Upper and Lower Bounds for Weak Backdoor Set Detection

We obtain upper and lower bounds for running times of exponential time algorithms for the detection of weak backdoor sets of 3CNF formulas, considering various base classes. These results include (omitting polynomial factors), (i) a 4.54^k algorithm to detect whether there is a weak backdoor set of at most k variables into the class of Horn formulas; (ii) a 2.27^k algorithm to detect whether there is a weak backdoor set of at most k variables into the class of Krom formulas. These bounds improve an earlier known bound of 6^k. We also prove a 2^k lower bound for these problems, subject to the Strong Exponential Time Hypothesis.Comment: A short version will appear in the proceedings of the 16th International Conference on Theory and Applications of Satisfiability Testin

Parametrised enumeration

In this thesis, we develop a framework of parametrised enumeration complexity. At first, we provide the reader with preliminary notions such as machine models and complexity classes besides proving them to be well-chosen. Then, we study the interplay and the landscape of these classes and present connections to classical enumeration classes. Afterwards, we translate the fundamental methods of kernelisation and self-reducibility into equivalent techniques in the setting of parametrised enumeration. Subsequently, we illustrate the introduced classes by investigating the parametrised enumeration complexity of Max-Ones-SAT and strong backdoor sets as well as sharpen the first result by presenting a dichotomy theorem for Max-Ones-SAT. After this, we extend the definitions of parametrised enumeration algorithms by allowing orders on the solution space. In this context, we study the relations ``order by size'' and ``lexicographic order'' for graph modification problems and observe a trade-off between enumeration delay and space requirements of enumeration algorithms. These results then yield an enumeration technique for generalised modification problems that is illustrated by applying this method to the problems closest string, weak and strong backdoor sets, and weighted satisfiability. Eventually, we consider the enumeration of satisfying teams of formulas of poor man's propositional dependence logic. There, we present an enumeration algorithm with FPT delay and exponential space which is one of the first enumeration complexity results of a problem in a team logic. Finally, we show how this algorithm can be modified such that only polynomial space is required, however, by increasing the delay to incremental FPT time.In diesem Werk begründen wir die Theorie der parametrisierten Enumeration, präsentieren die grundlegenden Definitionen und prüfen ihre Sinnhaftigkeit. Im nächsten Schritt, untersuchen wir das Zusammenspiel der eingeführten Komplexitätsklassen und zeigen Verbindungen zur klassischen Enumerationskomplexität auf. Anschließend übertragen wir die zwei fundamentalen Techniken der Kernelisierung und Selbstreduzierbarkeit in Entsprechungen in dem Gebiet der parametrisierten Enumeration. Schließlich untersuchen wir das Problem Max-Ones-SAT und das Problem der Aufzählung starker Backdoor-Mengen als typische Probleme in diesen Klassen. Die vorherigen Resultate zu Max-Ones-SAT werden anschließend in einem Dichotomie-Satz vervollständigt. Im nächsten Abschnitt erweitern wir die neuen Definitionen auf Ordnungen (auf dem Lösungsraum) und erforschen insbesondere die zwei Relationen \glqq Größenordnung\grqq\ und \glqq lexikographische Reihenfolge\grqq\ im Kontext von Graphen-Modifikationsproblemen. Hierbei scheint es, als müsste man zwischen Delay und Speicheranforderungen von Aufzählungsalgorithmen abwägen, wobei dies jedoch nicht abschließend gelöst werden kann. Aus den vorherigen Überlegungen wird schließlich ein generisches Enumerationsverfahren für allgemeine Modifikationsprobleme entwickelt und anhand der Probleme Closest String, schwacher und starker Backdoor-Mengen sowie gewichteter Erfüllbarkeit veranschaulicht. Im letzten Abschnitt betrachten wir die parametrisierte Enumerationskomplexität von Erfüllbarkeitsproblemen im Bereich der Poor Man's Propositional Dependence Logic und stellen einen Aufzählungsalgorithmus mit FPT Delay vor, der mit exponentiellem Platz arbeitet. Dies ist einer der ersten Aufzählungsalgorithmen im Bereich der Teamlogiken. Abschließend zeigen wir, wie dieser Algorithmus so modifiziert werden kann, dass nur polynomieller Speicherplatz benötigt wird, bezahlen jedoch diese Einsparung mit einem Anstieg des Delays auf inkrementelle FPT Zeit (IncFPT)

Understanding and Enhancing CDCL-based SAT Solvers

Modern conflict-driven clause-learning (CDCL) Boolean satisfiability (SAT) solvers routinely solve formulas from industrial domains with millions of variables and clauses, despite the Boolean satisfiability problem being NP-complete and widely regarded as intractable in general. At the same time, very small crafted or randomly generated formulas are often infeasible for CDCL solvers. A commonly proposed explanation is that these solvers somehow exploit the underlying structure inherent in industrial instances. A better understanding of the structure of Boolean formulas not only enables improvements to modern SAT solvers, but also lends insight as to why solvers perform well or poorly on certain types of instances. Even further, examining solvers through the lens of these underlying structures can help to distinguish the behavior of different solving heuristics, both in theory and practice. The first issue we address relates to the representation of SAT formulas. A given Boolean satisfiability problem can be represented in arbitrarily many ways, and the type of encoding can have significant effects on SAT solver performance. Further, in some cases, a direct encoding to SAT may not be the best choice. We introduce a new system that integrates SAT solving with computer algebra systems (CAS) to address representation issues for several graph-theoretic problems. We use this system to improve the bounds on several finitely-verified conjectures related to graph-theoretic problems. We demonstrate how our approach is more appropriate for these problems than other off-the-shelf SAT-based tools. For more typical SAT formulas, a better understanding of their underlying structural properties, and how they relate to SAT solving, can deepen our understanding of SAT. We perform a largescale evaluation of many of the popular structural measures of formulas, such as community structure, treewidth, and backdoors. We investigate how these parameters correlate with CDCL solving time, and whether they can effectively be used to distinguish formulas from different domains. We demonstrate how these measures can be used as a means to understand the behavior of solvers during search. A common theme is that the solver exhibits locality during search through the lens of these underlying structures, and that the choice of solving heuristic can greatly influence this locality. We posit that this local behavior of modern SAT solvers is crucial to their performance. The remaining contributions dive deeper into two new measures of SAT formulas. We first consider a simple measure, denoted “mergeability,” which characterizes the proportion of input clauses pairs that can resolve and merge. We develop a formula generator that takes as input a seed formula, and creates a sequence of increasingly more mergeable formulas, while maintaining many of the properties of the original formula. Experiments over randomly-generated industrial-like instances suggest that mergeability strongly negatively correlates with CDCL solving time, i.e., as the mergeability of formulas increases, the solving time decreases, particularly for unsatisfiable instances. Our final contribution considers whether one of the aforementioned measures, namely backdoor size, is influenced by solver heuristics in theory. Starting from the notion of learning-sensitive (LS) backdoors, we consider various extensions of LS backdoors by incorporating different branching heuristics and restart policies. We introduce learning-sensitive with restarts (LSR) backdoors and show that, when backjumping is disallowed, LSR backdoors may be exponentially smaller than LS backdoors. We further demonstrate that the size of LSR backdoors are dependent on the learning scheme used during search. Finally, we present new algorithms to compute upper-bounds on LSR backdoors that intrinsically rely upon restarts, and can be computed with a single run of a SAT solver. We empirically demonstrate that this can often produce smaller backdoors than previous approaches to computing LS backdoors

Solving d-SAT via backdoors to small Treewidth

A backdoor set of a CNF formula is a set of variables such that fixing the truth values of the variables from this set moves the formula into a polynomial-time decidable class. In this work we obtain several algorithmic results for solving d-SAT, by exploiting backdoors to d-CNF formulas whose incidence graphs have small treewidth. For a CNF formula F and integer t, a strong backdoor set to treewidth t is a set of variables such that each possible partial assignment τ to this set reduces F to a formula whose incidence graph is of treewidth at most t. A weak backdoor set to treewidth t is a set of variables such that there is a partial assignment to this set that reduces φ to a satisfiable formula of treewidth at most t. Our main contribution is an algorithm that, given a d-CNF formula F and an integer k, in time 2^{O(k)}|F|, • either finds a satisfying assignment of F, or • reports correctly that F is not satisfiable, or • concludes correctly that F has no weak or strong backdoor set to treewidth t of size at most k. As a consequence of the above, we show that d-SAT parameterized by the size of a smallest weak/strong backdoor set to formulas of treewidth t, is fixed-parameter tractable

Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see https://polvanaubel.com/research/em-ics/code

Computer Aided Verification

This open access two-volume set LNCS 13371 and 13372 constitutes the refereed proceedings of the 34rd International Conference on Computer Aided Verification, CAV 2022, which was held in Haifa, Israel, in August 2022. The 40 full papers presented together with 9 tool papers and 2 case studies were carefully reviewed and selected from 209 submissions. The papers were organized in the following topical sections: Part I: Invited papers; formal methods for probabilistic programs; formal methods for neural networks; software Verification and model checking; hyperproperties and security; formal methods for hardware, cyber-physical, and hybrid systems. Part II: Probabilistic techniques; automata and logic; deductive verification and decision procedures; machine learning; synthesis and concurrency. This is an open access book