Papers are classified into the following topical areas. Pick 3 papers to read and write a one or two page review for each paper. Your review should both reflect a high-level understanding and contain a critical analysis of the paper, in your own words; you should not copy the original writing. In particular, it should contain the elements outlined in this essay on how to read a research paper.

Later on you will present one of the 3 papers that you have read to the class. It should be the one that you feel most comfortable with. Therefore, you should study at least one paper in depth. Although you are not required to select all 3 papers from the same area, doing so would probably help focus your attention in a particular area and, consequently, lead you naturally to a project.

annotation- or spec-based analysis

1.
Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions (Best Paper) (PDF) , Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Appeared in: Proceedings of the 4th Symposium on Operating System Design and Implementation. Paper can be accessed in the middle of this page.
It discusses a set of small extensions that found roughly 500 bugs in Linux, OpenBSD, and the Xok exokernel. The extensions were usually less than 100 lines.

1.1
Modular Checking for Buffer Overflows in the Large. Brian Hackett, Manuvir Das, Daniel Wang, Zhe Yang. ICSE 2006.

2.
Static Detection of Dynamic Memory Errors. David Evans. SIGPLAN Conference on Programming Language Design and Implementation (PLDI '96). Philadelphia, PA, May 1996. More information about the tool LCLint described in the paper and its descendant, SPLINT, can be found here.

intent inference

3.
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code (PDF) Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. Appeared in: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, 2001. Paper can be accessed here.

4.
Jungloid Mining: Helping to Navigate the API Jungle. David Mandelin, Lin Xu, Rastislav Bod´ık, Doug Kimelman. PLDI'05.

4.1
Using Structural Context to Recommend Source Code Examples. Reid Holmes and Gail C. Murphy. ICSE'05.

5.
PR-Miner: Automatically Extracting Implicit Programming Rules and Detecting Violations in Large Software Code. Zhenmin Li and Yuanyuan Zhou. FSE'05.

code clones (detection, removal, error detection)

6.
CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code. Zhenmin Li, Shan Lu, Suvda Myagmar and Yuanyuan Zhou. OSDI'04.

7.
Using Slicing to Identify Duplication in Source Code. Raghavan Komondoor and Susan Horwitz. 2001.

8.
Clone Detection Using Abstract Syntax Trees. Ira D. Baxter et al. ICSM 1998.

9.
An Empirical Study of Code Clone Genealogies. Miryung Kim, Vibha Sazawal, David Notkin, Gail Murphy. FSE'05.

buffer overrun

10.
ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors. Yichen Xie, Andy Chou, and Dawson Engler. FSE'03.

11.
Backwards-compatible array bounds checking for C with very low overhead. Dinakar Dhurjati and Vikram Adve. Proceeding of the 28th international conference on Software engineering, 2006, Shanghai, China. Pages 162 - 171.

12.
Symbolic bounds analysis of pointers, array indices, and accessed memory regions. Radu Regina and Martin C. Rinard. ACM Transactions on Programming Languages and Systems, Vol. 27, No.2, March 2005, pages 185-235.

program dependences and applications

13.
Aspect: detecting bugs with abstract dependences. Daniel Jackson. ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 4, Issue 2, April 1995, pages 109-145.

14.
A new model of program dependences for reverse engineering. Daniel Jackson and Eugene J. Rollins. Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering, New Orleans, Louisiana, United States. Pages 2 - 10, 1994.

15.
A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance. ANDY PODGURSKI AND LORI A. CLARKE. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING. VOL. 16. NO. 9, SEPTEMBER 1990.

pointer analysis

Bjarne Steensgaard. Points-to analysis in almost linear time. POPL'96.

L. Anderson. Program analysis and specialization for the C programming language. PhD dissertation. Univeristy of Copenhagen. May 1994.

Donglin Liang et al. Evaluating the impact of context-sensitivity on Anderson's algorithm for Java programs. PASTE'05.

applications of automated theorem proving

analysis of exceptions