The below material consists of technical as well as popular-press articles to supplements the lessons.

• Lesson 1: Introduction to Software Analysis

  Part 1: Technical Papers

  1. What is soundness (in static analysis)? by Michael Hicks.
     Relates soundness/completeness in program analysis to precision/recall and discusses "soundiness".
  2. What is static program analysis? [talk] by Matthew Might.
     Explains why program analysis is undecidable and develops a static analysis to play with in Racket.

  Part 2: Casual Reading

  1. From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis, 2018.
     Describes experiences developing and deploying program analysis tools at Facebook.
  2. Lessons from Building Static Analysis Tools at Google, 2018.
     Describes experiences developing and deploying program analysis tools at Google.
  3. What Developers Want and Need from Program Analysis: An Empirical Study, 2016.
     One of the best empirical studies about program analysis.
  4. A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs, 2010.
     Describes experiences applying a commercial static analysis tool by Coverity to large C/C++ programs.
  5. Righting Software, 2004.
     Describes two generations of static analysis tools developed by Microsoft Research.

  Part 3: Tools and Frameworks

  1. The Worst Computer Bugs in History: The Ariane 5 Disaster.
     Describes famous software bugs including the Ariane Rocket Disaster from the lesson.
  2. The Coming Software Apocalypse.
     Overview of the state of software reliability problems and solutions to overcome them.

• Lesson 2: Introduction to Software Testing

  Part 1: Technical Papers

  1. Hints on Test Data Selection: Help for the Practicing Programmer.
     Original paper that introduced the idea of mutation testing.

  Part 2: Casual Reading

  1. Pex and Moles.
     Unit test generation tools in Visual Studio for .NET programs.
  2. A Theory of Predicate-Complete Test Coverage and Generation [slides].
     Introduces a new code coverage metric based on predicates.

  Part 3: Tools and Frameworks

• Lesson 3: Random Testing

  Part 1: Technical Papers

  1. A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs, ASPLOS 2010.
     Describes fuzz testing in Microsoft's Cuzz tool to find concurrency bugs.
  2. QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs, ICFP 2000.
     Describes fuzz testing in the QuickCheck tool to test properties of Haskell programs.
  3. Evaluating Fuzz Testing, CCS 2018.
     Describes flaws in past evaluations of fuzz testing and gives guidelines going forward. Blog post summary.

  Part 2: Casual Reading

  1. A Report on Random Testing, ICSE 1981.
     Original paper that introduced the idea of random testing.
  2. Webpage describing fuzz testing case studies (1988-2008) by Bart Miller of Univ. of Wisconsin.
     [study 1][study 2]
  3. Blog post by Google's Project Zero team.
     Fuzz testing popular web browsers' DOM engines.
  4. Syzkaller [talk] by the OpenBSD team.
     Talk describes the work of the OpenBSD team on using the syzkaller fuzzer to fuzz their kernel.

  Part 3: Tools and Frameworks

  1. Monkey for Android apps.
     Tool by Google
  2. TODO: Many more (AFL, BFF, etc.).
     

• Lesson 4: Automated Test Generation

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 5: Dataflow Analysis

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 6: Pointer Analysis

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 7: Constraint-Based Analysis

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 8: Type Systems

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 9: Statistical Debugging

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 10: Delta Debugging

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Lesson 11: Dynamic Symbolic Execution

  Part 1: Technical Papers

  1. .
     
  2. .
     

  Part 2: Casual Reading

  1. .
     
  2. .
     

  Part 3: Tools and Frameworks

  1. .
     
  2. .
     

• Model Checking

  Part 1: Technical Papers

  1. .
     

  Part 2: Casual Reading

  1. .
     

  Part 3: Tools and Frameworks

  1. .
     

• Differential Testing

  Part 1: Technical Papers

  1. .
     

  Part 2: Casual Reading

  1. .
     

  Part 3: Tools and Frameworks

  1. .
     

• Abstract Implementation

  Part 1: Technical Papers

  1. .
     

  Part 2: Casual Reading

  1. .
     

  Part 3: Tools and Frameworks

  1. .