satisfiability modulo theories · prince instructs you either to invite peru or to exclude qatar ....

1/109

Satisfiability Modulo Theories

Pascal Fontaine

Univ. of Lorraine, CNRS, Inria, LORIA

7-11 May, 2018

2/109

SMTSatisfiability Modulo Theories

I formal methods (e.g., B, TLA+, Spec#, Why3, Isabelle, F∗,bounded MC,. . . ) generate verification conditions

I backend to handle formulas/verification conditions

I propositional reasoning: SAT solvers

I more expressive language: SMT solvers

3/109

SMT = SAT + expressiveness

I SAT solvers

¬[

(p⇒ q)⇒[

(¬p⇒ q)⇒ q]]

I Congruence closure (uninterpreted symbols + equality)

a = b ∧[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b))

]I adding arithmetic

a ≤ b∧ b ≤ a+x∧x = 0∧[f(a) 6= f(b)∨ (q(a)∧¬q(b+x))

]I . . .

4/109

Part I

Propositional Satisfiability (SAT)

5/109

Outline

Introduction

History: Truth tables and DPLLPropositional reasoning exampleDPLLCNF

CDCLDPLL algorithmCDCL: decisionCDCL: watched literalsCDCL: conflict analysis and non-chronological backtracking

Exercises

6/109

Final exercise(what to do if you get bored)

I https://members.loria.fr/PFontaine/SMT-Intro.pdf

I Solve sudokus using SAT solver

I Find sudokus with smallest/largest number of hint,so that one and only one solution, every hint necessary

I . . . prove there is no sudoku with 16 hints and only onesolution

I . . . provide a polynomial algorithm for SAT

https://members.loria.fr/PFontaine/SMT-Intro.pdf

7/109

Outline

Introduction



Exercises

8/109

Introduction (1/2)

I SAT: NP-complete (NPC) problem

I No efficient solution for all cases on sequential computers(or P = NP)

I Truth tables: how many lines for n variables?

I Many problems require many variables

I Nowadays: 106 Boolean variables, 107 clauses(2(106) = 10301029 > 1082)

I SAT4J, MiniSAT, Glucose, Crypto-MiniSAT, PicoSAT,. . .

Today’s lecture

I history: truth tables, DPLL (Davis, Putnam, Logemann,Loveland)

I now: CDCL (Conflict Driven Clause Learning)I Boolean propagationI Clause representationI Conflict analysis and non-chronological backtracking

9/109

Introduction (2/2)

Satisfiability checking for profit:

I Verification (model checking, formal proofs,. . . )

I Maths (e.g. Erdos discrepancy problem)

I Planning problems

I Dependency checking (e.g. Eclipse)

I Configuration selection

I Circuit placement on silicon die

I . . .

Propositional satisfiability checking problem (SAT) is NPC.Any NPC problem can be translated polynomially into SAT

10/109

Prerequisites / Notations

I Prerequisite: knowledge of propositional and first-order logicI Boolean logic:

I Boolean (propositional) variable (v), literal (e.g. v, ¬v)¬v = v, v = ¬v

I clause (e.g. a ∨ ¬b ∨ c)I cube (e.g. a ∧ ¬b ∧ c)I formula (¬, ∧, ∨, ⇒, ≡, . . . )I interpretation, (un)satisfiable formula, valid formula

I Unit clause: clause with one literal only

I Empty clause: �, unsatisfiable

I Resolution rule:C ∨ ` C ′ ∨ `

C ∨ C ′

11/109

Outline

Introduction



Exercises

12/109

Outline

Introduction



Exercises

13/109

A propositional problem (1/2)

You are chief of protocol for the embassy ball. The crownprince instructs you either to invite Peru or to excludeQatar . The queen asks you to invite either Qatar or Ro-mania or both. The king, in a spiteful mood, wants tosnub either Romania or Peru or both. Is there a guest listthat will satisfy the whims of the entire royal family?

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

13/109



(P ∨ ¬Q)

∧ (Q ∨R) ∧ (¬R ∨ ¬P )

13/109



(P ∨ ¬Q) ∧ (Q ∨R)

∧ (¬R ∨ ¬P )

13/109



(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0

0

0 0 1

1

0 1 0

0

0 1 1

0

1 0 0

0

1 0 1

0

1 1 0

1

1 1 1

0

SAT checker

DIMACS format

Vars → numbers: P → 1, Q→ 2, R→ 3Literals: P → 1, ¬P → −1

p cnf 3 3

P ∨ ¬Q

1 -2 0

Q ∨R

2 3 0

¬R ∨ ¬P

-3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0

Solution: -1 -2 3 → ¬P ∧ ¬Q ∧RAnother solution? Add clause

Solution: 1 2 -3 → P ∧Q ∧ ¬RNo more solutions

14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q

1 -2 0

Q ∨R

2 3 0

¬R ∨ ¬P

-3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0



14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q 1 -2 0

Q ∨R 2 3 0

¬R ∨ ¬P -3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0



14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q 1 -2 0

Q ∨R 2 3 0

¬R ∨ ¬P -3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0

Solution: -1 -2 3 → ¬P ∧ ¬Q ∧R

Another solution? Add clause


14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q 1 -2 0

Q ∨R 2 3 0

¬R ∨ ¬P -3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0



14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q 1 -2 0

Q ∨R 2 3 0

¬R ∨ ¬P -3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0


Solution: 1 2 -3 → P ∧Q ∧ ¬R

No more solutions

14/109


ϕ =def (P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Truth table for ϕ

P Q R ϕ

0 0 0 00 0 1 10 1 0 00 1 1 01 0 0 01 0 1 01 1 0 11 1 1 0

SAT checker

DIMACS format


p cnf 3 3

P ∨ ¬Q 1 -2 0

Q ∨R 2 3 0

¬R ∨ ¬P -3 -1 0

P ∨Q ∨ ¬R 1 2 -3 0

¬P ∨ ¬Q ∨R -1 -2 3 0



15/109

DPLL: rule-based viewDavis, Putnam, Logemann, Loveland

Let S be a set of clauses

Unit ResolutionS ∪ {`, C ∨ `}S ∪ {`, C}(

Unit SubsumptionS ∪ {`, C ∨ `}

S ∪ {`}

)Splitting

S

S ∪ {v} | S ∪ {¬v} if v is a variable occurring in S

I Failed branch: a trivial contradiction {. . . , v, . . . ,¬v . . . }I Successful branch: not failed, only unit clauses (with unit sub.)

Exercise: explain how a Boolean model can be extracted from theapplication of these rules(Hint: think of derivation trees and collect unit clauses...)

16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )

Already a set of clauses:

Split

{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P}

{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}

And then only Unit Resolution rules

{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P}{P ∨ ¬Q,Q ∨R,¬R,P}{P ∨ ¬Q,Q,¬R,P}

{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}{¬Q,Q ∨R,¬R ∨ ¬P,¬P}{¬Q,R,¬R ∨ ¬P,¬P}

Remarks :

I Same two models again

I Satisfiability procedure: find one model (and stop)

I Much less sensitive to the number of variables than truth tables

16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )


Split{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P}

{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}




Remarks :




16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}


{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P}

{P ∨ ¬Q,Q ∨R,¬R,P}{P ∨ ¬Q,Q,¬R,P}


Remarks :




16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}


{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P}{P ∨ ¬Q,Q ∨R,¬R,P}

{P ∨ ¬Q,Q,¬R,P}


Remarks :




16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}

{¬Q,Q ∨R,¬R ∨ ¬P,¬P}{¬Q,R,¬R ∨ ¬P,¬P}

Remarks :




16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}{¬Q,Q ∨R,¬R ∨ ¬P,¬P}

{¬Q,R,¬R ∨ ¬P,¬P}

Remarks :




16/109

DPLL: example

(P ∨ ¬Q) ∧ (Q ∨R) ∧ (¬R ∨ ¬P )



{P ∨ ¬Q,Q ∨R,¬R ∨ ¬P, P} | {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P,¬P}




Remarks :




17/109

DPLL: exercises

I P ∨Q,¬P ∨Q,¬R ∨ ¬Q,R ∨ ¬QI P ∨Q ∨R,¬P ∨ ¬Q ∨ ¬R,¬P ∨Q ∨R,¬Q ∨R,Q ∨ ¬RI ¬Q ∨ P,¬P ∨ ¬Q,Q ∨R,¬Q ∨ ¬R,¬P ∨ ¬R,P ∨ ¬R

18/109

Interlude: let’s restrict to conjunctive sets of clauses

19/109

Boolean formulas, CNF, DNF

I Boolean formulas: built with variables ¬, ∧, ∨, ⇒, . . .

I Conjunctive Normal Form (CNF): (conjunctive) set of clauses

I Disjunctive Normal Form (DNF): (disjunctive) set of cubes

Theorem

Every formula is logically equivalent to a CNF (DNF)

Remark :

I Converting to DNF, then finding one satisfiable cube is a trivialsatisfiability procedure

I checking the satisfiability of a (set of) cube(s) is linear

I so DNF conversion cannot be efficient (i.e. polynomial) or P = NP

I computing DNF of formula: negation of CNF of negation of formula

I so CNF conversion cannot be efficient

20/109

Efficient computation of CNFConsider

Φ = (a1 ∧ · · · ∧ am) ∨ (b1 ∧ · · · ∧ bn)

Equivalent CNF:m∧i=1

n∧j=1

(ai ∨ bj)

Equisatisfiable CNF:

(X ∨ Y ) ∧ (X ⇔ a1 ∧ · · · ∧ am) ∧ (Y ⇔ b1 ∧ · · · ∧ bn)

where (X ⇔ a1 ∧ · · · ∧ am) can be represented as a conjunction ofclauses (Exercise).

Theorem (Tseitin transformation)

Every formula can be transformed in linear time into anequisatisfiable CNF

Doesn’t it contradict the previous slide?

21/109

Computing CNFs: exercises

I (X ⇔ a1 ∧ · · · ∧ am)

I (p⇒ q) ≡ (p⇒ r)

I (p ∧ q) ∨ (r ∧ s) ∨ (¬q ∧ (p ∨ t))

22/109

Outline

Introduction



Exercises

23/109

Outline

Introduction



Exercises

24/109

DPLL: from rules to algorithm

From rules to algorithm:

I a way to enumerate splittings

I some splittings may lead to closed branches (clause unsatisfied/ empty clause derived)

I backtracking

I avoid copying sets of clauses and modifying clauses

Stack of assigned literals:

I some decided, others propagated

I level: number of decided literals on stack

I some clause become unitall literals but one assigned to false, last literal not assigned=⇒ new propagated literal on the stack

I clause may be falsified: all literals assigned to false=⇒ backtrack the last decision

I never mind about satisfied clause

25/109

DPLL: algorithmic view

1: procedure SAT(C)2: while > do3: if Propagate() then4: if ¬Decide() then5: return SAT

6: continue7: if level = 0 then8: return UNSAT

9: Analyse()

10: Backtrack()

I Propagate: find unit clausesrepeatedly and push literals onthe stack. Returns ⊥ iffunsatisfied clause

I Decide: choses one nonassigned literal, push on stack.Returns ⊥ iff no literal

I Analyse: analyse the conflictfrom propagate, create conflictclause, add it in the set ofclauses

I Backtrack: backtrack (popliterals from stack) until the lastdecision and add the oppositeliteral as propagated

Write successive stacks for runs on

I {P ∨ ¬Q,Q ∨R,¬R ∨ ¬P}I {a∨b,¬b∨c∨d,¬b∨e,¬d∨¬e∨f, a∨c∨f,¬a∨g,¬g∨b,¬h∨j,¬i∨k}

26/109

DPLL: abstract view

Rules handle a data-structure M || F where M is a partialassignment of Boolean variables, and F is a set of clauses

Propagate M || F,C ∨ ` ` M ` || F,C ∨ `if M |= ¬C, ` undefined in M

Decide M || F ` M `d || Fif ` or ` in F , ` undefined in M

Fail M || F,C ` ⊥if M |= ¬C, no decision literals in M

Backtrack M `d N || F,C ` M ` || F,C

if

{M `d N |= ¬Cno decision literals in N

27/109

Decisions



9: Analyse()

10: Backtrack()

Concretely, Decide:

I maintain a “set” of unassignedliterals

I add and remove literals asneeded

I can be implemented efficientlyconstant time for add andremove

I if selection of variables based onactivity, then heap (lnninsert/remove first)

Many heuristics

28/109

Propagation (1/2)



9: Analyse()

10: Backtrack()

Concretely, Propagate:

I check every clause for conflictsor units, terminate as soon asconflict, or when no more unit

I impractical!

I set a pointer on literal stack tolast propagated literal. For each` to propagate, investigate allclauses containing `. Only thosemay become unit (or unsat)because of assignment.

I one can build (linear time) anindex of clauses by literal

I is it necessary to examine theclause each time one of itsliterals becomes false?

29/109

Propagation (2/2)

I is it necessary to examine the clause each time one of itsliterals is assigned a value (in fact, becomes false)? No!

I only the penultimate one (then the last would be propagated)only examine when just one literal remains not assigned

I as long as two literals are unassigned, do not care for theclause

I one can build (linear time) an index of clauses by literal

I it is only necessary to index two of its unassigned literals

I clauses indexed by ` have to be reindexed as soon as `becomes false

I they have to be indexed by another literalalways by two different literals, called watched literals

I if one cannot find a replacement for falsified literal, then theother watcher has to be propagated

TODO: example

30/109




9: Analyse()

10: Backtrack()





31/109

Towards CDCLConflict Driven Clause Learning

Backtrack

I depending on decisions, the same dead end may be tried againand again

I would be much better to remember the very reason whyconflict: new clause

I then forget about backtracking and changing decision. Justadd clause, backtrack to when it is propagating

32/109




9: Analyse()

10: Backtrack()





33/109

CDCL: algorithmic view



9: Analyse()10: Backtrack()




I Backtrack: backtrack(eliminate literals from stack)until conflict clause is unit

34/109

Conflict analysis, example (1/5)

C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1

I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2

I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3

I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4

I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5

I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6

I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7

I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8

I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9

I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10

I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11

I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12

I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13

I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14

I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15

I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16

I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

34/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

I No unit clause: decide ¬x1I C1: propagate x2I C2: propagate ¬x3I No unit clause: decide x4I C3: propagate ¬x5I C4: propagate x6I No unit clause: decide ¬x7I C5: propagate ¬x8I C6: propagate x9I No unit clause: decide ¬x10I C7: propagate x11I C8: propagate ¬x12I C9: propagate ¬x13I C10: propagate x14I C11: propagate x15I C12: propagate ¬x16I C13: propagate x16I Conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109

Conflict analysis, example (2/5)Conflict graph

C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

Every line separating the conflict from the decisionsdefines a logical consequent clausex13 ∨ ¬x14 ∨ ¬x15x1 ∨ ¬x4 ∨ x7 ∨ x10¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10Which one to choose?UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

Every line separating the conflict from the decisionsdefines a logical consequent clause

x13 ∨ ¬x14 ∨ ¬x15x1 ∨ ¬x4 ∨ x7 ∨ x10¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10Which one to choose?UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

Every line separating the conflict from the decisionsdefines a logical consequent clausex13 ∨ ¬x14 ∨ ¬x15

x1 ∨ ¬x4 ∨ x7 ∨ x10¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10Which one to choose?UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16


x13 ∨ ¬x14 ∨ ¬x15

x1 ∨ ¬x4 ∨ x7 ∨ x10

¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10Which one to choose?UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16


x13 ∨ ¬x14 ∨ ¬x15x1 ∨ ¬x4 ∨ x7 ∨ x10

¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10

Which one to choose?UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

Every line separating the conflict from the decisionsdefines a logical consequent clausex13 ∨ ¬x14 ∨ ¬x15x1 ∨ ¬x4 ∨ x7 ∨ x10¬x2 ∨ ¬x4 ∨ x5 ∨ x7 ∨ x8 ∨ x10Which one to choose?

UIP: unique implication point: just ONE greenOne variable at conflicting decision level

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

35/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109

Conflict analysis, example (3/5)Conflict graph, UIP

C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision level

There are several of them¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10¬x6 ∨ x7 ∨ x8 ∨ x11¬x6 ∨ x7 ∨ x12Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision levelThere are several of them

¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10¬x6 ∨ x7 ∨ x8 ∨ x11¬x6 ∨ x7 ∨ x12Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision levelThere are several of them¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10

¬x6 ∨ x7 ∨ x8 ∨ x11¬x6 ∨ x7 ∨ x12Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision levelThere are several of them¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10¬x6 ∨ x7 ∨ x8 ∨ x11

¬x6 ∨ x7 ∨ x12Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision levelThere are several of them¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10¬x6 ∨ x7 ∨ x8 ∨ x11¬x6 ∨ x7 ∨ x12

Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

36/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: unique implication point: just ONE greenOne variable at the conflicting decision levelThere are several of them¬x6 ∨ x7 ∨ x8 ∨ ¬x9 ∨ x10¬x6 ∨ x7 ∨ x8 ∨ x11¬x6 ∨ x7 ∨ x12Take the FUIP (first unique implication point):closest to conflict

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

37/109

Conflict analysis, example (4/5)Conflict graph, computing FUIP

C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: One variable at conflicting decision levelFUIP, closest to conflict: ¬x6 ∨ x7 ∨ x12

Resolve 2 clauses with conflicting variableRepeatedly eliminate latest “green” var., not last oneEliminate a variable? Resolve with propagating clause

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

x12 ∨ ¬x13

x7 ∨ x12 ∨ x14

¬x6 ∨ x12 ∨ x15

x13 ∨ ¬x14 ∨ ¬x16 ¬x15 ∨ ¬x14 ∨ x16

x13 ∨ ¬x14 ∨ ¬x15

¬x6 ∨ x12 ∨ x13 ∨ ¬x14

¬x6 ∨ x7 ∨ x12 ∨ x13

x7 ∨ ¬x6 ∨ x12

37/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: One variable at conflicting decision levelFUIP, closest to conflict: ¬x6 ∨ x7 ∨ x12Resolve 2 clauses with conflicting variable

Repeatedly eliminate latest “green” var., not last oneEliminate a variable? Resolve with propagating clause

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

x12 ∨ ¬x13

x7 ∨ x12 ∨ x14

¬x6 ∨ x12 ∨ x15

x13 ∨ ¬x14 ∨ ¬x16 ¬x15 ∨ ¬x14 ∨ x16

x13 ∨ ¬x14 ∨ ¬x15

¬x6 ∨ x12 ∨ x13 ∨ ¬x14

¬x6 ∨ x7 ∨ x12 ∨ x13

x7 ∨ ¬x6 ∨ x12

37/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: One variable at conflicting decision levelFUIP, closest to conflict: ¬x6 ∨ x7 ∨ x12Resolve 2 clauses with conflicting variableRepeatedly eliminate latest “green” var., not last one

Eliminate a variable? Resolve with propagating clause

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

x12 ∨ ¬x13

x7 ∨ x12 ∨ x14

¬x6 ∨ x12 ∨ x15

x13 ∨ ¬x14 ∨ ¬x16 ¬x15 ∨ ¬x14 ∨ x16

x13 ∨ ¬x14 ∨ ¬x15

¬x6 ∨ x12 ∨ x13 ∨ ¬x14

¬x6 ∨ x7 ∨ x12 ∨ x13

x7 ∨ ¬x6 ∨ x12

37/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

¬x1

x2

¬x3

x4

¬x5

x6

¬x7

¬x8

x9

¬x10

x11

¬x12

¬x13

x14

x15

¬x16

x16

UIP: One variable at conflicting decision levelFUIP, closest to conflict: ¬x6 ∨ x7 ∨ x12Resolve 2 clauses with conflicting variableRepeatedly eliminate latest “green” var., not last oneEliminate a variable? Resolve with propagating clause

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

x12 ∨ ¬x13

x7 ∨ x12 ∨ x14

¬x6 ∨ x12 ∨ x15

x13 ∨ ¬x14 ∨ ¬x16 ¬x15 ∨ ¬x14 ∨ x16

x13 ∨ ¬x14 ∨ ¬x15

¬x6 ∨ x12 ∨ x13 ∨ ¬x14

¬x6 ∨ x7 ∨ x12 ∨ x13

x7 ∨ ¬x6 ∨ x12

38/109

Conflict analysis, example (5/5)The whole picture

C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

C′1 : x7 ∨ ¬x6 ∨ x12

I Decide and propagate

I Until conflict

I Analyse (compute FUIP)

I Add clause

I Backtrack to the point where the clause ispropagatingOften more than just one level

I Propagate

I Decide and propagate, until conflict, analyse,. . .

¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

¬x10

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

38/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

C′1 : x7 ∨ ¬x6 ∨ x12


I Until conflict


I Add clause


I Propagate


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

x12/C′1x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

38/109


C1 : x1 ∨ x2

C2 : ¬x2 ∨ ¬x3

C3 : ¬x2 ∨ ¬x4 ∨ ¬x5

C4 : x3 ∨ x5 ∨ x6

C5 : x7 ∨ ¬x6 ∨ ¬x8

C6 : ¬x4 ∨ x8 ∨ x9

C7 : x10 ∨ ¬x9 ∨ x11

C8 : ¬x11 ∨ x8 ∨ ¬x12

C9 : x12 ∨ ¬x13

C10 : x7 ∨ x12 ∨ x14

C11 : ¬x6 ∨ x12 ∨ x15

C12 : x13 ∨ ¬x14 ∨ ¬x16

C13 : ¬x15 ∨ ¬x14 ∨ x16

C′1 : x7 ∨ ¬x6 ∨ x12


I Until conflict


I Add clause


I Propagate


¬x1

x2/C1

¬x3/C2

x4

¬x5/C3

x6/C4

¬x7

¬x8/C5

x9/C6

x12/C′1

x11/C7

¬x12/C8

¬x13/C9

x14/C10

x15/C11

¬x16/C12

x16/C13

39/109

CDCL: remarks

I It turns out that FUIP works best,but this is an experimental observation

I Backtracking may (indeed often) remove several decisions

I Computing FUIP can be done efficiently

I Resolution derivation for FUIP are easy to provide

I Thus, SAT solver can provide resolution proof (derivation ofempty clause) for unsatisfiable formula

I Conflict clauses accumulate, there is a need to eliminate them

I Termination is trivial (how?). Less so with clause cleaning

40/109

DPLL: abstract view






if


41/109

CDCL: abstract view

Propagate, Decide, Fail as before

Learn M || F ` M || F,C

if

{each atom of C in F or in MF |= C

Backjump M `d N || F,C ` M `′ || F,C

if

M `d N |= ¬C∃C ′, `′ : F,C |= C ′ ∨ `′M |= ¬C ′`′ undefined in M

`′ or `′ in F or in M `d N

Forget M || F,C ` M || Fif F |= C

42/109

CDCL: more practical aspects

I Heuristics for decisions: VSIDS (Variable State IndependantDecaying Sum) and others, phase saving

I Clause removal (and heuristics to evaluate the ones toremove)

I Conflict clause minimization

I Restarting

I Preprocessing and inprocessing

43/109

CDCL: evolution of solvers

2002[Source: Laurent Simon]

43/109



43/109


Winners[Source: Laurent Simon]

44/109

Conclusion

I only a brief glimpse on the practical aspects of SAT solving

I many more tricks, hacks, techniques, heuristics, and eventheories

I a good SAT solver: good set of those tricks, mixed in theright amount and the right order, low level optimization

I oldest logic problem, still very active research subject(particularly since mid 90s)

Laurent Simon (Glucose)

We know how to built efficient SAT Solvers but we can hardlyexplain their power

45/109

SAT Solving: further reading/learning

I Een, Sorensson: MiniSAT 2011

I Marijn Heule:http://www.sc-square.org/CSA/school/lectures.html

I Armin Biere, Marijn Heule, Hans van Maaren and Toby Walsh editors,Handbook on Satisfiability. IOS Press, February 2009.

I SAT/SMT/AR summer schools

http://www.sc-square.org/CSA/school/lectures.html

46/109

Outline

Introduction



Exercises

47/109

Outline

Introduction



Exercises

48/109

SAT solvers input format: DIMACS

I input: CNF. File extension .cnf

I Boolean variable: number ≥ 1I literal either positive (represented by positive number)

literal either

negative (represented by negative number)I clause: series of numbers seperated by spaces, terminated by 0I cnf: series of clausesI file starts with p cnf X Y (X variables, Y clauses)I comments start by c

Exemple

p −→ 1, q −→ 2, r −→ 3p cnf 3 4

p ∨ q

−→ 1 2 0

p ∨ r

−→ 1 3 0

¬q ∨ ¬r

−→ -2 -3 0

¬p

−→ -1 0

48/109




literal either


Exemple

p −→ 1, q −→ 2, r −→ 3

p cnf 3 4

p ∨ q

−→ 1 2 0

p ∨ r

−→ 1 3 0

¬q ∨ ¬r

−→ -2 -3 0

¬p

−→ -1 0

48/109




literal either


Exemple

p −→ 1, q −→ 2, r −→ 3

p cnf 3 4

p ∨ q −→ 1 2 0

p ∨ r −→ 1 3 0

¬q ∨ ¬r −→ -2 -3 0

¬p −→ -1 0

48/109




literal either


Exemple

p −→ 1, q −→ 2, r −→ 3p cnf 3 4

p ∨ q −→ 1 2 0

p ∨ r −→ 1 3 0

¬q ∨ ¬r −→ -2 -3 0

¬p −→ -1 0

49/109

Sudoku (1/3)

1

3

2

2

at line i, column j, is number x (pi,j,x)

I Number 1 is at line 1, column 1p1,1,1


I At location (1, 2), there is at most one number¬p1,2,1 ∨ ¬p1,2,2¬p1,2,1 ∨ ¬p1,2,3¬p1,2,1 ∨ ¬p1,2,4¬p1,2,2 ∨ ¬p1,2,3¬p1,2,2 ∨ ¬p1,2,4¬p1,2,3 ∨ ¬p1,2,4

49/109

Sudoku (1/3)

1

3

2

2


I Number 1 is at line 1, column 1

p1,1,1



49/109

Sudoku (1/3)

1

3

2

2





49/109

Sudoku (1/3)

1

3

2

2



I Number 3 is at line 2, column 4

p2,4,3


49/109

Sudoku (1/3)

1

3

2

2





49/109

Sudoku (1/3)

1

3

2

2




I At location (1, 2), there is at most one number

¬p1,2,1 ∨ ¬p1,2,2¬p1,2,1 ∨ ¬p1,2,3¬p1,2,1 ∨ ¬p1,2,4¬p1,2,2 ∨ ¬p1,2,3¬p1,2,2 ∨ ¬p1,2,4¬p1,2,3 ∨ ¬p1,2,4

49/109

Sudoku (1/3)

1

3

2

2





50/109

Sudoku (2/3)

1

3

2

2


I At location (1, 2), there is either 1, 2, 3, or 4 (repeat ∀ location)p1,2,1 ∨ p1,2,2 ∨ p1,2,3 ∨ p1,2,4

I Number 1 should be somewhere at line 2 (repeat ∀ number, line. . . )p2,1,1 ∨ p2,2,1 ∨ p2,3,1 ∨ p2,4,1

I Number 1 should be at most once at line 1¬p1,1,1 ∨ ¬p1,2,1¬p1,1,1 ∨ ¬p1,3,1¬p1,1,1 ∨ ¬p1,4,1¬p1,2,1 ∨ ¬p1,3,1¬p1,2,1 ∨ ¬p1,4,1¬p1,3,1 ∨ ¬p1,4,1

50/109

Sudoku (2/3)

1

3

2

2


I At location (1, 2), there is either 1, 2, 3, or 4 (repeat ∀ location)

p1,2,1 ∨ p1,2,2 ∨ p1,2,3 ∨ p1,2,4I Number 1 should be somewhere at line 2 (repeat ∀ number, line. . . )p2,1,1 ∨ p2,2,1 ∨ p2,3,1 ∨ p2,4,1


50/109

Sudoku (2/3)

1

3

2

2





50/109

Sudoku (2/3)

1

3

2

2



I Number 1 should be somewhere at line 2 (repeat ∀ number, line. . . )

p2,1,1 ∨ p2,2,1 ∨ p2,3,1 ∨ p2,4,1I Number 1 should be at most once at line 1¬p1,1,1 ∨ ¬p1,2,1¬p1,1,1 ∨ ¬p1,3,1¬p1,1,1 ∨ ¬p1,4,1¬p1,2,1 ∨ ¬p1,3,1¬p1,2,1 ∨ ¬p1,4,1¬p1,3,1 ∨ ¬p1,4,1

50/109

Sudoku (2/3)

1

3

2

2





50/109

Sudoku (2/3)

1

3

2

2




I Number 1 should be at most once at line 1

¬p1,1,1 ∨ ¬p1,2,1¬p1,1,1 ∨ ¬p1,3,1¬p1,1,1 ∨ ¬p1,4,1¬p1,2,1 ∨ ¬p1,3,1¬p1,2,1 ∨ ¬p1,4,1¬p1,3,1 ∨ ¬p1,4,1

50/109

Sudoku (2/3)

1

3

2

2





51/109

Sudoku (3/3)

Demo / Practical session

I https://members.loria.fr/PFontaine/sudoku-pack.zip

https://members.loria.fr/PFontaine/sudoku-pack.zip

52/109

The Wolf, the Goat, and the Cabbage (1/5)

A farmer wants to cross a river in his small boat, with a wolf, agoat and a cabbage. He should make sure:

I to only take one animal or object with him, the boat being sosmall

I not to leave the wolf and the goat alone (or no more goat)

I not to leave the goat and the cabbage alone (or no morecabbage)

Is this possible? With how many crossings?

53/109


Use logic to encode the problem.

Four variables (that can be true or false):

I f farmer

I w wolf

I g goat

I c cabbage

E.g. f is true if f is on the left side, false if on the right side

I We start with

init =def f ∧ w ∧ g ∧ c

I We want to finish with

fin =def ¬f ∧ ¬w ∧ ¬g ∧ ¬c

53/109


Use logic to encode the problem.Four variables (that can be true or false):

I f farmer

I w wolf

I g goat

I c cabbage


I We start with

init =def f ∧ w ∧ g ∧ c

I We want to finish with

fin =def ¬f ∧ ¬w ∧ ¬g ∧ ¬c

53/109



I f farmer

I w wolf

I g goat

I c cabbage


I We start with init =def f ∧ w ∧ g ∧ cI We want to finish with

fin =def ¬f ∧ ¬w ∧ ¬g ∧ ¬c

53/109



I f farmer

I w wolf

I g goat

I c cabbage


I We start with init =def f ∧ w ∧ g ∧ cI We want to finish with fin =def ¬f ∧ ¬w ∧ ¬g ∧ ¬c

54/109


How to express there is some danger

A state is dangerous if the wolf and the goat (or the goat and thecabbage) are on one bank, and the farmer on the other

Formally:

danger =def

((w ≡ g) ∧ (w ≡ ¬f)

)∨((g ≡ c) ∧ (g ≡ ¬f)

)

55/109


To find out if it is possible to find a solution with n crossing,we will use n+ 1 copies of the variables fi, wi, gi, ci.

First, let’s write the formula corresponding the i-th crossing of thefarmer.

I The farmer is crossing so fi+1 and ¬fi should be different

I Only one animal/object is changing bank; two (or more) variablesamong w, g, c should stay the same

crossi =def

(fi+1 ≡ ¬fi

)

∧(

((wi+1 ≡ wi) ∧ (gi+1 ≡ gi)

)

∨

((wi+1 ≡ wi) ∧ (ci+1 ≡ ci)

)

∨

((gi+1 ≡ gi) ∧ (ci+1 ≡ ci)

)

)

55/109






crossi =def

(fi+1 ≡ ¬fi

)∧(

((wi+1 ≡ wi) ∧ (gi+1 ≡ gi)

)

∨

((wi+1 ≡ wi) ∧ (ci+1 ≡ ci)

)

∨

((gi+1 ≡ gi) ∧ (ci+1 ≡ ci)

)

)

55/109






crossi =def

(fi+1 ≡ ¬fi

)∧( (

(wi+1 ≡ wi) ∧ (gi+1 ≡ gi))

∨((wi+1 ≡ wi) ∧ (ci+1 ≡ ci)

)∨

((gi+1 ≡ gi) ∧ (ci+1 ≡ ci)

))

56/109


We want to write a formula to encode solutions in n crossings

I Starting and ending state have been defined

I Two successive states should correspond to one crossing

I No state should be dangerous

init1

∧

finn+1

∧

cross1 ∧ cross2 ∧ . . . ∧ crossn

∧

¬danger1 ∧ ¬danger2 ∧ . . . ∧ ¬dangern+1

A SAT solver can find out that there is no solution in 4 traversals, but

that 6 traversals are enough.

56/109






init1 ∧ finn+1

∧

cross1 ∧ cross2 ∧ . . . ∧ crossn

∧




56/109






init1 ∧ finn+1

∧ cross1 ∧ cross2 ∧ . . . ∧ crossn∧




56/109






init1 ∧ finn+1

∧ cross1 ∧ cross2 ∧ . . . ∧ crossn∧ ¬danger1 ∧ ¬danger2 ∧ . . . ∧ ¬dangern+1



57/109

Part II

Satisfiability Modulo Theories (SMT)

58/109

Outline

From SAT to SMT

Theory reasoningEquality and uninterpreted symbolsLinear arithmeticData structuresCombining decision procedures

Quantifier handling in SMTTheoretical foundationsInstantiation techniques

The community

Conclusion

59/109

Outline

From SAT to SMT



The community

Conclusion

60/109

SMT = SAT + expressiveness

I SAT solvers

¬[

(p⇒ q)⇒[

(¬p⇒ q)⇒ q]]

I Congruence closure (uninterpreted symbols + equality)

a = b ∧[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b))

]I adding arithmetic

a ≤ b∧ b ≤ a+x∧x = 0∧[f(a) 6= f(b)∨ (q(a)∧¬q(b+x))

]I . . .

I Let’s have a look at some formulas from the SMT-LIB

61/109

From SAT to SMT (1/2)Reducing arbitrary Boolean combinations to conjunctions

SMT formula

SMT solver

Input: a ≤ b ∧ b ≤ a+ x ∧ x = 0 ∧[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b+ x))

]

To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))

]Boolean model: pa≤b, pb≤a+x, px=0,¬pf(a)=f(b)

Theory reasoner: a ≤ b, b ≤ a+ x, x = 0, f(a) 6= f(b) unsatisfiable

New clause: ¬pa≤b ∨ ¬pb≤a+x ∨ ¬px=0 ∨ pf(a)=f(b)

Conflict clauses are negation of unsatisfiable conjunctive sets of literals

61/109


SMT formula

SMT solver

SAT solver


]To SAT solver: pa≤b ∧ pb≤a+x ∧ px=0 ∧

[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))

]

Boolean model: pa≤b, pb≤a+x, px=0,¬pf(a)=f(b)




61/109


SMT formula

SMT solver

SAT solver

Boolean Model



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause

Quantifier-free SMT solver



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





61/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance

Model UNSAT (proof/core)



[¬pf(a)=f(b) ∨ (pq(a) ∧ ¬pq(b+x))





62/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


I The theory reasoner only has to deal with conjunctions ofliterals. Alternative (but expensive) solution: convert to DNF

I Case analysis/backtracking at the level of the SAT solver

I The clause sets is the database of all deduced facts

63/109

Small explanations

Small explanations

provide the strongest conflict clause as possible

Consider:a ≤ b ∧ b ≤ a+ x ∧ x = 0 ∧

[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b+ x))

]I Assume the SAT solver assignsa ≤ b, b ≤ a+ x, x = 0, f(a) 6= f(b), q(a), q(b+ x)

I ¬a ≤ b ∨ ¬b ≤ a+ x ∨ ¬x = 0 ∨ f(a) = f(b) ∨ ¬q(a) ∨ ¬q(b+ x) is avalid clause according to theory: one is allowed to add such a clause

I but only kills one abstract model (one tentative model from SAT solver)

I other successive tentative models:a ≤ b, b ≤ a+ x, x = 0, f(a) 6= f(b), q(a), ¬q(b+ x)a ≤ b, b ≤ a+ x, x = 0, f(a) 6= f(b), ¬q(a), q(b+ x)a ≤ b, b ≤ a+ x, x = 0, f(a) 6= f(b), ¬q(a), ¬q(b+ x)

I ¬a ≤ b ∨ ¬b ≤ a+ x ∨ ¬x = 0 ∨ f(a) = f(b) kills them all2n, for n irrelevant atoms

64/109

Incrementality/backtrackability

Incrementality/backtrackability

eagerly check the SAT solver stack for theory inconsistencies

I many checks

I before the SAT does a decision

I successive checks very similar to each other (only a fewliterals change on top of the stack)


[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b+ x))

]I Assume the SAT solver assigns a ≤ b, b ≤ a+ x, x = 0

I then decides f(a) 6= f(b)

I there is no need to wait an assignment for q(a) and q(b+ x)to add conflicting clause

65/109

Theory propagation

Theory propagation

Theory reasoning to avoid guessing (in decisions)


[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b+ x))

]I the SAT solver propagates a ≤ b, b ≤ a+ x, x = 0

I the theory reasoner propagates f(a) = f(b)

I the SAT solver propagates q(a) and ¬q(b+ x)

I no guessing at all!

66/109

From SAT to SMT: in practice

I small explanationsunsat core of propositional assignment

discard classes of propositional assignments (not one by one)

I incrementaltheory reasoner checks propositional assignment on the fly (along

SAT solver)

I backtrackablebacktrack with SAT solver, keep context

I theory propagationinstead of guessing propositional variable assignments, SAT solver

assigns theory-entailed literals

I wizardryackermannization, simplifications, and other magic

67/109

DPLL: abstract view






if


68/109

CDCL: abstract view

Propagate, Decide, Fail as before

Learn M || F ` M || F,C

if

{each atom of C in F or in MF |= C

Backjump M `d N || F,C ` M `′ || F,C

if

M `d N |= ¬C∃C ′, `′ : F,C |= C ′ ∨ `′M |= ¬C ′`′ undefined in M

`′ or `′ in F or in M `d N

Forget M || F,C ` M || Fif F |= C

69/109

CDCL: SMT level

T−Learn M || F ` M || F,C

if

{each atom of C in F or in MF |=T C

T−Forget M || F,C ` M || Fif F |=T C

T−Backjump M ld N || F,C ` M l′ || F,C

if

M ld N |= ¬C∃C ′, l′ : F,C |=T C ′ ∨ l′M |= ¬C ′l′ undefined in Ml′ or ¬l′ in F or in M ld N

70/109

Outline

From SAT to SMT



The community

Conclusion

71/109

Outline

From SAT to SMT



The community

Conclusion

72/109

Theory reasoning

SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


Some examples:

I equality and uninterpreted symbols: congruence closure

I linear arithmetic: mostly simplex

I non-linear arithmetic: CAD, Virtual Substitution, Grobner Bases, Interval Propagation

I arrays, datatypes: based on uninterpreted symbols

I bitvectors: incremental translation to SAT

I floating points, strings, sets,. . .

72/109

Theory reasoning

SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


Theoryreasoner

Some examples:







72/109

Theory reasoning

SMT formula

SMT solver

Theoryreasoner


Theoryreasoner

SMT solver

Some examples:







73/109

Equality and uninterpreted symbols (1/2)Congruence closure

Axioms of equality

I Reflexivity: ∀x . x = x

I Symmetry: ∀x, y . x = y ⇒ y = x

I Transitivity: ∀x, y, z . (x = y ∧ y = z)⇒ x = z

I Congruence (schema):

∀x1, . . . , xn, y1, . . . , yn .(x1 = y1 ∧ · · · ∧ xn = yn)⇒ f(x1, . . . , xn) = f(y1, . . . , yn)

74/109


Consider the terms: a, b, c, f(a), f(b)

And literals: a = c, c = b, f(a) 6= f(b)I each term in its equivalence class

I equality −→ class merge

I congruence −→ class merge

I detect conflicts

In practice: efficient (merge, congruence, conflict detection)

All the nice properties for an SMT decision procedure

I efficient: O(n log n)

I incremental/backtrackable

I propagating

I provide small conflicts (but smallest is NPC)

I provide proofs

74/109


Consider the terms: a, b, c, f(a), f(b)

And literals: a = c, c = b, f(a) 6= f(b)

I each term in its equivalence class



I detect conflicts





I propagating


I provide proofs

74/109


Consider the terms: a, b, c, f(a), f(b)And literals: a = c

, c = b, f(a) 6= f(b)




I detect conflicts





I propagating


I provide proofs

74/109


Consider the terms: a, b, c, f(a), f(b)And literals: a = c, c = b

, f(a) 6= f(b)




I detect conflicts





I propagating


I provide proofs

74/109


Consider the terms: a, b, c, f(a), f(b)And literals: a = c, c = b, f(a) 6= f(b)




I detect conflicts





I propagating


I provide proofs

75/109

Equality and uninterpreted symbols: exercises

I f(x, y) = x, h(x) = g(y), f(f(x, y), y) = z, g(x) 6= g(z)

I f(f(f(x))) = x, f(f(f(f(f(x))))) = x, f(x) 6= x

[Source: Alberto Griggio SAT/SMT Summer School]

I Provide the conflict?

I Producing proofs?

I Being efficient?

I Being incremental, backtrackable?

76/109

Linear arithmetic: simplexThe problem:I atoms of the form a1x1 + · · ·+ anxn ./ c with

I ais and c are constants in N (equivalently in Q)I ./ ∈ {<,≤,=,≥, >}

I for each i, xi ∈ N or xi ∈ R (the sort of xi)

Tricks:

I transform strict constraints: t < c becomes t ≤ c− δif t, c ∈ N, then t ≤ c− 1

I t = c can be translated to t ≤ c ∧ t ≥ cI introduce new variables so that we get

I a set of constraints of the form a1x1 + · · ·+ anxn = 0I simple bounds on xi

I only bounds are asserted incrementally and backtrackedEquations are invariant

[Source: Jovanovic, SAT/SMT/AR School, 2016]

[Source: Griggio, JSAT 2012]

[Source: Dutertre & de Moura, CAV 2006]

77/109

Linear arithmetic: simplexTableau

a1,1x1 + . . . + an,1xn = 0...

a1,mx1 + . . . + an,mxn = 0

Bounds

l1 ≤ x1 ≤ u1...

ln ≤ xn ≤ un

I n > m, tableau lines are linearly independent (rank is m)

I m basic variables, n−m non-basic variables

I xi basic: ai,j = 0 for all j but one

I Make tableau consistent? basic variables computed from others

I li might be −∞, c ∈ Q, or c+ δ with c ∈ QI ui might be ∞, c ∈ Q, or c− δ with c ∈ QI algorithm maintains an assignment of variables v(xi) (= 0 initially)

I invariant: v is consistent with the tableau

I goal: make v consistent with the bounds

I new bound asserted? Make v consistent with new bound if needed

I bound backtracked? v remains consistent!

78/109

Linear arithmetic: example

I introduce variables, build tableau, bounds,assignment

I choose basic variables (s1, s2)

I assert s1 ≤ 2 (assignment stays consistent)

I assert s2 ≥ 4

I s2 inconsistent, but basic

I pivot s2 and, e.g., y

I update s2,

and basic variables


I pivot s1 and, e.g., x

I update s1,

and basic variables

Assume x ≤ 0 as a new constraint

I assert x ≤ 0

I x inconsistent, but basic

I no pivot can fix this!

I all bounds involved give conflict

2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = 2y − xs2 = 2y + x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤∞−∞≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2

, 4 ≤ 2y + x

Tableau

s1 = 2y − xs2 = 2y + x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤∞−∞≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = 2y − xs2 = 2y + x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤∞−∞≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = 2y − xs2 = 2y + x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2−∞≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = 2y − xs2 = 2y + x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = s2 − 2x2y = s2 − x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 0

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2,

and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = s2 − 2x2y = s2 − x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4



I update s2, and basic variables



I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = s2 − 2x2y = s2 − x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 0s1 = 0s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4






I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

s1 = s2 − 2x2y = s2 − x

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 2s1 = 4s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4






I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

2x= s2 − s14y = s1 + s2

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 2s1 = 4s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4






I update s1,

and basic variables


I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

2x= s2 − s14y = s1 + s2

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 2s1 = 2s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4








I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

2x= s2 − s14y = s1 + s2

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 0y = 2s1 = 2s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4








I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

2x= s2 − s14y = s1 + s2

Bounds/Assignment

−∞≤ x ≤∞−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 1y = 3

2s1 = 2s2 = 4

y

x1 2 3 4 55

1

2

3

78/109





I assert s2 ≥ 4








I assert x ≤ 0




2y − x ≤ 2, 4 ≤ 2y + x

Tableau

2x= s2 − s14y = s1 + s2

Bounds/Assignment

−∞≤ x ≤ 0−∞≤ y ≤∞−∞≤ s1 ≤ 2

4 ≤ s2 ≤∞

x = 1y = 3

2s1 = 2s2 = 4

y

x1 2 3 4 55

1

2

3

79/109

Linear arithmetic: integers

I NPC: trivial to encode SAT clauses into linear constraintsp ∨ q ∨ ¬r becomes xp + xq + (1− xr) ≥ 1 (with 0 ≤ xi ≤ 1)

I SMT approach:I study in the real relaxationI branch and bound: if integer variable x has non-integer

solution c, enforce x ≤ bcc ∨ dce ≤ xI branch and bound might not terminate, one needs. . .I . . . cutting planes (Gomory cuts)

80/109

Linear arithmetic: concluding remarks

I a lot of engineering in linear engines for SMT

I e.g., sparse matrices, indexing

I still much room for improvement

I just run an SMT solver on a “natural” sudoku encoding,run an SMT solver on benchmarks from linear programming

I complexity bites (representing proofs on integers?)

81/109

Non linear arithmetic: a very quick description

I decidable on the reals, undecidable (incomplete) on integers

I exponential (doubly exp. with quantifiers)I decision procedures (quantifier-elimination based)

I cylindrical algebraic decomposition (CAD)I virtual substitutionI Grobner bases

I heuristics: interval constraint propagation, subtropical sat.I very active research:

I transcendental functions: Irfan, Griggio et al.I using off-the-shelf computer algebra: Vu Xuan, Sturm et al.I improving CAD for SMT: Brown et al.I extending virtual substitution: Kosta & SturmI . . .

82/109

Arrays

McCarthy axioms:∀a i e . select(store(a, i, e), i) = e

∀a i j e . i 6= j ⇒ select(store(a, i, e), j) = select(a, j)∀a b . (∀i . select(a, i) = select(b, i))⇒ a = b

I UF+instantiation: use congruence closure and lazyinstantiation of the above array axioms

Exercise:

I Is i = j, select(A, i) 6= select(store(A, k, 5), j), j 6= ksatisfiable?

83/109

Datatypes

(declare-datatypes ( (List 1) ) (

( par ( T ) ( ( nil ) ( cons ( car T ) ( cdr ( List T )) )))))

I since SMT-LIB 2.6

I constructors are disjoint: nil 6= cons(x, `)

I constructors are injective:cons(x, `) = cons(x, `)⇒ (x = x′ ∧ ` = `′)

I objects are built from constructors: ` = cons(x′, `′) ∨ ` = nil

I selectors: car(cons(x, `)) = x, cdr(cons(x, `)) = `

I acyclicity: cons(x, `) 6= `, . . .

Decision procedure essentially based on congruence closure, andwith checks for above rules

84/109

Bitvectors

I fixed-size bit-vectors

I (_ BitVec 8 ) : #b00000000, #b01010101, #b11111110

I many available operations

I see FixedSizeBitVectors.smt2

I decision procedure: essentially incremental (smart)bit-blasting, with rewriting

85/109

Theory reasoning and combinations in SMT

SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


85/109


SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


Theoryreasoner

85/109


SMT formula

SMT solver

Theoryreasoner


Theoryreasoner

SMT solver

85/109


SMT formula

SMT solver

Theoryreasoner


Theoryreasoner

SMT solver

Theory reasoner

Decision Procedure 1

Decision Procedure 2

Decision Procedure n

...

86/109

Combinations of theories (1/2)Nelson-Oppen

Combining theories: uninterpreted symbols and arithmetic.

x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Separate into pure literals (a.k.a. purification)

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)

UNSA

T

Sound: deduce only logical consequencesComplete: decidable, disjoint, stably infinite theories

86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Separate into pure literals

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)

UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Exchange equalities

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)

UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Exchange equalities

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)x = y

UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Exchange equalities

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0v3 = v4

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)x = y

UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Exchange equalities

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0v3 = v4

Uninterpreted

P (v2)¬P (v5)v1 = f(x)v3 = h(x)v4 = h(y)x = yv2 = v5

UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0

Exchange equalities until unsatisfiability is deduced

Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0v3 = v4

Uninterpreted


UNSA

T


86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0


Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0v3 = v4

Uninterpreted


UNSA

T

Sound: deduce only logical consequences

Complete: decidable, disjoint, stably infinite theories

86/109



x ≤ y, y ≤ x+ f(x), P (h(x)− h(y)),¬P (0), f(x) = 0


Arithmetic

x ≤ yy ≤ x+ v1v1 = 0

v2 = v3 − v4v5 = 0v3 = v4

Uninterpreted


UNSA

T


87/109


Non linear arithmetic is also stably infinite.Uninterpreted symbols and non linear arithmetic:

x2 = 1, P (x),¬P (−1),¬P (1)

Separate into pure literals

Arithmetic

x2 = 1v1 = 1v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)

For non-convex theories, disjunctions have to be exchangedEven deducing equalities is unpractical with a black box

87/109



x2 = 1, P (x),¬P (−1),¬P (1)

Exchange equalities

Arithmetic

x2 = 1v1 = 1v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)


87/109



x2 = 1, P (x),¬P (−1),¬P (1)

Exchange disjunctions of equalities

Arithmetic

x2 = 1v1 = 1v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)


87/109



x2 = 1, P (x),¬P (−1),¬P (1)

Exchange disjunctions of equalities: unpractical

Arithmetic

x2 = 1v1 = 1v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)


88/109

Combining theories: using model equalities

Open the box a bit: besides (un)sat, get “model” if sat

x2 = 1, P (x),¬P (−1),¬P (1)

On SAT, get a model from NLRA

Arithmetic

x2 = 1v1 = 1v2 = −1

x = 1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)

88/109



x2 = 1, P (x),¬P (−1),¬P (1)

Pretend equalities in the model were in the input

Arithmetic

x2 = 1v1 = 1v2 = −1

x = 1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v1

88/109



x2 = 1, P (x),¬P (−1),¬P (1)

Compute conflict clause

Arithmetic

x2 = 1v1 = 1v2 = −1

x = 1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v1

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)

Add conflict clause to underlying SAT solver

Arithmetic

x2 = 1v1 = 1v2 = −1

x = 1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v1

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)

Update literals

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1

Uninterpreted

P (x)¬P (v1)¬P (v2)

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)

Get a model from NLRA (again)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1

x = −1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)

Pretend equalities in the model were in the input (again)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1

x = −1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v2

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)

Compute conflict clause (again)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1

x = −1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v2

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)¬P (x) ∨ x 6= −1 ∨ P (−1)

Add conflict clause to underlying SAT solver (again)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1

x = −1, v1 = 1, v2 = −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v2

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)¬P (x) ∨ x 6= −1 ∨ P (−1)

Update literals (again)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1x 6= −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v2

88/109



x2 = 1, P (x),¬P (−1),¬P (1)¬P (x) ∨ x 6= 1 ∨ P (1)¬P (x) ∨ x 6= −1 ∨ P (−1)x = 1 ∨ x = −1 ∨ x2 = 1

Conclude unsatisfiability (finally)

Arithmetic

x2 = 1v1 = 1v2 = −1x 6= 1x 6= −1

Uninterpreted

P (x)¬P (v1)¬P (v2)x = v2

89/109

Combining theories: soundness and completeness (1/4)Defining the problem

Assume T1, T2, stably infinite, disjoint, decidable theories

I stably infinite: if set of literals L satisfiable in Ti, then L hasan infinite model (card. ℵ0)

I disjoint: the only shared symbol between T1 and T2 is theequality =

I decidable: there is a procedure to check satisfiability of a setof literals L in Ti

Exercise: consider case of LIA, and empty theoryRemarks:

I L contains symbols from T1, T2 and uninterpreted constants

I we assume L = L1 ∪ L2 where Li contains only symbols fromTi and variables (i.e. uninterpreted constants)

I shared symbols in L1 and L2: =, variables

Exercise: see again slide 86

90/109

Combining theories: soundness and completeness (2/4)Exchanging equalities or guessing arrangement

I if Li is Ti-unsatisfiable, then L1 ∪ L2 is T1 ∪ T2-unsatisfiable

I we want something like “if and only if”

I obviously it does not hold: need some glue between thetheories

Two equivalent ways to reconcile the theories

I exchange disjunctions of equalities on shared variables

I a priori guess an arrangement A, a maximal set of equalitiesand disequalities over shared variablesa partition of shared variables according to equalityExercise: provide arrangement (slide 86)

E.g. v1 = v2 = v5, v3 = v4, x = y, v1 6= v3, v1 6= x, v3 6= x

Coming back to this shortly. Theorem first

90/109

Combining theories: soundness and completeness (2/4)Exchanging equalities or guessing arrangement

I if Li is Ti-unsatisfiable, then L1 ∪ L2 is T1 ∪ T2-unsatisfiable

I we want something like “if and only if”

I obviously it does not hold: need some glue between thetheories

Two equivalent ways to reconcile the theories

I exchange disjunctions of equalities on shared variables

I a priori guess an arrangement A, a maximal set of equalitiesand disequalities over shared variablesa partition of shared variables according to equalityExercise: provide arrangement (slide 86)E.g. v1 = v2 = v5, v3 = v4, x = y, v1 6= v3, v1 6= x, v3 6= x

Coming back to this shortly. Theorem first

91/109

Combining theories: soundness and completeness (3/4)Nelson-Oppen Theorem

Theorem (Nelson-Oppen)

If A ∪ Li is Ti-satisfiable for i = 1, 2, then A ∪ L1 ∪ L2 isT1 ∪ T2-satisfiable

Proof.Assume Mi is a Ti-model for A ∪ Li (i = 1, 2).Further assume (stably infinite theories) cardinality of domain of Mi is ℵ0.M1 and M2 agree (thanks to A) on which variables are equal.So, there is a bijection between domains of M1 and M2 such that sharedvariables are in bijection.Build M isomorphic to Mi when restricted to symbols in Ti ∪ Li (i = 1, 2).M is a Ti-model of A ∪ Li (i = 1, 2).A ∪ L1 ∪ L2 is T1 ∪ T2-satisfiable.

92/109

Combining theories: soundness and completeness (4/4)Exchanging equalities IS guessing an arrangement

I assume no more disjunction of equalities on shared variable can be shared

I i.e., if a disjunction of equalities C is a T1-consequence of L1, then C is aconsequence of L2 (and conv.)

I stronger: we require one disjunct to be consequence of Li (i = 1, 2)

I consider all equalities between shared variables consequence of Li

I since equalities are exchanged, i = 1 or i = 2 leads to equivalent sets ofequalities

I consider the arrangement A based on those equalities, and assumeeverything not equal is disequal

I if Li is Ti-satisfiable then A ∪ Li is Ti-satisfiable (i = 1, 2)

I proof by contradictionI equalities in A are redundant to Li (see above) and can be ignoredI if A ∪ Li is Ti-unsatisfiable, there is a set of disequalities C′ such

that C′ ∪ Li is Ti-unsatisfiableI i.e., there is a disjunction of equalities C, Ti-consequence of Li

I no disjunct of C is consequence of Li

93/109

Outline

From SAT to SMT



The community

Conclusion

94/109

Outline

From SAT to SMT



The community

Conclusion

95/109

Instantiation and the Herbrand Theorem (1/2)

SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


Theorem (Herbrand)

A set of pure first-order logic formulas is unsatisfiable if and only ifthere exists a finite unsatisfiable set of its instances

Working hypothesis

Quantifier handling for pure FOL will work well enough for SMT

96/109


Example:Is the following syllogism correct?

All humans are mortalAll Greeks are humans

Then all Greeks are mortal

Translate to FOL∀x.H(x)⇒M(x)∀x.G(x)⇒ H(x)

∀x.G(x)⇒M(x)

I Checking the validity of this formula:((∀x.H(x)⇒M(x)

)∧(∀x.G(x)⇒ H(x)

))⇒ ∀x.G(x)⇒M(x)

I Checking the unsatisfiability of:∀x.H(x)⇒M(x),∀x.G(x)⇒ H(x),¬∀x.G(x)⇒M(x)

I Skolemize: ∀x.H(x)⇒M(x),∀x.G(x)⇒ H(x), G(s)⇒M(s)

I Instantiate: add the two formulas H(s)⇒M(s), G(s)⇒ H(s)

I A ground (SAT/SMT) solver will deduce unsatisfiability.

96/109





Translate to FOL

∀x.H(x)⇒M(x)∀x.G(x)⇒ H(x)

∀x.G(x)⇒M(x)


)∧(∀x.G(x)⇒ H(x)

))⇒ ∀x.G(x)⇒M(x)





96/109





Translate to FOL∀x.H(x)⇒M(x)∀x.G(x)⇒ H(x)

∀x.G(x)⇒M(x)


)∧(∀x.G(x)⇒ H(x)

))⇒ ∀x.G(x)⇒M(x)





97/109

Instantiation and the Herbrand Theorem (1/2)Which instances?

SMT formula

SMT solver

SAT solver

Boolean Model

Theoryreasoner

Conflict clause


Model

Instantiationmodule

Instance


Quantifier-free SMT solver enumerates assignments E ∪QE set of ground literals

Q set of quantified clauses

Instantiation module generates instances of Q

I classic Herbrand Theorem: instantiate with all possible terms in language

I improved: instantiate with terms in E [Reynolds et al., TACAS 2018]

98/109

Instantiation strategies: trigger-based [Detlefs et al. J. ACM’05]

Trigger-based instantiation (E-matching): search for relevantinstantiations according to a set of triggers and E-matching

I E = {¬P (a),¬P (b), P (c),¬R(b)} andQ = {∀x. P (x) ∨R(x)}

I Assume the set of triggers {(P (x))}.

I Since E |= P (x){x 7→ t} ' P (t), for t = a, b, c, this strategymay return {{x 7→ a}, {x 7→ b}, {x 7→ c}}.

I Formally:

e(E, ∀x. ϕ): 1. Select a set of triggers {t1, . . . tn} for ∀x. ϕ.

2. For each i = 1, . . . , n, select a set of substitutions Si s.t.for each σ ∈ Si, E |= tiσ ' gi for some tuple gi ∈ TE .

3. Return⋃n

i=1 Si.

99/109

Instantiation strategies: conflict-based [Reynolds et al. FMCAD’14]

Conflict-based instantiation: search for instantiations of aquantified formula in Q that make E unsatisfiable


I Since E, P (b) ∨R(b) |= ⊥, this strategy will return{{x 7→ b}}.

I Formally:

c(E, ∀x. ϕ): 1. Either return {σ} where E,ϕσ |= ⊥, or return ∅.

100/109

Instantiation strategies: model-based [Ge and de Moura CAV’09]

Model-based instantiation (MBQI): build a candidate model forE ∪Q and instantiate with counter-examples from model checking


I Assume that PM = λx. ite(x ' c, >, ⊥) and RM = λx.⊥.

I SinceM 6|= P (a)∨R(a), this strategy may return {{x 7→ a}}.

I Formally:

m(E, ∀x. ϕ): 1. Construct a model M for E.

2. Return {{x 7→ t }} where t ∈ TE and M 6|= ϕ{x 7→ t },or ∅ if none exists.

101/109

Outline

From SAT to SMT



The community

Conclusion

102/109

Outline

From SAT to SMT



The community

Conclusion

103/109

Standard input language: SMT-LIB 2.6 (1/2)

a ≤ b ∧ b ≤ a+ x ∧ x = 0 ∧[f(a) 6= f(b) ∨ (q(a) ∧ ¬q(b+ x))

]In SMT-LIB 2.6 format:

(set-info :smt-lib-version 2.6)

(set-logic QF_UFLRA)

(set-info :source | Example formula in SMT-LIB 2.6 |)

(declare-fun f (Real) Real)

(declare-fun q (Real) Bool)

(declare-fun a () Real)

(declare-fun b () Real)

(declare-fun x () Real)

(assert (and (<= a b) (<= b (+ a x)) (= x 0)

(or (not (= (f a) (f b)))

(and (q a) (not (q (+ b x)))))))

(check-sat)

(exit)

104/109

Standard input language: SMT-LIB 2.6 (2/2)

I Theories: Arrays (A), FloatingPoint (FP), Reals (LRA, NRA),Ints (LIA, NIA), Fixed Size Bit Vectors (BV), Reals Ints(LIRA, NIRA)

I Logics:I quantifier-free: QF UF, QF LIA, QF UFLIA,. . .I with quantifiers: UF, LIA, UFLIA,. . .

I Repository of benchmarks: www.smtlib.org

www.smtlib.org

105/109

Finding the right solver

Name UF LA BV NLA Q OSS Proofs

Alt-Ergo x x x xBarcelogic x x xCVC4 x x x P x x PMathSAT x x x xOpenSMT x x x xraSAT P xSMTInterpol x x xSMT-RAT x x xveriT x x P x x PYices x x x xZ3 x x x x x x P

Other distinguishing features:

I decision procedures for strings, inductive data-types, polymorphism

I incrementallity

I interface/language

Efficiency: have a look at the SMT-COMP results.

106/109

Finding out more about SMT / SMT-LIB

I All about SAT (and more):Armin Biere, Marijn J. H. Heule, Hans van Maaren and Toby Walsh.Handbook of Satisfiability.volume 185 of Frontiers in Artificial Intelligence and Applications,IOS Press, 2009.

I A survey on SMT:Clark Barrett, Roberto Sebastiani, Sanjit A. Seshia and CesareTinelli.Satisfiability Modulo Theories.Chapter 26, pages 825–885 in the above.

I Web site of the SMT-LIB initiative:http://www.smtlib.org/

I Web site of the SMT-COMP:http://www.smtcomp.org/

I Getting the SMT-LIB input language standard:http://www.smtlib.org/language.shtml

I Getting some examples of input language:http://www.smtlib.org/examples.shtml

http://www.smtlib.org/

http://www.smtcomp.org/

http://www.smtlib.org/language.shtml

http://www.smtlib.org/examples.shtml

107/109

Outline

From SAT to SMT



The community

Conclusion

108/109

Outline

From SAT to SMT



The community

Conclusion

109/109

The future of SMT / SMT-LIB

SMT

I better quantifier handling (convergence with FOL?)

I stronger procedures for non-linear arithmetic

I floating point arithmetic

I more expressivity

I better proofs

I higher-order

I higher efficiency

I parallelism

SMT-LIB

I interface

I proofs

I modularity

I more standardized theories

satisfiability modulo theories · prince instructs you either to invite peru or to exclude qatar ....

Documents