Precise Analysis of String Expressions

Christensen, Anne‐Sofie; Möller, Anders; Schwartzbach, Michael I.

doi:10.7146/brics.v10i5.21776

Cited by 105 publications

(202 citation statements)

References 7 publications

Supporting

Mentioning

202

Contrasting

Order By: Relevance

“…For the concatenation of two strings, we rely on the concatList function that concatenates two lists of bricks, and then we normalise its result. readLine returns the top value, while substring e b returns the substring iff the first brick of the list has index [1,1] and the length of all the strings contained in it is greater than e. Notice that T ′ = {t.substring(b, e)∀t ∈ T}.…”

Section: Bricksmentioning

confidence: 99%

“…When a constant string is evaluated, the semantics returns a single brick containing exactly that string with [1,1] as index. For the concatenation of two strings, we rely on the concatList function that concatenates two lists of bricks, and then we normalise its result.…”

Section: Bricksmentioning

confidence: 99%

“…The abstraction function is defined by: α ′ BR (s) = [{s}] (1,1) and Table 5 defines the abstract semantics on BR. When a constant string is evaluated, the semantics returns a single brick containing exactly that string with [1,1] as index.…”

Section: Bricksmentioning

confidence: 99%

See 2 more Smart Citations

Static Analysis of String Values

Costantini

Ferrara

Cortesi

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Section: Bricksmentioning

confidence: 99%

Section: Bricksmentioning

confidence: 99%

See 1 more Smart Citation

Static Analysis of String Values

Costantini

Ferrara

Cortesi

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Due to its importance in security, string analysis has been widely studied. One influential approach has been grammar-based string analysis that statically computes an over-approximation of the values of string expressions in Java programs [6] which has also been used to check for various types of errors in Web applications [8,9,12]. In [9,12], multi-track DFAs, known as transducers, are used to model replacement operations.…”

Section: Introductionmentioning

confidence: 99%

Relational String Verification Using Multi-track Automata

Bultan

Ibarra

2011

Implementation and Application of Automata

View full text Add to dashboard Cite

Abstract. Verification of string manipulation operations is a crucial problem in computer security. In this paper, we present a new relational string verification technique based on multi-track automata. Our approach is capable of verifying properties that depend on relations among string variables. This enables us to prove that vulnerabilities that result from improper string manipulation do not exist in a given program. Our main contributions in this paper can be summarized as follows: (1) We formally characterize the string verification problem as the reachability analysis of string systems and show decidability/undecidability results for several string analysis problems. (2) We develop a sound symbolic analysis technique for string verification that over-approximates the reachable states of a given string system using multi-track automata and summarization. (3) We evaluate the presented techniques with respect to several string analysis benchmarks extracted from real web applications.

show abstract

“…Recently, a number of techniques producing string constraints have been suggested for automatic testing [8,1] and program verification [16]. String-constraint solvers are used in many testing and analysis tools [5,2,6,15,23].…”

Section: Introductionmentioning

confidence: 99%

On Unfolding for Programs Using Strings as a Data Type

Nemytykh¹

EPiC Series in Computing

View full text Add to dashboard Cite

As a rule, program transformation methods based on operational semantics unfold a semantic tree of a given program. Sometimes that allows ones to optimize the program or to automatically prove its certain properties. Unfolding is one of the basic operations, which is a meta-extension of one step of the abstract machine executing the program. This paper is interested in unfolding for programs based on pattern matching and manipulating the strings. The corresponding computation model originates with Markov's normal algorithms and extends this theoretical base. Even though algorithms unfolding programs were being intensively studied for a long time in the context of variety of programming languages, as far as we know, the associative concatenation was stood at the wayside of the stream. We define a class of term rewriting systems manipulating with strings and describe an algorithm unfolding the programs from the class. The programming language defined by this class is Turing-complete. The pattern language of the program class in turn fixes a class of word equations. Given an equation from the class, one of the algorithms suggested in this paper results in a description of the corresponding solution set.

show abstract

Precise Analysis of String Expressions

Cited by 105 publications

References 7 publications

Static Analysis of String Values

Static Analysis of String Values

Relational String Verification Using Multi-track Automata

On Unfolding for Programs Using Strings as a Data Type

Contact Info

Product

Resources

About