A Proof-Producing CSP Solver1 - Technionie.technion.ac.il/~ofers/presentations/cspsat.pdf ·...

A Proof-Producing CSP Solver1

Michael VekslerOfer Strichman

Technion - Israel Institute of Technology

CSP − SAT

June 18, 2011

1Originally presented at AAAI’10

IntroductionCSP proofs

It is easy to validate a solution,

... but difficult to validate UNSAT.

Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 2 / 36




We introduce a CSP solver which produces a machine-checkabledeductive proof.






This also gives us a better unsatisfiable core,






This also gives us a better unsatisfiable core,

... and facilitates developments as in the SAT world.


CSP proofsWhy bother?

SAT solvers produce such proofs.

Several killer-applications:

(cont’d...)





Validate UNSAT results.

(cont’d...)





Validate UNSAT results.

Uses of the proof itself:

Interpolation-based model checking [M03].

(cont’d...)



... Several killer-applications (... cont’d):




Selective uses of the UNSAT core:





Abstraction-refinement in model-checking [AM03],






Identify environment assumptions that are used in the proof [KKB09],







Faster solving of bitvector formulas [BKOSSB07].







Faster solving of bitvector formulas [BKOSSB07].

Can we foresee usage for proofs in CSP ?


Introduction to proofs

A deductive proof DAG c1 c2 c3

i1 i2

⊥



A deductive proof DAG

The roots: c ∈ CSP.

c1 c2 c3

i1 i2

⊥





The sink represents ⊥.

c1 c2 c3

i1 i2

⊥






The nodes in between are derived.

c1 c2 c3

i1 i2

⊥






The nodes in between are derived.

c1 c2 c3

i1 i2

⊥

〈parent 1〉 · · · 〈parent n〉

〈consequent 〉[〈rule name〉]


Resolution based proofs

SAT solvers generate proofs:

From initial clauses to ( ).Inference is via the binary-resolution rule.





Unlike SAT solvers, CSPs:

have non-Boolean domains, andnon-clausal constraints.





Unlike SAT solvers, CSPs:

have non-Boolean domains, andnon-clausal constraints.

Can this gap be bridged?


Resolution based proofsSigned CNF [BHM00] - definition

Let s be a set of values.

A positive signed literal: a ∈ s, e.g., a ∈ {1, 2, 3}.

Alternative notations: a ∈ [1..3], a = 4.






A negative signed literal: a ∈ s, e.g., a ∈ {4}.

Alternative notations: a 6∈ {4}, a 6= 4.






A negative signed literal: a ∈ s, e.g., a ∈ {4}.

Alternative notations: a 6∈ {4}, a 6= 4.

A signed clause is a disjunction of signed literals. e.g.,(a ∈ [1..3] ∨ b ∈ {4})


Resolution based proofsSigned CNF - resolution

A binary-resolution rule for signed-CNF:

(Literals1 ∨ x ∈ A) (x ∈ B ∨ Literals2)

(Literals1 ∨ x ∈ A ∩ B ∨ Literals2)(sRes(x))






This can be used with constraints given as signed-clauses.






This can be used with constraints given as signed-clauses.

But what about other constraints?e.g. 6=,≤, allDifferent(v1, . . . , vk)


CSP unsatisfiability proofsThe challenge

Q: Why not convert constraints to signed clauses?


CSP unsatisfiability proofsThe challenge

Q: Why not convert constraints to signed clauses?

A: A clause representation is inefficient.

e.g., x 6= y requires:(x 6=1 ∨ y 6=1) ∧ (x 6=2 ∨ y 6=2) ∧ · · ·


CSP unsatisfiability proofsThe solution

Solution: introduce clauses lazily.


CSP unsatisfiability proofsThe solution

Solution: introduce clauses lazily.

Consider a general constraint c , such that:

In the context of l1 ∧ l2 ∧ · · · ∧ ln,

propagation of c implies l :

(l1 ∧ · · · ∧ ln ∧ c)→ l


Explanation clausesThe requirements

(l1 ∧ · · · ∧ ln ∧ c)→ l

Find an explanation clause e such that:

e is not too strong: c → e

e is strong enough: (l1 ∧ · · · ∧ ln ∧ e)→ l


The structure of a PCS proof

sRessRes

sRes

sRes

sRes

sRes

6= ≤ =

()

e1 e2 e3

x y

e1, e2, e3 – explanation clauses.


Explanation rules

For every constraint there is an explanation clause:

〈constraint〉

〈explanation clause〉(〈rule name〉)


Explanation rule – example 1

Constraint: x 6= y

x 6= y

(x 6=m ∨ y 6=m)(Ne(m))



Propagation:

context: l1 : (x = 1), l2 : (y ∈ [1..100]).

constraint: c : x 6= y .

implies: l : (y ∈ [2..100]).



Propagation:

context: l1 : (x = 1), l2 : (y ∈ [1..100]).


implies: l : (y ∈ [2..100]).

Explanation:

e : (x 6=1 ∨ y 6=1) // = Ne(1)



Propagation:

context: l1 : (x = 1), l2 : (y ∈ [1..100]).


implies: l : (y ∈ [2..100]).

Explanation:

e : (x 6=1 ∨ y 6=1) // = Ne(1)

... indeed:

cNe(1)−→ e

(l1 ∧ l2 ∧ e) −→ l



Constraint: x ≤ y

x ≤ y

(x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))(LE (m))



Propagation:

context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])

constraint: c : x ≤ y .

implies: l : x ∈ [1..2]



Propagation:

context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])


implies: l : x ∈ [1..2]

Explanation:

e : (x ∈ (−∞, 2] ∨ y ∈ [3,∞)). // = LE (2)



Propagation:

context: l1 : (x ∈ [1..3]), l2 : (y ∈ [0..2])


implies: l : x ∈ [1..2]

Explanation:

e : (x ∈ (−∞, 2] ∨ y ∈ [3,∞)). // = LE (2)

...indeed:

cLE(2)−→ e

(l1 ∧ l2 ∧ e) −→ l


Rule instantiation

Q: How does PCS instantiate the rules?

Consider the last example (LE (m)). We took m = max(Domain(y)).

Should we consider other values?


Rule instantiation

Q: How does PCS instantiate the rules?

Consider the last example (LE (m)). We took m = max(Domain(y)).

Should we consider other values?

Yes! (to be shown later)


Each constraint has its rule

Constraint Name Inference rule

a 6= b Ne(m)a 6= b

(a 6= m ∨ b 6= m)

x ≤ y LE(m)x ≤ y

(x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))

a = b Eq(D)a = b

(a 6∈ D ∨ b ∈ D)

a ≤ b + c LE+(m, n)a ≤ b + c

(a ∈ (−∞,m + n] ∨ b ∈ [m + 1,∞) ∨ c ∈ [n + 1,∞))

a = b + c EQa+

(lb , ub, lc , uc )

a = b + c

(a ∈ [lb + lc , ub + uc ] ∨ b 6∈ [lb, ub] ∨ c 6∈ [lc , uc ])

AllDiff(v1, . . . , vk) AD(D,V )|D|+1 = |V |

AllDiff(v1, . . . , vk)

(∨

v∈Vv 6∈ D)

......

...


The structure of a PCS proof

sRessRes

sRes

sRes

sRes

sRes

6=

Ne(1

)

LE

(3)

≤ =

Eq(4

)

()

e1 e2 e3

x y

e1, e2, e3 – explanation clauses.


But constraints are not axioms...

So far we assumed that the constraints are axioms (unconditioned).

Constraints can be conditioned, e.g., (b ∨ x ≤ y).


But constraints are not axioms...

So far we assumed that the constraints are axioms (unconditioned).

Constraints can be conditioned, e.g., (b ∨ x ≤ y).

Each of the above rules can be extended trivially to handle disjunction,e.g.,

b ∨ x ≤ y

b ∨ (x ∈ (−∞,m] ∨ y ∈ [m + 1,∞))


PCS: architecture

Decide

assignmentfull

conflict

SAT

UNSAT

bl ≥ 0

BackTrack

Analyze-Conflict

CPconflictno

partialassignment

bl < 0


From search to proof

PCS is inspired by modern CDCL2 SAT solvers.

The learning mechanism is used for constructing a resolution proof.

2Conflict-driven Clause-LearningMichael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 23 / 36




⇒ Constraints propagation can be depicted in an implication graph.

.. which is called a conflict graph in case of a conflict.







⇐ Analyze-Conflict learns a new clause from the conflict graph.







⇐ Analyze-Conflict learns a new clause from the conflict graph.

If unsat:

⇐ Starting from the empty clause, find the proof ‘cone’.⇐ Reconstruct a full proof.


Implication graph (=>)

Shows the context of implications.

Example

a

b c

D(a) = {1, 2}

D(b) = {1, 2} D(c) = {1, 2}

6=

6=

6=Michael Veksler Ofer Strichman (Technion - Israel Institute of Technology[3 pt] CSP − SAT )A Proof-Producing CSP Solver June 18, 2011 24 / 36



Example

a

b c

a = 1@1

D(b) = {1, 2} D(c) = {1, 2}

6=

6=

6=

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0




Example

a

b c

a = 1@1

D(b) = {�1, 2} D(c) = {1, 2}

6=

6=

6=

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

a 6=b

a 6=b




Example

a

b c

a = 1@1

D(b) = { , 2} D(c) = {�1, 2}

6=

6=

6=

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

a 6=b

a 6=b

a 6=c

a 6=c




Example

a

b c

a = 1@1

D(b) = { ,�2} D(c) = { ,�2}

6=

6=

6=

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c




Example

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

contextimplied

constraint


ANALYZE-CONFLICT (<=)

a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

e = (b 6= 2 ∨ c 6= 2)

cl =

‌Invariant: cl contradicts the literals of front.



a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

front

cl = (b 6= 2 ∨ c 6= 2)




a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

front

e = (a 6= 1 ∨ c 6= 1)

cl = (b 6= 2 ∨ c 6= 2)

cl ← Resolve(cl , e, c)




a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

front

cl = (a 6= 1 ∨ b 6= 2 ∨ c 6∈ {1, 2})




a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

front

e = (a 6= 1 ∨ b 6= 1)

cl = (a 6= 1 ∨ b 6= 2 ∨ c 6∈ {1, 2})

cl ← Resolve(cl , e, b)




a=1@1

b∈{1, 2}@0

c∈{1, 2}@0

b=2@1

c =2@1

conflict

a 6=b

a 6=b

a 6=c

a 6=c

b 6=c

b 6=c

front

cl = (a 6= 1 ∨ b 6∈ {1, 2} ∨ c 6∈ {1, 2})



ANALYZE-CONFLICT (<=)The resulting proof

b 6= c

a 6= c

a 6= b

(b 6=2 ∨ c 6=2)

NE(2)

(a 6=1 ∨ c 6=1)NE(1)

(a 6=1 ∨ b 6=2 ∨ c 6∈{1, 2})

R(c)R(c)

(a 6=1 ∨ b 6=1)

NE(1)

(a 6=1 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})

R(b)

R(b)


ANALYZE-CONFLICT (<=)The resulting proof

b 6= c

a 6= c

a 6= b

(b 6=2 ∨ c 6=2)

NE(2)

(a 6=1 ∨ c 6=1)NE(1)

(a 6=1 ∨ b 6=2 ∨ c 6∈{1, 2})

R(c)R(c)

(a 6=1 ∨ b 6=1)

NE(1)

(a 6=1 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})

R(b)

R(b)

(b 6=1 ∨ c 6=1)

NE(1)

(a 6=2 ∨ c 6=2)NE(2)

(a 6=2 ∨ b 6=1 ∨ c 6∈{1, 2})

R(c)R(c)

(a 6=2 ∨ b 6=2)

NE(2)

(a 6=2 ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})

R(b)

R(b)

(a 6∈{1, 2} ∨ b 6∈{1, 2} ∨ c 6∈{1, 2})R(a) R(a)


ANALYZE-CONFLICT (<=The resulting proof (2)

(a 6∈{1, 2} ∨ b 6∈{1, 2} ∨ c 6∈{1, 2}) (a∈{1, 2})

(b∈{1, 2})

(c∈{1, 2})

(b 6∈{1, 2} ∨ c 6∈{1, 2})

R(a)R(a)

(c 6∈{1, 2})

R(b)

R(b)

()

R(c)

R(c)


Optimization 1: augmented explanation

Propagation:

context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])


implies: l : x ∈ [1..3]



Propagation:

context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])


implies: l : x ∈ [1..3]

Explanation:

e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)



Propagation:

context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])


implies: l : x ∈ [1..3]

Explanation:

e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)

But we now continue to resolve e with cl .



Propagation:

context: l1 : (x ∈ [1..5]), l2 : (y ∈ [2..3])


implies: l : x ∈ [1..3]

Explanation:

e : (x ∈ (−∞, 3] ∨ y ∈ [4,∞)). // = LE (3)

But we now continue to resolve e with cl .

Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).

Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .



Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).

Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .



Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).

Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .

Now consider LE (5):

e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)



Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).

Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .


e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)

Resolve with cl :

Resolve(e ′, cl , x) = (y ∈ [6,∞] ∨ z ∈ [1, 2])



Let cl = (x ∈ [6..8] ∨ z ∈ [1..2]).

Resolve(e, cl , x) = (y ∈ [4,∞) ∨ z ∈ [1..2]) .


e ′ : (x ∈ (−∞, 5] ∨ y ∈ [6,∞)). // = LE (5)

Resolve with cl :

Resolve(e ′, cl , x) = (y ∈ [6,∞] ∨ z ∈ [1, 2])

e ′ is not an explanation, but it is good enough.

We call it an augmented explanation.


Optimization 1: formalization

Assume that l1 ∧ · · · ∧ ln ∧ c → l .




Let l ′ ∈ cl be a literal such that var(l ′) = var(l).





e ′ is an augmented explanation if

c → e ′

(l1 ∧ · · · ∧ ln ∧ e ′)→ ¬l ′





e ′ is an augmented explanation if

c → e ′

(l1 ∧ · · · ∧ ln ∧ e ′)→ ¬l ′

We choose e ′ that results in the strongest resolvent.

In particular:

Resolve(e ′, cl , var(l)) → Resolve(e, cl , var(l)) .


Optimization 2: Only consider relevant nodes

Observation: vars(explanation) ⊆ vars(predecessors).




Example: AllDiff (x , y , z).

y ∈ [1, 3]

z ∈ [1, 2]

x = 1

z = 2

y ∈ [2, 3] ...




Example: AllDiff (x , y , z).

y ∈ [1, 3]

z ∈ [1, 2]

x = 1

z = 2

y ∈ [2, 3] ...

z becomes irrelevant.


Optimization 3: Only consider distinct nodes

Consider a conflict graph that includes a chain:

x ∈ [1..3]@3 x ∈ [1..2]@4x ∈ [1..4]@2 . . .


Optimization 3: Only consider distinct nodes

Consider a conflict graph that includes a chain:

x ∈ [1..3]@3 x ∈ [1..2]@4x ∈ [1..4]@2 . . .

Only right-most node matters.Others will not change the resolvent.


Performance

PCS participated in CSC’09

For n-ary constraints, out of 14:

category rank rank rank

SAT UNSAT total

extension 9/14 6/14 9/14

intention 4/14 1/14 4/14

2-ary constraints PCS got poor results.


New results (2011)

PCS is now ≈on-par with Mistral.

Out of 2847 supported CSC’09 test cases (t/o is 200 secs)

Mistral PCS

shared shared shared

case time * success time success success

all 4.62 2187 9.23 (x2.0) 2104 (-83) 1963

with tables 4.38 1216 12.7 (x2.9) 1112 (-104) 1069

w/o tables 4.91 971 3.88 (x0.79) 992 (+21) 894

with ≤ 6.44 576 3.69 (x0.57) 628 (+52) 547

∗Shared time - average time on cases solved by both.


Future work

Non-clausal conflict analysis,

Interpolation algorithms (X),

Word-level model checking?

Performance, performance, performance.


Summary

PCS is a COOL CSP solver, which


Summary


... performs similar to Mistral, but


Summary


... performs similar to Mistral, but

... produces machine-checkable proofs.

PCS: http://tx.technion.ac.il/∼mveksler/PCS/index.html


A Proof-Producing CSP Solver1 - Technionie.technion.ac.il/~ofers/presentations/cspsat.pdf ·...

Documents

Transcript of A Proof-Producing CSP Solver1 - Technionie.technion.ac.il/~ofers/presentations/cspsat.pdf ·...