{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:13:14Z","timestamp":1773713594267,"version":"3.50.1"},"reference-count":53,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802402"],"award-info":[{"award-number":["61802402"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172406"],"award-info":[{"award-number":["62172406"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"CAS Pioneer Hundred Talents Program"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3626811","type":"journal-article","created":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T18:05:38Z","timestamp":1761847538000},"page":"2371-2386","source":"Crossref","is-referenced-by-count":0,"title":["MSTest: A Property-Oriented, Comprehensive, and Cross-Platform Test Suite of Memory Safety"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5298-2198","authenticated-orcid":false,"given":"Ciyan","family":"Ouyang","sequence":"first","affiliation":[{"name":"State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0815-4578","authenticated-orcid":false,"given":"Da","family":"Xie","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-2758-3015","authenticated-orcid":false,"given":"Hao","family":"Ma","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5649-1580","authenticated-orcid":false,"given":"Wei","family":"Song","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0576-3202","authenticated-orcid":false,"given":"Jiameng","family":"Ying","sequence":"additional","affiliation":[{"name":"Big Data Center of the Ministry of Public Security, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8297-4360","authenticated-orcid":false,"given":"Sihao","family":"Shen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5091-8464","authenticated-orcid":false,"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, Pennsylvania, PA, USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2024.3363142"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref3","article-title":"PaX address space layout randomization (ASLR)","author":"Team","year":"2003"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_7"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref7","first-page":"177","article-title":"Non-control-data attacks are realistic threats","volume-title":"Proc. USENIX Secur. Symp.","author":"Chen","year":"2005"},{"key":"ref8","first-page":"309","article-title":"AddressSanitizer: A fast address sanity checker","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Serebryany","year":"2012"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1353535.1346295"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2014.6853201"},{"key":"ref11","article-title":"Memory tagging and how it improves C\/C++ memory safety","author":"Serebryany","year":"2018"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref14","first-page":"147","article-title":"Code-pointer integrity","volume-title":"Proc. USENIX Conf. Operating Syst. Des. Implementation","author":"Kuznetsov","year":"2014"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2611765.2611773"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455778"},{"key":"ref17","first-page":"941","article-title":"Enforcing forward-edge control-flow integrity in GCC & LLVM","volume-title":"Proc. USENIX Secur. Symp.","author":"Tice","year":"2014"},{"key":"ref18","article-title":"Intel memory protection extensions enabling guide","author":"Ramakesavan","year":"2016"},{"key":"ref19","article-title":"Control-flow enforcement technology specification (revision 3.0)","year":"2019"},{"key":"ref20","article-title":"Armv8-A architecture: 2016 additions","author":"Brash","year":"2016"},{"key":"ref21","article-title":"Adopting the arm memory tagging extension in android","author":"Serebryany","year":"2019"},{"key":"ref22","article-title":"Pointer authentication","year":"2019"},{"key":"ref23","article-title":"Arm architecture reference manual supplement morello for a-profile architecture","year":"2022"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1186736.1186739"},{"key":"ref25","first-page":"1805","article-title":"ConFIRM: Evaluating compatibility and relevance of control-flow integrity protections for modern software","volume-title":"Proc. USENIX Secur. Symp.","author":"Xu","year":"2019"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417867"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076739"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3524127"},{"key":"ref29","article-title":"Pwntools: CTF framework and exploit development library","year":"2024"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.345"},{"key":"ref31","first-page":"1989","article-title":"ARCUS: Symbolic root cause analysis of exploits in production systems","volume-title":"Proc. USENIX Secur. Symp.","author":"Yagemann","year":"2021"},{"key":"ref32","article-title":"Spike, a RISC-V ISA simulator","author":"Waterman","year":"2024"},{"key":"ref33","article-title":"CHERI-QEMU","author":"Watson","year":"2024"},{"key":"ref34","article-title":"Arm morello program","year":"2024"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00066"},{"key":"ref36","article-title":"Supplementary of MSTest","author":"Ouyang","year":"2025"},{"key":"ref37","article-title":"SiFive FU540-C000 manual(v1p4)","year":"2021"},{"key":"ref38","article-title":"Fast models fixed virtual platforms (FVP) reference guide (version 11.25)","year":"2024"},{"key":"ref39","article-title":"How to hijack the global offset table with pointers for root shells","year":"2006"},{"key":"ref40","article-title":"\u2018check failed: Sanitizer_allocator_primary32.h:292\u2019 when running on RISC-V 64 systems using SV48","author":"Nanako","year":"2023"},{"key":"ref41","article-title":"RISC-V user-space pointer masking appears ready for linux 6.13","author":"Larabel","year":"2024"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00010"},{"key":"ref43","article-title":"\/GUARD (enable guard checks)","year":"2022"},{"key":"ref44","article-title":"Intel CET support still getting squared away for linux in 2020","author":"Larabel","year":"2020"},{"key":"ref45","article-title":"GCC lands Cannonlake, Skylake costs; LLVM\/Clang gets intel CET","author":"Larabel","year":"2017"},{"key":"ref46","article-title":"Glibc updated for recent linux CET shadow stack support","author":"Larabel","year":"2024"},{"key":"ref47","article-title":"Arm A-profile architecture developments 2018: Armv8.5-a","author":"Gretton-Dann","year":"2018"},{"key":"ref48","article-title":"Apple platform security: Operating system integrity","year":"2024"},{"key":"ref49","article-title":"Neoverse v1","year":"2024"},{"key":"ref50","article-title":"Arm features in the apple M1 and M2 chips","author":"Lelegard","year":"2024"},{"key":"ref51","article-title":"Arm architecture reference manual Armv8, for Armv8-A architecture profile","year":"2019"},{"key":"ref52","article-title":"Pointer tagging for x86 systems","author":"Corbet","year":"2022"},{"key":"ref53","article-title":"Hardware-assisted addresssanitizer design documentation","year":"2024"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11222740.pdf?arnumber=11222740","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:16:00Z","timestamp":1773710160000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11222740\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":53,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3626811","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}