{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T15:23:19Z","timestamp":1773760999980,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,12,5]],"date-time":"2016-12-05T00:00:00Z","timestamp":1480896000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001665","name":"Agence Nationale de la Recherche","doi-asserted-by":"publisher","award":["ANR-12-INSE-0002"],"award-info":[{"award-number":["ANR-12-INSE-0002"]}],"id":[{"id":"10.13039\/501100001665","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,12,5]]},"DOI":"10.1145\/3015135.3015137","type":"proceedings-article","created":{"date-parts":[[2016,12,7]],"date-time":"2016-12-07T20:36:32Z","timestamp":1481142992000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Finding the needle in the heap"],"prefix":"10.1145","author":[{"given":"Josselin","family":"Feist","sequence":"first","affiliation":[{"name":"Verimag \/ UGA, Grenoble, France"}]},{"given":"Laurent","family":"Mounier","sequence":"additional","affiliation":[{"name":"Verimag \/ UGA, Grenoble, France"}]},{"given":"S\u00e9bastien","family":"Bardin","sequence":"additional","affiliation":[{"name":"Universit\u00e9 Paris-Saclay, France"}]},{"given":"Robin","family":"David","sequence":"additional","affiliation":[{"name":"Universit\u00e9 Paris-Saclay, France"}]},{"given":"Marie-Laure","family":"Potet","sequence":"additional","affiliation":[{"name":"Verimag \/ UGA, Grenoble, France"}]}],"member":"320","published-online":{"date-parts":[[2016,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AFL. American fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/.  AFL. American fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001423"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1749608.1749612"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2013.49"},{"key":"e_1_3_2_1_6_1","volume-title":"TAP 2014, Held as Part of STAF 2014, York, UK, July 24--25, 2014. Proceedings. Springer","author":"Bardin S.","year":"2014","unstructured":"S. Bardin , O. Chebaro , M. Delahaye , and N. Kosmatov . An all-in-one toolkit for automated white-box testing. In Tests and Proofs - 8th International Conference , TAP 2014, Held as Part of STAF 2014, York, UK, July 24--25, 2014. Proceedings. Springer , 2014 . S. Bardin, O. Chebaro, M. Delahaye, and N. Kosmatov. An all-in-one toolkit for automated white-box testing. In Tests and Proofs - 8th International Conference, TAP 2014, Held as Part of STAF 2014, York, UK, July 24--25, 2014. Proceedings. Springer, 2014."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2015.7102607"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.423"},{"key":"e_1_3_2_1_9_1","volume-title":"CAV 2011, 2011","author":"Bardin S.","year":"2011","unstructured":"S. Bardin , P. Herrmann , J. Leroux , O. Ly , R. Tabary , and A. Vincent . The Bincoa Framework for Binary Code Analysis. In Computer Aided Verification - 23rd International Conference , CAV 2011, 2011 . Springer , 2011 . S. Bardin, P. Herrmann, J. Leroux, O. Ly, R. Tabary, and A. Vincent. The Bincoa Framework for Binary Code Analysis. In Computer Aided Verification - 23rd International Conference, CAV 2011, 2011. Springer, 2011."},{"key":"e_1_3_2_1_10_1","volume-title":"VMCAI 2011, Austin, TX, USA, January 23--25, 2011. Proceedings. Springer","author":"Bardin S.","year":"2011","unstructured":"S. Bardin , P. Herrmann , and F. V\u00e9drine . Refinement-based CFG reconstruction from unstructured programs. In Verification, Model Checking, and abstract Interpretation - 12th International Conference , VMCAI 2011, Austin, TX, USA, January 23--25, 2011. Proceedings. Springer , 2011 . S. Bardin, P. Herrmann, and F. V\u00e9drine. Refinement-based CFG reconstruction from unstructured programs. In Verification, Model Checking, and abstract Interpretation - 12th International Conference, VMCAI 2011, Austin, TX, USA, January 23--25, 2011. Proceedings. Springer, 2011."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1646353.1646374"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00768-2_16"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336769"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI'08","author":"Cadar C.","year":"2008","unstructured":"C. Cadar , D. Dunbar , and D. Engler . Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs . In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI'08 . USENIX Association , 2008 . C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI'08. USENIX Association, 2008."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_1_18_1","volume-title":"BlackHatUSA","author":"Cesare S.","year":"2013","unstructured":"S. Cesare . Bugalyze.com - detecting bugs using decompilation and data flow analysis . In BlackHatUSA , 2013 . S. Cesare. Bugalyze.com - detecting bugs using decompilation and data flow analysis. In BlackHatUSA, 2013."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-013-0127-x"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110358"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451152"},{"key":"e_1_3_2_1_24_1","unstructured":"Darpa. Cyber grand challenge. https:\/\/www.cybergrandchallenge.com.  Darpa. Cyber grand challenge. https:\/\/www.cybergrandchallenge.com."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931048"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.43"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46681-0_17"},{"key":"e_1_3_2_1_28_1","volume-title":"CanSecWest","author":"Dullien T.","year":"2009","unstructured":"T. Dullien and S. Porst . Reil: A platform-independent intermediate representation of disassembled code for static code analysis . CanSecWest , 2009 . T. Dullien and S. Porst. Reil: A platform-independent intermediate representation of disassembled code for static code analysis. CanSecWest, 2009."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2008.06.039"},{"issue":"3","key":"e_1_3_2_1_30_1","volume":"10","author":"Feist J.","year":"2014","unstructured":"J. Feist , L. Mounier , and M. Potet . Statically detecting use after free on binary code. J. Computer Virology and Hacking Techniques , 10 ( 3 ), 2014 . J. Feist, L. Mounier, and M. Potet. Statically detecting use after free on binary code. J. Computer Virology and Hacking Techniques, 10(3), 2014.","journal-title":"Statically detecting use after free on binary code. J. Computer Virology and Hacking Techniques"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-41591-8_6"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993529"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1064978.1065036"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2008","author":"Godefroid P.","year":"2008","unstructured":"P. Godefroid , M. Y. Levin , and D. A. Molnar . Automated whitebox fuzz testing . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 , San Diego, California, USA, 10th February - 13th February 2008 . The Internet Society, 2008. P. Godefroid, M. Y. Levin, and D. A. Molnar. Automated whitebox fuzz testing. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February - 13th February 2008. The Internet Society, 2008."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"e_1_3_2_1_36_1","unstructured":"P. Goodman. Pointsto: Static use-after-free detector for c\/c++. https:\/\/blog.trailofbits.com\/2016\/03\/09\/the-problem-with-dynamic-program-analysis\/.  P. Goodman. Pointsto: Static use-after-free detector for c\/c++. https:\/\/blog.trailofbits.com\/2016\/03\/09\/the-problem-with-dynamic-program-analysis\/."},{"key":"e_1_3_2_1_37_1","unstructured":"GUEB. Static analyzer detecting use-after-free on binary. https:\/\/github.com\/montyly\/gueb.  GUEB. Static analyzer detecting use-after-free on binary. https:\/\/github.com\/montyly\/gueb."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 22Nd USENIX Conference on Security, SEC'13. USENIX Association","author":"Haller I.","year":"2013","unstructured":"I. Haller , A. Slowinska , M. Neugschwandtner , and H. Bos . Dowsing for overflows: A guided fuzzer to find buffer boundary violations . In Proceedings of the 22Nd USENIX Conference on Security, SEC'13. USENIX Association , 2013 . I. Haller, A. Slowinska, M. Neugschwandtner, and H. Bos. Dowsing for overflows: A guided fuzzer to find buffer boundary violations. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13. USENIX Association, 2013."},{"key":"e_1_3_2_1_39_1","unstructured":"Hex-rays. Hex-rays decompiler. https:\/\/www.hex-rays.com\/products\/decompiler\/index.shtml.  Hex-rays. Hex-rays decompiler. https:\/\/www.hex-rays.com\/products\/decompiler\/index.shtml."},{"key":"e_1_3_2_1_40_1","unstructured":"HP. Fortify static code analyzer. http:\/\/www8.hp.com\/us\/en\/software-solutions\/static-code-analysis-sast\/.  HP. Fortify static code analyzer. http:\/\/www8.hp.com\/us\/en\/software-solutions\/static-code-analysis-sast\/."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23238"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483778"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"e_1_3_2_1_45_1","unstructured":"S. Nagarakatte. Softboundcets. http:\/\/www.cs.rutgers.edu\/~santosh.nagarakatte\/softbound\/.  S. Nagarakatte. Softboundcets. http:\/\/www.cs.rutgers.edu\/~santosh.nagarakatte\/softbound\/."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"key":"e_1_3_2_1_49_1","unstructured":"radamsa. A general purpose fuzzer. https:\/\/github.com\/aoh\/radamsa.  radamsa. A general purpose fuzzer. https:\/\/github.com\/aoh\/radamsa."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095430.1081750"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC'12. USENIX Association","author":"Serebryany K.","year":"2012","unstructured":"K. Serebryany , D. Bruening , A. Potapenko , and D. Vyukov . Addresssanitizer: A fast address sanity checker . In Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC'12. USENIX Association , 2012 . K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Addresssanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC'12. USENIX Association, 2012."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_1_53_1","volume-title":"Fuzzing: Brute Force Vulnerability Discovery","author":"Sutton M.","year":"2007","unstructured":"M. Sutton , A. Greene , and P. Amini . Fuzzing: Brute Force Vulnerability Discovery . Addison-Wesley Professional , 2007 . M. Sutton, A. Greene, and P. Amini. Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, 2007."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/1025115.1025228"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270315"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23190"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755913.1755946"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818833"},{"key":"e_1_3_2_1_59_1","unstructured":"Zynamics. BinNavi. http:\/\/www.zynamics.com\/binnavi.html.  Zynamics. BinNavi. http:\/\/www.zynamics.com\/binnavi.html."}],"event":{"name":"SSPREW '16: Software Security, Protection, and Reverse Engineering Workshop","location":"Los Angeles California USA","acronym":"SSPREW '16"},"container-title":["Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3015135.3015137","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3015135.3015137","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:18Z","timestamp":1750220658000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3015135.3015137"}},"subtitle":["combining static analysis and dynamic symbolic execution to trigger use-after-free"],"short-title":[],"issued":{"date-parts":[[2016,12,5]]},"references-count":59,"alternative-id":["10.1145\/3015135.3015137","10.1145\/3015135"],"URL":"https:\/\/doi.org\/10.1145\/3015135.3015137","relation":{},"subject":[],"published":{"date-parts":[[2016,12,5]]},"assertion":[{"value":"2016-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}