Automated Reasoning. Summer Term 2012

Transcription

1 Automated Reasoning Marek Kosta Christoph Weidenbach Summer Term 2012 What is Computer Science about? Theory Graphics Data Bases Programming Languages Algorithms Hardware Bioinformatics Verification What is Automated Deduction about? Generic Problem Solving by a Computer Program. This document contains the text of the lecture slides (almost verbatim) plus some additional information, mostly proofs of theorems that are presented on the blackboard during the course. It is not a full script and does not contain the examples and additional explanations given during the lecture. Moreover it should not be taken as an example how to write a research paper neither stylistically nor typographically. 1

2 Introductory Example: Solving 4 4 Sudoku Start Solution Formal Model Represent board by a function f(x,y) mapping cells to their value Start N = f(1,1) 2 f(1,2) 1 f(3,3) 3 f(3,4) 1 f(4,1) 1 f(4,3) 2 is conjunction and the empty conjunction. A state is described by a triple (N;D;r) where N contains the equations for the starting Sudoku D a conjunction of further equations computed by the algorithm r {, } Initial state is (N; ; ). Asquare f(x,y)wherex,y {1,2,3,4}iscalled defined byn D ifthereisanequation f(x,y) z, z {1,2,3,4} in N or D. For otherwise f(x,y) it is called undefined. 2

3 Rule-Based Algorithm Deduce (N;D; ) (N;D f(x,y) 1; ) provided f(x,y) is undefined in N D, for any x,y {1,2,3,4}. Conflict (N;D; ) (N;D; ) provided for y z (i) f(x,y) = f(x,z) for f(x,y), f(x,z) defined in N D for some x,y,z or (ii) f(y,x) = f(z,x) for f(y,x), f(z,x) defined in N D for some x,y,z or (iii) f(x,y) = f(x,y ) for f(x,y), f(x,y ) defined in N D and [x,x {1,2} or x,x {3,4}] and [y,y {1,2} or y,y {3,4}] and x x or y y. Backtrack (N;D f(x,y) z D ; ) (N;D f(x,y) z +1; ) provided z < 4 and D = or D contains only equations of the form f(x,y ) 4. Fail (N;D; ) (N; ; ) provided D and D contains only equations of the form f(x,y) 4. Properties: Rules are applied don t care non-deterministically. An algorithm (set of rules) is sound if whenever it declares having found a solution it actually has computed a solution. It is complete if it finds a solution if one exists. It is terminating if it never runs forever. Proposition 0.1 (Soundness) The rules Deduce, Conflict, Backtrack and Fail are sound. Starting from an initial state (N; ; ): (i) for any final state (N;D; ), the equations in N D are a solution, and, (ii) for any final state (N; ; ) there is no solution to the initial problem. Proof. (i) So assume a final state (N;D; ) such that no rule is applicable. In particular, this means that for all x,y {1,2,3,4} the square f(x,y) is defined in N D as for otherwise Deduce would be applicable, contradicting that (N; D; ) is a final state. So all squares are defined by N D. What remains to be shown is that those assignments actually constitute a solution to the Sudoku. However, if some assignment in N D results in a repetition of a number in some column, row or 2 2 box of the Sudoku, then rule Conflict is applicable, contradicting that (N;D; ) is a final state. In sum, 3

4 (N;D; ) is a solution to the Sudoku and hence the rules Deduce, Conflict, Backtrack and Fail are sound. (ii) So assume that the initial problem (N; ; ) has a solution. We prove that in this case we cannot reach a state (N; ; ). Let (N;D; ) be anarbitrary state still having a solution. This includes the initial state if D =. We prove that we can correctly decide the next square. Since (N;D; ) still has a solution the only applicable rule is Deduce and we generate (N;D f(x,y) 1; ) for some x,y {1,2,3,4}. If (N;D f(x,y) 1; ) still has a solution we are done. So assume (N;D f(x,y) 1; ) does not have a solution anymore. But then eventually we will apply Conflict and Backtrack to a state (N;D f(x,y) 1 D ; ) where D only contains equations of the form f(x,y ) 4 resulting in (N;D f(x,y) 2; ). Now repeating the argument we will eventually reach a state (N;D f(x,y) k; ) that has a solution. Proposition 0.2 (Completeness) The rules Deduce, Conflict, Backtrack and Fail are complete. For any solution N D of the Sudoku there is a sequence of rule applications such that (N;D; ) is a final state. Proof. A particular strategy for the rule applications is needed to indeed generate (N;D; ) out of (N; ; ) for some solution N D. Without loss of generality we assume the assignments in D to be sorted such that assignments to a number k {1,2,3,4} precede any assignment to some number l > k. So if, for example, N does not assign all four values 1, then the first assignment in D is of the form f(x,y) 1 for some x, y. Now we apply the following strategy, subsequently adding all assignments from D to (N; ; ). Let us assume we have already achieved state (N;D ; ) and the next assignment from D to be established is f(x,y) k, meaning f(x,y) is not defined in N D. Then until l = k we do the following, starting from l = 1. We apply Deduce adding the assignment f(x,y) l. If Conflict is applicable to this assignment, we apply Backtrack, generating the new assignment f(x,y) l+1 and continue. We need to show that this strategy in fact eventually adds f(x,y) k to D. As long as l < k any added assignment f(x,y) l results in rule Conflict applicable, because D is ordered and all four values for all l < k arealready established. The eventual assignment f(x,y) k does not generate a conflict because D is a solution. For the same reason, the rule Fail is never applicable. Therefore, the strategy generates (N; D; ) out of (N; ; ). Proposition 0.3 (Termination) The rules Deduce, Conflict, Backtrack and Fail terminate on any input state (N; ; ). Proof. Once the rule Fail is applicable, no other rule is applicable on the result anymore. So we do not need to consider rule Fail for termination. The idea of the proof is that we assign a measure over the natural numbers to every state such that each rule 4

5 strictly decreases the measure and that the measure cannot get below 0. For any given state S = (N;D; ) with {, } with D = f(x 1,y 1 ) k 1... f(x n,y n ) k n we assign the measure µ(s) by µ(s) = 2 49 p n i=1 k i i where p = 0 if = and p = 1 otherwise. The measure µ(s) is well-defined and cannot become negative as n 16, p 1, and 1 k i 4 for any D. In particular, the former holds because the rule Deduce only adds values for undefined squares and the overall number of squares is bound to 16. What remains to be shown is that each rule application decreases µ. We do this by a case analysis over the rules. Deduce: µ((n;d; )) = 2 49 n i=1 k i i > 2 49 n i=1 k i i (n+1) = µ((n;d f(x,y) 1; )) Conflict: µ((n;d; )) = 2 49 n i=1 k i i > n i=1 k i i = µ((n;d; )) Backtrack: µ((n;d f(x l,y l ) k l D ; )) = ( l 1 i=1 k i i ) k l l n i=l+1 k i i > 2 49 ( l 1 i=1 k i i ) (k l + 1) l = µ(n;d f(x l,y l ) k l +1; ) in particular because l > n i=l+1 k i i +1. Confluence Another important property for don t care non-deterministic rule based definitions of algorithms is confluence. It means that whenever several sequences of rules are applicable to a given states, the respective results can be rejoined by further rule applications to a common problem state. Proposition 0.4 (Deduce and Conflict are Locally Confluent) Given a state(n; D; ) out of which two different states (N;D 1 ; ) and (N;D 2 ; ) can be generated by Deduce and Conflict in one step, respectively, then the two states can be rejoined to a state (N;D ; ) via further rule applications. Proof. Consider an application of Deduce and Conflict to a state (N;D; ) resulting in (N;D f(x,y) 1; ) and (N;D; ), respectively. We will now show that in fact we can rejoin the two states. Notice that since Conflict is applicable to (N;D; ) it is also applicable to (N;D f(x,y) 1; ). So the first sequence of rejoin steps is (N;D f(x,y) 1; ) (N;D f(x,y) 1; ) (N;D f(x,y) 2; ) (N;D f(x,y) 4; ) where we subsequently applied Conflict and Backtrack to reach the state (N; D f(x,y) 4; ) and abbreviates those finite number of rule applications. Finally applying Backtrack (or Fail) to (N;D; ) and (N;D f(x,y) 4; ) results in the same state. 5

6 Result It works. But: It looks like a lot of effort for a problem that one can solve with a little bit of thinking. Reason: Our approach is very general, it can actually be used to potentially solve any problem in computer science. This difference is also important for automated reasoning: For problems that are well-known and frequently used, we can develop optimal specialized methods. Algorithms & Data-structures For new/unknown/changing problems, we have to develop generic methods that do something useful. this lecture: Logic + Calculus + Implementation Combining the two approaches Automated Reasoning II (next semester): Logic modulo Theory + Calculus + Implementation Topics of the Course Preliminaries math repetition computer science repetition orderings induction (repetition) rewrite systems Propositional logic logic: syntax, semantics calculi: superposition, CDCL implementation: 2-watched literal, clause learning First-order predicate logic logic: syntax, semantics, model theory calculus: superposition implementation: sharing, indexing First-order predicate logic with equality 6

7 equational logic: unit equations calculus: term rewriting systems, Knuth-Bendix completion implementation: dependency pairs first-order logic with equality calculus: superposition implementation: rewriting Literature Is a big problem, actually you are the guinea-pigs for a new textbook. Franz Baader and Tobias Nipkow: Term rewriting and all that, Cambridge Univ. Press, (Textbook on equational reasoning) Armin Biere and Marijn Heule and Hans van Maaren and Toby Walsh (editors): Handbook of Satisfiability, IOS Press, (Be careful: Handbook, hard to read) Alan Robinson and Andrei Voronkov (editors): Handbook of Automated Reasoning, Vol I & II, Elsevier, (Be careful: Handbook, very hard to read) 1 Preliminaries math repetition computer science repetition orderings induction (repetition) rewrite systems 1.1 Mathematical Prerequisites N = {0,1,2,...} is the set of natural numbers N + is the set of positive natural numbers without 0 Z, Q, R denote the integers, rational numbers and the real numbers, respectively. 7

8 Multisets Given a set M, a multi-set S over M is a mapping S: M N, where S specifies the number of occurrences of elements m of the base set M within the multiset S. We use the standard set notations,,,, with the analogous meaning for multisets, e.g., (S 1 S 2 )(m) = S 1 (m)+s 2 (m). We also write multi-sets in a set like notation, e.g., the multi-set S = {1,2,2,4} denotes a multi-set over the set {1,2,3,4} where S(1) = 1, S(2) = 2, S(3) = 0, and S(4) = 1. A multi-set S over a set M is finite if {m M S(m) > 0} is finite. In this lecture we only consider finite multi-sets. Relations An n-ary relation R over some set M is a subset of M n : R M n. For two n-ary relations R,Q over some set M, their union ( ) or intersection ( ) is again an n-ary relation, where R Q := {(m 1,...,m n ) M (m 1,...,m n ) R or (m 1,...,m n ) Q} R Q := {(m 1,...,m n ) M (m 1,...,m n ) R and (m 1,...,m n ) Q}. A relation Q is a subrelation of a relation R if Q R. The characteristic function of a relation R or sometimes called predicate indicates membership. In addition of writing (m 1,...,m n ) R we also write R(m 1,...,m n ). So the predicate R(m 1,...,m n ) holds or is true if in fact (m 1,...,m n ) belongs to the relation R. Words Given a nonempty alphabet Σ the set Σ of finite words over Σ is defined by (i) the empty word ǫ Σ (ii) for each letter a Σ also a Σ (iii) if u,v Σ so uv Σ where uv denotes the concatenation of u and v. The length u of a word u Σ is defined by (i) ǫ := 0, (ii) a := 1 for any a Σ and (iii) uv := u + v for any u,v Σ. 8

9 1.2 Computer Science Prerequisites A little bit on computational complexity theory. Big O Let f(n) and g(n) be functions from the naturals into the non-negative reals. Then O(f(n)) = {g(n) c > 0 n 0 N + n n 0 g(n) c f(n)} We use, reads for all, and, reads exists, on the object and meta level. Decision Problem A decision problem is a subset L Σ for some fixed finite alphabet Σ. The function chr(l, x) denotes the characteristic function for some decision problem L and is defined by chr(l,u) = 1 if u L and chr(l,u) = 0 otherwise. A decision problem is solvable in polynomial-time iff its characteristic function can be computed in polynomial-time. The class P denotes all polynomial-time decision problems. NP A decision problem L is in NP iff there is a predicate Q(x,y) and a polynomial p(n) such that for all u Σ we have (i) u L iff there is an v Σ with v p( u ) and Q(u,v) holds, and (ii) the predicate Q is in P. Reducible,NP-Hard, NP-Complete A decision problem L is polynomial-time reducible to a decision problem L if there is a function g P such that for all u Σ we have u L iff g(u) L. For example, if L is reducible to L and L P then L P. A decision problem is NP-hard if every problem in NP is polynomial-time reducible to it. A decision problem is NP-complete if it is NP-hard and in NP. 9

10 1.3 Ordering Termination of rewrite systems and proof theory is strongly related to the concept of (well-founded) orderings. An ordering R is a binary relation on some set M. Relevant properties of orderings are: Depending on particular properties such as (reflexivity) x M R(x,x) (irreflexivity) x M R(x,x) (antisymmetry) x,y M (R(x,y) R(y,x) x = y) (transitivity) x,y,z M (R(x,y) R(y,z) R(x,z)) (totality) x,y M (R(x,y) R(y,x)) where = is the identity relation on M. The boolean connectives,, and read and, or, and implies, respectively. Partial Ordering A strict partial ordering on a set M is a transitive and irreflexive binary relation on M. An a M is called minimal, if there is no b in M such that a b. An a M is called smallest, if b a for all b M different from a. Notation: for the inverse relation 1 for the reflexive closure ( =) of Well-Foundedness A strict partial ordering on M is called well-founded (Noetherian), if there is no infinite descending chain a 0 a 1 a 2... with a i M. 10

11 Well-Foundedness and Termination Let, > be binary relations on the same set. Lemma 1.1 If > is a well-founded partial ordering and >, then is terminating. Lemma 1.2 If is a terminating binary relation over A, then + is a well-founded partial ordering. Proof. Transitivity of + is obvious; irreflexivity and well-foundedness follow from termination of. Well-Founded Orderings: Examples Natural numbers. (N, >) Lexicographic orderings. Let (M 1, 1 ),(M 2, 2 ) be well-founded orderings. Then let their lexicographic combination = ( 1, 2 ) lex on M 1 M 2 be defined as (a 1,a 2 ) (b 1,b 2 ) : a 1 1 b 1 or (a 1 = b 1 and a 2 2 b 2 ) (analogously for more than two orderings) This again yields a well-founded ordering (proof below). Length-based ordering on words. For alphabets Σ with a well-founded ordering > Σ, the relation defined as w w : w > w or ( w = w and w > Σ,lex w ) is a well-founded ordering on Σ (Exercise). Counterexamples: (Z,>) (N,<) the lexicographic ordering on Σ 11

12 Basic Properties of Well-Founded Orderings Lemma 1.3 (M, ) is well-founded if and only if every M M has a minimal element. Lemma 1.4 (M 1, 1 ) and (M 2, 2 ) are well-founded if and only if (M 1 M 2, ) with = ( 1, 2 ) lex is well-founded. Proof. (i) : Suppose (M 1 M 2, ) is not well-founded. Then there is an infinite sequence (a 0,b 0 ) (a 1,b 1 ) (a 2,b 2 )... Let A = {a i i 0} M 1. Since (M 1, 1 ) is well-founded, A has a minimal element a n. But then B = {b i i n} M 2 can not have a minimal element, contradicting the well-foundedness of (M 2, 2 ). (ii) : obvious. Monotone Mappings Let (M 1,> 1 ) and (M 2,> 2 ) be strict partial orderings. A mapping ϕ : M 1 M 2 is called monotone, if a > 1 b implies ϕ(a) > 2 ϕ(b) for all a,b M 1. Lemma 1.5 If ϕ is a monotone mapping from (M 1,> 1 ) to (M 2,> 2 ) and (M 2,> 2 ) is well-founded, then (M 1,> 1 ) is well-founded. Multiset Orderings Lemma 1.6 (König s Lemma) Every finitely branching tree with infinitely many nodes contains an infinite path. Let (M, ) be a strict partial ordering. The multiset extension of to multisets over M is defined by S 1 mul S 2 S 1 S 2 and m M: ( S 2 (m) > S 1 (m) m M: m m and S 1 (m ) > S 2 (m ) ) 12

13 1.4 Induction More or less all sets of objects in computer science or logic are defined inductively. Typically, this is done in a bottom-up way, where starting with some definite set, it is closed under a given set of operations. Example 1.7 (Inductive Sets) 1. The set of all Sudoku problem states, consists of the set of start states (N; ; ) for consistent assignments N plus all states that can be derived from the start states by the rules Deduce, Conflict, Backtrack, and Fail. This is a finite set. 2. The set N of the natural numbers, consists of 0 plus all numbers that can be computed from 0 by adding 1. This is an infinite set. 3. The set ofall strings Σ over a finitealphabet Σwhere all letters of Σarecontained in Σ and if u and v are words out of Σ so is the word uv. This is an infinite set. All the previous examples have in common that there is an underlying well-founded ordering on the sets induced by the construction. The minimal elements for the Sudoku are the problem states (N; ; ), for the natural numbers it is 0 and for the set of strings the empty word. Now if we want to prove a property of an inductive set it is sufficient to prove it (i) for the minimal element(s) and (ii) assuming the property for an arbitrary set of elements, to prove that it holds for all elements that can be constructed in one step out those elements. This is the principle of Noetherian Induction. Theorem 1.8 (Noetherian Induction) Let (M, ) be a well-founded ordering, let Q be a property of elements of M. If for all m M the implication if Q(m ) for all m M such that m m, 1 then Q(m). 2 is satisfied, then the property Q(m) holds for all m M. Proof. Let X = {m M Q(m) false}. Suppose, X. Since (M, ) is wellfounded, X has a minimal element m 1. Hence for all m M with m m 1 the property Q(m ) holds. On the other hand, the implication which is presupposed for this theorem holds in particular also for m 1, hence Q(m 1 ) must be true so that m 1 can not be in X. Contradiction. 1 induction hypothesis 2 induction step 13

14 Theorem 1.9 (Properties Multi-Set Ordering) (a) mul is a strict partial ordering. (b) well-founded mul well-founded. (c) total mul total. Proof. see Baader and Nipkow, page Rewrite Systems A rewrite system is a pair (A, ), where A is a set, A A is a binary relation on A. The relation is usually written in infix notation, i.e., a b instead of (a,b). Let A B and B C be two binary relations. Then the binary relation ( ) A C is defined by a ( ) c if and only if a b and b c for some b B. 0 = {(a,a) a A} identity i+1 = i i+1-fold composition + = i>0 i transitive closure = i 0 i = + 0 reflexive transitive closure = = 0 reflexive closure 1 = = {(b,c) c b} inverse = symmetric closure + = ( ) + transitive symmetric closure = ( ) refl. trans. symmetric closure b A is reducible, if there is a c such that b c. b is in normal form (irreducible), if it is not reducible. c is a normal form of b, if b c and c is in normal form. Notation: c = b (if the normal form of b is unique). 14

15 A relation is called terminating, if there is no infinite descending chain b 0 b 1 b 2... normalizing, if every b A has a normal form. Lemma 1.10 If is terminating, then it is normalizing. Note: The reverse implication does not hold. Confluence Let (A, ) be a rewrite system. b and c A are joinable, if there is an a such that b a c. Notation: b c. The relation is called Church-Rosser, if b c implies b c. confluent, if b a c implies b c. locally confluent, if b a c implies b c. convergent, if it is confluent and terminating. For a rewrite system (M, ) consider a sequence of elements a i that are pairwise connected by the symmetric closure, i.e., a 1 a 2 a 3... a n. We say that a i is a peak in such a sequence, if actually a i 1 a i a i+1. Theorem 1.11 The following properties are equivalent: (i) has the Church-Rosser property. (ii) is confluent. Proof. (i) (ii): trivial. (ii) (i): by induction on the number of peaks in the derivation b c. Lemma 1.12 If is confluent, then every element has at most one normal form. 15

16 Proof. Suppose that some element a A has normal forms b and c, then b a c. If is confluent, then b d c for some d A. Since b and c are normal forms, both derivations must be empty, hence b 0 d 0 c, so b, c, and d must be identical. Corollary 1.13 If is normalizing and confluent, then every element b has a unique normal form. Proposition 1.14 If is normalizing andconfluent, then b c if andonly if b = c. Proof. Either using Thm or directly by induction on the length of the derivation of b c. Confluence and Local Confluence Theorem 1.15 ( Newman s Lemma ) If a terminating relation is locally confluent, then it is confluent. Proof. Let be a terminating and locally confluent relation. Then + is a wellfounded ordering. Define Q(a) ( b,c : b a c b c ). We prove Q(a) for all a A by well-founded induction over + : Case 1: b 0 a c: trivial. Case 2: b a 0 c: trivial. Case 3: b b a c c: use local confluence, then use the induction hypothesis. 16

17 2 Propositional Logic Propositional logic logic of truth values decidable (but NP-complete) can be used to describe functions over a finite domain industry standard for many analysis/verification tasks growing importance for discrete optimization problems (Automated Reasoning II) 2.1 Syntax propositional variables logical connectives Boolean connectives and constants Propositional Variables Let Σ be a set of propositional variables also called the signature of the (propositional) logic. We use letters P, Q, R, S, to denote propositional variables. Propositional Formulas PROP(Σ) is the set of propositional formulas over Σ inductively defined as follows: φ, ψ ::= (falsum) (verum) P, P Σ (atomic formula) ( φ) (negation) (φ ψ) (conjunction) (φ ψ) (disjunction) (φ ψ) (implication) (φ ψ) (equivalence) 17

18 Notational Conventions As a notational convention we assume that binds strongest, and we remove outermost parenthesis, so P Q is actually a shorthand for (( P) Q). For all other logical connectives we will explicitly put parenthesis when needed. From the semantics we will see that and are associative and commutative. Therefore instead of ((P Q) R) we simply write P Q R. Automated reasoning is very much formula manipulation. In order to precisely represent the manipulation of a formula, we introduce positions. Formula Manipulation A position is a word over N. The set of positions of a formula φ is inductively defined by where {,,, }. pos(φ) := {ǫ} if φ {, } or φ Σ pos( φ) := {ǫ} {1p p pos(φ)} pos(φ ψ) := {ǫ} {1p p pos(φ)} {2p p pos(ψ)} The prefixorder onpositions isdefined byp q if thereissome p such that pp = q. Note that the prefix order is partial, e.g., the positions 12 and 21 are not comparable, they are parallel, see below. By < we denote the strict part of, i.e., p < q if p q but not q p. By we denote incomparable positions, i.e., p q if neither p q, nor q p. Then we say that p is above q if p q, p is strictly above q if p < q, and p and q are parallel if p q. The size of a formula φ is given by the cardinality of pos(φ): φ := pos(φ). The subformula of φ at position p pos(φ) is recursively defined by {,,, }. φ ǫ := φ φ 1p := φ p (φ 1 φ 2 ) ip := φ i p where i {1,2} Finally, the replacement of a subformula at position p pos(φ) by a formula ψ is recursively defined by 18

19 φ[ψ] ǫ := ψ ( φ)[ψ] 1p := (φ[ψ] p ) (φ 1 φ 2 )[ψ] 1p := (φ 1 [ψ] p φ 2 ) (φ 1 φ 2 )[ψ] 2p := (φ 1 φ 2 [ψ] p ) where {,,, }. Example 2.1 The set of positions for the formula φ = (A B) (A B) is pos(φ) = {ǫ,1,11,12,2,21,22}. The subformula at position 22 is B, φ 22 = B and replacing this formula by A B results in φ[a B] 22 = (A B) (A (A B)). A further prerequisite for efficient formula manipulation is the polarity of a subformula ψ of φ. The polarity determines the number of negations starting from φ down to ψ. It is 1 for an even number along the path, 1 for an odd number and 0 if there is at least one equivalence connective along the path. The polarity of a subformula ψ of φ at position p, i {1,2} is recursively defined by pol(φ,ǫ) := 1 pol( φ,1p) := pol(φ,p) pol(φ 1 φ 2,ip) := pol(φ i,p) if {, } pol(φ 1 φ 2,1p) := pol(φ 1,p) pol(φ 1 φ 2,2p) := pol(φ 2,p) pol(φ 1 φ 2,ip) := 0 Example 2.2 We reuse the formula φ = (A B) (A B) Then pol(φ,1) = pol(φ,11) = 1 andpol(φ,2) = pol(φ,22) = 1. Fortheformulaφ = (A B) (A B) we get pol(φ,ǫ) = 1 and pol(φ,p) = 0 for all other p pos(φ ), p ǫ. 19

20 2.2 Semantics In classical logic (dating back to Aristoteles) there are only two truth values true and false which we shall denote, respectively, by 1 and 0. There are multi-valued logics having more than two truth values. Valuations A propositional variable has no intrinsic meaning. The meaning of a propositional variable has to be defined by a valuation. A Σ-valuation is a map A : Σ {0,1}. where {0,1} is the set of truth values. Truth Value of a Formula in A Given a Σ-valuation A, the function can be extended to A : PROP(Σ) {0,1} by: A( ) = 0 A( ) = 1 A( φ) = 1 A(φ) A(φ ψ) = min({a(φ),a(ψ)}) A(φ ψ) = max({a(φ),a(ψ)}) A(φ ψ) = max({(1 A(φ)),A(ψ)}) A(φ ψ) = if A(φ) = A(ψ) then 1 else Models, Validity, and Satisfiability φ is valid in A (A is a model of φ; φ holds under A): A = φ : A(φ) = 1 φ is valid (or is a tautology): = φ : A = φ for all Σ-valuations A φ is called satisfiable if there exists an A such that A = φ. Otherwise φ is called unsatisfiable (or contradictory). 20

21 Entailment and Equivalence φ entails (implies) ψ (or ψ is a consequence of φ), written φ = ψ, if for all Σ-valuations A we have A = φ A = ψ. φ and ψ are called equivalent, written φ = ψ, if for all Σ-valuations A we have A = φ A = ψ. Proposition 2.3 φ = ψ if and only if = (φ ψ). Proof. ( ) Suppose that φ entails ψ. Let A be an arbitrary Σ-valuation. We have to show that A = φ ψ. If A(φ) = 1, then A(ψ) = 1 (since φ = ψ), and hence A(φ ψ) = 1. Otherwise if A(φ) = 0, then A(φ ψ) = max({1,a(ψ)}) = 1 independently of A(ψ). In both cases, A = φ ψ. ( ) Suppose that φ does not entail ψ. Then there exists a Σ-valuation A such that A = φ, but not A = ψ. Consequently, A(φ ψ) = max({(1 A(φ)),A(ψ)}) = max({0,0}) = 0, so (φ ψ) does not hold in A. Proposition 2.4 φ = ψ if and only if = (φ ψ). Proof. Analogously to Prop Entailment is extended to sets of formulas N in the natural way : N = φ if for all Σ-valuations A: if A = ψ for all ψ N, then A = φ. Note: formulas are always finite objects; but sets of formulas may be infinite. Therefore, it is in general not possible to replace a set of formulas by the conjunction of its elements. Validity vs. Unsatisfiability Validity and unsatisfiability are just two sides of the same medal as explained by the following proposition. Proposition 2.5 φ is valid if and only if φ is unsatisfiable. Proof. ( ) If φ is valid, then A(φ) = 1 for every valuation A. Hence A( φ) = (1 A(φ)) = 0 for every valuation A, so φ is unsatisfiable. ( ) Analogously. 21

22 Hence in order to design a theorem prover (validity checker) it is sufficient to design a checker for unsatisfiability. In a similar way, entailment N = φ can be reduced to unsatisfiability: Proposition 2.6 N = φ if and only if N { φ} is unsatisfiable. Checking Unsatisfiability Every formula φ contains only finitely many propositional variables. Obviously, A(φ) depends only on the values of those finitely many variables in φ under A. If φ contains n distinct propositional variables, then it is sufficient to check 2 n valuations to see whether φ is satisfiable or not. truth table. So the satisfiability problem is clearly decidable(but, by Cook s Theorem, NP-complete). Nevertheless, in practice, there are (much) better methods than truth tables to check the satisfiability of a formula. (later more) Truth Table Let φ be a propositional formula over variables P 1,...,P n and k = pos(φ). Then a complete truth table for φ is a table with n+k columns and 2 n +1 rows of the form P 1... P n φ p1... φ pk A 1 (φ p1 )... A 1 (φ pk ) A 2 n(φ p1 )... A 2 n(φ pk ) such that the A i are exactly the 2 n different valuations for P 1,...,P n and either p i p i+j or p i p i+j, in particular p k = ǫ and φ pk = φ for all i,j 0, i+j k. Truth tables can be used to check validity, satisfiability or unsatisfiability of a formula in a systematic way. They have the nice property that if the rows are filled from left to right, then in order to compute A i (φ pj ) the values for A i of φ pj h are already computed, h {1,2}. 22

23 Substitution Theorem Proposition 2.7 Let φ 1 and φ 2 be equivalent formulas, and ψ[φ 1 ] p be a formula in which φ 1 occurs as a subformula at position p. Then ψ[φ 1 ] p is equivalent to ψ[φ 2 ] p. Proof. The proof proceeds by induction over the formula structure of ψ. Each of the formulas,, and P for P Σ contains only one subformula, namely itself. Hence, if ψ = ψ[φ 1 ] ǫ equals,, or P, then ψ[φ 1 ] ǫ = φ 1, ψ[φ 2 ] ǫ = φ 2, and we are done by assumption. If ψ = ψ 1 ψ 2, then either p = ǫ (this case is treated as above), or φ 1 is a subformula of ψ 1 or ψ 2 at position 1p or 2p, respectively. Without loss of generality, assume that φ 1 is a subformula of ψ 1, so ψ = ψ 1 [φ 1 ] p ψ 2. By the induction hypothesis, ψ 1 [φ 1 ] p and ψ 1 [φ 2 ] p are equivalent. Hence, for any valuation A, A(ψ[φ 1 ] 1p ) = A(ψ 1 [φ 1 ] p ψ 2 ) = min({a(ψ 1 [φ 1 ] p ),A(ψ 2 )}) = min({a(ψ 1 [φ 2 ] p ),A(ψ 2 )}) = A(ψ 1 [φ 2 ] p ψ 2 ) = A(ψ[φ 2 ] 1p ). The other boolean connectives are handled analogously. Equivalences Proposition 2.8 The following equivalences are valid for all formulas φ, ψ, χ: (φ φ) φ Idempotency (φ φ) φ Idempotency (φ ψ) (ψ φ) Commutativity (φ ψ) (ψ φ) Commutativity (φ (ψ χ)) ((φ ψ) χ) Associativity (φ (ψ χ)) ((φ ψ) χ) Associativity (φ (ψ χ)) (φ ψ) (φ χ) Distributivity (φ (ψ χ)) (φ ψ) (φ χ) Distributivity (φ (φ ψ)) φ Absorption (φ (φ ψ)) φ Absorption (φ φ) Introduction (φ φ) Introduction (φ ψ) ( φ ψ) De Morgan (φ ψ) ( φ ψ) De Morgan Propagate Propagate 23

24 (φ ) φ Absorption (φ ) φ Absorption (φ ) φ Eliminate (φ ) φ Eliminate (φ ) φ Eliminate (φ ) Propagate (φ ) Propagate (φ ψ) ( φ ψ) Eliminate (φ ψ) (φ ψ) (ψ φ) Eliminate1 (φ ψ) (φ ψ) ( φ ψ) Eliminate2 For simplification purposes the equivalences are typically applied as left to right rules. 2.4 Normal Forms We define conjunctions of formulas as follows: 0 i=1 φ i =. 1 i=1 φ i = φ 1. n+1 i=1 φ i = n i=1 φ i φ n+1. and analogously disjunctions: 0 i=1 φ i =. 1 i=1 φ i = φ 1. n+1 i=1 φ i = n i=1 φ i φ n+1. Literals and Clauses A literal is either a propositional variable P or a negated propositional variable P. A clause is a (possibly empty) disjunction of literals. 24

25 CNF and DNF Aformula isinconjunctive normal form(cnf, clause normal form), if it isaconjunction of disjunctions of literals (or in other words, a conjunction of clauses). A formula is in disjunctive normal form (DNF), if it is a disjunction of conjunctions of literals. Warning: definitions in the literature differ: are complementary literals permitted? are duplicated literals permitted? are empty disjunctions/conjunctions permitted? Checking the validity of CNF formulas or the unsatisfiability of DNF formulas is easy: A formula in CNF is valid, if and only if each of its disjunctions contains a pair of complementary literals P and P. Conversely, a formula in DNF is unsatisfiable, if and only if each of its conjunctions contains a pair of complementary literals P and P. On the other hand, checking the unsatisfiability of CNF formulas or the validity of DNF formulas is known to be conp-complete. Conversion to CNF/DNF Proposition 2.9 For every formula there is an equivalent formula in CNF (and also an equivalent formula in DNF). Proof. We consider the case of CNF and propose a naive algorithm. Apply the following rules as long as possible (modulo associativity and commutativity of and ): Step 1: Eliminate equivalences: φ[(ψ 1 ψ 2 )] p ECNF φ[(ψ 1 ψ 2 ) (ψ 1 ψ 2 )] p Step 2: Eliminate implications: φ[(ψ 1 ψ 2 )] p ECNF φ[( ψ 1 ψ 2 )] p 25

26 Step 3: Push negations downward: φ[ (ψ 1 ψ 2 )] p ECNF φ[( ψ 1 ψ 2 )] p φ[ (ψ 1 ψ 2 )] p ECNF φ[( ψ 1 ψ 2 )] p Step 4: Eliminate multiple negations: φ[ ψ] p ECNF φ[ψ] p Step 5: Push disjunctions downward: φ[(ψ 1 ψ 2 ) χ] p ECNF φ[(ψ 1 χ) (ψ 2 χ)] p Step 6: Eliminate and : φ[(ψ )] p ECNF φ[ψ] p φ[(ψ )] p ECNF φ[ ] p φ[(ψ )] p ECNF φ[ ] p φ[(ψ )] p ECNF φ[ψ] p φ[ ] p ECNF φ[ ] p φ[ ] p ECNF φ[ ] p Proving termination is easy for steps 2, 4, and 6; steps 1, 3, and 5 are a bit more complicated. For step 1, we can prove termination in the following way: We define a function µ from formulas to positive integers such that µ( ) = µ( ) = µ(p) = 1, µ( φ) = µ(φ), µ(ψ 1 ψ 2 ) = µ(ψ 1 ψ 2 ) = µ(ψ 1 ψ 2 ) = µ(ψ 1 ) + µ(ψ 2 ), and µ(φ ψ) = 2µ(φ) + 2µ(ψ) + 1. Observe that µ is constructed in such a way that µ(φ 1 ) > µ(φ 2 ) implies µ(ψ[φ 1 ] p ) > µ(ψ[φ 2 ] p ) for all formulas φ 1, φ 2, andψ and positions p. Using this property, we can show that whenever a formula χ is the result of applying the rule of step 1 to a formula χ, then µ(χ) > µ(χ ). Since µ takes only positive integer values, step 1 must terminate. Termination of steps 3 and 5 is proved similarly. For step 3, we use a function µ from formulas to positive integers such that µ( ) = µ( ) = µ(p) = 1, µ( φ) = 2µ(φ), µ(φ ψ) = µ(φ ψ) = µ(φ ψ) = µ(φ ψ) = µ(φ)+µ(ψ)+1. Whenever a formula χ is the result of applying a rule of step 3 to a formula χ, then µ(χ) > µ(χ ). Since µ takes only positive integer values, step 3 must terminate. For step 5, we use a function µ from formulas to positive integers such that µ( ) = µ( ) = µ(p) = 1, µ( φ) = µ(φ) + 1, µ(φ ψ) = µ(φ ψ) = µ(φ ψ) = µ(φ) + 26

27 µ(ψ) + 1, and µ(φ ψ) = 2µ(φ)µ(ψ). Again, if a formula χ is the result of applying a rule of step 5 to a formula χ, then µ(χ) > µ(χ ). Since µ takes only positive integer values, step 5 terminates, too. The resulting formula is equivalent to the original one and in CNF. The conversion of a formula to DNF works in the same way, except that conjunctions have to be pushed downward in step 5. Complexity Conversion to CNF (or DNF) may produce a formula whose size is exponential in the size of the original one. Negation Normal Form (NNF) The formula after application of Step 4 is said to be in Negation Normal Form, i.e., it does not contain, and negation symbols only occur in front of propositional variables (atoms). Satisfiability-preserving Transformations The goal find a formula ψ in CNF such that φ = ψ is unpractical. But if we relax the requirement to find a formula ψ in CNF such that φ = ψ = we can get an efficient transformation. Idea: A formula ψ[φ] p is satisfiable if and only if ψ[p] p (P φ) is satisfiable where P is a new propositional variable that does not occur in ψ and works as an abbreviation for φ. We can use this rule recursively for all subformulas in the original formula (this introduces a linear number of new propositional variables). Conversion of the resulting formula to CNF increases the size only by an additional factor (each formula P φ gives rise to at most one application of the distributivity law). 27

28 Optimized Transformations A further improvement is possible by taking the polarity of the subformula into account. For example if ψ[φ 1 φ 2 ] p and pol(ψ,p) = 1 then for CNF transformation do ψ[(φ 1 φ 2 ) ( φ 1 φ 2 )] p. Proposition 2.10 Let P be a propositional variable not occurring in ψ[φ] p. If pol(ψ,p) = 1, then ψ[φ] p is satisfiable if and only if ψ[p] p (P φ) is satisfiable. If pol(ψ,p) = 1, then ψ[φ] p is satisfiable if and only if ψ[p] p (φ P) is satisfiable. If pol(ψ,p) = 0, then ψ[φ] p is satisfiable if and only if ψ[p] p (P φ) is satisfiable. Proof. Exercise. The number of eventually generated clauses is a good indicator for useful CNF transformations: ψ ν(ψ) ν(ψ) φ 1 φ 2 ν(φ 1 )+ν(φ 2 ) ν(φ 1 ) ν(φ 2 ) φ 1 φ 2 ν(φ 1 )ν(φ 2 ) ν(φ 1 )+ ν(φ 2 ) φ 1 φ 2 ν(φ 1 )ν(φ 2 ) ν(φ 1 )+ ν(φ 2 ) φ 1 φ 2 ν(φ 1 ) ν(φ 2 )+ ν(φ 1 )ν(φ 2 ) ν(φ 1 )ν(φ 2 )+ ν(φ 1 ) ν(φ 2 ) φ 1 ν(φ 1 ) ν(φ 1 ) P,, 1 1 Optimized CNF Step 1: Exhaustively apply modulo C of, AC of, : φ[(ψ )] p OCNF φ[ψ] p φ[(ψ )] p OCNF φ[ψ] p φ[(ψ )] p OCNF φ[ ψ] p φ[(ψ )] p OCNF φ[ψ] p φ[(ψ )] p OCNF φ[ ] p φ[(ψ )] p OCNF φ[ ] p 28

29 φ[(ψ ψ)] p OCNF φ[ψ] p φ[(ψ ψ)] p OCNF φ[ψ] p φ[(ψ 1 (ψ 1 ψ 2 ))] p OCNF φ[ψ 1 ] p φ[(ψ 1 (ψ 1 ψ 2 ))] p OCNF φ[ψ 1 ] p φ[(ψ ψ)] p OCNF φ[ ] p φ[(ψ ψ)] p OCNF φ[ ] p φ[ ] p OCNF φ[ ] p φ[ ] p OCNF φ[ ] p φ[(ψ )] p OCNF φ[ ψ] p φ[(ψ )] p OCNF φ[ ] p φ[( ψ)] p OCNF φ[ ] p φ[( ψ)] p OCNF φ[ψ] p Step 2: Introduce top-down fresh variables for beneficial subformulas: ψ[φ] p OCNF ψ[p] p def(ψ,p,p) where P is new to ψ[φ] p, def(ψ,p,p) is defined polarity dependent according to Proposition 2.10 and ν(ψ[φ] p ) > ν(ψ[p] p def(ψ,p,p)). Remark: Althoughcomputing ν isnotpracticalingeneral, thetestν(ψ[φ] p ) > ν(ψ[p] p def(ψ,p,p)) can be computed in constant time. Step 3: Eliminate equivalences polarity dependent: φ[ψ 1 ψ 2 ] p OCNF φ[(ψ 1 ψ 2 ) (ψ 2 ψ 1 )] p if pol(φ,p) = 1 or pol(φ,p) = 0 φ[ψ 1 ψ 2 ] p OCNF φ[(ψ 1 ψ 2 ) ( ψ 2 ψ 1 )] p if pol(φ,p) = 1 29

30 Step 4: Apply steps 2, 3, 4, 5 of ECNF Remark: The OCNF algorithm is already close to a state of the art algorithm. Missing are further redundancy tests and simplification mechanisms we will discuss later on in this section. 2.5 Superposition for PROP(Σ) Superposition for PROP(Σ) is: resolution (Robinson 1965) + ordering restrictions (Bachmair & Ganzinger 1990) + abstract redundancy criterion (B&G 1990) + partial model construction (B & G 1990) + partial-model based inference restriction (Weidenbach) Resolution for PROP(Σ) A calculus is a set of inference and reduction rules for a given logic (here PROP(Σ)). We only consider calculi operating on a set of clauses N. Inference rules add new clauses to N whereas reduction rules remove clauses from N or replace clauses by simpler ones. We are only interested in unsatisfiability, i.e., the considered calculi test whether a clause set N is unsatisfiable. So, in order to check validity of a formula φ we check unsatisfiability of the clauses generated from φ. For clauses we switch between the notation as a disjunction, e.g., P Q P R, and the notation as a multiset, e.g., {P,Q,P, R}. This makes no difference as we consider in the context of clauses always modulo AC. Note that, the empty disjunction, corresponds to, the empty multiset. For literals we write L, possibly with subscript.. If L = P then L = P and if L = P then L = P, so the bar flips the negation of a literal. Clauses are typically denoted by letters C, D, possibly with subscript. The resolution calculus consists of the inference rules resolution and factoring: Resolution I C 1 P C 2 P C 1 C 2 Factoring I C L L C L 30

31 where C 1, C 2, C always stand for clauses, all inference/reduction rules are applied with respect to AC of. Given a clause set N the schema above the inference bar is mapped to N and the resulting clauses below the bar are then added to N. and the reduction rules subsumption and tautology deletion: Subsumption R C 1 C 2 C 1 Tautology Deletion C P P R where for subsumption we assume C 1 C 2. Given a clause set N the schema above the reduction bar is mapped to N and the resulting clauses below the bar replace the clauses above the bar in N. Clauses that can be removed are called redundant. So, if we consider clause sets N as states, is disjoint union, we get the rules Resolution (N {C 1 P,C 2 P}) (N {C 1 P,C 2 P} {C 1 C 2 }) Factoring (N {C L L}) (N {C L L} {C L}) Subsumption (N {C 1,C 2 }) (N {C 1 }) provided C 1 C 2 Tautology Deletion (N {C P P}) (N) We need more structure than just (N) in order to define a useful rewrite system. We fix this later on. Theorem 2.11 The resolution calculus is sound and complete: N is unsatisfiable iff N { } Proof. Will be a consequence of soundness and completeness of superposition. 31

32 Ordering restrictions Let be a total ordering on Σ. We lift to a total ordering on literals by L and P L P and P L Q for all P Q. Wefurtherlift L toatotalorderingonclauses C byconsidering themultiset extension of L for clauses. Eventually, we overload with L and C. We define N C = {D N D C}. Eventually we will restrict inferences to maximal literals with respect to. Abstract Redundancy A clause C is redundant with respect to a clause set N if N C = C. Tautologies are redundant. Subsumed clauses are redundant if is strict. Remark: Note that for finite N, N C = C can be decided for PROP(Σ) but is as hard as testing unsatisfiability for a clause set N. Partial Model Construction Given a clause set N and an ordering we can construct a (partial) model N I for N as follows: N C := D C δ D { {P} if D = D δ D := P,P strictly maximal and N D = D otherwise N I := C N δ C Clauses C with δ C are called productive. Some properties of the partial model construction. Proposition If δ C = {P} then N C δ C = C. 1. For every D with (C P) D we have δ D {P}. 3. If N C = D then for all C with C C we have N C = D and in particular N I = D. 32

33 Notation: N, N C, N I, N C Please properly distinguish: N is a set of clauses interpreted as the conjunction of all clauses. N C is of set of clauses from N strictly smaller than C with respect to. N I, N C are sets of atoms, often called Herbrand Interpretations. N I is the overall (partial) model for N, whereas N C is generated from all clauses from N strictly smaller than C. Validity is defined by N I = P if P N I and N I = P if P N I, accordingly for N C. Superposition The superposition calculus consists of the inference rules superposition left and factoring: Superposition Left (N {C 1 P,C 2 P}) (N {C 1 P,C 2 P} {C 1 C 2 }) where P is strictly maximal in C 1 P and P is maximal in C 2 P Factoring (N {C P P}) (N {C P P} {C P}) where P is maximal in C P P examples for specific redundancy rules are Subsumption (N {C 1,C 2 }) (N {C 1 }) provided C 1 C 2 Tautology Deletion (N {C P P}) (N) Subsumption Resolution (N {C 1 L,C 2 L}) (N {C 1 L,C 2 }) where C 1 C 2 Theorem 2.13 If from a clause set N all possible superposition inferences are redundant and / N then N is satisfiable and N I = N. 33

34 Proof. The proof is by contradiction. So assume if C is any clause derived by superposition left or factoring from N that C is redundant, i.e., N C = C. Furthermore, we assume / N but N I = N. Then there is a minimal, with respect to, clause C 1 L N such that N I = C 1 L and L is a maximal literal in C 1 L. This clause must exist because / N. (i) note that because C 1 L is minimal it is not redundant. For otherwise, N C 1 L = C 1 L and hence N I = C 1 L, a contradiction. (ii) we distinguish the case whether L is a positive or negative literal. Firstly, let us assume L is positive, i.e., L = P for some propositional variable P. Now if P is strictly maximal in C 1 P then actually δ C1 P = {P} and hence N I = C 1 P, a contradiction. So P is not strictly maximal. But then actually C 1 P has the form C 1 P P and by factoring we can derive C 1 P where (C 1 P) C 1 P P. Now C 1 P is not redundant (analogous to (i)), strictly smaller than C 1 L, we have C 1 P N and N I = C 1 P, a contradiction against the choice of C 1 L. Secondly, let us assume L is negative, i.e., L = P for some propositional variable P. Then, since N I = C 1 P we know P N I. So there is a clause C 2 P N where δ C2 P = {P} and P is strictly maximal in C 2 P and (C 2 P) (C 1 P). So by superposition left we can derive C 1 C 2 where (C 1 C 2 ) (C 1 P). The derived clause C 1 C 2 cannot be redundant, because for otherwise either N C 2 P = C 2 P or N C 1 P = C 1 P. So C 1 C 2 N and N I = C 1 C 2, a contradiction against the choice of C 1 L. So the proof actually tells us that at any point in time we need only to consider either a superposition left inference between a minimal false clause and a productive clause or a factoring inference on a minimal false clause. A Superposition Theorem Prover ST P 3 clause sets: N(ew) containing new inferred clauses U(sable) containing reduced new inferred clauses clauses get into W(orked) O(ff) once their inferences have been computed Strategy: Inferences will only be computed when there are no possibilities for simplification 34

35 Rewrite Rules for STP Tautology Deletion (N {C};U;WO) STP (N;U;WO) if C is a tautology Forward Subsumption (N {C};U;WO) STP (N;U;WO) if some D (U WO) subsumes C Backward Subsumption U (N {C};U {D};WO) STP (N {C};U;WO) if C strictly subsumes D (C D) Backward Subsumption W O (N {C};U;WO {D}) STP (N {C};U;WO) if C strictly subsumes D (C D) Forward Subsumption Resolution (N {C 1 L};U;WO) STP (N {C 1 };U;WO) if there exists C 2 L (U WO) such that C 2 C 1 Backward Subsumption Resolution U (N {C 1 L};U {C 2 L};WO) STP (N {C 1 L};U {C 2 };WO) if C 1 C 2 Backward Subsumption Resolution W O (N {C 1 L};U;WO {C 2 L}) STP (N {C 1 L};U;WO {C 2 }) if C 1 C 2 Clause Processing (N {C};U;WO) STP (N;U {C};WO) Inference Computation ( ;U {C};WO) STP (N;U;WO {C}) where N is the set of clauses derived by superposition inferences from C and clauses in WO. 35

36 Soundness and Completeness Theorem 2.14 N = (N; ; ) STP (N { };U;WO) Proof in L. Bachmair, H. Ganzinger: Resolution Theorem Proving appeared in the Handbook of Automated Reasoning, 2001 Termination Theorem 2.15 For finite N and a strategy where the reduction rules Tautology Deletion, the two Subsumption and two Subsumption Resolution rules are always exhaustively applied before Clause Processing and Inference Computation, the rewrite relation STP is terminating on (N; ; ). Proof: think of it (more later on). Fairness Problem: If N is inconsistent, then (N; ; ) STP (N { };U;WO). Does this imply that every derivation starting from an inconsistent set N eventually produces? No: a clause could be kept in U without ever being used for an inference. We need in addition a fairness condition: If an inference is possible forever (that is, none of its premises is ever deleted), then it must be computed eventually. One possible way to guarantee fairness: Implement U as a queue (there are other techniques to guarantee fairness). With this additional requirement, we get a stronger result: If N is inconsistent, then every fair derivation will eventually produce. 36

37 2.6 The CDCL Procedure Goal: Given a propositional formula in CNF (or alternatively, a finite set N of clauses), check whether it is satisfiable (and optionally: output one solution, if it is satisfiable). Assumption: Clauses contain neither duplicated literals nor complementary literals. CDCL: Conflict Driven Clause Learning Satisfiability of Clause Sets A = N if and only if A = C for all clauses C in N. A = C if and only if A = L for some literal L C. Partial Valuations Since we will construct satisfying valuations incrementally, we consider partial valuations (that is, partial mappings A : Σ {0,1}). Every partial valuation A corresponds to a set M of literals that does not contain complementary literals, and vice versa: A(L) is true, if L M. A(L) is false, if L M. A(L) is undefined, if neither L M nor L M. We will use A and M interchangeably. Note that truth of a literal with respect to M is defined differently than for N I. A clause is true under a partial valuation A (or under a set M of literals) if one of its literals is true; it is false (or conflicting ) if all its literals are false; otherwise it is undefined (or unresolved ). 37

38 Unit Clauses Observation: Let A be a partial valuation. If the set N contains a clause C, such that all literals but one in C are false under A, then the following properties are equivalent: there is a valuation that is a model of N and extends A. there is a valuation that is a model of N and extends A and makes the remaining literal L of C true. C is called a unit clause; L is called a unit literal. Pure Literals One more observation: Let A be a partial valuation and P a variable that is undefined under A. If P occurs only positively (or only negatively) in the unresolved clauses in N, then the following properties are equivalent: there is a valuation that is a model of N and extends A. there is a valuation that is a model of N and extends A and assigns 1 (0) to P. P is called a pure literal. The Davis-Putnam-Logemann-Loveland Proc. boolean DPLL(literal set M, clause set N) { if (all clauses in N are true under M) return true; elsif (some clause in N is false under M) return false; elsif (N contains unit clause P) return DPLL(M {P}, N); elsif (N contains unit clause P) return DPLL(M { P}, N); elsif (N contains pure literal P) return DPLL(M {P}, N); elsif (N contains pure literal P) return DPLL(M { P}, N); else { let P be some undefined variable in N; if (DPLL(M { P}, N)) return true; else return DPLL(M {P}, N); } } Initially, DPLL is called with an empty literal set and the clause set N. 38

39 2.7 From DPLL to CDCL In practice, there are several changes to the procedure: The pure literal check is only done while preprocessing (otherwise is too expensive). The branching variable is not chosen randomly. The algorithm is implemented iteratively; the backtrack stack is managed explicitly (it may be possible and useful to backtrack more than one level). CDCL = DPLL + Information is reused by learning + Restart + Specific Data Structures Branching Heuristics Choosing the right undefined variable to branch is important for efficiency, but the branching heuristics may be expensive itself. State of the art: use branching heuristics that need not be recomputed too frequently. In general: choose variables that occur frequently, prefer variables from recent conflicts. The Deduction Algorithm For applying the unit rule, we need to know the number of literals in a clause that are not false. Maintaining this number is expensive, however. Better approach: Two watched literals : In each clause, select two (currently undefined) watched literals. For each variable P, keep a list of all clauses in which P is watched and a list of all clauses in which P is watched. If an undefined variable is set to 0 (or to 1), check all clauses in which P (or P) is watched and watch another literal (that is true or undefined) in this clause if possible. Watched literal information need not be restored upon backtracking. 39