Handout 3 V. Resolution

06-26264 Reasoning The University of Birmingham Spring Semester 2019 School of Computer Science Volker Sorge 29 January, 2019 Handout 3 Summary of this handout: Soundness — Completeness — Resolution — Satisfiability Checking We finish the previous section by introducing two important theoretical notions: soundness and com- pleteness of a calculus.

IV.6 Soundness We first contrast the semantic notion of a tautology, i.e., a semantic consequence that is always valid, against the syntactic notion of a theorem. 19. Theorem in a logical calculus is a formula or sentence, that has a proof in that calculus, or in other words, its validity can be derived using the rules of inference of that formal system. Soundness and completeness now establish a relation between the semantic and the syntactic notion. Informally soundess is the property of a calculus to not enable fallacious derivations. More formally we define it as:

Definition 15 (Soundness). Let S be an inference system. We say that S is sound if every sentence that is provable in S is also a valid tautology.

`S ϕ implies that |= ϕ

This effectively means that if a formula has a proof in S it is also valid under all possible interpretations.

IV.7 Completeness Completeness is in many ways the dual to soundness.

Definition 16 (Completeness). Let S be an inference system. We say S is complete if every tautology of S is also a theorem of S. That is,

|= ϕ implies that `S ϕ

Naturally, when building a logical calculus one wants it to be sound and complete, at least from a theo- retical point of view. In practice, completeness is not always achievable or even deliberately ignored in order to allow for proof strategies that are effective. However, one definitely never wants to relax on the soundness condition! We will see in the following section how these ideas are used in practice.

V. Resolution

Resolution is an efficient logic calculus that makes use of the Clause Normal Form. It is based on the principle of modus ponens. Let’s first recall the corresponding rule from the ND calculus: PP → Q →E Q If we rewrite the implication we get the following form of the rule: P ¬P ∨ Q Q

17 20. The Resolution Rule effectively expresses the fact that for any interpretation I to satisfy both P and ¬P ∨ Q we have to have I(P ) = T. Hence the satisfiability of the second formula only depends on whether I |= Q. We now generalise this to the full resolution principle, which is of the form

P ∨ Q1 ∨ ... ∨ Qn ¬P ∨ R1 ∨ ... ∨ Rm Res Q1 ∨ ... ∨ Qn ∨ R1 ∨ ... ∨ Rm

We can also write the rule more conventiently in set notation. Let C1,C2 be clauses, let l be a literal and its negation ¬l, then we can express the resolution rule as

{l} ∪ C1 {¬l} ∪ C2 Res C1 ∪ C2 While the correctness of the simple rule follows directly from the correctness of modus ponens, the correctness of the extended rule Res is not necessarily obvious. Hence, we have to show it explicility.

Theorem 17 (Resolution Rule). The conclusion of Res is satisfiable if and only if the premises of Res are satisfiable.

Proof. First, show that if I is a model for the premises, then it is also a model for C1 ∪ C2. We have 0 0 either I(l) = T or I(¬l) = T. If I(l) = T, then there must exist a l ∈ C2, such that I(l ) = T. After 0 applying Res l ∈ C1 ∪ C2, ensuring that it is satisfiable under I. We can give a symmetric argument for I(¬l) = T. 0 Conversely, let’s assume C1 ∪ C2 is satisfiable with interpretation I. Then there exists an l ∈ C1 ∪ C2, 0 such that I(l ) = T. Since neither l, ¬l are in C1 ∪ C2, they do not yet have a truth value assigned by the 0 model. Hence, we can extend I in the following way: If l ∈ C1, then the first premise is satisfied and 0 we choose I(l) = F to ensure that the second premise is satisfied. Likewise, if l ∈ C2 then we choose I(l) = T.  The conclusion of the resolution rule is generally called the resolvent. Observe that this resolvent can be empty. If n = m = 0 then the application of Res leads to an empty set of literals, or the empty clause, thereby establishing that the original set of premises was unsatisfiable. We will denote the empty clause using a box symbol . 21. The Resolution Procedure can be defined as exhaustive application of the resolution rule until either we have derived  or no new clauses can be derived, thus establishing the last resolvent as a new fact. More formally we define the procedure as:

1. Let Φ0 be the initial set of clauses.

2. For Φi, i ≥ 0 choose two clauses C1,C2 ∈ Φi that have not yet been resolved and that contain one complementary literal. Let C be the resolvent clause.

3. Set Φi+1 = Φi ∪ {C}.

4. If C =  then terminate with Φ unsatisfiable.

5. If Φi+1 = Φi then terminate with Φ satisfiable. 6. Else continue at step 2.

One point we have not yet made fully explicit is how to obtain our initial clause set for a proposition that is given in the form of {ϕ1, . . . , ϕn} ` ψ Effectively we can consider the set of premises (or axioms) as a conjunction and use each as an initial set. Later we will also see that the whole proposition can effectively be treated like an implication, i.e.,

18 ϕ1 ∧...∧ϕn → ψ , although there is a clear semantic difference, with regards to the meaning of premises and hypotheses. However, we are interested in building purely syntactic procedures we will not worry about that. Example: Let’s show {P,P → Q, Q → R} `Res R. We build our initial set of clauses from {P,P → Q, Q → R}. Effectively, we can view this as a conjunction Once in clause normal form we get {{P }, {¬P,Q}, {¬Q, R}}. We can then perform the following derivation: P ¬P,Q Res Q ¬Q, R Res R Soundness of the procedure can be shown quite easily for the resolution procedure, by demonstrating inductively with Theorem 17 that the leaves of the resolution tree are satisfiable if and only if the root is. Unfortunately the resolution procedure is not complete, in that we can not show every semantic conse- quence. For example, we can not show {P ∧ Q} ` P ∨ Q. 22. Refutation To get around this we use resolution not as a proof procedure but as a refutation procedure. That is, instead of trying to prove a theorem using the resolution rule, we are trying to derive  for the negation of the theorem using the resolution rule. This exploits the fact that that a sentence is valid if and only if its negation is unsatisfiable. Hence the first step of the resolution proof will always be to negate the formula. For this we now exploit the idea of rewriting a proposition of the form ϕ ` ψ into the form ϕ → ψ and observe the following two equivalences

¬(ϕ → ψ) =∼ ¬(¬ϕ ∨ ψ) =∼ ϕ ∧ ¬ψ

hence we also get ∼ ¬((ϕ1 ∧ ... ∧ ϕn) → ψ) = ϕ1 ∧ ... ∧ ϕn ∧ ¬ψ Now the problem of showing {P ∧ Q} ` P ∨ Q becomes trivial, as the negation immediately collapses to the empty clause. Example: In order to show that ` (¬B → A) → ((¬B → ¬A) → B) holds we are refuting the negation using resolution. So we get

¬((¬B → A) → ((¬B → ¬A) → B))

which simplifies into the clause set

{{B,A}, {B, ¬A}, {¬B}}

We can then derive the following resolution proof B, ¬A ¬B B,A ¬B Res Res ¬A A Res  In the above proof we have reused the clause {¬B}. In most cases we will need to use clauses multiple times, which makes the use of tree notation rather awkward. We therefore introduce a linear format for resolution proofs. 23. Linear Resolution Proofs are written simply in lines with justifications referring to the clauses a partic- ular line is the resolvent of. For our example we get a six line proof. 1. B, ¬A 2. B,A 3. ¬B 4. ¬A Res 1,3 5. A Res 2,3 6.  Res 4,5

19 Note that it would not be strictly necessary to explicility denote the Res rule in the justifications of our lines, as we only have one inference rule in our calculus. However, later when we move to first order logic we will get at least one more rule, thus denoting the rule will make sense. 24. Soundness effectively follows from the soundness of the resolution procedure we have argued earlier. However, instead of having a resolution tree for validity we now have a refutation tree to show unsatisfi- ability. Theorem 18 (Soundness of Propositional Resolution). If there exists a refutation tree for a formula ϕ, then ϕ is unsatisfiable. 25. Completeness is more difficult to establish. There are several ways to prove the theorem. A common one argues via semantic trees, but we will briefly sketch an induction proof. Theorem 19 (Completeness of Propositional Resolution). If a formula ϕ is unsatisfiable then ϕ has a refutation tree. Proof. We show the theorem via induction on the number of variables in ϕ. Let Φ be the CNF of ϕ Base case: We have one variable P . All possible clauses of Φ are {P } and {¬P }. If Φ is unsatisfiable then both clauses occur, and we can derive . Induction hypothesis: Suppose the hypothesis is true for formulas with less than n variables. Induction step: Let Φ be unsatisfiable with n variables. Now fix a variable P that occurs in Φ. We obtain Φ0 from Φ in the following way: 1. Φ0 contains all formulas in Φ that contain neither P nor ¬P . 2. For all clauses C,D ∈ Φ where P ∈ C and ¬P ∈ D, Φ0 contains the resolvent of C and D on P . From this construction we obtain Φ0 that contains n − 1 variables. Clearly, from theorem 17 we know that the application of the resolution rule preserves satisfiability. Hence Φ is satisfiable if and only if Φ0 is satisfiable. Thus with the induction hypothesis we can conclude that Φ is unsatifiable.  Note that in the case that only P but not ¬P occurs in Φ, then we can obtain Φ0 by removing all clauses containing P as they are trivially satisfiable (by setting P to T) and hence will not contribute to the refutation.

VI. DPLL

Although the resolution rule is satisfiability preserving, resolution is not an effective way to show sat- isfiability. We now consider a procedure for satisfiability checking that is based on the proof idea we used to show completeness of resolution, the Davis-Putnam-Logemann-Loveland algorithm. DPLL is a procedure specialising on satisfiability checking or SAT solving for short. It was originally invented by Davis and Putnam, while later improved by Logemann and Loveland who added some heuristics, which effectively draw on the idea of the resolution rule. Basically, DPLL is a backtracking algorithm that assigns truth values to propositional variable one by one and one until either a model is found or the clause set becomes unsatisfiable. In the latter base it backtracks. 26. DPLL procedure

1. Input is a set of clauses Φ, output a model I or UNSAT. 2. If I models Φ then return I. 3. If Φ contains the empty clause, backtrack. 4. Unit Propagation: If {l} ∈ Φ then extend I with I(l) = T. Delete all clauses in Φ containing l. Delete all occurrences of ¬l from all clauses in Φ. (Observe that since l can already be negated, ¬l would be the positive variable!)

20 5. Pure Literal: If l is a literal that only occurs in one polarity in Φ, then extend I with I(l) = T and delete all clauses in Φ containing l.

6. Splitting: Choose a propositional variable P ∈ Φ not yet fixed in I. Call procedure with

(a) reduced Φ and I extended by I(P ) = T, and with (b) reduced Φ and I extended by I(P ) = F.

The main idea of the algorithm is to successively reduce the size of Φ by assigning truth values. Once a literal l has been set to true, every clause that contains l is satisfied and can be deleted. In clauses where the negation of l occurs, it has no influence of making that clause satisfiable and hence can be deleted. The two heuristics can take advantage of this: Unit propagation implements the idea that a clause with a single unassigned literal can only be satisfied if that literal is assigned to true. Pure literal exploits the fact that if a literal occurs only in one polarity, it can always be interpreted to true without. The splitting rule leads effectively to a binary tree exploration of the search space. And indeed, while when the formula is satisfiable, a model will be found due to the exhaustiveness of the search. On the other hand if Φ is unsatisfiable, this can only be shown by completing the exhaustive search. Hence we can use it again to refute negated theorems, making it refutation complete. And soundness of DPLL can be shown quite easily for each of the steps. Example: Consider the following clause set:

{{P }, {R,P,S}, {¬P, ¬Q, ¬R}, {¬P, ¬Q, S}, {R,Q}}

Running DPLL will look like this: I = ∅ {{P }, {R,P,S}, {¬P, ¬Q, ¬R}, {¬P, ¬Q, S}, {R,Q}} Unit Prop I(P ) = T {{¬Q, ¬R}, {¬Q, S}, {R,Q}} Pure Literal I(S) = T {{¬Q, ¬R}, {R,Q}} Splitting I(Q) = T {{¬R}} {{R}} I(Q) = F Unit Prop I(R) = F {} {} I(R) = T Hence we get two models, I1 = {P, S, Q, ¬R} and I2 = {P, S, ¬Q, R}; here we abuse notation to write I1, I2 concisely. Normally, SAT solvers would stop once they have found one model, thus 27. DPLL in practice. DPLL is the basis for most modern SAT solvers. These systems are widely used in areas like model checking, hardware verification, AI planning, scheduling, etc. Some particular strong systems are for example zChaff and MiniSat. 28. DIMACS is the format that most (if not all) modern SAT solvers use as input format. It is a simple encoding of the clause normal form, where propositional variables are mapped to positive integers and literals are then either expressed either as positive or negative integers, depending on their polarity. For example, suppose we the propositional variable P which we map to 1. Then a literals P and ¬P are encoded by 1 and −1, respectively. A file in DIMACS format then looks like this c c This is the DIMACS input for the formula c (P v Q) /\ -Q /\ (-P v Q v -R) /\ (S v -Q v R) /\ (Q v R) c p cnf 4 5 1 2 0 -2 0 -1 2 -3 0 4 -2 3 0 2 3 0

21 where we have

• comment lines starting with c at the beginning of the file,

• the line p containing information on the format (cnf), the total number of propositional variables and clauses,

• one line for each clause ending with a 0.

As an example of a SAT solver you can find a version of zchaff on the School’s file system at /bham/ ums/linux/pd/packages/reasoning/sat/zchaff

Exercises for Resolution and DPLL (unassessed):

The following exercises are unassessed and you do not have to hand in their solution. Nevertheless I strongly suggest that you attempt them anyway!

8. Use resolution to show that the following formula is unsatisfiable:

(P ∨ Q ∨ ¬R) ∧ (P ∨ ¬Q) ∧ ¬P ∧ R ∧ U

9. Show the soundness of propositional resolution using induction.

10. Prove using resolution: ` ((P → Q) ∧ P ) → Q

11. Use DPLL to show that the following formula is satisfiable:

(P ∨ ¬Q) ∧ (¬P ∨ Q) ∧ (Q ∨ ¬R) ∧ (¬Q ∨ ¬R)

12. Use DPLL to show that the following formula is unsatisfiable:

(¬P ∨ Q) ∧ ¬Q ∧ P

22