Abstract
SAT solvers decide the satisfiability of Boolean formulas in conjunctive normal form. They are commonly used for software and hardware verification. Modern SAT solvers are highly complex and optimized programs. As a single bug in the solver may invalidate the verification of many systems, SAT solvers output certificates for their answer, which are then checked independently. However, even certificate checking requires highly optimized non-trivial programs. This paper presents the first SAT solver certificate checker that is formally verified down to the integer sequence representing the formula. Our tool supports the full DRAT standard, and is even faster than the unverified state-of-the-art tool drat-trim, on a realistic set of benchmarks drawn from the 2016 and 2017 SAT competitions. An optional multi-threaded mode further reduces the runtime, in particular for big certificates.
Highlights
Modern SAT solvers are highly optimized and use complex algorithms and heuristics
Isabelle/HOL uses a mixture of common mathematical notations and Standard ML [34] syntax (e. g. there are algebraic data types, function application is written as f x, functions are usually curried, e. g. f x y, and abstraction is written as λx y. t)
Already in single threaded mode, it is significantly faster than the unverified standard tool drat-trim, on a benchmark suite taken from the 2017 and 2016 SAT competitions
Summary
Modern SAT solvers are highly optimized and use complex algorithms and heuristics. This makes them prone to bugs. Cruz-Filipe et al formalize a checker for their enriched certificates in the Coq theorem prover [3], and generate OCaml code from the formalization Their approach still has some deficits: GRIT only supports the less powerful DRUP fragment [45] of DRAT, making it unsuitable for SAT solvers that output full DRAT. DRAT certificate checkers spend most time on unit propagation, for which highly optimized implementations of rather complex algorithms are used Rat-lemma The item specifies a pivot literal l, an ID f or the lemma, an initial list of unit clause IDs, and a list of candidate proofs. To check a candidate proof, the literals of D\{¬l} are assigned to false, the listed unit propagations are performed, and the conflict clause is checked to be conflict. It has been used for various software verification projects (e. g. [25,31,47]), including a fully fledged verified LTL model checker [4,11]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have