View Source

* CSE 6324 - Advanced Topics in Software Engineering (Spring 2015)
* Section 001

h2. Class Meetings

* Time: Monday and Wednesday, 4 pm - 5:20 pm
* Location: ERB 103 (in the [Engineering Research Building|http://www.uta.edu/maps/map?id=ERB])


h2. Instructor

* [Christoph Csallner|http://ranger.uta.edu/~csallner/index.html]
* Office: ERB 554 (in the [Engineering Research Building|http://www.uta.edu/maps/map?id=ERB])
* Office hours: Monday and Wednesday, 2:45 pm - 3:45 pm
* Office phone: 817-272-3334
* Email: [mailto:csallner@uta.edu]


h2. TA
* [Zhongwei Li|http://barbie.uta.edu/zhongwei-li/]
* Office: ERB 513 (in the [Engineering Research Building|http://www.uta.edu/maps/map?id=ERB])
* Office hours: Tuesday and Thursday, 9:00 am - 10:30AM am
* Email: [mailto:zhongwei.li@mavs.uta.edu]


h2. Syllabus

[^syllabus.pdf]


h2. Topic: Program Analysis

This course is a hands-on introduction to automatic program analysis. Automatic program analysis has many applications such as the following.

* Coding Duels: [Pex for fun|http://www.pexforfun.com/], [Code Hunt|https://www.codehunt.com/]
* Compilers: [GCC|http://gcc.gnu.org/], [LLVM|http://llvm.org/]
* Virtual machines: .Net, [Java VM|http://docs.oracle.com/javase/specs/]
* Integrated development environments: [Visual Studio|http://www.visualstudio.com/], [Eclipse|http://www.eclipse.org/]
* Program understanding and re-engineering tools
* Automatic bug finding and and verification: [FindBugs|http://findbugs.sourceforge.net/], [Static Driver Verifier|http://msdn.microsoft.com/en-us/windows/hardware/gg487498.aspx], [Pex|http://research.microsoft.com/en-us/projects/pex/]
* Security analysis: NIST maintains a [list of source code security analyzers|http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html]

h2. Timeline

* All deadlines are Monday 9 am.


{table-plus}
|| Day || Tentative Class Topic || Deadline ||
| 1/21 | Overview, syllabus | |
| 1/26 | Writing Center | Form teams |
| 1/28 | Basic concepts | |
| 2/02 | Basic concepts | |
| 2/04 | Swetha & Padmashri: [Feedback-directed random test generation|http://dl.acm.org/citation.cfm?id=1248841] | |
| 2/09 | *Presentation, feedback* | Inception |
| 2/11 | Veena & Srujana: [Finding bugs is easy|http://dl.acm.org/citation.cfm?id=1052895] | |
| 2/16 | Venkata & Sneha: [Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories|http://dl.acm.org/citation.cfm?id=2486844] | Review inception |
| 2/18 | *Quiz*, Peidong: [How do professional developers comprehend software?|http://dl.acm.org/citation.cfm?id=2337254] | |
| 2/23 | *UTA closed* | |
| 2/25 | Urwish & Suraj: [Data clone detection and visualization in spreadsheets|http://dl.acm.org/citation.cfm?id=2486827] | |
| 3/02 | *Presentation, feedback* | Iteration 1 |
| 3/04 | Vishwarath & Sri: [Return-Oriented Programming: Systems, Languages, and Applications|http://dl.acm.org/citation.cfm?id=2133377] | |
| 3/09 | *Spring Vacation* | |
| 3/11 | *Spring Vacation* | |
| 3/16 | Jagadish & Sandeep: [Reducing Human Effort and Improving Quality in Peer Code Reviews using Automatic Static Analysis and Reviewer Recommendation​|http://dl.acm.org/citation.cfm?id=2486915] | Review iteration 1 |
| 3/18 | *Quiz*, Nikitha & Ruchi: [An Orchestrated Survey on Automated Software Test Case Generation|http://cs.stanford.edu/people/saswat/research/ASTJSS.pdf] | |
| 3/23 | Samuel & Sneha: [Automated Whitebox Fuzz Testing|http://research.microsoft.com/en-us/um/people/pg/public_psfiles/ndss2008.pdf] | Homework 1 |
| 3/25 | Yixiao & Rajsagar: [Program slicing|http://dl.acm.org/citation.cfm?id=802557] | |
| 3/30 | *Presentation, feedback* -- Code walkthrough | Iteration 2 |
| 4/01 | Sagarkumar & Dhruv: [Residual Investigation: Predictive and Precise Bug Detection|http://dl.acm.org/citation.cfm?id=2656201] | |
| 4/06 | Bumi & Lasya: [Automated Concolic Testing of Smartphone Apps|http://dl.acm.org/citation.cfm?id=2393666] | Review iteration 2 |
| 4/08 | *Quiz*, Fuqiang: [Moving Fast with Software Veri fication|https://research.facebook.com/publications/422671501231772/moving-fast-with-software-verification/] | |
| 4/13 | Abhinav & Nikhil: [Automatic Program Repair with Evolutionary Computation|http://dl.acm.org/citation.cfm?id=1735249], [A Critical Review of "Automatic Patch Generation Learned from Human-Written Patches"|http://dl.acm.org/citation.cfm?id=2568324], [A Genetic Programming Approach to Automated Software Repair|http://dl.acm.org/citation.cfm?id=1570031] | Homework 2 |
| 4/15 | Dongdong & Vivek: [TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones|http://static.usenix.org/events/osdi10/tech/full_papers/Enck.pdf] | |
| 4/20 | *Presentation, feedback* -- Code walkthrough | Iteration 3 |
| 4/22 | *Presentation, feedback* -- Code walkthrough | |
| 4/27 | Sagar & Yash: [Korat: automated testing based on Java predicates|http://portal.acm.org/citation.cfm?id=566191] | Review iteration 3 |
| 4/29 | *Quiz*, Qicheng: [Finding and Understanding Bugs in C Compilers|http://dl.acm.org/citation.cfm?id=1993532], [Student Feedback Day|http://www.uta.edu/ier/Surveys/sfs/students.php] | |
| 5/04 | *Final presentation* | Final deliverables |
| 5/06 | *Final presentation* | |
{table-plus}

[University Academic Calendar|http://www.uta.edu/uta/acadcal.php?session=20151]


h5. Example papers

(1) = Should be presented by a single presenter

* [Ironclad Apps: End-to-End Security via Automated Full-System Verification|https://www.usenix.org/conference/osdi14/technical-sessions/presentation/hawblitzel]
* [Dynamically discovering likely program invariants to support program evolution|http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=908957]
* [Discovering likely method specifications|http://research.microsoft.com/apps/pubs/default.aspx?id=77407]
* [Abstracting Runtime Heaps for Program Understanding|http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6331492]
* [Strictly Declarative Specification of Sophisticated Points-to Analyses|http://dl.acm.org/citation.cfm?id=1640108]
* [Ether: Malware analysis via hardware virtualization extensions|http://dl.acm.org/citation.cfm?id=1455779]
* [Continuous, Low Overhead, Run-Time Validation of Program Executions|http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7011391]
* [A trace-based framework for analyzing and synthesizing educational progressions|http://dl.acm.org/citation.cfm?id=2470764]
* [Automated Synthesis of Symbolic Instruction Encodings from I/O Samples|http://dl.acm.org/citation.cfm?id=2254116]
* [All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)|http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5504796]
* [Billions and Billions of Constraints: Whitebox Fuzz Testing in Production|http://dl.acm.org/citation.cfm?id=2486805] (1)
* TODO: Other papers suggested by you

h2. Resources

h5. Java

* [Language + virtual machine specifications|http://docs.oracle.com/javase/specs/]
* [Eclipse IDE|http://www.eclipse.org/]

h5. Android

* [What is Android?|http://developer.android.com/about/index.html]
* Android virtual machine (Dalvik): [Bytecode|https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html]
* [Android Studio IDE|http://developer.android.com/sdk/installing/studio.html]

h5. C#

* [Language specification|http://msdn.microsoft.com/en-us/library/ms228593.aspx]
* [Virtual machine specification|http://www.ecma-international.org/publications/standards/Ecma-335.htm]
* [Visual Studio IDE|http://www.visualstudio.com/]

h5. TouchDevelop

* [Language specification, tutorials, videos, etc.|https://www.touchdevelop.com/]
* [Research papers, etc.|http://research.microsoft.com/en-us/projects/touchdevelop/default.aspx]

h5. TypeScript

* [Playground|http://www.typescriptlang.org/Playground]
* [Language specification|http://www.typescriptlang.org/Content/TypeScript%20Language%20Specification.pdf]