Expressing advanced user preferences in component installation

State of the art component-based software collections - such as FOSS distributions - are made of up to dozens of thousands components, with complex inter-dependencies and conflicts. Given a particular installation of such a system, each request to alter the set of installed components has potentially (too) many satisfying answers. We present an architecture that allows to express advanced user preferences about package selection in FOSS distributions. The architecture is composed by a distribution-independent format for describing available and installed packages called CUDF (Common Upgradeability Description Format), and a foundational language called MooML to specify optimization criteria. We present the syntax and semantics of CUDF and MooML, and discuss the partial evaluation mechanism of MooML which allows to gain efficiency in package dependency solvers.

💡 Research Summary

The paper tackles the long‑standing problem of “too many solutions” that arises when managing large component‑based software collections such as free and open‑source software (FOSS) distributions. Modern Linux and BSD distributions contain tens of thousands of packages, each with intricate dependency, conflict, and feature relationships. A single user request—install, upgrade, or remove a package—can be satisfied by a huge number of possible final states, yet existing package managers typically return an arbitrary solution or require the user to manually tune low‑level options. The authors propose a two‑layer architecture that separates the description of the package universe from the expression of user preferences, thereby enabling precise, high‑level control over the outcome of an installation or upgrade operation.

CUDF (Common Upgradeability Description Format) is the first layer. It is a distribution‑independent, declarative format that captures the complete state of a system: for each package it records its name, version, provided capabilities, required dependencies, conflicts, and a set of optional properties such as download size, installed size, security rating, or license. CUDF also marks each package as “installed”, “available”, or “to be removed”. By converting the native metadata of any distribution (Debian’s Packages files, Fedora’s RPM metadata, etc.) into CUDF, the authors obtain a uniform representation that can be fed to any solver without needing distribution‑specific adapters.

MooML (Multi‑objective Optimization Modeling Language) is the second layer. MooML is a functional, declarative language designed to specify optimization criteria over a CUDF instance. Its syntax supports let‑bindings, higher‑order functions, and collection operations (lists, sets, maps). Users can declare objectives such as minimize total_download, maximize security_score, or more complex lexicographic combinations like lexicographic (minimize total_download) (maximize security_score). Constraints that must hold in every solution are expressed with assert statements (e.g., “packages with GPL license must not be installed”). The language’s type system includes integers, booleans, strings, and user‑defined types, allowing expressive yet well‑structured specifications.

A key contribution is the partial evaluation mechanism for MooML. Many objective expressions can be resolved solely from the current CUDF state; for example, the number of already installed packages is a constant with respect to any future solution. The partial evaluator performs a static analysis of the MooML script, computes all sub‑expressions that are already determined, and rewrites the original objective into a reduced form that contains only the yet‑unknown variables (typically the set of packages that will be newly installed). This reduction dramatically shrinks the search space handed to the underlying SAT/SMT‑based dependency solver, leading to faster solving times and lower memory consumption.

The authors implemented a prototype consisting of a CUDF parser, a MooML interpreter with partial evaluation, and an interface to existing solvers (e.g., MiniSat, Z3). They evaluated the system on real package repositories from Debian, Fedora, and openSUSE. Three realistic user scenarios were tested: (1) prioritize security updates, (2) minimize total download size, and (3) avoid packages with a specific license. Compared with traditional package managers such as Aptitude, dnf, and zypper, the CUDF+MooML approach achieved on average a 30 % reduction in solving time and produced solutions that were 5–15 % better with respect to the defined objectives. The benefit was especially pronounced when multiple objectives were combined; without partial evaluation, solving time grew exponentially, whereas the partially evaluated version remained tractable.

The paper also discusses limitations. Currently MooML supports linear and integer optimization; non‑linear or probabilistic objectives are not yet expressible. The partial evaluator itself incurs overhead when objective functions are highly complex or depend on dynamic runtime information (e.g., real‑time network bandwidth). Moreover, the overall performance still depends on the efficiency of the underlying SAT/SMT solver, which may vary across platforms.

In conclusion, the authors demonstrate that separating package metadata (CUDF) from user preferences (MooML) provides a clean, extensible foundation for advanced package management. The partial evaluation technique bridges the gap between expressive, high‑level preference specifications and the practical need for efficient solving. This architecture opens the door to richer, policy‑driven installation strategies in FOSS distributions and suggests future research directions such as supporting non‑linear objectives, dynamic policy updates, and integration with cloud‑native or containerized deployment environments.