A model counter for constraints over unbounded strings

Model counting is the problem of determining the number of solutions that satisfy a given set of constraints. Model counting has numerous applications in the quantitative analyses of program execution time, information flow, combinatorial circuit designs as well as probabilistic reasoning. We present a new approach to model counting for structured data types, specifically strings in this work. The key ingredient is a new technique that leverages generating functions as a basic primitive for combinatorial counting. Our tool SMC which embodies this approach can model count for constraints specified in an expressive string language efficiently and precisely, thereby outperforming previous finite-size analysis tools. SMC is expressive enough to model constraints arising in real-world JavaScript applications and UNIX C utilities. We demonstrate the practical feasibility of performing quantitative analyses arising in security applications, such as determining the comparative strengths of password strength meters and determining the information leakage via side channels.

[1]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd Edition , 1997 .

[2]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[3]  Donald E. Knuth,et al.  The art of computer programming: V.1.: Fundamental algorithms , 1997 .

[4]  Marc De Mey Linear Perspective , 1992 .

[5]  Alexander I. Barvinok,et al.  A Polynomial Time Algorithm for Counting Integral Points in Polyhedra when the Dimension Is Fixed , 1993, FOCS.

[6]  Dan Roth,et al.  On the Hardness of Approximate Reasoning , 1993, IJCAI.

[7]  Philippe Flajolet,et al.  An introduction to the analysis of algorithms , 1995 .

[8]  Roberto J. Bayardo,et al.  Using CSP Look-Back Techniques to Solve Real-World SAT Instances , 1997, AAAI/IAAI.

[9]  Eliezer L. Lozinskii,et al.  The Good Old Davis-Putnam Procedure Helps Counting Models , 2011, J. Artif. Intell. Res..

[10]  Roberto J. Bayardo,et al.  Counting Models Using Connected Components , 2000, AAAI/IAAI.

[11]  Alexandru Turjan,et al.  A Compile Time Based Approach for Solving Out-of-Order Communication in Kahn Process Networks , 2002, ASAP.

[12]  Björn Lisper,et al.  Fully Automatic, Parametric Worst-Case Execution Time Analysis , 2003, WCET.

[13]  Kristof Beyls,et al.  Generating cache hints for improved program efficiency , 2005, J. Syst. Archit..

[14]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[15]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[16]  Vincent Loechner,et al.  Counting Integer Points in Parametric Polytopes Using Barvinok's Rational Functions , 2007, Algorithmica.

[17]  Vasco M. Manquinho,et al.  Counting Models in Integer Domains , 2006, SAT.

[18]  Miguel Castro,et al.  Better bug reporting with better privacy , 2008, ASPLOS 2008.

[19]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[20]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[21]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[22]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[23]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[24]  Philippe Flajolet,et al.  Analytic Combinatorics , 2009 .

[25]  Toniann Pitassi,et al.  Solving #SAT and Bayesian Inference with Backtracking Search , 2014, J. Artif. Intell. Res..

[26]  Westley Weimer,et al.  A decision procedure for subset constraints over regular languages , 2009, PLDI '09.

[27]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[28]  Nir Friedman,et al.  Probabilistic Graphical Models: Principles and Techniques - Adaptive Computation and Machine Learning , 2009 .

[29]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[30]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[31]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[32]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[33]  Vladimir Klebanov,et al.  Precise Quantitative Information Flow Analysis Using Symbolic Model Counting , 2012 .

[34]  Corina S. Pasareanu,et al.  Symbolic quantitative information flow , 2012, SOEN.

[35]  Axel Legay,et al.  QUAIL: A Quantitative Security Analyzer for Imperative Code , 2013, CAV.

[36]  Shweta Shinde,et al.  AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content , 2013, CCS.

[37]  Mohammad Mannan,et al.  From Very Weak to Very Strong: Analyzing Password-Strength Meters , 2014, NDSS.