Skip to main content
SpringerLink
Log in

A decision procedure for string constraints with string/integer conversion and flat regular constraints

  • Original Article
  • Published:
Acta Informatica Aims and scope Submit manuscript

Abstract

String constraint solving is the core of various testing and verification approaches for scripting languages. Among algorithms for solving string constraints, flattening is a well-known approach that is particularly useful in handling satisfiable instances. As string/integer conversion is an important function appearing in almost all scripting languages, Abdulla et al. extended the flattening approach to this function recently. However, their approach supports only a special flattening pattern and leaves the support of the general flat regular constraints as an open problem. In this paper, we fill the gap by proposing a complete flattening approach for the string/integer conversion. The approach is built upon a new quantifier elimination procedure for the linear-exponential arithmetic (namely, the extension of Presburger arithmetic with exponential functions, denoted by ExpPA) improved from the one proposed by Cherlin and Point in 1986. We analyze the complexity of our quantifier elimination procedure and show that the decision problem for existential ExpPA formulas is in 3-EXPTIME. Up to our knowledge, this is the first elementary complexity upper bound for this problem. While the quantifier elimination procedure is too expensive to be implemented efficiently, we propose various optimizations and provide a prototypical implementation. We evaluate the performance of our implementation on the benchmarks that are generated from the string hash functions as well as randomly. The experimental results show that our implementation outperforms the state-of-the-art solvers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Algorithm 1
Algorithm 2

Similar content being viewed by others

Notes

  1. We did implement Algorithm 1 and discovered that the implementation could only solve formulas of very small size.

  2. The benchmarks are available at https://github.com/EcstasyH/EXP-solver.

  3. We omit CVC5 results in the following because they are similar to CVC4 results. One can find more details through the link we have given above.

  4. https://github.com/guluchen/z3/tree/new_trau.

  5. In satisfiable instances, the assignments given by the tools can be verified using large number calculations (supported by Wolfram Mathematica). We found that, due to some unknown reasons, Trau may return wrong answers in the STRINGHASH benchmark suite.

  6. These three instances can actually be solved in 70 s.

References

  1. Abdulla, P.A., Atig, M.F., Chen, Y., Diep, B.P., Dolby, J., Janku, P., Lin, H., Holík, L., Wu, W.: Efficient handling of string-number conversion. In: Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI’20, pp. 943–957. ACM, New York, NY, US (2020). https://doi.org/10.1145/3385412.3386034

  2. Abdulla, P.A., Atig, M.F., Chen, Y., Diep, B.P., Holík, L., Rezine, A., Rümmer, P.: Flatten and conquer: a framework for efficient analysis of string constraints. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI’17, pp. 602–617. ACM, New York, NY, US (2017). https://doi.org/10.1145/3062341.3062384

  3. Abdulla, P.A., Atig, M.F., Chen, Y., Diep, B.P., Holík, L., Rezine, A., Rümmer, P.: Trau: SMT solver for string constraints. In: Bjørner, N.S., Gurfinkel, A. (eds.) Formal Methods in Computer Aided Design, FMCAD’18, pp. 1–5. IEEE, Washington, DC (2018). https://doi.org/10.23919/FMCAD.2018.8602997

  4. Abdulla, P.A., Atig, M.F., Chen, Y., Holík, L., Rezine, A., Rümmer, P., Stenman, J.: Norn: An SMT solver for string constraints. In: Computer Aided Verification - 27th International Conference, CAV’15. Lecture Notes in Computer Science, vol. 9206, pp. 462–469. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_29

  5. Aydin, A., Eiers, W., Bang, L., Brennan, T., Gavrilov, M., Bultan, T., Yu, F.: Parameterized model counting for string and numeric constraints. In: Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE’18, pp. 400–410. ACM, New York, NY, USA (2018). https://doi.org/10.1145/3236024.3236064

  6. Barrett, C.W., Conway, C.L., Deters, M., Hadarean, L., Jovanovic, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Computer Aided Verification - 23rd International Conference, CAV’11. Lecture Notes in Computer Science, vol. 6806, pp. 171–177. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-22110-1_14

  7. Chen, T., Chen, Y., Hague, M., Lin, A.W., Wu, Z.: What is decidable about string constraints with the replace all function. In: Proceedings of the ACM on Programming Languages 2(POPL), 3–1329 (2018) https://doi.org/10.1145/3158091

  8. Cherlin, G., Point, F.: On extensions of presburger arithmetic. In: Proceedings of the Fourth Easter Conference on Model Theory, Gross Koris, pp. 17–34 (1986). https://webusers.imj-prg.fr/%7efrancoise.point/papiers/cherlin_point86.pdf

  9. Cooper, D.C.: Theorem proving in arithmetic without multiplication. Mach. Intell. 7, 91–100 (1972)

    Google Scholar 

  10. Day, J.D., Ganesh, V., He, P., Manea, F., Nowotka, D.: The satisfiability of word equations: Decidable and undecidable theories. In: Reachability Problems - 12th International Conference, RP’18. Lecture Notes in Computer Science, vol. 11123, pp. 15–29. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00250-3_2

  11. ECMAScript, E., Association, E.C.M., et al.: ECMAScript language specification (2019). https://www.ecma-international.org/ecma-262/

  12. Haase, C.: Subclasses of presburger arithmetic and the weak EXP hierarchy. In: Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), CSL-LICS ’14, Vienna, Austria, July 14–18, 2014, pp. 47–14710. ACM, New York, NY, US (2014). https://doi.org/10.1145/2603088.2603092

  13. Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 6th edn. Clarendon Press, Oxford (2008)

    Book  Google Scholar 

  14. Holík, L., Janku, P., Lin, A.W., Rümmer, P., Vojnar, T.: String constraints with concatenation and transducers solved efficiently. In: Proceedings of the ACM on Programming Languages 2(POPL), 4–1432 (2018) https://doi.org/10.1145/3158092

  15. Kiezun, A., Ganesh, V., Artzi, S., Guo, P.J., Hooimeijer, P., Ernst, M.D.: HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars. ACM Trans. Softw. Eng. Methodol. 21(4), 25–12528 (2012). https://doi.org/10.1145/2377656.2377662

    Article  Google Scholar 

  16. Li, G., Ghosh, I.: PASS: string solving with parameterized array and interval automaton. In: Hardware and Software: Verification and Testing - 9th International Haifa Verification Conference, HVC’13. Lecture Notes in Computer Science, vol. 8244, pp. 15–31. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03077-7_2

  17. Makanin, G.S.: The problem of solvability of equations in a free semigroup. Matematicheskii Sbornik 145(2), 147–236 (1977)

    MathSciNet  Google Scholar 

  18. Moura, L.M., Bjørner, N.S.: Z3: an efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS’08. Lecture Notes in Computer Science, vol. 4963, pp. 337–340. Springer, Berlin, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

  19. Oppen, D.C.: Elementary bounds for presburger arithmetic. In: Proceedings of the 5th Annual ACM Symposium on Theory of Computing, STOC’73, pp. 34–37. ACM, New York, NY, US (1973). https://doi.org/10.1145/800125.804033

  20. Plandowski, W.: Satisfiability of word equations with constants is in PSPACE. In: 40th Annual Symposium on Foundations of Computer Science, FOCS’99, pp. 495–500. IEEE Computer Society, Washington, DC (1999). https://doi.org/10.1109/SFFCS.1999.814622

  21. Point, F.: On the expansion (\(\mathbb{N}\), \(+\), \(2^x\)) of Presburger arithmetic. (2007). Unpublished. https://webusers.imj-prg.fr/%7francoise.point/papiers/Pres.pdf

  22. Saxena, P., Akhawe, D., Hanna, S., Mao, F., McCamant, S., Song, D.: A symbolic execution framework for javascript. In: 31st IEEE Symposium on Security and Privacy, S &P’10, pp. 513–528. IEEE Computer Society, Washington, DC (2010). https://doi.org/10.1109/SP.2010.38

  23. Semënov, A.L.: Logical theories of one-place functions on the set of natural numbers. Math. USSR-Izvestiya 22(3), 587–618 (1984). https://doi.org/10.1070/IM1984v022n03ABEH001456

    Article  ADS  Google Scholar 

  24. Trinh, M., Chu, D., Jaffar, J.: S3: A symbolic string solver for vulnerability detection in web applications. In: Ahn, G., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1232–1243. ACM, New York, NY, US (2014). https://doi.org/10.1145/2660267.2660372

  25. Yu, F., Alkhalaf, M., Bultan, T.: Stranger: An automata-based string analysis tool for PHP. In: Tools and Algorithms for the Construction and Analysis of Systems, 16th International Conference, TACAS’10. Lecture Notes in Computer Science, vol. 6015, pp. 154–157. Springer, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12002-2_13

  26. Zheng, Y., Zhang, X., Ganesh, V.: Z3-str: a z3-based string solver for web application analysis. In: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE’13, pp. 114–124. ACM, New York, NY, USA (2013). https://doi.org/10.1145/2491411.2491456

Download references

Acknowledgements

First of all, we thank the anonymous reviewers for their constructive comments that improve this paper very much. The first, fourth and fifth authors are partly funded by the National Key R &D Program of China under grants No. 2022YFA1005101 and 2022YFA1005102, the first and fifth authors are also funded partly by the NSFC under grant No. 62192732, by the CAS Project for Young Scientists in Basic Research under grant No. YSBR-040.

Author information

Authors and Affiliations

  1. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Hao Wu, Zhilin Wu & Naijun Zhan

  2. University of Chinese Academy of Sciences, Beijing, China

    Hao Wu, Zhilin Wu & Naijun Zhan

  3. Institute of Information Science, Academia Sinica, Taipei, Taiwan, ROC

    Yu-Fang Chen

  4. School of Mathematical Sciences, Peking University, Beijing, China

    Bican Xia

Authors
  1. Hao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu-Fang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhilin Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bican Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Naijun Zhan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Naijun Zhan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, H., Chen, YF., Wu, Z. et al. A decision procedure for string constraints with string/integer conversion and flat regular constraints. Acta Informatica 61, 23–52 (2024). https://doi.org/10.1007/s00236-023-00446-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00236-023-00446-4

Search

Navigation