Simulating Strong Practical Proof Systems with Extended Resolution

Proof systems for propositional logic provide the basis for decision procedures that determine the satisfiability status of logical formulas. While the well-known proof system of extended resolution—introduced by Tseitin in the sixties—allows for the compact representation of proofs, modern SAT solvers (i.e., tools for deciding propositional logic) are based on different proof systems that capture practical solving techniques in an elegant way. The most popular of these proof systems is likely DRAT, which is considered the de-facto standard in SAT solving. Moreover, just recently, the proof system DPR has been proposed as a generalization of DRAT that allows for short proofs without the need of new variables. Since every extended-resolution proof can be regarded as a DRAT proof and since every DRAT proof is also a DPR proof, it was clear that both DRAT and DPR generalize extended resolution. In this paper, we show that—from the viewpoint of proof complexity—these two systems are no stronger than extended resolution. We do so by showing that (1) extended resolution polynomially simulates DRAT and (2) DRAT polynomially simulates DPR. We implemented our simulations as proof-transformation tools and evaluated them to observe their behavior in practice. Finally, as a side note, we show how Kullmann’s proof system based on blocked clauses (another generalization of extended resolution) is related to the other systems.


Introduction
When we look at proof systems for propositional logic, we observe an interesting peculiarity: Even though extended resolution, invented by Tseitin in the sixties [30], is known to be highly expressive, the practitioners in SAT solving have come up with different proof systems on which they base their solvers. The most important of these proof systems is likely DRAT [35], which can be considered the de-facto standard in SAT solving: Not only are the solvers in the annual SAT competitions required to produce DRAT proofs but also the proofs of longstanding mathematical problems, including the Boolean Erdős Discrepancy Conjecture [21] and the Boolean Pythagorean Triples Problem [11], were provided in DRAT.
One reason for the use of DRAT is that it can compactly represent many of the techniques used by modern SAT solvers. Moreover, due to its close relationship to unit propagationwhich is a core part of modern SAT solvers-the correctness of DRAT proofs can be checked efficiently, leading to the development of formally verified DRAT proof checkers. Spinning the idea of propagation-based proof systems even further, the proof system DPR [13,16] has been introduced as a generalization of DRAT. DPR allows for short proofs without the need for new variables, thus making it a strong candidate for practical SAT solving. In fact, the solver SaDiCaL [15], which implements the DPR-based satisfaction-driven clause learning (SDCL) paradigm [14], can automatically find short proofs of the pigeon-hole principle, Tseitin formulas over expander graphs [30], and mutilated chessboard problems [25]. All these problems are infamous in the proof-complexity literature for being extremely hard [1,8,9,31], thus causing usual conflict-driven clause learning (CDCL) [24,26] solvers some serious trouble.
While it seems clear that both DRAT and DPR provide practical advantages over extended resolution, it has long been unclear whether these advantages also manifest themselves in theory in the sense that they can lead to exponentially shorter proofs for some formulas. In this paper, we show that they do not. We do so by providing polynomial simulations between the mentioned proof systems. Specifically, we give two polynomial-time procedures-the first procedure takes as input a DRAT proof and returns as output an extended-resolution proof of the same formula; the second procedure takes as input a DPR proof and returns as output a DRAT proof. Together, the two procedures can be used to transform DPR proofs into extended-resolution proofs.
Our results confirm the expected proof-complexity landscape in which all top-tier proof systems-including extended resolution, DRAT, DPR, and extended Frege systems [32]-are essentially equivalent. Rounding off the picture, we show how blocked-clause addition [22]a generalization of the extension rule from extended resolution-can be used to replace the addition of resolution asymmetric tautologies (RATs) in DRAT without introducing new variables. Our paper thus bridges the gap between proof systems from the present and from the past.
To evaluate the increase in size caused by our simulations in practice, we implemented them as proof-transformation tools and performed experiments on a range of DRAT and DPR proofs. The experiments show that the simulations incur a size increase that, though nonnegligible, is relatively modest compared to the theoretical worst case. Our transformation tools thus allow practitioners to transform the output of SAT solvers into a format that might suit their applications better. Moreover, the transformation from DPR to DRAT enables the use of formally verified DRAT proof checkers for DPR proof checking.
The main contributions of this paper are as follows: (1) We prove that extended resolution polynomially simulates DRAT. (2) We prove that DRAT polynomially simulates DPR. (3) We implemented our simulations as tools. (4) We present an empirical evaluation of our simulation tools. (5) We show how blocked-clause addition can be used as an alternative for resolution-asymmetric-tautology addition in DRAT.
This paper is an extended version of our IJCAR 2018 best paper [20] and our TACAS 2018 paper [10].

Preliminaries
Here we present the background required for understanding this paper. We consider propositional formulas in conjunctive normal form (CNF), which are defined as follows. A literal is either a variable x (a positive literal) or the negationx of a variable x (a negative literal).
The complementary literall of a literal l is defined asl =x if l = x andl = x if l =x. For a literal l, we denote the variable of l by var(l). A clause is a disjunction of literals; we assume that clauses do not contain repeated literals. A unit clause is a clause that contains exactly one literal; a tautology contains complementary literals. A formula is a conjunction of clauses. We view clauses as sets of literals and formulas as sets of clauses. A clause C subsumes a clause D if C ⊆ D.
An assignment is a function from a set of variables to the truth values 1 (true) and 0 (false). An assignment is total with respect to a formula if it assigns a truth value to every variable occurring in the formula. We often denote assignments by the sequences of literals they satisfy. For instance, xȳ denotes the assignment that assigns 1 to x and 0 to y. A literal l is satisfied by an assignment α if l is positive and α(var(l)) = 1 or if it is negative and α(var(l)) = 0. A literal is falsified by an assignment if its complement is satisfied by the assignment. A clause is satisfied by an assignment α if it contains a literal that is satisfied by α. Finally, a formula is satisfied by an assignment α if all its clauses are satisfied by α. A formula is satisfiable if there exists an assignment that satisfies it. Two formulas are logically equivalent if they are satisfied by the same total assignments. Two formulas are satisfiability-equivalent if they are either both satisfiable or both unsatisfiable.
Given a clause C and an assignment α, we define C | α as the clause obtained from C by removing all literals that are falsified by α. If F is a formula, we define F | α = {C | α | C ∈ F and α does not satisfy C} also denoted as F under α. The result of applying the unitclause rule to a formula F is the formula F | a (i.e., the formula F | α with α = a) where (a) is a unit clause in F. We also refer to applications of the unit-clause rule as unit-propagation steps. The iterated application of the unit-clause rule to a formula, until no unit clauses are left, is called unit propagation. If unit propagation on F yields the empty clause ⊥, we say that it derives a conflict on F. For example, unit propagation derives a conflict on For the rest of the paper, the notion of implication via unit propagation and the corresponding RUP clauses (short for reverse unit propagation) will be essential [34]: If C is a RUP in F, we say that F implies C via unit propagation, which we denote by F 1 C.
For example, (ā ∨ c) ∧ (b ∨c) implies (ā ∨b) via unit propagation since unit propagation derives a conflict on (ā ∨ c) ∧ (b ∨c) ∧ (a) ∧ (b). Observe that if C is a resolvent of two clauses in a formula F, or if F contains a clause D that subsumes C, then C is a RUP in F. We also say that a formula F implies a formula G via unit propagation, denoted by F 1 G, if F 1 C for every C ∈ G.
We define proof systems and polynomial simulations following Cook and Reckhow [6]: Definition 2 A proof system for propositional formulas in CNF is a surjective polynomialtime-computable function f : Σ * → F where Σ is some alphabet and F is the set of all unsatisfiable formulas.
A proof system can thus be seen as a proof-checking function f that takes a proof candidate P (which is a string over Σ) together with an unsatisfiable formula F and checks in polynomial time if P is a correct proof of F. The requirement that f is surjective means that there must exist a proof for every unsatisfiable formula. We sometimes use the word proof system in a more colloquial way to denote the rules that define what constitutes a correct proof of a certain type. The size of a proof is the number of symbols occurring in it.
In other words, f 1 polynomially simulates f 2 if there exists a polynomial-time-computable function that transforms f 2 -proofs into f 1 -proofs. We next present the proof systems extended resolution, DRAT, and DPR.

Extended Resolution (ER), DRAT, and DPR
We model proofs of a formula F as sequences C 1 , . . . , C m , I m+1 , . . . , I n , where C 1 , . . . , C m are clauses of F and I m+1 , . . . , I n are instructions as defined in the following. There are three different kinds of instructions: addition, deletion, and extension. An addition is either a pair a, C or a triple a, C, ω where C is a clause and ω is an assignment; a deletion is a pair d, C where C is a clause; and an extension (also called a definition introduction) is a pair e, ϕ where ϕ is a definition of the form x ↔ p ∨ (c 1 ∧ · · · ∧ c k ) with x being a variable that does not occur in any earlier instructions of the proof and p, c 1 , . . . , c k being literals whose variables are pairwise distinct. The CNF conversion of such a definition is the clause set cnf(ϕ) = {(x ∨p), (x ∨c 1 ∨ · · · ∨c k ), (x ∨ p ∨ c 1 ), . . . , (x ∨ p ∨ c k )}; in the particular case k = 0 we have cnf(ϕ) = {(x ∨p), (x)}. The sequence C 1 , . . . , C m , I m+1 , . . . , I n gives rise to formulas F 0 , F 1 , . . . , F n as follows: We call F i the accumulated formula corresponding to the i-th instruction. Based on this, we can now define the details of extended resolution and DRAT. In both proof systems, a correct proof of a formula F must derive the empty clause ⊥, i.e., ⊥ ∈ F n . They differ only in the instructions they permit.

Extended Resolution
Extended resolution combines resolution with the extension rule: A sequence C 1 , . . . , C m , I m+1 , . . . , I n is a correct extended-resolution proof of a formula F if every instruction I i ∈ I m+1 , . . . , I n is either (1) an addition a, (C ∨ D) where (C ∨ D) is the resolvent (C ∨ p) ⊗ p (D ∨p) of two clauses (C ∨ p) and (D ∨p) occurring in F i−1 , or (3) an extension e, ϕ . When Tseitin originally introduced the extension rule [30], he only allowed definitions of the form x ↔ (ā ∨b) where a and b are variables. These definitions correspond to the clauses (x ∨ a), (x ∨ b), and (x ∨ā ∨b). However, more general definitions can be derived from these basic definitions in a simple but tedious way. Because of this, more general extension rules are common in the literature, some even allowing definitions x ↔ ψ where ψ is an arbitrary propositional formula over previous variables (cf. [5,9,29]).

DRAT
A sequence C 1 , . . . , C m , I m+1 , . . . , I n is a correct DRAT proof of a formula F if every instruction I i ∈ I m+1 , . . . , I n is either (1) a deletion d, C where C is an arbitrary clause, or (2) an addition a, C where C is a RAT or a RUP in F i−1 ; we have already introduced RUPs in Definition 1 on p. 1249. A RAT is then simply a clause for which all resolvents upon one of its literals are RUPs [18]: and the clause C = (a ∨ p). There are two resolvents of C upon p: The resolvent (a ∨ā), obtained by resolving with (p ∨ā), is a tautology and thus trivially a RUP in F; the resolvent (a ∨ b), obtained by resolving with (p ∨ b), is a RUP in F since unit propagation derives a conflict on F ∧ (ā) ∧ (b). It follows that C is a RAT on p in F. [18], if a clause C is a RAT on p in a formula F, then F and F ∧ C are satisfiability-equivalent. The idea behind the proof is that every satisfying assignment of F that does not satisfy C can be turned into a satisfying assignment of F ∧ C by making the literal p true.

As shown in
Observe that if C is a non-empty RUP in F, it is a RAT in F on any literal p ∈ C (the empty clause ⊥ cannot be a RAT as it contains no literals). In the rest of the paper, we thus call a clause a proper RAT if it is a RAT on some literal p but not a RUP. The addition of definition clauses, as with the extension rule, is a special case of blocked-clause addition [17] (see Sect. 5), which itself is a particular case of RAT addition. We thus regard DRAT as a generalization of extended resolution.

DPR
A sequence C 1 , . . . , C m , I m+1 , . . . , I n is a correct DPR proof of a formula F if every instruction I i ∈ I m+1 , . . . , I n is either (1) a deletion d, C where C is an arbitrary clause, or (2) an addition a, C where C is a RUP in F i−1 , or (3) an addition a, C, ω where C is propagation-redundant with respect to F i−1 and ω; we define propagation-redundancy in the following, it is based on the notion of precluded assignments: Definition 5 Given an assignment α = a 1 . . . a k , the clause (ā 1 ∨ · · · ∨ā k ) is the clause that precludes α.
With this we can now define propagation-redundancy [16]: Definition 6 Let F be a formula, C a clause, α the assignment precluded by C, and ω an assignment that satisfies C. Then, C is propagation redundant (PR) with respect to F and ω if F | α 1 F | ω .
We call ω the witness for the propagation-redundancy of C.
, and let ω = x z. Then, C precludes the assignment α =x, and ω satisfies C. Now, consider the formulas F | α = (y) and F | ω = (y). Clearly, F | α 1 F | ω , and so C is propagation redundant with respect to F and witness ω.
If C is a RAT on p in a formula F, then C is propagation-redundant with respect to F and some witness ω [16]. Hence, DPR can be seen as a generalization of DRAT. Moreover, if a DPR proof contains no deletions, we call it a PR proof. Likewise, DRAT proofs without deletions are RAT proofs.
We now proceed to showing that extended resolution polynomially simulates DRAT. After this, we show that DRAT polynomially simulates DPR.

Simulating DRAT with Extended Resolution
We perform the transformation of a DRAT proof into an extended-resolution proof in four stages. In the first stage, we use the extension rule together with RUP addition and clause deletion to eliminate all additions of proper RATs. In the second stage, we get rid of all clause deletions. In the third stage, we then replace all RUP additions by resolution inferences and subsumed-clause additions. Finally, in the fourth stage, we also eliminate the subsumedclause additions to obtain a correct extended-resolution proof.

Eliminating Additions of Proper RATs
Given a DRAT proof C 1 , . . . , C m , I m+1 , . . . , I n , we iterate over the instructions I m+1 , . . . , I n and replace every addition I i = a, (p ∨ C) of a clause ( p ∨ C) that is a proper RAT on p in the accumulated formula F i−1 by a sequence π i of instructions. As illustrated in Fig. 1, such a sequence π i consists of a single definition introduction followed first by several RUP additions and then by several clause deletions. In the case where I i is not the addition of a proper RAT, we simply let π i be I i . At the end of this iterative process, we obtain a sequence C 1 , . . . , C m , π m+1 , . . . , π n , where every π i is a sequence of instructions corresponding to the instruction I i from the original proof. The sequence C 1 , . . . , C m , π m+1 , . . . , π n contains no additions of proper RATs, but instead contains definition introductions.
Each iteration of this process performs the following transformation, where I i is an addition instruction of a clause C = ( p ∨ c 1 ∨ · · · ∨ c k ) which is a RAT on literal p in the accumulated formula F i−1 before I i .
We first use the extension rule to introduce a clause (x ∨ c 1 ∨ · · · ∨ c k ) as well as some other definition clauses, where x is a new variable in the sense that it is not used anywhere else in the proof. Note that (x ∨ c 1 ∨ · · · ∨ c k ) differs from C only on the literal p, which is replaced by the variable x. We then use RUP additions and clause deletions to replace all occurrences of p in F i−1 by x. Our procedure guarantees that the formula accumulated after π i in the resulting sequence is exactly F i [x/ p], obtained from F i = F i−1 ∪ {C} (the accumulated formula after I i in the original proof) by simultaneously replacing occurrences of p by x and occurrences ofp byx.
As a consequence, the correctness of the whole proof is preserved by simply renaming p to x, andp tox, in all later instructions, resulting in the instructions I i+1 , . . . , I n . It is thus clear that the size of the accumulated formula after π i in the new proof is the same as that of F i in the original proof; this property will be crucial for the complexity analysis in Sect. 4.5. We now explain in detail how the sequence π i is obtained, and provide an example to illustrate the procedure.
(1) Use the extension rule to introduce the definition x ↔ p ∨ (c 1 ∧ · · · ∧c k ). This adds The first clause will be our replacement of the RAT ( p ∨ c 1 ∨ · · · ∨ c k ). This is similar to the definitions introduced to express conditional overwrites in propositional logic in [28], and intuitively follows the correctness proof of RAT clause addition from [18]: given any interpretation satisfying F i−1 , we can construct another interpretation satisfying F i by conditionally changing the truth value of p, precisely as given by the definition of x. The rest of the transformation simply replaces occurrences of p by x.
(2) Replace the literal p in all clauses of F i−1 by the new variable x: (a) Add for every clause (D ∨ p) ∈ F i−1 the clause (D ∨ x). This is a RUP addition since (D ∨ x) is a resolvent of (D ∨ p) and (x ∨p).
(b) Add for every clause (D ∨p) ∈ F i−1 the clause (D ∨x). To show that this is a correct RUP addition, we show that unit propagation derives a conflict on After this, we propagate x and p to derive all the unit clauses (c 1 ), . . . , (c k ) from the clauses (x ∨ p ∨c j ) with j ∈ 1, . . . , k. But then we have derived the negations of all literals in the resolvent (c 1 ∨ · · · ∨ c k ∨ D), and since this resolvent is a RUP in F i−1 , unit propagation must eventually derive a conflict.
(c) Delete all clauses containing p orp, including those added in step 1. Note that this does not delete the clause (x ∨ c 1 ∨ · · · ∨ c k ).
Example 3 Say we are given a proof C 1 , . . . , C m , I m+1 , . . . , I i , . . . , I n and we want to eliminate the addition We first use the extension rule to add the definition x ↔ ( p ∨ā). This adds the clauses (x ∨ a), (x ∨p), and (x ∨ p ∨ā). Next, we need to replace the literal p in F i−1 by x. To do so, we first resolve (x ∨p) with (ā ∨ p) to derive (ā ∨ x). Then, we introduce the RUP (x ∨ b) for the existing clause (p ∨ b). (It can be easily seen that the clause ( After this, the propagation of (x) and (p) derives (ā) from (x ∨ p ∨ā). But then further propagation will eventually lead to a conflict because (a ∨ b), which is the resolvent of ( p ∨ a) and (p ∨ b), is a RUP in F i−1 .) Finally, we delete all clauses containing p orp. We thus obtain the proof C 1 , . . . , C m , I m+1 , . . . , We then just need to replace p by x andp byx in I i+1 , . . . , I n to obtain a correct proof

Eliminating Clause Deletions
At this point, our proof is a sequence of (1) clauses from the original formula, (2) definition introductions, (3) RUP additions, and (4) clause deletions. Since no additions of proper RATs remain in the proof, the elimination of a deletion instruction does not affect the correctness of other proof instructions: The addition of RUPs depends only on the existence of clauses in the accumulated formula but not on their non-existence (if C is a RUP in F, it is a RUP in every superset of F). Also the extension rule is not affected by additional clauses. By simply eliminating all deletions, we thus end up with a correct proof. Note that this would not work if proper RAT additions were still present, because they depend on the non-existence of certain clauses (a clause C is a RAT in a formula F only if F contains no resolvents with C that are not RUPs).

Eliminating RUP Additions
Similar to the first stage of our simulation, we again iterate over the proof from the beginning. In this stage, we replace all additions of RUPs that are neither resolvents nor subsumed clauses. In the following, we show how the addition of such a RUP can be transformed into a sequence of resolution steps followed by a single subsumed-clause addition. This is illustrated in Fig. 2. We note that this has already been explained on a high level in the literature [27,33].
Let us first observe that, given a correct proof containing only RUP additions and definition introductions, the RUP additions of tautological clauses can be directly eliminated. To see this, simply observe that definition introductions are never affected by the presence of tautologies. Furthermore, if a clause C is a RUP in F, and F contains a tautology (a ∨ā ∨ D), the latter never becomes a unit clause in F | α under any assignment α; therefore, C is also a RUP in Fig. 2 We transform a RUP addition into a sequence of resolution steps (Res) followed by a single subsumed-clause addition (Sub) Algorithm 1. Given a RUP C, the algorithm derives a clause C 1 ⊆ C.
the formula resulting from removing tautologies from F. In the following, we thus consider only proofs without tautological clauses.
If a non-tautological clause C is a RUP in a formula F, we know that unit propagation derives a conflict on F ∧C whereC is the conjunction of the negated literals in C. This is equivalent to saying that unit propagation derives a conflict on F |C, viewingC as the assignment that satisfiesC. Hence, there exists a (possibly empty) sequence of literals a 1 , . . . , a n such that the unit clause (a i ) occurs in F |C a 1 . . . a i−1 for each 1 ≤ i ≤ n, and the empty clause ⊥ occurs in F |C a 1 . . . a n . Intuitively, (a i ) is the unit clause propagated at the i-th propagation step after all unit clauses inC have been propagated. These unit clauses and the empty clause stem from clauses D 1 , . . . , D n+1 ∈ F with the following properties: (I) the clause D i |C a 1 . . . a i−1 is the unit clause (a i ) for 1 ≤ i ≤ n, (II) D i is not satisfied bȳ Ca 1 . . . a i−1 for 1 ≤ i ≤ n + 1, and (III) the clause D n+1 |C a 1 . . . a n is the empty clause.
Algorithm 1 uses the clauses D 1 , . . . , D n+1 as follows: It starts with the last clause, D n+1 , and step-by-step resolves it with the clauses D n , . . . , D 1 until it obtains a clause C 1 that subsumes C. Using C 1 , we can then derive C with a subsumed-clause addition. Note that the algorithm performs n iterations and that the clauses D 1 , . . . , D n+1 ∈ F can be found by performing unit propagation on F ∧ (c 1 ) ∧ · · · ∧ (c k ), where C = (c 1 ∨ · · · ∨ c k ). As unit propagation is known to run in polynomial time, Algorithm 1 thus also runs in polynomial time with respect to F ∧ C. Example 4 illustrates the algorithm.

Example 4
Consider the clause C = (a ∨ b) and F = D 1 ∧ D 2 ∧ D 3 ∧ D 4 where: The clause C is a RUP in F because unit propagation derives a conflict on F ∧ (ā) ∧ (b), or equivalently, it derives a conflict on F |āb. To illustrate this, we perform the unit propagation: Our algorithm now performs resolution steps as follows: As we can see, the resulting clause C 1 = (a) subsumes C = (a ∨ b).

Lemma 1 If a formula F implies a non-tautological clause C via unit propagation, then the clause C 1 , computed by Algorithm 1, subsumes C.
Proof We show by induction that, for every 1 ≤ i ≤ n + 1, the clause C i computed by Algorithm 1 satisfies C i |C a 1 . . . a i−1 = ⊥. The claim then follows from C 1 |C = ⊥, which is equivalent to C 1 ⊆ C.
In this case, the algorithm sets C i = C i+1 and so the claim holds for i. In contrast, if C i+1 containsā i , then the algorithm sets C i = D i ⊗ a i C i+1 . But then, as C i contains only literals of D i and C i+1 except for a i andā i , the claim also follows for i.
The following statement, which is a variant of Theorem 2 in [27] as well as of the Theorem of Lee [23], is a consequence of Lemma 1; it allows us to repeatedly eliminate all additions of RUPs that are not resolvents or subsumed clauses.

Theorem 2
If a formula F implies a non-tautological clause C via unit propagation using n propagation steps, then we can derive C from F via at most n resolution steps followed by one subsumed-clause addition.

Eliminating Subsumed-Clause Additions
At this point, every instruction is either a definition introduction or it adds a resolvent or a subsumed clause. Since the extension rule does not depend on previous clauses, we can reorder the instructions of our proof so that all definition introductions occur before all addition instructions. Now, by a well-known method (e.g., [2]) we can eliminate all subsumed-clause additions from the latter part of our proof. The procedure works by recursively labeling every clause in the proof with a subclause. These labels give a resolution proof, possibly with unnecessary inferences. The labeling proceeds as follows: 1. We label every leaf clause by itself. 2. For each resolvent of two clauses (C 1 ∨ x) and (C 2 ∨x), which are labeled by D 1 and D 2 respectively, we label the resolvent by D 1 if x / ∈ D 1 ; by D 2 ifx / ∈ D 2 ; and by the resolvent of D 1 and D 2 upon x if x ∈ D 1 andx ∈ D 2 . 3. For each subsumption inference from a clause C that is labeled by D, we label the subsumed clause by D. It is straightforward to check that the labels define a resolution derivation without subsumedclause additions; in fact, a refutation, as the only subclause of ⊥ is ⊥ itself. The resulting derivation may contain redundant parts such as unused subderivations, but these do not affect our analysis and can be removed easily. After eliminating all subsumed-clause additions, we finally obtain an extended-resolution proof. Example 5 The proof tree below includes subsumed-clause additions 1 and 2. The clauses in the proof that are strict supersets of their labels are afterwards dropped from the proof (for instance, (a ∨b) is dropped because {b} ⊂ {a,b}): After dropping clauses, the result is the following proof: a ∨ bb a dā ∨d a ⊥

Complexity of the Simulation
We show now that our simulation only involves a polynomial blow-up. To simplify the presentation, we use the number of literals (with repetitions) in a proof P as the measure for its size, denoted by P . After we have shown that the size of the resulting extendedresolution proof is polynomial compared to the original DRAT proof, it should be clear that the computation of the simulation is also polynomial, given the simplicity of the used techniques (the only stage where this might not be straightforward is stage 2, for which we discussed in Sect. 4.3 why it runs in polynomial time). Let the original DRAT proof be P = C 1 , . . . , C m , I m+1 , . . . , I n . Note first that for every m + 1 ≤ i ≤ n, the size I i of the instruction I i , and the size F i of the accumulated formula F i are both bounded by O( P ). Note also that the elimination of clause deletions and subsumed-clause additions shrinks the proof. Hence, out of the four stages in the simulation, we only need to consider the first stage (elimination of RAT additions) and the third stage (elimination of RUP additions) to obtain an upper bound on the proof size.

Elimination of RATAdditions.
For the following, remark that for i ∈ m + 1, . . . , n, the size of the accumulated formula after the i-th proof fragment π i (obtained by transforming the instruction I i ) in the new proof is the same as that of F i in the original DRAT proof (we explained this on p. 1253). For the elimination of a single RAT addition of a clause ( p ∨ c 1 ∨ · · · ∨ c k ), we first add the definition x ↔ p ∨ (c 1 ∧ · · · ∧c k ). This step is clearly O( P ). After this, we add for each clause (D ∨ p) ∈ F i−1 the clause (D ∨ x), and we add for each clause (D ∨p) ∈ Elimination of RUP Additions. Before we eliminate RUPs, we have a proof whose size is O( P 2 ). We thus eliminate at most O( P 2 ) RUP additions. It remains to determine a bound for the size of the proof instructions obtained by eliminating a single RUP addition. Theorem 2 tells us that if C is a RUP that is implied via unit propagation using k propagation steps, we can derive C with at most k resolution steps followed by a single subsumed-clause addition. Clearly, the number of unit-propagation steps is bounded by the number of variables occurring in the proof (every variable can be propagated at most once). Now, the number of variables in the original proof P is clearly bounded by P and since the elimination of RAT additions has introduced at most one new variable for every RAT, we have O( P ) variables. Fig. 3 A dashed line from X to Y means that X simulates Y polynomially. A solid line from X to Y means that every Y proof can be regarded as an X proof Hence, a single RUP elimination leads to at most O( P ) instructions. As the size of a single instruction is bounded by O( P ) (a clause can contain at most two literals per variable), every RUP elimination results in a proof of size O( P 2 ). We conclude that the size of the resulting extended-resolution proof is O( P 4 ).
Note that our analysis is very conservative. For instance, representing resolvents implicitly (just pointing to their two parent clauses) instead of representing them explicitly shrinks the resulting extended-resolution proof significantly. As we will see in Sect. 7, the increase in size on practical DRAT proofs is way smaller than the theoretical bound we obtain here. Combining our result with the recent result that DRAT polynomially simulates DPR (a generalization of DRAT) [10], we obtain the complexity landscape depicted in Fig. 3.

Replacing RAT Addition With Blocked-Clause Addition
In our polynomial simulation, we needed to introduce a new variable for every proper RAT addition. This cannot be avoided because extended resolution without new variables is just ordinary resolution, and ordinary resolution is exponentially weaker than both DRAT and extended resolution [9]. We now show how blocked-clause addition, introduced by Kullmann [22] as a generalization of the extension rule from extended resolution, can be used to replace RAT addition without introducing new variables. This shows that a simple generalization of the extension rule is essentially as powerful as RAT addition, even when no new variables are introduced. Informally, a clause is blocked if all resolvents upon one of its literals are tautologies [22]:

Definition 7 A clause C is blocked by a literal p ∈ C in a formula F if all resolvents of C upon p with clauses in F are tautologies.
Example 6 Consider the formula F = (p ∨b) ∧ (p ∨ā) ∧ ( p ∨ c) ∧ (a ∨ c) and the clause (a ∨ b ∨ p). There are two resolvents of (a ∨ b ∨ p) upon p: The clause (a ∨ b ∨b), obtained by resolving with (p ∨b), and the clause (a ∨ b ∨ā), obtained by resolving with (p ∨ā).

As both resolvents are tautologies, (a ∨ b ∨ p) is blocked by p in F.
Blocked clauses are thus more restricted than RATs: While the RAT property only requires all the resolvents to be implied via unit propagation, blocked clauses require them to be tautologies, which are trivially implied via unit propagation. Hence, every blocked clause is also a RAT but not vice versa.
We follow an iterative procedure similar to the one presented in Sect. 4. Suppose C = (c 1 ∨ · · · ∨ c k ∨ p) is a proper RAT on p in a formula F. To replace the addition of C to F, we first turn C into a blocked clause by replacing the resolution partners that do not lead to tautological resolvents. We then add the clause with blocked-clause addition and afterwards derive all the original resolution partners again. As illustrated in Fig. 4, this leads to a sequence consisting of RUP additions, clause deletions, and a single blocked-clause addition. Specifically, we perform the following steps: Fig. 4 We transform a RAT addition into a sequence consisting of RUP additions, clause deletions (Del), and a single blocked-clause addition (BC) (1) For every (D ∨p) ∈ F i−1 whose resolvent R = (c 1 ∨ · · · ∨ c k ∨ D) with C upon p is not a tautology, add R with RUP addition. The resolvent R is guaranteed to be a RUP because C is a RAT on p in F i−1 .
(2) For every (D ∨p) ∈ F i−1 whose resolvent with C upon p is not a tautology, replace Since all the clauses in D p are subsumed by (D ∨p), this replacement results in a sequence of deletions and RUP additions. Note that in case C is a unit clause, the set D p is empty and so all resolution partners are deleted.
(3) Add C with blocked-clause addition. This is a correct addition because after step 2, every clause that containsp contains a literalc j with c j ∈ C. Hence, by resolving such a clause with C we obtain a tautology.
But these unit clauses lead to a conflict with the clause (c 1 ∨ · · · ∨ c k ), which we derive by propagating the negated literals of D on R = (c 1 ∨ · · · ∨ c k ∨ D).
(5) Delete all the RUPs added in step 1 and the clause sets D p added in step 2. a ∨b ∨ p). The clause C is not blocked but it is a RAT on p in F, meaning that F implies the resolvent (a ∨ b) of C and (p) via unit propagation. To turn C into a blocked clause, we first add (a ∨ b) with RUP addition. We next replace (p) by the clauses (p ∨ā) and (p ∨b) (both clauses are subsumed by (p) and thus they are RUPs). Now (p ∨ā) and (p ∨b) contain literals whose complements occur in C. We can thus add C with blocked-clause addition. After this, we use RUP addition to add the original resolution partner (p) again: This is a correct RUP addition because (a ∨ b), (p ∨ā), and (p ∨b) together imply (p) via unit propagation (to see this, observe that making p true forcesā andb to be true which leads to a conflict with (a ∨ b)). This step is actually the reason why we derived (a ∨ b) in the beginning. Finally, we delete the intermediate clauses (a ∨ b), (p ∨ā), and (p ∨b) to obtain the formula F ∪ {C}.

Simulating DPR by DRAT
We show how a DPR proof C 1 , . . . , C m , I m+1 , . . . , I n can be transformed into a DRAT proof. The main idea is similar to the idea behind eliminating proper RAT additions in the simulation of DRAT with extended resolution: We iterate over the instructions I m+1 , . . . , I n and replace every instruction I i by a sequence π i of instructions that are allowed in DRAT, i.e., additions of RATs or RUPs and deletions: . . . , C m , π m+1 , . . . , π i−1 , I i , I i+1 , . . . , I n   C 1 , . . . , C m , π m+1 , . . . , π i−1 ,π i , I i+1 , . . . , I n We define the transformation in such a way that the accumulated formula F i after proof step I i in the original PR proof is the same as the accumulated formula after the proof steps π i in the resulting DRAT proof. Because of this, deletions in the DPR proof can simply be copied to the DRAT proof. The interesting remaining case is to transform addition instructions for PR clauses.

Transforming a Single PR Addition
We want to transform a PR addition step of the form a, C i , ω i , where C i is propagationredundant with respect to F i−1 (the accumulated formula before the addition of C i ) and ω i . On a high level, we do the following: We first take a fresh variable x (i.e., a variable not occurring in the rest of the proof). Then, we perform a sequence of DRAT steps that turn the accumulated formula After adding (C i ∨ x) to F i−1 , we then perform a sequence of DRAT steps that transform F i−1 to F i−1 and that replace (C i ∨ x) by C i . We thus end up with the accumulated formula F i . Note that since x is fresh, we could immediately add (C i ∨ x) as a RAT (as there are no resolvents upon x), but this would make it hard to turn (C i ∨ x) into C i .
To simplify notation, we denote F i−1 by F, C i by C, and ω i by ω. We also assume that var(C) ⊆ var(F), otherwise we could simply add C by a single RAT addition since there would be no resolvents upon the literals whose variables are in var(C)\var(F). We perform the transformation in five phases: (1) Add extended copies of clauses that are touched but not satisfied by ω. We say that an assignment α touches a clause D if var(α) ∩ var(D) = ∅. We extend F by adding the As the literal x does not occur in F, all clauses (x ∨ D | ω ) are RATs onx in F (since there are no resolvents uponx). We denote the resulting formula by G (1) .
(2) Weaken involved clauses. We call a clause involved if it contains literals that are falsified by ω as well as literals that are satisfied by ω. We weaken every involved clause E ∈ F by replacing it with (x ∨ E). Since every weakening step can be performed by a RUP addition (subsumed clauses are RUPs) followed by a deletion, this leads to valid DRAT steps. We denote the resulting formula by G (2) . This phase only preserves satisfiability as the formula is weakened, while the other phases preserve both satisfiability and unsatisfiability. In order to preserve both satisfiability and unsatisfiability, one can add the clauses corresponding to the implication x → ω before weakening the clauses from E to (x ∨ E) and after the weakening remove the clauses corresponding to the implication. Adding the implication clauses can be achieved by RAT addition as these clauses have RAT on literalx. The removal of these clauses can be achieved by RAT deletion as they have RAT on the other literal after the weakening.
(3) Add the weakened propagation-redundant clause. We add the clause (C ∨ x) to G (2) , resulting in G (3) . To prove that (C ∨ x) is a RAT on x in G (2) , we need to show that for every clause (x ∨ D) ∈ G (2) , the resolvent (C ∨ D) of (C ∨ x) and (x ∨ D) is implied by G (2) via unit propagation: The only clauses in G (2) that contain the literalx are the ones we added in the first phase, which are of the form (x ∨ D | ω ) where D ∈ F; hence the corresponding resolvent that we must show from G (2) via unit propagation is (C ∨ D | ω ).
Let α be the assignment precluded by C. Since C is propagation-redundant with respect to F and witness ω, we know that F | α 1 D | ω since D ∈ F. This is equivalent to . Now, all clauses of F are also contained in G (2) , except for clauses of the form (x ∨ E)-added in phase (2)-for which F contains the corresponding clauses of the form E. However, since propagation of the negated literals of D on G (2) can derive the unit clausex, we have that (4) Strengthen all weakened clauses. We remove all occurrences of the literal x from clauses in G (3) . With this we reverse the second phase by strengthening the clauses (E ∨ x) to E and strengthen (C ∨ x) to C. First, we introduce the clauses corresponding to the implication x → ω, i.e., the clauses {(x ∨ l) | ω(l) = 1}. Let us show that these clauses are RATs on l in G (3) after making a couple of observations. First, any clause (x ∨ D | ω ) introduced in step 1 does not contain the literall with l ∈ ω. Second, any clause E ∈ F containingl and satisfied by ω is replaced by the clause (x ∨ E) in step 2. Hence, the only clauses that can containl are (i) clauses D ∈ F which are not satisfied by ω, (ii) clauses of the form (x ∨ E) withl ∈ E (as introduced in step 2), and (iii) the clause (C ∨ x) introduced in step 3. For a clause D as in the first case, the clause (x ∨ D | ω ) is introduced in step 1; the resolvent (x ∨ l) ⊗ D is then subsumed by (x ∨ D | ω ), which occurs in G (3) because of step 1. Resolvents with clauses of either the form (x ∨ E) in the second case, or the form (C ∨ x) in the third case, are tautologies as they contain x andx. After this, we strengthen all clauses (x ∨ E) ∈ G (3) , including (C ∨ x), to E as follows: Observe that all clauses (x ∨ E) ∈ G (3) are satisfied by ω and therefore there exists a clause (x ∨ l) with l ∈ E. We can thus derive E from (x ∨ E) by resolving with this clause. We denote the resulting formula by G (4) .
(5) Remove clauses that containx. We remove the clauses {(x ∨ l) | ω(l) = 1} of the implication x → ω as well as the clauses of the form (x ∨ D) that were added in the first phase. We denote the resulting formula by G (5) .

Complexity of the Simulation
We now analyze the worst-case complexity of transforming a PR proof of the form C 1 , . . . , C m , a, C m+1 , ω m+1 , . . . , a, C n , ω n into a DRAT proof of the form C 1 , . . . , C m , π m+1 , . . . , π n . The number of DRAT steps that are required to simulate a single PR addition step depends on the size of the accumulated formula at the respective proof step. For what follows, |F n | = n denoted the number of clauses in F n and let V = |var(F n )| be the number of variables in F n . Since a PR proof does not delete clauses, we have |F i | = |F i−1 | + 1 and |var(F i )| ≥ |var(F i−1 )| and thus |F i | ≤ n and |var(F i )| ≤ V for 1 ≤ i ≤ n. In the analysis, we ignore clause deletion since the number of clause deletions is bounded by the number of added clauses. Notice that since PR proofs don't contain deletion steps, no original clauses are deleted in the resulting DRAT proof. In phase (1) of the conversion algorithm, copies of clauses that are reduced but not satisfied by ω i are added, while in phase (2) clauses are weakened which are reduced and satisfied by ω i . Since a clause is either satisfied, not satisfied, or untouched by ω i , the sum of the number of copies and weakened clauses is at most |F i | ≤ n. Phase (3) adds a single clause. Phase (4) adds the clauses for the implication x → ω i (at most V steps) and strengthens all weakened clauses (at most n steps). Phase (5) only deletes clauses. Thus the total number of clause additions for all phases in the conversion of a single PR step is bounded by V + 2n + 1.
There are fewer than n additions in the PR proof and for each addition we apply the conversion algorithm. Hence the total number of clause addition steps in the DRAT proof is at most nV + 2n 2 + n. Since V ≤ n for any interesting PR proof 1 , the number of steps in the resulting DRAT proof is in O(n 2 ). From this it should be clear that the simulation can be performed in polynomial time.

Optimizations
Our simulation procedure was designed to result in compact DRAT proofs using only one new variable, while focusing on converting any DPR derivation into a DRAT derivation. The procedure can be further optimized to reduce the size of the resulting DRAT proof.
Witness Minimization. In some situations, only a subset of the involved clauses needs to be weakened (phase 2) and strengthened (phase 4). Weakening of involved clauses is required to make sure that the clauses of the form (x ∨ l), where ω satisfies l, are RATs on l in G (3) in phase (4) of the simulation algorithm. However, some of the clauses (x ∨ l) may be implied via unit propagation by others (and do not require to be a RATs on l). This situation occurs when a subset ω of the witness ω implies ω via unit propagation. We thus minimize ω by searching for the smallest witness ω ⊆ ω such that ω implies ω via unit propagation, i.e., F | ω 1 (l 1 ) ∧ · · · ∧ (l n ) for ω = l 1 . . . l n . Only clauses reduced by ω and satisfied by ω need to be weakened in phase (2) and strengthened in (4).
Avoiding Copying. In some cases, which we describe in the following, we can avoid copying the clauses that are touched but not satisfied by the witness, meaning that we can skip phase (1) and (5) of the simulation algorithm: Let α be the assignment precluded by the PR clause C to be added, let ω be the witness, and let ω be the minimized witness as discussed above. If the following two conditions hold, we can avoid clause copying: First, there is no literal l that is satisfied by α but falsified by ω . 2 Second, for each literal l that is satisfied by ω , the unit clause (l) should be a RAT on l in the current formula without the involved clauses under α. Although these conditions seem very restrictive, they apply often in the PR proofs used in our empirical evaluation. This optimization removes phases (1) and (5), and modifies (2), (3), and (4). We denote the modified phases by phase (i), (ii), and (iii), respectively: (i) Weaken involved clauses. We now call a clause involved if it contains literals that are falsified by the minimized witness ω as well as literals that are satisfied by the original witness ω. In this phase, we replace each involved clause E by the clause (x ∨ E), which is a valid RUP addition. We denote the resulting formula by G (i) .
(ii) Add the weakened propagation-redundant clause. Add the clause (C ∨ x). Since no clause contains the literalx, this is a valid RAT addition. We denote the resulting formula by G (ii) .
(iii) Strengthen all weakened clauses. We now remove all occurrences of the literal x from clauses in G (ii) . With this, we reverse the second phase (i) by strengthening (E ∨ x) to E and strengthen (C ∨ x) to C. First, we introduce the clauses corresponding to the implication x → ω , i.e., the clauses {(x ∨ l) | ω (l) = 1}. These clauses are RATs on l in G (ii) : Assume a clause D containsl, i.e., D contains a literal that is falsified by ω . Then, D is either satisfied by ω or not. If D is satisfied by ω, then it is of the form (x ∨ E) (introduced in phase i), and thus the resolvent with (x ∨l) is a tautology. If D is not satisfied by ω, then it is implied by unit propagation under the current formula under α because of the second condition above. After adding these clauses, we strengthen (C ∨ x) to C and all clauses (x ∨ E) ∈ G (ii) to E. Observe that all clauses (x ∨ E) ∈ G (ii) , including (C ∨ x), are satisfied by ω and therefore there exists a clause (x ∨ l) with l ∈ E. Resolving with the clauses (x ∨ l), we can therefore remove all literals x. We denote the resulting formula, which is equal to G ∧ C, by G (iii) .

Experimental Evaluation
We implemented our simulation procedures as dedicated tools, called drat2er (for the transformation from DRAT to extended resolution) and pr2drat (for the transformation from DPR to DRAT). 3 We then evaluated the simulation tools on existing DPR proofs for the pigeon-hole formulas, two-pigeons-per-hole formulas [3], and Tseitin formulas [4,30]. The pigeon-hole formulas (hole*) ask whether n + 1 pigeons can be placed into n holes such that each hole contains at most one pigeon. Similarly, the two-pigeons-per-hole formulas (tph*) ask whether 2n + 1 pigeons can be placed into n holes with at most two pigeons per hole. Finally, the Tseitin formulas (Urquhart*) encode a parity problem on graphs.
We selected the proofs of these formulas for two reasons. First, all three formula families are hard for resolution, meaning that they admit only resolution proofs whose size is exponential with respect to the formula [9,32]. Second, out of all DRAT proofs we are aware of, the DRAT proofs in our experiments have the highest ratio of proper-RAT-to-RUP-instructions, meaning that the transformation from DRAT to extended resolution can offer insight into a worst-case scenario regarding existing proofs. Table 1 shows the results of our experiments. Although the extended-resolution proofs are clearly larger than the corresponding DRAT proofs, the blow-up is far from the theoretical worst case. As we already selected proofs with many proper RAT instructions, we imagine that the growth is even smaller on proofs with a modest number of RAT instructions. For a pigeon-hole formula holeX, the increase in size is roughly the factor X. For the two-pigeons-per-hole formulas, the growth is larger. This can be explained by the high clauses-to-variables ratio. Finally, for the Tseitin formulas, the growth lies between a factor of 20 and 30.
As a comparison, Table 2 shows the smallest extended-resolution proofs of the pigeon-hole formulas and of the Tseitin formulas known to us. The proofs of the pigeon-hole formulas were manually constructed by Cook [5] whereas the proofs of the Tseitin formulas were produced using the tool EBDDRES 1.2 [19]. To the best of our knowledge, there is only one tool supporting extended resolution that was able to solve one of the selected twopigeons-per-hole formulas: EBDDRES 1.1 [29]. It generated an extended-resolution proof with 2,638,385 definitions and 18,848,004 resolution steps for the formula tph8.

Verified PR Proof Checking
Our tool pr2drat can be used to validate PR proofs with formally verified tools and thereby increase the confidence in their correctness. The tool chain works as follows: Given a formula F and an alleged PR proof P PR of F, pr2drat converts P PR into a DRAT proof P DRAT . Afterwards, we use the DRAT-trim tool to convert P DRAT into a CLRAT (compressed linear RAT) proof P CLRAT . CLRAT proofs can be efficiently checked using formally verified checkers [7]. We used the verified checker ACL2check [12] to certify that P CLRAT is a valid proof of unsatisfiability of F. Notice that the correctness of the tools pr2drat and DRAT-trim has not been formally verified and thus they could possibly turn an invalid proof into a valid proof or vice versa. Figure 5 shows the results of applying this tool chain on the benchmark suite. The pr2drat tool was able to convert each PR proof into a DRAT proof in less than a minute, and half of the proofs in even less than a second. The runtimes of DRAT-trim and ACL2check are one to two orders of magnitude higher than for pr2drat. Thus, pr2drat adds little overhead to the tool chain. The sizes of the DRAT and CLRAT proofs are comparable. However, these proofs are different since DRAT-trim (1) removes redundant clause additions, (2) includes hints to speedup verified checking, and (3) compresses proofs. The effect of (1) depends on proof quality, (2) increases the size of proofs of small hard problems by roughly a factor of four, and (3) reduces size to 30% of the uncompressed proofs. The difference between the DRAT and CLRAT proofs therefore indicates how much redundancy was removed: For the pigeon-hole proofs, there is hardly any redundancy added. For the two-pigeons-per-hole proofs, only a modest amount is added, and for the Tseitin proofs a lot of redundancy is added. Notice that runtimes of the verified checker ACL2check are comparable to the C-based checker DRAT-trim.

Conclusion
We showed different simulations between propositional proof systems. The first simulation transforms DRAT proofs into extended-resolution proofs whereas the second simulation transforms DPR proofs into DRAT proofs. Together, these two simulations show how extended resolution is related to modern propagation-based proof systems used in practical SAT solving. In addition, we showed how blocked-clause addition can be used to simulate the addition of RATs without the introduction of new variables. Our results provide us with a better understanding of DRAT and DPR as well as of extended resolution. We now know how extended resolution can mimic the reasoning steps of these modern proof systems.
To evaluate the increase in size caused by our simulations, we implemented them and performed experiments on existing DRAT and DPR proofs of hard formulas. Even though the size increase could be considerable in theory, in practice it is still feasible. Especially our simulation tool of DPR by DRAT allows to certify the correctness of DPR proofs by first transforming them to DRAT and then using formally verified proof checkers.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.