A Novel Approach to String Constraint Solving

  • Roberto Amadini
  • Graeme Gange
  • Peter J. Stuckey
  • Guido Tack
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10416)

Abstract

String processing is ubiquitous across computer science, and arguably more so in web programming. In order to reason about programs manipulating strings we need to solve constraints over strings. In Constraint Programming, the only approaches we are aware for representing string variables—having bounded yet possibly unknown size—degrade when the maximum possible string length becomes too large. In this paper, we introduce a novel approach that decouples the size of the string representation from its maximum length. The domain of a string variable is dynamically represented by a simplified regular expression that we called a dashed string, and the constraint solving relies on propagation of information based on equations between dashed strings. We implemented this approach in G-Strings, a new string solver—built on top of Gecode solver—that already shows some promising results.

References

  1. 1.
    Amadini, R., Flener, P., Pearson, J., Scott, J.D., Stuckey, P.J., Tack, G.: Minizinc with strings. In: Logic-Based Program Synthesis and Transformation - 25th International Symposium, LOPSTR 2016 (2016). https://arxiv.org/abs/1608.03650
  2. 2.
    Amadini, R., Gabbrielli, M., Mauro, J.: A multicore tool for constraint solving. In: Proceedings of the International Joint Conference on Artificial Intelligence, pp. 232–238. AAAI Press (2015)Google Scholar
  3. 3.
    Amadini, R., Jordan, A., Gange, G., Gauthier, F., Schachte, P., Søndergaard, H., Stuckey, P.J., Zhang, C.: Combining string abstract domains for javascript analysis: an evaluation. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 41–57. Springer, Heidelberg (2017). doi:10.1007/978-3-662-54577-5_3 CrossRefGoogle Scholar
  4. 4.
    Barahona, P., Krippahl, L.: Constraint programming in structural bioinformatics. Constraints 13(1–2), 3–20 (2008)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Bisht, P., Hinrichs, T.L., Skrupsky, N., Venkatakrishnan, V.N.: WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 575–586. ACM (2011)Google Scholar
  6. 6.
    Björdal, G.: String variables for constraint-based local search. Master’s thesis, Department of Information Technology, Uppsala University, Sweden, August 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-301501
  7. 7.
    Björdal, G., Monette, J.-N., Flener, P., Pearson, J.: A constraint-based local search backend for MiniZinc. Constraints 20(3), 325–345 (2015)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Bjørner, N., Tillmann, N., Voronkov, A.: Path feasibility analysis for string-manipulating programs. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 307–321. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00768-2_27 CrossRefGoogle Scholar
  9. 9.
    Chu, G.: Improving combinatorial optimization. Ph.D. thesis, Department of Computing and Information Systems, University of Melbourne, Australia (2011)Google Scholar
  10. 10.
    Costantini, G., Ferrara, P., Cortesi, A.: A suite of abstract domains for static analysis of string values. Softw.: Pract. Exp. 45(2), 245–287 (2015)Google Scholar
  11. 11.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the Fourth ACM Symposium on Principles of Programming Languages, pp. 238–252. ACM (1977)Google Scholar
  12. 12.
    Emmi, M., Majumdar, R., Sen, K.: Dynamic test input generation for database applications. In: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 151–162. ACM (2007)Google Scholar
  13. 13.
    Feydy, T., Somogyi, Z., Stuckey, P.J.: Half reification and flattening. In: Lee, J. (ed.) CP 2011. LNCS, vol. 6876, pp. 286–301. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23786-7_23 CrossRefGoogle Scholar
  14. 14.
    Fu, X., Powell, M.C., Bantegui, M., Li, C.: Simple linear string constraints. Form. Asp. Comput. 25(6), 847–891 (2013)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Fujiwara, T.: iZplus description (2016). http://www.minizinc.org/challenge2016/description_izplus.txt
  16. 16.
    Ganesh, V., Minnes, M., Solar-Lezama, A., Rinard, M.: Word equations with length constraints: what’s decidable? In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 209–226. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39611-3_21 CrossRefGoogle Scholar
  17. 17.
    Gange, G., Navas, J.A., Stuckey, P.J., Søndergaard, H., Schachte, P.: Unbounded model-checking with interpolation for regular language constraints. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 277–291. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36742-7_20 CrossRefGoogle Scholar
  18. 18.
    Gecode Team. Gecode: generic constraint development environment (2016). http://www.gecode.org
  19. 19.
    Golden, K., Pang, W.: Constraint reasoning over strings. In: Rossi, F. (ed.) CP 2003. LNCS, vol. 2833, pp. 377–391. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45193-8_26 CrossRefGoogle Scholar
  20. 20.
    He, J., Flener, P., Pearson, J., Zhang, W.M.: Solving string constraints: the case for constraint programming. In: Schulte, C. (ed.) CP 2013. LNCS, vol. 8124, pp. 381–397. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40627-0_31 CrossRefGoogle Scholar
  21. 21.
    Hooimeijer, P., Weimer, W.: StrSolve: solving string constraints lazily. Autom. Softw. Eng. 19(4), 531–559 (2012)CrossRefGoogle Scholar
  22. 22.
    Kiezun, A., Ganesh, V., Artzi, S., Guo, P.J., Hooimeijer, P., Ernst, M.D.: HAMPI: a solver for word equations over strings, regular expressions, and context-free grammars. ACM Trans. Softw. Eng. Methodol. 21(4), Article 25 (2012)Google Scholar
  23. 23.
    Kim, S.-W., Chin, W., Park, J., Kim, J., Ryu, S.: Inferring grammatical summaries of string values. In: Garrigue, J. (ed.) APLAS 2014. LNCS, vol. 8858, pp. 372–391. Springer, Cham (2014). doi:10.1007/978-3-319-12736-1_20 Google Scholar
  24. 24.
    Li, G., Ghosh, I.: PASS: string solving with parameterized array and interval automaton. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 15–31. Springer, Cham (2013). doi:10.1007/978-3-319-03077-7_2 CrossRefGoogle Scholar
  25. 25.
    Madsen, M., Andreasen, E.: String analysis for dynamic field access. In: Cohen, A. (ed.) CC 2014. LNCS, vol. 8409, pp. 197–217. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54807-9_12 CrossRefGoogle Scholar
  26. 26.
    Nethercote, N., Stuckey, P.J., Becket, R., Brand, S., Duck, G.J., Tack, G.: MiniZinc: towards a standard CP modelling language. In: Bessière, C. (ed.) CP 2007. LNCS, vol. 4741, pp. 529–543. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74970-7_38 CrossRefGoogle Scholar
  27. 27.
    Ohrimenko, O., Stuckey, P.J., Codish, M.: Propagation via lazy clause generation. Constraints 14(3), 357–391 (2009)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Saxena, P., Akhawe, D., Hanna, S., Mao, F., McCamant, S., Song, D.: A symbolic execution framework for JavaScript. In: S&P, pp. 513–528. IEEE Computer Society (2010)Google Scholar
  29. 29.
    Scott, J.D.: Other things besides number: abstraction, constraint propagation, and string variable types. Ph.D. thesis, Department of Information Technology, Uppsala University, Sweden (2016). http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-273311
  30. 30.
    Scott, J.D., Flener, P., Pearson, J.: Constraint solving on bounded string variables. In: Michel, L. (ed.) CPAIOR 2015. LNCS, vol. 9075, pp. 375–392. Springer, Cham (2015). doi:10.1007/978-3-319-18008-3_26 Google Scholar
  31. 31.
    Scott, J.D., Flener, P., Pearson, J., Schulte, C.: Design and implementation of bounded-length sequence variables. In: Salvagnin, D., Lombardi, M. (eds.) CPAIOR 2017. LNCS, vol. 10335, pp. 51–67. Springer, Cham (2017). doi:10.1007/978-3-319-59776-8_5 CrossRefGoogle Scholar
  32. 32.
    Tateishi, T., Pistoia, M., Tripp, O.: Path- and index-sensitive string analysis based on monadic second-order logic. ACM Trans. Softw. Eng. Methodol. 22(4), 33 (2013)CrossRefGoogle Scholar
  33. 33.
    Yu, F., Alkhalaf, M., Bultan, T.: Stranger: an automata-based string analysis tool for PHP. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 154–157. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12002-2_13 CrossRefGoogle Scholar
  34. 34.
    Zheng, Y., Ganesh, V., Subramanian, S., Tripp, O., Dolby, J., Zhang, X.: Effective search-space pruning for solvers of string equations, regular expressions and length constraints. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 235–254. Springer, Cham (2015). doi:10.1007/978-3-319-21690-4_14 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Roberto Amadini
    • 1
  • Graeme Gange
    • 1
  • Peter J. Stuckey
    • 1
  • Guido Tack
    • 2
  1. 1.University of MelbourneMelbourneAustralia
  2. 2.Monash UniversityMelbourneAustralia

Personalised recommendations