Paper Readings: Fundamental Software Analysis
Static Analysis
-
A few Billion Lines of code Later using static Analysis to find Bugs in the Real World.
Dawson Engler et al. (CACM 2010)
-
Program Analysis via Graph Reachability. Thomas Reps. (ISLP 1997)
-
Scalable Propagation-Based Call Graph Construction
Algorithms. Frank Tip and Jens Palsberg. (OOPSLA 2000)
-
Type-Based Race Detection for Java. Cormac Flanagan and Stephen N. Freund. (PLDI 2000)
-
Effective Static Race Detection for Java.
Mayur Naik, Alex Aiken, and John Whaley. (PLDI 2006)
-
A Type and Effect System for Atomicity. Cormac Flanagan and Shaz Qadeer. (PLDI 2003)
-
A Static Analyzer for Large Safety-Critical Software.
Bruno Blanchet et al. (PLDI 2003)
-
Cloning-based context-sensitive pointer alias analysis using
binary decision diagrams. John Whaley and Monica S. Lam. (PLDI 2004)
-
Pick Your Contexts Well: Understanding Object-Sensitivity.
Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhotak. (POPL 2011)
-
FlowDroid: Precise Context, Flow, Field, Object-sensitive
and Lifecycle-aware Taint Analysis for Android Apps.
S. Arzt et al. (PLDI 2014)
Dynamic Analysis
-
Static and Dynamic Analysis: Synergy and Duality.
Michael D. Ernst. (WODA 2003)
-
Efficient Path Profiling.
T. Ball and J. Larus. (MICRO 1996)
-
Whole Program Paths. J. Larus. (PLDI 1999)
-
Dynamically
Discovering Likely Program Invariants to Support Program Evolution. M. D.
Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. (TSE 2001)
-
Precise Dynamic Slicing Algorithms.
X. Zhang and R. Gupta. (ICSE 2003)
-
Whole Execution Traces.
X. Zhang and R. Gupta. (MICRO 2004)
-
How to Shadow Every Byte
of Memory Used by a Program. N. Nethercote and J. Seward (VEE 2007)
-
All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution.
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. (OAKLAND 2010)
-
AddressSanitizer: A Fast Address Sanity Checker.
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, Dmitry Vyukov. (USENIX ATC 2012)
-
ThreadSanitizer -- data race detection in practice.
Konstantin Serebryany, Timur Iskhodzhanov. (WBIA 2009)
Symbolic Execution and Testing
-
DART:
Directed Automated Random Testing.
Patrice Godefroid, Nils Klarlund, and
Koushik Sen. (PLDI 2005)
-
Enhancing Symbolic Execution with Veritesting.
Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, and David Brumley. (ICSE 2014)
-
KLEE: Unassisted and Automatic Generation of High-Coverage
Tests for Complex Systems Programs.
C. Cadar, D. Dunbar, and D. Engler. (OSDI 2008)
-
Symbolic PathFinder:
Symbolic Execution of Java Bytecode. C. S. Pasareanu and N. Rungta. (ASE 2010)
-
Execution Synthesis: A Technique for Automated Software Debugging. Cristian Zamfir and George Candea. (EUROSYS 2010)
-
Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript.
K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs (FSE 2013)
-
A Survey of Symbolic Execution Techniques. Roberto Baldoni, Emilio Coppa, Daniele Cono DÕElia, Camil Demetrescu, and Irene Finocchi. (arXiv last update: 2017)
Debugging and Bug Finding
-
Simplifying and Isolating
Failure-Inducing Input. A. Zeller and R. Hildebrandt. (TSE 2002)
-
The SLAM Project: Debugging System Software via Static Analysis.
Thomas Ball and Sriram K. Rajamani. (POPL 2002)
-
Finding Bugs is Easy. David Hovemeyer and William Pugh. (SIGPLAN NOTICES 2004)
-
CP-Miner: A
Tool for Finding Copy-paste and Related Bugs in Operating System Code. Z.
Li, S. Lu, S. Myagmar, and Y. Y. Zhou. (OSDI 2004)
-
Scalable Statistical Bug
Isolation. B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan.
(PLDI 2005)
-
Compiler Validation via Equivalence Modulo Inputs. Vu Le, Mehrdad Afshari, and Zhendong Su.
(PLDI 2014)
-
Precise Memory
Leak Detection for Java Software using Container Profiling. G. Xu and A.
Rountev. (ICSE 2008)
Security
-
Control-Flow Integrity
Principles, Implementations, and Applications. Martin Abadi, Mihai Budiu, òlfar Erlingsson, Jay Ligatti (TISSEC 2009)
-
Securing software by enforcing data-flow integrity. Miguel Castro, Manuel Costa, Tim Harris (OSDI 2006)
-
Preventing memory error exploits with WIT. Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, Miguel Castro (IEEE S&P 2008)
-
Code-Pointer Integrity. Volodymyr Kuznetsov, Laszl o Szekeres, Mathias Payer, George Candea, R. Sekar, Dawn Song (OSDI 2014)
-
Automatic exploit generation. T Avgerinos, SK Cha, A Rebert, EJ Schwartz, M Woo, D Brumley (CACM 2014)
-
Remote timing attacks are practical. David Brumley, Dan Boneh (USENIX SECURITY 2003)
-
Meltdown. Moritz Lipp et al. (2018)
-
Spectre Attacks: Exploiting Speculative Execution. Paul Kocher et al. (2018)
-
Cimplifier: Automatically Debloating Containers. Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, Patrick McDaniel (FSE 2017)
Program Analysis Frameworks
-
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
.
Chris Lattner and Vikram Adve. (CGO 2004)
-
Java PathFinder: Test Input Generation with Java PathFinder.
W. Visser, C. S. Pasareanu, and S. Khurshid. (ISSTA 2004)
-
Pin:
Building Customized Program Analysis Tools with Dynamic Instrumentation. C.
K. Luk et al. (PLDI 2005)
-
BAP: A binary analysis platform. David Brumley, Ivan Jager, Thanassis Avgerinos, Edward J Schwartz (CAV 2011)
-
Angr -- The Next Generation of Binary Analysis. Fish Wang, Yan Shoshitaishvili (IEEE S&P 2016)
-
Jikes RVM: The Jikes Research Virtual Machine project: Building an open-source research community.
B. Alpern et al. (IBM Systems Journal 2005)
-
Valgrind: A Framework for Heavyweight Dynamic Binary
Instrumentation.
N. Nethercote and J. Seward. (PLDI 2007)
-
CalFuzzer: An Extensible Active Testing Framework for Concurrent Programs.
P. Joshi, M. Naik, C.-S. Park, and K. Sen. (CAV 2009)
-
WALA: Static and Dynamic Program Analysis using WALA.
Julian Dolby and Manu Sridharan. (PLDI Tutorial 2010)
-
RoadRunner: The RoadRunner Dynamic Analysis Framework for Concurrent Programs.
Cormac Flanagan and Stephen N. Freund. (PASTE 2010)
-
Soot: The Soot framework for Java program analysis:
a retrospective. Patrick Lam, Eric Bodden, Ondrej Lhotak, and Laurie Hendren (CETUS 2011)
Concurrency in Practice
Data Races
-
What are Race Conditions: Some Issues and Formalizations.
Robert Netzer and Barton Miller. (LOPLAS 1992)
-
Data Races vs. Data Race Bugs: Telling the Difference with Portend.
Baris Kasikci, Cristian ZamÞr, and George Candea. (ASPLOS 2012)
-
Eraser: A Dynamic Data Race Detector for Multithreaded Programs.
Stefan Savage et al. (TOCS 1997)
-
FastTrack: Efficient and Precise Dynamic Race Detection.
Cormac Flanagan, Stephen N. Freund. (PLDI 2009)
-
Hybrid Dynamic Data Race Detection.
Robert O'Callahan and Jong-Deok Choi. (PPOPP 2003)
-
Race Directed Random Testing of Concurrent Programs.
Koushik Sen. (PLDI 2008)
-
LiteRace: Effective Sampling for Lightweight Data-Race Detection.
Daniel Marino, Madanlal Musuvathi, Satish Narayanasamy. (PLDI 2009)
-
Pacer: Proportional Detection of Data Races.
Michael D. Bond, Katherine E. Coons, Kathryn S. McKinley. (PLDI 2010)
-
Effective Data-Race Detection for the Kernel.
John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk Olynyk. (OSDI 2010)
-
Detecting and Surviving Data Races using Complementary Schedules.
K. Veeraraghavan, P. M. Chen, J. Flinn, S. Narayanasamy. (SOSP 2011)
-
RacerX: effective, static detection of race conditions and deadlocks. Dawson Engler, Ken Ashcraft. (SOSP 2003)
-
Commutativity Race Detection.
Dimitar Dimitrov, Veselin Raychev, Martin Vechev, and Eric Koskinen. (PLDI 2014)
-
Maximal Sound Predictive Race Detection With Control Flow Abstraction.
Jeff Huang, Patrick Meredith, and Grigore Rosu. (PLDI 2014)
Atomicity, Serializability, and Linearizability
Deadlocks
Testing, Isolation, and Repairing
Memory Consistency Models
-
The Java Memory Model. Jeremy Manson, William Pugh, Sarita V. Adve. (POPL 2005)
-
Memory Models: A Case for Rethinking Parallel Languages and Hardware.
Sarita V. Adve, Hans-J. Boehm. (CACM 2010)
-
A Primer on Memory Consistency and Cache Coherence.
Daniel J. Sorin, Mark D. Hill, and David A. Wood. (BOOK 2011)
-
Adversarial Memory For Detecting Destructive Races.
Cormac Flanagan, Stephen N. Freund. (PLDI 2010)
-
DRFx: A Simple and Efficient Memory Model for Concurrent Programming Languages.
Daniel Marino et al. (PLDI 2010)
MemSAT: Checking Axiomatic SpeciÞcations of Memory Models.
Emina Torlak, Mandana Vaziri, and Julian Dolby. (PLDI 2010)
-
A Case for an SC-Preserving Compiler.
Daniel Marino, Abhayendra Singh, Todd Millstein, Madanlal Musuvathi, and Satish Narayanasamy. (PLDI 2011)
-
End-To-End Sequential Consistency.
Abhayendra Singh, Satish Narayanasamy, Daniel Marino, Todd Millstein, and Madanlal Musuvathi. (ISCA 2012)
Multithreaded Record and Replay
Deterministic Multithreading
Concurrency Programming Models
Transactional Memory
-
LogTM: Log-based Transactional Memory.
Kevin E. Moore, Jayaram Bobba, Michelle J. Moravan, Mark D. Hill, and David A. Wood. (HPCA 2006)
-
Hybrid Transactional Memory.
Peter Damron, Alexandra Fedorova, Yossi Lev, Victor Luchangco, Mark Moir, and Daniel Nussbaum. (ASPLOS 2006)
-
Enforcing Isolation and Ordering in STM.
Tatiana Shpeisman et al. (PLDI 2007)
-
Using Hardware Memory Protection to Build a High-Performance, Strongly Atomic Hybrid Transactional Memory.
L. Baugh et al. (ISCA 2008)