

c · (a + b δ) = (c · a) + (c · b) δ

■

From now on let Qδ = {a + b δ | a, b ∈ Q}

Strict Inequalities and Disequalities

19 / 29

• LEMMA. Let vi = ci + ki δ, wi = di + hi δ (i = 1 . . . m) be such that vi ≤ wi
• hold. Then there is δ0 ∈ Q such that δ0 > 0 and

c1 + k1 ǫ ≤ d1 + h1 ǫ . . . cm + km ǫ ≤ dm + hm ǫ are satisfied for any ǫ such that 0 < ǫ ≤ δ0.

Strict Inequalities and Disequalities

20 / 29

PROOF: By definition ci + ki δ ≤ di + hi δ iff ci < di, or ci = di and ki ≤ hi We distinguish several cases:

■

If ci = di and ki ≤ hi then ci + ki ǫ ≤ di + hi ǫ for any ǫ > 0

■

If ci < di and ki ≤ hi then ci + ki ǫ ≤ di + hi ǫ for any ǫ > 0

■

If ci < di and ki > hi then ci + ki ǫ ≤ di + hi ǫ for any ǫ such that 0 < ǫ ≤ di−ci

ki−hi

So for example take δ0 such that 0 < δ0 < min{ di−ci

ki−hi | ci < di and ki > hi}

Strict Inequalities and Disequalities

21 / 29

■

Let S be a linear problem of the form Ax = 0 ∧ ℓ ⊲ ⊳− x ⊲ ⊳+ u where ℓi, ui ∈ Q and ⊲ ⊳−

i , ⊲

⊳+

i are either < or ≤

■

S can be converted into a problem S′ of the form Ax = 0 ∧ ℓ′ ≤ x ≤ u′ where ℓ′

i, u′ i ∈ Qδ as follows:

◆

xi > ℓi → xi ≥ ℓ′

i with ℓ′ i = ℓi + δ

◆

xi < ui → xi ≤ u′

i with u′ i = ui − δ

Strict Inequalities and Disequalities

22 / 29

■

• THEOREM. S and S′ are equisatisfiable.

PROOF: Let us see S′ sat in Qδ implies S sat in Q. Let β′ be a satisfying assignment for S′. The inequalities ℓ′

j ≤ β′(xj) ≤ u′ j are satisfied in Qδ.

Let β′(xj) = pj + qj δ, ℓ′

j = ℓj + kj δ, u′ j = uj + hj δ where

kj ∈ {0, 1}, kj = 0 iff ⊲ ⊳−

i is ≤,

hj ∈ {0, −1}, hj = 0 iff ⊲ ⊳+

i is ≤.

By the previous lemma, there is δ0 ∈ R, δ0 > 0 such that ℓj + kj δ0 ≤ pj + qj δ0 ≤ uj + hj δ0 Let us define β(xj) = pj + qj δ0 for all xj. Then β satisfies both ℓ ⊲ ⊳ x ⊲ ⊳ u as well as Ax = 0

Strict Inequalities and Disequalities

23 / 29

PROOF (continued): Let us see S sat in Q implies S′ sat in Qδ. Trivial: any satisfying assignment β for S in Q is a satisfying assignment for S′ in Qδ

Overview of the Lecture

24 / 29

■

De Moura & Dutertre’s Algorithm for LRA

■

LIA

SMT(LIA)

25 / 29

■

State-of-the-art SMT solvers for LIA use:

◆

Branch & Bound

◆

Cutting Planes

◆

GCD Test

■

Strict inequalities are transformed into non-strict ones: x > a − → x ≥ a + 1 x < a − → x ≤ a − 1

■

So in what follows, all constraints will be non-strict

Branch & Bound (Feasibility)

26 / 29

S := {P0} /* set of pending problems */ while S = ∅ do remove P from S; solve LP(P) if LP(P) is feasible then Let β be basic solution obtained after solving LP(P) if β satisfies integrality constraints then return SATISFIABLE else Let xj be integer variable such that βj ∈ Z S := S ∪ {P ∧ xj ≤ ⌊βj⌋, P ∧ xj ≥ ⌈βj⌉} return UNSATISFIABLE

Splitting on Demand

27 / 29

■

Two ways to implement Branch & Bound in SMT: 1. Branch & Bound is internal to the theory solver ✓ Modular and flexible ✗ Lots of code are repeated in SAT/theory solvers: splitting heuristics, stack, etc. 2. Delegate splits to SAT solver: splitting on demand

◆

Whenever theory solver needs to split on xj, it invents new lit l and asks SAT solver to split on it

◆

Internal meaning of the literal for theory solver:

■

l ≡ xj ≤ ⌊βj⌋

■

¬l ≡ xj ≥ ⌈βj⌉

◆

Implementation of theory solver can be simplified

GCD Test

28 / 29

■

Quick test which, if positive, ensures problem is UNSAT

■

Let us consider an equation n

i=1 aixi = b where ai, b ∈ Z

■

Notation: c | d means “c divides d”. GCD(x, y) is the greatest common divisor of x and y.

■

Let g = GCD(a1, . . . , an). If g | b then equation is UNSAT

GCD Test

28 / 29

■

Quick test which, if positive, ensures problem is UNSAT

■

Let us consider an equation n

i=1 aixi = b where ai, b ∈ Z

■

Notation: c | d means “c divides d”. GCD(x, y) is the greatest common divisor of x and y.

■

Let g = GCD(a1, . . . , an). If g | b then equation is UNSAT PROOF: If xi ∈ Z satisfy the equation then g | ai implies g | aixi, and hence g | n

i=1 aixi = b

GCD Test

28 / 29

■

Quick test which, if positive, ensures problem is UNSAT

■

Let us consider an equation n

i=1 aixi = b where ai, b ∈ Z

■

Notation: c | d means “c divides d”. GCD(x, y) is the greatest common divisor of x and y.

■

Let g = GCD(a1, . . . , an). If g | b then equation is UNSAT PROOF: If xi ∈ Z satisfy the equation then g | ai implies g | aixi, and hence g | n

i=1 aixi = b

■

In theory solver GCD test can be applied to tableau rows

Bibliography - Further Reading

29 / 29

■

Bruno Dutertre, Leonardo Mendon¸ ca de Moura: A Fast Linear-Arithmetic Solver for DPLL(T). CAV 2006: 81-94

■

Harald Rueß and Natarajan Shankar: Solving Linear Arithmetic

• Constraints. CSL Technical Report CSL-SRI-04-01, 15 January 2004, SRI

International.

■

Alberto Griggio: A Practical Approach to Satisfiability Modulo Linear Integer Arithmetic. JSAT 8(1/2): 1-27 (2012)

■

• C. W. Barrett, R. Sebastiani, S. A. Seshia, C. Tinelli. Satisfiability

Modulo Theories. Handbook of Satisfiability 2009: 825-885