Abstract
We present two computer-verified implementations of the CNF conversion for propositional logic. The two implementations are fully verified: functional correctness and termination is machine-checked using the Dafny language for both. The first approach is based on repeatedly applying a set of equivalences and is often presented in logic textbooks. The second approach is based on Tseitin’s transformation and is more efficient. We present the main ideas behind our formalization and we discuss the main difficulties in verifying the two algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Also spelled Tseytin.
- 3.
References
Andrici, C.-C., Ciobâcă, Ş.: Verifying the DPLL algorithm in Dafny. In: Marin, M., Craciun, A. (eds.) Proceedings Third Symposium on Working Formal Methods, FROM 2019, Timişoara, Romania, 3–5 September 2019. EPTCS, vol. 303, pp. 3–15 (2019)
Andrici, C.-C., Ciobâcă, Ş.: Who verifies the verifiers? A computer-checked implementation of the DPLL algorithm in Dafny. CoRR, arXiv:2007.10842 (2020)
Barroso, P., Pereira, M., Ravara, A.: Animated logic: correct functional conversion to conjunctive normal form. In: PAAR 2020/SC-Square 2020. CEUR Workshop Proceedings, vol. 2752, pp. 1–20. CEUR-WS.org (2020)
Berger, U., Lawrence, A., Forsberg, F.N., Seisenberger, M.: Extracting verified decision procedures: DPLL and resolution. Log. Methods Comput. Sci. 11(1) (2015)
Blanchette, J.C., Fleury, M., Lammich, P., Weidenbach, C.: A verified SAT solver framework with learn, forget, restart, and incrementality. J. Autom. Reason. 61(1–4), 333–365 (2018)
Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Why3: shepherd your herd of provers. In: Boogie 2011: First International Workshop on Intermediate Verification Languages, Wrocław, Poland, pp. 53–64, August 2011. https://hal.inria.fr/hal-00790310
Cohen, E., et al.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03359-9_2
de la Tour, T.B.: An optimality result for clause form translation. J. Symb. Comput. 14(4), 283–302 (1992)
Fleury, M.: Optimizing a verified SAT solver. In: Badger, J.M., Rozier, K.Y. (eds.) NFM 2019. LNCS, vol. 11460, pp. 148–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20652-9_10
Ford, R.L., Leino, K.R.M.: Dafny Reference Manual (2017)
Gäher, L., Kunze, F.: Mechanising complexity theory: the cook-Levin theorem in Coq. In: Cohen, L., Kaliszyk, C. (eds.) 12th International Conference on Interactive Theorem Proving (ITP 2021). Leibniz International Proceedings in Informatics (LIPIcs), Dagstuhl, Germany, vol. 193, pp. 20:1–20:18. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021)
Harrison, J.: Handbook of Practical Logic and Automated Reasoning. Cambridge University Press, Cambridge (2009)
Hawblitzel, C., et al.: Ironclad apps: end-to-end security via automated full-system verification. In: 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014, Broomfield, CO, USA, 6–8 October 2014, pp. 165–181 (2014)
Hoang, D., Moy, Y., Wallenburg, A., Chapman, R.: SPARK 2014 and gnatprove - a competition report from builders of an industrial-strength verifying compiler. Int. J. Softw. Tools Technol. Transf. 17(6), 695–707 (2015)
Rustan, K., Leino, M.: Developing verified programs with Dafny. In: 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, USA, 18–26 May 2013, pp. 1488–1490 (2013)
Rustan, K., Leino, M.: Accessible software verification with dafny. IEEE Softw. 34(6), 94–97 (2017)
Lescuyer, S.: Formalizing and Implementing a Reflexive Tactic for Automated Deduction in Coq. Theses, Université Paris Sud - Paris XI, January 2011
Marić, F.: Formalization and implementation of modern SAT solvers. J. Autom. Reason. 43(1), 81–119 (2009)
Marić, F., Janičić, P.: Formalization of abstract state transition systems for SAT. Log. Methods Comput. Sci. 7(3) (2011)
Michaelis, J., Nipkow, T.: Formalized proof systems for propositional logic. In: TYPES 2017. LIPIcs, vol. 104, pp. 5:1–5:16. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2017)
Michaelis, J., Nipkow, T.: Propositional proof systems. Archive of Formal Proofs, June 2017. Formal proof development. https://isa-afp.org/entries/Propositional_Proof_Systems.html
Oe, D., Stump, A., Oliver, C., Clancy, K.: versat: a verified modern SAT solver. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 363–378. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27940-9_24
Shankar, N., Vaucher, M.: The mechanical verification of a DPLL-based satisfiability solver. Electr. Notes Theor. Comput. Sci. 269, 3–17 (2011)
Tseitin, G.S.: On the complexity of derivations in the propositional calculus. Studies in Mathematics and Mathematical Logic, Part II, pp. 115–125 (1968)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Appendices
A Short Overview of Dafny
The Dafny programming language supports auto-active verification, a technique known since the 70s, but which has only become practical in the past decade, thanks to advances in both the usability of verification tools and computer processing power. Here is an example of a simple typical auto-actively verified Dafny method implementing binary search:
Auto-active verification is a mix of automatic verification and interactive verification. It means that the program is annotated by the programmer with specifications (such as preconditions, introduced by requires, and postconditions, introduced by ensures), which are automatically checked by the system to hold. The system verifies that the program implements the specification. If the postcondition cannot be proven to hold whenever the precondition holds, then the Dafny compiler fails with an error message. For example, the code above compiles (and verifies) without any issues; however, if we had made any mistake, like initializing right by a.Length instead of a.Length - 1 or reversing the comparison operators < and > inside the body of the while loop, then compilation would fail as the postcondition would not be provable.
For complicated post-conditions, Dafny cannot establish their validity automatically, and therefore additional help is required from the part of the programmer (the interactive part) in the form of invariants (in the example above, four invariants are given for the while loop), variants (introduced by the decreases keyword, used to establish termination), lemmas, or other helper annotations.
Auto-active verification is featured in frameworks such as Why3 [6], Dafny [16] or even programming languages such as Ada [14] or C [7]. It has been used successfully to develop trusted code for small and even average sized projects [13]. The main advantage of using auto-active verification in software development is that we obtain a high degree of confidence in the correctness of software projects that were developed in this style.
B The Dafny Development
The attached Dafny development consists of 8 source files:
-
utils.dfy contains generally useful definitions and lemmas, such as the definition of exponentiation (pow);
-
formula.dfy contains the definition of the FormulaT data type and related functions and lemmas such as validFormulaT, truthValue, maxVar;
-
cnf.dfy contains the verified implementation of the textbook algorithm for finding the CNF (with functions/methods such as convertToCNF or applyRule);
-
cnfformula.dfy contains various items concerning the representation of CNF formulae as elements of type seq<seq<int>>, such as the predicates validLiteral, validCnfFormula, truthValueCnfFormula;
-
tseitin.dfy contains the entry point (tseitin) to Tseitin’s transformation, together with the main implementatino tseitinCnf;
-
it relies on tseitinproofs.dfy, which contains lemmas that prove the invariant of tseitinCnf for all cases;
-
both of the modules above rely on tseitincore.dfy, which contains definitions useful in both the algorithm and its proof, such as the set of clauses orClauses to be added for disjunctions;
-
main.dfy exercises the CNF transformation in a Main method and can be used to obtain an executable;
-
Makefile to be used in the usual Unix-like manner. To compile (and verify) the development, it is sufficient to run:
-
dafny /verifySeparately *.dfy.
We have verified the source code with Dafny version 3.0.0.20820, but some earlier versions should work as well.
The Dafny development is available at
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Iordache, V., Ciobâcă, Ş. (2021). Verifying the Conversion into CNF in Dafny. In: Silva, A., Wassermann, R., de Queiroz, R. (eds) Logic, Language, Information, and Computation. WoLLIC 2021. Lecture Notes in Computer Science(), vol 13038. Springer, Cham. https://doi.org/10.1007/978-3-030-88853-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-88853-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-88852-7
Online ISBN: 978-3-030-88853-4
eBook Packages: Computer ScienceComputer Science (R0)
