The Boolean satisfiability problem (SAT) Given a propositional - - PowerPoint PPT Presentation

Towards the extraction of clause learning 1

Ulrich Berger, Andrew Lawrence, Monika Seisenberger Swansea University/Siemens Mobility Continuity, Computability, Constructivity - From Logic to Algorithms (CCC 2020) Faro (Portugal), August 31 - September 4, 2020

1This research was supported by the International Research Staff Exchange

Schemes (IRSES) CORCON and COMPUTAL of the European Commission, the JSPS Core-to-Core Program, A. Advanced research Networks and JSPS KAKENHI, the Marie Curie RISE project CID and the Hausdorff Research Institute for Mathematics. http://www-compsci.swan.ac.uk/∼csulrich/slides.html

1 / 22

The Boolean satisfiability problem (SAT)

Given a propositional formula in conjunctive normal form (CNF), is it satisfiable? For example, (A ∨ B) ∧ (¬B ∨ A) ∧ ¬B is satisfied by the assignment Γ = [A, ¬B], (A ∨ B) ∧ (¬B ∨ A) ∧ ¬A is unsatisfiable. SAT is the prototypical NP-complete problem. It has important applications in many scientific and industrial contexts.

2 / 22

SAT solvers and their correctness

A SAT solver is a program that decides whether a CNF is satisfiable. Modern SAT solvers are highly optimized and implement sophisticated data structures and algorithms whose correctness is not obvious. In fact, SAT solvers often are ◮ incomplete (unable to give an answer to certain CNFs), ◮ incorrect (wrongly claim a CNF to be unsatisfiable). To address this, SAT competitions now usually require SAT solvers to provide certificates for unsatisfiability results. Creating such certificates may require considerable effort as the example of the recent solution of the Pythagorean triples problem by a SAT solver shows [Heule/Kullmann/Marek 2016, Cruz-Filipe/Schneider-Kamp 2017].

3 / 22

Proving correctness

Certificates only guarantee the correctness of single results but not the overall correctness of the SAT solver. So far, only a few SAT solvers have been formally verified [Lescuyer/Conchon 2008, Maric 2010]. In earlier work, we have shown how a SAT solver can be extracted from a completeness proof for the DPLL proof system. The algorithm is generated automatically and correct by construction [B/Lawrence/Nordvall-Forsberg/Seisenberger 2015].

4 / 22

DPLL [Davis/Putnam/Logeman/Loveland 1962]

Γ ⊢ ∆ means that no assignment extending Γ satisfies the CNF ∆. Proof search is done in a backwards fashion. Γ, l ⊢ ∆ (Unit) Γ ⊢ ∆, {l} Γ, l ⊢ ∆, C (Red) Γ, l ⊢ ∆, (C, l) Γ, l ⊢ ∆ (Elim) Γ, l ⊢ ∆, (C, l) (Conflict) Γ ⊢ ∆, ∅ Γ, l ⊢ ∆ Γ, l ⊢ ∆ (Split) Γ ⊢ ∆

l means ¬l (opposite literal), clauses and CNFs are regarded as sets, comma means insertion of a new element.

5 / 22

Extracting a SAT solver

Theorem(Soundness) If Γ ⊢ ∆, then no assignment extending Γ satisfies ∆. Theorem(Completeness) Γ ⊢ ∆ or ∆ can be satisfied by an assignment extending Γ. From a constructive proof of the Completeness Theorem carried

• ut in the Minlog system [Schwichtenberg 2006], we extracted a

provably correct SAT solver.

6 / 22

Conflict driven clause learning (CDCL)

CDCL analyzes the structure of unsatisfiability proofs of sub-goals: If a branch of the DPLL proof search starting with ⊢ ∆ ends up in a conflict Γ ⊢ ∆′, ∅ then ΓS ⊢ ∆ holds where ΓS consists of the decision literals, that is, those literals that entered Γ through the Split rule. Hence, the clause ΓS = {l | l ∈ ΓS} follows from ∆ and can be added to all other branches of the proof search. But one can do better: The above conflict branch of the proof search determines a unit resolution derivation of a conflict from ΓS, and all cuts through this derivation define clauses that follow from ∆ as well. These are called learned clauses.

7 / 22

SAT solvers with clause learning

Clause learning can improve the performance of SAT solvers significantly [Pipatsrisawat/Darwiche 2014]. Most contemporary SAT solvers implement some form of clause learning, e.g., Chaff [Moskewicz-etal 2001] and Clucose [Audemard/Simon 2009].

8 / 22

Unit resolution

Given a CNF ∆0, one derives sequents of the form Γ

∆0

⊢

U l (meaning Γ, ∆0 |

= l) and Γ

∆0

⊢

U ∅ (meaning Γ contradicts ∆0).

l

∆0

⊢

U l

Γ1

∆0

⊢

U l1

. . . Γn

∆0

⊢

U ln

{l1, . . . , ln, l} ∈ ∆0 Γ1, . . . , Γn

∆0

⊢

U l

Γ1

∆0

⊢

U l1

. . . Γn

∆0

⊢

U ln

{l1, . . . , ln} ∈ ∆0 Γ1, . . . , Γn

∆0

⊢

U ∅

Γ1

∆0

⊢

U l

Γ2

∆0

⊢

U l

Γ1, Γ2

∆0

⊢

U ∅

9 / 22

Small-step unit resolution

In the following an equivalent small-step variant of unit resolution will be more convenient: Γ ∪ C ∈ ∆+ Γ

∆0

⊢

S C

Γ1

∆0

⊢

S C, l

Γ2

∆0

⊢

S l

Γ1 ∪ Γ2

∆0

⊢

S C

where ∆+

0 = {C | ∃C ′ ∈ ∆ (C ′ ⊆ C) ∨ ∃l ({l, l} ⊆ C)}

Lemma For clauses C of size ≤ 1: (a) If Γ

∆0

⊢

U C, then Γ ∆0

⊢

S C.

(b) If Γ

∆0

⊢

S C, then Γ′ ∆0

⊢

U C for some Γ′ ⊆ Γ.

10 / 22

Implication graphs, cuts, learned clauses

Unit resolution derivations (relative to a given CNF ∆0) with sharing of subderivations can be represented by implication graphs. A conflict graph is an implication graph representing a derivation

• f the empty clause.

A cut through a conflict graph determines a derivation of the empty clause from the literals on the cut. Hence, the negation of these literals follows from ∆0.

11 / 22

Example

12 / 22

DPLL with clause learning (preliminaries)

∆0 ⊲ ∆ means that all clauses in ∆ are learned form ∆0. ∆ ∧ ∆′ means the union (conjunction) of ∆ and ∆′ removing redundancies (subsumptions, i.e. inclusions). redelim(Γ, ∆) = {{l ∈ C | l ∈ Γ} | C ∈ ∆, C ∩ Γ = ∅} The function redelim replaces the rules Red and Elim. It is also known as hyper-unit propagation [Kusper 2002]. DPLL with clause learning derives sequents of the form Γ

∆0

⊢

DPLLCL ∆ whose intended meaning is means that no assignment

extending Γ satisfies the subsumption free CNFs ∆0 and ∆.

13 / 22

DPLL with clause learning (proof rules)

Conflict Γ

∆0

⊢

DPLLCL {∅}

Γ, l

∆0

⊢

DPLLCL redelim(l, ∆)

{l} ∈ ∆ Unit Γ

∆0

⊢

DPLLCL ∆

Γ, l

∆0

⊢

DPLLCL redelim(l, ∆)

Γ, l

∆0

⊢

DPLLCL redelim(l, ∆)

Split Γ

∆0

⊢

DPLLCL ∆

Γ

∆0∧∆′

⊢

DPLLCL ∆ ∧ ∆′′

∆0 ⊲ ∆′ ∆′′ ⊆ redelim(Γ, ∆′) Learn Γ

∆0

⊢

DPLLCL ∆

14 / 22

Completeness of DPLL with clause learning (preliminaries)

A goal is a triple (Γ, ˜ Γ, ∆) where Γ and ˜ Γ are variable disjoint assignments and ∆ is a non-redundant formula that is variable disjoint from Γ ∪ ˜ Γ. A goalstack G is a finite set of goals. The idea is that Γ consists of the decision literals, ˜ Γ consists of the forced literals, and ∆ is the set of remaining clauses to be solved.

• G is satisfiable if ∆ is satisfiable for some goal (Γ, ˜

Γ, ∆) ∈ G.

∆0

⊢

S

• G means ∀(Γ, ˜

Γ, ∆) ∈ G (Γ

∆0

⊢

S

˜ Γ ∪ ∆). Note that

∆0

⊢

S (∅, ∅, ∆0) holds trivially. ∆0

⊢

DPLLCL

• G means ∀(Γ, ˜

Γ, ∆) ∈ G (Γ ∪ ˜ Γ

∆0

⊢

DPLLCL ∆).

15 / 22

Completeness of DPLL with clause learning

Theorem (Completeness of DPLL with clause learning) If

∆0

⊢

S

• G, then

G is satisfiable or

∆0

⊢

DPLLCL

• G.

Proof by induction on a measure µ( G). During the inductive proof an incomplete DPLL derivation is created in a backwards fashion whose leaves are the goalstack. Simultaneously, small-step unit resolutions are created in a forward

• fashion. These derivation share premises and constitute the current

implication graph. Whenever a conflict is reached (Conflict), the implication graph contains a corresponding conflict graph from which learned clauses can be read-off and added to the remaining goals (Learn).

16 / 22

Logical representation of data

Data such as implication graphs and operations such as cuts do not need to be formalized but are created automatically by program extraction. All that is required are inductive definitions of derivability relations (learning requires an additional variant of small-step unit resolution). On the other hand, basic data structures such as finite sets are treated like abstract data types whose implementation is left open. This gives us the flexibility to add efficient implementations externally. The formalization in Minlog is ongoing work.

17 / 22

Pebbling graphs

*Pebble> gpgfor 3 2 [["-a1","-b1","d1","d2"],["-a1","-b2","d1","d2"],["-a2","-b1","d1","d2"],["-a2","-b2","d1","d2"], ["-b1","-c1","e1","e2"],["-b1","-c2","e1","e2"],["-b2","-c1","e1","e2"],["-b2","-c2","e1","e2"], ["-d1","-e1","f1","f2"],["-d1","-e2","f1","f2"],["-d2","-e1","f1","f2"],["-d2","-e2","f1","f2"], ["-f1"],["-f2"], ["a1","a2"],["b1","b2"],["c1","c2"]] 18 / 22

A (hacked) prototype SAT solver with clause learning

In order to see whether we can expect a useful extracted program I wrote (in Haskell) a SAT solver with clause learning applying ’manual program extraction’. See demo.

19 / 22

References

• M. Heule, O. Kullmann, V. Marek. Solving and verifying the boolean

pythagorean triples problem via cube-and-conquer. International Conference on Theory and Applications of Satisfiability Testing, 2016.

• L. Cruz-Filipe, P. Schneider-Kamp. Formally Proving the Boolean

Pythagorean Triples Conjecture. LPAR 21, 2017.

• S. Lescuyer, S. Conchon. A Reflexive Formalization of a SAT Solver in
• Coq. TPHOLs, LNCS, 5170, 2008.
• F. Maric. Formal verification of a modern SAT solver by shallow

embedding into Isabelle/HOL. TCS, 411, 2010. A Lawrence. Verification of Train Control Systems: Tools and

• Techniques. PhD thesis, Swansea University, 2015.

20 / 22

References

B., A Lawrence, F. Nordvall-Forsberg, M. Seisenberger. Extracting Verified Decision Procedures: DPLL and Resolution. LMCS, 11, 2015.

• H. Schwichtenberg. Minlog. The Seventeen Provers of the World,

Lecture Notes in Artificial Intell., 3600, 2006. http://www.mathematik.uni-muenchen.de/~logik/minlog/

• K. Pipatsrisawat, A. Darwic. On the Power of Clause-Learning SAT

Solvers with Restarts. LNCS, 5732, 2009. M.W. Moskewicz, C.F. Madigan, Y. Zhao, L. Zhang, S. Malik. Chaff: Engineering an Efficient SAT Solver. ACM IEEE Design Automation Conference, 2001.

• G. Audemard, L. Simon. Glucose: a solver that predicts learnt clauses
• quality. SAT Competition, 2009.

21 / 22

References

22 / 22