Skip to main content
SpringerLink
Log in

Solving String Theories Involving Regular Membership Predicates Using SAT

  • Conference paper
  • First Online:
Model Checking Software (SPIN 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13255))

Included in the following conference series:

Abstract

String solvers gained a more prominent role in the formal analysis of string-heavy programs, causing an ever-growing need for efficient and reliable solving algorithms. Regular constraints play a central role in several real-world queries. To emerge this field, we present two approaches to encode regular constraints as a Boolean satisfiability problem, one making use of the inductive structure of regular expressions and one working on nondeterministic finite automata. We implement both approaches using Woorpje, a recently developed purely SAT-based string solver, as a framework. An evaluation of our approaches shows that they are competitive to state-of-the-art string solvers and even outperform them in many cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    All proofs are omitted due to space constraints but made available in the appendix for reviewing purpose.

  2. 2.

    This is due to the fact that for all \(\psi \in \mathscr {F}_{PL}\) we have \(\psi \vee \bot \Leftrightarrow \psi \).

  3. 3.

    https://git.zs.informatik.uni-kiel.de/dbp/wordsolve/-/tree/spin22.

  4. 4.

    Additionally, we replaced the unescaped " occurring in the Stringfuzz set with dots.

References

  1. Abdulla, P.A., et al.: Norn: an SMT solver for string constraints. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 462–469. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_29

  2. Audemard, G., Simon, L.: On the glucose SAT solver. Int. J. Artif. Intell. Tools 27(01), 1840001 (2018). https://doi.org/10.1142/S0218213018400018

    Article  Google Scholar 

  3. Ball, T., Rajamani, S.K.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 260–264. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44585-4_25

    Chapter  Google Scholar 

  4. Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14

  5. Berzish, M., et al.: String theories involving regular membership predicates: from practice to theory and back. In: Lecroq, T., Puzynina, S. (eds.) WORDS 2021. LNCS, vol. 12847, pp. 50–64. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85088-3_5

  6. Berzish, M., Ganesh, V., Zheng, Y.: Z3str3: a string solver with theory-aware heuristics. In: 2017 Formal Methods in Computer Aided Design (FMCAD), pp. 55–59. IEEE, Vienna (2017). https://doi.org/10.23919/FMCAD.2017.8102241

  7. Berzish, M., et al.: An SMT solver for regular expressions and linear arithmetic over string length. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12760, pp. 289–312. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81688-9_14

  8. Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker blast. Int. J. Softw. Tools Technol. Transf. 9(5–6), 505–525 (2007). https://doi.org/10.1007/s10009-007-0044-z

    Article  Google Scholar 

  9. Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16

    Chapter  Google Scholar 

  10. Blotsky, D., Mora, F., Berzish, M., Zheng, Y., Kabir, I., Ganesh, V.: StringFuzz: a fuzzer for string solvers. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 45–51. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96142-2_6

    Chapter  Google Scholar 

  11. Boole, G.: The Mathematical Analysis of Logic. Cambridge University Press (1847)

    Google Scholar 

  12. Brzozowski, J.A.: Derivatives of regular expressions. J. ACM 11(4), 481–494 (1964). https://doi.org/10.1145/321239.321249

    Article  MathSciNet  MATH  Google Scholar 

  13. Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves, R., van Renesse, R. (eds.) 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, 8–10 December 2008, San Diego, pp. 209–224. USENIX Association (2008). http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdf

  14. Chrobak, M.: Finite automata and unary languages. Theoret. Comput. Sci. 47, 149–158 (1986). https://doi.org/10.1016/0304-3975(86)90142-8

    Article  MathSciNet  MATH  Google Scholar 

  15. Day, J.D., Ehlers, T., Kulczynski, M., Manea, F., Nowotka, D., Poulsen, D.B.: On solving word equations using SAT. In: Filiot, E., Jungers, R., Potapov, I. (eds.) RP 2019. LNCS, vol. 11674, pp. 93–106. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30806-3_8

    Chapter  Google Scholar 

  16. Ganesh, V., Berzish, M.: Undecidability of a theory of strings, linear arithmetic over length, and string-number conversion. CoRR abs/1605.09442 (2016). http://arxiv.org/abs/1605.09442

  17. Holík, L., Janku, P., Lin, A.W., Rümmer, P., Vojnar, T.: String constraints with concatenation and transducers solved efficiently. Proc. ACM Program. Lang. 2(POPL), 1–32 (2018)

    Google Scholar 

  18. Gerard, H., Checker, J.S.M.: The Primer and Reference Manual. Addison Wesley, Boston (2003)

    Google Scholar 

  19. Karhumäki, J., Mignosi, F., Plandowski, W.: The expressibility of languages and relations by word equations. J. ACM 47(3), 483–505 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  20. Kroening, D., Tautschnig, M.: CBMC – C bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_26

    Chapter  Google Scholar 

  21. Kulczynski, M., Lotz, K., Nowotka, D., Poulsen, D.B.: Evaluation artifacts for: solving string theories involving regular membership predicates using sat (2022). https://doi.org/10.5281/zenodo.6384326

  22. Kulczynski, M., Manea, F., Nowotka, D., Poulsen, D.B.: The power of string solving: simplicity of comparison. In: Proceedings of the IEEE/ACM 1st International Conference on Automation of Software Test, pp. 85–88. ACM, Seoul (2020). https://doi.org/10.1145/3387903.3389317

  23. Matos, A.B.: Periodic sets of integers. Theoret. Comput. Sci. 127(2), 287–312 (1994). https://doi.org/10.1016/0304-3975(94)90044-2

    Article  MathSciNet  MATH  Google Scholar 

  24. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  25. Plandowski, W.: An efficient algorithm for solving word equations. In: Proceedings of the 38th Annual ACM Symposium on Theory of Computing, pp. 467–476. STOC (2006). https://doi.org/10.1145/1132516.1132584

  26. Plandowski, W., Rytter, W.: Application of Lempel-Ziv encodings to the solution of word equations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 731–742. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055097

    Chapter  Google Scholar 

  27. Stanford, C., Veanes, M., Bjørner, N.: Symbolic Boolean derivatives for efficiently solving extended regular expression constraints. In: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, pp. 620–635. ACM (2021). https://doi.org/10.1145/3453483.3454066

  28. The SMT-LIB Initiative: The SMT Standard. https://smtlib.cs.uiowa.edu/standard.shtml. Accessed 17 Jan 2022

  29. Thomé, J., Shar, L.K., Bianculli, D., Briand, L.: An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving. IEEE Trans. Softw. Eng. 46(2), 163–195 (2018)

    Article  Google Scholar 

  30. Tseitin, G.S.: On the complexity of derivation in propositional calculus. In: Siekmann, J.H., Wrightson, G. (eds.) Automation of Reasoning. Symbolic Computation. Springer, Heidelberg (1983). https://doi.org/10.1007/978-3-642-81955-1_28

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Kiel University, Kiel, Germany

    Mitja Kulczynski, Kevin Lotz & Dirk Nowotka

  2. Department of Computer Science, Aalborg University, Aalborg, Denmark

    Danny Bøgsted Poulsen

Authors
  1. Mitja Kulczynski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin Lotz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dirk Nowotka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Danny Bøgsted Poulsen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kevin Lotz .

Editor information

Editors and Affiliations

  1. Cornell University, Ithaca, NY, USA

    Owolabi Legunsen

  2. University of Illinois Urbana-Champaign, Urbana, IL, USA

    Grigore Rosu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kulczynski, M., Lotz, K., Nowotka, D., Poulsen, D.B. (2022). Solving String Theories Involving Regular Membership Predicates Using SAT. In: Legunsen, O., Rosu, G. (eds) Model Checking Software. SPIN 2022. Lecture Notes in Computer Science, vol 13255. Springer, Cham. https://doi.org/10.1007/978-3-031-15077-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15077-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15076-0

  • Online ISBN: 978-3-031-15077-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation