{"id":"https://openalex.org/W2017612563","doi":"https://doi.org/10.1145/1251535.1251546","title":"Refining buffer overflow detection via demand-driven path-sensitive analysis","display_name":"Refining buffer overflow detection via demand-driven path-sensitive analysis","publication_year":2007,"publication_date":"2007-06-13","ids":{"openalex":"https://openalex.org/W2017612563","doi":"https://doi.org/10.1145/1251535.1251546","mag":"2017612563"},"language":"en","primary_location":{"id":"doi:10.1145/1251535.1251546","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1251535.1251546","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074426991","display_name":"Wei Le","orcid":"https://orcid.org/0000-0002-6797-0648"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Wei Le","raw_affiliation_strings":["University of Virginia, Charlottesville, VA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047746948","display_name":"Mary Lou Soffa","orcid":"https://orcid.org/0000-0002-3665-7763"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mary Lou Soffa","raw_affiliation_strings":["University of Virginia, Charlottesville, VA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA","institution_ids":["https://openalex.org/I51556381"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5074426991"],"corresponding_institution_ids":["https://openalex.org/I51556381"],"apc_list":null,"apc_paid":null,"fwci":0.9727,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.74976009,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"63","last_page":"68"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8755595684051514},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.8416771292686462},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.7665932178497314},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.686880350112915},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6157363057136536},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.6117931604385376},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.5655049681663513},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5256739258766174},{"id":"https://openalex.org/keywords/buffer","display_name":"Buffer (optical fiber)","score":0.4640924334526062},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.4599863588809967},{"id":"https://openalex.org/keywords/program-analysis","display_name":"Program analysis","score":0.4458834230899811},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.43896767497062683},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4270448088645935},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4006730914115906},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3875490725040436},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.249339759349823},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2319229245185852},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.14542409777641296},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.12270456552505493}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8755595684051514},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.8416771292686462},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.7665932178497314},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.686880350112915},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6157363057136536},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.6117931604385376},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.5655049681663513},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5256739258766174},{"id":"https://openalex.org/C145018004","wikidata":"https://www.wikidata.org/wiki/Q4985944","display_name":"Buffer (optical fiber)","level":2,"score":0.4640924334526062},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4599863588809967},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.4458834230899811},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.43896767497062683},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4270448088645935},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4006730914115906},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3875490725040436},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.249339759349823},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2319229245185852},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.14542409777641296},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.12270456552505493},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1251535.1251546","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1251535.1251546","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.168.748","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.168.748","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.virginia.edu/%7Esoffa/Soffa_Pubs_all/Conferences/Refining.Le.2007.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.216.8162","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.216.8162","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.virginia.edu/~soffa/research/SE/wei%20le%202007.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320308943","display_name":"Microsoft Research","ror":"https://ror.org/00d0nc645"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W1554164734","https://openalex.org/W1579850852","https://openalex.org/W1599094915","https://openalex.org/W2004378344","https://openalex.org/W2007181618","https://openalex.org/W2062444590","https://openalex.org/W2067836954","https://openalex.org/W2074847015","https://openalex.org/W2084974764","https://openalex.org/W2103326816","https://openalex.org/W2103714221","https://openalex.org/W2119736157","https://openalex.org/W2137726309","https://openalex.org/W2138538192","https://openalex.org/W2149222015","https://openalex.org/W2164638440","https://openalex.org/W2914982603","https://openalex.org/W2978757628","https://openalex.org/W4225591807","https://openalex.org/W6600040955"],"related_works":["https://openalex.org/W4240545424","https://openalex.org/W2360139790","https://openalex.org/W2019168903","https://openalex.org/W2998602372","https://openalex.org/W4297908618","https://openalex.org/W2765641823","https://openalex.org/W2867457158","https://openalex.org/W2985048382","https://openalex.org/W2354385412","https://openalex.org/W3111646971"],"abstract_inverted_index":{"Although":[0],"static":[1,15],"analysis":[2,42,82,122],"is":[3,151],"an":[4,41,124],"important":[5],"technique":[6,43,150],"for":[7,22,29],"detecting":[8],"buffer":[9,54,71,142],"overflow":[10,55],"before":[11],"software":[12],"deployment,":[13],"current":[14],"tools":[16,79],"rely":[17],"on":[18,112],"considerable":[19],"human":[20],"effort":[21],"annotating":[23],"code":[24],"to":[25,56],"help":[26,57],"analysis,":[27],"or":[28,72],"diagnosing":[30],"warnings,":[31],"many":[32],"of":[33,63,66,85],"which":[34,77],"are":[35],"false":[36],"positives.":[37],"This":[38],"paper":[39],"presents":[40],"that":[44,50,132,148],"refines":[45],"information":[46],"about":[47],"the":[48,59,75],"paths":[49,84,103],"involve":[51],"a":[52,69,86,139],"potential":[53],"in":[58,74],"diagnosis":[60],"and":[61,97,101,119,153],"debugging":[62],"vulnerabilities.":[64],"Instead":[65],"only":[67],"reporting":[68],"vulnerable":[70,88,141],"statement":[73,89],"program,":[76],"most":[78],"do,":[80],"our":[81,121,149],"categorizes":[83],"possibly":[87,140],"into":[90],"five":[91],"types:":[92],"Vulnerable,":[93],"Overflow-User-Independent,":[94],"Safe,":[95],"Infeasible":[96],"Don't-Know.":[98],"Thus,":[99],"safe":[100],"infeasible":[102],"can":[104],"be":[105],"excluded":[106],"from":[107],"being":[108],"inspected,":[109],"providing":[110],"focus":[111],"problematic":[113],"paths.":[114],"For":[115],"scalability,":[116],"we":[117],"designed":[118],"implemented":[120],"as":[123],"interprocedural,":[125],"demand-driven":[126],"path-sensitive":[127],"analysis.":[128],"Our":[129],"experiments":[130],"demonstrate":[131],"various":[133],"path":[134],"types":[135],"do":[136],"go":[137],"through":[138],"statement.":[143],"The":[144],"results":[145],"also":[146],"indicate":[147],"efficient":[152],"practical.":[154]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2014,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}