{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:22:24Z","timestamp":1772040144184,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":151,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Swiss National Science Foundation","award":["SNSF PCEGP2_186974"],"award-info":[{"award-number":["SNSF PCEGP2_186974"]}]},{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1801534"],"award-info":[{"award-number":["CNS-1801534"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Erciyes \u00dcniversitesi","doi-asserted-by":"publisher","award":["ERC Horizon 2020 grant 850868"],"award-info":[{"award-number":["ERC Horizon 2020 grant 850868"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690310","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"1330-1344","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3665-2687","authenticated-orcid":false,"given":"Kaiming","family":"Huang","sequence":"first","affiliation":[{"name":"The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5054-7547","authenticated-orcid":false,"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne, Lausanne, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1506-2522","authenticated-orcid":false,"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-4990-8585","authenticated-orcid":false,"given":"Jack","family":"Sampson","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6109-6091","authenticated-orcid":false,"given":"Gang","family":"Tan","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4964-1170","authenticated-orcid":false,"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[{"name":"University of California, Riverside, Riverside, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"340","volume-title":"Proceedings of the 12th ACM Conference on Computer and Communications Security (New York, NY, USA, 2005), CCS '05, ACM","author":"Abadi M.","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (New York, NY, USA, 2005), CCS '05, ACM, p. 340--353."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00058"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 19th USENIX Conference on Security","author":"Akritidis P.","year":"2010","unstructured":"Akritidis, P. Cling: A memory allocator to mitigate dangling pointers. In Proceedings of the 19th USENIX Conference on Security (2010)."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 18th Conference on USENIX Security Symposium","author":"Akritidis P.","year":"2009","unstructured":"Akritidis, P., Costa, M., Castro, M., and Hand, S. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the 18th Conference on USENIX Security Symposium (2009)."},{"key":"e_1_3_2_1_5_1","first-page":"33","volume-title":"Proceedings of the 26th IEEE\/ACM International Conference on Automated Software Engineering (2011), ASE '11","author":"Anand S.","unstructured":"Anand, S., and Harrold, M. J. Heap cloning: Enabling dynamic symbolic execution of java programs. In Proceedings of the 26th IEEE\/ACM International Conference on Automated Software Engineering (2011), ASE '11, p. 33--42."},{"key":"e_1_3_2_1_6_1","volume-title":"Computer security technology planning study. Tech. rep","author":"Anderson J. P.","year":"1972","unstructured":"Anderson, J. P. Computer security technology planning study. Tech. rep., The Mitre Corporation, Air Force Electronic Systems Division, 1972."},{"key":"e_1_3_2_1_7_1","volume-title":"CVE-2022--23088 Exploiting A Heap Overflow in the Freebsd WiFi Stack. https:\/\/www.zerodayinitiative.com\/blog\/2022\/6\/15\/cve-2022--23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack","author":"Anonymous","year":"2022","unstructured":"Anonymous. CVE-2022--23088 Exploiting A Heap Overflow in the Freebsd WiFi Stack. https:\/\/www.zerodayinitiative.com\/blog\/2022\/6\/15\/cve-2022--23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack, 2022."},{"key":"e_1_3_2_1_8_1","unstructured":"Apple. About the security content of ios 16.6.1 and ipados 16.6.1. https:\/\/ support.apple.com\/en-us\/106361. Accessed: 2024-04--10."},{"key":"e_1_3_2_1_9_1","unstructured":"Archives L. K. Linux kernel coding style. https:\/\/www.kernel.org\/doc\/html\/ next\/process\/coding-style.html. Accessed: 2024-04--10."},{"key":"e_1_3_2_1_10_1","volume-title":"34th European Conference on Object-Oriented Programming, ECOOP 2020","author":"Barbar M.","year":"2020","unstructured":"Barbar, M., Sui, Y., and Chen, S. Flow-sensitive type-based heap cloning. In 34th European Conference on Object-Oriented Programming, ECOOP 2020 (2020)."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (2006), PLDI '06.","author":"Berger E. D.","unstructured":"Berger, E. D., and Zorn, B. G. Diehard: Probabilistic memory safety for unsafe languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (2006), PLDI '06."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium","author":"Bhatkar S.","year":"2003","unstructured":"Bhatkar, S., DuVarney, D. C., and Sekar, R. Address obfuscation: An efficient approach to combat a board range of memory error exploits. In Proceedings of the 12th Conference on USENIX Security Symposium (2003)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23279"},{"key":"e_1_3_2_1_14_1","volume-title":"Kaplan, J., Edwards, H., Burda, Y., Joseph, N., Brockman, G., et al. Evaluating large language models trained on code. arXiv preprint arXiv:2107.03374","author":"Chen M.","year":"2021","unstructured":"Chen, M., Tworek, J., Jun, H., Yuan, Q., Pinto, H. P. d. O., Kaplan, J., Edwards, H., Burda, Y., Joseph, N., Brockman, G., et al. Evaluating large language models trained on code. arXiv preprint arXiv:2107.03374 (2021)."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium","author":"Chen S.","year":"2005","unstructured":"Chen, S., Xu, J., Sezer, E. C., Gauriar, P., and Iyer, R. K. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the 14th Conference on USENIX Security Symposium (2005)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3462699"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/780822.781157"},{"key":"e_1_3_2_1_21_1","volume-title":"2015 IEEE Symposium on Security and Privacy.","author":"Crane S.","unstructured":"Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.-R., Brunthaler, S., and Franz, M. Readactor: Practical code randomization resilient to memory disclosure. In 2015 IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_22_1","volume-title":"Exponential Analysis Speedup with State Merging. http: \/\/s2e.systems\/docs\/StateMerging.html","author":"Cyberhaven","year":"2018","unstructured":"Cyberhaven. Exponential Analysis Speedup with State Merging. http: \/\/s2e.systems\/docs\/StateMerging.html, 2018."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies (USA, 2008), WOOT'08, USENIX Association.","author":"Daniel M.","unstructured":"Daniel, M., Honoroff, J., and Miller, C. Engineering heap overflow exploits with javascript. In Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies (USA, 2008), WOOT'08, USENIX Association."},{"key":"e_1_3_2_1_24_1","unstructured":"Darpa. Cyber Grand Challenge. https:\/\/github.com\/CyberGrandChallenge\/."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133255.1133999"},{"key":"e_1_3_2_1_26_1","volume-title":"Cavallaro. Stack Bounds Protection with Low Fat Pointers. In Proceedings of the 2017 Network and Distributed System Security Symposium.","author":"Duck","unstructured":"Duck, Yap, and Cavallaro. Stack Bounds Protection with Low Fat Pointers. In Proceedings of the 2017 Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892212"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3296979.3192388"},{"key":"e_1_3_2_1_29_1","first-page":"53","volume-title":"2018 IEEE Cybersecurity Development (SecDev)","author":"Elliott A. S.","unstructured":"Elliott, A. S., Ruef, A., Hicks, M., and Tarditi, D. Checked c: Making c safe by extension. In 2018 IEEE Cybersecurity Development (SecDev), pp. 53--60."},{"key":"e_1_3_2_1_30_1","volume-title":"The cost of ransomware in 2020: A country-by-country analysis. https:\/\/blog.emsisoft.com\/en\/36665\/the-cost-of-ransomware-in-2020-acountry-by-country-analysis\/","author":"Emsisoft","year":"2020","unstructured":"Emsisoft. The cost of ransomware in 2020: A country-by-country analysis. https:\/\/blog.emsisoft.com\/en\/36665\/the-cost-of-ransomware-in-2020-acountry-by-country-analysis\/, 2020. Accessed on May 13, 2023."},{"key":"e_1_3_2_1_31_1","first-page":"10","article-title":"-L. Statically detecting use after free on binary code","author":"Feist J.","year":"2014","unstructured":"Feist, J., Mounier, L., and Potet, M.-L. Statically detecting use after free on binary code. Journal of Computer Virology and Hacking Techniques 10 (2014).","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"e_1_3_2_1_32_1","volume-title":"Tcmalloc: Thread-caching malloc. https:\/\/googperftools. sourceforge.net\/doc\/tcmalloc.html","author":"Ghemawat S.","year":"2021","unstructured":"Ghemawat, S., and Menage, P. Tcmalloc: Thread-caching malloc. https:\/\/googperftools. sourceforge.net\/doc\/tcmalloc.html, 2021."},{"key":"e_1_3_2_1_33_1","unstructured":"GitHub. GitHub Copilot. https:\/\/copilot.github.com\/."},{"key":"e_1_3_2_1_34_1","volume-title":"How tcmalloc works. https:\/\/jamesgolick.com\/2013\/5\/19\/howtcmalloc-works.html","author":"Golick J.","year":"2013","unstructured":"Golick, J. How tcmalloc works. https:\/\/jamesgolick.com\/2013\/5\/19\/howtcmalloc-works.html, 2013."},{"key":"e_1_3_2_1_35_1","unstructured":"Google. Google c style guide - static and global variables. https:\/\/ google.github.io\/styleguide\/cppguide.html#Static_and_Global_Variables."},{"key":"e_1_3_2_1_36_1","volume-title":"Partitionalloc design. https:\/\/chromium.googlesource.com\/chromium\/ src\/\/master\/base\/allocator\/partition_allocator\/PartitionAlloc.md","author":"Google","year":"2021","unstructured":"Google. Partitionalloc design. https:\/\/chromium.googlesource.com\/chromium\/ src\/\/master\/base\/allocator\/partition_allocator\/PartitionAlloc.md, 2021."},{"key":"e_1_3_2_1_37_1","volume-title":"Restartable sequence mechanism for tcmalloc. https:\/\/github.com\/ google\/tcmalloc\/blob\/master\/docs\/rseq.md","author":"Google","year":"2023","unstructured":"Google. Restartable sequence mechanism for tcmalloc. https:\/\/github.com\/ google\/tcmalloc\/blob\/master\/docs\/rseq.md, 2023."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978405"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.62"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23060"},{"key":"e_1_3_2_1_41_1","volume-title":"Comprehensive memory safety validation: An alternative approach to memory safety","author":"Huang K.","year":"2024","unstructured":"Huang, K., Payer, M., Qian, Z., Sampson, J., Tan, G., and Jaeger, T. Comprehensive memory safety validation: An alternative approach to memory safety. IEEE Security & Privacy (April 2024)."},{"key":"e_1_3_2_1_42_1","volume-title":"Top of the heap: Efficient memory error protection of safe heap objects. https: \/\/arxiv.org\/abs\/2310.06397","author":"Huang K.","year":"2024","unstructured":"Huang, K., Payer, M., Qian, Z., Sampson, J., Tan, G., and Jaeger, T. Top of the heap: Efficient memory error protection of safe heap objects. https: \/\/arxiv.org\/abs\/2310.06397, 2024."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00021"},{"key":"e_1_3_2_1_44_1","volume-title":"2019 IEEE Symposium on Security and Privacy (SP).","author":"Huang Z.","unstructured":"Huang, Z., Lie, D., Tan, G., and Jaeger, T. Using safety properties to generate vulnerability patches. In 2019 IEEE Symposium on Security and Privacy (SP)."},{"key":"e_1_3_2_1_45_1","volume-title":"Intel guide for developing multithreaded application. https: \/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/gdma-2-165938.pdf","author":"Intel","year":"2011","unstructured":"Intel. Intel guide for developing multithreaded application. https: \/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/gdma-2-165938.pdf. 2011."},{"key":"e_1_3_2_1_46_1","unstructured":"Intel. Intel oneapi threading building blocks. https:\/\/www.intel.com\/content\/ www\/us\/en\/developer\/tools\/oneapi\/onetbb.html#gs.63k1wf."},{"key":"e_1_3_2_1_47_1","volume-title":"Intel mpx explained - performance evaluation. https:\/\/intelmpx. github.io\/performance\/","author":"Intel","year":"2018","unstructured":"Intel. Intel mpx explained - performance evaluation. https:\/\/intelmpx. github.io\/performance\/, 2018. Accessed on May 23, 2023."},{"key":"e_1_3_2_1_48_1","volume-title":"Envisioning a simplified intel architecture. https:\/\/www.intel.com\/ content\/www\/us\/en\/developer\/articles\/technical\/envisioning-futuresimplified-architecture.html","author":"Intel","year":"2023","unstructured":"Intel. Envisioning a simplified intel architecture. https:\/\/www.intel.com\/ content\/www\/us\/en\/developer\/articles\/technical\/envisioning-futuresimplified-architecture.html, 2023. Accessed on May 21, 2023."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_3_2_1_50_1","unstructured":"jemalloc. jemalloc ' general purpose memory allocation functions. https: \/\/jemalloc.net\/jemalloc.3.html. Accessed on Mar 7 2024."},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), CCS '17.","author":"Jeon Y.","unstructured":"Jeon, Y., Biswas, P., Carr, S., Lee, B., and Payer, M. Hextype: Efficient detection of type confusion errors for c. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), CCS '17."},{"key":"e_1_3_2_1_52_1","volume-title":"Anna karenina principle","author":"Karenina A.","year":"2023","unstructured":"Karenina, A. Anna karenina principle, 2023."},{"key":"e_1_3_2_1_53_1","unstructured":"Kellermann M. The Dirty Pipe Vulnerability. https:\/\/dirtypipe.cm4all.com\/."},{"key":"e_1_3_2_1_54_1","volume-title":"2020 Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO).","author":"Kim Y.","unstructured":"Kim, Y., Lee, J., and Kim, H. Hardware-based always-on heap memory safety. In 2020 Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO)."},{"key":"e_1_3_2_1_55_1","volume-title":"Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation (2014), OSDI'14.","author":"Kuznetsov V.","unstructured":"Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., and Song, D. Code-pointer integrity. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation (2014), OSDI'14."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/989393.989440"},{"key":"e_1_3_2_1_57_1","volume-title":"2007 ACM SIGPLAN Conference on Programming Language Design and Implementation.","author":"Lattner C.","unstructured":"Lattner, C., Lenharth, A., and Adve, V. Making context-sensitive points-to analysis with heap cloning practical for the real world. In 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23238"},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the 2015 USENIX Security Symposium.","author":"Lee B.","unstructured":"Lee, B., Song, C., Kim, T., and Lee, W. Type casting verification: Stopping an emerging attack vector. In Proceedings of the 2015 USENIX Security Symposium."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480076"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.5555\/3620237.3620473"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560598"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24935"},{"key":"e_1_3_2_1_64_1","unstructured":"Library G. C. Glibc wiki - mallocinternals. https:\/\/sourceware.org\/glibc\/wiki\/ MallocInternals. Accessed on Mar 7 2024."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 28th USENIX Conference on Security Symposium","author":"Liljestrand H.","year":"2019","unstructured":"Liljestrand, H., Nyman, T.,Wang, K., Perez, C. C., Ekberg, J.-E., and Asokan, N. Pac it up: Towards pointer integrity using arm pointer authentication. In Proceedings of the 28th USENIX Conference on Security Symposium (2019)."},{"key":"e_1_3_2_1_66_1","volume-title":"Howautoslab changes the memory unsafety game. https:\/\/grsecurity.net\/ how_autoslab_changes_the_memory_unsafety_game","author":"Lin Z.","year":"2022","unstructured":"Lin, Z. Howautoslab changes the memory unsafety game. https:\/\/grsecurity.net\/ how_autoslab_changes_the_memory_unsafety_game, 2022."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560585"},{"key":"e_1_3_2_1_69_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Lin Z.","year":"2024","unstructured":"Lin, Z., Yu, Z., Guo, Z., Campanoni, S., Dinda, P., and Xing, X. CAMP: Compiler and allocator-based heap memory protection. In 33rd USENIX Security Symposium (USENIX Security 24) (Philadelphia, PA, Aug. 2024)."},{"key":"e_1_3_2_1_70_1","volume-title":"nx (no execute) support for x86. https:\/\/lkml.org\/lkml\/2004\/6\/2\/228","author":"Linux","year":"2004","unstructured":"Linux. Linux 2.6.7. nx (no execute) support for x86. https:\/\/lkml.org\/lkml\/2004\/6\/2\/228, 2004."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134066"},{"key":"e_1_3_2_1_72_1","volume-title":"https:\/\/clang-analyzer.llvm.org\/","author":"Clang","year":"2023","unstructured":"LLVM. Clang static analyzer. https:\/\/clang-analyzer.llvm.org\/, 2023."},{"key":"e_1_3_2_1_73_1","volume-title":"http:\/\/clang.llvm.org\/docs\/ UsersManual.html","author":"Clang","year":"2023","unstructured":"LLVM. Clang undefined behavior sanitizer. http:\/\/clang.llvm.org\/docs\/ UsersManual.html, 2023. Accessed: 2023-05-02."},{"key":"e_1_3_2_1_74_1","volume-title":"LLVM documentation at https:\/\/llvm.org\/docs\/ Passes.html#loop-simplify-canonicalize-natural-loops","author":"Canonicaliza","year":"2020","unstructured":"Canonicaliza natural loops. LLVM documentation at https:\/\/llvm.org\/docs\/ Passes.html#loop-simplify-canonicalize-natural-loops, 2020."},{"key":"e_1_3_2_1_75_1","volume-title":"LLVM documentation at https:\/\/llvm.org\/docs\/ LoopTerminology.html#loop-simplify-form","author":"Loop Simplify Form","year":"2020","unstructured":"Loop Simplify Form. LLVM documentation at https:\/\/llvm.org\/docs\/ LoopTerminology.html#loop-simplify-form, 2020."},{"key":"e_1_3_2_1_76_1","unstructured":"Mapping High Level Constructs to LLVM IR - Union. https: \/\/mapping-high-level-constructs-to-llvm-ir.readthedocs.io\/en\/latest\/basicconstructs\/ unions.html."},{"key":"e_1_3_2_1_77_1","volume-title":"Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape","author":"Microsoft","year":"2019","unstructured":"Microsoft. Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape, 2019."},{"key":"e_1_3_2_1_78_1","volume-title":"Customize exploit protection. https:\/\/learn.microsoft.com\/enus\/microsoft-365\/security\/defender-endpoint\/customize-exploitprotection?view=o365-worldwide","author":"Microsoft","year":"2022","unstructured":"Microsoft. Customize exploit protection. https:\/\/learn.microsoft.com\/enus\/microsoft-365\/security\/defender-endpoint\/customize-exploitprotection?view=o365-worldwide, 2022."},{"key":"e_1_3_2_1_79_1","volume-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS 2017).","author":"Midi D.","unstructured":"Midi, D., Payer, M., and Bertino, E. Memory safety for embedded devices with nescheck. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS 2017)."},{"key":"e_1_3_2_1_80_1","volume-title":"Network and Distributed System Security Symposium (NDSS","author":"Milburn A.","year":"2017","unstructured":"Milburn, A., Bos, H., and Giuffrida, C. Safelnit: Comprehensive and practical mitigation of uninitialized read vulnerabilities. In Network and Distributed System Security Symposium (NDSS 2017)."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833675"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"e_1_3_2_1_83_1","volume-title":"2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.","author":"Nagarakatte S.","unstructured":"Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. Softbound: Highly compatible and complete spatial memory safety for c. In 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"e_1_3_2_1_85_1","volume-title":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIA CCS 2021).","author":"Nasahl P.","unstructured":"Nasahl, P., Schilling, R., Werner, M., Hoogerbrugge, J., Medwed, M., and Mangard, S. Cryptag: Thwarting physical and logical memory vulnerabilities using cryptographically colored memory. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIA CCS 2021)."},{"key":"e_1_3_2_1_86_1","first-page":"3","article-title":"Ccured: Type-safe retrofitting of legacy software","volume":"27","author":"Necula G. C.","unstructured":"Necula, G. C., Condit, J., Harren, M., McPeak, S., and Weimer, W. Ccured: Type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27, 3.","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/565816.503286"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_13"},{"key":"e_1_3_2_1_89_1","unstructured":"Nginx. Nginx development guide - common pitfalls. https:\/\/nginx.org\/en\/docs\/ dev\/development_guide.html#common_pitfalls. Accessed: 2024-04--10."},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866371"},{"key":"e_1_3_2_1_91_1","volume-title":"Nsa releases guidance on how to protect against software memory safety issues","author":"CSS.","year":"2022","unstructured":"NSA-CSS. Nsa releases guidance on how to protect against software memory safety issues, 2022."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292040.3219662"},{"key":"e_1_3_2_1_93_1","volume-title":"Smashing the stack for fun and profit. Phrack magazine","author":"One A.","year":"1996","unstructured":"One, A. Smashing the stack for fun and profit. Phrack magazine (1996)."},{"key":"e_1_3_2_1_94_1","unstructured":"OpenAI. ChatGPT. https:\/\/chat.openai.com\/. Accessed on May 13 2023."},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00082"},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_2_1_97_1","unstructured":"ptmalloc. realloc(3) - linux man page. https:\/\/linux.die.net\/man\/3\/realloc."},{"key":"e_1_3_2_1_98_1","volume-title":"Language models are unsupervised multitask learners. OpenAI Blog (June","author":"Radford A.","year":"2019","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., and Sutskever, I. Language models are unsupervised multitask learners. OpenAI Blog (June 2019)."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/3470496.3527429"},{"key":"e_1_3_2_1_100_1","unstructured":"Riku Antti Matti and Mehta N. Heartbleed. http:\/\/heartbleed.com\/ 2014."},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_102_1","volume-title":"Towards the next generation of xnu memory safety: kalloc_type. https:\/\/security.apple.com\/blog\/towards-the-next-generation-ofxnu-memory-safety\/","author":"Security A.","year":"2022","unstructured":"Security, A. Towards the next generation of xnu memory safety: kalloc_type. https:\/\/security.apple.com\/blog\/towards-the-next-generation-ofxnu-memory-safety\/, 2022."},{"key":"e_1_3_2_1_103_1","unstructured":"Seeley D. A Tour of the Worm. https:\/\/www.cs.unc.edu\/~jeffay\/courses\/ nidsS05\/attacks\/seely-RTMworm-89.html."},{"key":"e_1_3_2_1_104_1","first-page":"44","article-title":"Arm memory tagging extension and how it improves c\/c memory safety. log","author":"Serebryany K","year":"2019","unstructured":"Serebryany, K. Arm memory tagging extension and how it improves c\/c memory safety. login Usenix Mag. 44 (2019).","journal-title":"Usenix Mag."},{"key":"e_1_3_2_1_105_1","volume-title":"Proceedings of the 2012 USENIX Conference on Annual Technical Conference (ATC","author":"Serebryany K.","year":"2012","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. Addresssanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (ATC 2012)."},{"key":"e_1_3_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00068"},{"key":"e_1_3_2_1_107_1","unstructured":"Sharir M. and Pnueli A. Two approaches to interprocedural data flow analysis."},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133957"},{"key":"e_1_3_2_1_109_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-84800-017-9"},{"key":"e_1_3_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2010.15"},{"key":"e_1_3_2_1_111_1","volume-title":"Proceedings of the 2018 Annual International Symposium on Computer Architecture.","author":"Sinha K.","unstructured":"Sinha, K., and Sethumadhavan, S. Practical memory safety with rest. In Proceedings of the 2018 Annual International Symposium on Computer Architecture."},{"key":"e_1_3_2_1_112_1","volume-title":"32nd European Conference on Object-Oriented Programming (ECOOP","author":"Smaragdakis Y.","year":"2018","unstructured":"Smaragdakis, Y., and Kastrinis, G. Defensive Points-To Analysis: Effective Soundness via Laziness. In 32nd European Conference on Object-Oriented Programming (ECOOP 2018)."},{"key":"e_1_3_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_114_1","volume-title":"The state of ransomware. https:\/\/news.sophos.com\/en-us\/2024\/04\/30\/the-state-of-ransomware-2024","author":"Sophos","year":"2024","unstructured":"Sophos. The state of ransomware. https:\/\/news.sophos.com\/en-us\/2024\/04\/30\/the-state-of-ransomware-2024, 2024."},{"key":"e_1_3_2_1_115_1","volume-title":"Heap feng shui in javascript. Black Hat Europe","author":"Sotirov A.","year":"2007","unstructured":"Sotirov, A. Heap feng shui in javascript. Black Hat Europe (2007)."},{"key":"e_1_3_2_1_116_1","volume-title":"2022 IEEE Symposium on Security and Privacy (S&P","author":"Stamatogiannakis M.","year":"2022","unstructured":"Stamatogiannakis, M., Bos, H., Giuffrida, C., Mavroudis, V., and Papadopoulos, S. Asleep at the keyboard? assessing the security of github copilot's code contributions. In 2022 IEEE Symposium on Security and Privacy (S&P 2022)."},{"key":"e_1_3_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1145\/2854038.2854043"},{"key":"e_1_3_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892235"},{"key":"e_1_3_2_1_120_1","first-page":"8","article-title":"Value-flow-based demand-driven pointer analysis for c and c","volume":"46","author":"Sui Y.","year":"2018","unstructured":"Sui, Y., and Xue, J. Value-flow-based demand-driven pointer analysis for c and c. IEEE Transactions on Software Engineering 46, 8 (2018), 812--835.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950296"},{"key":"e_1_3_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2302311"},{"key":"e_1_3_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336784"},{"key":"e_1_3_2_1_124_1","volume-title":"An update on memory safety in chrome. https:\/\/security.googleblog.com\/2021\/09\/an-update-on-memory-safety-in-chrome.html","author":"Taylor A.","year":"2021","unstructured":"Taylor, A., Whalley, A., Jansens, D., and Oskov, N. An update on memory safety in chrome. https:\/\/security.googleblog.com\/2021\/09\/an-update-on-memory-safety-in-chrome.html, 2021."},{"key":"e_1_3_2_1_125_1","volume-title":"The 15th Brazilian Symposium on Programming Languages (SBLP","author":"Teixeira D.","year":"2011","unstructured":"Teixeira, D., and Pereira, F. M. Q. The Design and Implementation of a Non-Iterative Range Analysis Algorithm on a Production Compiler. In The 15th Brazilian Symposium on Programming Languages (SBLP 2011)."},{"key":"e_1_3_2_1_126_1","first-page":"26","article-title":"Future software should be memory safe. https:\/\/www.whitehouse.gov\/oncd\/briefing-room\/2024\/02\/26\/pressrelease-technical-report\/","author":"The White House","year":"2024","unstructured":"The White House. Press release: Future software should be memory safe. https:\/\/www.whitehouse.gov\/oncd\/briefing-room\/2024\/02\/26\/pressrelease-technical-report\/. FEBRUARY 26, 2024.","journal-title":"FEBRUARY"},{"key":"e_1_3_2_1_127_1","unstructured":"Tolstoy L. Anna Karenina. Wordsworth Editions Tsarist Russia 1995."},{"key":"e_1_3_2_1_128_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623138"},{"key":"e_1_3_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274705"},{"key":"e_1_3_2_1_130_1","volume-title":"2017 European Conference on Computer Systems.","author":"van der Kouwe E.","unstructured":"van der Kouwe, E., Nigade, V., and Giuffrida, C. Dangsan: Scalable use after-free detection. In 2017 European Conference on Computer Systems."},{"key":"e_1_3_2_1_131_1","unstructured":"Ventures C. Cybersecurity ventures? ransomware damage report. https:\/\/cybersecurityventures.com\/cybersecurity-500\/."},{"key":"e_1_3_2_1_132_1","volume-title":"30th USENIX Security Symposium","author":"Wang Y.","year":"2021","unstructured":"Wang, Y., Zhang, C., Zhao, Z., Zhang, B., Gong, X., and Zou, W. MAZE: Towards automated heap feng shui. In 30th USENIX Security Symposium (2021)."},{"key":"e_1_3_2_1_133_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996859"},{"key":"e_1_3_2_1_134_1","volume-title":"30th USENIX Security Symposium","author":"Wickman B.","year":"2021","unstructured":"Wickman, B., Hu, H., Yun, I., Jang, D., Lim, J., Kashyap, S., and Kim, T. Preventing Use-After-Free attacks with fast forward allocation. In 30th USENIX Security Symposium (2021)."},{"key":"e_1_3_2_1_135_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (SEC","author":"Wu W.","year":"2019","unstructured":"Wu, W., Chen, Y., Xing, X., and Zou, W. Kepler: facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities. In Proceedings of the 28th USENIX Security Symposium (SEC 2019)."},{"key":"e_1_3_2_1_136_1","volume-title":"27th USENIX Security Symposium (SEC","author":"Wu W.","year":"2018","unstructured":"Wu, W., Chen, Y., Xu, J., Xing, X., Gong, X., and Zou, W. FUZE: Towards facilitating exploit generation for kernel use-after-free vulnerabilities. In 27th USENIX Security Symposium (SEC 2018)."},{"key":"e_1_3_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1145\/3520312.3534862"},{"key":"e_1_3_2_1_138_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446761"},{"key":"e_1_3_2_1_139_1","volume-title":"Proceedings of the 2018 International Conference on Software Engineering.","author":"Yan H.","unstructured":"Yan, H., Sui, Y., Chen, S., and Xue, J. Spatio-temporal context reduction: A pointer-analysis-based static approach for detecting use-after-free vulnerabilities. In Proceedings of the 2018 International Conference on Software Engineering."},{"key":"e_1_3_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134620"},{"key":"e_1_3_2_1_141_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2662394"},{"key":"e_1_3_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23190"},{"key":"e_1_3_2_1_143_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409686"},{"key":"e_1_3_2_1_144_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24380"},{"key":"e_1_3_2_1_145_1","volume-title":"USENIX Security Symposium","author":"Zhai Y.","year":"2024","unstructured":"Zhai, Y., Qian, Z., Song, C., Sridharan, M., Jaeger, T., Yu, P., and Krishnamurthy, S. V. Don't waste my efforts: Pruning redundant sanitizer checks of developer-implemented type checks. In USENIX Security Symposium (2024)."},{"key":"e_1_3_2_1_146_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23164"},{"key":"e_1_3_2_1_147_1","volume-title":"31st USENIX Security Symposium (SEC","author":"Zhang Y.","year":"2022","unstructured":"Zhang, Y., Pang, C., Portokalidis, G., Triandopoulos, N., and Xu, J. Debloating address sanitizer. In 31st USENIX Security Symposium (SEC 2022)."},{"key":"e_1_3_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1145\/3586038"},{"key":"e_1_3_2_1_149_1","first-page":"8","article-title":"Scalable static detection of use-after-free vulnerabilities in binary code","author":"Zhu K.","year":"2020","unstructured":"Zhu, K., Lu, Y., and Huang, H. Scalable static detection of use-after-free vulnerabilities in binary code. IEEE Access 8 (2020).","journal-title":"IEEE Access"},{"key":"e_1_3_2_1_150_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24926"},{"key":"e_1_3_2_1_151_1","volume-title":"31st USENIX Security Symposium (SEC","author":"Zou X.","year":"2022","unstructured":"Zou, X., Li, G., Chen, W., Zhang, H., and Qian, Z. SyzScope: Revealing High-Risk security impacts of Fuzzer-Exposed bugs in linux kernel. In 31st USENIX Security Symposium (SEC 2022)."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690310","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690310","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:10:28Z","timestamp":1755843028000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690310"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":151,"alternative-id":["10.1145\/3658644.3690310","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690310","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}