Reading List

Abstract interpretation-based

[BCC+02] Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jirtme Feret, Laurent Mauborgne, Antoine Mini, David Monniaux, Xavier Rival: Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter. In The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones. 2002.

[BCC+03] PLDI 2003. (an improved analyzer)

PolySpace: http://www.polyspace.com/datasheets/c_psde.htm

Dataflow-based

[DLS02] Manuvir Das, Sorin Lerner, Mark Seigle: ESP: Path-Sensitive Program Verification in Polynomial Time. PLDI 2002: 57-68.

Type and constrainted-based

[FF00] Cormac Flanagan, Stephen N. Freund: Type-based race detection for Java. PLDI 2000: 219-232.

[FQ03] Cormac Flanagan, Shaz Qadeer: Types for Atomicity. TLDI 2003.

[DF01] Robert DeLine, Manuel Fahndrich: Enforcing High-Level Protocols in Low-Level Software. PLDI 2001: 59-69.

[FD02] Manuel Fahndrich, Robert DeLine: Adoption and Focus: Practical Linear Types for Imperative Programming. PLDI 2002: 13-24.

[RF01] Jakob Rehof, Manuel Fahndrich: Type-base flow analysis: from polymorphic subtyping to CFL-reachability. POPL 2001: 54-66.

[AFS00] Alexander Aiken, Manuel Fahndrich, Zhendong Su: Detecting races in Relay Ladder Logic programs. STTT 3(1): 93-105 (2000).

[FTA02] Jeffrey S. Foster, Tachio Terauchi, Alexander Aiken: Flow-Sensitive Type Qualifiers. PLDI 2002: 1-12.

[OJ97] Robert O'Callahan, Daniel Jackson: Lackwit: A Program Understanding Tool Based on Type Inference. ICSE 1997: 338-348.

[NMW02] George C. Necula, Scott McPeak, Westley Weimer: CCured: type-safe retrofitting of legacy code. POPL 2002: 128-139.

[CHN+03] Jeremy Condit, Matthew Harren, George C. Necula, Scott McPeak, Westley Weimer: CCured In The Real World. PLDI 2003.

[EHM+99] Peter Harry Eidorff, Fritz Henglein, Christian Mossin, Henning Niss, Morten Heine Sxrensen, Mads Tofte: AnnoDomini: From Type Theory to Year 2000 Conversion Tool. POPL 1999: 1-14.

Theorem proving and model checking

[FLL+02] Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, Raymie Stata: Extended Static Checking for Java. PLDI 2002: 234-245.

[Eva96] David Evans: Static Detection of Dynamic Memory Errors. PLDI 1996: 44-53.

[LE01] David Larochelle and David Evans: Statically Detecting Likely Buffer Overflow Vulnerabilities. 2001 USENIX Security Symposium, Washington, D.C., August 13-17, 2001.

[EL02] David Evans and David Larochelle: Improving Security Using Extensible Lightweight Static Analysis. IEEE Software, Jan/Feb 2002.

[HJMS02] Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, Gregoire Sutre: Lazy abstraction. POPL 2002: 58-70.

[CDH+00] James C. Corbett, Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Pasareanu, Robby, Hongjun Zheng: Bandera: extracting finite-state models from Java source code. ICSE 2000: 439-448.

[God97] Patrice Godefroid: Model Checking for Programming Languages using Verisoft. POPL 1997: 174-186.
Link to VeriSoft: http://cm.bell-labs.com/who/god/verisoft/.

Race detection

[SBN+97] Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas E. Anderson: Eraser: A Dynamic Data Race Detector for Multithreaded Programs. TOCS 15(4): 391-411 (1997).

[CLL+02] Jong-Deok Choi, Keunwoo Lee, Alexey Loginov, Robert O'Callahan, Vivek Sarkar, Manu Sridharan: Efficient and Precise Datarace Detection for Multithreaded Object-Oriented Programs. PLDI 2002: 258-269

Specification discovery

[ECG+01] Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin: Dynamically Discovering Likely Program Invariants to Support Program Evolution. TSE 27(2): 99-123 (2001).

[ABL02] Glenn Ammons, Rastislav Bodik, James R. Larus: Mining specifications. POPL 2002: 4-16.

Machine code analyses

[CJ03] M. Christodorescu and S. Jha: Static Analysis of Executables to Detect Malicious Patterns, Usenix Sexurity Symposium, August 2003.

[XMR00] Zhichen Xu, Barton P. Miller, Thomas W. Reps: Safety checking of machine code. PLDI 2000: 70-82.

[XRM01] Zhichen Xu, Thomas W. Reps, Barton P. Miller: Typestate Checking of Machine Code. ESOP 2001: 335-351

Misc

[AE02] Ken Ashcraft, Dawson R. Engler: Using Programmer-Written Compiler Extensions to Catch Security Holes. IEEE Symposium on Security and Privacy 2002: 143-159.

[HCXE02] Seth Hallem, Benjamin Chelf, Yichen Xie, Dawson R. Engler: A System and Language for Building System-Specific, Static Analyses. PLDI 2002: 69-82.

[BPS00] William R. Bush, Jonathan D. Pincus, David J. Sielaff: A static analyzer for finding dynamic programming errors. Software - Practice and Experience 30(7): 775-802 (2000).

[JMG+02] Trevor Jim, J. Greg Morrisett, Dan Grossman, Michael W. Hicks, James Cheney, Yanling Wang: Cyclone: A Safe Dialect of C. USENIX Annual Technical Conference, General Track 2002: 275-288.

[CW02] Hao Chen and David Wagner: MOPS: An Infrastructure for Examining Security Properties of Software. ACM CCS 2002. 235-244.

[WD01] David Wagner, Drew Dean: Intrusion Detection via Static Analysis. IEEE Symposium on Security and Privacy 2001.