{"id":"https://openalex.org/W4379534462","doi":"https://doi.org/10.1145/3591257","title":"Don\u2019t Look UB: Exposing Sanitizer-Eliding Compiler Optimizations","display_name":"Don\u2019t Look UB: Exposing Sanitizer-Eliding Compiler Optimizations","publication_year":2023,"publication_date":"2023-06-06","ids":{"openalex":"https://openalex.org/W4379534462","doi":"https://doi.org/10.1145/3591257"},"language":"en","primary_location":{"id":"doi:10.1145/3591257","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591257","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591257","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3591257","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010103931","display_name":"Raphael Isemann","orcid":"https://orcid.org/0009-0002-6224-9795"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Raphael Isemann","raw_affiliation_strings":["Vrije Universiteit Amsterdam, Netherlands"],"raw_orcid":"https://orcid.org/0009-0002-6224-9795","affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083941826","display_name":"Cristiano Giuffrida","orcid":"https://orcid.org/0000-0002-8329-5929"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Cristiano Giuffrida","raw_affiliation_strings":["Vrije Universiteit Amsterdam, Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-8329-5929","affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029566823","display_name":"Herbert Bos","orcid":"https://orcid.org/0000-0001-6179-1510"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Herbert Bos","raw_affiliation_strings":["Vrije Universiteit Amsterdam, Netherlands"],"raw_orcid":"https://orcid.org/0000-0001-6179-1510","affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084448782","display_name":"Erik van der Kouwe","orcid":"https://orcid.org/0000-0002-0312-9913"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Erik van der Kouwe","raw_affiliation_strings":["Vrije Universiteit Amsterdam, Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-0312-9913","affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055000720","display_name":"Klaus von Gleissenthall","orcid":"https://orcid.org/0000-0003-0826-4425"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Klaus von Gleissenthall","raw_affiliation_strings":["Vrije Universiteit Amsterdam, Netherlands"],"raw_orcid":"https://orcid.org/0000-0003-0826-4425","affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5010103931"],"corresponding_institution_ids":["https://openalex.org/I865915315"],"apc_list":null,"apc_paid":null,"fwci":0.8502,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.8,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":"7","issue":"PLDI","first_page":"907","last_page":"927"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.8244057893753052},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.795762300491333},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6811013221740723},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6094528436660767},{"id":"https://openalex.org/keywords/hand-sanitizer","display_name":"Hand sanitizer","score":0.5867608189582825},{"id":"https://openalex.org/keywords/microservices","display_name":"Microservices","score":0.45688942074775696},{"id":"https://openalex.org/keywords/optimizing-compiler","display_name":"Optimizing compiler","score":0.4225488603115082},{"id":"https://openalex.org/keywords/personalization","display_name":"Personalization","score":0.4188160002231598},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.41877281665802},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.39092785120010376},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33939582109451294},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2917426824569702},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.22288161516189575},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.1395750641822815},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.06408792734146118}],"concepts":[{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.8244057893753052},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.795762300491333},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6811013221740723},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6094528436660767},{"id":"https://openalex.org/C143432726","wikidata":"https://www.wikidata.org/wiki/Q520181","display_name":"Hand sanitizer","level":2,"score":0.5867608189582825},{"id":"https://openalex.org/C2778505942","wikidata":"https://www.wikidata.org/wiki/Q18344624","display_name":"Microservices","level":3,"score":0.45688942074775696},{"id":"https://openalex.org/C190902152","wikidata":"https://www.wikidata.org/wiki/Q1325106","display_name":"Optimizing compiler","level":3,"score":0.4225488603115082},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.4188160002231598},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.41877281665802},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.39092785120010376},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33939582109451294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2917426824569702},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.22288161516189575},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.1395750641822815},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.06408792734146118},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3591257","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591257","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591257","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},{"id":"pmh:oai:research.vu.nl:openaire_cris_publications/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Isemann, R, Giuffrida, C, Bos, H, Van Der Kouwe, E & Gleissenthall, K V 2023, 'Don't Look UB : Exposing Sanitizer-Eliding Compiler Optimizations', Proceedings of the ACM on Programming Languages, vol. 7, no. PLDI, 143, pp. 907-927. https://doi.org/10.1145/3591257","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:research.vu.nl:publications/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7","is_oa":true,"landing_page_url":"https://hdl.handle.net/1871.1/b285e316-b27c-4ad2-b8d5-2bcaa5a7f4c7","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Isemann, R, Giuffrida, C, Bos, H, Van Der Kouwe, E & Gleissenthall, K V 2023, 'Don't Look UB : Exposing Sanitizer-Eliding Compiler Optimizations', Proceedings of the ACM on Programming Languages, vol. 7, no. PLDI, 143, pp. 907-927. https://doi.org/10.1145/3591257","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3591257","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591257","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591257","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320307102","display_name":"Intel Corporation","ror":"https://ror.org/01ek73717"},{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4379534462.pdf","grobid_xml":"https://content.openalex.org/works/W4379534462.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W1487204394","https://openalex.org/W1794159487","https://openalex.org/W1978364288","https://openalex.org/W2122868537","https://openalex.org/W2160980126","https://openalex.org/W2885012161","https://openalex.org/W2963934162","https://openalex.org/W2997653900","https://openalex.org/W3107362213","https://openalex.org/W3155032774","https://openalex.org/W4238083723","https://openalex.org/W4239035626","https://openalex.org/W4240590466","https://openalex.org/W6629220744","https://openalex.org/W6949933177"],"related_works":["https://openalex.org/W4210502197","https://openalex.org/W3181741639","https://openalex.org/W2511770387","https://openalex.org/W4210334847","https://openalex.org/W3130858656","https://openalex.org/W4367181468","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W4283793723"],"abstract_inverted_index":{"Sanitizers":[0],"are":[1,23],"widely":[2],"used":[3,25,100,113],"compiler":[4,36],"features":[5,37],"that":[6,61,95,125],"detect":[7],"undefined":[8,46],"behavior":[9],"and":[10,116,146],"resulting":[11],"vulnerabilities":[12],"by":[13],"injecting":[14],"runtime":[15],"checks":[16],"into":[17],"programs.":[18],"For":[19],"better":[20],"performance,":[21],"sanitizers":[22,42],"often":[24,49],"in":[26,109,122,141],"conjunction":[27],"with":[28,38,163],"optimization":[29],"passes.":[30],"But":[31],"doing":[32],"so":[33],"combines":[34],"two":[35],"conflicting":[39],"objectives.":[40],"While":[41],"want":[43],"to":[44,103,118,130,136],"expose":[45],"behavior,":[47],"optimizers":[48],"exploit":[50],"these":[51],"same":[52],"properties":[53],"for":[54,91,120],"performance.":[55],"In":[56],"this":[57,62],"paper,":[58],"we":[59,112,149],"show":[60],"clash":[63],"can":[64,69],"have":[65],"serious":[66],"consequences:":[67],"optimizations":[68,108],"remove":[70],"sanitizer":[71,97],"failures,":[72],"thereby":[73],"hiding":[74],"the":[75,160],"presence":[76],"of":[77,159,167],"bugs":[78,121,140],"or":[79],"even":[80],"introducing":[81],"new":[82,139],"ones.":[83],"We":[84,99],"present":[85,150],"LookUB,":[86],"a":[87,157],"differential-testing":[88],"based":[89,155],"framework":[90],"finding":[92],"optimizer":[93,162],"transformations":[94],"elide":[96],"failures.":[98],"our":[101],"method":[102],"find":[104],"17":[105],"such":[106],"sanitizer-eliding":[107,131],"Clang.":[110],"Next,":[111],"static":[114],"analysis":[115],"fuzzing":[117],"search":[119],"open-source":[123],"projects":[124],"were":[126],"previously":[127],"hidden":[128],"due":[129],"optimizations.":[132],"This":[133],"led":[134],"us":[135],"discover":[137],"20":[138],"Linux":[142],"Containers,":[143],"libmpeg2,":[144],"NTFS-3G,":[145],"WINE.":[147],"Finally,":[148],"an":[151,164],"effective":[152],"mitigation":[153],"strategy":[154],"on":[156],"customization":[158],"Clang":[161],"overhead":[165],"increase":[166],"4%.":[168]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}