1234567890 From Propositional SAT to SMT Hossein M. Sheini and Karem A. Sakallah SAT 2006 August 13, 2006 Seattle.

1234567890

From Propositional SAT to SMTHossein M. Sheini and Karem A. Sakallah

SAT 2006

August 13, 2006

Seattle

2

1234567890

Propositional Satisfiability

• DPLL: systematic backtracking search• Branch

• [Pure literal rule]

• Propagate• Unit propagation Boolean Constraint Propagation (BCP)

• Backtrack

• Modern implementations of DPLL• Conflict analysis

• Clause learning

• Non-chronological backtracking

• Efficient propagation• Two watched literals per clause

• Adaptive branching• VSIDS

• Restarts

3

1234567890

Quantifier-Free First-Order Logic

Boolean combination of atoms from background theories

4

1234567890

Decidable Quantifier-Free FOL Theories

• Empty• QF_UF: uninterpreted functions with equality (aka EUF)

• Linear Real Arithmetic• QF_LRA• QF_RDL: real difference logic• UTVPI

• Linear Integer Arithmetic• QF_LIA• QF_IDL: integer difference logic

• Data Structures• QF_A: arrays• QF_BV: bit vectors• Lists, etc.

5

1234567890

QF_UF Atoms

term ::= const | var | func-symbol(term, ,term)

atom ::= propositional-var | term = term

literal::= atom | atom

f a,b a

f f a,b ,b f a,b

f g x,y ,z ,h f a,b y

6

1234567890

Linear Real Arithmetic Atoms

R1 1 n n i ia x a x ~ b a ,x ,b ,~ , ,QF_LRA:

Rx y d x,y ,dQF_RDL:

R 0 1ax by c x,y ,c ,a,b ,UTVPI:

7

1234567890

Linear Integer Arithmetic Atoms

Z1 1 n n i ia x a x ~ b a ,x ,b ,~ , ,QF_LIA:

Zx y d x,y ,dQF_IDL:

Z 0 1ax by c x,y ,c ,a,b ,IUTVPI:

8

1234567890

Chronology of SAT for Quantifier-Free FOL

• Late 70s to mid 80s• Congruence closure algorithms• Combination strategies for disjoint theories

• Mid 80s to mid 90s• Not much!

• Mid to late 90s• Initial attempts at improved propositional reasoning

• Early 21st Century• Significant activity across many fields

9

1234567890

Reasoning About Equality

• To prove validity of EUF formula • Construct disjunctive normal form (DNF) of ¬• Prove unsatisfiability of each conjunct of ¬ using congruence closure

[Shostak 78][NelsonOppen 80]

Logic of equality with uninterpreted functions and predicates (EUF)

10

1234567890

Congruence Closure Prove f a,b a f f a,b ,b a

f a,b a f f a,b ,b a

a b

f

f

is unsatisfiable is valid

[NelsonOppen 80]

11

1234567890

Reasoning About Integer Arithmetic

• To prove validity of QF Presburger formula • Construct disjunctive normal form (DNF) of ¬• Prove unsatisfiability of each conjunct of ¬ using integer linear

programming (ILP)

Quantifier-Free Presburger Arithmetic

[Shostak 79]

12

1234567890

QF Presburger Arithmetic Example 3 2 1x y x x y

3 2 1x y x x y

Negate

Invalid!

3 1 1 1 1 1x y x x x y y x

“Normalize”

3 1 1 1 1

3 1 1 1 1

x y x x x y

x y x x y x

Convert to DNF

Solve ILPs

1 0x ,y[Shostak 79]

13

1234567890

Deciding Combinations of Theories

• Eliminate UFs and UPs using “Ackermann’s reduction” (adding consistency “axioms”) to get a pure equality formula

• Convert complement to DNF• Solve each conjunct as an integer linear program (ILP)• Formula explodes

[Shostak 79]

Quantifier-Free Presburger Arithmetic + EUF

Add all functional consistency axioms(aka substitutivity axioms of equality)

14

1234567890

QF Presburger Arithmetic + EUF Example

0 1 4 3 2 1 0h z z g y z f g y f z h

1 1 3 2 3 2

0 1 4 3 2 1 0

z h z h g y z f g y f z

h z z g y z f g y f z h

Add functional consistency axioms

1 2 3 4 5

1 3 4 5 2

1 3 2

0 1 4 0

z x x x z x x

x z x z x x x

Eliminate function symbols

[Shostak 79]

15

1234567890

Alternatively …

• Add all functional consistency axioms• Eliminate UFs and UPs using “Ackermann’s reduction”

(adding consistency “axioms”) to get a pure equality formula• Convert complement to DNF• Solve each conjunct as an integer linear program (ILP)• Formula explodes

• Add functional consistency axioms as needed• Ignore functional consistency and solve as before• Check functional consistency for symbols with different

values; if violated, add axiom and repeat• Has the flavor of “learning” on demand• ILPs can be solved incrementally

[Shostak 79]

16

1234567890

Deciding Combinations of Theories

• Convert negation to DNF• Add variables to purify different theory conjuncts• Solve separately• Propagate equalities• Split in case no equalities can be inferred• Supported theories:

• Real numbers under + and leq: Simplex• Arrays under store and select• List structures with car, cdr, cons, and atom: congruence

closure• Equality with UF: congruence closure

[NelsonOppen 79]

17

1234567890

Example of Nelson-Oppen Procedure

car cons 0 0x y y x ,x P h x h y P

ListsEUFLRA

2 1 5

1 5

2 3 4 3

5 4

true car cons

false

0

x y P g g g ,x

y x g P g

g g g g h x

g g h y

[NelsonOppen 79]

18

1234567890

Example of Nelson-Oppen Procedure

1 5car consg g ,x

5 0g

1 5g g

5 FP g

1 0g 1y x g

y x x y

x y

h x h y

3g h x 4g h y

2 3 4g g g

2 TP g

3 4g g

2 0g

2 5g g

[NelsonOppen 79]

19

1234567890

Deciding Combinations of Theories

• Generalizes Nelson-Oppen method by eliminating the need for extra variables

• Congruence closure is extended to handle different theories as long as they have “canonizers” and solvers

• Found to be “buggy” and not as general as N-O

[Shostak 84]

20

1234567890

Disadvantages of “Old” Combination Methods

• Need to convert to DNF• Inefficient handling of Boolean structure• Can be viewed as lazy integration with an open

feedback loop between a propositional enumerator and the theory solvers

21

1234567890

Disadvantages of “Old” Combination Methods

SAT

No

SMT Instance

DNFConverter

DNF Instance

Yes

MoreConjuncts?

Conjunction

of

Theory Atoms

Theory Solvers

UNSAT

22

1234567890

Improved Propositional Reasoning

• Convert SMT instance to equi-satisfiable propositional form and apply Boolean reasoning techniques (BDDs or SAT)• Small-domain encoding• Per-constraint encoding

• Add more sophisticated Boolean reasoning, but keep background theories intact• Re-write rules and better Boolean splits• Add full-fledged SAT or BDD solvers to handle the Boolean skeleton

• Very Lazy: theory solver returns a conflict clause to SAT solver

• Lazy: theory solver invoked incrementally but does not propagate

• Eager: theory solver propagates and learns etc.

• Variants

• Layered

23

1234567890

Reasoning About Equality: Revisited

MoreConjuncts?

CongruenceClosure

SAT

No

YesUNSAT

EUF Formula

DNFConverter

DNF of = and ≠ Conjuncts

Conjunction of= and ≠

24

1234567890

Reasoning About Equality: Revisited

SAT/BDDSolver

SATUNSAT

EUF Formula

Reduction

E Formula

Range Analysis&

Boolean Encoding

25

1234567890

Bryant’s “ite” Reduction

1 1

2 1 2

3 1 1 1 2 3

4 3 1 3 2 3 1 3 4

4 3 3 2 1

F f

F x y,f ,f

F F x,f , F y ,f ,f

F F x,f , F y ,f , F F ,f ,f

F F F F y F

ite

ite ite

ite ite ite

★

★

★ ★ ★

★ ★ ★ ★ ★

★ ★ ★ ★ ★

Reasoning About Equality: Revisited F F F x F F x F F x F y y F x

CongruenceClosure

x y

F1

F4

F3

F2

Ackermann’sReduction

1 2

1 1 3

3 1 4

1 2 3

3 2 4

1 3 3 4

4 3 3 2 1

x y f f

x f f f

x f f f

y f f f

y f f f

f f f f

f f f f y f

26

1234567890

Pros/Cons of SMT-to-SAT Conversion

Loss of theory semantics (e.g., arithmetic)

Black-box use of modern SAT solversLeveraging of performance/capacity improvementsin SAT solvers

Increase of instance sizes

27

1234567890

Combine SAT and Theory Solvers

SAT

UNSAT

SMT Instance

SAT Solver

PropositionalAbstraction

SAT Instance

SAT

Theory Atoms

Theory Solvers

AbstractionRefinement

UNSAT

28

1234567890

Propositional Abstraction

29

1234567890

Spectrum of Integration

• Very lazily: theory solver does not feedback any info to SAT solver; no refinement

• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in

conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional

formula; no abstraction

How aggressively is refinement done?

30

1234567890

Very Lazy Integration

Boolean Solver

1A 1B

2A 2B

3A 3B

4A 4B

61B

71B

31

1234567890

Very Lazy Integration

Integer Solver

1

2

3

4

61

71

5

6

0

12

1

2

B u w

B v w

B z

B u v

B x z

B y z

5

6

0

12

1

2

u w

v w

z

u v

x z

y z

UNSAT

32

1234567890

Spectrum of Integration

• Very lazily: theory solver does not feedback any info to SAT solver; no refinement

• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in

conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional

formula; no abstraction

How aggressively is refinement done?

33

1234567890

Lazy Integration

1A 1B

2A 2B

3A 3B

4A 4B

61B

71B

Boolean Solver

34

1234567890

Lazy Integration

11u v 0 1

5u w 1B

6v w 2B

12u v

1

2

3

4

61

71

5

6

0

12

1

2

B u w

B v w

B z

B u v

B x z

B y z

Integer Solver

3B 0z

Create conflict clause

and return to Boolean solver

1 2 4B B B 61B

71B

4B

1B

2B

4B

35

1234567890

Spectrum of Integration

• Very lazily: theory solver does not feedback any info to SAT solver; no refinement

• Lazily: theory solver returns a small explanation of infeasibility to SAT solver• Eagerly: theory solver participates in value propagation (implications) and in

conflict analysis• Very eagerly: direct encoding of all theory semantics in propositional

formula; no abstraction

How aggressively is refinement done?

36

1234567890

Eager Integration: Incremental Propagation

1A 1B

2A 2B

3A 3B

4A 4B

11u v

0 1

5u w

6v w

12u v

0z

1B

2B

4B

1 2 4B B B

37

1234567890

Eager Integration: Incremental Propagation

1A 1B

2A 2B

3A 4B

11u v

5u w

6v w

3B

0z

4A

61B

71B

1x z

2y z

1x

2y

38

1234567890

Integration Trade-offs

• Must balance cost of generating new “facts” against utility of such facts in pruning the search space• E.g., a priori generation of transitivity constraints for all

possible equalities is overkill• Suggests an “on-demand” learning strategy analogous to

conflict analysis in modern SAT solvers

• On-demand learning requires incremental backtrackable theory solvers that maintain state

• Cost of propagation for various theories and sub-theories:• EUF: congruence closure is O(n log n) • Difference constraints: negative cycle detection is O(nm)• UTVPI: transitive closure is O(n3)• Real arithmetic: incremental Simplex

39

1234567890

Offline Integration of LRA Solver

1A 1B

2A 2B

3A 4B

11u v

5u w

6v w

3B

0z

4A

61B

71B

1x z

2y z

1x

2y

40

1234567890

Offline Integration of LRA Solver

1A 1B

2A 2B

3A 4B

11u v

5u w

6v w

3B

0z

4A

61B

71B

1x z

2y z

1x

2y

41

1234567890

Offline Integration of LRA Solver

5

6

0

1

2

11

1

2

4 4 0

u w

v w

z

x z

y z

u

u v x

v

y

x

y

11

1

2

4 4 0

u v

x

y

u v x y

5

6

0

1

2

1

2

11

4 4 0

u

u w

v w

z

x z

y z

x

v

u v y

y

x

11

1

4 4

5

0

2

0

6

1

2

u v

x

u w

v w

z

x z

y z

y

u v x y

11

1

2

4 4

5

0

0

6

1

2

u v

x

u

y

u v x y

w

v w

z

x z

y z

42

1234567890

Learning Strategies

• CNF clauses: disjunctions of existing atoms (in terms of their indicator variables)

• Introduction of new theory atoms: cutting planes

43

1234567890

Introduction of New Atoms

1A 1B

2A 2B11u v

5u w

6v w

4 4 0u v x y

2x y

8BNEW

1 2 8B B B 1 2 8B B B

44

1234567890

Offline Integration of LRA Solver

1A 1B

2A 2B

3A 4B

11u v

5u w

6v w

3B

0z

4A

61B 1x z

1x

8B 2x y

1y

71B 72B 73B

45

1234567890

DPLL(T) Framework

• Declarative “calculus” for tight integration of a solver for theory T within a propositional DPLL solver

• Inspired by CLP(X)

• Defines SolverT as an abstract data type with the following methods:• Initialize(L: Literal set)• SetTrue(l: L-literal): L-literal set• IsTrue?(l: L-literal): Boolean• Backtrack(n: Natural)• Explanation(l: L-literal): L-literal set

[Tinelli 02][Nieuwenhuis-Oliveras 03]

GETFOL1993

KSAT1996

MATH-SAT2001

MATH-SAT2002

MATH-SAT2005

LPSAT1999

CVC Lite2004

Nelson-Oppen1979

Shostak1984

SVC1996

CVC2002/2004

Verifun2003

Simplify1998?

ICS2001

ICS+Chaff2002

Simplics2005

DPLL(T)2002

Sammy2005

BarcelogicTools2005

Yices2006

Ario2005

Nelson-Oppen1979

MATH-SAT2001

KSAT1996

GETFOL1993

MATH-SAT2002

MATH-SAT2005

LPSAT1999

SVC1996

CVC2002/2004

CVC Lite2004

Shostak1984

Simplify1998?

Verifun2003

ICS2001

Simplics2005

ICS+Chaff2002

DPLL(T)2002

Sammy2005

BarcelogicTools2005

Yices2006

Ario2005

48

1234567890

2005 Competition Results: QF_UF

49

1234567890

2005 Competition Results: QF_RDL

50

1234567890

2005 Competition Results: QF_IDL

51

1234567890

2005 Competition Results: QF_UFIDL

52

1234567890

2005 Competition Results: QF_LRA

53

1234567890

2005 Competition Results: QF_LIA

54

1234567890

2005 Competition Results: QF_AUFLIA

55

1234567890

Conclusions

• SAT does it again!• Modern SAT technology critical enabler of SMT solvers

• Clear winner: tight integration of SAT and Theory solvers• Incremental propagation• Incremental conflict analysis and learning• Careful tuning

• SMT is bringing different communities together (SAT, CP, AI, OR)

• Competition is good