Translations to propositional satisﬁability Juan Antonio Navarro-P´ erez Supervisor: Andrei Voronkov, Adviser: Renate Schmidt The University of Manchester School of Computer Science Oxford Rd. Manchester M13 9PL, UK. navarroj@cs.manchester.ac.uk 1 Introduction Propositional satisﬁability (SAT) solvers have recently been found as a competitive approach in many industrial applica- tions. In component veriﬁcation, for example, one is given a formal description of a system (usually a ﬁnite state machine) and a property that is to be checked against the system. Clarke et al. (2001) proposed a method, bounded model checking, where both the ﬁnite state machine and the property are encoded into a propositional logic formula. The formula is then fed into a satisﬁability solver and, if a satisfying model is found, it can be used as a counterexample to show an execution trace in which the system fails to satisfy the required property. Dramatic improvements in SAT solver technology (Mitchell, 2005) and the availability of efﬁcient implementations (E´ en and S¨ orensson, 2005) have been continuously improving the applicability of this approach in industrial settings. However, researchers have also observed that a very relevant decision is how to encode or translate the problem into a form that is suitable for use by a satisﬁability solver. Even a slight modiﬁcation in syntax of the resulting formula could change the search space explored by the solver in a rather unpredictable way. In this short report we present an overview of our experiences translating bounded model checking problems into satisﬁability solving, outlining both ideas that seem promising and others that did not prove to be very successful. 2 An economic clause normal form translation In order to simplify its design and implementation, modern satisﬁability solvers typically work on formulae in clause normal form (CNF) so that arbitrary propositional formulae ﬁrst need to be translated into this format. Tseitin (1968) proposed a translation that works by introducing deﬁnitions that map each subformula of the original expression to a new atom, e.g. x ↔ (a 1 ∧···∧ a n ). The newly introduced atoms can be used instead of the corresponding subformulae while their deﬁnitions, which are simpler ﬂat formulae, can be easily translated to CNF. Plaisted and Greenbaum (1986) further improve this idea showing that, by considering the polarity of subformulae (i.e. how it is affected by the scope of negations), it is sometimes enough to include one implication of the deﬁnition, e.g. x → (a 1 ∧···∧ a n ) only. It has been noted, however, that the translation tends to introduce many unnecessary atoms. One of the simpliﬁcations of the SATELITE preprocessor (E´ en and Biere, 2005), for example, is speciﬁcally targeted to identify atoms introduced by Tseitin’s translations and ‘undo’ their deﬁnition. This motivated our interest to design a translation which is still polynomial, but trying to introduce as few new atoms as possible. Some of our main ideas follow: • We consider logic connectives with multiple arity. In particular equivalence and exclusive disjunction are replaced by more general parity constraints (i.e. a parity constraint is true if an odd/even number of their operands is true). • The formula is translated to a negation normal form ﬁrst, where the negation connective is only applied to atoms, but parity connectives are still allowed anywhere. This simpliﬁes the computation of polarity: every formula has positive polarity, except for subformulae under the scope of parity constraints which have polarity zero. • Subformulae with polarity zero are translated doing a full renaming as Tseitin does. Other subformulae can be more carefully translated, adding only one atom for each conjunction, using the idea that a half-deﬁnition x → F , where F is already in CNF, can be translated without adding any more atoms (simply append ¬x to each clause in F ). • Parity clauses, which are parity constraints applied to literals only, are left untouched until the very end of the translation. At this point, parity clauses of length 2 and 3 can be translated using a standard clausiﬁcation. Longer parity clauses, of length n, can be split into n - 2 parity clauses of length 3 by adding n - 3 new atoms.