Automated reasoning can be used for math from Whether software or hardware will do what it should. In practice, automated reasoning is often related to programs known as SAT SOLVERS, which determines whether formal expressions that describe the restrictions in the system Sat.Isfied.
SAT is notoriously difficult (it’s the original NP complement problem), and SAT-SOLVER uses all kinds of smart tricks to make it can be can be tracing: Popular SAT SOLVERS HAVE TENSHERS OF CODE LINE. But how do we know the SAT solver’s decisions – about satisfaction with a given expression – are reliable? The programs are large enough to use formal analysis to verify you Would be a huge effort.
One solution is that the SAT solution can generate an entry – a track – of its reasoning, which can be verified by an automatic proof. An evidence control is a relatively simple program that is much easier to verify than a SAT solver. And for SAT problems, whose limitations can all be specifically at once even very, very complex SAT problems there are methods of reliable generation of machine-controllable proofs.
Unfortunately, in most practical situations, a SAT -Programs -constraints cannot all be specified at once. Often, when we verify code or hardware or networking, we want to start by controlling a restriction and, based on which it comes or not, checking another limitation, and so on, building our set restrictions one by one. Existing methods of generating controllable proofs do not work with such Recruitment Sat problem.
At this year’s conference on formal methods in Computer-Aidéd Design (FMCAD), we presented a method of generating controllable proofs for incremental SAT Probuts. A SAT -Problem consists of a long list of limitations and the expression of each restriction is called a clause. To make SAT issues that can be drawn, you must delete clauses that can be satisfied by the same truth tasks that satisfy another clause.
With step -by -step set, a deleted clause must sometimes be restored to ensure consistency when adding new restrictions. In such cases, our approach to evidence generation treats the recovered clause, as if it had never been deleted in the first place. This simple trick enables existing evidence production framework to generalize for inclusion set. We explain in more detail below.
Step -by -step Sat.
A SAT problem is a sequence of limitations that explicitly uses variable names and the Boolian operators ∧ (and) and ∨ (OR). The question is simply whether there is some assignment of truth and forgery to the variable that makes the expression true. For example, the expression (Hair ∨ B) ∧ (¬a ∨ ¬b) (Read “(a or b) and (non-A or non-b)” is satisfied because it is true if eith Hair gold B is true and the other is false. The expression has two clauses, (Hair ∨ B) and (¬Hair ∨ ¬B).
As the number of clauses increases, this seemingly straightforward problem becomes intratable. One of the tricks that sat solver that uses to simplify it is to erase a clause if its connection with another clause is Équisatilable With the second clause alone, where “Équisatisfable” means that two terms are both satisfied or both unsatisfactory.
For example, consider an incremental set -problem that included the clauses (Hair ∨ B) and (¬Hair ∨ ¬B) The Solver may retain the first clause and erase the second Becaus (Hair ∨ B) and the context (Hair ∨ B) ∧ (¬Hair ∨ ¬B) Equilibrium. Then, because it is a step -by -step problem, two new clauses, (Hair) and (B), Added. (Hair ∨ B) ∧ (Hair) ∧ (B) is satisfied because (Hair ∨ B) Is true if both Hair and B Is true. Goals (¬Hair ∨ ¬B) is False If both Hair and B Is true so it needs to be added back to the expression, or set solver can give the wrong answer.
When a SAT solver that works on an incremental SAT problem deletes a clause, it saves it in a buffer called the reconstruction stack along with a truth value assignment that ensures that we can reconstruct a valid task in the original problem from the Solver-modified problem. When a new clause is added to the problem expression, if the truth value required to satisfy it is in conflict with any of the tasks in the reconstruction stack, the contradictory clauses are restored to the problem expression and evaluated again. They can receive different truth-value assignments or the solver can conclude that the term cannot be experienced.
Algorithmic is this procedure effective: It ensures that the SAT solver’s judgment will be healthy. But its logic is difficult to capture in the language for formal proof. So while today’s SAT solver can solve incremental SAT programs, they rarely try to prove that this solution is healthy.
Generation of proof
This is where our method coes in. In addition to deleting clauses from a problem expression, SAT -SATLIALS also add clauses. The additions begin logically with clauses that are already in the expression, so they do not affect satisfaction, but they may make it easier for Solver to recognize potential conflicts between clauses.
A typical evidence generator steps through the trail of all these additions and deletions and builds up proof of their validity. Our method starts instead at the end of the track and works backwards. Where we find a step that restores a clause in the proof, we save that clause in a buffer; If we later (that is, earlier in the track) find the deletion of the same clause, we simply delete both the original deletion and the subsequent restoration. Once we have cleaned the track from the bottom to the top, we work back through it from top and bottom and build a proof of the conventional way.
Sales The deleted clauses are also with clauses left in the term, their deletion has no influence on the validity of the subsequent proof steps – at least the Unil point of conflict with a newly added clause where the deleted clause was added back anyway. So to treat the erases as if they never compromised the health of evidence.
To evaluate the practicality of our approval, we changed one of the most popular current SAT -SAVENERs to implement it and tested it on a dataset of 300 incremental SAT problems, six of which are satisfied and 294 of which are not. The modified Solver produced valid proofs for all 294 dissatisfied examples. (The six satisfactory example is proving to the choice of truth value assignments.) On the algorithm was also enough to be practical, taking wood one minute to produce a one-gigabyte certificate or an overhead of approx. 5% in relation to the solution time.