A Progressive Approach for Satisfiability Modulo Theories

1
A Progressive Approach for Satisfiability Modulo
Theories

• Hossein M. Sheini
• Karem A. Sakallah
• Electrical Engineering and Computer Science
• University of Michigan, Ann Arbor, Michigan, USA
• Constraints and Verification 2006
• Isaac Newton Institute for Mathematical Sciences

2
Outline

• Problem formulation applications
• Algorithmic components
• Boolean solver
• Unit 2-variable-per-inequality integer solver
• General-purpose ILP solver
• Solution strategies
• Related approaches
• Experimental evaluation
• Conclusions and future work

3
Satisfiability Modulo TheoriesConjunctive Normal
Form (SMT-CNF)

• Variables
• Boolean
• Integer
• Atoms
• Boolean variable
• Integer UTVPI
• Integer constraint
• Literal atom or negation of atom
• Clause disjunction of literals
• Formula conjunction of clauses

4
SMT-CNF

• Find an assignment to all Boolean (and integer)
  variables such that
• OR prove that no such solution exists

5
Satisfiability Modulo Theories (SMT)

• SMT is the problem of deciding the satisfiability
  of a quantifier-free formula in one or more
  first-order theories.
• Theories of interest are logics of
• Equality (E)
• Integer Unit-Two-Variable-Per-Inequality (UTVPI)
  (U)
• Integer Linear Arithmetic (C)

6
Satisfiability Modulo Theories (SMT)

• SMT formula

7
Example SMT-CNF Instance
8
Applications of SMT

• Verification (SW, HW)
• Model checking of timed automata
• Microprocessor verification
• Program verification
• Buffer over-run vulnerabilities
• Scheduling
• Temporal reasoning
• Job-shop scheduling

9
Solution Algorithm Version 1
Invoke Solvers Sequentially

• Enumerate Boolean solutions
• Check consistency of implied integer constraints

10
Problem Decomposition Indicator Variables
11
Boolean Satisfiability

• DPLL-style search to find a solution to a Boolean
  CNF formula or to prove no such solution exists
• Major algorithmic advances in last decade
• Conflict analysis
• Clause recording (learning)
• Non-chronological backtracking
• Efficient BCP using watched literals
• Random restarts
• Adaptive decision heuristics (VSIDS, etc.)
• MiniSAT
• N. Eén, N. Sörensson, An Extensible SAT-solver
  SAT03

12
UTVPI Integer Constraint Solver
Jaffar et als polynomial-time incremental
algorithm

• Maintain a transitively-closed and tightened set
  of UTVPI constraints
• Generate and add all implied UTVPI constraints
  every time a new constraint is added

13
UTVPI Algorithm Example
14
Algorithm Version 1
Boolean Solver
Formula
Decision Tree
Implication Graph
15
Algorithm Version 1
UTVPI Solver
Formula
Boolean Solution
16
Pros/Cons of Version 1 Algorithm

• Pros
• Loose integration of Boolean and UTVPI/ILP
  solvers
• Cons
• Late detection of conflicts
• Inability to analyze UTVPI/ILP conflicts
• Possibility of enumerating several solutions that
  are inconsistent for the same reason
• Extra work if unsatisfiability is due to logical
  constraints

17
Solution Algorithm Version 2

• Integrate UTVPI solver into the Boolean solver
• Check consistency of relevant integer constraints
  off-line with a generic ILP solver

18
Algorithm Version 2
19
Algorithm Version 2
20
Solution Algorithm Version 3
Conservatively abstract formula Replace equality
with one-way implication
21
Algorithm Version 3
22
Final Version of Combined Algorithm

• Always Enforce only one-way implication from
  indicator variable to its UTVPI constraint
• Sometimes Enforce equality between indicator
  variable and its UTVPI constraint when
  computationally cheap

23
Final Version on Example Formula
24
Handling non-UTVPI Constraints

• Solution So far

UTVPI constraints sharing both variables with
non-UTVPI constraints
to Integer Programming Solver
UNSAT
25
Offline Learning Cutting Planes
NEW
26
Learning on Example Formula
27
Progressive Solving Scheme

• Gradual Concretization of the Formula
• Gradual Activation of Theory Solvers

28
Implementation

• ARIO Satisfiability Modulo Theories (SMT) Solver
  written in C
• More info at http//www.eecs.umich.edu/ario

29
Comparison to Other Methods
DPLL(T) - Ario Version 2



Ario Version 1
MathSAT
Strategy for Linking Theories
UCLID
equality
?X
?X
?X
?X
?X
Ario Final
?X
Ario Version 3
MLLP
conditional
?X
?X
?X
?X
Big-M Simplex/BB
Branch-and-Check
Lazy
Tight
Eager
Strategy for Solving Theories
30
Experimental Evaluation

• Wisconsin Safety Analysis (WiSA)
• Fischer's mutual exclusion protocol
• MathSAT CIRC
• CIRC Safety Checking of RTL Circuits

31
Wisconsin Safety Analysis (WiSA)
benchmark number of conflicts number of conflicts number of conflicts Number of iterations Number of iterations
benchmark total in UTVPI in Cutting Planes with Cutting Planes no Cutting Planes
s-20-20 1111 1057 6 10 84
s-20-30 3172 3009 12 8 2066
s-20-40 30611 30418 3 1 time-out
s-30-30 1500 1436 2 1 447
s-30-40 7631 7281 29 11 273
xs-20-20 877 811 11 17 160
xs-20-30 396 388 3 1 318
xs-20-40 748710 746239 3 1 time-out
xs-30-40 3739 3596 18 16 255
32
Wisconsin Safety Analysis (WiSA)
benchmark UCLID time ICS time ARIO time ARIO time ARIO time
benchmark UCLID time ICS time UTVPI non-UTVPI total
s-20-20 8.78 0.25 0.17 0.01 0.26
s-20-30 9.50 0.37 0.32 0.01 0.61
s-20-40 4.50 286.84 2.77 0.01 5.05
s-30-30 20.89 1.64 0.28 0.01 0.45
s-30-40 19.21 7.41 1.21 0.01 2.06
xs-20-20 26.03 17.77 0.35 0.02 0.57
xs-20-30 21.42 1482.80 0.1 0.01 0.23
xs-20-40 14.18 gt3600 173.9 0.01 276.43
xs-30-40 33.22 gt3600 1.88 0.06 3.01

33
Fischer's Mutual Exclusion Protocol(Encoded for
MathSAT)
34
MathSAT CIRC Suite

• Generated for MathSAT, verifying properties for
  some simple circuits.

Copied from MathSAT TACAS 2005 paper comparing
accumulated time of CIRC benchmarks for MathSAT,
CVC and ICS
35
RTCL - Safety Properties for RTL Circuits
36
Conclusions and Future Work

• Judicious integration/use of solvers
• Boolean reasoning (constraint propagation,
  conflict analysis, non-chronological
  backtracking, etc.) is key to scalability
• Incrementality is essential for performance
• Further benchmarking, tuning, competition?