HySAT. what you can use it for how it works example from application domain final remarks. Christian Herde /12

Size: px

Start display at page:

Download "HySAT. what you can use it for how it works example from application domain final remarks. Christian Herde /12"

Isabel Willis
5 years ago
Views:

1 CP2007: Presentation of recent CP solvers HySAT what you can use it for how it works example from application domain final remarks Christian Herde /2

2 What you can use it for Satisfiability checker for quantifier-free Boolean combinations of arithmetic constraints over the reals and integers Can deal with nonlinear constraints and thousands of variables ( b c) (b sin(x) y < 7.2) ( 2x y = 8 c) (i 2 = 3j 5) HySAT SAT UNSAT unknown Christian Herde /2

3 What you can use it for Satisfiability checker for quantifier-free Boolean combinations of arithmetic constraints over the reals and integers Can deal with nonlinear constraints and thousands of variables ( b c) (b sin(x) y < 7.2) ( 2x y = 8 c) (i 2 = 3j 5) HySAT SAT UNSAT unknown Allows mixing of Boolean, integer, and float variables in the same arithmetic constraint e.g. pseudo Boolean constraints possible Christian Herde /2

4 What you can use it for: Solving formulas ( b c) (b sin(x) y < 7.2) ( 2x y = 8 c) (i 2 = 3j 5) SOLUTION: b [, ] c [0, 0] DECL boole b, c; float [-00, 00] x, y; int [-00, 00] i, j; EXPR!b or!c; b -> sin(x) * y < 7.2; nrt(2*x - y, 2) = 8 or c; i^2 = 3*j - 5; HySAT i [-, -] j [42, 42] x [2.4357, ] y [ , ] Christian Herde /2

5 What you can use it for: Bounded Model Checking x := 2 DECL boole b; float [0.0, 000.0] x; b/ x := 3 x b/ x := x 2 + Safety property: There s no sequence of input values such that 3.4 x 3.5 SOLUTION: b [0, [, [, [0, [, [, [0, [, [0, [, [, [0, 0] COUNTEREXAMPLE INIT -- Characterization of initial state. x = 2.0; TRANS -- Transition relation. b -> x = x^2 + ;!b -> x = nrt(x, 3); TARGET -- State(s) to be reached. x >= 3.4 and x <= 3.5; HySAT x [2, [2.5874, [ , [ , [24.986, [ , [9.5467, [2.238, [ , [3.2526, [3.4989, ] Christian Herde /2

6 How it works HySAT is not a SAT-Modulo-Theory solver: DPLL SAT + conflict driven learning + non chronol. backtrack. arithmetic constraint system consistent: yes / no explanation Arithmetic reasoner (Linear Progr.) HySAT can be seen as a generalization of the DPLL procedure deduction rule for n-ary disjunctions ( clauses ): unit propagation deduction rules for arithmetic operators: adopted from interval constraint solving search engine / branch-and-deduce framework inherited from DPLL All acceleration techniques known for DPLL also apply to arithmetic constraints: conflict-driven learning backjumping lazy clause evaluation (watched literal scheme) Christian Herde /2

7 How it works: Example c : c 2 : c 3 : c 4 : ( a c d) ( a b c) ( c d) (b x 2) Use Tseitin-style (i.e. definitional) transformation to rewrite input formula into a conjunction of constraints: n-ary disjunctions of bounds arithmetic constraints having at most one operation symbol c 5 : c 6 : (x 4 y 0 h 3 6.2) h = x 2 Boolean variables are regarded as 0- integer variables. Allows identification of literals with bounds on Booleans: c 7 : c 8 : h 2 = 2 y h 3 = h + h 2 b b b b 0 Float variables h,h 2,h 3 are used for decomposition of complex constraint x 2 2y 6.2. Christian Herde /2

8 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 3 : c 4 : ( c d) (b x 2) c 5 : (x 4 y 0 h 3 6.2) c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 Christian Herde /2

9 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: b c d c 2 c 3 d 0 c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 Christian Herde /2

10 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: b c 2 c c 3 d d 0 c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 c 9 : ( a c) Christian Herde /2

11 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 x 2 c 9 c 2 c 4 c 3 : c 4 : ( c d) (b x 2) c 5 : (x 4 y 0 h 3 6.2) c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 c 9 : ( a c) Christian Herde /2

12 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 c 9 c 2 c 4 x 2 c 3 : c 4 : ( c d) (b x 2) DL 2: y 4 c 7 h 2 8 c 5 : (x 4 y 0 h 3 6.2) c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 c 9 : ( a c) Christian Herde /2

13 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 c 9 c 2 c 4 x 2 c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: DL 3: y 4 x 3 h c 5 c 7 h 2 8 h c 6 : c 7 : h = x 2 h 2 = 2 y c 6 h 9 c 8 c 8 : h 3 = h + h 2 c 9 : ( a c) Christian Herde /2

14 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 c 9 c 2 c 4 x 2 c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: DL 3: y 4 x 3 h c 5 c 7 h 2 8 h c 6 : c 7 : h = x 2 h 2 = 2 y c 6 h 9 c 8 c 8 : h 3 = h + h 2 c 9 : c 0 : ( a c) (x < 2 y < 3 x > 3) conflict clause = symbolic description of a rectangular region of the search space which is excluded from future search Christian Herde /2

15 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 c 9 c 2 c 4 x 2 c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: y 4 c0 x > 3 c 7 c 6 h 2 8 h > 9 c 6 : c 7 : c 8 : h = x 2 h 2 = 2 y h 3 = h + h 2 c 9 : c 0 : ( a c) (x < 2 y < 3 x > 3) Christian Herde /2

16 How it works: Example c : ( a c d) DL : c 2 : ( a b c) a c 0 b 0 c 9 c 2 c 4 x 2 c 3 : c 4 : c 5 : ( c d) (b x 2) (x 4 y 0 h 3 6.2) DL 2: y 4 c0 x > 3 c 7 c 6 h 2 8 h > 9 c 6 : h = x 2 c 7 : c 8 : c 9 : c 0 : h 2 = 2 y h 3 = h + h 2 ( a c) (x < 2 y < 3 x > 3) Continue do split and deduce until either formula turns out to be UNSAT (unresolvable conflict) solver is left with sufficiently small portion of the search space for which it cannot derive any contradiction Avoid infinite splitting and deduction: minimal splitting width discard a deduced bound if it yields small progress only Christian Herde /2

17 Application: BMC of Matlab/Simulink Model Example: Train Separation in Absolute Braking Distance inf xr_init v_init a_free xr_l xr_init v_init a_free xr_l xr xh v a xr xh v a [xr2] [xh2] [v2] [a2] [xr] [xh] [v] [a] Minimal admissible distance d between two following trains equals braking distance d b of the second train plus a safety distance S. First train reports position of its end to the second train every 8 seconds. Controller in second train automatically initiates braking to maintain a safe distance. Christian Herde /2

18 Application: BMC of Matlab/Simulink Model Model of Controller & Train Dynamics 4 a i o i2 o2 i3 o3 timer 2 h brake a_brake a s x o v 200 len s x o 3 v 2 xh xr 4 xr_l 400 s 3 a_free 2 v_init xr_init Property to be checked: Does the controller guarantee that collisions don t occur in any possible scenario of use? Christian Herde /2

19 Application: BMC of Matlab/Simulink Model Translation to HySAT 4 a i o i2 o2 i3 o3 timer 2 h brake a_brake a s x o v 200 len s x o 3 v 2 xh xr 4 xr_l 400 s 3 a_free 2 v_init xr_init -- Switch block: Passes through the first input or the third input -- based on the value of the second input. brake -> a = a brake;!brake -> a = a free; Christian Herde /2

20 Application: BMC of Matlab/Simulink Model Translation to HySAT 4 a i o i2 o2 i3 o3 timer 2 h brake a_brake a s x o v 200 len s x o 3 v 2 xh xr 4 xr_l 400 s 3 a_free 2 v_init xr_init -- Euler approximation of integrator block xr = xr + dt * v; Christian Herde /2

21 Application: BMC of Matlab/Simulink Model Translation to HySAT 4 a i o i2 o2 i3 o3 timer 2 h brake a_brake a s x o v 200 len s x o 3 v 2 xh xr 4 xr_l 400 s 3 a_free 2 v_init xr_init -- Relay block: When the relay is on, it remains on until the input -- drops below the value of the switch off point parameter. When the -- relay is off, it remains off until the input exceeds the value of -- the switch on point parameter. (!is on and h >= param on ) -> ( is on and brake); (!is on and h < param on ) -> (!is on and!brake); ( is on and h <= param off) -> (!is on and!brake); ( is on and h > param off) -> ( is in and brake); Christian Herde /2

Application: BMC of Matlab/Simulink Model Simulation of the Model Error Trace found by HySAT 600 400 pos pos 2 200 000 800 600 400 200 0 0 0 20 30 40 50 60 70 30 25 20 5 0 5 0 0.

22 Application: BMC of Matlab/Simulink Model Simulation of the Model Error Trace found by HySAT pos pos v v2 a a2 66 unwindings dist 7809 variables decisions conflicts 5e8 assignments 20 minutes Christian Herde /2

23 Final Remarks Prototype implementation. Still missing: random restarts activity based splitting heuristics forgetting of learned clauses low level code optimizations (e.g. to improve caching) Future extensions: (SMT style) integration of Linear Programming native (ICP based) support for ODEs Tool & Papers available at Christian Herde /2

24 Thank you! Christian Herde /2

HySAT. HySAT Quick Start Guide. 1 Introduction. 2 Modes of operation. Christian Herde. December 20, Single formula mode

HySAT. HySAT Quick Start Guide. 1 Introduction. 2 Modes of operation. Christian Herde. December 20, Single formula mode HySAT Quick Start Guide Christian Herde December 0, 009 HySAT 1 Introduction HySAT is a satisfiability checker for Boolean combinations of arithmetic constraints over real and integer valued variables.