Schedule

Venue

Tuesdays at 2:30-4:20 in AQ4130
Thursdays at 2:30-3:20 in AQ4150

If there are papers listed for a given day, you should read them before class that day. For student presented papers, on any week that you are not presenting a paper, you should write a response/critique to one of that week's papers. These critiques don't just show that you have at least skimmed through the paper, but they prepare you to discuss the papers and raise (or answer) questions during class. Critiques must be submitted via CourSys by 9:00PM before (PDFs, please). If you are presenting a paper, slides for presentation must be submitted via CourSys by 10:00PM before the class (PDFs, please).

The schedule is subject to change.

Week	Date	Topics	Papers
1	Jan 5	Introduction Representations Project 1 due Jan 20
2	Jan 10	Slicing LLVM LLVM Demo
	Jan 12	Static Analysis		Micha Sharir, Amir Pnueli Two Approaches to Precise Interprocedural Dataflow Analysis Program Flow Analysis: Theory and Practice
				Florian Martin Experimental Comparison of Call String and Functional Approaches to Interprocedural Analysis CC 1999
				Ravi Mangal, Mayur Naik, Hongseok Yang A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join ESOP 2014
3	Jan 17	Static Analysis		Patrick Cousot, Radhia Cousot Static Verification of Dynamic Type Properties of Variables
	Jan 17	Static Analysis		Patrick Cousot, Radhia Cousot Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints POPL 1977
	Jan 19	Static Analysis		Thomas Reps, Susan Horwitz, Mooly Sagiv Precise Interprocedural Dataflow Analysis via Graph Reachability POPL 1995
4	Jan 24	Dynamic Analysis Project 2 due Feb 13		Thomas Ball, James Larus Efficient Path Profiling MICRO 1996
4	Jan 26	Dynamic Analysis Intro to Security		Konstantin Serebryany, Derek Bruening, Alexander Potapenko, Dmitriy Vyukov AddressSanitizer: a fast address sanity checker Usenix ATC 2012
5	Jan 31	Intro to Security Testing and Symbolic Execution		Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, Mathias Payer Control-Flow Integrity: Precision, Security, and Performance
				Koushik Sen, Christian Cadar Symbolic Execution for Software Testing: Three Decades Later CACM, February 2013 Efficient Encodings Counterpoints from fuzzing
				Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, Irene Finocchi A Survey of Symbolic Execution Techniques
	Feb 2	Test Case Reduction	Nick	Andreas Zeller, Ralf Hildebrandt Simplifying and isolating failure-inducing input. TSE 2002 Commentary
6	Feb 7		Amirali, Hanhan, Hansi	Gene Novark, Emery D. Berger DieHarder: Securing the Heap CCS 2010 On Github
6	Feb 9		Grant, Sal, Saad	Charlie Curtsinger, Emery D. Berger STABILIZER: Enabling Statistically Rigorous Performance Evaluation ASPLOS 2013 On Github Related work: Producing wrong data without doing anything obviously wrong! A pragmatic guide to assessing empirical evaluations
7	Feb 14	READING WEEK
7	Feb 16	READING WEEK
8	Feb 21		Robert, Michael, Xiaoyu	Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, Herbert Bos Flip Feng Shui: Hammering a Needle in the Software Stack USENIX Security 2016
8	Feb 23		Dawson, Evan, Ming Kai	Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Dynamically Discovering Likely Program Invariants to Support Program Evolution TSE 2001 Download and Related Work Generating test cases for specification mining DySy: Dynamic Symbolic Execution for Invariant Inference iDiscovery: Feedback-Driven Dynamic Invariant Discovery
9	Feb 28		Fahad, Xiangyu, Fenco	Iftekhar Ahmed, Rahul Gopinath, Caius Brindescu, Alex Groce, Carlos Jensen Can testedness be effectively measured? FSE 2016
9	Mar 2		Patterson, Ken, Warren	Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu Reverse Engineering Input Syntactic Structure from Program Execution and Its Applications TSE 2010 Related Work: Mining Input Grammars from Dynamic Taints Extracting Output Formats from Executables
10	Mar 7		Chenguang, Iykon, Mark, Rafay	Gulsher Laghari, Alessandro Murgia, Serge Demeyer Fine-tuning spectrum based fault localisation with frequent method item sets ASE 2016 Programmers Should Still Use Slices When Debugging A User Study Revisiting the Usefulness of Spectra-Based Fault Localization Techniques with Professionals Using Real Bugs from Large Systems Probabilistic Fault Localisation Evaluating & improving fault localization techniques
10	Mar 9		You?	Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos VUzzer: Application-aware Evolutionary Fuzzing NDSS 2017 On GitHub American Fuzzy Lop AFLFast
11	Mar 14		Hanhan, Hongpu, Michael, Xiaoyu	Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal K. Roy, Cristina V. Lopes SourcererCC: Scaling Code Clone Detection to Big-Code ICSE 2016 On GitHub MOSS (What we use for plagiarism detection) Binary code searches
11	Mar 16		Fahad, Fenco, Xiangyu	Haopeng Liu, Yuxi Chen, Shan Lu Understanding and Generating High Quality Patches for Concurrency Bugs FSE 2016
12	Mar 21		Chenguang, Mark, Weida	Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, David Brumley Enhancing Symbolic Execution with Veritesting ICSE 2014 Unleashing MAYHEM on Binary Code (preceding paper)
12	Mar 23		Evan, Dawson, Ming Kai	Song Wang, Taiyue Liu, Lin Tan Automatically Learning Semantic Features for Defect Prediction ICSE 2016
13	Mar 28		Grant, Saad, Sal	Du Shen, Qi Luo, Denys Poshyvanyk, Mark Grechanik Automating performance bottleneck detection using search-based application profiling ISSTA 2015
13	Mar 30		Himahansi, Amirali	Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC CCS 2008
14	Apr 4		Ken, Patterson, Warren	Patrice Godefroid, Adam Kiezun, Michael Y. Levin Grammar Based Whitebox Fuzzing PLDI 2008
14	Apr 6	LIGHTNING TALKS