Chapter

Tools and Algorithms for the Construction and Analysis of Systems

Volume 5505 of the series Lecture Notes in Computer Science pp 322-336

Symbolic String Verification: Combining String Analysis and Size Analysis

  • Fang YuAffiliated withDepartment of Computer Science, University of California
  • , Tevfik BultanAffiliated withDepartment of Computer Science, University of California
  • , Oscar H. IbarraAffiliated withDepartment of Computer Science, University of California

Abstract

We present an automata-based approach for symbolic verification of systems with unbounded string and integer variables. Particularly, we are interested in automatically discovering the relationships among the string and integer variables. The lengths of the strings in a regular language form a semilinear set. We present a novel construction for length automata that accept the unary or binary representations of the lengths of the strings in a regular language. These length automata can be integrated with an arithmetic automaton that recognizes the valuations of the integer variables at a program point. We propose a static analysis technique that uses these automata in a forward fixpoint computation with widening and is able to catch relationships among the lengths of the string variables and the values of the integer variables. This composite string and integer analysis enables us to verify properties that cannot be verified using string analysis or size analysis alone.