Subtropical Satisfiability and off-the-shelf computer algebra as - - PowerPoint PPT Presentation

1/35

Subtropical Satisfiability and

• ff-the-shelf computer algebra

as procedures for SMT

Pascal Fontaine, Mizuhito Ogawa, Thomas Sturm, Van Khanh To, Xuan Tung Vu

• Univ. of Lorraine, CNRS, Inria, LORIA

Japan Advanced Institute of Science and Technology (JAIST) University of Engineering and Technology, VNU, Hanoi, Vietnam MPI Informatics and Saarland University

17 May, 2018 SC2 workshop, Trento

2/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

3/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

4/35

SMT + non linear arithmetics

◮ High demand for non linear arithmetic reasoning capability ◮ Theory of real closed fields:

decidable (QE: CAD, virtual substitution,. . . )

◮ Doubly exponential (existential fragment also high complexity) ◮ Complete decision procedure not always efficient enough ◮ Need for good heuristics

Contribution: subtropical satisfiability

Simple heuristic to quickly discharge many proof obligations (or failing quickly)

◮ Based on subtropical method: quickly find positive solution

for f = 0 where f has hundreds of thousand of monomials, with dozen variables, degrees around 10 in each variable

◮ Here: find real solution for f1 > 0 ∧ · · · ∧ fn > 0

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0

1 2 −2 −1 1

y = 1 − 2x + x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0

1 2 −2 −1 1

y = 1 − 2x + x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

Find a model for f > 0?

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

Find a model for f > 0? Check coefficient sign for lowest or highest degree monomial

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

Find a model for f > 0? Check coefficient sign for lowest or highest degree monomial Incomplete: −1 + 2x − x3 > 0?

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

Find a model for f > 0? Check coefficient sign for lowest or highest degree monomial Incomplete: −1 + 2x − x3 > 0? (x = 0.8)

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

1 2 −2 −1 1

y = −1 + 2x − x3

5/35

Subtropical method: univariate case

Consider x ≥ 0,

◮ 1 − 2x + x3 > 0, satisfiable: x = 0 ◮ −1 − 2x + x3 > 0, satisfiable: with sufficiently large x ◮ 2x − x3 > 0, satisfiable: with sufficiently small x

Find a model for f > 0? Check coefficient sign for lowest or highest degree monomial Incomplete: −1 + 2x − x3 > 0? (x = 0.8) But certainly fast

1 2 −2 −1 1

y = 1 − 2x + x3

1 2 −2 −1 1

y = −1 − 2x + x3

1 2 −2 −1 1

y = 2x − x3

1 2 −2 −1 1

y = −1 + 2x − x3

6/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

7/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

8/35

Subtropical method: towards the multivariate case

Polynomial −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2 can be ◮ negative, e.g. −2x5 1 dominates if x1 large enough w.r.t. x2 ◮ positive, e.g. 2x2 2 dominates if x2 small enough (not zero) and

an even smaller x1.

8/35

Subtropical method: towards the multivariate case

Polynomial −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2 can be ◮ negative, e.g. −2x5 1 dominates if x1 large enough w.r.t. x2 ◮ positive, e.g. 2x2 2 dominates if x2 small enough (not zero) and

an even smaller x1. Handling the multivariate case:

◮ reduce to univariate, setting all variables but one to 0 ◮ consider monomial of highest/lowest total degree (if unique) ◮ ordering? lexicographic?

8/35

Subtropical method: towards the multivariate case

Polynomial −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2 can be ◮ negative, e.g. −2x5 1 dominates if x1 large enough w.r.t. x2 ◮ positive, e.g. 2x2 2 dominates if x2 small enough (not zero) and

an even smaller x1. Handling the multivariate case:

◮ reduce to univariate, setting all variables but one to 0 ◮ consider monomial of highest/lowest total degree (if unique) ◮ ordering? lexicographic?

Contribution

monotonic total preorders on the exponent vectors

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables.

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2)

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

◮ −2x5

1, −3x2 1, −x3 2 and 2x2 2

correspond to vertices f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2)

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

◮ −2x5

1, −3x2 1, −x3 2 and 2x2 2

correspond to vertices

◮ These monomials can dominate for

suitable values of variables f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2)

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

◮ −2x5

1, −3x2 1, −x3 2 and 2x2 2

correspond to vertices

◮ These monomials can dominate for

suitable values of variables

◮ Normal vector of separating plane

provides witnesses f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2)

9/35

Subtropical method: towards the multivariate case (2)

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables. Equivalent to consider the vertices of the Newton polytope, i.e. the set of exponent vectors.

◮ −2x5

1, −3x2 1, −x3 2 and 2x2 2

correspond to vertices

◮ These monomials can dominate for

suitable values of variables

◮ Normal vector of separating plane

provides witnesses

◮ E.g. f > 0 for x1 = t−3, x2 = t−2

with t sufficiently large f = −2x5

1+x2 1x2−3x2 1−x3 2+2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2)

10/35

Subtropical method: preorders and normal vectors

Theorem

Strictly max. monomials (w.r.t. monotonic total preorders on the exponent vectors) can dominate, for suitable (positive) values of variables.

f = −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2)

monotonic total preorders correspond to normal vectors

◮ (x1, x2) (x′

1, x′ 2) iff −3x1 − 2x2 ≤ −3x′ 1 − 2x′ 2

◮ (5, 0) ≺ (2, 1) ≺ (2, 0) ≈ (0, 3) ≺ (0, 2)

11/35

Subtropical method: encoding into QF LRA SMT

f = −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2) ◮ monomials with positive coefficient: S+ = {(2, 1), (0, 2)} ◮ monomials with negative coefficient: S− = {(5, 0), (2, 0), (0, 3)} ◮ f > 0 if there is separating plane, with normal vector n = (n1, n2) ◮ that is, if this formula is satisfiable:

• p∈S−

p · n < c ∧

• p∈S+

p · n > c

11/35

Subtropical method: encoding into QF LRA SMT

f = −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2) ◮ monomials with positive coefficient: S+ = {(2, 1), (0, 2)} ◮ monomials with negative coefficient: S− = {(5, 0), (2, 0), (0, 3)} ◮ f > 0 if there is separating plane, with normal vector n = (n1, n2) ◮ that is, if this formula is satisfiable:

• (p1,p2)∈S−

p1n1 + p2n2 < c ∧

• (p1,p2)∈S+

p1n1 + p2n2 > c

11/35

Subtropical method: encoding into QF LRA SMT

f = −2x5

1 + x2 1x2 − 3x2 1 − x3 2 + 2x2 2

(5, 0) (2, 1) (2, 0) (0, 3) (0, 2) (−3, −2) ◮ monomials with positive coefficient: S+ = {(2, 1), (0, 2)} ◮ monomials with negative coefficient: S− = {(5, 0), (2, 0), (0, 3)} ◮ f > 0 if there is separating plane, with normal vector n = (n1, n2) ◮ that is, if this formula is satisfiable:

• (p1,p2)∈S−

p1n1 + p2n2 < c ∧

• (p1,p2)∈S+

p1n1 + p2n2 > c

◮ linear constraints on real variables, n1, n2, c ◮ QF LRA SMT problem

12/35

Several polynomials

One polynomial:

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2 (0, 2)

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2 (0, 2) (−3, −2)

f1 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large)

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

◮ build the Newton polytopes

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

◮ build the Newton polytopes ◮ find suitable vertices

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2 (0, 2) (0, 0) (1, 1)

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

◮ build the Newton polytopes ◮ find suitable vertices ◮ normal vector to separating

plane provides witness

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2 (0, 2) (−3, −2) (0, 0) (1, 1)

f1 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f2 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f3 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large)

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

◮ build the Newton polytopes ◮ find suitable vertices ◮ normal vector to separating

plane provides witness

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2 (0, 2) (−3, −2) (0, 0) (1, 1)

f1 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f2 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f3 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large)

common normal vector ensures existence of global solution

12/35

Several polynomials

One polynomial:

◮ build the Newton polytope ◮ find a suitable vertex ◮ normal vector to separating

plane provides witness Several polynomials:

◮ build the Newton polytopes ◮ find suitable vertices ◮ normal vector to separating

plane provides witness

f1 = −2x5

1 + x2 1x2

−3x2

1 − x3 2 + 2x2 2

f2 = 1 − x1x2 −5x1 − 6x2 f3 = x1x2 −x5

1x2 2 + x1x4 2 (0, 2) (−3, −2) (0, 0) (1, 1)

f1 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f2 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large) f3 > 0 if x1 = t−3, x2 = t−2 (t sufficiently large)

common normal vector ensures existence of global solution n polynomial constraints? Conjunction of n QF LRA problems sharing only variables to describe normal vector

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0

x y f(x, y) > 0

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0 ◮ Removing the condition ∧i xi > 0?

x y f(x, y) > 0

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0 ◮ Removing the condition ∧i xi > 0? ◮ Just consider every hyper-quadrant

x y f(x, y) > 0

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0 ◮ Removing the condition ∧i xi > 0? ◮ Just consider every hyper-quadrant

x y f(x, y) > 0

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0 ◮ Removing the condition ∧i xi > 0? ◮ Just consider every hyper-quadrant

x y f(x, y) > 0 becomes x′ = −x y f(−x′, y) > 0

13/35

From positive to arbitrary solution

◮ Up to now: i fi > 0 with all i xi > 0 ◮ Removing the condition ∧i xi > 0? ◮ Just consider every hyper-quadrant ◮ This can be encoded into the QF LRA SMT problem;

no need to check 2n formulas x y f(x, y) > 0 becomes x′ = −x y f(−x′, y) > 0

14/35

Experimental results

◮ STROPSAT integrated in veriT (not the SMT-COMP version) ◮ Tested on SMT-LIB/QF NRA on suitable problems,

i.e. 4917/11601 files: 3265 sat, 106 unknown, 1546 unsat

◮ CVC4 used to handle linear solving ◮ 2500s timeout, 20GB

On 1546 unsat-labeled formulas: 200 unsat by LRA, cumulative time to fail on the 1346 others: 18.45s, max 0.1s Shows satisfiability for 2403 problems, including 15 “unknown” problems (and 9 where Z3 fails)

15/35

Experimental results

0.01 0.1 1 10 100 1000 0.01 0.1 1 10 100 1000 STROPSAT Z3

When STROPSAT does not fail

◮ time comparable to Z3 ◮ sometimes succeeds alone ◮ if timeouts, Z3 too

0.01 0.1 1 10 100 1000 0.01 0.1 1 10 100 1000 STROPSAT Z3

STROPSAT is quick to fail

16/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

17/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

18/35

SMT = SAT + expressiveness

◮ SAT solvers

¬

• (p ⇒ q) ⇒
• (¬p ⇒ q) ⇒ q
• ◮ Congruence closure (uninterpreted symbols + equality)

a = b ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b))
• ◮ adding arithmetic

a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• ◮ . . .

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b) Conflict clauses are negation of unsatisfiable conjunctive sets of literals

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Quantifier-free SMT solver

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b) Conflict clauses are negation of unsatisfiable conjunctive sets of literals

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Quantifier-free SMT solver

Model

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b) Conflict clauses are negation of unsatisfiable conjunctive sets of literals

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Quantifier-free SMT solver

Model

Instantiation module

Instance

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b) Conflict clauses are negation of unsatisfiable conjunctive sets of literals

19/35

From SAT to SMT (1/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Quantifier-free SMT solver

Model

Instantiation module

Instance

Model UNSAT (proof/core)

Input: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧
• ¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))
• Boolean model: pa≤b, pb≤a+x, px=0, ¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a + x, x = 0, f(a) = f(b) unsatisfiable New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b) Conflict clauses are negation of unsatisfiable conjunctive sets of literals

20/35

From SAT to SMT (2/2)

Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

SAT solver

Boolean Model

Theory reasoner

Conflict clause

Quantifier-free SMT solver

Model

Instantiation module

Instance

Model UNSAT (proof/core)

◮ The theory reasoner only has to deal with conjunctions of

• literals. Alternative (but expensive) solution: convert to DNF

◮ Case analysis/backtracking at the level of the SAT solver ◮ The clause sets is the database of all deduced facts

21/35

Small explanations

Small explanations

provide the strongest conflict clause as possible Consider: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• ◮ Assume the SAT solver assigns

a ≤ b, b ≤ a + x, x = 0, f(a) = f(b), q(a), q(b + x)

◮ ¬a ≤ b ∨ ¬b ≤ a + x ∨ ¬x = 0 ∨ f(a) = f(b) ∨ ¬q(a) ∨ ¬q(b + x) is a

valid clause according to theory: one is allowed to add such a clause

◮ but only kills one abstract model (one tentative model from SAT solver) ◮ other successive tentative models:

a ≤ b, b ≤ a + x, x = 0, f(a) = f(b), q(a), ¬q(b + x) a ≤ b, b ≤ a + x, x = 0, f(a) = f(b), ¬q(a), q(b + x) a ≤ b, b ≤ a + x, x = 0, f(a) = f(b), ¬q(a), ¬q(b + x)

◮ ¬a ≤ b ∨ ¬b ≤ a + x ∨ ¬x = 0 ∨ f(a) = f(b) kills them all

2n, for n irrelevant atoms

22/35

Incrementality/backtrackability

Incrementality/backtrackability

eagerly check the SAT solver stack for theory inconsistencies

◮ many checks ◮ before the SAT does a decision ◮ successive checks very similar to each other (only a few

literals change on top of the stack) Consider: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• ◮ Assume the SAT solver assigns a ≤ b, b ≤ a + x, x = 0

◮ then decides f(a) = f(b) ◮ there is no need to wait an assignment for q(a) and q(b + x)

to add conflicting clause

23/35

Theory propagation

Theory propagation

Theory reasoning to avoid guessing (in decisions) Consider: a ≤ b ∧ b ≤ a + x ∧ x = 0 ∧

• f(a) = f(b) ∨ (q(a) ∧ ¬q(b + x))
• ◮ the SAT solver propagates a ≤ b, b ≤ a + x, x = 0

◮ the theory reasoner propagates f(a) = f(b) ◮ the SAT solver propagates q(a) and ¬q(b + x) ◮ no guessing at all!

24/35

From SAT to SMT: in practice

◮ small explanations

unsat core of propositional assignment discard classes of propositional assignments (not one by one)

◮ incremental

theory reasoner checks propositional assignment on the fly (along SAT solver)

◮ backtrackable

backtrack with SAT solver, keep context

◮ theory propagation

instead of guessing propositional variable assignments, SAT solver assigns theory-entailed literals

◮ wizardry

ackermannization, simplifications, and other magic

25/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

26/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

27/35

Quantifier elimination

◮ Use quantifier elimination as implemented in Reduce ◮ Reduce get a conjunctive set of constraints ◮ Reduce can say SAT or UNSAT (or run for too long) ◮ In case it says UNSAT, it should produce a small explanation ◮ This is the only tuning we need to use Reduce in practice as

the complete fallback procedure for non-linear arithmetic on reals

28/35

Quantifier elimination and small explanations

◮ A set of test points ◮ Each test point invalidates some input constraints ◮ The small explanation is just a set of constraint such that

each test point makes one of them false

◮ Quite easy to compute (over approximation is OK)

29/35

Interval constraint propagation

1: function icp(ϕ) 2:

S ← { ] − ∞, ∞[n}

3:

while S = ∅ do

4:

choose B ∈ S

5:

S ← S \ {B}

6:

B′ ← contract B from constraints

7:

if B′ = ∅ or one constraint is unsatisfiable on B′ then

8:

continue

9:

else if all constraints are valid on B′ then

10:

return SAT

11:

end if

12:

B1, B2 ← decompose B′

13:

S ← S ∪ {B1, B2}

14:

end while

15:

return UNSAT

16: end function

30/35

Combining all procedures in a complete framework

1: function lazy(ϕ) 2:

if subtrop(ϕ) = SAT then

3:

return SAT

4:

end if

5:

(result, B) ← icpt(ϕ)

6:

if result = UNKNOWN then

7:

return result

8:

end if

9:

return qe (ϕ ∧ B)

10: end function

31/35

Results on the SMT-LIB (1/2)

Benchmarks subtrop icp qe All w/o subtrop w/o icp w/o qe SAT 1936 4302 4400 4450 4433 4436 4313 UNSAT 2530 4472 4959 5012 5012 4959 4472 Total (11354) 4466 8774 9359 9462 9445 9395 8785 Total time (s) 4744 18835 67945 50632 44815 67420 22357

32/35

Results on the SMT-LIB (2/2)

Benchmarks CVC4 SMT-RAT Z3 Yices veriT veriT

• nly

Virtual best SAT 2929 4398 4905 4845 4450 18 5183 UNSAT 5324 4425 5038 5120 5012 1 5744 Total (11354) 8253 8823 9943 9965 9462 19 10927 Total time (s) 146154 57787 37740 132137 50632 11706 119998

◮ Notice the virtual best column. ◮ MathSAT would further improve the results!

33/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

34/35

Outline

Introduction Understanding the subtropical method Interlude: from SAT to SMT Combining with other techniques Conclusion

35/35

Conclusion

◮ A heuristic, providing quick solutions, or failing quickly ◮ Good results for many SMT benchmarks ◮ Not sensitive to the number of variables; actually, gets

“better” when the number of variables grows

◮ Investigate its use in context where getting models is

paramount, i.e. testing phase of raSAT loop

◮ What can we do along these lines to help complete

procedures?

◮ Better understand when the method works ◮ Combination with ICP and QE works! (reasonably well)