{"id":187625,"date":"2012-04-24T00:00:00","date_gmt":"2012-04-25T19:31:36","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/msr-research-item\/decision-procedures-for-string-constraints\/"},"modified":"2016-08-22T11:26:07","modified_gmt":"2016-08-22T18:26:07","slug":"decision-procedures-for-string-constraints","status":"publish","type":"msr-video","link":"https:\/\/www.microsoft.com\/en-us\/research\/video\/decision-procedures-for-string-constraints\/","title":{"rendered":"Decision Procedures for String Constraints"},"content":{"rendered":"<div class=\"asset-content\">\n<p>String-related defects are among the most prevalent in modern software development. For example, in terms of frequency, cross-site scripting vulnerabilities have surpassed traditional exploits like buffer overruns. The state of this problem is particularly disconcerting because it does not just affect legacy code: developing web applications today \u2013 even when adhering to best practices and using modern library support \u2013 remains error-prone.<\/p>\n<p>In this presentation, I will discuss work that aims to address some of the challenges that arise when trying to prevent or mitigate the effects of string-related defects. My dissertation work focuses on providing a constraint solving interface for a wide range of client applications. A client program analysis can use that interface to reason about strings in the same way it might use a Boolean satisfiability (SAT) solver to reason about binary state. The work identifies a set of string constraints that (a) captures common programming language constructs, and (b) permits effective solving algorithms. I will also talk about the BEK project, which is joint work with researchers at MSR and UC Berkeley. The BEK project provides a domain-specific programming language that directly captures a commonly-used class of string sanitization functions, and allows for deep semantic checks on functions written in the language. Taken together, the string constraint solving work and the BEK project represent a compelling first step toward the precise modeling of code that manipulates string values.<\/p>\n<p>Additional presentation materials are available at:<br \/>\nhttp:\/\/www.cs.virginia.edu\/~ph4u\/strsolve\/<\/p>\n<\/div>\n<p><!-- .asset-content --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>String-related defects are among the most prevalent in modern software development. For example, in terms of frequency, cross-site scripting vulnerabilities have surpassed traditional exploits like buffer overruns. The state of this problem is particularly disconcerting because it does not just affect legacy code: developing web applications today \u2013 even when adhering to best practices and [&hellip;]<\/p>\n","protected":false},"featured_media":196785,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"footnotes":""},"research-area":[],"msr-video-type":[],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-187625","msr-video","type-msr-video","status-publish","has-post-thumbnail","hentry","msr-locale-en_us"],"msr_download_urls":"","msr_external_url":"https:\/\/youtu.be\/Hprnk19C5X0","msr_secondary_video_url":"","msr_video_file":"","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/187625"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-video"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/187625\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/196785"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=187625"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=187625"},{"taxonomy":"msr-video-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video-type?post=187625"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=187625"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=187625"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=187625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}