SAT/SMT/AR Introduction and Applications

Transcription

1 SAT/SMT/AR Introduction and Applications Ákos Hajdu Budapest University of Technology and Economics Department of Measurement and Information Systems 1

2 Ákos Hajdu About me o PhD student at BME MIT (2016 ) o Supervisor: Dr. Zoltán Micskei o Topic: Applying counterexample-guided abstraction refinement in model checking hajdua@mit.bme.hu inf.mit.bme.hu/members/hajdua 2

3 References This presentation is based on the talks presented at the SAT/SMT/AR Summer School 2016 Some content (text, figures, examples) of this presentation is copied from the presentations of the school, available at 3

4 SAT/SMT ( ) History of the school o 2011: MIT, USA o 2012: Trento, Italy o 2013: Espoo, Finland o 2014: Semmering, Austria o 2015: Stanford, USA SAT/SMT/AR (2016 ) o 2016: Lisbon, Portugal 4

5 Overview SAT AR o Boolean satisfiability o Boolean variables and operators o Problem: is the formula satisfiable? o Automated Reasoning o First order logic o Problem: theorem proving SMT o Satisfiability Modulo Theories o First order logic, but interpreted symbols o Problem: is the formula satisfiable? p (p q) x, y z: p(f x, y, g z ) (x y + 1) (y 3) 5

6 Building blocks o Boolean variables SAT basics o Literals (variable or negation) o Clauses (disjunction of literals) o Formulas (conjunction of clauses) SAT problem o Decide if a variable assignment exists that evaluates the formula to true o In theory: NP-complete o In practice: efficient solvers Annual SAT competition: 6 x, y, z, x, x, y, y, z, z, (x y z) (x y) ( x z) SAT Formula SAT solver UNSAT

7 SAT in practice 7

8 SAT in practice Randomly generated problem Real world problem (bounded model checking) 8

9 SAT in practice Wide range of applications 9

10 SAT modeling Graph G = (V, E), coloring with k colors o x i,j = 1 if vertex v i has jth color o Guarantee valid coloring ( x i,j x l,j ) for all v i, v l E and j 1,, k o All vertices should have some color x i,1 x i,2 x i,k for all v i V Valid 10 Invalid

11 SAT modeling Sudoku o v i,j,k = 1 if the value in row i and cell j is k o Each cell has exactly one value 9 k=1 v i,j,k = 1 for all i, j {1,, 9} o Each value used exactly once in each row 9 j=1 v i,j,k = 1 for all i, k {1,, 9} o Each value used exactly once in each column 9 i=1 v i,j,k = 1 for all j, k {1,, 9} o Each value used exactly once in each 3x3 sub-grid 3 3 r=1 s=1 v 3i+r,3j+s,k = 1 for all i, j {0,, 2} and k {1,, 9} o Fixed cells v 1,1,5 = 1, v 1,2,3 = 1, v 1,5,7 = 1, v 2,1,6 = 1, 11

12 Modeling challenges Non-conjunctive formulas o Introduce auxiliary variables (Tseitin transformation) o Linear increase of the formula size Cardinality constraints n o j=1 n o j=1 x j 1: x 1 x 2 x n x j 1: Pairwise: O(n 2 ) clauses Sequential counter: O(n) clauses + O(n) new variables Bitwise: O(n log n) clauses + O(log n) new variables o Can be generalized from 1 to k (p q) (p q r) 12

13 Modeling challenges Pseudo-Boolean constraints n o j=1 a j x j b o Binary Decision Diagram (BDD): exponential clauses o Watchdog encoding: O(n 3 log(n) log(a max )) clauses + O(n 2 log n log(a max )) new variables CSP constraints o Direct encoding x i variable with domain D i, m i = D i m x i,1,, x i,mi variables, i xi,k = 1 k=1 If x i = v i x j = v j is not valid, add a clause: ( x i,vi x j,vj ) o There are other, more efficient encodings 13

14 SAT solver algorithms DP-60 o Eliminate variables step by step with resolution x 1 x 4 x 1 x 4 x 14 x 1 x 3 x 8 x 1 x 8 x 12 x 1 x 5 x 9 x 2 x 11 x 3 x 7 x 13 x 3 x 7 x 13 x 9 x 8 x 7 x 9 x 1 x 1 x 4 x 8 x 12 x 5 x 9 x 4 x 8 x 12 x 5 x 9 x 4 x 14 x 3 x 8 x 4 x 14 x 3 x 8 x 4 x 4 x 14 x 4 x 3 x 8 x 8 x 12 x 4 x 14 x 8 x 12 x 3 x 8 x 5 x 9 x 4 x 14 x 5 x 9 x 3 x 8 14

15 SAT solver algorithms DPLL-62 o Backtrack search Pick a literal Search for solution by setting the literal to true If conflicting, set literal to false x 1 x 4 x 1 x 4 x 14 x 1 x 3 x 8 x 1 x 8 x 12 x 2 x 12 x 3 x 12 x 13 x 3 x 7 x 13 x 8 x 7 x 12 Conflict, backtrack Level Literal Backtrack 1 x 1 X x 4 2 x 3 X x 8 x 12 x 13 x 7 15

16 DPLL-62 problems o Selecting the literal SAT solver algorithms Bad decisions at the beginning can have a high cost o Only chronological backtracking CDCL algorithms (2001 ) o Conflict Driven Clause Learning o Learn new clause from conflict o Non-chronological backtrack and restart is possible 16

17 SAT extensions MUS: Minimal Unsatisfiable Subset o Minimal explanation of inconsistency MCS: Minimal Correction Subset o Minimal relaxation to recover consistency Application: analysis of over-constrained systems o Software/hardware model checking o Model-based diagnosis o Maximum feasible subsystem o Timetable/scheduling o 17

18 MaxSAT SAT extensions o Maximize the number of satisfied clauses o Weighted MaxSAT: assign weights to clauses o Partial MaxSAT: hard clauses that must be satisfied o Application: optimization problems QBF (Quantified Boolean Formulas) o Quantified formulas (, ) o Application: e.g. bounded model checking o Harder than SAT if NP PSPACE This is reflected in the complexity of solvers But allows for exponentially more succinct encodings than SAT 18

19 Overview SAT AR o Boolean satisfiability o Boolean variables and operators o Problem: is the formula satisfiable? o Automated Reasoning o First order logic o Problem: theorem proving SMT o Satisfiability Modulo Theories o First order logic, but interpreted symbols o Problem: is the formula satisfiable? p (p q) x, y z: p(f x, y, g z ) (x y + 1) (y 3) 19

20 AR basics Expressiveness of SAT is not always enough First Order Logic (FOL) o Symbolic knowledge representation and reasoning o Building blocks Simple terms: constants, variables Complex terms: functions Atoms: predicates Literals: atom or negation Formulas: connectives and quantifiers Partial order between elements a, b, c, x, y, z, f a, b, g(z) p x, y, a = b p x, y, p(x, y) x y: p(f x, y) x y f x, g x g(x) 20

21 Theorem proving AR basics o H set of formulas: assumptions, hypotheses o φ formula: conjecture o Theorem proving problem: H φ? o Drawback: infinitely many interpretations on infinitely many domains In theory o Gödel: completeness o Turing: undecidability o Herbrand: semi-decidability 21

22 AR basics Applications o Software and hardware verification o Static analysis o Reasoning in knowledge bases o Mathematical theorem proving Example: arrays o Axioms a, i, j: i = j a i = a j a, v, i, j: i = j store a, i, v a, v, i, j: i j store a, i, v o Theorem j = v j = a[j] a, i, j: store store a, i, a j, j, a i = store(store a, j, a i, i, a j ) 22

23 Inference system Theorem provers o Set of inference rules o Expansion or contraction of a set of formulas Expansion Contraction o Resolution o Subsumption p x q x, p(f(a)) r(a) q(f(a)) r(a) p x, y q z, p(a, a) q(b) r(a) p x, y q z o Superposition f z, e = z, f l x, y, y = x l x, e = x o Simplification f x = x, p(f(a)) q(a) f x = x, p(a) q(a) 23

24 Search plan Theorem provers o Which rule to use? o Fairness: use all rules that are needed o Redundancy: avoid redundant clauses Strategy = inference system + search plan Algorithms o Ordering-based o Subgoal-reduction o Semantically-Guided Goal-sensitive 24

25 AR in practice Tools o Otter, EQP, Prover9 o SNARK o SPASS o E o Vampire o leancop o iprover o Meris, MetiTarski CASC o The CADE ATP System Competition 25

26 Overview SAT AR o Boolean satisfiability o Boolean variables and operators o Problem: is the formula satisfiable? o Automated Reasoning o First order logic o Problem: theorem proving SMT o Satisfiability Modulo Theories o First order logic, but interpreted symbols o Problem: is the formula satisfiable? p (p q) x, y z: p(f x, y, g z ) (x y + 1) (y 3) 26

27 SMT basics First order logic is undecidable In practice, symbols often have an interpretation in some theory o Integers, reals, arrays, o Decidable theories (or fragments) SMT problem o Check if a FOL formula is satisfiable modulo the background theories SAT Formula SMT solver o Example (QF_UFLRA) z = 1 z = 0 x y + z = 1 f x > f y UNSAT Theories 27

28 SMT modeling Example: schedule 3 jobs, each composed of 2 consecutive tasks, on 2 machines in 8 time units Machine1 Machine2 Job1 2 1 Job2 3 1 Job3 2 3 t 1,1 = 5 t 1,2 = 7 t 2,1 = 2 t 2,2 = 6 t 3,1 = 0 t 3,2 = 3 t 1,1 0 t 1,2 t 1,1 + 2 t 1, t 2,1 0 t 2,2 t 2,1 + 3 (t 2, ) t 3,1 0 t 3,2 t 3,1 + 2 t 3, ((t 1,1 t 2,1 + 3) (t 2,1 t 1,1 + 2) ((t 1,1 t 3,1 + 2) (t 3,1 t 1,1 + 2) ((t 2,1 t 3,1 + 2) (t 3,1 t 2,1 + 3) ((t 1,2 t 2,2 + 1) (t 2,2 t 1,2 + 1) ((t 1,2 t 3,2 + 3) (t 3,2 t 1,2 + 1) ((t 2,2 t 3,2 + 3) (t 3,2 t 2,2 + 1) 28

29 SMT modeling Example: is the code correct? void swap(int* a, int* b) { *a = *a + *b; *b = *a - *b; *a = *a - *b; } h 1 = store(h 0, a, h 0 a + 32 h 0 [b]) h 2 = store(h 1, b, h 1 a 32 h 1 [b]) h 3 = store(h 2, a, h 2 a 32 h 2 [b]) h 3 a = h 0 [b] h 3 b = h 0 [a] a = 0, b = 0 h 0 0 = 1, h 1 0 = 2 h 2 0 = 0 h 3 0 = 0 29

30 SMT theories Uninterpreted functions and equality Arrays Arithmetic (integer/ real) o Difference logic o Linear arithmetic o Nonlinear arithmetic Bitvectors Quantifiers Combinations are also possible f g x store a, i, e = x i = e x y 1 2x 3y + 4z 5 x 2 + 3xy + y 2 > 0 ~a & a > a x y 30

31 SMT logics 31

32 SMT algorithms Theory solver: decision procedure for a conjunction of literals in a theory o Example: linear real arithmetic Literals: linear (in)equalities Conjunction: system of linear (in)equalities simplex algorithm Basic algorithm o Convert formula to disjunctive normal form l 0 l 1 l 2 l 3 l 4 (l 5 l 6 ) o Check if any of the disjuncts is satisfiable Lazy algorithm o Introduce Boolean variables for SMT literals o Apply SAT solver, check literals selected by the solver If not satisfiable add a blocking clause 32

33 Lazy SMT Example Theory solver SAT solver a 3 (a 3 a 5) x (x y) a 3 (a 5) x = 0, y = 1 UNSAT a 3 (a 5) Blocking clause x y x y x (x y) UNSAT 33

34 DPLL(T) algorithm SMT algorithms o Lazy SMT + tight integration with SAT solver Incremental Backtrack Propagation Conflicts 34

35 Theory solvers Uninterpreted functions o Congruence closure Difference logic o Map to a graph and search for negative cycle Linear arithmetic o Reals: variant of simplex algorithm o Integers: branch & bound algorithm Arrays o Use uninterpreted functions and refine if needed Bitvectors o Map to SAT (bit blasting) 35

36 SMT in practice SMT-LIB: international initiative o Standard descriptions of theories o Common input/output language o Connect the community o Large benchmark library o Related software tools Actively developed solvers (as of 2015) o Alt-Ergo, AProVE, Boolector, CVC4, MathSAT 5, OpenSMT 2, rasat, SMTInterpol, SMT-RAT, STP, verit, Yices 2, Z3 36

37 SMT in practice > (set-option :print-success false) > (set-option :produce-models true) > (set-option :interactive-mode true) > (set-logic QF_LIA) > (declare-fun x () Int) > (declare-fun y () Int) > (assert (= (+ x (* 2 y)) 20)) > (assert (= (- x y) 2)) > (check-sat) sat > (get-value (x y)) ((x 8)(y 6)) x = 8 y = 6 37 Constant: function with no parameter x + 2y = 20 x y = 2

38 SAT AR Summary o Success story, engine of the engines, low level o High level, undecidable in general SMT p (p q) x, y z: p(f x, y, g z ) (x y + 1) (y 3) o High level, but decidable theories and fragments Questions? hajdua@mit.bme.hu inf.mit.bme.hu/members/hajdua 38