scholarly journals All-Instances Oblivious Chase Termination is Undecidable for Single-Head Binary TGDs

2020 ◽  
Author(s):  
Bartosz Bednarczyk ◽  
Robert Ferens ◽  
Piotr Ostropolski-Nalewaja
Keyword(s):  
Static Analysis ◽  
Real World ◽  
Query Answering ◽  
Database Theory ◽  
Horn Fragment ◽  
Termination Problem ◽  
Algorithmic Procedure

The chase is a famous algorithmic procedure in database theory with numerous applications in ontology-mediated query answering. We consider static analysis of the chase termination problem, which asks, given set of TGDs, whether the chase terminates on all input databases. The problem was recently shown to be undecidable by Gogacz et al. for sets of rules containing only ternary predicates. In this work, we show that undecidability occurs already for sets of single-head TGD over binary vocabularies. This question is relevant since many real-world ontologies, e.g., those from the Horn fragment of the popular OWL, are of this shape.

scholarly journals Detection of the Hardcoded Login Information from Socket and String Compare Symbols

2021 ◽  
Vol 5 (1) ◽  
pp. 28-39
Author(s):  
Minami Yoda ◽  
Shuji Sakuraba ◽  
Yuichi Sei ◽  
Yasuyuki Tahara ◽  
Akihiko Ohsuga
Keyword(s):  
Internet Of Things ◽  
Static Analysis ◽  
Real World ◽  
Symbolic Execution ◽  
The Internet ◽  
User Input ◽  
Network Function ◽  
Private Data ◽  
String Search ◽  
Iot Devices

Internet of Things (IoT) for smart homes enhances convenience; however, it also introduces the risk of the leakage of private data. TOP10 IoT of OWASP 2018 shows that the first vulnerability is ”Weak, easy to predict, or embedded passwords.” This problem poses a risk because a user can not fix, change, or detect a password if it is embedded in firmware because only the developer of the firmware can control an update. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using a static analysis called Socket Search and String Search to protect from first vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, those studies required a lot of time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information: string search and socket search. In string search, the algorithm finds a function that uses the strcmp or strncmp symbol. In socket search, the algorithm finds a function that is referenced by the socket symbol. In this experiment, we measured the ability of our proposed method by searching six firmware in the real world that has a backdoor. We ran three methods: string search, socket search, and whole search to compare the two methods. As a result, all methods found login information from five of six firmware and one unexpected password. Our method reduces the analysis time. The whole search generally takes 38 mins to complete, but our methods finish the search in 4-6 min.

scholarly journals Query Answering with Guarded Existential Rules under Stable Model Semantics

2020 ◽  
Vol 34 (03) ◽  
pp. 3017-3024
Author(s):  
Hai Wan ◽  
Guohui Xiao ◽  
Chenglin Wang ◽  
Xianqiao Liu ◽  
Junhong Chen ◽  
...  
Keyword(s):  
Answer Set Programming ◽  
Query Answering ◽  
Prototype System ◽  
Stable Model ◽  
Logic Programs ◽  
Termination Problem ◽  
Answer Set

In this paper, we study the problem of query answering with guarded existential rules (also called GNTGDs) under stable model semantics. Our goal is to use existing answer set programming (ASP) solvers. However, ASP solvers handle only finitely-ground logic programs while the program translated from GNTGDs by Skolemization is not in general. To address this challenge, we introduce two novel notions of (1) guarded instantiation forest to describe the instantiation of GNTGDs and (2) prime block to characterize the repeated infinitely-ground program translated from GNTGDs. Using these notions, we prove that the ground termination problem for GNTGDs is decidable. We also devise an algorithm for query answering with GNTGDs using ASP solvers. We have implemented our approach in a prototype system. The evaluation over a set of benchmarks shows encouraging results.

scholarly journals All-Instances Restricted Chase Termination for Linear TGDs

2020 ◽  
Vol 34 (4) ◽  
pp. 465-473 ◽  
Author(s):  
Tomasz Gogacz ◽  
Jerzy Marcinkowski ◽  
Andreas Pieris
Keyword(s):  
Second Order ◽  
Order Logic ◽  
Query Answering ◽  
Alternative Proof ◽  
Standard Version ◽  
Database Theory ◽  
Second Order Logic ◽  
Monadic Second Order Logic

AbstractThe chase procedure is a fundamental algorithmic tool in database theory with a variety of applications. A key problem concerning the chase procedure is all-instances chase termination: for a given set of tuple-generating dependencies (TGDs), is it the case that the chase terminates for every input database? In view of the fact that this problem is, in general, undecidable, it is natural to ask whether well-behaved classes of TGDs, introduced in different contexts, ensure decidability. It has been recently shown that the problem is decidable for the restricted (a.k.a. standard) version of the chase, and linear TGDs, a prominent class of TGDs that has been introduced in the context of ontological query answering, under the assumption that only one atom appears in TGD-heads. We provide an alternative proof for this result based on Monadic Second-Order Logic, which we believe is simpler that the ones obtained from the literature.

scholarly journals Querying Log Data with Metric Temporal Logic

2018 ◽  
Vol 62 ◽  
pp. 829-877 ◽  
Author(s):  
Sebastian Brandt ◽  
Elem Güzel Kalaycı ◽  
Vladislav Ryzhikov ◽  
Guohui Xiao ◽  
Michael Zakharyaschev
Keyword(s):  
Temporal Logic ◽  
Real World ◽  
Large Datasets ◽  
Weather Data ◽  
Data Complexity ◽  
Log Data ◽  
Metric Temporal Logic ◽  
Temporal Concepts ◽  
Horn Fragment ◽  
Typical User

We propose a novel framework for ontology-based access to temporal log data using a datalog extension datalogMTL of the Horn fragment of the metric temporal logic MTL. We show that datalogMTL is EXPSPACE-complete even with punctual intervals, in which case full MTL is known to be undecidable. We also prove that nonrecursive datalogMTL is PSPACE-complete for combined complexity and in AC0 for data complexity. We demonstrate by two real-world use cases that nonrecursive datalogMTL programs can express complex temporal concepts from typical user queries and thereby facilitate access to temporal log data. Our experiments with Siemens turbine data and MesoWest weather data show that datalogMTL ontology-mediated queries are efficient and scale on large datasets.

scholarly journals Symbolic value-flow static analysis: deep, precise, complete modeling of Ethereum smart contracts

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Yannis Smaragdakis ◽  
Neville Grech ◽  
Sifis Lagouvardos ◽  
Konstantinos Triantafyllou ◽  
Ilias Tsatiris
Keyword(s):  
Static Analysis ◽  
High Precision ◽  
Real World ◽  
Program Analysis ◽  
Symbolic Execution ◽  
Research Work ◽  
Smart Contracts ◽  
Program Behavior ◽  
Symbolic Value ◽  
Value Flow

We present a static analysis approach that combines concrete values and symbolic expressions. This symbolic value-flow (“symvalic”) analysis models program behavior with high precision, e.g., full path sensitivity. To achieve deep modeling of program semantics, the analysis relies on a symbiotic relationship between a traditional static analysis fixpoint computation and a symbolic solver: the solver does not merely receive a complex “path condition” to solve, but is instead invoked repeatedly (often tens or hundreds of thousands of times), in close cooperation with the flow computation of the analysis. The result of the symvalic analysis architecture is a static modeling of program behavior that is much more complete than symbolic execution, much more precise than conventional static analysis, and domain-agnostic: no special-purpose definition of anti-patterns is necessary in order to compute violations of safety conditions with high precision. We apply the analysis to the domain of Ethereum smart contracts. This domain represents a fundamental challenge for program analysis approaches: despite numerous publications, research work has not been effective at uncovering vulnerabilities of high real-world value. In systematic comparison of symvalic analysis with past tools, we find significantly increased completeness (shown as 83-96% statement coverage and more true error reports) combined with much higher precision, as measured by rate of true positive reports. In terms of real-world impact, since the beginning of 2021, the analysis has resulted in the discovery and disclosure of several critical vulnerabilities, over funds in the many millions of dollars. Six separate bug bounties totaling over $350K have been awarded for these disclosures.

Measuring the Gap: Algorithmic Approximation Bounds for the Space Complexity of Stream Specifications

10.29007/t3jg ◽  
2018 ◽  
Author(s):  
David Cerna ◽  
Wolfgang Schreiner
Keyword(s):  
Real World ◽  
Predicate Logic ◽  
Space Complexity ◽  
Runtime Monitoring ◽  
Large Fragment ◽  
Memory Efficiency ◽  
Real World Applications ◽  
Space Requirements ◽  
Algorithmic Procedure

In previous work we presented an algorithmic procedure for analysing the space complexity of monitor specifications written in a fragment of predicate logic. These monitor specifications were developed for runtime monitoring of event streams. Our procedure provides accurate results for a large fragment of the possible specifications, but overestimates the space complexity of precisely those specifications which are more likely to be found in real world applications. Experiments hinted at a relationship between the extent our procedure over-approximates the space requirements of a specification and the quantifier structure of the specification. In this paper we provide a formalization of this relationship as approximation ratios, and are able to pinpoint ``good'' constructions, that is specifications using less memory. These results are first steps towards categorizing specifications based on memory efficiency.

scholarly journals Obtaining Real-World Benchmark Programs from Open-Source Repositories Through Abstract-Semantics Preserving Transformations

2020 ◽  
Author(s):  
Maria Paquin
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Real World ◽  
Program Analysis ◽  
Symbolic Execution ◽  
Analysis Techniques ◽  
Second Stage ◽  
The Third ◽  
Third Stage ◽  
Transformation Algorithms

Benchmark programs are an integral part of program analysis research. Researchers use benchmark programs to evaluate existing techniques and test the feasibility of new approaches. The larger and more realistic the set of benchmarks, the more confident a researcher can be about the correctness and reproducibility of their results. However, obtaining an adequate set of benchmark programs has been a long-standing challenge in the program analysis community. In this thesis, we present the APT tool, a framework we designed and implemented to automate the generation of realistic benchmark programs suitable for program analysis evaluations. Our tool targets intra-procedural analyses that operate on an integer domain, specifically symbolic execution. The framework is composed of three main stages. In the first stage, the tool extracts potential benchmark programs from open-source repositories suitable for symbolic execution. In the second stage, the tool transforms the extracted programs into compilable, stand-alone benchmarks by removing external dependencies and nonlinear expressions. In the third stage, the benchmarks are verified and made available for the user. We have designed our transformation algorithms to remove program dependencies and nonlinear expressions while preserving their semantics-equivalence in the abstraction of symbolic analysis. That is, we want the information the analysis computes on the original program and its transformed version to be equivalent. Our work provides static analysis researchers with concise, compilable benchmark programs that are relevant to symbolic execution, allowing them to focus their efforts on advancing analysis techniques. Furthermore, our work benefits the software engineering community by enabling static analysis researchers to perform benchmarking with a large, realistic set of programs, thus strengthening the empirical evidence of the advancements in static program analysis.

Sign in / Sign up

Export Citation Format

Share Document