SAT-Solving: From Davis-

Putnam to Zchaff and Beyond

Day 3: Recent Developments

Lintao Zhang
Requirements for SAT solvers
in the Real World
z Fast & Robust
z Given a problem instance, we want to solve it quickly
z Reliable
z Can we depend on the SAT solver? i.e. is the solver bug free?
z Feature Rich
z Incremental SAT Solving
z Unsatisfiable Core Extraction
z What are the other desirable features?
z Beyond SAT
z Pseudo Boolean Constraint
z Multi-Value SAT solving
z Quantified Boolean Formula (QBF)

Lintao Zhang
Resolution
z Resolution of a pair of clauses with exactly ONE incompatible
variable
z Two clauses are said to have distance 1

a + b + c’ + f g + h’ + c + f

a + b + g + h’ + f

Lintao Zhang
Conflict Analysis as
Resolution

-V2(1)
V3(2) (V2 + V3’ + V5’+V6)

V4(5) (V3’+V6+V4)
V1(5)
(V6+V5’+V1’)
-V6(5)
(V2+V4’+V6+ V1)
-V1(5) (V2+V4’+V6+V5’)
(V2 + V3’ + V5’+V6)

V5(3)
Lintao Zhang
Key Observations
z DLL with learning is nothing but a resolution process
z Has the same limitation as resolution
z Certain class of instances require exponential sized resolution
proof. Therefore, it will take exponential time for DLL SAT solver
z We can use this for
z Certification / Correctness Checking
z Unsatisfiable Core Extraction
z Incremental SAT solving

Lintao Zhang
Motivation for SAT Solver
Validation
z Certify automatic reasoning tools:
z Required for mission critical applications
z Train Station Safety Check
z Available for some theorem provers and model checkers
z Do we really need the validation?
z Modern SAT solvers are intricate pieces of software (e.g. zchaff
contains about 10,000 lines of code)
z Bugs are abundant in SAT solvers

Lintao Zhang
Certify a SAT Solver
z The correctness of a SAT solver:
z If it claims the instance is satisfiable, it is easy to check the claim.
z How about unsatisfiable claims?
z Traditional method: run another SAT Solver
z Time consuming, and cannot guarantee correctness
z Needs a formal check for the proof, similar to the check for
the validity of a proof in math.
z Must be automatic.
z Must be able to work with current state-of-the-art SAT solvers

Lintao Zhang
DLL with Learning
while(1) {
if (decide_next_branch()) { //Branching
while(deduce()==conflict) { //Deducing
blevel = analyze_conflicts(); //Learning
if (blevel < 0)
return UNSAT;
else back_track(blevel); //Backtracking
}
else //no branch means all variables got assigned.
return SATISFIABLE;
}

Lintao Zhang
Correct in Unsatisfiable Case

(x4) ()
(x4’+x3’) (x1’+x4’)
(x4’)
(x1)
(x1’+x3+x5+x7) (x1’+x3+x5)
(x4’+x3+x5’)
(x1’+x4’+x3)
(x7’+x5)
Final Conflicting
Clause

Lintao Zhang
Resolution Graph
Empty
Clause

Original Clauses

Learned Clauses

Lintao Zhang
An Independent Checker
Strategy:
z SAT solver dump out a trace during the solving process
representing the resolution graph
z Using a third party checker to construct the empty clause by
resolution using the hint provided by the trace
z Trace only contain resolve sources of each learned clauses.
Need to reconstruct the clause literals by resolution from
original clauses

Lintao Zhang
Practical Implementation:
Depth First
z Start from the empty clause, recursively reconstruct all
needed clause.
z Fast, because it only needs to reconstruct clauses that are
needed for the proof.
z But may fail because of memory overflow on hard instances.

Lintao Zhang
Depth First Approach
Empty
Clause

Original Clauses

Learned Clauses
Lintao Zhang
Practical Implementation:
Breadth First
z Start from the original clauses and construct clauses in the
same order as they appear
z Slower, because all the clauses need to be reconstructed
z No memory overflow problem if we delete clauses when they
are not needed anymore.

Lintao Zhang
Breadth First Approach
Empty
Clause

Original Clauses

Learned Clauses

Lintao Zhang
Calculate Fan-outs in Breadth
First Approach
0 0 Empty
2 Clause
1
3

2 2
3
1
0 1
2

0
1
3 Original Clauses
1 0
Learned Clauses

Lintao Zhang
Calculate Fan-outs in Breadth
First Approach
0 0 Empty
2 Clause
1
3

2 2
3
1
0 1
2
0
1
3 Original Clauses
1 0
Learned Clauses

Lintao Zhang
Experimental Results
Num. Orig. Num. Trace
Instance Name Variables Clauses Runtime Overhead
2dlx_cc_mc_ex_bp_f 4583 41704 3.3 11.89%
bw_large.d 5886 122412 5.9 9.12%
c5315 5399 15024 22.0 10.45%
too_largefs3w8v262 2946 50216 40.6 7.68%
c7552 7652 20423 64.4 8.76%
5pipe_5_ooo 10113 240892 118.8 4.51%
barrel9 8903 36606 238.2 4.51%
longmult12 5974 18645 296.7 6.17%
9vliw_bp_mc 20093 179492 376.0 4.26%
6pipe_6_ooo 17064 545612 1252.4 3.39%
6pipe 15800 394739 4106.7 2.77%
7pipe 23910 751118 13673.0 1.68%
* Experiments are carried out on a PIII 1.13Ghz Machine with 1G Mem
Lintao Zhang
Experimental Results
Depth-First Breadth-First
Instance
Name Time(s) Mem(k) Time(s) Mem(k)
2dlx 0.84 7860 1.30 4652
bw_large.d 1.48 8720 2.44 9920
c5315 2.8 18108 5.19 3732
too_large 3.79 26752 5.47 6164
c7552 6.16 41420 11.44 5976
5pipe_5_ooo 6.6 50044 13.29 17936
barrel9 4.85 31456 10.46 6752
longmult12 25.9 154288 41.22 7488
9vliw_bp_mc 12.8 126752 33.81 17724
6pipe_6_ooo 38.5 249468 102.67 40136
6pipe * * 301.98 40248
7pipe * * 645.33 62620
Lintao Zhang
Unsatisfiable Core Extraction:
Problem Definition
Given an unsatisfiable Boolean Formula in CNF
F=C1C2......Cn
Find a formula
G=C1’C2’......Cm’
Such that G is unsatisfiable, Ci’ ∈{Ci | i=1...n} with m ≤ n

Example:
(a) (a’ + b’)(b + a’)(c + a’ + d)(c’ + d) (d’ + a’)

Lintao Zhang
Unsatisfiable Core Extraction:
Problem Definition
Given an unsatisfiable Boolean Formula in CNF
F=C1C2......Cn
Find a formula
G=C1’C2’......Cm’
Such that G is unsatisfiable, Ci’ ∈{Ci | i=1...n} with m ≤ n

Example:
(a) (a’ + b’)(b + a’)(c + a’ + d)(c’ + d) (d’ + a’)

Lintao Zhang
Unsatisfiable Core Extraction:
Problem Definition
Given an unsatisfiable Boolean Formula in CNF
F=C1C2......Cn
Find a formula
G=C1’C2’......Cm’
Such that G is unsatisfiable, Ci’ ∈{Ci | i=1...n} with m ≤ n

Example:
(a) (a’ + b’)(b + a’)(c + a’ + d)(c’ + d) (d’ + a’)

Lintao Zhang
Motivation
z Debugging and redesign: SAT instances are often generated from real
world applications with certain expected results:
z If the expected results is unsatisfiable, but we found the instance to be
satisfiable, then the solution is a “counter example” or “input vector” for
debugging
z Train station safety checking
z Combinational Equivalence Checking
z What if the expected results is satisfiable?
z SAT Planning
z FPGA Routing
z Relaxing constraints:
z If several constraints make a safety property holds, are there any redundant
constraints in the system that can be removed without violate the safety
property?
z Abstraction for model checking: Ken McMillan & Nina Alma, TACAS03; A.
Gupta et al, ICCAD 2003

Lintao Zhang
Proposed Approach
Empty
Clause

Original Clauses

Learned Clauses

Lintao Zhang
Proposed Approach
Empty
Clause

Original Clauses

Learned Clauses
Lintao Zhang
Proposed Approach
Empty
Clause

Involved Clauses

Original Clauses

Learned Clauses

Lintao Zhang
Implementation Issues
z No need to check the integrity of the graph
z Graph too large, have to traverse on disk
z The nodes of the graph is already topologically ordered
z But we need to reverse it
z Can iteratively run the procedure to obtain smaller cores
z Cannot guarantee the core to be minimal or minimum. Depends on
the SAT solver for the quality of the core extracted

Lintao Zhang
Experimental Results
Instance Before After Clause Run
Name Num Cls Num.Vars Num. Cls Num. Vars Ratio Time (s)
2dlx 41704 4524 11169 3145 26.8% 0.85
bw_large.d 122412 5886 8151 3107 6.7% 1.54
C5315 15024 5399 14336 5399 95.4% 2.64
too_large 50216 2946 10060 2946 20.0% 2.65
C7552 20423 7651 19912 7651 97.5% 5.37
5pipe_5_ooo 240892 10113 57515 7494 23.9% 6.62
Barrel9 36606 8903 23870 8604 65.2% 4.66
longmult12 18645 5974 10727 4532 57.5% 21.31
9vliw_bp_mc 179492 19148 66458 16737 37.0% 10.68
6pipe_6_ooo 545612 17064 180559 12975 33.1% 37.14
6pipe 394739 15469 126469 13156 32.1% 99.96
7pipe 753118 23910 221070 20188 29.3% 152.71
Lintao Zhang
Core Extracted After Several
Iterations
5pipe_5_ooo barrel9

1.6 1.6

1.4 1.4

1.2 1.2

1 1

0.8 0.8
0.6 0.6

0.4 0.4

0.2 0.2

0 0
1 6 11 16 21 26 1 6 11 16 21 26

bw_large.d too_largefs3w8v262

1.6 1.6

1.4 1.4

1.2 1.2

1 1

0.8 0.8

0.6 0.6

0.4 0.4

0.2 0.2

0 0
1 6 11 16 21 26 1 6 11 16 21 26

Lintao Zhang
The Quality of the Core
Extracted
z Start from the smallest core that can be extracted by the proposed
method (i.e. run till fixed point), delete clauses one by one till no
clause can be deleted without change the satisfiability of the
formula.
z The resulting core is a minimal core for the formula.
z Finding minimal core is time consuming.

Benchmark Original Extracted Iterations Minimal Clause

Instance #Cls # Cls #Cls Ratio
2dlx_cc_mc_ex_bp_f 41704 8036 26 7882 1.020
Bw_large.d 122412 1352 35 1225 1.104
Too_largefs3w8v262 50416 4464 32 3765 1.186

Lintao Zhang
Incremental SAT Solving
z In real world, multiple SAT instances are generated to solve one
problem
z Combinational Equivalence Checking: equivalence multiple outputs are
checked one by one
z Bounded Model Checking: properties are checked at 1, 2, 3 … n cycles.
z These multiple SAT instances are often very similar, or have large
common part
z Traditionally we solve them one by one independently
z Can we do better?

Lintao Zhang
Incremental SAT Solving
z Previous efforts are recorded in the learned clauses
z Try to keep the learned clauses

z To solve a series of SAT instances that differ only a little bit, we

need to be able to
z Add constraints to the clause database (easy)
z If the original instance is UNSAT, the new instance is still UNSAT
z If the original instance is SAT, while added constraint clauses are not
conflicting under the satisfying assignment, then the new instance is still
SAT
z Otherwise, resolve the conflict and continue solve
z Delete constraints from the database (tricky)
z Some of the learned clauses are invalidated
z Ofer Strichman, CAV2000

Lintao Zhang
Find the Learned Clauses that
are Invalidated
1
2347
2 23 234

3
23578

4 347
34

5
47 57
6 3478

7 78 Original Clauses

8 Learned Clauses

Lintao Zhang
Find the Learned Clauses that
are Invalidated
1
2347
2 23 234

3
23578

4 347
34

5
47 57
6 3478

7 78 Original Clauses

8 Learned Clauses

Lintao Zhang
Find the Learned Clauses that
are Invalidated
1
2347
2 23 234

3
23578

4 347
34

5
47 57
6 3478

7 78 Original Clauses

8 Learned Clauses

Lintao Zhang
Engineering Questions
z How to do this efficiently?
z It’s too expensive for each learned clause to carry with it all it’s
resolve sources
z Solution
z Arrange the clauses into groups. Clauses are added and deleted
a group at a time
z Using bit vector for carrying the group information for each
clause: 32 bit machine can have 32 groups of clauses, enough for
most applications

Lintao Zhang
Using SAT Techniques for
Other types of Constraints
z SAT Limitations
z Variables are in Boolean Domain
z Constrains are expressed as clauses
z E.g. at least one of the literals in each clause must be true
z SAT Advantages
z DLL algorithm is highly polished, many well studied heuristics
z Very fast BCP
z Learning and non-chronological backtracking
z Can we remove some of the limitations while still retain the powerful
SAT solving techniques?
z Pseudo Boolean Constraint, Fadi Alou etc. PBS
z Multi Value SAT, Cong Liu etc. CAMA
z Quantified Boolean Solver

Lintao Zhang
Pseudo Boolean (PB)
Constraints Solver
z PB Constraints Definition

c1x1 +L + cn xn ~ g
ci , g ∈ Z ~∈{=, ≤, ≥} xi ∈ Literals

z Examples:
3 x1 + x2 + 5 x3 = 2
4 x1 - 5 x3’ >= 3

Lintao Zhang
Pseudo Boolean (PB)
Constraints Solver
z Clauses can be generalized as a PB constraint:
( x ∨ y) ( x + y ≥ 1)
z Convert arbitrary PB constraints to normal form:
c1x1 +L + cn xn ≤ g
e.g. − 3x1 + 2 x2 ≥ −1 • Positive coefficients
• Constraint type: ≤
− (−3x1 + 2 x2 ) ≤ −(−1)
⇒ Faster manipulation
3 x1 − 2 x2 ≤ 1
3 x1 − 2(1 − x2 ) ≤ 1
3 x1 + 2 x2 ≤ 3

Lintao Zhang
PB-SAT Algorithms

z Struct PBConstraint:

Goal n LHS List of ci and xi’s

value of LHS based on

value of RHS current variable assignment

z For efficiency:
z Sort the list of cixi in order of increasing ci

Lintao Zhang
PB-SAT Algorithms
z Assigning vi to 1: 5x1+6x2+3x3 ≤ 12
For each literal xi of vi
z If positive xi, LHS += ci
LHS = 0

z Unassigning vi from 1:
For each literal xi of vi 5x1+6x2+3x3 ≤ 12
z If positive xi, LHS -= ci LHS = 5
z PB constraint state
z UNS: LHS > goal
5x1+6x2+3x3 ≤ 12
LHS = 8
LHS < goal
SATISFIABLE
Lintao Zhang
PB-SAT Algorithms

z Identifying implications 5x1+6x2+3x3 ≤ 12

z if ci > goal – LHS, xi = 0
LHS = 0
z Implied by literals in PB goal - LHS = 12
assigned to 1
5x1+6x2+3x3 ≤ 12
LHS = 8
goal - LHS = 4
Imply x2=0

Lintao Zhang
PB-SAT Algorithms
z Identifying conflicts 5x1+6x2+3x3 ≤ 7
z if LHS > goal LHS = 0
z Conflicting assignment:
consists of the subset of true
literals whose sum of
5x1+6x2+3x3 ≤ 7
coefficients exceeds the goal.
LHS = 14
LHS > goal
conflicting
assignment =
{x1, x2}

Lintao Zhang
SAT Solving on Multi-Value
Domain
z Let xi denote a multi-valued variable with domain Pi
={0,1,…,|Pi|-1}.
z xi is assigned to a non-empty value set vi, if xi can
take any value from vi ⊆ Pi but no value from Pi \ vi
z if | vi | = 1, completely assigned, e.g. x := {2}
z otherwise incompletely assigned, e.g. x := {0,2}
z A multi-valued literal xisi is the Boolean function
defined by
xisi ≡ ( xi = γ 1 ) + L + ( xi = γ k )
where γ i ∈ si ⊆ Pi ; si is the literal value set

Lintao Zhang
Multi-Value SAT
z A multi-valued clause is a logical disjunction of one or more
MV literals.
z A formula in multi-valued conjunctive normal form (MV-CNF)
is the logical conjunction of a set of multi-valued clauses.
z A MV SAT problem given in MV-CNF is
z Satisfiable if there exists a set of complete assignments to all
variables such that the formula evaluates to true.
z It is unsatisfiable if no such assignment exists.

Lintao Zhang
Resolution
z Recall: Binary clause resolution:
(∑ li + x) (∑ li '+ x ) ( x1 '+ x3 )
(∑ li + ∑ li ') ( x2 + x3 '+ x4 )
z variable x is eliminated ( x1 '+ x2 + x4 )
z MV resolution provides generalized case
( x1{0,2} + x3{2 ,3} )
(∑ x + x ) (∑ x ' '+ x s ' )
si s s'j
{0,2}
i i ( x1{3} + x2{1,2} + x3{0,2} )
(∑ x + ∑ x ' '+ x s ∩s ' )
si s'j
i i ( x1{0,2,3} + x+2{1,2}
( x2{1,2} + x)3{2} )
x3{0,2,3}
z take intersection of literal value sets of the resolving
variable x

Lintao Zhang
Decision
z Binary case: either 0 or 1 is assigned
z MV Case: (2|P|-2) possible assignments initially
z E.g. P={0,1,2}: {0}, {1}, {2}, {0,1}, {0,2}, {1,2}
z “Large decision” scheme:
z Pick one value from value set of selected variable
z Max depth of decision stack = # variables n
z Learning by contra-positive only forbids one value
z “Small decision” scheme:
z Exclude one value n

z Max depth of decision stack = ∑P

i =1
i

Lintao Zhang
Boolean Constraint
Propagation
ω1 = ( x3{1} + x2{0,1} ) P1 = P2 = P3 = P4 = {0,1, 2,3}

ω2 = ( x{1,3}
4 + x{0}
3 + x{1}
1 )

ω3 = ( x2{2} + x1{2,3} + x4{3} )

x4 = {0}@ d1
x1 = {1}@ d 2 Conflict
ω2 ω3
x3 = {3}@ d 2
x2 = {0,1}@ d 2
ω1

Implication Graph (IG)

Lintao Zhang
Conflict Analysis by Cut
z Cut at x3 and x4 as first UIP

x4 = {0}@ d1
x1 = {1}@ d 2 Conflict
ω2 ω3
x3 = {3}@ d 2
x2 = {0,1}@ d 2
ω1

x4 = {0} ∧ x3 = {3} ⇒ Conflict

z By contra-positive we learn

ωcut = ( x{1,2,3}
4 + x{0,1,2}
3 )

Lintao Zhang
Conflict Analysis by
Resolution
x4 = {0}@ d1
x1 = {1}@ d 2 Conflict
ω2 ω3
x3 = {3}@ d 2
x2 = {0,1}@ d 2
ω1
ωakk = ω3 = ( x2{2} + x1{2,3} + x4{3} )
ω1 = ( x3{1} + x2{0,1} ) ω2 = ( x{1,3 }
+ x {0}
+ x {1}
4 3 1 )
ω2 = ( x4{1,3} + x3{0} + x1{1} ) ω 'akk = ( x2{2} + x4{1,3} + x3{0} )
ω3 = ( x2{2} + x1{2,3} + x4{3} ) ω1 = ( x3{1} + x{0,1}
2 )
ωlearn = ω 'akk = ( x{1,3}
4 + x {0,1}
3 )
Lintao Zhang
MV-Conflict Analysis
z The learned clause is strictly “stronger” than the cut
clause ωcut = ( x4{1,2,3} + x3{0,1,2} )
ωlearn = ( x4{1,3} + x3{0,1} )
Never visited
z Cut clause forbids: before
x4 = {0} ∧ x3 = {3}
z Learned clause forbids:
x4 = {0} ∧ x3 = {3}, x4 = {0} ∧ x3 = {2},
x4 = {2} ∧ x3 = {2}, x4 = {2} ∧ x3 = {3}
z As if decisions were: Bigger
search space
x4 = {0, 2}@ d1; x3 = {2, 3}@ d 2
Lintao Zhang
Pseudo Boolean Constraints
and Multi-Value Constraints

They REALLY look like Boolean

Satisfiability Solvers!!!

Lintao Zhang
QBF: Quantified Boolean
Formula
z Quantified Boolean Formula
Q1x1……Qnxn ϕ
z Example:
∀x∃y(x+y’)(x’+y)
∃de∀xyz∃abc f(a,b,c,d,e,x,y,z)
z QBF Problem:
Is F satisfiable?

Lintao Zhang
Why Bother
z P-Space Complete, theoretically harder than NP-Complete
problems such as SAT.
z Has practical Applications:
z AI Planning
z Sequential Circuit Verification
z Similarities with SAT
z Leverage SAT techniques

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

Unknown

True (1)

False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1

Unknown

True (1)

False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1

Unknown

True (1)
y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1

Unknown

True (1)
y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1
Backtrack

Unknown

True (1)
y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=1 y=0
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∃x∀y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=1 y=0
False(0)

Lintao Zhang
Basic DLL Flow for QBF

False
∃x∀y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=1 y=0
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

Unknown

True (1)

False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

x=1

Unknown

True (1)

False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

x=1

Unknown

True (1)
y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

x=1

Unknown

True (1)
y=1 y=0
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

x=1

Unknown

True (1)
y=1 y=0
False(0)

Lintao Zhang
Basic DLL Flow for QBF

∀x∃y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=0 y=1
False(0)

Lintao Zhang
Basic DLL Flow for QBF

True
∀x∃y (x + y)(x’ + y’)

x=1 x=0

Unknown

True (1)
y=1 y=0 y=1
False(0)

Lintao Zhang
QBF: Conclusions
z QBF solving is much more difficult than SAT
z No existing QBF solver is of much practical use
z It’s possible to incorporate learning and non-chronological
backtracking into a DLL based QBF solver
z Unlike SAT, where DLL seems to be the predominant solution, it’s
still unclear what is the most efficient approach to QBF
z Attracted a lot of interest recently, much more research effort is
needed to make QBF solving practical
z Chicken egg problem

Lintao Zhang