{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T21:41:54Z","timestamp":1757626914944,"version":"3.44.0"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031944475"},{"type":"electronic","value":"9783031944482"}],"license":[{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-031-94448-2_19","type":"book-chapter","created":{"date-parts":[[2025,8,31]],"date-time":"2025-08-31T19:08:42Z","timestamp":1756667322000},"page":"376-399","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Symerge: Replacing Calls in\u00a0Under-Constrained Symbolic Execution and\u00a0Find Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Yicheng","family":"Zeng","sequence":"first","affiliation":[]},{"given":"Jiaqian","family":"Peng","sequence":"additional","affiliation":[]},{"given":"Jiami","family":"Lin","sequence":"additional","affiliation":[]},{"given":"Rongrong","family":"Xi","sequence":"additional","affiliation":[]},{"given":"Hongsong","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,1]]},"reference":[{"key":"19_CR1","unstructured":"Cwe-252: Unchecked return value. https:\/\/cwe.mitre.org\/data\/definitions\/252.html"},{"key":"19_CR2","unstructured":"libpng (2018). https:\/\/github.com\/pnggroup\/libpng"},{"key":"19_CR3","unstructured":"Plutosvg (2021). https:\/\/github.com\/sammycage\/plutosvg"},{"key":"19_CR4","unstructured":"D-link (2024). https:\/\/www.dlink.com"},{"key":"19_CR5","unstructured":"Symerge (2024). https:\/\/sites.google.com\/view\/symerge-code\/home"},{"key":"19_CR6","unstructured":"Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Tools and Algorithms for the Construction and Analysis of Systems: 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings 14. pp. 367\u2013381. Springer (2008)"},{"issue":"10","key":"19_CR7","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1145\/2714064.2660200","volume":"49","author":"T Bergan","year":"2014","unstructured":"Bergan, T., Grossman, D., Ceze, L.: Symbolic execution of multithreaded programs from arbitrary program contexts. ACM SIGPLAN Notices 49(10), 491\u2013506 (2014)","journal-title":"ACM SIGPLAN Notices"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Bichhawat, A.: Post-dominator analysis for precisely handling implicit flows. In: 2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering, vol.\u00a02, pp. 787\u2013789. IEEE (2015)","DOI":"10.1109\/ICSE.2015.250"},{"key":"19_CR9","unstructured":"Cadar, C., Dunbar, D., Engler, D.R., et\u00a0al.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol.\u00a08, pp. 209\u2013224 (2008)"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Cheng, K., et al.: Dtaint: detecting the taint-style vulnerability in embedded device firmware. In: 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 430\u2013441. IEEE (2018)","DOI":"10.1109\/DSN.2018.00052"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Cheng, K., et al.: Detecting vulnerabilities in Linux-based embedded firmware with SSE-based on-demand alias analysis. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 360\u2013372 (2023)","DOI":"10.1145\/3597926.3598062"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Engler, D., Dunbar, D.: Under-constrained execution: making automatic code destruction easy and scalable. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, pp.\u00a01\u20134 (2007)","DOI":"10.1145\/1273463.1273464"},{"issue":"3","key":"19_CR13","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1145\/24039.24041","volume":"9","author":"J Ferrante","year":"1987","unstructured":"Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Programm. Lang. Syst. (TOPLAS) 9(3), 319\u2013349 (1987)","journal-title":"ACM Trans. Programm. Lang. Syst. (TOPLAS)"},{"key":"19_CR14","unstructured":"Fioraldi, A., Maier, D., Ei\u00dffeldt, H., Heuse, M.: $$\\{$$AFL++$$\\}$$: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Fragoso\u00a0Santos, J., Maksimovi\u0107, P., Sampaio, G., Gardner, P.: Javert 2.0: Compositional symbolic execution for javascript. In: Proceedings of the ACM on Programming Languages 3(POPL), 1\u201331 (2019)","DOI":"10.1145\/3290379"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Godefroid, P.: Compositional dynamic test generation. In: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 47\u201354 (2007)","DOI":"10.1145\/1190216.1190226"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.D.: Compositional may-must program analysis: unleashing the power of alternation. In: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp. 43\u201356 (2010)","DOI":"10.1145\/1706299.1706307"},{"key":"19_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-540-71316-6_18","volume-title":"Programming Languages and Systems","author":"S Gulwani","year":"2007","unstructured":"Gulwani, S., Tiwari, A.: Computing procedure summaries for interprocedural analysis. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 253\u2013267. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-71316-6_18"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Han, H., Kyea, J., Jin, Y., Kang, J., Pak, B., Yun, I.: Queryx: symbolic query on decompiled code for finding bugs in cots binaries. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 3279\u2013312795. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179314"},{"issue":"3","key":"19_CR20","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1145\/373243.375719","volume":"36","author":"SS Ishtiaq","year":"2001","unstructured":"Ishtiaq, S.S., O\u2019Hearn, P.W.: Bi as an assertion language for mutable data structures. SIGPLAN Not. 36(3), 14\u201326 (2001). https:\/\/doi.org\/10.1145\/373243.375719","journal-title":"SIGPLAN Not."},{"issue":"6","key":"19_CR21","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1145\/2345156.2254088","volume":"47","author":"V Kuznetsov","year":"2012","unstructured":"Kuznetsov, V., Kinder, J., Bucur, S., Candea, G.: Efficient state merging in symbolic execution. Acm Sigplan Notices 47(6), 193\u2013204 (2012)","journal-title":"Acm Sigplan Notices"},{"issue":"1","key":"19_CR22","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/357062.357071","volume":"1","author":"T Lengauer","year":"1979","unstructured":"Lengauer, T., Tarjan, R.E.: A fast algorithm for finding dominators in a flowgraph. ACM Trans. Programm. Lang. Syst. (TOPLAS) 1(1), 121\u2013141 (1979)","journal-title":"ACM Trans. Programm. Lang. Syst. (TOPLAS)"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Majumdar, R., Sen, K.: Hybrid concolic testing. In: 29th International Conference on Software Engineering (ICSE\u201907), pp. 416\u2013426. IEEE (2007)","DOI":"10.1109\/ICSE.2007.41"},{"key":"19_CR24","unstructured":"NSA Center for Assured Software: Juliet c\/c++ 1.3 (2024). https:\/\/samate.nist.gov\/SARD\/test-suites\/112"},{"key":"19_CR25","unstructured":"Poeplau, S., Francillon, A.: Symbolic execution with $$\\{$$SymCC$$\\}$$: Don\u2019t interpret, compile! In: 29th USENIX Security Symposium (USENIX Security 20), pp. 181\u2013198 (2020)"},{"key":"19_CR26","doi-asserted-by":"crossref","unstructured":"Qiu, R., Yang, G., Pasareanu, C.S., Khurshid, S.: Compositional symbolic execution with memoized replay. In: 2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering, vol.\u00a01, pp. 632\u2013642. IEEE (2015)","DOI":"10.1109\/ICSE.2015.79"},{"key":"19_CR27","unstructured":"Ramos, D.A., Engler, D.: $$\\{$$Under-Constrained$$\\}$$ symbolic execution: Correctness checking for real code. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 49\u201364 (2015)"},{"key":"19_CR28","unstructured":"Ramos, F., Sabino, N., Ad\u00e3o, P., Naumann, D.A., Fragoso\u00a0Santos, J.: Toward tool-independent summaries for symbolic execution. In: 37th European Conference on Object-Oriented Programming (ECOOP 2023). Schloss Dagstuhl-Leibniz-Zentrum f\u00fcr Informatik (2023)"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Redini, N., et al.: Karonte: detecting insecure multi-binary interactions in embedded firmware. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1544\u20131561. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00036"},{"key":"19_CR30","doi-asserted-by":"crossref","unstructured":"Rutledge, R., Orso, A.: Automating differential testing with overapproximate symbolic execution. In: 2022 IEEE Conference on Software Testing, Verification and Validation (ICST), pp. 256\u2013266. IEEE (2022)","DOI":"10.1109\/ICST53961.2022.00035"},{"key":"19_CR31","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., et\u00a0al.: Sok:(state of) the art of war: offensive techniques in binary analysis. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 138\u2013157. IEEE (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"19_CR32","doi-asserted-by":"crossref","unstructured":"Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: NDSS, vol.\u00a016, pp. 1\u201316 (2016)","DOI":"10.14722\/ndss.2016.23368"},{"key":"19_CR33","unstructured":"Vadayath, J., et\u00a0al.: Arbiter: bridging the static and dynamic divide in vulnerability discovery on binary programs. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 413\u2013430 (2022)"},{"issue":"6","key":"19_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3604608","volume":"32","author":"S Yang","year":"2023","unstructured":"Yang, S., et al.: Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis. ACM Trans. Softw. Eng. Methodol. 32(6), 1\u201329 (2023)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"19_CR35","doi-asserted-by":"crossref","unstructured":"Yorsh, G., Yahav, E., Chandra, S.: Generating precise and concise procedure summaries. In: Proceedings of the 35th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 221\u2013234 (2008)","DOI":"10.1145\/1328438.1328467"},{"key":"19_CR36","unstructured":"Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: $$\\{$$QSYM$$\\}$$: A practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX Security Symposium (USENIX Security 18) pp. 745\u2013761 (2018)"},{"key":"19_CR37","unstructured":"Zalewski, M.: American fuzzy lop (2010). http:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"Zhang, H., et al.: Statically discovering high-order taint style vulnerabilities in os kernels. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 811\u2013824 (2021)","DOI":"10.1145\/3460120.3484798"},{"key":"19_CR39","doi-asserted-by":"crossref","unstructured":"Zhu, W., et al.: Callee: recovering call graphs for binaries with transfer and contrastive learning. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2357\u20132374. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179482"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94448-2_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T00:30:51Z","timestamp":1757464251000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94448-2_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,1]]},"ISBN":["9783031944475","9783031944482"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94448-2_19","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2025,9,1]]},"assertion":[{"value":"1 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Dubai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}