Unsatisfiable Cores and Proof Tracing

If a formula is satisfiable, this can be easily verified: let the SAT solver produce a model and evaluate the formula with this model. But what, if the formula is unsatisfiable? The first idea which comes to mind is that it could be useful to extract the core of the conflict, i.e. the set of clauses which really contributed to the unsatisfiability. This core should not contain any clauses not relevant to the conflict. In the literature this is often called unsatisfiable core or minimal unsatisfiable set (MUS). The second idea is that if a formula is unsatisfiable there has to be a resolution derivation of the empty clause. We call this a resolution proof. Both techniques can be found in theory and practice of SAT solving.

Minimal Unsatisfiable Sets

When it comes to unsatisfiable cores or sets, two notations have to be distinguished: (1) unsatsifiable cores/sets, and (2) minimal unsatisfiable cores/sets. Each minimal unsat- isfiable set (MUS) is also an unsatisfiable set, but we have also the property that removing one clause of the MUS renders it satisfiable.

Definition 2.21| Unsatisfiable Core Given a CNF ϕ with its clause set clauses(ϕ)

which is unsatisfiable. An unsatisfiable core of ϕ, unsatCore(ϕ), is any subset U_{⊆ clauses(ϕ), such that U is also unsatisfiable.}

2.2 Satisfiability Solving

Definition 2.22| Minimal Unsatsifiable Set (MUS) Given a CNF ϕ with its clause set

clauses(ϕ)which is unsatisfiable. A minimal unsatisfiable set of ϕ, mus(ϕ), is a subset U ⊆ clauses(ϕ), such that U is unsatisfiable and for any c ∈ U we have that U \ {c} is satisfiable.

The naïve algorithm to compute a MUS of an unsatisfiable clause set with the help of a SAT solver with decremental interface (cf. Section 2.2.4) is presented in Algo- rithm 2.3.

Algorithm 2.3 |Computing a MUS: mus(C) Input: A clause set C which is unsatisfiable Output: A MUS mus(C) of C

1 M=∅

2 L=an ordered list of the clauses of C

3 solver= new incremental/decremental SAT solver 4 foreachclause c ∈ L (in order) do

5 solver.mark() 6 solver.add(c)

7 foreachclause c ∈ L (in reverse order) do 8 solver.undo()

9 solver.mark() 10 solver.add(M)

11 if solver.solve() = SAT then 12 M= M∪ {c}

13 solver.undo() 14 return M

The MUS is stored in M. L is an ordered list of the clauses of C. First we add all clauses of L in a given order to the solver and mark the solver state before each clause (Lines 4-6). Now the clauses are processed in reverse order. Each clause is deleted from the solver (Lines 8/9) and the current MUS is added temporarely to the solver (Line 10). If now the formula currently held by the solver is satisfiable, the current clause c (not on the solver) must be in the MUS because taking it away makes the whole formula (including the current MUS) satisfiable. This step is repeated for each clause.

Of course, in order to compute MUSes of large formulas, an improved algorithm has to be used [Lynce & Marques da Silva, 2004; Liffiton & Sakallah, 2008]. It is also important to notice that in general there can be a large number of different MUSes for a formula. In [Liffiton & Sakallah, 2005] the authors compute MUSes for unsatisfiable product formulas of Daimler vehicles. There are instances where there are > 100.000 MUSes. Therefore computing a MUS which has a global minimum number of clauses is often not feasible.

Example 2.8| Unsatisfiable Core and MUS Consider the clause set

C= {(a ∨ b ∨ c), (¬a), (¬b), (¬c), (c ∨ d), (¬d ∨ e), (¬e ∨ a)}. An example for an unsatisfiable core is

unsatCore(C) = {(a ∨ b ∨ c), (¬a), (¬b), (¬c), (c ∨ d)}.

Obviously the clause (c∨d) does not contribute to the conflict which is determined by the first four clauses, but in an unsatisfiable core we do not have minimality. A MUS of C is e.g.

mus(C) = {(a ∨ b ∨ c), (¬a), (¬b), (¬c)}.

Every clause in the MUS is required—removing one of them turns the clause set satisfiable. Another example of a MUS is

mus(C) = {(¬a), (¬c), (c ∨ d), (¬d ∨ e), (¬e ∨ a)}.

Resolution Proofs

Instead of just computing a (minimal) unsatisfiable set, it is also possible to compute a resolution proof deriving the empty clause. All clauses involved in the resolution proof then form an unsatisfiable set. In [Zhang & Malik, 2003] it was shown that a CDCL SAT solver can be used to generate such resolution proofs.

We have already seen how the conflict analysis of the CDCL algorithm computes new clauses with resolution. For each variable which is assigned by unit propagation, a reason is stored. If a formula is unsatisfiable, CDCL will at some point learn enough clauses so that there is a conflict caused by unit propagation at level zero and the algorithm returns UNSAT. The basic idea now is that the solver has to store the resolution proof for each learned clause in terms of original clauses and learned clauses. At the end of the algorithm the last conflict yields the empty clause which is the root of the resolution proof. From there on we unwind the resolution proofs for each involved clause until we have original clauses at each leaf. In order to efficiently store the resolution proofs, each clause gets a unique ID. In [Zhang & Malik, 2003] this procedure is summarized in three steps:

(1) Each time a learned clause is generated, the clause’s ID is recorded, together with the IDs of the clauses that are involved in generating this clause.

(2) If the conflict analysis is called at level zero, the solver will record the IDs of the clauses that are conflicting at the time before returning -1.

(3) Before returning UNSAT, the solver will record all the variables that are assigned at decision level zero together with their values and the IDs of their reason clauses.

This is enough information to compute a proof trace of the final conflict. The com- putation of the proof trace can be realized with a depth first approach or a breadth