The expressibility of languages and relations by word equations
Journal of the ACM (JACM)
Makanin's Algorithm for Word Equations - Two Improvements and a Generalization
IWWERT '90 Proceedings of the First International Workshop on Word Equations and Related Topics
Word Equations with Two Variables
IWWERT '91 Proceedings of the Second International Workshop on Word Equations and Related Topics
Satisfiability of Word Equations with Constants is in PSPACE
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
An efficient algorithm for solving word equations
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Introduction to Automata Theory, Languages, and Computation
Introduction to Automata Theory, Languages, and Computation
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
STACS'99 Proceedings of the 16th annual conference on Theoretical aspects of computer science
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
On Word Equations in One Variable
Algorithmica
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
| Hi-index | 0.00 |
We prove several decidability and undecidability results for the satisfiability and validity problems for languages that can express solutions to word equations with length constraints. The atomic formulas over this language are equality over string terms (word equations), linear inequality over the length function (length constraints), and membership in regular sets. These questions are important in logic, program analysis, and formal verification. Variants of these questions have been studied for many decades by mathematicians. More recently, practical satisfiability procedures (aka SMT solvers) for these formulas have become increasingly important in the context of security analysis for string-manipulating programs such as web applications. We prove three main theorems. First, we give a new proof of undecidability for the validity problem for the set of sentences written as a ∀∃ quantifier alternation applied to positive word equations. A corollary of this undecidability result is that this set is undecidable even with sentences with at most two occurrences of a string variable. Second, we consider Boolean combinations of quantifier-free formulas constructed out of word equations and length constraints. We show that if word equations can be converted to a solved form, a form relevant in practice, then the satisfiability problem for Boolean combinations of word equations and length constraints is decidable. Third, we show that the satisfiability problem for quantifier-free formulas over word equations in regular solved form, length constraints, and the membership predicate over regular expressions is also decidable.