{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:11:51Z","timestamp":1775873511623,"version":"3.50.1"},"reference-count":81,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA","license":[{"start":{"date-parts":[[2019,10,10]],"date-time":"2019-10-10T00:00:00Z","timestamp":1570665600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100007297","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N000141410468,N000141712947"],"award-info":[{"award-number":["N000141410468,N000141712947"]}],"id":[{"id":"10.13039\/100007297","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1748764,1409668,1850392"],"award-info":[{"award-number":["1748764,1409668,1850392"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8650-15-C-7562"],"award-info":[{"award-number":["FA8650-15-C-7562"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006234","name":"Sandia National Laboratories","doi-asserted-by":"publisher","award":["1701331"],"award-info":[{"award-number":["1701331"]}],"id":[{"id":"10.13039\/100006234","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2019,10,10]]},"abstract":"Binary program dependence analysis determines dependence between instructions and hence is important for many applications that have to deal with executables without any symbol information. A key challenge is to identify if multiple memory read\/write instructions access the same memory location. The state-of-the-art solution is the value set analysis (VSA) that uses abstract interpretation to determine the set of addresses that are possibly accessed by memory instructions. However, VSA is conservative and hence leads to a large number of bogus dependences and then substantial false positives in downstream analyses such as malware behavior analysis. Furthermore, existing public VSA implementations have difficulty scaling to complex binaries. In this paper, we propose a new binary dependence analysis called BDA enabled by a randomized abstract interpretation technique. It features a novel whole program path sampling algorithm that is not biased by path length, and a per-path abstract interpretation avoiding precision loss caused by merging paths in traditional analyses. It also provides probabilistic guarantees. Our evaluation on SPECINT2000 programs shows that it can handle complex binaries such as gcc whereas VSA implementations from the-state-of-art platforms have difficulty producing results for many SPEC binaries. In addition, the dependences reported by BDA are 75 and 6 times smaller than Alto, a scalable binary dependence analysis tool, and VSA, respectively, with only 0.19% of true dependences observed during dynamic execution missed (by BDA). Applying BDA to call graph generation and malware analysis shows that BDA substantially supersedes the commercial tool IDA in recovering indirect call targets and outperforms a state-of-the-art malware analysis tool Cuckoo by disclosing 3 times more hidden payloads.<\/jats:p>","DOI":"10.1145\/3360563","type":"journal-article","created":{"date-parts":[[2019,10,11]],"date-time":"2019-10-11T14:53:33Z","timestamp":1570805613000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretation"],"prefix":"10.1145","volume":"3","author":[{"given":"Zhuo","family":"Zhang","sequence":"first","affiliation":[{"name":"Purdue University, USA"}]},{"given":"Wei","family":"You","sequence":"additional","affiliation":[{"name":"Renmin University of China, China"}]},{"given":"Guanhong","family":"Tao","sequence":"additional","affiliation":[{"name":"Purdue University, USA"}]},{"given":"Guannan","family":"Wei","sequence":"additional","affiliation":[{"name":"Purdue University, USA"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}]},{"given":"Xiangyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Purdue University, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,10,10]]},"reference":[{"key":"e_1_2_2_1_1","volume-title":"SPEC2000","author":"ATA.","year":"2018","unstructured":"ATA. 2018 . SPEC2000 . http:\/\/www.spec2000.com\/ . ATA. 2018. SPEC2000. http:\/\/www.spec2000.com\/ ."},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24723-4_2"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/243846.243857"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.1996.566449"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786823"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2363.2366"},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786832"},{"key":"e_1_2_2_8_1","volume-title":"CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 463\u2013469","author":"Brumley David","unstructured":"David Brumley , Ivan Jager , Thanassis Avgerinos , and Edward J. Schwartz . 2011. BAP: A Binary Analysis Platform. In Computer Aided Verification - 23rd International Conference , CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 463\u2013469 . David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. 2011. BAP: A Binary Analysis Platform. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 463\u2013469."},{"key":"e_1_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315286"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950310"},{"key":"e_1_2_2_11_1","volume-title":"Neural Nets Can Learn Function Type Signatures From Binaries. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Chua Zheng Leong","year":"2017","unstructured":"Zheng Leong Chua , Shiqi Shen , Prateek Saxena , and Zhenkai Liang . 2017 . Neural Nets Can Learn Function Type Signatures From Binaries. In 26th USENIX Security Symposium, USENIX Security 2017 , Vancouver, BC, Canada , August 16-18, 2017. 99\u2013116. Zheng Leong Chua, Shiqi Shen, Prateek Saxena, and Zhenkai Liang. 2017. Neural Nets Can Learn Function Type Signatures From Binaries. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017. 99\u2013116."},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_2_2_13_1","volume-title":"Understanding Linux Malware. In 2018 IEEE Symposium on Security and Privacy, SP 2018","author":"Cozzi Emanuele","year":"2018","unstructured":"Emanuele Cozzi , Mariano Graziano , Yanick Fratantonio , and Davide Balzarotti . 2018 . Understanding Linux Malware. In 2018 IEEE Symposium on Security and Privacy, SP 2018 , Proceedings, 21-23 May 2018, San Francisco, California, USA. 161\u2013175. Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2018. Understanding Linux Malware. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA. 161\u2013175."},{"key":"e_1_2_2_14_1","unstructured":"Cuckoo. 2014. Cuckoo Sandbox. https:\/\/cuckoosandbox.org\/ . Cuckoo. 2014. Cuckoo Sandbox. https:\/\/cuckoosandbox.org\/ ."},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512538"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268948"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178263"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375615"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"e_1_2_2_20_1","volume-title":"Language-Level Symmetry Reduction for Probabilistic Model Checking. In QEST 2009, Sixth International Conference on the Quantitative Evaluation of Systems","author":"Donaldson Alastair F.","year":"2009","unstructured":"Alastair F. Donaldson , Alice Miller , and David Parker . 2009 . Language-Level Symmetry Reduction for Probabilistic Model Checking. In QEST 2009, Sixth International Conference on the Quantitative Evaluation of Systems , Budapest, Hungary , 13-16 September 2009. 289\u2013298. Alastair F. Donaldson, Alice Miller, and David Parker. 2009. Language-Level Symmetry Reduction for Probabilistic Model Checking. In QEST 2009, Sixth International Conference on the Quantitative Evaluation of Systems, Budapest, Hungary, 13-16 September 2009. 289\u2013298."},{"key":"e_1_2_2_21_1","volume-title":"Proceedings of the ACM SIGPLAN\u201994 Conference on Programming Language Design and Implementation (PLDI)","author":"Emami Maryam","year":"1994","unstructured":"Maryam Emami , Rakesh Ghiya , and Laurie J. Hendren . 1994. Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers . In Proceedings of the ACM SIGPLAN\u201994 Conference on Programming Language Design and Implementation (PLDI) , Orlando, Florida, USA , June 20-24, 1994 . 242\u2013256. Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. 1994. Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers. In Proceedings of the ACM SIGPLAN\u201994 Conference on Programming Language Design and Implementation (PLDI), Orlando, Florida, USA, June 20-24, 1994. 242\u2013256."},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106249"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/24039.24041"},{"key":"e_1_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985840"},{"key":"e_1_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.83912"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336773"},{"key":"e_1_2_2_27_1","unstructured":"GrammaTech. 2008. CodeSurfer. https:\/\/www.grammatech.com\/products\/codesurfer . GrammaTech. 2008. CodeSurfer. https:\/\/www.grammatech.com\/products\/codesurfer ."},{"key":"e_1_2_2_28_1","volume-title":"Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New Orleans","author":"Gulwani Sumit","year":"2003","unstructured":"Sumit Gulwani and George C. Necula . 2003. Discovering affine equalities using random interpretation . In Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New Orleans , Louisisana, USA , January 15-17, 2003 . 74\u201384. Sumit Gulwani and George C. Necula. 2003. Discovering affine equalities using random interpretation. In Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, New Orleans, Louisisana, USA, January 15-17, 2003. 74\u201384."},{"key":"e_1_2_2_29_1","volume-title":"Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004","author":"Gulwani Sumit","year":"2004","unstructured":"Sumit Gulwani and George C. Necula . 2004. Global value numbering using random interpretation . In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004 , Venice, Italy , January 14-16, 2004 . 342\u2013352. Sumit Gulwani and George C. Necula. 2004. Global value numbering using random interpretation. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, Venice, Italy, January 14-16, 2004. 342\u2013352."},{"key":"e_1_2_2_30_1","volume-title":"Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005","author":"Gulwani Sumit","year":"2005","unstructured":"Sumit Gulwani and George C. Necula . 2005. Precise interprocedural analysis using random interpretation . In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005 , Long Beach, California, USA , January 12-14, 2005 . 324\u2013337. Sumit Gulwani and George C. Necula. 2005. Precise interprocedural analysis using random interpretation. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005. 324\u2013337."},{"key":"e_1_2_2_31_1","volume-title":"DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis. In 28th USENIX Security Symposium, USENIX Security","author":"Guo Wenbo","year":"2019","unstructured":"Wenbo Guo , Dongliang Mu , Min Du , Xinyu Xing , and Dawn Song . 2019 . DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis. In 28th USENIX Security Symposium, USENIX Security 2019. Wenbo Guo, Dongliang Mu, Min Du, Xinyu Xing, and Dawn Song. 2019. DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis. In 28th USENIX Security Symposium, USENIX Security 2019."},{"key":"e_1_2_2_32_1","volume-title":"Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004","author":"Hauswirth Matthias","year":"2004","unstructured":"Matthias Hauswirth and Trishul M. Chilimbi . 2004. Low-overhead memory leak detection using adaptive statistical profiling . In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004 , Boston, MA, USA , October 7-13, 2004 . 156\u2013164. Matthias Hauswirth and Trishul M. Chilimbi. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004, Boston, MA, USA, October 7-13, 2004. 156\u2013164."},{"key":"e_1_2_2_33_1","unstructured":"Hex-Rays. 2008. IDA. https:\/\/www.hex- rays.com\/products\/ida . Hex-Rays. 2008. IDA. https:\/\/www.hex- rays.com\/products\/ida ."},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1216374.1216379"},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375613"},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.10"},{"key":"e_1_2_2_37_1","volume-title":"CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 585\u2013591","author":"Kwiatkowska Marta Z.","year":"2011","unstructured":"Marta Z. Kwiatkowska , Gethin Norman , and David Parker . 2011 . PRISM 4.0: Verification of Probabilistic Real-Time Systems. In Computer Aided Verification - 23rd International Conference , CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 585\u2013591 . Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of Probabilistic Real-Time Systems. In Computer Aided Verification - 23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings. 585\u2013591."},{"key":"e_1_2_2_38_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2011","author":"Lee JongHyup","year":"2011","unstructured":"JongHyup Lee , Thanassis Avgerinos , and David Brumley . 2011 . TIE: Principled Reverse Engineering of Types in Binary Programs . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011 , San Diego, California, USA, 6th February - 9th February 2011. JongHyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled Reverse Engineering of Types in Binary Programs. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011."},{"key":"e_1_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1926385.1926389"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"e_1_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/318773.318943"},{"key":"e_1_2_2_42_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2008","author":"Lin Zhiqiang","year":"2008","unstructured":"Zhiqiang Lin , Xuxian Jiang , Dongyan Xu , and Xiangyu Zhang . 2008 . Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 , San Diego, California, USA, 10th February - 13th February 2008. Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang. 2008. Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February - 13th February 2008."},{"key":"e_1_2_2_43_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2010","author":"Lin Zhiqiang","year":"2010","unstructured":"Zhiqiang Lin , Xiangyu Zhang , and Dongyan Xu . 2010 . Automatic Reverse Engineering of Data Structures from Binary Execution . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010 , San Diego, California, USA, 28th February - 3rd March 2010. Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2010. Automatic Reverse Engineering of Data Structures from Binary Execution. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010."},{"key":"e_1_2_2_44_1","volume-title":"Proceedings of the Conference on Software Maintenance, ICSM 1993","author":"Joseph","year":"1993","unstructured":"Joseph P. Loyall and Susan A. Mathisen. 1993. Using Dependence Analysis to Support the Software Maintenance Process . In Proceedings of the Conference on Software Maintenance, ICSM 1993 , Montr\u00e9al, Quebec, Canada , September 1993 . 282\u2013291. Joseph P. Loyall and Susan A. Mathisen. 1993. Using Dependence Analysis to Support the Software Maintenance Process. In Proceedings of the Conference on Software Maintenance, ICSM 1993, Montr\u00e9al, Quebec, Canada, September 1993. 282\u2013291."},{"key":"e_1_2_2_45_1","volume-title":"Optimal discrete uniform generation from coin flips, and applications. arXiv preprint arXiv:1304.1916","author":"Lumbroso J\u00e9r\u00e9mie","year":"2013","unstructured":"J\u00e9r\u00e9mie Lumbroso . 2013. Optimal discrete uniform generation from coin flips, and applications. arXiv preprint arXiv:1304.1916 ( 2013 ). J\u00e9r\u00e9mie Lumbroso. 2013. Optimal discrete uniform generation from coin flips, and applications. arXiv preprint arXiv:1304.1916 (2013)."},{"key":"e_1_2_2_46_1","volume-title":"Probabilistic Disassembly. In Proceedings of the 41st ACM\/IEEE International Conference on Software Engineering (ICSE","author":"Miller Kenneth","year":"2019","unstructured":"Kenneth Miller , Yonghwi Kwon , Yi Sun , Zhuo Zhang , Xiangyu Zhang , and Zhiqiang Lin . 2019 . Probabilistic Disassembly. In Proceedings of the 41st ACM\/IEEE International Conference on Software Engineering (ICSE 2019). Kenneth Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin. 2019. Probabilistic Disassembly. In Proceedings of the 41st ACM\/IEEE International Conference on Software Engineering (ICSE 2019)."},{"key":"e_1_2_2_47_1","volume-title":"Koen De Bosschere, and Vakgroep Elektronica En Informatiesystemen","author":"Muth Robert","year":"1998","unstructured":"Robert Muth , Saumya Debray , Scott Watterson , Koen De Bosschere, and Vakgroep Elektronica En Informatiesystemen . 1998 . alto: A link-time optimizer for the DEC Alpha . (1998). Robert Muth, Saumya Debray, Scott Watterson, Koen De Bosschere, and Vakgroep Elektronica En Informatiesystemen. 1998. alto: A link-time optimizer for the DEC Alpha. (1998)."},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_2_2_49_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Xiaodong Song . 2005 . Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA. James Newsome and Dawn Xiaodong Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA."},{"key":"e_1_2_2_50_1","volume-title":"14th International Conference, CC 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings. 204\u2013220","author":"Olmos Karina","year":"2005","unstructured":"Karina Olmos and Eelco Visser . 2005 . Composing Source-to-Source Data-Flow Transformations with Rewriting Strategies and Dependent Dynamic Rewrite Rules. In Compiler Construction , 14th International Conference, CC 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings. 204\u2013220 . Karina Olmos and Eelco Visser. 2005. Composing Source-to-Source Data-Flow Transformations with Rewriting Strategies and Dependent Dynamic Rewrite Rules. In Compiler Construction, 14th International Conference, CC 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings. 204\u2013220."},{"key":"e_1_2_2_51_1","volume-title":"2013 28th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2013","author":"Palepu Vijay Krishna","year":"2013","unstructured":"Vijay Krishna Palepu , Guoqing (Harry) Xu , and James A. Jones . 2013. Improving efficiency of dynamic analysis with dynamic dependence summaries . In 2013 28th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2013 , Silicon Valley, CA, USA , November 11-15, 2013 . 59\u201369. Vijay Krishna Palepu, Guoqing (Harry) Xu, and James A. Jones. 2013. Improving efficiency of dynamic analysis with dynamic dependence summaries. In 2013 28th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2013, Silicon Valley, CA, USA, November 11-15, 2013. 59\u201369."},{"key":"e_1_2_2_52_1","unstructured":"Pancake. 2018. Radare2. https:\/\/rada.re\/r\/ . Pancake. 2018. Radare2. https:\/\/rada.re\/r\/ ."},{"key":"e_1_2_2_53_1","volume-title":"DIMVA 2015, Milan, Italy, July 9-10, 2015, Proceedings. 144\u2013164","author":"Payer Mathias","unstructured":"Mathias Payer , Antonio Barresi , and Thomas R. Gross . 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference , DIMVA 2015, Milan, Italy, July 9-10, 2015, Proceedings. 144\u2013164 . Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference, DIMVA 2015, Milan, Italy, July 9-10, 2015, Proceedings. 144\u2013164."},{"key":"e_1_2_2_54_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-Force: Force-Executing Binary Programs for Security Applications . In Proceedings of the 23rd USENIX Security Symposium , San Diego, CA, USA , August 20-22, 2014. 829\u2013844. Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014. 829\u2013844."},{"key":"e_1_2_2_55_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Quach Anh","year":"2018","unstructured":"Anh Quach , Aravind Prakash , and Lok-Kwong Yan . 2018 . Debloating Software through Piece-Wise Compilation and Loading . In 27th USENIX Security Symposium, USENIX Security 2018 , Baltimore, MD, USA , August 15-17, 2018. 869\u2013886. Anh Quach, Aravind Prakash, and Lok-Kwong Yan. 2018. Debloating Software through Piece-Wise Compilation and Loading. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. 869\u2013886."},{"key":"e_1_2_2_56_1","volume-title":"VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat , Vivek Jain , Ashish Kumar , Lucian Cojocar , Cristiano Giuffrida , and Herbert Bos . 2017 . VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017 , San Diego, California, USA, February 26 - March 1, 2017. Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Applicationaware Evolutionary Fuzzing. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017."},{"key":"e_1_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572287"},{"key":"e_1_2_2_59_1","volume-title":"Recognizing Functions in Binaries with Neural Networks. In 24th USENIX Security Symposium, USENIX Security 15","author":"Richard Shin Eui Chul","year":"2015","unstructured":"Eui Chul Richard Shin , Dawn Song , and Reza Moazzezi . 2015 . Recognizing Functions in Binaries with Neural Networks. In 24th USENIX Security Symposium, USENIX Security 15 , Washington, D.C., USA , August 12-14, 2015. 611\u2013626. Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. 611\u2013626."},{"key":"e_1_2_2_60_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2011","author":"Slowinska Asia","year":"2011","unstructured":"Asia Slowinska , Traian Stancescu , and Herbert Bos . 2011 . Howard: A Dynamic Excavator for Reverse Engineering Data Structures . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011 , San Diego, California, USA, 6th February - 9th February 2011. Asia Slowinska, Traian Stancescu, and Herbert Bos. 2011. Howard: A Dynamic Excavator for Reverse Engineering Data Structures. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011."},{"key":"e_1_2_2_61_1","volume-title":"4th International Conference, ICISS 2008, Hyderabad, India, December 16-20, 2008. Proceedings. 1\u201325","author":"Song Dawn Xiaodong","year":"2008","unstructured":"Dawn Xiaodong Song , David Brumley , Heng Yin , Juan Caballero , Ivan Jager , Min Gyung Kang , Zhenkai Liang , James Newsome , Pongsin Poosankam , and Prateek Saxena . 2008 . BitBlaze: A New Approach to Computer Security via Binary Analysis. In Information Systems Security , 4th International Conference, ICISS 2008, Hyderabad, India, December 16-20, 2008. Proceedings. 1\u201325 . Dawn Xiaodong Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Information Systems Security, 4th International Conference, ICISS 2008, Hyderabad, India, December 16-20, 2008. Proceedings. 1\u201325."},{"key":"e_1_2_2_62_1","volume-title":"Points-to Analysis in Almost Linear Time. In Conference Record of POPL\u201996: The 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, St","author":"Steensgaard Bjarne","year":"1996","unstructured":"Bjarne Steensgaard . 1996 . Points-to Analysis in Almost Linear Time. In Conference Record of POPL\u201996: The 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, St . Petersburg Beach, Florida, USA , January 21-24, 1996. 32\u201341. Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Conference Record of POPL\u201996: The 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, St. Petersburg Beach, Florida, USA, January 21-24, 1996. 32\u201341."},{"key":"e_1_2_2_63_1","volume-title":"Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 2000","author":"Sutter Bjorn De","year":"2000","unstructured":"Bjorn De Sutter , Bruno De Bus , Koenraad De Bosschere , P. Keyngnaert , and Bart Demoen . 2000 . On the Static Analysis of Indirect Control Transfers in Binaries . In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 2000 , June 24-29, 2000, Las Vegas, Nevada, USA. Bjorn De Sutter, Bruno De Bus, Koenraad De Bosschere, P. Keyngnaert, and Bart Demoen. 2000. On the Static Analysis of Indirect Control Transfers in Binaries. In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 2000, June 24-29, 2000, Las Vegas, Nevada, USA."},{"key":"e_1_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/RTCSA.2000.896367"},{"key":"e_1_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062359"},{"key":"e_1_2_2_66_1","volume-title":"ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 53\u201379","author":"Toronto Neil","year":"2015","unstructured":"Neil Toronto , Jay McCarthy , and David Van Horn . 2015 . Running Probabilistic Programs Backwards. In Programming Languages and Systems - 24th European Symposium on Programming , ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 53\u201379 . Neil Toronto, Jay McCarthy, and David Van Horn. 2015. Running Probabilistic Programs Backwards. In Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 53\u201379."},{"key":"e_1_2_2_67_1","unstructured":"UCSB. 2008. ANGR. https:\/\/angr.io\/ . UCSB. 2008. ANGR. https:\/\/angr.io\/ ."},{"key":"e_1_2_2_68_1","unstructured":"VirusTotal. 2018. VirusTotal. https:\/\/www.virustotal.com\/ . VirusTotal. 2018. VirusTotal. https:\/\/www.virustotal.com\/ ."},{"key":"e_1_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3141235.3141244"},{"key":"e_1_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390658"},{"key":"e_1_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"e_1_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950343"},{"key":"e_1_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/581888.581894"},{"key":"e_1_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_2_2_75_1","volume-title":"PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In 2020 IEEE Symposium on Security and Privacy, SP 2020","author":"You Wei","year":"2020","unstructured":"Wei You , Zhuo Zhang , Yonghwi Kwon , Yousra Aafer , Fei Peng , Yu Shi , Carson Harmon , and Xiangyu Zhang . 2020 . PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In 2020 IEEE Symposium on Security and Privacy, SP 2020 , Proceedings, 18-20 May 2020, San Francisco, California, USA. IEEE Computer Society. Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, and Xiangyu Zhang. 2020. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In 2020 IEEE Symposium on Security and Privacy, SP 2020, Proceedings, 18-20 May 2020, San Francisco, California, USA. IEEE Computer Society."},{"key":"e_1_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516664"},{"key":"e_1_2_2_77_1","unstructured":"Zhuo Zhang Wei You Guanhong Tao Guannan Wei Yonghwi Kwon and Xiangyu Zhang. 2019a. BDA. https:\/\/github.com\/ bda- tool\/bda . Zhuo Zhang Wei You Guanhong Tao Guannan Wei Yonghwi Kwon and Xiangyu Zhang. 2019a. BDA. https:\/\/github.com\/ bda- tool\/bda ."},{"key":"e_1_2_2_78_1","unstructured":"Zhuo Zhang Wei You Guanhong Tao Guannan Wei Yonghwi Kwon and Xiangyu Zhang. 2019b. BDA Supplementary Material. https:\/\/github.com\/bda- tool\/bda\/blob\/master\/Supplementary_Material.pdf . Zhuo Zhang Wei You Guanhong Tao Guannan Wei Yonghwi Kwon and Xiangyu Zhang. 2019b. BDA Supplementary Material. https:\/\/github.com\/bda- tool\/bda\/blob\/master\/Supplementary_Material.pdf ."},{"key":"e_1_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/1328438.1328464"},{"key":"e_1_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375634.1375648"},{"key":"e_1_2_2_81_1","volume-title":"Dytaint: The implementation of a novel lightweight 3-state dynamic taint analysis framework for x86 binary programs. Computers &","author":"Zhu Erzhou","year":"2015","unstructured":"Erzhou Zhu , Feng Liu , Zuo Wang , Alei Liang , Yiwen Zhang , Xuejian Li , and Xuejun Li . 2015 . Dytaint: The implementation of a novel lightweight 3-state dynamic taint analysis framework for x86 binary programs. Computers & ; Security 52 (2015), 51\u201369. Erzhou Zhu, Feng Liu, Zuo Wang, Alei Liang, Yiwen Zhang, Xuejian Li, and Xuejun Li. 2015. Dytaint: The implementation of a novel lightweight 3-state dynamic taint analysis framework for x86 binary programs. Computers & Security 52 (2015), 51\u201369."}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3360563","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3360563","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3360563","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:22:59Z","timestamp":1750202579000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3360563"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,10]]},"references-count":81,"journal-issue":{"issue":"OOPSLA","published-print":{"date-parts":[[2019,10,10]]}},"alternative-id":["10.1145\/3360563"],"URL":"https:\/\/doi.org\/10.1145\/3360563","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,10,10]]},"assertion":[{"value":"2019-10-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}