EXPLOITING PROBLEM STRUCTURE IN QBF SOLVING by AlexandraGoultiaeva Athesissubmittedinconformitywiththerequirements forthedegreeofDoctorofPhilosophy GraduateDepartmentofComputerScience UniversityofToronto c Copyright2014byAlexandraGoultiaeva (cid:13) Abstract ExploitingProblemStructureinQBFSolving AlexandraGoultiaeva DoctorofPhilosophy GraduateDepartmentofComputerScience UniversityofToronto 2014 Deciding the truth of a Quantified Boolean Formula (QBF) is a canonical PSPACE-complete problem. It provides a powerful framework for encoding problems that lie in PSPACE. These include many problems in automaticverification,andproblemswithdiscreteuncertaintyornon-determinism.Twopersonadversarialgames areanothertypeofproblemthatarenaturallyencodedinQBF. Itis standardpracticeto useConjunctive NormalForm(CNF) whenrepresentingQBFs. Anypropositional formula can be efficiently translated to CNF via the addition of new variables, and solvers can be implemented moreefficientlyduetothestructuralsimplicityofCNF.However,thetranslationtoCNFinvolvesalossofsome structuralinformation. ThisthesisshowsthatthisstructuralinformationisimportantforefficientQBFsolving, andshowshowthisstructuralinformationcanbeutilizedtoimprovestate-of-the-artQBFsolving. First,anon-CNFcircuit-basedsolverispresented. ItmakesuseofinformationnotpresentinCNFtoimprove itsperformance. Wepresenttechniquesthatallowittoexploitthedualitybetweensolutionsandconflictsthatis lostwhenworkingwithCNF.Thisdualitycanalsobeutilizedintheproductionofcertificates,allowingbothtrue andfalseformulastohaveeasy-to-verifycertificatesofthesameform. Then, it is shown that most modern CNF-based solvers can benefit from the additional information derived fromdualityusingonlyminormodifications. Furthermore, evenpartialdualityinformationcanbehelpful. We show that for standard methods for conversion to CNF, some of the required information can be reconstructed fromtheCNFandgreatlybenefitthesolver. ii Contents 1 Introduction 1 2 Background 6 2.1 OverviewofQBF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1 ModelsandCountermodels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2 Resolutionandrefutations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 SolvingClausalQBF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.1 BasicAlgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.2 Unitpropagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.2.3 Clauselearning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.4 Cubelearning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3 SymbolicapproachestoQBF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.4 Non-CNFapproachestosolvingQBF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3 Acircuit-basedQBFsolver 22 3.1 Circuitrepresentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2 Thealgorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.3 Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.4 Don’tCarePropagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 3.5 Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.6 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4 Dualpropagationinanon-CNFsolver 32 4.1 Dualpropagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.2 Don’tCarePropagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 iii 4.3 HandlingNNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.3.1 SimplifyingtheNNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.4 Phasememorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 5 Experimentsonnon-CNFproblems 44 5.1 Earlynon-CNFsolvers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5.2 Effectofnewtechniquesonthecircuitsolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.3 IQTest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.4 GhostQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.5 CNF-basedsolvers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 6 Certificategeneration 54 6.1 Q-resolutionfortrueandfalseformulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 6.2 Proofsrepresentstrategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 6.2.1 Updatingtherefutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 6.2.2 ObtainingwinningmovesfromQ-resolution . . . . . . . . . . . . . . . . . . . . . . . . 63 6.3 Relatedwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 6.4 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 6.4.1 Strategygenerationexample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 6.4.2 Producingandverifyingcertificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 6.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 7 DualpropagationinCNF-basedsolvers 70 7.1 DualPropagationgivenanon-CNFrepresentation . . . . . . . . . . . . . . . . . . . . . . . . . . 70 7.1.1 SoundnessProperties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 7.1.2 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 7.2 UtilizingpartialinformationextractedfromCNF . . . . . . . . . . . . . . . . . . . . . . . . . . 85 7.2.1 Reconstructingthestructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 7.2.2 Utilizingpartialinformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 7.2.3 Recoveringimplication-basedencodings . . . . . . . . . . . . . . . . . . . . . . . . . . 92 7.2.4 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 7.3 Preprocessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 iv 7.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 8 Conclusion 104 Bibliography 107 v Chapter 1 Introduction BooleanSatisfiability(SAT)isthecanonicalNP-completeproblem.Givenabooleanformula,aSATsolverneeds todeterminewhetherornotthatformulaissatisfiable, i.e., whetherornotthereexistsatruthassignmentunder whichtheformulaisTRUE. SATsolvingoffersasimpleanduniformrepresentationthatcanbeusedforawidevarietyofproblems. SAT solversusewell-developedlightweightandefficientdatastructuresandbenefitfrompowerfulbutsimplelearning techniques. AlthoughtherearenoalgorithmsforSATsolvingthatareefficientintheworstcase,inpracticethere areawiderangeofareaswhereSATsolversaresuccessfullyemployedtosolvelargeindustrialproblems. SATsolverscanbeusedtosolvemanyinterestingproblemsbyencodingtheseproblemsasbooleanformulas, andtheninterpretingtheanswer. Forexample,onemightencodeastatementsuchas“thisbooleancircuitdoes notimplementthecorrectfunction.” Then,iftheformulais FALSE,thecircuitcanbeconsideredcorrect,andif theformulaisTRUE,thesatisfyingassignmentwouldgiveanexamplecasewherethecircuitfails. Thevariables here are implicitly existentially quantified, i.e., the formula actually encodes the statement “there exists a set of inputssothatthecircuitgivestheincorrectoutput.” Ingeneral,SATseekstofindasinglesatisfyingassignment totheformula—itisaskingifthereexistsasettingofthevariablesthatmakestheformulaTRUE. QuantifiedBooleanFormulas(QBFs)areanextensionofSATthatallowsbothuniversalandexistentialquan- tification. In particular, a QBF is specified by a sequence of alternating universally and existentially quantified variablesfollowedbyabooleanformulaoverthesevariables. SATcanthenbeviewedasthespecialcasewhere allofthevariablesareexistentiallyquantified. TheQBFdecisionproblemistheproblemofdecidingwhetheror notaQBFisTRUE. ThisproblemisPSPACEcomplete. WewillpresentQBFsmoreformallyinSection2.1, butsemanticallyaQBFcanbeviewedasatwo-player game. The two players, one controlling the existentially quantified variables, and the other controlling the uni- 1 CHAPTER1. INTRODUCTION 2 versally quantified variables, take turns setting their variables. The sequence of quantified variables, i.e., the quantifier, dictatestheorderinwhichthemovesareplayed. Ateachpoint, theowneroftheoutermostvariable assigns it a value, and the formula is simplified accordingly. The goal of the existential player is to make the formulaTRUE,whilethegoaloftheuniversalplayeristomaketheformulaFALSE. Theexistentialplayerhasa winning strategy if it can force the formula to become TRUE no matter how universal sets its variables (in this case,wesaythattheQBFformulaisTRUE). Similarlytheuniversalplayerhasawinningstrategyifitcanforce the formula to become FALSE no matter how existential sets its variables (in this case, we say that the QBF formulaisFALSE). ManyproblemshaveanaturalrepresentationinQBF.Forexample,QBFnaturallyrepresentsfinitestatetwo- player games, where the existential and the universal variables represent the possible moves, and the formula representsthegamemechanicsandthewinningcondition. SupposethetwoplayersareP andP ,andthegame 1 2 isthreemoveslong. TocheckwhetherP hasawinningstrategy,wemightencodetheformulaasfollows: “there 1 existsamoveM forP ,suchthatM isavalidmove,andforallmovesM byP ,eitherM isinvalid,orthere 1 1 1 2 2 2 existsavalidmoveM forP suchthatP winsthegame.” 3 1 1 QBFisnotlimitedtosimpletwo-playergames,however. Anybehaviorthatcanbecastasadversarialcanbe encoded. Anexampleofthisistheencodingofconformantandcontingentplanningproblems. Conformant and contingent planning involve planning problems that allow incomplete information and/or nondeterminism. Theplannerneedstocomeupwithaplanthatwouldachievethegoalnomatterhowthenon- determinism plays out. Since the plan must always work, we could view the world as an adversary, each valid move of which the plan must be able to handle. We would let the adversary determine the unknown and non- deterministicevents,andtrytocreateastrategythatworksnomatterwhicheventsoccur. Inotherwords,wecan viewthesethesetypesofplanningasatwo-playergameandcastthemasQBFs[53]. AnotherareawhereQBFcanbeusedisinsolvingvariousproblemsthatariseincircuitverification,design, and debugging. One example is configuring Field Programmable Gate Arrays (FPGAs). Field Programmable GateArrays(FPGAs)areprogrammablecircuits. Thequestionofwhetheracertainfunctioncanbeprogrammed byaparticularFPGAcanbecastasaQBF:doesthereexistasettingoftheFPGAcontrollinessuchthatforall inputstheFPGAoutputsthecorrectfunctionvalue[40]. Recently, QBF solvers have been applied to an interesting problem of automated reduction finding [36]. In short,theformulaencodesastatement“thereexistsareductionrfromproblemAtoproblemBsuchthatforall inputsx,x Aiffr(x) B.” Althoughthisapplicationislimitedtoboundedinputlengthreductionsinacertain ∈ ∈ class,itcanstillprovideusefultoolsforcomplexitytheoreticreasoning. PSPACE is widely believed to contain harder problems than NP, and thus QBF being PSPACE complete is likelytohardertosolvethanSAT.InpracticeQBFhasshownitselftobeharderthanSAT.Ontheflipside,QBF CHAPTER1. INTRODUCTION 3 is more expressive, and can succinctly represent some problems whose natural SAT encoding is exponentially sized. Inpractice,QBFhasbeenappliedtoproblemsthatgrowtoolargeforaSATsolvertohandle. Forexample, some verification problems traditionally solved by SAT solvers contain structural repetition, and can be more efficientlyrepresentedasaQBF.ThisefficiencyinrepresentationcanallowQBF-basedapproachestooutperform SAT-basedapproacheswhentheproblemsbecomelarge[45]. Despiteitsworst-casecomplexity,QBFsolversarebeingactivelydevelopedandaregainingefficiency. This thesisisaimedatimprovingQBFsolvingtechniquesbyalleviatingalong-standingprobleminQBF:theinability of QBF solvers to reason equally efficiently for both the existential and the universal players. The roots of this problemstemfromtheformularepresentationthatisbeingused. Conjunctive Normal Form (CNF) is a representation for boolean formulas which has become ubiquitous in SAT solving. Any propositional formula can be efficiently translated to CNF via the addition of new variables, and solvers can be implemented more efficiently due to the structural simplicity of CNF. Many effective data structures and techniques have been developed to work with CNF. Clause learning, which is probably the most importantbreakthroughisSATsolvingtechnology,isaneffectivereasoningtechniquespecifictoCNF. QBFsolving,havinginheritedmanytechniquesfromSAT,hasalsoadoptedCNF.Themostwidespreadformat forQBFsolvingisPrenexCNF,whereaseriesofquantifiersisfollowedbyabooleanformulaexpressedinCNF. QBF solvers are able to benefit from the well-engineered data structures and techniques aimed at working with CNF.However,theCNFrepresentationposessomeproblemsforQBFsolving. CNFisextremelywell-suitedtoreasonaboutconflicts(variableassignmentsthatfalsifytheformula), how- ever, itisquiteinefficientwhenitcomestoreasoningaboutsolutions(variableassignmentsthatsatisfythefor- mula). Prenex CNFallowstheQBFsolverto reasonefficientlyfortheexistentialplayer(which needstoavoid conflicts),butpreventseffectivereasoningfortheuniversalplayer(whichneedstoavoidsolutions). Thisisnota problemforSATsolvers,since,asmentionedpreviously,aSATformulaisaQBFwithonlyexistentialquantifica- tion. So,aSATsolverneverneedstoreasonfortheuniversalplayer. Itonlyencountersasatisfiedformulaonce, whenthesearchisover—soefficiencyindetectingandreasoningaboutwhatsatisfiestheformulaisnotneeded. Ontheotherhand,aSATsolverneedstoanalyzemanyconflicts,soitneedstoreasonaboutthoseefficiently. TheineffectivenessofCNFforreasoningwithsolutionsslowsdownQBFsolverswhichoftenmustprocess anexponentialnumberofsolutions. InadditiontoincreasingthesolvingtimethebuiltinbiasofCNFtowards conflictscausesotherproblems. Onehastodowithcertificatesandstrategies. Acertificateisanadditionalpieceofinformationthatthesolvermightprovidetogetherwithitsresult. The certificateallowstheusertoverifythattheprovidedresultiscorrect. ThereisaCNF-basedproofsystemcalled resolution which can be efficiently verified and can certify that the formula is false for any variable setting (is UNSAT).So,aresolutionproofiscommonlyusedasacertificateofunsatisfiability. Toverifythataformulais CHAPTER1. INTRODUCTION 4 satisfiable,itisenoughtosupplythesatisfyingassignmentandverifythatitsatisfiestheformula.Sothesatisfying assignmentisaneffectivecertificateofsatisfiability. The resolution proof system has been extended to QBF, forming a proof system called Q-resolution. A Q- resolution proof is an easily verifiable certificate for QBFs which are FALSE. However, because CNF is biased towards conflicts, there is no straightforward way to extend Q-resolution to provide certificates for true QBFs. Instead, the attempts to certify true QBFs have typically tried to mimic the SAT case by focusing on obtaining strategies. Recall that in SAT solving, in addition to providing an easy way to verify that the formula is satisfiable, a satisfying assignment also carries useful information. For example, it might encode an actual plan, a failure scenario,orthesolutiontoapuzzle. InQBFsolvingonemightalsobeinterestednotonlyintheanswer(which playercanbeguaranteedtowinthegame),butalsoinhowthevictorycanbeobtained.However,inQBFasimple variableassignmentisnotsufficient,sincetheanswermustcaptureresponsestodifferentmovesbytheopponent. Whatisdesiredisastrategy. Inaddition,astrategycanpotentiallyverifythataQBFistrue. Differentmethods ofrecordingstrategiesanddifferentwaysofencodingthemhavebeendeveloped. Unfortunately,thesemethods areusuallyeitherpronetocombinatorialexplosions,arecomputationallyhardtoverify,orboth. Thus, the bias in CNF has also affected certificates: while there was a uniform and easy-to-verify method for certifying FALSE QBF formulas, there was no such method for TRUE formulas. Conversely, there have been methods to generate strategies for TRUE QBF formulas (winning strategies for the existential player), but nocounterpartfor FALSE QBFs(winningstrategiesfortheuniversal). Inthisthesis, weshowhowbyutilizing the non-CNF structure it is easy to obtain Q-resolution proofs for TRUE formulas. Moreover, we show that Q- resolution proofs encode all the necessary information about the winning strategy, and thus can themselves be viewed as a strategy representation. We present an algorithm which, given a Q-resolution proof, interactively extractsastrategyforthewinningplayer. So,bybeingabletoconstructQ-resolutionproofsforbothTRUE andFALSE QBFformulas,andbeingableto extractstrategiesfromtheseproofs,weareabletohaveuniformandeasy-to-verifycertificatesforbothpolarities, aswellascomputestrategiesforboththeexistentialandtheuniversalplayers. InChapter2wewillpresentsomeoftheformalbackground. Then,inChapter3wepresentanon-CNFQBF solverusedasthebasisforourapproach,whichtakesthefirststepstowardsusingnon-CNFinformationforbetter reasoningfortheuniversalplayer. InsteadofCNF,itusesalogicalcircuitastheinternalrepresentationforthe formula. InChapter4wepresentthecoreofourapproach. Weshowhowthecircuit-basedQBFsolvercanbe modifiedtoachievecompletedualitybetweentheexistentialandtheuniversalplayerandbeabletoreasonequally efficientlyforboth. Wealsoincludeafewsmallerimprovementsandsimplificationtechniquesthatallowusto further speed up the solver. In Chapter 5 we present experimental results. We show the merit of our approach CHAPTER1. INTRODUCTION 5 by demonstrating how the addition of dual propagation improves our circuit-based solver. We also compare ourapproachwithothernon-CNFapproaches,andwithCNF-basedapproachestowhichwefeedtheconverted versionsoftheformulas. InChapter6wepresentourapproachforcertificategeneration. Weshowhowwecanobtaincertificatesand strategiesforboth TRUE and FALSE formulas. Weexperimentallydemonstratethefeasibilityofourapproach, showingthattheoverheadofproducingthecertificateisextremelysmall,andthatourcertificatescanbeverified bythird-partyverifiers. InChapter7wereconcileourapproachwithexistingCNF-basedsolvers. Indeed,byusinganon-CNFrepre- sentation,oursolvermissesoutontheefficientCNF-baseddatastructuresandtechniquesthathavebeendevel- oped. We show that the most common CNF-based solvers have indeed all the necessary mechanisms for using dual propagation. We show how these mechanisms can be correctly initialized to obtain the full power of dual propagation while retaining the benefits of CNF-specific techniques and data structures. We also include some theoreticalresultsdescribingtheconditionsthatmakeinitializationsound. WeexperimentallyshowthattheCNF techniques do offer advantages, and that the resulting solver is more efficient than the non-CNF versions. We then take this approach a step further, and show how dual propagation can be used in cases when the non-CNF representation is unavailable. Instead of using the complete representation of the problem, we can still benefit from partial structural information that can be obtained by various heuristic methods from the CNF. Of course, theweakerthereconstruction,thelessusefuldualpropagationwillbe. However,ourapproachisabletobenefit frompartialinformationwhilecausingnooverheadifthereconstructionwaspoor. Weshowthefeasibilityofthis approach. InChapter8weconcludethethesisbysummarizingourcontributionsanddiscussingfuturework.