Download Report

1
CDM
Algorithms for propositional Logic
Boolean Decision Problems
SAT Solvers
Refutation and Resolution
Binary Decision Diagrams
Klaus Sutner
Carnegie Mellon University
Fall 2013
Decision Problems
3
Satisfiability
A Boolean formula ϕ.
Is ϕ satisfiable?
Problem:
Instance:
Question:
Tautology
A Boolean formula ϕ.
Is ϕ a tautology?
Problem:
Instance:
Question:
Equivalence
Two Boolean formulae ϕ and ψ.
Are ϕ and ψ equivalent?
4
The reason it is worthwhile to distinguish between these three problems is
computational complexity: given a certain representation, a particular problem
can be tackled with such-and-such resources.
Recall the standard decision problems associated with propositional formulae.
Problem:
Instance:
Question:
All One
Other than that, they are very closely related:
ϕ satisfiable iff ¬ϕ not a tautology
ϕ satisfiable iff ϕ, ⊥ not equivalent
ϕ, ψ equivalent iff (ϕ ⇔ ψ) a tautology
Of course, negation or the introduction of the connective “ ⇔ ” can ruin the
representation of a formula.
Boolean Functions
5
As we have seen, any Boolean formula ϕ(x1 , x2 , . . . , xn ) naturally defines an
n-ary Boolean function ϕ
b : 2n → 2 .
Representation
There are two important and drastically different ways to represent a Boolean
function.
In terms of Boolean functions, the three problems translate into
A Boolean formula ϕ(x1 , x2 , . . . , xn ), in particular a formula in a
particular normal form such as NNF, CNF, DNF.
f 6= 0
f =1
f =g
Of course, this version obscures the representation of the functions and
therefore muddles complexity issues.
A custom designed data structure, a so-called binary decision diagram.
As we will see, the representation is critical for complexity issues.
For the time being, we will deal with representations inspired by the formula
perspective.
6
Preprocessing
7
Negation Normal Form (NNF)
8
Definition
A formula is in Negation Normal Form (NNF) if it only contains negations
applied directly to variables.
It seems reasonable to preprocess the input a bit: we can try to bring the input
into some particularly useful syntactic form, a form that can then be exploited
by the algorithm.
A literal is a variable or a negated variable.
There are two issues:
Theorem
The transformation must produce an equivalent formula (but see below
about possible additions to the set of variables).
For every formula, there is an equivalent formula in NNF.
The transformation should be fast.
The algorithm pushes all negation signs inward, until they occur only next to a
variable.
Here are some standard methods to transform propositional formulae.
Rules for this transformation:
We will focus on formulae using ¬, ∧, ∨, a harmless assumptions since we can
easily eliminate all implications and biconditionals.
¬(ϕ ∧ ψ) ⇒ ¬ϕ ∨ ¬ψ
¬(ϕ ∨ ψ) ⇒ ¬ϕ ∧ ¬ψ
¬¬ϕ ⇒ ϕ
As Parse Trees
9
Push negations down to the leaves.
¬
¬
ϕ
ψ
Note that this requires pattern matching: we have to find the handles in the
given expression.
¬
ϕ
10
This is an example of a rewrite system: replace the LHS by the RHS of a
substitution rule, over and over, until a fixed point is reached.
∧
∨
Rewrite Systems
¬(p ∧ (q ∨ ¬r) ∧ s ∧ ¬t)
¬p ∨ ¬(q ∨ ¬r) ∨ ¬s ∨ t
ψ
¬p ∨ (¬q ∧ r) ∨ ¬s ∨ t
¬
∧
ϕ
Also note that the answer is not unique, here are some other NNFs for the
same formula:
∨
ψ
¬
¬
ϕ
ψ
Min- and Max-Terms
So we are left with a formula built from literals using connectives ∧ and ∨.
The most elementary such formulae have special names.
Definition
A minterm is a conjunction of literals.
A maxterm is a disjunction of literals.
Note that a truth table is essentially a listing of all possible 2n full minterms
over some fixed variables x1 , x2 , . . . , xn combined with the corresponding truth
values of the formula ϕ(x1 , . . . , xn ).
By forming a disjunction of the minterms for which the formula is true we get a
(rather clumsy) normal form representation of the formula.
The reason we are referring to the normal form as clumsy is that it contains
many redundancies in general. Still, the idea is very important and warrants a
definition.
¬p ∨ ¬s ∨ t ∨ (¬q ∧ r)
(¬p ∨ ¬s ∨ t ∨ ¬q) ∧ (¬p ∨ ¬s ∨ t ∨ r)
Conversion to NNF is a search problem, not a function problem.
11
Disjunctive Normal Form
Definition
A formula is in Disjunctive Normal Form (DNF) if it is a disjunction of
minterms (conjunctions of literals).
In other words, a DNF formula is a “sum of products” and looks like so:
(x11 ∧ x12 ∧ . . . ∧ x1n1 ) ∨ (x21 ∧ . . . ∧ x2n2 ) ∨ . . . ∨ (xm1 ∧ . . . ∧ xmnm )
where each xij is a literal.
W V
In short: i j xij .
If you think of the formula as a circuit DNF means that there are two layers:
an OR gate on top, AND gates below. Note that this only works if we assume
unbounded fan-in and disregard negation.
12
Conversion to DNF
13
Expression Trees
14
Theorem
Here is the corresponding operation in terms of the expression tree.
For every formula, there is an equivalent formula in DNF.
∧
Step 1: First bring the formula into NNF.
ϕ
Step 2: Then use the rewrite rules
ϕ ∧ (ψ1 ∨ ψ2 ) ⇒ (ϕ ∧ ψ1 ) ∨ (ϕ ∧ ψ2 )
∨
ψ1
(ψ1 ∨ ψ2 ) ∧ ϕ ⇒ (ψ1 ∧ ϕ) ∨ (ψ2 ∧ ϕ)
∨
∧
ϕ
ψ2
∧
ψ1
ϕ
ψ2
✷
Note that we have created a second copy of ϕ (though in an actual algorithm
we can avoid duplication by sharing subexpressions; nonetheless the ultimate
output will be large).
Exercise
Prove that these rules really produce a DNF. What is the complexity of this
algorithm?
Example
15
Complexity
16
Computationally, there is one crucial difference between conversion to NNF and
conversion to DNF:
First conversion to NNF.
¬(p ∨ (q ∧ ¬r) ∨ s ∨ ¬t
The size of the formula in NNF is linear in the size of the input.
¬p ∧ (¬q ∨ r) ∧ ¬s ∧ t
The size of the formula in DNF is not polynomially bounded by the size of
the input.
¬p ∧ ¬(q ∧ ¬r) ∧ ¬s ∧ t
Reorder, and then distribute ∧ over ∨.
Thus, even if we have a perfect linear time implementation of the rewrite
process, we still wind up with an exponential algorithm.
¬p ∧ ¬s ∧ t ∧ (¬q ∨ r)
(¬p ∧ ¬s ∧ t ∧ ¬q) ∨ (¬p ∧ ¬s ∧ t ∧ r)
Exercise
Construct an example where conversion to DNF causes exponential blow-up.
DNF and Truth Tables
17
One reason DNF is natural is that one can easily read off a canonical DNF for
a formula if we have a truth table for it.
For n variables, the first n columns determine 2n full minterms (containing
each variable either straight or negated).
10011
⇒
x1 x 2 x3 x4 x5
Select those rows where the formula is true, and collect all the corresponding
minterms into a big disjunction.
Done!
Note the resulting formula has O(2n ) conjunctions of n literals each.
Example
18
Unfortunately, this approach may not produce optimal results: for p ∨ q we get
p
0
0
1
1
q
0
1
0
1
(p ∨ q)
0
1
1
1
So brute force application of this method yields 3 full minterms:
(p ∧ ¬q) ∨ (¬p ∧ q) ∨ (p ∧ q)
Clearly, we need some simplification process. More about this later in the
discussion of resolution.
Remember?
19
Conjunctive Normal Form (CNF)
20
Definition
This is essentially the same method we used to get the expressions for sum and
carry in the 2-bit adder.
A formula is in Conjunctive Normal Form (CNF) if it is a conjunction of
maxterms (disjunctions of literals).
In a Boolean algebra, one talks about sums of products of literals instead of
DNF.
The maxterms are often referred to as clauses in this context. So, a formula in
CNF looks like
^_
xij .
Hence, any Boolean expression can be written in sum-of-products form.
i
j
Is there also a product-of-sums representation?
Theorem
Sure . . .
For every formula, there is an equivalent formula in CNF.
Unlike with ordinary arithmetic, in Boolean algebra there is complete symmetry
between meet and join.
Again start with NNF, but now use the rules
ϕ ∨ (ψ1 ∧ ψ2 ) ⇒ (ϕ ∨ ψ1 ) ∧ (ϕ ∨ ψ2 )
(ψ1 ∧ ψ2 ) ∨ ϕ ⇒ (ψ1 ∨ ϕ) ∧ (ψ2 ∨ ϕ)
Blow-Up
21
ϕ = (p10 ∧ p11 ) ∨ (p20 ∧ p21 ) ∨ . . . (pn0 ∧ pn1 )
For a propositional variable p we let qp = p and introduce a clause {p}.
Otherwise we introduce clauses as follows:
is in DNF, but conversion to CNF using our rewrite rule produces the
exponentially larger formula
^
_
22
No, but we have to be careful with the conversion process to control blow-up.
Instead of preserving the underlying set of propositional variables, we extend it
by a new variable qψ for each subformula ψ of φ.
The formula
ϕ≡
Tseitin’s Trick
q¬ψ : {qψ , q¬ψ } , {¬qψ , ¬q¬ψ }
pif (i)
qψ∨ϕ : {¬qψ , qψ∨ϕ } , {¬qϕ , qψ∨ϕ } , {¬qψ∨ϕ , qϕ , qψ }
f :[n]→2 i∈[n]
qψ∧ϕ : {qψ , ¬qψ∧ϕ } , {qϕ , ¬qψ∧ϕ } , {¬qψ , ¬qϕ , qψ∧ϕ }
Exercise
Show that there is no small CNF for ϕ: the 2n disjunctions of length n must all
appear.
The intended meaning of qψ is pinned down by these clauses, e.g.
qψ∨ϕ ≡ qψ ∨ qϕ
Are CNF-based (or DNF-based) algorithms then useless in practice?
Example
23
Preserving Satisfiability
24
Consider again the formula
Theorem
ϕ = (p10 ∧ p11 ) ∨ (p20 ∧ p21 ) ∨ . . . ∨ (pn0 ∧ pn1 )
Set Bk = (pk0 ∧ pk1 ) and Ak = Bk ∨ Bk+1 ∨ . . . ∨ Bn for k = 1, . . . , n . Thus,
ϕ = A1 and all the subformulae other than variables are of the form Ak or Bk .
The clauses in the Tseitin form of ϕ are as follows (we ignore the variables):
qAk :
qBk , ¬qBk ∧Ak−1 , qAk−1 , ¬qBk ∧Ak−1 , ¬qBk , ¬qAk−1 , qBk ∧Ak−1
qBk : {¬pk0 , qBk } , {¬pk1 , qBk } , {¬qBk , pk1 , pk0 }
Exercise
Make sure you understand in the example how any satisfying assignment to ϕ
extends to a satisfying assignment of the Tseitin CNF, and conversely.
The set C of clauses in Tseitin CNF is satisfiable if, and only if, φ is so
satisfiable. Moreover, C can be constructed in time linear in the size of φ.
Proof.
⇒ : Suppose that σ |= C.
An easy induction shows that for any subformula ψ we have [[ψ]]σ = [[qψ ]]σ .
Hence [[φ]]σ = [[qφ ]]σ = 1 since {qφ } is a clause in C.
⇐: Assume that σ |= φ.
Define a new valuation τ by τ (qψ ) = [[ψ]]σ for all subformulae ψ. It is easy to
check that τ |= C.
✷
Knights in Shiny Armor
25
Some Questions
26
Exercise
How hard is it to convert a formula to CNF?
Exercise
Exercise
Construct a formula Φn that is satisfiable if, and only if, the n × n chessboard
has the property that a knight can reach all squares by a sequence of
admissible moves.
Show how to convert directly between DNF and CNF.
What would your formula look like in CNF and DNF?
Show: In CNF, if a clause contains x and x, then we can remove the whole
clause and obtain an equivalent formula.
Exercise
Exercise
Construct a formula Φn that is satisfiable if, and only if, the n × n chessboard
admits a knight’s tour: a sequence of admissible moves that touches each
square exactly once.
Suppose a formula is in CNF.
How hard is it to check if the formula is a tautology?
Exercise
Exercise
Again, what would your formula look like in CNF and DNF?
Suppose a formula is in DNF.
How hard is it to check if the formula is a tautology?
Exercise
How about checking whether a formula in DNF (or CNF) is a contradiction?
Satisfiability Testing
2
28
Truth tables allow one to check any property (tautology, contradiction,
satisfiability). But: the table has exponential size and so is useless in practice
where one often deals with formulae with thousands of variables.
Boolean Decision Problems
Recall that Satisfiability testing is enough in the sense that
SAT Solvers
ϕ is a tautology iff ¬ϕ is not satisfiable.
Refutation and Resolution
Binary Decision Diagrams
ϕ is a contradiction iff ¬ϕ is a tautology iff ϕ is not satisfiable.
Again, these equivalences coexist uneasily with normal forms. For example, if ϕ
is in CNF then ¬ϕ can be easily converted into DNF, but CNF is far off.
So for algorithms that depend on a specific form of the input there may be a
problem if conversion is slow.
Normal Forms and Meaning
29
It should be noted that CNF and DNF are not particularly useful for a human
being when it comes to understanding the meaning of a formula (NNF is not
quite as bad). But that’s not their purpose: they provide a handle for
specialized algorithms to test validity and satisfiability. We’ll focus on the
latter.
First note that one can perform various cleanup operations without affecting
satisfiability in CNF.
We can delete any clause that contains a literal and its negation.
We can delete any clause that contains another clause (as a subset).
The last step is justified by the equivalence
ϕ ∧ (ϕ ∨ ψ) ≡ ϕ
Example: CNF Tautology Testing
Here is a very small example. We verify that Peirce’s Law
((A → B) → A) → A
is a tautology. Rewriting the implications we get
¬(¬(¬A ∨ B) ∨ A) ∨ A
which turns into
(¬A ∨ B ∨ A) ∧ (¬A ∨ A)
By the first simplification rule we are done.
30
SAT Algorithms
31
There is an old, but surprisingly powerful satisfiability testing algorithm due to
Davis and Putnam, originally published in 1960. Modern versions of the
algorithm (some of them commercial and proprietary) are still widely used
today.
The Davis/Putnam Paper
32
It is worth noting that the original paper goes by the title
A Computing Procedure for Quantification Theory
Thus, the real target is predicate logic (first order logic) rather than
propositional logic. They use a refutation method based on Herbrand universes.
The method produces a sequence of larger and larger propositional formulae
obtained from the negation of the given formula, that each must be tested for
satisfiability. If a non-satisfiable formula appears the algorithm terminates (in
which case the original formula is proven valid), otherwise it continues
indefinitely. Each round employs what is now the classical Davis/Putnam
method.
As the authors point out, their method yielded a result in a 30 minute
hand-computation where another algorithm running on an IBM 704 failed after
21 minutes. The variant presented below was first implemented by Davis,
Longman and Loveland in 1962 on an IBM 704.
The Main Idea
33
In this context, the disjunctions in CNF are often called clauses. Since the order
of terms in a clause does not matter, one usually writes them as sets of literals.
DPLL assumes that the input formula is in CNF and performs certain simple
cleanup operations – until they apply no longer.
So a whole formula in CNF might be written as
Then it bites the bullet: it picks a variable and explicitly tries to set it to “true”
and “false”, respectively.
{x, y, u} , {x, y, u} , {x, u}
Recurse.
A clause is a unit clause iff it contains just one literal.
The wary algorithm designer will immediately suspect exponential behavior, but
as it turns out in many practical cases the algorithm performs very well.
Unit clauses are easy to deal with:
The only way to satisfy a single literal x is by setting σ(x) = 1.
34
Suppose the formula ϕ is given in CNF. We are trying to solve the decision
problem Satisfiability.
The basic idea of the propositional part of the algorithm is beautifully simple:
Unit Clause Elimination (UCE)
Davis/Putnam Algorithm
Note that an empty clause corresponds to ⊥: there are no literals that one
could try to set to a truth value that would render the whole clause true.
35
Pure Literal Elimination (PLE)
A pure literal in a CNF formula is a literal that occurs only directly, but not
negated. So the formula may contain a variable x but not x or, conversely, only
x but not x.
Note that once we decide σ(x) = 1, we can perform
Unit Subsumption: delete all clauses containing x, and
Clearly, if the formula contains x but not x we can simply set σ(x) = 1 and
remove all the clauses containing the variable.
Unit Resolution: remove x from all remaining clauses.
Likewise, if the formula contains x but not x we can set σ(x) = 0 and remove
all clauses containing the negated variable.
This process is called unit clause elimination.
The crucial point is: a CNF formula ϕ containing unit clause {x} is satisfiable
iff there is an assignment σ setting x to true, and satisfying ϕ′ obtained from ϕ
by UCE.
This may sound utterly trivial, but note that in order to do PLE efficiently we
should probably keep a counter for the total number of occurrences of both x
and x for each variable.
36
More on PLE
37
PLE lemma
38
Here is a closer look at PLE. Let Φ be in CNF, x a variable. Define
Proposition
Φ+
x : the clauses of Φ that contain x positively,
−
∗
If Φ+
x or Φx is empty then Φ is equivalent to Φx .
Φ−
x : the clauses of Φ that contain x negatively, and
In other words, one can replace Φ by Φ∗x : Φ is satisfiable iff Φ∗x is satisfiable.
Φ∗x : the clauses of Φ that are free of x.
Since Φ∗x is smaller than Φ (unless x does not appear at all) this step simplifies
the problem of deciding satisfiability.
So we have the partition
−
∗
Φ = Φ+
x ∪ Φx ∪ Φx
Of course, we get stuck when all variables have positive and negative
occurrences.
This partition gives rise to a trie data structure.
The DPLL Algorithm
39
Example
Perform unit clause elimination until no unit clauses are left.
After three unit clause elimination steps (no pure literal elimination) and one
split on d we get the answer “satisfiable”:
Perform pure literal elimination, call the result ψ.
If an empty clause has appeared, return false.
1
If all clauses have been eliminated, return true.
2
Splitting: otherwise, cleverly pick one of the remaining literals, x.
Recursively test both
ψ, {x}
and
3
4
5
ψ, {x}
1
2
3
4
So this is dangerously close to brute-force search. The algorithm still succeeds
beautifully in the real world since it systematically exploits all possibilities to
prune irrelevant parts of the search tree.
5
41
Note that this algorithm implicitly also solves the search problem: we only need
to keep track of the assignments made to literals. In the example, the
corresponding assignment is
σ(b) = 0, σ(c) = σ(a) = σ(d) = 1
The choice for e does not matter.
Note that we also could have chosen σ(e) = 1 and ignored d.
Exercise
Implement a version of the algorithm that returns a satisfying truth assignment
if it exists.
How about all satisfying truth assignments?
{a,b,c} {a,!b} {a,!c} {c,b} {!a,d,e} {!b}
{a,c}
{a,!c} {c}
{!a,d,e}
{a}
{!a,d,e}
{d,e}
We could also have used pure literal elimination (on d):
for satisfiability.
Return true if at least one of the branches returns true, false otherwise.
Finding an Assignment
40
{a,b,c} {a,!b} {a,!c} {c,b} {!a,d,e} {!b}
{a,b,c} {a,!b} {a,!c} {c,b}
{!b}
{a,c}
{a,!c} {c}
{a}
-
Correctness
42
Claim
The Davis/Putnam algorithm is correct: it returns true if, and only if, the input
formula is satisfiable.
Proof.
Suppose ϕ is in CNF and has a unit clause {x}. Then ϕ is satisfiable iff there
is a satisfying truth assignment σ such that σ(x) = 1.
But then σ(C) = 1 for any clause containing x, so Unit Subsumption does not
affect satisfiability. Also, σ(C) = σ(C ′ ) for any clause containing x, where C ′
denotes the removal of literal x. Hence Unit Resolution does not affect
satisfiability either.
Suppose z is a pure literal. If σ satisfies ϕ then σ ′ also satisfies ϕ where
σ(u) =
σ(u)
1
if u = z,
otherwise.
Correctness, contd.
43
Let x be any literal in ϕ. Then by Shannon expansion
Davis/Putnam In Practice
44
Bad News: DPLL may take exponential time!
ϕ ≡ (x ∧ ϕ[1/x]) ∨ (¬x ∧ ϕ[0/x])
In practice, though, Davis/Putnam is usually quite fast.
It is not entirely understood why formulae that appear in real-world problems
tend to produce only polynomial running time when tackled by Davis/Putnam.
But splitting checks exactly the two formulae on the right for satisfiability;
hence ϕ is satisfiable if, and only if, at least one of the two branches returns
true.
Take the notion of “real world” here with a grain of salt. For example, in
algebra DPLL has been used to solve problems in the theory of so-called quasi
groups (cancellative groupoids). In a typical case there are n3 Boolean
variables and about n4 to n6 clauses; n might be 10 or 20.
Termination is obvious.
✷
Note that in Splitting there usually are many choices for x. This provides an
opportunity to use clever heuristics to speed things up. One plausible strategy
is to pick the most frequent literal. Why?
Example: Exactly One
The point is that instances seem to have to be maliciously constructed to make
DPLL perform poorly.
45
The Real World
46
Neither UCE nor PLE applies here, so the first step is a split.
{{!a,!b},{!a,!c},{!a,!d},{!a,!e},{!b,!c},{!b,!d},{!b,!e},{!c,!d},
{!c,!e},{!d,!e},{a,b,c,d,e}}
If you want to see some cutting edge problems that can be solved by SAT
algorithms (or can’t quite be solved at present) take a look at
{{!a},{!a,!b},{!a,!c},{!a,!d},{!a,!e},{!b,!c},{!b,!d},{!b,!e},
{!c,!d},{!c,!e},{!d,!e},{a,b,c,d,e}}
http://www.satcompetition.org
{{!b},{!b,!c},{!b,!d},{!b,!e},{!c,!d},{!c,!e},{!d,!e},{b,c,d,e}}
http://www.satlive.org
{{!c},{!c,!d},{!c,!e},{!d,!e},{c,d,e}}
{{d},{d,e},{!d,!e}}
Try to implement DPLL yourself, you will see that it’s brutally hard to get up
to the level of performance of the programs that win these competitions.
True
Of course, this formula is trivially satisfiable, but note how the algorithm
quickly homes in on one possible assignment.
Refutation
Boolean Decision Problems
SAT Solvers
3
Refutation and Resolution
Binary Decision Diagrams
48
In summary, DPLL is a practical and powerful method to tackle fairly large
instances of Satisfiability (many thousands of variables).
The main idea in DPLL is to organize the search for a satisfying
truth-assignment in a way that often circumvents the potentially exponential
blow-up.
Here is a crazy idea: How about the opposite approach?
How about systematically trying to show there cannot be satisfying
truth-assignment?
As with DPLL, the procedure should be usually fast, but on occasion may
blow-up exponentially.
Resolvents
49
Suppose x is a variable that appears in clause C and appears negated in clause
C′:
50
The CNF formula
ϕ = {{x, y, z} , {x, y} , {y, z} , {y}}
C ′ = {x, z1 , . . . , zl }
C = {x, y1 , . . . , yk }
Example
admits the following ways to compute resolvents:
Then we can introduce an new clause, a resolvent of C and C ′
Res({x, y, z} , {x, y}) = {y, z}
Res({y, z} , {y}) = {z}
D = {y1 , . . . , yk , z1 , . . . , zl }
Res({y, z} , {z}) = {y}
Res({y} , {y}) = ∅
Proposition
This iterative computation of resolvents is called resolution.
C ∧ C ′ is equivalent to C ∧ C ′ ∧ D.
The last resolvent corresponds to the empty clause, indicating that the original
formula is not satisfiable.
We write Res(C, C ′ ) = D, but note that there may be several resolvents.
(Bad) Notation
51
Resolution
52
More precisely, given a collection of clauses Φ, let Res(Φ) be the collection of
all resolvents of clauses in Φ plus Φ itself.
It is a sacred principle that in the context of resolution methods one writes the
empty clause thus:
Set
Res⋆ (Φ) =
✷
[
Resn (Φ)
n
Yup, that’s a little box, like the end-of-proof symbol or the necessity operator
in modal logic. What were they smoking.
so Res⋆ (Φ) is the least fixed point of the resolvent operator applied to Φ.
We will show that
As we will see shortly, ✷ is a resolvent of Φ if, and only if, the formula is a
contradiction.
Lemma
Φ is a contradiction if, and only if, ✷ ∈ Res⋆ (Φ).
DAG Perspective
One often speaks of a resolution proof for the un-satisfiability of Φ as a
directed, acyclic graph G whose nodes are clauses. The following degree
conditions hold:
The clauses of Φ have indegree 0.
Each other node has indegree 2 and corresponds to a resolvent of the two
predecessors.
There is one node with outdegree 0 corresponding to the empty clause.
The graph is in general not a tree, just a DAG, since nodes may have
outdegrees larger than 1 (a single clause can be used in together with several
others to produce resolvents).
Other than that, you can think of G as a tree with the clauses of Φ at the
leaves, and ✷ at the root.
53
Exercise
Just to familiarize yourself with resolutions, show the following.
Suppose we have a resolution proof for some contradiction Φ.
For any truth-assignment σ there is a uniquely determined path from a clause
of Φ to the root ✷ such that for any clause C along that path we have:
σ(C) = 0.
Proof?
Where to start?
54
More Resolution
55
Correctness
56
Lemma
There are two issues we have to address:
For any truth-assignment σ we have
σ(C) = σ(C ′ ) = 1
Correctness: any formula with resolvent ✷ is a contradiction.
implies
σ(Res(C, C ′ )) = 1
Completeness: any contradiction has ✷ as a resolvent.
Proof.
If σ(yi ) = 1 for some i we are done, so suppose σ(yi ) = 0 for all i.
Note that for a practical algorithm the last condition is actually a bit too weak:
there are many possible ways to construct a resolution proof, since we do not
know ahead of time which method will succeed we need some kind of
robustness: it should not matter too much which clauses we resolve first.
Since σ satisfies C we must have σ(x) = 1. But then σ(x) = 0 and thus
σ(zi ) = 1 for some i.
Hence σ satisfies Res(C, C ′ ).
On the upside, note that we do not necessarily have to compute all of Res⋆ (Φ):
if ✷ pops up we can immediately terminate.
✷
It follows by induction that if σ satisfies Φ it satisfies all resolvents of Φ.
Hence resolution is correct: only contradictions will produce ✷.
Completeness
57
Proof contd.
58
Assume n > 1 and let x be a variable.
Let Φ0 and Φ1 be obtained by performing unit clause elimination for {x} and
{x}.
Theorem
Resolution is complete.
Note that both Φ0 and Φ1 must be contradictions.
Hence by IH ✷ ∈ Res⋆ (Φi ).
Proof.
Now the crucial step: by repeating the “same” resolution proof with Φ rather
than Φi , i = 0, 1, we get ✷ ∈ Res⋆ (Φ) if this proof does not use any of the
mutilated clauses.
By induction on the number n of variables.
We have to show that if Φ is a contradiction then ✷ ∈ Res⋆ (Φ).
n = 1: Then Φ = {x} , {x}.
Otherwise, if mutilated clauses are used in both cases, we must have
In one resolution step we obtain ✷.
{x} ∈ Res⋆ (Φ) from Φ1 , and
Done.
{x} ∈ Res⋆ (Φ) from Φ0 .
Hence ✷ ∈ Res⋆ (Φ).
A Simple Algorithm
59
✷
Efficiency
60
It is clear that we would like to keep the number of resolvents introduced in the
resolution process small. Let’s say that clause ψ subsumes clause ϕ if ψ ⊆ ϕ:
ψ is at least as hard to satisfy as ϕ.
So how large is a resolution proof, even one that uses the subsumption
mechanism?
We keep a collection of “used” clauses U which is originally empty. The
algorithm ends when C is empty.
Can we find a particular problem that is particularly difficult for resolution?
Pick a clause ψ in C and move it to U .
Add all resolvents of ψ and U to C except that:
• Tautology elimination: delete all tautologies.
• Forward subsumption: delete all resolvents that are subsumed by a clause.
• Backward subsumption: delete all clauses that are subsumed by a resolvent.
Recall that there is a Boolean formula EOk (x1 , . . . , xk ) of size Θ(k2 ) such
that σ satisfies EOk (x1 , . . . , xk ) iff σ makes exactly one of the variables
x1 , . . . , xk true.
EOk (x1 , . . . , xk ) = (x1 ∨ x2 . . . ∨ xk ) ∧
Exercise
Show that this algorithm (for any choice of ψ in the first step) is also correct
and complete.
Note that formula is essentially in CNF.
^
1≤i<j≤k
¬(xi ∧ xj )
Das Dirichletsche Schubfachprinzip
61
Pigeonhole Principle
62
Lemma (Pigeonhole Principle)
We need a formula that expresses PHP in terms of these variables.
There is no injective function from [n + 1] to [n].
We have variables xij where 1 ≤ i ≤ m and 1 ≤ j ≤ n.
Φmn =
This sounds utterly trivial, but the Pigeonhole Principle is a standard
combinatorial principle that is used in countless places.
^
EOn (xi1 , xi2 , . . . , xin )
i≤m
The classical proof is by induction on n.
Then Φmn is satisfiable iff m ≤ n.
Alternatively, we could translate the PHP into a Boolean formula (for any
particular value of n, not in the general, parametrized version).
In particular we ought to be able to use resolution to show that Φn+1,n is a
contradiction.
Idea: Variable xij is true iff pigeon i sits in hole j (or, in less ornithological
language, f (i) = j).
Exponential Lower Bound
63
By completeness there must be a resolution proof showing that Φn+1,n is a
contradiction.
Easy Cases
64
One might wonder if there is perhaps a special class of formulae where a
resolution type approach is always fast.
But:
We can think of a clause
{x1 , x2 , . . . , xr , y1 , y2 , . . . , ys }
Theorem
as an implication:
Every resolution proof for the contradiction Φn+1,n has exponential length.
x1 ∧ x2 ∧ . . . ∧ xr → y1 ∨ y2 ∨ . . . ∨ ys
When s = 1 these implication are particularly simple.
Proof is quite hairy.
Horn Formulae
65
Definition
A formula is a Horn formula if it is in CNF and every clause contains at most
one un-negated variable.
Horn Clauses
66
In other words, a Horn formula has only Horn clauses, and a Horn clause is
essentially an implication of the form
C = x1 ∧ x2 ∧ . . . ∧ x n → y
Example:
where we allow y = ⊥.
ϕ = {x, y, z} , {y, z} , {x}
or equivalently
We also allow single un-negated variables (if you like: ⊤ → x).
Note that if we have unit clauses xi then a resolvent of these and C will be y.
ϕ = x ∧ y → z, y ∧ z → ⊥, x
This gives rise to the following algorithm.
Marking Algorithm
67
Truth Assignment
68
Testing Horn formulae for Satisfiability
We can read off a satisfying truth-assignment if the formula is satisfiable:
Mark all variables x in unit clauses {x}.
If there is a clause x1 ∧ x2 ∧ . . . ∧ xn → y such that all the xi are marked,
mark y. Repeat till a fixed point is reached.
σ(x) =
If ⊥ is ever marked, return No.
(
1
0
x is marked,
otherwise.
Otherwise, return Yes.
Then σ(Φ) = 1.
Moreover, τ (Φ) = 1 implies that
You can also think of this as a graph exploration algorithm: node y is marked
only if all predecessor nodes xi are already marked. (Careful though, y can be
the RHS of several clauses.)
∀ x (τ (x) ≤ σ(x))
so σ is the “smallest” satisfying truth-assignment.
Note that Marking Algorithm is linear in the size of Φ (in any reasonable
implementation).
FSMs and Boolean Functions
Boolean Decision Problems
SAT Solvers
70
Suppose we have some n-ary Boolean function f (x). We can represent f by
the collection of all the Boolean vectors a ∈ 2n such that f (a) = 1.
Here is a trick: think of this collection as a binary language, a subset of 2n .
4
Refutation and Resolution
This language is trivially finite, so there is a finite state machine that accepts
it. In fact, the partial minimal DFA is really just a DAG: all words in the
language correspond to a path from the initial state to the unique final state.
Binary Decision Diagrams
UnEqual
71
You have already seen an example: the UnEqual language
Lk = { uv ∈ 22k | u 6= v ∈ 2k }
It turns out that the state complexity of Lk is 3 · 2k − k + 2 = Θ(2k ).
This is uncomfortably large since, as a Boolean function, this language is quite
simple:
UE(u, v) =
This formula clearly has size Θ(k).
_
ui ⊕ vi
The Fix
72
The reason our DFA is large but the formula is small is that the machine has to
contend with the fact that ui is far away from vi (separated by k − 1 bits on
the input tape).
In the formula, there is no sense of distance.
We can address this problem by changing the language to
L′k = { x ∈ 22k | ∃ i (x2i 6= x2i+1 ) }
Here we assume 0-indexing. In other words, x is the shuffle of u and v,
corresponding to a Boolean function
UE′ (x) =
_
x2i ⊕ x2i+1
Much Better
73
Optimization
74
The state complexity of L′k is much smaller than for Lk : 5k.
As a DFA, the machines above are fine. But we are really interested in
representing Boolean functions and don’t necessarily need to read the whole
input: UE′ (0, 1, y) = 1 no matter what y is. So, the evaluation of the Boolean
function should stop right after the first two bits and return the output.
0
0
1
1
2
0
1
3
0
4
In the diagram, we could have a direct forward transition to the accept state.
1
Likewise, if some prefix of the arguments determines the value false
f (u, v) = 0 we should directly jump to a special “failure” state.
0, 1
So we wind up with a DAG: there are two special exit nodes corresponding to ff
and tt. Transitions with source at level i correspond to reading variable xi ,
where 0 ≤ i < n.
A basic component of the minimal DFA for L′k .
If-Then-Else
75
If-Then-Else Normal Form
76
Here is a slightly more algebraic way to get at these diagrams. Let
ite(x, y1 , y0 ) = (x ∧ y1 ) ∨ (¬x ∧ y0 )
It follows that we can define if-then-else normal form (INF): the only allowed
operations are if-then-else and constants.
Together with the Boolean constants, if-then-else provides yet another basis:
More precisely, we can construct INF by using Shannon expansion:
ϕ(x, y) = ite(x, ϕ(1, y), ϕ(0, y))
¬x = ite(x, 0, 1)
x ∧ y = ite(x, y, 0)
Note that in the resulting expression, tests are performed only on variables (not
compound expressions). We are only interested in INF with this additional
property.
x ∨ y = ite(x, 1, y)
x ⇒ y = ite(x, y, 1)
x ⊕ y = ite(x, ite(y, 0, 1), y)
Example
77
The INF of ϕ = (x1 ⇐⇒ y1 ) ∧ (x2 ⇐⇒ y2 ) is
Example
78
Much more productive is to share common subexpressions (such as t000 and
t110 ):
ϕ = ite(x1 , t1 , t0 )
t0 = ite(y1 , 0, t00 )
t1 = ite(y1 , t11 , 0)
t00 = ite(x2 , t001 , t000 )
t11 = ite(x2 , t111 , t110 )
t000 = ite(y2 , 0, 1)
t001 = ite(y2 , 1, 0)
t110 = ite(y2 , 0, 1)
ϕ = ite(x1 , t1 , t0 )
t0 = ite(y1 , 0, t00 )
t1 = ite(y1 , t00 , 0)
t00 = ite(x2 , t001 , t000 )
t000 = ite(y2 , 0, 1)
t001 = ite(y2 , 1, 0)
t111 = ite(y2 , 1, 0)
Strictly speaking, we should substitute all the expressions into the first line–a
very bad idea.
We can now interpret these expressions as nodes in a particular DAG.
Binary Decision Diagrams
79
Ordered BDDs
80
Fix an ordering x1 < x2 < . . . < xn on Var. For simplicity assume that
xi < 0, 1.
Fix a set Var = {x1 , x2 , . . . , xn } of n Boolean variables.
Definition
Definition
A binary decision diagram (BDD) (over Var) is a rooted, directed acyclic graph
with two terminal nodes (out-degree 0) and interior nodes of out-degree 2.
The interior nodes are labeled in Var.
A BDD is ordered (OBDD) if the label sequence along any path is ordered.
Thus
var(u) < var(lo(u)), var(hi(u))
We write var(u) for the labels.
The successors of an interior node are traditionally referred to as lo(u) and
hi(v).
In the correspond INF the variables are always ordered in the sense that
We can think of the terminal nodes as being labeled by constants 0 and 1,
indicating values false and true.
Reduced Ordered BDDs
ite(x, ite(y, t1 , t2 ), ite(z, t3 , t4 )) implies x < y, z
81
A Representation
82
By a straightforward induction we can associate any BDD with root u with a
Boolean function fu :
Definition
A OBDD is reduced (ROBDD) if it satisfies
Uniqueness: for all nodes u, v:
f0 = 0
f1 = 1
fu = ite(var(u), flo(u) , fhi(u) )
var(u) = var(v), lo(u) = lo(v), hi(u) = hi(v) implies u = v
Non-Redundancy: for all nodes u:
lo(u) 6= hi(u)
If the BDDs under consideration are also ordered and reduced we get a useful
representation.
The uniqueness condition corresponds to shared subexpressions: we could
merge u and v.
Theorem
Non-redundancy corresponds to taking shortcuts: we can skip ahead to the
next test.
For every Boolean function f : Bn → B there is exactly one ROBDD u such
that f = fu .
Reduction
83
Decision Problems and BDDs
Suppose we have constructed ROBDD for a Boolean function f .
Suppose we have a BDD for a function and would like to transform it into the
(unique) ROBDD.
Then it is trivial to check if f is a tautology: the DAG must be trivial.
We can use a bottom-up traversal of the DAG to merge or eliminate nodes that
violate Uniqueness or Non-Redundancy.
Likewise, it is trivial to check if f is satisfiable. In fact, it is straightforward to
count the number of satisfying truth assignments (all paths from the root to
terminal node 1).
This traversal requires essentially only local information and can be handled in
(expected) linear time using a hash table.
Incidentally, an interesting option is to make sure that all BDD that appear
during a computation are already reduced: one can try to fold the reduction
procedure into the other operations.
And if we have another function g and we want to test equivalence the test is
trivial: they have to have the same tree.
Of course, this is cheating a bit: we need to worry about the computational
effort required to construct the ROBDDs in the first place. But, once the DAG
is done, everything is easy.
84
Operations on BDDs
85
More Operations
86
Reduce Turn an OBDD into an ROBDD.
If we keep our BDDs reduced, satisfiability is easy to check: the ROBDD must
be different from 0.
Apply Given two ROBDDs u and v and a Boolean operation ⋄,
determine the ROBDD for fu ⋄ fv .
In fact, we can count satisfying truth assignments in O(|u|).
Restrict Given a ROBDD u and a variable x, determine the ROBDD for
fu [a/x].
Of course, there is no way to avoid exponential worst-case cost when building a
n
BDD representing some Boolean function from scratch: after all, there are 22
functions to be represented.
The apply operation can be handled by recursive, top-down algorithm since
ite(x, s, t) ⋄ ite(x, s′ , t′ ) = ite(x, s ⋄ s′ , t ⋄ t′ )
In particular, ROBDDs for multiplication can be shown to require exponential
size.
Running time is O(|u| |v|).
Restrict can be handled by making the necessary modifications, followed by a
reduction.
Quantifiers
87
In principle, we can even handle quantified Boolean formulae by expanding the
quantifiers:
In general, the size of a BDD depends drastically on the chosen ordering of
variables (see the UnEqual example above).
∃ x ϕ(x) ≡ ϕ[0/x] ∨ ϕ[1/x]
It would be most useful to be able to construct a variable ordering that works
well with a given function. In practice, variable orderings are computed by
heuristic algorithms and can sometimes be improved with local optimization
and even simulated annealing algorithms.
∀ x ϕ(x) ≡ ϕ[0/x] ∧ ϕ[1/x]
So this comes down to restriction, a (quadratic) apply operation, followed by
reduction.
Alas, it is NP-hard to determine whether there is an ordering that produces a
BDD of size at most some given bound.
Alas, since SAT is just a problem of validity of an existentially quantified
Boolean formula, this is not going to be fast in general.
Summary
Satisfiability of Boolean formulae is a very expressive problem: lots of
other combinatorial (decision) problems can be rephrased as a Satisfiability
problem.
No polynomial time algorithm is known to tackle Satisfiability in general.
There are good reasons to believe that no such algorithm exists.
The Davis/Putnam algorithm often handles Satisfiability in polynomial
time, on very large instances.
There are commercial versions of the algorithm using clever strategies and
data structures.
Resolution is a refutation based method for satisfiability testing.
Binary decision diagrams often make it possible to manipulate very
complex Boolean functions.
Variable Ordering
89
88