> Literature references and annotations by Dick Grune,
Last update: Wed Mar 21 12:38:57 2012.

These references and annotations were originally intended for personal use and are presented here only in the hope that they may be useful to others. There is no claim to completeness or even correctness. Each annotation represents my understanding of the text at the moment I wrote the annotation.
> No guarantees given; comments and content criticism welcome.

* Tobias Klein, A Bug Hunter's Diary, No Starch Press, San Francisco, 2011, pp. 212.
Almost exactly what the title says: 7 reports of finding, exploiting and reporting bugs in famous pieces of commercial software, for example Sun Solaris, the FFmpeg multimedia library, and Active X. Each report consists of four parts: how the bug was smoked out, how it was exploited to gain kernel mode control of the machine, how it was remedied, and what lessons were learned.
     To someone who is more interested in preventing the bugs from creeping in in the first place the book gives plenty of insight too. Lessons learned: 1. almost all bugs are memory abuse; 2. check all incoming date; 3. beware of implicit data conversions and casts. Appendix A gives extensive bug hunting tips, and by holding them to a mirror they turn into bug prevention tips.
     Small gripe: it is a pity that the time lines are not to scale.

* Peter Fritzson, Tibor Gyimothy, Mariam Kamkar, Nahid Shahmehri, Generalized algorithmic debugging and testing, in ACM SIGPLAN '91 Conf. Programming Language Design and Implementation, ACM SIGPLAN Notices, vol. 26, #6, June 1991, pp. 317-326.
A system is described in which the programmer is led to the bug by repeatedly answering questions about the correctness of procedure returns and variables.