Must Read

• Mythical man-month, Fred Brookes.

Diatribes

• Systems Software Research is Irrelevant, Rob Pike

Security and Hacking

• Why Cryptosystems Fail
• Phrack Magazine
• Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, J. Pincus and B. Baker. In IEEE Security and Privacy, 2004.
• Insecure.org

Empirical Analysis of Code Development

• An empirical study of operating systems errors, A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. In SOSP, 2001.
• DynaMine: Finding Common Error Patterns by Mining Software Revision Histories, B. Livshits and T. Zimmermann, ACM FSE 2005.

Dynamic Techniques

• DieHard: Probabilistic Memory Safety for Unsafe Languages, E. Berger and G. G. Zorn, PLDI 2006.
• Finding Application Errors and Security Flaws using PQL: a program query language, M. Martin, B. Livshits and M. S. Lam, OOPSLA 05.
• Tracking Down Software Bugs Using Automatic Anomaly Detection, S. Hangal and M. S. Lam, ICSE 2002.
• Bug Isolation in an Imperfect World Scalable Statistical Bug Isolation, B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan, PLDI 2005.

Tolerating Errors

• Automatic Detection and Repair of Errors in Data Structures, B. Demsky and M. Rinard, OOPSLA 2003.
• Enhancing Server Availability and Securtity Through Failure-Oblivious Computing, M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and W. S. Beebee, Jr., OSDI 04

Static Techniques

• Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code, D. Engler, D. Y. Chen, S. Hallem, A. Chou, B. Chelf, SOSP 2001.
• A System and Language for Building System-Specific, Static Analyses, S. Hallem, B. Chelf, Y. Xie, D. Engler, PLDI 2002
• From Uncertainty to Belief: Inferring the Specification Within, T. Kremenek, P. Twohey, G. Back, A. Y. Ng and D. Engler, OSDI 2006.
• Finding Security Vulnerabilities in Java Applications with Static Analysis, V. B. Livshits and M. S. Lam, Usenix Security 05.
• A Practical Flow-Sensitive and Context-Sensitive C and C++ Memory Leak Detector, D. Heine and M. S. Lam, PLDI 03.
• Static Detection of Leaks in Polymorphic Containers, D. Heine and M. S. Lam, ICSE 06.
• PSE: explaining program failures via postmortem static analysis, R. Manevich, M. Sridharan, S. Adams, M. Das, Z. Yang, FSE 2004
• Static Detection of Security Vulnerabilities in Scripting Languages, Y. Xie and A. Aiken, USENIX Security 2006

Software Failure

• Ariane 5, Flight 501 Failure, J. L. Lyons
• Medical Devices: The Therac-25, N. Leveson, Software: System Safety and Computers.

Design

• End-to-end Arguments in System Design, J.H. Saltzer, D.P. Reed, D.D. Clark, ACM TOCS, 1984.
• Threads and Input/Output in the Synthesis Kernel, H. Massalin and C. Pu, SOSP 98.
• Programming as Experience: The Inspiration for Self, R. B. Smith and D. Ungar, Ecoop '95