{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:10:07Z","timestamp":1755843007644,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Amazon"},{"DOI":"10.13039\/501100006374","name":"Intel Labs","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Facebook","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSERC","award":["RGPIN-2022-03325"],"award-info":[{"award-number":["RGPIN-2022-03325"]}]},{"name":"David R. Cheriton endowment"},{"name":"Sui Foundation"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670363","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"1375-1389","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["<scp>SeMalloc:<\/scp>\n            Semantics-Informed Memory Allocator"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-5607-3917","authenticated-orcid":false,"given":"Ruizhe","family":"Wang","sequence":"first","affiliation":[{"name":"University of Waterloo, Waterloo, ON, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-6364-4837","authenticated-orcid":false,"given":"Meng","family":"Xu","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, ON, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5093-9871","authenticated-orcid":false,"given":"N.","family":"Asokan","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, ON, Canada"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Jones","author":"Ainsworth Sam","year":"2020","unstructured":"Sam Ainsworth and Timothy M. Jones. 2020. MarkUs: Drop-in Use-After-Free Prevention for Low-level Languages. In IEEE S&P. 578--591."},{"key":"e_1_3_2_1_2_1","volume-title":"Cling: A Memory Allocator to Mitigate Dangling Pointers. In USENIX Security.","author":"Akritidis Periklis","year":"2020","unstructured":"Periklis Akritidis. 2020. Cling: A Memory Allocator to Mitigate Dangling Pointers. In USENIX Security."},{"key":"e_1_3_2_1_3_1","unstructured":"Alejandro Guerrero. 2022. N-day exploit for CVE-2022--2586: Linux kernel nft_object UAF."},{"key":"e_1_3_2_1_4_1","volume-title":"Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities.","author":"Alyssa Milburn Cristiano Giuffrida","year":"2017","unstructured":"Cristiano Giuffrida Alyssa Milburn, Herber Bos. 2017. Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Christian Bienia Sanjeev Kumar Jaswinder Pal Singh and Kai Li. 2008. The PARSEC Benchmark Suite: Characterization and Architectural Implications. Technical Report TR-811-08. Princeton University.","DOI":"10.1145\/1454115.1454128"},{"key":"e_1_3_2_1_6_1","unstructured":"Blaze Labs. 2022. hrefhttps:\/\/www.blazeinfosec.com\/post\/never-ending-problems-aslr-linux\/The never ending problems of local ASLR holes in Linux."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","unstructured":"Matteo Botticci. 2022. hrefhttps:\/\/doi.org\/10.5281\/zenodo.5878832ZigRazor\/CXXGraph: Release v0.2.2.","DOI":"10.5281\/zenodo.5878832ZigRazor\/CXXGraph:"},{"key":"e_1_3_2_1_8_1","unstructured":"C Language Working Group. 2023. Programming languages -- C."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Luca Cardelli. 1996. Type Systems. ACM Computing Surveys.","DOI":"10.1145\/234313.234418"},{"volume-title":"ViK: practical mitigation of temporal memory safety violations through object ID inspection","author":"Cho Haehyun","key":"e_1_3_2_1_10_1","unstructured":"Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doup\u00e9, and Gail-Joon Ahn. 2022. ViK: practical mitigation of temporal memory safety violations through object ID inspection. In ASPLOS. Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_11_1","unstructured":"daanx. 2024. hrefhttps:\/\/github.com\/daanx\/mimalloc-benchSuite for benchmarking malloc implementations."},{"key":"e_1_3_2_1_12_1","volume-title":"Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In USENIX Security.","author":"Dang Thurston H. Y.","year":"2017","unstructured":"Thurston H. Y. Dang, Petros Maniatis, and David Wagner. 2017. Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In USENIX Security. Vancouver, Canada."},{"key":"e_1_3_2_1_13_1","unstructured":"Daniel Teuchert Cornelius Aschermann Tommaso Frassetto Tigist Abera. 2018. hrefhttps:\/\/github.com\/mruby\/mruby\/issues\/4001Use after free in File#initilialize_copy."},{"key":"e_1_3_2_1_14_1","volume-title":"on Emerging Topics in Computing","author":"Dullien Thomas","year":"2017","unstructured":"Thomas Dullien. 2017. Weird Machines, Exploitability, and Provable Unexploitability. IEEE Trans. on Emerging Topics in Computing (2017)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507712"},{"key":"e_1_3_2_1_16_1","unstructured":"Reza Mirzazade Farkhani Mansour Ahmadi and Long Lu. 2020. PTAuth: Temporal Memory Safety via Robust Points-to Authentication."},{"volume-title":"Alexander Richardson, John Baldwin, David Chisnall, Jessica Clark, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Massinghi","author":"Filardo Nathaniel","key":"e_1_3_2_1_17_1","unstructured":"Nathaniel Filardo, Brett F Gutstein, John Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clark, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Massinghi, Robert M Norton, Michael Roe, Peter Sewell, Stacey Son, Timothy M Jones, Simon W Moore, Peter G Neumann, and Robert N M Watson. 2020. Cornucopia: Temporal Safety for CHERI Heaps. In IEEE S&P. 608--625."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Jeffrey S. Foster Manuel F\u00e4hndrich and Alexander Aiken. 1999. A Theory of Type Qualifiers. In PLDI.","DOI":"10.1145\/301618.301665"},{"key":"e_1_3_2_1_19_1","unstructured":"Free Software Foundation Inc. 2024. The GNU Allocator."},{"volume-title":"DangZero: Efficient Use-After-Free Detection via Direct Page Table Access","author":"Gorter Floris","key":"e_1_3_2_1_20_1","unstructured":"Floris Gorter, Koen Koning, Herbert Bos, and Cristiano Giuffrida. 2022. DangZero: Efficient Use-After-Free Detection via Direct Page Table Access. In ACM CCS. Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_21_1","unstructured":"Hanno B\u00f6ck. 2017. hrefhttps:\/\/github.com\/yasm\/yasm\/issues\/91use after free with malformed input file in yasm_intnum_destroy()."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"David R. Hanson. 1980. A Portable Storage Management System for The ICON Programming Language. Software: Practice and Experience.","DOI":"10.1002\/spe.4380100607"},{"key":"e_1_3_2_1_23_1","unstructured":"Mohannad Ismail Andrew Quach Christopher Jelesnianski Yeongjin Jang and Changwoo Min. 2022. Tightly Seal Your Sensitive Pointers with PACTight."},{"key":"e_1_3_2_1_24_1","unstructured":"John Leitch. 2015. hrefhttps:\/\/bugs.python.org\/issue24613array.fromstring Use After Free."},{"key":"e_1_3_2_1_25_1","unstructured":"Moshe Kol. 2023. Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel. In OffensiveCon."},{"key":"e_1_3_2_1_26_1","unstructured":"Byoungyoung Lee Chengyu Song Yeongjin Jang Tielei Wang Taesoo Kim Long Lu and Wenke Lee. 2021. Preventing Use-after-free with Dangling Pointers Nullification. In NDSS."},{"volume-title":"PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication","author":"Li Yuan","key":"e_1_3_2_1_27_1","unstructured":"Yuan Li, Wende Tan, Zhizheng Lv, Songtao Yang, Mathias Payer, Ying Liu, and Chao Zhang. 2022. PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication. In ACM CCS. Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_28_1","volume-title":"GIANTSAN: Efficient Memory Sanitization with Segment Folding","author":"Ling Hao","year":"2024","unstructured":"Hao Ling, Heqing Huang, Chengpeng Wang, Yuandao Cai, and Charles Zhang. 2024. GIANTSAN: Efficient Memory Sanitization with Segment Folding. In ASPLOS. Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_29_1","unstructured":"Linux Foundation. 2024. mmap(2) - Linux manual page."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3361525.3361532"},{"key":"e_1_3_2_1_31_1","unstructured":"LLVM Project. 2024. hrefhttps:\/\/github.com\/llvm\/llvm-project\/blob\/main\/llvm\/lib\/Target\/X86\/X86CallingConv.tdX86CallingConv.td."},{"key":"e_1_3_2_1_32_1","volume-title":"Where Does It Go' Refining Indirect-Call Targets with Multi-Layer Type Analysis","author":"Lu Kangjie","year":"1867","unstructured":"Kangjie Lu and Hong Hu. 2019. Where Does It Go' Refining Indirect-Call Targets with Multi-Layer Type Analysis. In ACM CCS. Association for Computing Machinery, New York, NY, USA, 1867--1881."},{"key":"e_1_3_2_1_33_1","unstructured":"Kangjie Lu Chengyu Song Taesoo Kim and Wenke Lee. 2016. UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages. In CCS."},{"key":"e_1_3_2_1_34_1","unstructured":"Manh Nguyen. [n. d.]. hrefhttps:\/\/github.com\/strongcourage\/uafbenchUAF Fuzzing Benchmark."},{"key":"e_1_3_2_1_35_1","first-page":"2015","volume":"201","unstructured":"National Vulnerability Database. 2015. CVE-2015--6831.","journal-title":"National Vulnerability Database."},{"key":"e_1_3_2_1_36_1","first-page":"2015","volume":"201","unstructured":"National Vulnerability Database. 2015. CVE-2015--6835.","journal-title":"National Vulnerability Database."},{"key":"e_1_3_2_1_37_1","first-page":"2018","volume":"201","unstructured":"National Vulnerability Database. 2018. CVE-2018--11496.","journal-title":"National Vulnerability Database."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI.","DOI":"10.1145\/1250734.1250746"},{"volume-title":"DieHarder: Securing The Heap","author":"Novark Gene","key":"e_1_3_2_1_39_1","unstructured":"Gene Novark and Emery D Berger. 2010. DieHarder: Securing The Heap. In ACM CCS. Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_40_1","unstructured":"OffSec Services Limited. 2024. Exploit Database - Exploits for Penetration Testers Researchers and Ethical Hackers."},{"key":"e_1_3_2_1_41_1","unstructured":"Chanyoung Park and Hyungon Moon. 2024. Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping. In NDSS."},{"key":"e_1_3_2_1_42_1","unstructured":"Konstantin Serebryany Derek Bruening Alexander Potapenko and Dmitry Vyukov. 2012. AddressSanitizer: a fast address sanity checker. In USENIX ATC."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"M. Sharir. 1981. A strong-connectivity algorithm and its applications in data flow analysis. Computers & Mathematics with Applications.","DOI":"10.1016\/0898-1221(81)90008-0"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Zekun Shen and Brendan Dolan-Gavitt. 2020. HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities. In ACSAC.","DOI":"10.1145\/3427228.3427645"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Jangseop Shin Donghyun Kwon Jiwon Seo Yeongpil Cho and Yunheung Paek. 2019. CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C\/C. In NDSS.","DOI":"10.14722\/ndss.2019.23541"},{"key":"e_1_3_2_1_46_1","volume-title":"Guarder: A Tunable Secure Allocator. In USENIX Security.","author":"Silvestro Sam","year":"2018","unstructured":"Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A Tunable Secure Allocator. In USENIX Security."},{"key":"e_1_3_2_1_47_1","unstructured":"Alexander Sotirov. 2007. Heap Feng Shui in Javascript. In Black Hat Europe."},{"key":"e_1_3_2_1_48_1","volume-title":"hrefhttps:\/\/www.spec.org\/cpu2017\/SPEC","author":"Standard Performance Evaluation Corporation","year":"2017","unstructured":"Standard Performance Evaluation Corporation. 2017. hrefhttps:\/\/www.spec.org\/cpu2017\/SPEC 2017."},{"volume-title":"SoK: Eternal War in Memory","author":"Szekeres L\u00e1szl\u00f3","key":"e_1_3_2_1_49_1","unstructured":"L\u00e1szl\u00f3 Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In IEEE S&P."},{"key":"e_1_3_2_1_50_1","unstructured":"The Apache Software Foundation. 2023. hrefhttps:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.htmlApache HTTP Server Documentation: ab - Apache HTTP Server Benchmarking Tool."},{"key":"e_1_3_2_1_51_1","unstructured":"Tristan Ravitch. 2023. hrefhttps:\/\/github.com\/travitch\/whole-program-llvmwhole program llvm."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Erik van der Kouwe Taddeus Kroes Chris Ouwehand Herbert Bos and Cristiano Giuffrida. 2018. Type-After-Type: Practical and Complete Type-Safe Memory Reuse. In ACSAC.","DOI":"10.1145\/3274694.3274705"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Erik van der Kouwe Vinod Nigade and Cristiano Giuffrida. 2017. DangSan: Scalable Use-after-Free Detection. In EuroSys.","DOI":"10.1145\/3064176.3064211"},{"key":"e_1_3_2_1_54_1","volume-title":"CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization","author":"Watson Robert N.M.","year":"2015","unstructured":"Robert N.M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In IEEE S&P."},{"key":"e_1_3_2_1_55_1","unstructured":"Brian Wickman Hong Hu Insu Yun DaeHee Jang JungWon Lim Sanidhya Kashyap and Taesoo Kim. 2021. Preventing Use-After-Free Attacks with Fast Forward Allocation. In USENIX Security."},{"key":"e_1_3_2_1_56_1","volume-title":"PUMM: Preventing Use-After-Free Using Execution Unit Partitioning. In USENIX Security.","author":"Yagemann Carter","year":"2023","unstructured":"Carter Yagemann, Simon P Chung, Brendan Saltaformaggio, and Wenke Lee. 2023. PUMM: Preventing Use-After-Free Using Execution Unit Partitioning. In USENIX Security."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Yves Younan. 2015. FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers. In NDSS.","DOI":"10.14722\/ndss.2015.23190"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3586038"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670363","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670363","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:54:38Z","timestamp":1755842078000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670363"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":58,"alternative-id":["10.1145\/3658644.3670363","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670363","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}