Stuck States - Termination and Completeness

3.6 Termination and Completeness

3.6.2 Stuck States

Our CutSat++ calculus not only always terminates but it also never rea- ches a stuck state. Let xi be the smallest unfixed variable with respect to≺. If xi is guarded then there always exist two constraints xi− ui ≤ 0 ∈ C and −xi− li ≤ 0 ∈ C. Therefore, we can always propagate at least one upper

and one lower bound for every guarded variable xi and fix it by introducing a decision. If we cannot propagate any bound for xi, then xi is unguarded and stuck and, therefore, Slack-Intro is applicable. If we cannot fix xi by introducing a decision, then xi is unguarded and there is a conflict (see De- finition 3.5.6). Guarded conflicts are resolved via the Conflict(-Div) rules. Unguarded conflicts are resolved via the unguarded conflict resolution rules. Therefore, CutSat++ has always a rule applicable unless an end state is reached.

The proof outlined above works because all unguarded conflicts encoun- tered by CutSat++ are either the result of multiple contradicting divisibility constraints that can by combined with the rules Solve-Div-Left and Solve-Div-Right, or the conflict is expressible via a conflicting core. Since conflicting cores are only defined over constraints and propagated bounds, we have to guarantee that CutSat++ never encounters an unguarded conflict I where xi = top(I) is fixed with a decided bound. We express this property with the following invariant fulfilled by every state visited by Cut- Sat++:

Definition 3.6.7 (Eager Top-Level Propagated States). A search/conflict state S = _{hM, C, Ii is called eager top-level propagated if it holds for all} unguarded variables xi, all decided bounds γ = xi ./ bi (./ ∈ {≤, ≥}) in M = [[M0, γ, M00]], and all constraints J ∈ C with top(J) = xi that: (1) all other variables contained in J are fixed in M0 and (2) J is no conflict in S. Lemma 3.6.8 (Eager Top-Level Stability). If S0 is an eager top-level propagated state (Definition 3.6.7), then any successor state S = _{hM, C, Ii} reachable by CutSat++ is eager top-level propagated.

Proof. Let S0 be an eager top-level propagated state and S its successor, i.e., S0 =_⇒CS S. We prove this Lemma with a case distinction on the rule

leading to the above transition:

1. Let the applied rule be Propagate(-Div). Then S0=_hM0, C0_{i and S =} h[[M0, xi ./J bi]], C0i, where ./ ∈ {≤, ≥}. Let J0 ∈ C0 be the constraint used for propagation with bi = bound(J0, xi, ./, M0) and J = tight(J0, xi, M0) (or J = div-derive(J0, xi, ./, M0)). Then J0 fulfills by definition of the propagation rules the property improves(J0, xi, ./, M0). Let the unguarded variable xj be fixed by a decided bound γ in M0 = [[M00, γ, M000]]. Let I ∈ C0 be a constraint with top(I) = xj. Since S0 is eager top-level propagated, all variables in I are fixed in M0 and M00. The variable xi is not fixed in M0 because the predicate improves(J0, xi, ./, M0) must be true for Propagate(- Div) to be applicable. Therefore, xi is not contained in I and I is still no conflict in S. Furthermore, all variables in I are still fixed in [[M0, xi ./J bi]]. We conclude that S is eager top-level propagated.

2. Let the applied rule be Decide. Then S0 = hM0_{, C}0_{i and S =} h[[M0, xi ./ bi]], C0i, where ./ ∈ {≤, ≥}. We will use the eager top-level propagating strategy (Definition 3.5.6) to prove that S is an eager top-level propagated successor state. First, we consider all unguarded variables xj that are already decided in S0 by a decided bound γ and prove the properties for them. Since xj is already decided in S0, its decided bound γ is part of M0, i.e., M0= [[M00, γ, M000]]. Let I∈ C0 _{be a constraint with top(I) = x}_j_. As S0 is eager top-level propagated, all other variables contained in I are fixed in M00 and, therefore, also in M0. Since _L(xi, M0) < U(xi, M0) is a condition of the Decide rule, the variable xi is not fixed in M0. Therefore, xi is not contained in I and I is still no conflict in S. Furthermore, all variables in I are still fixed in [[M0, xi ./ bi]]. Next, we prove that S is eager top-level propagated although variable xi is newly decided. Considering Definition 3.5.6-(2a) we see that Definition 3.6.7-(1) is fulfilled. Similarly, Definition 3.5.6-(2b) enforces Definition 3.6.7-(2). We conclude that S is eager top-level propagated.

3. Let the applied rule be Unsat(-Div) or Sat. Then the successor state S is neither a search- or conflict-state. The Lemma is thereby trivially fulfilled. 4. Let the applied rule be Forget. Then S0 = _hM0, C0 _{∪ {J}i and S =} hM0, C0_{i. Therefore, any conflict I ∈ C}0 and any decided bound in S is also contained in S0. We conclude that S is eager top-level propagated.

5. Let the applied rule be Slack-Intro. Then S0 =_hM0, C0_{i, x}i is stuck in S0 and S = hM0_{, C}0 _{∪ {−x}_S _{≤ 0, x}_i _{− x}_S _{≤ 0, −x}_i _{− x}_S _{≤ 0}i. Since} xi and xS are both unguarded, we have to prove for the new constraints I _{∈ {−x}S ≤ 0, xi− xS ≤ 0, −xi− xS ≤ 0} that xk = top(I) is not decided in S/S0 _{when I is a conflict S. If the slack variable x}_S _{is decided in S/S}0_, then Slack-Intro was already applied to another variable and −xS ≤ 0 ∈ C0. Thus, _−xS ≤ 0 is not a conflict in S because S0 is an eager top-level propagated state, which means that _−xS ≤ 0 is not a conflict in S0. Since xi was stuck in S0, xi is also not fixed in S0. Moreover, xi is the top variable in the new constraints_{xi− xS ≤ 0, −xi− xS ≤ 0}. We conclude that S is eager top-level propagated.

6. Let the applied rule be Resolve-Weak-Cooper. Then S0 = _hM0, C0_i and S =_{hM, C}0_∪Rc∪Ryi. Moreover, the definition of Resolve-Weak-Cooper implies that M = prefix(M0, xj) with xj = minI∈Rc{top(I)}. Therefore, M

is the prefix of M0 without decided bounds in variables greater or equal to xj. Since xj xi for all I∈ Rcand xi = top(I), we deduce that any I∈ Rc that is a conflict has no decided bound for its top variable xi in S. Since M is a prefix of M0, every conflict I _{∈ C}0 appearing in state S also appears in state S0. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

7. Let the applied rule be Solve-Div-Right. Then S0 =hM0_{, C}0_∪{I₁_{, I}₂_}i and S = _{hM, C}0 _{∪ {I}₁0, I₂0_{}i. We notice that M = prefix(M}0, xj) with xj = top(I20). Therefore, M is the prefix of M0 without decided bounds in variables greater or equal to xj, which includes especially the variable xi = top(I1). Thus, neither the top variable of I10 nor the top variable I20 is fixed by a decision. Since M is a prefix of M0, every conflict I _{∈ C}0 appearing in state S also appears in state S0. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

8. Let the applied rule be Solve-Div-Left. Then S0 =_hM0, C0_{∪ {I}1, I2}i and S =hM0_{, C}0_{∪ {I}0

1, I20}i. Since the bound sequence is the same in both states, every conflict I _{∈ C}0 appearing in state S also appears in state S0. By the definition of the Solve-Div-Left rule, I₂0 is no conflict in state S. Note that div-solve is an equivalence preserving transformation. Thus, if I₁0 were a conflict in S and top(I₁0) = xifixed by a Decision, then I1or I2is a conflict in S0. Therefore, I₁0 is no conflict or top(I₁0) = xi has no decided bound. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

9. Let the applied rule be Conflict or Conflict-Div. Then S0 =_hM0, C0_i and S =hM0_{, C}0_{, I}_{i, where I is a conflict. It is easy to see that S is eager} top-level propagated because S0 is eager top-level propagated.

10. Let the applied rule be Resolve or Skip-Decision. Then S0 = h[[M, γ]], C0_{, J}0_{i and S = hM, C}0_{, J}_{i, where J}0 _{and J are conflicts in S}0 _and S, respectively. Since M is a prefix of M0, every conflict I _{∈ C}0 appearing in state S also appears in state S0. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

11. Let the applied rule be Learn. Then S0 = _h[[M0, γ]], C0, I_{i and} S = _hM0, C0 _{∪ I, Ii, where I is a conflict. Since CutSat++ uses a two-} layered strategy (Definition 3.5.7), I is a guarded constraint. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

12. Let the applied rule be Backjump. Then S0 = h[[M0_{, γ, M}00_{]], C}0_{, I}_i and S =_h[[M0, γ0]], C0_{i, where I is a conflict in S}0. Since CutSat++ uses a two-layered strategy (Definition 3.5.7), I is a guarded constraint. Now it is easy to see that S is eager top-level propagated because S0 was eager top-level propagated.

Since the start state h[[]], C0i trivially fulfills the eager top-level propagated properties, it is clear that CutSat++ produces only eager top-level states; except for the end states. The eager top-level propagated property is so important because we will use it to show that CutSat++ resolves any conflict it encounters. In case the conflict is a guarded constraint, this is done with the CDCL based conflict rules. Otherwise, the conflict I is an unguarded constraint and CutSat++ simulates weak Cooper elimination with the

unguarded conflict resolution rules. First, we use Solve-Div-Left to simulate the algorithm in Figure 3.8. This either ends with a call to Solve-Div-Right resolving the conflict or CutSat++ finds a conflicting core. Then the conflicting core is resolved with the rule Resolve-Weak-Cooper.

Lemma 3.6.9(Conflicts Progress). Let S =hM, Ci be a state reachable by CutSat++. Let I∈ C be a conflict in state S. Then state S is not stuck. Proof. Assume for a contradiction that state S is stuck. W.l.o.g., we assume that xi= top(I) is the smallest variable in our order that is the top variable in a conflicting constraint I0 _{∈ C. If x}i is a guarded variable, then Con- flict or Conflict-Div is applicable, which contradicts our initial assumption! Therefore, xiis an unguarded variable. Furthermore, all variables xj smaller than xi are fixed. Otherwise, we deduce for the smallest unfixed variable xj that either

• xj is stuck and Slack-Intro is applicable

• Propagate is applicable to a constraint I0 where top(I0) = xj

• C contains at least two divisibility constraints I1, I2 that have xj as their top variable and Solve-Div-Left or Solve-Div-Right is applicable • S contains a diophantine conflicting core (xj, Id) and Resolve-Weak-

Cooper is applicable

• Decide is applicable to xj because all conditions in Definition 3.5.6-(2) are fulfilled

Since S is eager top-level propagated and I is a conflict with top variable xi, we know that state S contains no decided bound for xi (Definition 3.6.7 and Lemma 3.6.8). W.l.o.g., we assume that C contains at most one divisibility constraint Id with xi as its top variable. Otherwise, Solve-Div-Left or Solve-Div-Right are applicable, which contradicts our initial assumption! Let xi ≥ li be the strictest lower bound li = bound(xi, Il,≥, M) for an inequality Il ∈ C with top variable xi or li = −∞ if there is no inequality propagating a lower bound. Let xi ≤ ui be the strictest upper bound ui = bound(xi, Iu,≤, M) for an inequality Iu ∈ C with top variable xi or ui = ∞ if there is no inequality propagating an upper bound. Since the strictly-two-layered strategy forbids the application of Forget to unguarded constraints, CutSat++ never removes an unguarded inequality. Further- more, any bound xi ./ bi (./∈ {≤, ≥}) propagated from a divisibility constraint requires another bound xi ./ b0i propagated from an inequality. We deduce that ui 6= ∞ if U(xi, M ) 6= ∞ and li 6= −∞ if L(xi, M ) 6= −∞. Next, we do a case distinction on whether the bounds ui and li are finite:

1. Let ui = ∞ and li = −∞. Then L(aixi+ pi) = −∞ holds for all inequalities aixi+ pi ≤ 0. Thus, the conflict I is no inequality. A divisibility constraint is a conflict only if _L(xi, M ) 6= −∞ and U(xi, M ) 6= ∞. This contradicts the assumption that I is a conflict.

2. Let ui = ∞ and li ∈ Z. Then L(aixi + pi) = −∞ holds for all inequalities aixi + pi ≤ 0 with ai < 0 and there exists no inequality J = aixi+ pi≤ 0 in C with ai > 0 and top(J) = xi. Thus, the conflict I is not an inequality. A divisibility constraint is a conflict only if L(xi, M ) 6= −∞ and _U(xi, M )6= ∞. This contradicts the assumption that I is a conflict.

3. Let li = −∞ and ui ∈ Z. Then L(aixi+ pi) = −∞ holds for all inequalities aixi + pi ≤ 0 with ai > 0 and there exists no inequality J = aixi+ pi≤ 0 in C with ai < 0 and top(J) = xi. Thus, the conflict I is not an inequality. A divisibility constraint is a conflict only if _L(xi, M ) 6= −∞ and U(xi, M )6= ∞. This contradicts the assumption that I is a conflict.

4. Let li, ui∈ Z and ui< li. Then (xi,{Il, Iu}) is a conflicting core and Resolve-Weak-Cooper is applicable. This contradicts the assumption that no rule is applicable.

5. Let li, ui ∈ Z and li≤ ui. Then the conflict I must be the sole divisibility constraint Idfor xi. If (xi,{Il, Iu, Id}) is a conflicting core, then Resolve- Weak-Cooper is applicable contradicting our initial assumption. Therefore, there exists a solution vi ∈ {li, . . . , ui} for xi satisfying Id. Let D be the set of divisibility constraints used to propagate a bound for xi in M . All constraints D0 ⊆ D not contained in C, i.e., D0 _{= D}_{\ C = D \ {I}_d_{}, were} eliminated with div-solve. Since div-solve preserves equivalence, it is easy to see that there exists a set of constraints D∗ = D∗∗_{∪ {I}d} contained in C that implies satisfiability of D:

D∗ = D∗∗∪ {Id} → D,

and D∗∗ contains only variables xj smaller than xi. However, the set of divisibility constraints D∗ _{is fixed and satisfied under the partial assignment} of M in state S. Otherwise, S would contain a conflict I0 ∈ D∗ _{⊆ C with} top(I0)_{≺ x}i, which contradicts our initial assumption! Thus, setting xi to the solution vi ∈ {li, . . . , ui} satisfies Id in M and also D∪ {Id}. Further- more, all propagated constraints are satisfied if xi is set to vi:

L(xi, M )≤ vi≤ U(xi, M ).

This contradicts the assumption that there exists a conflict I with top(I) = xi.

The remainder of the proof follows directly the proof outline from above: Theorem 3.6.10 (CUTSAT++ Progress). Let S = _{hM, C, Ji be a state} reachable by CutSat++. Then S is not stuck.

Proof. Assume for a contradiction that S = hM, C, Ji is a stuck state. If CutSat++ is a conflict state, i.e., J 6= >, then the proof for Theorem 2 in [88] shows why standard conflict resolution cannot get stuck on a state S =hM, C, Ji. Therefore, S = hM, C, Ji must be a search state S = hM, Ci. Next, we assume that all guarded variables are fixed because CutSat++ can propagate at least two bounds for every guarded variable and afterwards use decided bounds to fix them. By Lemma 3.6.9, there is no conflict in state

S. Since there is no conflict, at least one variable is unfixed or rule Sat would be applicable. Therefore, there must exist a smallest unfixed and unguarded variable xi. With the Slack-Intro rules CutSat++ introduces for all variables at least one lower or upper bound. Therefore, there exists a violation to the conditions in Definition 3.5.6-(2) or Decide would be applicable to x. Since x is the smallest unfixed variable, the condition in Definition 3.5.6-(2a) holds. Definition 3.5.6-(2c) is also easy to satisfy by applications of Solve- Div-Left and Solve-Div-Right. Therefore, Definition 3.5.6-(2b) is violated. Thus, there exists a constraint I _{∈ C that is a conflict in S}0 =_{h[[M, γ]], Ci,} where γ is a decided bound for xi = top(I). By Lemma 3.6.9, it is not possible that I _{∈ C is also a conflict in S or S would not be stuck. Finally, I} is a conflict only in S0 and not S if Propagate(-Div) is applicable to I. With Solve-Div-Left and Solve-Div-Right it is relatively easy to fulfil the conditions for Definition 3.5.6-(1) and, therefore, Propagate(-Div) is applicable. We conclude that CutSat++ has always one applicable rule, which is a contradiction to our assumption!

In document Decision procedures for linear arithmetic (Page 134-140)