smt strings security
play

SMT, Strings, Security Philipp Rmmer Uppsala University SAT/SMT/AR, - PowerPoint PPT Presentation

Apr 02, 2024 •228 likes •1.72k views

SMT, Strings, Security Philipp Rmmer Uppsala University SAT/SMT/AR, July 6 th , 2018 1 Plan String constraints by example A word equation primer Decidable fragments of string constraints 2 Strings in Verifcation 3 String in

  1. Soundness argument  Label equations in the proof with:  if equation is unsat  if equation is sat, has variable occurrences, and is length of for the Decreasing labels shortest solution → Branch cannot  Order pairs lexicographically be closed! Lemma In each application of the Nielsen rule, if the parent is labelled with , then at least one child has label . 60

  2. Combinations ... Quadratii Equations 61

  3. Combinations ... Regex Constraints Quadratii Equations 62

  4. Combinations ... Regex Constraints ✓ Quadratii Equations 63

  5. Combinations ... Regex Constraints Length ✓ Constraints Quadratii Equations 64

  6. Combinations ... Regex Constraints Length ✓ Constraints ? Quadratii Equations 65

  7. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Equations 66

  8. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations 67

  9. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 68

  10. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 69

  11. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 70

  12. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 71

  13. The Norn fragment 1. Boolean structure 2. Acyclic (linear) word equations 3. Regex memberships 4. Length constraints Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 72

  14. The Norn fragment 1. Boolean structure 2. Acyclic (linear) word equations 3. Regex memberships 4. Length constraints (a decidable fragment) Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 73

  15. The Norn fragment 1. Boolean structure Order in which 2. Acyclic (linear) word equations procedure handles 3. Regex memberships operators 4. Length constraints (a decidable fragment) Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 74

  16. Examples 75

  17. 1. Boolean struiture  Use standard DPLL/CDCL → Easy  Just consider conjunctions of literals  But we need to handle negation!  Negated word equations  Negated regex constraints  Negated length constraints 76

  18. 1. Boolean struiture  Use standard DPLL/CDCL → Easy  Just consider conjunctions of literals  But we need to handle negation!  Negated word equations ? ✓  Negated regex constraints ✓  Negated length constraints 77

  19. 1b. Negative word eqs. Can be reduced to positive equations: Lemma 78

  20. 1b. Negative word eqs. Can be reduced to positive equations: Lemma Large alphabets → a, b need to be handled symbolically in practice 79

  21. 1b. Negative word eqs. Can be reduced to positive equations: Lemma Theorem Any Boolean combination of word equations can be reduced to a single word equation with the same set of solutions (when projected to the 80 original set of variables).

  22. 2. Aiyilii word equations  Reduce to solved form by systematic application of Nielsen’s transformation: ( do not occur in )  After that, eliminate equations by inlining! 81

  23. 3. Regular expressions  Membership tests with ioniatenation can be split:  Tests with same left-hand side can be merged: 82

  24. 3. Regular expressions  Membership tests with ioniatenation can be split: Disjunction over  Tests with same left-hand side can be states of automaton merged: representing 83

  25. 4. Length ionstraints  Compute the length abstraition of each regex constraint:  Conjoin length abstractions with other length constraints and check satisfability 84

  26. 4. Length ionstraints  Compute the length abstraition of each regex constraint:  Conjoin length abstractions with other length constraints and check satisfability A Presburger formula that can be extracted in linear time from 85

  27. 5. Optimisations ...  E.g., exploit length information when splitting equations or regexes (still too slow ...) 86

  28. Adding Transducers . 87

  29. 3. Regular expressions  Membership tests with ioniatenation can be split:  Tests with same left-hand side can be merged: 88

  30. 3. Regular expressions  Membership tests with ioniatenation can be split: Does not work any more with transducers!  Tests with same left-hand side can be merged: 89

  31. The Sloth fragments 1. Boolean structure (no negation) 2. Straight-line word equations 3. n -track transducer constraints Lukás Holík, Petr Janku, Anthony W. Lin, Philipp Rümmer, Tomás Vojnar: String constraints with concatenation and transducers solved efciently. PACMPL 2(POPL): 4:1-4:32 90 (2018)

  32. The Sloth fragments 1. Boolean structure (no negation) 2. Straight-line word equations 3. n -track transducer constraints → also decidable! Lukás Holík, Petr Janku, Anthony W. Lin, Philipp Rümmer, Tomás Vojnar: String constraints with concatenation and transducers solved efciently. PACMPL 2(POPL): 4:1-4:32 91 (2018)

  33. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 92

  34. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 93

  35. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 94

  36. HTML Esiaping 95

  37. Undeiidability Proposition/Folklore String constraints with rational relations are undeiidable .  Post correspondence problem: Given word pairs is there an index sequence with 96

  38. Undeiidability Proposition/Folklore String constraints with rational relations are undeiidable .  Post correspondence problem: Given word pairs e l b a d i i e d n U is there an index sequence with 97

  39. Fragments: aiyilii formulas  Positive Boolean comb. of rational relations applied to distinct variables  In every , and share at most one variable  PSPACE-complete [Barcelo, Figuiera, and Libkin’13] 98

  40. Straight-line fragment SL  Conjunction of equations sorted by dependency:  All pairwise distinct  Each may only occur in  Each is concatenation, or (interpreted as )  Regex constraints 99

  41. SL example JavaSiript embedded in a web-page var x = goog.string.htmlEscape(cat); var y = goog.string.escapeString(x); catElem.innerHTML = '<button onclick="createCatList(\'' + y + '\')">' + x + '</button>'; 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array with base type char End of string marked with null, \0 Older method inherited from C C++ strings Objects of string class 2

469 views • 18 slides
Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other string methods. 1 Strings and Testing for Equality The == operator is also not appropriate for determining if two objects , such as strings, have

380 views • 13 slides
Python:Strings Strings

Python:Strings Strings

Python:Strings Strings Source:https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-0001-introduction-to-computer-science-and- programming-in-python-fall-2016/lecture-slides-code/ Strings String is a sequence of

293 views • 13 slides
Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Starting chapter 3 Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and related ideas l Strings are basically sequences of characters l A string literal is enclosed in quotes ( '' or in Python):

292 views • 12 slides
ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

Systems Architecture ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of characters ASCII 7-bit (American) character codes ( char ) One byte per character Unicode International character

901 views • 61 slides
Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd

Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd

2/25/20 CS 224 Introduction to Python Spring 2020 Class #14: Strings Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd These dont change the string abc s = s[:-1] + d they

444 views • 19 slides
s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are

s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are

Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are one of Pythons primary Strings data types Strings can be used

242 views • 10 slides
Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111.

Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111.

Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111. Now do it while only flipping one bit at a time! Today: Finish graphs and talk about numbers. Forests A forest is an acyclic graph. Each connected

534 views • 26 slides
Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s =

Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s =

Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s = [ 'a' 'b' 'c' ] All operations that apply to vectors and Selim Aksoy arrays can be used together with Bilkent University strings as well

39 views • 3 slides
Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string,

Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string,

Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string, regular C++ strings from the string class will be referred to as String). C-Strings Made up of character arrays that stores strings of

690 views • 3 slides
Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings

Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings

Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings e.g., = {0,1}, = { , , , } , = set of ascii characters alphabet = finite set of symbols string = finite

371 views • 36 slides
Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis

Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis

Departement Informatik Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis Komm Autumn 2020 October 15, 2020 Strings Strings Operators Addition Strings are lists of characters (there

268 views • 13 slides
C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages,

C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages,

C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages, strings are just consecutive memory locations that contain characters. A special null character (ASCII code 0) terminates the string.

813 views • 17 slides
STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors

STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors

STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors They both look like character vectors, but: Strings are just strings Factors have an underlying numeric structure with character labels sitting

241 views • 8 slides
Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2

Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2

Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2 3 4 5 6 G A T T A C A s Each of these are characters Why are strings important? Sequences are strings ..catgaaggaa ccacagccca

712 views • 17 slides
HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago. Strings are subtypes of the sequence data type. Strings are written with either single or double quotes encasing a sequence of characters. s1 =

470 views • 25 slides
Continuations and Transducer Composition Olin Shivers Matthew Might Georgia Tech PLDI 2006 The

Continuations and Transducer Composition Olin Shivers Matthew Might Georgia Tech PLDI 2006 The

Continuations and Transducer Composition Olin Shivers Matthew Might Georgia Tech PLDI 2006 The Big Idea Observation Some programs easier to write with transducer abstraction. Goal Design features and compilation story to support this

1.24k views • 96 slides
Morphology parsing Informatics 2A: Lecture 7 John Longley School of Informatics University of

Morphology parsing Informatics 2A: Lecture 7 John Longley School of Informatics University of

Morphology parsing: the problem Finite-state transducers FSTs for morphology parsing and generation Morphology parsing Informatics 2A: Lecture 7 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 4 October, 2011 1

754 views • 16 slides
Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in

Finite State Machines: Finite State Transducers; Specifying Control Logic Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Transducers A finite state

117 views • 9 slides
Turing Machine as Transducer Transducer -- any device that converts Turing Machines a signal

Turing Machine as Transducer Transducer -- any device that converts Turing Machines a signal

Turing Machine as Transducer Transducer -- any device that converts Turing Machines a signal from one form to another Turning machine Computation and programming Converts input to output Start with string on the tape After

337 views • 7 slides
Neural Grammatical Error Correction with Finite State Transducers Felix Stahlberg, Christopher

Neural Grammatical Error Correction with Finite State Transducers Felix Stahlberg, Christopher

Neural Grammatical Error Correction with Finite State Transducers Felix Stahlberg, Christopher Bryant, and Bill Byrne Department of Engineering Neural Grammatical Error Correction with Finite State Transducers Felix Stahlberg, Christopher

676 views • 24 slides
Very efficient learning of structured classes of subsequential functions from positive data Adam

Very efficient learning of structured classes of subsequential functions from positive data Adam

Very efficient learning of structured classes of subsequential functions from positive data Adam Jardine (Delaware) Jane Chandlee (Delaware) R emi Eyraud (Marseilles) Jeffrey Heinz (Delaware) The 12th International Conference of

828 views • 38 slides
Embedded Systems A/D conversion - the conversion from analog signal (0-5V) into a fixed

Embedded Systems A/D conversion - the conversion from analog signal (0-5V) into a fixed

Sensing vs. Perception transducers - devices that convert some physical phenomenon into electrical signals Embedded Systems A/D conversion - the conversion from analog signal (0-5V) into a fixed precision (typically 8-12 bits) digital

258 views • 3 slides
Finite-State Transducers in Language and Speech Processing : 05/20/2003 1. M.

Finite-State Transducers in Language and Speech Processing : 05/20/2003 1. M.

Finite-State Transducers in Language and Speech Processing : 05/20/2003 1. M. Mohri, On some applications of Finite-state automata theory to natural language processing, J. Nature Language Eng. 2 (1996). 2. M. Mohri,

656 views • 47 slides

More recommend