{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:05:47Z","timestamp":1769727947697,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":84,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,27]],"date-time":"2024-04-27T00:00:00Z","timestamp":1714176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Hong Kong Innovation and Technology Commission","award":["PRP\/004\/21FX"],"award-info":[{"award-number":["PRP\/004\/21FX"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,27]]},"DOI":"10.1145\/3622781.3674177","type":"proceedings-article","created":{"date-parts":[[2025,4,10]],"date-time":"2025-04-10T15:31:01Z","timestamp":1744299061000},"page":"170-187","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9529-3410","authenticated-orcid":false,"given":"Chengfeng","family":"Ye","sequence":"first","affiliation":[{"name":"The Hong Kong University of Science and Technology, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6340-1416","authenticated-orcid":false,"given":"Yuandao","family":"Cai","sequence":"additional","affiliation":[{"name":"The Hong Kong University of Science and Technology, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8719-1070","authenticated-orcid":false,"given":"Anshunkang","family":"Zhou","sequence":"additional","affiliation":[{"name":"The Hong Kong University of Science and Technology, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5328-3994","authenticated-orcid":false,"given":"Heqing","family":"Huang","sequence":"additional","affiliation":[{"name":"City University of Hong Kong, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5093-8262","authenticated-orcid":false,"given":"Hao","family":"Ling","sequence":"additional","affiliation":[{"name":"The Hong Kong University of Science and Technology, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8611-9468","authenticated-orcid":false,"given":"Charles","family":"Zhang","sequence":"additional","affiliation":[{"name":"The Hong Kong University of Science and Technology, Hong Kong, China"}]}],"member":"320","published-online":{"date-parts":[[2025,4,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/github.com\/fkie-cat\/cwe-checker","year":"2021","unstructured":"Cwe-checker. https:\/\/github.com\/fkie-cat\/cwe-checker, 2021. Accessed November 9, 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"CA","year":"2023","unstructured":"QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries (to appear), San Francisco, CA, May 2023."},{"key":"e_1_3_2_1_3_1","volume-title":"https:\/\/github.com\/Ychame\/MANTA-Supplement\/","author":"Supplementary","year":"2024","unstructured":"Supplementary material. https:\/\/github.com\/Ychame\/MANTA-Supplement\/, 2024."},{"issue":"10","key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1145\/2076021.2048105","article-title":"Flow-sensitive type recovery in linear-log time","volume":"46","author":"Adams Michael D.","year":"2011","unstructured":"Michael D. Adams, Andrew W. Keep, Jan Midtgaard, Matthew Might, Arun Chauhan, and R. Kent Dybvig. Flow-sensitive type recovery in linear-log time. SIGPLAN Not., 46(10):483--498, oct 2011.","journal-title":"SIGPLAN Not."},{"key":"e_1_3_2_1_5_1","unstructured":"N. S. Agency. Ghidra reverse engineering tool. https:\/\/www.nsa.gov\/resources\/everyone\/ghidra\/."},{"key":"e_1_3_2_1_6_1","first-page":"91","volume-title":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2020","author":"Allamanis Miltiadis","year":"2020","unstructured":"Miltiadis Allamanis, Earl T. Barr, Soline Ducousso, and Zheng Gao. Typilus: neural type hints. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2020, page 91--105, New York, NY, USA, 2020. Association for Computing Machinery."},{"key":"e_1_3_2_1_7_1","volume-title":"Towards type inference for javascript","author":"Anderson Christopher","year":"2005","unstructured":"Christopher Anderson, Sophia Drossopoulou, and Paola Giannini. Towards type inference for javascript. volume 3586, 07 2005."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1109\/APSEC.2004.16","volume-title":"11th Asia-Pacific Software Engineering Conference","author":"Atkinson D.C.","year":"2004","unstructured":"D.C. Atkinson. Accurate call graph extraction of programs with function pointers using type signatures. In 11th Asia-Pacific Software Engineering Conference, pages 326--335, 2004."},{"key":"e_1_3_2_1_9_1","first-page":"211","volume-title":"Proceedings of the 30th International Conference on Software Engineering, ICSE '08","author":"Babic Domagoj","year":"2008","unstructured":"Domagoj Babic and Alan J. Hu. Calysto: scalable and precise extended static checking. In Proceedings of the 30th International Conference on Software Engineering, ICSE '08, page 211--220, New York, NY, USA, 2008. Association for Computing Machinery."},{"key":"e_1_3_2_1_10_1","volume-title":"Wysinwyx: What you see is not what you execute. ACM Trans. Program. Lang. Syst., 32(6), aug","author":"Balakrishnan Gogul","year":"2010","unstructured":"Gogul Balakrishnan and Thomas Reps. Wysinwyx: What you see is not what you execute. ACM Trans. Program. Lang. Syst., 32(6), aug 2010."},{"key":"e_1_3_2_1_11_1","volume-title":"Sensors Applications Symposium","author":"Balatsouras George","year":"2016","unstructured":"George Balatsouras and Yannis Smaragdakis. Structure-sensitive points-to analysis for c and c++. In Sensors Applications Symposium, 2016."},{"issue":"2","key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1145\/1646353.1646374","article-title":"A few billion lines of code later: using static analysis to find bugs in the real world","volume":"53","author":"Bessey Al","year":"2010","unstructured":"Al Bessey, Ken Block, Benjamin Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles-Henri Gros, Asya Kamsky, Scott McPeak, and Dawson R. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM, 53(2):66--75, 2010.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_1_13_1","volume-title":"Proc. ACM Program. Lang., 7(OOPSLA2), oct","author":"Cai Yuandao","year":"2023","unstructured":"Yuandao Cai and Charles Zhang. A cocktail approach to practical call graph construction. Proc. ACM Program. Lang., 7(OOPSLA2), oct 2023."},{"key":"e_1_3_2_1_14_1","first-page":"39","volume-title":"Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08","author":"Chang Walter","year":"2008","unstructured":"Walter Chang, Brandon Streiff, and Calvin Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08, page 39--50, New York, NY, USA, 2008. Association for Computing Machinery."},{"key":"e_1_3_2_1_15_1","volume-title":"USENIX Security Symposium","author":"Chen Libo","year":"2021","unstructured":"Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems. In USENIX Security Symposium, 2021."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/DSN48063.2020.00028","volume-title":"2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Chen Ligeng","year":"2020","unstructured":"Ligeng Chen, Zhongling He, and Bing Mao. Cati: Context-assisted type inference from stripped binaries. In 2020 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pages 88--98, 2020."},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security Symposium","author":"Chen Qibin","year":"2022","unstructured":"Qibin Chen, Jeremy Lacomis, Edward J. Schwartz, Claire Le Goues, Graham Neubig, and Bogdan Vasilescu. Augmenting decompiler output with learned variable names and types. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1109\/DSN.2018.00052","volume-title":"2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Cheng Kai","year":"2018","unstructured":"Kai Cheng, Qiang Li, Lei Wang, Qian Chen, Yaowen Zheng, Limin Sun, and Zhenkai Liang. Dtaint: Detecting the taint-style vulnerability in embedded device firmware. In 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pages 430--441, 2018."},{"key":"e_1_3_2_1_19_1","first-page":"360","volume-title":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023","author":"Cheng Kai","year":"2023","unstructured":"Kai Cheng, Yaowen Zheng, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, Kejiang Ye, and Limin Sun. Detecting vulnerabilities in linux-based embedded firmware with sse-based on-demand alias analysis. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, page 360--372, New York, NY, USA, 2023. Association for Computing Machinery."},{"key":"e_1_3_2_1_20_1","volume-title":"ASPLOS XVI","author":"Chipounov Vitaly","year":"2011","unstructured":"Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea. S2e: a platform for in-vivo multi-path analysis of software systems. In ASPLOS XVI, 2011."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1145\/512529.512560","volume-title":"Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI '02","author":"Choi Jong-Deok","year":"2002","unstructured":"Jong-Deok Choi, Keunwoo Lee, Alexey Loginov, Robert O'Callahan, Vivek Sarkar, and Manu Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI '02, page 258--269, New York, NY, USA, 2002. Association for Computing Machinery."},{"key":"e_1_3_2_1_22_1","volume-title":"USENIX Security Symposium","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. Inception: System-wide security testing of real-world embedded systems software. In USENIX Security Symposium, 2018."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems","author":"David Yaniv","year":"2018","unstructured":"Yaniv David, Nimrod Partush, and Eran Yahav. Firmup: Precise static detection of common vulnerabilities in firmware. Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, 2018."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","first-page":"348","DOI":"10.1145\/3173162.3177153","volume-title":"Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '18","author":"Devecsery David","year":"2018","unstructured":"David Devecsery, Peter M. Chen, Jason Flinn, and Satish Narayanasamy. Optimistic hybrid analysis: Accelerating dynamic analysis through predicated static analysis. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '18, page 348--362, New York, NY, USA, 2018. Association for Computing Machinery."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1145\/277650.277670","volume-title":"Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation, PLDI '98","author":"Diwan Amer","year":"1998","unstructured":"Amer Diwan, Kathryn S. McKinley, and J. Eliot B. Moss. Type-based alias analysis. In Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation, PLDI '98, page 106--117, New York, NY, USA, 1998. Association for Computing Machinery."},{"issue":"6","key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/2499370.2462165","article-title":"Scalable variable and data type detection in a binary rewriter","volume":"48","author":"ElWazeer Khaled","year":"2013","unstructured":"Khaled ElWazeer, Kapil Anand, Aparna Kotha, Matthew Smithson, and Rajeev Barua. Scalable variable and data type detection in a binary rewriter. SIGPLAN Not., 48(6):51--60, jun 2013.","journal-title":"SIGPLAN Not."},{"key":"e_1_3_2_1_27_1","volume-title":"Network and Distributed System Security Symposium","author":"Eschweiler Sebastian","year":"2016","unstructured":"Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla. discovre: Efficient cross-architecture identification of bugs in binary code. In Network and Distributed System Security Symposium, 2016."},{"key":"e_1_3_2_1_28_1","first-page":"133","volume-title":"Proceedings of the 2006 International Symposium on Software Testing and Analysis, ISSTA '06","author":"Fink Stephen","year":"2006","unstructured":"Stephen Fink, Eran Yahav, Nurit Dor, G. Ramalingam, and Emmanuel Geay. Effective typestate verification in the presence of aliasing. In Proceedings of the 2006 International Symposium on Software Testing and Analysis, ISSTA '06, page 133--144, New York, NY, USA, 2006. Association for Computing Machinery."},{"issue":"5","key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/543552.512531","article-title":"Flow-sensitive type qualifiers","volume":"37","author":"Foster Jeffrey S.","year":"2002","unstructured":"Jeffrey S. Foster, Tachio Terauchi, and Alex Aiken. Flow-sensitive type qualifiers. SIGPLAN Not., 37(5):1--12, may 2002.","journal-title":"SIGPLAN Not."},{"key":"e_1_3_2_1_30_1","volume-title":"https:\/\/github.com\/google\/pytype, accessed","year":"2023","unstructured":"Google. Pytype. https:\/\/github.com\/google\/pytype, accessed 30 May 2023."},{"key":"e_1_3_2_1_31_1","first-page":"214","volume-title":"Proceedings of the 10th International Conference on Static Analysis, SAS'03","author":"Samuel","year":"2003","unstructured":"Samuel Z. Guyer and Calvin Lin. Client-driven pointer analysis. In Proceedings of the 10th International Conference on Static Analysis, SAS'03, page 214--236, Berlin, Heidelberg, 2003. Springer-Verlag."},{"key":"e_1_3_2_1_32_1","first-page":"289","volume-title":"Proceedings of the 9th Annual IEEE\/ACM International Symposium on Code Generation and Optimization, CGO '11","author":"Hardekopf Ben","year":"2011","unstructured":"Ben Hardekopf and Calvin Lin. Flow-sensitive pointer analysis for millions of lines of code. In Proceedings of the 9th Annual IEEE\/ACM International Symposium on Code Generation and Optimization, CGO '11, page 289--298, USA, 2011. IEEE Computer Society."},{"key":"e_1_3_2_1_33_1","volume-title":"International Conference on Computer Aided Verification","author":"Hassan Mostafa","year":"2018","unstructured":"Mostafa Hassan, Caterina Urban, Marco Eilers, and Peter M\u00fcller. Maxsmt-based type inference for python 3. In International Conference on Computer Aided Verification, 2018."},{"key":"e_1_3_2_1_34_1","first-page":"1667","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS '18","author":"He Jingxuan","year":"2018","unstructured":"Jingxuan He, Pesho Ivanov, Petar Tsankov, Veselin Raychev, and Martin Vechev. Debin: Predicting debug information in stripped binaries. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS '18, page 1667--1680, New York, NY, USA, 2018. Association for Computing Machinery."},{"key":"e_1_3_2_1_35_1","first-page":"152","volume-title":"Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2018","author":"Hellendoorn Vincent J.","year":"2018","unstructured":"Vincent J. Hellendoorn, Christian Bird, Earl T. Barr, and Miltiadis Allamanis. Deep learning type inference. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2018, page 152--162, New York, NY, USA, 2018. Association for Computing Machinery."},{"key":"e_1_3_2_1_36_1","unstructured":"Hex-Rays. The ida pro disassembler and debugger. https:\/\/www.hexrays.com\/products\/ida\/."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/SP46214.2022.9833751","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Huang Heqing","year":"2022","unstructured":"Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang. Beacon: Directed grey-box fuzzing with provable path pruning. In 2022 IEEE Symposium on Security and Privacy (SP), pages 36--50, 2022."},{"key":"e_1_3_2_1_38_1","volume-title":"Pass the SALT 2018","author":"K\u02c7roustek P. Matula J.","year":"2018","unstructured":"P. Matula J. K\u02c7roustek. Retdec: An open-source machine-code decompiler. Presented at Pass the SALT 2018, Lille, FR, July 2018."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1145\/3274694.3274746","volume-title":"Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC '18","author":"Jain Vivek","year":"2018","unstructured":"Vivek Jain, Sanjay Rawat, Cristiano Giuffrida, and Herbert Bos. Tiff: Using input type inference to improve fuzzing. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC '18, page 505--517, New York, NY, USA, 2018. Association for Computing Machinery."},{"key":"e_1_3_2_1_40_1","first-page":"238","volume-title":"Jens Palsberg and Zhendong Su","author":"Jensen Simon Holm","year":"2009","unstructured":"Simon Holm Jensen, Anders M\u00f8ller, and Peter Thiemann. Type analysis for javascript. In Jens Palsberg and Zhendong Su, editors, Static Analysis, pages 238--255, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg."},{"key":"e_1_3_2_1_41_1","first-page":"249","volume-title":"Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08","author":"Kahlon Vineet","year":"2008","unstructured":"Vineet Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08, page 249--259, New York, NY, USA, 2008. Association for Computing Machinery."},{"key":"e_1_3_2_1_42_1","first-page":"423","volume-title":"Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '13","author":"Kastrinis George","year":"2013","unstructured":"George Kastrinis and Yannis Smaragdakis. Hybrid context-sensitivity for points-to analysis. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '13, page 423--434, New York, NY, USA, 2013. Association for Computing Machinery."},{"key":"e_1_3_2_1_43_1","volume-title":"Refining indirect call targets at the binary level. 01","author":"Kim Sun","year":"2021","unstructured":"Sun Kim, Cong Sun, Dongrui Zeng, and Gang Tan. Refining indirect call targets at the binary level. 01 2021."},{"key":"e_1_3_2_1_44_1","first-page":"169","volume-title":"Proceedings of the 31st ACM SIGPLAN International Conference on Compiler Construction, CC 2022","author":"Kim Sun Hyoung","year":"2022","unstructured":"Sun Hyoung Kim, Dongrui Zeng, Cong Sun, and Gang Tan. Binpointer: Towards precise, sound, and scalable binary-level pointer analysis. In Proceedings of the 31st ACM SIGPLAN International Conference on Compiler Construction, CC 2022, page 169--180, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_45_1","volume-title":"NDSS","author":"Lee Jonghyup","year":"2011","unstructured":"Jonghyup Lee, Thanassis Avgerinos, and David Brumley. Tie: Principled reverse engineering of types in binary programs. In NDSS, 2011."},{"key":"e_1_3_2_1_46_1","first-page":"08","article-title":"Java bytecode verification: Algorithms and formalizations","volume":"30","author":"Leroy Xavier","year":"2003","unstructured":"Xavier Leroy. Java bytecode verification: Algorithms and formalizations. Journal of Automated Reasoning, 30, 08 2003.","journal-title":"Journal of Automated Reasoning"},{"issue":"1","key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10817-008-9099-0","article-title":"Formal verification of a c-like memory model and its uses for verifying program transformations","volume":"41","author":"Leroy Xavier","year":"2008","unstructured":"Xavier Leroy and Sandrine Blazy. Formal verification of a c-like memory model and its uses for verifying program transformations. J. Autom. Reason., 41(1):1--31, 2008.","journal-title":"J. Autom. Reason."},{"key":"e_1_3_2_1_48_1","first-page":"590","volume-title":"Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11","author":"Liang Percy","year":"2011","unstructured":"Percy Liang and Mayur Naik. Scaling abstraction refinement via pruning. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, page 590--601, New York, NY, USA, 2011. Association for Computing Machinery."},{"key":"e_1_3_2_1_49_1","volume-title":"Automatic reverse engineering of data structures from binary execution. 01","author":"Lin Zhiqiang","year":"2010","unstructured":"Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. Automatic reverse engineering of data structures from binary execution. 01 2010."},{"key":"e_1_3_2_1_50_1","first-page":"2725","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS '23","author":"Lin Ziyi","year":"2023","unstructured":"Ziyi Lin, Jinku Li, Bowen Li, Haoyu Ma, Debin Gao, and Jianfeng Ma. Typesqueezer: When static recovery of function signatures for binary executables meets dynamic analysis. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS '23, page 2725--2739, New York, NY, USA, 2023. Association for Computing Machinery."},{"key":"e_1_3_2_1_51_1","first-page":"114","volume-title":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023","author":"Liu Jiangchao","year":"2023","unstructured":"Jiangchao Liu, Jierui Liu, Peng Di, Diyu Wu, Hengjie Zheng, Alex X. Liu, and Jingling Xue. Hybrid inlining: A framework for compositional and context-sensitive static analysis. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, page 114--126, New York, NY, USA, 2023. Association for Computing Machinery."},{"key":"e_1_3_2_1_52_1","first-page":"1100","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Liu Zhibo","year":"2022","unstructured":"Zhibo Liu, Yuanyuan Yuan, Shuai Wang, and Yuyan Bao. Sok: Demystifying binary lifters through the lens of downstream applications. In 2022 IEEE Symposium on Security and Privacy (SP), pages 1100--1119, 2022."},{"key":"e_1_3_2_1_53_1","first-page":"1867","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19","author":"Lu Kangjie","year":"2019","unstructured":"Kangjie Lu and Hong Hu. Where does it go? refining indirect-call targets with multi-layer type analysis. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, page 1867--1881, New York, NY, USA, 2019. Association for Computing Machinery."},{"key":"e_1_3_2_1_54_1","first-page":"602","volume-title":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS '22","author":"Mantovani Alessandro","year":"2022","unstructured":"Alessandro Mantovani, Luca Compagna, Yan Shoshitaishvili, and Davide Balzarotti. The convergence of source code and binary vulnerability discovery - a case study. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS '22, page 602--615, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_55_1","volume-title":"RAID","author":"Paul Muntean Dr.","year":"2018","unstructured":"Dr. Paul Muntean, Matthias Fischer, Gang Tan, Zhiqiang Lin, Jens Grossklags, and Claudia Eckert. \u03c4cfi: Type-assisted control flow integrity for x86-64 binaries. In RAID, 2018."},{"key":"e_1_3_2_1_56_1","first-page":"128","volume-title":"Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '02","author":"Necula George C.","year":"2002","unstructured":"George C. Necula, Scott McPeak, and Westley Weimer. Ccured: type-safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '02, page 128--139, New York, NY, USA, 2002. Association for Computing Machinery."},{"issue":"6","key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1145\/2980983.2908119","article-title":"Polymorphic type inference for machine code","volume":"51","author":"Noonan Matt","year":"2016","unstructured":"Matt Noonan, Alexey Loginov, and David Cok. Polymorphic type inference for machine code. SIGPLAN Not., 51(6):27--41, jun 2016.","journal-title":"SIGPLAN Not."},{"key":"e_1_3_2_1_58_1","first-page":"475","volume-title":"Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14","author":"Oh Hakjoo","year":"2014","unstructured":"Hakjoo Oh, Wonchan Lee, Kihong Heo, Hongseok Yang, and Kwangkeun Yi. Selective context-sensitivity guided by impact preanalysis. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, page 475--484, New York, NY, USA, 2014. Association for Computing Machinery."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.entcs.2011.11.005","article-title":"Implementing a language with flow-sensitive and structural typing on the jvm","volume":"279","author":"Pearce David","year":"2011","unstructured":"David Pearce and James Noble. Implementing a language with flow-sensitive and structural typing on the jvm. Electr. Notes Theor. Comput. Sci., 279:47--59, 12 2011.","journal-title":"Electr. Notes Theor. Comput. Sci."},{"key":"e_1_3_2_1_60_1","first-page":"690","volume-title":"Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2021","author":"Pei Kexin","year":"2021","unstructured":"Kexin Pei, Jonas Guan, Matthew Broughton, Zhongtian Chen, Songchen Yao, David Williams-King, Vikas Ummadisetty, Junfeng Yang, Baishakhi Ray, and Suman Jana. Stateformer: Fine-grained type recovery from binaries using generative state modeling. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2021, page 690--702, New York, NY, USA, 2021. Association for Computing Machinery."},{"key":"e_1_3_2_1_61_1","first-page":"2019","volume-title":"Proceedings of the 44th International Conference on Software Engineering, ICSE '22","author":"Peng Yun","year":"2022","unstructured":"Yun Peng, Cuiyun Gao, Zongjie Li, Bowei Gao, David Lo, Qirun Zhang, and Michael Lyu. Static inference meets deep learning: A hybrid type inference approach for python. In Proceedings of the 44th International Conference on Software Engineering, ICSE '22, page 2019--2030, New York, NY, USA, 2022. Association for Computing Machinery."},{"key":"e_1_3_2_1_62_1","volume-title":"Icspatch: Automated vulnerability localization and non-intrusive hotpatching in industrial control systems using data dependence graphs","author":"Narayan Rajput Prashant Hari","year":"2023","unstructured":"Prashant Hari Narayan Rajput, Constantine Doumanidis, and Michail Maniatakos. Icspatch: Automated vulnerability localization and non-intrusive hotpatching in industrial control systems using data dependence graphs. volume abs\/2212.04229, 2023."},{"key":"e_1_3_2_1_63_1","volume-title":"USENIX Security Symposium","author":"Redini Nilo","year":"2017","unstructured":"Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kr\u00fcgel, and Giovanni Vigna. Bootstomp: On the security of bootloaders in mobile devices. In USENIX Security Symposium, 2017."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","first-page":"1544","DOI":"10.1109\/SP40000.2020.00036","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"Redini Nilo","year":"2020","unstructured":"Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. Karonte: Detecting insecure multi-binary interactions in embedded firmware. In 2020 IEEE Symposium on Security and Privacy (SP), pages 1544--1561, 2020."},{"key":"e_1_3_2_1_65_1","first-page":"49","volume-title":"Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '95","author":"Reps Thomas","year":"1995","unstructured":"Thomas Reps, Susan Horwitz, and Mooly Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '95, page 49--61, New York, NY, USA, 1995. Association for Computing Machinery."},{"key":"e_1_3_2_1_66_1","volume-title":"https:\/\/securitylab.github.com\/tools\/codeql, accessed","year":"2023","unstructured":"Semmle. Codeql. https:\/\/securitylab.github.com\/tools\/codeql, accessed 30 May 2023."},{"issue":"4","key":"e_1_3_2_1_67_1","doi-asserted-by":"crossref","first-page":"693","DOI":"10.1145\/3296979.3192418","article-title":"Fast and precise sparse value flow analysis for million lines of code","volume":"53","author":"Shi Qingkai","year":"2018","unstructured":"Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Gang Fan, and Charles Zhang. Pinpoint: Fast and precise sparse value flow analysis for million lines of code. SIGPLAN Not., 53(4):693--706, jun 2018.","journal-title":"SIGPLAN Not."},{"key":"e_1_3_2_1_68_1","first-page":"138","volume-title":"(state of) the art of war: Offensive techniques in binary analysis","author":"Shoshitaishvili Yan","year":"2016","unstructured":"Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. Sok: (state of) the art of war: Offensive techniques in binary analysis. pages 138--157, 05 2016."},{"key":"e_1_3_2_1_69_1","volume-title":"Network and Distributed System Security Symposium","author":"Slowinska Asia","year":"2011","unstructured":"Asia Slowinska, Traian Stancescu, and Herbert Bos. Howard: A dynamic excavator for reverse engineering data structures. In Network and Distributed System Security Symposium, 2011."},{"key":"e_1_3_2_1_70_1","first-page":"387","volume-title":"Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '06","author":"Sridharan Manu","year":"2006","unstructured":"Manu Sridharan and Rastislav Bod\u00edk. Refinement-based context-sensitive points-to analysis for java. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '06, page 387--400, New York, NY, USA, 2006. Association for Computing Machinery."},{"key":"e_1_3_2_1_71_1","first-page":"59","volume-title":"Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA '05","author":"Sridharan Manu","year":"2005","unstructured":"Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bod\u00edk. Demand-driven points-to analysis for java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA '05, page 59--76, New York, NY, USA, 2005. Association for Computing Machinery."},{"key":"e_1_3_2_1_72_1","first-page":"265","volume-title":"Proceedings of the 25th International Conference on Compiler Construction, CC 2016","author":"Sui Yulei","year":"2016","unstructured":"Yulei Sui and Jingling Xue. Svf: Interprocedural static value-flow analysis in llvm. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016, page 265--266, New York, NY, USA, 2016. Association for Computing Machinery."},{"issue":"8","key":"e_1_3_2_1_73_1","doi-asserted-by":"crossref","first-page":"812","DOI":"10.1109\/TSE.2018.2869336","article-title":"Value-flow-based demand-driven pointer analysis for c and c++","volume":"46","author":"Sui Yulei","year":"2020","unstructured":"Yulei Sui and Jingling Xue. Value-flow-based demand-driven pointer analysis for c and c++. IEEE Transactions on Software Engineering, 46(8):812--835, 2020.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_74_1","volume-title":"Proc. ACM Program. Lang., 5(OOPSLA), oct","author":"Tan Tian","year":"2021","unstructured":"Tian Tan, Yue Li, Xiaoxing Ma, Chang Xu, and Yannis Smaragdakis. Making pointer analysis more precise by unleashing the power of selective context sensitivity. Proc. ACM Program. Lang., 5(OOPSLA), oct 2021."},{"key":"e_1_3_2_1_75_1","unstructured":"Jayakrishna Vadayath Moritz Eckert Kyle Zeng Nicolaas Weideman Gokulkrishna Praveen Menon Yanick Fratantonio Davide Balzarotti Doup Adam Tiffany Bao Ruoyu Wang Christophe Hauser and Yan Shoshitaishvili. Arbiter: Bridging the static and dynamic divide in vulnerability discovery on binary programs. In Usenix editor USENIX 2022 31st USENIX Security Symposium August 10--12 2022 Boston MA USA Boston 2022. Copyright Usenix. Personal use of this material is permitted. The definitive version of this paper was published in USENIX 2022 31st USENIX Security Symposium August 12 2022 Boston MA USA and is available at :."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"crossref","first-page":"934","DOI":"10.1109\/SP.2016.60","volume-title":"2016 IEEE Symposium on Security and Privacy (SP)","author":"van der Veen Victor","year":"2016","unstructured":"Victor van der Veen, Enes G\u00f6ktas, Moritz Contag, Andre Pawoloski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. A tough call: Mitigating advanced code-reuse attacks at the binary level. In 2016 IEEE Symposium on Security and Privacy (SP), pages 934--953, 2016."},{"key":"e_1_3_2_1_77_1","volume-title":"Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. 01","author":"Wang Tielei","year":"2009","unstructured":"Tielei Wang, Tao Wei, Zhiqiang Lin, and Wei Zou. Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. 01 2009."},{"key":"e_1_3_2_1_78_1","first-page":"1","volume-title":"Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, PLDI '95","author":"Robert","year":"1995","unstructured":"Robert P. Wilson and Monica S. Lam. Efficient context-sensitive pointer analysis for c programs. In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, PLDI '95, page 1--12, New York, NY, USA, 1995. Association for Computing Machinery."},{"key":"e_1_3_2_1_79_1","first-page":"351","volume-title":"Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005","author":"Xie Yichen","year":"2005","unstructured":"Yichen Xie and Alexander Aiken. Scalable error detection using boolean satisfiability. In Jens Palsberg and Mart\u00edn Abadi, editors, Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12--14, 2005, pages 351--363. ACM, 2005."},{"key":"e_1_3_2_1_80_1","first-page":"376","volume-title":"Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020","author":"Xu Yifei","year":"2020","unstructured":"Yifei Xu, Zhengzi Xu, Bihuan Chen, Fu Song, Yang Liu, and Ting Liu. Patch based vulnerability matching for binary programs. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020, page 376--387, New York, NY, USA, 2020. Association for Computing Machinery."},{"key":"e_1_3_2_1_81_1","first-page":"1623","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Yin Jiawei","year":"2022","unstructured":"Jiawei Yin, Menghao Li, Wei Wu, Dandan Sun, Jianhua Zhou, Wei Huo, and Jingling Xue. Finding smm privilege-escalation vulnerabilities in uefi firmware with protocol-centric static analysis. In 2022 IEEE Symposium on Security and Privacy (SP), pages 1623--1637, 2022."},{"key":"e_1_3_2_1_82_1","volume-title":"Avatar: A framework to support dynamic security analysis of embedded systems' firmwares. 02","author":"Zaddach Jonas","year":"2014","unstructured":"Jonas Zaddach, Luca Bruno, Aur\u00e9lien Francillon, and Davide Balzarotti. Avatar: A framework to support dynamic security analysis of embedded systems' firmwares. 02 2014."},{"key":"e_1_3_2_1_83_1","volume-title":"Improving accuracy of static integer overflow detection in binary. 11","author":"Zhang Yang","year":"2015","unstructured":"Yang Zhang, Xiaoshan Sun, Yi Deng, Liang Cheng, Shuke Zeng, Yu Fu, and Dengguo Feng. Improving accuracy of static integer overflow detection in binary. 11 2015."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"crossref","first-page":"813","DOI":"10.1109\/SP40001.2021.00051","volume-title":"2021 IEEE Symposium on Security and Privacy (SP)","author":"Zhang Zhuo","year":"2021","unstructured":"Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, and Xiangyu Zhang. Osprey: Recovery of variable and data structure via probabilistic analysis for stripped binary. In 2021 IEEE Symposium on Security and Privacy (SP), pages 813--832, 2021."}],"event":{"name":"ASPLOS '24: 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4","location":"Hilton La Jolla Torrey Pines La Jolla CA USA","acronym":"ASPLOS '24","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","SIGPLAN ACM Special Interest Group on Programming Languages","SIGARCH ACM Special Interest Group on Computer Architecture","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622781.3674177","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3622781.3674177","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:03Z","timestamp":1750178223000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622781.3674177"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,27]]},"references-count":84,"alternative-id":["10.1145\/3622781.3674177","10.1145\/3622781"],"URL":"https:\/\/doi.org\/10.1145\/3622781.3674177","relation":{},"subject":[],"published":{"date-parts":[[2024,4,27]]},"assertion":[{"value":"2025-04-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}