{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T12:41:15Z","timestamp":1768999275037,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T00:00:00Z","timestamp":1604793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3368089.3409694","type":"proceedings-article","created":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T06:03:52Z","timestamp":1604815432000},"page":"1153-1164","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Efficient binary-level coverage analysis"],"prefix":"10.1145","author":[{"given":"M. Ammar","family":"Ben Khadra","sequence":"first","affiliation":[{"name":"TU Kaiserslautern, Germany"}]},{"given":"Dominik","family":"Stoffel","sequence":"additional","affiliation":[{"name":"TU Kaiserslautern, Germany"}]},{"given":"Wolfgang","family":"Kunz","sequence":"additional","affiliation":[{"name":"TU Kaiserslautern, Germany"}]}],"member":"320","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/174675.175935"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1017\/9781316771273"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2465351.2465380"},{"key":"e_1_3_2_2_4_1","first-page":"583","volume-title":"25th USENIX Security Symposium. USENIX Association","author":"Andriesse Dennis","unstructured":"Dennis Andriesse , Xi Chen , Victor van der Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86\/x64 Binaries . In 25th USENIX Security Symposium. USENIX Association , Austin, TX , 583 - 600 . https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technicalsessions\/presentation\/andriesse Dennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86\/x64 Binaries. In 25th USENIX Security Symposium. USENIX Association, Austin, TX, 583-600. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technicalsessions\/presentation\/andriesse"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.11"},{"key":"e_1_3_2_2_6_1","first-page":"845","volume-title":"Proceeding of the 23rd USENIX Security Symposium. USENIX Association","author":"Bao Tifany","year":"2014","unstructured":"Tifany Bao , Jonathan Burket , Maverick Woo , Rafael Turner , and David Brumley . 2014 . BYTEWEIGHT: Learning to Recognize Functions in Binary Code . In Proceeding of the 23rd USENIX Security Symposium. USENIX Association , San Diego, CA , 845 - 860 . https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technicalsessions\/presentation\/bao Tifany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In Proceeding of the 23rd USENIX Security Symposium. USENIX Association, San Diego, CA, 845-860. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technicalsessions\/presentation\/bao"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2968455.2968505"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_2_2_9_1","unstructured":"Derek Bruening. [n.d.]. DynamoRIO: Dynamic Instrumentation Tool Platform. https:\/\/github.com\/DynamoRIO\/dynamorio  Derek Bruening. [n.d.]. DynamoRIO: Dynamic Instrumentation Tool Platform. https:\/\/github.com\/DynamoRIO\/dynamorio"},{"key":"e_1_3_2_2_10_1","volume-title":"Schwartz","author":"Brumley David","year":"2011","unstructured":"David Brumley , Ivan Jager , Thanassis Avgerinos , and Edward J . Schwartz . 2011 . BAP : A Binary Analysis Platform. In Computer Aided Verification (LNCS), Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Springer Berlin Heidelberg , 463-469. https:\/\/link.springer.com\/chapter\/10.1007\/978-3-642-22110-1_37 David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. 2011. BAP: A Binary Analysis Platform. In Computer Aided Verification (LNCS), Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Springer Berlin Heidelberg, 463-469. https:\/\/link.springer.com\/chapter\/10.1007\/978-3-642-22110-1_37"},{"key":"e_1_3_2_2_11_1","unstructured":"Capstone. [n.d.]. Multi-architecture disassembly framework. https:\/\/github. com\/aquynh\/capstone  Capstone. [n.d.]. Multi-architecture disassembly framework. https:\/\/github. com\/aquynh\/capstone"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/WPC.1999.777758"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62105-0_12"},{"key":"e_1_3_2_2_14_1","unstructured":"Detours. [n.d.]. a software package for monitoring and instrumenting API calls on Windows. https:\/\/github.com\/microsoft\/Detours  Detours. [n.d.]. a software package for monitoring and instrumenting API calls on Windows. https:\/\/github.com\/microsoft\/Detours"},{"key":"e_1_3_2_2_15_1","volume-title":"RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. In IEEE International Symposium on Security and Privacy-S&P' 20","author":"Dinesh Sushant","year":"2020","unstructured":"Sushant Dinesh , Nathan Burow , Dongyan Xu , and Mathias Payer . 2020 . RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. In IEEE International Symposium on Security and Privacy-S&P' 20 . Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer. 2020. RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. In IEEE International Symposium on Security and Privacy-S&P' 20."},{"key":"e_1_3_2_2_16_1","unstructured":"DO178C. [n.d.]. Software Considerations in Airborne Systems and Equipment Certification. https:\/\/www.rtca.org  DO178C. [n.d.]. Software Considerations in Airborne Systems and Equipment Certification. https:\/\/www.rtca.org"},{"key":"e_1_3_2_2_17_1","unstructured":"Dyninst. [n.d.]. Tools for binary instrumentation analysis and modification. https:\/\/github.com\/dyninst\/dyninst  Dyninst. [n.d.]. Tools for binary instrumentation analysis and modification. https:\/\/github.com\/dyninst\/dyninst"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568273"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568278"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568271"},{"key":"e_1_3_2_2_22_1","unstructured":"ISO-26262. [n.d.]. Road vehicles-Functional safety-Part 6 : Product development at the software level. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:26262:-1:ed-2:v1:en  ISO-26262. [n.d.]. Road vehicles-Functional safety-Part 6 : Product development at the software level. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:26262:-1:ed-2:v1:en"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3340459"},{"key":"e_1_3_2_2_24_1","unstructured":"Linux Kernel. [n.d.]. Intel Processor Trace Documentation. https:\/\/github.com\/ torvalds\/linux\/blob\/master\/tools\/perf\/Documentation\/perf-intel-pt.txt  Linux Kernel. [n.d.]. Intel Processor Trace Documentation. https:\/\/github.com\/ torvalds\/linux\/blob\/master\/tools\/perf\/Documentation\/perf-intel-pt.txt"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115648"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2010.5452024"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594334"},{"key":"e_1_3_2_2_28_1","unstructured":"LibFuzzer. [n.d.]. a library for coverage-guided fuzz testing. https:\/\/llvm.org\/ docs\/LibFuzzer.html  LibFuzzer. [n.d.]. a library for coverage-guided fuzz testing. https:\/\/llvm.org\/ docs\/LibFuzzer.html"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931047"},{"key":"e_1_3_2_2_30_1","unstructured":"Trail of Bits. [n.d.]. McSema: Framework for lifting x86 amd64 and aarch64 program binaries to LLVM bitcode. https:\/\/github.com\/lifting-bits\/mcsema  Trail of Bits. [n.d.]. McSema: Framework for lifting x86 amd64 and aarch64 program binaries to LLVM bitcode. https:\/\/github.com\/lifting-bits\/mcsema"},{"key":"e_1_3_2_2_31_1","unstructured":"OSS-Fuzz. [n.d.]. continuous fuzzing of open source software. https:\/\/github. com\/google\/oss-fuzz  OSS-Fuzz. [n.d.]. continuous fuzzing of open source software. https:\/\/github. com\/google\/oss-fuzz"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.62"},{"key":"e_1_3_2_2_33_1","unstructured":"Pin. [n.d.]. A Dynamic Binary Instrumentation Tool. https:\/\/software.intel.com\/ en-us\/articles\/pin-a-dynamic-binary-instrumentation-tool  Pin. [n.d.]. A Dynamic Binary Instrumentation Tool. https:\/\/software.intel.com\/ en-us\/articles\/pin-a-dynamic-binary-instrumentation-tool"},{"key":"e_1_3_2_2_34_1","volume-title":"VUzzer: Application-aware Evolutionary Fuzzing. In Network and Distributed System Security Symposium-NDSS'17","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat , Vivek Jain , Ashish Kumar , Lucian Cojocar , Cristiano Giufrida , and Herbert Bos . 2017 . VUzzer: Application-aware Evolutionary Fuzzing. In Network and Distributed System Security Symposium-NDSS'17 . https:\/\/www.vusec.net\/ download\/?t=papers\/vuzzer_ndss17.pdf Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giufrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In Network and Distributed System Security Symposium-NDSS'17. https:\/\/www.vusec.net\/ download\/?t=papers\/vuzzer_ndss17.pdf"},{"key":"e_1_3_2_2_35_1","unstructured":"SanitizerCoverage. [n.d.]. LLVM coverage instrumentation. https:\/\/clang.llvm. org\/docs\/SanitizerCoverage.html  SanitizerCoverage. [n.d.]. LLVM coverage instrumentation. https:\/\/clang.llvm. org\/docs\/SanitizerCoverage.html"},{"key":"e_1_3_2_2_36_1","volume-title":"Proceedings of the 26th USENIX Security Symposium. USENIX Association, 167-182","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo , Cornelius Aschermann , Robert Gawlik , Sebastian Schinzel , and Thorsten Holz . 2017 . kAFL: hardware-assisted feedback fuzzing for OS kernels . In Proceedings of the 26th USENIX Security Symposium. USENIX Association, 167-182 . https:\/\/dl.acm.org\/citation.cfm?id= 3241204 Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: hardware-assisted feedback fuzzing for OS kernels. In Proceedings of the 26th USENIX Security Symposium. USENIX Association, 167-182. https:\/\/dl.acm.org\/citation.cfm?id= 3241204"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_2_38_1","unstructured":"Robert Swiecki. [n.d.]. Honggfuzz: a security oriented fuzzer. https:\/\/github. com\/google\/honggfuzz  Robert Swiecki. [n.d.]. Honggfuzz: a security oriented fuzzer. https:\/\/github. com\/google\/honggfuzz"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/566172.566186"},{"key":"e_1_3_2_2_40_1","unstructured":"Paul Turner. [n.d.]. Retpoline: a software construct for preventing branch-targetinjection. https:\/\/support.google.com\/faqs\/answer\/7625886  Paul Turner. [n.d.]. Retpoline: a software construct for preventing branch-targetinjection. https:\/\/support.google.com\/faqs\/answer\/7625886"},{"key":"e_1_3_2_2_41_1","unstructured":"Unicorn. [n.d.]. CPU emulator framework. https:\/\/github.com\/unicorn-engine\/ unicorn  Unicorn. [n.d.]. CPU emulator framework. https:\/\/github.com\/unicorn-engine\/ unicorn"},{"key":"e_1_3_2_2_42_1","volume-title":"Proceedings of the 24th USENIX Security Symposium ( 2015 ), 627-642","author":"Wang Shuai","year":"2015","unstructured":"Shuai Wang , Pei Wang , and Dinghao Wu . 2015 . Reassembleable disassembling . Proceedings of the 24th USENIX Security Symposium ( 2015 ), 627-642 . https: \/\/www.usenix.org\/node\/190921 Shuai Wang, Pei Wang, and Dinghao Wu. 2015. Reassembleable disassembling. Proceedings of the 24th USENIX Security Symposium ( 2015 ), 627-642. https: \/\/www.usenix.org\/node\/190921"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.430"},{"key":"e_1_3_2_2_44_1","volume-title":"QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium. 745-761","author":"Yun Insu","year":"2018","unstructured":"Insu Yun , Sangho Lee , Meng Xu , Yeongjin Jang , and Taesoo Kim . 2018 . QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium. 745-761 . https:\/\/www.usenix.org\/conference\/ usenixsecurity18\/presentation\/yun Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In 27th USENIX Security Symposium. 745-761. https:\/\/www.usenix.org\/conference\/ usenixsecurity18\/presentation\/yun"},{"key":"e_1_3_2_2_45_1","unstructured":"Michal Zalewski. [n.d.]. Technical whitepaper for afl-fuzz. http:\/\/lcamtuf. coredump.cx\/afl\/technical_details.txt  Michal Zalewski. [n.d.]. Technical whitepaper for afl-fuzz. http:\/\/lcamtuf. coredump.cx\/afl\/technical_details.txt"}],"event":{"name":"ESEC\/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"Virtual Event USA","acronym":"ESEC\/FSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409694","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3368089.3409694","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:40Z","timestamp":1750203880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409694"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,8]]},"references-count":44,"alternative-id":["10.1145\/3368089.3409694","10.1145\/3368089"],"URL":"https:\/\/doi.org\/10.1145\/3368089.3409694","relation":{},"subject":[],"published":{"date-parts":[[2020,11,8]]},"assertion":[{"value":"2020-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}