{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T08:42:35Z","timestamp":1780994555536,"version":"3.54.1"},"reference-count":43,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/spw59333.2023.00035","type":"proceedings-article","created":{"date-parts":[[2023,7,26]],"date-time":"2023-07-26T18:11:33Z","timestamp":1690395093000},"page":"337-348","source":"Crossref","is-referenced-by-count":3,"title":["Divergent Representations: When Compiler Optimizations Enable Exploitation"],"prefix":"10.1109","author":[{"given":"Andreas D.","family":"Kellas","sequence":"first","affiliation":[{"name":"Columbia University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alan","family":"Cao","sequence":"additional","affiliation":[{"name":"Trail of Bits"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Peter","family":"Goodman","sequence":"additional","affiliation":[{"name":"Trail of Bits"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Junfeng","family":"Yang","sequence":"additional","affiliation":[{"name":"Columbia University"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","first-page":"73","article-title":"The Correctness-Security Gap in Compiler Optimization","volume-title":"2015 IEEE Security and Privacy Workshops","author":"DSilva"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522728"},{"issue":"OOPSLA","key":"ref3","first-page":"1","article-title":"Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets","volume-title":"Proceedings of the ACM on Programming Languages","volume":"5","author":"Brown"},{"key":"ref4","volume-title":"Stranger Strings: An exploitable flaw in SQLite","year":"2022"},{"key":"ref5","volume-title":"NVD - CVE-2022\u201335737"},{"key":"ref6","volume-title":"CVE - CVE-2022\u201335737"},{"key":"ref7","volume-title":"Look out! Divergent representations are everywhere!","year":"2022"},{"key":"ref8","volume-title":"Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape","author":"Miller","year":"2019"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2012.6227142"},{"key":"ref10","volume-title":"Programming Languages \u2013 C","year":"2017"},{"key":"ref11","volume-title":"Rationale for International Standard - Programming Languages - C","year":"2003"},{"key":"ref12","volume-title":"Fun with NULL pointers, part 1 [LWN.net]"},{"key":"ref13","volume-title":"Linux 2.6.30 exploit posted [LWN.net]"},{"issue":"2","key":"ref14","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1109\/TETC.2017.2785299","volume":"8","author":"Dullien","year":"2020","journal-title":"IEEE Transactions on Emerging Topics in Computing"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref17","first-page":"482","article-title":"BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","volume":"11543","author":"Redini","year":"2019"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359823"},{"key":"ref19","article-title":"Is Less Really More? Towards Better Met-rics for Measuring Security Improvements Realized Through Software Debloating","volume-title":"CSET@ USENIX Security Symposium","author":"Brown"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3301417.3312501"},{"key":"ref21","article-title":"RAZOR: A Framework for Post-deployment Software Debloating","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Qian"},{"key":"ref22","first-page":"12","article-title":"JRed: Program Customization and Bloatware Mitigation Based on Static Analysis","volume-title":"2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)","author":"Jiang"},{"key":"ref23","article-title":"Debloating Software through Piece-Wise Compilation and Loading","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Quach"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238160"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"ref26","volume-title":"LLVMs Analysis and Transform Passes"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062343"},{"key":"ref28","volume-title":"SQLite: Artifact [6166a304]"},{"key":"ref29","volume-title":"Most Widely Deployed SQL Database Engine"},{"key":"ref30","volume-title":"How SQLite Is Tested"},{"key":"ref31","volume-title":"CodeQL","year":"2023"},{"key":"ref32","volume-title":"CodeQL"},{"key":"ref33","volume-title":"BNIL Guide: Overview - Binary Ninja User Documentation"},{"key":"ref34","volume-title":"Modern Binary Analysis with ILs","author":"Lafosse","year":"2019"},{"key":"ref35","volume-title":"Other Builtins (Using the GNU Compiler Collection (GCC))"},{"key":"ref36","volume-title":"memcpy(3) - Linux manual page"},{"key":"ref37","volume-title":"Bug 691336 - memcpy acts randomly (and differently) with overlapping areas"},{"key":"ref38","volume-title":"Important Data Types (The GNU C Library)"},{"key":"ref39","volume-title":"Issue 12079010: Avoid undefined behavior when checking for pointer wraparound - Code Review"},{"key":"ref40","volume-title":"Issue 17016: _sre: avoid relying on pointer overflow - Python tracker"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908081"},{"key":"ref42","author":"Ertl","journal-title":"What every compiler writer should know about program-mers or \u201cOptimization\u201d based on undefined behaviour hurts performance"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2349896.2349905"}],"event":{"name":"2023 IEEE Security and Privacy Workshops (SPW)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,25]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Security and Privacy Workshops (SPW)"],"original-title":[],"link":[{"URL":"https:\/\/2.zoppoz.workers.dev:443\/http\/xplorestaging.ieee.org\/ielx7\/10188616\/10188617\/10188620.pdf?arnumber=10188620","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:18:10Z","timestamp":1721452690000},"score":1,"resource":{"primary":{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/ieeexplore.ieee.org\/document\/10188620\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":43,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1109\/spw59333.2023.00035","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}