Chain-Free String Constraints

We address the satisfiability problem for string constraints that combine relational constraints represented by transducers, word equations, and string length constraints. This problem is undecidable in general. Therefore, we propose a new decidable fragment of string constraints, called weakly chaining string constraints, for which we show that the satisfiability problem is decidable. This fragment pushes the borders of decidability of string constraints by generalising the existing straight-line as well as the acyclic fragment of the string logic. We have developed a prototype implementation of our new decision procedure, and integrated it into in an existing framework that uses CEGAR with under-approximation of string constraints based on flattening. Our experimental results show the competitiveness and accuracy of the new framework.

[1]  Cesare Tinelli,et al.  Scaling Up DPLL(T) String Solvers Using Context-Dependent Simplification , 2017, CAV.

[2]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[3]  Yunhui Zheng,et al.  ZSstrS: A string solver with theory-aware heuristics , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[4]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Yuri Matiyasevich Computation Paradigms in Light of Hilbert's Tenth Problem , 2008 .

[6]  Yunhui Zheng,et al.  Z3str3: A String Solver with Theory-aware Branching , 2017, ArXiv.

[7]  Thomas Schwentick,et al.  Counting in Trees for Free , 2004, ICALP.

[8]  Parosh Aziz Abdulla,et al.  String Constraints for Verification , 2014, CAV.

[9]  Philipp Rümmer,et al.  String constraints with concatenation and transducers solved efficiently , 2017, Proc. ACM Program. Lang..

[10]  Parosh Aziz Abdulla,et al.  Norn: An SMT Solver for String Constraints , 2015, CAV.

[11]  Joxan Jaffar,et al.  S3: A Symbolic String Solver for Vulnerability Detection in Web Applications , 2014, CCS.

[12]  Fang Yu,et al.  Stranger: An Automata-Based String Analysis Tool for PHP , 2010, TACAS.

[13]  Steve Hanna,et al.  FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.

[14]  J. Richard Büchi,et al.  Definability in the Existential Theory of Concatenation and Undecidable Extensions of this Theory , 1988, Math. Log. Q..

[15]  Wojciech Plandowski Satisfiability of word equations with constants is in PSPACE , 2004, JACM.

[16]  Yan Chen,et al.  What Is Decidable about String Constraints with the ReplaceAll Function , 2017, 1711.03363.

[17]  Philipp Rümmer,et al.  Decision procedures for path feasibility of string-manipulating programs with complex operations , 2018, Proc. ACM Program. Lang..

[18]  Joxan Jaffar,et al.  Progressive Reasoning over Recursively-Defined Strings , 2016, CAV.

[19]  Christophe Morvan,et al.  On Rational Graphs , 2000, FoSSaCS.

[20]  Anthony Widjaja Lin,et al.  String solving with word equations and transducers: towards a logic for analysing mutation XSS , 2015, POPL.

[21]  Elena Sherman,et al.  Evaluation of string constraint solvers in the context of symbolic execution , 2014, ASE.

[22]  W. V. Quine,et al.  Concatenation as a basis for arithmetic , 1946, Journal of Symbolic Logic.

[23]  Armando Solar-Lezama,et al.  Word Equations with Length Constraints: What's Decidable? , 2012, Haifa Verification Conference.

[24]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[25]  G. Makanin The Problem of Solvability of Equations in a Free Semigroup , 1977 .

[26]  Vijay Ganesh,et al.  Undecidability of a Theory of Strings, Linear Arithmetic over Length, and String-Number Conversion , 2016, ArXiv.

[27]  Klaus U. Schulz,et al.  Makanin's Algorithm for Word Equations - Two Improvements and a Generalization , 1990, IWWERT.

[28]  Xiangyu Zhang,et al.  Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.

[29]  Wojciech Plandowski,et al.  An efficient algorithm for solving word equations , 2006, STOC '06.

[30]  Jie-Hong Roland Jiang,et al.  String Analysis via Automata Manipulation with Logic Circuit Representation , 2016, CAV.

[31]  Volker Diekert,et al.  Quadratic Word Equations , 1999, Jewels are Forever.

[32]  Parosh Aziz Abdulla,et al.  Trau: SMT solver for string constraints , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[33]  Cesare Tinelli,et al.  A DPLL(T) Theory Solver for a Theory of Strings and Regular Expressions , 2014, CAV.

[34]  Parosh Aziz Abdulla,et al.  Flatten and conquer: a framework for efficient analysis of string constraints , 2017, PLDI.

[35]  Loris D'Antoni,et al.  Automatic program inversion using symbolic transducers , 2017, PLDI.