decision procedures - an algorithmic point of view 1 quantified formulas decision procedures – an...
TRANSCRIPT
Decision Procedures - An algorithmic point of view 1
Quantified formulas
Decision procedures – An algorithmic point of view
Daniel Kroening and Ofer Strichman
Decision Procedures - An algorithmic point of view 2
Why do we need quantifiers ?
As always: more modeling power Examples of quantifiers usage:
“Everyone in the room has a friend” “There is a person in the room that all of his cars are red” “There is not more than one person in the room that earns
more than $1M”
Decision Procedures - An algorithmic point of view 3
Quantifiers in Math…
For any integer x there is a smaller integer y
8x2Z 9y2Z. y < x X Reverse claim: There exists an integer y such that any
integer x is greater than y
9y2Z 8x2Z. y < x £
(Bertrand’s postulate) For any natural number greater than 1 there is a prime number p such that n < p < 2n
8n2 N. 9p2 N. n >1 ! (isprime(p) Æ n < p < 2n)
Decision Procedures - An algorithmic point of view 4
Actually…
Satisfiability of (x1,,xn) = does there exist an interpretation of x1,,xn that satisfies
Validity of (x1,,xn) = does it hold that all interpretation of x1,,xn satisfy
Conclusion: what we did so far (satisfiability, validity) is non-alternating quantification.
Decision Procedures - An algorithmic point of view 5
Example: Quantified Propositional Logic
Better known as Quantified Boolean Formulas (QBF)
formula: var | : formula | formula Ç formula | ( formula ) | T | F|8 var. (formula) | 9 var. (formula)
8x. (x Ç 9y. (y ! x))
8x. (9y. ((x Ç :y) Æ (:x Çy)) Æ 9y. ((:y Ç :x) Æ (x Ç y)))
Binding scope of y
X
X
Decision Procedures - An algorithmic point of view 6
Prenex Normal-Form (PNF)
Formulas in PNF look like this:
’: Q[n]V[n]. .Q[1]V[1]. Quantifier-free formula
where Q[i] 2 {8,9} and V[i] is a variable.
Every quantified formula can be transformed to PNF while preserving validity. How ?
prefix
Decision Procedures - An algorithmic point of view 7
Prenex Normal Form (PNF)
1. Eliminate ! and $ (transform to Ç Æ :)
2. Push negations inside using:: 8 x. $ 9 x. : : 9 x. $ 8 x. :
3. If there are name conflicts across scopes, solve with renaming.
4. Move quantifiers out by using recursively rules such as:1. Q1 x. 1(x) Æ Q2 y.
2(y) $ Q1 x. Q2 y. (1(x) Æ 2(y)) Qi2{8,9}
2. Q1 x. 1(x) Ç Q2 y. 2(y) $ Q1 x. Q2 y. (1(x) Ç 2(y))Qi2{8,9}
3. 1 Æ 9 x. 2(x) $ 9 x. (1 Æ 2(x)) where x does not appear in 1
4. 1 Æ 8 x. 2(x) $ 8 x. (1 Æ 2(x)) where x does not appear in 1
5. 8 x. 1(x) Æ 8 x.
2(x) $ 8 x. (
1(x) Æ
2(x))
6. 9 x. 1(x) Ç 9 x.
2(x) $ 9 x. (
1(x) Ç
2(x))
Decision Procedures - An algorithmic point of view 8
Prenex Normal Form (PNF): example
:9x. : (9y. ((y ! x) Æ (: x Ç y)) Æ :8y. ((y Æ x) Ç (: x Æ : y)))
1,2. Eliminate !, push negations inside:
8x. (9y. ((:y Ç x) Æ (: x Ç y)) Æ 9y. ((:y Ç : x) Æ (x Ç y)))
3. Renaming:
8x. (9y1. ((:y1 Ç x) Æ (: x Ç y1)) Æ 9y2. ((:y2 Ç : x) Æ (x Ç y2)))
4. Move quantifiers to front:
8x. 9y1. 9y2. (x Ç :y1) Æ (: x Ç y1) Æ (:y2 Ç : x) Æ (x Ç y2)
Decision Procedures - An algorithmic point of view 9
Why eliminating 9x. ÆiLi is enough
A procedure for eliminating an existential quantifier applied to a conjunction of literals is enough, because: Given a formula , write it in DNF. Use the fact that
Eliminate universal quantifiers using the fact
8x. $ :9x. :
Decision Procedures - An algorithmic point of view 10
Quantifier Elimination
Examples first, generalization later. Example #1: Quantified Boolean Formulas (QBF) Example #2: Quantified Linear Arithmetic (QLA)
Decision Procedures - An algorithmic point of view 11
Example #1: QBF
Examples of Quantified Boolean Formula
: u e.(uÇ :e)(:uÇ e)
: e4e5 u1u2u3 e1e2e3. f(e1,e2,e3,e4,e5,u1,u2,u3)
QBF Problem: is valid? P-Space Complete, theoretically harder than NP-Complete
problems such as SAT.
Decision Procedures - An algorithmic point of view 12
Motivations
QBF has practical applications: AI Planning Sequential circuit verification …
Decision Procedures - An algorithmic point of view 13
a Ç b Ç g Ç h’Ç fa Ç b Ç g Ç h’
Solving QBF with projection: 9
Eliminate 9x. by projecting x on variables in higher quantification levels (their scope includes x’s scope).
In Propositional Logic projection can be done with Resolution.
Resolution example:
a Ç b Ç c’ Ç f g Ç h’ Ç c Ç f
Decision Procedures - An algorithmic point of view 14
Solving QBF with projection: 8
Transform 8 to 9 via: (8x. $ (:9x. : CNF is easier than general formulas:8u1u2 9e1 8u3(u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1)
8u1u2 9e1:9u3 :((u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1))
8u1u2 9e1:9u3 ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æu3Æe1))
8u1u2 9e1: ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æ(9u3. u3)Æe1))
8u1u2 9e1 : ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æe1))
8u1u2 9e1 (u1Ç:e1)(:u1Çe1)(u2Ç:e1)
Suffix is DNF
Back to CNF
Shortcut for CNF formulas: simply erase universally quantified variables!
Replace with true
Decision Procedures - An algorithmic point of view 15
Resolution Based QBF Algorithm
8u1u29e18u39e3e2(u1Ç:e1)(:u1Ç:e2Çe3)(u2Ç:u3Ç:e1)(e1Çe2)(e1Ç:e3)
8u1u29e18u39e3 (u1Ç:e1)(:u1Çe3Çe1)(u2Ç:u3Ç:e1)(e1Ç:e3)
8u1u29e18u3 (u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1)
8u1u29e1(u1Ç:e1)(:u1Çe1)(u2Ç:e1)
8u1u2(:u1Ç u2)
FALSE
Decision Procedures - An algorithmic point of view 16
Example #2: Quantified Linear Arithmetic
formula = predicate | formula Ç formula | :formula | (formula) | 8 var. formula | 9 var. formula
predicate = i ai xi · c
8x.9y.9z. (y+1 · x Æ z+1 · y Æ 2x+1 · z)
Decision Procedures - An algorithmic point of view 17
Solving QLA with projection
Eliminate 9x. by projecting x. In Linear Arithmetic over R projection can be done
with Fourier-Motzkin elimination.
Fourier-Motzkin method to eliminate a variable xn:- for each pair of constraints: i=1..n-1ai’xi < xn < i=1..n-1aixi
add a constraint i=1..n-1ai’xi < i=1..n-1aixi
- in the end remove all constraints involving xn.
Decision Procedures - An algorithmic point of view 18
x + 1 · 3z + 3
2y · 2z + 4
Solving QLA with projection
Fourier Motzkin: example.
Eliminate y:
x + 1 · z + 2 Æ
x + 1 · y Æ y · 3z + 3 Æ
Decision Procedures - An algorithmic point of view 19
Quantifier elimination - example
8x.9y.9z. (y+1 · x Æ z+1 · y Æ 2x+1 · z)
8x.9y. (y+1 · x Æ 2x+1 · y-1 )
8x. (2x+2 · x-1) // transform to 9
:9x. : (2x+2 · x-1)
:9x. x > -3
:true
false
Decision Procedures - An algorithmic point of view 20
Quantifier elimination by projection: summary
Given a PNF formula f = Q[n]V[n]Q[1]V[1]
For i = 1 .. n {
if Q[i] = 9 then = project(,V[i])
else = :project(:,V[i])
}
Return
Decision Procedures - An algorithmic point of view 21
More about QBF
Example of using QBF (the diameter problem) A search-based procedure for QBF.
Acknowledgement: QBF slides borrowed from S. Malik
Decision Procedures - An algorithmic point of view 22
The State Space Diameter Problem
S0
S2S1
S3
S5 S4 diameter = 3
Start from the initial states, the minimum number of steps needed to visit every reachable state
S0
initial state: S0S2S1
step 1: S1, S2
S4
S3step 2: S3, S4
S5
step 3: S5
Decision Procedures - An algorithmic point of view 23
Why is the Diameter Problem important?
Bounded model checking (BMC): search for a ‘bad’ state up to k steps from an initial step.
BMC can be formulated as SAT. Increasing k makes is harder. Q: how deep should we go ? A: as deep as the diameter The diameter can be found by solving a QBF problem
Decision Procedures - An algorithmic point of view 25
Circuit Constructed for the Diameter Problem
CombinationalLogic
I1
O1
1s0s CombinationalLogic
In
On
ns1ns CombinationalLogic
In+1
On+1
1ns
CombinationalLogic
I1’
O1’
'1s'0s CombinationalLogic
In’
On’
'ns'1ns
The idea: prove that for every state reachable in k+1 steps, there exists inputs that drive the model to this state earlier.
Decision Procedures - An algorithmic point of view 26
Some Terminology for the Formulations
CombinationalLogic
I1
O1
1s0s CombinationalLogic
In
On
ns1ns CombinationalLogic
In+1
On+1
1ns
CombinationalLogic
I1’
O1’
'1s'0s CombinationalLogic
In’
On’
'ns'1ns
Variables: VCircuit consistency condition: C(V)
Decision Procedures - An algorithmic point of view 27
Some Terminology for the Formulations
CombinationalLogic
I1
O1
1s0s CombinationalLogic
In
On
ns1ns CombinationalLogic
In+1
On+1
1ns
CombinationalLogic
I1’
O1’
'1s'0s CombinationalLogic
In’
On’
'ns'1ns
Variables: V’Circuit consistency condition: C(V’)
Decision Procedures - An algorithmic point of view 28
QBF Formulation
CombinationalLogic
I1
O1
1s0s CombinationalLogic
In
On
ns1ns CombinationalLogic
In+1
On+1
1ns
CombinationalLogic
I1’
O1’
'1s'0s CombinationalLogic
In’
On’
'ns'1ns
C(V)
C(V’)
)1()()'()(.'),\( '10
1
1121 i
SSVCVCVIVIII nni
n
iin
Other Vvariables
V inputs V’ variables, incl. inputs
Decision Procedures - An algorithmic point of view 29
Another way to project Boolean variables
Shannon expansion:9x. = |x=0 Ç |x=1
8x. = |x=0 Æ |x=1 // can be derived from 8x. = :9x.:
The same applies for all finite-range variables.
Applying 9x., where in CNF $ resolution But: does not need to be in CNF, and there is no
need to transform the formula to DNF.
Decision Procedures - An algorithmic point of view 30
Projection for non-CNF formulas: example
9y 8z 9x. (y Ç (x Æ z))
9y 8z. (y Ç (x Æ z))|x=0 Ç (y Ç (x Æ z))|x=1
9y 8z. ((y) Ç (y Ç z))
9y :9z. (:y Æ :z)
9y. : ((:y Æ :z)|z=0 Ç (:y Æ :z)|z=1)
9y. : (:y)
True
Decision Procedures - An algorithmic point of view 31
Search Based QBF Algorithms
Work by gradually assigning variables A partial assignment
[KGS98] M. Cadoli, A. Giovanardi, M. Schaerf. An Algorithm to Evaluate Quantified Boolean Formulae. In Proc. of 16th National Conference on Artificial Intelligence (AAAI-98)
Decision Procedures - An algorithmic point of view 32
Search Based QBF Algorithms
Work by gradually assigning variables A partial assignment
Undetermined Continue search
[KGS98] M. Cadoli, A. Giovanardi, M. Schaerf. An Algorithm to Evaluate Quantified Boolean Formulae. In Proc. of 16th National Conference on Artificial Intelligence (AAAI-98)
Decision Procedures - An algorithmic point of view 33
Search Based QBF Algorithms
Work by gradually assigning variables A partial assignment
Undetermined Conflict
Backtrack Record the reason
[KGS98] M. Cadoli, A. Giovanardi, M. Schaerf. An Algorithm to Evaluate Quantified Boolean Formulae. In Proc. of 16th National Conference on Artificial Intelligence (AAAI-98)
Decision Procedures - An algorithmic point of view 34
Search Based QBF Algorithms
Work by gradually assigning variables A partial assignment
Undetermined Conflict Satisfied
Backtrack Determine the covered satisfying space
[KGS98] M. Cadoli, A. Giovanardi, M. Schaerf. An Algorithm to Evaluate Quantified Boolean Formulae. In Proc. of 16th National Conference on Artificial Intelligence (AAAI-98)
Decision Procedures - An algorithmic point of view 35
Search Based QBF Algorithms
Work by gradually assigning variables A partial assignment
Undetermined Conflict Satisfied
The majority of QBF solvers are search based, the DPLL algorithm is an example of this
Decision Procedures - An algorithmic point of view 36
Basic DPLL Flow for QBF
eu (e Ç u)(:e Ç :u)
Unknown
True (1)
False(0)
Decision Procedures - An algorithmic point of view 37
Basic DPLL Flow for QBF
e = 0
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
Decision Procedures - An algorithmic point of view 38
Basic DPLL Flow for QBF
e = 0
u = 1
Unknown
True (1)
False(0)
Satisfying Node
eu (e Ç u)(:e Ç :u) Universal quantification
Existential quantification
Decision Procedures - An algorithmic point of view 39
Basic DPLL Flow for QBF
e = 0
u = 1
Unknown
True (1)
False(0)
Backtrack
eu (e Ç u)(:e Ç :u)
Decision Procedures - An algorithmic point of view 40
Basic DPLL Flow for QBF
e = 0
u = 1 u = 0
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
Decision Procedures - An algorithmic point of view 41
Basic DPLL Flow for QBF
e = 0
u = 1 u = 0
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
Decision Procedures - An algorithmic point of view 42
Basic DPLL Flow for QBF
e = 1
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
e = 0
u = 1 u = 0
Decision Procedures - An algorithmic point of view 43
Basic DPLL Flow for QBF
e = 1
u = 1
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
e = 0
u = 1 u = 0
Decision Procedures - An algorithmic point of view 44
Basic DPLL Flow for QBF
e = 1
u = 1
Unknown
True (1)
False(0)
Conflicting Node
eu (e Ç u)(:e Ç :u)
e = 0
u = 1 u = 0
Decision Procedures - An algorithmic point of view 45
Basic DPLL Flow for QBF
e = 1
u = 1
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
e = 0
u = 1 u = 0
Decision Procedures - An algorithmic point of view 46
Basic DPLL Flow for QBF
e = 1
u = 1
e = 0
u = 1 u = 0
False
Unknown
True (1)
False(0)
eu (e Ç u)(:e Ç :u)
Decision Procedures - An algorithmic point of view 47
Basic DPLL Flow for QBF
ue (u Ç e)(:u Ç :e)
Unknown
True (1)
False(0)
Decision Procedures - An algorithmic point of view 48
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
ue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 49
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
e = 1
ue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 50
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
e = 1 e = 0
ue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 51
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
e = 1 e = 0
ue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 52
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
e = 1 e = 0
u = 0
e = 1
ue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 53
Basic DPLL Flow for QBF
Unknown
True (1)
False(0)
u = 1
e = 1 e = 0
u = 0
e = 1
Trueue (u Ç e)(:u Ç :e)
Decision Procedures - An algorithmic point of view 54
What we saw is DPLL - QBFwhile (true) {
decide_next_branch() //choose a branch variable
while(true) {
status = deduce(); //unit propagation
if (status == CONFLICT) {
blevel = analyze_conflict(); //find out the reason for conflict
if (blevel < 0) return UNSATISFIABLE;
else backtrack(blevel);
}
else if (status == SATISFIABLE) {
blevel = analyze_SAT() //find out the reason for satisfaction
if (blevel < 0) return SATISFIABLE;
else backtrack(blevel);
}
else break;
}}
Decision Procedures - An algorithmic point of view 55
Naïve DPLL Based Approach
Works on a CNF database Learning and non-chronological backtracking is
much harder – requires a change! Modern QBF solvers do not work with CNF, rather
with a combination of CNF with Cubes. This lets them apply learning efficiently.
Decision Procedures - An algorithmic point of view 56
ACNF
Definition: Augmented CNF (ACNF) = C1 Æ C2Æ …Æ CmÇ S1 Ç S2 Ç ……Ç Sk
Where Ci’s are clauses, and Sj ’s are cubes.
Each Sj is contained in the clause term C1 C2…Cm.
i.e.i{1,2…k}, Si C1 Æ C2 Æ … Æ Cm
In ACNF, cubes are redundant Example:
(:aÇ:bÇ:c)Æ(:aÇbÇc) Æ(aÇ:bÇc) Æ(aÇbÇ:c) Ç
(:aÆ:bÆ:c) Ç (aÆ :bÆ c)
Decision Procedures - An algorithmic point of view 57
Solving QBF of ACNF formulas
Cubes are necessary for saving information on the (universal) space already covered.
We will see a special case: 2QBF 2QBF = QBF with one quantifier alternation very useful!
Decision Procedures - An algorithmic point of view 58
A special case: 2QBF
DPLL search based, utilize a standard SAT solver Algorithm I: Assign universal variables first Algorithm II: no restriction in decision order w.r.t. variable
quantification order
Resolution based No simplification, just Q-resolution With complete two-level minimization (using Logic-
Minimization) at each resolution step
Decision Procedures - An algorithmic point of view 59
Coverage Cubes and Blocking Clauses
(u1 Ç u2 Ç e1) Æ(u3 Ç :e2) Æ (u1Ç :e1Ç :e2)(:u1Ç :u2Ç e2) Æ
satisfying assignment :
{u1=1, u2=0, u3=X, e1=0, e2=0}
satisfying cube:
{u1=1, u2=0, e2=0}
select a set of literals
that satisfy all clauses
coverage cube for the universal Boolean space:
u1 :u2
blocking clause:
:u1 Ç u2
prevents revisiting the already searched space
Decision Procedures - An algorithmic point of view 60
Example for Algorithm I
universal assignment: u1=0, u2=0
SAT assignment: u1=0, u2=0, e1=1, e2=1
satisfying cube (cover set): u1=0, e1=1, e2=1
coverage cube: u1=0
universal assignment: u1=1, u2=0
SAT assignment: u1=1, u2=0, e1=0, e2=0
satisfying cube (cover set): u1=1, e1=0, e2=0
coverage cube: u1=1
no more universal assignment left, instance is true
8u1u29e1e2. (u1Ç e1)Æ(:u1Ç :e1)Æ(:u1Ç u2Ç:e2) Æ(:u2Ç:e1Ç e2) Æ (e1Ç:e2)
Decision Procedures - An algorithmic point of view 61
satisfying cube
(cover set)
3
Algorithm I
universal space(u1,u2,…,um)
SAT assignmentuniversal assignment
coverage cube
existential space(e1,e2,…,en)
1 2
4
5
Decision Procedures - An algorithmic point of view 62
Example for Algorithm II
SAT assignment: u1=0, e1=1, e2=1, u2=0
blocking clause: (u1 Ç :e1 Ç :e2)
coverage cube: u1=0
SAT assignment: u1=1, e1=0, e2=0 , u2=0
coverage cube: u1=1
blocking clause: (u1 Ç :e1 Ç :e2)
The entire universal space is covered, instance is true
8u1u29e1e2. (u1Ç e1)Æ(:u1Ç :e1)Æ(:u1Ç u2Ç:e2) Æ(:u2Ç:e1Ç e2) Æ (e1Ç:e2)
Decision Procedures - An algorithmic point of view 63
blocking clause
2
Algorithm II
universal variable space(u1,u2,…,um)
SAT assignment, no need to respect quantification order to get that
13
all variable space(u1,u2,…,um,e1,e2,…,en)
coverage cube
4
Decision Procedures - An algorithmic point of view 64
Resolution Based Algorithm
First resolve out existential variables After resolving out all existential variables
An empty clause (a clause with no literal or consisting only of universal variables) false
An empty set of clauses true
Has the memory blowup problem Alleviate by simplifying the propositional part after
each resolution step
Decision Procedures - An algorithmic point of view 65
Example for Resolution Based Algorithm
resolve out e1
empty set of clause
instance is true
simplify
resolve out e2
8u1u29e1e2. (u1Ç e1)Æ(:u1Ç :e1)Æ(:u1Ç u2Ç:e2) Æ(:u2Ç:e1Ç e2) Æ (e1Ç:e2)
8u1u29e2. (u1Ç :u2 Ç e2)Æ(:u1Ç :e2)Æ(:u1Ç u2Ç:e2)
8u1u29e2. (u1Ç :u2 Ç e2)Æ(:u1Ç :e2)
Decision Procedures - An algorithmic point of view 66
Experimental Results (Malik et al.)
>400
>400
>400
>400
>400
>400
Res w/o simp
>400
>400
4.29
208.6
25.04
2.19
Res w/ simp
>400>400298.8634**
>400>4002.55
18.23294.270.803
Depth
s1423
s1488
>400
0.22
0.27
Quaffle
>4002.1115
>4000.151
0.260.151
Alg. IIAlg. ICircuit
0.36(10)
0.01(100)
Res w/o simp
169.09(6)
0.25(100)
Res w/ simp
200 (10 instances)
100 (100 instances)
>400(0)16.22(98)0(100)
>400(0)
Quaffle
>400(0)160(6)
Alg. IIAlg. I# of clauses (100 vars, 5 lits/clause)
* The tests were done on an Intel Pentium III 933 MHz machine with 1GB of RAM running linux.
** Improves on previous diameter lower bound of 26