What is Decidable about Strings

We prove several decidability and undecidability results for the satisfiability/validity problem of formulas over a language of finite-length strings and integers (interpreted as lengths of strings). The atomic formulas over this language are equality over string terms (word equations), linear inequality over length function (length constraints), and membership predicate over regular expressions (r.e.). These decidability questions are important in logic, program analysis and formal verification. Logicians have been attempting to resolve some of these questions for many decades, while practical satisfiability procedures for these formulas are increasingly important in the analysis of string-manipulating programs such as web applications and scripts. We prove three main theorems. First, we consider Boolean combination of quantifier-free formulas constructed out of word equations and length constraints. We show that if word equations can be converted to a solved form, a form relevant in practice, then the satisfiability problem for Boolean combination of word equations and length constraints is decidable. Second, we show that the satisfiability problem for word equations in solved form that are regular, length constraints and r.e. membership predicate is also decidable. Third, we show that the validity problem for the set of sentences written as a ∀∃ quantifier alternation applied to positive word equations is undecidable. A corollary of this undecidability result is that this set is undecidable even with sentences with at most two occurrences of a string variable.

[1]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Michael D. Ernst,et al.  HAMPI: a solver for string constraints , 2009, ISSTA.

[3]  Dawson R. Engler,et al.  EXE: Automatically Generating Inputs of Death , 2008, TSEC.

[4]  Rupak Majumdar,et al.  Dynamic test input generation for database applications , 2007, ISSTA '07.

[5]  Zhendong Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[6]  Wojciech Plandowski,et al.  An efficient algorithm for solving word equations , 2006, STOC '06.

[7]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[8]  R. Dabrowski,et al.  Solving Two-Variable Word Equations (Extended Abstract) , 2004, ICALP.

[9]  Robert Dabrowski,et al.  On Word Equations in One Variable , 2002, Algorithmica.

[10]  Achim Blumensath,et al.  Automatic structures , 2000, Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.99CB36332).

[11]  Wojciech Plandowski,et al.  Two-variable word equations , 2000, RAIRO Theor. Informatics Appl..

[12]  Wojciech Plandowski,et al.  Satisfiability of word equations with constants is in PSPACE , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[13]  Volker Diekert,et al.  Quadratic Word Equations , 1999, Jewels are Forever.

[14]  Wojciech Plandowski,et al.  The expressibility of languages and relations by word equations , 1997, JACM.

[15]  M. Sipser Introduction to the Theory of Computation , 1996, SIGA.

[16]  V. Durnev Undecidability of the positive ∀∃3-theory of a free semigroup , 1995 .

[17]  Y. Matiyasevich Hilbert's tenth problem , 1993 .

[18]  Witold Charatonik,et al.  Word Equations with Two Variables , 1991, IWWERT.

[19]  Klaus U. Schulz,et al.  Makanin's Algorithm for Word Equations - Two Improvements and a Generalization , 1990, IWWERT.

[20]  G. Makanin The Problem of Solvability of Equations in a Free Semigroup , 1977 .

[21]  W. V. Quine,et al.  Concatenation as a basis for arithmetic , 1946, Journal of Symbolic Logic.

[22]  Clark W. Barrett,et al.  Ph.D. thesis: Checking the validity of quantifier-free formulas in combinations of first-order theories , 2003 .

[23]  Clark W. Barrett,et al.  Checking validity of quantifier-free formulas in combinations of first-order theories , 2002 .

[24]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[25]  S. Adler private correspondence , 1972 .

[26]  Willard Van Orman Quine,et al.  Mathematical logic , 1967 .