Building Strategies into QBF Proofs

Strategy extraction is of great importance for quantified Boolean formulas (QBF), both in solving and proof complexity. So far in the QBF literature, strategy extraction has been algorithmically performed from proofs. Here we devise the first QBF system where (partial) strategies are built into the proof and are piecewise constructed by simple operations along with the derivation. This has several advantages: (1) lines of our calculus have a clear semantic meaning as they are accompanied by semantic objects; (2) partial strategies are represented succinctly (in contrast to some previous approaches); (3) our calculus has strategy extraction by design; and (4) the partial strategies allow new sound inference steps which are disallowed in previous central QBF calculi such as Q-Resolution and long-distance Q-Resolution. The last item (4) allows us to show an exponential separation between our new system and the previously studied reductionless long-distance resolution calculus. Our approach also naturally lifts to dependency QBFs (DQBF), where it yields the first sound and complete CDCL-style calculus for DQBF, thus opening future avenues into CDCL-based DQBF solving.


Introduction
Proof complexity investigates the resources for proving logical theorems, focussing foremost on the minimal size of proofs needed in a particular calculus. Since its inception the field has enjoyed strong connections to computational complexity (cf. [17,20]) and to first-order logic [19,38]).
During the past decade, proof complexity has emerged as a key tool to model and analyse advances in the algorithmic handling of hard problems such as SAT and beyond. While traditionally perceived as a computationally hard problem, SAT solvers have been enormously successful in tackling huge industrial instances [42,56] and hard combinatorial problems [32]. As each run of a solver on an unsatisfiable formula can be understood as a proof of O. Beyersdorff: An extended abstract of this article appeared at the proceedings of STACS'19 [10].
B Olaf Beyersdorff olaf.beyersdorff@uni-jena.de 1 Institut für Informatik, Friedrich-Schiller-Universität Jena, Jena, Germany 2 The Institute of Mathematical Sciences, HBNI, Chennai, India unsatisfiability, each solver implicitly defines a proof system. This connection turns proof complexity into the main theoretical approach towards understanding the power and limitations of solving, with bounds on proof size directly corresponding to bounds on solver running time [17,43].
The algorithmic success story of solving has not stopped at SAT, but is currently extending to even more computationally complex problems such as quantified Boolean formulas (QBF), which is PSPACE complete, and dependency QBFs (DQBF), which is even NEXP complete [1]. While quantification does not increase expressivity, (D)QBFs can encode many problems far more succinctly, including application domains such as automated planning [18,22], verification [6,41], synthesis [24,40] and ontologies [37].
The past 15 years have seen huge advances in QBF solving. While some of the main innovations in SAT solving, including the development of conflict-driven clause learning (CDCL), revolutionised SAT in the late 1990s [53], this development in QBF is happening now. Consequently, QBF proof complexity has received considerable attention in recent years.
Compared with QBF, solving in DQBF [26] is at its very beginnings, both in implementations (2018 was the first year that saw a DQBF track in the QBF competition [48]) as well as in its accompanying theory [52].
Strategy extraction is one of the distinctive features of QBF and DQBF, manifest in both solving [5,49] and proof complexity. For solving it guarantees that together with the true/false answer the solver can produce a model (or countermodel) of the (D)QBF. This is an important step in the solving workflow, since a model (or countermodel) may encode a solution (or a counterexample) to the given problem. For example, a model for a QBF encoding a synthesis problem defines an implementation meeting the desired specification [31]. Determining truth merely implies the existence of such a system.
On the proof complexity side, this implies that proof calculi modelling QBF solving should allow strategy extraction in the sense that from a refutation of a false QBF, a countermodel of the QBF can be efficiently constructed. This feature-without analogue in the propositional domain-enables strong lower-bound techniques in QBF proof complexity [9,11,12], exploiting the fact that formulas requiring hard strategies cannot have short proofs in calculi with efficient strategy extraction.
As in SAT versus propositional proof complexity, one of the prime challenges in QBF and DQBF is to create compelling proof-theoretic models that capture central features of (D)QBF solving and at the same time remain amenable to a proof-theoretic analysis. While there exist several orthogonal approaches in QBF solving with quite different associated proof calculi, we will focus here on the paradigm of quantified conflict-driven constraint learning (QCDCL) [59]. An interesting feature of QCDCL is that it combines conflict learning with solution learning. Whereas a CDCL SAT solver can terminate upon finding a single solution (i.e. a satisfying assignment), a QCDCL QBF solver will repeatedly learn and manipulate solutions, aiming to determine the truth of the input QBF. 1 Meanwhile, the solver also employs conflict learning, aiming to determine falsity. Here we focus on the conflict learning side. Prooftheoretically its most basic model is Q-Resolution [35], which as in propositional resolution operates on clauses (of prenex QBFs).
Q-Resolution (Q-Res) uses the resolution rule of propositional resolution and augments this with a universal reduction rule that allows to eliminate universal variables from clauses. Combining these two rules requires some technical care: without any side-conditions the two rules result in an unsound system. Typically this is circumvented by prohibiting the derivation of universal tautologies. It was noted early on that in solving this is needlessly prohibitive [59] and universal tautologies can be permitted under certain side-conditions. Later formalised as the proof system long-distance Q-Resolution (LD-Q-Res) [3], it was even shown that LD-Q-Res exponentially shortens proofs in comparison to Q-Res [23], thus demonstrating the appeal of the approach for solving. In fact, when enabling long-distance steps in QBF solving, universal reduction is not strictly needed and this reductionless approach was adopted in the QBF solver GhostQ [36]. To model this solving paradigm, Bjørner, Janota, and Klieber [15] introduced the calculus of reductionless LD-Q-Res.
The interplay between long-distance resolution and universal reduction steps becomes even more intriguing in DQBF. In [2] it was shown that lifting Q-Res (using the rules of resolution and universal reduction) to DQBF results in an incomplete proof system, whereas lifting LD-Q-Res (using long-distance resolution steps together with universal reduction) becomes unsound [13].
Naturally, the intriguing question of why and how deriving 'universal tautologies' in longdistance steps might help solving has attracted attention among theoreticians and practitioners alike. Instead of a universal tautology u ∨ū, most formalisations of long-distance resolution actually use the concept of a 'merged' literal u * . While it is clear (and implicit in the literature) that merged literals u * correspond to partial strategies for u rather than universal tautologies, a formal semantic account of long-distance steps (and stronger calculi using merging [12]) was only recently given by Suda and Gleiss [54], where partial strategies are constructed for each individual proof inference. However, as already noted in [54], the models considered in [54] fail to have efficient strategy extraction in the sense that the constructed (partial) strategies may need exponential-size representations.

Our contributions
A. The new calculus of Merge Resolution. Starting from the reductionless LD-Q-Res system of [15] and its role of modelling QCDCL solving, we develop a new calculus that we call Merge Resolution (M-Res). Like reductionless LD-Q-Res, the system M-Res only uses a resolution rule and does not permit universal reduction steps. Reductionless LD-Q-Res and M-Res are therefore both refutational calculi that finish as soon as they derive a purely universal clause.
As the prime novel feature of M-Res we build partial strategies into proofs. We achieve this by computing explicit representations of strategies in a variant of binary decision diagrams (called merge maps here), which are updated and refined at each proof step by simple operations. These merge maps are part of the proof. As a consequence, M-Res has efficient strategy extraction by design. This is in contrast to all previous existing QBF calculi in the literature, where strategies are algorithmically constructed from proofs. In particular, this also applies to the approaches taken in [23,54] for LD-Q-Res and in [15] for reductionless LD-Q-Res. But also the choice of our representation as merge maps matters: as [15,54] both represent (partial) strategies as trees, the constructed strategies may grow exponentially in the proof size, thus losing the property of efficient strategy extraction desired for practice. In contrast, in our model merge maps are always linear in the size of the clause derivations.
B. Exponential separation of M-Res from reductionless LD-Q-Res. Including merge maps explicitly into proofs also has another far-reaching advantage: it allows resolution steps not only forbidden in Q-Res, but even disallowed in LD-Q-Res. In a nutshell, LD-Q-Res allows resolution steps only when universal variables quantified left of the pivot have constant and equal strategies in both parent clauses. In M-Res we have explicit representations of strategies and thus can allow resolution steps as long as the strategies in both parent clauses are isomorphic to each other, a property that we can check efficiently for merge maps. This last mentioned advantage of allowing resolution steps in M-Res forbidden in (reductionless) LD-Q-Res manifests in shorter proofs. We show this by explicitly giving an example of a family of QBFs that admit linear-size proofs in M-Res (Theorem 29), but require exponential size in reductionless LD-Q-Res (Theorem 28). The separating formulas are a variant of the equality formulas introduced in [9]. While the original formulas from [9] are hard for Q-Res, but easy in LD-Q-Res, we here consider a 'squared' version, for which we naturally use resolution steps for clauses with associated non-constant winning strategies, allowed in M-Res, but forbidden in LD-Q-Res.
This demonstrates that M-Res is exponentially stronger than reductionless LD-Q-Res, thus also pointing towards potential improvements in QCDCL solving. While the simulation of reductionless LD-Q-Res by M-Res is almost immediate and also the upper bound in M-Res is comparatively straightforward, the lower bound is a technically involved argument specifically tailored towards the squared equality formulas. C. A sound and complete CDCL-style calculus for DQBF. As our final contribution we show that the new QBF system of M-Res naturally lifts to a sound and complete calculus for DQBF. As shown in [2], the lifting of Q-Res to DQBF is incomplete, whereas the combination of universal reduction and long-distance steps presents soundness issues, both in DQBF [13] as well as in the related framework of dependency schemes [7,8].
Here we show that our framework of M-Res overcomes both these soundness and completeness issues and therefore has exactly the right strength for a natural DQBF resolution calculus. In fact, it is the first DQBF CDCL-style system in the literature 2 and as such paves the way towards CDCL-style solving in DQBF. Again, by design our DQBF system has efficient strategy extraction.

Preliminaries
Propositional logic Let Z be a countable set of Boolean variables. A literal is a Boolean variable z ∈ Z or its negationz, a clause is a set of literals, and a CNF is a set of clauses. For a literal l, we define var(l) := z if l = z or l =z; for a clause C, we define vars(C) := { var(l) : l ∈ C}; for a CNF φ we define vars(φ) := ∪ C∈φ vars(C).
An assignment to a set Z ⊆ Z of Boolean variables is a function ρ : Z → {0, 1}, conventionally represented as a set of literals in which z (resp.z) represents the assignment z → 1 (resp. z → 0). The set of all assignments to Z is denoted Z . Given a subset Z ⊆ Z , ρ Z is the restriction of ρ to Z . The CNF φ[ρ] is obtained from φ by removing any clause containing a literal in ρ, and removing the negated literals {l : l ∈ ρ} from the remaining clauses. We say that ρ falsifies φ if φ[ρ] contains the empty clause, and that φ is unsatisfiable if it is falsified by each ρ ∈ Z .
Given two clauses R 1 and R 2 and a literal l such that l ∈ R 1 andl ∈ R 2 , we define the resolvent res(R 1 , R 2 , l) := (R 1 \{l}) ∪ (R 2 \{l}). (Note that res(R 1 , R 2 , l) = res(R 2 , R 1 ,l).) A resolution refutation of a CNF φ is a sequence C 1 , . . . , C k of clauses in which C k is the empty clause and, for each i ∈ [k], either (a) C i ∈ φ or (b) C i = res(C a , C b , z) for some a, b < i and z ∈ vars(φ).

Quantified Boolean formulas
where (a) Q := Q 1 Z 1 · · · Q n Z n is the quantifier prefix, in which the Z i ⊂ Z are pairwise disjoint finite sets of Boolean variables, Q i ∈ {∃, ∀} for each i ∈ [n], and Q i = Q i+1 for each i ∈ [n − 1], and (b) the matrix φ is a CNF over vars(Φ) := n i=1 Z i . The existential (resp. universal) variables of Φ, typically denoted X (resp. U ), is the set obtained as the union of the Z i for which Q i = ∃ (resp. Q i = ∀). The prefix Q defines a binary relation < Q on vars(Φ), such that z < Q z holds iff z ∈ Z i , z ∈ Z j , and i < j, in which case we say that z is right of z and z is left of z . For each u ∈ U , we define L Q (u) := {x ∈ X : x < Q u}, i.e. the existential variables left of u.
QBF semantics Semantics for QBFs is neatly described by the two-player evaluation game. Over the course of a game, the variables of a QBF Q · φ are assigned 0/1 values in the order of the prefix, with the ∃-player (∀-player) choosing the values for the existential (universal) variables. When the game concludes, the players have constructed a total assignment ρ to the variables. The ∀-player wins iff ρ falsifies φ.
A strategy dictates how the ∀-player should respond to every possible move of the ∃- Additionally h is winning if, for each α ∈ X , the restriction of φ by α ∪ {h u (α L Q (u) ) : u ∈ U } contains the empty clause. We use the terms 'winning strategy' and 'countermodel' interchangeably. A QBF is called false if it has a countermodel, and true if it does not.
A partial strategy for a universal variable u is a function from some subset of L Q (u) into {u,ū}.

QBF proof systems
We deal with line-based refutational QBF systems that typically employ axioms and inference rules to prove the falsity of QBFs. We say that P is complete if there exists a P refutation of every false QBF, sound if there exists no P refutation of any true QBF. We call P a proof system if it is sound, complete, and polynomial-time checkable. Given two QBF proof systems P 1 and P 2 , P 1 p-simulates P 2 if there exists a polynomial-time procedure that takes a P 2 -refutation and outputs a P 1 -refutation of the same QBF [20].

Reductionless long-distance Q-Resolution
In this section we recall the definition of reductionless LD-Q-Res, prove that it is refutationally complete, and demonstrate that it does not have polynomial-time strategy extraction in either of the computational models of [15,54]. The system appeared first in [15, Fig. 1], where it was referred to as Q w -resolution. [15]) In reductionless LD-Q-Res, a derivation from a QBF Φ := Q · φ is a sequence π := C 1 , . . . , C k of clauses in which at least one of (a) or (b) holds for each i ∈ [k]:

Definition 1 (reductionless LD-Q-Res
(a) Axiom. C i is a clause from the matrix φ; (b) Long-distance resolution. There exist integers a, b < i and an existential pivot x ∈ X such that C i = res(C a , C b , x) and, for each The final clause C k is the conclusion of π, and π is a refutation of Φ iff C k contains no existential variables.
A pair of complementary universal literals {u,ū} appearing in a clause is referred to singly as a merged literal. It is clear from a wealth of literature 3 that merged literals are 'placeholders' for partial strategies, the exact representation left implicit in the structure of the derivation.
We illustrate the rules of the calculus by showing that the equality formulas [9] have linear-size refutations.

Example 3
We construct linear-size reductionless LD-Q-Res refutations in two stages. First, resolve each pair Note that it is allowed to introduce the merged literal {u i ,ū i } since variable u i is right of the pivot x i . Second, resolve the C i successively against the long clause {t 1 , . . . ,t n } over pivot t i , to obtain a full set of merged literals C := {u i ,ū i : i ∈ [n]}. Here, even though u i is left of the pivot t i , the appearance of the merged literal {u i ,ū i } in the resolvent is allowed, since variable u i is absent from one of the antecedents. The derivation is a refutation since the conclusion C contains no existential literals.
We now show that this calculus is indeed complete. Given a false QBF Φ with a countermodel h, we construct a canonical reductionless LD-Q-Res refutation based on the 'full binary tree' representation of a countermodel [51]. For each α ∈ X , there exists some C α in the matrix falsified by α ∪ h(α). The set of all such C α may be successively resolved over existential pivots in reverse prefix order, finally producing a clause containing no existentials. Merged literals never block resolution steps in this construction, as they only ever appear to the right of the pivot variable. It is easy to see that the unique countermodel for this QBF essentially sets u and v equal to x and y, respectively. Formally, the countermodel consists of the functions h u and h v , where h u (α)(u) = α(x) and h v (β)(v) = β(y), for each α ∈ {x} and β ∈ {x, y} . Figure 1 shows the full binary tree depiction of this countermodel and its associated reductionless LD-Q-Res refutation. Notice that each path from root to leaf in the countermodel tree specifies a total assignment that falsifies the corresponding axiom clause. Notice also that the existential resolution pivots on each path from an axiom to the conclusion occur in reverse prefix order, matching the pattern of the full binary tree countermodel. The prefix order inherent to the countermodel tree also ensures that each long-distance resolution step is valid.

Lemma 5 Every false QBF has a reductionless LD-Q-Res refutation.
Proof Let Φ := Q · φ be a false QBF with countermodel h. Let {x 1 , . . . , x n } denote the existential variables of Φ in prefix order; that is, for each i, j ∈ [n] with i < j, x i is not right of x j . Let α 1 , . . . , α 2 n define the natural lexicographic ordering of the total assignments to X , as in  Fig. 1 The full binary tree depiction of a countermodel and its associated reductionless LD-Q-Res refutation We define a sequence π := π n •· · ·•π 0 in which each π i := C i 1 , . . . , C i 2 i , and the clauses C i j are defined recursively as follows: For j ∈ [2 n ], C n j is any clause in φ falsified by α j ∪ h(α j ) (at least one such clause exists by definition of countermodel); for i ∈ [n] and j ∈ [2 i−1 ], It is readily verified by downwards induction on i ∈ [n] that each C i j contains no complementary universal literals in variables left of x i . Moreover, it is easy to see that the conclusion C 0 1 contains no existential literals. Removing duplicate clauses from π produces a reductionless LD-Q-Res refutation of Φ.
Soundness and polynomial-time checkability of reductionless LD-Q-Res are immediate, as the system uses a subset of the rules of the classical long-distance Q-resolution proof system [3]. The computational model of Bjørner et al. [15]. In tandem with reductionless LD-Q-Res, the authors of [15] introduced a computational model based on tree-like branching programs. The model is used to explicitly construct the partial strategies represented implicitly by merged literals.
We demonstrate that tree-like branching programs constructed in this way cannot represent strategies efficiently; that is, the system does not have polynomial-time strategy extraction in the associated model (even for partial strategies). The following example shows a linear-size derivation whose explicit strategy grows exponentially large.

Example 6
Consider the following proof fragment, in reductionless LD-Q-Res, with a prefix ∃v∃x∃w∀u∃y∃z. Alongside each proof line is the strategy for the universal variable u, as built by the Build function in [15]. In a nutshell, Build traverses the subderivation of the current step, and represents the pattern of merges on u as a tree-like branching program that queries the (existential) resolution pivots.

Line
Obtained as Clause Strategy as built in [15] Observe that the final strategy at line 12 represents the strategy corresponding to line 3 twice. By nesting such a proof fragment from lines C 3 to C 12 with fresh copies of the existential variables (v, x, y, z) k times, we can construct a reductionless LD-Q-Res proof fragment with O(k) lines, where the strategy built by the Build function from [15] has size exponential in k. The computational model of Suda and Gleiss [54]. The authors of [54] proposed a model of partial strategies based on so-called policies (a policy is a set of assignments specifying an ordered decision tree.) They noted that the equality formulas have linear-size refutations in the strong QBF system IRM-calc [12], whereas policies witnessing their falsity must be exponentially large, therefore IRM-calc does not admit polynomial-time strategy in policies. The same is true for reductionless LD-Q-Res, since Example 3 shows that the equality formulas also have linear-size refutations there.
The computational model of policies is not even suitable for strategy extraction in the weak system level-ordered Q-Res [34]. 4 Versions of the equality formulas in which the prefix is rearranged (∃x 1 ∀u 1 ∃t 1 · · · ∃x n ∀u n ∃t n ) have linear-size level-ordered Q-Res refutations, whereas winning strategies represented as policies must be large. The argument is the same as for the equality formulas [54], and derives from the implicit use of tree-like structures.
That neither model is suitable for efficient strategy extraction shows that using either inside the derivation would result in an artificial, exponential size blow-up. The root of the issue is tree-like models versus DAG-like proofs. The DAG-like computational model that we introduce in the following section is tightly knitted to the refutation, yielding linear-time strategy extraction for free.

Merge resolution
In this section we introduce Merge Resolution (M-Res, Sect. 4.2), and prove that it is sound and complete for QBF (Sect. 4.3). The salient feature of M-Res is the built-in partial strategies, represented as merge maps. Given the problems with the computational models of [15,54], the principal technical challenge is to find a suitable way to define and combine partial strategies devoid of an artificial proof-size inflation.

Merge maps
Our computational model A merge map is a branching program that queries a set of existential variables and outputs an assignment to some universal variable, i.e. a literal in {u,ū, * }, where * stands for 'no assignment'. As we intend to tie the DAG structure of the merge maps to the DAG structure of the proof, we will label query nodes with natural numbers based on the proof line indexing (we elaborate on this later). Hence, from a technical standpoint it makes sense to define a merge map as a function from the index set of its nodes. mapping α ∈ X to the output of the following algorithm:

Definition 7 (merge map) A merge map M for a Boolean variable u over a finite set X of Boolean variables is a function from a finite set N of natural numbers satisfying, for each
We depict merge maps pictorially as DAGs. The nodes are the domain elements, and the leaf nodes as well as the directed edges are labelled by literals. In a merge map M, if M(i) is a literal l, then node i is labeled l. If M(i) = (x, a, b), then the DAG has the edge i → a labeledx and the edge i → b labeled x. The DAG naturally describes a deterministic branching program computing a Boolean function. Figure 2 shows a merge map represented as a function, and its corresponding depiction as a branching program.
Relations Merge Resolution uses two relations to determine preconditions for the binary operations. Firstly, we give M-Res the power to identify merge maps with equivalent representations, up to indexing. We term equivalent representations 'isomorphic'.

Proposition 10 Any two isomorphic merge maps compute the same function.
Proof Let M 1 and M 2 be merge maps, let f be a bijection satisfying the properties of Definition 9, and let i ∈ dom(M 1 ). The computation of M 2 (i) as in Definition 8 is identical to that of M 1 , except that each natural number a ∈ dom(M 1 ) is replaced with f (a). The proposition follows.
Our second relation, consistency, simply identifies whether or not two merge maps agree on the intersection of their domains.
Definition 11 (consistency) Two merge maps M 1 and M 2 for u over X with domains N 1 and

Example 12
For the merge maps depicted in Fig. 3, isomorphism and consistency (or lack thereof) are as given in the table below.
It is easy to see that both relations can be computed in time polynomial in max(N 1 ∪ N 2 ). (To check isomorphism, step through the two merge maps starting from their maximal domain elements N 1 , N 2 . Using memoization, iteratively build the bijection-witnessing isomorphism. Any suitable data structure that allows efficient insertion and search can be used for this. To check consistency, construct the two domains-again, using an appropriate data structure, and check that the instructions at common line numbers match.) Operations M-Res uses two binary operations to build merge maps for the resolvent based on those of the antecedents. We define the operations and give some intuition on their role in M-Res. Concrete examples follow the definition of the system in the next subsection.
The select operation identifies equivalent merge maps by means of the isomorphism relation. It also allows a trivial merge map to be discarded; we call a merge map trivial iff it is isomorphic to 1 → * . The merge operation allows two consistent merge maps to be combined as the children of a fresh query node. Antecedent maps are only ever merged for universal variables right of the pivot x. The inclusion of a natural number n allows the new query node to be identified with the resolvent, via its index in the proof sequence. In this way, query nodes are shared between later merge maps, rather than being duplicated; the result is a DAG-like structure which faithfully follows that of the derivation.
Definition 14 (merge) Let M 1 and M 2 be consistent merge maps for u over X with domains N 1 and N 2 , let n > max(N 1 ∪ N 2 ) be a natural number, and let x ∈ X . Then

Definition of M-Res
We are now ready to put down the rules of Merge Resolution. Given a non-tautological clause C and a Boolean variable u, the falsifying u-literal for C isl if there is a literal l ∈ C with var(l) = u, and * otherwise.
in which at least one of the following holds for each i ∈ [k]: (a) Axiom. There exists a clause in C ∈ φ such that C i is the existential subclause of C, and, for each u ∈ U , M u i is the merge map for u over L Q (u) with domain {i} mapping i to the falsifying u-literal for C; (b) Resolution. There exist integers a, b < i and an existential pivot x ∈ X such that C i = res(C a , C b , x) and, for each u ∈ U , either . The final line L k is the conclusion of π, and π is a refutation of Φ iff C k = ∅. The size of π is |π| = k. We illustrate the rules of M-Res with two examples. The first demonstrates that labelling branching nodes with proof-line indexes sidesteps the exponential blow-up in the computational model of [15].

Example 17
The reductionless LD-Q-Res proof fragment in Example 6 can be viewed as a proof in M-Res if we attach appropriate merge maps at each line.

Line
Rule In lines L 7 , L 9 and L 11 , the use of select is allowed, since in each case one of the antecedent merge maps is trivial (i.e. isomorphic to 1 → * ). Notice that at line L 7 , we could also have chosen M 7 to be merge(M 5 , M 6 , 7, y); this would result in a larger merge map. Now, consider the final merge map M 12 . The corresponding branching program has isolated nodes numbered 6, 8, and 10; these can be removed, giving the pruned merge map shown in Fig. 4. Notice how the size blow-up from Example 6 is avoided here; since M 3 and

Line
Rule

Soundness and completeness of M-Res
The soundness of M-Res comes down to the fact that the merge maps at a given line form a partial strategy for the input QBF, in the technical sense of [54]. This means that any total existential assignment that falsifies the clause C i will falsify the matrix when extended by the output of the merge maps M u i . Our proof of soundness is an induction on the proof structure with exactly this invariant. At the conclusion, all existential assignments falsify the empty clause C k , and hence the M u k compute a countermodel. A trivial corollary, then, is that M-Res has linear strategy extraction in merge maps. Our formal proof of soundness is preceded by a preliminary proposition. , we show, for each α ∈ A i , that the restriction of φ by α ∪ h i (α) contains the empty clause. Since α k is the empty assignment, we have A k = X . We therefore prove the lemma at the final step i = k, as we show that {h u k : u ∈ U } is a countermodel for Φ. For the base case i = 1, let α ∈ A 1 . As L 1 is introduced as an axiom, there exists a clause C ∈ φ such that C 1 is the existential subclause of C, and each M u 1 is the merge map from {i} mapping i to the falsifying u-literal for C. Hence, for each u ∈ U , l u For the inductive step, let i ≥ 2 and let α ∈ A i . The case where L i is introduced as an axiom is identical to the base case, so we assume that L i was derived by resolution. Then there exist integers a, b < i and an existential pivot x ∈ X such that C i = res (C a , C b , x), and each u ∈ U satisfies either (i) . Now, suppose on the one hand thatx ∈ α, and let u ∈ U . If u satisfies (i) and M u a is non-trivial, then l u i (α) = l u a (α), and if u satisfies (ii) then l u i (α) = l u a (α) by Proposition 20. It follows that l u i = l u a only if l u a = * , and hence h a (α) ⊆ h i (α). Since C a ∪{x} ⊆ C i , we have α ∈ A a , so the restriction of φ by α ∪h i (α) contains the empty clause by the inductive hypothesis. Supposing, on the other hand, that x ∈ α, a similar argument shows that h b (α) ⊆ h i (α). Note that, in this case, if u satisfies (i) and M u b is non-trivial, then M u a M u b and l u i = l u a = l u b by Proposition 10.
We show the completeness of M-Res via the p-simulation of reductionless LD-Q-Res. The simulation copies precisely the structure of the reductionless LD-Q-Res refutation, while replacing merged literals by merge maps in the natural way.

Theorem 22 M-Res p-simulates reductionless LD-Q-Res.
Proof Let Φ := Q · φ be a QBF with existential variables X and universal variables Y , and let π := C 1 , . . . , C k be a reductionless LD-Q-Res refutation of Φ. We define a sequence π := L 1 , . . . , L n , in which each L i := (C i , {M u i : u ∈ U }), and prove that it is an M-Res refutation of Φ.
For each i ∈ [k], we define C i to be the existential subclause of C i . For each u ∈ U , the merge maps are defined recursively as follows: If C i is an axiom, M u i is defined as the merge map over L Q (u) with domain {i} mapping i to the falsifying u-literal for C i (note that this covers the definition of M u 1 ). If C i is derived by resolution, say

Now, by induction on i ∈ [k]
, we prove that, for each u ∈ U , (a) if {u,ū} C i , then M u i is isomorphic to 1 → l, where l is the falsifying u-literal for C i , (b) L i can be derived from previous lines in π using an M-Res rule.
Both are established trivially when C i is an axiom; hence it remains to show the inductive step in the case where C i was derived by resolution. In this case C i = res(C a , C b , x) for some a, b < i and some x ∈ X . This completes the induction. Since C n contains only universal variables, C k is the empty clause, and π is a refutation.
With soundness and completeness established by Lemma 21 and Theorem 22, it remains to show that M-Res refutations can be checked in polynomial time. This is easy to see, since the isomorphism and consistency relations are computable efficiently.

Proof complexity: merge resolution versus reductionless LD-Q-Res
In this section we exponentially separate M-Res from reductionless LD-Q-Res. The separating formulas are a kind of 'squaring' of the equality formulas from Definition 2.

Definition 24 (squared equality formulas)
The squared equality family is the QBF family whose n th instance EQ 2 (n) := Q(n) · eq 2 (n) has the prefix Q(n) := ∃{x 1 , y 1 , . . . , x n , y n }∀{u 1 , v 1 , . . . , u n , v n }∃{t i, j : i, j ∈ [n]}, and the matrix eq 2 (n) consisting of the clauses The only winning strategy for the universal player is to set u i = x i and v j = y j for each i, j ∈ [n]. At the final block, the existential player is faced with the full set of {t i, j } unit clauses, and to satisfy all of them is to falsify the square clause {t i, j : i, j ∈ [n]}. No other strategy can be winning, as it would fail to produce all n 2 unit clauses.

EQ 2 (n) lower bound for reductionless LD-Q-Res
We first give a formal definition of a refutation path; that is, a sequence of consecutive resolvents beginning with an axiom and ending at the conclusion.
Definition 25 (path) Let π be a reductionless LD-Q-Res refutation. A path from a clause C in π is a subsequence C 1 , . . . , C k of π in which: • C = C 1 is an axiom of π; • C k is the conclusion of π; • for each i ∈ [k − 1], there exists a literal p i and a clause R i occurring before C i+1 in π such that C i+1 = res(C i , R i , p i ).
The lower-bound proof is based upon two facts: (1) every total existential assignment corresponds to a path, all of whose clauses are consistent with the assignment (Lemma 26); (2) every path from the square clause contains a 'wide' clause containing either all the x i or all the y j variables (Lemma 27). It is then possible to deduce the existence of exponentially many wide clauses, i.e. by considering the set of assignments for which each x i = y i and each t i, j = 0, all of whose corresponding paths begin at the square clause (proof of Theorem 28).

Lemma 26 Let π be a reductionless LD-Q-Res refutation of a QBF Φ, and let A be a clause with vars(A) = vars ∃ (Φ). Then there exists a path in π in which no existential literal outside of A occurs.
Proof We describe a procedure that constructs a sequence P := C k , . . . , C 1 of clauses in reverse order as follows: To begin with, let the 'current clause' C 1 be the conclusion of π. As soon as the current clause C i is in an axiom, the procedure terminates. Whenever necessary, obtain C i+1 as follows: find clauses R 1 and R 2 occurring before C i in π and a literal p ∈ A such that C i is res(R 1 , R 2 , p), and set C i+1 := R 1 as the current clause. P is clearly a path in π by construction. By induction one shows that the existential subclause of C i is a subset of A, for each i ∈ [k]: The base case i = 1 holds trivially since there are no existential literals in the conclusion C 1 of π. For the inductive step, observe that C i+1 = C ∪ {p}, for some subset C ⊆ C i and literal p ∈ A.
The second lemma is more technical, and its proof more involved. The proof works directly on the definition of path, the rules of reductionless LD-Q-Res, and the syntax of the squared equality formulas, to show the existence of the wide clause.
Let P := C 1 , . . . , C k be a path from {t i, j : i, j ∈ [n]} in π. With each C l we associate an n × n matrix M l in which M l [i, j] := 1 ift i, j ∈ C i and M l [i, j] := 0 otherwise. Let l be the least integer such that M l has either a 0 in each row or a 0 in each column. Note that l ≥ 2 since M 1 has no zeros.
We prove the lemma by showing that either X ⊆ vars(C l ) or Y ⊆ vars(C l ) must hold. Suppose that M l has a 0 in each row. We make use of the following claims, which hold for all i, j ∈ [n]: We proceed to show that every row in M l also has at least one 1. To see this, suppose on the contrary that M l contains a full 0 row r (this implies that l ≥ 2, and hence that M l−1 exists). Note that by definition of resolution there can be at most one element that changes from 1 in M l−1 to 0 in M l . Since M l−1 does not have a 0 in every column, it does not contain a full zero row. Hence it must be the case that the unique element that went from 1 in M l−1 to 0 in M l is in row r . Since n ≥ 2, we deduce that M l−1 has a 0 in each row, contradicting the minimality of l.
Let i ∈ [n]. Since the ith row in M l contains a 1, there is some j ∈ [n] for whicht i, j ∈ C l . From claim (1) it follows that {u i ,ū i } C l . Moreover, as universal literals accumulate along the path, this means that {u i ,ū i } C m for each m ≤ l. Since the ith row in M l contains a 0, there exists j ∈ [n] such thatt i, j / ∈ C l . Ast i, j ∈ C 1 , there must be a t i, j -resolvent C l on P with l ≤ l. Then we have x i ∈ vars(C l ) by claim (3). Also, for each m ≤ l, C m is not an x i -resolvent by claim (2). It follows that x i ∈ vars(C l ). Since i ∈ [n] was chosen arbitrarily, we have X ⊆ vars(C l ).
Suppose on the other hand that M l does not contain a 0 in each row. Then M l contains a 0 in each column. A symmetrical argument, with analogous claims involving the v j , y j variables, then shows that Y ⊆ vars(C l ).
It remains to prove the three claims.
(1) Observe that each clause in π containing the positive literal t i, j also contains the variable u i (this holds for every axiom and universal literals are never removed). Let C be a clause on the path P for whicht i, j ∈ C, and, for the sake of contradiction, suppose that {u i ,ū i } ⊆ C. Since u i < Q(n) t i, j , there cannot be t i, j -resolvent on P following C, as such a resolution step is explicitly forbidden in the rules of reductionless LD-Q-Res. This means thatt i, j occurs in C k , the final clause of P. This is a contradiction, since C k is the conclusion of π, which contains no existential literals. Therefore {u i ,ū i } C. (2) Observe that each clause in π containing x i (resp.x i ) also contains u i (resp.ū i ) (again, this holds for every axiom and universal literals are never removed). Let R be an x iresolvent of R 1 and R 2 in π. Since x i ∈ R 1 andx i ∈ R 2 , we must have u i ∈ R 1 and u i ∈ R 2 . It follows immediately that {u i ,ū i } ⊆ R.
(3) Observe that each axiom in π containing the positive literal t i, j contains variable x i . Hence, any clause in π that contains literal t i, j but not variable x i must appear after an x i -resolvent on some path, and therefore contains {u i ,ū i } by Claim (2). Now, let R be a t i, j -resolvent of R 1 and R 2 in π. Suppose that x i / ∈ vars(R), which implies that It remains to prove the lower bound formally from the preceding lemmata.

Theorem 28
The squared equality family requires exponential-size reductionless LD-Q-Res refutations.
Proof Let n ∈ N, and let π be a reductionless LD-Q-Res refutation of EQ 2 (n). We show that |π| ≥ 2 n−1 . The size bound is trivially true for n = 1, so we assume n ≥ 2. Put X := {x 1 , . . . , x n } and Y := {y 1 , . . . , y n }, and let L := {t i, j : i, j ∈ [n]} be the long clause from eq 2 (n). We call a non-tautological clause S symmetrical iff vars(S) = X ∪ Y and x i ∈ S ⇔ y i ∈ S for each i ∈ [n]. (A symmetrical clause represents a total assignment to X ∪ Y ). Note that there are 2 n distinct symmetrical clauses. By Lemma 26, for each symmetrical clause S, there exists a path P S in π in which all existential literals are contained in S ∪ L. Moreover, each P S begins at clause L, since every other clause in eq 2 (n) contains some positive t i, j literal that does not occur in S ∪ L. By Lemma 27, on each path P from L in π there exists a clause C for which either X ⊆ vars(C) or Y ⊆ vars(C). It follows that we can define a function f that maps each symmetrical assignment S to a clause f (S) in π for which either proj(S, Moreover, since distinct symmetrical clauses S 1 and S 2 satisfy proj(S 1 , X ) = proj(S 2 , X ) and proj(S 1 , Y ) = proj(S 2 , Y ), each f (S) is the image of at most two distinct symmetrical clauses. Hence, π contains at least 2 n−1 clauses.
Close inspection of the lower-bound proof reveals that particular resolution steps are blocked due to the appearance of merged literals in the antecedents (see the proof of claim (1) of Lemma 27). As we noted in Example 18, such steps remain blocked even if both merged literals implicitly represent the same (non-constant) function, in which case the resolution step is actually perfectly sound. As we will see, the M-Res upper-bound construction makes crucial use of the isomorphism of non-constant merge maps.

Short M-Res refutations of EQ 2 (n)
Here we construct short M-Res refutations of the squared equality formulas. The approach is as follows. First, for each i, j ∈ [n], obtain a line ({t i, j }, M i, j ) by resolving the axioms for the four clauses in eq(n) 2 that contain {t i, j }. By the natural application of the merge and select operations, one obtains merge maps M i, j in which the merge map for u i outputs x i with a single query, the merge map for v j outputs y j with a single query, and all other maps are trivial. Notice that all the non-trivial merge maps for a given universal variable are isomorphic, so these n 2 unit clauses can all be resolved against the square clause, utilising the select operation. It is precisely this final step which is unavailable in reductionless LD-Q-Res.

Theorem 29 The squared equality family has O(n 2 )-size M-Res refutations.
Proof Let n ∈ N. We construct a refutation in two stages. In the first stage we explicitly construct an M-Res derivation π := L 1 , . . . , L k from EQ 2 (n), where k = 2n 2 . In the second stage, we show that π can be extended to a refutation with a further n 2 + 1 lines.

Stage one.
For each h, i, j ∈ N we let δ(h, i, j) := (h − 1)n 2 + (i − 1)n + j and use L(h, i, j) as an alias for L δ (h,i, j) . Similarly, we let C(h, i, j) be the clause, U (h, i, j) be the merge map for u i , and V (h, i, j) be the merge map for v j appearing on line L(h, i, j). These  U (h, i, j) and V (h, i, j) are the only merge maps in π we define explicitly; we consider all others to be defined implicitly as the appropriate trivial merge map.
Letting i, j ∈ [n], we define the first 4n 2 lines with and observe that each of these lines can be introduced as an axiom. The next 2n 2 lines are the result of the natural resolutions over y j . For each i, j ∈ [n] we define Each line L(4, i, j) can be derived by resolution from L(0, i, j) and L (2, i, j); to see this, note that U (0, i, j) is clearly isomorphic to U (2, i, j) and V (0, i, j) is trivially consistent with V (2, i, j) (their domains are disjoint), therefore U (4, i, j) = select(U (0, i, j), U (2, i, j)) and A similar argument shows each that L(5, i, j) can be derived by resolution from L(1, i, j) and L (3, i, j). The final n 2 lines are the result of the natural resolutions over It is easy to see that each L(6, i, j) can be derived by resolution from L(4, i, j) and L(5, i, j), since V (4, i, j) is clearly isomorphic to V (5, i, j) (an isomorphism is l → l + n 2 ) and U (0, i, j) is trivially consistent with U (1, i, j) (disjoint domains). Stage two. We now show how π can be extended to a refutation. Let L 6 := {L(6, i, j) : i, j ∈ [n]} denote the final n 2 lines of π, in each of which appears some unit clause {t i, j }. We observe that, for each a, b, i ∈ [n], U (6, i, a) is isomorphic to U (6, i, b) (an isomorphism is l → l + b − a); that is, amongst the lines L 6 , the non-trivial merge maps for u i are pairwise isomorphic. Similarly, for each j ∈ [n], the non-trivial merge maps for v j appearing in L 6 are pairwise isomorphic. Now, a line T , consisting of the clause {t i, j : i, j ∈ [n]} and a full set of trivial merge maps, can be introduced as an M-Res axiom in a derivation from EQ 2 (n). From T and L 6 , in a further n 2 steps we obtain a refutation by successively resolving each line in L 6 against T , removing a literalt i, j each time. All such resolution steps are valid, since the merge map for u i (v j ) in any line can be defined as select (M a , M b ), where M a and M b are the merge maps for u i appearing in the antecedent lines. The isomorphism of non-trivial merge maps for u i (v j ) is preserved, and ensures that select (M a , M b ) is defined.
The separation follows immediately from Theorems 28 and 29.

Overview of DQBF
In this section, we provide an overview of DQBF, which will help to explain how Merge Resolution is best extended to a DQBF proof system (in Sect. 7).

S-form versus H-form
A DQBF can be written in one of two forms: Skolem-form (S-form) and Herbrand-form (H-form) [2]. To date, most of the DQBF literature has focused on S-form (whether in computational complexity [1,16], proof complexity [8,50], and solving [27,29,55,57,58]), whereas relatively little has been written about H-form [2]. The DQBF solver presented in [25] uses H-form DQBF to facilitate a reduction to QBF. Otherwise, as far as we are aware, existing DQBF solvers use S-form exclusively [52].
We will recall S-form and H-form DQBFs, their semantics, and the transformation operation that relates them.
An S-form dependency quantified Boolean formula (DQBF) is a formula of the form in which φ is a CNF, and each S i is a subset of the universally quantified variables {u 1 , . . . , u m }. S-form DQBF generalises QBF, since the quantifier prefix has a more general specification that allows variable dependencies for the existentials to be written explicitly in the sets S i . QBF is the fragment of S-form DQBF for which the dependency sets are nested subsets, i.e. S 1 ⊆ S 2 ⊆ · · · ⊆ S n . An S-form DQBF is true if and only if it has a Skolem-function model. A Skolem-function model g for Φ is a set {g i : i ∈ [n]} of functions An H-form DQBF is the obvious dual to S-form, namely a formula of the form Ψ := ∃x 1 · · · ∃x n ∀u 1 (H 1 ) · · · ∀u m (H m ) · φ , in which φ is a CNF, and each H i is a subset of the existentially quantified variables {x 1 , . . . , x n }. Here the H i express the variable dependencies for the universals, as opposed to the existentials in S-form.
An H-form DQBF is false if and only if it has an Herbrand-function countermodel, which is dual to a Skolem-function model. An Herbrand-function countermodel h for Ψ is a set The dual definitions of S-form and H-form DQBF seem perfectly natural, and both sets of formulas generalise QBF in an obvious way. Nonetheless, it was shown in [2] that the situation in terms of semantics is already quite complex. To see this, consider the transformation operation T defined below. (It is a combination of the negation and complement operators defined in [2]. We find it more convenient here to have a single operation.) This operator is a natural map from S-form onto H-form DQBF and from H-form onto S-form DQBF. The T -transform of the S-form DQBF in (1) is the H-form DQBF where H i := {x j : u i / ∈ S j }. Intuitively, in the transformed H-form, a universal variable u depends on the existentials which did not depend on u in the original S-form. The Ttransform of the H-form DQBF is defined analogously. (In the notation of [2], for any DQBF Φ, T (Φ) = ¬∼Φ = ∼¬Φ.) It is easy to see that for any DQBF Φ, T (T (Φ)) = Φ. To see why the T -transform is a natural operation, consider what happens to a QBF. Recall that in an S-form QBF, the dependency sets are nested (S 1 ⊆ S 2 ⊆ · · · ⊆ S n ), therefore the dependency sets in the T -transform are also nested (H 1 ⊆ H 2 ⊆ · · · ⊆ H m ). In fact, it is not too hard to see that both collections of dependency sets represent the same (linear) QBF prefix. Therefore, the transform of an S-form QBF is just an H-form representation of the same QBF, and this is verified semantically: an S-form QBF has a Skolem-function model (is true) if and only if its transformed H-form does not have an Herbrand-function countermodel (is not false); and it does not have a Skolem-function model if and only if its transform does have an Herbrand-function countermodel. Thus, every QBF Φ is logically equivalent to T (Φ); the only change made by the transformation is from S-form to H-form and vice versa.
But this is not the case in general for DQBF. The authors of [2] partitioned S-form DQBF into four distinct classes: (A) those which have a Skolem-function model, but whose transform has no Herbrandfunction countermodel. (B) those which have no Skolem-function model, but whose transform does have an Herbrand-function countermodel. (C) those which have a Skolem-function model, and whose transform also has an Herbrandfunction countermodel. (D) those which have no Skolem-function model, nor does their transform have an Herbrandfunction countermodel.
All QBFs are either type A or B. Type C and D are classes of DQBFs whose semantic properties are markedly different from QBF.  Fig. 6 The simulation order of QBF resolution systems and soundness/completeness of their versions lifted to S-form DQBF

Expansion versus QCDCL
Given what we know about the semantics of DQBF, we pose the following question: What is the impact of the existence of type C and D DQBFs on the transfer of solving techniques from QBF? We argue that the impact is indeed visible in theoretical models of solving. Moreover, it forms a decent explanation for the results that we have seen there. Figure 6 (reproduced from [13]) depicts what happens when one attempts to lift various QBF calculi to DQBF. All of these systems are refutational calculi for S-form DQBFs; that is, they prove that an S-form DQBF does not have a Skolem-function model.
The main message of Fig. 6 (and the conclusion of [13]) is that expansion-based systems lift to S-form DQBF whereas CDCL-based systems do not. Q-Resolution, for example, is too weak (it is not complete for S-form DQBF), whereas long-distance Q-Resolution is too strong (it is not sound).
A reasonable explanation for this goes as follows: Expansion-based (D)QBF calculi prove the non-existence of Skolem functions, whereas CDCL-based (D)QBF calculi prove the existence of Herbrand functions.
Such an explanation could scarcely be sought in the QBF realm, where the non-existence of a Skolem-function model and the existence of an Herbrand-function countermodel are equivalent. One really needs to consider the behaviour of type C and D formulas to understand that these two things are not equivalent for DQBF.
Whereas our statement is not the kind that can be proved as a theorem, there appears good reason to promote it as a credible hypothesis, since it explains the situation depicted in Fig 6. Expansion-based systems prove that the universal expansion of a (D)QBF (i.e. a propositional formula) is unsatisfiable. Satisfying assignments for the expansion are in one-one correspondence with Skolem-function models, so a proof of unsatisfiability is a proof of the non-existence of Skolem functions. Thus, the expansion systems ∀Exp+Res and IR-calc should lift quite naturally to refutational systems for S-form DQBFs, whose falsity is witnessed by the non-existence of Skolem functions. And indeed, they lift easily to DQBF, as shown in Fig 6 [13].
Moreover, if CDCL-based systems prove the existence of Herbrand functions, we should expect to see difficulties lifting them to S-form DQBF, because the rules of these systems implicitly work on the T -transformed formulas, which is an H-form DQBF. We know that there exist type C S-form DQBFs that are true, but whose transform also has Herbrand functions, and type D S-form DQBFs that are false, but whose transform does not have Herbrand functions. In the former case we could expect to refute a true formula (unsoundness), in the latter case we find false formulas that we cannot refute (incompleteness). This is precisely what we see in Fig. 6: LD-Q-Res is unsound for S-form DQBF [13], whereas Q-Res is incomplete [2].
Note that IRM-calc, which is considered an expansion-based system, is also unsound for Sform DQBFs. This is because the system is designed to simulate LD-Q-Res, and unfortunately also simulates unsound LD-Q-Res refutations of true S-form DQBFs.

Switching from S-form to H-form
We suggest, then, that it is worthwhile to investigate further the use of H-form DQBF as an input encoding for CDCL-based DQBF solving. At least for theoretical models, this is yet to be investigated. Here we undertake the first such investigation, and we get some positive results: Merge Resolution lifts naturally to a sound and complete CDCL-based refutational proof system on H-form DQBF.
It should be noted that a resolution system for DQBF called Fork Resolution [50] was shown to be sound and complete for S-form DQBF. The system is based on so-called 'information forks', and allows the introduction of fresh variables that delegate the responsibility for fork satisfaction between the original variables. Whereas Fork Resolution is clearly a variant of Q-Resolution, it is not clear whether one should call it a CDCL-based system. Certainly, the associated solver DCAQE [55] belongs to the paradigm of clausal abstraction, rather than conflict-driven clause learning. However, we wish to make it clear that switching to H-form is not the only solution to the issues associated with Fig. 6.

Extending merge resolution to H-form DQBF
In this section, we show that M-Res extends naturally to a proof system for H-form DQBF with the addition of a single weakening rule.
For consistency with the QBF definition, we introduce an equivalent notation for H-form DQBF. We write the quantifier prefix of the H-form DQBF Φ := ∃x 1 · · · ∃x n ∀u 1 (H 1 ) · · · ∀u m (H m ) · φ as a triple Q := (X , U , L Q ), where: (c) Weakening. There exists an integer a < i such that C i is an existential superclause of C a and, for each u ∈ U , either (i) M u i = M u a , or (ii) M u a is trivial and M u i := i → l for some literal l ∈ {u,ū}.
By 'existential superclause' it is meant that vars(C i ) ⊆ X and C a ⊆ C i .
Weakening is, in a clear sense, the simplest rule with which one extends M-Res to Hform DQBF. Its function is merely to represent exactly the paths of the countermodel on which the canonical completeness construction is based. In general, the countermodel needs to be represented in full since merge maps must be isomorphic in order to apply the select operation. Note that the DQBF analogue of Proposition 19 is proved easily with an additional case for the weakening rule.

Soundness and completeness
Soundness of M-Res for H-form DQBF is proved in the same way as for QBF, i.e. by showing that the concluding merge maps compute a countermodel. Completeness, on the other hand, cannot be established with an analogue of Theorem 22; DQBF is strictly larger than QBF, and hence simulation of reductionless LD-Q-Res does not guarantee completeness. Our proof rather extends the method by which completeness of reductionless LD-Q-Res was proved in Lemma 5; namely, the construction of a 'full binary tree' of resolution steps based on the countermodel, following the prefix order of existential variables.
We give an overview of the construction. Let Φ := (X , U , L Q ) · φ be a false DQBF with a countermodel h. For each α ∈ X , the assignment α ∪ h(α) falsifies some clause C α ∈ φ by definition of countermodel. Now, consider the M-Res line whose clause is the largest existential clause falsified by α and whose merge maps are constant functions computing h(α). Each such line can be derived in two M-Res steps, by weakening the axiom corresponding to C α . Moreover, the clauses {C α : α ∈ X } form the leaves of a full binary tree resolution refutation which can be completed using an arbitrary order of the existential pivots X . The merge maps are constructed by merging over the pivot x iff x ∈ L Q (u); otherwise the select operation takes the merge map from either antecedent, since the full binary tree structure guarantees that they are isomorphic.
As merge maps essentially represent the structure of resolution steps in the subderivation, it is no surprise that the merge maps in our construction also have a full binary tree structure. This structure is captured by the following definition.
At the technical level, we must define existential restrictions for DQBFs and DQBF countermodels. Let Φ := (X , U , L Q ) · φ be a DQBF with a countermodel h and let l be a literal The construction itself is defined recursively in the completeness proof, combining full binary tree refutations for Φ [x] and Φ [x] for some x ∈ X with a single resolution step. We use the fact that restrictions preserve countermodels in the following sense. Proof Let π be the refutation with the given conclusion. The desired derivation may be obtained from π simply by adding the literal {l} to each clause, applying weakening where necessary, and adjusting the indexing of the merge maps to account for the extra weakening steps.

Lemma 35 Every false H-form DQBF has an M-Res refutation.
Proof Let Φ := (X , U , L Q ) · φ be a false DQBF, and let X := {x 1 , . . . , x n } where the x i are pairwise distinct. For any M-Res refutation π with conclusion (C k , {M u k : u ∈ U }), let {h u : u ∈ U } be the concluding countermodel for π, where the h u are the functions computed by the concluding merge maps M u k . A merge map for u ∈ U over L Q (u) is said to be complete if it is isomorphic to a binary tree merge map for u over the sequence By induction on the number n of existential variables, we show that, for each countermodel h for Φ, there exists an M-Res refutation whose concluding countermodel is h and whose concluding merge maps are complete. To that end, let h := {h u : u ∈ U } be an arbitrary countermodel for Φ.
For the base case |X | = 0, observe that each h u is a constant function with some singleton codomain {l u }. By definition of countermodel, there exists a clause C ∈ φ such that C = {l u : u ∈ vars(C)}. Applying the axiom rule to C, one obtains a derivation of the line (∅, {M u : u ∈ U }) in which M u computes the constant function h u if u ∈ vars(C), and is trivial otherwise. With a single weakening step, each trivial M u can be swapped for a merge map isomorphic to 1 → l u . Then each M u is trivially complete and computes the constant function h u .
For the inductive step, let n ∈ N. Combining Propositions 33 and 34 with the inductive hypothesis, we deduce that there exist M-Res derivations π and π of the lines ({x 1 It is easy to see that the M u are complete merge maps computing the h u .
The weakening rule is clearly polynomial-time checkable. Thus the following is immediate from Lemmata 31 and 35.

Theorem 36 M-Res is a proof system for H-form DQBF.
It is natural to consider whether the weakening rule is necessary for completeness. This is indeed the case; there exist false H-form DQBFs that cannot be refuted by M-Res without weakening.
For example, consider the DQBF Φ := (X , U , L Q ) · φ in which X := {x 1 , x 2 }, U := {u 1 , u 2 }, the support set function is given by It is easy to see that the only countermodel for Φ sets u 1 = x 1 and u 2 = x 2 . Note that the functions computing this unique countermodel have ranges {ū 1 , u 1 } and {ū 2 , u 2 } Now, let π be a weakening-free M-Res derivation from Φ. We will show that each line in π is of one of three types: C The merge maps compute functions with ranges R C 1 = R C 2 = { * }.
From this it follows that π is not a refutation, because its concluding merge maps do not compute a countermodel.
The axiom line for the clause {x 1 ,x 2 ,ū 1 ,ū 2 } is type A, the axiom line for the clause {x 1 , x 2 , u 1 , u 2 } is type B, and the remaining two clauses, which contain no universal literals, are type C. It is easy to see that resolution of a type A line with a type A or C line always yields type A. Similarly, resolution of a type B line with a type B or C line always yields type B. Resolving two type C clauses yields a type C clause. Moreover, type A lines can never be resolved with type B lines; in this case, the merge maps for u 1 are non-trivial and non-isomorphic, and similarly for u 2 , so neither x 1 nor x 2 is eligible as the pivot variable.

What is new in M-Res?
To the best of our knowledge, M-Res is the first 'long-distance' proof system for DQBF. Recent work [13] showed that the DQBF version of LD-Q-Res is not sound, so it is natural to ask how M-Res fares in comparison. We identify three major differences.
Firstly, M-Res works with Herbrand-form DQBFs, whereas the system in [13] was defined for Skolem-form DQBFs (which use support sets for existential variables). Merge maps detail precisely how the Herbrand functions are encoded in the resolution structure of long-distance proofs. One could say that such refutations are 'proving the existence of Herbrand functions'. For QBF, this is of course equivalent to proving the non-existence of Skolem functions, but that does not carry over to DQBF (in a precise technical sense [2]). From this standpoint, it is natural to refute H-form DQBFs by finding the Herbrand functions that certify the falsity of the formula, and this is exactly what M-Res achieves. On the other hand, [13] takes the approach of refuting S-form DQBFs-which amounts to proving the non-existence of Skolem functions-by looking for Herbrand functions that may exist even if the formula is true.
The second difference is the absence of universal reduction. The difficulty of dealing with universal reduction in the context of DQBF resolution is to some extent addressed in [7], where it is considered in the (closely related [8]) context of dependency schemes. There it is shown that the interplay between universal reduction and merging is problematic, and additional constraints must be placed on universal reduction to prevent unsound inferences. Given that universal reduction is not necessary for completeness, it seems natural to dispense with it entirely.
The third and final difference is the explicit representation of functions in M-Res, versus the function placeholders known as 'merged literals' from classical long-distance Q-resolution. Here we argue that the 'full binary tree' construction that features in the proofs of Lemmata 5 and 35 is the canonical completeness proof for CDCL-based systems. The explicit representation of functions is key to this construction, since it allows the comparison of non-trivial merge maps. Thus we argue that building strategies into proofs is the natural way to overcome incompleteness.

Relevance to solving
Merge maps may be relevant for QBF and DQBF solving.
In dependency learning for QBF [45], variable dependencies are ignored until clause learning is blocked by an illegal merge. Our work demonstrates that many 'illegal' merges are perfectly sound inferences; moreover, M-Res provides a mechanism for identifying such cases based on isomorphism. Thus, it is plausible that incorporating merge maps could increase the scope of dependency learning.
In DQBF, practitioners are still looking for a natural 'CDCL-based' (as apposed to 'expansion-based') solving paradigm. Our discussion in Sect. 6 suggests one possible reason: namely, the use of Skolem form encodings is not conducive to CDCL-based search. An interesting direction for future work, therefore, would be to experiment with Herbrand-form DQBFs as the standard input format for CDCL-based DQBF solving.
It seems natural, then, to suggest Merge Resolution as the underlying resolution engine in a CDCL-based solver for Herbrand-form DQBF. Conceiving such an implementation would require some work; for example, one would need to store partial strategies with learned clauses, and carry out an efficient isomorphism test. Isomorphism is an easy way to determine the equivalence of two Boolean functions, but in general it seems unlikely that two equivalent functions will have identical representations. This points towards efficient (approximate) equivalence testing as the key to a successful implementation of M-Res.

Complexity of H-form DQBF
Whereas the decision problem for S-form DQBF is known to be NEXP complete [1], the complexity of the decision problem for H-form DQBFs, as far as we are aware, has not been studied. Moreover, the methodology of [1] does not seem appropriate for H-form DQBFs. Since every QBF can be written as an H-form DQBF, the decision problem is certainly PSPACE-hard, and the NEXP upper bound applies for all DQBFs, but its exact complexity remains an interesting open problem.