Decision Procedures - An algorithmic point of view 1 Quantified formulas Decision procedures – An algorithmic point of view Daniel Kroening and Ofer Strichman

Decision Procedures - An algorithmic point of view 1

Quantified formulas

Decision procedures – An algorithmic point of view

Daniel Kroening and Ofer Strichman


Why do we need quantifiers ?

As always: more modeling power Examples of quantifiers usage:

“Everyone in the room has a friend” “There is a person in the room that all of his cars are red” “There is not more than one person in the room that earns

more than $1M”


Quantifiers in Math…

For any integer x there is a smaller integer y

8x2Z 9y2Z. y < x X Reverse claim: There exists an integer y such that any

integer x is greater than y

9y2Z 8x2Z. y < x £

(Bertrand’s postulate) For any natural number greater than 1 there is a prime number p such that n < p < 2n

8n2 N. 9p2 N. n >1 ! (isprime(p) Æ n < p < 2n)


Actually…

Satisfiability of (x1,,xn) = does there exist an interpretation of x1,,xn that satisfies

Validity of (x1,,xn) = does it hold that all interpretation of x1,,xn satisfy

Conclusion: what we did so far (satisfiability, validity) is non-alternating quantification.


Example: Quantified Propositional Logic

Better known as Quantified Boolean Formulas (QBF)

formula: var | : formula | formula Ç formula | ( formula ) | T | F|8 var. (formula) | 9 var. (formula)

8x. (x Ç 9y. (y ! x))

8x. (9y. ((x Ç :y) Æ (:x Çy)) Æ 9y. ((:y Ç :x) Æ (x Ç y)))

Binding scope of y

X

X


Prenex Normal-Form (PNF)

Formulas in PNF look like this:

’: Q[n]V[n]. .Q[1]V[1]. Quantifier-free formula

where Q[i] 2 {8,9} and V[i] is a variable.

Every quantified formula can be transformed to PNF while preserving validity. How ?

prefix


Prenex Normal Form (PNF)

1. Eliminate ! and $ (transform to Ç Æ :)

2. Push negations inside using:: 8 x. $ 9 x. : : 9 x. $ 8 x. :

3. If there are name conflicts across scopes, solve with renaming.

4. Move quantifiers out by using recursively rules such as:1. Q1 x. 1(x) Æ Q2 y.

2(y) $ Q1 x. Q2 y. (1(x) Æ 2(y)) Qi2{8,9}

2. Q1 x. 1(x) Ç Q2 y. 2(y) $ Q1 x. Q2 y. (1(x) Ç 2(y))Qi2{8,9}

3. 1 Æ 9 x. 2(x) $ 9 x. (1 Æ 2(x)) where x does not appear in 1

4. 1 Æ 8 x. 2(x) $ 8 x. (1 Æ 2(x)) where x does not appear in 1

5. 8 x. 1(x) Æ 8 x.

2(x) $ 8 x. (

1(x) Æ

2(x))

6. 9 x. 1(x) Ç 9 x.

2(x) $ 9 x. (

1(x) Ç

2(x))


Prenex Normal Form (PNF): example

:9x. : (9y. ((y ! x) Æ (: x Ç y)) Æ :8y. ((y Æ x) Ç (: x Æ : y)))

1,2. Eliminate !, push negations inside:

8x. (9y. ((:y Ç x) Æ (: x Ç y)) Æ 9y. ((:y Ç : x) Æ (x Ç y)))

3. Renaming:

8x. (9y1. ((:y1 Ç x) Æ (: x Ç y1)) Æ 9y2. ((:y2 Ç : x) Æ (x Ç y2)))

4. Move quantifiers to front:

8x. 9y1. 9y2. (x Ç :y1) Æ (: x Ç y1) Æ (:y2 Ç : x) Æ (x Ç y2)


Why eliminating 9x. ÆiLi is enough

A procedure for eliminating an existential quantifier applied to a conjunction of literals is enough, because: Given a formula , write it in DNF. Use the fact that

Eliminate universal quantifiers using the fact

8x. $ :9x. :


Quantifier Elimination

Examples first, generalization later. Example #1: Quantified Boolean Formulas (QBF) Example #2: Quantified Linear Arithmetic (QLA)


Example #1: QBF

Examples of Quantified Boolean Formula

: u e.(uÇ :e)(:uÇ e)

: e4e5 u1u2u3 e1e2e3. f(e1,e2,e3,e4,e5,u1,u2,u3)

QBF Problem: is valid? P-Space Complete, theoretically harder than NP-Complete

problems such as SAT.


Motivations

QBF has practical applications: AI Planning Sequential circuit verification …


a Ç b Ç g Ç h’Ç fa Ç b Ç g Ç h’

Solving QBF with projection: 9

Eliminate 9x. by projecting x on variables in higher quantification levels (their scope includes x’s scope).

In Propositional Logic projection can be done with Resolution.

Resolution example:

a Ç b Ç c’ Ç f g Ç h’ Ç c Ç f


Solving QBF with projection: 8

Transform 8 to 9 via: (8x. $ (:9x. : CNF is easier than general formulas:8u1u2 9e1 8u3(u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1)

8u1u2 9e1:9u3 :((u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1))

8u1u2 9e1:9u3 ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æu3Æe1))

8u1u2 9e1: ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æ(9u3. u3)Æe1))

8u1u2 9e1 : ((:u1Æ e1)Ç(u1Æ :e1)Ç (:u2Æe1))

8u1u2 9e1 (u1Ç:e1)(:u1Çe1)(u2Ç:e1)

Suffix is DNF

Back to CNF

Shortcut for CNF formulas: simply erase universally quantified variables!

Replace with true


Resolution Based QBF Algorithm

8u1u29e18u39e3e2(u1Ç:e1)(:u1Ç:e2Çe3)(u2Ç:u3Ç:e1)(e1Çe2)(e1Ç:e3)

8u1u29e18u39e3 (u1Ç:e1)(:u1Çe3Çe1)(u2Ç:u3Ç:e1)(e1Ç:e3)

8u1u29e18u3 (u1Ç:e1)(:u1Çe1)(u2Ç:u3Ç:e1)

8u1u29e1(u1Ç:e1)(:u1Çe1)(u2Ç:e1)

8u1u2(:u1Ç u2)

FALSE


Example #2: Quantified Linear Arithmetic

formula = predicate | formula Ç formula | :formula | (formula) | 8 var. formula | 9 var. formula

predicate = i ai xi · c

8x.9y.9z. (y+1 · x Æ z+1 · y Æ 2x+1 · z)


Solving QLA with projection

Eliminate 9x. by projecting x. In Linear Arithmetic over R projection can be done

with Fourier-Motzkin elimination.

Fourier-Motzkin method to eliminate a variable xn:- for each pair of constraints: i=1..n-1ai’xi < xn < i=1..n-1aixi

add a constraint i=1..n-1ai’xi < i=1..n-1aixi

- in the end remove all constraints involving xn.


x + 1 · 3z + 3

2y · 2z + 4

Solving QLA with projection

Fourier Motzkin: example.

Eliminate y:

x + 1 · z + 2 Æ

x + 1 · y Æ y · 3z + 3 Æ


Quantifier elimination - example

8x.9y.9z. (y+1 · x Æ z+1 · y Æ 2x+1 · z)

8x.9y. (y+1 · x Æ 2x+1 · y-1 )

8x. (2x+2 · x-1) // transform to 9

:9x. : (2x+2 · x-1)

:9x. x > -3

:true

false


Quantifier elimination by projection: summary

Given a PNF formula f = Q[n]V[n]Q[1]V[1]

For i = 1 .. n {

if Q[i] = 9 then = project(,V[i])

else = :project(:,V[i])

}

Return


More about QBF

Example of using QBF (the diameter problem) A search-based procedure for QBF.

Acknowledgement: QBF slides borrowed from S. Malik


The State Space Diameter Problem

S0

S2S1

S3

S5 S4 diameter = 3

Start from the initial states, the minimum number of steps needed to visit every reachable state

S0

initial state: S0S2S1

step 1: S1, S2

S4

S3step 2: S3, S4

S5

step 3: S5


Why is the Diameter Problem important?

Bounded model checking (BMC): search for a ‘bad’ state up to k steps from an initial step.

BMC can be formulated as SAT. Increasing k makes is harder. Q: how deep should we go ? A: as deep as the diameter The diameter can be found by solving a QBF problem


Circuit Constructed for the Diameter Problem

CombinationalLogic

I1

O1

1s0s CombinationalLogic

In

On

ns1ns CombinationalLogic

In+1

On+1

1ns

CombinationalLogic

I1’

O1’

'1s'0s CombinationalLogic

In’

On’

'ns'1ns

The idea: prove that for every state reachable in k+1 steps, there exists inputs that drive the model to this state earlier.


Some Terminology for the Formulations

CombinationalLogic

I1

O1


In

On


In+1

On+1

1ns

CombinationalLogic

I1’

O1’


In’

On’

'ns'1ns

Variables: VCircuit consistency condition: C(V)


Some Terminology for the Formulations

CombinationalLogic

I1

O1


In

On


In+1

On+1

1ns

CombinationalLogic

I1’

O1’


In’

On’

'ns'1ns

Variables: V’Circuit consistency condition: C(V’)


QBF Formulation

CombinationalLogic

I1

O1


In

On


In+1

On+1

1ns

CombinationalLogic

I1’

O1’


In’

On’

'ns'1ns

C(V)

C(V’)

)1()()'()(.'),\( '10

1

1121 i

SSVCVCVIVIII nni

n

iin

Other Vvariables

V inputs V’ variables, incl. inputs


Another way to project Boolean variables

Shannon expansion:9x. = |x=0 Ç |x=1

8x. = |x=0 Æ |x=1 // can be derived from 8x. = :9x.:

The same applies for all finite-range variables.

Applying 9x., where in CNF $ resolution But: does not need to be in CNF, and there is no

need to transform the formula to DNF.


Projection for non-CNF formulas: example

9y 8z 9x. (y Ç (x Æ z))

9y 8z. (y Ç (x Æ z))|x=0 Ç (y Ç (x Æ z))|x=1

9y 8z. ((y) Ç (y Ç z))

9y :9z. (:y Æ :z)

9y. : ((:y Æ :z)|z=0 Ç (:y Æ :z)|z=1)

9y. : (:y)

True


Search Based QBF Algorithms

Work by gradually assigning variables A partial assignment

[KGS98] M. Cadoli, A. Giovanardi, M. Schaerf. An Algorithm to Evaluate Quantified Boolean Formulae. In Proc. of 16th National Conference on Artificial Intelligence (AAAI-98)




Undetermined Continue search





Undetermined Conflict

Backtrack Record the reason





Undetermined Conflict Satisfied

Backtrack Determine the covered satisfying space





Undetermined Conflict Satisfied

The majority of QBF solvers are search based, the DPLL algorithm is an example of this


Basic DPLL Flow for QBF

eu (e Ç u)(:e Ç :u)

Unknown

True (1)

False(0)



e = 0

Unknown

True (1)

False(0)




e = 0

u = 1

Unknown

True (1)

False(0)

Satisfying Node

eu (e Ç u)(:e Ç :u) Universal quantification

Existential quantification



e = 0

u = 1

Unknown

True (1)

False(0)

Backtrack




e = 0

u = 1 u = 0

Unknown

True (1)

False(0)




e = 0

u = 1 u = 0

Unknown

True (1)

False(0)




e = 1

Unknown

True (1)

False(0)


e = 0

u = 1 u = 0



e = 1

u = 1

Unknown

True (1)

False(0)


e = 0

u = 1 u = 0



e = 1

u = 1

Unknown

True (1)

False(0)

Conflicting Node


e = 0

u = 1 u = 0



e = 1

u = 1

Unknown

True (1)

False(0)


e = 0

u = 1 u = 0



e = 1

u = 1

e = 0

u = 1 u = 0

False

Unknown

True (1)

False(0)




ue (u Ç e)(:u Ç :e)

Unknown

True (1)

False(0)



Unknown

True (1)

False(0)

u = 1




Unknown

True (1)

False(0)

u = 1

e = 1




Unknown

True (1)

False(0)

u = 1

e = 1 e = 0




Unknown

True (1)

False(0)

u = 1

e = 1 e = 0




Unknown

True (1)

False(0)

u = 1

e = 1 e = 0

u = 0

e = 1




Unknown

True (1)

False(0)

u = 1

e = 1 e = 0

u = 0

e = 1

Trueue (u Ç e)(:u Ç :e)


What we saw is DPLL - QBFwhile (true) {

decide_next_branch() //choose a branch variable

while(true) {

status = deduce(); //unit propagation

if (status == CONFLICT) {

blevel = analyze_conflict(); //find out the reason for conflict

if (blevel < 0) return UNSATISFIABLE;

else backtrack(blevel);

}

else if (status == SATISFIABLE) {

blevel = analyze_SAT() //find out the reason for satisfaction

if (blevel < 0) return SATISFIABLE;

else backtrack(blevel);

}

else break;

}}


Naïve DPLL Based Approach

Works on a CNF database Learning and non-chronological backtracking is

much harder – requires a change! Modern QBF solvers do not work with CNF, rather

with a combination of CNF with Cubes. This lets them apply learning efficiently.


ACNF

Definition: Augmented CNF (ACNF) = C1 Æ C2Æ …Æ CmÇ S1 Ç S2 Ç ……Ç Sk

Where Ci’s are clauses, and Sj ’s are cubes.

Each Sj is contained in the clause term C1 C2…Cm.

i.e.i{1,2…k}, Si C1 Æ C2 Æ … Æ Cm

In ACNF, cubes are redundant Example:

(:aÇ:bÇ:c)Æ(:aÇbÇc) Æ(aÇ:bÇc) Æ(aÇbÇ:c) Ç

(:aÆ:bÆ:c) Ç (aÆ :bÆ c)


Solving QBF of ACNF formulas

Cubes are necessary for saving information on the (universal) space already covered.

We will see a special case: 2QBF 2QBF = QBF with one quantifier alternation very useful!


A special case: 2QBF

DPLL search based, utilize a standard SAT solver Algorithm I: Assign universal variables first Algorithm II: no restriction in decision order w.r.t. variable

quantification order

Resolution based No simplification, just Q-resolution With complete two-level minimization (using Logic-

Minimization) at each resolution step


Coverage Cubes and Blocking Clauses

(u1 Ç u2 Ç e1) Æ(u3 Ç :e2) Æ (u1Ç :e1Ç :e2)(:u1Ç :u2Ç e2) Æ

satisfying assignment :

{u1=1, u2=0, u3=X, e1=0, e2=0}

satisfying cube:

{u1=1, u2=0, e2=0}

select a set of literals

that satisfy all clauses

coverage cube for the universal Boolean space:

u1 :u2

blocking clause:

:u1 Ç u2

prevents revisiting the already searched space


Example for Algorithm I

universal assignment: u1=0, u2=0

SAT assignment: u1=0, u2=0, e1=1, e2=1

satisfying cube (cover set): u1=0, e1=1, e2=1

coverage cube: u1=0

universal assignment: u1=1, u2=0

SAT assignment: u1=1, u2=0, e1=0, e2=0

satisfying cube (cover set): u1=1, e1=0, e2=0

coverage cube: u1=1

no more universal assignment left, instance is true

8u1u29e1e2. (u1Ç e1)Æ(:u1Ç :e1)Æ(:u1Ç u2Ç:e2) Æ(:u2Ç:e1Ç e2) Æ (e1Ç:e2)


satisfying cube

(cover set)

3

Algorithm I

universal space(u1,u2,…,um)

SAT assignmentuniversal assignment

coverage cube

existential space(e1,e2,…,en)

1 2

4

5


Example for Algorithm II

SAT assignment: u1=0, e1=1, e2=1, u2=0

blocking clause: (u1 Ç :e1 Ç :e2)

coverage cube: u1=0

SAT assignment: u1=1, e1=0, e2=0 , u2=0

coverage cube: u1=1

blocking clause: (u1 Ç :e1 Ç :e2)

The entire universal space is covered, instance is true



blocking clause

2

Algorithm II

universal variable space(u1,u2,…,um)

SAT assignment, no need to respect quantification order to get that

13

all variable space(u1,u2,…,um,e1,e2,…,en)

coverage cube

4


Resolution Based Algorithm

First resolve out existential variables After resolving out all existential variables

An empty clause (a clause with no literal or consisting only of universal variables) false

An empty set of clauses true

Has the memory blowup problem Alleviate by simplifying the propositional part after

each resolution step


Example for Resolution Based Algorithm

resolve out e1

empty set of clause

instance is true

simplify

resolve out e2


8u1u29e2. (u1Ç :u2 Ç e2)Æ(:u1Ç :e2)Æ(:u1Ç u2Ç:e2)

8u1u29e2. (u1Ç :u2 Ç e2)Æ(:u1Ç :e2)


Experimental Results (Malik et al.)

>400

>400

>400

>400

>400

>400

Res w/o simp

>400

>400

4.29

208.6

25.04

2.19

Res w/ simp

>400>400298.8634**

>400>4002.55

18.23294.270.803

Depth

s1423

s1488

>400

0.22

0.27

Quaffle

>4002.1115

>4000.151

0.260.151

Alg. IIAlg. ICircuit

0.36(10)

0.01(100)

Res w/o simp

169.09(6)

0.25(100)

Res w/ simp

200 (10 instances)

100 (100 instances)

>400(0)16.22(98)0(100)

>400(0)

Quaffle

>400(0)160(6)

Alg. IIAlg. I# of clauses (100 vars, 5 lits/clause)

* The tests were done on an Intel Pentium III 933 MHz machine with 1GB of RAM running linux.

** Improves on previous diameter lower bound of 26

Documents

Decision Procedures - An algorithmic point of view 1 Quantified formulas Decision procedures – An algorithmic point of view Daniel Kroening and Ofer Strichman