CSC 2125F, Fall 2006

Tentative Reading List

Book

[NNH] F. Nielson, H. R. Nielson, C. Hankin. Principles of Program Analysis, second edition, 2005, Springer. Slides from the book are available here.

Abstract Interpretation

• [SchNotes] Slides from David Schmidt's course: part 1, part 2, part 3, part 4.
• [CC92] P. Cousot, R. Cousot. "Abstract Interpretation Frameworks". In Journal of Logic and Computation, 2(4), pp. 511-547, 1992.
• [C05] tutorial from VMCAI'05.
• [JS04] B. Jeannet, W. Serwe. "Abstracting Call-Stacks for Interprocedural Verification of Imperative Programs", Proceedings of AMAST'04, pp 258-273.
• [C00] Patrick Cousot. "Abstract Interpretation Based Formal Methods and Future Challenges".
• [BCCFMMMR03] B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Mine, D. Monniaux, X. Rival. "A Static Analyser for Lasrge Safety-Critical Software". In Proceedings of PLDI'03, pp. 196-207.

Widening

• [Hal06] N. Halbwachs. "Tutorial: On the Design of Widening Operators", in VMCAI'06.
• [BHZ04] R. Bagnara, P. Hill, E. Zaffanell. "Widening Operators for Powerset Domains", in Proceedings of VMCAI'04, pp. 135-148.
• [B93] F. Bourdoncle. "Efficient Chaotic Iteration Strategies with Widenings", in Proceedings of Formal Methods in Programming and their Applications, pp. 128-141, 193.
• [GP06] D. Gopan, T. Reps. "Lookahead Widening", in Proceedings of CAV'06, pp. 343-357.
• [BPR02] T. Ball, A. Podelski, S. Rajamani. "Relative Completeness of Abstraction Refinement for Software Model Checking". In Proceedings of TACAS'02, LNCS 2280, pp. 158-172, 2002.

Shape Analysis

• [STW02] S. Sagiv, T. Reps, R. Wilhelm. "Parametric Shape Analysis via 3-Valued Logic", in ACM TOPLAS, 24(3), pp. 217-298, 202. [Slides]

Program Semantics

• [Sch96] D. Schmidt. "Programming Language Semantics". In CRC Handbook of Computer Science, Allen Tucket, eg., 1996.

Data Flow Analysis

• [HCXE02] Hallem, Chelf, Xie, Engler. "A System and Language for Building System-Specific Static Analyses". In Proceedings of PLDI'02, pp. 69-82.
• [DLS02] Das, Lerner, Seigle. "ESP: Path-Sensitive Program Verification in Polynomial Time". In Proceedings of PLDI'02, pp. 57-68.
• [CFRWZ91] Cytron, Ferrante, Rosen, Wegman, and Zadeck. "Efficiently Computing Static Single Assignment Form and the Control Dependence Graph". In ACM TOPLAS, Vol. 13, No. 4, October 1991, pp. 451-490.
• [Sch98] D. Schmidt and B. Steffen. "Program Analysis as Model Checking of Abstract Interpretation", in Proceedings of SAS'98.

Interprocedural Program Analysis

• [SP81] M. Sharir and A. Pnueli. In Program Flow Analysis: Theory and Applications, edited by N.D.Jones and S.S. Muchnick, 1981.
• [RHS05] T. Reps, S. Horwitz, S. Sagiv. "Precise Interprocedural Dataflow Analysis via Graph Reachability", in Proceedings of POPL'05, pp. 49-61, 1995.
• [BR00] T. Ball, S. Rajamani. "Bebop: A Symbolic Model Checker for Boolean Programs", in Proceedings of SPIN'00, pp. 113-130.
• [BR01] T. Ball, S. Rajamani. "Bebop: A Path-Sensitive Interprocedural Dataflow Engine", in Proceedings of PASTE'01, pp. 97-103.

Spec#

• [BDFLS04] M. Barnett, R. DeLine, M. Fahndrich, R. Leino, W. Schulte. "Verification of Object-Oriented Programs with Invariants". In Journal of Object Technology, 3(6), pp. 27-56, 2004.
• [JPLS05] B. Jacobs, F. Piessens, R. Leino, W. Schulte. "Safe Concurrency for Aggregate Objects with Invariants", in SEFM 2005, pp. 137-147.
• [Sch06] W. Schulte. Spec# Tutorial (at FM and Marktoberdorf), 2006. [part 1] [part 2] [part 3] [part 4] [part 5]

Type Systems and Type Checking

• [C04] Luca Cardelli. "Type Systems". In CRC Handbook of Computer Science and Engineering, 2nd edition, 2004.
• [PCh5] Benjamine Pierce. Types and Programming Languages. MIT Press, 2002. Chapter 5.
• [NCW02] G. Necula, S. McPeak, W. Weimer. CCured: Type-Safe Retrofitting of Legacy Code, in Proceedings of POPL 2002.
• [FTA02] J. Foster, T. Terauchi, A. Aiken. Flow-Sensitive Type Qualifiers, in Proceedings of PLDI 2002.
• [DF01] R. DeLine, M. Fahndrich. Enforcing High-Level Protocols in Low-Level Software, in Proceedings of PLDI 2001.

Slicing

• [Tip95] F. Tip. "A Survey of Program Slicing Techniques". Journal of Programming Languages, 1995.
• [RABDH05] V. Ranganath, T. Amtoft, A. Banarjee, M. Dwyer, J. Hatcliff. "A New Foundation for Control-Dependence for Slicing of Modern Program Structures". In Proceedings of ESOP 2005.
• [ZGG06] X. Zhang, N. Gupta, R. Gupta. "Locating Faults Through Automated Predicate Switching". In Proceedings of ICSE'06.

Axiomatic Semantics

• [D75] E. Dijkstra. "Guarded Commands, Nondeterminacy and Formal Derivation of Programs", CACM, Vol. 18, Issue 8, pp. 453-457, August 1975.
• [H69] C.A.R. Hoare. "An Axiomatic Basis for Computer Programming". In Communicatios of the ACM, 12(10), pp. 576-585, October 1969. Wikipedia entry.
• [NN] Section 6.2 of Nelson and Nelson, "Semantics with Applications".
• [Necula07] George Necula's slides on axiomatic semantics: lecture, handout

Tools

• [J04] bddbddb. Described in J. Whaley, M. Lam. "Cloning-Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams", in Proceedings of PLDI'04. POPL'06 tutorial.