Symbolic Transducers

Symbolic Finite Transducers, or SFTs, is a representation of finite transducers that annotates transitionswith logical formulae to denote sets of concrete transitions. Th is representation has practical advantages in applications f or web security analysis, as it provides ways to succinctly represnt web sanitizers that operate on large alphabets. More important ly, the representation is also conducive for efficient analysis usi ng stateof-the-art theorem proving techniques. Besides introduci ng SFTs we provide algorithms for various closure properties including composition and domain restriction. A central result is that equivalence of SFTs is decidable when there is a fixed bound on how many different values that can be generated for arbitrary inputs. In practice, we use a semi-decision algorithm, enco ded axiomatically, for non-equivalence of arbitrary SFTs. We show that several of the main results lift to a more expressive ver sion of SFTs with Registers, SFTRs. They admit a fixed set of register s that can be referenced in the logical formulae, updated by input characters, or used to generate output.

[1]  Chen C. Chang,et al.  Model Theory: Third Edition (Dover Books On Mathematics) By C.C. Chang;H. Jerome Keisler;Mathematics , 1966 .

[2]  P. M. Cohn,et al.  THE METAMATHEMATICS OF ALGEBRAIC SYSTEMS , 1972 .

[3]  Marcel Paul Schützenberger,et al.  Sur les relations rationnelles , 1975, Automata Theory and Formal Languages.

[4]  Oscar H. Ibarra,et al.  The unsolvability of the equivalence problem for e-free NGSM's with unary input (output) alphabet and applications , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[5]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[6]  Karel Culik,et al.  The Equivalence Problem for Single-Valued Two-Way Transducers (on NPDT0L Languages) is Decidable , 1987, SIAM J. Comput..

[7]  Michael A. Arbib,et al.  An Introduction to Formal Language Theory , 1988, Texts and Monographs in Computer Science.

[8]  Dominique Perrin,et al.  Finite Automata , 1958, Philosophy.

[9]  Wolfgang Thomas,et al.  Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics , 1990 .

[10]  Nissim Francez,et al.  Finite-Memory Automata , 1994, Theor. Comput. Sci..

[11]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[12]  Wolfgang Thomas,et al.  Languages, Automata, and Logic , 1997, Handbook of Formal Languages.

[13]  Gertjan van Noord,et al.  Finite State Transducers with Predicates and Identities , 2001, Grammars.

[14]  Thomas Schwentick,et al.  Finite state machines for strings over infinite alphabets , 2004, TOCL.

[15]  Alan J. Demers,et al.  On some decidable properties of finite state translations , 2004, Acta Informatica.

[16]  Yasuhiko Minamide,et al.  Static approximation of dynamically generated Web pages , 2005, WWW '05.

[17]  Luc Segoufin Automata and Logics for Words and Trees over an Infinite Alphabet , 2006, CSL.

[18]  Thomas Schwentick,et al.  Two-Variable Logic on Words with Data , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[19]  Z. Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[20]  Zhendong Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[21]  Bertrand Jeannet,et al.  Lattice Automata: A Representation for Languages on Infinite Alphabets, and Some Applications to Verification , 2007, SAS.

[22]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[23]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[24]  Christopher Krügel,et al.  Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[25]  Hiroshi Inamura,et al.  Dynamic test input generation for web applications , 2008, ISSTA '08.

[26]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[27]  Westley Weimer,et al.  A decision procedure for subset constraints over regular languages , 2009, PLDI '09.

[28]  Margus Veanes,et al.  BEK: Modeling Imperative String Operations with Symbolic Transducers , 2010 .

[29]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[30]  Margus Veanes,et al.  Qex: Symbolic SQL Query Explorer , 2010, LPAR.

[31]  Margus Veanes,et al.  Rex: Symbolic Regular Expression Explorer , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[32]  Nikolaj Bjørner,et al.  Symbolic Automata Constraint Solving , 2010, LPAR.

[33]  Michael Benedikt,et al.  Automata vs. Logics on Data Words , 2010, CSL.

[34]  𝒫𝒮-regular languages , 2011, Int. J. Comput. Math..

[35]  Margus Veanes,et al.  An Evaluation of Automata Algorithms for String Analysis , 2011, VMCAI.