The expressibility of languages and relations by word equations
Journal of the ACM (JACM)
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Introduction to the Theory of Computation
ACM SIGACT News
Applications in Constraint Logic Programming with Strings
PPCP '94 Proceedings of the Second International Workshop on Principles and Practice of Constraint Programming
Makanin's Algorithm for Word Equations - Two Improvements and a Generalization
IWWERT '90 Proceedings of the First International Workshop on Word Equations and Related Topics
Mona & Fido: The Logic-Automaton Connection in Practice
CSL '97 Selected Papers from the11th International Workshop on Computer Science Logic
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
An efficient algorithm for solving word equations
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Directed test generation using symbolic grammars
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Program analysis as constraint solving
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Test Data Generation for C Programs with String-Handling Functions
TASE '08 Proceedings of the 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Analyzing Context-Free Grammars Using an Incremental SAT Solver
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Path Feasibility Analysis for String-Manipulating Programs
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
Symbolic automata constraint solving
LPAR'10 Proceedings of the 17th international conference on Logic for programming, artificial intelligence, and reasoning
An evaluation of automata algorithms for string analysis
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
CP'06 Proceedings of the 12th international conference on Principles and Practice of Constraint Programming
SAT'04 Proceedings of the 7th international conference on Theory and Applications of Satisfiability Testing
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Hi-index | 0.00 |
Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraint-generation phase followed by a constraint-solving phase. This separation of concerns often leads to more effective and maintainable software reliability tools. The increasing efficiency of off-the-shelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive off-the-shelf solvers for string constraints generated by analysis of string-manipulating programs, so researchers end up implementing their own ad-hoc solvers. To fulfill this need, we designed and implemented Hampi, a solver for string constraints over bounded string variables. Users of Hampi specify constraints using regular expressions, context-free grammars, equality between string terms, and typical string operations such as concatenation and substring extraction. Hampi then finds a string that satisfies all the constraints or reports that the constraints are unsatisfiable. We demonstrate Hampi's expressiveness and efficiency by applying it to program analysis and automated testing. We used Hampi in static and dynamic analyses for finding SQL injection vulnerabilities in Web applications with hundreds of thousands of lines of code. We also used Hampi in the context of automated bug finding in C programs using dynamic systematic testing (also known as concolic testing). We then compared Hampi with another string solver, CFGAnalyzer, and show that Hampi is several times faster. Hampi's source code, documentation, and experimental data are available at http://people.csail.mit.edu/akiezun/hampi1