{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T01:20:09Z","timestamp":1740100809898,"version":"3.37.3"},"reference-count":66,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,3,1]],"date-time":"2022-03-01T00:00:00Z","timestamp":1646092800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,3,1]],"date-time":"2022-03-01T00:00:00Z","timestamp":1646092800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1657199"],"award-info":[{"award-number":["1657199"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,3]]},"DOI":"10.1109\/saner53432.2022.00115","type":"proceedings-article","created":{"date-parts":[[2022,7,21]],"date-time":"2022-07-21T19:36:45Z","timestamp":1658432205000},"page":"971-982","source":"Crossref","is-referenced-by-count":2,"title":["Characterizing and Improving Bug-Finders with Synthetic Bugs"],"prefix":"10.1109","author":[{"given":"Yu","family":"Hu","sequence":"first","affiliation":[{"name":"New York University"}]},{"given":"Zekun","family":"Shen","sequence":"additional","affiliation":[{"name":"New York University"}]},{"given":"Brendan","family":"Dolan-Gavitt","sequence":"additional","affiliation":[{"name":"New York University"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227146"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115670"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2345156.2254088"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572286"},{"key":"ref30","article-title":"Nist software assurance metrics and tool evaluation (samate) project","author":"kass","year":"0","journal-title":"Workshop on the Evaluation of Software Defect Detection Tools"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509553"},{"journal-title":"Vfuzz Vulnerability-oriented evolutionary fuzzing","year":"0","author":"li","key":"ref36"},{"key":"ref35","first-page":"211","author":"li","year":"0","journal-title":"Automated source code instrumentation for verifying potential vulnerabilities"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2018.8342123"},{"key":"ref60","article-title":"On benchmarking the capability of symbolic execution tools with logic bombs","volume":"abs 1712 1674","author":"xu","year":"2017","journal-title":"CoRR"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2017.3571576"},{"key":"ref61","first-page":"283","volume":"46","author":"yang","year":"0","journal-title":"Finding and Understanding Bugs in C Compilers"},{"key":"ref63","first-page":"498","author":"yu","year":"2019","journal-title":"State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115669"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0196733"},{"key":"ref27","article-title":"Autoctf: Creating diverse pwnables via automated bug injection","author":"hulin","year":"2017","journal-title":"11th USENIX Workshop on Offensive Technologies (WOOT 17)"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610392"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029911"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2019.00020"},{"journal-title":"Darpa cgc chanllenges","year":"0","key":"ref2"},{"journal-title":"AFL","year":"0","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/C-M.1978.218136"},{"key":"ref22","article-title":"A simple and intuitive algorithm for preventing directory traversal attacks","volume":"abs 1908 4502","author":"flanders","year":"2019","journal-title":"CoRR"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.15"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1109\/TSE.1977.231145","article-title":"testing programs with the aid of a compiler","volume":"se 3","author":"hamlet","year":"1977","journal-title":"IEEE Transactions on Software Engineering"},{"key":"ref23","article-title":"Evaluating manual intervention to address the challenges of bug finding with KLEE","volume":"abs 1805 3450","author":"galea","year":"2018","journal-title":"CoRR"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1499799.1499922"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3428334"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/11817963_38"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081750"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2989171"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771818"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.5220\/0005032902440252"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11936-6_27"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468620"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-016-5589-6"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2015.7392027"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1966445.1966463"},{"key":"ref11","first-page":"199","article-title":"Redundant state detection for dynamic symbolic execution","author":"bugrara","year":"0"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227146"},{"key":"ref12","first-page":"209","article-title":"Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1455518.1455522"},{"key":"ref14","article-title":"Selective Symbolic Execution","author":"chipounov","year":"0","journal-title":"Workshop on Hot Topics in System Dependability (HotDep)"},{"key":"ref15","first-page":"265","author":"chipounov","year":"0","journal-title":"S2E A Platform for In-Vivo Multi-Path Analysis of Software Systems"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/800191.805647"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2017.29"},{"key":"ref18","first-page":"264","author":"corin","year":"2012","journal-title":"Taint Analysis of Security Code in the KLEE Symbolic Execution Engine"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28891-3_12"},{"journal-title":"Linux flaw","year":"0","key":"ref4"},{"journal-title":"Juliet test suite v1 3","year":"0","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/s10817-006-9026-1"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2714064.2660200"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/11513988_4"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19237-1_4"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/800027.808445"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236084"},{"key":"ref45","first-page":"94","article-title":"The smt-lib format: An initial proposal","author":"ranise","year":"0","journal-title":"PDPAR"},{"key":"ref48","first-page":"31","article-title":"Triton: A dynamic symbolic execution framework","author":"saudel","year":"2015","journal-title":"Symposium sur la sécurité des technologies de l'information et des communications SSTIC"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3377812.3382148"},{"key":"ref42","first-page":"53","author":"palikareva","year":"2013","journal-title":"Multi-solver Support in Symbolic Execution"},{"journal-title":"CWE - Common Weakness Enumeration","year":"0","key":"ref41"},{"key":"ref44","first-page":"49","article-title":"Under-constrained symbolic execution: Correctness checking for real code","author":"ramos","year":"2015","journal-title":"24th USENIX Security Symposium (USENIX Security 15)"},{"journal-title":"Evilcoder Automated bug insertion","year":"2020","author":"pewny","key":"ref43"}],"event":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","start":{"date-parts":[[2022,3,15]]},"location":"Honolulu, HI, USA","end":{"date-parts":[[2022,3,18]]}},"container-title":["2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9825713\/9825693\/09825782.pdf?arnumber=9825782","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,8]],"date-time":"2022-08-08T19:59:34Z","timestamp":1659988774000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9825782\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3]]},"references-count":66,"URL":"https:\/\/doi.org\/10.1109\/saner53432.2022.00115","relation":{},"subject":[],"published":{"date-parts":[[2022,3]]}}}