In programs, strings are used to represent all forms of textual data---names, credit card numbers, mail addresses, URLs, bank accounts, color codes, and much more. Yet, programming languages offer little support for actually _checking_ whether the contents of these strings are actually as expected. This can not only lead to functional errors, but also to common attacks like script or SQL injections. In this proposal, we introduce _string types_ - a means to express the valid values of strings using formal languages such as regular expressions and grammars. We introduce means to _specify_ which sets of strings are acceptable as values and dynamically and statically check whether the program is correct with respect to the specified string types. Since they come as formal languages, string types also allow \emph{producing} instances from these specifications. This allows for massive automated testing of string-handling functions with valid inputs, again using string types to check string results for lexical, syntactic, and semantic correctness. Finally, we introduce means to _learn_ such specifications from code and its executions, thus making string types easy to adopt. The applicants bring extensive experience in static analysis of parsing code, generation of unit tests and oracles, and language-based specification and testing. It is their combined expertise that will lead this proposal to success.

DFG Programme Research Grants

International Connection Austria

Partner Organisation Fonds zur Förderung der wissenschaftlichen Forschung (FWF)

Cooperation Partner Professor Dr. Jürgen Cito