(Week 1)

Theory

The mechanics underneath the solver: propositional logic, normal forms, and the DPLL algorithm that searches for satisfying assignments.

Propositional Logic

Propositional logic is a formal language. Like any formal language it has two parts: syntax (what counts as a well-formed expression) and semantics (what the expressions mean). We will build both from the ground up, then use them to define the property SAT solvers decide.

Syntax

Every propositional formula is built from three kinds of piece:

Variables: $p$ , $q$ , $x_{1}$ , $x_{2}$ , ...
Constants: $⊤$ (top) and $⊥$ (bot).
Connectives: $\neg$ (not), $\land$ (and), $\lor$ (or), $⟹$ (implies), $⟺$ (iff).

The constants $⊤$ and $⊥$ stand for true and false. We will make that precise in Semantics.

The grammar says how to combine them:

\begin{matrix} ϕ & : : = & ⊤ ∣ ⊥ ∣ x \\ ∣ & \neg ϕ \\ ∣ & ϕ \land ϕ \\ ∣ & ϕ \lor ϕ \\ ∣ & ϕ ⟹ ϕ \\ ∣ & ϕ ⟺ ϕ \end{matrix}

A formula is either a variable, a constant, or a compound built by applying a connective to one or two smaller formulas. Every compound formula has smaller formulas inside it, all the way down to the atoms.

Operator precedence lets us drop parentheses when the grouping is unambiguous. In order from tightest to loosest: $\neg$ , $\land$ , $\lor$ , $⟹$ , $⟺$ . Implication and biconditional associate to the right. A few examples of how precedence resolves unparenthesized formulas:

As written	Fully parenthesized
$\neg p \land q$	$(\neg p) \land q$
$p \lor q \land r$	$p \lor (q \land r)$
$p ⟹ q ⟹ r$	$p ⟹ (q ⟹ r)$
$\neg p \land q \lor r ⟹ s$	$((\neg p \land q) \lor r) ⟹ s$
$(\neg p \land q) \lor (r ⟹ s)$	$(\neg p \land q) \lor (r ⟹ s)$

The last row is the formula we will use as a running example throughout this section. Its parentheses are doing real work: without the right-hand pair, precedence would give us the previous row, a different formula.

Formulas as Trees

The grammar is recursive: each compound formula is built by applying a connective to one or two smaller formulas, which are themselves built the same way. That is the definition of a tree. Every propositional formula has a natural tree structure falling out of the grammar, with the outermost connective at the root and the atoms at the leaves.

Here is the running formula as a tree:

graph TD
    accTitle: Expression tree of the running formula
    accDescr: Tree for (not p and q) or (r implies s). The root is a disjunction. Its left child is a conjunction whose children are a negation (with child p) and q. Its right child is an implication with children r and s.

    root["∨"]
    L["∧"]
    R["⟹"]
    N["¬"]
    p["p"]
    q["q"]
    r["r"]
    s["s"]

    root --- L
    root --- R
    L --- N
    L --- q
    N --- p
    R --- r
    R --- s

Each internal node is labeled with a connective and has one or two children that are themselves trees. Each leaf is a variable or a constant. The shape of the tree is the shape of the formula: the root $\lor$ is the outermost connective, its left subtree is everything to the left of the disjunction, and its right subtree is everything to the right.

Point at any internal node and you can read off a subformula. The $\land$ node is the subformula $\neg p \land q$ . The $\neg$ node is $\neg p$ . The $⟹$ node is $r ⟹ s$ . The root $\lor$ node is the whole formula $(\neg p \land q) \lor (r ⟹ s)$ . A subformula is exactly a subtree: pick an internal node, take everything hanging below it, and that is the subformula rooted at that node. This goes in both directions. Every subformula of the running formula corresponds to exactly one subtree of the diagram.

Every transformation we write in the rest of this section walks this tree. The normal-form conversions (core, NNF, DNF, CNF) recurse on the grammar, which is the same as recursing on the tree. When you read the pseudocode in those sections, picture the function moving from the root of the tree toward the leaves, rebuilding subformulas as it goes. The tree view is the mental model that makes every later algorithm on this page make sense.

Semantics

Syntax says what counts as a well-formed formula. Semantics says what the formula means. A formula's meaning is a truth value (true or false), but that truth value depends on what the variables stand for. To pin it down we need an interpretation.

An interpretation $I$ is an assignment of truth values to variables: a total function from each variable to either true or false. "Total" means every variable gets exactly one value: there are no unassigned variables, and no variable gets both. In Python, an interpretation is a dict like {'p': False, 'q': True, 'r': False, 's': False} that includes every variable appearing in the formula. The constants $⊤$ and $⊥$ are already fixed to true and false, so together with the interpretation we know the truth value at every leaf of the tree. From there we can evaluate bottom-up, applying the truth-table rule for each connective at each internal node until we reach the root.

In pseudocode, evaluation is a straight recursion on the formula, matching the grammar case by case:

eval(f, I):
  match f:
    case ⊤:      true
    case ⊥:      false
    case x:      I(x)
    case ¬a:     not eval(a, I)
    case a ∧ b:  eval(a, I) and eval(b, I)
    case a ∨ b:  eval(a, I) or  eval(b, I)
    case a → b:  (not eval(a, I)) or eval(b, I)
    case a ↔ b:  eval(a, I) = eval(b, I)

The base cases ( $⊤$ , $⊥$ , variables) read off a truth value directly. The compound cases recurse on the immediate subformulas and combine the results with the boolean operation that corresponds to the connective. The combining rules are the standard truth tables for the boolean operators:

$a$	$\neg a$
true	false
false	true

$a$	$b$	$a \land b$	$a \lor b$	$a ⟹ b$	$a ⟺ b$
true	true	true	true	true	true
true	false	false	true	false	false
false	true	false	true	true	false
false	false	false	false	true	true

Each row of a truth table is one possible combination of values for the inputs. The columns on the right give the value of the compound expression for that row's inputs. To evaluate, say, $a ⟹ b$ when $a$ is true and $b$ is false, find the row with $a = true$ and $b = false$ , then read across to the $a ⟹ b$ column: false. Implication is the one connective whose table sometimes surprises people. An implication is true whenever its premise is false, regardless of the conclusion. The only way to make $a ⟹ b$ false is to have a true premise and a false conclusion. The biconditional $a ⟺ b$ is true exactly when both sides agree.

A worked trace. Take the running formula $(\neg p \land q) \lor (r ⟹ s)$ under the interpretation $I = {p \mapsto false, q \mapsto true, r \mapsto true, s \mapsto false}$ . Evaluation proceeds from the leaves up the tree. Each node below is tagged with its evaluation step number and the value computed at that node:

graph TD
    accTitle: Evaluation trace of the running formula under I
    accDescr: Same tree as before with each node tagged by a step number and computed truth value. Step 1 is p, false. Step 2 is the negation of p, true. Step 3 is q, true. Step 4 is the conjunction of not p and q, true. Step 5 is r, true. Step 6 is s, false. Step 7 is the implication from r to s, false. Step 8 is the root disjunction, true.

    root["`∨
*8: true*`"]
    L["`∧
*4: true*`"]
    R["`⟹
*7: false*`"]
    N["`¬
*2: true*`"]
    p["`p
*1: false*`"]
    q["`q
*3: true*`"]
    r["`r
*5: true*`"]
    s["`s
*6: false*`"]

    root --- L
    root --- R
    L --- N
    L --- q
    N --- p
    R --- r
    R --- s

The step numbers trace a left-to-right, bottom-up walk: evaluate the left subtree completely, then the right subtree, then combine at the root. Reading the tree in that order:

Step 1: $p$ is false (from $I$ ).
Step 2: $\neg p$ is true (negation of step 1).
Step 3: $q$ is true (from $I$ ).
Step 4: $\neg p \land q$ is true (conjunction of steps 2 and 3).
Step 5: $r$ is true (from $I$ ).
Step 6: $s$ is false (from $I$ ).
Step 7: $r ⟹ s$ is false (implication from step 5 to step 6).
Step 8: $(\neg p \land q) \lor (r ⟹ s)$ is true (disjunction of steps 4 and 7).

Different interpretations can produce different truth values. The interpretation $I^{'} = {p \mapsto true, q \mapsto true, r \mapsto true, s \mapsto false}$ makes $\neg p$ false, so the left conjunction is false; $r ⟹ s$ is still false; and the whole formula evaluates to false under $I^{'}$ . Whether a formula is true depends on the interpretation.

Inference Rules

The same rules can be written more formally as inference rules. We introduce one piece of notation: the double turnstile $⊧$ . For an interpretation $I$ and a formula $ϕ$ , we write $I ⊧ ϕ$ to mean " $ϕ$ is true under $I$ " (read " $I$ models $ϕ$ "). The crossed-out form $I ⧸ ⊧ ϕ$ means " $ϕ$ is false under $I$ ."

These two forms are duals of each other. Because interpretations are total, every formula is either true or false under $I$ , never neither and never both. So $I ⧸ ⊧ ϕ$ is exactly the same as saying " $I ⊧ ϕ$ does not hold," and vice versa. The two ways of writing a negative judgment mean the same thing. The duality matters when you read the rules below: any time a rule uses $I ⧸ ⊧ ϕ$ in a premise or conclusion, you can read it as "and $ϕ$ is false under $I$ " without losing anything.

An inference rule has a horizontal bar separating its premises (above) from its conclusion (below): if every premise holds, the conclusion holds. A rule with nothing above the bar is an axiom; its conclusion holds unconditionally. Some connectives need more than one rule because there is more than one way to make the compound formula true. The convention is that if no rule derives $I ⊧ ϕ$ , then $ϕ$ is false under $I$ .

Each connective gets two kinds of rule. Introduction rules say how to conclude that a compound formula is true: how to build up a judgment about the compound from judgments about its parts. Elimination rules say how to use a judgment about a compound formula: what you can conclude about the parts when you know the compound holds. Intro rules build things up; elim rules take them apart.

The constants are fixed: $⊤$ is always true and $⊥$ is always false. These are axioms because there is no subformula to check. There is nothing to eliminate from a constant, so they have no elimination rules.

Introduction rules for $⊤$ and $⊥$ :

\frac{}{I ⊧ ⊤} \frac{}{I ⧸ ⊧ ⊥}

A variable is true under $I$ exactly when the interpretation assigns it the value true. The interpretation itself is the only thing to consult, so both the intro and the elim rule are essentially one-step lookups.

Introduction rule for $x$ :

\frac{I (x) = true}{I ⊧ x}

Elimination rule for $x$ :

\frac{I ⊧ x}{I (x) = true}

A negation $\neg ϕ$ is true exactly when $ϕ$ is false. The intro rule turns a failure to hold into a negation judgment. The elim rule turns a negation judgment back into a failure to hold.

Introduction rule for $\neg$ :

\frac{I ⧸ ⊧ ϕ}{I ⊧ \neg ϕ}

Elimination rule for $\neg$ :

\frac{I ⊧ \neg ϕ}{I ⧸ ⊧ ϕ}

A conjunction $ϕ_{1} \land ϕ_{2}$ is true when both conjuncts are true. The intro rule requires both subformulas to hold. The elim rules let us extract either conjunct from the compound: knowing the conjunction holds tells us each piece holds on its own.

Introduction rule for $\land$ :

\frac{I ⊧ ϕ_{1} I ⊧ ϕ_{2}}{I ⊧ ϕ_{1} \land ϕ_{2}}

Elimination rules for $\land$ :

\frac{I ⊧ ϕ_{1} \land ϕ_{2}}{I ⊧ ϕ_{1}} \frac{I ⊧ ϕ_{1} \land ϕ_{2}}{I ⊧ ϕ_{2}}

A disjunction $ϕ_{1} \lor ϕ_{2}$ is true when at least one disjunct is true. The intro rules give us two ways to build a disjunction: either disjunct holding is enough. The elim rules capture disjunctive syllogism: if the disjunction holds and one side fails, the other side must hold.

Introduction rules for $\lor$ :

\frac{I ⊧ ϕ_{1}}{I ⊧ ϕ_{1} \lor ϕ_{2}} \frac{I ⊧ ϕ_{2}}{I ⊧ ϕ_{1} \lor ϕ_{2}}

Elimination rules for $\lor$ :

\frac{I ⊧ ϕ_{1} \lor ϕ_{2} I ⧸ ⊧ ϕ_{1}}{I ⊧ ϕ_{2}} \frac{I ⊧ ϕ_{1} \lor ϕ_{2} I ⧸ ⊧ ϕ_{2}}{I ⊧ ϕ_{1}}

An implication $ϕ_{1} ⟹ ϕ_{2}$ is true in two situations: when the premise is false (a vacuously true implication), or when the conclusion is true. The elim rules are the classical ways of using an implication: modus ponens takes you forward (premise true, so conclusion must be true) and modus tollens takes you backward (conclusion false, so premise must be false).

Introduction rules for $⟹$ :

\frac{I ⧸ ⊧ ϕ_{1}}{I ⊧ ϕ_{1} ⟹ ϕ_{2}} \frac{I ⊧ ϕ_{2}}{I ⊧ ϕ_{1} ⟹ ϕ_{2}}

Elimination rules for $⟹$ :

\frac{I ⊧ ϕ_{1} ⟹ ϕ_{2} I ⊧ ϕ_{1}}{I ⊧ ϕ_{2}} \frac{I ⊧ ϕ_{1} ⟹ ϕ_{2} I ⧸ ⊧ ϕ_{2}}{I ⧸ ⊧ ϕ_{1}}

A biconditional $ϕ_{1} ⟺ ϕ_{2}$ is true when the two sides agree: both true or both false. The intro rules build the biconditional from either agreement pattern. The elim rules let us propagate across a known biconditional: once we know the two sides agree, the truth value of one side determines the other.

Introduction rules for $⟺$ :

\frac{I ⊧ ϕ_{1} I ⊧ ϕ_{2}}{I ⊧ ϕ_{1} ⟺ ϕ_{2}} \frac{I ⧸ ⊧ ϕ_{1} I ⧸ ⊧ ϕ_{2}}{I ⊧ ϕ_{1} ⟺ ϕ_{2}}

Elimination rules for $⟺$ :

\frac{I ⊧ ϕ_{1} ⟺ ϕ_{2} I ⊧ ϕ_{1}}{I ⊧ ϕ_{2}} \frac{I ⊧ ϕ_{1} ⟺ ϕ_{2} I ⊧ ϕ_{2}}{I ⊧ ϕ_{1}}

\frac{I ⊧ ϕ_{1} ⟺ ϕ_{2} I ⧸ ⊧ ϕ_{1}}{I ⧸ ⊧ ϕ_{2}} \frac{I ⊧ ϕ_{1} ⟺ ϕ_{2} I ⧸ ⊧ ϕ_{2}}{I ⧸ ⊧ ϕ_{1}}

The inference rules and the pseudocode are the same semantics expressed two ways. The inference rules are the declarative statement of what evaluation means; the pseudocode is an operational procedure for computing it. Both agree on the truth value of every formula under every interpretation.

Satisfiability, Validity, and Duality

With syntax and semantics in place, we can ask the questions a SAT solver actually answers. Every propositional formula falls into one of three categories depending on how it behaves across all possible interpretations.

A formula is satisfiable if at least one interpretation makes it true. An interpretation that makes a formula true is called a model of the formula. The running formula $(\neg p \land q) \lor (r ⟹ s)$ is satisfiable: the interpretation $I = {p \mapsto false, q \mapsto true, r \mapsto true, s \mapsto false}$ from the Semantics trace is a model.

A formula is valid if every interpretation makes it true. Valid formulas are also called tautologies. An example: $p \lor \neg p$ . No matter what truth value you assign to $p$ , one of $p$ or $\neg p$ is true, so the disjunction is true. The running formula is not valid: we showed that the interpretation $I^{'} = {p \mapsto true, q \mapsto true, r \mapsto true, s \mapsto false}$ makes it false.

A formula is unsatisfiable if no interpretation makes it true. An example: $p \land \neg p$ . For any interpretation, either $p$ is false (making the left conjunct false) or $\neg p$ is false (making the right conjunct false), and either way the conjunction is false. Unsatisfiable formulas are also called contradictions.

Satisfiability and validity are connected by a simple duality:

ϕ is valid if and only if \neg ϕ is unsatisfiable .

The reasoning: $ϕ$ is valid means every interpretation makes $ϕ$ true, which means no interpretation makes $ϕ$ false, which means no interpretation makes $\neg ϕ$ true, which means $\neg ϕ$ is unsatisfiable. The implication runs both directions.

This duality is not just mathematical bookkeeping. It means that a SAT solver is also a validity checker. Build one tool that decides satisfiability and you get validity for free: to check whether $ϕ$ is valid, ask the solver whether $\neg ϕ$ is satisfiable. If the solver says no, $ϕ$ is valid. If the solver says yes, the satisfying interpretation it returns is a counterexample to $ϕ$ 's validity.

The same duality is how we check whether two formulas are equivalent. Two formulas $ϕ_{1}$ and $ϕ_{2}$ are equivalent when every interpretation gives them the same truth value. Equivalently, $ϕ_{1} ⟺ ϕ_{2}$ is valid. Equivalently, $\neg (ϕ_{1} ⟺ ϕ_{2})$ is unsatisfiable. So to check whether two formulas are equivalent, ask the solver whether their biconditional's negation is satisfiable. If unsatisfiable, they are equivalent. If satisfiable, the model is an interpretation on which they disagree.

This is exactly the trick from Practice. The bvudiv2 demo asked whether a fast bit-twiddling implementation and a straightforward reference implementation compute the same function on all 32-bit inputs. Rather than enumerating all $2^{32}$ inputs, we asserted that the two implementations produce different results and asked Z3 whether that assertion was satisfiable. Unsatisfiable meant the implementations agree on every input. Satisfiable would have returned a specific input on which they disagree. The "assert the negation and check satisfiability" move is the duality at work, and it is the foundation of how SAT and SMT solvers are used to verify programs.

Formulas as Data

To compute with formulas we need to represent them as data. We use nested Python tuples: each compound formula is a tuple whose first element is a string tag naming the connective, followed by the tuple representations of its subformulas. Variables are bare strings. The constants $⊤$ and $⊥$ are Python's True and False.

Here is the running formula $(\neg p \land q) \lor (r ⟹ s)$ as a Python tuple:

normal-forms.py

('or',
    ('and', ('not', 'p'), 'q'),
    ('implies', 'r', 's'))

The indentation is just for readability: Python sees one nested tuple. Read the outermost tuple head first: 'or' says the whole formula is a disjunction. Its two remaining elements are the left and right disjuncts, each a tuple in its own right. The left disjunct ('and', ('not', 'p'), 'q') is a conjunction whose conjuncts are ('not', 'p') (a unary negation of the variable 'p') and 'q' (a bare variable). The right disjunct ('implies', 'r', 's') is an implication between the variables 'r' and 's'. Compare this to the tree diagram from Formulas as Trees: the tuple is the tree, walked from the outside in, with one tuple per node.

graph TD
    accTitle: Tree of the running formula labeled with tuple tags
    accDescr: Same tree as before, but each node is labeled with the Python tuple tag that names it. The root is tagged 'or'. Its left child is tagged 'and' and its right child is tagged 'implies'. The left subtree contains a 'not' node with child 'p' and a leaf 'q'. The right subtree has leaves 'r' and 's'.

    root["'or'"]
    L["'and'"]
    R["'implies'"]
    N["'not'"]
    p["'p'"]
    q["'q'"]
    r["'r'"]
    s["'s'"]

    root --- L
    root --- R
    L --- N
    L --- q
    N --- p
    R --- r
    R --- s

Each internal node's tuple head is exactly the string tag shown in the diagram. The children of the node are the remaining elements of the tuple, in order. A leaf's label is the bare variable string at that position in the tuple. Walking the tuple from the outside in visits the nodes of the tree from the root down. This is what makes "formulas as trees" and "formulas as data" the same thing viewed from two angles.

The Python implementation of the evaluation pseudocode falls out of this representation. Each case in the match statement corresponds to one rule, and Python's structural pattern matching unpacks the tuples for us:

normal-forms.py

def eval(f, I):
    match f:
        case True:                return True
        case False:               return False
        case str(x):              return I[x]
        case ('not', a):          return not eval(a, I)
        case ('and', a, b):       return eval(a, I) and eval(b, I)
        case ('or',  a, b):       return eval(a, I) or  eval(b, I)
        case ('implies', a, b):   return (not eval(a, I)) or eval(b, I)
        case ('iff', a, b):       return eval(a, I) == eval(b, I)

The match f: statement dispatches on the structure of f. The constant cases True and False catch $⊤$ and $⊥$ . The str(x) case catches bare-variable atoms and looks them up in the interpretation dict I. The compound cases destructure the tagged tuple, bind the subformulas to names, and recurse. Every case corresponds to one rule from the Semantics subsection, and the structure of the function mirrors the structure of the formula.

This is the formulas-as-data pattern. The same recursive structure that defines the syntax also drives the computation. Every transformation in the rest of this section follows the same shape: match on the formula's structure, recurse on subformulas, rebuild the result from the pieces.

Normal Forms

SAT solvers do not work directly on arbitrary formulas. They require a specific shape: Conjunctive Normal Form (CNF).

Core Form

Propositional logic has five connectives ( $\neg$ , $\land$ , $\lor$ , $⟹$ , $⟺$ ), but only three are needed. Implication and biconditional can be eliminated:

\begin{matrix} a ⟹ b & \equiv & \neg a \lor b \end{matrix}

\begin{matrix} a ⟺ b & \equiv & (\neg a \lor b) \land (\neg b \lor a) \end{matrix}

A formula is in core form if it uses only $\neg$ , $\land$ , and $\lor$ :

\begin{matrix} core & : : = & ⊤ \\ ∣ & ⊥ \\ ∣ & x \\ ∣ & \neg core \\ ∣ & core \land core \\ ∣ & core \lor core \end{matrix}

The conversion applies the two equivalences above recursively:

to_core(f):
  match f:

    # atoms pass through
    case ⊤:  ⊤
    case ⊥:  ⊥
    case x:  x

    case ¬a:
        ¬to_core(a)

    case a ∧ b:
        to_core(a) ∧ to_core(b)

    case a ∨ b:
        to_core(a) ∨ to_core(b)

    # eliminate →
    case a → b:
        to_core(¬a ∨ b)

    # eliminate ↔ (duplicates a and b)
    case a ↔ b:
        to_core((¬a ∨ b) ∧ (¬b ∨ a))

The $⟺$ case duplicates its arguments: a ↔ b becomes two copies of a and b. For a single $⟺$ this is a constant doubling. But nested $⟺$ can compound: each level doubles, so $n$ nested biconditionals can produce $O (2^{n})$ output. Everything else is linear. In practice deeply nested $⟺$ chains are uncommon, and Tseitin (below) avoids this entirely.

Negation Normal Form (NNF)

A formula in core form may still have negations deep inside: $\neg (\neg a \land b)$ , $\neg (a \lor \neg b)$ , etc. Negation Normal Form (NNF) pushes all negations down to the leaves so they appear only directly on atoms:

\begin{matrix} atom & : : = & ⊤ \\ ∣ & ⊥ \\ ∣ & x \end{matrix}

\begin{matrix} literal & : : = & atom \\ ∣ & \neg atom \end{matrix}

\begin{matrix} NNF & : : = & literal \\ ∣ & NNF \land NNF \\ ∣ & NNF \lor NNF \end{matrix}

The conversion uses two mutually recursive functions. to_nnf(f) converts f normally. to_nnf_neg(f) converts f as if there were a negation above it. When to_nnf encounters a $\neg$ , it switches to to_nnf_neg. When to_nnf_neg encounters a $\neg$ , the double negation cancels and it switches back to to_nnf. De Morgan's laws happen naturally: negating a conjunction produces a disjunction (and vice versa).

# input: a formula in core form
to_nnf(f):
  match f:

    # atoms are already NNF
    case ⊤:  ⊤
    case ⊥:  ⊥
    case x:  x

    # negation: switch to to_nnf_neg
    case ¬a:
        to_nnf_neg(a)

    case a ∧ b:
        to_nnf(a) ∧ to_nnf(b)

    case a ∨ b:
        to_nnf(a) ∨ to_nnf(b)

# convert ¬f to NNF — a negation is pending from above
to_nnf_neg(f):
  match f:

    # the pending negation attaches to an atom
    case ⊤:  ⊥
    case ⊥:  ⊤
    case x:  ¬x

    # double negation: pending ¬ meets another ¬, they cancel
    case ¬a:
        to_nnf(a)

    # De Morgan: ¬(a ∧ b) = ¬a ∨ ¬b
    case a ∧ b:
        to_nnf_neg(a) ∨ to_nnf_neg(b)

    # De Morgan: ¬(a ∨ b) = ¬a ∧ ¬b
    case a ∨ b:
        to_nnf_neg(a) ∧ to_nnf_neg(b)

NNF conversion is linear in the size of the core form. Each node is visited once. The only blowup in the full pipeline is from $⟺$ elimination in to_core (see above).

Disjunctive Normal Form (DNF)

A formula is in Disjunctive Normal Form (DNF) if it is a disjunction of terms, where each term is a conjunction of literals:

\begin{matrix} atom & : : = & ⊤ \\ ∣ & ⊥ \\ ∣ & x \end{matrix}

\begin{matrix} literal & : : = & atom \\ ∣ & \neg atom \end{matrix}

\begin{matrix} term & : : = & literal & (a single literal) \\ ∣ & term \land term & (AND of literals) \end{matrix}

\begin{matrix} DNF & : : = & term & (a single term) \\ ∣ & DNF \lor DNF & (OR of terms) \end{matrix}

The two levels are: terms group literals with AND, then DNF groups terms with OR. To convert an NNF formula to DNF, distribute $\land$ over $\lor$ :

# input: a formula in NNF
to_dnf(f):
  match f:

    # base case: a literal is already a one-literal term
    case l where is_literal(l):
        l

    # OR is the top-level connective in DNF, passes through
    case a ∨ b:
        to_dnf(a) ∨ to_dnf(b)

    # AND: recursively convert both sides, then distribute
    case a ∧ b:
        distribute_and(to_dnf(a), to_dnf(b))

# distribute AND over a pair of DNF formulas
distribute_and(f, g):
  match f, g:

    # f has OR at top: distribute into both branches
    case (a ∨ b), g:
        distribute_and(a, g) ∨ distribute_and(b, g)

    # g has OR at top: distribute into both branches
    case f, (a ∨ b):
        distribute_and(f, a) ∨ distribute_and(f, b)

    # both are terms (no OR remains): just conjoin
    case f, g:
        f ∧ g

The blowup happens in distribute_and: every OR in either argument gets split, doubling the formula. Each application can double the formula size. Trace one step on $(a \lor b) \land (c \lor d)$ :

(a \lor b) \land (c \lor d) ⟶ (a \land c) \lor (a \land d) \lor (b \land c) \lor (b \land d)

Two clauses of two literals each produce four terms. Each additional clause doubles the count. The formula $(x_{1} \lor y_{1}) \land (x_{2} \lor y_{2}) \land \dots \land (x_{n} \lor y_{n})$ has $n$ clauses in CNF but $2^{n}$ terms in DNF:

$n$	CNF size	DNF size
1	1 clause	2 terms
2	2 clauses	4 terms
5	5 clauses	32 terms
10	10 clauses	1024 terms

Checking whether a DNF formula is satisfiable is trivially easy: pick any term whose literals are consistent (no variable appears both positive and negative) and set those literals to true. If every term is inconsistent, the formula is unsatisfiable, but that is rare. DNF-SAT is solvable in linear time.

Conjunctive Normal Form (CNF)

A formula is in Conjunctive Normal Form (CNF) if it is a conjunction of clauses, where each clause is a disjunction of literals:

\begin{matrix} atom & : : = & ⊤ \\ ∣ & ⊥ \\ ∣ & x \end{matrix}

\begin{matrix} literal & : : = & atom \\ ∣ & \neg atom \end{matrix}

\begin{matrix} clause & : : = & literal & (a single literal) \\ ∣ & clause \lor clause & (OR of literals) \end{matrix}

\begin{matrix} CNF & : : = & clause & (a single clause) \\ ∣ & CNF \land CNF & (AND of clauses) \end{matrix}

The two levels are the mirror of DNF: clauses group literals with OR, then CNF groups clauses with AND. To convert an NNF formula to CNF, distribute $\lor$ over $\land$ . The mechanics are symmetric to DNF:

# input: a formula in NNF
to_cnf(f):
  match f:

    # base case: a literal is already a one-literal clause
    case l where is_literal(l):
        l

    # AND is the top-level connective in CNF, passes through
    case a ∧ b:
        to_cnf(a) ∧ to_cnf(b)

    # OR: recursively convert both sides, then distribute
    case a ∨ b:
        distribute_or(to_cnf(a), to_cnf(b))

# distribute OR over a pair of CNF formulas
distribute_or(f, g):
  match f, g:

    # f has AND at top: distribute into both branches
    case (a ∧ b), g:
        distribute_or(a, g) ∧ distribute_or(b, g)

    # g has AND at top: distribute into both branches
    case f, (a ∧ b):
        distribute_or(f, a) ∧ distribute_or(f, b)

    # both are clauses (no AND remains): just disjoin
    case f, g:
        f ∨ g

Same structure, symmetric rules. The blowup happens in distribute_or. Trace one step on $(a \land b) \lor (c \land d)$ :

(a \land b) \lor (c \land d) ⟶ (a \lor c) \land (a \lor d) \land (b \lor c) \land (b \lor d)

Two terms of two literals each produce four clauses. The formula $(x_{1} \land y_{1}) \lor (x_{2} \land y_{2}) \lor \dots \lor (x_{n} \land y_{n})$ has $n$ terms in DNF but $2^{n}$ clauses in CNF:

$n$	DNF size	CNF size
1	1 term	2 clauses
2	2 terms	4 clauses
5	5 terms	32 clauses
10	10 terms	1024 clauses

Naive CNF conversion blows up just as badly as naive DNF conversion. Both directions are exponential in general.

CNF is what SAT solvers use. Checking whether a CNF formula is satisfiable is hard (this is the NP-complete SAT problem). The next two sections explain why CNF is the right choice despite the blowup.

normal-forms.py

def cnf(f):
    """Distribute OR over AND — can blow up exponentially."""
    return _flatten(_distribute('or', 'and', nnf(f)))

Why CNF?

If both conversions blow up, why do SAT solvers use CNF instead of DNF? Two reasons.

First, there is a trick (the Tseitin transformation, next section) that gives compact CNF by introducing auxiliary variables. The trick works because clauses in CNF are ANDed together: each clause is a constraint that limits what values the variables can take. Auxiliary variables can be pinned to exact meanings by adding constraints. DNF terms are ORed together: each term offers an independent way to satisfy the formula. Adding auxiliary variables to DNF terms does not constrain them in the same way. Tseitin does not work for DNF.

Second, checking whether a DNF is satisfiable is trivially easy. Pick any term whose literals are consistent (no variable appears both positive and negative), set those literals to true, and you are done. If every term is inconsistent, the formula is unsatisfiable, but that is rare. This means DNF cannot compactly encode hard problems. CNF-SAT is hard precisely because Tseitin lets you pack a huge number of problems into compact CNF formulas. We want the hard representation because that is where the interesting problems live.

Tseitin Transformation

Naive CNF conversion fails at scale. The Core Form section already showed that nested biconditionals can blow up exponentially because to_core duplicates both sides of every $⟺$ . The Conjunctive Normal Form section showed the same exponential blowup for to_cnf distributing $\lor$ over $\land$ . Either way, the conversion is unusable on real inputs.

The Tseitin transformation fixes this with a different approach. Instead of distributing connectives across each other (which copies subformulas), Tseitin gives every compound subformula a fresh name and adds a small constraint tying the name to its meaning. The result is a CNF that grows linearly with the size of the input rather than exponentially. The catch: the new CNF is not logically equivalent to the original. It is equisatisfiable, which is enough for SAT.

Tseitin handles arbitrary propositional formulas directly. There is no need to preprocess to core form, NNF, or anything else. Every connective gets its own constant-size encoding, including the $⟺$ connective that hurts naive conversion most.

Name every subtree

The core idea, in one sentence: walk the formula tree, give every internal node a fresh auxiliary variable, and write down a biconditional that says "this auxiliary is true exactly when the subformula at this node is true." Then the original formula is true exactly when the auxiliary at the root is true.

Take the running formula $(\neg p \land q) \lor (r ⟹ s)$ . Three of its subformulas use a binary connective: the conjunction $\neg p \land q$ , the implication $r ⟹ s$ , and the root disjunction. (Negation is unary, not binary, so $\neg p$ stays as the literal $\neg p$ and gets no auxiliary.) Introduce three fresh variables, one for each subformula above:

$a_{1} names \neg p \land q$ $a_{2} names r ⟹ s$ $a_{3} names a_{1} \lor a_{2}$

Notice that $a_{3}$ 's definition references $a_{1}$ and $a_{2}$ instead of mentioning the original subformulas again. Once a subformula has a name, every reference to it uses the name.

The Tseitin output is the conjunction of three biconditionals plus an assertion that the root holds:

a_{3} \land (a_{1} ⟺ (\neg p \land q)) \land (a_{2} ⟺ (r ⟹ s)) \land (a_{3} ⟺ (a_{1} \lor a_{2}))

The leading $a_{3}$ says "the root subformula is true," which is what we wanted to assert about the original formula. The three biconditionals constrain the auxiliaries to mean the right things. The whole conjunction is satisfiable exactly when the original formula is satisfiable (we will see why below).

Here is the running formula's tree with each internal node tagged by its auxiliary variable:

graph TD
    accTitle: Tseitin auxiliary assignment for the running formula
    accDescr: The tree of (not p and q) or (r implies s) with each binary connective node labeled by an auxiliary variable. The root disjunction is a3. Its left child, the conjunction of not p and q, is a1. Its right child, the implication from r to s, is a2. The negation node and all leaf nodes have no auxiliary.

    root["`∨
*a_3*`"]
    L["`∧
*a_1*`"]
    R["`⟹
*a_2*`"]
    N["¬"]
    p["p"]
    q["q"]
    r["r"]
    s["s"]

    root --- L
    root --- R
    L --- N
    L --- q
    N --- p
    R --- r
    R --- s

Two analogies

Tseitin is let-binding for formulas. Just as let x = e in ... names a subexpression once and reuses the name, Tseitin names each subformula once and references the name everywhere that subformula appears. The biconditionals are the let-bindings; the auxiliary variables are the bound names.

It is also a form of hash-consing. Hash-consing means storing each distinct value exactly once and referring to it by a stable name. Java programmers know the same idea as string interning: "hello".intern() returns a canonical reference shared by every other interned "hello" in the program. Tseitin gives each compound subformula one auxiliary variable and reuses it everywhere that subformula appears. When the same subformula occurs twice in the original, Tseitin assigns it one auxiliary and the second occurrence uses that same auxiliary by reference. The size of the output is proportional to the number of distinct subformulas, not the number of textual occurrences.

Biconditionals as CNF clauses

The Tseitin output above is not yet CNF. It is a conjunction of biconditionals, and biconditionals are not clauses. To finish the transformation we need to expand each biconditional into CNF clauses.

Take the conjunction template $a ⟺ (b \land c)$ . Expand the biconditional as two implications:

(a ⟺ (b \land c)) \equiv (a ⟹ (b \land c)) \land ((b \land c) ⟹ a)

Eliminate the implications using $ϕ_{1} ⟹ ϕ_{2} \equiv \neg ϕ_{1} \lor ϕ_{2}$ :

(\neg a \lor (b \land c)) \land (\neg (b \land c) \lor a)

Push the negation in the right conjunct using De Morgan, then distribute $\lor$ over $\land$ in the left conjunct:

(\neg a \lor b) \land (\neg a \lor c) \land (\neg b \lor \neg c \lor a)

Three short clauses: two binary clauses and one ternary clause. The biconditional is now in CNF.

The same procedure works for every binary connective. The results:

Biconditional	CNF clauses
$a ⟺ (b \land c)$	$(\neg a \lor b)$ , $(\neg a \lor c)$ , $(\neg b \lor \neg c \lor a)$
$a ⟺ (b \lor c)$	$(\neg a \lor b \lor c)$ , $(\neg b \lor a)$ , $(\neg c \lor a)$
$a ⟺ (b ⟹ c)$	$(\neg a \lor \neg b \lor c)$ , $(b \lor a)$ , $(\neg c \lor a)$
$a ⟺ (b ⟺ c)$	$(\neg a \lor b \lor \neg c)$ , $(\neg a \lor \neg b \lor c)$ , $(a \lor b \lor c)$ , $(a \lor \neg b \lor \neg c)$

Each template produces at most four clauses, each of length at most three. The size is constant per binary connective, regardless of how that connective is nested in the original formula.

The last row is the punchline. The Core Form section warned that nested $⟺$ chains blow up because to_core duplicates both sides of every biconditional, and each duplication compounds with the next. Tseitin handles $⟺$ with a single biconditional template that expands to four constant-size clauses. The connective that hurts naive conversion most is the connective Tseitin handles cleanest.

Worked example: the running formula end to end

We have established the high-level idea, the diagram, and the templates. Now follow the running formula $(\neg p \land q) \lor (r ⟹ s)$ all the way through to the actual CNF clauses Tseitin produces.

The recursive walk visits each node bottom-up. Literals propagate as themselves; binary connectives get fresh auxiliaries:

The leaves $p$ , $q$ , $r$ , $s$ are literals. Each returns itself.
$\neg p$ is a unary compound. Negation propagates as a literal: it returns $\neg p$ .
$\neg p \land q$ is the first binary connective visited. Allocate $a_{1}$ and record $a_{1} ⟺ (\neg p \land q)$ .
$r ⟹ s$ is the second. Allocate $a_{2}$ and record $a_{2} ⟺ (r ⟹ s)$ .
The root disjunction is the third. Its children, after naming, are $a_{1}$ and $a_{2}$ . Allocate $a_{3}$ and record $a_{3} ⟺ (a_{1} \lor a_{2})$ .

The walk is done. We have three biconditionals plus the assertion that $a_{3}$ holds. Now apply the templates from the previous subsection to convert each biconditional into clauses.

For $a_{1} ⟺ (\neg p \land q)$ the conjunction template gives:

(\neg a_{1} \lor \neg p) \land (\neg a_{1} \lor q) \land (p \lor \neg q \lor a_{1})

(The third clause has $p$ instead of $\neg \neg p$ because double negation cancels.)

For $a_{2} ⟺ (r ⟹ s)$ the implication template gives:

(\neg a_{2} \lor \neg r \lor s) \land (r \lor a_{2}) \land (\neg s \lor a_{2})

For $a_{3} ⟺ (a_{1} \lor a_{2})$ the disjunction template gives:

(\neg a_{3} \lor a_{1} \lor a_{2}) \land (\neg a_{1} \lor a_{3}) \land (\neg a_{2} \lor a_{3})

Plus the root assertion as a single unit clause: $(a_{3})$ . The complete Tseitin CNF for the running formula is the conjunction of these ten clauses:

\begin{matrix} (\neg a_{1} \lor \neg p) \\ (\neg a_{1} \lor q) \\ (p \lor \neg q \lor a_{1}) \\ (\neg a_{2} \lor \neg r \lor s) \\ (r \lor a_{2}) \\ (\neg s \lor a_{2}) \\ (\neg a_{3} \lor a_{1} \lor a_{2}) \\ (\neg a_{1} \lor a_{3}) \\ (\neg a_{2} \lor a_{3}) \\ (a_{3}) \end{matrix}

Ten clauses over seven variables (the four originals plus three auxiliaries). The original formula is small enough that naive CNF would also be modest, so Tseitin's overhead doesn't pay for itself on this example. The win shows up at scale, which the comparison table at the end of this section makes concrete.

Why Tseitin is linear

For a formula with $n$ binary connectives, Tseitin introduces at most $n$ auxiliary variables and at most $n$ biconditionals. (It can introduce fewer when the same subformula appears more than once: the memoization in the algorithm reuses one auxiliary across every occurrence.) Each biconditional expands to at most four constant-size clauses, plus the single unit clause asserting the root auxiliary. Total: at most $4 n + 1$ clauses, each of length at most three. That is $O (n)$ , linear in the size of the input.

This may seem suspicious because the algorithm calls to_cnf on each biconditional, and the CNF section showed that to_cnf is exponential in the worst case. The resolution: each biconditional has constant size (at most three variables), so to_cnf on it is constant work and produces a constant number of clauses. The exponential blowup in to_cnf only happens on deeply nested formulas. The biconditionals Tseitin produces are shallow by construction, so the blowup never fires.

Equisatisfiable, not equivalent

The Tseitin formula has variables that the original does not: the auxiliaries. So the two formulas have different signatures and are not logically equivalent. They are equisatisfiable: the Tseitin formula has a satisfying assignment if and only if the original formula does.

The forward direction is easy. Given any satisfying assignment of the original formula, set each auxiliary to whatever truth value its subformula evaluates to under that assignment. Every biconditional is satisfied by construction, and the root auxiliary gets the value of the root subformula, which is true. So the assignment extends to a satisfying assignment of the Tseitin formula.

The reverse direction is what we actually use. Given any satisfying assignment of the Tseitin formula, restrict it to the original variables. Because every biconditional holds, the value at every internal node of the tree agrees with what evaluating the subformula bottom-up would give. The root assertion forces the original formula to evaluate to true under the restricted assignment.

For SAT this is enough. We are looking for some assignment that makes the original formula true; we don't care that the Tseitin formula has extra variables. When the solver returns a model, we throw away the auxiliary values and keep the original variables.

Pseudocode

Tseitin walks the formula tree and assigns a fresh auxiliary variable to each conjunction, disjunction, implication, and biconditional, collecting the corresponding constraints as it goes. The result is conjoined with an assertion that the root auxiliary is true. The function uses a memo so that repeated subformulas share an auxiliary.

tseitin(f):
  aux = {}            # subformula -> auxiliary variable
  bicond = []         # collected biconditionals

  name(f):
    match f:

      # literals propagate as themselves
      case l where is_literal(l):
        l

      # negations are pushed onto the named child as a literal
      case ¬a:
        ¬name(a)

      # binary connectives get a fresh aux, memoized by subformula;
      # `op` below stands for whichever binary connective matched
      case a ∧ b | a ∨ b | a → b | a ↔ b:
        if f not in aux:
          a' = name(a)
          b' = name(b)
          v   = fresh()
          aux[f]      = v
          bicond.append(v ↔ (a' op b'))
        aux[f]

  top = name(f)
  to_cnf(top ∧ ⋀ bicond)

The match arm covers all four binary connectives, so this version of Tseitin handles arbitrary propositional formulas without any preprocessing. The to_cnf call at the end operates on each small biconditional individually; each biconditional is constant size, so the total work is linear.

Compared to naive CNF

For a formula with $n$ binary connectives, naive CNF can grow to $2^{n}$ clauses in the worst case while Tseitin stays linear. A concrete parameterized example: the disjunction of $n$ conjunctions

(p_{1} \land q_{1}) \lor (p_{2} \land q_{2}) \lor \dots \lor (p_{n} \land q_{n}) .

This formula has $2 n$ original variables, $n$ conjunctions, and $n - 1$ disjunctions, so $2 n - 1$ binary connectives in total. Naive CNF distributes $\lor$ over $\land$ and produces $2^{n}$ clauses, each of length $n$ . Tseitin introduces one auxiliary per binary connective ( $2 n - 1$ auxiliaries), produces three clauses per biconditional, and adds one root unit clause: $3 (2 n - 1) + 1 = 6 n - 2$ clauses, each of length at most three.

$n$	Naive CNF clauses	Tseitin clauses
1	2	4
2	4	10
5	32	28
10	1024	58
20	1,048,576	118

Notice that for the smallest cases, naive CNF is actually smaller than Tseitin: Tseitin has constant per-connective overhead from the auxiliaries and biconditionals, and that overhead doesn't pay for itself until the formula is big enough. The crossover here is around $n = 5$ . After that, naive doubles for each added conjunction while Tseitin adds a constant. By $n = 20$ the gap is four orders of magnitude. Real SAT problems routinely involve thousands or millions of variables, so naive conversion is not even a starting point. Tseitin or one of its variants is what every production solver uses.

Boolean Constraint Propagation

A unit clause is a clause with exactly one literal, such as $[p]$ or $[\neg q]$ . It has only one way to be satisfied: that literal must be true. This is not a guess. It is forced.

Boolean Constraint Propagation (BCP) applies the unit rule to fixpoint: find a unit clause, force its literal, simplify the formula (remove satisfied clauses, remove falsified literals), repeat. Only when no unit clauses remain do we have to make a branching decision.

dpll-toy.py

def unit_propagate(cnf, lit):
    """Simplify CNF after assigning lit to true."""
    result = []
    for clause in cnf:
        if lit in clause:
            continue             # clause satisfied — remove it
        reduced = [l for l in clause if l != -lit]
        result.append(reduced)  # remove falsified literal
    return result

bcp calls unit_propagate in a loop until no unit clauses remain:

dpll-toy.py

def bcp(cnf, assignment):
    """Apply unit rule to fixpoint. Returns (cnf, assignment) or (None, _) on conflict."""
    changed = True
    while changed:
        changed = False
        for clause in cnf:
            if len(clause) == 1:
                lit = clause[0]
                if -lit in assignment:
                    return None, assignment  # conflict
                if lit not in assignment:
                    assignment = assignment | {lit}
                    cnf = unit_propagate(cnf, lit)
                    changed = True
                    break
    return cnf, assignment

BCP is deduction: conclusions forced by the current partial assignment. The DPLL algorithm structures search around this deduction step.

DPLL

DPLL (Davis-Putnam-Logemann-Loveland) combines BCP with recursive branching and backtracking.

Compare two implementations on the same input:

dpll-toy.py

def search_sat(cnf):
    """Try all 2^n assignments. Correct but exponential."""
    def search(vars_left, assignment):
        if evaluate(cnf, assignment): return assignment
        if not vars_left:             return None
        v, *rest = vars_left
        return search(rest, assignment | {v}) or search(rest, assignment | {-v})
    return search(sorted(variables(cnf)), set())

def dpll(cnf):
    """BCP + branching + backtracking."""
    def solve(cnf, assignment):
        cnf, assignment = bcp(cnf, assignment)
        if cnf is None:                    return None  # conflict
        if not cnf:                        return assignment
        if any(len(c) == 0 for c in cnf): return None  # empty clause
        lit = cnf[0][0]
        return solve(cnf + [[lit]], assignment) or solve(cnf + [[-lit]], assignment)
    return solve(cnf, set())

The branching trick: instead of directly assigning a variable, DPLL adds a unit clause [lit]. Then BCP immediately propagates it. The "branch" is a guess rendered as a forced deduction on the next recursive call.

Tracing BCP

Consider $p \land (p ⟹ q) \land (q ⟹ r) \land \neg r$ . Converting to CNF:

[p] \land [\neg p \lor q] \land [\neg q \lor r] \land [\neg r]

In DIMACS integers (1=p, 2=q, 3=r): [[1], [-1,2], [-2,3], [-3]].

DPLL calls bcp first. Watch what happens — no branching decisions are made at all:

Start:       [[1], [-1,2], [-2,3], [-3]]   assignment = {}

unit [1]:    force p
             [-1,2] loses -1  →  [2]
             [[2], [-2,3], [-3]]            assignment = {p}

unit [2]:    force q
             [-2,3] loses -2  →  [3]
             [[3], [-3]]                   assignment = {p, q}

unit [3]:    force r
             [-3] loses -3    →  []        ← empty clause: CONFLICT
             UNSAT

BCP derived a contradiction from the unit clauses alone. search_sat tries all $2^{3} = 8$ complete assignments before concluding UNSAT. dpll finds the contradiction in a single call to solve, with BCP doing all the work.

The gap in practice

Consider a chain of implications $x_{1} ⟹ x_{2} ⟹ \dots ⟹ x_{12}$ , with $x_{1}$ forced true and $x_{12}$ forced false. BCP resolves the contradiction in one sweep: every variable is forced by propagation before any branching decision is made. search_sat must explore the entire tree. Run dpll-toy.py to see the call counts.

This is the difference between search and deduction. Real SAT solvers add conflict clause learning on top of DPLL (that is Week 2), but the deduction step is where most of the work happens.

End-to-end pipeline

The three files form a pipeline. Here is the formula $p ⟹ (q \land r)$ flowing through each stage:

formula       ('implies', 'p', ('and', 'q', 'r'))
    |
    | normal-forms.py: to_nnf()
    v
nnf           ('or', ('not', 'p'), ('and', 'q', 'r'))
    |
    | tseitin.py: auxiliaries() + cnf()
    v
tseitin cnf   ('and', '_aux_1',
               ('iff', '_aux_0', ('and', 'q', 'r')),
               ('iff', '_aux_1', ('or', ('not', 'p'), '_aux_0')))
    |
    | tseitin.py: to_dimacs()
    v
dimacs        [[3], [-1,-2,3], [1,-3], [2,-3], [-4,3], [4,-3], ...]
              var_map: {'q':1, 'r':2, '_aux_0':3, '_aux_1':4, 'p':5}
    |
    | dpll-toy.py: dpll()
    v
assignment    {3, 4, -5, ...}   (raw literals)
    |
    | decode via var_map
    v
model         {'p': False, 'q': True, 'r': True}  (or any satisfying assignment)

The DIMACS integer format is the interface between the "produce CNF" side and the "solve CNF" side. Positive integer $n$ means variable $n$ is true; negative means false. This is the same format real SAT solvers accept on disk.

Demo Code

The runnable Python files for this phase implement all the transformations above: normal-forms.py (evaluation, NNF, DNF, CNF), tseitin.py (Tseitin transformation and DIMACS output), and dpll-toy.py (brute-force search vs. DPLL with BCP). They will be available in the course code repo under lectures/l01/.