Protecci ó n y Control de Circuitos de Motores

The methods and theories presented in this chapter have a surprisingly wide range of application. Besides our original goal of investigating equalities, we have also already presented applications for theory combinations with the Nelson-Oppen method and for the exploration of (un)bounded directions. In this section, we show that our methods around equalities are also useful for quantifier elimination.

In general, a quantifier elimination (QE) procedure takes a formula ∃y.φ(y), where φ(y) itself is quantifier-free but may contain extra variables x called parameters, and returns an equivalent formula φ0 that is quantifier- free. Quantifier elimination procedures typically eliminate the quantifier_∃y by introducing a case distinctions over the values the variable y can assume. Linear virtual substitution is a complete QE procedure for the theory of linear rational arithmetic [106]. It eliminates the variable y by creating a case distinction4 exploiting the following fact: a linear rational arithmetic formula φ(y) is rationally satisfiable if and only if φ(l) is satisfiable, where l is the strictest lower bound (or upper bound) of y, i.e., the smallest value for y in any solution to the problem. This value is either represented by −∞ (+∞) or one of the inequalities in φ(y) containing y. There are only finitely many inequalities in φ(y), so by a case distinction over all inequalities containing y satisfiability can be preserved:

∃y ∈ Q.φ(y) ≡ φ(−∞) ∨ W

aiyy+aTix≤biin φ(y) with aiy<0

φ−bi aiy + aT ix aiy  . This case distinction is the source of the worst case doubly exponential complexity of the procedure in case of quantifier alternations. At the same time, there are also instances that we can resolve without case distinctions. For instance, if the formula φ(y) implies an equality hy· y + hTx = g where hy 6= 0, then we already know one guaranteed definition for the strictest lower bound of y:

g hy −

hTx hy .

A quantifier-free formula that is equivalent to the original one is simply: ∃y ∈ Q.φ(y) ≡ φhgy −

hT_x

hy

 .

This technique is well-known and integrated in many QE implementations [55,

4_{There actually exist various versions of linear virtual substitution, each based on a}

different case distinction over the values the variable y can assume. For the presented application of the equality basis, the actual version of linear virtual substitution is irrele- vant.

106, 132]. Even so, we are unaware of any implementation that makes use of non-explicit equalities for this purpose. This is where our methods that find implicit equalities come into play. Our methods are applicable because QE procedures typically keep φ in a disjunctive form and the respective disjuncts contain often only conjuncts of inequalities. This allows us to efficiently search for an equality.

A similar trick also exists for the theory of linear integer/mixed arithme- tic, i.e., for eliminating an integer variable. We only have to additionally verify that the lower bound of the integer variable is an actual integer value. which we can do through one additional divisibility constraint. Therefore,

φ_hg y − hTx hy  ∪ {(hy|g + hTx)}

is a quantifier-free formula that is equivalent to_{∃y ∈ Z.φ(y) if φ(y) implies} the equality hy · y + hTx = g where hy 6= 0.

Note that our methods detect only equalities implied by rational solu- tions of Ax_{≤ b, i.e., only those equalities h}T_{x = g that are satisfied by all} solutions x∈ Qδ(Ax≤ b). There might be integer/mixed entailed equalities that are not generally implied, which means that they cannot be computed with our equality basis method.

5.7

Summary

We have presented in Chapter 4 the linear cube transformation (Corol- lary 4.2.2), which allows us to efficiently determine whether a polyhedron contains a cube of a given edge length. One obstacle for our cube tests are equalities. Resolving these obstacles led to an additional application of the linear cube transformation: investigating equalities. Through Lem- mas 5.2.2 & 5.2.3, we have presented a method that efficiently checks whet- her a system of linear arithmetic constraints implies an equality at all. We use this method in the algorithm EqBasis(Ax≤ b) to compute an equality basis y_{− Dz = c, which is a finite representation of all equalities implied by} the inequalities Ax_{≤ b.}

We also presented various applications for the equality basis y− Dz = c. (i) We can use the equality basis to eliminate all equalities from Ax _{≤ b.} It is, therefore, useful as a preprocessing step for our cube tests. (ii) We can use the equality basis to directly check whether an equality hT_{x = g is} implied by Ax_{≤ b. (iii) We can use the equality basis to efficiently compute} all pairs of equivalent variables in Ax _{≤ b (Section 5.4). These pairs are} necessary for a backjump-free Nelson-Oppen style combination of theories. (iv) We can use the equality basis to efficiently compute a bounded basis for Ax_{≤ b, i.e., a finite representation of all bounded directions in Ax ≤ b} (Section 5.5). (v) We can use the equality basis for quantifier elimination (Section 5.6).

Chapter 6

A Reduction (from

Unbounded Linear Mixed

Arithmetic Problems) into

Bounded Problems

We have already presented two complete decision procedures for linear in- teger arithmetic: branch-and-bound extended by a priori bounds (Chap- ter 2.8) and CutSat++ (Chapter 3).

A priori bounds complete branch-and-bound (see Chapter 2.7.3) by ex- tending the input problem with approximated variable bounds_{−g ≤ x}i≤ g for every variable xi. Adding the variable bounds creates an equisatisfiable problem because the approximated bounds _{−g ≤ x}i ≤ g are large enough, i.e., the original problem has an integer/mixed solution within the bounds whenever it has one outside the bounds. Since the a priori bounds bound all variables, they also reduce the search space for a branch-and-bound solver (and many other integer/mixed arithmetic decision procedures) to a finite search space. So branch-and-bound is guaranteed to terminate. However, these bounds are so large that the resulting search space cannot be explored in reasonable time (e.g. the age of the universe) even for small problems. One reason why the a priori bounds are so impractically large is that they only take parameter sizes into account and not actually the structure of each problem. Therefore, the approximated bound values are by far larger than is necessary.

CutSat++ is a CDCL style algorithm combined with a lazy quanti- fier elimination procedure. This combination allows us to use a much more structure-oriented approach for completeness. The price for this result is an algorithm that is by far more complicated than the branch-and-bound approach. In particular, (i) it has to consider divisibility constraints in ad- dition to inequalities; (ii) CutSat++ is missing several features that make

CDCL style SAT solving so efficient in practice, e.g., exhaustive propaga- tion cannot be done in CutSat++ or we encounter propagation divergence; (iii) it is very inflexible, i.e., there is not much room to improve its search strategy because of its strict termination strategy; and (iv) an extension to mixed arithmetic would make it even more complex and make it even more inflexible.

Due to their disadvantages, neither a priori bounds or CutSat++ have been integrated in any state-of-the-art SMT solvers [9, 41, 42, 50, 57]. As far as we know, none of the state-of-the-art SMT solvers use any method that guarantees termination for linear integer or mixed arithmetic. Therefore, they are all incomplete.

In this chapter, we present a different approach to reach a complete deci- sion procedure. Like a priori bounds, our approach consists of mixed equi- satisfiable transformations that turn every problem into a bounded problem. This means that we can also use them to make branch-and-bound (and many other integer/mixed arithmetic decision procedures) complete. In contrast to a priori bounds, our transformations do not use approximations, which also means that we never have to deal with over-approximation and the re- sulting loss of efficiency. Instead, our transformations orient themselves on the structure of the input problem by eliminating the unbounded directions in the problem. This sounds similar to CutSat++, but our transforma- tions manage to avoid the shortcomings of the CutSat++ calculus. This means that (i) they do not introduce new types of constraints; (ii) the com- bination of branch-and-bound and our transformations stays flexible; and (iii) the extension to mixed arithmetic is intuitive and requires no major changes. As a result, our approach is efficient in practice and we can even support this claim with benchmark experiments.

We already explained in Chapter 2.8 that the (un)boundedness of a pro- blem indicates whether branch-and-bound terminates. For this analysis, we partitioned our input problems into four categories: guarded problems, un- guarded but boundedproblems, absolutely unbounded problems, and partially unbounded problems. Guarded problems and unguarded but bounded pro- blems compose together all bounded problems, i.e., all problems for which branch-and-bound has a finite search space and, therefore, always termi- nates. Absolutely unbounded problems are unbounded, which causes some problems for branch-and-bound alone. The truth is, however, that they are quite trivial because they always have an integer solution. In Chapter 4, we described two cube tests that detect and solve absolutely unbounded pro- blems in polynomial time. Therefore, branch-and-bound becomes also com- plete for absolutely unbounded problems if extended with our cube tests. The actual difficult case is when some directions are bounded and others un- bounded, i.e., when the problem is partially unbounded. Here, branch-and- bound and most other algorithms diverge or become inefficient in practice. The transformations we present here are designed to efficiently handle this

category of problems. Our approach is also efficient because we only actu- ally apply our transformations on partially unbounded problems. We avoid the application to the other types of problems because we use the method from Chapter 5.5 to efficiently determine the type of (un)boundedness of our input problems.

The contributions of this chapter are as follows: We present satisfiability preserving transformations that reduce unbounded problems into bounded problems. On these bounded problems, most linear mixed decision proce- dures become terminating, which we show on the example of branch-and- bound. The transformations are, therefore, extensions that complete other decision procedures. Our transformations work by eliminating unbounded variables. First, we use the Double-Bounded reduction (Section 6.3) to eli- minate all unbounded inequalities from our constraint system. Then we use the Mixed-Echelon-Hermite transformation (Section 6.2) to shift the variables of our system to ones that are either bounded or do not ap- pear in the new inequalities and are, therefore, eliminated. With Corol- lary 6.2.9 and Lemma 6.3.5 we explain how to efficiently convert certificates of (un)satisfiability between the transformed and the original system. Our method is efficient because it is fully guided by the structure of the pro- blem. This is confirmed by experiments (Section 6.5). Finally, we explain in Section 6.4 how to implement the presented procedures in an incrementally efficient way. This is relevant for an efficient SMT implementation.

6.1

Related Work and Preliminaries

This chapter is based on the publication [30] and focuses on the theory of linear mixed arithmetic. Nonetheless, we always specify the type of solution/satisfiability. Only implications are always assumed to be ratio- nal/general entailments (see Chapter 2.5).

The constraints in this chapter are non-strict inequalities and they are either formatted according to the vector representation, i.e., aT

i x ≤ bi (see also Chapter 2.2.1), or the standard representation, ai1x1+ . . . + ainxn≤ bi (see also Chapter 2.2.1). Other types of constraints have to be reduced to non-strict inequalities with the techniques presented in Chapter 2.3.

This chapter builds on the basics of linear algebra (Chapter 2.1) and li- near arithmetic (Chapter 2.2), on the concept of implied constraints (Chap- ter 2.5), and on the definitions of (un)bounded and (un)guarded problems and variables (Chapter 2.8). Our incremental implementation (Section 6.4) also builds on the notions and definitions of standard arithmetic decision procedures for SMT solvers as presented in Chapter 2.7.

There also exist several publications by other authors that are highly re- levant to the contributions presented in this chapter. The first related work is by Bobot et al. [26]. They present in their paper [26] a complete decision procedure for linear integer arithmetic, which is also the most similar ap- proach to our transformations that we found in the literature. The decision procedure by Bobot et al. dynamically eliminates one linear independent bounded direction at a time via transformation. For comparison, our own transformations statically eliminate all unbounded directions at once. The disadvantage of the dynamic approach is that it is very restrictive and does not leave enough freedom to change strategies or to add complementing techniques. Moreover, Bobot et al.’s implementation of the decision proce- dure in the SMT solver Ctrl-Ergo uses this transformation approach for all problems and not only the partially unbounded ones, which sometimes leads to a massive overhead on bounded problems.

The second related work is by Christ and Hoenicke [40]. They pre- sent in their paper [40] an extension to branch-and-bound that uses the Mixed-Echelon-Hermite transformation to find more versatile branches and cuts. Since one of our proposed transformations is also the Mixed-Echelon- Hermite transformation, there exist some interesting similarities and re- lationships between their approach and our approach. For instance, our Double-Bounded reduction alone would be sufficient to make Christ and Hoenicke’s extension complete.

The third related work is by Philipp R¨ummer [127]. He presents in his paper [127] a constraint sequent calculus that is complete for quantified linear integer arithmetic. It terminates because it simulates in the worst case the complete and terminating Omega Test [123]. Moreover, it can be extended so it produces interpolants for ground formulas [29]. This means R¨ummer’s calculus performs tasks that are more general than our intended task: determining satisfiability of systems of inequalities. This broader focus also leads to one big disadvantage: R¨ummer’s calculus performs our intended task less efficiently than more specialized methods. This is especially true for determining satisfiability of unbounded problems (see Section 6.5).