CertiStr: A Certified String Solver (technical report)

by   Shuanglong Kan, et al.

Theories over strings are among the most heavily researched logical theories in the SMT community in the past decade, owing to the error-prone nature of string manipulations, which often leads to security vulnerabilities (e.g. cross-site scripting and code injection). The majority of the existing decision procedures and solvers for these theories are themselves intricate; they are complicated algorithmically, and also have to deal with a very rich vocabulary of operations. This has led to a plethora of bugs in implementation, which have for instance been discovered through fuzzing. In this paper, we present CertiStr, a certified implementation of a string constraint solver for the theory of strings with concatenation and regular constraints. CertiStr aims to solve string constraints using a forward-propagation algorithm based on symbolic representations of regular constraints as symbolic automata, which returns three results: sat, unsat, and unknown, and is guaranteed to terminate for the string constraints whose concatenation dependencies are acyclic. The implementation has been developed and proven correct in Isabelle/HOL, through which an effective solver in OCaml was generated. We demonstrate the effectiveness and efficiency of CertiStr against the standard Kaluza benchmark, in which 80.4 these 80.4 unsat) within 60s.



There are no comments yet.


page 1

page 2

page 3

page 4


String Constraints with Concatenation and Transducers Solved Efficiently (Technical Report)

String analysis is the problem of reasoning about how strings are manipu...

Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations

The design and implementation of decision procedures for checking path f...

What Is Decidable about String Constraints with the ReplaceAll Function

Recently, it was shown that any theory of strings containing the string-...

Solving String Constraints With Regex-Dependent Functions Through Transducers With Priorities And Variables

Regular expressions are a classical concept in formal language theory. R...

A Decision Procedure for Path Feasibility of String Manipulating Programs with Integer Data Type

Strings are widely used in programs, especially in web applications. Int...

String Diagram Rewrite Theory III: Confluence with and without Frobenius

In this paper we address the problem of proving confluence for string di...

Deciding and Interpolating Algebraic Data Types by Reduction (Technical Report)

Recursive algebraic data types (term algebras, ADTs) are one of the most...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.