# New techniques for linear arithmetic: cubes and equalities

- 403 Downloads

## Abstract

We present several new techniques for linear arithmetic constraint solving. They are all based on the linear cube transformation, a method presented here, which allows us to efficiently determine whether a system of linear arithmetic constraints contains a hypercube of a given edge length. Our first findings based on this transformation are two sound tests that find integer solutions for linear arithmetic constraints. While many complete methods search along the problem surface for a solution, these tests use cubes to explore the interior of the problems. The tests are especially efficient for constraints with a large number of integer solutions, e.g., those with infinite lattice width. Inside the SMT-LIB benchmarks, we have found almost one thousand problem instances with infinite lattice width. Experimental results confirm that our tests are superior on these instances compared to several state-of-the-art SMT solvers. We also discovered that the linear cube transformation can be used to investigate the equalities implied by a system of linear arithmetic constraints. For this purpose, we developed a method that computes a basis for all implied equalities, i.e., a finite representation of all equalities implied by the linear arithmetic constraints. The equality basis has several applications. For instance, it allows us to verify whether a system of linear arithmetic constraints implies a given equality. This is valuable in the context of Nelson–Oppen style combinations of theories.

## Keywords

Linear arithmetic SMT Integer arithmetic Constraint solving Equalities Combination of theories## 1 Introduction

Polyhedra and the systems of linear arithmetic constraints \(A x \le b\) defining them have a vast number of theoretical and real-world applications [5, 19]. It is, therefore, no surprise that the theory of linear arithmetic is one of the most popular and best investigated theories for *satisfiability modulo theories* (SMT) solving [14, 15, 16].

This paper serves as a collection of our results based on the linear cube transformation. On its own, the linear cube transformation allows us to efficiently determine whether a system of linear arithmetic constraints contains a hypercube of a given edge length. We were able to develop several techniques based on this transformation that allow us to investigate linear arithmetic constraints in various ways. Here, we present our previous results [7, 8] on the linear cube transformation in more detail as well as some new applications (e.g., quantifier elimination).

Finding an integer solution for a polyhedron that is defined by a system of linear inequalities \(A x \le b\) is a well-known NP-complete problem [25]. This problem has been investigated in different research areas, e.g., in optimization via *(mixed) integer linear programming* (MILP) [19] and in constraint solving via *satisfiability modulo theories* (SMT) [4, 6, 11, 16]. For commercial MILP implementations, it is standard to integrate preprocessing techniques, heuristics, and specialized tests [19]. Although these techniques are not complete, they are much more efficient on their designated target systems of linear inequalities than a complete algorithm alone.

The SMT community is still in the process of developing a variety of specialized tests. A big challenge is to adopt the tests from the MILP community so that they still fit the requirements of SMT solving. SMT theory solvers have to solve a large number of incrementally connected, small systems of linear inequalities. Exploiting this incremental connection is key for making SMT theory solvers efficient [15]. In contrast, MILP solvers typically target one large system. The same holds for their specialized tests, which are not well suited to exploit incremental connections.

Based on the linear cube transformation, we present two tests tailored for SMT solvers: the *largest cube test* and the *unit cube test* [8]. The largest cube test finds a hypercube with maximum edge length contained in the input polyhedron, determines its rational valued center, and rounds it to a potential integer solution. The unit cube test determines if a polyhedron contains a hypercube with edge length one, which is the minimal edge length that guarantees an integer solution. Due to computational complexity, we restrict ourselves to those hypercubes that are parallel to the coordinate axes.

Most SMT linear integer arithmetic theory solvers are based on a branch-and-bound algorithm on top of the simplex algorithm. They search for a solution at the surface of a polyhedron. In contrast, our tests search in the interior of the polyhedron. This gives them an advantage on polyhedra with a large number of integer solutions, e.g., polyhedra with infinite lattice width [20].

SMT theory solvers are designed to efficiently exchange bounds [14]. This efficient exchange is the main reason why SMT theory solvers exploit the incremental connection between the different polyhedra so well. Our unit cube test also requires only an exchange of bounds. After applying the test, we can easily recover the original polyhedron by reverting to the original bounds. In doing so, the unit cube test conserves the incremental connection between the different original polyhedra. We make a similar observation about the largest cube test.

Equalities are a special instance of linear arithmetic constraints. They are useful in simplifying systems of arithmetic constraints [16], and they are essential for the Nelson–Oppen style combinations of theories [9]. However, they are also an obstacle for our fast cube tests. If a system of linear arithmetic constraints implies an equality, then it has only a surface and no interior; so our cube tests cannot explore an interior and will certainly fail. In order to expand the applicability of our cube tests, we have to develop methods that find, isolate, and eliminate implied equalities from systems of linear arithmetic constraints [7].

We can detect the existence of an implied equality by searching for a hypercube in our polyhedron. If the maximal edge length of such a hypercube is zero, there exists an implied equality. This test can be further simplified. By turning all inequalities into strict ones, the interior of the original polyhedron remains while the surface disappears. If the strict system is unsatisfiable, the original system has no interior and implies an equality. Based on an explanation of unsatisfiability for the strict system, the method generates an implied equality as an explanation.

We are also able to extend the above method into an algorithm that computes an equality basis, i.e., a finite representation of all equalities implied by a satisfiable system of linear arithmetic constraints. For this purpose, the algorithm repeatedly applies the above method to find, collect, and eliminate equalities from our system of constraints. When the system contains no more equalities, then the collected equalities represent an equality basis, i.e., any implied equality can be obtained by a linear combination of the equalities in the basis. The equality basis has many applications. If transformed into a substitution, it eliminates all equalities implied by our system of constraints, which results in a system of constraints with an interior and, therefore, improves the applicability of our cube tests. The equality basis also allows us to test whether a system of linear arithmetic constraints implies a given equality. We even extend this test into an efficient method that computes all pairs of equivalent variables inside a system of constraints. These pairs are necessary for the Nelson–Oppen style combination of theories.

While Hillier [17] was aware of the unit cube test, he applied it only to cones (a special class of polyhedra) as a subroutine in a new heuristic. His work never mentioned applications beyond cones, nor did he prove any structural properties connected to hypercubes. Hillier’s heuristic tailored for MILP optimization lost popularity as soon as interior point methods [21] became efficient in practice. Nonetheless, our cube tests remain relevant for SMT theory solvers because there are no competitive incremental interior point methods known.

Also, Bobot et al. [4] discuss relations between hypercubes and polyhedra including infinite lattice width and positive linear combinations between inequalities. Our largest cube test can also detect these relations because it is, with some minor changes, the dual of the linear optimization problem of Bobot et al. In contrast to the linear optimization problem of Bobot et al., our tests are closer to the original polyhedron and, therefore, easier to construct. Our cube tests also produce sample points and find solutions for polyhedra with finite lattice width.

Another method that provides a sufficient condition for the existence of an integer solution is the dark shadow of the omega test [26]. The dark shadow is based on Fourier–Motzkin elimination and its worst case runtime is double exponential. Although not practically advantageous, formulating the unit cube test through Fourier–Motzkin elimination allows us to put the sufficient conditions of the two methods in relation. Fourier–Motzkin elimination eliminates the variable *x* from a problem by combining each pair of inequalities \(a x \le p\) and \(q \le b x\) (with \(a, b > 0\)) into a new inequality \(a q - b p \le 0\). The dark shadow creates a stronger version (\(a q - b p \le a + b -a b\)) of the combined inequality to guarantee the existence of an integer solution for *x*. Formulating the unit cube test through Fourier–Motzkin elimination makes the combined inequality even stronger (\(a q - b p \le -a b\)). This means that the sufficient condition of the dark shadow subsumes the condition of the unit cube test. Still, our unit cube test is definable as a linear program and it is, therefore, computable in polynomial time. So the better condition of the dark shadow comes at the cost of being much harder to compute.

There also already exist several methods that find, isolate, and eliminate implied equalities [3, 27, 31, 32]. Hentenryck and Graf [32] define unique normal forms for systems of linear constraints with non-negative variables. To compute a normal form, they first eliminate all implied equalities from the system. To this end, they determine the lower bound for each inequality by solving one linear optimization problem. Similarly, Refalo [27] describes several incremental methods that use optimization to turn a satisfiable system of linear constraints in “revised solved form” into a system without any implied equalities. Rueß and Shankar also use this optimization scheme to determine a basis of implied equalities [28]. Additionally, they present a necessary but not sufficient condition for an inequality to be part of an equality explanation. During preprocessing, all inequalities not fulfilling this condition are eliminated, thus, reducing the number of optimization problems their method has to compute. However, this preprocessing step might be in itself expensive because it relies on a non-trivial fixed-point scheme. The method presented by Telgen [31] does not require optimization. He presents criteria to detect implied equalities based on the tableau used in the simplex algorithm, but he was not able to formulate an algorithm that efficiently computes these criteria. In the worst case, he has to pivot the simplex tableau until he has computed all possible tableaux for the given system of constraints. Another method that detects implied equalities was presented by Bjørner [3]. He uses Fourier Motzkin variable elimination to compute linear combinations that result in implied equalities.

Our methods that detect implied equalities do not require optimization, which is advantageous because SMT solvers are usually not fine-tuned for optimization. Moreover, we defined our methods for a rather general formulation of linear constraints, which allows us to convert our results into other representations, e.g., the tableau-and-bound representation used in Dutertre and de Moura’s version of the simplex algorithm (see Sect. 7), while preserving efficiency. Finally, our method efficiently searches for implied equalities. We neither have to check each inequality independently nor do we have to blindly pivot the simplex tableau. This also makes potentially expensive preprocessing techniques obsolete.

The paper is organized as follows: we define in Sect. 3 the linear cube transformation (Proposition 3) that allows us to efficiently compute whether a polyhedron contains a hypercube of a given edge length by solely changing the bounds of the inequalities. Based on this transformation, we develop in Sect. 4 two tests: the largest cube test and the unit cube test. Both tests find integer solutions for linear arithmetic constraints. For polyhedra with infinite lattice width, both tests always succeed (Lemma 4). Inside the SMT-LIB benchmarks, there are almost one thousand problem instances with infinite lattice width, and we show the advantage of our cube tests on these instances by comparing our implementation of the cube test with several state-of-the-art SMT solvers in Sect. 5. In Sect. 6, we show how to investigate equalities with the linear cube transformation. First, we introduce an efficient method for testing whether a system of linear arithmetic constraints implies a given equality (Sect. 6.1). Then, we extend the method so that it computes an equality basis for our system of constraints (Sect. 6.2). In Sect. 7 we start with an implementation of our methods as an extension of Dutertre and de Moura’s version of the simplex algorithm [14], which is integrated in many SMT solvers. The implementation generates justifications and preserves incrementality. The efficient computation of an equality basis can then be used in identifying equivalent variables for the Nelson–Oppen combination of theories. Section 8 concludes the paper including a further application of the linear cube transformation to quantifier elimination.

## 2 Preliminaries

While the difference between matrices, vectors, and their components is always clear in context, we generally use upper case letters for matrices (e.g., *A*), lower case letters for vectors (e.g., *x*), and lower case letters with an index *i* or *j* (e.g., \(b_i\), \(x_j\)) as components of the associated vector at position *i* or *j*, respectively. The only exceptions are the row vectors \(a_i^T = (a_{i1}, \ldots , a_{in})\) of a matrix \(A = (a_1, \ldots , a_m)^T\), which already contain an index *i* that indicates the row’s position inside *A*. In order to save space, we write vectors only implicitly as columns via the transpose operator \((\;)^T\), which turns all rows \((b_1, \ldots , b_m)\) into columns \((b_1, \ldots , b_m)^T\) and vice versa. We also abbreviate the *n*-dimensional origin \((0, \ldots , 0)^T\) as \(0^n\). Likewise, we abbreviate \((1,\ldots , 1)^T\) as \(1^n\).

In the context of SMT solvers, we have to deal with strict inequalities \(a_i^T x < b_i\) and non-strict inequalities \(a_i^T x \le b_i\) as our constraints, where \(a_i \in \mathbb {Q}^n\) and \(b_i \in \mathbb {Q}\). A system of constraints is, therefore, just a set of inequalities and the rational solutions of this system are exactly those points \(x \in \mathbb {Q}^n\) that satisfy all inequalities in this set. The rational solutions of this system also define a polyhedron in the \(\mathbb {Q}^n\), where each rational solution is equivalent to a point in the polyhedron. For this reason, we treat *polyhedra* and their definitions through a *system of inequalities* as interchangeable. In the case that our system contains only non-strict inequalities, the polyhedron is even *closed convex*, which entails two very useful properties: firstly, the closed convex polyhedron has a surface if it is neither empty nor encompasses the whole \(\mathbb {Q}^n\); secondly, any supremum \(h_{\max } = \sup \{ h^T x : x \in \mathbb {Q}^n \text{ satisfies } A x \le b\}\) is either \(h_{\max } = -\infty \) because there exists no point satisfying our constraints, \(h_{\max } = \infty \) because the supremum is unbounded, or there exists an actual maximum, i.e., there exists an \(x \in \mathbb {Q}^n\) that satisfies the constraints and its cost \(h^T x\) is equivalent to our supremum \(h_{\max }\).

If we also consider strict inequalities, then our polyhedron is no longer necessarily a closed convex set. This means we lose the above properties, which poses a problem when we want to adapt algorithms that originally deal only with non-strict inequalities so they can also deal with strict inequalities. For instance, the classical dual simplex algorithm [29] returns only rational solutions on the surface of the polyhedron defined by \(A x \le b\). It is, therefore, not trivial to adapt the classical dual simplex algorithm to also handle strict inequalities.

To avoid these problems, we instead model strict inequalities as non-strict inequalities by generalizing the field \(\mathbb {Q}\) for our inequality bounds \(b_i\) and variables \(x_i\) to \(\mathbb {Q}_{\delta }\) [14].

## Lemma 1

([14]) Let \(a_i \in \mathbb {Q}^n\) and \(b_i \in \mathbb {Q}\). Then a set of linear arithmetic constraints *S* containing strict inequalities \(S' = \{a_1^T x< b_1, \ldots , a_m^T x < b_m\}\) is satisfiable iff there exists a rational number \(\delta > 0\) such that \(S_{\delta '} = (S \cup S'_{\delta '}) \setminus S'\) is satisfiable for all \(\delta '\) with \(0 < \delta ' \le \delta \), where \(S'_{\delta '} = \{a_1^T x \le b_1 - \delta ', \ldots , a_m^T x \le b_m - \delta '\}\).

With the \(\delta \)-rationals, we are now able to formally define a system of constraints as \(A x \le b\). \(A x \le b\) is just an abbreviation for the set of inequalities \(\{a_1^T x \le b_1, \ldots , a_m^T x \le b_m\}\). The row coefficients are given by \(A = (a_1, \ldots , a_m)^T~\in ~\mathbb {Q}^{m \times n}\), the variables are given by \(x = (x_1, \ldots , x_n)^T\), and the inequality bounds are given by \(b = (b_1, \ldots , b_m)^T \in \mathbb {Q}^{m}_{\delta }\). Moreover, we assume that any constant rows \(a_i = 0^n\) were eliminated from our system during an implicit preprocessing step. This is a trivial task and eliminates some unnecessarily complicated corner cases. The \(\delta \)-coefficients \(q_i\) in the bounds \(b_i = p_i + q_i \delta \) can take on any value in \(\mathbb {Q}_{\delta }\). In case \(q_i = 0\), the inequality \(a_i^T x \le b_i\) is equivalent to the non-strict inequality \(a_i^T x \le p_i\). In case \(q_i < 0\), the inequality \(a_i^T x \le b_i\) is equivalent to the strict inequality \(a_i^T x < p_i\). In case \(q_i > 0\), we have no clear interpretation over the actual rationals (compare also Lemma 1). For instance, the two inequalities \(x \le \delta \) and \(-x \le -\delta \) describe a satisfiable system of constraints in \(\mathbb {Q}_{\delta }\), but there is no clear way of interpreting \(x \le \delta \) in \(\mathbb {Q}\). Beware also that our linear cube transformation can introduce positive \(\delta \)-coefficients in the bounds. But since we derive the transformation via a semantically clear construction, the semantic interpretation over the rationals is still discernible if the original system has only non-positive \(\delta \)-coefficients in its inequality bounds before the transformation.

For the remainder of the paper, we abbreviate with \(b_i^{\delta }\) the strict version of a given bound \(b_i \in \mathbb {Q}_{\delta }\). If the bound \(b_i\) is non-strict, i.e., \(b_i = (p_i,0)\), then the strict version is \(b_i^{\delta } := (p_i,-1)\). Otherwise, the bound \(b_i\) is already strict, i.e., \(b_i = (p_i,q_i)\) with \(q_i < 0\), and we just standardize the \(\delta \)-coefficient to \(-1\), i.e, \(b_i^{\delta } := (p_i,-1)\).

Since \(A x \le b\) and \(A' x \le b'\) are just sets, we can write their combination as \((A x \le b) \cup (A' x \le b')\). A special system of inequalities is a system of equations \(D x = c\), which is equivalent to the combined system of inequalities \((D x \le c) \cup (-D x \le -c)\). For such a system of equalities, the row coefficients are given by \(D = (d_1, \ldots , d_m)^T~\in ~\mathbb {Q}^{m \times n}\), the variables are given by \(x = (x_1, \ldots , x_n)^T\), and the equality bounds are given by \(c = (c_1, \ldots , c_m)^T \in \mathbb {Q}^{m}\).

We denote by \(P{^{A}_{ b}}= \{x \in \mathbb {Q}^n_{\delta } : A x \le b\}\) the *set of* \(\delta \)-*rational solutions* to the system of inequalities \(A x \le b\) and, therefore, the points inside the polyhedron. Similarly, we denote by \(C{_{e}}(z) = \left\{ x \in \mathbb {Q}^n_{\delta } : \forall j \in 1, \ldots , n. \; | x_j - z_j | \le \frac{e}{2} \right\} \) the set of points contained in the *n*-*dimensional hypercube* that is parallel to the coordinate axes, has *edge length* \(e \in \mathbb {Q}_{\delta }\) (with \(e \ge 0\)), and has *center* \(z \in \mathbb {Q}^n_{\delta }\). For the remainder of this paper, we consider only hypercubes that are parallel to the coordinate axes. For simplicity, we call these restricted hypercubes *cubes*.

Besides cubes and polyhedra, we use two norms in this paper. The first norm we use is the *maximum norm*. It is defined by: \(\left\| x \right\| _{ \infty } = \max \left\{ |x_1|, \ldots , |x_n| \right\} \), and we use it because it is closely related to our definition of cubes \(C{_{e}}(z)\), i.e., the condition in the definition of \(C{_{e}}(z)\) can also be expressed with the maximum norm: \(\left( \left\| x - z \right\| _{ \infty } \le \frac{e}{2} \right) \iff \left( \forall j \in 1, \ldots , n. \; | x_j - z_j | \le \frac{e}{2} \right) .\) The second norm we use is the *1-norm*, which is defined by: \(\left\| x \right\| _{ 1 } = \left( |x_1| + \ldots + |x_n| \right) \). We use it in Sect. 3 to define the linear cube transformation.

*closest integer*to

*x*as a point \(x' \in \mathbb {Z}^n\) with minimal distance \(\left\| x - x' \right\| _{ \infty }\). We also define the operators \(\lceil x_j \rfloor \) and \(\lceil x \rfloor \) such that they describe a

*closest integer*to \(x_j\) and

*x*, respectively. Formally, this means that \(\lceil x \rfloor = (\lceil x_1 \rfloor , \ldots , \lceil x_n \rfloor )^T\) and

*simple rounding*.

## Proposition 1

*x*, or formally:

We say that a polyhedron implies an inequality \(h^T x \le g\), where \(h \in \mathbb {Q}^n\), \(h \ne 0^n\), and \(g \in \mathbb {Q}_{\delta }\), if \(h^T x \le g\) holds for all \(x \in P{^{A}_{ b}}\). In the same manner, a polyhedron implies an equality \(h^T x = g\), where \(h \in \mathbb {Q}^n\), \(h \ne 0^n\), and \(g \in \mathbb {Q}\), if \(h^T x = g\) holds for all \(x \in P{^{A}_{ b}}\). An equality implied by \(A x \le b\) is *explicit* if the inequalities \(h^T x \le g\) and \(-h^T x \le -g\) appear in \(A x \le b\). Otherwise, the equality is *implicit*. Polyhedra implying equalities have only surface points and, therefore, neither an interior nor a center. Thus, all cubes that fit into a polyhedron implying an equality \(d^T x = c\) with \(d \ne 0^n\) have edge length zero.

In Sect. 6, we present a method that detects whether a polyhedron implies an equality at all and returns one such equality. To prove the correctness of this method, we use Farkas’ Lemma [5]. But first we have to proof that Farkas’ Lemma works with \(\delta \)-rationals:

## Lemma 2

\(A x \le b\) is unsatisfiable iff there exists a \(y \in \mathbb {Q}^m\) with \(y \ge 0^m\) and \(y^T A = 0^n\) so that \(y^T b < 0\), i.e., there exists a non-negative linear combination of inequalities in \(A x \le b\) that results in an inequality \(y^T A x \le y^T b\) that is constant and unsatisfiable.

## Proof

Let us first consider the case where \(A x \le b\) is unsatisfiable. Dutertre and de Moura’s version of the dual simplex algorithm is a complete and correct algorithm for determining the satisfiability of a linear arithmetic problem over the \(\delta \)-rationals [14]. In case the problem is unsatisfiable, the algorithm returns a conflict explanation, which can be turned, together with the final simplex tableau, into the non-negative linear combination \(y \in \mathbb {Q}^m\) we are looking for. Let us now consider the case where \(x \in \mathbb {Q}_{\delta }^n\) is a solution for \(A x \le b\). If *x* is a solution to the inequalities in \(A x \le b\), then it is also a solution to any non-negative linear combination of inequalities in \(A x \le b\). \(\square \)

Our method that detects implied equalities transforms our original polyhedron \(A x \le b\) into a second polyhedron \(A' x \le b'\) that is unsatisfiable if \(A x \le b\) implies an equality. We also show how to extract an equality implied by \(A x \le b\) from a *minimal* set *C* of unsatisfiable inequalities in \(A' x \le b'\). We call an unsatisfiable set *C* of inequalities *minimal* if every proper subset \(C' \subset C\) is satisfiable. If a polyhedron \(A x \le b\) is unsatisfiable, there exists a minimal set *C* of unsatisfiable inequalities so that every inequality in *C* appears also in \(A x \le b\) [14]. We call such a minimal set *C* an *explanation* for \(A x \le b\)’s unsatisfiability. In case we are investigating a minimal set of unsatisfiable inequalities, we can refine Farkas’ Lemma:

## Lemma 3

([7]) Let \(C = \{{a}_i^T x \le b_i : 1 \le i \le {m} \}\) be a minimal set of unsatisfiable constraints. Let \({A} = ({a}_1, \ldots , {a}_{m})^T\) and \(b = (b_1, \ldots , b_{m})^T\). Then it holds for every \(y \in \mathbb {Q}^{m}\) with \(y \ge 0^n\), \(y^T A = 0^n\), and \(y^T b < 0\) that \(y_i > 0\) for all \(i \in \{1, \ldots , m\}\).

## 3 Fitting cubes into polyhedra

We say that a cube \(C{_{e}}(z)\) *fits* into a polyhedron defined by \(A x \le b\) if all points inside the cube \(C{_{e}}(z)\) are solutions of \(A x \le b\), or formally: \(C{_{e}}(z) \subseteq P{^{A}_{ b}}\). In order to compute this, we transform the polyhedron \(A x \le b\) into another polyhedron \(A x \le b'\). For this new polyhedron, we merely have to test whether the cube’s center point *z* is a solution (\(z \in P{^{A}_{ b'}}\)) in order to also determine whether the cube \(C{_{e}}(z)\) fits into the original polyhedron. This is a simple test that requires only evaluation. We call this entire transformation the *linear cube transformation*.

We start explaining the linear cube transformation by looking at the case where the polyhedron is defined by a single inequality \(a_i^T x \le b_i\). A cube \(C{_{e}}(z)\) fits into the inequality \(a_i^T x \le b_i\) if all points inside the cube \(C{_{e}}(z)\) are solutions of \(a_i^T x \le b_i\), or formally: \(\forall x \in C{_{e}}(z). \; a_i^T x \le b_i\).

*z*(see Fig. 1b), or formally: \(x^v = \left( z_1 \pm \frac{e}{2}, \ldots , z_n \pm \frac{e}{2}\right) ^T\). If we insert the above equation into the objective function \(a_i^T x\), we get: \(a_i^T \left( z_1 \pm \frac{e}{2}, \ldots , z_n \pm \frac{e}{2} \right) ^T = a_i^T z + \frac{e}{2} \sum _{j = 1}^n \pm a_{ij} \,,\) which in turn is maximal if we choose \(x^v\) such that \(\pm a_{ij}\) is always positive:

## Proposition 2

Let \(C{_{e}}(z)\) be a cube and \(a_i^T x \le b_i\) be an inequality. All \(x \in C{_{e}}(z)\) fulfill \(a_i^T x \le b_i\) if and only if \(a_i^T z \le b_i - \frac{e}{2} \left\| a_i \right\| _{ 1 }\).

*m*optimization problems:

*m*inequalities:

## Proposition 3

Let \(C{_{e}}(z)\) be a cube and \(A x \le b\) be a polyhedron. \(C{_{e}}(z) \subseteq P{^{A}_{ b}}\) if and only if \(A z \le b'\), where \(b'_i = b_i - \frac{e}{2} \left\| a_{i} \right\| _{ 1 }\).

Until now, we have discussed how to use the linear cube transformation to determine if one cube \(C{_{e}}(z)\) with fixed center point *z* fits into a polyhedron. A generalization of this problem determines whether a polyhedron \(A x \le b\) contains a cube of edge length *e* at all. Actually, a closer look at the transformed polyhedron \(A x \le b'\) reveals that the linear cube transformation (\(b'_i = b_i - \frac{e}{2} \left\| a_{i} \right\| _{ 1 }\)) is dependent only on the edge length *e* of the cube. Therefore, the solutions \(P{^{A}_{ b'}}\) of the transformed polyhedron \(A x \le b'\) are exactly all center points of cubes with edge length *e* that fit into the original polyhedron \(A x \le b\) (see Fig. 1c). By determining the satisfiability of the transformed polyhedron \(A x \le b'\), we can now also determine whether a polyhedron \(A x \le b\) contains a cube of edge length *e* at all. If we choose a suitable algorithm, e.g., the simplex algorithm, then we even get the center point *z* of a cube \(C{_{e}}(z)\) that fits into \(A x \le b\). This observation is the foundation for the cube tests that we present in Sect. 4.

## 4 Fast cube tests

A polyhedron \(A x \le b\) has an integer solution if and only if \(P{^{A}_{ b}} \cap \mathbb {Z}^n \ne \emptyset \), i.e., if the set of rational solutions contains an integer point. In this section, we show how to use the linear cube transformation to find such an integer solution. In contrast to arbitrary polyhedra, determining whether a cube \(C{_{e}}(z)\) contains an integer point is easy. Because of the cubes symmetry, it is enough to test whether it contains a closest integer point \(\lceil z \rfloor \) to the center *z*.

## Proposition 4

A cube \(C{_{e}}(z)\) contains an integer point if and only if it contains a closest integer point \(\lceil z \rfloor \) to the center *z*.

Note that every point \(z \in \mathbb {Q}_{\delta }^n\) is also a cube \(C{_{0}}(z)\) of edge length 0. In order to be efficient, our tests look only at cubes with special properties. In the case of the largest cube test, we check for an integer solution in one of the largest cubes fitting into the polyhedron \(A x \le b\). In the case of the unit cube test, we look for a cube of edge length one, which always guarantees an integer solution. Due to these restrictions, both tests are not complete but very fast to compute.

### 4.1 Largest cube test

*simple rounding*. For simple rounding, the ILP solver computes a rational solution

*x*for a set of inequalities,

*rounds*it to a closest integer \(\lceil x \rfloor \), and determines whether this point is an integer solution. Not all types of rational solutions are good candidates for this test to be successful. Especially

*surface points*, such as

*vertices*, the usual output of the simplex algorithm, are not good candidates for rounding. For many polyhedra,

*center and interior points*

*z*are a better choice because all integer points adjacent to

*z*are solutions, including a closest integer point \(\lceil z \rfloor \).

*z*of this largest cube and the associated edge length

*e*with the following linear program (LP):

*e*. Additionally, this linear program maximizes the edge length as an optimization goal. If the resulting maximum edge length is unbounded, the original polyhedron contains cubes of arbitrary edge length (see Fig. 2b) and, thus, infinitely many integer solutions. Since the linear program contains all solutions of the original polyhedron (see \(x_e = 0\)), the original polyhedron is empty if and only if the above linear program is infeasible. If the maximum edge length is a finite value

*e*, we use the resulting assignment

*z*for the variables

*x*as a center point and \(C{_{e}}(z)\) is a largest cube that fits into the polyhedron. From the center point, we round to a closest integer point \(\lceil z \rfloor \) and determine if it fits into the original polyhedron. If this is the case, we are done because we have found an integer solution for \(A x \le b\). Otherwise, the largest cube test does not know whether or not \(A x \le b\) has an integer solution. An example for the latter case, are the following inequalities: \(3x_1 - x_2 \le 0\), \(-2x_1-x_2 \le -2\), and \(-2x_1 + x_2 \le 1\). These inequalities have exactly one integer solution \((1,3)^T\), but the largest cube contained by the inequalities has edge length \(e = \frac{3}{17}\) and center point \((\frac{3}{17},\frac{3}{2})^T\), which rounds to \((0,2)^T\).

The largest cube test also upholds the incremental advantages of Dutertre and de Moura’s version of the dual simplex algorithm [14]. The only difference is the extra column \(a' \frac{x_e}{2}\), which the theory solver can internally create while it is notified of all potential arithmetic literals. Adding this column from the start does not influence the correctness of the solution because \(x_e \ge 0\) guarantees that the largest cube test is satisfiable exactly when the original inequalities \(A x \le b\) are satisfiable. Even for explanations of unsatisfiability, it suffices to remove the bound \(x_e \ge 0\) to obtain an explanation for the original inequalities \(A x \le b\). The only disadvantage is the additional variable \(x_e\), which only shrinks the search space when it is increased. Therefore, increasing \(x_e\) can never resolve any conflicts during the satisfiability search. The simplex solver recognizes this with at least one additional pivot that sets \(x_e\) to 0. Hence, adding the extra column \(a' \frac{x_e}{2}\) from the beginning has only constant influence on the theory solver’s run-time, and is therefore negligible.

### 4.2 Unit cube test

Most SMT solvers implement a simplex algorithm that is specialized towards feasibility and not towards optimization [1, 14, 16, 24]. Therefore, a test based on optimization, such as the largest cube test, does not fit well with existing implementations. As an alternative, we have developed a second test based on cubes that does not need optimization.

We avoid optimization by fixing the edge length *e* to the value 1 for all the cubes \(C{_{e}}(z)\) we consider (see Fig. 2c). We do so because cubes \(C{_{1}}(z)\) of edge length 1 are the smallest cubes to always guarantee an integer solution, independent of the center point *z*. A cube with edge length 1 is also called a *unit cube*. To prove this guarantee, we first fix \(e = 1\) in the definition of cubes, \(C{_{1}}(z) = \left\{ x \in \mathbb {Q}_{\delta }^n : \forall j \in 1, \ldots , n. \; | x_j - z_j | \le \frac{1}{2} \right\} \), and look at the following property for the rounding operator \(\lceil . \rfloor \): \(\forall z_j \in \mathbb {Q}_{\delta }. |\lceil z_j \rfloor - z_j | \le \frac{1}{2}\). We see that any unit cube contains a closest integer \(\lceil z \rfloor \) to its center point *z*. Furthermore, 1 is the smallest edge length that guarantees an integer solution for a cube with center point \(z = (\ldots , \frac{1}{2}, \ldots )^T\). Thus, 1 is the smallest value that we can fix as an edge length to guarantee an integer solution for all cubes \(C{_{1}}(z)\).

### 4.3 Mixed linear integer and rational arithmetic

We can also extend our cube tests to the theory of mixed linear integer and rational arithmetic. In this theory, we partition our variables \(x = (x_1, \ldots , x_n)^T\) into two vectors: the integer variables \(x^{\mathbb {Z}} = (x^{\mathbb {Z}}_1, \ldots , x^{\mathbb {Z}}_{{k}})^T\) and the rational variables \(x^{\mathbb {Q}} = (x^{\mathbb {Q}}_1, \ldots , x^{\mathbb {Q}}_{{t}})^T\). Based on this partitioning, we also split the coefficient matrix *A* into two matrices \(A = (S, R)\), where \(S = (s_1, \ldots , s_m)^T~\in ~\mathbb {Q}^{m \times {k}}\) defines the coefficients for the integer variables and \(R = (r_1, \ldots , r_m)^T~\in ~\mathbb {Q}^{m \times {t}}\) defines the coefficients for the rational variables. The system has a solution if there exists an integer assignment for the variables \(x^{\mathbb {Z}}\) and a rational assignment for the variables \(x^{\mathbb {Q}}\) that satisfies our system of inequalities \(s_i^T x^{\mathbb {Z}} + r_i^T x^{\mathbb {Q}} \le b_i\) (for \(i = 1, \ldots , m\)).

*z*is a rational solution for the overall polyhedron, then simple rounding applies \(\lceil . \rfloor \) only to the components \(z^{\mathbb {Z}}\) of

*z*that correspond to integer variables. The same holds for our fast cube tests. Instead of looking for hypercubes of the same dimension

*n*as the number of total variables, we are looking for hypercubes of dimension

*k*that expand in the directions that correspond to integer variables, but are flat in the directions that correspond to rational variables. Such a hypercube of dimension \({\mathrm {n1}}\) with center point

*z*is defined as the set:

## Proposition 5

Let \(F{_{e}}(z)\) be a flat cube of dimension *k* and \(S x^{\mathbb {Z}} + R x^{\mathbb {Q}} \le b\) be a polyhedron. \(F{_{e}}(z) \subseteq P{^{A}_{ b}}\) if and only if \(S z^{\mathbb {Z}} + R z^{\mathbb {Q}} \le b'\), where \(b'_i = b_i - \frac{e}{2} \left\| s_{i} \right\| _{ 1 }\).

*z*of this largest cube and the associated edge length

*e*with the following LP:

*z*we receive a candidate mixed integer rational solution by applying the rounding operator \(\lceil . \rfloor \) to the components \(z^{\mathbb {Z}}\) of

*z*that correspond to integer variables. For the unit cube test, we search for a cube \(F{_{1}}(z)\) that is flat in the directions that correspond to rational variables, has edge length 1, and fits into the polyhedron \(S x^{\mathbb {Z}} + R x^{\mathbb {Q}} \le b\). A linear program that accomplishes this task is: \( S x^{\mathbb {Z}} + R x^{\mathbb {Q}} \le b', \text{ where } b'_i = b_i - \frac{1}{2}\left\| s_i \right\| _{ 1 } \,.\)

Again, 1 is the smallest value that we can fix as an edge length to guarantee a mixed rational integer solution for all cubes \(F{_{1}}(z)\).

## 5 Experiments

*infinite lattice width*polyhedron [20]. A polyhedron \(A x \le b\) has

*infinite lattice width*if for every objective \(c \in \mathbb {Q}^n \setminus \{0^n\}\), either its maximum or minimum objective value is unbounded:

## Lemma 4

([8]) Let \(A x \le b\) be a polyhedron. Let \(a' \in \mathbb {Q}^m\) be a vector such that its components are \(a'_i = \left\| a_i \right\| _{ 1 }\). Then \(A x \le b\) contains a cube \(C{_{e}}(z)\) for every non-negative \(e \in \mathbb {Q}_{\delta }\) if and only if \(A x \le b\) has infinite lattice width.

We have found instances of polyhedra with the infinite lattice width property in some classes of the SMT-LIB benchmarks. These instances are 229 of the 233 *dillig* benchmarks designed by Dillig et al. [11], 503 of the 591 *CAV-2009* benchmarks also by Dillig et al. [11], 229 of the 233 *slacks* benchmarks which are the dillig benchmarks extended with slack variables [18], and 19 of the 37 *prime-cone* benchmarks, that is, “a group of crafted benchmarks encoding a tight *n*-dimensional cone around the point whose coordinates are the first *n* prime numbers” [18]. The remaining problems (4 from dillig, 88 from CAV-2009, 4 from slacks, and 18 from prime-cone) do not have infinite lattice width because they are either tightly bounded or unsatisfiable. For our experiments, we look only at the instances of those benchmark classes that actually fulfill the infinite lattice width property.

Using these benchmark instances, we have confirmed our theoretical assumptions (Lemma 4) in practice. We integrated the unit cube test into our own branch-and-bound solver *SPASS-IQ* (http://www.spass-prover.org/spass-iq) and ran it on the infinite lattice width instances; once with the unit cube test turned on (*SPASS-IQ-0.1+uc*) and once with the test turned off (*SPASS-IQ-0.1*). For every problem, SPASS-IQ-0.1+uc applies the unit cube test exactly once. This application happens before we start the branch-and-bound approach. We also compared our solver with state-of-the-art SMT solvers for linear integer arithmetic: *cvc4-1.4* [1], *mathsat5-3.13* [10], *yices2.5.1* [13], and *z3-4.4.1* [24]. All these solvers employ a branch-and-bound approach with an underlying dual simplex solver [14]. The only exception is mathsat5, which, subsequent to our first publication on the unit cube test [8], now also performs the unit cube test in advance. That is why we also test mathsat5 once with the unit cube test turned on (mathsat5-3.13+uc) and once with the test turned off (mathsat5-3.13).

Experimental results

Benchmark name | CAV-2009 | DILLIG | PRIME-CONE | SLACKS | ROTATE | |||||
---|---|---|---|---|---|---|---|---|---|---|

#Instances | 503 | 229 | 19 | 229 | 229 | |||||

Solvers | Solved | Time | Solved | Time | Solved | Time | Solved | Time | Solved | Time |

SPASS-IQ-0.1+uc | | 22 | | 9 | | 0.4 | | | | |

SPASS-IQ-0.1 | | 713 | | 218 | | 0.4 | 197 | 95 | | 214 |

ctrl-ergo | | | | | | 0.4 | | 46 | 24 | 6760 |

cvc4-1.4 | 467 | 12903 | 206 | 4146 | 18 | 3 | 152 | 4061 | 208 | 6964 |

mathsat5-3.13+uc | | 42.37 | | 18 | | 0.4 | | 39 | | 21 |

mathsat5-3.13 | 500 | 4601 | 225 | 2315 | | 3.5 | 181 | 4573 | | 1507 |

yices-2.5.1 | 469 | 11403 | 213 | 2553 | | | 147 | 5725 | 180 | 10073 |

z3-4.4.1 | 466 | 682 | 213 | 475 | | | 158 | 371 | 213 | 473 |

Our solver that employs the unit cube test solves all instances with the application of the unit cube test and is 25 times faster than our solver without the test. The SMT theory solvers in their standard setting were not able to solve all instances within the allotted time. Moreover, our unit cube test was over 100 times faster than any state-of-the-art SMT solver without the unit cube test. The results for mathsat5 further support the superiority of the test.

*ctrl-ergo*solver, which includes a subroutine that is essentially the dual to our largest cube test [4]. As expected, both approaches are comparable for infinite lattice width polyhedra. In order to also compare the two approaches on benchmarks without infinite lattice width, we created the

*rotate*benchmarks by adding the same four inequalities to all infinite width instances of the dillig benchmarks. These four inequalities essentially describe a square bounding the variables \(x_0\) and \(x_1\) in an interval \([-u,u]\). For a large enough choice of

*u*(e.g., \(u = 2^{10}\)), the square is so large that the benchmarks are still satisfiable and not absolutely trivial for branch-and-bound solvers. To add a challenge, we rotated the square by a small factor 1 /

*r*, which resulted in the following four inequalities:

*rotate*benchmarks are very hard because its subroutine detects only infinite lattice width. Without infinite lattice width, ctrl-ergo starts its search from the boundaries of the polyhedron instead of looking at the polyhedron’s interior. We can even control the number of iterations (\(r^2\)) ctrl-ergo spends on the parts of the boundary without any integer solutions if we choose

*r*accordingly (e.g., \(r = 2^{10}\)). In contrast, we use our cube tests to also extract interior points for rounding. This difference makes our tests much more stable under small changes to the polyhedron.

There exist alternative methods for solving linear integer constraints that do not rely on a branch-and-bound approach [6, 18]. These have not yet matured enough to be competitive with our tests or state-of-the-art SMT theory solvers.

Most problems in the linear integer arithmetic SMT-LIB benchmarks with finite lattice width can be solved without using any actual integer arithmetic techniques. A standard simplex solver for the rationals typically finds a rational solution for such a problem that is also an integer solution. Applying the unit cube test on these trivial problem classes is a waste of time. In the worst case, it doubles the eventual solution time. For these examples it is beneficial to first compute a general rational solution and to check it for integer satisfiability before applying the unit cube test. This has the additional benefit that rational unsatisfiable problems are filtered out before applying the unit cube test. The unit cube test is also guaranteed to fail on problems containing boolean variables, i.e., variables that are either 0 or 1, unless they are absolutely trivial and describe a unit cube themselves. Whenever the problem contains a boolean variable, it is beneficial to skip the unit cube test. This is also the reason why we provide no experimental results for the theory of mixed linear integer and rational arithmetic, i.e., the few mixed benchmarks available in the SMT-LIB all contain boolean variables.

## 6 From cubes to equalities

If a polyhedron implies an equality, then it has only surface points and neither an interior nor a center. There is no way such a polyhedron contains a unit cube and a largest cube has edge length zero and is just a point in the original polyhedron. Equalities are, therefore, a challenge for the applicability of our cube tests.

There even exist systems of inequalities that imply infinitely many equalities. For instance, the system consisting of the inequalities \(-2x_1 +x_2 \le -2\), \(x_1 + 3x_2 \le 8\), and \(x_1 -2x_2 \le -2\) has only one rational solution: the point \((x_1,x_2) = (2,2)\). Therefore, it implies the equalities \(-2x_1 +x_2 = -2\) and \(x_1 + 3x_2 = 8\), and all linear combinations of those two equalities, i.e., \(\lambda _1 \cdot (-2x_1 +x_2) + \lambda _2 \cdot (x_1 + 3x_2) = \lambda _1 \cdot (-2) + \lambda _2 \cdot 8\) for all \(\lambda _1, \lambda _2 \in \mathbb {Q}\). The above example also points us to another fact about equalities: there exists a finite representation of all equalities implied by a system of inequalities—even if the system implies infinitely many equalities.

*equality basis*for a satisfiable system of inequalities \(A x \le b\). An equality basis is a system of equalities \(D' x = c'\) such that all (explicit and implicit equalities) implied by \(A x \le b\) are linear combinations of equalities from \(D' x = c'\). We prefer to represent each equality basis \(D' x = c'\) as an equivalent system of equalities \(y - D z = c\) such that \(y = (y_1, \ldots , y_{n_y})^T\) and \(z = (z_1, \ldots , z_{n_z})^T\) are a partition of the variables in

*x*, \(D \in \mathbb {Q}^{n_y \times n_z}\), and \(c \in \mathbb {Q}^{n_y}\). The existence of such an equivalent system of equalities is guaranteed by Gaussian elimination. Moreover, each variable \(y_i\) appears exactly once in the system \(y - D z = c\), that is to say, \(y_i\) appears only in the row \(y_i - d_i^T z_i = c_i\). We choose to represent our equality bases in this manner because this form also correlates to a distinct substitution \(\sigma ^{D,c}_{y,z}\) that replaces variable \(y_i\) with \(c_i + {d}_i^T z\):

*y*nor implies any equalities.

^{1}And the substitution \(\sigma ^{D,c}_{y,z}\) for the equality basis \(y - D z = c\) has even further applications. For instance, we can directly check whether an equality \(h^T x = g\) is a linear combination of \(y - D z = c\) and, therefore, implied by both \(A x \le b\) and \(y - D z = c\). We simply apply \(\sigma ^{D,c}_{y,z}\) to \(h^T x = g\) and see if it simplifies to \(0 = 0\). We even use \(\sigma ^{D,c}_{y,z}\) for the

*Nelson–Oppen*style combination of theories (see Sect. 7).

### 6.1 Finding equalities

The first step in computing an equality basis for a polyhedron \(A x \le b\) is to detect whether the system contains any equalities. We have already stated a criterion that detects this:

## Lemma 5

([8]) Let \(A x \le b\) be a polyhedron. Then exactly one of the following statements is true: (1) \(A x \le b\) implies an equality \(h^T x = g\) with \(h \ne 0^n\), or (2) \(A x \le b\) contains a cube with edge length \(e > 0\).

A cube with positive edge length is enough to prove that there exists no implied equality. The actual edge length *e* of this cube is not relevant. Therefore, we can assume that the edge length *e* is arbitrarily small. We can even assume that our edge length is so small that we can ignore the different multiples \(\left\| a_i \right\| _{ 1 }\) and any infinitesimals introduced by strict inequalities. We just have to turn all of our inequalities into strict inequalities.

## Lemma 6

Let \(A x \le b\) be a polyhedron, where \(a_i \ne 0^n\), \(b_i = (p_i,q_i)\), \(q_i \le 0\), and \(b^{\delta }_i = (p_i,-1)\) be the strict versions of the bounds \(b_i\) for all \(i \in \{1, \ldots , m\}\). Then the following statements are equivalent: (1) \(A x \le b\) contains a cube with edge length \(e > 0\), and (2) \(A x \le b^{\delta }\) is satisfiable.

## Proof

(1) \(\Rightarrow \) (2): If \(A x \le b\) contains a cube of edge length \(e > 0\), then \(A x \le b - a'\) is satisfiable, where \(a'_i = \frac{e}{2}\left\| a_i \right\| _{ 1 }\). By Lemma 1, we know there exists a \(\delta \in \mathbb {Q}\) such that \(A x \le p + q \delta - a'\). Now, let \(\delta ' = \min \{ a'_i - q_i \delta : i = 1, \ldots , m\}\). Since \(a'_i - q_i \delta \ge \delta '\), it holds that \(A x \le p - \delta ' 1^m\). Since \(q_i \le 0\) and \(a'_i = \left\| a_i \right\| _{ 1 } > 0\), it also holds that \(\delta ' > 0\). By Lemma 1, we deduce that \(A x < p\) and, therefore, \(A x \le b^{\delta }\) holds.

(2) \(\Rightarrow \) (1): If \(A x \le b^{\delta }\) is satisfiable, then we know by Lemma 1 that there must exist a \(\delta > 0\) such that \(A x \le p - \delta 1^m\) holds. Let \(a_{\max } = \max \{\left\| a_i \right\| _{ 1 } : i = 1, \ldots , m\}\), \(\delta ' = \frac{\delta }{2}\), and \(e = \frac{\delta }{a_{\max }}\). Then \(p_i - \delta = p_i - \delta ' - \frac{e}{2}a_{\max } \le b_i - \frac{e}{2}\left\| a_i \right\| _{ 1 }\). Thus, \(A x \le b\) contains a cube with edge length \(e > 0\). \(\square \)

In case \(A x \le b^{\delta }\) is unsatisfiable, \(A x \le b\) contains no cube with positive edge length and, therefore by Lemma 5, an equality. In case \(A x \le b^{\delta }\) is unsatisfiable, the algorithm returns an explanation, i.e., a minimal set *C* of unsatisfiable constraints \(a_i^T x \le b^{\delta }_i\) from \(A x \le b^{\delta }\). If \(A x \le b\) itself is satisfiable, we can extract equalities from this explanation: for every \(a_i^T x \le b^{\delta }_i \in C\), \(A x \le b\) implies the equality \(a_i^T x = b_i\).

## Lemma 7

Let \(A x \le b\) be a satisfiable polyhedron, where \(a_i \ne 0^n\), \(b_i = (p_i,q_i)\), \(q_i \le 0\), and \(b^{\delta }_i = (p_i,-1)\) for all \(i \in \{1, \ldots , m\}\). Let \(A x \le b^{\delta }\) be unsatisfiable. Let *C* be a minimal set of unsatisfiable constraints \(a_i^T x \le b^{\delta }_i\) from \(A x \le b^{\delta }\). Then it holds for every \(a_i^T x \le b^{\delta }_i \in C\) that \(a_i^T x = b_i\) is an equality implied by \(A x \le b\).

## Proof

Because of transitivity of the subset and implies relationships, we can assume that \(A x \le b\) and \(A x \le b^{\delta }\) contain only the inequalities associated with the explanation *C*. Therefore, \(C = \{a_1^T x \le b^{\delta }_1, \ldots , a_{m}^T x \le b^{\delta }_{m}\}\). By Lemma 2 and \(A x \le b^{\delta }\) being unsatisfiable, we know that there exists a \(y \in \mathbb {Q}^m\) with \(y \ge 0\), \(y^T A = 0^n\), and \(y^T b^{\delta } < 0\). By Lemma 2 and \(A x \le b\) being satisfiable, we know that \(y^T b \ge 0\) is also true. By Lemma 3, we know that \(y_k > 0\) for every \(k \in \{1, \ldots , m\}\).

Now, we use \(y^T b^{\delta } < 0\), \(y^T b \ge 0\), and the definitions of < and \(\le \) for \(\mathbb {Q}_{\delta }\) to prove that \(y^T b = 0\) and \(b = p\). Since \(y^T b^{\delta } < 0\), we get that \(y^T p \le 0\). Since \(y^T b \ge 0\), we get that \(y^T p \ge 0\). If we combine \(y^T p \le 0\) and \(y^T p \ge 0\), we get that \(y^T p = 0\). From \(y^T p = 0\) and \(y^T b \ge 0\), we get \(y^T q \ge 0\). Since \(y > 0\) and \(q_i \le 0\), we get that \(y^T q = 0\) and \(q_i = 0\). Since \(q_i = 0\), \(b = p\).

### 6.2 Computing an equality basis

We now present the algorithm \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\) (Fig. 3) that computes an equality basis for a polyhedron \(A' x \le b'\). In a nutshell, \({{\mathrm{{\texttt {EqBasis}}}}}\) iteratively detects and removes equalities from our system of inequalities and collects them in a system of equalities until it has a complete equality basis. To this end, \({{\mathrm{{\texttt {EqBasis}}}}}\) computes in each iteration one system of inequalities \(A z \le b\) and one system of equalities \(y - D z = c\) such that \(A' x \le b'\) is equivalent to \((y - D z = c) \cup (A z \le b)\). While the variables *z* are completely defined by the inequalities \(A z \le b\), the equalities \(y - D z = c\) extend any assignment from the variables *z* to the variables *y*. Initially, *z* is just *x*, \(y - D z = c\) is empty, and \(A z \le b\) is just \(A' x \le b'\).

In every iteration *l* of the while loop, \({{\mathrm{{\texttt {EqBasis}}}}}\) eliminates one equality \(a_i^T z = b_i\) from \(A z \le b\) and adds it to \(y - D z = c\). \({{\mathrm{{\texttt {EqBasis}}}}}\) finds this equality based on the techniques we presented in the Lemmas 6 and 7 (line 3). If the current system of inequalities \(A z \le b\) implies no equality, then \({{\mathrm{{\texttt {EqBasis}}}}}\) is done and returns the current system of equalities \(y - D z = c\). Otherwise, \({{\mathrm{{\texttt {EqBasis}}}}}\) turns the found equality \(a_i^T z = b_i\) into a substitution \(\sigma ' := \{ z_k \mapsto \frac{b_{i}}{a_{ik}} - \sum _{j = 1, j \ne k}^n \frac{a_{ij}}{a_{ik}} z_j \}\) (line 7) and applies it to \(A z \le b\) (line 9). This has the following effects: (1) the new system of inequalities \(A' z' \le b'\) implies no longer the equality \(a_i^T z = b_i\); and (2) it no longer contains the variable \(z_k\). Next, we apply \(\sigma '\) to our system of equalities (line 10) and concatenate the equality \(z_k + \sum _{j = 1, j \ne k}^n \frac{a_{ij}}{a_{ik}} z_j = \frac{b_{i}}{a_{ik}}\) to the end of \((y - D z = c) \sigma '\). This has the following effects: (1) the new system of equalities \(y' - D' z' = c'\) implies \(a_i^T z = b_i\); and (2) the variable \(z_k\) appears exactly once in \(y' - D' z' = c'\). This means that we can now re-partition our variables so that \(z := (z_1, \ldots , z_{k-1}, z_{k+1}, \ldots , z_n)^T\) and \(y_l := z_k\) to get two new systems \(A z \le b\) and \(y - D z = c\) that are equivalent to our original polyhedron (line 11). Finally, we remove all rows \(0 \le 0\) from \(A z \le b\) because those rows are trivially satisfied but would obstruct the detection of equalities with Lemma 6.

To prove the correctness of the algorithm, we first need to prove that moving the equality from our system of inequalities to our system of equalities preserves equivalence, i.e, the systems \((A z \le b) \cup (y - D z = c)\) and \((A' z' \le b') \cup (y' - D' z' = c')\) are equivalent in line 10.

## Lemma 8

Let \(A z \le b\) be a system of inequalities. Let \(y - D z = c\) be a system of equalities. Let \(h^T z = g\) be an equality implied by \(A z \le b\) with \(h_k \ne 0\). Let \(\sigma ' := \{ z_k \mapsto \frac{g}{h_{k}} - \sum _{j = 1, j \ne k}^n \frac{h_{j}}{h_{k}} z_j \}\) be a substitution based on this equality. Let \(y' := (y_1, \ldots , y_l, z_k)^T\) and \(z' := (z_1, \ldots , z_{k-1}, z_{k+1}, \ldots , z_n)^T\). Let \((A' z' \le b') := (A z \le b) \sigma '\). Let \((y' - D' z' = c') := (y - D z = c) \sigma ' \cup \{ z_k + \sum _{j = 1, j \ne k}^n \frac{h_{j}}{h_{k}} z_j = \frac{g}{h_{k}}\}\). Let \(u \in \mathbb {Q}_{\delta }^{n_y}\), \(v \in \mathbb {Q}_{\delta }^{n_z}\), \(u' = (u_1, \ldots , u_{n_y}, v_k)^T\), and \(v' = (v_1, \ldots , v_{k-1}, v_{k+1}, \ldots , v_{n_z})^T\). Then \((A v \le b) \cup (u - D v = c)\) is true if and only if \((A' v' \le b') \cup (u' - D' v' = c')\) is true.

## Proof

First, we create a new substitution \(\sigma _v := \{ z_k \mapsto \frac{g}{h_{k}} - \sum _{j = 1, j \ne k}^n \frac{h_{j}}{h_{k}} v_j \}\) that is equivalent to \(\sigma '\) except that it directly assigns the variables \(z_i\) to their values \(v_i\). Let us now assume that either \((A v \le b) \cup (u - D v = c)\) or \((A' v' \le b') \cup (u' - D' v' = c')\) is true. This means that \(h^T v = g\) is also true, either by definition of \((A v \le b)\) or \((u' - D' v' = c')\). But \(h^T v = g\) is true also implies that \(v_k = \frac{g}{h_{k}} - \sum _{j = 1, j \ne k}^n \frac{h_{j}}{h_{k}} v_j\) is true. Therefore, \(\sigma _v\) simplifies to the assignment \(z_k \mapsto v_k\). So \((A v \le b) \cup (u - D v = c)\) and \((A' v' \le b') \cup (u' - D' v' = c')\) simplify to the same expressions and if one combined system is true, so is the other. \(\square \)

The algorithm \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\) decomposes the original system of inequalities \(A' x \le b'\) into a reduced system \(A z \le b\) that implies no equalities, and an equality basis \(y - D z = c\). The algorithm is guaranteed to terminate because the variable vector *z* decreases by one variable in each iteration. Note that \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\) constructs \(y - D z = c\) in such a way that the substitution \(\sigma ^{D,c}_{y,z}\) is the concatenation of all substitutions \(\sigma '\) from every previous iteration. Therefore, we also know that \(\sigma ^{D,c}_{y,z}\) applied to \(A' x \le b'\) results in the system of inequalities \(A z \le b\) that implies no equalities. We exploit this fact to prove the correctness of \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\), but first we need two more auxiliary lemmas.

## Lemma 9

Let \(y - D z = c\) be a satisfiable system of equalities. Let \(A x \le b\) and \(A^* x \le b^*\) be two systems of inequalities, both implying the equalities in \(y - D z = c\). Let \(A' z \le b' := (A x \le b) \sigma ^{D,c}_{y,z}\) and \(A^{**} z \le b^{**} := (A^* x \le b^*) \sigma ^{D,c}_{y,z}\). Then \(A' z \le b'\) is equivalent to \(A^{**} z \le b^{**}\) if \(A x \le b\) is equivalent to \(A^* x \le b^*\).

## Proof

Let \(A x \le b\) be equivalent to \(A^* x \le b^*\). Suppose to the contrary that \(A' z \le b'\) is not equivalent to \(A^{**} z \le b^{**}\). This means that there exists a \(v \in \mathbb {Q}_{\delta }^{n_z}\) such that either \(A' v \le b'\) is true and \(A^{**} v \le b^{**}\) is false, or \(A' v \le b'\) is false and \(A^{**} v \le b^{**}\) is true. Without loss of generality we select the first case that \(A' v \le b'\) is true and \(A^{**} v \le b^{**}\) is false. We now extend this solution by \(u \in \mathbb {Q}_{\delta }^{n_y}\), where \(u_i := c_i + d_i^T v\), so \((A' v \le b') \cup (u - D v = c)\) is true. Based on the definition of \(\sigma ^{D,c}_{y,z}\) and \(n_y\) recursive applications of Lemma 8, the four systems of constraints \(A x \le b\), \(A^* x \le b^*\), \((A' z \le b') \cup (y - D z = c)\), and \((A^{**} z \le b^{**}) \cup (y - D z = c)\) are equivalent. Therefore, \((A^{**} v \le b^{**}) \cup (u - D v = c)\) is true, which means that \(A^{**} v \le b^{**}\) is also true. The latter contradicts our initial assumptions. \(\square \)

Now we can also prove what we have already explained at the beginning of this section. The equality \(h^T x = g\) is implied by \(A x \le b\) if and only if \(y - D z = c\) is an equality basis and \((h^T x = g) \sigma ^{D,c}_{y,z}\) simplifies to \(0 = 0\). An equality basis is already defined as a set of equalities \(y - D z = c\) that implies exactly those equalities implied by \(A x \le b\). So we only need to prove that \(h^T x = g\) is implied by \(y - D z = c\) if \((h^T x = g) \sigma ^{D,c}_{y,z}\) simplifies to \(0 = 0\).

## Lemma 10

Let \(y - D z = c\) be a satisfiable system of equalities. Let \(h^T x = g\) be an equality. Then \(y - D z = c\) implies \(h^T x = g\) iff \((h^T x = g) \sigma ^{D,c}_{y,z}\) simplifies to \(0 = 0\).

## Proof

First, let us look at the case where \(h^T x = g\) is an explicit equality \(y_i - d_i^T z = c_i\) in \(y - D z = c\). Then \((y_i - d_i^T z = c_i) \sigma ^{D,c}_{y,z}\) simplifies to \(0 = 0\) because \(\sigma ^{D,c}_{y,z}\) maps \(y_i\) to \(d_i^T z + c_i\) and the variables \(z_j\) are not affected by \(\sigma ^{D,c}_{y,z}\).

Next, let us look at the case where \(h^T x = g\) is an implicit equality in \(y - D z = c\). Since both \(y - D z = c\) and \((y - D z = c) \cup (h^T z = g)\) imply \(h^T z = g\) and the equalities in \(y - D z = c\), both \((y - D z = c) \sigma ^{D,c}_{y,z}\) and \(((y - D z = c) \cup (h^T z = g)) \sigma ^{D,c}_{y,z}\) must be equivalent (see Lemma 9). As we stated at the beginning of this proof, \((y_i - d_i^T z = c_i) \sigma ^{D,c}_{y,z}\) simplifies to \(0 = 0\). An equality \(h'^T c = g'\) that simplifies to \(0 = 0\) is true for all \(v \in \mathbb {Q}_{\delta }^{n_z}\). Moreover, only equalities that simplify to \(0 = 0\) are true for all \(v \in \mathbb {Q}_{\delta }^{n_z}\). This means \((y - D z = c) \sigma ^{D,c}_{y,z}\) is satisfiable for all assignments and, therefore, \((h^T z = g) \sigma ^{D,c}_{y,z}\) must simplify to \(0 = 0\).

Finally, let us look at the case where \(h^T x = g\) is not an equality implied by \(y - D z = c\). Suppose to the contrary that \(((y - D z = c) \cup (h^T z = g)) \sigma ^{D,c}_{y,z}\) is satisfiable for all assignments. We know based on Lemma 8 and transitivity of equivalence that \((y - D z = c) \cup (h^T z = g)\) and \((y - D z = c) \cup \emptyset \) are equivalent. Therefore, \(h^T z = g\) is implied by \(y - D z = c\), which contradicts our initial assumption. \(\square \)

With Lemma 10, we have now all auxiliary lemmas needed to prove that the algorithm \({{\mathrm{{\texttt {EqBasis}}}}}\) is correct:

## Lemma 11

Let \(A' x \le b'\) be a satisfiable system of inequalities. Let \(y - D z = c\) be the output of \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\). Then \(y - D z = c\) is an equality basis of \(A' x \le b'\).

## Proof

Let \(A z \le b\) be the result of applying \(\sigma ^{D,c}_{y,z}\) to \(A' x \le b'\). Since \(y - D z = c\) is the output of \({{\mathrm{{\texttt {EqBasis}}}}}(A' x \le b')\), the condition in line 3 of \({{\mathrm{{\texttt {EqBasis}}}}}\) guarantees us that \(A z \le b\) implies no equalities. Let us now suppose to the contrary of our initial assumptions that \(A' x \le b'\) implies an equality \({h'}^T x = g'\) that \(y - D z = c\) does not imply. Since \({h'}^T x = g'\) is not implied by \(y - D z = c\), the output of \(({h'}^T x = g') \sigma ^{D,c}_{y,z}\) is an equality \({h}^T z = g\), where \(h \ne 0^{n_z}\). This also implies that \((A z \le b) \cup ({h}^T z = g)\) is the output of \(((A' x \le b') \cup ({h'}^T x = g')) \sigma ^{D,c}_{y,z}\). By Lemma 9, \(A z \le b\) and \((A z \le b) \cup ({h}^T z = g)\) are equivalent. Therefore, \(A z \le b\) implies the equality \({h}^T z = g\), which contradicts the condition in line 3 of \({{\mathrm{{\texttt {EqBasis}}}}}\) and, therefore, our initial assumptions. \(\square \)

## 7 Implementation and application

It is not straight forward how to efficiently integrate our method that finds an equality basis into an SMT solver. Therefore, we now explain how to implement our method as an extension of Dutertre and de Moura’s version [14] of the dual simplex algorithm [2, 22]. We choose to specialize this version of the dual simplex algorithm because it is implemented in most SMT solvers and has all properties necessary for an efficient theory solver: it produces minimal conflict explanations, handles backtracking efficiently, and is highly incremental. Whenever we refer to the simplex algorithm in this section, we refer to the specific version of the dual simplex algorithm presented by Dutertre and de Moura [14].

We defined the theory for the equality basis by representing our input constraints through inequalities \(A x \le b\) because inequalities represent the set of solutions more intuitively. In the simplex algorithm, the input constraints are represented instead by a so-called tableau \(A x = 0^m\) and two bounds \(l_i \le x_i \le u_i\) for every variable \(x_i\) in the tableau. Therefore, it might seem difficult to efficiently integrate our method in the simplex algorithm. The truth, however, is that the tableau-and-bound representation grants us several advantages for the implementation of our equality basis method. For example, we do not have to explicitly eliminate variables via substitution, but we do so automatically via pivoting.

Later in this section, we also explain how the integration of our methods in the simplex algorithm can be used for the combination of theories with the Nelson–Oppen Method. For the Nelson–Oppen style combination of theories inside an SMT solver [9], each theory solver has to return all valid equations between variables in its theory. Linear arithmetic theory solvers sometimes guess these equations based on one satisfying assignment. Then the equations are transferred according to the Nelson–Oppen method without verification. This leads to a backtrack of the combination procedure in case the guess was wrong and eventually led to a conflict. With the availability of an equality basis, the guesses can be verified directly and efficiently. Therefore, the method helps the theory solver in avoiding any conflicts due to wrong guesses together with the overhead of backtracking. This comes at the price of computing the equality basis, which should be negligible because the integration we propose is incremental and includes justified simplifications.

### 7.1 The dual simplex algorithm

We can easily transform a system of inequalities \(A x \le b\) into the above format if we introduce a so-called slack variable \(s_i\) for every inequality in our system. Our system is then defined by the equalities \(A x - s = 0^m\), and the bounds \(-\infty \le x_j \le \infty \) for every original variable \(x_j\) and the bounds \(-\infty \le s_i \le b_i\) for every slack variable introduced for the inequality \(a_i^T x \le b_i\). We can even reduce the number of slack variables if we transform rows of the form \(a_{ij} \cdot x_j \le c_j\) directly into bounds for \(x_j\). Moreover, we can use the same slack variable for multiple inequalities as long as the left side of the inequality is similar enough. For example, the inequalities \({a}_i^T x \le b_i\) and \(-{a}_i^T x \le c_i\) can be transformed into the equality \({a}_i^T x - s_i = 0\) and the bounds \(-c_i \le s_i \le b_i\). SMT solvers typically assign the slack variables during a preprocessing step with a normalization procedure based on a variable ordering. After the normalization, all terms are represented in one directed acyclic graph (DAG) so that all equivalent terms are assigned to the same node and, thereby, to the same slack variable. For more details on these simplifications we refer to [14].

The simplex algorithm also partitions the variables into two sets: the set of *non-basic* variables \(\mathcal {N}\) and the set of *basic* variables \(\mathcal {B}\). Initially, our original variables are the non-basic variables and the slack variables are the basic variables. The non-basic variables \(\mathcal {N}\) define the basic variables over a *tableau* derived from our system of equalities. Each row in this tableau represents one basic variable \(x_i \in \mathcal {B}\): \(x_i = \sum _{x_j \in \mathcal {N}} a_{ij} x_j\). The simplex algorithm exchanges variables from \(x_i \in \mathcal {B}\) and \(x_j \in \mathcal {N}\) with the \({{\mathrm{{\texttt {pivot}}}}}\) algorithm. To do so, we also have to change the tableau via substitution. All tableaux constructed in this way are equivalent to the original system of equalities \(A x = 0^m\).

The goal of the simplex algorithm is to find an assignment \(\beta \) that maps every variable \(x_i\) to a value \(\beta (x_i) \in \mathbb {Q}_{\delta }\) that satisfies our constraint system, i.e., \(A (\beta (x)) = 0^m\) and \(l_i \le \beta (x_i) \le u_i\) for every variable \(x_i\). The algorithm starts with an assignment \(\beta \) that fulfills \(A (\beta (x)) = 0^m\) and \(l_j \le \beta (x_j) \le u_j\) for every non-basic variable \(x_j \in \mathcal {N}\). Initially, we get such an assignment through our tableau. We simply choose a value \(l_j \le \beta (x_j) \le u_j\) for every non-basic variable \(x_j \in \mathcal {N}\) and define the value of every basic variable \(x_i \in \mathcal {B}\) over the tableau: \(\beta (x_i) := \sum _{x_j \in \mathcal {N}} a_{ij} \beta (x_j)\). As an invariant, the simplex algorithm continues to fulfill \(A (\beta (x)) = 0^m\) and \(l_j \le \beta (x_j) \le u_j\) for every non-basic variable \(x_j \in \mathcal {N}\) and every intermediate assignment \(\beta \).

The simplex algorithm finds a satisfiable assignment or an explanation of unsatisfiability through the \({{\mathrm{{\texttt {Check}}}}}()\) algorithm. Since all non-basic variables fulfill their bounds and the tableau guarantees that \(A x = 0^m\), \({{\mathrm{{\texttt {Check}}}}}()\) only looks for a basic variable that violates one of its bounds. If all basic variables \(x_i\) satisfy their bounds, then \(\beta \) is a satisfiable assignment and \({{\mathrm{{\texttt {Check}}}}}()\) returns true. If \({{\mathrm{{\texttt {Check}}}}}()\) finds a basic variable \(x_i\) that violates one of its bounds, then it looks for a non-basic variable \(x_j\) fulfilling the conditions in lines 6 or 12 of \({{\mathrm{{\texttt {Check}}}}}()\). If it finds a non-basic variable \(x_j\) fulfilling the conditions, then we pivot \(x_i\) with \(x_j\) and update our \(\beta \) assignment so \(\beta (x_i)\) is set to the previously violated bound value, which satisfies our invariant once more. If it finds no non-basic variable fulfilling the conditions, then the row of \(x_i\) and all non-basic variables \(x_j\) with \(a_{ij} \ne 0\) build an unresolvable conflict. Hence, \({{\mathrm{{\texttt {Check}}}}}()\) has found a row that explains the conflict and it can return unsatisfiable. The algorithm terminates due to a variable selection strategy called Bland’s rule. Bland’s rule is based on a predetermined variable order and always selects the smallest variables fulfilling the conditions for pivoting.

### 7.2 Implementation details

*tightly*bounded variables, i.e., a set of variables \(x_j\) such that \(\beta (x_j) := l_j\) or \(\beta (x_j) := u_j\) for all satisfiable assignments \(\beta \). Therefore, one way of determining an equality basis is to find all tightly bounded variables.

To find all tightly bounded variables, we present a new extension of the simplex algorithm called \({{\mathrm{{\texttt {FindTBnds}}}}}()\) (Fig. 5). This extension uses our Lemmas 6 and 7 to iteratively find all bounds \(l_j \le x_j\) (\(x_j \le u_j\)) that hold tightly for all satisfiable assignments \(\beta \), and then turns them into explicit equalities by setting \(u_j := l_j\) (\(l_j := u_j\)). But first of all, \({{\mathrm{{\texttt {FindTBnds}}}}}()\) determines if our constraint system is actually satisfiable with a call of \({{\mathrm{{\texttt {Check}}}}}()\). If the system is unsatisfiable, then it has no solutions and implies all equalities. In this case, \({{\mathrm{{\texttt {FindTBnds}}}}}()\) returns *false*.

Otherwise, we get a satisfiable assignment \(\beta \) from \({{\mathrm{{\texttt {Check}}}}}()\) and we use this assignment in \({{\mathrm{{\texttt {Initialize}}}}}()\) (Fig. 5) to eliminate all bounds that do not hold tightly under \(\beta \) (i.e., \(\beta (x_i) > l_i\) or \(\beta (x_i) < u_i\)). We know that we can eliminate these bounds without losing any tightly bounded variables because we only need the bounds that can be part of an equality explanation, i.e., only bounds that hold tightly for all satisfiable assignments (see Lemma 7). For the same reason, \({{\mathrm{{\texttt {Initialize}}}}}()\) eliminates all originally strict bounds, i.e., bounds with a non-zero delta part.

Next, \({{\mathrm{{\texttt {Initialize}}}}}()\) tries to turn as many variables \(x_i\) with \(l_i = u_i\) into non-basic variables. We do so because \(x_i\) is guaranteed to stay a non-basic variable if \(l_i = u_i\) (see lines 6 and 12 of \({{\mathrm{{\texttt {Check}}}}}\)). Pivoting like this essentially eliminates the tightly bounded non-basic variable \(x_i\) and replaces it with the constant value \(l_i\). There only exists one case when \({{\mathrm{{\texttt {Initialize}}}}}()\) cannot turn the variable \(x_i\) with \(l_i = u_i\) into a non-basic variable. This case occurs whenever all non-basic variables \(x_j\) with non-zero coefficient \(a_{ij}\) also have tight bounds \(l_j = u_j\). In this case, the complete row \(x_i = \sum _{x_j \in \mathcal {N}} a_{ij} x_j\) simplifies to \(x_i = l_i\), so it never produces a conflict and we can also ignore this row.

As its last action, \({{\mathrm{{\texttt {Initialize}}}}}()\) turns the bounds of all variables \(x_j\) with \(l_j < u_j\) into strict bounds. Since \({{\mathrm{{\texttt {Initialize}}}}}()\) transformed these bounds into strict bounds, the condition of the while loop in line 3 of \({{\mathrm{{\texttt {FindTBnds}}}}}()\) checks whether the system contains another tightly bounded variable (see also Lemma 6). If \({{\mathrm{{\texttt {Check}}}}}\) returns (*false*, \(x_i\)), then the row \(x_i\) represents an equality explanation and all variables \(x_j\) with a non-zero coefficient in the row hold tightly (see Lemma 7). \({{\mathrm{{\texttt {FindTBnds}}}}}()\) uses \({{\mathrm{{\texttt {FixEqs}}}}}(x_i)\) (Fig. 5) to turn these tightly bounded variables \(x_j\) into explicit equalities by setting \(l_j = u_j\). After \({{\mathrm{{\texttt {FixEqs}}}}}(x_i)\) is done, we go back to the beginning of the loop in \({{\mathrm{{\texttt {FindTBnds}}}}}()\) and do another call to \({{\mathrm{{\texttt {Check}}}}}\).

If \({{\mathrm{{\texttt {Check}}}}}\) returns *true*, then the original system of inequalities implies no further tightly bounded variables (Lemma 6). We exit the loop and revert the bounds of the remaining variables \(x_j\) with \(l_j < u_j\) to their original values. As a result, we have also reverted to a linear system equivalent to our original constraint system. The only difference is that now all tightly bounded variables \(x_i\) are explicit equalities because \(l_i = u_i\). Moreover, the tableau \(A x = 0^m\) and the non-basic variables that are tightly bounded represent an equality basis for our original constraint system. The simplex algorithm even represents the current tableau and the tightly bounded non-basic variables in such a way that they also describe a substitution \(\sigma \) for the elimination of equalities: the rows of the tableau map each basic variable \(x_i\) to their row definition \(\sum _{x_j \in \mathcal {N}} a_{ij} x_j\) and the tightly bounded non-basic variables \(x_j\), i.e., all variables \(x_j\) with \(j \in \mathcal {N}\) and \(l_j = u_j\), are mapped to their tight bound \(l_j\).

After applying \({{\mathrm{{\texttt {FindTBnds}}}}}()\), we can efficiently find all valid equations between variables as needed for the Nelson–Oppen style combination of theories. For each variable \(x_i\), we use the substitution \(\sigma \) that we get from the tableau and the tightly bounded variables to get a normalized term that represents each variable. If the variable \(x_i\) is non-basic and tightly bounded (i.e., \(l_i = u_i\)), then the normalized term is the constant value \(l_i\). If the variable \(x_i\) is non-basic and not tightly bounded (i.e., \(l_i \ne u_i\)), then the normalized term is the variable \(x_i\) itself. If the variable \(x_i\) is basic, then the normalized term is \( \left( \sum _{x_j \in \mathcal {N}, l_j \ne u_j}a_{ij} x_j \right) + \left( \sum _{x_j \in \mathcal {N}, l_j = u_j} a_{ij} l_j \right) \), where all basic mathematical operations between constant values are replaced by the results of those operations.

We know from Lemma 10 that \(x_i \sigma = x_k \sigma \) simplifies to \(0 = 0\) if \(\sigma \) is the substitution we get from an equality basis and \(x_i = x_k\) is implied by our constraints. Therefore, both \(x_i \sigma \) and \(x_k \sigma \) must be represented by the same normalized term if \(x_i\) and \(x_k\) are equivalent. So the equality basis together with a normalization procedure has turned semantic equivalence into syntactic equivalence. It is very easy to find variables \(x_i\) represented by the same normalized term if we store these terms in a DAG, which most SMT solvers already provide for assigning slack variables.

### 7.3 Incrementality, explanations, and justifications

Note that asserting additional bounds to our system can increase the number of tightly bounded variables. In this case, we have to apply \({{\mathrm{{\texttt {FindTBnds}}}}}()\) again to find all tightly bounded variables and to complete the new equality basis. We already mentioned that \({{\mathrm{{\texttt {Check}}}}}()\) never pivots a non-basic variable \(x_j\) into a basic one if \(l_j = u_j\) because of the conditions in the lines 6 and 12 of \({{\mathrm{{\texttt {Check}}}}}()\). So even if the SMT solver asserts additional bounds for the variables and applies \({{\mathrm{{\texttt {Check}}}}}()\) again, the tightly bounded non-basic variables we have computed in the last call to \({{\mathrm{{\texttt {FindTBnds}}}}}()\) stay non-basic. Hence, our next application of \({{\mathrm{{\texttt {FindTBnds}}}}}()\) does not perform any computations for the tightly bounded variables that were detected by earlier applications of \({{\mathrm{{\texttt {FindTBnds}}}}}()\). This means that our algorithm to compute the equality basis is highly incremental.

Another important feature of an efficient SMT theory solver is that it produces good—maybe even minimal—conflict explanations. In a typical SMT solver, a SAT solver based on CDCL (conflict-driven clause learning) selects and asserts a set of theory literals that satisfy the boolean model. Then the theory solvers verify that the asserted literals that belong to their theory are consistently satisfiable. If the theory solver finds a conflict between the asserted literals, then it returns a conflict explanation. The SAT solver uses the conflict explanation to start a conflict analysis that determines a good point for back jumping so it can select a new set of theory literals. Naturally, a good conflict explanation greatly enhances the conflict analysis and, therefore, the remaining search.

The literals asserted in our simplex based theory solver are bounds for our variables.^{2} Our algorithm \({{\mathrm{{\texttt {FindTBnds}}}}}()\) asserts bounds independently of the SAT solver. This leads to problems in the conflict analysis because the conflict explanation is no longer comprehensible for the SAT solver. Hence, we have to extend \({{\mathrm{{\texttt {FindTBnds}}}}}()\) so it produces justifications (for the bounds it asserts in \({{\mathrm{{\texttt {FixEqs}}}}}(x_i)\)) that the SAT solver can comprehend and reproduce.

*C*of the strict system. For instance, if the call to \({{\mathrm{{\texttt {Check}}}}}()\) from line 3 of \({{\mathrm{{\texttt {FindTBnds}}}}}()\) exits in line 7 with (false, \(x_i\)), then the conflict explanation is

*C*into non-strict bounds:

We get these justifications by looking at the normalized representations of the variables \(x_i\) and \(x_k\) that are equivalent. The current set of non-basic variables defines a basis and, therefore, already on its own a normalized representation for all variables. Since this normalized representation only depends on the current tableau \(A x = 0^m\), it is also independent of any of the asserted bounds. The normalized representation we use for the Nelson–Oppen style combination is only an extension of this representation by the tight bounds \(x_j = c_j\) of all tightly bounded non-basic variables. Therefore, the equality \(x_i = x_k\) is implied by those tight bounds \(x_j = c_j\) that were actively used to compute this representation.

## 8 Conclusions

We have presented the linear cube transformation (Proposition 3), which allows us to efficiently determine whether a polyhedron contains a cube of a given edge length. Based on this transformation we have created two tests for linear integer arithmetic: the largest cube test and the unit cube test. Our tests can be integrated into SMT theory solvers without sacrificing the advantages that SMT solvers gain from the incremental structure of subsequent subproblems. Furthermore, our experiments have shown that these tests increase efficiency on certain polyhedra such that previously hard sets of constraints become trivial.

One obstacle for our cube tests are equalities. Resolving these obstacles led to an additional application of the linear cube transformation: investigating equalities. Through Lemmas 6 and 7, we have presented a method that efficiently checks whether a system of linear arithmetic constraints implies an equality at all. We use this method in the algorithm \({{\mathrm{{\texttt {EqBasis}}}}}(A x \le b)\) to compute an equality basis \(y - D z = c\), which is a finite representation of all equalities implied by the inequalities \(A x \le b\).

We also presented various applications for the equality basis \(y - D z = c\). (1) We can use the equality basis to eliminate all equalities from \(A x \le b\). It is, therefore, useful as a preprocessing step for our cube tests. (2) We can use the equality basis to directly check whether an equality \(h^T x = g\) is implied by \(A x \le b\). (3) In Sect. 7, we also use the equality basis to efficiently compute all pairs of equivalent variables in \(A x \le b\). These pairs are necessary for a backjump-free *Nelson–Oppen* style combination of theories.

*quantifier elimination*(QE) procedure takes a formula \(\exists y. \phi (y)\), where \(\phi (y)\) itself is quantifier-free but may contain extra variables

*x*called

*parameters*, and returns an equivalent formula \(\phi '\) that is quantifier-free.

*Linear virtual substitution*is a complete QE procedure for the theory of linear rational arithmetic [23]. It eliminates the variable

*y*by creating a case distinction exploiting the following fact: a linear real arithmetic formula \(\phi (y)\) is satisfiable if and only if \(\phi (l)\) is satisfiable, where

*l*is the strictest lower bound (or upper bound) of

*y*, i.e., the smallest value for

*y*in any solution to the problem. This value is either represented by one of the inequalities in \(\phi (y)\) containing

*y*or \(-\infty \) (\(+\infty \)). There are only finitely many inequalities in \(\phi (y)\), so by a case distinction over all inequalities containing

*y*satisfiability can be preserved:

*y*:

For future research, we plan to implement the methods around the equality basis and investigate their performance for the above mentioned applications. Moreover, we want to work out even more applications for the linear cube transformation.

## Footnotes

- 1.
If we combine the equality basis with a

*diophantine equation handler*[16], then we even receive a substitution \(\sigma '\) that eliminates the equalities in such a way that we can reconstruct an integer solution from them. The result is a new system of inequalities that implies no equalities and has an integer solution if and only if \(A x \le b\) has one. - 2.
Actually, the literals we assert are full inequalities \(a_i^T x \le b_i\). Due to slacking, the left side of those constraints is abstracted to a slack variable

*s*such that \(s = a_i^T x\). The definition of the slack variable \(s = a_i^T x\) is directly stored in the simplex solver and only a bound \(s \le b_i\) remains as the literal for the SMT solver.

## Notes

### Acknowledgements

Open access funding provided by Max Planck Society. The authors would like to thank the anonymous reviewers of FMSD, IJCAR 2016, and SMT 2016 for their valuable comments, suggestions, and for directing us to related work. Special thanks are also due to Bruno Dutertre, Tim King, and Andrew Reynolds for drawing our attention to additional applications.

## References

- 1.Barrett C, Conway C, Deters M, Hadarean L, Jovanović D, King T, Reynolds A, Tinelli C (2011) CVC4. In: CAV, LNCS, vol 6806, pp 171–177Google Scholar
- 2.Beale EML (1954) An alternative method for linear programming, vol 50, issue 4, pp 513–523Google Scholar
- 3.Bjørner N (1999) Integrating decision procedures for temporal verification. Ph.D. thesis, Stanford, CA, USAGoogle Scholar
- 4.Bobot F, Conchon S, Contejean E, Iguernelala M, Mahboubi A, Mebsout A, Melquiond G (2012) A simplex-based extension of Fourier–Motzkin for solving linear integer arithmetic. In: IJCAR 2012, LNCS, vol 7364, pp 67–81Google Scholar
- 5.Boyd S, Vandenberghe L (2004) Convex optimization. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
- 6.Bromberger M, Sturm T, Weidenbach C (2015) Linear integer arithmetic revisited. In: CADE-25, LNCS, vol 9195, pp 623–637Google Scholar
- 7.Bromberger M, Weidenbach C (2016) Computing a complete basis for equalities implied by a system of LRA constraints. In: SMT 2016, pp 15–30Google Scholar
- 8.Bromberger M, Weidenbach C (2016) Fast cube tests for lia constraint solving. In: IJCAR 2016, LNCS, vol 9706Google Scholar
- 9.Bruttomesso R, Cimatti A, Franzen A, Griggio A, Sebastiani R (2009) Delayed theory combination vs. Nelson–Oppen for satisfiability modulo theories: a comparative analysis. AMAI 55(1):63–99MathSciNetMATHGoogle Scholar
- 10.Cimatti A, Griggio A, Schaafsma B, Sebastiani R (2013) The MathSAT5 SMT Solver. In: TACAS, LNCS, vol 7795Google Scholar
- 11.Dillig I, Dillig T, Aiken A (2009) Cuts from proofs: a complete and practical technique for solving linear inequalities over integers. In: CAV, LNCS, vol 5643, pp 233–247Google Scholar
- 12.Dolzmann A, Sturm T, Weispfenning V (1999) Real quantifier elimination in practice. In: Algorithmic algebra and number theory. Springer, pp 221–247Google Scholar
- 13.Dutertre B (2014) Yices 2.2. In: CAV 2014, LNCS, vol 8559Google Scholar
- 14.Dutertre B, de Moura, L (2006) A fast linear-arithmetic solver for DPLL(T). In: CAV, LNCS, vol. 4144, pp. 81–94 (2006). Extended version: Integrating simplex with DPLL(T). Technical report, CSL, SRI InternationalGoogle Scholar
- 15.Faure G, Nieuwenhuis R, Oliveras A, Rodríguez-Carbonell E (2008) Sat modulo the theory of linear arithmetic: exact, inexact and commercial solvers. In: SAT 2008, LNCS, vol 4996, pp 77–90Google Scholar
- 16.Griggio A (2012) A practical approach to satisfiability modulo linear integer arithmetic. JSAT 8(1/2):1–27MathSciNetMATHGoogle Scholar
- 17.Hillier FS (1969) Efficient heuristic procedures for integer linear programming with an interior. Oper Res 17(4):600–637MathSciNetCrossRefMATHGoogle Scholar
- 18.Jovanović D, de Moura L (2013) Cutting to the chase. JAR 51(1):79–108MathSciNetCrossRefMATHGoogle Scholar
- 19.Jünger M, Liebling TM, Naddef D, Nemhauser GL, Pulleyblank WR, Reinelt G, Rinaldi G, Wolsey LA (eds) (2010) 50 years of integer programming 1958–2008Google Scholar
- 20.Kannan R, Lovász L (1986) Covering minima and lattice point free convex bodies. FSTTCS, LNCS, vol 241, pp 193–213Google Scholar
- 21.Karmarkar N (1984) A new polynomial-time algorithm for linear programming. Combinatorica 4(4):373–396MathSciNetCrossRefMATHGoogle Scholar
- 22.Lemke CE (1954) The dual method of solving the linear programming problem. Nav Res Logist Quart 1(1):36–47MathSciNetCrossRefMATHGoogle Scholar
- 23.Loos R, Weispfenning V (1993) Applying linear quantifier elimination. Comput J 36(5):450–462MathSciNetCrossRefMATHGoogle Scholar
- 24.de Moura L, Bjørner N (2008) Z3: an efficient SMT solver. In: Tools and algorithms for the construction and analysis of systems, LNCS, vol 4963, pp 337–340Google Scholar
- 25.Papadimitriou CH (1981) On the complexity of integer programming. J ACM 28(4):765–768MathSciNetCrossRefMATHGoogle Scholar
- 26.Pugh W (1991) The omega test: a fast and practical integer programming algorithm for dependence analysis. In: Supercomputing 1991, Supercomputing ’91. ACM, pp 4–13Google Scholar
- 27.Refalo P (1998) Approaches to the incremental detection of implicit equalities with the revised simplex method. In: PLILP 1998, LNCS, vol 1490, pp 481–496Google Scholar
- 28.Rueß H, Shankar N (2004) Solving linear arithmetic constraints. Technical report, SRI International, Computer Science LaboratoryGoogle Scholar
- 29.Schrijver A (1986) Theory of linear and integer programming. Wiley, New YorkMATHGoogle Scholar
- 30.Sturm T (1996) Real quadratic quantifier elimination in risa/asir. Technical report, ISIS-RM-5E, Fujitsu Laboratories LtdGoogle Scholar
- 31.Telgen J (1983) Identifying redundant constraints and implicit equalities in systems of linear constraints. Manag Sci 29(10):1209–1222MathSciNetCrossRefMATHGoogle Scholar
- 32.Van Hentenryck P, Graf T (1992) Standard forms for rational linear arithmetic in constraint logic programming. AMAI 5(2):303–319MathSciNetMATHGoogle Scholar

## Copyright information

**Open Access**This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.