{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T14:17:41Z","timestamp":1763129861581,"version":"3.45.0"},"reference-count":57,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/100020595","name":"National Science and Technology Council","doi-asserted-by":"publisher","award":["MOST 111-2218-E-002-017 -MBK"],"award-info":[{"award-number":["MOST 111-2218-E-002-017 -MBK"]}],"id":[{"id":"10.13039\/100020595","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"DOI":"10.1007\/s42979-025-04511-2","type":"journal-article","created":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T14:14:40Z","timestamp":1763129680000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["CNE-San: Fully Automatically Generated and Inserted Assertions for Bug-Oriented Sanitizers"],"prefix":"10.1007","volume":"6","author":[{"given":"Chien-Jung","family":"Chiu","sequence":"first","affiliation":[]},{"given":"Hong-Yen","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Tsung-Nan","family":"Lin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,14]]},"reference":[{"key":"4511_CR1","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1145\/267580.267590","volume":"29","author":"H Zhu","year":"1997","unstructured":"Zhu H, Hall PAV, May JHR. Software unit test coverage and adequacy. ACM Comput Surv. 1997;29:366\u2013427. https:\/\/doi.org\/10.1145\/267580.267590.","journal-title":"ACM Comput Surv"},{"key":"4511_CR2","doi-asserted-by":"publisher","unstructured":"Bell J, Kaiser G, Pankau J, B L, VDH A. (eds) Unit test virtualization with vmvm. (eds Pankau, J., B, L. & VDH, A.) Proceedings of the 36th International Conference on Software Engineering, 2014;550\u2013561. https:\/\/doi.org\/10.1145\/2568225.2568248.","DOI":"10.1145\/2568225.2568248"},{"key":"4511_CR3","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1109\/MS.2017.3281318","volume":"35","author":"V Antinyan","year":"2018","unstructured":"Antinyan V, Derehag J, Sandberg A, Staron M. Mythical unit test coverage. IEEE Softw. 2018;35:73\u20139. https:\/\/doi.org\/10.1109\/MS.2017.3281318.","journal-title":"IEEE Softw"},{"key":"4511_CR4","doi-asserted-by":"publisher","unstructured":"CHEN H, et\u00a0al. Hawkeye: Towards a desired directed grey-box fuzzer. CCS18, 2018;15\u201319. https:\/\/doi.org\/10.1145\/3243734.3243849.","DOI":"10.1145\/3243734.3243849"},{"key":"4511_CR5","doi-asserted-by":"publisher","first-page":"2312","DOI":"10.1109\/TSE.2019.2946563","volume":"47","author":"VM Manes","year":"2021","unstructured":"Manes VM, et al. The art, science, and engineering of fuzzing: A survey. IEEE Trans Software Eng. 2021;47:2312\u201331. https:\/\/doi.org\/10.1109\/TSE.2019.2946563.","journal-title":"IEEE Trans Software Eng"},{"key":"4511_CR6","doi-asserted-by":"crossref","unstructured":"Chen C, et\u00a0al. A systematic review of fuzzing techniques. Computers & Security75, 2018;118\u2013137. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404818300658.","DOI":"10.1016\/j.cose.2018.02.002"},{"key":"4511_CR7","unstructured":"Everett R. Mitre att &ck 2022;. https:\/\/attack.mitre.org\/."},{"key":"4511_CR8","doi-asserted-by":"publisher","unstructured":"Martin RA, Barnum S. Common weakness enumeration (cwe) status update. Ada Lett.XXVIII, 2008;88\u201391. https:\/\/doi.org\/10.1145\/1387830.1387835.","DOI":"10.1145\/1387830.1387835"},{"key":"4511_CR9","unstructured":"MITRE. About cwe 2022;. https:\/\/cwe.mitre.org\/about\/index.html."},{"key":"4511_CR10","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MSP.2005.159","volume":"3","author":"K Tsipenyuk","year":"2005","unstructured":"Tsipenyuk K, Chess B, McGraw G. Seven pernicious kingdoms: A taxonomy of software security errors. Security & Privacy IEEE. 2005;3:81\u20134. https:\/\/doi.org\/10.1109\/MSP.2005.159.","journal-title":"Security & Privacy IEEE"},{"key":"4511_CR11","unstructured":"PLOVER. Improper neutralization of directives in dynamically evaluated code (\u2019eval injection\u2019) 2022;. https:\/\/cwe.mitre.org\/data\/definitions\/95.html."},{"key":"4511_CR12","unstructured":"Silbert A. Common weakness enumeration 2022;. https:\/\/cwe.mitre.org\/index.html."},{"key":"4511_CR13","doi-asserted-by":"publisher","unstructured":"Wang C, et\u00a0al. Go-sanitizer: Bug-oriented assertion generation for golang 2019;. https:\/\/doi.org\/10.1109\/ISSREW.2019.00039.","DOI":"10.1109\/ISSREW.2019.00039"},{"key":"4511_CR14","unstructured":"Montanaro S. Why is python a dynamic language and also a strongly typed language? 2022;. https:\/\/wiki.python.org\/moin\/Why%20is%20Python%20a%20dynamic %20language%20and%20also%20a%20strongly%20typed%20language."},{"key":"4511_CR15","unstructured":"Howard M, LeBlanc D, Viega J. 24 deadly sins of software security: Programming flaws and how to fix them (McGraw-Hill Education, 2010). https:\/\/www.accessengineeringlibrary.com\/content\/book\/9780071626750."},{"key":"4511_CR16","unstructured":"CLASP. Cwe-502, deserialization of untrusted data 2022;. https:\/\/cwe.mitre.org\/data\/definitions\/502.html."},{"key":"4511_CR17","doi-asserted-by":"publisher","unstructured":"Galhardo CC, Mell P, Bojanova I, Gueye A, Perdisci R, Lindorfer M, Gianluca S. (eds) Measurements of the most significant software security weaknesses. (eds Perdisci, R., Lindorfer, M. & Gianluca, S.) Annual Computer Security Applications Conference, ACSAC \u201920, 154\u2013164 (Association for Computing Machinery, New York, NY, USA, 2020). https:\/\/doi.org\/10.1145\/3427228.3427257.","DOI":"10.1145\/3427228.3427257"},{"key":"4511_CR18","unstructured":"MITRE. Regular expression without anchors 2022;. https:\/\/cwe.mitre.org\/data\/definitions\/777.html."},{"key":"4511_CR19","unstructured":"MITRE. Floating point comparison with incorrect operator (2022). https:\/\/cwe.mitre.org\/data\/definitions\/1077.html."},{"key":"4511_CR20","unstructured":"Dawson B. Comparing floating point numbers, 2012 edition 2012;. https:\/\/randomascii.wordpress.com\/2012\/02\/25\/comparing-floating-point-numbers-2012-edition\/."},{"key":"4511_CR21","doi-asserted-by":"crossref","unstructured":"Myers GJ, Sandler C. & Badgett, T. The art of software testing (Wiley Publishing, 2011).","DOI":"10.1002\/9781119202486"},{"key":"4511_CR22","unstructured":"Hamill P. Unit test frameworks: tools for high-quality software development (\" O\u2019Reilly Media, Inc.\", 2004)."},{"key":"4511_CR23","doi-asserted-by":"publisher","unstructured":"Li B, Vendome C, Linares-V\u00e1squez M, Poshyvanyk D, Kraft NA, O\u2019Conner L. (ed.) Automatically documenting unit test cases. (ed.O\u2019Conner, L.) 2016 IEEE international conference on software testing, verification and validation (ICST), 341\u2013352 (IEEE, 2016). https:\/\/doi.org\/10.1109\/ICST.2016.30.","DOI":"10.1109\/ICST.2016.30"},{"key":"4511_CR24","doi-asserted-by":"publisher","unstructured":"Taneja K, Xie T. Diffgen Automated regression unit-test generation. 2008;. https:\/\/doi.org\/10.1109\/ASE.2008.60.","DOI":"10.1109\/ASE.2008.60"},{"key":"4511_CR25","doi-asserted-by":"publisher","unstructured":"Pajankar A. Unittest, 31\u201363 (Apress, Berkeley, CA, 2017). https:\/\/doi.org\/10.1007\/978-1-4842-2677-3_3.","DOI":"10.1007\/978-1-4842-2677-3_3"},{"key":"4511_CR26","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/96267.96279","volume":"33","author":"BP Miller","year":"1990","unstructured":"Miller BP, Fredriksen L, So B. An empirical study of the reliability of unix utilities. Commun ACM. 1990;33:32\u201344. https:\/\/doi.org\/10.1145\/96267.96279.","journal-title":"Commun ACM"},{"key":"4511_CR27","unstructured":"Kim SY, et\u00a0al. $$\\{$$CAB-Fuzz$$\\}$$: Practical concolic testing techniques for $$\\{$$COTS$$\\}$$ operating systems 2017;. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/kim."},{"key":"4511_CR28","unstructured":"Zalewski M. American fuzzy lop 2022;. https:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"4511_CR29","doi-asserted-by":"publisher","unstructured":"Lattner C, Adve V. Llvm: a compilation framework for lifelong program analysis & transformation 2004;. https:\/\/doi.org\/10.1109\/CGO.2004.1281665.","DOI":"10.1109\/CGO.2004.1281665"},{"key":"4511_CR30","unstructured":"Rash M. A collection of vulnerabilities discovered by the afl fuzzer. 2022; https:\/\/github.com\/mrash\/afl-cve."},{"key":"4511_CR31","doi-asserted-by":"publisher","unstructured":"Li Y, et\u00a0al. V-fuzz: Vulnerability prediction-assisted evolutionary fuzzing for binary programs. IEEE Transactions on Cybernetics 2020;1\u201312. https:\/\/doi.org\/10.1109\/TCYB.2020.3013675.","DOI":"10.1109\/TCYB.2020.3013675"},{"key":"4511_CR32","doi-asserted-by":"publisher","unstructured":"Duchene F, Rawat S, Richier J-L, Groz R. Kameleonfuzz: Evolutionary fuzzing for black-box xss detection 2014;. https:\/\/doi.org\/10.1145\/2557547.2557550.","DOI":"10.1145\/2557547.2557550"},{"key":"4511_CR33","doi-asserted-by":"publisher","unstructured":"Rawat S, et\u00a0al. Vuzzer: Application-aware evolutionary fuzzing (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23404.","DOI":"10.14722\/ndss.2017.23404"},{"key":"4511_CR34","unstructured":"Google. Google atheris 2022;. https:\/\/github.com\/google\/atheris."},{"key":"4511_CR35","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/3487019.3487021","volume":"19","author":"P Thomson","year":"2021","unstructured":"Thomson P. Static analysis: An introduction: The fundamental challenge of software engineering is one of complexity. Queue. 2021;19:29\u201341. https:\/\/doi.org\/10.1145\/3487019.3487021.","journal-title":"Queue"},{"key":"4511_CR36","unstructured":"Larochelle D, Evans D. Statically detecting likely buffer overflow vulnerabilities 2001;."},{"key":"4511_CR37","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1145\/543552.512538","volume":"37","author":"M Das","year":"2002","unstructured":"Das M, Lerner S, Seigle M. Esp: Path-sensitive program verification in polynomial time. SIGPLAN Not. 2002;37:57\u201368. https:\/\/doi.org\/10.1145\/543552.512538.","journal-title":"SIGPLAN Not"},{"key":"4511_CR38","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1109\/MSP.2004.55","volume":"2","author":"D Verdon","year":"2004","unstructured":"Verdon D, McGraw G. Risk analysis in software design. IEEE Security & Privacy. 2004;2:79\u201384.","journal-title":"IEEE Security & Privacy"},{"key":"4511_CR39","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.66","author":"C Wang","year":"2017","unstructured":"Wang C, et al. Assertion recommendation for formal program verification. 2017. https:\/\/doi.org\/10.1109\/COMPSAC.2017.66.","journal-title":"Assertion recommendation for formal program verification"},{"key":"4511_CR40","doi-asserted-by":"publisher","unstructured":"Wang C, et\u00a0al. Weak-assert: A weakness-oriented assertion recommendation toolkit for program analysis 2018;. https:\/\/doi.org\/10.1145\/3183440.3183471.","DOI":"10.1145\/3183440.3183471"},{"key":"4511_CR41","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2019.00011","author":"C Wang","year":"2019","unstructured":"Wang C, Kang L, Zhang R, Yin W. Statically-directed assertion recommendation for c programs. 2019. https:\/\/doi.org\/10.1109\/COMPSAC.2019.00011.","journal-title":"Statically-directed assertion recommendation for c programs"},{"key":"4511_CR42","unstructured":"Rossum V. What\u2019s new in python 3.8 2022;. https:\/\/docs.python.org\/3\/whatsnew\/3.8.html."},{"key":"4511_CR43","unstructured":"Chiu CJ. Cne-sanitizer: Implement of cne-san in python 2022;. https:\/\/zenodo.org\/record\/7854460#.ZEUAI3ZBxD8."},{"key":"4511_CR44","unstructured":"Barton M, et\u00a0al. Openstack swift is a distributed object storage system designed to scale from a single machine to thousands of servers 2012;. https:\/\/github.com\/openstack\/swift."},{"key":"4511_CR45","unstructured":"Krahmer S. Cve-2012-4406, openstack object storage (swift) before 1.7.0 uses the loads function in the pickle python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object 2022;. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-4406."},{"key":"4511_CR46","unstructured":"Barton M, et\u00a0al. swift v1.6.0 (2022). https:\/\/github.com\/openstack\/swift\/releases\/tag\/1.6.0."},{"key":"4511_CR47","unstructured":"Chiu CJ. insert 43 no-exception bugs into tensorflow 2022;. https:\/\/zenodo.org\/record\/7854460#.ZEUAI3ZBxD8."},{"key":"4511_CR48","unstructured":"Python. compileall, python standard library to compile python source files (2022). https:\/\/docs.python.org\/3\/library\/compileall.html."},{"key":"4511_CR49","unstructured":"Chiu CJ. Tensorflow scanning report 2022;. https:\/\/zenodo.org\/record\/7854460#.ZEUAI3ZBxD8."},{"key":"4511_CR50","unstructured":"Chiu C J. Automatically insert assertions in tensorflow by neb-san 2022;. https:\/\/zenodo.org\/record\/7854460#.ZEUAI3ZBxD8."},{"key":"4511_CR51","doi-asserted-by":"crossref","unstructured":"Thoutam V. A study on python web application framework. Journal of Electronics,Computer Networking and Applied Mathematics(JECNAM) ISSN : 2799-1156 2021;1, 48\u201355. http:\/\/hmjournals.com\/journal\/index.php\/JECNAM\/article\/view\/112.","DOI":"10.55529\/jecnam.11.48.55"},{"key":"4511_CR52","unstructured":"Cramer D, et\u00a0al. getsentry, sentry 2022;. https:\/\/github.com\/getsentry\/sentry."},{"key":"4511_CR53","unstructured":"Ram\u00edrez, S. tiangolo, fastapi (2022). https:\/\/github.com\/tiangolo\/fastapi."},{"key":"4511_CR54","unstructured":"Google BT. Tensorflow for machine learning 2022;. https:\/\/www.tensorflow.org\/?hl=zh-tw."},{"key":"4511_CR55","unstructured":"Lundh F. python-pillow, pillow 2022;. https:\/\/github.com\/python-pillow\/Pillow."},{"key":"4511_CR56","unstructured":"Rodola, G. psutil is a cross-platform library for retrieving information on running processes and system utilization (cpu, memory, disks, network, sensors) in python 2022;. https:\/\/pypi.org\/project\/psutil\/."},{"key":"4511_CR57","unstructured":"Python. cprofile provides deterministic profiling of python programs 2022;. https:\/\/docs.python.org\/3\/library\/profile.html."}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-04511-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-025-04511-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-04511-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T14:14:54Z","timestamp":1763129694000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-025-04511-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,14]]},"references-count":57,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["4511"],"URL":"https:\/\/doi.org\/10.1007\/s42979-025-04511-2","relation":{},"ISSN":["2661-8907"],"issn-type":[{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,14]]},"assertion":[{"value":"25 April 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"966"}}