Problem Solving with Boolean Satisfiability

Home , Resolution (logic), Tautology (logic)

Problem Solving with Boolean SATisﬁability

J. Larrosa September 26, 2017

Abstract This notes complement the course slides. While class slides are more oriented to examples and motivation, here we give more formal deﬁnitions. They are working notes, not completely checked for errors and typos.

1 Overview and Motivation

Propositional Logic is an extremely simple, but surprisingly powerful language for modeling (and reasoning about) complex systems. The intuitive idea is that it can be used to model systems that can be expressed as propositions (i.e, statements that can only be either true or false). A propositional formula describes the possible states of some part of a world that is being modeled and it specifies how some of those states are unfeasible or unwanted in the system. The model might be of your house, your car, your body, your community, an ecosystem, a stock-market, etc. The language allows us to specify from all the possible worlds that could hypothetically exist (i.e, all the possible ways that the parts or states can be configured) those states that can really exist (i.e, the car engine cannot run with a dead battery, the car cannot be used with flat tires, your body in order to be healthy cannot have any disorder symptoms such as temperature, headache, caugh,...). The language also allows to proof (or disproof) properties of the system. Propositional Logic is a declarative representations. In this approach, we construct with the language a model of the system about which we would like to reason about. This model encodes our knowledge of how the system works in a computer readable form. The key property of a declarative representation is the separation of knowledge and reasoning. The representation has its own clear semantics, separated from the algorithms that one can apply to it. Thus, we can develop a general suite of algorithms that apply to any model within a broad class. The main advantage of using Propositional Logic is that it provides a compact representation of an exponentially large boolean function. Additionally, many algorithms have been design to work with this representation, bypassing the huge boolean function.

1 In this notes we first describe the basics of the propositional logic language and show how it can be used to model problems. We show how the boolean satisfiability query (SAT) is general enough as to include many other queries (e.g. entailment or equivalence). Then we introduce CNF, a subset of the language that is as expressive as propositional logic (i.e, every formula in propositional logic can be transformed into an equivalent one in CNF). The interest of CNF is that it facilitates the development of efficient algorithms. .... Finally, we present Max-SAT and #SAT, two popular extensions of SAT.

2 Basic Deﬁnitions

A boolean variable takes values from the boolean domain B = {0, 1}, which are usually referred to as false and true, respectively. In this notes we will make the usual convention of denoting boolean variables with lower case letters (possibly subscripted) such as p, q, x1, xi, .... We assume that the reader is fa- miliar with the usual boolean operators ∨ (logical or, also called disjunction), ∧ (logical and, also called conjunction), ¬ (not, also called negation), → (logical implication), ↔ (logical equivalence). A boolean formula F is a syntactically well constructed expression with boolean values, variables and operators. There is a precedence order for eval- uation purposes which is (¬, ∧, ∨, →, ↔) where priority goes from left to right. When needed, parenthesis can be used to overrule the default precedence rules. For example, if P = {p, q, r} a valid formula is F = p ∨ (¬q ∧ p ∨ r) ∧ 1 Note: Since F ↔ G is equivalent to (F → G) ∧ (G → F ), and F → G is equivalent to ¬F ∨ G, they are not really necessary. We can think of these two operators as syntactical sugar and, when needed, assume that formulas only contain disjunction, conjunction and negation An interpretation I of a set of variables X is a mapping from each variable to a boolean value (i.e, either 0 or 1). Note that the number of different interpretations is 2|X|. We say that an interpretation I satisfies a formula F (noted I |= F ) if replacing in F variables by their associated values evaluates to 1. For instance if I maps all the variables to 0, it does not satisfy formula p ∨ (¬q ∧ p ∨ r) ∧ 1 because 0 ∨ (¬0 ∧ 0 ∨ 0) ∧ 0 evaluates to 0. If interpretation I satisfies a formula F , we say that I is a model of F . A formula F is satisfiable if it has at least one model. It is a contradiction (or unsatisfiable) if it does not have any model. Finally, it is a tautology if every interpretation is a model. Formula F entails formula G (noted F |= G) if every model of F is also a model of G. Two formulas are equivalent (noted F ≡ G) if they entail each other. Sometimes it is useful to think of a boolean formula F as a binary tree where leaves are variables and internal nodes are operators (see Figure 3, left). The tree associated to a given formula is unique. Furthermore, two different formulas have different associated trees. The size of a formula F , noted |F |, is the size of its tree as the number of leaves and internal nodes (e.g. the formula in Figure

2 Figure 1: Some logical equivalences

3, left has size 12) It is often useful to think of a boolean formula F over X = {x1, x2, ··· , xn} as a boolean function F (X): Bn −→ B. The truth table of a formula F (X) (see Figure 2, bottom) is a table containing F (X) for each possible instantiation of X. Property. . • Every truth table over a set of variables X can be expressed as a propositional formula F (X) • Two diﬀerent formulas may have the same truth table.

2.1 A first modeling example Consider that we want to model the possible scenarios of a surveillance system consisting in r robots and p surveillance spots along t different time slots (note that here r, p, t are not boolean variables, but problem parameters). We want to consider how to schedule the robots (i.e, where to place each robot at each time slot) knowing that we never want two robots in the same spot. One possibility is to use variables xijk (with 1 ≤ i ≤ r, 1 ≤ j ≤ p, 1 ≤ k ≤ t) associated to the statement robot i is in spot j at time k. As you can see, we prefer to write a model in terms of the problem parameters r, p, t, rather than a particular model for some fixed parameters. This is good for modeling purposes, because shows the generality of the model and helps understand how the model would look

3 for diﬀerent scenarios. However, if we want to use this model in a particular setting, we will need to write the formula for the corresponding values. Let’s start deﬁning with some useful sub-formulas,

• On day k, robot i is at some spot, which can be written as,

Gik = xi1k ∨ xi2k ∨ · · · ∨ xipk

Note that the size of Gik is O(p). Now it is easy to deﬁne formula G =

= G11 ∧ G12 ∧ · · · ∧ G1p G21 ∧ G22 ∧ · · · ∧ G2p ··· Gr1 ∧ Gr2 ∧ · · · ∧ Grp

which speciﬁes that every day, every robot has to be at some spot (there is one model for each feasible assignment). The size of G is O(rtp). • On day k, spot j is occupied by at most one robot, which can be written as,

Hjk = ¬(x1jk ∧ x2jk) ∧ ¬(x1jk ∧ x3jk) ∧ · · · ∧ ¬(x1jk ∧ xrjk)

2 The size of Hjk is O(r ). Now, formula H =

= H11 ∧ H12 ∧ · · · ∧ H1t H21 ∧ H22 ∧ · · · ∧ H2t ··· Hp1 ∧ Hp2 ∧ · · · ∧ Hpt

denotes that every day, every spot holds at most one robot (there is one model for each feasible assignment). Its size is O(ptr2).

The complete formula is F = G ∧ H which contains one model for each possible scheduling of the robots according to the system requirements. The model can be used to identify different properties about the system. For instance, it is easy to see that in any instantiation of the formula with p < r (i.e, there are more robots than surveillance spots) the formula is unsatisfiable formula, meaning that it is not possible to place r robots in less than r places without overlapping. This example shows that propositional formulas can sometimes be pretty large, which may be a serious drawback. For instance, the size of the previous formula is O(ptr2), which may be a large number even for moderate values of p, t, r. Note that this is a very simple example. In a more realistic one, additional elements would be added to take into account additional conditions about robots, spots and time slots. For instance, if different robots have different capabilities and different spots have different priorities, we could augment the formula to

4 force the best robots to be placed in the most critical spots. One way to do that is to enrich the model associating to each spot and to each robot a priority and then add to the formula a third sub-formula encoding that: for every time slot k, for each pair of spots (j, j0) such that j has more priority than j0, and for each pair of robots (i, i0) such that i has more priority than i0, the more powerful robot cannot be place in the spot with less priority (that is, ¬(xij0k ∧ xi0jk)).

2.2 SAT solving A SAT solver is a generic algorithm that receives a formula F and returns true iff the formula is satisfiable. Interestingly, the potential use of a SAT solver goes beyond finding out whether a formula is satisfiable, since other queries can be rephrased in terms of SAT, as can be seen in the following cases, • F is a tautology iff SAT(¬F ) is false • F entails G iff SAT(F ∧ ¬G) is false

• F and G are equivalent iﬀ SAT((F ∧ ¬G) ∨ (G ∧ ¬F )) is false Therefore, having an eﬃcient SAT solver seems to be a very useful piece of software and this is going to be the topic of the rest of this document. For the moment we can think of a na¨ıve implementation of a SAT solver that performs a systematic generation of interpretations. The algorithm returns true and stops when one interpretation evaluates the formula to 1. If all possible interpretations are generated unsuccessfully, the algorithm returns false. Clearly, the worst-case time complexity of this algorithm is O(2n), where n is the number of variables in the formula.

2.3 example One of the most important applications of Propositional Logic is to represent digital circuits. Consider a hardware company where an electrical engineer designs a circuit (i.e, a formula) F to be used as a component of a printer. Suppose that F was designed aiming at clarity, so we are quite sure about its correctness. Some time later the engineer comes with an alternative more optimized circuit G. The engineer claims that both circuits are equivalent (F ≡ G). It makes sense at this point to verify the claim, which can be done with a SAT solver call SAT(F ∧ ¬G) ∨ (G ∧ ¬F ). Figure 2 shows a toy example where F = a ∧ b ∨ a ∧ c and G = a ∧ (b ∨ c).

3 Conjunctive Normal Form (CNF)

A literal is either a propositional variable or its negation (e.g. p or ¬p). A clause is a disjunction of literals (e.g. p∨¬q ∨r). Note that a clause is satisfied by an interpretation if the interpretation satisfies at least one of its literals. We say that a formula is in conjunctive normal form (CNF) iff it is a conjunction

5 Figure 2: Two equivalent circuits of clauses. Clearly, a CNF formula is satisfied by an interpretation I iff it satisfies all its clauses. We say that a literal is positive if it is a variable, and negative if it is a negated variable. The polarity of a literal is whether it is positive or negative. Sometimes we will write ¬l to indicate the negation of a literal, which means ¬x if l = x, or x if l = ¬x. Example: F = (p ∨ q) ∧ (¬q ∨ ¬r) is a CNF formula with two clauses. The second clause contains literal l = ¬q and the first clause contains its negation ¬l = q. The polarity of the two literals in the first clause is positive and the polarity of the two literals in the second clause is negative. In the definition of the CNF language it is customary to consider the empty clause (i.e, disjunction of zero literals), noted , which by definition is unsatisfiable. Similarly, the empty formula (i.e, conjunction of zero clauses) is by definition satisfiable. We will assume that CNF formulas are implicitly simplified as follows: • Tautological clauses (i.e, clauses containing one literal and its negation) are removed • Repeated literals inside a clause are removed

The following property shows that the CNF subset of the propositional logic language does not lose any expressiveness.

6 Property. Every formula in propositional logic can be transformed into an equivalent one in CNF.

Proof. Consider an arbitrary formula F over propositional variables X = {x1, ··· , xn}. Let I be the set of interpretations which are not models of F . We can construct a CNF formula G equivalent to F . It contains one clause C for each interpretation I ∈ I. C contains n literals, one for each variable. If I maps xi to false, the literal will be xi, else it will be ¬xi. Because the proof of the previous property is constructive, it gives a na¨ıve algorithm for converting formulas to CNF. However, it is far from being a practical one. We discuss next two alternative methods.

3.1 Transformation to CNF via distributibity This algorithm transforms a formula F into CNF in three steps:

1. Apply the following rules on F until quiescence: • ¬¬F ⇒ F • ¬(F ∧ G) → ¬F ∨ ¬G • ¬(F ∨ G) → ¬F ∧ ¬G Note: after this step, the formula is in so-called Negation Normal Form (NNF) 2. Apply the distributivity rule until quiescence • F ∨ (G ∧ H) → (F ∨ G) ∧ (F ∨ H) 3. Remove tautology clauses (clauses containing both a variable and its negation) and repeated literals

The main drawback of this algorithm is that the CNF resulting formula can be exponentially larger than the original formula. Example:

3.2 Transformation to CNF via Tseitin Tseitin is a popular method that avoids the exponential growth of CNF trans- formations. The key idea is to look into the tree representation of formulas and introduce an auxiliary variable for each internal node (ei variables in Figure 3, left). Then for each auxiliary variable, deﬁne a sub-formula indicating that the auxiliary variable is equivalent to the combination (according to the corresponding operator) of its children (Figure 3, right). The transformation of each sub-formula to CNF is direct. The conjunction of all the CNF sub-formulas is the resulting CNF formula

7 Figure 3: A tree representation of a Propositional formula

It is easy to see that CNF formula generated by this method cannot be much larger than the original formula. Improved version of Tseitin are the ones used in practice. Note that, because the new formula contains more variables than the original formula, it is not strictly true that both are equivalent. However, they satisfy that,

1. Every model of the CNF formula, projected to the original variables, is a model of the original formula 2. Every model of the original formula can be extended to the auxiliary variables producing a model for the CNF formula

which tell us that no model is lost nor added in the conversion.

4 Modeling 4.1 k-Coloring Given a graph G = (V,E) and a natural number k, the k-coloring problem consists of assigning to each vertex v ∈ V a number between 1 and k in such a way that adjacent vertices do not get the same number. We are going to model this problem as a formula F such that its models correspond to solutions to the problem. Let’s assume that vertices are indexed as V = {1, 2, ..., n}.

8 • Variables. We will use a variable xij (with 1 ≤ i ≤ n and 1 ≤ j ≤ k) to denote that vertex i is given value j. • Constraints. – Every vertex has at least one color. For each i = 1..n,

xi1 ∨ xi2 ∨ ... ∨ xik

– Every vertex has no more than one color. For each i = 1..n,

¬(xi1 ∧ xi2) ∧ ¬(xi1 ∧ xi3) ∧ ... ∧ ¬(xi1 ∧ xik)∧

∧¬(xi2 ∧ xi3) ∧ ¬(xi2 ∧ xi4) ∧ ... ∧ ¬(xi2 ∧ xik)∧ ...

∧¬(xi(k−1) ∧ xik) – Adjacent vertices are not colored. For each (i, i0) ∈ E,

¬(xi1 ∧ xi01) ∧ ¬(xi2 ∧ xi02) ∧ ¬(xik ∧ xi0k)

4.2 Cardinality Constraints

Consider a set of variables X = {x1, x2, ··· , xn}

• We are going to show how to write a formula AtMostk(X) that allow at most k variables taking value 1. Formally, we are going to model with Pn propositional logic i=1 xi ≤ k. We will use an auxiliary sub-formula NotAllOne(y1, y2, ..., yk) = ¬(y1 ∧ y2 ∧ · · · ∧ yk) that, given k variables, forbids all of them being simultaneously 1. Then, AtMostk(X) is simply the conjunction of NotAllOne(Y ) for all Y subset of X of size k + 1. For example,

– AtMost0(X) = ¬x1 ∧ ¬x2 ∧ · · · ∧ ¬xn,

– AtMost1(X) = ¬(x1 ∧ x2) ∧ ¬(x1 ∧ x3) ∧ · · · ∧ ¬(x1 ∧ xn)¬(x2 ∧ x3) ∧ · · · ¬(x2 ∧ xn) ∧ · · · ∧ ¬(xn−1 ∧ xn) – ...

– AtMostn−1(X) = ¬(x1 ∧ x2 ∧ · · · ∧ xn) n Formula AtMostk is made of k+1 occurrences of NotAllOne of size k n each, so its size is O(k k+1 ) • A formula that indicates that at least k variables must be 1, i.e, k ≤ Pn i=1 xi can be written using a similar procedure. We will be using sub- formula NotAllZero(y1, y2, ..., yk) = (y1 ∨ y2 ∨ · · · ∨ yk) that, given k variables, forbids all of them being simultaneously 0. Then, Atleastk(X) is simply the conjunction of NotAllZero(Y ) for all Y subset of X of size n − k + 1. For example,

9 – AtLeastn(X) = x1 ∧ x2 ∧ · · · ∧ xn,

– AtLeastn−1(X) = (x1 ∨ x2) ∧ (x1 ∨ x3) ∧ · · · ∧ (x1 ∨ xn) ∧ (x2 ∨ x3) ∧ ··· (x2 ∨ xn) ∧ · · · ∧ (xn−1 ∨ xn) – ...

– AtLeast2(X) = (x2 ∨ x3 ∨ x4 ∨ · · · ∨ xn) ∧ (x1 ∨ x3 ∨ x4 ∨ · · · ∨ xn) ∧ (x1 ∨ x2 ∨ x4 ∨ x5 ∨ · · · ∨ xn) ∧ ...(x1 ∨ x2 ∨ · · · ∨ xi−1 ∨ xi+1 ∨ · · · ∨ xn) ∧ ...(x1 ∨ x2 ∨ x3 ∨ · · · ∨ xn−1)∧

– AtLeast1(X) = x1 ∨ x2 ∨ · · · ∨ xn n Formula AtLeastk is made of n−k+1 occurrences of NotAllZero of size n n − k each, so its size is O((n − k) n−k+1 ) • Finally, a formula that speciﬁes that exactly k variables must be 1, i.e, Pn i=1 xi = k, can be deﬁned as,

Exactlyk(X) = AtMostk(X) ∧ AtLeastk(X)

4.3 Cardinality Constraints with Auxiliary Variables The previous method to encode cardinality constraints is clearly unfeasible for values of k which are neither very small nor very large. We show now how to overcome this problem introducing intermediate variables. We just do it for the exactly k case (AtMost and AtLeast are left as an exercise). The idea is to rephrase the problem as the problem of choosing k xi variables. We introduce new auxiliary variables yij (with 1 ≤ i ≤ n and 1 ≤ j ≤ k) denoting that xi is the j-th chosen variable. Exactlyk(X) can be deﬁned as the conjunction of three elements:

1. For each j one xi will be chosen, n X yij == 1 i=1 which we already saw before that can be written in CNF in quadratic space with respect to n

2. Each xi can be chosen at most once. So for each i,

k X yij ≤ 1 j=1 Which we saw how to written in CNF in quadratic space with respect to k 3. Finally, we need to link the auxiliary with the original variables. For each i, xi ↔ (yi1 ∨ yi2 ∨ · · · ∨ yik) which can be made CNF as,

10 • ¬xi ∨ yi1 ∨ yi2 ∨ · · · ∨ yik

• xi ∨ ¬yi1

• xi ∨ ¬yi2 • ...

• xi ∨ ¬yik

This new way to model Exactlyk(X) may be more complex, but it is more compact since the size of the resulting formula is O(kn2). Since k is bounded by n, we have O(n3)

4.4 Assignment Problems Consider a group of workers A = [1..n] and a group of tasks B = [1..m] that need to be done. There are more workers than tasks (i.e, n ≥ m), each worker must be assigned to exactly one task and every task must have at least one worker assigned. We can model this problem in propositional logic with variables xij (with 1 ≤ i ≤ n, 1 ≤ j ≤ m) meaning that worker i is assigned to task j. The corresponding formula is F is the conjunction of,

m X xij = 1 j=1 for all i = 1..n, and n X xij ≥ 1 i=1 for all j = 1..m. Which we showed how to encode before. In real applications there are many additional conditions that have to be added to the formula. For instance, it is usually the case that not all workers have the skills for doing all the tasks; or the number of workers assigned to each task should be proportional to its complexity to make them ﬁnish more or less simultaneously. There could also be conditions about compatibilities: some workers cannot work together, while other should work together. This type of problem is very common in practice (for instance think of jobs in a cluster of CPUs, or printing jobs in a pool of printers,...) and they are usually referred to as assigning problems.

4.5 N-queens The n-queens problem consist of placing n queens in a n×n chess board in such a way that no queen attacks each other.

4.5.1 Model 1

In our ﬁrst model for this problem, we deﬁne variables xij (with 1 ≤ i, j ≤ n) meaning that we place a queen in cell (i, j). We need to specify the following:

11 • for each pair of cells (i, j), (i0, j0) being in the same row, column or diagonal we have to indicate that ¬(xij ∧ xi0j0 ). The number of conﬂicting pairs of cells is n3, since there are roughly n cells in the same row, n in the same column and 2n cells in the diagonals of a certain cell. Therefore, the size of this part of the formula is O(n3) • Additionally, we have to say that there are exactly n of these variables taking value 1, n X xij = n i,j=1 We have already seen that we can encode this using auxiliary variables with a formula of size O(n6) (note that the number of variables in the summation is n2 and the encoding using auxiliary variables is cubic with respect to that number)

4.5.2 Model 2

In the second model we use the same set of variables xij but we encode things diﬀerent, • Each column has exactly one queen n X xij = 1 i=1

The size of this part of the formula, when converted into CNF is O(n3) • Each row has exactly one queen n X xij = 1 j=1

The size of this part of the formula, when converted into CNF is O(n3) • Each diagonal has at most one queen. For instance, for the two (down- wards and upwards diagonals) it is, n X xii = 1 i=1 and n X x(n−i+1)i = 1 i=1 We do not write the summation of the rest of diagonals since the expression is complex, while the idea is very clear. The size of this part of the formula, when converted into CNF is also O(n3) (there are 4n diagonals and each one has at most n cells)

12 Thus, the resulting formula has size O(n3) Note that with this model we do not need to specify that exactly n variables must take value 1, since this is implicit in the ﬁrst two items. Thus, we avoid the use of auxiliary variables and still get a compact representation.

5 SAT Solving

We have seen a few examples already of how interesting problems can be modeled with propositional logic in such a say that solutions to the problem correspond to formula models. Thus, it becomes obvious that designing a SAT solver (i.e, an algorithm that given a CNF formula ﬁnds one model or reports that there is none) is a very interesting piece of software. The rest of this Chapter is devoted to the basic ideas behind current SAT solvers. It is worth to mention at this point that SAT solving is a very hard problem. In particular SAT is an NP Complete problem, which means that all known algorithm may require CPU time that is exponential with respect to the formula size. The practical implication of this fact is that we can only be sure that our algorithms will terminate in a reasonable time when applied to small or medium size formulas. However, precisely because SAT is such an important problem many eﬀort has been put on designing good solvers and current state-of-the-art implemen- tations (e.g. MiniSAT, which comes in most Linux bundles) can often solve in reasonable time problems with thousands of variables. In the following we will see some of the ideas behind these SAT solvers.

5.1 Resolution 5.1.1 Inference Rules An inference rule tells how to obtain (or deduce) new knowledge out of a formula F . Typically, the new knowledge is added to the formula. The closure of formula F under an inference rule r, noted Closure(r, F ), is the application of the inference rule updating the formula until quiescence. Three important properties that may be asked to inference rules are: • Termination: There is no inﬁnite sequences of applying the inference rule. In other words Closure(r, F ) is ﬁnite. • Soundness: if G ∈ Closure(r, F ), then F |= G. The idea of a sound inference rule is that it only adds knowledge that is entailed by the formula. In other words, a sound inference rule only makes explicit knowledge that was truly implicit in the formula. • Completeness: if F |= G, then G will eventually be added to F by the inference rule (i.e, G ∈ Closure(r, F )). The idea of a complete inference rule deduces everything that is deducible.

13 Clearly, having a sound and complete inference rule that terminates is a desirable thing, since it essentially deﬁnes a reasoning algorithm that obtains all the true and only the true consequences of a formula.

5.1.2 Resolution Arguably, the most important inference rule in propositional logic is resolution. Let F be a CNF formula. The resolution rule says that if there are two clauses in F of the form x ∨ A and ¬x ∨ B (called the premises or clashing clauses), where A and B are arbitrary disjunctions of literals, we can infer a new clause A ∨ B (called the conclusion or resolvent). The rule can only be applied if for every variable y in A there is not a literal ¬y in B and vice-versa, because otherwise the resolvent would be a redundant tautological clause, meaning that it adds no new knowledge. Property. Resolution terminates or, equivalently, Closure(resolution, F ) is finite. More precisely, if n is the number of variables in F , the size of the closure is worst-case exponential with respect to n. Formally, |Closure(resolution, F )| = O(2n). Proof. Let n be the number of variables in F . Note that the number of possible clauses over those n variables is O(3n) (in any clause each variable may appear in positive or negative form, or may not appear, so there are three possibilities). Since resolution does not add new variables to the formula, the size of Closure(resolution, F ) is bounded by O(3n). Assymptotically, O(3n) = O(2n) since the two expressions are only a constant away. Property. Resolution is sound. Proof. Let F be a formula that contains two clashing clauses F = F 0 ∧ x ∨ C ∧ ¬x ∨ D. We need to prove that F |= F ∧ (C ∨ D). Let I be a model of F , which means that I satisfies all the clause in F . We need to prove that I also satisfies C ∨ D. There are two possibilities: I maps variable x to true, or I maps x to false. 1. if I maps variable x to true, it has to satisfy D since it is the only way to satisfy clause ¬x ∨ D, therefore it satisfies C ∨ D. 2. if I maps variable x to false, it has to satisfy C since it is the only way to satisfy clause x ∨ C, therefore it satisfies C ∨ D. Since entailment is clearly transitive (i.e, A |= B and B |= C implies that A |= C), any resolvent added during the computation of the closure is entailed by the original formula F . Property. Resolution is not complete. Proof. Consider formula F = x ∧ y. In this case Closure(resolution, F ) = F (resolution cannot be applied at all). Since x∧y |= x∨y and x∨y∈ / Closure(F ), it is clear that resolution is not complete

14 Resolution is not complete, but this is OK for the purpose of SAT solving because it satisfies a somehow related property. Resolution is refutationally complete which means that, when applied to an unsatisfiable formula, it eventually produces the empty clause. Property. Resolution is refutationally complete Proof. The previous properties provide a straightforward algorithm for SAT(F ) based on resolution (Algorithm 1). The idea of SATres(F ) is to compute Closure(resolution, F ) (the algorithm is finite because resolution terminates). If at some point, the rule produces the empty clause the algorithm returns false (we know that F is unsatisfiable because F |= and is unsatisfiable, hence F cannot have any model). If it finishes without having generated the empty clause, it returns true (we know that F is satisfiable because F 6|= , hence F must have at least one model)

Function SATres(F = {C1,C2, ··· ,Ce}) begin while ThereAreClashingClauses?(F ) do (xi ∨ A, ¬xi ∨ B) :=ChoseClashingClauses(F ); if A = and B = then return false; F := F ∪ {A ∨ B}; end return true end Function T hereAreClashingClauses?(F ) begin Return true if there are two clauses (xi ∨ A, ¬xi ∨ B) in F such that A ∨ B is not a tautology and is not in F ; end Algorithm 1: SAT with resolution. The input is a CNF formula F (given as a set o clauses). The output tells whether the formula is satisﬁable or not. When returning true, F has been augmented to its closure.

The algorithm is just a loop that iterates as long as there are clashing clauses in the formula. At each iteration two arbitrary clashing clauses are selected and its resolvent is added to the formula. If the resolvent is the empty clause, the algorithm returns false indicating that the original formula is unsatisﬁable. If the loop is abandoned it means that the closure of F has been computed without obtaining the empty clause. In that case the algorithm returns true indicating that the original formula is satisﬁable. Unfortunately, the algorithm requires time and space exponential with respect the size of the formula. In typical executions, computers run out of space before terminating because the formula grows beyond the available space. Be- cause of that, SATres is not a practical SAT solver.

15 Property. The time and space complexity of SATres(F ) is O(2n) where n is the number of variables in F .

5.2 Binary Resolution We have just seen that resolution gives a SAT algorithm, but the algorithm is not practical. Now we will see that the algorithm becomes practical (i.e, polynomial in time and space) if the formula happens to contain only binary clauses. We ﬁrst show that when resolution is applied to binary clauses (i.e, clauses with at most two literals) the resolvent is also a binary clause.

Property. Let x ∨ A and ¬x ∨ B be two binary clashing clauses (i.e, A and B have at most one literal). Then their resolvent is a binary clause. A direct implication of the previous property is that if a formula F only contains binary clauses, its closure also only contains binary clauses. Interest- ingly, the number of binary clauses that can be generated out of n variables is quadratic with respect to n, so computing the closure of F is at most time and space quadratic. Let’s formalize it, Property. Let F be a CNF formula over n variables such that all its clauses contain at most 2 literals, • The size of Closure(resolution, F ) is O(n2)

• SAT res(F ) runs in at most quadratic time Unfortunately not every formula in propositional logic can be translated into CNF with binary clauses. So the previous result essentially characterizes the tractability of some problems Example: Consider the Graph k-coloring problem. The model that we proposed in the previous chapter contained non-binary clauses (as a matter of fact, it contains clauses of size k) which means that solving it with SATres may take in general exponential time and space. However, if k = 2 (i.e, 2-coloring) the formula is binary, which means that the problem can be solved in polynomial time with SATres. The tractability of binary CNF formulas is important beyond those problems that can be modeled with binary clauses as 2-coloring. Consider a formula F with some binary clauses. We can apply binary resolution until quiescence (i.e, Closure(binResolution, F )). Such algorithm will be efficient and will add at most a quadratic number of new binary clauses. Since binary resolution is correct, all new clauses are entailed by the original formula. If at some point the empty clause is derived, we know that the original formula is unsatisfiable. Otherwise we do not know anything. It can be that the empty clause has not been derived because F is satisfiable or because non-binary resolution was needed in order to derive it. This discussion is formalized by the following properties,

16 Property. Let F be a CNF formula with n variables. Let Closure(binResolution, F ) denote the closure of F under the application of binary resolution, • The computation of Closure(binResolution, F ) is quadratic in n • The increment of size of Closure(binResolution, F ) with respect to F is quadratic in n

• Binary resolution is correct, which implies that if ∈ Closure(binResolution, F ) then F is unsatisﬁable

• Binary resolution is not refutationally correct, which implies that if ∈/ Closure(binResolution, F ) then we do not know anything about the sat- isﬁability of F

5.3 Search The alternative way to implement a SAT solver is using backtracking search. We ﬁrst introduce a simple algorithm and then the so-called DPLL algorithm which is backtracking enhanced with some limited resolution which is used during search to propagate the consequences of the decisions taken so far.

5.3.1 Backtracking

Function SATbt(F,I) begin if I satisfies F then return true; if I falsifies F then return false; l :=SelectLiteral (F ); return SATbt (F,I ∪ {l}) or SATbt (F,I ∪ {¬l}); end Algorithm 2: Recursive implementation of SAT with backtracking Search. The input is a CNF formula and a partial interpretation (given as a set of literals). The output tells whether the formula is satisfiable or not. Initially, I is empty

5.3.2 Unit Propagation We have just seen that simple backtracking may be ineﬃcient because it is unable to look ahead and anticipate that it has made a wrong decision even when it is obvious. One way to circumvent this limitation is to enhance search with a limited form of reasoning. Unit Resolution is resolution restricted to the case in which at least one of the two premises is a unit clause (only one literal). With the appropriate data structures, Unit Resolution can be implemented in linear time. As we will see next, unit resolution is a very powerful inference rule because sometimes it can prove unsatisﬁability but also because it can be used

17 Function UP(F = {C1,C2, ··· ,Ce}) begin while UnitResolutionIsPossible(F ) do (l, ¬l ∨ B) :=ChoseClashingClauses(F ); F := F ∪ {B}; F := RemoveSubsumed(F ); F := P ureLiteral(F ); end return F end Algorithm 3: Unit propagation. The algorithm executes unit resolution, subsumption and the pure literal rule until quiescence (no more applications can be done). The input is a CNF formula and the output is a simplification that preserves satisfiability. to simplify enormously CNF formulas. It works together with subsumption and the pure literal rule. Definition. We say that clause C subsumes clause B if every literal in C is also a literal of B For example, p ∨ ¬q subsumes p ∨ ¬q ∨ ¬r. Note that the empty clause subsumes any other clause. In the context of finding out the satisfiability of CNF formulas, subsumption is important because subsumed clauses can be eliminated since they do not have any effect in the formula as the following property shows, Property. Let C and B two clauses. If C subsumes B, then F ∧C ∧B ≡ F ∧B The pure literal rule says that if there is a variable in the formula that only appears in either positive or negative form, then the set of clauses that mention the variable are redundant in terms of satisfiability and can be eliminated. Formally, Property. Let F be a CNF formula whose clauses can be divided into two sets G and H such that for some variable x, G does not contain neither x nor ¬x and H only contains x in either positive or negative form. Then, • F is satisfiable if and only if G is satisfiable • From any model of G we can obtain a model of F extending it to variable x according to the polarity of x in H The combination of unit resolution with subsumption and the pure literal rule is very synergic because unit resolution produces subsumptions and the double polarity of variables in the formula. Unit propagation (UP, described in Algorithm 3) is the algorithm that applies iteratively these three rules. With the proper data structures UP can be implemented in linear time with respect to the size of the formula F .

18 5.3.3 DPLL

Function SATdpll(F,M) begin F :=UnitPropag (F ); if F = ∅ then return true; if F = then return false; l :=SelectLiteral (F ); return SATdpll (F ∪ {l}) ∨ SATdpll (F ∪ {¬l}); end Algorithm 4: DPLL. Implements SAT with Search. The input is a CNF formula (given as a set o clauses). The ouput tells whether the formula is satisﬁable or not.

5.3.4 Intuition of modern solvers Key idea: conflict analysis. Each time the search algorithm reaches a conflict, it performs some logic analysis on the reasons why such a conflict was achieved. The analysis produces a new clause called a lemma. This lemma is used in a number of ways: • Clause Learning

• Back-jumping • Restarts

5.4 Local Search

Function SATls(F ) begin I :=ArbitraryInterpretation; while I is not a model of F do I :=Modify (I); if Time Limit is reached then return false; end return true end Algorithm 5: Implements SAT with Local Search. The input is a CNF formula (given as a set o clauses). It is an incomplete algorithm that returns true if it ﬁnds a model for F and returns false if no model is found within the time limit.

19 6 Extensions 6.1 MaxSAT 6.2 #SAT