{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T14:57:06Z","timestamp":1776092226685,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":77,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484813","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"2526-2540","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["Learning to Explore Paths for Symbolic Execution"],"prefix":"10.1145","author":[{"given":"Jingxuan","family":"He","sequence":"first","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]},{"given":"Gishor","family":"Sivanrupan","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]},{"given":"Petar","family":"Tsankov","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]},{"given":"Martin","family":"Vechev","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. American fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2021. Gcov (Using the GNU Compiler Collection (GCC)). https:\/\/gcc.gnu.org\/onlinedocs\/gcc\/Gcov.html"},{"key":"e_1_3_2_1_3_1","unstructured":"2021. Google Fuzzer Test Suite. https:\/\/github.com\/google\/fuzzer-test-suite"},{"key":"e_1_3_2_1_4_1","unstructured":"2021. UndefinedBehaviorSanitizer - Clang 6 documentation. https:\/\/releases.llvm.org\/6.0.0\/tools\/clang\/docs\/UndefinedBehaviorSanitizer.html"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.11"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390662"},{"key":"e_1_3_2_1_7_1","volume-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence. In NDSS","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In NDSS 2019. https:\/\/www.ndss-symposium.org\/ndss-paper\/redqueen-fuzzing-with-input-to-state-correspondence\/"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568293"},{"key":"e_1_3_2_1_9_1","volume-title":"NeurIPS","author":"Balunovic Mislav","year":"2018","unstructured":"Mislav Balunovic, Pavol Bielik, and Martin Vechev. 2018. Learning to Solve SMT Formulas. In NeurIPS 2018. https:\/\/proceedings.neurips.cc\/paper\/2018\/hash\/68331ff0427b551b68e911eebe35233b-Abstract.html"},{"key":"e_1_3_2_1_10_1","volume-title":"BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In USENIX Security","author":"Bao Tiffany","year":"2014","unstructured":"Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In USENIX Security 2014. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/bao"},{"key":"e_1_3_2_1_11_1","volume-title":"Ali Abbasi, Sergej Schumilo, Simon W\u00f6 rner, and Thorsten Holz.","author":"Blazytko Tim","year":"2019","unstructured":"Tim Blazytko, Cornelius Aschermann, Moritz Schl\u00f6 gel, Ali Abbasi, Sergej Schumilo, Simon W\u00f6 rner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure while Fuzzing. In USENIX Security 2019. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/blazytko"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--540--78800--3_27"},{"key":"e_1_3_2_1_14_1","volume-title":"Redundant State Detection for Dynamic Symbolic Execution. In USENIX ATC","author":"Bugrara Suhabe","year":"2013","unstructured":"Suhabe Bugrara and Dawson R. Engler. 2013. Redundant State Detection for Dynamic Symbolic Execution. In USENIX ATC 2013. https:\/\/www.usenix.org\/conference\/atc13\/technical-sessions\/presentation\/bugrara"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397360"},{"key":"e_1_3_2_1_16_1","volume-title":"Engler","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI 2008. http:\/\/www.usenix.org\/events\/osdi08\/tech\/full_papers\/cadar\/cadar.pdf"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180166"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338964"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409755"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23430"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ECOOP.2018.6"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00002"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--540--78800--3_24"},{"key":"e_1_3_2_1_29_1","volume-title":"Posters presented at USENIX Security","author":"Fietkau Julian","year":"2017","unstructured":"Julian Fietkau, Bhargava Shastry, and Jean-Pierre Seifert. 2017. KleeFL - Seeding Fuzzers With Symbolic Execution. In Posters presented at USENIX Security 2017. https:\/\/github.com\/julieeen\/kleefl\/raw\/master\/USENIX2017poster.pdf"},{"key":"e_1_3_2_1_30_1","volume-title":"GREYONE: Data Flow Sensitive Fuzzing. In USENIX Security","author":"Gan Shuitao","year":"2020","unstructured":"Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In USENIX Security 2020. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/gan"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00040"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--540--73368--3_52"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_34_1","volume-title":"Automated Whitebox Fuzz Testing. In NDSS 2008","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid, Michael Y. Levin, and David A. Molnar. 2008. Automated Whitebox Fuzz Testing. In NDSS 2008. https:\/\/www.ndss-symposium.org\/ndss2008\/automated-whitebox-fuzz-testing\/"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115618"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236028"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363230"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243866"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464795"},{"key":"e_1_3_2_1_40_1","volume-title":"USENIX Security","author":"Holler Christian","year":"2012","unstructured":"Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with Code Fragments. In USENIX Security 2012. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/holler"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00063"},{"key":"e_1_3_2_1_42_1","volume-title":"Kyu Hyung Lee, and Taesoo Kim","author":"Jung Jinho","year":"2019","unstructured":"Jinho Jung, Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee, and Taesoo Kim. 2019. Fuzzification: Anti-Fuzzing Techniques. In USENIX Security 2019. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/jung"},{"key":"e_1_3_2_1_43_1","volume-title":"Pending Constraints in Symbolic Execution for Better Exploration and Seeding. In ASE","author":"Kapus Timotej","year":"2020","unstructured":"Timotej Kapus, Frank Busse, and Cristian Cadar. 2020. Pending Constraints in Symbolic Execution for Better Exploration and Seeding. In ASE 2020. https:\/\/ieeexplore.ieee.org\/document\/9286054"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254088"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594334"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509553"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--23702--7_11"},{"key":"e_1_3_2_1_51_1","volume-title":"USENIX Security","author":"Sebastian","year":"2020","unstructured":"Sebastian \u00d6 sterlund, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2020. ParmeSan: Sanitizer-guided Greybox Fuzzing. In USENIX Security 2020. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/osterlund"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859035"},{"key":"e_1_3_2_1_53_1","volume-title":"Analyzing Protocol Implementations for Interoperability. In NSDI","author":"Pedrosa Luis","year":"2015","unstructured":"Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, and Todd D. Millstein. 2015. Analyzing Protocol Implementations for Interoperability. In NSDI 2015. https:\/\/www.usenix.org\/conference\/nsdi15\/technical-sessions\/presentation\/pedrosa"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00056"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00024"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993558"},{"key":"e_1_3_2_1_57_1","volume-title":"Compile!. In USENIX Security","author":"Poeplau Sebastian","year":"2020","unstructured":"Sebastian Poeplau and Aur\u00e9 lien Francillon. 2020. Symbolic Execution with SymCC: Don't Interpret, Compile!. In USENIX Security 2020. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/poeplau"},{"key":"e_1_3_2_1_58_1","volume-title":"SymQEMU: Compilation-based Symbolic Execution for Binaries. In NDSS","author":"Poeplau Sebastian","year":"2021","unstructured":"Sebastian Poeplau and Aur\u00e9 lien Francillon. 2021. SymQEMU: Compilation-based Symbolic Execution for Binaries. In NDSS 2021. https:\/\/www.ndss-symposium.org\/ndss-paper\/symqemu-compilation-based-symbolic-execution-for-binaries\/"},{"key":"e_1_3_2_1_59_1","volume-title":"Engler","author":"Ramos David A.","year":"2015","unstructured":"David A. Ramos and Dawson R. Engler. 2015. Under-Constrained Symbolic Execution: Correctness Checking for Real Code. In USENIX Security 2015. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/ramos"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"e_1_3_2_1_61_1","volume-title":"ICLR","author":"Selsam Daniel","year":"2019","unstructured":"Daniel Selsam, Matthew Lamm, Benedikt B\u00fc nz, Percy Liang, Leonardo de Moura, and David L. Dill. 2019. Learning a SAT Solver from Single-Bit Supervision. In ICLR 2019. https:\/\/openreview.net\/forum?id=HJMC_iA5tm"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"e_1_3_2_1_63_1","volume-title":"AddressSanitizer: A Fast Address Sanity Checker. In USENIX ATC","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX ATC 2012. https:\/\/www.usenix.org\/conference\/atc12\/technical-sessions\/presentation\/serebryany"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00022"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00052"},{"key":"e_1_3_2_1_66_1","volume-title":"Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In NDSS","author":"Shen Shiqi","year":"2019","unstructured":"Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, and Prateek Saxena. 2019. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In NDSS 2019. https:\/\/www.ndss-symposium.org\/ndss-paper\/neuro-symbolic-execution-augmenting-symbolic-execution-with-neural-constraints\/"},{"key":"e_1_3_2_1_67_1","volume-title":"USENIX Security","author":"Richard Shin Eui Chul","year":"2015","unstructured":"Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In USENIX Security 2015. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/shin"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_69_1","volume-title":"Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS","author":"Stephens Nick","year":"2016","unstructured":"Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS 2016. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180251"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.23"},{"key":"e_1_3_2_1_72_1","volume-title":"Reinforcement Learning-based Hierarchical Seed for Greybox Fuzzing. In NDSS","author":"Wang Jinghan","year":"2021","unstructured":"Jinghan Wang, Chengyu Song, and Heng Yin. 2021. Reinforcement Learning-based Hierarchical Seed for Greybox Fuzzing. In NDSS 2021. https:\/\/www.ndss-symposium.org\/ndss-paper\/reinforcement-learning-based-hierarchical-seed-scheduling-for-greybox-fuzzing\/"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054815"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270315"},{"key":"e_1_3_2_1_75_1","volume-title":"QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security 2018. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/yun"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00071"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416645"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484813","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484813","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:43Z","timestamp":1763498863000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484813"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":77,"alternative-id":["10.1145\/3460120.3484813","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484813","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}