Fig 2  System overview of proposed method.
It is worth mentioning that one important assumption for our method is that the memory objects can be affected by the bugs through specific methods, such as heap layout manipulation [8,9]. In this way, after triggering a vulnerability, it becomes possible to drive the program into an exploitable state by affecting these critical objects.
Corrupted Data Propagation Model: To figure out the propagation process of corrupted data among memory objects and evaluate the effects, we construct a model combined static and dynamic method, which also provides support for fuzzing.
Firstly, this letter leverages the Static Value Flow (SVF) [7] framework for instrumenting the target program in LLVM level. SVF is a common data flow analysis framework that effectively supports cross-module and cross-procedure data flow analysis in large-scale programs. Given source code, we leverage SVF to construct a Value Flow Graph (VFG), which shows the data flow relationships among variables. For example, Figure 3 is part of VFG, where each node represents a variable or expression of the program, and each edge denotes the data flow relationship. In Figure 3, the variable %3 influences variable %10 through the getelementptr , and variable %10 further affects the variable %11.