These papers provide a non-exhaustive list of research related to material that will be presented in class. Some of them will be explicitly presented in class, while others will provide additional concrete examples and extensions to the material in class. Further material may be be presented that is not in the list.
A paper may fall into multiple categories, but each paper is listed once.
While reading papers in this list, you may wish to focus on your paper reading methodology. [1] [2] [3] [4] [5] [6]
You might also think about writing papers of your own. [1] [2]
There are many conferences in jourals with related material. In particular,
these conferences regularly have interesting related techniques and studies:
ASE, ASPLOS, BAR, Blackhat, CC, CCC, CCS, CGO, DSN, ESSoS, FASE, FSE, ICPC, ICSA, ICSE, ICSM, ICST, ISSTA, MSR, NDSS, OOPSLA, PLAS, PLDI, POPL, RAID, SANER, SBSE, S&P, SecDev, USENIX Security
An Introduction to Software Architecture
Garlan and Shaw
On Understanding Types, Data Abstraction, and Polymorphism
Cardelli and Wegner
Problems in Object-Oriented Software Reuse
Taenzer, Ganti, Podar
Disciplined Inheritance
Sakkinen
[Blogged]
A survey and problem analysis of advanced object-oriented software composition
Truyen
Inheritance Usage Patterns in Open-Source Systems
Stevenson and Wood
An Analysis of Inheritance Hierarchy Evolution
Wood, Ivanov, Lamprou
Why Functional Programming Matters
Hughes
[video]
Generic Programming
Musser and Stepanov
Experience With Safe Manual Memory-Management in Cyclone
Hicks, Morrisett, Grossman, Jim
Ownership Types for Safe Programming: Preventing Data Races and Deadlocks
Boyapati, Lee, Rinard
What is Generic Programming?
Dos Reis and Järvi
From design patterns to category theory
Seemann
[video]
Category Theory for Programmers
Milewski
[video] [As a book]
API Designers in the Field: Design Practices and Challenges for Creating Usable APIs
Murphy, Kery, Alliyu, Macvean, Myers
Microservices in Practice: A Survey Study
Viggiato, Terra, Rocha, Valente, Figueired
We Need to Talk about Microservices: an Analysis from the Discussions on StackOverflow
Bandeira, Filho, Paixão , Maia
Scaling Regression Testing to Large Software Systems
Orso, Shi, Harrold
Refining Interprocedural Change-Impact Analysis using Equivalence Relations
Gyori, Lahiri, Partush
FAST Approaches to Scalable Similarity-based Test Case Prioritization
Miranda, Cruciani, Verdecchia, Bertolino
Scalable Approaches for Test Suite Reduction
Cruciani, Miranda, Verdecchia, Bertolino
Chaos Engineering
Basiri, Behnam, de Rooij, Hochstein, Kosewski, Reynolds, Rosenthal
Are Mutants a Valid Substitute for Real Faults in Software Testing?
Just, Jalali, Inozemtseva, Ernst, Holmes, Fraser
Does Choice of Mutation Tool Matter?
Gopinath, Ahmed, Alipour, Jensen, Groce
Comparing Mutation Testing at the Levels of Source Code and Compiler Intermediate Representation
Hariri, Shi, Fernando, Mahmood, Marinov
How effective are mutation testing tools? An empirical analysis of Java mutation testing tools with manual analysis and real faults
Kintis, Papadakis, Papadopoulos, Valvis, Malevris, Le Traon
Efficient Mutation Analysis by Propagating and Partitioning Infected Execution States
Just, Ernst, Fraser
Analyzing the validity of selective mutation with dominator mutants
Kurtz, Ammann, Offutt, Delamaro, Kurtz, Gökçe
[slides]
Faster Mutation Analysis via Equivalence Modulo States
Wang, Xiong, Shi, Zhang, Hao
Inferring Mutant Utility from Program Context
Just, Kurtz, Ammann
Time to Clean Your Test Objectives
Marcozzi, Bardin, Kosmatov, Papadakis, Prevosto, Correnson
An Industrial Application of Mutation Testing: Lessons, Challenges, and Research Directions
Petrovic, Ivankovic, Kurtz, Ammann, Just
A Systematic Review of Cost Reduction Techniques for Mutation Testing
Ferrari, Pizzoleto, Offutt
Why is random testing effective for partition tolerance bugs?
Majumdar and Niksic
[video] [Morning Paper]
Fairness Testing: Testing Software for Discrimination
Galhotra, Brun, Meliou
[repo]
Feedback-directed random test generation
Pacheco, Lahiri, Ernst, Ball
[repo] [site] [slides]
Symbolic Execution for Software Testing: Three Decades Later
Sen and Cadar
A Survey of Symbolic Execution Techniques
Baldoni, Coppa, D'Elia, Demetrescu, Finocchi
Micro Execution
Godefroid
Enhancing symbolic execution with veritesting
Avgerinos, Rebert, Cha, Brumley
The Art, Science, and Engineering of Fuzzing: A Survey
Manes, Han, Han, Cha, Egele, Schwartz, Woo
Finding and Understanding Bugs in C Compilers
Yang, Chen, Eide, Regehr
[repo] [site]
Compiler Validation via Equivalence Modulo Inputs
Le, Afshari, Su
Skeletal Program Enumeration for Rigorous Compiler Testing
Zhang, Sun, Su
Systematic Execution of Android Test Suites in Adverse Conditions
Adamsen, Mezzetti, Møller
[repo]
DeepState: Symbolic Unit Testing for C and C++
Goodman and Groce
[repo] [slides] [Blog on Trail of Bits]
SAVIOR: Towards Bug-Driven Hybrid Testing
Chen, Li, Xu, Guo, Zhou, Zhang, Wei, Lu
Superion: Grammar-Aware Greybox Fuzzing
Wang, Chen, Wei, Liu
NAUTILUS:Fishing for Deep Bugs with Grammars
Aschermann, Frassetto, Holz, Jauernig, Sadeghi, Teuchert
[video] [slides]
REDQUEEN: Fuzzing with Input-to-State Correspondence
Aschermann, Schumilo, Blazytko, Gawlik, Holz
[video] [slides]
Semantic Fuzzing with Zest
Padhye, Lemieux, Sen, Papadakis, Le Traon
Coverage Guided, Property Based Testing
Lampropoulos, Hicks, Pierce
Evaluating Fuzz Testing
Klees, Ruef, Cooper, Wei, Hicks
[site]
How Complex Systems Fail
Cook
[video] [Morning Paper]
Predicting accurate and actionable static analysis warnings: an experimental approach
Ruthruff, Penix, Morgenthaler, Elbaum, Rothermel
User-guided program reasoning using Bayesian inference
Mukund Raghothaman, Sulekha Kulkarni, Kihong Heo, Mayur Naik.
[video] [slides]
Hidden truths in dead software paths
Eichberg, Hermann, Mezini, Glanz
[repo] [site]
Danger Invariants
David, Kesseli, Kroening, Lewis
Efficient Dynamic Analysis for Node.js
Sun, Bonetta, Humer, Binder
[repo] [slides]
SemFix: Program Repair via Semantic Analysis
Duong, Nguyen, Qi, Roychoudhury, Chandra
Automatic Patch Generation by Learning Correct Code
Long and Rinard
[site] [slides]
Using Safety Properties to Generate Vulnerability Patches
Huang, Lie, Tan, Jaeger
Automated Program Repair
Le Goues, Pradel, Roychoudhury
Better Test Cases for Better Automated Program Repair
Yang, Zhikhartsev, Liu, Tan
Neural Bug Finding: A Study of Opportunities and Challenges
Habib and Pradel
Extracting and Answering Why and Why Not Questions about Java Program Output
Ko and Myers
[repo] [site]
Comparative Causality: Explaining the Differences Between Executions
Sumner and Zhang
A Gray Box Approach For High-Fidelity, High-Speed Time-Travel Debugging
Vilk, Mickens, Marron
A Hybrid Algorithm for Error Trace Explanation
Murali, Sinha, Torlak, Chandra
Evaluating and improving fault localization
Pearson, Campos, Just, Fraser, Abreu, Ernst, Pang, Keller
An Empirical Study of Fault Localization Families and Their Combinations
Zou, Liang, Xiong, Ernst, Zhang
Evaluating the Usefulness of IR-Based Fault Localization Techniques
Wang, Parnin, Orso
Perceptions, Expectations, and Challenges in Defect Prediction
Wan, Xia, Hassan, Lo, Yin, Yang
Simplifying and Isolating Failure-Inducing Input
Zeller and Hildebrandt
[Discussion][Morning Paper]
Pardis: Priority Aware Test Case Reduction
Gharachorlu and Sumner
Minimizing Faulty Executions of Distributed Systems
Scott, Panda, Brajkovic, Necula, Krishnamurthy, Shenker
[video] [slides] [Morning Paper]
Understanding and Detecting Real-World Performance Bugs
Jin, Song, Shi, Scherpelz, Lu
Producing Wrong Data Without Doing Anything Obviously Wrong!
Mytkowicz, Diwan, Hauswirth, Sweeney
[slides]
The Truth, The Whole Truth, and Nothing But the Truth: A Pragmatic Guide to Assessing Empirical Evaluations
Blackburn et al.
Thinking Methodically about Performance
Gregg
[site] [video] [slides]
Statistically Rigorous Java Performance Evaluation
Georges, Buytaert, Eeckhout
[Morning Paper]
Rigorous benchmarking in reasonable time
Kalibera and Jones
[slides]
Quantifying performance changes with effect size confidence intervals
Kalibera and Jones
Why Aren’t More Users More Happy With Our VMs?
Tratt
[video] [slides] [Morning Paper] [Original: Virtual Machine Warmup Blows Hot and Cold]
Bottleneck Identification and Scheduling in Multithreaded Applications
Joao, Suleman, Mutlu, Patt
PerfFuzz: Automatically Generating Pathological Inputs
Lemieux, Padhye, Sen, Song
[repo]
Singularity: Pattern Fuzzing for Worst Case Complexity
Wei, Chen, Feng, Ferles, Dillig
[repo] [video]
Synthesizing Programs That Expose Performance Bottlenecks
Toffola, Pradel, Gross
[repo]
Code Generation in the Polyhedral Model Is EasierThan You Think
Bastoul
The Polyhedral Model Is More Widely Applicable Than You Think
Benabderrahmane, Pouchet, Cohen, Bastoul
[slides]
Locating Cache Performance Bottlenecks Using Data Profiling
Pesterev, Zeldovich, Morris
Pinpointing data locality bottlenecks with low overhead
Liu, Mellor-Crummey
REDSPY: Exploring Value Locality in Software
Wen, Chabbi, Liu
Accurate profiling in the presence of dynamic compilation
Zheng, Bulej, Binder
[video]
The Input/Output Complexity of Sorting and Related Problems
Aggarwal and Vitter
Cache-Oblivious Algorithms
Frigo, Leiserson, Prokop, Ramachandran
Algorithms to Take Advantage of Hardware Prefetching
Pan, Cherng, Dick, Ladner
ESP: Path-Sensitive Program Verification in Polynomial Time
Das, Lerner, Seigle
[Follow up]
Accelerated Data-flow Analysis
Leroux and Sutre
Path sensitive MFP solutions in presence of intersecting infeasible control flow path segments
Pathade and Khedker
Sound, Complete and Scalable Path-Sensitive Analysis
Dillig, Dillig, Aiken
Precise Interprocedural Dataflow Analysis via Graph Reachability
Reps, Horwitz, Sagiv
Precise interprocedural dataflow analysis with applications to constant propagation
Sagiv, Reps, Horwitz
Weighted Pushdown Systems and their Application to Interprocedural Dataflow Analysis
Reps, Schwoon, Jha
Efficiency, Precision, Simplicity, and Generality in Interprocedural DataFlow Analysis: Resurrecting the Classical Call Strings Method
Khedker and Karkare
Generating Precise and Concise Procedure Summaries
Yorsh, Yahav, Chandra
A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join
Mangal, Naik, Yang
Fast Algorithms for Dyck-CFL-Reachability with Applications to Alias Analysis
Zhang, Lyu, Yuan, Su
Interprocedural Dataflow Analysis with IFDS/IDE and Soot
Bodden
Interprocedural Data Flow Analysis in Soot using Value Contexts
Padhye and Khedker
Context-, Flow- and Field-Sensitive Data-Flow Analysis using Synchronized Pushdown Systems
Späth, Ali, Bodden
[video] [slides]
FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases
Lerch, Hermann, Bodden, Mezini
Abstract Interpretation: A Unified Lattice Model for Static analysis of Programs by Construction or Approximation of Fixpoints
Cousot and Cousot
Automatic Predicate Abstraction of C Programs
Ball, Majumdar, Millstein, Rajamani
Data flow analysis is model checking of abstract interpretations
Schmidt
Efficient chaotic iteration strategies with widenings
Bourdoncle
Combining Model Checking and Data-Flow Analysis
Beyer and Schmidt
Program analysis and specialisation using tree automata
Gallagher
Signedness-Agnostic Program Analysis:Precise Integer Bounds for Low-Level Code
Navas, Schachte, Søndergaard, Stuckey
Boxes: A Symbolic Abstract Domain of Boxes
Gurfinkel and Chaki
An Abstract Domain of Uninterpreted Functions
Gange, Navas, Schachte, Sondergaard, Stuckey
Improving Flow Analyses via ΓCFA
Might and Shivers
Automating Abstract Interpretation
Reps and Thakur
Abstract Interpretation under Speculative Execution
Wu and Wang
Donut Domains: Efficient Non-convex Domains for Abstract Interpretation
Ghorbal, Ivancic, Balakrishnan, Maeda, Gupta
Refinement of Path Expressions for Static Analysis
Cyphert, Breck, Kincaid, Reps
[video] [slides]
EWD 472: Guarded commands, non-determinacy and formal derivation of programs
Dijkstra
[Original]
Dijkstra-Scholten predicate calculus: concepts and misconceptions
Bijlsma and Nederpelt
Dijkstra's Predicate Transformers And Smyth's Powerdomains
Plotkin
Time, Clocks, and the Ordering of Events in a Distributed System
Lamport
Constructive Logic for All
Restall
Separation Logic: A Logic for Shared Mutable Data Structures
Reynolds
An Introduction to Separation Logic
Reynolds
Compositional Shape Analysis by means of Bi-Abduction
Calcagno, Distefano, O’hearn, Yang
The Essence of Higher-Order Concurrent Separation Logic
Krebbers, Jung, Bizjak, Jourdan, Dreyer, Birkedal
Causality & Control flow
Kunnemann, Garg, Backes
[slides]
Software Model Checking
Jhala and Majumdar
Learning from Mistakes: A Comprehensive Study on Real World Concurrency Bug Characteristics
Lu, Park, Seo, Zhou
Finding and Reproducing Heisenbugs in Concurrent Programs
Musuvathi, Qadeer, Ball, Basler, Nainar, Neamtiu
A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs
Burckhardt, Kothari, Musuvathi, Nagarakatte
A Comprehensive Study on Real World Concurrency Bugs in Node.js
Wang, Dou, Gao, Gao, Qin, Yin, Wei
Understanding Real-World Concurrency Bugs in Go
Tu, Liu, Song, Zhang
FastTrack: Efficient and Precise Dynamic Race Detection
Flanagan and Freund
[repo]
AI: A Lightweight System for Tolerating Concurrency Bugs
Zhang, Wu, Lu, Qi, Ren, Zheng
[repo]
High-Coverage, Unbounded Sound Predictive Race Detection
Roemer, Genç, Bond
[repo] [video] [slides] [And Dependence Aware]
Effective Race Detection for Event-Driven Programs
Raychev, Vechev, Sridharan
[site]
RacerD: Compositional Static Race Detection
Blackshear, Gorogiannis, O'Hearn, Sergey
[repo] [site] [video]
Parallelism-Centric What-If and Differential Analyses
Yoga and Nagarakatte
[repo]
Securing a Compiler Transformation
Deng and Namjoshi
Dead Store Elimination (Still) Considered Harmful
Yang, Johannesmeyer, Olesen, Lerner, Levchenko
[video] [slides] [Twitter]
Into the depths of C: elaborating the de facto standards
Memarian, Matthiesen, Lingard, Nienhuis, Chisnall, Watson, Sewell
EffectiveSan: type and memory error detection using dynamically typed C/C++
Duck and Yap
[repo] [video]
Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek, and Armando Solar-Lezama
[repo] [site] [video] [Blogged]
Formal Approaches to Secure Compilation
Patrignani, Ahmed, Clarke
Robustly Safe Compilation
Patrignani and Garg
Principles and Implementation Techniques of Software-Based Fault Isolation
Tan
Smashing The Stack For Fun And Profit
Aleph One
The Confused Deputy
Hardy
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Shacham
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later
van der Veen, Andriesse, Stamatogiannakis, Chen, Bos, Giuffrdia
[video] [Morning Paper]
On the effectiveness of address-space randomization
Shacham, Page, Pfaff, Goh, Modadugu, Boneh
Heap Spraying Demystified
Corelan Team
A Tour of TOCTTOUs
Lowery
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Maurice, Weber, Schwarz, Giner, Gruss, Boano, Mangard, Römer
[video] [slides]
The Matter of Heartbleed
Durumeric, Li, Kasten, Amann, Beekman, Payer, Weaver, Adrian, Paxson, Bailey, Halderman
[video]
RAMBleed: Reading Bits in Memory Without Accessing Them
Kwon, Genkin, Gruss, Yarom
Spectre Attacks: Exploiting Speculative Execution
Kocher, Horn, Fogh, Genkin, Gruss, Haas, Hamburg, Lipp, Mangard, Prescher, Schwarz, Yarom
[repo] [site] [A year with Spectre: a V8 perspective]
Port Contention for Fun and Profit
Aldaya, Brumley, Hassan, García, Tuveri
SMoTherSpectre: exploiting speculative execution through port contention
Bhattacharyya, Sandulescu, Neugschwandtner, Sorniotti, Falsafi, Payer, Kurmus
[repo]
Understanding type confusion vulnerabilities
Microsoft Defender ATP Research Team
Counterfeit Object-oriented Programming
Schuster, Tendyck, Liebchen, Davi, Sadeghi, Holz
[video] [slides]
How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
Wang, Krinke, Lu, Li, Dodier-Lazaro
[video] [slides]
Rendered Insecure: GPU side channel attacks are practical
Naghibijouybari, Neupane, Qian, Abu-Ghazaleh
[video]
AEG: Automatic Exploit Generation
Avgerinos, Cha, Hao, Brumley
[site]
Revery: From Proof-of-Concept to Exploitable
Wang, Zhang, Xiang, Zhao, Li, Gong, Liu, Chen, Zou
[video]
Automatic creation of SQL injection and cross-site scripting attacks
Kieżun, Guo, Jayaraman, Ernst
[site] [slides]
The Mayhem Cyber Reasoning System
Avgerinos, Brumley, Davis, Goulden, Nighswander, Rebert, Williamson
DifFuzz: Differential Fuzzing for Side-Channel Analysis
Nilizadeh, Noller, Pasareanu
[repo]
Towards Automated Generation of Exploitation Primitives for Web Browsers
Garmany, Stoffel, Gawlik, Koppe, Blazytko, Holz
[Blogged]
Block Oriented Programming: Automating Data-Only Attacks
Ispoglou, AlBassam, Jaeger, Payer
[repo] [video]
(State of) The Art of War: Offensive Techniques in Binary Analysis
Shoshitaishvili, Wang, Salls, Stephens, Polino, Dutcher, Grosen, Feng, Hauser, Krügel, Vigna
[video]
An In-Depth Study of More Than Ten Years of Java Exploitation
Holzinger, Triller, Bartel, Bodden
[video]
Twenty years of Escaping the Java Sandbox
Ieu Eauvidoum and disk noise
Evil Pickles: DoS Attacks Based on Object-Graph Engineering
Dietrich, Jezek, Rasheed, Tahir, Potanin
[video]
Control-Flow Integrity: Precision, Security, and Performance
Burow, Carr, Nash, Larsen, Franz, Brunthaler, Payer
Missing the Point(er):On the Effectiveness of Code Pointer Integrity
Evans, Fingeret, Gonzalez, Otgonbaatar, Tang, Shrobe, Sidiroglou, Rinard, Okhravi
[video]
Poster: Getting The Point(er): On the Feasibilityof Attacks on Code-Pointer Integrity
Kuznetsov, Szekeres, Payer, Candea, Song
[repo] [site] [video] [slides]
Delta Pointers: Buffer Overflow Checks Without the Checks
Kroes, Koning, van der Kouwe, Bos, Giuffrida
[repo] [HackerNews (with comment from DannyBee)]
Declarative, temporal, and practical programming with capabilities
Harris, Jha, Reps, Anderson, Watson
[site]
HexType: Efficient Detection of Type Confusion Errors for C++
Jeon, Biswas, Carr, Lee, Payer
[repo] [video] [slides]
ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations
Bhat, van der Kouwe, Bos, Giuffrida
[repo]
DP-Finder: Finding Differential Privacy Violations by Sampling and Optimization
Bichsel, Gehr, Drachsler-Cohen, Tsankov, Vechev
[video] [slides]
Runtime Analysis of Whole-System Provenance
Pasquier, Han, Moyer, Bates, Hermant, Eyers, Bacon, Seltzer
[video]
A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping
Liu, Zhang, Wang
[video]
Mystique: Uncovering Information Leakage from Browser Extensions
Chen and Kapravelos
[video]
Saner: Composing static and dynamic analysis to validate sanitization in web applications
Balzarotti, Cova, Felmetsger, Jovanovic, Kirda, Kruegel, Vigna
AddressSanitizer: A Fast Address Sanity Checker
Serebryany, Bruening, Potapenko, Vyukov
[repo] [video] [slides]
Compiler-assisted Code Randomization
Koo, Chen, Lu, Kemerlis, Polychronakis
[repo]
Strongest Postcondition Semantics as the Formal Basis for Reverse Engineering
Gannod and Cheng
Extracting Output Formats from Executables
Lim, Reps, Liblit
Synthesizing Program Input Grammars
Bastani, Sharma, Aiken, Liang
Intermediate-representation recovery from low-level code
Reps, Balakrishnan, Lim
Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring
Edward J. Schwartz, Carnegie Mellon University; JongHyup Lee, Korea National University of Transportation; Maverick Woo and David Brumley, Carnegie Mellon University
[video]
rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
Federico, Payer, Agosta
State of the art of network protocol reverse engineering tools
Duchene, Le Guernic, Alata, Nicomette, Kaâniche
Software Ethology: An Accurate and Resilient Semantic Binary Analysis Framework
McKee, Burow, Payer
JTR: A Binary Solution for Switch-Case Recovery
Cojocar, Kroes, Bos
Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables
Schwartz, Cohen, Duggan, Gennari, Havrilla, Hines
[video]
Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?
Schrittwieser, Katzenbeisser, Kinder, Merzdovnik, Weippl
An Observational Investigationof Reverse Engineers’ Processesand Mental Models
Votipka, Rabin, Micinski, Foster, Mazurek
DECAF++: Elastic Whole-System Dynamic Taint Analysis
Davanian, Qi, Qu, Yin
[repo]
The Protection of Information in Computer Systems
Saltzer and Schroeder
Some thoughts on security after ten years of qmail 1.0
Bernstein
[site]
Capsicum: practical capabilities for UNIX
Watson, Anderson, Laurie, Kennaway
[site] [video]
Capability Myths Demolished
Miller, Yee, Shapiro
[Morning Paper]
Wedge: Splitting Applications into Reduced-Privilege Compartments
Bittau, Marchenko, Handley, Karp
[site] [slides]
Clean Application Compartmentalization with SOAAP
Gudka et al.
Research on software design level security vulnerabilities
Rehman and Mustafa
Analyzing Websites for User-Visible Security Design Flaws
Falk, Prakash, Borders
Security in the Software Development Lifecycle
Assal and Chiasson
API Blindspots: Why Experienced Developers Write Vulnerable Code
Oliveira, Lin, Rahman, Akefirad, Ellis, Perez, Bobhate, DeLong, Cappos, Brun, Ebner
Inspection Guidelines to Identify Security Design Flaws
Tuma, Hosseini, Malamas, Scandariato
Getting 2FA Right in 2019
Woodruff
Learning Programs from Traces using Version Space Algebra
Lau, Domingos, Weld
Syntax-Guided Synthesis
Alur, Bodik, Dallal, Fisman, Garg, Juniwal, Kress-Gazit, Madhusudan, Martin, Raghothaman, Saha, Seshia, Singh, Solar-Lezama, Torlak, Udupa
The Sketching Approach to Program Synthesis
Solar-Lezama
Dimensions in Program Synthesis
Gulwani
Scaling Enumerative Program Synthesis via Divide and Conquer
Alur, Radhakrishna, and Udupa
[repo]
Strategy Synthesis for Linear Arithmetic Games
Farzan and Kincaid
[video]
Counterexample Guided Inductive Synthesis Modulo Theories
Abate, David, Kesseli, Kroening, Polgreen
FlashMeta: A Framework for Inductive Program Synthesis
Polozov and Gulwani
[site] [Polozov's Dissertation]
Growing Solver-Aided Languages with ROSETTE
Torlak and Bodik
[repo] [site]
FlashExtract: A Framework for Data Extraction by Examples
Gulwani
WebRelate: Integrating Web Data with Spreadsheets using Examples
Inala and Singh
[video]
Synthesizing Entity Matching Rules by Examples
Singh, Meduri, Elmagarmid, Madden, Papotti, Quiané-Ruiz, Solar-Lezama, Tang
FrAngel: Component-Based Synthesiswith Control Structures
Shi, Steinhardt, Liang
[repo] [video]
Program Synthesis using Abstraction Refinement
Wang, Dillig, Singh
[video]
Programming Not Only by Example
Peleg, Shoham, Yahav
[slides]
Resource-Guided Program Synthesis
Knoth, Wang, Polikarpova, Hoffmann
[repo]
Modular Divide-and-Conquer Parallelization of Nested Loops
Farzan and Nicolet
[repo] [site]
An Inductive Synthesis Framework for Verifiable Reinforcement Learning
Zhu, Xiong, Magill, Jagannathan
DO-178B, Software Considerations in Airborne Systems and Equipment Certification
[Discussion][Wikipedia]
DO-178C, Software Considerations in Airborne Systems and Equipment Certification
[Wikipedia]
An Analysis of ISO 26262: Using Machine Learning Safely in Automotive Software
Salay, Queiroz, Czarnecki
IEC 61508 - Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems
[Wikipedia]
IEC 62304 - Medical device software – Software life cycle processes
[Wikipedia]
A Practical Tutorial on Modified Condition/Decision Coverage
Hayhurst, Veerhusen, Chilenski, Rierson
Designing Law-Compliant Software Requirements
Siena, Mylopoulos, Perini, Susi
The General Data Protection Regulation: Requirements, Architectures, and Constraints
Hjerppe, Ruohonen, Leppänen
Web Content Accessibility Guidelines (WCAG) 2.0
[ADA Compliance in Plain English]