Software Analysis and Optimization Laboratory

Sapienza University of Rome

Honors Program

The Honors Programs of the B.Sc. and M.Sc. in Computer Science and Engineering in Computer Science of Sapienza University of Rome offer their students personalized activities designed to exploit their curiosity and creativity, enabling them to deepen and broaden their knowledge in a range of areas in computing. Our group involves outstanding students in research activities and organizes a series of informal seminars devoted to cool topics in program analysis with applications to computer security, performance, and reliability.



alt text alt text alt text alt text
Cristian Assaiante Pietro Borrello Matteo Marini Anxhelo Xhebraj


alt text alt text alt text alt text alt text
Cristian Assaiante Pietro Borrello Luca Borzacchiello Federico Palmaro Andrea Salvati


alt text alt text alt text alt text alt text
Pietro Borrello Luca Borzacchiello Mattia Nicolella Pietro Spadaccino Andrea Tulimiero


alt text alt text alt text alt text
Pietro Borrello Luca Borzacchiello Leonardo Di Paolantonio Andrea Mastropietro
alt text alt text    
Eric Stefan Miele Davide Spallaccini    

Seminar calendar

Date Time Venue Speaker Title Slide
September 18, 2017 14.30 - 15.30 A6 Leonardo Di Paolantonio Return-oriented Programming  
March 7, 2016 9.30 - 11.00 B203 Emilio Coppa Malware Analysis [PDF]
April 4, 2016 9.30 - 11.00 B203 Emilio Coppa Malware Analysis [PDF]
April 12, 2016 14:00 - 15:30 B203 Emilio Coppa Symbolic Execution [PDF]
April 28, 2016 10:30 - 12:00 A3 Camil Demetrescu Operational Semantics (part I)
May 5, 2016 11:00 - 12:30 B203 Camil Demetrescu Operational Semantics (part II)
May 19, 2016 12:00 - 12:55 Aula Magna Brendan Dolan-Gavitt LAVA: Large-scale Automated Vulnerability Addition [PDF]
May 26, 2016 11:00 - 12:30 B203 Irene Finocchi Big-Data Programming in MapReduce [PDF]


  • Big Data Systems:
    • [MAPREDUCE] J. Dean & S. Ghemawat. MapReduce: simplified data processing on large clusters. Communications of the ACM, 51(1), 2008.
    • [HADOOP] Tom White. Hadoop: The Definitive Guide - Storage and Analysis at Internet Scale (4th Edition). O’Reilly Media, March 2015, pp. 756
  • Malware Analysis:
    • [PMAL] Michael Sikorski and Andrew Honig. Practical Malware Analysis: the Hands-On Guide to Dissecting Malicious Software. 2012. [PDF]
    • Seminar slides [PDF]
    • [ANGR-NDSS15] Y. Shoshitaishvili, R. Wang, C. Hauser, C. Kruegel, G. Vigna. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. NDSS 2015. [PDF] [Software]
  • Program Analysis:
    • [PPA] Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer, 1999. [DOI]
  • Symbolic Execution:
    • [BCDDF-TR16] Roberto Baldoni, Emilio Coppa, Daniele Cono D’Elia, Camil Demetrescu, Irene Finocchi. A Survey of Symbolic Execution Techniques. Technical report arXiv, 2016. [PDF]
  • Buffer Overflow:
    • Brian Hackett, Manuvir Das, Daniel Wang, and Zhe Yang. Modular checking for buffer overflows in the large. ICSE 2006. [PDF] [DOI]
  • Data Flow Analysis:
    • Chapter 2 of [PPA]
    • Dataflow Analysis Introduction. Stanford CS243 [PDF]
    • [CPTT] Chapter 9. Compilers: Principles, Techniques, & Tools (Second Edition), Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman, Addison-Wesley, 2007. [PDF]
  • Call Graph Analysis:
    • [GPROF-PLDI79] Susan L. Graham, Peter B. Kessler, and Marshall K. Mckusick. 1982. Gprof: A call graph execution profiler. In Proceedings of the 1982 SIGPLAN symposium on Compiler construction (SIGPLAN ‘82). [PDF] [PDF]
    • [CCT-PLDI97] Glenn Ammons, Thomas Ball, and James R. Larus. Exploiting hardware performance counters with flow and context sensitive profiling. PLDI 1997 [PDF] [DOI]
  • Taint analysis:
    • [TAINTCHECK-NDSS05] Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. NDSS 2005. [PDF]
    • [BK-OOPSLA14] Jonathan Bell and Gail Kaiser. 2014. Phosphor: illuminating dynamic data flow in commodity JVMs. OOPSLA 2014. [PDF] [DOI]
    • Jonathan Salwan. Taint analysis and pattern matching with Pin. [URL]
    • Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). IEEE SP 2010.[PDF] [DOI]
  • Program slicing
    • Frank Tip. A survey of program slicing techniques. Journal of Programming Languages. [PDF]
  • Program instrumentation:
    • [VALGRIND-PLDI07] Nicholas Nethercote and Julian Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. PLDI 2007. [PDF] [DOI]
    • [PIN-PLDI05] Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. PLDI 2005 [PDF] [DOI]
  • Value Set Analysis (VSA):
    • [WYSINWYX-TOPLAS10] Gogul Balakrishnan and Thomas Reps. WYSINWYX: What You See is Not What You eXecute. TOPLAS 2010. [PDF] [DOI]