On the Separability Problem of String Constraints

We address the separability problem for straight-line string constraints. The separability problem for languages of a class C by a class S asks: given two languages A and B in C, does there exist a language I in S separating A and B (i.e., I is a superset of A and disjoint from B)? The separability of string constraints is the same as the fundamental problem of interpolation for string constraints. We first show that regular separability of straight line string constraints is undecidable. Our second result is the decidability of the separability problem for straight-line string constraints by piece-wise testable languages, though the precise complexity is open. In our third result, we consider the positive fragment of piece-wise testable languages as a separator, and obtain an EXPSPACE algorithm for the separability of a useful class of straight-line string constraints, and a PSPACE-hardness result.

[1]  Yunhui Zheng,et al.  ZSstrS: A string solver with theory-aware heuristics , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[2]  Joxan Jaffar,et al.  Progressive Reasoning over Recursively-Defined Strings , 2016, CAV.

[3]  Parosh Aziz Abdulla,et al.  On the Separability Problem of String Constraints , 2020, CONCUR.

[4]  Xiangyu Zhang,et al.  Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.

[5]  Wim Martens,et al.  A Characterization for Decidable Separability by Piecewise Testable Languages , 2014, Discret. Math. Theor. Comput. Sci..

[6]  Parosh Aziz Abdulla,et al.  Trau: SMT solver for string constraints , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[7]  Yunhui Zheng,et al.  Z3str3: A String Solver with Theory-aware Branching , 2017, ArXiv.

[8]  Steve Hanna,et al.  FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.

[9]  Seymour Ginsburg,et al.  Abstract Families of Languages , 1967, SWAT.

[10]  Slawomir Lasota,et al.  Regular separability of one counter automata , 2017, 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[11]  Bruno Courcelle,et al.  On Constructing Obstruction Sets of Words , 1991, Bull. EATCS.

[12]  Slawomir Lasota,et al.  Regular Separability of Well-Structured Transition Systems , 2018, CONCUR.

[13]  Jie-Hong Roland Jiang,et al.  String Analysis via Automata Manipulation with Logic Circuit Representation , 2016, CAV.

[14]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[15]  Wim Martens,et al.  Efficient Separability of Regular Languages by Subsequences and Suffixes , 2013, ICALP.

[16]  Joxan Jaffar,et al.  S3: A Symbolic String Solver for Vulnerability Detection in Web Applications , 2014, CCS.

[17]  Parosh Aziz Abdulla,et al.  Chain-Free String Constraints , 2019, ATVA.

[18]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[19]  Anthony Widjaja Lin,et al.  String solving with word equations and transducers: towards a logic for analysing mutation XSS , 2015, POPL.

[20]  Thomas Place,et al.  Separating Regular Languages by Piecewise Testable and Unambiguous Languages , 2013, MFCS.

[21]  Parosh Aziz Abdulla,et al.  String Constraints for Verification , 2014, CAV.

[22]  Wojciech Plandowski,et al.  An efficient algorithm for solving word equations , 2006, STOC '06.

[23]  Yan Chen,et al.  What Is Decidable about String Constraints with the ReplaceAll Function , 2017, 1711.03363.

[24]  Parosh Aziz Abdulla,et al.  Priced Timed Petri Nets , 2013, Log. Methods Comput. Sci..

[25]  Cesare Tinelli,et al.  An efficient SMT solver for string constraints , 2016, Formal Methods Syst. Des..

[26]  Graham Higman,et al.  Ordering by Divisibility in Abstract Algebras , 1952 .

[27]  Elena Sherman,et al.  Evaluation of string constraint solvers in the context of symbolic execution , 2014, ASE.

[28]  Benedikt Bollig,et al.  Emptiness of Ordered Multi-Pushdown Automata is 2ETIME-Complete , 2017, Int. J. Found. Comput. Sci..

[29]  Cesare Tinelli,et al.  A DPLL(T) Theory Solver for a Theory of Strings and Regular Expressions , 2014, CAV.

[30]  Parosh Aziz Abdulla,et al.  Flatten and conquer: a framework for efficient analysis of string constraints , 2017, PLDI.

[31]  Anca Muscholl,et al.  Minimizing Resources of Sweeping and Streaming String Transducers , 2016, ICALP.

[32]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[33]  Cesare Tinelli,et al.  Scaling Up DPLL(T) String Solvers Using Context-Dependent Simplification , 2017, CAV.

[34]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[35]  Lorenzo Clemente,et al.  Regular Separability of Parikh Automata , 2016, ICALP.

[36]  Philipp Rümmer,et al.  String constraints with concatenation and transducers solved efficiently , 2017, Proc. ACM Program. Lang..

[37]  Vijay Ganesh,et al.  Undecidability of a Theory of Strings, Linear Arithmetic over Length, and String-Number Conversion , 2016, ArXiv.

[38]  Luca Breveglieri,et al.  Multi-Push-Down Languages and Grammars , 1996, Int. J. Found. Comput. Sci..

[39]  Fang Yu,et al.  Stranger: An Automata-Based String Analysis Tool for PHP , 2010, TACAS.

[40]  Philipp Rümmer,et al.  Decision procedures for path feasibility of string-manipulating programs with complex operations , 2018, Proc. ACM Program. Lang..

[41]  Christophe Morvan,et al.  On Rational Graphs , 2000, FoSSaCS.

[42]  Armando Solar-Lezama,et al.  (Un)Decidability Results for Word Equations with Length and Regular Expression Constraints , 2013, ArXiv.

[43]  Armando Solar-Lezama,et al.  Word Equations with Length Constraints: What's Decidable? , 2012, Haifa Verification Conference.

[44]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[45]  Moshe Y. Vardi A Note on the Reduction of Two-Way Automata to One-Way Automata , 1989, Inf. Process. Lett..

[46]  Kenneth L. McMillan,et al.  An interpolating theorem prover , 2005, Theor. Comput. Sci..