This is a nonexhaustive list of interesting papers and background materials. Feel free to suggest another paper that interests you! If there is a topic or area that you would like to investigate, you can let me know, and I can suggest additional papers of interest. You might look through the proceedings of ISSTA, ICSE, PLDI, FSE, ICST, ASPLOS, ICSM, ASE, ISMM, Middleware, ICPC, POPL, Usenix Security, SAS, or WODA.

Offense & Defense

• Driller: Augmenting Fuzzing Through Selective Symbolic Execution
  [https://github.com/shellphish/driller]

• (State of) The Art of War: Offensive Techniques in Binary Analysis

• DieHarder: Securing the Heap
  [https://github.com/emeryberger/DieHard]

• ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks
  [https://github.com/sslab-gatech/aslr-guard]

• VTrust: Regaining Trust on Virtual Calls

• Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++

• Dynamic hooks: hiding control flow changes within non-control data

• Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity

• Grammar-based Whitebox Fuzzing

• FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage

• Under-Constrained Symbolic Execution: Correctness Checking for Real Code

• SPAIN: Security Patch Analysis for Binaries - Towards Understanding the Pain and Pills

• A Compiler and Verifier for Page Access Oblivious Computation

• NEZHA: Efficient Domain-Independent Differential Testing

• Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks
  [https://huhong-nus.github.io/advanced-DOP/]

Reverse Engineering

• Synthesizing Program Input Grammars
  [https://github.com/obastani/glade]

• Binary Code Is Not Easy
  [http://www.dyninst.org/parse]

• Symbolic Execution of Obfuscated Code

• An improved algorithm for slicing machine code

• MARX: Uncovering Class Hierarchies in C++ Programs
  [https://github.com/RUB-SysSec/Marx]

Concurrency & Parallelism

• AI: A Lightweight System for Tolerating Concurrency Bugs
  [https://james0zan.github.io/AI.html]

• Efficient Computation of Happens-Before Relation for Event-Driven Programs
  [https://bitbucket.org/iiscseal/eventtrack]

• Directed synthesis of failing concurrent executions

• Dynamic race prediction in linear time

• Efficient Detection of Thread Safety Violations via Coverage-Guided Generation of Concurrent Tests

• BigFoot: Static Check Placement for Dynamic Race Detection
  [https://github.com/stephenfreund/RoadRunner]

Testing

• Generating Focused Random Tests using Directed Swarm Testing

• Inferring Mutant Utility from Program Context

• Faster Mutation Analysis via Equivalence Modulo States

• The Care and Feeding of Wild-Caught Mutants

• Coverage-directed differential testing of JVM implementations

• Skeletal Program Enumeration for Rigorous Compiler Testing

• Finding compiler bugs via live code mutation

• CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems

Bugs

• Evaluating and Improving Fault Localization
  [https://bitbucket.org/rjust/fault-localization-data]

• Evaluating the Usefulness of IR-Based Fault Localization Techniques

• S3: Syntax- and Semantic-Guided Repair Synthesis via Programming by Examples

• Feedback-Based Debugging

Synthesis

• Fast Synthesis of Fast Collections
  [http://cozy.uwplse.org/]

• Automatically Improving Accuracy for Floating Point Expressions
  [https://herbie.uwplse.org/]

• Automatic runtime recovery via error handler synthesis
  [http://moon.nju.edu.cn/dse/ares/http://moon.nju.edu.cn/dse/ares/]

• CodeHint: Dynamic and Interactive Synthesis of Code Snippets
  [https://github.com/jgalenson/codehint]

• Angelix: scalable multiline program patch synthesis via symbolic analysis
  [http://angelix.io/]

• Synthesizing Transformations on Hierarchically Structured Data

• Synthesizing Highly Expressive SQL Queries from Input-Output Examples
  [http://scythe.cs.washington.edu]

• Synthesis of Divide and Conquer Parallelism for Loops
  [https://github.com/victornicolet/parsynt]

• LASE: locating and applying systematic edits by learning from examples

Static Analysis

• ESP: Path-Sensitive Program Verification in Polynomial Time

• Refining interprocedural change-impact analysis using equivalence relations

• Null Dereference Verification via Over-approximated Weakest Pre-conditions Analysis

• Lightweight detection of physical unit inconsistencies without program annotations

• Path-Sensitive Data Flow Analysis Simplified

• Precise Data Flow Analysis in the Presence of Correlated Method Calls

• Context Transformations for Pointer Analysis

• Securing a Compiler Transformation

Performance

• Performance Diagnosis for Inefficient Loops

• PerfRanker: prioritization of performance regression tests for collection-intensive software

• REMIX: Online Detection and Repair of Cache Contention for the JVM

Mobile

• A SEALANT for Inter-App Security Holes in Android

• Automatic Generation of Inter-Component Communication Exploits for Android Applications

• µDroid: An Energy-Aware Mutation Testing Framework for Android

• Systematic Execution of Android Test Suites in Adverse Conditions

Web

• ReDeCheck: An Automatic Layout Failure Checking Tool for Responsively Designed Web Pages

• Automated Repair of Layout Cross Browser Issues using Search-Based Techniques
  [https://github.com/sonalmahajan/xfix]

• Test Execution Checkpointing for Web Applications

• ZenIDS: Introspective Intrusion Detection for PHP Applications

• To Type or Not to Type: Quantifying Preventable Bugs in JavaScript

• Automated Reasoning for Web Page Layout

Similarity

• BinGo: Cross-Architecture Cross-OS Binary Search

• Cross-Architecture Bug Search in Binary Executables

• Similarity of Binaries through re-Optimization

• Winnowing: Local Algorithms for Document Fingerprinting

Learning & Mining

• Learning a Static Analyzer from Data

• Dynamically discovering likely program invariants to support program evolution

• Merlin: specification inference for explicit information flow problems

• Probabilistic model for code with decision trees

• Inferring Method Specifications from Natural Language API Descriptions

• Machine-Learning-Guided Selectively Unsound Static Analysis

• Finding Likely Errors with Bayesian Specifications

• Are Deep Learning models the best for Source Code?

Misc.

• TRAVIOLI: A Dynamic Analysis for Detecting Data-Structure Traversals

• Hierarchical Program Paths

• Control-Flow Recovery from Partial Failure Reports

• Low Overhead Dynamic Binary Translation on ARM

• Instruction Punning: Lightweight Instrumentation for x86-64