Satisfiability Testing Using Simplification in Boolean Rings

Transcription

1 Satisfiability Testing Using Simplification in Boolean Rings Guan-Shieng Huang 1, Nachum Dershowitz 2,, and Jieh Hsiang 3 1 Department of Computer Science and Information Engineering, National Chi-Nan University, Puli, Nantou, Taiwan shieng@ncnu.edu.tw 2 Department of Computer Science, Tel-Aviv University, Ramat-Aviv, Israel nachum.dershowitz@cs.tau.ac.il 3 Department of Computer Science and Information Engineering, National Taiwan University, Taipei, Taiwan hsiang@csie.ntu.edu.tw Abstract. We propose a method for testing satisfiability based on Boolean rings. We make heavy use of simplification, but avoid the potential size increase associated with the use of the distributive law. We present several complexity results, which suggest why our method may be relatively effective in many cases. 1 Introduction Automated theorem proving and verification have been topics of research since the earliest days of computers. And practical applications of mathematical logic to computer science have burgeoned, particularly in the domain of verification of hardware, artificial intelligence, and logic-based programming languages. Some applications of logic have attained sufficient maturity to have been packaged in commercial products, most notably the finite model checking technique for verification of protocols and circuits. Attempting to prove correctness of programs and verification of circuits faces many difficulties. The general problem is unsolvable, many restrictions that are solvable are intractable, and those that are fast enough require human intervention. The addition of parallel processes makes the situation that much more complex. Traditionally, verification has been attacked through consideration of the program text, a structured syntax, using correctness-preserving transformations, propagation of assertions, and decision procedures or theorem provers for extracted logical statements. Problems are more amenable to automated techniques when they are finite in nature; hardware verification, constraint solving, and finite mathematics fall into this category. A finite problem can be coded as a Boolean formula, and techniques in propositional theorem proving can then be employed. Model checking is an important method for verifying finite sequential designs, and has been used extensively in recent years. A design is expressed in temporal logic and its implementation as a finite state machine, encoded as a Boolean formula. Then a Research supported in part by the Israel Science Foundation (grant no. 254/01).

2 brute force search of all possible semantic interpretations is made. In bounded model checking, one tries larger and larger paths through the design in a search for a satisfying assignment, which serves as counterexample to the correctness of the design (that is, a bug ) [2]. The major difficulty with model checking is the explosion of states in the temporal model generated, hence, of the number of possibilities that need to be checked. Another concept that has been used successfully in recent years in the context of theorem proving is simplification. Simplification is based on a well-founded notion of simplicity, with which one can delete intermediate results that follow from known (or yet to be derived) simpler facts. Simplifying at each stage as much as possible can greatly reduce storage requirements. Simplification-based theorem proving strategies, popularly known as the term rewriting approach, have been used to solve some difficult problems in mathematics, including the well-known Robbins Algebra Conjecture [22]. For surveys of term rewriting, see [7, 8, 26]. A natural way of incorporating simplification in propositional reasoning is to use the Boolean ring formalism. The axioms of Boolean rings are: xx = x x0 = 0 x1 = x x + x = 0 x + 0 = x x(y + z) = xy + xz xy = yx x + y = y + x (xy)z = x(yz) (x + y) + z = x + (y + z) where + can be interpreted as exclusive-or and (or just juxtaposition) as logicaland,. It is straightforward to express inclusive-or and negation using these two operators: x y x y + x + y x x + 1 The Boolean ring formalism differs from Boolean algebra in that it defines a unique normal form (up to associative and commutativity of the two operators) for each Boolean formula, called a Boolean polynomial (also known as Zhegalkin polynomial [31]), that can be obtained directly by applying the first six axioms from left to right to any formula. Using Boolean rings, however, is not without drawbacks. The main problem is that the distributivity law causes the length of the Boolean polynomial to be exponential in the worst case. This paper focuses on satisfiability testing in a Boolean ring. First, in Section 2, we give a quick overview of approaches for satisfiability testing, followed by a discussion of simplification applied to propositional reasoning. Then Section 4 proposes a David-Putnam like method based on Boolean ring for testing satisfiability. This method separates the set of formulæ into two parts, each of

3 which, on its own, can be dealt with efficiently. It is followed by some suggestions for improvements. Section 6 provides several new complexity results. We show NP-completeness, which immediately implies the completeness of the proposed method. We also show several polynomial time results for restricted classes of Boolean ring formulæ, two of which correspond directly to the two sets mentioned above. These results give justification on why the proposed method may be efficient. In the last section we outline what can be done in the future. In particular, we draw a comparison with Stålmarck s method [25]. 2 Approaches to Satisfiability Given a Boolean formula A, the satisfiability problem is the task of determining whether there exists an assignment of truth values (0 and 1) to the propositional variables in A which makes the formula true. For verification, Boolean formulæ are normally derived from two sources: Boolean functions z i = f i (x 1,..., x n ) representing a circuit or program (registers, for example, can be expressed as a sequence of Boolean bit variables). Specifications that the functions z i and variables x j should satisfy. The validity and equivalence problems are special cases of satisfiability: validity of a formula A is the same as unsatisfiability of its negation A ; equivalence of formulæ A and B is the same as validity of the equality A = B (biconditional A B). As is well-known, the satisfiability problem for formulæ given in conjunctive-normal-from (CNF) is NP-complete. There are three basic approaches to deciding satisfiability: normalize, search, and saturate. Normalize. There are various canonical representations for Boolean formulæ. To decide satisfiability, one can transform a formula into a normal form that clearly distinguishes between satisfiable and unsatisfiable cases. Such representations include: disjunctive normal form (DNF), Boolean-ring normal form (see below); conditional normal form (as in OBDDs; see below). Conjunctive normal form, on the other hand, does not provide a unique form for satisfiable formulæ, unless one finds all prime implicants. For efficiency, simplifications (like x0 = 0) may be applied during the process of converting to normal form. Any normal form can of necessity be exponentially larger than the original. Ordered Binary Decision Diagrams (OBDDs) [1] are commonly used now in the VLSI community for verification of circuits, in conjunction with the symbolic model checking method of [4]. They are also used in many software verification systems including concurrent systems. An OBDD is a directed acyclic graph, each node labeled by a Boolean variable, with two out-edges labeled 1 and 0, and two additional nodes, 1 and 0. There is a total ordering on the variables, and therefore the nodes, such that there can only be a path from variable x to y if x < y. An OBDD is constructed from a Boolean formula by manipulating subgraphs and collapsing identical ones. An OBDD is therefore a data structure

4 that represents a fully specified Boolean function. Each operation is very efficient, as long as the size of the intermediate OBDDs in the construction stay small. Unfortunately, the diagram can be of exponential size, depending on the choice of ordering of the variables (and choosing an ordering minimizing the size is NP-complete). Though one can transform a formula A into OBDD form that is not exponentially larger than A and which preserves satisfiability/unsatisfiability (e.g. Tseiten s transformation), the result is not unique it requires the addition of new propositional variables, which, of course, increases the exponential cost of testing for satisfiability. Search. The naïve (British Museum) search method involves attempting each assignment to the variables in a formula (as in a truth table) until it evaluates to 1 (true). An alternative is to extend partial assignments, one variable at a time, simplifying with each new assignment. That has the frequent effect of showing a partially assigned formula to be true (or false), pruning the remainder of the search (or branch). In any case, further assignments are made to the simplified formula. Exponential complexity comes from the exponential size of the search space of all possible assignments. Evaluating each fully-instantiated (variable-free) expression takes about 20 steps on the average (all equal-size formulæ containing logical and, or, not, true, and false being equi-probable) [9]. The Davis-Putnam-Loveland (DPL) procedure [6] was the first attempt to solve the satisfiability problem efficiently. It is essentially a backtracking strategy with heuristics to minimize the formula; a value is assigned to a variable and the formula is recursively solved, trying another value if there is no solution. At each step, one removes tautological clauses, clauses with monotonic variables (those occurring only positively or negatively), and sets literals occurring singly to 1. There are many fast implementations based on DPL procedure, for example, [10, 19, 21, 23, 30]. Saturate. This traditional method to prove a theorem in logic uses inference rules to generate the consequences of a given formula. Logically, an unsatisfiable formula entails all formulæ. So, to establish satisfiability of formula A, one refutes its negation A, by inferring a contradiction (e.g. xx ) from A. The total number of consequences is in general exponential. Most nontrivial proofs require some form of case splitting. Let A[x] denote the current set of formulæ, containing occurrences of the propositional variable x. From A[x], one may infer the disjunction A[0] A[1], where A[0] and A[1] denote the formulæ after making the assignment x = 0 or x = 1, respectively. The original formulation of Davis and Putnam is such a method. Given a CNF formula A[x], one splits on x by computing A[0] and A[1], which is followed by merging, which consists of converting (by distributing and simplifying) their disjunction A[0] A[1] to CNF. More generally, one can split on any formula. Let A[B] be a formula containing a sub-formula B. From A one may infer anything that follows from the disjunction A[1]B A[0]B. In the clausal setting this is the ground resolution rule: D B, B C D C. In the sequent setting, this

5 Table 1. Comparison of DPL and OBDDs OBDD DPL Prover Method Normalize Search Saturate Strategy constructing decision removing branch and merge; diagram; merging redundancy; series-parallel search identical subgraphs assigning values Data type diagrams clauses graphs Implementation dag syntax tree triples Pros often compact doesn t use much often fast space inherently represents similar sub-circuits Cons exponential space slow average case efficiency highly depends on dependent on clauses/variables ordering of variables ratio represents equivalences is the consensus rule, B D, B C D C. One recent saturation-based approach is Stålmarck s Prover [24]. Table 1 compares some aspects of three popular satisfiability methods. The great advantage of OBDDs over DPL is that, with a suitable and fortunate choice of variable ordering, the size of the OBDD can be very small and therefore very tractable. Much of this comes from the sharing of identical subgraphs in the construction process. On the other hand, OBDDs are considerably more sensitive to the chosen order of variables than DPL is [27]. Multipliers, however, are notorious for resulting in OBDDs that are too large to handle, regardless of order. 3 Simplification To counter the certain exponential cost of naïve realizations of satisfiability methods, simplification at intermediate stages is of paramount importance. Simplification can be defined as replacing one or more entries in the current database with simpler entries (in some well-founded sense) by making polynomial-time inferences. Such steps avoid the potentially exponential aspect of the approach (case analysis, splitting, merging, distribution). In the search approach, after assigning 0 or 1 to a variable, simplifiers like x0 = 0, x1 = x, x 0 = x, and x 1 = 1 (and analogous ones for other Boolean operators) should be applied, regardless of the specific manner in which formulæ are represented, since these rules may result in the deletion of all occurrences of some other variables. In the normalization approach, the same simplifiers can reduce dramatically the size of formulæ. Regardless of the method, it is helpful to make cheap and valuable deductions which may enable additional simplifications as early as possible. In

6 particular, virtually all approaches employ some mechanism for detecting necessary assignments. The unit-clause rule in DPL (if the target formula is of the form xb, for some propositional variable x, then for it to be satisfiable it must be that x = 1, so replace xb[x] by B[1], i.e. propagate, and then simplify) is a prime example of this essential ingredient. Indeed, the main mechanism for inference in OBDD systems is Boolean constraint propagation, which is just the transitive closure of the unit-clause rule, applied in this context [29]. Simplification rules used in DPL and OBDD provers include tautology, unit, pure literal, subsumption, and failed literal. Tautology and pure-literal are often omitted: tautological clauses occur only at the onset; literals that occur with only one parity are uncommon and checking for them is expensive. Boolean rings (BRs) are an especially convenient framework for simplification. Distributivity is a potentially expensive step, even when the subterm x is shared in some directed-acyclic-graph. Propositional formulæ can be converted to Boolean ring (exclusive-or) normal form (BRNF): tautologies reduce to 1; contradictions (unsatisfiable formulæ) to 0; contingent formulæ to neither. (See [12].) To begin with, rather than present the whole given formula as one big equation, conjunctions AB = 1 are divided into two, A = 1 and B = 1, and inclusive disjunctions A B = 0 into A = 0, B = 0. A Gröbner basis is constructed from the initial set of equations plus idempotence (xx = x for each propositional variable x), the BR axioms are applied at each step, and equations are interreduced by using each as a simplifier. The resultant representation a set of equations between Boolean polynomials is unique up to associativity and commutativity of + and. By imposing an ordering on variables and extending it to monomials, a unique normal form can be obtained. Efficient techniques (congruence closure, Gröbner bases) can be applied to the task. (See [3].) As an alternative, the Boolean ring formalism can be used in a search-based context, akin to DPL. Splitting is done on variables, as usual, but formulæ are kept as BR equations, simplified by the first five axioms. (See [13].) 4 Using Boolean Rings From the effectiveness point of view, the main difficulty with the Boolean ring approach is the distributivity law, which expands an expression and duplicates its variables. Here we introduce a new approach which gets around this problem. A linear equation is a Boolean equation in which each monomial is either a single variable or a constant; it takes the form x 1 + +x n = 1 or x 1 + +x n = 0, where the x i are distinct propositional variables. A binomial equation is a Boolean equation with at most two monomials, that is, an equation of one of the three forms: m = m, m = 0, or m = 1, where m and m are products of distinct propositional variables. Degenerate equations 0 = 0, 1 = 1, or 1 = 0 can be both linear and binomial. Let B be a set of binomial equations and L be a set of linear equations over the propositional variables. Instead of solving a general set of Boolean-ring

7 equations (e.g. xy + x + y = 0 implies x = 0 and y = 0), we will decide the satisfiability of B L. As will be seen, we will severely limit the simplification between B and L. To be more precise, given a pair B L and an ordering > on monomials, the inferences rules are as follows: 1. Termination Test. If 1 = 0 has been inferred, the system is unsatisfiable. 2. Tautology Deletion. Remove all trivial equations A = A. 3. Decomposition. Decompose any equation x 1 x 2 x k = 1 in B into x 1 = 1,..., x k = Unit Rule. Use all unit equations of the form x = 0 or x = 1 in B L to simplify equations in B L. 5. Equivalence Rule. If a rule such as x = y happens, replace one variable by the other in the whole database. 6. Simplification. Reduce one equation by another within B or L, but not across the two. 7. Splitting Rule. Split the system of equations by considering B {x = 1} and B {x = 0}, individually, for some propositional variable x. Equations in B and L are processed independently except for the Unit Rule and Equivalence Rule. Splitting on x and applying the unit rule will eliminate x from both B {x = 1} L and B {x = 0} L. Relatively fast methods exist for processing each of the two components. The simplification step is not needed for completeness, but rather to improve search efficiency. The method presented above is complete for propositional reasoning. In terms of complexity our method has many advantages. First, it saves on the effort of implementation since commercial packages can be used to handle the computation within the two sets. Furthermore, distributivity is not needed when simplifying Boolean terms. This is because simplification is not performed across the two sets. In conventional Boolean ring based methods the length of a Booleanring equation can become very long during simplifications when distributivity is applied over a sum of monomials, which is a major source of inefficiency. (For example, to simplify xy = 0 by y = s+t+u+v, we would have xs+xt+xu+xv.) Also, in our approach the length of a non-linear equation is at most two. 4.1 An Example The following example shows how the method works. Suppose we want to prove the validity of the formula (p q) ( q s) ( s p) ( p r) ( r p t) (t r). In clausal form its negation becomes six clauses: {(p q), ( q s), ( s p), ( p r), ( r p t), ( t r)}.

8 A clause l 1 l 2 l m can be turned into an equation by expanding (l 1 + 1)(l 2 + 1) (l m + 1) = 0. Thus, clauses 2 through 6 can be converted into Boolean equations that belong to the set B. qs = q (1) sp = s (2) pr = p (3) prt = pr (4) rt = 0 (5) In order to convert the first clause, p q, into the forms suitable for B and L, new variable should be added. We first note that the clause is equivalent to (p + 1)(q + 1) = 0. By adding one new variables u, the above equation becomes p + u = 1 (6) qu = u (7) Note that Eq. (6) is in L, whereas Eq. (7) belongs to B. The Simplification inference rule can now be performed within B. First Eq. (5) simplifies Eq. (4) into which then simplifies Eq. (3) into pr = 0 (8) p = 0. (9) Eq. (9) invokes the Unit Rule and is used to simplify equations in both B and L. Then Eqs. (2) and (6) become which further simplifies Eq. (1) into s = 0 (10) u = 1 (11) q = 0. (12) Finally, Eqs. (11) and (12) combined simplify Eq. (7) into the contradiction 1 = 0 and conclude the proof. 5 Improvements It is advantageous to allow some cross fertilization between B and L so that useful equations can be carried from one set to another. We now introduce some inference rules to add equations to B if they are logical consequences of L. Consider the linear equation y 1 + y 2 + y 3 = 1. By assigning the value 1 to variables y 1 and y 2, the equation become y 3 = 1 since the even number of 1 s

9 Table 2. Inferred binomial equations from y 1 + y y k = c k c inferred binomial equation # equations added even 0 y 1y 2 y k = y 1y 2 y k 1 k even 1 y 1y 2 y k = 0 1 odd 0 y 1y 2 y k = 0 1 odd 1 y 1y 2 y k = y 1y 2 y k 1 k cancelled each other out. Thus, we conclude binomial equation y 1 y 2 y 3 = y 1 y 2 is its logical consequence. The equations produced from cross breeding can be added to B, and are summarized in Table 2. We emphasize that any linear equation can breed some binomial equation(s) according to Table 2. Thus, if we have x 1 + x 2 + x 3 = 0 and x 2 + x 3 + x 4 = 1 in L, we can add x 1 x 2 x 3 = 0, x 2 x 3 x 4 = x 2 x 3, x 2 x 3 x 4 = x 2 x 4, x 2 x 3 x 4 = x 3 x 4 to B. More interesting, if we sum up the two linear equations, we get x 1 + x 4 = 1, which infers x 1 x 4 = 0. It would be better if shorter equations could be derived. A shorter equation has more chance to simplify the others, and also after performing simplification, shorter equations are retained. Additional simplifications within B is also possible. Suppose we have m 1 m 2 = m 3 m 4 and m 1 m 3 = 0 where m i s are monomials. Since either m 1 or m 3 equals 0, it is evident that either m 1 m 2 or m 3 m 4 equals 0. However, m 1 m 2 equals m 3 m 4, hence both must be 0. Therefore, we can use m 1 m 3 = 0 to simplify m 1 m 2 = m 3 m 4 into two equations m 1 m 2 = 0 and m 3 m 4 = 0. Another potential improvement is to use local search to help discover relations between variables and generate new equations. These essential relations can help reduce efforts in exhaustive search. For example, if we can discover that variables x and y have the same truth value, we can split on x and ignore y. The idea of performing shallow inferences to derive essential relations is central to the method of recursive learning [17] (cf. [24]). Let V be the set of propositional variables. An assignment A on V is a set of literals such that for each x V either x A or x A but not both. A subset P of an assignment A is called a partial assignment. A set of partial assignments Π is called a fence. A fence is complete if for any assignment A on V there exists P Π such that P A. The purpose for using a complete fence is to capture a semantic tree, as defined in automated theorem proving, without actually generating the tree. A schema is a Boolean equation that stands for any replacement of its metavariables by propositional variables of the given problem. For example, U = U V is a schema representing x = xy or y = yx, if U and V range over {x, y}. (It also represents the trivial equations x = xx and y = yy, which we ignore.) A schema with m variables is called an m-place schema. As an example, given two variables x and y, the possible 2-place schemata are {U = V, U + V = 1, UV = 0, UV = U}.

10 An instance of any of the schemata can be added to B or to L, as appropriate. Thus we are looking for ways to easily infer an instance of a given schema by performing only the case analyses covered by the given fence. One plan to discover essential relations is as follows: 1. Consider a schema φ and fence Π. 2. Let W be a subset of the propositional variables in the problem such that for any x W, one of x and x is in U(π), the set of all unit equations that can be inferred from B L π without search (splitting), for each π Π. In other words, W is a set of variables that are fully (and cheaply) determined by each case of Π. 3. Suppose that φ is an m-place schema. Choose all combinations of m variables out of W, substitute them in φ, and check if the resultant formula is satisfiable by all assignments π Π. If yes, it is an acquired essential relation. As a trivial example, xy = 0 (an instance of the schema UV = 0) can be inferred from the system {x + y = 1} using the fence {{x 0}, {x 1}}, since each assignment in the fence also determines the value of y. Essential relations are logical consequence of the input formulæ, and thus can be added to the system. 6 Completeness and Complexity In this section we present several complexity results, including a reduction from SAT to a corresponding problem in Boolean ring, and some polynomial-time subclasses. These results serve two purposes. The completeness of the method proposed in the previous section comes as a direct consequence of the first result. The other results give some evidence as to why our method may be quite effective. Let Linear-BRSAT be the problem that intends to solve a system of linear equations in Boolean ring. It can be seen that Gaussian elimination can solve Linear-BRSAT in time O(n 3 ). Faster algorithm could be possible. An algorithm in [5] takes time O(n ). Theorem 1. Linear-BRSAT is solvable in polynomial time. One the other hand, let Binomial-BRSAT be the problem to solve a system of binomial equations. Note that the well-known Horn-SAT is within the class, since any Horn clause x 1 x m y is equivalent to x 1 x m y = x 1 x m in Boolean ring. Indeed, Binomial-BRSAT defines the same Boolean functions as Horn-SAT does, though it is not straightforward. Theorem 2. Binomial-BRSAT is linear-time solvable. Proof. If 1 = 0 is in B, then it is unsatisfiable, Variables appearing in an equation m = 1 can be each assigned 1. These variables can be used to simplify the other

11 equations and this process can continue until all equations are of the form m = 0 or m = m. Observe that these remaining equations can be easily satisfied just by assigning 0 to all variables appearing in them. Hence, the process can terminate in linear time. Despite the fact that Linear-BRSAT and Binomial-BRSAT are easy solvable, their combination, the B L (defined in Section 4) as one would expect, is NPcomplete. Recall that a clause l 1 l 2 l m can be easily converted into an equation by expanding (l 1 + 1)(l 2 + 1) (l m + 1) = 0 (on Page 8). If there are more than two positive literals over the l s, the final equation would contain at least four monomials. To avoid this, we introduce new Boolean variables that serve as the complement of the positive literals. Suppose l i is a positive literal, a new variable l i and a new equation l 1 + l i = 1 are introduced, and l i + 1 is replaced by l i. Finally, several linear equations and one binomial equations represent the clause. Theorem 3. Solving B L is NP-complete. Alternative proof of Theorem 3 is as follows. We could reduce any Boolean formula into a triplet system in Boolean ring that preserves the satisfiability. A Boolean formula is built up recursively from binary operators, ; unary operator ; and propositional variables. Logical-or could be further replaced by transforming y z to ( y z). A parse tree can represent such a formula. At each node of the parse tree, we associate a label that is a Boolean variable logically equivalent to the corresponding subtree. The label of a variable is itself. The relationships between the labels are 1. x = yz if x is the label of F, F = G H, and the labels of G and H are y and z, respectively; 2. x + x = 1 if x is the label of F, x is the label of G, and F = G. And finally for the the label of the root, say r, we add r = 1 to the triplet system. The above transformation is similar to the one proposed in [25]. Note that x = yz is binomial and x + x = 1 is linear in the above transformation. The last equation r = 1 could be eliminated by constraint propagation, which may lead 0 = yz to happen. Hence we could further restricted our B L system, and the resulting class is still NP-complete. We define 3-BRSAT to be subclass of B L, with the restriction that (1) linear equations are of the form x + y = 1; (2) binomial equations can only be either yz = 0 or yz = x. (Note that x, y, and z are meta-variables and can be the same propositional variable.) From the above explanation, clearly 3-BRSAT is NP-complete. Theorem 3 directly implies the completeness of our method. This is because splitting alone is complete for propositional calculus, and the reduction given in the proof implies that every Boolean formula can be converted into the B L form.

12 7 Discussion Simplification is more time-consuming than splitting on a variable or evaluating a truth-assignment. Splitting a variable can usually be carried out in linear time, but we do not know of any linear-time algorithm for checking or performing simplification. An O(n 2 )-algorithm for simplification can be easily found, just by simply examining all possible combinations of two equations in the input. Whether or not simplification can significantly reduce the number of splittings is an interesting issue. In experiments we performed with an implementation of a naïve Boolean ring based Davis-Putnam method, the number of splittings were reduced by 30% [15]. This saving, however, came the price of a time-consuming simplification process, mainly because in that implementation, distributivity was needed, which is not the case with the method proposed here. It should also be interesting to further identify subclasses of Boolean rings for which the satisfiability testing can be accomplished by simplification alone without the Splitting Rule; binomial-brsat was such an example. Simplification for CNF formulæ is also discussed in [20]. The author used simplification to preprocess CNF formulæ coming from circuit testing (DIMACS) [16], bounded model checking [2], combinatorial equivalence checking [18], and superscalar processor verification [28]. The number of variables reduces to onethird of the initial formulæ in many cases as reported in [20]. Consequently, efficiency is gained to solve these instances. The recent approach of Stålmarck [25, 11] has been used for testing satisfiability of several industrial problems. One successful example is the verification of railway interlocking systems that involved some 100,000 propositional variables. The performance of this algorithm is much more sensitive to the structure of a Boolean formula rather than to the number of propositional variables. It tries to identify equivalences between subformulæ. If two complementary literals are found to be equivalent (or 1 0), then unsatisfiability is derived. Suppose that φ(x 1,..., x m ) and φ (x 1,..., x m) are different formulations of the same Boolean function (with x i corresponding to x i ). Then the equivalence between φ and φ can be proved by splitting on m 1 variables by Stålmarck s method provided that the equivalences between x i and x i have been derived. (In fact, Stålmarck does not only define the equivalence on subformulæ; he also defines them together with the negation of subformulæ. Hence, a slight modification on φ and φ with consideration of polarity is needed, but the result is similar.) For example, let x 1 be x + y, x 1 be (x y)( x y), x 2 be 1 + z + t, and x 2 be (z t)( z t). Also let φ(x 1, x 2 ) be x + y and φ (x 1, x 2) be (x y)( x y). Then x 1 x 1 and x 2 x 2 can be proved by splitting on x and on z, respectively. Based on this fact, the equivalence between φ and φ can also be deduced by splitting on x 1. (Since x 1 is equivalent to x 1, splitting on x 1 also causes splitting on x 1.) Boolean rings are a suitable representation for such an approach for the following reasons: 1. Let C be the set of Boolean formulæ over all binary and unary operations, D be over {,, }, and B over {1, +, }. As shown in [14], any formula

13 in C is linearly reducible to one in B, but may not be linearly reducible to one in D. Hence, Boolean-ring formulæ (i.e. B) can preserve the structure of any Boolean formulæ, while in Boolean algebra that can only be done after introducing additional variables. This property is important because Stålmarck s method is sensitive to the structure of the input formula. 2. Simplification can be employed as an additional inference rule. 3. Associativity and commutativity of + and can be incorporated more easily. 4. Essential relations can be considered as a generalization of Stålmarck s method, by setting the schemata to be {X + Y = 0, X + Y = 1} and the complete fence to branch on variables. References 1. R. E. Bryant. Symbolic Boolean manipulation with ordered binary-decision diagrams, ACM Computing Survey, 24 (1992), pp A. Biere, A. Cimatti, E. M. Clarke and Y. Zhu. Symbolic model checking without BDDs, in Tools and Algorithms for the Analysis and Construction of Systems (TACAS 99), Lecture Notes in Computer Science, 1579 (1999), Springer-Verlag. 3. B. Buchberger. Gröbner basis: An algorithmic method in polynomial ideal theory, in Recent Trends in Multidimensional Systems Theory, N. Bose, ed., D. Reidel Publi. Co., J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and J. Hwang. Symbolic model checking: states and beyond, in Proceedings of the Fifth Annual Symposium on Logic in Computer Science, June D. Coppersmith and S. Winograd. Matrix multiplication via arithmetic progressions, in Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York City, May 1987, pp M. Davis, G. Logemann, and D. Loveland. A machine program for theorem proving, Communication of the ACM, 5 (1962), pp N. Dershowitz and J.-P. Jouannaud. Rewrite systems, in Handbook of Theoretical Computer Science, J. van Leeuwen, ed., vol B: Formal Methods and Semantics, North Holland, Amsterdam, N. Dershowitz and D. A. Plaisted. Rewriting, Chap. 9, in Handbook of Automated Reasoning, vol. 1, A. Robinson and A. Voronkov, eds., Elsevier, 2001, pp N. Dershowitz and N. Lindenstrauss. Average time analyses related to logic programming, in Proceedings of the Sixth International Conference on Logic Programming (Lisbon, Portugal), G. Levi and M. Martelli (eds.), MIT Press, 1989, pp E. Goldberg, and Y. Novikov. BerkMin: a fast and robust SAT-solver, in Design, Automation, and Test in Europe (DATE 02), March 2002, pp J. Harrison. Stålmarck s algorithm as a HOL derived rule, in Lecture Notes in Computer Science, 1125 (1996), Springer-Verlag, pp Proceedings of the 9th International Conference on Theorem Proving in Higher Order Logics, TPHOLs J. Hsiang and N. Dershowitz. Rewrite methods for clausal and non-clausal theorem proving, in Proceedings of the Tenth International Colloquium on Automata, Languages and Programming (Barcelona, Spain), Lecture Notes in Computer Science, 154, Berlin, July 1983, European Association of Theoretical Computer Science, Springer-Verlag, pp

14 13. J. Hsiang and G. S. Huang. Some fundamental properties of Boolean ring normal forms, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 35 (1997), pp J. Hsiang and G. S. Huang. Compact representation of Boolean formulas, Chinese Journal of Advanced Software Research, R. L. Jan. Experimental results on propositional theorem proving with Boolean ring, Master s thesis, National Taiwan University, D. S. Johnson and M. A. Trick. Second DIMACS implementation challenge, American Mathematical Society, W. Kunz. Recursive learning: a new implication technique for efficient solutions to CAD problems test, verification, and optimization, IEEE Trans. on Computer- Aided Design of Integrated Circuits and Systems, 13 (1994), pp W. Kunz and D. Stoffel. Reasoning in Boolean networks, Kluwer Academic Publishers, C. M. Li. A constrained-based approach to narrow search trees for satisfiability, Information processing letters, 71 (1999), pp J. P. Marques-Silva. Algebraic simplification techniques for propositional satisfiability, Technical Report RT/01/2000, INESC, March J. P. Marques-Silva, and K. A. Sakallah. GRASP a search algorithm for propositional satisfiability, IEEE Transactions on Computers, 48 (1999), pp W. McCune. Solution of the Robbins problem, Journal of Automated Reasoning, 19 (December 1997), pp M. W. Moskewicz, C. F. Madigan, Y. Zhao, L. Zhang, and S. Malik. Chaff: engineering an efficient SAT solver, in Proceedings of the 38th Design Automation Conference (DAC 01), June M. Sheeran and G. Stålmarck. A tutorial on Stålmarck s proof procedure for propositional logic, in Proceedings of the 2nd Intl. Conference on Formal Methods in Computer-Aided Design, Lecture Notes in Computer Science, (Nov. 1998), Springer- Verlag, pp G. Stålmarck. System for determining propositional logic theorems by applying values and rules to triplets that are generated from Boolean formula, United States Patent number , See also Swedish Patent Terese. Term rewriting systems, M. Bezem, J. W. Klop and R. de Vrijer, eds., Cambridge Tracts in Theoretical Computer Science, 55 (2003), Cambridge University Press. 27. T. E. Uribe and M. E. Stickel. Ordered binary decision diagrams and the Davis- Putnam procedure, in First International Conference on Constraints in Computational Logics, Lecture Notes in Computer Science, 845 (1994), Springer-Verlag, pp M. N. Velev and R. E. Bryant. Superscalar processor verification using efficient reductions from the logic equality with uninterpreted functions to propositional logic, in Proceedings of Correct Hardware Design and Vefification Methods, Lecture Notes in Computer Science, 1703 (1999), Springer-Verlag, pp R. Zabih and David A. McAllester. A rearrangement search strategy for determining propositional satisfiability, in Proceedings of the National Conference on Artificial Intelligence, (1988), pp H. Zhang. SATO: An efficient propositional prover, in Proc. of the International Conference on Automated Deduction, Lecture Notes in Computer Science, (1997), Springer-Verlag. 31. I. I. Zhegalkin. On a technique of evaluation of propositions in symbolic logic, Matematicheskii Sbornik, 34 (1927), pp