1 Motivations and Goals
Many procedures for SAT and SAT-related problems (e.g. Analytic Tableaux [smullyan1], DPLL [davis7], OBDDs [bryant2]) rely their efficiency on the detection of partial truth assignments satisfying an input propositional formula , which allows to state that (i) is satisfiable and (ii) all total assignments extending satisfy . In particular, when it comes to SAT-based problems requiring the complete enumeration of satisfying assignments (e.g. #SAT [GSS09HBSAT], Lazy SMT [BSST09HBSAT], AllSAT and AllSMT [allsmt], satisfiability of modal and description logics [ST09HBSAT], Weighted Model Integration [MorPasSeb17]), the ability of enumerating satisfying partial assignments which are as small as possible is essential, because each of them avoids the enumeration of the whole subtree of total assignments extending it, whose size is exponential in the number of unassigned propositions.
In this paper we analyze the notion of partial-assignment satisfiability –in particular when dealing with non-CNF and existentially-quantified formulas– raising a flag about the ambiguities and subtleties of this concept, and investigating their practical consequences. We notice, analyze and discuss the following facts.111Not necessarily in this order.
First, despite its widespread (implicit) usage
there seems to be no general and universally-agreed notion of
Most authors do not
define partial-assignment satisfaction explicitly, or define it only when dealing with
(tautology-free) CNF formulas (e.g. [KBK09HBSAT]).
We stress the fact that this is not simply an issue of
the meaning of the word “satisfy”: regardless which “
might use for it (e.g. “satisfy”, “entail”, “imply”, “evaluate to
true”,…), we would like a universally-agreed criterion
to establishing that, if a partial truth-assignment “
verb”s a formula
, then (i) is satisfiable and (ii) all total truth
assignments extending it satisfy .
Second, for (tautology-free) CNF formulas the sentence “a partial truth assignment satisfies a formula ” may be indifferently be interpreted either as “ evaluates to true ” (i.e. “applying to makes true”) or as “ entails ” (i.e. “all total assignments extending satisfy ”) because in this case the two concepts are equivalent. Consequently, satisfiability and enumeration algorithms for CNF formulas typically use evaluation to true as criterion to conclude that the current partial assignment satisfies the input formula, because it is much cheaper and easier to implement than entailment.
Third, and most importantly, for non-CNF formulas evaluation to true is strictly stronger than entailment, and they have complementary properties. Consequently, whereas using evaluation to true as partial-assignment satisfiability criterion is much cheaper and easier to implement, adopting entailment allows for detecting satisfiability earlier and thus for producing smaller partial truth assignments. We also show that, whereas equivalent formulas are always entailed by the same partial assignments, this is not the case for evaluation to true, that is, equivalent formulas are not always evaluated to true by the same partial assignments. This would be an embarrassing fact if we adopted evaluation to true as the definition of partial-assignment satisfiability for non-CNF formulas. We remark that standard Tseitin-style CNF-ization does not solve these issues, because it may loose information regarding partial-assignment evaluation to true or entailment.
Fourth, the same issues apply also for existentially-quantified formulas, even CNF ones. This is very important, because in many application domains, fundamental operations —like preimage computation in symbolic model checking (see e.g. [burch1]) or predicate abstraction in SW verification (see e.g. [graf_predabs97, beyercgks09])— require dealing with existentially-quantified formulas and with the enumeration of partial assignments “satisfying” them.
Fifth, different algorithms handling non-CNF formulas implicitly implement different notions of partial-assignment satisfaction. E.g., Analytic Tableaux [smullyan1] and (non-CNF) DPLL [davis7] implicitly enumerate partial assignment evaluating to true the input formulas, whereas OBDDs [bryant2] implicitly enumerate partial assignment entailing them. Also, e.g., techniques like pure-literal filtering [sebastiani07, BSST09HBSAT] in lazy SMT implicitly aim at reducing a total assignment to a partial one evaluating to true the input formula.
Overall, the theoretical considerations above suggest to adopt entailment as general definition of partial-assignment satisfiability, although evaluation to true is a cheaper though less-effective criterion which can (most) often be adopted in actual implementations. However, since partial assignments entailing are in general subsets of those evaluating to true , using entailment rather than evaluation to true as satisfiability criterion allows for producing smaller partial assignments, and hence possibly drastically reducing their number, in particular in the presence of existentially-quantified formulas. This may drive the development of more effective assignment-enumeration algorithms.
The analysis presented in this paper was triggered by the effort of conceiving more efficient procedures for predicate abstraction in SMT for improving Weighted Model Integration [MorPasSeb17, morettin_aij19], which forced me to elaborate on the distinction between evaluation to true and entailment. Before then, I personally used to see partial-assignment satisfiability as entailment (see [gs-infocomp2000]) without paying attention to this distinction.
The rest of the paper is organized as follows. §2 provides the necessary notation, terminology and concepts used in the paper. §3 introduces evaluation to true and entailment for generic propositional formulas and discusses their relative properties and use. §4 lifts the discussion to existentially-quantified formulas. §5 provides some conclusions and future-work suggestions.
In this section we introduce the notation and terminology adopted in this paper. Moreover, in order to avoid any ambiguity (although at the risk of being a little pedantic), we recall the standard syntax and semantics of propositional logics, plus some basic facts.
In what follows T, F, ? denote the truth values “true”, “false” and “unknown” respectively; , denote the logic constants “true” and “false” respectively; , denote propositional atoms; denote propositional formulas; denote truth value assignments. The symbols and denote disjoint sets of propositional atoms. More precisely, , and denote generic propositional formulas built on , and respectively; and denote total and a partial assignments on respectively; denote total assignments on . (All above symbols may possibly have subscripts).
A propositional formula is defined inductively as follows: the constants and (denoting the truth values true and false) are formulas; a propositional atom is a formula; if and are formulas, then and are formulas. We use the standard Boolean abbreviations: “” for “”, “” for “”, “” for “”. A literal is either an atom (a positive literal) or its negation (a negative literal). (If is a negative literal , then by “” we conventionally mean rather than .) A clause is a disjunction of literals . A cube is a conjunction of literals . is in Conjunctive Normal Form (CNF) iff it is a conjunction of clauses: .
Given , a map is a total truth assignment for . We assume and . We represent as a set of literals . We sometimes represent also as a cube which we denote as “” so that to distinguish the set and the cube representations.
A map s.t. and is a partial truth assignment for . As with total assignments, we can represent as a set of literals or as a cube, denoted with “”. Using a three-value logic we extend to as by assigning to ? (unknown) the unassigned atoms in . Then we extend the semantics of to any formula on as described in Figure 2. We say that evaluates to true [resp. false] if [resp. ].
By “apply a partial assignment to ” we mean “substitute all instances of each assigned in with the truth value in assigned by and then apply recursively the standard propagation of truth values through the Boolean connectives described in Figure 2. We denote by “” (“residual of under ”) the formula resulting from applying to . The following fact follows straightforwardly.
is iff and is iff .
Notice that total assignments are a subcase of partial ones, so that all above definitions and facts apply also to total assignments .
Given a total truth assignment on and some formulas on , the sentence “ satisfies ”, written “”, is defined recursively on the structure of as follows: , , if and only if , if and only if , if and only if and . (The definition of for the other connectives follows straightforwardly from their definition in terms of .) is satisfiable iff for some total truth assignment on . is valid (written “”) iff for every total truth assignment on . entails (written “”) iff, for every total assignment on , if then . and are equivalent iff and . Consequently: is unsatisfiable iff is valid; iff is valid; a clause is valid (aka is a tautology) iff both and occur in it for some ; a CNF formula is valid iff either it is or all its clauses are tautologies. We say that a CNF formula is tautology-free iff none of its clauses is a tautology.
The following facts follow straightforwardly and are of interest for our discussion.
Let be a total truth assignment on and be formulas on .
If and are equivalent, then iff .
iff is (also, by Property 1, iff ).
Checking if satisfies requires at most a polynomial amounts of steps.
Notice that Property 2(i) justifies the usage of “” for both satisfiability and entailment.
Every generic formula on can be encoded into a CNF formula on for some by applying (variants of) Tseitin CNF-ization [tseitin1], consisting e.g. in applying recursively bottom-up the rewriting rule:
until the resulting formula is in CNF, where are literals, and is the validity-preserving CNF conversion based on DeMorgan rules (e.g., ). is s.t. iff exists a total assignment on s.t. , and the size of is linear wrt. that of .
A total truth assignment satisfies , written “”, iff exists a total truth assignment on s.t. . We call the Shannon expansion ] of the existentially-quantified formula the propositional formula on defined as
Notice that some may be inconsistent or . The following property derives directly from the above definitions.
Let be a formula on
and be a total truth assignment on .
3 Partial-assignment satisfiability for propositional formulas
We wish to provide a satisfactory definition of partial-assignment satisfiability for a generic propositional formula —i.e., non necessarily (tautology-free) CNF. size=,color=green!40size=,color=green!40todo: size=,color=green!40Cambiare narrazione. Unfortunately…
One first possibility is to see partial-assignment satisfiability as evaluation to true.
We say that a partial truth assignment evaluates to true iff (or, equivalently by Property 1, iff ). We denote this fact with “”.
One second possibility is to see partial-assignment satisfiability as entailment.
We say that a partial truth assignment entails if and only if, for every total truth assignments s.t., satisfies . We denote this fact with “”.
Notice that both evaluation to true and entailment are semantic definitions. Due to Property 1, evaluation to true has also an easy-to-check syntactic characterization as “”.
In substance, Definition 1 extends to partial assignments Property 2(iii), whereas Definition 2 extends to partial assignments Property 2(i). Ideally, a suitable definition of partial-assignment satisfiability should verify all statements in Property 2, in particular (ii) and (iv). In practice, unfortunately, at least for generic (non-CNF) formulas, we see this is not the case.
When the formula is in CNF and does not contain valid clauses –which however are easy to eliminate by preprocessing– then Definitions 1 and 2 are equivalent: iff . In fact, if then, for every s.t. , and thus , hence ; also, if then is a valid CNF formula which does not contain valid clauses, so that must be , hence .
Unfortunately, when dealing with generic (non-CNF) formulas, we notice that Definitions 1 and 2 are not equivalent, the former being strictly stronger than the latter. In fact, as above, if then , whereas the converse is not true: e.g., if and , then but . This leads to the following statement.
If a partial truth assignment evaluates to true , then it also entails , but the converse does not hold.
Let s.t. and s.t. each is a cube and is valid and does not contain occurrences of the atoms . Then but is the valid formula , so that .
Let be a partial truth assignment on and be formulas on .
If then , but not vice versa.
If and are equivalent, this does not imply that iff .
iff is (also, iff by Property 1).
Checking if requires at most a polynomial amount of steps.
From Definition 2 we easily derive the following.
Let be a partial truth assignment on and be formulas on .
If and are equivalent, then iff .
iff is a valid formula, not necessarily (also, in general ).
Checking if is co-NP-complete. 222In fact, checking the validity of translates into verifying that the empty assignment entails it.
On the one hand, the advantage of adopting evaluation to true for checking partial-assignment satisfiability is that it matches the intuition and practical need that the process of checking it should be fast (Property 4(iv)). On the other hand, the main drawback is that that equivalent although syntactically different formulas may be satisfied by different sets of partial assignments (Property 4(ii)), which looks theoretically awkward.
On the one hand, the advantage of adopting entailment for checking partial-assignment satisfiability is that it matches the intuition and theoretical requirement that equivalent formulas should be satisfied by the same assignments, even partial ones (Property 5(ii)). On the other hand, the price to pay is that the resulting problem is co-NP-complete (Property 5(iv)), because it is equivalent to checking the validity of the residual .
Due to Proposition 1, every partial assignments entailing the input formula is a subset of some other(s) evaluating to true it. Therefore, for an assignment-enumeration algorithm, being able to enumerate partial assignments entailing the input formula rather than simply evaluating to true it may (even drastically) reduce the number of the satisfying assignment enumerated.
For instance we notice that, when applied to satisfiable formulas, OBDDs [bryant2] produce branches representing partial assignments which entail the input formula (Definition 2), because if then is valid (Property 5(iii)), so that its corresponding sub-OBDD is reduced into the node. Instead SAT/AllSAT algorithms like Analytic Tableaux 333Notice that Analytic Tableaux may generate duplicated or subsumed assignments (see [dagostino1, gs-infocomp2000]) [smullyan1] or “classic” DPLL 444Classic DPLL procedure [davis7] was designed to work for CNF formulas. Nevertheless it is easy to produce non-CNF a version of this procedure (see e.g. [armando5]). [davis7] produce branches representing partial assignments which evaluate to true the input formula (Definition 1) because, unlike with OBDDs, as soon as it is produced (a branch corresponding to) an assignment s.t. but , they do not realize it and proceed the search until they extend it to some s.t. , extending the search tree of up to branches.
Consider . Figure 3 represents the OBDD for and the search trees corresponding to All-SAT executions of Analytic Tableaux and (non-CNF) DPLL on . 555Here in DPLL the pure-literal rule [davis7] is not used because in All-SAT it may hinder the enumeration of some relevant models (see, e.g., [sebastiani_frocos07]). The former produces the single assignment . Notice that but . The latter two produce the assignments .
Notice that neither Analytic Tableaux nor DPLL can produce alone.
One may argue that in SAT/AllSAT the distinction between and is not much relevant in practice, because we can CNF-ize upfront the input formulas —typically by variants of Tseitin CNF-ization— removing tautological clauses, and this distinction does not hold for (tautology-free) CNF formulas. However, we notice that with Tseitin CNF-ization we may loose information regarding entailment or evaluation to true. In fact, if on is the result of Tseitin CNF-izing , then:
does not imply that there exists a total assignment on s.t. ;
does not imply that there exists a total assignment on s.t. .
and its Tseitin CNF-ized version:
On the one hand, is such that . On the other hand, there is no total truth assignment on s.t. . In fact, neither nor .
and its Tseitin CNF-ized version:
Although is such that , there is no total truth assignment on s.t. : since ; since ; and are both inconsistent with .
4 Dealing with existentially-quantified formulas
In many application domains, fundamental operations —like preimage computation in symbolic model checking (see e.g. [burch1]) or predicate abstraction in SW verification (see e.g. [graf_predabs97, beyercgks09])— require dealing with existentially-quantified formulas and with the enumeration of partial assignments satisfying them. Thus, we lift the discussion of §3 to existentially-quantified formulas, and we wish to provide a satisfactory definition of partial-assignment satisfiability for an existentially-quantified propositional formula. size=,color=green!40size=,color=green!40todo: size=,color=green!40non lo facciamo pero’… cambiare la narrazione.
One first possibility is to see partial-assignment satisfiability as evaluation to true, leveraging Definition 1 and Property 3 to the existentially-quantified case. By (2) and Definition 1, iff is , that is, iff there exists some s.t. is , that is, iff there exists some s.t. evaluates to true . This leads to the following definition and relative property.
We say that a partial truth assignment on evaluates to true if and only if, there exists a total truth assignment on s.t. .
Let be a formula on
and be a partial assignment on .
One second possibility is to see partial-assignment satisfiability as entailment, leveraging Definition 2 and Property 3 to the existentially-quantified case. We notice that iff, for every total assignment s.t. , , that is, by Property 3 for every total assignments s.t. exists a total assignment on s.t. . This leads to the following definition and relative property.
We say that a partial truth assignment on entails , written , if and only if , for every total truth assignment on extending , there exists a total truth assignment on s.t. satisfies .
Let be a formula on
and be a partial assignment on .
Notice the nesting order of forall/exists in Definition 4: “for every exists s.t. …”. In fact, distinct ’s may satisfy distinct disjuncts in ], requiring thus distinct ’s.
Due to Proposition 1 and Property 3 we have that (Definition 3) is strictly stronger than (Definition 4). Remarkably, and unlike with the un-quantified case, this is the case even if is a tautology-free CNF formula! (Intuitively, this can be seen as a consequence of the fact that ] is not in CNF even if is in CNF.)
and the tautology-free CNF formula on :
Then we have that so that but . Thus, we have that but .
4.1 A Relevant Example Application: Predicate Abstraction.
Given a propositional formula on and a set of formulas on denoting relevant “predicates” and a set of fresh proposition s.t. each labels , then the Predicate Abstraction of wrt. is defined as follows [graf_predabs97]:
is typically computed as disjunction of mutually-inconsistent partial assignments (cubes) on s.t. and is equivalent to [allsmt, cavada_fmcad07_predabs]. 666Notice that predicate Abstraction is most often referred to SMT formulas and , so that (3) involves also the existential quantification of first-order theory-specific variables and are theory-consistent SMT assignments [graf_predabs97, allsmt, cavada_fmcad07_predabs]. However, restricting our discussion to the purely-propositional case suffices for our purposes and makes the explanation much simpler.
We notice that in the computation of such cubes the distinction between and may be very relevant: whereas it would be desirable to look for partial assignments entailing to keep them small and hence reduce their number, most algorithms can reveal only when evaluates to true it, and are thus incapable of producing partial assignments s.t. and . This happens every time that, for some and some on (subsets of) , both and are satisfiable but they are satisfied by distinct sets of assignmets on (Definition 4), so that but .
Therefore, having algorithms able to stop extending as soon as , even when , would produce much more compact formulas.
5 Conclusions and Future Work
We have shown that, when dealing with non-CNF formulas or with existentially-quantified formulas, we may have two distinct notions of partial-assignment satisfiability, entailment and evaluation to true, with different properties, and that adopting one or the other may influence the effectiveness of assignment-enumeration procedures.
In the next future we wish to investigate the adoption of partial-assignment reduction techniques exploiting entailment rather than evaluation to true, in particular in AllSMT and predicate abstraction. A possible candidate can be Dualization [DBLP:conf/ictai/MohleB18]. Also, we wish to investigate the tradeoff between the cost of detecting entailment wrt. the effectiveness in reducing the number of enumerated assignments, in particular when the latter may have computationally-hard consequences (e.g. WMI [MorPasSeb17, morettin_aij19]).
The analysis described in this paper strongly benefitted from interesting discussions, either personal or via email, with Armin Biere, Alessandro Cimatti, Allen van Gelder, David Mitchell, Sibylle Möhle, Laurent Simon, Armando Tacchella, and Stefano Tonetta, whom are all warmly thanked.