可满足性判定的相关研究 - lcs.ios.ac.cnlcs.ios.ac.cn/~zj/20091212/hefei_tsinghua.pdf ·...
TRANSCRIPT
可满足性判定的相关研究
贺飞清华大学
/30 1
提纲提纲
SAT相关研究基于极大项覆盖的SAT算法基于极大项覆盖的 算
SMT相关研究SMT相关研究判定理论及判定工具
/30 2
提纲提纲
SAT相关研究基于极大项覆盖的SAT算法基于极大项覆盖的 算
SMT相关研究SMT相关研究判定理论及判定工具
/30 3
SATSAT
SAT(可满足性)问题判定是否存在一组赋值使给定SAT(可满足性)问题判定是否存在一组赋值使给定的布尔逻辑表达式成立。著名的NP完全问题著名的NP完全问题在电子设计自动化、人工智能、形式化验证等领域得到了广泛应用广泛应用
3 SAT Problems at phase transition被认为是SAT中求3‐SAT Problems at phase transition 被认为是SAT中求解难度最大的一类问题
3 SAT 所有子句长度为33‐SAT:所有子句长度为3Phase transition:子句个数=4.3*变量个数
/304
DPLLDPLL
多 都基 1 0 4 1许多SAT工具都基于DPLL算法实现
x1 x1=0, x4=1
3 1 8 0 12 1分枝策略子句学习策略
x3
2
x3=1, x8=0, x12=1
回馈策略。。。
x2 x2=0, x11=1
7 x7=1 x9= 0 1x7 x7=1, x9= 0, 1
是否存在其他实现算法?
/30 5
Primary IdeaPrimary Idea
Lemma: A Boolean formula is unsatisfiable iff its PCNF has 2nmaxterms, where n is the number of variables in the formula.
Maxtermd f ll bl h f la disjunction of all variables in the formula.
PCNF: Principal CNFpEvery clause is a maxterm.
/30 6
Relative Maxterm CoveringRelative Maxterm CoveringDefinition: The relative maxterms covered by aDefinition: The relative maxterms covered by a clause Cwith respect to a clause set T are those maxterms covered by C but not covered by Tmaxterms covered by C but not covered by T, denoted as
relMC(C T) = MC(C)\MC(T)relMC(C,T) MC(C)\MC(T).
Th t d b th t l lThe maxterms covered by the empty clause ε equal the universe set. A clause set T is satisfiable iff
relMC(ε, T) ≠ Φ
/30 7
An ExampleAn Example
4
Empty Clause
24
MC(T) h1
MC(T) where T={1,2,3,4,5}
3 5
relMC(ε,T)≠Φ
3 5
/30 8
The Key Issue
Theorem: Given two clauses
The Key Issue
Theorem: Given two clauses, mpppC ∨∨∨= L211
the result ofMC(C )\MC(C ) can be represented bynqqqC ∨∨∨= L212
the result of MC(C1)\MC(C2) can be represented by the following formula R, i.e. MC(R) = MC(C1)\MC(C2).
{CR,
,{
212
12
ppCpCR¬∨∨
¬∨=
}pppC ¬∨∨∨∨ L
LLL
/30 9
}212 mpppC ¬∨∨∨∨ L
O ti i ti St t iOptimization Strategies
We introduce some optimization strategies to simplify the solution search process.
Remove Independent ClausesLook for Upperclass ClausesLook for Sub‐upperclass ClausesCompare Two Clauses SimultaneouslyClause OrderingRemove Single Polarity VariablesSplitting the Universe Set into Multiple Partitions
/30 10
S1: Remove Independent ClausesS1: Remove Independent Clauses
Independent Clauses are those whose maxterms phave no intersection.
1 4Remove
Independent Clauses
25C
Clauses
3
Formally, two clauses are mutually independent if they contain a complementary pair of literals, t ey co ta a co p e e ta y pa o te a s,such as p∨q and ¬p∨q∨r。
/3011
S2:Look for Upperclass ClausesS2:Look for Upperclass ClausesUpperclass Clause is that whose maxterms is a super set of the current clause’s.
22CUpperclass Clause of C
31relMC(C,T)=Φ
F ll C i th l l f C if thFormally, C1 is the upperclass clause of C2 if the literals in C1 is a subset of the literals in C2. For example, p∨q is upperclass clause of p∨q∨¬r.
/3012
S3:Look for Sub-upperclassClauses
Formally, C1 is a sub‐upperclass clause of C2 if C1 has oneFormally, C1 is a sub upperclass clause of C2 if C1 has one and only one literal that is missing from C2. For example p∨s is the sub‐upperclass clause of p∨q∨¬rFor example, p∨s is the sub upperclass clause of p∨q∨¬r.
2
311
Sub-upperclass clause of C
3
/3013
S4:Compare Two Clauses Simultaneously
11C1 and C2 are
mutually independent
23 C
2
y p
22
/3014
S5:Splitting the Universe Set into Multiple Partitions
If we try first this
Clause set T
e y s spartition, then we find a satisfiable solution
very quickly
select k variables to
very quickly.
select k variables to split the universe set
into 2k parts
Heurisitc: Use the weights of variables to decide which
/3015
partition should be tried first.
S6:Clause OrderingS6:Clause Ordering
W h b f f hWe count the number of occurrences of each variable in all clauses, d h h i h f h land then compute the weight for each clause.
hil h f i bl][∑= ][ ipnumw
while represents the occurrences of variable pi.If h h l b h f
][ ipnum
If there are more than one clause can be chose for certain strategy, we choose that with the largest weightweight.
/3016
S7:Remove Single Polarity Variables
If a variable p occurs with only one polarity, we can directly remove all clauses that contain such d ect y e ove a c auses t at co ta sucvariable.Similar strategy applied for DPLL‐based solversSimilar strategy applied for DPLL‐based solvers.
/3017
Experimental ResultsExperimental Results
bl bl O Ch ff O / Ch ffProblems # Problems Ours zChaff Ours/zChaff
uf200 100 0.118 0.332 68/32uuf200 100 0 347 1 571 100/0uuf200 100 0.347 1.571 100/0uf225 100 0.387 1.017 60/40
uuf225 100 1.308 7.162 100/0uuf225 100 1.308 7.162 100/0uf250 100 1.328 8.296 65/35
uuf250 100 4.755 55.173 100/0
• All benchmarks are downloaded 3‐SAT problems. be c a s a e do oaded 3 S p ob e s• Our solver is much faster than zChaff for both satisfiableand unsatisfiable problems.
/30 18
p
Experiment resultp
• As the number of variables increases, the runtime s t e u be o va ab es c eases, t e u t eincreasing rate of our solver is much smaller than that of zchaff.
/3019
Experimental ResultsExperimental Results
S i fi bl i fi bl#variables
Satisfiable Unsatisfiable
Ours zChaff Ours zChaff275 4 02 57 07 14 08 178 87275 4.02 57.07 14.08 178.87300 11.47 277.58 40.46 998.98325 52.27 1740.04 182.02 7187.56350 188.025 N/P 590.38 N/P375 633.82 N/P 1781.95 N/P400 2187.42 N/P 5867.35 N/P
• All benchmarks are random generated 3‐SAT problems. be c a s a e a do ge e ated 3 S p ob e s• It beats zChaff for both satisfiable and unsatisfiablebenchmarks.
/30 20
提纲提纲
SAT相关研究基于极大项覆盖的SAT算法基于极大项覆盖的 算
SMT相关研究SMT相关研究判定理论及判定工具
/30 21
SMT判定理论SMT判定理论
Satisfiability Modulo Theory (SMT)是可满足性问题的扩展题的扩展满足某背景理论(background theory)的逻辑表达式以带等式的 阶逻辑公式表示以带等式的一阶逻辑公式表示
被 为 代 擎SMT Solver被认为是下一代验证引擎可供自动验证工具和定理证明工具调用许多验证问题可以被归结为SMT问题,直接使用SMT Solver求解
Architecture of ESC/JavaArchitecture of ESC/JavaMethod + annotationsMethod + annotations
Verification condition Verification condition generatorgeneratorgeneratorgenerator
Verification conditionVerification conditionBackgroundBackground Verification conditionVerification condition (x (x > y ==> … )> y ==> … )Background Background axiomsaxioms
AutomaticAutomatictheorem provertheorem prover
CounterexampleCounterexampleError: index out ofError: index out ofbounds on line 218bounds on line 218
aCiNOaCiNO
A C/C++ Implementation of Nelson‐Oppen自主开发的一个SMT求解工具自主开发的 个 求解 具集成多个理论域的判定过程线性不等式线性不等式非解释性函数数组 向量等数组、向量等。
为程序分析、程序验证等提供底层支持。
算法框架算法框架
SAT solvers + Theories利用DPLL框架处理公式
x1利用 框架处理公式的布尔结构。Theory‐specific Solver
x3Theory specific Solver (T‐Solver)只需处理给定理论域谓词合取式的可
x2理论域谓词合取式的可满足性。 x7 T‐Solver
混合理论域的判定混合理论域的判定
基于Nelson‐Oppen架构利用等式实现多个理论域的信息共享利用等式实现多个理论域的信息共享能有效的将现有求解算法组合成新算法
Nelson‐Oppen DPLL SAT modulo T1, T2, T3
“=“ information
Theory1 Theory2 Theory3
非解释性函数的判定过程非解释性函数的判定过程
相容闭包算法数据表示:E图数据表示 图使用“并‐查集”来实现等价类的合并使用在合并时压缩路径的算法使用在合并时压缩路径的算法利用哈希函数来加速查找
数据结构数据结构
将 有出 过的 表 在 个 重复的部分重将所有出现过的项和子项表示在一个图里面,重复的部分重用,调用关系用箭头表示,相等关系用虚线表示,不等关系用红色点划线表示用红色点划线表示
ff
f(f(f(f(x))))f(f(f(f(f(x)))))
vvfffffx
f
f
f(f(x))
f(f(f(x))) vfffx
vffffx
f
f
f(x)
f(f(x))
vfx
vffx
xx vx
线性不等式的判定过程线性不等式的判定过程
增量式的单纯形算法以传统的单纯形算法为基础传统的单纯形算 为基础计算过程中能够发掘新的原子等式,并传递给其他理论域 以保证在Nelson‐Oppen架构的正其他理论域,以保证在Nelson Oppen架构的正确性。增量式的算法过程 以重用中间结果增量式的算法过程,以重用中间结果。
增量式的算法增量式的算法
DPLL过程中需要多次调用T‐Solver,相比于上一次调用增加对若干命题的赋值(propagation)取消对某些命题的赋值(backtrack)取消对某些命题的赋值(backtrack)
增量式的算法增加命题赋值:在单纯形表中增加相应的行列。增加命题赋值:在单纯形表中增加相应的行列。撤销命题赋值:将对应的新变量旋转入基,并删去该行即可去该行即可。
数组理论的判定过程数组理论的判定过程
数组时最常用的数据结构之一。当前针对数组理论判定过程的技术都是基当前针对数组理论判定过程的技术都是基于非解释型函数来进行。难以提供对数组下标的量化难以提供对数组下标的量化
在程序验证中,常常需要对包含量词的数组理论域逻辑公式进行判定,如
∀i a[i] < b[i]∀i, a[i] < b[i]∃j, a[j] > 0
/30 31
最近的已有工作包括一种基于counter自动机的规约方法 [M. Bozga, et. al. CAV 09][ g ]允许对数组元素和下标的有条件的量化;对量词的限制很不自然对量词的限制很不自然
判定算法要求从数组理论到Counter自动机以及从counter自动机到Presburger代数的两次转换从counter自动机到Presburger代数的两次转换,算法效率不高。
/30 32
当前工作当前工作
数 论 过数组理论的判定过程
可判定的数组理论片断可判定的数组理论片断
有效的求解算法
与工具的集成与工具的集成
33
Thanks !Thanks !
/30 34