{"id":"https://openalex.org/W4394769548","doi":"https://doi.org/10.1145/3597503.3639218","title":"On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities","display_name":"On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities","publication_year":2024,"publication_date":"2024-04-12","ids":{"openalex":"https://openalex.org/W4394769548","doi":"https://doi.org/10.1145/3597503.3639218"},"language":"en","primary_location":{"id":"doi:10.1145/3597503.3639218","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597503.3639218","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 46th International Conference on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100332568","display_name":"Zhen Li","orcid":"https://orcid.org/0000-0002-0001-2998"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Li","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-0001-2998","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Ning Wang","orcid":"https://orcid.org/0009-0000-8521-454X"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ning Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0000-8521-454X","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074676946","display_name":"Deqing Zou","orcid":"https://orcid.org/0000-0001-8534-5048"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Deqing Zou","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-8534-5048","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yating Li","orcid":"https://orcid.org/0009-0004-2659-7463"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yating Li","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0004-2659-7463","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100422212","display_name":"Ruqian Zhang","orcid":"https://orcid.org/0009-0007-8403-8346"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruqian Zhang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0007-8403-8346","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019179799","display_name":"Shouhuai Xu","orcid":"https://orcid.org/0000-0001-8034-0942"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shouhuai Xu","raw_affiliation_strings":["University of Colorado Colorado Springs, Colorado Springs, Colorado, USA"],"raw_orcid":"https://orcid.org/0000-0001-8034-0942","affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs, Colorado Springs, Colorado, USA","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100460096","display_name":"Chao Zhang","orcid":"https://orcid.org/0000-0001-7894-8828"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7894-8828","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022262922","display_name":"Hai Jin","orcid":"https://orcid.org/0000-0002-3934-7605"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hai Jin","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3934-7605","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":11.722,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.98392669,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8724808096885681},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.747854471206665},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.6320084929466248},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5416164994239807},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5004072189331055},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.47133636474609375},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4681907892227173},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4146571755409241},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.17771536111831665},{"id":"https://openalex.org/keywords/medicine","display_name":"Medicine","score":0.10969036817550659},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10578346252441406},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.09882539510726929}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8724808096885681},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.747854471206665},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.6320084929466248},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5416164994239807},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5004072189331055},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.47133636474609375},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4681907892227173},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4146571755409241},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.17771536111831665},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.10969036817550659},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10578346252441406},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.09882539510726929},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.0},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3597503.3639218","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597503.3639218","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 46th International Conference on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5400000214576721,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W1986222079","https://openalex.org/W1990762361","https://openalex.org/W1992114977","https://openalex.org/W2165004968","https://openalex.org/W2559935471","https://openalex.org/W2766411424","https://openalex.org/W2775630524","https://openalex.org/W2781491433","https://openalex.org/W2789627069","https://openalex.org/W2794670092","https://openalex.org/W2885030880","https://openalex.org/W2890991187","https://openalex.org/W2913576447","https://openalex.org/W2965861627","https://openalex.org/W2969343988","https://openalex.org/W2979357014","https://openalex.org/W2998879504","https://openalex.org/W3005774991","https://openalex.org/W3007106047","https://openalex.org/W3048065912","https://openalex.org/W3082737479","https://openalex.org/W3085545669","https://openalex.org/W3089659633","https://openalex.org/W3101228802","https://openalex.org/W3111602563","https://openalex.org/W3134763859","https://openalex.org/W3166095789","https://openalex.org/W3167325648","https://openalex.org/W3183469243","https://openalex.org/W3190415267","https://openalex.org/W3191226037","https://openalex.org/W3195703954","https://openalex.org/W4284667406","https://openalex.org/W4284708843","https://openalex.org/W4285490477","https://openalex.org/W4308410314","https://openalex.org/W4312436517","https://openalex.org/W4312690534"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W3118510577","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W1883246888","https://openalex.org/W2371301679","https://openalex.org/W2527966616","https://openalex.org/W4200316191","https://openalex.org/W2188018701"],"abstract_inverted_index":{"Software":[0],"vulnerabilities":[1,19,59,123,148],"are":[2,124,138],"a":[3,27,31,95],"major":[4],"cyber":[5],"threat":[6],"and":[7,68,92,115,133],"it":[8],"is":[9,20,44],"important":[10,15],"to":[11,17,21,73],"detect":[12],"them.":[13],"One":[14],"approach":[16,43],"detecting":[18,55,143,150],"use":[22],"deep":[23],"learning":[24],"while":[25],"treating":[26],"program":[28],"function":[29],"as":[30,34,61],"whole,":[32],"known":[33,60],"function-level":[35,135],"vulnerability":[36,136],"detectors.":[37],"However,":[38],"the":[39,65,69,81],"limitation":[40,53],"of":[41,58,129,146,153],"this":[42,48,77],"not":[45],"understood.":[46],"In":[47],"paper,":[49],"we":[50,79,93],"investigate":[51],"its":[52],"in":[54,142],"one":[56],"class":[57],"inter-procedural":[62,116,122,131,147],"vulnerabilities,":[63],"where":[64],"to-be-patched":[66,144],"statements":[67,71,102,114],"vulnerability-triggering":[70,101,113],"belong":[72],"different":[74],"functions.":[75,104],"For":[76],"purpose,":[78],"create":[80],"first":[82],"Inter-Procedural":[83],"Vulnerability":[84],"Dataset":[85],"(InterPVD)":[86],"based":[87],"on":[88],"C/C++":[89],"open-source":[90],"software,":[91],"propose":[94],"tool":[96],"dubbed":[97],"VulTrigger":[98,109],"for":[99],"identifying":[100],"across":[103],"Experimental":[105],"results":[106],"show":[107],"that":[108],"can":[110],"effectively":[111],"identify":[112],"vulnerabilities.":[117,155],"Our":[118],"findings":[119],"include:":[120],"(i)":[121],"prevalent":[125],"with":[126],"an":[127],"average":[128],"2.8":[130],"layers;":[132],"(ii)":[134],"detectors":[137],"much":[139],"less":[140],"effective":[141],"functions":[145],"than":[149],"their":[151],"counterparts":[152],"intra-procedural":[154]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}