1 / 53

Symbolic Finite State Transducers: Algorithms and Applications

Symbolic Finite State Transducers: Algorithms and Applications. Margus Veanes Pieter Hooimeijer Benjamin Livshits David Molnar Nikolaj Bjørner. Symbolic Finite State Transducers: Algorithms and Applications. Margus Veanes Pieter Hooimeijer Benjamin Livshits David Molnar

kieve
Download Presentation

Symbolic Finite State Transducers: Algorithms and Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symbolic Finite State Transducers:Algorithms and Applications MargusVeanes Pieter Hooimeijer Benjamin Livshits David Molnar NikolajBjørner

  2. Symbolic Finite State Transducers:Algorithms and Applications MargusVeanes Pieter Hooimeijer Benjamin Livshits David Molnar NikolajBjørner

  3. Formal languages are well-studied.

  4. a*b+ a b b ✔ ✘ aaaa abb

  5. POPL (2001–2011) Number of papers “automata”

  6. What about transformation?

  7. http://en.wikipedia.org/wiki/Osborne_1

  8. Compute image: • Check properties: • Equivalence • Composition ✔ abb{baa} ✘ aaaa b/a a/b b/a

  9. POPL (2001–2011) Number of papers “automata” “transducers”

  10. Talk Outline Background Approach Case Studies

  11. Background “Fast and Precise Sanitizer Analysis with Bek” Idea: Develop a language for commonly-used string transformations. Prove properties about those transfor-mations.

  12. t := iter(cins)[b:= false;] {case (!b&&cin"['\"\\]"):b:= false;yield('\\', c);case (c=='\\'):b:= !b;yield(c); case (true): b:= false; yield(c); }; Gap b/a a/b b/a FSTs Code

  13. domain-specific languages t := iter(cins)[b:= false;] {case (!b&&cin"['\"\\]"):b:= false;yield('\\', c);case (c=='\\'):b:= !b;yield(c); case (true): b:= false; yield(c); }; 1 b/a a/b b/a FSTs Code

  14. domain-specific languages t := iter(cins)[b:= false;] {case (!b&&cin"['\"\\]"):b:= false;yield('\\', c);case (c=='\\'):b:= !b;yield(c); case (true): b:= false; yield(c); }; 1 2 b/a a/b more expressivetransducers b/a FSTs Code

  15. domain-specific languages t := iter(cins)[b:= false;] {case (!b&&cin"['\"\\]"):b:= false;yield('\\', c);case (c=='\\'):b:= !b;yield(c); case (true): b:= false; yield(c); }; 1 2 b/a a/b more expressivetransducers b/a FSTs Code

  16. Talk Outline Background Approach Case Studies

  17. Symbolic Finite State Transducers Idea: • Equip transitions with formulae • Allow the use of any decidable theory

  18. Definition Symbolic Finite State Transducer (SFT):

  19. Symbolic Finite State Transducer (SFT): - states - start state - final states

  20. Symbolic Finite State Transducer (SFT): - states - start state - final states

  21. predicates output Symbolic Finite State Transducer (SFT): - states - start state - final states

  22. Symbolic Finite State Transducer (SFT): • Background Theory: • predicates • label theory - states - start state - final states - transition

  23. Example

  24. Closure under composition SFT A  B SFT A SFT B in in out out Requirement:

  25. Single-valued equivalence Definition: 1

  26. Algorithm: • Construct 2-outputproduct transducer • Find conflicts (dft): • output length • output value Complexity: complexity of decision procedure number of rules

  27. Key restriction: single-valuedness • Transducer A is single-valued if, for all inputs, A has at most one out-put. 1

  28. Transducer A is single-valued if, for all inputs, A has at most one out-put. 1 Note: This definition permits non-determinism, e.g.: b/[] ... ... ... b/[]

  29. idempotence subsumption equivalence commutativity ...

  30. Talk Outline Background Approach Case Studies

  31. Case Studies "b"'b' Location Privacy HTMLdecode MalwareFingerprinting Image Blurring

  32. "b"'b' Location Privacy HTMLdecode MalwareFingerprinting Image Blurring

  33. HTMLdecode "<" "&lt;" "&#60;" "&#0060;" Decode

  34. The Task: Prove that HTMLdecodeis not idempotent The Metric: Running time "<" "&lt;" "&#60;" "&#0060;" Decode

  35. "<" "&lt;" "&#60;" "&#0060;" Decode The Problem: Unicode defines 1,114,112 code points.

  36. Three Participating Representations C# C# C# +REG +REG SFT (Eager) SFT+Registers (Eager) SFT+Registers (Lazy)

  37. Transducer size () 6.6M maximum number of digits

  38. C# C# C# +REG +REG SFT (Eager) SFT+Registers (Eager) SFT+Registers (Lazy)

  39. Transducer size () 6.6M SFT SFT + Symbolic State Space 51 maximum number of digits

  40. Idempotence Checking: Time SFT + REG(eager) SFT + REG(lazy) SFT 2 3 4 5 6 maximum number of digits

  41. Talk Outline Background Approach Case Studies

  42. Conclusion • Introduced Symbolic Finite State Transducersover any decidable background theory • Presented decidability and complexity results • Comes with a scalable and robust* implementation

More Related