pith. sign in
Pith Number

pith:TH3HSXTF

pith:2026:TH3HSXTF2H4GCENQGTFGSBB4MH
not attested not anchored not stored refs pending

From TinyGo to gc Compiler: Extending Zorya's Concolic Framework to Real-World Go Binaries

Karolina Gorna, Keith Makan, Nicolas Iooss, Rida Khatoun, Yannick Seurin

Zorya now handles multi-threaded gc-compiled Go binaries to detect vulnerabilities including silent integer overflows

arxiv:2605.03492 v2 · 2026-05-05 · cs.CR · cs.SC · cs.SE

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{TH3HSXTF2H4GCENQGTFGSBB4MH}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Our evaluation shows that Zorya detects seven bugs at the binary level, including a silent integer overflow detects no other evaluated tool finds without a manually written oracle.

C2weakest assumption

That restoring OS thread states from gdb dumps and neutralizing runtime preemption preserves the original vulnerability behavior and does not introduce or mask bugs in multi-threaded gc-compiled Go binaries.

C3one line summary

Zorya now analyzes real-world gc-compiled Go binaries and detects 7 of 11 evaluated vulnerabilities from projects like Kubernetes and Go-Ethereum, including a silent integer overflow missed by other tools without a manual oracle.

Receipt and verification
First computed 2026-05-21T01:05:19.834051Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

99f6795e65d1f86111b034ca69043c61cb5209707cc0910ddf477264c91f4ee5

Aliases

arxiv: 2605.03492 · arxiv_version: 2605.03492v2 · doi: 10.48550/arxiv.2605.03492 · pith_short_12: TH3HSXTF2H4G · pith_short_16: TH3HSXTF2H4GCENQ · pith_short_8: TH3HSXTF
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/TH3HSXTF2H4GCENQGTFGSBB4MH \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 99f6795e65d1f86111b034ca69043c61cb5209707cc0910ddf477264c91f4ee5
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "8239619ede3ac435936c8526148cae349d4d7d6bcf77818f77e379ad4fb000b4",
    "cross_cats_sorted": [
      "cs.SC",
      "cs.SE"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-05T08:31:22Z",
    "title_canon_sha256": "a689ea25dc48c0b5e807789ff9b99671421f91fc1b4c771ac315a21d28524025"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.03492",
    "kind": "arxiv",
    "version": 2
  }
}