Formulation of famous problems as SAT:
Bounded Model Checking (1/4)
Given a property p: (e.g. “always signal_a = signal_b”)
Is there a state reachable within k cycles, which satisfies ¬p ?
p
p
p
s0
s1
s2
...
¬p
sk-1
p
sk
Formulation of famous problems as SAT:
Bounded Model Checking (2/4)
The reachable states in k steps are captured by:
I ( s0 ) ! # ( s0 ,s1 ) ! # ( s1 ,s2 ) !...! # ( sk "1 ,sk )
The property p fails in one of the cycles 1..k:
¬p1 $¬p2 $...$¬pk
Formulation of famous problems as SAT:
Bounded Model Checking (3/4)
The safety property p is valid up to cycle k iff %(k) is unsatisfiable:
%( k ):
I0 !
k
k "1
! # (s , s
i
i =0
p
p
p
s0
s1
s2
...
i +1
¬p
)!
$ ¬p
i
i =0
p
sk-1
sk
Formulation of famous problems as SAT:
Bounded Model Checking (4/4)
Example: a two bit counter
00
11
01
10
Initial state: I 0 : ¬l !¬r
Transition:
Property:
# : l '= ( l & r )
r '=¬r
always (¬l $ ¬r).
For k = 2:
F(l !r )$I
l = (l & r ) !r =¬r !I
F
': ( ¬l !¬r ) !G
(l !r )$ J
Hl = (l & r )!r =¬r JK!G
G
H(l !r ) JK
0
0
1
0
0
1
0
2
1
1
2
1
0
0
1
1
2
2
For k = 2, %(k) is unsatisfiable. For k = 4 %(k) is satisfiable
What is SAT?
Given a propositional formula in CNF, find an
assignment to Boolean variables that makes the
formula true:
((11==(x(x22$$xx33))
((22==((¬¬xx11$$¬¬xx44))
((33==((¬¬xx22$$xx44))
!"#$%&'$()*
+%%$)(,-(./
AA=={x
{x11=0,
=0,xx22=1,
=1,xx33=0,
=0,xx44=1}
=1}
Why SAT?
! Fundamental problem from theoretical point of view
! Numerous applications:
–
–
–
–
CAD, VLSI
Optimization
Bounded Model Checking and other type of formal verification
AI, planning, automated deduction
A Basic SAT algorithm
Given ' in CNF: (x,y,z),(-x,y),(-y,z),(-x,-y,-z)
'
x
-x
(y),(-y,z),(-y,-z)
y
-y
(z),(-z)
z
-z
()
()
X
X
Decide()
(y,z),(-y,z)
z
-z
()
()
X
)
(y),(-y)
y
Deduce()
-y
()
()
X
X
Resolve_Conflict()
A Basic SAT algorithm
Choose the next
variable and value.
Return False if all
variables are assigned
!"#$%&'()*%+
,
#-&'./%0#1%'++&)%(*)2&'345+6&
7"#$%&'./%1*0%'++
@
#-&'.8%9:$;%<=:2-$#0('++&)%(*)2&'>?345+6
Apply unit clause rule.
Return False if reached
a conflict
Backtrack until
no conflict.
Return False if impossible