key: cord-0046703-qg43oamv
authors: Schlaipfer, Matthias; Slivovsky, Friedrich; Weissenbacher, Georg; Zuleger, Florian
title: Multi-linear Strategy Extraction for QBF Expansion Proofs via Local Soundness
date: 2020-06-26
journal: Theory and Applications of Satisfiability Testing - SAT 2020
DOI: 10.1007/978-3-030-51825-7_30
sha: 56f450ca3a144d4154724993a827a697d25491f7
doc_id: 46703
cord_uid: qg43oamv

In applications, QBF solvers are expected to not only decide whether a given formula is true or false but also return a solution in the form of a strategy. Determining whether strategies can be efficiently extracted from proof traces generated by QBF solvers is a fundamental research task. Most resolution-based proof systems are known to implicitly support polynomial-time strategy extraction through a simulation of the evaluation game associated with an input formula, but this approach introduces large constant factors and results in unwieldy circuit representations. In this work, we present an explicit polynomial-time strategy extraction algorithm for the [Formula: see text] proof system. This system is used by expansion-based solvers that implement counterexample-guided abstraction refinement (CEGAR), currently one of the most effective QBF solving paradigms. Our argument relies on a Curry-Howard style correspondence between strategies and [Formula: see text] derivations, where each strategy realizes an invariant obtained from an annotated clause derived in the proof system.

Continued improvements in the performance of satisfiability (SAT) solvers [14] are enabling a growing number of applications in areas such as electronic design automation [35] . At the same time, many of the underlying problems are hard for complexity classes beyond NP and as such cannot be expected to have succinct propositional encodings. Super-polynomial growth in encoding size imposes a limit on the problem instances that can be feasibly solved even with extremely efficient SAT solvers. Decision procedures for more succinct languages such as Quantified Boolean Formulas (QBFs) represent a potential solution to this scaling issue. QBFs extend propositional formulas with quantification over truth values and support more succinct encodings for a range of problems [32] . Recent years have seen significant advancements in QBF solver technology [20, 21, 25, 26, 29, 30, 34, 36] , up to a point where reduction to QBF can be more efficient than reduction to SAT [13] .

In some applications, QBF solvers are required to not only decide whether a given formula is true or false but also compute a solution in the form of a strategy. For example, if a synthesis problem is encoded as a QBF, a solver is expected to either return the synthesized program or an explanation why the specification cannot be satisfied [13] . Determining whether the proof trace of a QBF solver can be efficiently transformed into a strategy-whether the proof system supports polynomial-time strategy extraction-is a fundamental research task [2, 3, 6, 10, 27] .

One of the most successful QBF solving paradigms relies on partial Shannon expansion [1, 8] of universal variables within a counterexample-guided abstraction refinement (CEGAR) loop, as implemented in RAReQS [21] , and, more recently, in Ijtihad [9] and QFun [20] . The underlying proof system ∀-Exp+Res [22] offers exponentially shorter proofs for certain classes of formulas than Qresolution [6] , and can polynomially simulate Q-resolution on formulas with few quantifier alternations [4] , which includes many practically relevant cases. 1 Polynomial-time strategy extraction follows from the fact that ∀-Exp+Res proofs can be used to guide the universal player in an evaluation game [6, 11] , but turning this argument into circuits that compute a winning strategy is rather inefficient. An explicit construction based on this idea for Q-resolution requires the introduction of several gates for each literal in the proof and quantifier level of the input formula [27] , leading to unwieldy circuits that are substantially larger than the original proof. In this work, we present a strategy extraction algorithm for ∀-Exp+Res that is multi-linear in the number of proof steps and universal variables. This is asymptotically optimal for a construction that follows the structure of the proof and maintains a circuit for each universal variable.

Our algorithm is inspired by [33] , which for the first time has given a local soundness argument for ∀-Exp+Res. [33] constructs partial strategies along the ∀-Exp+Res-proof and provides a semantic abstraction that relates the constructed strategies to the clauses in the proof. In contrast, we associate a full strategy to each node in the ∀-Exp+Res-proof and develop a syntactic argument that ensures the soundness of the construction. For each clause in the proof, we define a propositional invariant that corresponds to a syntactic weakening of the input formula's negated matrix. We then show that strategies satisfying the invariants for the premises of a resolution step can be combined into a strategy that satisfies the invariant for the resolvent. The main technical challenge we had to overcome in deriving this syntactic weakening is that ∀-Exp+Res proofs work over an extended propositional alphabet where multiple versions of the same variable with different annotations may exist simultaneously. Our invariant translates the propositions from the extended alphabet back to formulas over the original vocabulary.

We believe that our syntactic soundness argument is more transparent than the semantic construction from [33] . The clarity of the argument is also what allows us to obtain a concise circuit representation of the resulting strategy. Further, our syntactic argument establishes a Curry-Howard correspondence between proof construction and strategy extraction. For each inference rule combining proof terms, the correspondence provides a rule combining program terms. The result is a program isomorphic to the proof. The widest-known correspondence is between natural deduction proofs and lamba-calculus programs [18] . In this paper we establish a precise correspondence between ∀-Exp+Res-proofs and strategies-the strategy constructed for a node in the proof DAG satisfies the invariant for the clause derived at that node. In contrast, the correspondence stays implicit in the semantic argument from [33] . We expect that our ideas of obtaining such an invariant by weakening the matrix and translating the clauses over the extended alphabet back to a formula over the original variables will have applications in studying further Curry-Howard correspondences for other resolution-based QBF proof systems.

Quantified Boolean Formulas (QBFs). We consider quantified Boolean formulas (QBFs) with standard propositional connectives ∧, ∨, ¬, ⇔, ⊕, and quantifiers ∀, ∃. We denote existentially quantified variables by x and y, and universally quantified variables by u. Variables range over B = {0, 1}. A literal l is a variable x or its negation ¬x. We write x for a set of variables or literals. A clause is a disjunction of literals, and a propositional formula in conjunctive normal form is a conjunction of clauses. We write for the empty clause. Throughout the paper, QBFs are assumed to be in prenex conjunctive normal form (PCNF). A PCNF formula Φ = Π.ϕ consists of a sequence Π = Q 1 v 1 . . . Q n v n with Q i ∈ {∀, ∃} for 1 ≤ i ≤ n, called the quantifier prefix of Φ, and a propositional formula ϕ in conjunctive normal form, called the matrix of Φ. We define a relation ≺ Π on variables from the quantifier prefix as v i ≺ Π v j whenever i < j. We extend ≺ Π to a relation on literals in the obvious way and drop the quantifier prefix Π from the subscript when it is clear from the context.

We consider a proof system for false PCNF formulas known as ∀-Exp+Res [22] . This system combines instantiation of universal variables with propositional resolution. Instantiation leads to existential literals l τ that are annotated with an assignment τ : u l → B of the universal variables u l = {u | u ≺ l} that precede the variable of l in the quantifier prefix. Following Beyersdorff et al. [6] , we write l [τ ] = l {u →τ (u) | u≺l} to filter out assignments that are not permitted in the annotation of l. We sometimes treat an assignment τ : u → B in an annotation as a set of literals and write l ∈ τ if τ (l) = 1. We write C τ for a clause C with all its literals annotated with [τ ] . The proof rules of ∀-Exp+Res are shown in Fig. 1 . A ∀-Exp+Res proof of a PCNF formula Φ is a sequence of clauses ending with the empty clause such that each

Here, C is a clause from the matrix and τ an assignment to all universal variables falsifying the universal literals of C. Both C1 and C2 are annotated clauses and x σ is an annotated variable. clause is derived either by universal expansion (∀-exp) or by resolution (res) from clauses appearing earlier in the sequence.

A PCNF formula can be interpreted as the specification of a game between an existential and a universal player [31] . The game proceeds by the players assigning values to their respective variables in turn, following the order of the quantifier prefix. The goal of the universal player is to falsify the matrix, the goal of the existential player is to satisfy the matrix. Strategies for either player can be conveniently represented as binary trees. We write P = Str(v, P − , P + ) for a strategy P with root labeled by variable v and principal subtrees P − and P + such that the edge to the root of P − is labeled with 0 and the edge to the root of P + is labeled with 1. We use ∅ to denote the "empty" strategy and write P = Str(v, ∅, P + ) and P = Str(v, P − , ∅) to denote strategies with root nodes that only have a 1-child and a 0-child, respectively. In the next section, we will associate each clause C in a ∀-Exp+Res proof with a strategy P . For clauses C derived by the ∀-exp rule with assignment τ , the corresponding strategy simply sets the universal variables according to τ .

Let Φ = Π.ϕ be a PCNF formula and τ an assignment of the universal variables of Φ. We define ConstStrat(Π, τ ) as the complete strategy for Φ where each assignment is consistent with τ . Example 1. The figure to the right shows the strategy

We present a local soundness argument for ∀-Exp+Res using strategies. To this end, we will define a Combine operator that joins strategies along a derivation [33] . For each derived clause C, we will show that the strategy created for this clause by the Combine operator satisfies a propositional invariant obtained from C. Here, by a strategy P satisfying a formula ψ we mean that every assignment consistent with P satisfies ψ, which we will write as P |= ψ. 2 In this notation, we will show that

where ϕ denotes the matrix and enc(C) translates the clause C back into a formula over the original variables of the QBF as

The invariant enc(C) ⇒ ¬ϕ can be understood by considering the evaluation game: if the existential player responds to every universal play in an annotation by setting the literal to false, the current strategy is winning for the universal player. Ultimately, at the empty clause, enc( ) = 1 and the combined strategy turns into a winning strategy.

We will now introduce the Combine operator that merges two strategies P and Q in a top-down manner and annotates each clause in a ∀-Exp+Res derivation with a strategy. We write C [P ] for a clause C annotated with strategy P . The definition of Combine as shown in Definition 4 is adapted from the definition of an operator defined by Suda and Gleiss [33] . Since we work with complete strategy trees (rather than partial strategies), the top-most variable remains equivalent between two strategies when recursing on them in lock-step, so it is sufficient to perform a case distinction on the top-most variable encountered in a strategy. Moreover, our definition of Combine is tailored to ∀-Exp+Res.

Clauses derived by (∀-exp) are annotated with the strategy ConstStrat(Π, τ ) that plays the assignment τ . For the (res) rule we have the following cases:

-The top-most variable, say u, is universal:

• If the outgoing edge of u (lit(u), see Definition 3 below) differs from the annotation τ (u) of the pivot in at least one of P and Q, we select the strategy that differs. • If lit(u) equals the annotation τ (u) of the pivot in both P and Q, we recurse.

-The top-most variable, say x, is existential:

• If x is the pivot of the inference rule, we combine the two strategies.

• If x is not the pivot, we recurse.

The base cases are when a universal edge differs, or we reach the pivot.

We define lit as the partial function mapping universal strategy nodes to the literal they represent, based on their (unique) child node.

We define Combine as a function from two strategies, P and Q, and an annotated variable x τ to a new strategy inductively on a ∀-Exp+Res derivation in Fig. 2 . We write Combine in infix notation as P x τ Q.

Note that in the case where both lit(P ) = l and lit(Q) = l there is freedom of which strategy out of P and Q to select. We will use the variant selecting P .

Example 1. We introduce our running example and use it to demonstrate the combination of two strategies via Combine in Fig. 3 .

Let C be a clause derived by ∀-Exp+Res and P be the corresponding strategy annotation computed by Combine. Then P |= enc(C) ⇒ ¬ϕ.

Proof. By induction on the ∀-Exp+Res derivation.

Base case. The base case corresponds to the ∀-exp rule.

We need to show that P |= enc(C τ ) ⇒ ¬ϕ. From the definition of ConstStrat we know that P satisfies all universal literals in enc(C τ ) following the assignments determined by τ . P similarly satisfies the literals in the corresponding negated clause ¬C in ¬ϕ, making both remaining formulas over the existential variables equivalent. The negated matrix ¬ϕ is weaker than just ¬C, thus the implication holds.

For a (res) rule with pivot x τ

Top-most variable is universal:

Combine defined inductively along a ∀-Exp+Res derivation.

Step. For a resolution rule with strategy annotations P , Q and the combination of P and Q, i.e. P x τ Q

we need to show that

Let π be an arbitrary complete assignment determined by strategy P x τ Q. We need to show that π |= enc(C 1 ∨ C 2 ) ⇒ ¬ϕ given the induction hypothesis. By case distinction: Q are depicted to the right. Combine proceeds recursively-top-down-along the trees P and Q. At level x1, we simply recurse and proceed by combining the substrategies along the paths 0/x1 and 1/x1 from P and Q because x1 is not the pivot.

On the path along 0/x1 we detect that 0/u1 in P differs from the pivot's annotation 1/u1 and we select the sub-strategy anchored in u1 from P . On the path along 1/x1 the annotation for u1 matches with the values in P and Q and we continue to level x2, which is the pivot. We select the sub-strategy starting in 0/x2 from Q and the sub-strategy starting in 1/x2 from P and are done. 1. If π |= enc(C 1 ∨ C 2 ) the implication is true and we are done. 2. If π |= enc(C 1 ∨ C 2 ) we have two cases:

(a) π |= u∈τ u (π differs from the assignment determined by τ ): Let us assume, w.l.o.g., that π is from P , then we have the following induction hypothesis:

Since we are in case π |= enc(C 1 ∨ C 2 ), by the definition of enc we know that π |= enc(C 1 ). Furthermore we know that π |= u∈τ u satisfying the left-hand side of the outer implication, thus π must satisfy ¬ϕ for the IH to be valid. Since, in this case the Combine operator evaluates to P and π is from P , P |= enc(C 1 ∨ C 2 ) ⇒ ¬ϕ is valid. (b) π |= u∈τ u (π equals the assignment determined by τ ):

Again, since we are in case π |= enc(C 1 ∨ C 2 ), by the definition of enc we know that π |= enc(C 1 ) and π |= enc(C 2 ). We also know that π |= u∈τ u, so when π ∈ P the IH simplifies to π |= x ⇒ ¬ϕ. Similarly the IH simplifies to π |= ¬x ⇒ ¬ϕ for π ∈ Q. Assume x = 1, then P |= ¬ϕ. When we assume x = 0, then Q |= ¬ϕ. In either case, because we assume the IH to be true, we know ¬ϕ needs to be true. Combine chooses the respective paths in P and Q and combines them so that Str(x, Q − , P + ) |= enc(C 1 ∨ C 2 ) ⇒ ¬ϕ is valid.

-We relate the clauses of a ∀-Exp+Res-proof and the extracted strategies: P |= enc(C) ⇒ ¬ϕ signifies that the strategy P is a witness for the validity of the QBF formula Π.enc(C) ⇒ ¬ϕ. -We relate the rules of a ∀-Exp+Res-proof to strategy construction operators:

For an expansion-axiom with regard to an assignment τ , the strategy is given by ConstStrat(Π, τ ) . For a resolution step, the strategy is obtained by applying the Combine operator on the strategies for the parent nodes.

The strategies we have introduced in the previous section have size exponential in the number of existential variables in the quantifier prefix. Thus, it is impractical to consider strategy extraction using such a data structure. Instead, we will now demonstrate how we can implement the Combine operator on circuits. We will show how we can construct the circuit for n output variables in such a way that the size of the circuit is in the order of O(p · n), where p is the proof length (number of clauses). This size is asymptotically optimal when constructing circuits locally along the proof derivation for n variables, considering that each inference can potentially manipulate each circuit.

We begin by introducing a number of auxiliary circuits. In the following let L, R, and B (short for "left", "right", and "bottom", according to their respective positions in the inference rule) be tuples of circuits and let y be the input variables. We write f ui for the circuit with output u i for f ∈ {L, R, B}.

We define the circuits Equiv <i f for f ∈ {L, R}. These circuits decide if all f ui evaluate to τ (u i ) up to level i, given input y:

Next we define the circuits Diff i L and Diff i R using Equiv. The purpose of the Diff circuits is to choose one of L and R simulating the case of Combine when one of the strategies differs from τ at a universal edge. We need to consistently select the function values from either L or R starting from some index i for all subsequent outputs u j with j ≥ i. Definition 6 (Diff). We define the circuits Diff i L and Diff i R symmetrically to each other. We informally describe the circuit Diff i L : Diff i L is true, given input y, if there has been a difference between an L uj and τ (u j ) for j ≤ i and when there has been no difference between R u k and τ (u k ) for k < j. Formally: 

for j > i is a tautology.

Proof. Assume that f = L and g = R, with the other case symmetric. It is clear that when Diff i L (y) is true, Equiv <j L (y) must be false for j > i. When Equiv <j L (y) is false, we know that Diff j R will remain false, if Diff i R was false.

Note that both Diff i L and Diff i R can be true at the same index i. Namely, when there is no difference up to some level j < i (Equiv <j L (y) = Equiv <j R (y) = 1) but both L uj (y) = τ (u j ) and R uj (y) = τ (u j ). In this case we have the same freedom as in Combine when both lit(P ) and lit(Q) differ from τ .

proof. The circuit extraction Cir(u i ) for output u i maps vertices in R to circuits as defined in Fig. 4 -with the circuits Comb ui defined as follows.

Let

Let u m be the maximum universal variable with u m ≺ x. For x ≺ u i , we define

Note that in the case when both Diff i L and Diff i R are true for i, we prefer L (like we have preferred the left strategy P in Combine), due to the order of appearance in the if-then-else cascade.

Example 2. Consider again the strategies P and Q introduced in Example 1. Strategy P encodes the circuits L u1 (x 1 ) = x 1 and L u2 (x 1 ,

We will show that combining the circuits L and R results in circuits B encoded by P

We will demonstrate that our circuit construction yields the same circuits: For B u1 we are in the case u 1 ≺ x 2 and Diff 0 L and Diff 0 R are false by definition, = ∧ because the annotation u 1 of the pivot is 1 so Definition 7 evaluates to

For a (res) rule with pivot x τ

For B u2 we are in case x ≺ u 2 , and u 1 is the maximum u i ≺ x so we have 1 indicating a difference in L when x 1 = 0 leading us to choose the "if-then" branch: 0 ⇔ x 2 , which is true when

So when x 1 = 1, we reach the "else" branch, which evaluates to 1 for both x 2 = 0 and x 2 = 1. Overall, we know that only the assignment x 1 = 0, x 2 = 1 makes B u2 false, thus we determine that B u2 (x 1 , x 2 ) = x 1 ∨ ¬x 2 .

Lemma 1. Let P and Q be strategies and let L and R be families of circuits representing P and Q, respectively. Then the family B of circuits as specified in Definition 7 represents P x τ Q.

Proof (Sketch). When a function value for an output differs from the annotation in circuit L we select the circuits from L for all consecutive outputs. While this operation is implicit in Combine by selecting whole sub-trees of a strategy, we need to make this operation explicit for each output in the circuit construction, by looking at all preceding outputs, which we do in the Diff circuits. If all preceding outputs equal the annotation, then we compute the new function value for the current output as a disjunction or conjunction, depending on the assignment to the output in the annotation. This operation mimics Combine, both in selecting the differing edge, if an edge differs, and keeping the equivalent edge, if both function values equal the annotation.

The case where we reach the pivot variable in Combine and select substrategies from both input strategies, again needs to be made explicit in the circuit construction: We need to check that we are in this case, by inspecting whether one of the preceding outputs differs, like described above. However, we need to check only the outputs up to the level of the pivot variable. Beyond that, the selection of the sub-strategies at the pivot needs to be simulated, which we do by adding a multiplexer with the pivot being the selector input.

The case where the top-most existential variable differs from the pivot in Combine and we recurse is implicit in the circuit construction: The function values depend on these variables, but we do not need to handle existential variables beyond the multiplexer construction.

The case where we recurse in Combine when both universal edges adhere to the annotation is implicit in the circuit construction as well: it amounts to iterative computation of the functions according to the quantifier level.

Proof. For each output u i , we need a circuit Diff i−1 L . To compute that circuit we reuse the circuits computing Equiv <i−1 R and Diff i−2 L , which we have already computed for u i−1 , so for output u i we only have to add the checks R ui−1 ⇔ τ (u i−1 ) and L ui−1 ⊕τ (u i−1 ) of constant size, and gates connecting these circuits, also of constant size. Thus, the number of gates of the Diff L circuits for all n outputs is in the order of O(n). The same analysis applies to the Diff R circuits, adding another O(n). The if-then-else cascade adds another constant, but the overall circuit complexity at a proof node remains O(n). Thus, overall we have a circuit size and running time of O(p · n).

In combination with Theorem 1, the preceding lemmas imply the following.

Similarity to Craig Interpolation. When the circuit has a single output, note that the Diff circuits are always false and we only use the "else" branches. In this case, our system resembles a symmetric Craig interpolation system, cf. [19, 24, 28] .

We demonstrate our strategy extraction algorithm with the QParity formulas. Each formula QParity n has a single universal variable with the parity function on n variables as the unique universal winning strategy. Since Q-resolution proofs can be efficiently turned into bounded-depth circuits computing a universal winning strategy, QParity is known to be hard for Q-resolution [6] . At the same time, it has short (even tree-like) ∀-Exp+Res proofs, and our strategy extraction algorithm obtains a small circuit representing the n-bit parity function.

The formula QParity says that there exists an assignment of x 1 , . . . , x n such that u = x 1 ⊕ · · · ⊕ x n for all assignments of u. Clearly, this formula is false, and the (unique) winning strategy for the universal player is to assign u = x 1 ⊕ · · · ⊕ x n . A PCNF encoding is obtained by introducing auxiliary variables satisfying y i ⇔ i j=1 x j as follows:

The biconditional u ⇔ y n yields the clauses (¬u ∨ ¬y n ) and (u ∨ y n ), and each formula (y i ⇔ (y i−1 ⊕x i )) translates to clauses (¬y i−1 ∨x i ∨y i ), (y i−1 ∨¬x i ∨y i ), (y i−1 ∨x i ∨¬y i ), and (¬y i−1 ∨¬x i ∨¬y i ). Beyersdorff et al. show how to construct short tree-like proofs for QParity in ∀-Exp+Res [4, Theorem 2] . We illustrate their construction for the case n = 2. By expanding the universal variable u (applying the ∀-exp rule), we obtain the following initial clauses:

A resolution refutation completing the ∀-Exp+Res proof is shown in Fig. 5 , where each clause is annotated with the circuit computed for u according to Def. 7. The empty clause is annotated (x 1 ∨ x 2 ) ∧ (¬x 1 ∨ ¬x 2 ) = x 1 ⊕ x 2 , which is a winning strategy.

[0] C1 C2 [1] [0] C3 C4 [1] [0] C5 C6 [1] [ 0] C7 C8 [1] [x1] y ¬u 0 y u 0 ¬y ¬u 1 y u 5 . ∀-Exp+Res proof of QParity 2 . We compress the last proof steps since they do not affect the extracted circuit-either we add a conjunction with 1 or a disjunction with 0.

Suda and Gleiss present a local soundness argument for several resolution-based QBF calculi, including a generalization of ∀-Exp+Res [33] . They interpret clauses derived in these systems as abstractions of partial strategies (a partial strategy does not need to be defined for all moves of the existential player), and show that resolution can be understood in terms of combining partial strategies. Soundness of a proof system is obtained by showing that partial strategies with the premises of a resolution step as their abstractions result in a partial strategy that abstracts to the resolvent. The statement that the partial strategy constructed at a particular node of a proof DAG abstracts to the clause derived at that node is proved only indirectly, through observing that there are simple partial strategies abstracting to initial clauses. By contrast, we define a syntactic weakening of the matrix for each node in the proof DAG and show that the strategy extracted at that node satisfies the weakened matrix. Moreover, we manipulate complete strategies, which are defined for all moves of the existential player. We believe that our use of complete strategies and an explicit syntactic construction offer a considerably simpler and clearer local soundness argument for ∀-Exp+Res.

A correspondence between Q-resolution proofs and strategies was first observed by Goultiaeva et al. [15] and later extended to long-distance Qresolution by Egly et al. [12] . Balabanov and Jiang [2] present a linear-time strategy extraction algorithm for Q-resolution that was generalized to longdistance Q-resolution by Balabanov et al. [3] . Beyersdorff et al. [5] prove a correspondence between strategies and proofs in IRM-calc, a system that generalizes ∀-Exp+Res. The notion that efficient extraction of winning moves from proofs leads to polynomial-time strategy extraction is folklore. Peitl et al. [27] give an explicit construction for Q-resolution with a dependency scheme. Chew and Clymo [11] provide a general argument for QBF proof systems that combine a propositional proof system with universal expansion. Surprisingly, they also identify feasible interpolation of the underlying propositional proof system (i.e, the property that interpolants can be computed from refutation proofs in polynomial time [24] ) as a necessary condition for such systems to have polynomialtime strategy extraction. They further show that the QRAT proof system does not have polynomial-time strategy extraction unless P=PSPACE. By contrast, Heule et al. [16] proved that the (almost) dual proof system for true formulas does have polynomial-time strategy extraction.

Jiang et al. [23] synthesize Boolean functions with a single output using propositional Craig interpolation [19, 24, 28] . Given a Boolean relation ϕ : B n × B → B, the authors of [23] derive a circuit f (x) such that ∀x.∃u.ϕ(x, u) ≡ ∀x.ϕ(x, f(x)) holds. They derive a resolution refutation from ∀x.∃u.ϕ(x, u) by negating it first and then expanding the universal quantifier to obtain an unsatisfiable CNF instance ¬ϕ(x, 0) ∧ ¬ϕ(x, 1), which is then split into two partitions A ¬u def = ¬ϕ(x, 0) and B u def = ¬ϕ(x, 1). An interpolant I(x) for these partitions satisfies (A ¬u → I) and (B u → ¬I), hence the circuit f (x) def = I(x) yields 1 if ¬ϕ(x, 0) and 0 if ¬ϕ(x, 1), satisfying the requirement above. I(x) is obtained by annotating all clauses C in the resolution refutation by partial interpolants I C , where I C def = 0 if C ∈ A ¬u , I C def = 1 if C ∈ B u , and I c def = (x ∨ I 1 ) ∧ (¬x ∨ I 2 ) if C is the result of a resolution of C 1 and C 2 with partial interpolants I 1 and I 2 , respectively, on the pivot literal x.

The construction of the partitions A ¬u and B u in [23] is analogous to QBF Expansion, and propositional interpolation is a (less general) version of the circuit extraction in Fig. 4 . Consequently, [23] can be seen as a special case of our framework that is limited to a single universally quantified variable. In fact, [23] proposes an iterative approach to deal with multiple outputs (universal quantifiers, respectively), requiring the repeated construction of refutations and interpolants and the substitution of outputs one at a time.

Hofferek et al. [17] extend the approach of Jiang et al. [23] to n universally quantified Boolean variables by (syntactically) expanding the quantified formula into 2 n partitions and adapting the interpolation system to multiple partitions accordingly. Their approach targets the theory of uninterpreted functions with equality, which is a more expressive logic, but is limited to ∀∃∀-prefixes and imposes an order on the resolution steps in the propositional part of the refutation.

Beyersdorff et al. [7] present a feasible interpolation technique for the calculi LQU + -Res and IRM-calc. Their approach is restricted to instances of the form ∃p.Qq. Qr.A(p, q) ∧ B(p, r) (where q and r can be quantified arbitrarily) and yields an interpolant I(p). They show that for instances of the form ∃p.∀u.Qq.Qr. (A(p, q) ∨ u) ∧ (B(p, r) ∨ ¬u) the resulting interpolant I(p) represents a strategy for instantiating u. While this approach extends Jiang et al. [23] to arbitarily quantified partitions, it is still limited to a single output u.

We presented a polynomial-time strategy extraction algorithm for ∀-Exp+Res with a running time that is multi-linear in the number of universal variables and resolution steps in the proof. It is based on a local soundness argument showing that each intermediate strategy constructed for a derived clause satisfies a propositional invariant obtained from that clause. This invariant translates annotated literals back to the vocabulary of the original formula and gives them a clear semantics based on the evaluation game: if the existential player responds to the universal play in the annotation by setting the literal to false, the current strategy is winning for the universal player. We believe that this idea can be extended to more general proof systems such as IRM-calc [5] . Moreover, our interpretation of annotated clauses in terms of the original variables may open up new ways of integrating search-based (QCDCL) solvers with expansion.

Qubos: deciding quantified boolean logic using propositional satisfiability solvers

Unified QBF certification and its applications

Efficient extraction of QBF (counter)models from long-distance resolution proofs

Short proofs in QBF expansion

On unification of QBF resolution-based calculi

New resolution-based QBF calculi and their proof complexity

Feasible interpolation for QBF resolution calculi

Resolve and expand

Expansion-based QBF solving without recursion

The equivalences of refutational QRAT

How QBF expansion makes strategy extraction hard

Long-distance resolution: proof generation and strategy extraction in search-based QBF solving

Encodings of bounded synthesis

Handbook of Knowledge Representation

A uniform approach for generating proofs and strategies for both true and false QBF formulas

Solution validation and extraction for QBF preprocessing

Synthesizing multiple Boolean functions using interpolation on a single proof

The formulas-as-types notion of construction

Constructing craig interpolation formulas

Towards generalization in QBF solving via machine learning

Solving QBF with counterexample guided refinement

Expansion-based QBF solving versus Q-resolution

Interpolating functions from large Boolean relations

Interpolation theorems, lower bounds for proof systems, and independence results for bounded arithmetic

Enhancing search-based QBF Solving by dynamic blocked clause elimination

Dependency learning for QBF

Long-distance Q-resolution with dependency schemes

Lower bounds for resolution and cutting plane proofs and monotone computations

Incremental determinization

CAQE: A certifying QBF solver

On the complexity of some two-person perfect-information games

A survey on applications of quantified Boolean formulas

Local soundness for QBF calculi

Non-prenex QBF Solving using abstraction

Boolean satisfiability solvers and their applications in model checking

HQSpre -an effective preprocessor for QBF and DQBF