research-article

Efficient handling of string-number conversion

Authors:
Parosh Aziz Abdulla

Uppsala University, Sweden

Uppsala University, Sweden
View Profile

,
Mohamed Faouzi Atig

Uppsala University, Sweden

Uppsala University, Sweden
View Profile

,
Yu-Fang Chen

Academia Sinica, Taiwan

Academia Sinica, Taiwan
View Profile

,
Bui Phi Diep

Uppsala University, Sweden

Uppsala University, Sweden
View Profile

,
Julian Dolby

IBM Research, USA

IBM Research, USA
View Profile

,
Petr Janků

Brno University of Technology, Czechia

Brno University of Technology, Czechia
View Profile

,
Hsin-Hung Lin

Academia Sinica, Taiwan

Academia Sinica, Taiwan
View Profile

,
Lukáš Holík

Brno University of Technology, Czechia

Brno University of Technology, Czechia
View Profile

,
Wei-Cheng Wu

University of Southern California, USA

University of Southern California, USA
View Profile

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2020Pages 943–957https://doi.org/10.1145/3385412.3386034

Published:11 June 2020Publication History

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 943–957

ABSTRACT

String-number conversion is an important class of constraints needed for the symbolic execution of string-manipulating programs. In particular solving string constraints with string-number conversion is necessary for the analysis of scripting languages such as JavaScript and Python, where string-number conversion is a part of the definition of the core semantics of these languages. However, solving this type of constraint is very challenging for the state-of-the-art solvers. We propose in this paper an approach that can efficiently support both string-number conversion and other common types of string constraints. Experimental results show that it significantly outperforms other state-of-the-art tools on benchmarks that involves string-number conversion.

References

Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukás Holík, Ahmed Rezine, and Philipp Rümmer. 2017. Flatten and conquer: a framework for efficient analysis of string constraints. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017, Albert Cohen and Martin T. Vechev (Eds.). ACM, 602–617.Google ScholarDigital Library
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukás Holík, Ahmed Rezine, and Philipp Rümmer. 2018. Trau: SMT solver for string constraints. In 2018 Formal Methods in Computer Aided Design, FMCAD 2018, Austin, TX, USA, October 30 - November 2, 2018, Nikolaj Bjørner and Arie Gurfinkel (Eds.). IEEE, 1–5.Google Scholar
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, and Jari Stenman. 2014. String Constraints for Verification. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings (Lecture Notes in Computer Science), Armin Biere and Roderick Bloem (Eds.), Vol. 8559. Springer, 150–166.Google Scholar
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, and Jari Stenman. 2015. Norn: An SMT Solver for String Constraints. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part I (Lecture Notes in Computer Science), Daniel Kroening and Corina S. Pasareanu (Eds.), Vol. 9206. Springer, 462–469.Google Scholar
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bui Phi Diep, Lukás Holík, and Petr Janku. 2019.Google Scholar
Chain-Free String Constraints. In Automated Technology for Verification and Analysis - 17th International Symposium, ATVA 2019, Taipei, Taiwan, October 28-31, 2019, Proceedings (Lecture Notes in Computer Science), Yu-Fang Chen, Chih-Hong Cheng, and Javier Esparza (Eds.), Vol. 11781. Springer, 277–293.Google Scholar
Abdulbaki Aydin, William Eiers, Lucas Bang, Tegan Brennan, Miroslav Gavrilov, Tevfik Bultan, and Fang Yu. 2018.Google Scholar
Parameterized model counting for string and numeric constraints. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena Vista, FL, USA, November 04-09, 2018, Gary T. Leavens, Alessandro Garcia, and Corina S. Pasareanu (Eds.). ACM, 400–410.Google Scholar
Pablo Barceló, Diego Figueira, and Leonid Libkin. 2013. Graph Logics with Rational Relations. Logical Methods in Computer Science 9, 3 (2013).Google Scholar
Clark W. Barrett, Christopher L. Conway, Morgan Deters, Liana Hadarean, Dejan Jovanovic, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. CVC4. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings (Lecture Notes in Computer Science), Ganesh Gopalakrishnan and Shaz Qadeer (Eds.), Vol. 6806. Springer, 171–177.Google Scholar
Murphy Berzish, Vijay Ganesh, and Yunhui Zheng. 2017. Z3str3: A string solver with theory-aware heuristics. In 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, October 2-6, 2017, Daryl Stewart and Georg Weissenbacher (Eds.). IEEE, 55–59.Google ScholarDigital Library
Dmitry Blotsky, Federico Mora, Murphy Berzish, Yunhui Zheng, Ifaz Kabir, and Vijay Ganesh. 2018. StringFuzz: A Fuzzer for String Solvers. In Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part II (Lecture Notes in Computer Science), Hana Chockler and Georg Weissenbacher (Eds.), Vol. 10982.Google ScholarCross Ref
Springer, 45–51.Google Scholar
J. Richard Büchi and Steven Senger. 1988. Definability in the Existential Theory of Concatenation and Undecidable Extensions of this Theory. Math. Log. Q. 34, 4 (1988), 337–342.Google ScholarCross Ref
Taolue Chen, Yan Chen, Matthew Hague, Anthony W. Lin, and Zhilin Wu. 2018.Google Scholar
What is decidable about string constraints with the ReplaceAll function. PACMPL 2, POPL (2018), 3:1–3:29.Google Scholar
Taolue Chen, Matthew Hague, Anthony W. Lin, Philipp Rümmer, and Zhilin Wu. 2019.Google Scholar
Decision procedures for path feasibility of stringmanipulating programs with complex operations. PACMPL 3, POPL (2019), 49:1–49:30.Google Scholar
Joel D. Day, Vijay Ganesh, Paul He, Florin Manea, and Dirk Nowotka. 2018. The Satisfiability of Word Equations: Decidable and Undecidable Theories. In Reachability Problems - 12th International Conference, RP 2018, Marseille, France, September 24-26, 2018, Proceedings (Lecture Notes PLDI ’20, June 15–20, 2020, London, UK P.A. Abdulla, M.F. Atig, Y-F. Chen, B.P. Diep, P. Janků, H-H. Lin, L. Holík, and W-C. Wu in Computer Science), Igor Potapov and Pierre-Alain Reynier (Eds.), Vol. 11123. Springer, 15–29.Google Scholar
Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008.Google Scholar
Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings (Lecture Notes in Computer Science), C. R. Ramakrishnan and Jakob Rehof (Eds.), Vol. 4963. Springer, 337–340.Google Scholar
ECMA ECMAScript, European Computer Manufacturers Association, et al. 2019. Ecmascript language specification. https://www.ecmainternational.org/ecma-262/Google Scholar
Ting Gan, Mingshuai Chen, Liyun Dai, Bican Xia, and Naijun Zhan. 2015. Decidability of the Reachability for a Family of Linear Vector Fields. In Automated Technology for Verification and Analysis - 13th International Symposium, ATVA 2015, Shanghai, China, October 12-15, 2015, Proceedings (Lecture Notes in Computer Science), Bernd Finkbeiner, Geguang Pu, and Lijun Zhang (Eds.), Vol. 9364. Springer, 482–499.Google Scholar
Ting Gan, Mingshuai Chen, Yangjia Li, Bican Xia, and Naijun Zhan. 2018.Google Scholar
Reachability Analysis for Solvable Dynamical Systems. IEEE Trans. Automat. Contr. 63, 7 (2018), 2003–2018.Google Scholar
Vijay Ganesh and Murphy Berzish. 2016.Google Scholar
Undecidability of a Theory of Strings, Linear Arithmetic over Length, and String-Number Conversion. CoRR abs/1605.09442 (2016). arXiv: 1605.09442 http: //arxiv.org/abs/1605.09442Google Scholar
Vijay Ganesh, Mia Minnes, Armando Solar-Lezama, and Martin C. Rinard. 2012. Word Equations with Length Constraints: What’s Decidable?. In Hardware and Software: Verification and Testing - 8th International Haifa Verification Conference, HVC 2012, Haifa, Israel, November 6-8, 2012. Revised Selected Papers (Lecture Notes in Computer Science), Armin Biere, Amir Nahir, and Tanja E. J. Vos (Eds.), Vol. 7857. Springer, 209–226.Google Scholar
Lukás Holík, Petr Janku, Anthony W. Lin, Philipp Rümmer, and Tomás Vojnar. 2018. String constraints with concatenation and transducers solved efficiently. PACMPL 2, POPL (2018), 4:1–4:32.Google ScholarDigital Library
Scott Kausler and Elena Sherman. 2014. Evaluation of string constraint solvers in the context of symbolic execution. In ACM/IEEE International Conference on Automated Software Engineering, ASE ’14, Vasteras, Sweden - September 15 - 19, 2014, Ivica Crnkovic, Marsha Chechik, and Paul Grünbacher (Eds.). ACM, 259–270.Google ScholarDigital Library
Adam Kiezun, Vijay Ganesh, Philip J. Guo, Pieter Hooimeijer, and Michael D. Ernst. 2009.Google Scholar
HAMPI: a solver for string constraints. In Proceedings of the Eighteenth International Symposium on Software Testing and Analysis, ISSTA 2009, Chicago, IL, USA, July 19-23, 2009, Gregg Rothermel and Laura K. Dillon (Eds.). ACM, 105–116.Google Scholar
Zachary Kincaid, Jason Breck, John Cyphert, and Thomas W. Reps. 2019.Google Scholar
Closed forms for numerical loops. PACMPL 3, POPL (2019), 55:1–55:29.Google Scholar
Leetcode. 2019. LeetCode. https://leetcode.com/Google Scholar
Guodong Li and Indradeep Ghosh. 2013. PASS: String Solving with Parameterized Array and Interval Automaton. In Hardware and Software: Verification and Testing - 9th International Haifa Verification Conference, HVC 2013, Haifa, Israel, November 5-7, 2013, Proceedings (Lecture Notes in Computer Science), Valeria Bertacco and Axel Legay (Eds.), Vol. 8244.Google Scholar
Springer, 15–31.Google Scholar
Anthony Widjaja Lin and Pablo Barceló. 2016. String solving with word equations and transducers: towards a logic for analysing mutation XSS. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20 - 22, 2016, Rastislav Bodík and Rupak Majumdar (Eds.). ACM, 123–136.Google ScholarDigital Library
Gennadiy Semenovich Makanin. 1977. The problem of solvability of equations in a free semigroup. Matematicheskii Sbornik 145, 2 (1977), 147–236.Google Scholar
Yuri Matiyasevich. 2008. Computation Paradigms in Light of Hilbert’s Tenth Problem. In New Computational Paradigms: Changing Conceptions of What is Computable, S. Barry Cooper, Benedikt Löwe, and Andrea Sorbi (Eds.). Springer New York, New York, NY, 59–85.Google Scholar
Wojciech Plandowski. 1999.Google Scholar
Satisfiability of Word Equations with Constants is in PSPACE. In 40th Annual Symposium on Foundations of Computer Science, FOCS ’99, 17-18 October, 1999, New York, NY, USA. IEEE Computer Society, 495–500.Google Scholar
Wojciech Plandowski. 2006. An efficient algorithm for solving word equations. In Proceedings of the 38th Annual ACM Symposium on Theory of Computing, Seattle, WA, USA, May 21-23, 2006, Jon M. Kleinberg (Ed.). ACM, 467–476.Google ScholarDigital Library
Willard Van Orman Quine. 1946. Concatenation as a Basis for Arithmetic. J. Symb. Log. 11, 4 (1946), 105–114.Google ScholarCross Ref
Andrew Reynolds, Andres Nötzli, Clark W. Barrett, and Cesare Tinelli. 2019. High-Level Abstractions for Simplifying Extended String Constraints in SMT. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part II (Lecture Notes in Computer Science), Isil Dillig and Serdar Tasiran (Eds.), Vol. 11562. Springer, 23–42.Google Scholar
Andrew Reynolds, Maverick Woo, Clark W. Barrett, David Brumley, Tianyi Liang, and Cesare Tinelli. 2017.Google Scholar
Scaling Up DPLL(T) String Solvers Using Context-Dependent Simplification. In Computer Aided Verification - 29th International Conference, CAV 2017, Heidelberg, Germany, July 24-28, 2017, Proceedings, Part II (Lecture Notes in Computer Science), Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10427.Google Scholar
Springer, 453–474.Google Scholar
John Michael Robson and Volker Diekert. 1999. On Quadratic Word Equations. In STACS 99, 16th Annual Symposium on Theoretical Aspects of Computer Science, Trier, Germany, March 4-6, 1999, Proceedings (Lecture Notes in Computer Science), Christoph Meinel and Sophie Tison (Eds.), Vol. 1563. Springer, 217–226.Google Scholar
José Fragoso Santos, Petar Maksimovic, Théotime Grohens, Julian Dolby, and Philippa Gardner. 2018. Symbolic Execution for JavaScript. In Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming, PPDP 2018, Frankfurt am Main, Germany, September 03-05, 2018, David Sabel and Peter Thiemann (Eds.). ACM, 11:1–11:14.Google ScholarDigital Library
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, and Dawn Song. 2010. A Symbolic Execution Framework for JavaScript. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 513–528.Google ScholarDigital Library
Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. 2010. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010. The Internet Society.Google Scholar
Klaus U. Schulz. 1990.Google Scholar
Makanin’s Algorithm for Word Equations - Two Improvements and a Generalization. In Word Equations and Related Topics, First International Workshop, IWWERT ’90, Tübingen, Germany, October 1-3, 1990, Proceedings (Lecture Notes in Computer Science), Klaus U. Schulz (Ed.), Vol. 572. Springer, 85–150.Google Scholar
Helmut Seidl, Thomas Schwentick, and Anca Muscholl. 2008. Counting in trees. In Logic and Automata: History and Perspectives [in Honor of Wolfgang Thomas] (Texts in Logic and Games), Jörg Flum, Erich Grädel, and Thomas Wilke (Eds.), Vol. 2. Amsterdam University Press, 575– 612.Google Scholar
Minh-Thai Trinh, Duc-Hiep Chu, and Joxan Jaffar. [n.d.]. S3: A Symbolic String Solver for Vulnerability Detection in Web Applications. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM, 1232–1243.Google ScholarDigital Library
Efficient Handling of String-Number Conversion PLDI ’20, June 15–20, 2020, London, UKGoogle Scholar
Minh-Thai Trinh, Duc-Hiep Chu, and Joxan Jaffar. 2016. Progressive Reasoning over Recursively-Defined Strings. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part I (Lecture Notes in Computer Science), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9779. Springer, 218–240.Google Scholar
Hung-En Wang, Tzung-Lin Tsai, Chun-Han Lin, Fang Yu, and Jie-Hong R. Jiang. 2016. String Analysis via Automata Manipulation with Logic Circuit Representation. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part I (Lecture Notes in Computer Science), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9779. Springer, 241–260.Google Scholar
Fang Yu, Muath Alkhalaf, and Tevfik Bultan. 2010.Google Scholar
Stranger: An Automata-Based String Analysis Tool for PHP. In Tools and Algorithms for the Construction and Analysis of Systems, 16th International Conference, TACAS 2010, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2010, Paphos, Cyprus, March 20-28, 2010. Proceedings (Lecture Notes in Computer Science), Javier Esparza and Rupak Majumdar (Eds.), Vol. 6015. Springer, 154–157.Google Scholar
Fang Yu, Ching-Yuan Shueh, Chun-Han Lin, Yu-Fang Chen, Bow-Yaw Wang, and Tevfik Bultan. 2016. Optimal sanitization synthesis for web application vulnerability repair. In Proceedings of the 25th International Symposium on Software Testing and Analysis, ISSTA 2016, Saarbrücken, Germany, July 18-20, 2016, Andreas Zeller and Abhik Roychoudhury (Eds.). ACM, 189–200.Google ScholarDigital Library
Yunhui Zheng, Vijay Ganesh, Sanu Subramanian, Omer Tripp, Murphy Berzish, Julian Dolby, and Xiangyu Zhang. 2017. Z3str2: an efficient solver for strings, regular expressions, and length constraints. Formal Methods Syst. Des. 50, 2-3 (2017), 249–288.Google ScholarDigital Library

Index Terms

Efficient handling of string-number conversion
1. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods

Recommendations

Efficient Type Checking for a Subclass of Regular Expression Types
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists

Type checking is an important problem in statically typed XML processing languages. Most type systems are implemented based on tree automata for the tree structure of XML documents and schemas. It is known that the complexity of inclusion problem for ...
Read More
Efficient string-based XML stream prefiltering
ADC '12: Proceedings of the Twenty-Third Australasian Database Conference - Volume 124

Whenever huge XML documents have to be evaluated according to a given XPath or XQuery query, parsing the whole document in form of e. g. SAX events is the baseline that is common to all evaluators. But typically only few parts of the document are really ...
Read More
The membership problem for regular expressions with unordered concatenation and numerical constraints
LATA'12: Proceedings of the 6th international conference on Language and Automata Theory and Applications

We study the membership problem for regular expressions extended with operators for unordered concatenation and numerical constraints. The unordered concatenation of a set of regular expressions denotes all sequences consisting of exactly one word ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2020
1174 pages
ISBN:9781450376136
DOI:10.1145/3385412
General Chair:
Alastair F. Donaldson
Imperial College London, UK
,
Program Chair:
Emina Torlak
University of Washington, USA
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 June 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Evaluated & Reusable / v1.1
- Artifacts Evaluated & Functional / v1.1
Author Tags
Automata
Formal Verification
String Solver
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 18
  Total Citations
  View Citations
- 414
  Total Downloads
- Downloads (Last 12 months)46
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Efficient handling of string-number conversion

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Efficient Type Checking for a Subclass of Regular Expression Types

Efficient string-based XML stream prefiltering

The membership problem for regular expressions with unordered concatenation and numerical constraints