Abstract
We prove several decidability and undecidability results for the satisfiability and validity problems for languages that can express solutions to word equations with length constraints. The atomic formulas over this language are equality over string terms (word equations), linear inequality over the length function (length constraints), and membership in regular sets. These questions are important in logic, program analysis, and formal verification. Variants of these questions have been studied for many decades by mathematicians. More recently, practical satisfiability procedures (aka SMT solvers) for these formulas have become increasingly important in the context of security analysis for string-manipulating programs such as web applications.
We prove three main theorems. First, we give a new proof of undecidability for the validity problem for the set of sentences written as a ∀ ∃ quantifier alternation applied to positive word equations. A corollary of this undecidability result is that this set is undecidable even with sentences with at most two occurrences of a string variable. Second, we consider Boolean combinations of quantifier-free formulas constructed out of word equations and length constraints. We show that if word equations can be converted to a solved form, a form relevant in practice, then the satisfiability problem for Boolean combinations of word equations and length constraints is decidable. Third, we show that the satisfiability problem for quantifier-free formulas over word equations in regular solved form, length constraints, and the membership predicate over regular expressions is also decidable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blumensath, A.: Automatic structures. Diploma thesis, RWTH-Aachen (1999)
Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., Engler, D.: EXE: automatically generating inputs of death. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM Conference on Computer and Communications Security, pp. 322–335. ACM (2006)
Charatonik, W., Pacholski, L.: Word equations with two variables. In: Abdulrab, H., Pécuchet, J.-P. (eds.) IWWERT 1991. LNCS, vol. 677, pp. 43–56. Springer, Heidelberg (1993)
Dabrowski, R., Plandowski, W.: On word equations in one variable. Algorithmica 60(4), 819–828 (2011)
Durnev, V.: Undecidability of the positive ∀ ∃ 3-theory of a free semigroup. Siberian Mathematical Journal 36(5), 1067–1080 (1995)
Ebbinghaus, H.-D., Flum, J., Thomas, W.: Mathematical Logic. Undergraduate Texts in Mathematics. Springer (1994)
Emmi, M., Majumdar, R., Sen, K.: Dynamic test input generation for database applications. In: Rosenblum, D., Elbaum, S. (eds.) ISSTA, pp. 151–162. ACM (2007)
Ganesh, V., Kieżun, A., Artzi, S., Guo, P.J., Hooimeijer, P., Ernst, M.: HAMPI: A string solver for testing, analysis and vulnerability detection. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 1–19. Springer, Heidelberg (2011)
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Sarkar, V., Hall, M. (eds.) PLDI, pp. 213–223. ACM (2005)
Hopcroft, J., Motwani, R., Ullman, J.: Introduction to automata theory, languages, and computation. Pearson/Addison Wesley (2007)
Ilie, L., Plandowski, W.: Two-variable word equations. ITA 34(6), 467–501 (2000)
Karhumäki, J., Mignosi, F., Plandowski, W.: The expressibility of languages and relations by word equations. J. ACM 47(3), 483–505 (2000)
Kiezun, A., Ganesh, V., Guo, P., Hooimeijer, P., Ernst, M.: HAMPI: a solver for string constraints. In: Rothermel, G., Dillon, L. (eds.) ISSTA, pp. 105–116. ACM (2009)
Majumdar, R.: Private correspondence. SWS, MPI, Kaiserslautern, Germany (2010)
Makanin, G.: The problem of solvability of equations in a free semigroup. Math. Sbornik 103, 147–236 (1977); English transl. in Math USSR Sbornik 32 (1977)
Marchenkov, S.S.: Unsolvability of positive ∀ ∃-theory of free semi-group. Sibirsky Mathmatichesky Jurnal 23(1), 196–198 (1982)
Matiyasevich, Y.: Word equations, Fibonacci numbers, and Hilbert’s tenth problem (2006) (unpublished), http://logic.pdmi.ras.ru/?yumat/Journal/jcontord.htm
Matiyasevich, Y.: Computation paradigms in light of Hilbert’s Tenth Problem. In: Cooper, S., Löwe, B., Sorbi, A. (eds.) New Computational Paradigms, pp. 59–85. Springer, New York (2008)
Möller, O.: ∃ BV [n] solvability. SRI International, Menlo Park, CA, USA (October 1996) (unpublished manuscript)
Plandowski, W.: Satisfiability of word equations with constants is in PSPACE. In: FOCS, pp. 495–500. IEEE Computer Society (1999)
Plandowski, W.: An efficient algorithm for solving word equations. In: Kleinberg, J. (ed.) STOC, pp. 467–476. ACM (2006)
Presburger, M.: Über de vollständigkeit eines gewissen systems der arithmetik ganzer zahlen, in welchen, die addition als einzige operation hervortritt. In: Comptes Rendus du Premier Congrès des Mathématicienes des Pays Slaves, Warsaw, pp. 92–101, 395 (1927)
Quine, W.V.: Concatenation as a basis for arithmetic. The Journal of Symbolic Logic 11(4), 105–114 (1946)
Robson, J.M., Diekert, V.: On quadratic word equations. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 217–226. Springer, Heidelberg (1999)
Saxena, P., Akhawe, D., Hanna, S., Mao, F., McCamant, S., Song, D.: A symbolic execution framework for JavaScript. In: IEEE Symposium on Security and Privacy, pp. 513–528. IEEE Computer Society (2010)
Schulz, K.U.: Makanin’s algorithm for word equations-two improvements and a generalization. In: Schulz, K.U. (ed.) IWWERT 1990. LNCS, vol. 572, pp. 85–150. Springer, Heidelberg (1992)
Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: Ferrante, J., McKinley, K. (eds.) PLDI, pp. 32–41. ACM (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ganesh, V., Minnes, M., Solar-Lezama, A., Rinard, M. (2013). Word Equations with Length Constraints: What’s Decidable?. In: Biere, A., Nahir, A., Vos, T. (eds) Hardware and Software: Verification and Testing. HVC 2012. Lecture Notes in Computer Science, vol 7857. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39611-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-39611-3_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39610-6
Online ISBN: 978-3-642-39611-3
eBook Packages: Computer ScienceComputer Science (R0)