{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T16:58:27Z","timestamp":1774717107554,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,7]],"date-time":"2020-11-07T00:00:00Z","timestamp":1604707200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-13-2-0045"],"award-info":[{"award-number":["W911NF-13-2-0045"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1718997"],"award-info":[{"award-number":["CNS-1718997"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3368089.3409686","type":"proceedings-article","created":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T00:37:56Z","timestamp":1607647076000},"page":"221-232","source":"Crossref","is-referenced-by-count":26,"title":["UBITect: a precise and scalable method to detect use-before-initialization bugs in Linux kernel"],"prefix":"10.1145","author":[{"given":"Yizhuo","family":"Zhai","sequence":"first","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Yu","family":"Hao","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Hang","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Daimeng","family":"Wang","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Chengyu","family":"Song","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Mohsen","family":"Lesani","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Srikanth V.","family":"Krishnamurthy","sequence":"additional","affiliation":[{"name":"University of California at Riverside, USA"}]},{"given":"Paul","family":"Yu","sequence":"additional","affiliation":[{"name":"U.S. Army Research Laboratory, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,11,7]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2014. Andersen's inclusion-based pointer analysis re-implementation in LLVM. https:\/\/github.com\/grievejia\/andersen\/graphs\/contributors.  2014. Andersen's inclusion-based pointer analysis re-implementation in LLVM. https:\/\/github.com\/grievejia\/andersen\/graphs\/contributors."},{"key":"e_1_3_2_2_2_1","volume-title":"CVE2018-6981"},{"key":"e_1_3_2_2_3_1","unstructured":"2020. CWE-476 : NULL Pointer Dereference. https:\/\/cwe.mitre.org\/data\/ definitions\/476.html.  2020. CWE-476 : NULL Pointer Dereference. https:\/\/cwe.mitre.org\/data\/ definitions\/476.html."},{"key":"e_1_3_2_2_4_1","unstructured":"2020. Qualifier Type Inference. https:\/\/github.com\/seclab-ucr\/UBITect\/blob\/ master\/QualifierTypeInference.pdf.  2020. Qualifier Type Inference. https:\/\/github.com\/seclab-ucr\/UBITect\/blob\/ master\/QualifierTypeInference.pdf."},{"key":"e_1_3_2_2_5_1","unstructured":"2020. UBITect. https:\/\/github.com\/seclab-ucr\/UBITect  2020. UBITect. https:\/\/github.com\/seclab-ucr\/UBITect"},{"key":"e_1_3_2_2_6_1","volume-title":"KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In USENIX Symposium on Operating Systems Design and Implementation (OSDI).","author":"Cadar Cristian","year":"2008"},{"key":"e_1_3_2_2_7_1","unstructured":"K. Cook. 2011. Kernel Exploitation Via Uninitialized Stack. https: \/\/www.defcon.org\/images\/defcon-19\/dc-19-presentations\/Cook\/DEFCON-19-Cook-Kernel-Exploitation.pdf..  K. Cook. 2011. Kernel Exploitation Via Uninitialized Stack. https: \/\/www.defcon.org\/images\/defcon-19\/dc-19-presentations\/Cook\/DEFCON-19-Cook-Kernel-Exploitation.pdf.."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/502059.502041"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"crossref","unstructured":"Jefrey S Foster Tachio Terauchi and Alex Aiken. 2002. Flow-sensitive type qualifiers. Vol. 37. ACM. https:\/\/doi.org\/10.1145\/512529.512531 10.1145\/512529.512531  Jefrey S Foster Tachio Terauchi and Alex Aiken. 2002. Flow-sensitive type qualifiers. Vol. 37. ACM. https:\/\/doi.org\/10.1145\/512529.512531 10.1145\/512529.512531","DOI":"10.1145\/512529.512531"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23326"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108768.1108798"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_10"},{"key":"e_1_3_2_2_13_1","volume-title":"Finding User\/Kernel Pointer Bugs with Type Inference. In USENIX Security Symposium (Security)","volume":"2","author":"Johnson Rob","year":"2004"},{"key":"e_1_3_2_2_14_1","volume-title":"USENIX Security Symposium (Security).","author":"Lu Kangjie","year":"2019"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978366"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"e_1_3_2_2_17_1","volume-title":"DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In USENIX Security Symposium (Security).","author":"Machiry Aravind","year":"2017"},{"key":"e_1_3_2_2_18_1","unstructured":"Daniel Marjam\u00e4ki. 2019. Cppcheck: a tool for static c\/c++ code analysis. http:\/\/cppcheck.sourceforge.net\/.  Daniel Marjam\u00e4ki. 2019. Cppcheck: a tool for static c\/c++ code analysis. http:\/\/cppcheck.sourceforge.net\/."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23183"},{"key":"e_1_3_2_2_20_1","unstructured":"Matt Miller. 2019. Trends Challenges and Strategic Shifts in the Software Vulnerability Mitigation Landscape. In BlueHat IL.  Matt Miller. 2019. Trends Challenges and Strategic Shifts in the Software Vulnerability Mitigation Landscape. In BlueHat IL."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815422"},{"key":"e_1_3_2_2_22_1","unstructured":"PaX Team. 2013. PaX-gcc plugins galore. https:\/\/pax.grsecurity.net\/docs\/ PaXTeam-H2HC13-PaX-gcc-plugins.pdf.  PaX Team. 2013. PaX-gcc plugins galore. https:\/\/pax.grsecurity.net\/docs\/ PaXTeam-H2HC13-PaX-gcc-plugins.pdf."},{"key":"e_1_3_2_2_23_1","volume-title":"Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In USENIX Security Symposium (Security).","author":"Ramos David A","year":"2015"},{"key":"e_1_3_2_2_24_1","volume-title":"USENIX Security Symposium (Security).","author":"Shankar Umesh","year":"2001"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2015.7054186"},{"key":"e_1_3_2_2_26_1","unstructured":"The Clang Team. 2019. Clang Static Analyzer. https:\/\/clang-analyzer.llvm.org\/.  The Clang Team. 2019. Clang Static Analyzer. https:\/\/clang-analyzer.llvm.org\/."},{"key":"e_1_3_2_2_27_1","unstructured":"Vegard Nossum. 2015. Getting Started With kmemcheck. https:\/\/www.kernel. org\/doc\/Documentation\/kmemcheck.txt.  Vegard Nossum. 2015. Getting Started With kmemcheck. https:\/\/www.kernel. org\/doc\/Documentation\/kmemcheck.txt."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243844"},{"key":"e_1_3_2_2_29_1","volume-title":"Improving Integer Security for Systems with KINT. In USENIX Symposium on Operating Systems Design and Implementation (OSDI).","author":"Wang Xi"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00017"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15497-3_5"},{"key":"e_1_3_2_2_32_1","volume-title":"PeX: A Permission Check Analysis Framework for Linux Kernel. In USENIX Security Symposium (Security).","author":"Zhang Tong","year":"2019"},{"key":"e_1_3_2_2_33_1","volume-title":"USENIX Workshop on Ofensive Technologies (WOOT).","author":"Zhao Hanqing","year":"2019"}],"event":{"name":"ESEC\/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"Virtual Event USA","acronym":"ESEC\/FSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409686","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3368089.3409686","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:39Z","timestamp":1750203879000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409686"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,7]]},"references-count":33,"alternative-id":["10.1145\/3368089.3409686","10.1145\/3368089"],"URL":"https:\/\/doi.org\/10.1145\/3368089.3409686","relation":{},"subject":[],"published":{"date-parts":[[2020,11,7]]}}}