If there are papers listed for a given day, you should read them before class that day. For student presented papers, on any week that you are not presenting a paper, you should write a response/critique to one of that week's papers. These critiques don't just show that you have at least skimmed through the paper, but they prepare you to discuss the papers and raise (or answer) questions during class. Critiques must be submitted via CourSys by 9:00PM before (PDFs, please). If you are presenting a paper, slides for presentation must be submitted via CourSys by 10:00PM before the class (PDFs, please).

The schedule is subject to change.

Week Date Topics Papers
1 Jan 5 Introduction
Project 1 due Jan 20
2 Jan 10 Slicing
Jan 12 Static Analysis Micha Sharir, Amir Pnueli
Two Approaches to Precise Interprocedural Dataflow Analysis
Program Flow Analysis: Theory and Practice
Florian Martin
Experimental Comparison of Call String and Functional Approaches to Interprocedural Analysis
CC 1999
Ravi Mangal, Mayur Naik, Hongseok Yang
A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join
ESOP 2014
3 Jan 17 Static Analysis Patrick Cousot, Radhia Cousot
Static Verification of Dynamic Type Properties of Variables
Patrick Cousot, Radhia Cousot
Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
POPL 1977
Jan 19 Static Analysis Thomas Reps, Susan Horwitz, Mooly Sagiv
Precise Interprocedural Dataflow Analysis via Graph Reachability
POPL 1995
4 Jan 24 Dynamic Analysis
Project 2 due Feb 13
Thomas Ball, James Larus
Efficient Path Profiling
MICRO 1996
Jan 26 Dynamic Analysis
Intro to Security
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, Dmitriy Vyukov
AddressSanitizer: a fast address sanity checker
Usenix ATC 2012
5 Jan 31 Intro to Security
Testing and Symbolic Execution
Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, Mathias Payer
Control-Flow Integrity: Precision, Security, and Performance
Koushik Sen, Christian Cadar
Symbolic Execution for Software Testing: Three Decades Later
CACM, February 2013
Efficient Encodings
Counterpoints from fuzzing
Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, Irene Finocchi
A Survey of Symbolic Execution Techniques
Feb 2 Test Case Reduction Nick Andreas Zeller, Ralf Hildebrandt
Simplifying and isolating failure-inducing input.
TSE 2002
6 Feb 7 Amirali, Hanhan, Hansi Gene Novark, Emery D. Berger
DieHarder: Securing the Heap
CCS 2010
On Github
Feb 9 Grant, Sal, Saad Charlie Curtsinger, Emery D. Berger
STABILIZER: Enabling Statistically Rigorous Performance Evaluation
On Github
Related work:
Producing wrong data without doing anything obviously wrong!
A pragmatic guide to assessing empirical evaluations
8 Feb 21 Robert, Michael, Xiaoyu Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, Herbert Bos
Flip Feng Shui: Hammering a Needle in the Software Stack
USENIX Security 2016
Feb 23 Dawson, Evan, Ming Kai Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin
Dynamically Discovering Likely Program Invariants to Support Program Evolution
TSE 2001
Download and Related Work
Generating test cases for specification mining
DySy: Dynamic Symbolic Execution for Invariant Inference
iDiscovery: Feedback-Driven Dynamic Invariant Discovery
9 Feb 28 Fahad, Xiangyu, Fenco Iftekhar Ahmed, Rahul Gopinath, Caius Brindescu, Alex Groce, Carlos Jensen
Can testedness be effectively measured?
FSE 2016
Mar 2 Patterson, Ken, Warren Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu
Reverse Engineering Input Syntactic Structure from Program Execution and Its Applications
TSE 2010
Related Work:
Mining Input Grammars from Dynamic Taints
Extracting Output Formats from Executables
10 Mar 7 Chenguang, Iykon, Mark, Rafay Gulsher Laghari, Alessandro Murgia, Serge Demeyer
Fine-tuning spectrum based fault localisation with frequent method item sets
ASE 2016
Programmers Should Still Use Slices When Debugging
A User Study Revisiting the Usefulness of Spectra-Based Fault Localization Techniques with Professionals Using Real Bugs from Large Systems
Probabilistic Fault Localisation
Evaluating & improving fault localization techniques
Mar 9 You? Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos
VUzzer: Application-aware Evolutionary Fuzzing
NDSS 2017
On GitHub
American Fuzzy Lop
11 Mar 14 Hanhan, Hongpu, Michael, Xiaoyu Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal K. Roy, Cristina V. Lopes
SourcererCC: Scaling Code Clone Detection to Big-Code
ICSE 2016
On GitHub
MOSS (What we use for plagiarism detection)
Binary code searches
Mar 16 Fahad, Fenco, Xiangyu Haopeng Liu, Yuxi Chen, Shan Lu
Understanding and Generating High Quality Patches for Concurrency Bugs
FSE 2016
12 Mar 21 Chenguang, Mark, Weida Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley
Enhancing Symbolic Execution with Veritesting
ICSE 2014
Unleashing MAYHEM on Binary Code (preceding paper)
Mar 23 Evan, Dawson, Ming Kai Song Wang, Taiyue Liu, Lin Tan
Automatically Learning Semantic Features for Defect Prediction
ICSE 2016
13 Mar 28 Grant, Saad, Sal Du Shen, Qi Luo, Denys Poshyvanyk, Mark Grechanik
Automating performance bottleneck detection using search-based application profiling
ISSTA 2015
Mar 30 Himahansi, Amirali Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC
CCS 2008
14 Apr 4 Ken, Patterson, Warren Patrice Godefroid, Adam Kiezun, Michael Y. Levin
Grammar Based Whitebox Fuzzing
PLDI 2008