{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T22:32:24Z","timestamp":1769725944082,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":93,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,3,30]]},"DOI":"10.1145\/3689031.3696089","type":"proceedings-article","created":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:25:20Z","timestamp":1742970320000},"page":"1077-1091","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["BESA: Extending Bugs Triggered by Runtime Testing via Static Analysis"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9500-6100","authenticated-orcid":false,"given":"Jia-Ju","family":"Bai","sequence":"first","affiliation":[{"name":"Beihang University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,3,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"ASan: address sanitizer. https:\/\/github.com\/google\/sanitizers\/wiki\/AddressSanitizer."},{"issue":"12","key":"e_1_3_2_1_2_1","first-page":"5120","article-title":"Hybrid static-dynamic analysis of data races caused by inconsistent locking discipline in device drivers","volume":"48","author":"Bai Jia-Ju","year":"2021","unstructured":"Jia-Ju Bai, Qiu-Liang Chen, Zu-Ming Jiang, Julia Lawall, and Shi-Min Hu. Hybrid static-dynamic analysis of data races caused by inconsistent locking discipline in device drivers. IEEE Transactions on Software Engineering (TSE), 48(12):5120--5135, 2021.","journal-title":"IEEE Transactions on Software Engineering (TSE)"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3288876"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/3358807.3358830"},{"key":"e_1_3_2_1_5_1","volume-title":"Effective detection of sleep-in-atomic-context bugs in the Linux kernel. ACM Transactions on Computer Systems (TOCS), 36(4):1--30","author":"Bai Jia-Ju","year":"2020","unstructured":"Jia-Ju Bai, Julia Lawall, and Shi-Min Hu. Effective detection of sleep-in-atomic-context bugs in the Linux kernel. ACM Transactions on Computer Systems (TOCS), 36(4):1--30, 2020."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806799.1806805"},{"key":"e_1_3_2_1_7_1","first-page":"3727","volume-title":"Proceedings of the 32nd USENIX Security Symposium","author":"Cai Yuandao","year":"2023","unstructured":"Yuandao Cai, Peisen Yao, Chengfeng Ye, and Charles Zhang. Place your locks well: understanding and detecting lock misuse bugs. In Proceedings of the 32nd USENIX Security Symposium, pages 3727--3744, 2023."},{"key":"e_1_3_2_1_8_1","first-page":"2325","volume-title":"Proceedings of the 29th USENIX Security Symposium","author":"Chen Hongxu","year":"2020","unstructured":"Hongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, and Yang Liu. MUZZ: thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs. In Proceedings of the 29th USENIX Security Symposium, pages 2325--2342, 2020."},{"key":"e_1_3_2_1_9_1","first-page":"1093","volume-title":"Proceedings of the 29th USENIX Security Symposium","author":"Chen Weiteng","year":"2020","unstructured":"Weiteng Chen, Xiaochen Zou, Guoren Li, and Zhiyun Qian. KOOBE: towards facilitating exploit generation of kernel out-of-bound write vulnerabilities. In Proceedings of the 29th USENIX Security Symposium, pages 1093--1110, 2020."},{"key":"e_1_3_2_1_10_1","unstructured":"Clang: a LLVM-based compiler. https:\/\/clang.llvm.org\/."},{"key":"e_1_3_2_1_11_1","unstructured":"CLOC: count lines of code. https:\/\/cloc.sourceforge.net."},{"key":"e_1_3_2_1_12_1","unstructured":"Cppcheck: a tool for static C\/C++ code analysis. http:\/\/cppcheck.sourceforge.net\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Clang Static Analyzer. https:\/\/clang-analyzer.llvm.org\/."},{"key":"e_1_3_2_1_14_1","first-page":"820","volume-title":"Proceedings of the 38th International Conference on Software Engineering (ICSE)","author":"Cui Weidong","year":"2016","unstructured":"Weidong Cui, Marcus Peinado, Sang Kil Cha, Yanick Fratantonio, and Vasileios P Kemerlis. RETracer: triaging crashes by reverse execution from partial memory dumps. In Proceedings of the 38th International Conference on Software Engineering (ICSE), pages 820--831, 2016."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31057-7_29"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3332466.3374515"},{"key":"e_1_3_2_1_17_1","first-page":"230","volume-title":"Proceedings of the 15th International Conference on Programming Language Design and Implementation (PLDI)","author":"Deutch Alain","year":"1994","unstructured":"Alain Deutch. Interprocedural may-alias analysis for pointers, beyond k-limiting. In Proceedings of the 15th International Conference on Programming Language Design and Implementation (PLDI), pages 230--241, 1994."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332463"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00025"},{"key":"e_1_3_2_1_20_1","volume-title":"Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology (TOSEM), 17(2):1--34","author":"Fink Stephen J","year":"2008","unstructured":"Stephen J Fink, Eran Yahav, Nurit Dor, G Ramalingam, and Emmanuel Geay. Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology (TOSEM), 17(2):1--34, 2008."},{"key":"e_1_3_2_1_21_1","unstructured":"Segmentation fault in gf_avc_parse_nalu(). https:\/\/github.com\/gpac\/gpac\/issues\/1902."},{"key":"e_1_3_2_1_22_1","unstructured":"Segmentation fault in gf_svg_get_attribute_name(). https:\/\/github.com\/gpac\/gpac\/issues\/1967."},{"key":"e_1_3_2_1_23_1","unstructured":"Segmentation fault in gf_node_get_tag(). https:\/\/github.com\/gpac\/gpac\/issues\/1961."},{"key":"e_1_3_2_1_24_1","unstructured":"Segmentation fault in gf_sg_vrml_mf_append(). https:\/\/github.com\/gpac\/gpac\/issues\/1960."},{"key":"e_1_3_2_1_25_1","unstructured":"Segmentation fault in gf_dump_vrml_simple_field(). https:\/\/github.com\/gpac\/gpac\/issues\/2232."},{"key":"e_1_3_2_1_26_1","unstructured":"Segmentation fault in gf_filter_pid_set_property_full(). https:\/\/github.com\/gpac\/gpac\/issues\/2223."},{"key":"e_1_3_2_1_27_1","unstructured":"Segmentation fault in gf_dump_vrml_sffield(). https:\/\/github.com\/gpac\/gpac\/issues\/2277."},{"key":"e_1_3_2_1_28_1","first-page":"1","volume-title":"Proceedings of the 6th International Conference on File and Storage Technologies (FAST)","author":"Gunawi Haryadi S","year":"2008","unstructured":"Haryadi S Gunawi, Cindy Rubio-Gonz\u00e1lez, Andrea C Arpaci-Dusseau, Remzi H Arpaci-Dusseau, and Ben Liblit. EIO: error handling is occasionally correct. In Proceedings of the 6th International Conference on File and Storage Technologies (FAST), pages 1--16, 2008."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250764"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09799-2"},{"key":"e_1_3_2_1_31_1","unstructured":"Facebook Infer: a tool to detect bugs in Java and C\/C++\/Objective-C code. https:\/\/fbinfer.com\/."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993544"},{"key":"e_1_3_2_1_34_1","first-page":"221","volume-title":"Proceedings of the 10th International Symposium on Operating Systems Design and Implementation (OSDI)","author":"Jin Guoliang","year":"2012","unstructured":"Guoliang Jin, Wei Zhang, and Dongdong Deng. Automated concurrency-bug fixing. In Proceedings of the 10th International Symposium on Operating Systems Design and Implementation (OSDI), pages 221--236, 2012."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132767"},{"key":"e_1_3_2_1_36_1","unstructured":"KASAN: kernel address sanitizer in the Linux kernel. https:\/\/www.kernel.org\/doc\/html\/latest\/dev-tools\/kasan.html."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178372.3179519"},{"key":"e_1_3_2_1_38_1","unstructured":"Fix null-ptr derefer after live migration. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/next\/linux-next.git\/commit\/?id=d50b7914."},{"key":"e_1_3_2_1_39_1","unstructured":"Fix null-ptr dereference in dsa_slave_changeupper(). https:\/\/lore.kernel.org\/all\/20220819173925.3581871-1-vladimir.oltean@nxp.com\/."},{"key":"e_1_3_2_1_40_1","unstructured":"Fix null-ptr derefer in rose_send_frame(). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/next\/linux-next.git\/commit\/?id=e97c089d."},{"key":"e_1_3_2_1_41_1","unstructured":"Fix null-ptr derefer in hugetlbfs_parse_param(). https:\/\/lore.kernel.org\/all\/20221020231609.4810-1-yin31149@gmail.com."},{"key":"e_1_3_2_1_42_1","unstructured":"kernel NULL pointer dereference in ni_write_inode(). https:\/\/syzkaller.appspot.com\/bug?extid=f45957555ed4a808cc7a."},{"key":"e_1_3_2_1_43_1","unstructured":"Add null check to attr_load_runs_vcn(). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/next\/linux-next.git\/commit\/?id=2681631c."},{"key":"e_1_3_2_1_44_1","unstructured":"Fix null dereference in drm_vblank_destroy_worker(). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/next\/linux-next.git\/commit\/?id=4979524f."},{"key":"e_1_3_2_1_45_1","unstructured":"The variable sdata could be null during AMPDU start. https:\/\/lore.kernel.org\/all\/20221230121850.218810-2-alexander@wetzel-home.de."},{"key":"e_1_3_2_1_46_1","unstructured":"Null-ptr dereference in ring_buffer_wake_waiters(). https:\/\/bugzilla.opensuse.org\/show_bug.cgi?id=1204705."},{"key":"e_1_3_2_1_47_1","unstructured":"Fix null-ptr derefer in nilfs_palloc_commit_free_entry(). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/next\/linux-next.git\/commit\/?id=f0a0ccda."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.9"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507770"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833683"},{"key":"e_1_3_2_1_51_1","first-page":"271","volume-title":"Proceedings of the 14th USENIX Security Symposium","author":"Benjamin Livshits V","year":"2005","unstructured":"V Benjamin Livshits and Monica S Lam. Finding security vulnerabilities in Java applications with static analysis. In Proceedings of the 14th USENIX Security Symposium, pages 271--286, 2005."},{"key":"e_1_3_2_1_52_1","unstructured":"LLVM compiler infrastructure. https:\/\/llvm.org\/."},{"key":"e_1_3_2_1_53_1","first-page":"1867","volume-title":"Proceedings of the 26th International Conference on Computer and Communications Security (CCS)","author":"Lu Kangjie","year":"2019","unstructured":"Kangjie Lu and Hong Hu. Where does it go? refining indirect-call targets with multi-layer type analysis. In Proceedings of the 26th International Conference on Computer and Communications Security (CCS), pages 1867--1881, 2019."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361461"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_2_1_56_1","first-page":"63","volume-title":"Proceedings of the 12th International Symposium on Foundations of Software Engineering (FSE)","author":"Manevich Roman","year":"2004","unstructured":"Roman Manevich, Manu Sridharan, Stephen Adams, Manuvir Das, and Zhe Yang. PSE: explaining program failures via postmortem static analysis. In Proceedings of the 12th International Symposium on Foundations of Software Engineering (FSE), pages 63--72, 2004."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2259016.2259049"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2501854"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/2478566.2479080"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660193.2660205"},{"key":"e_1_3_2_1_61_1","unstructured":"Sqlite: segmentation fault in isAuxiliaryVtabOperator(). https:\/\/www.sqlite.org\/cgi\/src\/info\/4374860b29383380."},{"key":"e_1_3_2_1_62_1","unstructured":"Sqlite: fixing a segment fault in isAuxiliaryVtabOperator(). https:\/\/github.com\/sqlite\/sqlite\/commit\/bf48ce."},{"key":"e_1_3_2_1_63_1","unstructured":"Sqlite: segment fault in isLikeOrGlob(). https:\/\/sqlite.org\/forum\/forumpost\/699b44b3ee."},{"key":"e_1_3_2_1_64_1","unstructured":"Sqlite: fixing a segment fault in isLikeOrGlob().Error! Hyperlink reference not valid."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542506"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451131"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3192366.3192418"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290361"},{"key":"e_1_3_2_1_69_1","unstructured":"Sqlite: segment fault in idxGetTableInfo(). https:\/\/www.sqlite.org\/forum\/forumpost\/78165fa250."},{"key":"e_1_3_2_1_70_1","unstructured":"Sqlite: segmentation fault in apndOpen(). https:\/\/www.sqlite.org\/forum\/forumpost\/78165fa250."},{"key":"e_1_3_2_1_71_1","unstructured":"Sqlite database system. https:\/\/www.sqlite.org\/index.html."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1986.6312929"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2967973.2968597"},{"key":"e_1_3_2_1_74_1","volume-title":"Loop-oriented pointer analysis for automatic SIMD vectorization. ACM Transactions on Embedded Computing Systems (TECS), 17(2):1--31","author":"Sui Yulei","year":"2018","unstructured":"Yulei Sui, Xiaokang Fan, Hao Zhou, and Jingling Xue. Loop-oriented pointer analysis for automatic SIMD vectorization. ACM Transactions on Embedded Computing Systems (TECS), 17(2):1--31, 2018."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2302311"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2555243.2555260"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180250"},{"key":"e_1_3_2_1_78_1","unstructured":"Null-ptr dereference in function vim_regexec_string(). https:\/\/huntr.dev\/bounties\/7a4c59f3-fcc0-4496-995d-5ca6acd2da51."},{"key":"e_1_3_2_1_79_1","unstructured":"Null-ptr dereference in function diff_check(). https:\/\/huntr.dev\/bounties\/7bfe3d5b-568f-4c34-908f-a39909638cc1."},{"key":"e_1_3_2_1_80_1","unstructured":"Null-ptr dereference in function sug_filltree(). https:\/\/huntr.dev\/bounties\/fd3a3ab8-ab0f-452f-afea-8c613e283fd2."},{"key":"e_1_3_2_1_81_1","unstructured":"Null-ptr dereference in function class_object_index(). https:\/\/huntr.dev\/bounties\/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9."},{"key":"e_1_3_2_1_82_1","unstructured":"Null-ptr dereference in function get_register(). https:\/\/huntr.dev\/bounties\/1679be5a-565f-4a44-a430-836412a0b622."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380386"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3190645"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610395"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134620"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180178"},{"key":"e_1_3_2_1_88_1","unstructured":"Z3: a theorem prover. https:\/\/github.com\/Z3Prover\/z3."},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409686"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3160155"},{"key":"e_1_3_2_1_91_1","first-page":"3273","volume-title":"Proceedings of the 31st USENIX Security Symposium","author":"Zhao Bodong","year":"2022","unstructured":"Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, and Chao Zhang. StateFuzz: system call-based state-aware Linux driver fuzzing. In Proceedings of the 31st USENIX Security Symposium, pages 3273--3289, 2022."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2013.44"},{"key":"e_1_3_2_1_93_1","first-page":"3201","volume-title":"Proceedings of the 31st USENIX Security Symposium","author":"Zou Xiaochen","year":"2022","unstructured":"Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian. SyzScope: revealing high-risk security impacts of fuzzer-exposed bugs in Linux kernel. In Proceedings of the 31st USENIX Security Symposium, pages 3201--3217, 2022."}],"event":{"name":"EuroSys '25: Twentieth European Conference on Computer Systems","location":"Rotterdam Netherlands","acronym":"EuroSys '25","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Twentieth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689031.3696089","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689031.3696089","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T11:21:44Z","timestamp":1755775304000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689031.3696089"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,30]]},"references-count":93,"alternative-id":["10.1145\/3689031.3696089","10.1145\/3689031"],"URL":"https:\/\/doi.org\/10.1145\/3689031.3696089","relation":{},"subject":[],"published":{"date-parts":[[2025,3,30]]},"assertion":[{"value":"2025-03-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}