Solving QBF with Free Variables
Will Klieber, Mikoláš Janota,
Joao Marques-Silva, Edmund Clarke
Sep 17, 2013
1
Quantified Boolean Formulas (QBF)
I
Extension of propositional logic. Grammar:
x ::= boolean variable
Q ::= ∃ ∀
Φ ::= x Qx. Φ Φ ∧ Φ Φ ∨ Φ ¬Φ True False
2
Quantified Boolean Formulas (QBF)
I
Extension of propositional logic. Grammar:
x ::= boolean variable
Q ::= ∃ ∀
Φ ::= x Qx. Φ Φ ∧ Φ Φ ∨ Φ ¬Φ True False
I
No variable may be quantified more than once.
I
No variable may occur both free and bound.
2
Quantified Boolean Formulas (QBF)
I
Extension of propositional logic. Grammar:
x ::= boolean variable
Q ::= ∃ ∀
Φ ::= x Qx. Φ Φ ∧ Φ Φ ∨ Φ ¬Φ True False
I
No variable may be quantified more than once.
I
No variable may occur both free and bound.
I
Semantics:
I ∀x. Φ = Φ|
x=True ∧ Φ|x=False
I
∃x. Φ = Φ|x=True ∨ Φ|x=False
2
Open QBF
I
Closed QBF: All variables quantified; answer is True or False.
I
Open QBF: Contains free (unquantified) variables.
I
Goal: Find equivalent propositional formula.
I
E.g., given ∃x. x ∧ (y ∨ z), return y ∨ z.
3
Open QBF
I
Closed QBF: All variables quantified; answer is True or False.
I
Open QBF: Contains free (unquantified) variables.
I
Goal: Find equivalent propositional formula.
I
E.g., given ∃x. x ∧ (y ∨ z), return y ∨ z.
I
Applications: symbolic model checking,
synthesis from formal spec, etc.
3
Outline
I
Naı̈ve Algorithm
I
Introduce sequents that generalize clauses for open QBF
(without ghost variables)
I
Experimental results
I
Ghost variables (for non-CNF): see paper.
4
Naı̈ve Algorithm
I
Notation: “ite(x, φ1 , φ2 )” is a formula with an if-then-else:
ite(x, φ1 , φ2 ) = (x ∧ φ1 ) ∨ (¬x ∧ φ2 )
5
Naı̈ve Algorithm
I
Notation: “ite(x, φ1 , φ2 )” is a formula with an if-then-else:
ite(x, φ1 , φ2 ) = (x ∧ φ1 ) ∨ (¬x ∧ φ2 )
I
Recursively Shannon-expand on free variables:
Φ = ite(x, Φ|x=True , Φ|x=False )
5
Naı̈ve Algorithm
I
Notation: “ite(x, φ1 , φ2 )” is a formula with an if-then-else:
ite(x, φ1 , φ2 ) = (x ∧ φ1 ) ∨ (¬x ∧ φ2 )
I
Recursively Shannon-expand on free variables:
Φ = ite(x, Φ|x=True , Φ|x=False )
I
Base case (no more free variables): Give to closed-QBF solver.
5
Naı̈ve Algorithm
1.
2.
3.
function solve(Φ) {
if (Φ has no free variables)
return closed qbf solve(Φ);
7.
}
6
Naı̈ve Algorithm
1.
2.
3.
4.
5.
6.
7.
function solve(Φ) {
if (Φ has no free variables)
return closed qbf solve(Φ);
x := (a free variable in Φ);
return ite(x, solve( Φ|x=True ),
solve( Φ|x=False ));
}
6
Naı̈ve Algorithm
1.
2.
3.
4.
5.
6.
7.
function solve(Φ) {
if (Φ has no free variables)
return closed qbf solve(Φ);
x := (a free variable in Φ);
return ite(x, solve( Φ|x=True ),
solve( Φ|x=False ));
}
Builds OBDD if:
1. same branch order,
2. formula construction is memoized, and
3. ite(x, φ, φ) is simplified to φ.
6
Naı̈ve Algorithm
I
Naı̈ve Algorithm:
I Similar to DPLL in terms of branching.
I But lacks many optimizations that make DPLL fast:
I Non-chronological backtracking
I Clause learning
I
Our open-QBF technique:
I Extend existing closed-QBF algorithm to allow free variables.
7
Preliminaries
I
Prenex Form: Q1 x1 ...Qn xn . φ where φ has no quantifiers.
8
Preliminaries
I
Prenex Form: Q1 x1 ...Qn xn . φ where φ has no quantifiers.
I
In ∀x.∃y. φ, we say that y is downstream of x.
I ∃y occurs inside scope of ∀x.
8
Preliminaries
I
Prenex Form: Q1 x1 ...Qn xn . φ where φ has no quantifiers.
I
In ∀x.∃y. φ, we say that y is downstream of x.
I ∃y occurs inside scope of ∀x.
I
Free variables are upstream of all quantified variables.
8
Preliminaries
I
Prenex Form: Q1 x1 ...Qn xn . φ where φ has no quantifiers.
I
In ∀x.∃y. φ, we say that y is downstream of x.
I ∃y occurs inside scope of ∀x.
I
Free variables are upstream of all quantified variables.
I
Outermost: Not downstream of any unassigned variables.
I E.g.: ∃e .∀u .φ and assignment {(e , True)}:
1
2
1
u2 is outermost.
8
Preliminaries
I
Prenex Form: Q1 x1 ...Qn xn . φ where φ has no quantifiers.
I
In ∀x.∃y. φ, we say that y is downstream of x.
I ∃y occurs inside scope of ∀x.
I
Free variables are upstream of all quantified variables.
I
Outermost: Not downstream of any unassigned variables.
I E.g.: ∃e .∀u .φ and assignment {(e , True)}:
1
2
1
u2 is outermost.
I
Substitution: Φ|π where π is a partial assignment.
8
Closed QBF as a Game
I
Existential variables are owned by Player ∃.
I
Universal variables are owned by Player ∀.
I
Players assign variables in quantification order.
I
The goal of Player ∃ is to make Φ be true.
I
The goal of Player ∀ is to make Φ be false.
9
Properties of Clauses and Cubes
I
Motivate definition of sequents.
I
Existential literals e1 ... en and universal literals u1 ... um .
I
Clause ( e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin
{z
}
|
all false (under π)
10
Properties of Clauses and Cubes
I
Motivate definition of sequents.
I
Existential literals e1 ... en and universal literals u1 ... um .
I
Clause ( e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin
{z
}
|
| {z }
⇒
false
all false (under π)
10
Properties of Clauses and Cubes
I
Motivate definition of sequents.
I
Existential literals e1 ... en and universal literals u1 ... um .
I
Clause ( e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin
|
{z
} |
{z
}
| {z }
none
true
all false
⇒
false
10
Properties of Clauses and Cubes
I
Motivate definition of sequents.
I
Existential literals e1 ... en and universal literals u1 ... um .
I
Clause ( e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin
|
{z
} |
{z
}
| {z }
none
true
all false
⇒
false
I
Cube ( u1 ∧ ... ∧ un ∧ e1 ∧ ... ∧ em ) in DNF Φin
|
{z
} |
{z
}
| {z }
⇒
true
all true
none false
10
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
11
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
11
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
I
E.g., h{e}, {u}i matches {(e, True)} and {(e, True), (u, True)},
11
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
I
E.g., h{e}, {u}i matches {(e, True)} and {(e, True), (u, True)},
but does not match {} or {(e, True), (u, False)}.
11
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
I
E.g., h{e}, {u}i matches {(e, True)} and {(e, True), (u, True)},
but does not match {} or {(e, True), (u, False)}.
I
hLnow , {`, ¬`}i matches π only if π doesn’t assign `.
11
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
I
Definition. “hLnow , Lfut i |= (Φ ⇔ ψ)” means “for all
assignments π that match hLnow , Lfut i, Φ|π is logically
equivalent to ψ|π unless π is a don’t-care assignment”.
12
hLnow, Lfuti Sequents
I
Definition. A game-state specifier is a pair hLnow , Lfut i
consisting of two sets of literals, Lnow and Lfut .
I
Definition. We say that hLnow , Lfut i matches assignment π iff:
1. every literal in Lnow evaluates to True under π, and
2. no literal in Lfut evaluates to False under π.
I
Definition. “hLnow , Lfut i |= (Φ ⇔ ψ)” means “for all
assignments π that match hLnow , Lfut i, Φ|π is logically
equivalent to ψ|π unless π is a don’t-care assignment”.
I
Without ghost variables: No assignments are don’t-care.
I
With ghost variables: See paper for details.
12
Correspondence of Sequents to Clauses and Cubes
I
Consider a QBF with existential literals e1 ... en and
universal literals u1 ... um .
I
Clause (e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin corresponds to
sequent h{¬e1 , ..., ¬en }, {¬u1 , ..., ¬um }i |= (Φin ⇔ False).
13
Correspondence of Sequents to Clauses and Cubes
I
Consider a QBF with existential literals e1 ... en and
universal literals u1 ... um .
I
Clause (e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin corresponds to
sequent h{¬e1 , ..., ¬en }, {¬u1 , ..., ¬um }i |= (Φin ⇔ False).
I
Cube (u1 ∧ ... ∧ um ∧ e1 ∧ ... ∧ en ) in DNF Φin corresponds to
sequent h{u1 , ..., um }, {e1 , ..., en }i |= (Φin ⇔ True).
13
Correspondence of Sequents to Clauses and Cubes
I
Consider a QBF with existential literals e1 ... en and
universal literals u1 ... um .
I
Clause (e1 ∨ ... ∨ en ∨ u1 ∨ ... ∨ um ) in CNF Φin corresponds to
sequent h{¬e1 , ..., ¬en }, {¬u1 , ..., ¬um }i |= (Φin ⇔ False).
I
Cube (u1 ∧ ... ∧ um ∧ e1 ∧ ... ∧ en ) in DNF Φin corresponds to
sequent h{u1 , ..., um }, {e1 , ..., en }i |= (Φin ⇔ True).
I
Sequents generalize clauses/cubes because
hLnow , Lfut i |= (Φ ⇔ ψ) can have ψ be a
formula in terms of free variables.
13
Inference rule for free variable
Literal r is free
fut
hLnow
1 ∪ {r}, L1 i |= (Φin ⇔ ψ1 )
fut
hLnow
2 ∪ {¬r}, L2 i |= (Φin ⇔ ψ2 )
now
fut
fut
hLnow
1 ∪ L2 , L1 ∪ L2 ∪ {r, ¬r}i |= (Φin ⇔ ite(r, ψ1 , ψ2 ))
14
Top-level algorithm (based on DPLL)
1.
2.
initialize_sequent_database();
πcur := ∅; Propagate();
3.
while (true) {
12.
}
15
Top-level algorithm (based on DPLL)
1.
2.
initialize_sequent_database();
πcur := ∅; Propagate();
3.
4.
5.
6.
7.
while (true) {
while (πcur doesn’t match any database sequent) {
DecideLit();
Propagate();
}
12.
}
15
Top-level algorithm (based on DPLL)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
initialize_sequent_database();
πcur := ∅; Propagate();
while (true) {
while (πcur doesn’t match any database sequent) {
DecideLit();
Propagate();
}
Learn();
if (learned seq has form h∅, Lfut i |= (Φin ⇔ ψ)) return ψ;
Backtrack();
Propagate();
}
15
Propagation
I
Let seq be a sequent hLnow , Lfut i |= (Φin ⇔ ψ) in database.
I
If there is a literal ` ∈ Lnow such that
1. πcur ∪ {`} matches seq, and
2. ` is not downstream of any unassigned literals in Lfut ,
then ¬` is forced; it is added to the current assignment πcur .
16
Propagation
I
Let seq be a sequent hLnow , Lfut i |= (Φin ⇔ ψ) in database.
I
If there is a literal ` ∈ Lnow such that
1. πcur ∪ {`} matches seq, and
2. ` is not downstream of any unassigned literals in Lfut ,
then ¬` is forced; it is added to the current assignment πcur .
I
Propagation ensures that the solver never re-explores areas of the
search space for which it already knows the answer.
16
Experimental Comparison
I
Our solver: GhostQ.
I
Compared to computational-learning solver from:
B. Becker, R. Ehlers, M. Lewis, and P. Marin,
“ALLQBF solving by computational learning” (ATVA 2012).
I
Benchmarks (from same paper): synthesis from formal
specifications.
I
HWMCC’10 Benchmarks: One-step forward reachability.
17
Cactus Plot
800
learner
learner-d
learner-c
GQ
CPU time (s)
700
600
500
400
300
200
100
0
0
200 400 600 800 1000 1200 1400 1600 1800
instances
18
Formula Size
105
GQ
104
103
102
101
100
100
101
102
learner-c
103
19
HWMCC’10 Benchmarks: Cactus Plot
900 s
Time Limit (per instance)
800 s
700 s
600 s
Learner-C
GhostQ
500 s
400 s
300 s
200 s
100 s
0s
0
100
200
300
400
500
600
Number of Instances Solved
20
Conclusion
I
DPLL-based solver for open QBF.
I
Sequents generalize clauses and cubes.
I
Generates proof certificates.
I
Our solver produces unordered BDDs.
I Unordered because of unit propagation.
I In our experience, often larger than OBDDs.
21
© Copyright 2026 Paperzz