smt strings security
play

SMT, Strings, Security Philipp Rmmer Uppsala University SAT/SMT/AR, - PowerPoint PPT Presentation

Apr 02, 2024 •228 likes •1.72k views

SMT, Strings, Security Philipp Rmmer Uppsala University SAT/SMT/AR, July 6 th , 2018 1 Plan String constraints by example A word equation primer Decidable fragments of string constraints 2 Strings in Verifcation 3 String in

  1. Soundness argument  Label equations in the proof with:  if equation is unsat  if equation is sat, has variable occurrences, and is length of for the Decreasing labels shortest solution → Branch cannot  Order pairs lexicographically be closed! Lemma In each application of the Nielsen rule, if the parent is labelled with , then at least one child has label . 60

  2. Combinations ... Quadratii Equations 61

  3. Combinations ... Regex Constraints Quadratii Equations 62

  4. Combinations ... Regex Constraints ✓ Quadratii Equations 63

  5. Combinations ... Regex Constraints Length ✓ Constraints Quadratii Equations 64

  6. Combinations ... Regex Constraints Length ✓ Constraints ? Quadratii Equations 65

  7. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Equations 66

  8. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations 67

  9. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 68

  10. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 69

  11. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 70

  12. Combinations ... Regex Constraints Length ✓ ? Constraints ? Quadratii Transduition Equations Undeiidable 71

  13. The Norn fragment 1. Boolean structure 2. Acyclic (linear) word equations 3. Regex memberships 4. Length constraints Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 72

  14. The Norn fragment 1. Boolean structure 2. Acyclic (linear) word equations 3. Regex memberships 4. Length constraints (a decidable fragment) Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 73

  15. The Norn fragment 1. Boolean structure Order in which 2. Acyclic (linear) word equations procedure handles 3. Regex memberships operators 4. Length constraints (a decidable fragment) Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Lukás Holík, Ahmed Rezine, Philipp Rümmer, Jari Stenman: String Constraints for Verifcation. CAV 2014 74

  16. Examples 75

  17. 1. Boolean struiture  Use standard DPLL/CDCL → Easy  Just consider conjunctions of literals  But we need to handle negation!  Negated word equations  Negated regex constraints  Negated length constraints 76

  18. 1. Boolean struiture  Use standard DPLL/CDCL → Easy  Just consider conjunctions of literals  But we need to handle negation!  Negated word equations ? ✓  Negated regex constraints ✓  Negated length constraints 77

  19. 1b. Negative word eqs. Can be reduced to positive equations: Lemma 78

  20. 1b. Negative word eqs. Can be reduced to positive equations: Lemma Large alphabets → a, b need to be handled symbolically in practice 79

  21. 1b. Negative word eqs. Can be reduced to positive equations: Lemma Theorem Any Boolean combination of word equations can be reduced to a single word equation with the same set of solutions (when projected to the 80 original set of variables).

  22. 2. Aiyilii word equations  Reduce to solved form by systematic application of Nielsen’s transformation: ( do not occur in )  After that, eliminate equations by inlining! 81

  23. 3. Regular expressions  Membership tests with ioniatenation can be split:  Tests with same left-hand side can be merged: 82

  24. 3. Regular expressions  Membership tests with ioniatenation can be split: Disjunction over  Tests with same left-hand side can be states of automaton merged: representing 83

  25. 4. Length ionstraints  Compute the length abstraition of each regex constraint:  Conjoin length abstractions with other length constraints and check satisfability 84

  26. 4. Length ionstraints  Compute the length abstraition of each regex constraint:  Conjoin length abstractions with other length constraints and check satisfability A Presburger formula that can be extracted in linear time from 85

  27. 5. Optimisations ...  E.g., exploit length information when splitting equations or regexes (still too slow ...) 86

  28. Adding Transducers . 87

  29. 3. Regular expressions  Membership tests with ioniatenation can be split:  Tests with same left-hand side can be merged: 88

  30. 3. Regular expressions  Membership tests with ioniatenation can be split: Does not work any more with transducers!  Tests with same left-hand side can be merged: 89

  31. The Sloth fragments 1. Boolean structure (no negation) 2. Straight-line word equations 3. n -track transducer constraints Lukás Holík, Petr Janku, Anthony W. Lin, Philipp Rümmer, Tomás Vojnar: String constraints with concatenation and transducers solved efciently. PACMPL 2(POPL): 4:1-4:32 90 (2018)

  32. The Sloth fragments 1. Boolean structure (no negation) 2. Straight-line word equations 3. n -track transducer constraints → also decidable! Lukás Holík, Petr Janku, Anthony W. Lin, Philipp Rümmer, Tomás Vojnar: String constraints with concatenation and transducers solved efciently. PACMPL 2(POPL): 4:1-4:32 91 (2018)

  33. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 92

  34. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 93

  35. Transduiers Defnition An n -traik transduier is a fnite-state automaton over the alphabet An n -track transducer defnes an n -ary rational relation . 94

  36. HTML Esiaping 95

  37. Undeiidability Proposition/Folklore String constraints with rational relations are undeiidable .  Post correspondence problem: Given word pairs is there an index sequence with 96

  38. Undeiidability Proposition/Folklore String constraints with rational relations are undeiidable .  Post correspondence problem: Given word pairs e l b a d i i e d n U is there an index sequence with 97

  39. Fragments: aiyilii formulas  Positive Boolean comb. of rational relations applied to distinct variables  In every , and share at most one variable  PSPACE-complete [Barcelo, Figuiera, and Libkin’13] 98

  40. Straight-line fragment SL  Conjunction of equations sorted by dependency:  All pairwise distinct  Each may only occur in  Each is concatenation, or (interpreted as )  Regex constraints 99

  41. SL example JavaSiript embedded in a web-page var x = goog.string.htmlEscape(cat); var y = goog.string.escapeString(x); catElem.innerHTML = '<button onclick="createCatList(\'' + y + '\')">' + x + '</button>'; 100

Recommend

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array with base type char End of string marked with null, \0 Older method inherited from C C++ strings Objects of string class 2

469 views • 18 slides
Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other string methods. 1 Strings and Testing for Equality The == operator is also not appropriate for determining if two objects , such as strings, have

380 views • 13 slides
Python:Strings Strings

Python:Strings Strings

Python:Strings Strings Source:https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-0001-introduction-to-computer-science-and- programming-in-python-fall-2016/lecture-slides-code/ Strings String is a sequence of

293 views • 13 slides
Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Starting chapter 3 Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and related ideas l Strings are basically sequences of characters l A string literal is enclosed in quotes ( '' or in Python):

292 views • 12 slides
ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

Systems Architecture ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of characters ASCII 7-bit (American) character codes ( char ) One byte per character Unicode International character

901 views • 61 slides
Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd

Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd

2/25/20 CS 224 Introduction to Python Spring 2020 Class #14: Strings Py Python Strings Python strings are immuatable: s = abc s[2] = d s = abd These dont change the string abc s = s[:-1] + d they

444 views • 19 slides
s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are

s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are

Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters s[i] Introduction to Computer Programming Strings CSCI-UA 2 Strings and Characters Strings are one of Pythons primary Strings data types Strings can be used

242 views • 10 slides
Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111.

Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111.

Listing Bit Strings List all bit strings of length 3. 000, 001, 010, 011, 100, 101, 110, 111. Now do it while only flipping one bit at a time! Today: Finish graphs and talk about numbers. Forests A forest is an acyclic graph. Each connected

534 views • 26 slides
Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s =

Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s =

Strings A string is an array of characters s = 'abc' MATLAB Strings is equivalent to s = [ 'a' 'b' 'c' ] All operations that apply to vectors and Selim Aksoy arrays can be used together with Bilkent University strings as well

39 views • 3 slides
Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string,

Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string,

Chapter 9: Strings (To avoid confusion, C-style strings will be referred to as C-string, regular C++ strings from the string class will be referred to as String). C-Strings Made up of character arrays that stores strings of

690 views • 3 slides
Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings

Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings

Strings, Languages, and Regular expressions Lecture 2 1 Strings 2 Definitions for strings e.g., = {0,1}, = { , , , } , = set of ascii characters alphabet = finite set of symbols string = finite

371 views • 36 slides
Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis

Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis

Departement Informatik Strings Digital Medicine I Lists, strings, loops Repetition Hans-Joachim Bckenhauer Dennis Komm Autumn 2020 October 15, 2020 Strings Strings Operators Addition Strings are lists of characters (there

268 views • 13 slides
C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages,

C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages,

C-Style Strings CS2253 Owen Kaser, UNBSJ Strings In C and some other low-level languages, strings are just consecutive memory locations that contain characters. A special null character (ASCII code 0) terminates the string.

813 views • 17 slides
STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors

STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors

STRINGS AND FACTORS Jeff Goldsmith, PhD Department of Biostatistics 1 Strings vs Factors They both look like character vectors, but: Strings are just strings Factors have an underlying numeric structure with character labels sitting

241 views • 8 slides
Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2

Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2

Strings in Python Computers store text as strings &gt;&gt;&gt; s = &quot;GATTACA&quot; 0 1 2 3 4 5 6 G A T T A C A s Each of these are characters Why are strings important? Sequences are strings ..catgaaggaa ccacagccca

712 views • 17 slides
HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago. Strings are subtypes of the sequence data type. Strings are written with either single or double quotes encasing a sequence of characters. s1 =

470 views • 25 slides
A first look at string processing Python Strings Basic data type in Python Strings are

A first look at string processing Python Strings Basic data type in Python Strings are

A first look at string processing Python Strings Basic data type in Python Strings are immutable, meaning they cannot be shared Why? Its complicated, but string literals are very frequent. If strings cannot be changed, then

500 views • 22 slides
Strings &amp; Branching Strings and input We talked about basic types.... what type can store

Strings &amp; Branching Strings and input We talked about basic types.... what type can store

Strings &amp; Branching Strings and input We talked about basic types.... what type can store letters? What about words? Input and output Strings and input char can only hold a single letter/number, but one way to hold multiple is a string

574 views • 22 slides
Strings 15-110 Wednesday 09/23 Learning Goals Index and slice into strings to break them

Strings 15-110 Wednesday 09/23 Learning Goals Index and slice into strings to break them

Strings 15-110 Wednesday 09/23 Learning Goals Index and slice into strings to break them up into parts Use for loops to loop over strings by index Use built-in string operations and methods to solve problems 2 String Operations

479 views • 25 slides
Languages and Regular expressions Lecture 2 1 Strings, Sets of Strings, Sets of Sets of

Languages and Regular expressions Lecture 2 1 Strings, Sets of Strings, Sets of Sets of

Languages and Regular expressions Lecture 2 1 Strings, Sets of Strings, Sets of Sets of Strings We defined strings in the last lecture, and showed some properties. What about sets of strings? CS 374 2 n , *, and +

416 views • 29 slides
V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal

V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal

V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal constant Array with base type char One character per element One extra character: '\0' Called null character End marker

344 views • 8 slides
61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4

61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4

61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4 Representing Strings: UTF-8 Encoding UTF (UCS (Universal Character Set) Transformation Format) 4 Representing Strings: UTF-8 Encoding UTF (UCS

1.62k views • 99 slides
String Amplitudes, Topological Strings and the Omega-deformation Strings @ Princeton 26 - 06 -

String Amplitudes, Topological Strings and the Omega-deformation Strings @ Princeton 26 - 06 -

String Amplitudes, Topological Strings and the Omega-deformation Strings @ Princeton 26 - 06 - 2014 Ahmad Zein Assi CERN String Amplitudes, Topological Strings and the Omega-deformation Strings @ Princeton 26 - 06 - 2014 Based on work with

644 views • 21 slides
Agenda Announcements Functions under the hood Strings Problems solved via

Agenda Announcements Functions under the hood Strings Problems solved via

Agenda Announcements Functions under the hood Strings Problems solved via strings The BIG SEECRET OF STRINGS Often used operators Often used functions For loop (list) 1/14/2013 CompSci101 Peter Lorensen 1

793 views • 11 slides

More recommend