Industrial-Strength Formally Certified SAT Solving

TL;DR

This paper introduces an industrial-strength, formally certified SAT solving approach that combines untrusted solvers with a verified proof checker, ensuring correctness for safety-critical applications while maintaining practical performance.

Contribution

It presents a fully automated, standalone certified SAT checker extracted from formal Coq proofs, enabling reliable verification in industrial contexts without relying on interactive theorem proving.

Findings

The certified checker is formally verified in Coq.

It is significantly faster than previous certified checkers based on interactive theorem provers.

The system effectively verifies industrial SAT benchmarks from the SAT Race Competition.

Abstract

Boolean Satisfiability (SAT) solvers are now routinely used in the verification of large industrial problems. However, their application in safety-critical domains such as the railways, avionics, and automotive industries requires some form of assurance for the results, as the solvers can (and sometimes do) have bugs. Unfortunately, the complexity of modern, highly optimized SAT solvers renders impractical the development of direct formal proofs of their correctness. This paper presents an alternative approach where an untrusted, industrial-strength, SAT solver is plugged into a trusted, formally certified, SAT proof checker to provide industrial-strength certified SAT solving. The key novelties and characteristics of our approach are (i) that the checker is automatically extracted from the formal development, (ii), that the combined system can be used as a standalone executable program independent of any supporting theorem prover, and (iii) that the checker certifies any SAT solver respecting the agreed format for satisfiability and unsatisfiability claims. The core of the system is a certified checker for unsatisfiability claims that is formally designed and verified in Coq. We present its formal design and outline the correctness proofs. The actual standalone checker is automatically extracted from the the Coq development. An evaluation of the certified checker on a representative set of industrial benchmarks from the SAT Race Competition shows that, albeit it is slower than uncertified SAT checkers, it is significantly faster than certified checkers implemented on top of an interactive theorem prover.