DPLLbased Checkers for Satisfiability Modulo Theories

1
DPLL-based Checkers for Satisfiability Modulo
Theories

• Cesare Tinelli
• Department of Computer Science
• The University of Iowa
• Joint work with
• Jed Hagen (Iowa) Robert Nieuwenhuis, Albert
  Oliveras (TUC)

2
Talk Plan

• Propositional satisfiability and the DPLL
  procedure
• A calculus for DPLL
• Satisfiability modulo theories
• The DPLL(T1,Tn) calculus
• Implementing the DPLL(T1,Tn) calculus
• Some experimental results

3
Background

• Propositional satisfiability (SAT) is one of the
  most fundamental problems in AI and CS.
• SAT is decidable, but it is NP-complete.
• An effective method for SAT was pioneered by
  Davis, Putman, Logemann, and Loveland (DPLL).
• The best modern SAT solvers (Chaff, Berkmin,
  Siege, ) are based on DPLL.

4
The DPLL Procedure as a Calculus
5
The DPLL Calculus
6
The DPLL Calculus (cont.)
Lits(?) all atoms in ? and their negation
7
Correctness of DPLL
? propositional clauses Prop. Every
derivation tree of ? - ? is finite. Prop. ? is
satisfiable iff ? - ? has a derivation tree with
a successful branch.
8
Talk Plan

• Propositional satisfiability and the DPLL
  procedure
• A calculus for DPLL
• Satisfiability modulo theories
• The DPLL(T1,Tn) calculus
• Implementing the DPLL(T1,Tn) calculus
• Some experimental results

9
Satisfiability Modulo Theories

• DPLL-based methods can also decide the
  satisfiability of quantifier-free, first-order
  formulas
• Often, however, one is interested in the
  satisfiability of a quantifier-free formula
  in a given FO theory T
• Example Is R(a,b) ? R(b,c) ? ?R(a,c)
  satisfiable?
• What if R stands for a transitive relation?
• Applications planning, scheduling, verification,
  compiler optimization,

10
Checking Satisfiability Modulo Theories

• Current approaches
• Eager translation into SAT
• Encode problem and theory into an equisatisfiable
  propositional formula
• Feed formula to a SAT-solver
• Lazy translation into SAT
• Couple a SAT solver with a decision procedure for
  the theory

11
Idea of Lazy Approach

• Fact Many theories of interest have (efficient)
  decision procedures for sets of literals.
• Problem in practice, dealing with Boolean
  combinations of literals is as hard as in the
  propositional case.
• Solution use propositional satisfiability
  technology for the Boolean part.

12
Previous Lazy Approaches Ar00,Aud02,Ba02,deM02,
13
Our Approach Tin02, ON03
Embed decision procedures into the SAT
solver. More abstractly Embed decision
procedures into the DPLL Calculus.
14
The DPLL(T) Calculus
iff every model of T that satisfies ? also
satisfies l
15
The DPLL(T) Calculus
16
The DPLL(T) Calculus
All the DPLL rules plus
17
Correctness of DPLL(T)
? quantifier-free clauses in Ts
signature Prop. Every derivation tree of ? - ?
is finite. Prop. ? is T-satisfiable iff ? - ?
has a derivation tree with a successful branch.
18
Satisfiability Modulo Multiple Theories

• Let T1,, Tn be distinct theories with resp.
  decision procedures P1,,Pn
• How can we reason over all of them with DPLL(T)?
• Quick Solution
• Combine P1,,Pn with the Nelson-Oppen method into
  a decision procedure for T1 ? ? Tn
• Use DPLL(T) with T T1 ? ? Tn

19
Satisfiability Modulo Multiple Theories

• Let T1,, Tn be distinct theories with resp.
  decision procedures P1,,Pn
• How can we reason over all of them with DPLL(T)?
• Better Solution
• Embed the Nelson-Oppen method directly into the
  calculus
• Turn DPLL(T) into DPLL(T1,,Tn )

20
The DPLL(T1,,Tn) Calculus Preliminaries

• Let n2, for simplicity
• Let Ti be a theory of signature ?i for i1,2,
  with ?1 ? ?2 ?
• Assume wlog that each input literal has signature
  ?1 or ?2 (no mixed literals)

21
The DPLL(T1,,Tn) Calculus Notation

• Lits(?, i) ?i-atoms in ? and their negation
• ?i ?i-literals of ?
• ?s x y x, y ? vars(?1) ? vars(?2)

22
The DPLL(T1,,Tn) Calculus
All the DPLL rules but with new
23
The DPLL(T1,,Tn) Calculus (cont.)
New theory rules (i1,2)
24
Correctness of DPLL(T1,,Tn)
A theory T is stably infinite iff every
T-satisfiable qff is satisfiable in an infinite
model of T

• ? quantifier-free clauses in
• (T1?...?Tn)s signature
• Prop. If T1, , Tn are
• stably-infinite and
• pairwise signature-disjoint
• then ? is (T1?...?Tn)-satisfiable iff
• ? - ? has a derivation tree with a successful
  branch.

25
Talk Plan

• Propositional satisfiability and the DPLL
  procedure
• A calculus for DPLL
• Satisfiability modulo theories
• The DPLL(T1,Tn) calculus
• Implementing the DPLL(T1,Tn) calculus
• Some experimental results

26
Making DPLL Efficient

• Literal selection strategies
• Intelligent backtracking (backjumping)
• Learning (lemma generation)

27
Making DPLL(T1,,Tn) Efficient

• T-based literal selection strategies
• T-based intelligent backtracking
• T-based learning

28
Implementing DPLL(T1,,Tn)
In theory, it suffices to have decision
procedures Pi s.t. Pi(l1, , ln) true iff
l1, , ln is Ti-unsatisfiable
In practice, it is better if to have a solver
for each Ti with additional functionalities
29
Ti-solver Interface
type status Valid Unsat Undef type lit
sign pred Class Solver attr context lit
list meth status pred ? status meth
explanation pred ? lit set meth assert lit
? lit set meth backtrack int ? unit
30
Ti-solver Specification
type status Valid Unsat Undef type lit
sign pred Class Solver attr context lit
list meth status (p pred) status
ensures result Valid ltgt context T p
result Unsat ltgt context T p
31
Ti-solver Specification
type status Valid Unsat Undef type lit
sign pred Class Solver attr context lit
list meth explanation (p pred) lit set
requires status(p) ! Undef ensures result ?
context status(p) Valid gt
result T p status(p) Unsat
gt result T p
32
Ti-solver Specification
type status Valid Unsat Undef type lit
sign pred Class Solver attr context lit
list meth assert ((sign,p) lit) lit set
requires status(p) Undef ensures context
(sign,p)context (sign,p) ?
result forall (lit ? result)
context T lit
not(context T lit)
33
Ti-solver Specification
type status Valid Unsat Undef type lit
sign pred Class Solver attr context lit
list meth backtrack (n int) unit
requires 1 lt n n lt length(context)
ensures context lit1 litncontext
34
Talk Plan

• Propositional satisfiability and the DPLL
  procedure
• A calculus for DPLL
• Satisfiability modulo theories
• The DPLL(T1,Tn) calculus
• Implementing the DPLL(T1,Tn) calculus
• Some experimental results

35
Experimental Results
T theory of successor and predecessor free
symbols p(s(x)) x s(p(x)) x p(x) p(y) gt x
y s(x) s(y) gt x y 0 ? pn(x) (for each n gt
0) 0 ? sn(x) (for each n gt 0) pn(x) ? pm(x)
(for each m,n with m gt n gt 0) sn(x) ? sm(x)
(for each m,n with m gt n gt 0)
Popular in hardware verification
36
Experimental Results

• T-solver based on a novel congruence closure
  algorithm ON03
• DPLL(T) engine with
• Chaff-style literal selection function
• 2-watched literal unit propagation
• conflict set-based backjumping
• 1st-UIP lemma generation
• C implementation

37
Experimental Results

• Benchmarks produced with UCLID tool BLJ02
• Comparisons with
• SVC
• 4 SAT-translation methods by Bryant et al.
• Machine Pentium IV, 2.63 GHz, 512MB RAM
• Times in seconds, with timeout at 6000s

38
See external table
39
Conclusions

• DPLL(T1,,Tn) is a sound and complete calculus
  for satisfiability modulo T1??Tn.
• General framework for integrating decision
  procedures into the DPLL method.
• Decision procedures drive the derivation instead
  of just validating solutions.
• Major optimization techniques from SAT can be
  lifted to DPLL(T1,,Tn).
• Initial experimental results are very promising

40
Further Work (in Progress)

• New version of the DPLL(T) calculus, to model
  more accurately modern SAT engines
• Non-clausal version of DPLL(T)
• Implementation with more theories
• A DPLL(T)-based system for solving integer linear
  programming (optimization) problems