Reading List
CS 590Z: Software Defect Analysis

1. Input Analysis
   • Andreas Zeller, R. Hildebrandt,
     ``Simplifying and Isolating Failure-Inducing Input,''
     TSE, 2002.

   • G. Misherghi, Z. Su
     ``HDD: hierarchical delta debugging,''
     ICSE, 2006.

   • X. Zhang, S. Tallam, and R. Gupta,
     ``Dynamic Slicing Long Running Programs through Execution Fast Forwarding,''
     FSE, November 2006.

   • W. Cui, J. Kannan, H. Wang
     ``Discoverer : Automatic Protocol Reverse Engineering ''
     USENIX Security Symposium, 2007.

   • 
     ``Protocol''
     CCS, 2007.

   • Z. Su, G. Wassermann
     ``The Essence of Command Injection Attacks in Web Applications,''
     POPL, pages 412-421, 2006.

2. Concurrent Debugging
   • S. Savage, M. Burrow, G. Nelson, P. Sobalvarro, and T. Anderson
     ``Eraser: A Dynamic Data Race Detector for Multithreaded Programs ''
     TCS, 1997.

   • Elmas, T., Qadeer, S., and Tasiran, S.
     ``Goldilocks: a race and transaction-aware java runtime,''
     PLDI, 2007.

   • R. O'Callahan and J. Choi
     ``Hybrid Dynamic Data Race Detection,''
     PPoPP, 2003.

   • M. Xu, R. Bodik, and M. Hill,
     ``A Flight Data Recorder for Enabling Full-System Multiprocessor Deterministic Replay,''
     ISCA, pages 122-133, 2003.

   • S. Narayanasamy, G. Pokam, and B. Calder,
     ``BugNet: Continuously Recording Program Execution for Determinitic Replay Debugging,''
     ISCA, pages 284-295, 2005.

   • S. Narayanasamy, C. Pereira, and B. Calder,
     ``Recording Shared Memory Dependences Using Strata,''
     ASPLOS, 2006.

   • C. Flanagan and F.N.Freund
     ``Type-based race detection for Java,''
     PLDI, 2000.

   • C. Flanagan and S. N. Freund
     ``Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs,''
     POPL, 2004.

   • L. Wang and S. Stoller
     ``Static analysis of atomicity for programs with non-blocking synchronization,''
     PPOPP, 2005.

   • M.Xu, R.Bodik and M.D.Hill
     ``A serializability violation detector for shared-memory server programs,''
     PLDI, 2005.

   • S. Lu, J. Tucek, F. Qin, and Y. Zhou,
     ``AVIO: detecting atomicity violations via access interleaving invariants,''
     ASPLOS, 2006.

   • R. Tzoref, S. Ur and E. Yom-Tov
     ``Instrumenting Where it Hurts¡ªAn Automatic Concurrent Debugging Technique,''
     ISSTA, 2007.

3. Statistical Debugging -
   • B. Liblit, M. Naik, A.X. Zheng, A. Aiken, M.I. Jordan,
     ``Scalable Statistical Bug Isolation,''
     PLDI, pages 15-26, 2005.

   • Chao Liu, Xifeng Yan, Long Fei, Jiawei Han and Samuel Midkiff
     ``SOBER: Statistical Model-based Bug Localization,''
     FSE, pages 308-323, 2005.

   • J. A. Jones and M. J. Harrold
     ``Empirical evaluation of the tarantula automatic fault-localization technique,''
     ASE 2005.

   • Chao Liu and Jiawei Han
     ``Failure Proximity: A Fault Localization-Based Approach,''
     FSE, pages 382-393, 2006.

   • Podgurski, A., Leon, D., Francis, P., Masri, W., Minch, M., Sun, J., and Wang, B.
     ``Automated support for classifying software failure reports,''
     ICSE, 2003.

   • Jones, J. A., Harrold, M. J., and Bowring, J. F.
     ``Debugging in Parallel,''
     ISSTA, 2007.

4. Failure Oblivious Computing
   • M.C. Rinard, C. Cadar, D. Dumitran, D.M. Roy, T. Leu, and W.S. Beebee,
     ``Enhancing Server Availability and Security Through Failure-Oblivious Computing,''
     OSDI, pages 303-316, 2004.

   • F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou,
     ``Rx: Treating Bugs as Allergies - A Safe Method to Survive Software Failures,''
     SOSP, pages 235-248, 2005.

   • B. Demsky and M.C. Rinard,
     ``Data Structure Repair Using Goal-directed Reasoning,''
     ICSE, pages 176-185, 2005.

   • A. Michail, T Xie,
     ``Helping Users Avoid Bugs in GUI Applications,''
     ICSE, 2005.

5. Advanced Debuggers
   • Sanjay Bhansali, Wen-Ke Chen, Stuart De Jong, Andrew Edwards, and Milenko Drinic
     ``Framework for Instruction-level Tracing and Analysis of Programs,''
     VEE, 2006.

   • R. O'Callahan,
     ``Efficient Collection And Storage Of Indexed Program Traces,''
     Unpublished Manuscript, 2007.

   • Raimondas Lencevicius, Urs Holzle, Ambuj K. Singh,
     ``Dynamic Query-Based Debugging,''
     ECOOP, 1999.

   • S. Goldsmith, R. O'Callahan, and A. Aiken,
     
     `` Relational queries over program traces,''
     OOPSLA, 2005.

   • M. Martin, B. Livshits, and M. Lam
     
     ``Finding application errors and security flaws using PQL: a program query language,''
     OOPSLA, 2005.

6. Ultimate Debugging
   • Lin Tan, Ding Yuan, Gopal Krishna and Yuanyuan Zhou.
     ``iComment: Bugs or Bad Comments?''
     SOSP, 2007.

   • Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou
     ``Triage: Diagnosing Production Run Failures at the User's Site''
     SOSP, 2007.

7. Static Bug Finding
   • D. Engler, D.Y. Chen, S. Hallem, A. Chou, and B. Chelf
     ``Bugs as deviant behavior: a general approach to inferring errors in systems code,''
     SOSP, 2001.

   • Y. Xie and A Aiken
     ``Saturn: A scalable framework for error detection using Boolean satisfiability,''
     TOPLAS, 2007.

   • Z. Li, S. Lu, S. Myagmar, and Y. Zhou,
     ``CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code,''
     OSDI, 2004.

   • Zhenmin Li and Yuanyuan Zhou,
     ``PR-Miner: Automatically Extracting Implicit Programming Rules and Detecting Violations in Large Software Code,''
     FSE, 2005.

   • Lingxiao Jiang and Zhendong Su
     
     ``Osprey: A Practical Type System for Validating Dimensional Unit Correctness of C Programs,''
     ICSE, 2006.

8. Test Generation
   • B. Korel,
     ``Automated Software Test Data Generation,''
     TSE, 1990.

   • Patrice Godefroid, Nils Klarlund, and Koushik Sen,
     ``DART: Directed Automated Random Testing,''
     PLDI, 2005.
     Koushik Sen, Darko Marinov, and Gul Agha,
     ``CUTE: A Concolic Unit Testing Engine for C,''
     FSE, 2005.

   • Patrice Godefroid
     ``Compositional Dynamic Test Generation,''
     POPL, 2007.

   • P. Godefroid, M. Y. Levin, and D. Molnar
     ``Automated Whitebox Fuzz Testing,''
     MS-Tech Report, 2007.

   • Cadar, C., Ganesh, V., Pawlowski, P. M., Dill, D. L., and Engler, D. R.
     ``EXE: automatically generating inputs of death.''
     CCS, 2007.

   • Atif M. Memon, Martha E. Pollack, and Mary Lou Soffa
     ``Using a Goal-driven Approach to Generate Test Cases for GUIs,''
     ICSE, 1999.
9. Matching Program Versions
   • X. Zhang and R. Gupta,
     
     ``Matching Execution Histories of Program Versions,''
     ESEC-FSE, pages 197-206, September 2005.

   • M.K. Ramanathan, A. Grama, and S. Jagannathan,
     
     ``Sieve: A Tool for Automatically Detecting Variations Across Program Versions,''
     ASE, 2006.

   • V. Nagarajan, R. Gupta, et al.
     
     ``Matching Control Flow of Program Versions,''
     ICSM, 2007.

   • L. Jiang, G. Misherghi, Z. Su, and S. Glondu
     
     `` DECKARD: Scalable and Accurate Tree-Based Detection of Code Clones''
     ICSE, 2007.

   • T. Apiwattanapong, A. Orso, M. J. Harrold
     
     ``A Differencing Algorithm for Object-Oriented Programs,''
     ASE, 2004.

   • R. Komondoor and S. Horwitz
     
     `Using Slicing to identify duplication in source code,''
     SAS, 2001.

   • L. Jiang, Z. Su, and E. Chiu
     
     ``Context-Based Detection of Clone-Related Bugs,''
     FSE, 2007.

   • S. Schleimer, D.S. Wilkerson, and A. Aiken
     
     ``Winnowing, Local Algorithms for Document Fingerprinting''
     SIGMOD, 2003.

10. Execution Alignment
    • X. Zhang, T. Sriram, N. Gupta and R. Gupta
      
      ``Towards Capturing Execution Omission Errors''
      PLDI 2007.

    • B. Xin and X. Zhang
      
      ``Efficient Online Detection of Dynamic Control Dependence''
      ISSTA 2007.