Bibliography

ASU86: Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullmann.
Compilers: Principles, Techniques, and Tools.
Addison-Wesley, 1986.
CFR$^+$91: Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck.
Efficiently computing static single assignment form and the control dependence graph.
ACM Transactions on Programming Languages and Systems, 13(4):451-490, October 1991.
CJ03: M. Christodorescu and S. Jha.
Static analysis of executables to detect malicious patterns, 2003.
CM04: Brian Chess and Gary McGraw.
Static analysis for security.
IEEE Security and Privacy, 2(6):76-79, 2004.
CW02: Hao Chen and David Wagner.
Mops: an infrastructure for examining security properties of software.
In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security, pages 235-244, New York, NY, USA, 2002. ACM Press.
DCCN04: Matthew B. Dwyer, Lori A. Clarke, Jamieson M. Cobleigh, and Gleb Naumovich.
Flow analysis for verifying properties of concurrent software systems.
ACM Trans. Softw. Eng. Methodol., 13(4):359-430, 2004.
DLS02: Manuvir Das, Sorin Lerner, and Mark Seigle.
Esp: path-sensitive program verification in polynomial time.
In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, pages 57-68, New York, NY, USA, 2002. ACM Press.
ECH$^+$01: Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf.
Bugs as deviant behavior: a general approach to inferring errors in systems code.
In SOSP '01: Proceedings of the eighteenth ACM symposium on Operating systems principles, pages 57-72, New York, NY, USA, 2001. ACM Press.
GJC$^+$03: V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek.
Buffer overrun detection using linear programming and static analysis, 2003.
Hin01: Michael Hind.
Pointer analysis: Haven't we solved this problem yet?
In PASTE '01: 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pages 54 - 61, Snowbird, UT, USA, 2001. ACM Press.
HJ94: Nevin Heintze and Joxan Jaffar.
Set constraints and set-based analysis.
In PPCP '94: Proceedings of the Second International Workshop on Principles and Practice of Constraint Programming, pages 281-298, London, UK, 1994. Springer-Verlag.
HP: David Hovemeyer and William Pugh.
Finding concurrency bugs in java.
HP04: David Hovemeyer and William Pugh.
Finding bugs is easy.
SIGPLAN Not., 39(12):92-106, 2004.
HSP06: David Hovemeyer, Jaime Spacco, and William Pugh.
Evaluating and tuning a static analysis to find null pointer bugs.
SIGSOFT Softw. Eng. Notes, 31(1):13-19, 2006.
LL05: V. Livshits and M. Lam.
Finding security vulnerabilities in java applications with static analysis, 2005.
LRY$^+$04: Yanhong A. Liu, Tom Rothamel, Fuxiang Yu, Scott Stoller, and Nanjun Hu.
Parametric regular path queries.
In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, pages 219-230, Washington, DC, jun 2004. ACM.
Muc97: Steven S. Muchnick.
Advanced Compiler Design and Implementation.
Morgan Kaufmann Publishers, San Francisco, 1997.
NHH99: Flemming Nielson, Hanne Riis Hielson, and Chris Hankin.
Principles of Program Analysis.
Springer Verlag, 1999.
OO92: Kurt M. Olender and Leon J. Osterweil.
Interprocedural static analysis of sequencing constraints.
ACM Trans. Softw. Eng. Methodol., 1(1):21-52, 1992.
PS07: Erhard Plödereder and Stefan Staiger.
Skript zur Vorlesung Compilerbau und Programmanalysen.
Stuttgart, 2007.
Sch98: David A. Schmidt.
Data flow analysis is model checking of abstract interpretations.
In POPL '98: Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 38-48, New York, NY, USA, 1998. ACM Press.
STFW01: Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner.
Detecting format string vulnerabilities with type qualifiers.
In Proceedings of the 10th USENIX Security Symposium, August 2001.
WFBA00: David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken.
A first step towards automated detection of buffer overrun vulnerabilities.
In Network and Distributed System Security Symposium, pages 3-17, San Diego, CA, February 2000.

Gunther Vogel 2007-07-19