Round 9: Satisfiability Modulo Theories, Part II

Transcription

1 Round 9: Satisfiability Modulo Theories, Part II Tommi Junttila Aalto University School of Science Department of Computer Science CS-E322 Declarative Programming Spring 218 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

2 Part I (the previous round): Informal introduction First-order logic, theories SMT Solvers, SMT-LIB format, SMT-competition Part II: Solving (quantifier-free) satisfiability modulo theories The eager approach The lazy approach DPLL(T) Propositional abstraction, theory solvers Interface: assign, propagate, explain Decision procedures EUF, congruence closure Difference logic Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

3 Recap: Satisfiability Modulo Theories Extension of propositional satisfiability with non-boolean atoms A theory T tells how function and predicate symbols are interpreted Satisfiability modulo a theory T : given a formula φ, is it satisfiable in T? Example The quantifier-free formula (y 4x (y > y 4x + 4)) (x 1 y 2) (x < 1 y 5x 4) is T LRA -satisfiable but not T LIA -satisfiable, where T LRA is the theory of linear arithmetic over reals and T LIA is the same but over integers 6 y=4x y= y=-4x+4 4 y=2 y=y=5x Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

4 This round How to solve quantifier-free satisfiability modulo theories? Two main approaches: Eager reduce to SAT Lazy augment a SAT solver with theory solvers Top-level introduction, details can be found in the references We only consider formulas in single theory T ; combining multiple theories in a formula is discussed in the next round Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

5 The Eager Approach Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

6 For some theories T, it is possible to reduce the problem of T -satisfiability of a quantifier-free formula φ into the problem of satisfiability of a propositional formula ψ SMT formula φ SMT model/unsat Encoder Model decoder SAT formula ψ SAT solver SAT model/unsat In the following, we sketch the idea for bit-vectors (without arrays/memories) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

7 A (simple) eager encoding for bit-vectors Bit-vectors: the sort [n] for bit-vectors of width n the predicate and function symbols such as constants for bit-vector value [n] : [n] [n] for less-or-equal comparison +[n] : [n] [n] [n] for addition (modulo 2 n ) [n] : [n] [n] [n] for shifting left (pad with zeros) Example The domain of [n] is the set {,1} n of all bit-vectors of length n The predicate and function symbols interpreted as expected, e.g., 11 [4] 11 = F 11 + [4] 11 = [8] 1 = 111 The formula (x [8] y) (x + [8] 1 [8] y) is T BV -satisfiable due to possibility of overflows (e.g., x and y 1111). Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

8 The eager approach for bit-vectors is called bit-blasting as the bit-vectors are blasted into individual bits Procedure: For each bit-vector variable x of sort [n], introduce n fresh input gates ˆx (n 1),..., ˆx () Bottom-up, encode each bit-vector predicate and function application with a corresponding circuit so that each the circuit for a bit-vector term t of sort [n] has the output gates ˆt(n 1),...,ˆt() the circuit for a bit-vector atom A has one output gate  The Boolean part of the formula is seen as a circuit as before The circuit can then be translated into CNF as usual Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

9 Example An encoding for the atom (x [3] y). For encoding operations on bit-vectors one can use any appropriate construction found in the hardware-design literature  As an example, for addition one can use a ripple-carry adder or some more complex carry lookahead adder, see e.g. this wikipedia link ˆx (2) ˆx (1) ˆx () ŷ (2) ŷ (1) ŷ () Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

10 Pros: Cons: Conceptually easy Easy to implement Formulas tend to get very large and difficult to solve (e.g., with multiplication and division operators) The higher level structure is lost, i.e., cannot be exploited by the SAT solver In real implementations: Preprocessing (simplifying) at the bit-vector level Incremental bit-blasting Abstraction and refinement Arrays: instantiating array axioms on demand etc Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

11 Some references R. Brummayer, A. Biere, F. Lonsing: BTOR: Bit-Precise Modelling of Word-Level Problems for Model Checking, Proc. BPR 28, pp D. Kroening and O. Strichman: Decision Procedures An Algorithmic Point of View, Chapter 6, Springer, 28 S. Jha, R. Limaye, and S. Seshia: Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic, Proc. CAV 29, pp R. Bryant, D. Kroening, J. Ouaknine, S. Seshia, O. Strichman, and B. Brady: An abstraction-based decision procedure for bit-vector arithmetic, Int. J. Softw. Tools Technol. Transf. 11(2):95 14, 29 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

12 Combining with arrays: R. Brummayer, A. Biere: Lemmas on Demand for the Extensional Theory of Arrays, J. Satisf. Boolean Model. Comput. 6(1 3): , 29 R. Brummayer, A. Biere: Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays Proc. TACAS 29, pp Complexity: G. Kovásznai, A. Fröhlich, A. Biere: On the Complexity of Fixed-Size Bit-Vector Logics with Binary Encoded Bit-Width, Proc. SMT 212, pp Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

13 The Lazy Approach Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

14 The Lazy Approach: DPLL(T ) aka CDCL(T ) The eager encoding approach is not very natural and/or compact for many theories (linear arithmetic over reals? nonlinear arithmetic?) In the lazy (or DPLL(T ) or CDCL(T )) approach, a CDCL SAT solver takes care of the propositional structure, treating the theory terms as Boolean variables, and a dedicated theory solver helps the SAT solver by handling the theory part theory solvers only see conjunctions of T -literals for unsatisfiable conjunctions, a T -conflict is returned abstractions of the T -conflicts are learned by the SAT solver Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

15 A simplified schematic picture SMT formula φ ((x < 3) a) ( (x 4) a b)... DPLL(T ) solver Propositional abstraction (α x<3 a) ( α x 4 a b)... SAT solver Partial assignment a, b, α x<3, α x 4,... Conflict clause ( α x<3 α x 4 ) Conj. of T -literals (x < 3) (x 4)... T -conflict (x < 3) (x 4) Theory solver SMT model/unsat Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

16 With more details: The formula is in conjunctive normal form (CNF) The CDCL SAT solver treats each T -atom A as a propositional variable α A The T -literals in the partial models generated in the CDCL solver are communicated to the theory solver for T The theory solver decides whether the current conjunction of T -literals is T -satisfiable if no, returns a T -conflict, i.e., a subset of the communicated T -literals that is T -unsatisfiable if yes, possibly return T -implied literals or, if requested, a T -model The (abstractions of the) negations of the theory conflicts returned by the theory solver are used as learned clauses in the CDCL part 1 1 In a way, the CDCL solver learns lemmas of the theory and thus the lazy approach has also been called the lemmas on demand approach Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

17 A (simple) interface for theory solvers: init(a 1,...,A k ) initializes the theory solver to know which atoms A 1,...,A k appear in the formula have the empty current conjunction C assert(l), where l = A i or l = A i, asserts the T -literal l, i.e., updates the current conjunction C to C l retract() removes the latest asserted literal, i.e., updates the current conjunction C l to C issat() returns T if the current conjunction C is T -satisfiable a T -conflict C C such that C is T -unsatisfiable otherwise getmodel() returns a T -model for C (assuming that C is T -satisfiable) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

18 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The CDCL SAT solver decides that α x y = T Trail in the CDCL SAT solver α x y = T (decision) Conjunction in the theory solver Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

19 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The SAT solver unit propagates α y z = F Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) Conjunction in the theory solver Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

20 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): (x y) and (y z) are asserted to the theory solver Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

21 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The theory solver finds the current conjunction T EUF -satisfiable Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

22 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The SAT solver decides that α y f(z) = T Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

23 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The SAT solver unit propagates α g(x) g(f(z)) = T Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

24 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The SAT solver unit propagates α z f(z) = T Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

25 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): y f(z), g(x) g(f(z)), z f(z) are asserted to the theory solver Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) (g(x) g(f(z))) (z f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

26 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The theory solver finds the current conjunction T EUF -unsatisfiable Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) (g(x) g(f(z))) (z f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

27 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): A T EUF -conflict (y z) (y f(z)) (z f(z)) is returned Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) (g(x) g(f(z))) (z f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

28 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) A possible execution of CDCL(T ): The SAT solver gets the conflict clause (α y z α y f(z) α z f(z) ) Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) (g(x) g(f(z))) (z f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

29 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The SAT solver performs conflict analysis and learns α y z α y f(z) Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = T (decision) α g(x) g(f(z)) = T (implied) α z f(z) = T (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) (g(x) g(f(z))) (z f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

30 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The SAT solver backjumps and removes the decision α y f(z) = T Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

31 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The SAT solver unit propagates α y f(z) = F Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = F (implied) Conjunction in the theory solver (x y) (y z) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

32 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The literal (y f(z)) is asserted to the theory solver Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = F (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

33 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The theory solver finds the current conjunction T EUF -satisfiable Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = F (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

34 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): All clauses in the propositional abstraction are satisfied Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = F (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

35 Example Consider the EUF -formula ( (x y) (y z)) ( (y f(z)) g(x) g(f(z))) ( (y f(z)) z f(z)) and its propositional abstraction ( α x y α y z ) ( α y f(z) α g(x) g(f(z)) ) ( α y f(z) α z f(z) ) (α y z α y f(z) ) A possible execution of CDCL(T ): The theory solver gives a model {x e 1,y e 1,z e 2,f(e 2 ) e 3,...} Trail in the CDCL SAT solver α x y = T (decision) α y z = F (implied) α y f(z) = F (implied) Conjunction in the theory solver (x y) (y z) (y f(z)) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

36 Theory-Implied Literals Sometimes it is possible for the theory solver to deduce the values for some non-asserted atoms A T -literal l for which C = T l holds, C being the conjunction of currently asserted T -literals, is called a T -implied literal For instance, if we have a CNF formula... (a x y) ( (y f(z)) c g(y) g(z)) ( a (x z)). and the literals x y, y f(z), and (g(y) g(z)) have been asserted, then (x z) is a T EUF -implied literal The CDCL SAT solver can then assign the value to the (propositional abstraction of the) literal Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

37 For the conflict analysis, the CDCL SAT solver needs a reason for the assigned literal: a T -explanation for each T -implied literal l is a subset C C of the asserted literals such that C = T l In the example above, {x y, (g(y) g(z))} is a T EUF -explanation for (x z) and the CDCL SAT-solver interpretes this as the clause α x y α g(y) g(z) α x z, i.e., α x y α g(y) g(z) α x z To support theory-implied literals, we can augment our (simple) theory solver interface with the following methods: getimplied() returns a set of T -implied literals l implied by the current conjunction (i.e., literals l = A i or l = A i not appearing in C for which C = T l holds) explain(l) for a T -implied literal returns a T -explanation for l, i.e., a subset C C of the current conjunction for which c = T l holds Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

38 Equality with Uninterpreted Functions Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

39 We present a decision procedure for quantifier-free conjunctions of T EUF -literals Only a high-level sketch; details, optimizations and analysis can be found in the references given later The main idea: maintain an equivalence relation over the terms in the formula Start with the discrete relation (a term is only equivalent to itself) When new equalities are asserted, 1 merge equivalence classes, and 2 apply the function congruence closure rule Remember asserted disequalities and compare against them The algorithm and its variants are commonly called the congruence closure algorithm Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

40 Recall the function congruence rule (x 1 = y 1 )... (x n = y n ) f(x 1,...,x n ) = f(y 1,...,y n ) An equivalence relation over a set of terms is closed under the rule if (t 1 u 1 )... (t n u n ) f(t 1,...,t n ) f(u 1,...,u n ) holds whenever t 1,...,t n,u 1,...u n,f(t 1,...,t n ),f(u 1,...,u n ) are terms in the set Example The equivalence relation {{x 1,x 2,x 3 },{f(x 1 ),f(x 3 )},{g(x 2,f(x 3 ))},{g(x 2,f(x 1 ))}} is not closed under the function congruence rule but is {{x 1,x 2,x 3 },{f(x 1 ),f(x 3 )},{g(x 2,f(x 3 )),g(x 2,f(x 1 ))}} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

41 Implementing equivalence classes Equivalence classes with merges can be implemented with, e.g., the union-find data structure Each element is associated with a root pointer initialized to point to the element itself, and a rank, initialized to, to keep the constructed tree balanced def find(e): while e.root e: e e.root return e def merge(e 1,e 2 ): r 1 find(e 1 ), r 2 find(e 2 ) if r 1 = r 2 : return if r 1.rank < r 2.rank: r 1.root r 2 else if r 1.rank > r 2.rank: r 2.root r 1 else: r 1.root r 2 r 2.rank r 2.rank + 1 Example e 1 e 2 e 3 e 4 e 5 Assume the elements e 1,...,e 5 Initially, each is in its own class. Thus e i e j when i j Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

42 Implementing equivalence classes Equivalence classes with merges can be implemented with, e.g., the union-find data structure Each element is associated with a root pointer initialized to point to the element itself, and a rank, initialized to, to keep the constructed tree balanced def find(e): while e.root e: e e.root return e def merge(e 1,e 2 ): r 1 find(e 1 ), r 2 find(e 2 ) if r 1 = r 2 : return if r 1.rank < r 2.rank: r 1.root r 2 else if r 1.rank > r 2.rank: r 2.root r 1 else: r 1.root r 2 r 2.rank r 2.rank + 1 Example e 1 e 2 e 3 e 4 e 5 1 Assume the elements e 1,...,e 5 Execute merge(e 1,e 2 ) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

43 Implementing equivalence classes Equivalence classes with merges can be implemented with, e.g., the union-find data structure Each element is associated with a root pointer initialized to point to the element itself, and a rank, initialized to, to keep the constructed tree balanced def find(e): while e.root e: e e.root return e def merge(e 1,e 2 ): r 1 find(e 1 ), r 2 find(e 2 ) if r 1 = r 2 : return if r 1.rank < r 2.rank: r 1.root r 2 else if r 1.rank > r 2.rank: r 2.root r 1 else: r 1.root r 2 r 2.rank r 2.rank + 1 Example e 1 e 2 e 3 e 4 e Assume the elements e 1,...,e 5 Execute merge(e 1,e 2 ) Execute merge(e 5,e 4 ) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

44 Implementing equivalence classes Equivalence classes with merges can be implemented with, e.g., the union-find data structure Each element is associated with a root pointer initialized to point to the element itself, and a rank, initialized to, to keep the constructed tree balanced def find(e): while e.root e: e e.root return e def merge(e 1,e 2 ): r 1 find(e 1 ), r 2 find(e 2 ) if r 1 = r 2 : return if r 1.rank < r 2.rank: r 1.root r 2 else if r 1.rank > r 2.rank: r 2.root r 1 else: r 1.root r 2 r 2.rank r 2.rank + 1 Example e 1 e 2 e 3 e 4 e Assume the elements e 1,...,e 5 Execute merge(e 1,e 2 ) Execute merge(e 5,e 4 ) Execute merge(e 1,e 5 ) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

45 Implementing equivalence classes Equivalence classes with merges can be implemented with, e.g., the union-find data structure Each element is associated with a root pointer initialized to point to the element itself, and a rank, initialized to, to keep the constructed tree balanced def find(e): while e.root e: e e.root return e def merge(e 1,e 2 ): r 1 find(e 1 ), r 2 find(e 2 ) if r 1 = r 2 : return if r 1.rank < r 2.rank: r 1.root r 2 else if r 1.rank > r 2.rank: r 2.root r 1 else: r 1.root r 2 r 2.rank r 2.rank + 1 Example e 1 e 2 e 3 e 4 e Assume the elements e 1,...,e 5 Execute merge(e 1,e 2 ) Execute merge(e 5,e 4 ) Execute merge(e 1,e 5 ) find(e 1 ) = e 4 = find(e 5 ) and thus e 1 e 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

46 Asserting equality and disequality atoms Consider all terms in atoms and their sub-terms Initially, each is in its own equivalence class Asserting an equality between terms: Merge the corresponding classes Apply the congruence rules Check if a recorded disequality is violated Asserting a disequality between terms: Check if the terms are equivalent Record the disequality def assert(t u): pending {(t,u)} while pending not empty: pop a (v,w) from pending if find(v) = find(w): continue merge(v, w) for each pair v, w such that 1. find(v ) find(w ) 2. v := f(v 1,...,v n) and w := f(w 1,...,w n) 3. find(v 1 ) = find(w 1 ),...,find(v n) = find(w n) add (v,w ) in pending for each recorded v w: if find(v) = find(w): return false return true def assert( (t u)): if find(t) = find(u): return false record t u return true Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

47 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms Initially, the equivalence classes are {x},{t 1 },{t 2 },{t 3 },{t 4 },{t 5 } t 5 t 4 f f t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

48 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms Initially, the equivalence classes are {x},{t 1 },{t 2 },{t 3 },{t 4 },{t 5 } t 5 t 4 f f 1. Asserting f(f(f(x))) x merges t 3 and x: {x,t 3 },{t 1 },{t 2 },{t 4 },{t 5 } t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

49 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms 1. Asserting f(f(f(x))) x merges t 3 and x: {x,t 3 },{t 1 },{t 2 },{t 4 },{t 5 } t 5 t 4 f f 2. x t 3 implies t 1 := f(x) t 4 := f(t 3 ): {x,t 3 },{t 1,t 4 },{t 2 },{t 5 } t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

50 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms 2. x t 3 implies t 1 := f(x) t 4 := f(t 3 ): {x,t 3 },{t 1,t 4 },{t 2 },{t 5 } t 5 t 4 f f 3. t 1 t 4 implies t 2 := f(t 1 ) t 5 := f(t 4 ): {x,t 3 },{t 1,t 4 },{t 2,t 5 } t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

51 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms 3. t 1 t 4 implies t 2 := f(t 1 ) t 5 := f(t 4 ): {x,t 3 },{t 1,t 4 },{t 2,t 5 } t 5 t 4 f f 4. Asserting f(f(f(f(f(x))))) x merges t 5 and x: {x,t 3,t 2,t 5 },{t 1,t 4 } t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

52 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms 4. Asserting f(f(f(f(f(x))))) x merges t 5 and x: {x,t 3,t 2,t 5 },{t 1,t 4 } t 5 t 4 f f 5. x t 2 implies t 1 = f(x) t 3 = f(t 2 ): {x,t 3,t 2,t 5,t 1,t 4 } t 3 f t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

53 Example Take the conjunction Parse tree f(f(f(x))) x f(f(f(f(f(x))))) x f(x) x and use the abbreviations t 1 := f(x), t 2 := f(f(x)) := f(t 1 ), t 3 := f(t 2 ), t 4 := f(t 3 ), t 5 := f(t 4 ) for the component terms 5. x t 2 implies t 1 = f(x) t 3 = f(t 2 ): {x,t 3,t 2,t 5,t 1,t 4 } t 5 t 4 f f Now t 1 := f(x) x and thus f(x) x should hold. t 3 f Therefore, the conjunction is unsatisfiable. t 2 f t 1 f x Union-find DS: x t 1 t 2 t 3 t 4 t 5 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

54 Implementation The equivalence classes can be implemented with the union-find data structure Finding congruent terms can be implemented with a hash table Backtracking equals to undoing the merges (and recomputing hash values) Model Construction Constructing models is easy: just assign the elements in each equivalence class into a distinct value Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

55 Implied Literals Propagation of positive atoms t 1 t 2 is fast: at each merge, check if t 1 and t 2 are merged to the same class if yes, report t 1 t 2 as implied literal Propagating negative literals requires more work: When asserting (t 1 t 2 ) and t 1 t 2 holds, report, for each atom t 1 t 2 with t 1 t 1 and t 2 t 2, the implied literal (t 1 t 2 ) When merging two classes, find atoms of form t 1 t 2 for which (i) t 1 or t 2 are in the merged class, and (ii) t 1 t 1 and t 2 t 2 hold for some recorded disequality t 1 t 2, and report the implied literal (t 1 t 2 ) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

56 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: Equivalence classes {x},{g(x)},{y},{z},{f(z)},{g(f(z))} Recorded disequalities {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

57 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: 1. assert x y Equivalence classes {x,y},{g(x)},{z},{f(z)},{g(f(z))} Recorded disequalities {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

58 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: 1. assert x y 2. assert (y z) (would imply (x z) but not an atom) Equivalence classes {x,y},{g(x)},{z},{f(z)},{g(f(z))} Recorded disequalities y z {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

59 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: 1. assert x y 2. assert (y z) (would imply (x z) but not an atom) 3. assert y f(z), merge g(x) and g(f(z)) Equivalence classes {x,y,f(z)},{g(x),g(f(z))},{z} Recorded disequalities y z {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

60 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: 1. assert x y 2. assert (y z) (would imply (x z) but not an atom) 3. assert y f(z), merge g(x) and g(f(z)) 4. implied literal g(x) g(f(z)) Equivalence classes {x,y,f(z)},{g(x),g(f(z))},{z} Recorded disequalities y z {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

61 Example Consider the formula (x y y z) (y f(z) g(x) g(f(z)) z f(z)) and a trace of assertions from the CDCL SAT solver part: 1. assert x y 2. assert (y z) (would imply (x z) but not an atom) 3. assert y f(z), merge g(x) and g(f(z)) 4. implied literal g(x) g(f(z)) 5. implied literal (z f(z)) as f(z) y and (y z) Equivalence classes {x,y,f(z)},{g(x),g(f(z))},{z} Recorded disequalities y z {} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

62 To produce explanations, one can remember in a reason graph each equality and disequality assertion, and for each implied literal, the immediate reason for the implication The reasons can then be recursively expanded to get the explanation consisting only of assertions For the above example, the reason graph could be The reason graph g(x) 4:x f(z) g(f(z)) 3:y f(z) x 1:x y y 2:y z z 5:f(z) y and y z f(z) The explanation for g(x) g(f(z)) is obtained by explaining the immediate reason x f(z) by explaining the path between x and f(z). The result is (x y) (y f(z)). Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

63 To produce explanations, one can remember in a reason graph each equality and disequality assertion, and for each implied literal, the immediate reason for the implication The reasons can then be recursively expanded to get the explanation consisting only of assertions For the above example, the reason graph could be The reason graph g(x) 4:x f(z) g(f(z)) 3:y f(z) x 1:x y y 2:y z z 5:f(z) y and y z f(z) The explanation for (z f(z)) is y z conjuncted with the explantion for f(z) y, i.e., the assertion y f(z). Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

64 Some further reading Classic papers on congruence closure: R. Shostak: An Algorithm for Reasoning About Equality, Commun. ACM 21(7): , 1978 P. Downey, R. Sethi, R. Tarjan: Variations on the Common Subexpression Problem, J. ACM 27(4): , 198 G. Nelson, D. Oppen: Fast Decision Procedures Based on Congruence Closure, J. ACM 27(2): , 198 A contemporary approach: R. Nieuwenhuis and A. Oliveras: Fast congruence closure and extensions, Inform. and Comput. 25(4), pp , 27 Fast algorithms for congruence closure. An extension to integer offsets, allowing atoms of form x = y + k for integer constants k, is also presented. Congruence closure in a theorem proving setting: L. Bachmair, A. Tiwari, L. Vigneron: Abstract Congruence Closure, J. Automated Reasoning 31(2): , 23 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

65 Difference Logic Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

66 A syntactic restriction of linear arithmetic where the atoms are of form x 1 x 2 c (or x 1 x 2 + c), where x 1 and x 2 are variables and c Q That is, they restrict the difference between x 1 and x 2 Integer- and real-valued versions RDL, Real Difference Logic IDL, Integer Difference Logic Example The formula (x < y + 3) (y z + 2) (z < x 4) is RDL-satisfiable (e.g., {x 1.5,y 1,z 3}) but IDL-unsatisfiable. Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

67 For simplicity, let us consider the integer case Only atoms of form x y + k, where k is an integer constant Other inequalities can be normalized to this form: x < y + k is equal to x y + (k 1) x y + k is equal to y x + k x > y + k is equal to y x + ( k 1) Handling equalities/disequalities: rewrite x = y + k into (x y + k) (x y + k) rewrite x y + k into ((x < y + k) (x > y + k)) in the formula level the SAT-solver takes care of case splitting (implicit disjunctions) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

68 From conjunctions to graphs Now an IDL-solver decides satisfiability of conjunctions of form where x i,y i are some variables φ := (x 1 y 1 + k 1 )... (x n y n + k n ) Associate φ to the corresponding constraint graph G φ, which is a directed edge-weighted graph with the vertex set consisting of the variables in φ, and k for each atom (x i y i + k i ) i in φ, G φ has an edge x i yi k 1 A path x 1 x 2... k m x m+1 for m 2 is a negative cycle if x m+1 = x 1 and 1 i m k i is negative Theorem A conjunction φ of the form above is satisfiable if and only if the constraint graph G φ has no negative cycles. Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

69 Example: An unsatisfiable conjunction The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph 6 x 3 1 x x 4 x 2 The constraint graph has a negative cycle x 1 x 3 x 2 x 1 Take (x 1 x 3 6) (x 3 x 2 + 2) (x 2 x1 + 3) (x1 x 3 6) (x 3 x 2 + 2) imply x x 3 x and thus x 1 x 2 4 (x1 x 2 4) (x 2 x 1 + 3) imply x x 2 x and thus x 1 x 1 1 and 1 The conjunction is unsatisfiable Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

70 Example: A satisfiable conjunction The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph x x x 4 x 2 The constraint graph has no negative cycles In fact, {x 1 2,x 2 1,x 3 3,x 4 4} is a model for the conjunction Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

71 Detecting negative cycles A solution: Add an extra root vertex r to G φ and an edge from it to each other vertex with weight to make the graph connected Run a single-source shortest path algorithm that is capable of detecting negative cycles from the root node r One such algorithm is the Bellman Ford algorithm: Each vertex x has (an upper bound) of the shortest distance w(x) from the root link to the parent vertex in a shortest path Initially, w(r) = and w(x) = for non-root vertices Iterate n times to compute shortest distances: For each vertex y do: w(y) min{w(x) + d x,y x d x,y y is and edge} A negative cycle exists if w(x) + d x,y < w(y) for some edge x d x,y y (A very basic version, optimizations exist) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

72 Detecting Negative Cycles With Bellman Ford: An Example In the beginning The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

73 Detecting Negative Cycles With Bellman Ford: An Example After 1st iteration The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

74 Detecting Negative Cycles With Bellman Ford: An Example After 2nd iteration The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 3 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

75 Detecting Negative Cycles With Bellman Ford: An Example After 3rd iteration The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 7 x 2 4 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

76 Detecting Negative Cycles With Bellman Ford: An Example After 4th iteration The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 7 x 2 4 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

77 Detecting Negative Cycles With Bellman Ford: An Example After 5th iteration The conjunction (x 1 x 3 6) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 7 x 2 4 Now w(x 3 ) + 2 < w(x 2 ) Thus we have a negative cycle We can find one such cycle by traversing the parent edges (in bold) backwards from x 3 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

78 Model construction Take a conjunction that is satisfiable Run the Bellman Ford algorithm For each x, w(x) is the minimum distance from the root node Take any equation x i x j + d i,j Now w(x i ) + d i,j w(x j ) holds (if w(x i ) + d i,j < w(x j ), w(x j ) would not be the minimum distance from the root) w(x i ) + d i,j w(x j ) is equal to w(x i ) w(x j ) d i,j, which equals to w(x i ) w(x j ) + d i,j Thus we get a model for the conjunction by taking for each x x w(x) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

79 Model construction: an example In the beginning The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

80 Model construction: an example After 1st iteration The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

81 Model construction: an example After 2nd iteration The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 3 x 2 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

82 Model construction: an example After 3rd iteration and onwards The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 6 x 2 3 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

83 Model construction: an example After 3rd iteration and onwards The conjunction (x 1 x 3 5) (x 1 x 4 3) (x 2 x 1 + 3) (x 3 x 2 + 2) (x 3 x 4 1) (x 4 x 2 + 5) The constraint graph r x x x 4 6 x 2 3 d i,j Now w(x i ) + d i,j w(x j ) for each edge x i x j We get the model {x 1,x 2 3,x 3 5,x 4 6} Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

84 Theory Implied Literals Observe that x y + c implies x y + c for all c c, and (x 1 x 2 + c 1 ) (x 2 x 3 + c 2 )... (x n 1 x n + c n 1 ) implies x 1 x n + 1 i n 1 c i Given a satisfiable conjunction φ and an atom x y + c, φ = LIA (x y + c) if (and only if) G φ has a path from x to y with weight c or less. Thus we can find all the implied atoms by computing all the shortest paths between the vertices in G φ This can be done with, e.g., the Floyd Warshall algorithm The explanation of a propagated atom x y + c is the conjunction of the atoms corresponding to the shortest path from x to y (More efficient algorithms exist, see the references) Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

85 Handling the real/rational case So far we assumed integer-valued solutions, i.e., the logic IDL What about RDL allowing real-valued solutions? One can use the approach in A. Armando, C. Castellini, E. Giunchiglia, M. Maratea: A SAT-Based Decision Procedure for the Boolean Combination of Difference Constraints, Proc. SAT 24, pp There, the problematic conjunctions of form x < y + c are rewritten into x y + c, where c = c 1 1 p (n 2 +1) and n is the number of variables in the difference logic atoms, and p is the maximal number of digits appearing the right-hand side of the decimal points in the constants of the difference logic atoms After this, similar algorithms can be used Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

86 Some further reading A. Armando, C. Castellini, E. Giunchiglia, M. Maratea: A SAT-Based Decision Procedure for the Boolean Combination of Difference Constraints, Proc. SAT 24, pp R. Nieuwenhuis and A. Oliveras: DPLL(T) with Exhaustive Theory Propagation and Its Application to Difference Logic, Proc. CAV 25, pp S. Cotton and O. Maler: Fast and Flexible Difference Constraint Propagation for DPLL(T), Proc. SAT 26, pp S. Lahiri, M. Musuvathi: An Efficient Decision Procedure for UTVPI Constraints, Proc. FroCoS 25, pp Negative-cycle detection algorithms: B. Cherkassky, A. Goldberg: Negative-cycle detection algorithms, Math. Program. 85(2): , 1999 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

87 Other theories Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

88 Linear Arithmetic Decision procedures for conjunctions of atoms such as Over reals: (x + 3y + 2z.5) ( y + 2z + w = 4)... Satisfiability can be solved in polynomial time but... variants of the simplex algorithm are used in practise although their worst-case time complexity is exponential Simplex algorithms in the SMT context are designed to allow efficient backtracking Over integers: NP-complete to determine the satisfiability of a conjunction of atoms Search and cutting planes Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

89 Some references for linear arithmetic M. Bozzano, R. Bruttomesso, A. Cimatti, T. Junttila, P. van Rossum, S. Schulz, R. Sebastiani: An Incremental and Layered Procedure for the Satisfiability of Linear Arithmetic Logic, Proc. TACAS 25, pp B. Dutertre and L. de Moura: A Fast Linear-Arithmetic Solver for DPLL(T), Proc. CAV 26, pp G. Faure, R. Nieuwenhuis, A. Oliveras, and E. Rodríguez-Carbonell: SAT Modulo the Theory of Linear Arithmetic: Exact, Inexact and Commercial Solvers, Proc. SAT 28, pp 77 9 A. Griggio: A Practical Approach to Satisfiability Modulo Linear Integer Arithmetic, J. Satisf. Boolean Model. Comput. 8(1/2):1 27, 212 D. Jovanović, L. de Moura: Cutting to the Chase Solving Linear Integer Arithmetic, J. Autom. Reasoning 51:79-18, 213 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

90 Nonlinear Arithmetic Nonlinear arithmetic over integers is undecidable Over reals decidable but challenging Some references: G. Passmore: Combined Decision Procedures for Nonlinear Arithmetics, Real and Complex, PhD Thesis, Univ. Edinburgh, 211 D. Jovanovic and L. de Moura: Solving Non-linear Arithmetic, Proc. IJCAR 212, pp S. Gao, J. Avigad and E. Clarke: Delta-Decidability over the Reals, Proc. LICS 212, pp B. Akbarpour, L. Paulson: MetiTarski: An Automatic Theorem Prover for Real-Valued Special Functions, J. Automated Reasoning 44(3):175 25, 21 Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51

91 Lazy Approaches for Bit-Vectors The lazy approach can also be used for bit-vectors Some references: Clark W. Barrett, David L. Dill, Jeremy R. Levitt: A Decision Procedure for Bit-Vector Arithmetic, Proc. DAC 1998, pp Anders Franzén: Efficient Solving of the Satisfiability Modulo Bit-Vectors Problem and Some Extensions to SMT, Doctoral dissertation, Univ. Trento, 21 L. Hadarean, K. Bansal, D. Jovanovic, C. Barrett, C. Tinelli: A Tale of Two Solvers: Eager and Lazy Approaches to Bit-Vectors, Proc. CAV 214, pp Tommi Junttila (Aalto University) Round 9: Satisfiability Modulo Theories, Part II CS-E322 DP / Spring / 51