Keywords

1 Introduction

Over the past decade, the field of Optimization Modulo Theories (OMT) has emerged, inspiring the interest of researchers and practitioners alike. OMT builds on the highly successful Satisfiability Modulo Theories (SMT) [3] paradigm and extends it: while the latter focuses solely on finding a theory model for a first-order formula, the former adds an objective term that must be optimized with respect to some total ordering over the term’s domain.

The development of OMT solvers has fostered research across an expanding spectrum of applications, including scheduling and planning with resources [7, 13, 17, 20, 26, 30, 35, 38, 48, 58], formal verification and model checking [37, 49], program analysis [10, 23, 25, 28, 69], requirements engineering and specification synthesis [21, 41,42,43], security analysis [4, 18, 46, 61], system design and configuration [14, 15, 29, 34, 47, 51, 63, 68], machine learning [59, 62], and quantum annealing [5].

Various OMT procedures have been developed for different types of optimization objectives (e.g., single- and multi-objective problems), underlying theories (e.g., arithmetic and bitvectors), and search strategies (e.g., linear and binary search). We provide an overview of established OMT techniques in Sect. 5. An extensive survey can be found in Trentin [64].

We introduce a proper generalization of the OMT problem and an abstract calculus for this generalization whose main goal is similar to that of the DPLL(T) calculus for SMT [45]: to provide both a foundation for theoretical understanding and research and a blueprint for practical implementations. Our approach is general in several ways. First, in contrast to previous work in OMT, it is parameterized by the optimization order, which does not need to be total, and it is not specific to any theory or optimization technique, making the calculus easily applicable to new theories or objective functions. Second, it encompasses both single- and multi-objective optimization problems, allowing us to study them in a single, unified framework and enabling combinations of objectives not covered in previous work. Third, it captures a wide variety of current OMT approaches, which can be realized as instances of the calculus together with specific strategies for rule application. Finally, it provides a framework for the exploration of new optimization strategies.

Contributions . To summarize, our contributions include:

  • a formalization of a generalization of OMT to partial orders that unifies traditional single- and multi-objective optimization problems;

  • a theory-agnostic abstract calculus for Generalized OMT that can also be used to describe and study previous OMT approaches;

  • a framework for understanding and exploring search strategies for Generalized OMT; and

  • proofs of correctness for important properties of the calculus.

The rest of the paper is organized as follows. Section 2 introduces background and notation. Section 3 defines the Generalized OMT problem. Section 4 presents the calculus, provides an illustrative example of its use and addresses its correctnessFootnote 1. Finally, Sect. 5 discusses related work, and Sect. 6 concludes.

2 Background

We assume the standard many-sorted first-order logic setting for SMT, with the usual notions of signature, term, formula, and interpretation. We write \(\mathcal {I}\models \phi \) to mean that formula \(\phi \) holds in or is satisfied by an interpretation \(\mathcal {I}\). A theory is a pair \(\mathcal {T}\,=\,(\varSigma , \textbf{I})\), where \(\varSigma \) is a signature and \(\textbf{I}\) is a class of \(\varSigma \)-interpretations. We call the elements of \(\textbf{I}\) \(\mathcal {T}\) -interpretations. We write \(\varGamma \models _\mathcal {T}\phi \), where \(\varGamma \) is a formula (or a set of formulas), to mean that \(\varGamma \) \(\mathcal {T}\)-entails \(\phi \), i.e., every \(\mathcal {T}\)-interpretation that satisfies (each formula in) \(\varGamma \) satisfies \(\phi \) as well. For convenience, for the rest of the paper, we fix a background theory \(\mathcal {T}\) with equality and with signature \(\varSigma \). We also fix an infinite set \(\mathcal {X}\) of sorted variables with sorts from \(\varSigma \) and assume \(\prec _\mathcal {X}\) is some total order on \(\mathcal {X}\). We assume that all terms and formulas are \(\varSigma \)-terms and \(\varSigma \)-formulas with free variables from \(\mathcal {X}\). Since the theory \(\mathcal {T}\) is fixed, we will often abbreviate \(\models _\mathcal {T}\) as \(\models \) and consider only interpretations that are \(\mathcal {T}\)-interpretations assigning a value to every variable in \(\mathcal {X}\). At various places in the paper, we use sorts and operators from standard SMT-LIB theories such as integers, bitvectors, strings,Footnote 2 or data types [2]. We assume that every \(\mathcal {T}\)-interpretation interprets them in the same (standard) way. Table 1 lists theory symbols used in this paper and their meanings. A \(\varSigma \)-formula \(\phi \) is satisfiable (resp., unsatisfiable) in \(\mathcal {T}\) if it is satisfied by some (resp., no) \(\mathcal {T}\)-interpretation.

Table 1. Theory-specific notation.
Full size table

Let s be a \(\varSigma \)-term. We denote by \(s^\mathcal {I}\) the value of s in an interpretation \(\mathcal {I}\), defined as usual by recursively determining the values of sub-terms. We denote by \( FV (s)\) the set of all variables occurring in s. Similarly, we write \( FV (\phi )\) to denote the set of all the free variables occurring in a formula \(\phi \). If \( FV (\phi ) = \{v_1,\dots ,v_n\}\), where for each \(i\in [1,n), v_i \prec _{\mathcal {X}} v_{i+1}\), then the relation defined by \(\phi \) (in \(\mathcal {T}\)) is \(\{(v_1^{\mathcal {I}},\dots ,v_n^{\mathcal {I}}) \mid \mathcal {I}\models \phi \text { for some }\mathcal {T}\text {-interpretation }\mathcal {I}\}\). A relation is definable in \(\mathcal {T}\) if there is some formula that defines it. Let \(\boldsymbol{v}\) be a tuple of variables \((v_1,\dots ,v_n)\), and let \(\boldsymbol{t}=(t_1,\dots ,t_n)\) be a tuple of \(\varSigma \)-terms, such that \(t_i\) and \(v_i\) are of the same sort for \(i\in [1,n]\); then, we denote by \(s[{\boldsymbol{v} \leftarrow \boldsymbol{t}]}\) the term obtained from s by simultaneously replacing each occurrence of variable \(v_i\) in s with the term \(t_i\).

If S is a finite sequence \((s_1,\dots ,s_n)\), we write Top(S) to denote, \(s_1\), the first element of S in S; we write Pop(S) to denote the subsequence \((s_2,\dots ,s_n)\) of S. We use \(\emptyset \) to denote both the empty set and the empty sequence. We write \(s\in S\) to mean that s occurs in the sequence S, and write \(S \circ S'\) for the sequence obtained by appending \(S'\) at the end of S.

We adopt the standard notion of strict partial order \(\prec \) on a set A, that is, a relation in \(A \times A\) that is irreflexive, asymmetric, and transitive. The relation \(\prec \) is a strict total order if, in addition, \(a_1 \prec a_2\) or \(a_2 \prec a_1\) for every pair \(a_1, a_2\) of distinct elements of A. As usual, we will call \(\prec \) well-founded over a subset \(A'\) of A if \(A'\) contains no infinite descending chains. An element \(m \in A\) is minimal (with respect to \(\prec \) ) if there is no \(a \in A\) such that \(a \prec m\). If A has a unique minimal element, it is called a minimum.

3 Generalized Optimization Modulo Theories

We introduce a formalization of the Generalized Optimization Modulo Theories problem which unifies single- and multi-objective optimization problems and lays the groundwork for the calculus presented in Sect. 4.

3.1 Formalization

For the rest of the paper, we fix a theory \(\mathcal {T}\) with some signature \(\varSigma \).

Definition 1

(Generalized Optimization Modulo Theories (GOMT)). A Generalized Optimization Modulo Theories problem is a tuple \({\mathcal{G}\mathcal{O}}:= \langle t, \prec , \phi \rangle \), where:

  • t, a \(\varSigma \)-term of some sort \(\sigma \), is an objective term to optimize;

  • \(\prec \) is a strict partial order definable in \(\mathcal {T}\), whose defining formula has two free variables, each of sort \(\sigma \); and

  • \(\phi \) is a \(\varSigma \)-formula.

For any GOMT problem \({\mathcal{G}\mathcal{O}}\) and \(\mathcal {T}\)-interpretations \(\mathcal {I}\) and \(\mathcal {I}'\), we say that:

  • \(\mathcal {I}\) is \({\mathcal{G}\mathcal{O}}\)-consistent if \(\mathcal {I}\models \phi \);

  • \(\mathcal {I}\) \({\mathcal{G}\mathcal{O}}\)-dominates \(\mathcal {I}'\), denoted by \(\mathcal {I}<_{{\mathcal{G}\mathcal{O}}} \mathcal {I}'\), if \(\mathcal {I}\) and \(\mathcal {I}'\) are \({\mathcal{G}\mathcal{O}}\)-consistent and \( t^{\mathcal {I}} \! \prec t^{\mathcal {I}'}\); and

  • \(\mathcal {I}\) is a \({\mathcal{G}\mathcal{O}}\)-solution if \(\mathcal {I}\) is \({\mathcal{G}\mathcal{O}}\)-consistent and no \(\mathcal {T}\)-interpretation \({\mathcal{G}\mathcal{O}}\)-dominates \(\mathcal {I}\).

Informally, the term t represents the objective function, whose value we want to optimize. The order \(\prec \) is used to compare values of t, with a value a being considered better than a value \(a'\) if \(a \prec a'\). Finally, the formula \(\phi \) imposes constraints on the values that t can take. It is easy to see that the value of \(t^\mathcal {I}\) assigned by a \({\mathcal{G}\mathcal{O}}\)-solution \(\mathcal {I}\) is always minimal. As a special case, if \(\prec \) is a total order, then \(t^\mathcal {I}\) is also unique (i.e., it is a minimum). Once we have fixed a GOMT problem \({\mathcal{G}\mathcal{O}}\), we will informally refer to a \({\mathcal{G}\mathcal{O}}\)-consistent interpretation as a solution (of \(\phi \) ) and to a \({\mathcal{G}\mathcal{O}}\)-solution as an optimal solution.

Our notion of Generalized OMT is closely related to one by Bigarella et al. [6], which defines a notion of OMT for a generic background theory using a predicate that corresponds to a total order in that theory. Definition 1 generalizes this in two ways. First, we allow partial orders, with total orders being a special case. One useful application of this generalization is the ability to model multi-objective problems as single-objective problems over a suitable partial order, as we explain below. Second, we do not restrict \(\prec \) to correspond to a predicate symbol in the theory. Instead, any partial order definable in the theory can be used. This general framework captures a large class of optimization problems.

Example 1

Suppose \(\mathcal {T}\) is the theory of real arithmetic with the usual signature. Let \({\mathcal{G}\mathcal{O}}:= \langle x+y, \prec , 0 < x\,\wedge \,xy=1 \rangle \), where x and y are variables of sort Real and \(\prec \) is defined by the formula \(v_1 <_\textsf {R} v_2\) (where \(v_1 \prec _\mathcal {X} v_2\)). A \({\mathcal{G}\mathcal{O}}\)-solution is any interpretation that interprets x and y as 1.

Example 2

With \(\mathcal {T}\) now being the theory of integer arithmetic, let \({\mathcal{G}\mathcal{O}} = \langle x, \prec , x^2 < 20 \rangle \), where x is of sort Int, and \(\prec \) is defined by \(v_1 >_\textsf {Int} v_2\) (where \(v_1 \prec _\mathcal {X} v_2\)). A \({\mathcal{G}\mathcal{O}}\)-solution must interpret x as the maximum integer satisfying \(x^2 < 20\) (i.e., x must have value 4).

The examples above are both instances of what previous work refers to as single-objective optimization problems [64], with the first example being a minimization and the second a maximization problem. The next example illustrates a less conventional ordering.

Note that from now on, to keep the exposition simple, we define partial orders \(\prec \) appearing in \({\mathcal{G}\mathcal{O}}\) problems only semantically, i.e., formally, but without giving a specific defining formula. However, it is easy to check that all orders used in this paper are, in fact, definable in a suitable \(\mathcal {T}\).

Example 3

Let \({\mathcal{G}\mathcal{O}} = \langle x, \prec , x^2 < 20 \rangle \) be a variation of Example 2, where now, for any integers a and b, \(a \prec b\) iff \(|b| \prec _{\textsf {Int}} |a|\). A \({\mathcal{G}\mathcal{O}}\)-solution can interpret x either as 4 or \(-4\). Neither solution dominates the other since their absolute values are equal.

We next show how multi-objective problems are also instances of Definition 1.

3.2 Multi-objective Optimization

We use the term multi-objective optimization to refer to an optimization problem consisting of several sub-problems, each of which is also an optimization problem. A multi-objective optimization may also require specific interrelations among its sub-problems. In this section, we define several varieties of multi-objective optimization problems and show how each can be realized using Definition 1. For each, we also state a correctness proposition which follows straightforwardly from the definitions.

In the following, given a strict ordering \(\prec \), we will denote its reflexive closure by \(\preccurlyeq \). We start with a multi-objective optimization problem which requires that the sub-problems be prioritized in lexicographical order [8, 9, 53, 56, 64].

Definition 2

(Lexicographic Optimization (LO)). A lexicographic optimization problem is a sequence of GOMT problems \(\mathcal{L}\mathcal{O}=({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n)\), where \({\mathcal{G}\mathcal{O}} _i := \langle t_i, \prec _i, \phi _i\rangle \) for \(i \in [1,n]\). For \(\mathcal {T}\)-interpretations \(\mathcal {I}\) and \(\mathcal {I}'\), we say that:

  • \(\mathcal {I}\) \(\mathcal{L}\mathcal{O}\)-dominates \(\mathcal {I}'\), denoted by \(\mathcal {I}<_{\mathcal{L}\mathcal{O}} \mathcal {I}'\), if \(\mathcal {I}\) and \(\mathcal {I}'\) are \({\mathcal{G}\mathcal{O}} _i\)-consistent for each \(i\in [1,n]\), and for some \(j \! \in \! [1,n]\):

    1. (i)

      \(t_i^{\mathcal {I}} = t_i^{\mathcal {I}'}\) for all \(i\in [1,j)\); and

    2. (ii)

      \(t_j^{\mathcal {I}}\) \(\prec _j\) \(t_j^{\mathcal {I}'}\).

  • \(\mathcal {I}\) is a solution to \(\mathcal{L}\mathcal{O}\) iff \(\mathcal {I}\) is \({\mathcal{G}\mathcal{O}} _i\)-consistent for each i and no \(\mathcal {T}\)-interpretation \(\mathcal{L}\mathcal{O}\)-dominates \(\mathcal {I}\).

An \(\mathcal{L}\mathcal{O}\) problem can be solved by converting it into an instance of Definition 1.

Definition 3

(\({\mathcal{G}\mathcal{O}} _\mathcal{L}\mathcal{O}\)). Given an \(\mathcal{L}\mathcal{O}\) problem \(({\mathcal{G}\mathcal{O}} _1,\ldots ,{\mathcal{G}\mathcal{O}} _n)\), with \({\mathcal{G}\mathcal{O}} _i := \langle t_i, \prec _i, \phi _i\rangle \) for \(i \in [1,n]\), the corresponding \({\mathcal{G}\mathcal{O}}\) instance is defined as

\({\mathcal{G}\mathcal{O}} _\mathcal{L}\mathcal{O}({\mathcal{G}\mathcal{O}} _1,\ldots ,{\mathcal{G}\mathcal{O}} _n) := \langle t, \prec _{\mathcal{L}\mathcal{O}}, \phi \rangle \), where:

  • \(t= tup (t_1,\ldots ,t_n)\);       \(\phi = \phi _1\wedge \cdots \wedge \phi _n\);

  • if t is of sort \(\sigma \!\), then \(\prec _{\mathcal{L}\mathcal{O}}\) is the lexicographic extension of \((\!\prec _1, \!\ldots \!,\!\prec _n)\) to \(\sigma ^\mathcal {T}\!\): for \((a_1,\dots ,a_n)\), \((b_1,\dots ,b_n)\in \sigma ^\mathcal {T}\), \((a_1,\dots ,a_n) \prec _{\mathcal{L}\mathcal{O}} (b_1,\dots ,b_n)\) iff for some \(j\in [1,n]:\)

    1. (i)

      \( a_i \) \(=\) \( b_i\) for all \(i \in [1,j)\text {; and }\)

    2. (ii)

      \(a_j \) \(\prec _j\) \(b_j\).

Here and in other definitions below, we use the data type theory constructor \( tup \) to construct the objective term t. This is a convenient mechanism for keeping an ordered list of the sub-objectives and keeps the overall theoretical framework simple. In practice, if using a solver that does not support tuples or the theory of data types, other implementation mechanisms could be used. Note that if each sub-problem uses a total order, then \(\prec _\mathcal{L}\mathcal{O}\) will also be total.

Proposition 1

Let \(\mathcal {I}\) be a \({\mathcal{G}\mathcal{O}} _\mathcal{L}\mathcal{O}\)-solution. Then \(\mathcal {I}\) is also a solution to the corresponding \(\mathcal{L}\mathcal{O}\) problem as defined in Definition 2.

Example 4

(\(\mathcal{L}\mathcal{O}\)). Let \({\mathcal{G}\mathcal{O}} _1\!:=\!\langle x, \prec _1, \! True \rangle \) and \({\mathcal{G}\mathcal{O}} _2\!:=\! \langle y +_{[2]} z, \prec _2, \! True \rangle \), where xyz are variables of sort \( BV _{\![2]}\), \(a \!\prec _1 \!b\) iff \(a \!\prec _{[2]}\! b\), and \(a \!\prec _2 \!b\) iff \(a \!\succ _{[2]}\! b\). Now, let \({\mathcal{G}\mathcal{O}} = {\mathcal{G}\mathcal{O}} _\mathcal{L}\mathcal{O}({\mathcal{G}\mathcal{O}} _1,{\mathcal{G}\mathcal{O}} _2) = \langle t, \prec _\mathcal{L}\mathcal{O}, True \rangle \). Then, \(t= tup (x,y+_{[2]}z)\) and \((a_1,a_2) \prec _\mathcal{L}\mathcal{O} (b_1,b_2)\) iff \(a_1 \prec _{[2]} b_1\) or \((a_1 = b_1 \text { and } a_2 \succcurlyeq _{[2]} b_2 )\).

Now, let \(\mathcal {I}\), \(\mathcal {I}'\), and \(\mathcal {I}''\) be such that: \(x^\mathcal {I}=11, y^\mathcal {I}= 00, z^\mathcal {I}=10\), and \(t^{\mathcal {I}} :=(11,10)\); \(x^{\mathcal {I}'}=01, y^{\mathcal {I}'}=01, z^{\mathcal {I}'}=01\), and \(t^{{\mathcal {I}'}}:=(01,10)\); \(x^{\mathcal {I}''}=01, y^{\mathcal {I}''}=01, z^{\mathcal {I}''}= 10\), and \(t^{{\mathcal {I}''}}:=(01,11)\). Then, \(\mathcal {I}'' <_{\mathcal{G}\mathcal{O}} \mathcal {I}'<_{\mathcal{G}\mathcal{O}} \mathcal {I}\), since \((01,11) \prec _\mathcal{L}\mathcal{O} (01,10) \prec _\mathcal{L}\mathcal{O} (11,10)\).

We can also accommodate Pareto optimization [8, 9, 64] in our framework.

Definition 4

(Pareto Optimization (PO)). A Pareto optimization problem is a sequence of GOMT problems \({\mathcal{P}\mathcal{O}} = ({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n)\), where \({\mathcal{G}\mathcal{O}} _i := \langle t_i, \prec _i, \phi _i \rangle \) for \(i \in [1,n]\). For any \(\mathcal {T}\)-interpretations \(\mathcal {I}\) and \(\mathcal {I}'\), we say that:

  • \({\mathcal {I}}\) \({\mathcal{P}\mathcal{O}}\)-dominates, or Pareto dominates, \(\mathcal {I}'\), denoted by \(\mathcal {I}<_{{\mathcal{P}\mathcal{O}}} \mathcal {I}'\), if \(\mathcal {I}\) and \(\mathcal {I}'\) are \({\mathcal{G}\mathcal{O}}\)-consistent w.r.t. each \({\mathcal{G}\mathcal{O}} _i\), \(i\in [1,n]\), and:

    1. (i)

      \(t_i^{\mathcal {I}} \preccurlyeq _i t_i^{\mathcal {I}'}\) for all \(i \in [1,n]\); and

    2. (ii)

      for some \(j \! \in \! [1,n]\), \(t_j^{\mathcal {I}} \prec _j t_j^{\mathcal {I}'}\).

  • \(\mathcal {I}\) is a solution to \({\mathcal{P}\mathcal{O}}\) iff \(\mathcal {I}\) is \({\mathcal{G}\mathcal{O}}\)-consistent w.r.t. each \({\mathcal{G}\mathcal{O}} _i\) and no \(\mathcal {I}'\) \({\mathcal{P}\mathcal{O}}\)-dominates \(\mathcal {I}\).

Definition 5

(\({\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} \)). Given a PO problem \({\mathcal{P}\mathcal{O}} = ({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n)\), we define \({\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} ({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n) := \langle t, \prec _{{\mathcal{P}\mathcal{O}}}, \phi \rangle \), where:

  • \(t= tup (t_1,\ldots ,t_n)\);      \(\phi = \phi _1\wedge \cdots \wedge \phi _n\);

  • if t is of sort \(\sigma \), then \(\prec _{{\mathcal{P}\mathcal{O}}}\) is the pointwise extension of \((\prec _1, \ldots ,\prec _n)\) to \(\sigma ^{\mathcal {T}}\); for any \((a_1,\dots ,a_n), (b_1,\dots ,b_n) \in \sigma ^\mathcal {T}\), \((a_1,\dots ,a_n) \prec _{{\mathcal{P}\mathcal{O}}} (b_1,\dots ,b_n)\) iff:

    1. (i)

      \(a_i \) \(\preccurlyeq _i\) \(b_i\) \( \text {for all } i \in [1,n]\text {; and}\)

    2. (ii)

      \(a_j\) \(\prec _j\) \(b_j\) \( \text {for some } j\in [1,n]\).

Proposition 2

Let \(\mathcal {I}\) be a \({\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} \)-solution. Then \(\mathcal {I}\) is also a solution to the corresponding \({\mathcal{P}\mathcal{O}}\) problem as defined in Definition 4.

Next, consider a \({\mathcal{P}\mathcal{O}}\) example with two sub-problems: one minimizing the length of a string w, and the other maximizing a substring x of w lexicographically.

Example 5

(\(\mathcal{P}\mathcal{O}\)). Let \(\mathcal {T}\) be the SMT-LIB theory of strings and let \({\mathcal{G}\mathcal{O}} _1:= \langle \textsf {len}(w), \prec _1, \textsf {len}(w) < 4 \rangle \) and \({\mathcal{G}\mathcal{O}} _2:= \langle x, \prec _2, \textsf {contains}(w, x)\rangle \), where w, x are variables of sort Str, \(\prec _1\) is \(\prec _\textsf {Int}\), and \(\prec _2\) is \(\succ _{\textsf {Str}}\). Now, let \({\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} = {\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} ({\mathcal{G}\mathcal{O}} _1, {\mathcal{G}\mathcal{O}} _2)=\langle t, \prec _{\mathcal{P}\mathcal{O}}, \textsf {len}(w)<4 \wedge \textsf {contains}(x, w) \rangle \). Then, \(t = tup (\textsf {len}(w), x)\) and \((a_1,a_2) \prec _{\mathcal{P}\mathcal{O}} (b_1,b_2)\) iff \(a_1 \preccurlyeq _{\textsf {Int}} b_1, \; a_2 \succcurlyeq _{\textsf {str}} b_2\), and \((a_1 \prec _{\textsf {Int}} b_1\) or \(a_2 \succ _{\textsf {str}} b_2)\). Now, let \(\mathcal {I}\), \(\mathcal {I}'\), and \(\mathcal {I}''\) be such that: \(\mathcal {I}:=\{w \mapsto \texttt {"aba"}, x \mapsto \texttt {"ab"}\}\) and \(t^{\mathcal {I}}:=(3,\texttt {"ab"})\); \(\mathcal {I}':=\{w \mapsto \texttt {"z"}, x \mapsto \texttt {"z"}\}\) and \(t^{\mathcal {I}'}:=(1,\texttt {"z"})\); and \(\mathcal {I}'':=\{w \mapsto \epsilon , x \mapsto \epsilon \}\) and \(t^{\mathcal {I}''}:=(0,\epsilon )\). Then, \(\mathcal {I}' <_{{\mathcal{G}\mathcal{O}}} \mathcal {I}\), since \((1, \texttt {"z"}) \prec _{\mathcal{P}\mathcal{O}} (3, \texttt {"ab"})\); but both \(\mathcal {I}\) and \(\mathcal {I}'\) are incomparable with \(\mathcal {I}''\). Both \(\mathcal {I}'\) and \(\mathcal {I}''\) are optimal solutions.

Though we omit them for space reasons, we can similarly capture the MinMax and MaxMin optimization problems [56, 64] as corresponding \({\mathcal{G}\mathcal{O}} _\mathcal {MINMAX}\) and \({\mathcal{G}\mathcal{O}} _\mathcal {MAXMIN}\) instances of Definition 1.Footnote 3

Note that except for degenerate cases, the orders used for MinMax and MaxMin, as well as the order \(\prec _{\mathcal{P}\mathcal{O}} \) above, are always partial orders. Being able to model these multi-objective optimization problems in a clean and simple way is a main motivation for using a partial instead of a total order in Definition 1.

Another problem in the literature is the multiple-independent (or boxed) optimization problem [8, 9, 64]. It simultaneously solves several independent GOMT problems. We show how to realize this as a single \({\mathcal{G}\mathcal{O}}\) instance.

Definition 6

(Boxed Optimization (BO)). A boxed optimization problem is a sequence of GOMT problems, \({\mathcal{B}\mathcal{O}} = ({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n)\), where \({\mathcal{G}\mathcal{O}} _i := \langle t_i, \prec _i, \phi _i\rangle \) for \(i \in [1,n]\). We say that:

  • A sequence of interpretations \({(\mathcal {I}_1,\dots ,\mathcal {I}_n)}\) \({\mathcal{B}\mathcal{O}}\)-dominates \((\mathcal {I}'_1,\dots ,\mathcal {I}'_n)\), denoted by \((\mathcal {I}_1,\dots ,\mathcal {I}_n) <_{{\mathcal{B}\mathcal{O}}} (\mathcal {I}'_1,\dots ,\mathcal {I}'_n)\), if \(\mathcal {I}_i\) and \(\mathcal {I}'_i\) are \({\mathcal{G}\mathcal{O}} _i\)-consistent or each \(i\in [1,n]\), and:

    1. (i)

      \(t_i^{\mathcal {I}_i} \preccurlyeq _i t_i^{\mathcal {I}'_i}\) for all \(i \in [1,n]\); and

    2. (ii)

      for some \(j \! \in \! [1,n]\), \(t_j^{\mathcal {I}_j} \prec _j t_j^{\mathcal {I}'_j}\).

  • \((\mathcal {I}_1,\dots ,\mathcal {I}_n)\) is a solution to \({\mathcal{B}\mathcal{O}}\) iff \(\mathcal {I}_i\) is \({\mathcal{G}\mathcal{O}} _i\)-consistent for each \(i\in [1,n]\) and no \((\mathcal {I}'_1,\dots ,\mathcal {I}'_n)\) \({\mathcal{B}\mathcal{O}}\)-dominates \((\mathcal {I}_1,\dots ,\mathcal {I}_n)\).

Note that in previous work, there is an additional assumption that \(\phi _i = \phi _j\) for all \(i,j\in [1,n]\). Below, we show how to solve the more general case without this assumption. We first observe that the above definition closely resembles Definition 4 for Pareto optimization (PO) problems. Leveraging this similarity, we show how to transform an instance of a BO problem into a PO problem.

Definition 7

(\({\mathcal{G}\mathcal{O}} _{\mathcal{B}\mathcal{O}} \)) Let \({\mathcal{B}\mathcal{O}} = ({\mathcal{G}\mathcal{O}} _1,\dots ,{\mathcal{G}\mathcal{O}} _n)\), where \({\mathcal{G}\mathcal{O}} _i := \langle t_i, \prec _i, \phi _i\rangle \) for \(i \in [1,n]\). Let \(V_i\) be the set of all free variables in the \(i^{th}\) sub-problem that also appear in at least one other sub-problem:

$$V_i = ( FV (t_i)\cup FV (\phi _i)) \;\cap \bigcup _{j\in [1,n],j \ne i} FV (t_j)\cup FV (\phi _j).$$

Let \(\boldsymbol{v_i}=(v_{i,1},\dots ,v_{i,m})\) be some ordering of the variables in \(V_i\) (say, by \(\prec _\mathcal {X}\)), and for each \(j\in [1,m]\), let \(v'_{i,j}\) be a fresh variable of the same sort as \(v_{i,j}\), and let \(\boldsymbol{v'_i}=(v'_{i,1},\dots ,v'_{i,m})\). Then, let \(t'_i = t_i[\boldsymbol{v_i} \leftarrow \boldsymbol{v'_i}]\), \(\phi '_i = \phi _i[\boldsymbol{v_i} \leftarrow \boldsymbol{v'_i}]\), and \({\mathcal{G}\mathcal{O}} '_i = \langle t'_i, \prec _i, \phi '_i\rangle \). Then we define \({\mathcal{G}\mathcal{O}} _{\mathcal{B}\mathcal{O}}:={\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} ({\mathcal{G}\mathcal{O}} '_1, \dots ,{\mathcal{G}\mathcal{O}} '_n)\).

Proposition 3

Let \(\mathcal {I}\) be a solution to \({\mathcal{G}\mathcal{O}} _{\mathcal{B}\mathcal{O}} \) as defined in Definition 7. Then \((\mathcal {I}_1,\dots ,\mathcal {I}_n)\) is a solution to the corresponding \({\mathcal{B}\mathcal{O}}\) problem as defined in Definition 6, where for each \(i\in [1,n]\), \(\mathcal {I}_i\) is the same as \(\mathcal {I}\) except that each variable \(v_{i,j}\in V_i\) is interpreted as \((v'_{i,j})^\mathcal {I}\).

In practice, solvers for BO problems can be implemented without variable renaming (see, e.g., [8, 36, 53]). Variable renaming, while a useful theoretical construct, also adds generality to our definition of \({\mathcal{B}\mathcal{O}} \). An interesting direction for future experimental work would be to compare the two approaches in practice.

Compositional Optimization.    GOMT problems can also be combined by functional composition of multiple objective terms, possibly of different sorts, yielding compositional optimization problems [12, 62, 64]. Our framework handles them naturally by simply constructing an objective term capturing the desired compositional relationship. For example, compositional objectives can address the (partial) MaxSMT problem [64], where some formulas are hard constraints and others are soft constraints. The goal is to satisfy all hard constraints and as many soft constraints as possible. The next example is inspired by Cimatti et al. [12] and Teso et al. [62].

Example 6

(MaxSMT). Let \(x \!\ge \! 0\) and \(y \! \ge \! 0\) be hard constraints and \(4x+y-4 \!\ge \! 0\) and \(2x+3y-6 \!\ge \! 0\) soft constraints. We can formalize this as \({\mathcal{G}\mathcal{O}} _{\mathcal{C}\mathcal{O}} =\langle t, \prec , \phi \rangle \), where: \(t= ite (4x+y-4 \! \ge \! 0,0,1) + ite (2x+3y-6 \! \ge \! 0,0,1)\), \(\prec \ \equiv \ \prec _\textsf {Int}\), and \(\phi = x \!\ge \! 0 \wedge y \! \ge \! 0\). An optimal solution must satisfy both hard constraints and, by minimizing the objective term t, as many soft constraints as possible.

MaxSMT has various variants including generalized, partial, weighted, and partial weighted MaxSMT [64], all of which our framework can handle similarly.

Next, we show a different compositional example that combines two different orders, one on strings and the other on integers. This example also illustrates a theory combination not present in the OMT literature.

Example 7

(Composition of Str and Int). Let \(\mathcal {T}\) be again the theory of stringsFootnote 4 Let \({\mathcal{G}\mathcal{O}} _{\mathcal{C}\mathcal{O}} = \langle tup (x,\textsf {len}(x))\), \(\prec \), \(\textsf {contains}(x, {\texttt {"a"}}) \wedge \textsf {len}(x)>1\rangle \), where x is of sort \(\textsf {Str}\) and \((a_1,b_1) \prec (a_2,b_2)\) iff \(b_1 \prec _{\textsf {Int}} b_2\) or \((b_1 = b_2\) and \(a_1 \succ _{\textsf {str}} a_2)\). \(\prec \) prioritizes minimizing the length, but then maximizes the string with respect to lexicographic order. An optimal solution must interpret x as the string "za" of length 2 since x must be of length at least 2 and contain "a", making "za" the largest string of minimum length.

Based on the definitions given in this section, we see that our formalism can capture any combination of \({\mathcal{G}\mathcal{O}}\) (including compositional), \({\mathcal{G}\mathcal{O}} _\mathcal{L}\mathcal{O}\), \({\mathcal{G}\mathcal{O}} _{\mathcal{P}\mathcal{O}} \), \({\mathcal{G}\mathcal{O}} _\mathcal {MINMAX}\), \({\mathcal{G}\mathcal{O}} _\mathcal {MAXMIN}\), and \({\mathcal{G}\mathcal{O}} _{\mathcal{B}\mathcal{O}} \) problems. And note that the last four all make use of the partial order feature of Definition 1.

4 The GOMT Calculus

We introduce a calculus for solving the GOMT problem, presented as a set of derivation rules. We fix a GOMT problem \({\mathcal{G}\mathcal{O}} = \langle t, \prec , \phi \rangle \) where \(\phi \) is satisfiable (optimizing does not make sense otherwise). We start with a few definitions.

Definition 8

(State). A state is a tuple \(\varPsi = \langle \mathcal {I}, \varDelta , \tau \rangle \), where \(\mathcal {I}\) is an interpretation, \(\varDelta \) is a formula, and \(\tau \) is a sequence of formulas.

The set of all states forms the state space for the GOMT problem. Intuitively, the proof procedure of the calculus is a search procedure over this state space which maintains at all times a current state \(\langle \mathcal {I}, \varDelta , \tau \rangle \) storing a candidate solution and additional search information. In the current state, \(\mathcal {I}\) is the best solution found so far in the search; \(\varDelta \) is a formula describing the remaining, yet unexplored, part of the state space, where a better solution might exist; and \(\tau \) contains formulas that divide up the search space described by \(\varDelta \) into branches represented by the individual formulas in \(\tau \), maintaining the invariant that the disjunction of all the formulas \(\tau _1, \ldots , \tau _p\) in \(\tau \) is equivalent to \(\varDelta \) modulo \(\phi \), that is, \(\phi \models (\bigvee _{i=1}^p \tau _i \Leftrightarrow \varDelta )\).

Note that states contain \(\mathcal {T}\)-interpretations, which are possibly infinite mathematical structures. This is useful to keep the calculus simple. In practice, it is enough just to keep track of the interpretations of the (finitely-many) symbols without fixed meanings (variables and uninterpreted functions and sorts) appearing in the state, much as SMT solvers do in order to produce models.

Definition 9

(Solve). \(\textsc {Solve}\) is a function that takes a formula and returns a satisfying interpretation if the formula is satisfiable and a distinguished value \(\bot \) otherwise.

Definition 10

(Better). \(\textsc {Better} _{\mathcal{G}\mathcal{O}} \) is a function that takes a \({\mathcal{G}\mathcal{O}}\)-consistent interpretation \(\mathcal {I}\) and returns a formula \(\textsc {Better} _{\mathcal{G}\mathcal{O}} (\mathcal {I})\) with the property that for every \({\mathcal{G}\mathcal{O}}\)-consistent interpretation \(\mathcal {I}'\),

$$\begin{aligned} \mathcal {I}' \models \textsc {Better} _{\mathcal{G}\mathcal{O}} (\mathcal {I}) \ \text { iff}\ \, \mathcal {I}' <_{{\mathcal{G}\mathcal{O}}} \mathcal {I}. \end{aligned}$$

The function above is specific to the given optimization problem \({\mathcal{G}\mathcal{O}}\) or, put differently, is parametrized by t, \(\prec \), and \(\phi \). When \({\mathcal{G}\mathcal{O}}\) is clear, however, we simply write \(\textsc {Better} \), for conciseness.

The calculus relies on the existence and computability of \(\textsc {Solve}\) and \(\textsc {Better} \). \(\textsc {Solve}\) can be realized by any standard SMT solver. \(\textsc {Better} \) relies on a defining formula for \(\prec \) as discussed below. We note that intuitively, \(\textsc {Better} (\mathcal {I})\) is simply a (possibly unsatisfiable) formula characterizing the solutions of \(\phi \) that are better than \(\mathcal {I}\). Assuming \(\alpha _{\prec }\) is the formula defining \(\prec \), with free variables \(v_1 \prec _\mathcal {X} v_2\), if the value \(t^\mathcal {I}\) can be represented by some constant c (e.g., if \(t^\mathcal {I}\) is a rational number), then \(\textsc {Better} (\mathcal {I}) = \alpha _{\prec }[(v_1,v_2)\leftarrow (t,c)]\) satisfies Definition 10. On the other hand, it could be that \(t^\mathcal {I}\) is not representable as a constant (e.g., it could be an algebraic real number); then, a more sophisticated formula (involving, say, a polynomial and an interval specifying a particular root) may be required.

Definition 11

(Initial State). The initial state of the GOMT problem \({\mathcal{G}\mathcal{O}} = \langle t, \prec , \phi \rangle \) is \(\langle \mathcal {I}_0, \varDelta _0, \tau _0\rangle \), where \(\mathcal {I}_0 = \textsc {Solve}(\phi )\), \(\varDelta _0 = \textsc {Better} (\mathcal {I}_0)\), \(\tau _0 = (\varDelta _0)\).

Note that \(\mathcal {I}_0 \not = \bot \) since we assume that \(\phi \) is satisfiable. The search for an optimal solution to the GOMT problem in our calculus starts with an arbitrary solution of the constraint \(\phi \) and continues until it finds an optimal one.

Fig. 1.
figure 1

The derivation rules of the GOMT Calculus.

Full size image

4.1 Derivation Rules

Figure 1 presents the derivation rules of the GOMT calculus. The rules are given in guarded assignment form, where the rule premises describe the conditions on the current state that must hold for the rule to apply, and the conclusion describes the resulting modifications to the state. State components not mentioned in the conclusion of a rule are unchanged.

A derivation rule applies to a state if (i) the conditions in the premise are satisfied by the state and (ii) the resulting state is different. A state is saturated if no rules apply to it. A \({\mathcal{G}\mathcal{O}}\)-derivation is a sequence of states, possibly infinite, where the first state is the initial state of the GOMT problem \({\mathcal{G}\mathcal{O}}\), and each state in the sequence is obtained by applying one of the rules to the previous state. The solution sequence of a derivation is the sequence made up of the solutions (i.e., the interpretations) in each state of the derivation.

The calculus starts with a solution for \(\phi \) and improves on it until an optimal solution is found. During a derivation, the best solution found so far is maintained in the \(\mathcal {I}\) component of the current state. A search for a better solution can be organized into branches through the use of the F-Split rule. Progress toward a better solution is enforced by the formula \(\varDelta \) which, by construction, is falsified by all the solutions found so far. We elaborate on the individual rules next.

F-Split.   F-Split divides the branch of the search space represented by the top formula \(\psi = \textsc {Top}(\tau )\) in \(\tau \) into k sub-branches \((\psi _1, \dots ,\psi _k)\), ensuring their disjunction is equivalent to \(\psi \) modulo the constraint \(\phi \): \(\phi \models \psi \Leftrightarrow \bigvee _{j=1}^k \psi _j\). The rest of the state remains unchanged. F-Split is applicable whenever \(\tau \) is non-empty. The rule does not specify how the formulas \(\psi _1, \ldots , \psi _k\) are chosen. However, a pragmatic implementation should aim to generate them so that they are irredundant in the sense that no formula is entailed modulo \(\phi \) by the (disjunction of the) other formulas. This way, each branch potentially contains a solution that the others do not. Note, however, that this is not a requirement.

F-Sat.  The F-Sat rule applies when there is a solution in the branch represented by the top formula \(\psi \) in \(\tau \). The rule selects a solution \(\mathcal {I}' = \textsc {Solve}(\phi \wedge \psi )\) from that branch. One can prove that, by the way the formulas in \(\tau \) are generated in the calculus, \(\mathcal {I}'\) necessarily improves on the current solution \(\mathcal {I}\), moving the search closer to an optimal solution.Footnote 5 Thus, F-Sat switches to the new solution (with \(\mathcal {I}:=\mathcal {I}'\)) and directs the search to seek an even better solution by updating \(\varDelta \) to \(\varDelta ' = \varDelta \ \wedge \ \textsc {Better}(\mathcal {I}')\). Note that F-Sat resets \(\tau \) to the singleton sequence \((\varDelta ')\), discarding any formulas in \(\tau \). This is justified, as any discarded better solutions must also be in the space defined by \(\varDelta '\).

F-Close.   The F-Close rule eliminates the first element \(\psi \) of a non-empty \(\tau \) if the corresponding branch contains no solutions (i.e., \(\textsc {Solve}(\phi \wedge \psi ) = \bot \)). The rule further updates the state by adding the negation of \(\psi \) to \(\varDelta \) as a way to eliminate from further consideration the interpretations satisfying \(\psi \).

Note that rules F-Sat and F-Close both update \(\varDelta \) to reflect the remaining search space, whereas F-Split refines the division of the current search space.

4.2 Search Strategies

The GOMT calculus provides the flexibility to support different search strategies. Here, we give some examples, including both notable strategies from the OMT literature as well as new strategies enabled by the calculus, and explain how they work at a conceptual level.

Divergence of Strategies: The strategies discussed below, with the exception of Hybrid search, may diverge if an optimal solution does not exist or if there is a Zeno-style [54, 55] infinite chain of increasingly better solutions, all dominated by an optimal one. We discuss these issues and termination in general in Sect. 4.4.

Linear Search: A linear search strategy is obtained by never using the F-Split rule. Instead, the F-Sat rule is applied to completion (that is, repeatedly until it no longer applies). As we show later (see Theorem 2), in the absence of Zeno chains, \(\tau \) eventually becomes empty, terminating the search. At that point, \(\mathcal {I}\) is guaranteed to be an optimal solution.

Binary Search: A binary search strategy is achieved by using the F-Split rule to split the search space represented by \(\psi = \textsc {Top}(\tau )\) into two subspaces, represented by two formulas \(\psi _1\) and \(\psi _2\), with \(\phi \models \psi \Leftrightarrow (\psi _1 \vee \psi _2)\). In a strict binary search strategy, \(\psi _1\) and \(\psi _2\) should be chosen so that the two subspaces are disjoint and, to the extent possible, of equal size. A typical binary strategy alternates applications of F-Split with applications of either F-Sat or F-Close until \(\tau \) becomes empty, at which point \(\mathcal {I}\) is guaranteed to be an optimal solution. A smart strategy would aim to find an optimal solution as soon as possible by arranging for solutions in \(\psi _1\) (which will be checked first) to be better than solutions in \(\psi _2\), if this is easy to determine. Note that an unfortunate choice of \(\psi _1\) by F-Split, containing no solutions at all, is quickly remedied by an application of F-Close which removes \(\psi _1\), allowing \(\psi _2\) to be considered next. The same problem of Zeno-style infinite chains can occur in this strategy.

Multi-directional Exploration: For multi-objective optimization problems, a search strategy can be defined to simultaneously direct the search space towards any or all objectives. Formally, if n is the number of objectives, then the F-Split rule can be instantiated in such a way that \(\psi _j = \bigwedge _{i=1}^n \psi _{ji}\), where \(\psi _{ji}\) is a formula describing a part of the search space for the \(i^{th}\) objective term in the \(j^{th}\) branch.

Search Order: We formalize \(\tau \) as a sequence to enforce exploring the branches in \(\tau \) in a specific order, assuming such an order can be determined at the time of applying F-Split. Often, this is the case. For example, in binary search, it is typically best to explore the section of the search space with better objective values first. If a solution is found in this section, a larger portion of the search space is pruned. Conversely, if the branches are explored in another order, even finding a solution necessitates continued exploration of the space corresponding to the remaining branches.

Alternatively, \(\tau \) can be implemented as a set, by redefining the Top and Pop functions accordingly to select and remove a desired element in \(\tau \). With \(\tau \) defined as a set, additional search strategies are possibile, including parallel exploration of the search space and the ability to arbitrarily switch between branches.

Hybrid Search: For some objectives and orders, there exist off-the-shelf external optimization procedures (e.g., Simplex for linear real arithmetic). One way to integrate such a procedure into our calculus is to replace a call to the \(\textsc {Solve}\) function in F-Sat with a call to an external optimization procedure Optimize that is sort- and order-compatible with the GOMT problem. We pass to \(\textsc {Optimize}\) as parameters the constraint \(\phi \wedge \textsc {Top}(\tau )\) and the objective t and obtain an optimal solution in the current branch \(\textsc {Top}(\tau )\).Footnote 6 The call can be viewed as an accelerator for a linear search on the current branch. This approach incorporates theory-specific optimization solvers in much the same way as is done in the OMT literature. However, our calculus extends previous approaches with the ability to blend theory-specific optimization with theory-agnostic optimization by interleaving applications of F-Sat using Solve with applications using Optimize. For example, we may want to alternate between expensive calls to an external optimization solver and calls to a standard solver that are guided by a custom branching heuristic.

Other Strategies: The calculus enables us to mix and match the above strategies arbitrarily, as well as to model other notable search techniques like cutting planes [16] by integrating a cut formula into Solve. And, of course, one advantage of an abstract calculus is that its generality provides a framework for the exploration of new strategies. Such an exploration is a promising direction for future work.

4.3 New Applications

A key feature of our framework is that it is theory-agnostic, that is, it can be used with any SMT theory or combination of theories. This is in contrast to most of the OMT literature in which a specific theory is targeted. It also fully supports arbitrary composition of GOMT problems using the multi-objective approaches described in Sect. 3.2. Thus, our framework enables OMT to be extended to new application areas requiring either combinations of theories or multi-objective formulations that are unsupported by previous approaches. We illustrate this (and the calculus itself) using a Pareto optimization problem over the theories of strings and integers (a combination of theories and objectives unsupported by any existing OMT approach or solver).

Example 8

(\({\mathcal{G}\mathcal{O}} _\mathcal{P}\mathcal{O}\)). Let \({\mathcal{G}\mathcal{O}} _1:= \langle \textsf {len}(w), \prec _1, \textsf {len}(s) < \textsf {len}(w) \rangle \) and \({\mathcal{G}\mathcal{O}} _2:= \langle x, \prec _2, x = s \cdot w \cdot s\rangle \), where w, x, s are of sort \(\textsf {Str}\), \(\textsf {len}(w)\) and \(\textsf {len}(s)\) are of sort \(\textsf {Int}\), \(\prec _1 \ \equiv \ \prec _{\textsf {Int}}\), and \(\prec _2 \ \equiv \ \succ _{\textsf {Str}}\);. Then, let \({\mathcal{G}\mathcal{O}} _\mathcal{P}\mathcal{O}({\mathcal{G}\mathcal{O}} _1,{\mathcal{G}\mathcal{O}} _2):=\langle t, \prec _\mathcal{P}\mathcal{O}, \phi \rangle \), where t is \( tup (\textsf {len}(w), x)\), \(\phi \) is \(x = s \cdot w \cdot s \ \wedge \ \textsf {len}(s) < \textsf {len}(w)\), and \((a_1,a_2) \prec _\mathcal{P}\mathcal{O} (b_1,b_2)\) iff \(a_1 \preccurlyeq _1 b_1, \; a_2 \preccurlyeq _2 b_2\), and either \(a_1 \prec _1 b_1\) or \(a_2 \prec _2 b_2\) or both. Suppose initially:

$$\begin{aligned} & \mathcal {I}_0 =\ \{x \mapsto \texttt {"aabaa"}, s \mapsto \texttt {"a"}, w \mapsto \texttt {"aba"}, \},\quad \tau _0 =\ (\varDelta _0),\\ & \varDelta _0 =\ (\textsf {len}(w) \le 3 \wedge x >_{\textsf {str}} \texttt {"aabaa"}) \vee (\textsf {len}(w) < 3 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"}). \end{aligned}$$

The initial objective term value is \((3,\texttt {"aabaa"})\).

  1. 1.

    We can first apply F-Split to split the top-level disjunction in \(\tau \). And suppose we want to work on the second disjunct first. This results in:

    $$\begin{aligned} \tau _1 =\ ( \textsf {len}(w) < 3 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"},\textsf {len}(w) \le 3 \wedge x >_{\textsf {str}} \texttt {"aabaa"}) \end{aligned}$$

    while the other elements of the state are unchanged.

  2. 2.

    Now, suppose we want to do binary search on the length objective. This can be done by again applying the F-Split rule with the disjunction \((\textsf {len}(w) < 2 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"}) \vee (2 \le \textsf {len}(w) < 3 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"}) \) to get:

    $$\begin{aligned} \tau _2 =& ( \textsf {len}(w) < 2 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"},2\le \textsf {len}(w) < 3 \wedge x \ge _{\textsf {str}} \texttt {"aabaa"},\\ &\ \textsf {len}(w) \le 3 \wedge x >_{\textsf {str}} \texttt {"aabaa"}). \end{aligned}$$
  3. 3.

    Both F-Split and F-Sat are applicable, but we follow the strategy of applying F-Sat after a split. Suppose we get the new solution \(\mathcal {I}' = \{x \mapsto \texttt {"b"}, s \mapsto \epsilon , w \mapsto \texttt {"b"}\}\). Then we have:

    $$\begin{aligned} & \mathcal {I}_3 = \{x \mapsto \texttt {"b"}, s \mapsto \epsilon , w \mapsto \texttt {"b"}\},\quad \tau _3 =\ (\varDelta _3),\\ & \varDelta _3 =\ (\textsf {len}(w) \le 1 \wedge x >_{\textsf {str}} \texttt {"b"}) \vee (\textsf {len}(w) < 1 \wedge x \ge _{\textsf {str}} \texttt {"b"}). \end{aligned}$$
  4. 4.

    Both F-Split and F-Sat are again applicable. Suppose that we switch now to linear search and thus again apply F-Sat, and suppose the new solution is \(\mathcal {I}' = \{x \mapsto \texttt {"z"}, s \mapsto \epsilon , w \mapsto \texttt {"z"}\}\). This brings us to the state:

    $$\begin{aligned} & \mathcal {I}_4 =\ \{x \mapsto \texttt {"z"}, s \mapsto \epsilon , w \mapsto \texttt {"z"}\},\quad \tau _4 =\ (\varDelta _4),\\ & \varDelta _4 =\ (\textsf {len}(w) \le 1 \wedge x >_{\textsf {str}} \texttt {"z"}) \vee (\textsf {len}(w) < 1 \wedge x \ge _{\textsf {str}} \texttt {"z"}). \end{aligned}$$
  5. 5.

    Now, \(\textsc {Solve}(\phi \wedge ((\textsf {len}(w) \le 1 \wedge x >_{\textsf {str}} \texttt {"z"}) \vee (\textsf {len}(w) < 1 \wedge x \ge _{\textsf {str}} \texttt {"z"}))) = \bot \). Indeed, \(\textsf {len}(w) \ne 0\), since \(0 \le \textsf {len}(s) < \textsf {len}(w)\); if \(\textsf {len}(w) = 1\), then \(\textsf {len}(s) = 0\) and \(\textsf {len}(x) = 1\), thus, \(x \not >_{\textsf {str}} \texttt {"z"}\). Now F-Close can derive the state:

    $$\begin{aligned} \langle \mathcal {I}_5, \varDelta _5, \tau _5\rangle = \langle \mathcal {I}_4, \varDelta _4 \wedge \lnot \varDelta _4, \emptyset \rangle \end{aligned}$$
  6. 6.

    We have reached a saturated state, and \(\mathcal {I}_5\) is a Pareto optimal solution.    \(\square \)

Optimization of objectives involving strings and integers (or strings and bitvectors) could be especially useful in security applications such as those mentioned in [60]. Optimization could be used in such applications to ensure that a counter-example is as simple as possible, for example.

Examples of multi-objective problems unsupported by existing solvers include multiple Pareto problems with a single min/max query, Pareto-lexicographic multi-objective optimization, and single Pareto queries involving MinMax and MaxMin optimization (see, for example, [1, 32, 52]). Our framework offers immediate solutions to these problems.

As has repeatedly been the case in SMT research, when new capabilities are introduced, new applications emerge. We expect that will happen also for the new capabilities introduced in this paper. One possible application is the optimization of emerging technology circuit designs [22].

4.4 Correctness

In this section, we establish correctness properties for \({\mathcal{G}\mathcal{O}}\)-derivations. Initially, we demonstrate that upon reaching a saturated state, the interpretation \(\mathcal {I}\) in that state is optimal.Footnote 7

Theorem 1

(Solution Soundness) Let \(\langle \mathcal {I}, \varDelta , \tau \rangle \) be a saturated state in a derivation for a GOMT problem \({\mathcal{G}\mathcal{O}}\). Then, \(\mathcal {I}\) is an optimal solution to \({\mathcal{G}\mathcal{O}}\).

Proof

(Sketch) We show that in a saturated state \(\tau = \emptyset \), and when \(\tau = \emptyset \), \(\phi \models \lnot \varDelta \). Then, we establish that \(\mathcal {I}\) is \({\mathcal{G}\mathcal{O}}\)-consistent, and that for any \({\mathcal{G}\mathcal{O}}\)-consistent \(\mathcal {T}\)-interpretation \(\mathcal {J}\), \(\mathcal {J} \models \varDelta \)   iff   \(\mathcal {J} <_{{\mathcal{G}\mathcal{O}}} \mathcal {I}\). This implies there is no \(\mathcal {J}\) s.t. \(\mathcal {J} \models \phi \) and \(\mathcal {J} <_{{\mathcal{G}\mathcal{O}}} \mathcal {I}\), confirming \(\mathcal {I}\) as an optimal solution to \({\mathcal{G}\mathcal{O}}\).    \(\square \)

In general, the calculus does not always have complete derivation strategies, for a variety of reasons. It could be that the problem is unbounded, i.e., no optimal solutions exist along some branch. Another possibility is that the order is not well-founded, and thus, an infinite sequence of improving solutions can be generated without ever reaching an optimal solution. For the former, various checks for unboundedness can be used. These are beyond the scope of this work, but some approaches are discussed in Trentin [64]. The latter can be overcome using a hybrid strategy when an optimization procedure exists (see Theorem 4). It is also worth observing that any derivation strategy is in effect an anytime procedure: forcibly stopping a derivation at any point yields (in the final state) the best solution found so far. When an optimal solution exists and is unique, stopping early provides the best approximation up to that point of the optimal solution.

There are also fairly general conditions under which solution complete derivation strategies do exist. We present them next.

Definition 12

A derivation strategy is progressive if it (i) never halts in a non-saturated state and (ii) only uses F-Split a finite number of times in any derivation.

Let us again fix a GOMT problem \({\mathcal{G}\mathcal{O}} = \langle t, \prec , \phi \rangle \). Consider the set \(A_t = \{ t^\mathcal {I}\,\mid \, \mathcal {I}\text { is }{\mathcal{G}\mathcal{O}} \text {-consistent} \}\), collecting all values of t in interpretations satisfying \(\phi \).

Theorem 2

(Termination) If \(\prec \) is well-founded over \(A_t\), any progressive strategy reaches a saturated state.

Proof

(Sketch) We show that any derivation using a progressive strategy terminates when \(\prec \) is well-founded. Subsequently, based on the definition of progressive, the final state must be saturated.    \(\square \)

Theorem 3

(Solution Completeness) If \(\prec \) is well-founded over \(A_t\) and \({\mathcal{G}\mathcal{O}}\) has one or more optimal solutions, every derivation generated by a progressive derivation strategy ends with a saturated state containing one of them.

Proof

The proof is a direct consequence of Theorem 1 and Theorem 2.    \(\square \)

Solution completeness can also be achieved using an appropriate hybrid strategy.

Theorem 4

If \({\mathcal{G}\mathcal{O}}\) has one or more optimal solutions and is not unbounded along any branch, then every derivation generated by a progressive hybrid strategy, where \(\textsc {Solve}\) is replaced by \(\textsc {Optimize}\) in F-Sat, ends with a saturated state containing one of them.

Proof

(Sketch) If D is such a derivation, we note that F-Split can only be applied a finite number of times in D and consider the suffix of D after the last application of F-Split. In that suffix, F-Close can only be applied a finite number of times in a row, after which F-Sat must be applied. We then show that due to the properties of \(\textsc {Optimize}\), this must be followed by either an application of F-Close or a single application of F-Sat followed by F-Close. Both cases result in saturated states. The theorem then follows from Theorem 1.    \(\square \)

5 Related Work

Various approaches for solving the OMT problem have been proposed. We summarize the key ideas below and refer the reader to Trentin [64] for a more thorough survey.

The offline schema employs an SMT solver as a black box for optimization search through incremental calls [54, 55], following linear- or binary-search strategies. Initial bounds on the objective function are given and iteratively tightened after each call to the SMT solver. In contrast, the inline schema conducts the optimization search within the SMT solver itself [54, 55], integrating the optimization criteria into its internal algorithm. While the inline schema can be more efficient than the offline counterpart, it necessitates invasive changes to the solver and may not be possible for every theory.

Symbolic Optimization optimizes multiple independent linear arithmetic objectives simultaneously [36], seeking optimal solutions for each corresponding objective. This approach improves performance by sharing SMT search effort. It exists in both offline and inline versions, with the latter demonstrating superior performance. Other arithmetic schemas combine simplex, branch-and-bound, and cutting-plane techniques within SMT solvers [44, 50]. A polynomial constraint extension has also been introduced [33].

Theory-specific techniques address objectives involving pseudo-Booleans [11, 54, 55, 57], bitvectors [40, 65], bitvectors combined with floating-point arithmetic [66], and nonlinear arithmetic [6]. Other related work includes techniques for lexicographic optimization [8], Pareto optimization [8, 24], MaxSMT [19], and All-OMT [64].

Our calculus is designed to capture all of these variations. It directly corresponds to the offline schema, can handle both single- and multi-objective problems, and can integrate solvers with inline capabilities (including theory-specific ones) using the hybrid solving strategy. Efficient MaxSMT approaches [19] can also be mimicked in our calculus. These approaches systematically explore the search space by iteratively processing segments derived from unsat cores. Our calculus can instantiate these branches using the F-Split rule, by first capturing unsat cores from calls to F-Close, and then using these cores to direct the search in the F-Split rule.

6 Conclusion and Future Work

This paper introduces the Generalized OMT problem, a proper extension of the OMT problem. It also provides a general setting for formalizing various approaches for solving the problem in terms of a novel calculus for GOMT and proves its key correctness properties. As with previous work on abstract transition systems for SMT [27, 31, 39, 45], this work establishes a framework for both theoretical exploration and practical implementations. The framework is general in several aspects: (i) it is parameterized by the optimization order, which does not need to be total; (ii) it unifies single- and multi-objective optimization problems in a single definition; (iii) it is theory-agnostic, making it applicable to any theory or combination of theories; and (iv) it provides a formal basis for understanding and exploring search strategies for Generalized OMT.

In future work, we plan to explore an extension of the calculus to the generalized All-OMT problem. We also plan to develop a concrete implementation of the calculus in a state-of-the-art SMT solver and evaluate it experimentally against current OMT solvers.