Daedalus: Safer Document Parsing

Despite decades of contributions to the theoretical foundations of parsing and the many tools available to aid in parser development, many security attacks in the wild still exploit parsers. The issues are myriad—flaws in memory management in contexts lacking memory safety, flaws in syntactic or sem...

Full description

Saved in:
Bibliographic Details
Published inProceedings of ACM on programming languages Vol. 8; no. PLDI; pp. 816 - 840
Main Authors Diatchki, Iavor S., Dodds, Mike, Goldstein, Harrison, Harris, Bill, Holland, David A., Razet, Benoit, Schlesinger, Cole, Winwood, Simon
Format Journal Article
LanguageEnglish
Published New York, NY, USA ACM 20.06.2024
Subjects
Domain specific languages
Functional languages
Parsers
Parsing
Program analysis
Software and its engineering
Theory of computation
NITF
PDF
Format definition languages
binary data formats
Online AccessGet full text

Cover

Abstract Despite decades of contributions to the theoretical foundations of parsing and the many tools available to aid in parser development, many security attacks in the wild still exploit parsers. The issues are myriad—flaws in memory management in contexts lacking memory safety, flaws in syntactic or semantic validation of input, and misinterpretation of hundred-page-plus standards documents. It remains challenging to build and maintain parsers for common, mature data formats. In response to these challenges, we present Daedalus, a new domain-specific language (DSL) and toolchain for writing safe parsers. Daedalus is built around functional-style parser combinators, which suit the rich data dependencies often found in complex data formats. It adds domain-specific constructs for stream manipulation, allowing the natural expression of parsing noncontiguous formats. Balancing between expressivity and domain-specific constructs lends Daedalus specifications simplicity and leaves them amenable to analysis. As a stand-alone DSL, Daedalus is able to generate safe parsers in multiple languages, currently C++ and Haskell. We have implemented 20 data formats with Daedalus, including two large, complex formats—PDF and NITF–and our evaluation shows that Daedalus parsers are concise and performant. Our experience with PDF forms our largest case study. We worked with the PDF Association to build a reference implementation, which was subject to a red-teaming exercise along with a number of other PDF parsers and was the only parser to be found free of defects.
AbstractList Despite decades of contributions to the theoretical foundations of parsing and the many tools available to aid in parser development, many security attacks in the wild still exploit parsers. The issues are myriad—flaws in memory management in contexts lacking memory safety, flaws in syntactic or semantic validation of input, and misinterpretation of hundred-page-plus standards documents. It remains challenging to build and maintain parsers for common, mature data formats. In response to these challenges, we present Daedalus, a new domain-specific language (DSL) and toolchain for writing safe parsers. Daedalus is built around functional-style parser combinators, which suit the rich data dependencies often found in complex data formats. It adds domain-specific constructs for stream manipulation, allowing the natural expression of parsing noncontiguous formats. Balancing between expressivity and domain-specific constructs lends Daedalus specifications simplicity and leaves them amenable to analysis. As a stand-alone DSL, Daedalus is able to generate safe parsers in multiple languages, currently C++ and Haskell. We have implemented 20 data formats with Daedalus, including two large, complex formats—PDF and NITF–and our evaluation shows that Daedalus parsers are concise and performant. Our experience with PDF forms our largest case study. We worked with the PDF Association to build a reference implementation, which was subject to a red-teaming exercise along with a number of other PDF parsers and was the only parser to be found free of defects.
Despite decades of contributions to the theoretical foundations of parsing and the many tools available to aid in parser development, many security attacks in the wild still exploit parsers. The issues are myriad—flaws in memory management in contexts lacking memory safety, flaws in syntactic or semantic validation of input, and misinterpretation of hundred-page-plus standards documents. It remains challenging to build and maintain parsers for common, mature data formats. In response to these challenges, we present Daedalus, a new domain-specific language (DSL) and toolchain for writing safe parsers. Daedalus is built around functional-style parser combinators, which suit the rich data dependencies often found in complex data formats. It adds domain-specific constructs for stream manipulation, allowing the natural expression of parsing noncontiguous formats. Balancing between expressivity and domain-specific constructs lends Daedalus specifications simplicity and leaves them amenable to analysis. As a stand-alone DSL, Daedalus is able to generate safe parsers in multiple languages, currently C++ and Haskell. We have implemented 20 data formats with Daedalus, including two large, complex formats—PDF and NITF–and our evaluation shows that Daedalus parsers are concise and performant. Our experience with PDF forms our largest case study. We worked with the PDF Association to build a reference implementation, which was subject to a red-teaming exercise along with a number of other PDF parsers and was the only parser to be found free of defects.
ArticleNumber 180
Author Winwood, Simon
Dodds, Mike
Razet, Benoit
Harris, Bill
Goldstein, Harrison
Holland, David A.
Schlesinger, Cole
Diatchki, Iavor S.
Author_xml – sequence: 1
  givenname: Iavor S.
  orcidid: 0009-0000-7795-4708
  surname: Diatchki
  fullname: Diatchki, Iavor S.
  email: diatchki@galois.com
  organization: Galois, Portland, USA
– sequence: 2
  givenname: Mike
  orcidid: 0000-0002-4439-0130
  surname: Dodds
  fullname: Dodds, Mike
  email: miked@galois.com
  organization: Galois, Portland, USA
– sequence: 3
  givenname: Harrison
  orcidid: 0000-0001-9631-1169
  surname: Goldstein
  fullname: Goldstein, Harrison
  email: hgo@seas.upenn.edu
  organization: University of Pennsylvania, Portland, USA
– sequence: 4
  givenname: Bill
  orcidid: 0000-0002-1762-2039
  surname: Harris
  fullname: Harris, Bill
  email: bll.hrris@gmail.com
  organization: Galois, Portland, USA
– sequence: 5
  givenname: David A.
  orcidid: 0000-0002-9328-1686
  surname: Holland
  fullname: Holland, David A.
  email: dholland@galois.com
  organization: Galois, Portland, USA
– sequence: 6
  givenname: Benoit
  orcidid: 0009-0006-5698-9841
  surname: Razet
  fullname: Razet, Benoit
  email: benoit.razet@galois.com
  organization: Galois, Portland, USA
– sequence: 7
  givenname: Cole
  orcidid: 0009-0004-9350-3041
  surname: Schlesinger
  fullname: Schlesinger, Cole
  email: coles@galois.com
  organization: Galois, Portland, USA
– sequence: 8
  givenname: Simon
  orcidid: 0009-0005-6133-0147
  surname: Winwood
  fullname: Winwood, Simon
  email: sjw@galois.com
  organization: Galois, Portland, USA
BookMark eNpNj01LAzEURYNUsK3FvavZuRrNy0tmEnfS-gUFBXU9vGRepNKZkaRd-O-rtIqre-EeLpyJGPVDz0KcgbwE0OYKK1NpkEdirHRtStAKRv_6iZjl_CGlBIfaohuLYkHc0nqbr4sXipyKxRC2Hfeb4plSXvXvp-I40jrz7JBT8XZ3-zp_KJdP94_zm2VJCt2mZBXbVju0HKuKwMQakVRwwdkafFRoo6-dBWSvIVhgbwJqAN8q6yUjTsXF_jekIefEsflMq47SVwOy-XFrDm7f5PmepND9Qb_jDmj-SGQ
Cites_doi 10.1109/TSE.1984.5010248
10.1145/3519939.3523708
10.1145/351240.351266
10.1145/3372885.3373836
10.1145/3385412.3385992
10.1145/321239.321249
10.5281/zenodo.10966813
10.1145/982962.964011
10.1145/3341686
10.1145/3093333.3009867
10.1017/S0956796807006326
10.1145/1086365.1086387
10.1109/SPW54247.2022.9833889
10.1017/S0963548304006315
10.5555/6448
10.1145/1667053.1667059
10.1016/0022-0000(78)90014-4
10.5555/AAI29211293
10.1145/964001.964011
10.5555/2501720
10.1007/978-3-319-17524-9_1
10.1109/TIT.1956.1056813
10.5555/145055.145097
10.1109/SPW50608.2020.00064
10.1145/2714064.2660241
10.1145/1190216.1190231
ContentType Journal Article
Copyright Owner/Author
Copyright_xml – notice: Owner/Author
DBID AAYXX
CITATION
DOI 10.1145/3656410
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList CrossRef
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2475-1421
EndPage 840
ExternalDocumentID 10_1145_3656410
3656410
GrantInformation_xml – fundername: Defense Advanced Research Projects Agency
  grantid: HR001119C0076
  funderid: https:\/\/doi.org\/10.13039\/100000185
GroupedDBID AAKMM
AAYFX
ACM
AEFXT
AEJOY
AIKLT
AKRVB
ALMA_UNASSIGNED_HOLDINGS
GUFHI
LHSKQ
M~E
OK1
ROL
AAYXX
CITATION
ID FETCH-LOGICAL-a239t-e2fdd4938ef66a15f733a2c9c9871bf238fb79813eb41c81eb5c3411bd28b0e33
ISSN 2475-1421
IngestDate Thu Jul 10 08:23:44 EDT 2025
Mon Jul 07 16:40:29 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue PLDI
Keywords NITF
PDF
Format definition languages
binary data formats
Language English
License This work is licensed under a Creative Commons Attribution International 4.0 License.
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-a239t-e2fdd4938ef66a15f733a2c9c9871bf238fb79813eb41c81eb5c3411bd28b0e33
ORCID 0000-0002-4439-0130
0000-0001-9631-1169
0009-0005-6133-0147
0000-0002-1762-2039
0000-0002-9328-1686
0009-0000-7795-4708
0009-0006-5698-9841
0009-0004-9350-3041
OpenAccessLink https://dl.acm.org/doi/10.1145/3656410
PageCount 25
ParticipantIDs crossref_primary_10_1145_3656410
acm_primary_3656410
PublicationCentury 2000
PublicationDate 2024-06-20
PublicationDateYYYYMMDD 2024-06-20
PublicationDate_xml – month: 06
  year: 2024
  text: 2024-06-20
  day: 20
PublicationDecade 2020
PublicationPlace New York, NY, USA
PublicationPlace_xml – name: New York, NY, USA
PublicationTitle Proceedings of ACM on programming languages
PublicationTitleAbbrev ACM PACMPL
PublicationYear 2024
Publisher ACM
Publisher_xml – name: ACM
References (bib49) 1992
(bib13) 2015
(bib63) 2013
(bib26) 2001
(bib46) 2000
(bib16) 2000
(bib23) 2019; 3
(bib50) 2011
(bib37) 1979
(bib24) 2024
(bib64) 2024
(bib3) 2020
(bib14) 1956; 2
(bib25) 2007
(bib4) 2022
(bib43) 2024
(bib51) 2024
(bib68) 2001
(bib44) 2010; 57
(bib60) 2007; 5
(bib30) 2004; 39
(bib67) 1984; 4
(bib55) 2024
bib5
(bib70) 2007
bib6
(bib47) 2014; 49
(bib12) 1964; 11
(bib48) 2007
(bib10) 2004
(bib40) 2024
(bib34) 1996
(bib39) 2024
(bib42) 2020
(bib18) 2008; 18
(bib29) 2020
(bib52) 2020
(bib35) 2019
bib15
(bib22) 2024
bib54
(bib62) 2022
bib11
(bib27) 2004; 13
(bib32) 2024
(bib8) 2021
(bib36) 2020
(bib21) 2001
(bib41) 1994
(bib31) 2002
(bib7) 2014
(bib59) 2021
(bib69) 2024
(bib33) 2024
(bib28) 2020
(bib56) 2023
(bib61) 1975
(bib9) 2020
(bib66) 1993
bib20
(bib58) 1978; 17
(bib45) 2023
(bib57) 2019
bib19
bib17
(bib38) 2005
(bib53) 2017; 52
(bib1) 1986
(bib65) 2022
(bib2) 1972
Aho Alfred V. (e_1_3_1_3_2) 1972
Calcagno Cristiano (e_1_3_1_14_2) 2015
e_1_3_1_66_2
e_1_3_1_22_2
Bangert Julian (e_1_3_1_8_2) 2014
e_1_3_1_45_2
e_1_3_1_68_2
e_1_3_1_24_2
e_1_3_1_41_2
e_1_3_1_64_2
e_1_3_1_20_2
e_1_3_1_4_2
Larmouth John (e_1_3_1_47_2) 2000
e_1_3_1_6_2
Dubuisson Olivier (e_1_3_1_27_2) 2001
e_1_3_1_2_2
e_1_3_1_28_2
Fioraldi Andrea (e_1_3_1_30_2) 2020
e_1_3_1_49_2
e_1_3_1_70_2
Ullrich Sebastian (e_1_3_1_60_2) 2021
e_1_3_1_55_2
McGrath Robert E (e_1_3_1_51_2) 2011
e_1_3_1_34_2
e_1_3_1_57_2
e_1_3_1_13_2
e_1_3_1_11_2
e_1_3_1_53_2
e_1_3_1_17_2
Ramananandro Tahina (e_1_3_1_58_2) 2019
e_1_3_1_15_2
e_1_3_1_36_2
e_1_3_1_59_2
e_1_3_1_19_2
ISO/TC 171/SC2 (e_1_3_1_43_2) 2020
Diatchki Iavor Sotirov (e_1_3_1_26_2) 2007
e_1_3_1_21_2
e_1_3_1_44_2
e_1_3_1_65_2
e_1_3_1_23_2
e_1_3_1_46_2
e_1_3_1_67_2
e_1_3_1_7_2
e_1_3_1_40_2
e_1_3_1_9_2
e_1_3_1_63_2
e_1_3_1_29_2
Hutton Graham (e_1_3_1_35_2) 1996
e_1_3_1_5_2
e_1_3_1_25_2
Hopcroft John E. (e_1_3_1_38_2) 1979
e_1_3_1_48_2
e_1_3_1_69_2
Johnson Stephen C. (e_1_3_1_62_2) 1975
e_1_3_1_71_2
Back Godmar (e_1_3_1_32_2) 2002
e_1_3_1_33_2
e_1_3_1_54_2
e_1_3_1_56_2
Slee Mark (e_1_3_1_61_2) 2007; 5
e_1_3_1_12_2
e_1_3_1_50_2
e_1_3_1_10_2
e_1_3_1_31_2
e_1_3_1_52_2
e_1_3_1_16_2
International Telecommunication Union (e_1_3_1_42_2) 1994
e_1_3_1_37_2
e_1_3_1_18_2
e_1_3_1_39_2
References_xml – volume: 4
  start-page: 352
  year: 1984
  end-page: 357
  ident: bib67
  article-title: Program Slicing
  publication-title: IEEE Transactions on Software Engineering SE-10
  doi: 10.1109/TSE.1984.5010248
– start-page: 300
  year: 2020
  end-page: 307
  ident: bib52
  article-title: Research Report: The Parsley Data Format Definition Language
  publication-title: 2020 IEEE Security and Privacy Work-shops (SPW)
– volume: 2
  start-page: 113
  issue: 3
  year: 1956
  end-page: 124
  ident: bib14
  article-title: Three models for the description of language
  publication-title: IRE Transactions on information theory
– ident: bib17
  article-title: Common Crawl
– year: 2024
  ident: bib43
  article-title: Kaitai Struct: declarative binary format parsing language
– year: 1986
  ident: bib1
  publication-title: Compilers, Principles, Techniques, and Tools
– start-page: 31
  year: 2022
  end-page: 45
  ident: bib62
  publication-title: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (San Diego, CA, USA) (PLDI 2022)
  doi: 10.1145/3519939.3523708
– year: 2022
  ident: bib65
  article-title: Strengthening Weak Links in the PDF Trust Chain
  publication-title: LangSec Work-shop (2022)
– start-page: 268
  year: 2000
  end-page: 279
  ident: bib16
  publication-title: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP ’00), Montreal, Canada, September 18-21, 2000
  doi: 10.1145/351240.351266
– year: 2013
  ident: bib63
  publication-title: The Definitive ANTLR 4 Reference
– start-page: 111
  year: 2004
  end-page: 122
  ident: bib10
  publication-title: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Venice, Italy) (POPL ’04)
– start-page: 12
  year: 2021
  ident: bib59
  publication-title: Proceedings of the 31st Symposium on Implementation and Application of Functional Languages (Singapore, Singapore)
– ident: bib6
– year: 2024
  ident: bib64
  article-title: Haskell bson library
– year: 2024
  ident: bib40
  article-title: Daedalus Repository
– year: 1994
  ident: bib41
  publication-title: Abstract Syntax Notation One (ASN.1): Specification of base notation
– volume: 18
  start-page: 1
  year: 2008
  end-page: 13
  ident: bib18
  article-title: Applicative Programming with Effects
  publication-title: Journal of Functional Programming
– start-page: 3
  year: 2020
  end-page: 17
  ident: bib9
  publication-title: Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2020, New Orleans, LA, USA, January 20-21, 2020
  doi: 10.1145/3372885.3373836
– year: 2007
  ident: bib48
– start-page: 1465
  year: 2019
  end-page: 1482
  ident: bib57
  publication-title: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019
– start-page: 1036
  year: 2020
  end-page: 1051
  ident: bib28
  publication-title: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (London, UK) (PLDI 2020)
  doi: 10.1145/3385412.3385992
– ident: bib20
– year: 2024
  ident: bib51
  article-title: Language Server Protocol
– year: 2024
  ident: bib22
  article-title: hyperfine: a command-line benchmarking tool
– year: 2020
  ident: bib29
  publication-title: 14th USENIX Workshop on Offensive Technologies (WOOT 20)
– volume: 13
  start-page: 577
  issue: 4-5
  year: 2004
  end-page: 625
  ident: bib27
  article-title: Boltzmann Samplers for the Random Generation of Combinatorial Structures
  publication-title: Combinatorics, Probability and Computing
– year: 1992
  ident: bib49
  article-title: A Theory of Qualified Types
  publication-title: ESOP ’92: European Symposium on Programming
– volume: 11
  start-page: 481
  issue: 4
  year: 1964
  end-page: 494
  ident: bib12
  article-title: Derivatives of Regular Expressions
  publication-title: J. ACM
  doi: 10.1145/321239.321249
– year: 2024
  ident: bib24
  article-title: DFDL (Open Grid Forum)
– year: 2020
  ident: bib36
  article-title: Exploiting PHP Phar Deserialization Vulnerabilities: Part 1
  publication-title: Keysight
– year: 2001
  ident: bib21
  article-title: Parsec: direct style monadic parser combinators for the real world
– year: 2023
  ident: bib56
– volume: 5
  start-page: 127
  issue: 8
  year: 2007
  ident: bib60
  article-title: Thrift: Scalable cross-language services implementation
  publication-title: Facebook white paper
– year: 2024
  ident: bib33
  article-title: Wuffs. Wrangling Untrusted File Formats Safely
– year: 2001
  ident: bib68
  article-title: Flawfinder
– ident: bib15
  article-title: Alex User Guide
– start-page: PS1:15-1
  year: 1975
  end-page: PS1:15-32
  ident: bib61
  publication-title: Yacc: Yet Another Compiler-Compiler
– year: 1972
  ident: bib2
  publication-title: The Theory of Parsing, Translation, and Compiling
– year: 1996
  ident: bib34
  publication-title: Monadic Parser Combinators
– year: 2024
  ident: bib55
– ident: bib19
– year: 2020
  ident: bib42
  publication-title: ISO 32000-2:2020 (PDF 2.0)
– volume: 49
  start-page: 637
  year: 2014
  end-page: 653
  ident: bib47
  article-title: Staged parser combinators for efficient data processing
  publication-title: ACM SIGPLAN Notices
– year: 2011
  ident: bib50
  publication-title: Data Format Description Language: Lessons Learned, Concepts and Experience
– volume: 17
  start-page: 348
  issue: 3
  year: 1978
  end-page: 375
  ident: bib58
  article-title: A Theory of Type Polymorphism in Programming
  publication-title: J. Comput. System Sci
– volume: 57
  issue: 2
  year: 2010
  ident: bib44
  article-title: The Next 700 Data Description Languages
  publication-title: Journal of the ACM
– year: 2023
  ident: bib45
  article-title: Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
  publication-title: The Hacker News
– start-page: 77
  year: 2007
  end-page: 83
  ident: bib70
  publication-title: Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL
– year: 2020
  ident: bib3
  article-title: How to Abuse and Fix Authenticated Encryption Without Key Commitment
  publication-title: IACR Cryptology ePrint Archive
– year: 2019
  ident: bib35
  article-title: Hammer: Parser Combinators for Binary Formats, in C. Yes, in C. What? Don’t Look at Me like That. UpstandingHackers
– year: 2000
  ident: bib46
  publication-title: ASN. 1 Complete
– volume: 52
  start-page: 859
  issue: 1
  year: 2017
  end-page: 873
  ident: bib53
  article-title: LMS-Verify: abstraction without regret for verified systems programming
  publication-title: SIGPLAN Not
– start-page: 3
  year: 2015
  end-page: 11
  ident: bib13
  publication-title: NASA Formal Methods
– year: 2001
  ident: bib26
  publication-title: ASN.1: Communication Between Heterogeneous Systems
– start-page: 168
  year: 2005
  end-page: 179
  ident: bib38
  publication-title: Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming
– year: 2024
  ident: bib39
  article-title: Daedalus PLDI Artifact
  doi: 10.5281/zenodo.10966813
– year: 2022
  ident: bib4
  publication-title: Protecting Systems From Exploits Using Language-Theoretic Security
– year: 2024
  ident: bib32
  article-title: Protocol Buffers - Google’s data interchange format
– ident: bib11
  article-title: attoparsec: Fast combinator parsing for bytestrings and text
– year: 1979
  ident: bib37
  publication-title: Introduction to Automata Theory, Languages, and Computation
– ident: bib54
– start-page: 615
  year: 2014
  end-page: 628
  ident: bib7
  publication-title: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation
– year: 1993
  ident: bib66
  article-title: National Imagery Transmission Format (Version 2.0). Standard. US DoD
– volume: 39
  start-page: 111
  issue: 1
  year: 2004
  end-page: 122
  ident: bib30
  article-title: Parsing Expression Grammars: A Recognition-Based Syntactic Foundation
  publication-title: SIGPLAN Not
  doi: 10.1145/982962.964011
– ident: bib5
– year: 2007
  ident: bib25
  publication-title: High-Level Abstractions for Low-Level Programming
– volume: 3
  start-page: 82:1
  year: 2019
  end-page: 82:29
  ident: bib23
  article-title: Narcissus: correct-by-construction derivation of decoders and encoders from binary formats
  publication-title: Proc. ACM Program. Lang
  doi: 10.1145/3341686
– start-page: 66
  year: 2002
  end-page: 77
  ident: bib31
  publication-title: Proceedings of the ACM Conference on Generative Programming and Component Engineering Proceedings (GPCE 2002), published as LNCS 2487
– year: 2024
  ident: bib69
  article-title: XpdfReader
– year: 2021
  ident: bib8
– ident: e_1_3_1_46_2
– ident: e_1_3_1_17_2
  doi: 10.1145/351240.351266
– ident: e_1_3_1_54_2
  doi: 10.1145/3093333.3009867
– ident: e_1_3_1_19_2
  doi: 10.1017/S0956796807006326
– volume-title: Abstract Syntax Notation One (ASN.1): Specification of base notation
  year: 1994
  ident: e_1_3_1_42_2
– ident: e_1_3_1_6_2
– ident: e_1_3_1_37_2
– ident: e_1_3_1_39_2
  doi: 10.1145/1086365.1086387
– ident: e_1_3_1_66_2
  doi: 10.1109/SPW54247.2022.9833889
– ident: e_1_3_1_70_2
– start-page: PS1:15-1
  volume-title: Yacc: Yet Another Compiler-Compiler
  year: 1975
  ident: e_1_3_1_62_2
– ident: e_1_3_1_10_2
  doi: 10.1145/3372885.3373836
– ident: e_1_3_1_7_2
– ident: e_1_3_1_23_2
– ident: e_1_3_1_28_2
  doi: 10.1017/S0963548304006315
– volume: 5
  start-page: 127
  issue: 8
  year: 2007
  ident: e_1_3_1_61_2
  article-title: Thrift: Scalable cross-language services implementation
  publication-title: Facebook white paper
– start-page: 615
  volume-title: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation
  year: 2014
  ident: e_1_3_1_8_2
– volume-title: ISO 32000-2:2020 (PDF 2.0)
  year: 2020
  ident: e_1_3_1_43_2
– ident: e_1_3_1_13_2
  doi: 10.1145/321239.321249
– start-page: 1465
  volume-title: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019
  year: 2019
  ident: e_1_3_1_58_2
– ident: e_1_3_1_68_2
  doi: 10.1109/TSE.1984.5010248
– volume-title: ASN.1: Communication Between Heterogeneous Systems
  year: 2001
  ident: e_1_3_1_27_2
– ident: e_1_3_1_56_2
– ident: e_1_3_1_2_2
  doi: 10.5555/6448
– volume-title: 14th USENIX Workshop on Offensive Technologies (WOOT 20)
  year: 2020
  ident: e_1_3_1_30_2
– ident: e_1_3_1_45_2
  doi: 10.1145/1667053.1667059
– ident: e_1_3_1_67_2
– start-page: 12
  volume-title: Proceedings of the 31st Symposium on Implementation and Application of Functional Languages (Singapore, Singapore)
  year: 2021
  ident: e_1_3_1_60_2
– ident: e_1_3_1_31_2
  doi: 10.1145/982962.964011
– ident: e_1_3_1_16_2
– ident: e_1_3_1_21_2
– volume-title: High-Level Abstractions for Low-Level Programming
  year: 2007
  ident: e_1_3_1_26_2
– ident: e_1_3_1_57_2
– ident: e_1_3_1_12_2
– ident: e_1_3_1_49_2
– ident: e_1_3_1_4_2
– ident: e_1_3_1_9_2
– ident: e_1_3_1_63_2
  doi: 10.1145/3519939.3523708
– volume-title: Introduction to Automata Theory, Languages, and Computation
  year: 1979
  ident: e_1_3_1_38_2
– ident: e_1_3_1_34_2
– ident: e_1_3_1_59_2
  doi: 10.1016/0022-0000(78)90014-4
– ident: e_1_3_1_29_2
  doi: 10.1145/3385412.3385992
– ident: e_1_3_1_20_2
– ident: e_1_3_1_65_2
– ident: e_1_3_1_5_2
  doi: 10.5555/AAI29211293
– ident: e_1_3_1_11_2
  doi: 10.1145/964001.964011
– ident: e_1_3_1_64_2
  doi: 10.5555/2501720
– ident: e_1_3_1_24_2
  doi: 10.1145/3341686
– start-page: 3
  volume-title: NASA Formal Methods
  year: 2015
  ident: e_1_3_1_14_2
  doi: 10.1007/978-3-319-17524-9_1
– ident: e_1_3_1_18_2
– start-page: 66
  volume-title: Proceedings of the ACM Conference on Generative Programming and Component Engineering Proceedings (GPCE 2002), published as LNCS 2487
  year: 2002
  ident: e_1_3_1_32_2
– ident: e_1_3_1_40_2
  doi: 10.5281/zenodo.10966813
– ident: e_1_3_1_15_2
  doi: 10.1109/TIT.1956.1056813
– ident: e_1_3_1_25_2
– ident: e_1_3_1_36_2
– volume-title: ASN. 1 Complete
  year: 2000
  ident: e_1_3_1_47_2
– ident: e_1_3_1_33_2
– volume-title: Data Format Description Language: Lessons Learned, Concepts and Experience
  year: 2011
  ident: e_1_3_1_51_2
– ident: e_1_3_1_22_2
– ident: e_1_3_1_50_2
  doi: 10.5555/145055.145097
– ident: e_1_3_1_55_2
– volume-title: The Theory of Parsing, Translation, and Compiling
  year: 1972
  ident: e_1_3_1_3_2
– ident: e_1_3_1_52_2
– ident: e_1_3_1_41_2
– ident: e_1_3_1_44_2
– ident: e_1_3_1_53_2
  doi: 10.1109/SPW50608.2020.00064
– ident: e_1_3_1_69_2
– volume-title: Monadic Parser Combinators
  year: 1996
  ident: e_1_3_1_35_2
– ident: e_1_3_1_48_2
  doi: 10.1145/2714064.2660241
– ident: e_1_3_1_71_2
  doi: 10.1145/1190216.1190231
SSID ssj0001934839
Score 2.259393
Snippet Despite decades of contributions to the theoretical foundations of parsing and the many tools available to aid in parser development, many security attacks in...
SourceID crossref
acm
SourceType Index Database
Publisher
StartPage 816
SubjectTerms Domain specific languages
Functional languages
Parsers
Parsing
Program analysis
Software and its engineering
Theory of computation
SubjectTermsDisplay Software and its engineering -- Domain specific languages
Software and its engineering -- Functional languages
Software and its engineering -- Parsers
Theory of computation -- Parsing
Theory of computation -- Program analysis
Title Daedalus: Safer Document Parsing
URI https://dl.acm.org/doi/10.1145/3656410
Volume 8
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LTxsxELZ4XLjQloegtNUeuKGF-LVZ94agbagIigRI3JCfAhESFBIOHPrbO_baGyM4lF5Wu7bXkv2Nxp_HMx6EdmHJ4hpof2kdMSVjlpY1J65UUkolqaxkyN7QP6t6l-z3Fb9K2exjdMlU7evnN-NK_gdVKANcfZTsO5BtO4UCeAd84QkIw_OfMD6W1sjhLHi1nUtnJ8CH9Swc7w9ksALk3HPQrlXBfePwqO9PCqKD1r03GSTj5TzZPACnb5rM1ifyaTzZO99v68bGNKbq27tWOn6Nh-YxJdDsyUnIcDjXcv47SNTtcJjbGwjzflGkk0lI9GEPOoqwLi8xa4Kck0KtM7kZnB6fZPqxxlW-1DY3Nb3W4sxfeEGBarLo8_rySuxYs4iWCWwOvHbr_8ksa4IyoH1NhLTv6yC29wRE32cEJGMSFx_RatwCFIcNnp_Qgh2toQ8pvUYRte06KhK834sAbpHALSK4G-jy54-Lo14ZE1qUklAxLS1xxjBBa-uqSmLuupRKooUWsG1VDtiTU11RY2oVw7rGVnENLAMrQ2rVsZRuoqXReGS3UCFURznjtDCOMoe5clxwXVGtOxo4H95GazDW64fmypLrOAPbqEhjb6uayHSemnx-88cdtDKXhS9oaTqZ2a_AxqbqW5j8v3haNMg
linkProvider ISSN International Centre
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Daedalus%3A+Safer+Document+Parsing&rft.jtitle=Proceedings+of+ACM+on+programming+languages&rft.au=Diatchki%2C+Iavor+S.&rft.au=Dodds%2C+Mike&rft.au=Goldstein%2C+Harrison&rft.au=Harris%2C+Bill&rft.date=2024-06-20&rft.pub=ACM&rft.eissn=2475-1421&rft.volume=8&rft.issue=PLDI&rft.spage=816&rft.epage=840&rft_id=info:doi/10.1145%2F3656410&rft.externalDocID=3656410
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2475-1421&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2475-1421&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2475-1421&client=summon