sat genealogy

1

SAT Genealogy

Alexander Nadel, Intel, Haifa, Israel

The Technion, Haifa, IsraelJuly, 3 2012

2

Agenda Introduction Early Days of SAT Solving Core SAT Solving

Conflict Analysis and Learning Boolean Constraint Propagation Decision Heuristics Restart Strategies Inprocessing

Extensions to SAT Incremental SAT Solving under Assumptions Simultaneous Satisfiability (SSAT) Diverse Solutions Generation High-level (group-oriented) MUC Extraction

3




We won’t use implication graphs for explanation, but:Duality between search and resolution

4

What is SAT? Find a variable assignment (AKA solution or

model) that satisfies a propositional formula or prove that there are no solutions

SAT solvers operate on CNF formulas: Any formula can be reduced to a CNF

CNF Formula:

clausenegative literal

positive literal

F = ( a + c ) ( b + c ) (a’ + b’ + c’ )

5

SAT: Theory and Practice Theory:

SAT is the first known NP-complete problem Stephen Cook, 1971

One can check a solution in polynomial time Can one find a solution in polynomial time?

The P=NP question… Practice:

Amazingly, nowadays SAT solvers can solve industrial problems having millions of clauses and variables

SAT has numerous applications in formal verification, planning, bioinformatics, combinatorics, …

6

Approaches to SAT Solving Backtrack search: DFS search for a solution

The baseline approach for industrial-strength solvers. In focus today.

Look-ahead: BFS search for a solution Helpful for certain classes of formulas Recently, there were attempts of combining it with

backtrack search Local search

Helpful mostly for randomly generated formulas

7

Early Days of SAT Solving Agenda Resolution Backtrack Search

a + b + g + h’ + fa + b + g + h’

Resolution: a Way to Derive New Valid Clauses

Resolution over a pair of clauses with exactly one pivot variable: a variable appearing in different polarities:

a + b + c’ + f g + h’ + c + f

- The resolvent clause is a logical consequence of the two source clauses

• Known to be invented by Davis&Putnam, 1960• Had been invented independently by Lowenheim in early 1900’s (as well as the DP

algorithm, presented next)• According to Chvatal&Szemeredy, 1988 (JACM)

9

DP Algorithm: Davis&Putnam, 1960

(a + b)

(a + b’) (a’ + c) (a’ + c’)

(a + b + c)

(b + c’ + f’)

(b’ + e)

(a + c + e)(c’ + e + f)

(a + e + f)

(a’ + c) (a’ + c’)

(c)

(c’)

( )SATUNSAT

(a)

Remove the variables one-by-one by resolution over all the clauses containing that variable

DP is sound and complete

Backtrack Search or DLL: Davis-Logemann-Loveland, 1962

a + b

b’ + c

b’ + c’

a’ + b


a + b

b’ + c

b’ + c’

a’ + b

a’


a + b

b’ + c

b’ + c’

a’ + b

a’Decision level 1

a is the decision variable;a’ is the decision literal


a + b

b’ + c

b’ + c’

a’ + b

a’

b’

Decision level 2


a + b

b’ + c

b’ + c’

a’ + ba + b

a’

b’

A conflict. A blocking clause – a clause, falsified by the current assignment – is encountered.


a + b

b’ + c

b’ + c’

a’ + ba + b

a’

b’ b Backtrack and flip


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c

a’

b’ b

c’

Decision level 1

Decision level 2


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

a’

b’ b

c’ c

Decision level 1


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

a’

b’ b

c’ c

a


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

a’

b’ b

c’ c

a

b


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

b’ + c

a’

b’ b

c’ c

a

b

c’


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

b’ + c b’ + c’

a’

b’ b

c’ c

a

b

c’ c


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

b’ + c b’ + c’

a’ + b

a’

b’ b

c’ c

a

b

c’ c

b’


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

b’ + c b’ + c’

a’ + b

a’

b’ b

c’ c

a

b

c’ c

b’

UNSAT!

24

Core SAT Solving: the Principles DLL could solve problems with <2000 clauses How can modern SAT solvers solve problems

with millions of clauses and variables? The major principles:

Learning and pruning Block already explored paths

Locality and dynamicity Focus the search on the relevant data

Well-engineered data structures Extremely fast propagation

25




Duality between Basic Backtrack Search and Resolution

One can associate a resolution derivation with every invocation of DLL over an unsatisfiable formula


a + b

b’ + c

b’ + c’

a’ + b


a + b

b’ + c

b’ + c’

a’ + b

a’


a + b

b’ + c

b’ + c’

a’ + ba + b

a’

b’


a + b

b’ + c

b’ + c’

a’ + ba + b

a’

b’

• A parent clause P(x) is associated with every flip operation for variable x. It contains:• The flipped literal • A subset of previously assigned falsified literals

• The parent clause justifies the flip: its existence proves that the explored subspace has no solutions

b


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c

a’

b’ b

c’


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c

a’

b’ b

c’ c


a + b

b’ + c

b’ + c’

a’ + ba + b

b’ + c b’ + c’

a’

b’ b

c’ c


a + b

b’ + c

b’ + c’

a’ + b b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c

• Backtracking over a flipped variable x can be associated with a resolution operation:• P = P(x) P• P is to become the parent

clause for the upcoming flip• P is initialized with the last

blocking clause

PoldP(c)

Pnew


a + b

b’ + c

b’ + c’

a’ + b

a

b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c

• Backtracking over a flipped variable x can be associated with a resolution operation:• P = P(x) P• P is to become the parent

clause for the upcoming flip• P is initialized with the last

blocking clause

Pnew

PoldP(b)

b’ b

c’ c


a + b

b’ + c

b’ + c’

a’ + b

a

b’a + b

b’ + c b’ + c’

a’ a

(a)

• The parent clause P(a) is derived by resolution.• The resolution proof (a) of the parent clause is called parent resolution


a + b

b’ + c

b’ + c’

a’ + b

a’ a

b

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


a + b

b’ + c

b’ + c’

a’ + b

b’ + c

a’ a

b

c’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


a + b

b’ + c

b’ + c’

a’ + b

b’ + c

a’ a

b

c’ c

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

P(c)


a + b

b’ + c

b’ + c’

a’ + b

b’ + c b’ + c’

a’ a

b

c’ c

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


a + b

b’ + c

b’ + c’

a’ + b

b’

b’ + c b’ + c’

a’ a

b

c’ c

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

PoldP(c)

Pnew


a + b

b’ + c

b’ + c’

a’ + b

b’

b’ + c b’ + c’

a’ a

b

c’ c

b’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’(b)


a + b

b’ + c

b’ + c’

a’ + b

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


a + b

b’ + c

b’ + c’

a’ + b

a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

PoldP(b)

Pnew


a + b

b’ + c

b’ + c’

a’ + b

a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

PoldP(a)

Pnew


a + b

b’ + c

b’ + c’

a’ + b

a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

The final trace of DLL is both a decision tree (top-down view) and a resolution refutation (bottom-up view) Variables associated with the edges are both

decision variables in the tree and pivot variables for the resolution

A forest of parent resolutions is maintained The forest converges to one resolution

refutation in the end (for an UNSAT formula)

Conflict Clause Recording

a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

The idea: update the instance with conflict clauses, that is some of the clauses generated by resolution Introduced in SAT by Bayardo&Schrag, 1997

(rel_sat)


a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’b’ b

c’ c

a

b’a + b

b’ + c b’ + c’

Assume the brown clause below was recorded


a’

b’

b’ + c b’ + c’

a’ + b

a’ a

b

c’ c

b’b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


The violet part would not have been explored It is redundant


a’

a’ + b

a’ a

bb’

b’ b

c’ c

a

b’a + b

b’ + c b’ + c’


The violet part would not have been explored It is redundant

Conflict Clause Recording Most of the modern solvers record every

non-trivial parent clause (since Chaff) : recorded : not recorded

a’

b’

c’ c d’ d f’ f g’ g

b e’ e

a

Enhancing CCR: Local Conflict Clause Recording The parent-based scheme is asymmetric

w.r.t polarity selection

a’

b’


b e’ e

a

Enhancing CCR: Local Conflict Clause Recording The parent-based scheme is asymmetric w.r.t polarity selection Solution: record an additional local conflict clause: a would-be

conflict clause if the last polarity selection was flipped Dershowitz&Hanna&Nadel, 2007 (Eureka) : local conflict clause

a’

b’


b e’ e

a

55

Managing Conflict Clauses Keeping too many clauses slows down the solver Deleting irrelevant clauses is very important.

Some of the strategies: Size-based: remove too long clauses

Marques-Silva&Sakallah, 1996 (GRASP) Age-based: remove clauses that weren’t used for BCP

Goldberg&Novikov, 2002 (Berkmin) Locality-based (glue): remove clauses, whose literals

are assigned far away in the search tree Audemard&Simon, 2009 (Glucose)

Modern Conflict Analysis Next, we present the following two

techniques, commonly used in modern SAT solvers: Non-chronological backtracking (NCB)

GRASP 1UIP scheme

GRASP&Chaff Both techniques prune the search tree and

the associated forest of parent resolutions

Non-Chronological Backtracking (NCB)

b’ b

c’ c

a + b

b’ + c

b’ + c’

a’ + ba

b’a + b

b’ + c b’ + c’

a’

…

d’

NCB is an additional pruning operation before flipping: eliminate all the decision levels adjacent to the decision level of the flipped literal, so that the parent clause is still falsified

e

(e)

e’

• Assume we are about to flip a


b’ b

c’ c

a + b

b’ + c

b’ + c’

a’ + ba

b’a + b

b’ + c b’ + c’

a’

…

d’


e

(e)

e’

• Assume we are about to flip a• Eliminate irrelevant decision levels


b’ b

c’ c

a + b

b’ + c

b’ + c’

a’ + ba

b’a + b

b’ + c b’ + c’

a’

…


• Assume we are about to flip a• Eliminate irrelevant decision levels• Flip

a

1UIP Scheme

1UIP Scheme 1UIP scheme consists of:

A stopping condition for backtracking: stop whenever P contains one variable of the last decision level, called the 1UIP variable



a + b

b’ + c

b’ + c’

a’ + b b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c

P



A rewriting operation: consider the 1UIP variable as a decision variable and P as its parent clause

a + b

b’ + c

b’ + c’

a’ + b b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c

P




a + b

b’ + c

b’ + c’

a’ + b b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c




A pruning technique: eliminate all the disconnected variables of the last decision level (along with their parent resolutions)

a + b

b’ + c

b’ + c’

a’ + b b’a + b

b’ + c b’ + c’

a’

b’ b

c’ c




A pruning technique: eliminate all the disconnected variables of the last decision level (along with their parent resolutions)

a + b

b’ + c

b’ + c’

a’ + b b’

b’ + c b’ + c’

b

c’ c

b’

68




69

The unit clause rule A clause is unit if all of its literals but one are assigned to 0.

The remaining literal is unassigned, e.g.:

Boolean Constraint Propagation (BCP) Pick unassigned variables of unit clauses as decisions

whenever possible 80-90% of running time of modern SAT solvers is spent in

BCP Introduced already in the original DLL

a = 0, b = 1, c is unassigneda + b’ + c

Boolean Constraint Propagation

70

Data Structures for Efficient BCP Naïve: for each clause hold pointers to all its literals How to minimize the number of clause visits? When can a clause become unit?

All literals in a clause but one are assigned to 0 For an N-literal clause, this can only occur after N-1 of the literals

have been assigned to 0 So, theoretically, one could completely ignore the first N-2

assignments to this clause. The solution: one picks two literals in each clause to watch and

thus can ignore any assignments to the other literals in the clause. Introduced by Zhang, 1997 (SATO solver); enhanced by Moskewicz&

Madigan&Zhao&Zhang&Malik, 2001 (Chaff)

71

Watched Lists : Examplea b c d e f g h

W W

72


W W

a’

73


W W

• The clause is visited• The corresponding watch moves to any unassigned literal• No pointers to the previously visited literals are saved

a’

74


W W

a’

c’

75


W W

• The clause is not visited!

a’

c’

76


W W

a’

c’

g’

e’

77


W W

• The clause is not visited!

a’

c’

g’

e’

78


W W

a’

c’

g’

e’

h’

79


W W

• The clause is visited• The corresponding watch moves to any unassigned literal• No pointers to the previously visited literals are saved

a’

c’

e’

g’

h’

80


W W

a’

c’

e’

g’

h’

f’

81


W W

a’

c’

e’

g’

h’

f’

82


W W

a’

c’

e’

g’

h’

f’

b’

83


W W

• The watched literal b is visited. It is identified that the clause became unit!

a’

c’

e’

g’

h’

f’

b’

84


W

• b is unassigned : the watches do not move• No need to visit the clause during backtracking!

W

a’

c’

e’

g’

h’

f’

Backtrackb’

85

Watched Lists : Example

• f is unassigned : the watches do not move

Backtrack

a b c d e f g h

WW

a’

c’

e’

g’

h’

f’

b’

86

Watched Lists : Example

a’

c’

e’

g’

h’

• When all the literals are unassigned, the watches pointers do not get back to their initial positions

f’

B

acktrack

a b c d e f g h

WW

b’

87

Watched Lists : CachingChu&Harwood&Stuckey, 2008 Divide the clauses into various cache levels

to improve cache performance Most of the modern solvers put one literal of each

clause in the WL Special data structures for clauses of length 2

and 3

88




Decision Heuristics Which literal should be chosen at each

decision point? Critical for performance!

Old-Days’ Static Decision Heuristics Go over all clauses that are not satisfied Compute some function f(A) for each literal—

based on frequency Choose literal with maximal f(A)

Variable-based Dynamic Heuristics: VSIDS

VSIDS was the first dynamic heuristic (Chaff) Each literal is associated with a counter

Initialized to number of occurrences in input Counter is increased when the literal participates in

a conflict clause Occasionally, counters are halved Literal with the maximal counter is chosen

Breakthrough compared to static heuristics: Dynamic: focuses search on recently used variables and

clauses Extremely low overhead

92

Enhancements to VSIDS Adjusting the scope: increase the scores for

every literal in the newly generated parent resolution (Berkmin)

Additional dynamicity: multiply scores by 95% after each conflict, rather than occasionally halve the scores Eén&Sörensson, 2003 (Minisat)

The Clause-Based Heuristic (CBH) The idea: use relevant clauses for guiding the

decision heuristic The Clause-Based Heuristic or CBH (Eureka)

All the clauses (both initial and conflict clauses) are organized in a list

The next variable is chosen from the top-most unsatisfied clause

After a conflict: All the clauses that participate in the newly derived parent resolution

are moved to the top, then The conflict clause is placed at the top

Partial clause-based heuristics: Berkmin, HaifaSAT

94

CBH: More CBH is even more dynamic than VSIDS: prefers

variables from very recent conflicts CBH tends to pick interrelated variables:

Variables whose joint assignment increases the chances of: Satisfying clauses in satisfiable branches Quickly reaching conflicts in unsatisfiable branches

Variables appearing in the same clause are interrelated: Picking variables from the same clause, results in either that:

the clause becomes satisfied, or there’s a contradiction

95

Polarity Selection Phase Saving:

Strichman, 2000; Pipatsrisawat&Darwiche, 2007 (RSAT)

Assign a new decision variable the last polarity it was assigned: dynamicity rules again

96

Decision Heuristics: the Current Status Everybody uses phase saving Most of the SAT solvers use VSIDS Intel’s Eureka uses CBH for most of the

instances and VSIDS for tiny instances only We plan to compare VSIDS and CBH

thoroughly in our new solver Fiver

97

Core SAT Solving: the Major Enhancements to DLL Boolean Constraint Propagation Conflict Analysis and Learning Decision Heuristics Restart Strategies Pre- and Inter- Processing

The slides on restarts are based on Vadim Ryvchin’s SAT’08 presentation

98




99

Restarts Restarts: the solver backtracks to decision

level 0, when certain criteria are met crucial impact on performance

Motivation: Dynamicity: refocus the search on relevant data

Variables identified as important will be pick first by the decision heuristic after the restart

Avoid spending too much time in ‘bad’ branches

100

Restart Criteria Restart after a certain number of conflicts has

been encountered either: Since the previous restart: global

Gomes&Selman&Kautz, 1998 Higher than a certain decision level: local

Ryvchin&Strichman, 2008 Next: methods to calculate the threshold on

the number of conflicts Holds for both global and local schemes

101

Restarts Strategies

1. Arithmetic (or fixed) series. Parameters: x, y. Init(t) = x Next(t)=t+y

Arithm(2000, 0) , Arithm(1000, 10)

0500

100015002000250030003500

1 21 41 61 81 101 121 141 161 181 201

Restart NumberTh

resh

old

102

Restarts Strategies (cont.)

2. Luby et al. series. Parameter: x. Init(t) = x Next(t) = ti*x

Ruan&Horvitz&Kautz, 2003

Luby(512)

0

5000

10000

15000

20000

1 7 13 19 25 31 37 43 49 55 61 67 73 79 85 91 97

Restart NumberTh

resh

old

ti =1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 16 1 1 2 1 1 2 4 1 1 2 1 1 2 4 8 …

103

Restarts Strategies (cont.)

3. Inner-Outer Geometric series. Parameters: x, y, z. Init(t) = x if (t*y < z)

Next(t) = t*y else

Next(t) = x Next(z) = z*y

Armin Biere, 2007 (Picosat)

Inner-Outer (100, 1.1, 100)

0

500

1000

1500

2000

1 17 33 49 65 81 97 113 129 145 161 177 193

Restart NumberTh

resh

old

104




105

Preprocessing and Inprocessing The idea:

Simplify the formula prior (pre-) and during (in-) the search History:

Freeman, 1995 (POSIT): first mentioning of preprocessing in the context of SAT

Eén&Biere, 2005 (SatELite): a commonly used efficient preprocessing procedure

Heule&Järvisalo&Biere (2010-2012): a series of papers on inprocessing Used in the current state-of-the-art solvers Lingeling and

CryptoMinisat Nadel&Ryvchin&Strichman (2012): apply SatELite in incremental

SAT solving

106

Inprocessing Techniques SatELite:

Subsumption: remove clause (C+D) if (C) exists Self-subsuming resolution: replace (D+l’) by (D), if (C+l) exists,

such that C D Variable elimination: apply DP for variables, whose elimination

does not increase the number of clauses Example: (a+b)(a+b’)(a’+c)(a’+c’) (a)(a’+c)(a’+c’)

Example of other techniques: Failed literal elimination with BCP:

Repeat for a certain subset of literals on decision level 0: Propagate a literal l with BCP. If a conflict emerges, l must be 0 the formula can be simplified

107




108

Extensions to SAT Nowadays, SAT solving is much more than finding one solution

to a given problem Extensions to SAT:

Incremental SAT under assumptions Simultaneous SAT (SSAT): SAT over multiple properties at once Diverse solution generation Minimal Unsatisfiable Core (MUC) extraction Push/pop support Model minimization ALL-SAT XOR clauses support ISSAT: assumptions are implications …

109




110

Incremental SAT Solving under Assumptions The challenge: speed-up solving of related

SAT instances by enabling re-use of relevant data

Incremental SAT solving has numerous applications

Next, we review a prominent application in Formal Verification of Hardware

111

Reasoning about Circuit Properties with SAT-based Bounded Model Checking (BMC)

BMC: given a circuit and a property, does the property holds for the first n cycles? Unroll: generate a combinational instantiation of

the circuit for each cycle Run a SAT solver for each cycle over:

The translation of unrolled circuit to CNF The negation of the property at that cycle

The property holds for n cycles iff all the SAT solver invocations return UNSAT

BMC Exampleab ch

g

The property: b’h’

BMC Example: Cycle 0

ab h

g

ci

A user-given initial value

ab ch

g



ab h

g

ci

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

b’h

The negation of the property b’h’:

ab ch

g

UNSAT!



ab h

g

ci

ab ch

g

bx hx

cxax gx



ab h

g

ci

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

bx’hx

The negation of the property bx’hx’:

ab ch

g

bx hx

cx

cx + h’cx’ + h

ax gx

gx + ax’ + bx’ gx’ + ax

gx’ + bx

hx + gx’ + cx’ hx’ + gx

hx’ + cx

UNSAT!


117

Re-Using Relevant Information from Previous Cycles

The property: b’h’ab h

g

ci

bx hx

cx

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

b’h

bx’hx

cx + h’cx’ + h


gx’ + bx


hx’ + cx

C0: cycle 0 C1: cycle 1

S0: cycle 0-specific


C0 and C1 hold globally S0 and S1 hold solely

for a particular cycle

118

Pervasive Clause Learning; Marques-Silva&Sakallah, 1997 (GRASP); Strichman, 2001

Cycle 0: create a CNF instance C0 S0 and solve it Let C0

* be the set of pervasive conflict clauses, that is conflict clauses that depend only on C0

Cycle 1: create a CNF instance C0 C1 S1 C0* and solve it

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

b’h

bx’hx

cx + h’cx’ + h


gx’ + bx


hx’ + cx




119

Cycle 0: create a CNF instance C0 S0 and solve it Let C0

* be the set of pervasive conflict clauses, that is conflict clauses that depend only on C0

Cycle 1: create a CNF instance C0 C1 S1 C0* and solve it

a + h’

g

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

b’h

bx’hx

cx + h’cx’ + h


gx’ + bx


hx’ + cx




C0*

Pervasive Clause Learning; Marques-Silva&Sakallah, 1997 (GRASP); Strichman, 2001

120

Incremental SAT Solving under Assumptions; Eén&Sörensson, 2003 (Minisat)

Cycle 0: create a CNF instance C0 and solve it under the assumptions S0

S0 clauses are not part of the instance, instead: The literals of S0 are used as the first decision, or assumptions The solver stops, whenever one of the assumptions must be flipped

Cycle 1: add the clauses C1 to the same instance and solve under the assumptions S1

h + g’ + ci’ h’ + gh’ + ci

g + a’ + b’ g’ + ag’ + b

b’h

bx’hx

cx + h’cx’ + h


gx’ + bx


hx’ + cx




121

Incremental SAT Solving: More

Minisat’s method is the state-of-the-art Advantages:

Re-uses a single solver instance: heuristics are incremental All the clauses are re-used

GRASP’s method advantage Assumptions are unit clauses: preprocessing can use them to

simplify the formula Incremental SAT solving was not compatible with

preprocessing Nadel&Ryvchin&Strichman 2012:

Make incremental SAT solving compatible with SatELite Show a way to treat assumptions efficiently

122




123

Simultaneous SAT (SSAT) A SAT-based algorithm to efficiently solve

chunks of related properties in one SAT solver invocation For example, one can solve multiple properties

during BMCKhasidashvili&Nadel&Palti&Hanna, 2005 Khasidashvili&Nadel, 2011

p1 p2

C2C1

Example: Solve Both p1 and p2

Incremental SAT-based Approachp1 p2

C2C1

Translate C1 to CNF formula F Solve F under the assumption p1’ Update F with clause projection of C2\C1

Solve F under the assumption p2’

SSAT Approachp1 p2

C2C1

Translate both C1 and C2 to CNF formula F Find the status of both p1 and p2 in the same

invocation of the SAT solver

Advantages of SSAT approach to Incremental SAT-based Approach Looks at all the properties at once

One solution can falsify more than one property May find conflict clauses (lemmas) relevant for

solving many POs

128

SSAT: the Algorithm Interface Input

A combinational formula F (in CNF) A list of proof objectives (POs) p1,p2,…,pn

Output Each pi is either

falsifiable A model to F, such that pi = 0, exists (F pi’ is SAT)

valid pi always holds, given F (F pi’ is UNSAT)

129

SSAT Algorithm Interface Example

F = (a + b) c’ a’

POs: a, b, c, a’, b’, c’ a is falsifiable: a = 0; b = 1; c = 0 is the model

b is valid: there is no model to F, where b = 0 In another words, (a + b) c’ a’ b’ is UNSAT

c is falsifiable: a = 0; b = 1; c = 0 is the model

a’ is valid: no model to F where a = 1

b’ is falsifiable with a = 0; b = 1; c = 0

c’ is valid: no model to F where c = 1

• Both l and l’ may be falsifiable• Example: F = a + b; PO: a

Basic SSAT AlgorithmSSAT(F; P={p1,p2,…,pn})

While (P is non-empty) Pick any s P Solve F under the assumption s’ If satisfiable by a satisfying assignment

T:={s other POs in P falsified by } Return to the user that the POs T are falsifiable P := P \ T

If unsatisfiable Return that s is valid P := P \ {p}

Initialized with clause projection of the union of cones of all the properties

SSAT: More How to boost SSAT

Take further advantage of reasoning about all the POs at once Pick all the POs as decision variables and assign them 0

Fairness: rotate unsolved POs Set an internal time threshold for an attempt to solve one PO When the threshold expires:

Move the unresolved PO to the end of unsolved POs list Switch to another PO

SSAT is widely used at Intel Applied as the core reasoning engine for simultaneous

model checking algorithms we developed

132




133

DiversekSet: Generating Diverse Solutions DiversekSet in SAT: generate a user-given

number of diverse solutions, given a CNF formula Nadel, 2011

The problem has multiple applications at Intel

New Initial states

New Initial states

New Initial states

initial states

deep bugs

Max

FV bound

Application: Semi-formal FPV

Multi-Threaded Search to Enhance Coverage

Choosing a single path through waypoints may miss the bug

Must search along multiple diverse paths calculated:

Diversification Quality as the Average Hamming Distance

Quality: the average Hamming distance between the solutions, normalized to [0…1]

a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4

Hamming distances matrix

2



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 1



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 12



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 112



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 1123



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 1123

1811

24

3

312122

2

),(1 1

mq

DQ

m

i

m

ijji

Variables Solutions

Hamming Distance



a b c1 0 0 02 1 1 03 0 1 14 1 0 0

1 2 3 4

1

2

3

4


2 2 1123

1811

24

3

312122

2

),(1 1

mq

DQ

m

i

m

ijji

Algorithms for DiversekSet in SAT in a Glance The idea:

Adapt a modern CDCL SAT solver for DiversekSet Make minimal changes to remain efficient

Compact algorithms: Invoke the SAT solver once to generate all the

solutions Restart after a solution is generated Modify the polarity and variable selection heuristics

for generating diverse solutions

Algorithms for DiversekSet in SAT in a Glance Cont. Polarity-based algorithms:

Change solely the polarity selection heuristic pRand: pick the polarity randomly pGuide: pick the polarity so as to improve the

diversification quality Balance the number of 0’s and 1’s assigned to a variable by

picking {0,1} when variable was assigned ’ more times pGuide outperforms pRand in terms of both

diversification quality and performanceQuality can be improved further by taking BCP into

account and adapting the variable ordering

146




Unsatisfiable Core Extraction An unsatisfiable core is an unsatisfiable

subset of an unsatisfiable set of constraints

An unsatisfiable core is minimal if removal of any constraint makes it satisfiable (local minima)

Has numerous applications

Example Application: Proof-based Abstraction Refinement for Model Checking; McMillan et al.,’03; Gupta et al.,’03

No BugValidModel Check A

BMC(M,P,k)

Cex C at depth k

BugNo

A A latches/gates in the UNSAT core of BMC(M,P,k)

Inputs: model M, property P Output: does P hold under M?

Abstract model A { }

Spurious?

The UNSAT core is used for refinement The UNSAT core is required in terms of latches/gates

Yes

Turn latches/ gates into free

inputs

Example Application 2: Assumption Minimization for Compositional Formal Equivalence Checking (FEC); Cohen et al.,’10

FEC verifies the equivalence between the design (RTL) and its implementation (schematics).

The whole design is too large to be verified at once. FEC is done on small sub-blocks, restricted with assumptions. Assumptions required for the proof of equivalence of sub-

blocks must be proved relative to the driving logic. MUC extraction in terms of assumptions is vital for feasibility.

Inpu

ts

Outp

uts

Assumption Assertion

Traditionally, a Clause-Level UC Extractor is the Workhorse Clause-level UC extraction: given a CNF

formula, extract an unsatisfiable subset of its clauses

F = ( a + b ) ( b’ + c ) (c’ ) (a’ + c ) ( b + c ) ( a + b + c’ )

U1 = ( a + b ) (b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )U2 = ( a + b ) ( b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )U3 = ( a + b ) ( b’ + c ) ( c’ ) ( a’ + c ) ( b + c ) ( a + b + c’ )

Dozens of papers on clause-level UC extraction since 2002

Traditional UC Extraction for Practical Needs: the Input

An interesting constraint The remainder (the rest of the formula)

The user is interested in a MUC in terms of these constraints

Traditional UC Extraction: Example Input 1

An unrolled latch The rest of the unrolled circuit

Proof-based abstraction refinement

Traditional UC Extraction: Example Input 1

An assumptionEquivalence between sub-block RTL and implementation

Assumption minimization for FEV

Traditional UC Extraction:Stage 1: Translate to Clauses


Each small square is a propositional clause, e.g. (a + b’)

Traditional UC Extraction:Stage 2: Extract a Clause-Level UC


Colored squares belong to the clause-level UC

Traditional UC Extraction:Stage 3: Map the Clause-Level UC Back to the Interesting Constraints


The UC contains three interesting constraints

High-Level Unsatisfiable Core Extraction Real-world applications require reducing the number

of interesting constraints in the core rather than clauses Latches for abstraction refinement Assumptions for compositional FEV

Most of the algorithms for UC extraction are clause-level

High-level UC: extracting a UC in terms of interesting constraints only Liffiton&Sakallah, 2008; Nadel, 2010; Ryvchin&Strichman,

2011

Small/Minimal Clause-Level UC Small/Minimal High-Level UC

A small clause-level UC, but the high-level UC is the largest possible:

A large clause-level UC, but the high-level UC is empty:

High-Level Unsatisfiable Core Extraction: Main Results Minimal UC extraction: high-level algorithms

solve Intel families that are out of reach for clause-level algorithms

Non-minimal UC extraction: high-level algorithms are preferable 2-3x boost on difficult benchmarks

160

Thanks!

sat genealogy

Documents

resolvent clause

nliteral clause

conflict clauses

thenthe conflict clause

number of clause visits

dfs search

solvingbacktrack search

complete9backtrack search