@inbook{45888,
  author       = {{Wehrheim, Heike and Platzner, Marco and Bodden, Eric and Schubert, Philipp  and Pauck, Felix and Jakobs, Marie-Christine}},
  booktitle    = {{On-The-Fly Computing -- Individualized IT-services in dynamic markets}},
  editor       = {{Haake, Claus-Jochen and Meyer auf der Heide, Friedhelm and Platzner, Marco and Wachsmuth, Henning and Wehrheim, Heike}},
  pages        = {{125--144}},
  publisher    = {{Heinz Nixdorf Institut, Universität Paderborn}},
  title        = {{{Verifying Software and Reconfigurable Hardware Services}}},
  doi          = {{10.5281/zenodo.8068583}},
  volume       = {{412}},
  year         = {{2023}},
}

@book{45863,
  abstract     = {{In the proposal for our CRC in 2011, we formulated a vision of markets for
IT services that describes an approach to the provision of such services
that was novel at that time and, to a large extent, remains so today:
„Our vision of on-the-fly computing is that of IT services individually and
automatically configured and brought to execution from flexibly combinable
services traded on markets. At the same time, we aim at organizing
markets whose participants maintain a lively market of services through
appropriate entrepreneurial actions.“
Over the last 12 years, we have developed methods and techniques to
address problems critical to the convenient, efficient, and secure use of
on-the-fly computing. Among other things, we have made the description
of services more convenient by allowing natural language input,
increased the quality of configured services through (natural language)
interaction and more efficient configuration processes and analysis
procedures, made the quality of (the products of) providers in the
marketplace transparent through reputation systems, and increased the
resource efficiency of execution through reconfigurable heterogeneous
computing nodes and an integrated treatment of service description and
configuration. We have also developed network infrastructures that have
a high degree of adaptivity, scalability, efficiency, and reliability, and
provide cryptographic guarantees of anonymity and security for market
participants and their products and services.
To demonstrate the pervasiveness of the OTF computing approach, we
have implemented a proof-of-concept for OTF computing that can run
typical scenarios of an OTF market. We illustrated the approach using
a cutting-edge application scenario – automated machine learning (AutoML).
Finally, we have been pushing our work for the perpetuation of
On-The-Fly Computing beyond the SFB and sharing the expertise gained
in the SFB in events with industry partners as well as transfer projects.
This work required a broad spectrum of expertise. Computer scientists
and economists with research interests such as computer networks and
distributed algorithms, security and cryptography, software engineering
and verification, configuration and machine learning, computer engineering
and HPC, microeconomics and game theory, business informatics
and management have successfully collaborated here.}},
  author       = {{Haake, Claus-Jochen and Meyer auf der Heide, Friedhelm and Platzner, Marco and Wachsmuth, Henning and Wehrheim, Heike}},
  pages        = {{247}},
  publisher    = {{Heinz Nixdorf Institut, Universität Paderborn}},
  title        = {{{On-The-Fly Computing -- Individualized IT-services in dynamic markets}}},
  doi          = {{10.17619/UNIPB/1-1797}},
  volume       = {{412}},
  year         = {{2023}},
}

@inproceedings{35426,
  author       = {{Richter, Cedric and Haltermann, Jan Frederik and Jakobs, Marie-Christine and Pauck, Felix and Schott, Stefan and Wehrheim, Heike}},
  booktitle    = {{37th IEEE/ACM International Conference on Automated Software Engineering}},
  publisher    = {{ACM}},
  title        = {{{Are Neural Bug Detectors Comparable to Software Developers on Variable Misuse Bugs?}}},
  doi          = {{10.1145/3551349.3561156}},
  year         = {{2023}},
}

@inproceedings{35427,
  author       = {{Pauck, Felix}},
  booktitle    = {{37th IEEE/ACM International Conference on Automated Software Engineering}},
  publisher    = {{ACM}},
  title        = {{{Scaling Arbitrary Android App Analyses}}},
  doi          = {{10.1145/3551349.3561339}},
  year         = {{2023}},
}

@inproceedings{44194,
  author       = {{Ahmed, Qazi Arbab and Awais, Muhammad and Platzner, Marco}},
  booktitle    = {{The 24th International Symposium on Quality Electronic Design (ISQED'23), San Francisco, Califorina USA}},
  location     = {{San Fransico CA 94023-0607, USA}},
  title        = {{{MAAS: Hiding Trojans in Approximate Circuits}}},
  year         = {{2023}},
}

@phdthesis{43108,
  author       = {{Pauck, Felix}},
  publisher    = {{Paderborn University}},
  title        = {{{Cooperative Android App Analysis}}},
  doi          = {{10.17619/UNIPB/1-1698}},
  year         = {{2023}},
}

@inproceedings{29945,
  author       = {{Witschen, Linus Matthias and Wiersema, Tobias and Reuter, Lucas David and Platzner, Marco}},
  booktitle    = {{2022 59th ACM/IEEE Design Automation Conference (DAC)}},
  location     = {{San Francisco, USA}},
  title        = {{{Search Space Characterization for Approximate Logic Synthesis }}},
  year         = {{2022}},
}

@inproceedings{29865,
  author       = {{Witschen, Linus Matthias and Wiersema, Tobias and Artmann, Matthias and Platzner, Marco}},
  booktitle    = {{Design, Automation and Test in Europe (DATE)}},
  location     = {{Online}},
  title        = {{{MUSCAT: MUS-based Circuit Approximation Technique}}},
  year         = {{2022}},
}

@inproceedings{32590,
  author       = {{Richter, Cedric and Wehrheim, Heike}},
  booktitle    = {{2022 IEEE Conference on Software Testing, Verification and Validation (ICST)}},
  pages        = {{162--173}},
  title        = {{{Learning Realistic Mutations: Bug Creation for Neural Bug Detectors}}},
  doi          = {{10.1109/ICST53961.2022.00027}},
  year         = {{2022}},
}

@inproceedings{32591,
  author       = {{Richter, Cedric and Wehrheim, Heike}},
  booktitle    = {{2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR)}},
  pages        = {{418--422}},
  title        = {{{TSSB-3M: Mining single statement bugs at massive scale}}},
  doi          = {{10.1145/3524842.3528505}},
  year         = {{2022}},
}

@phdthesis{34041,
  author       = {{Witschen, Linus Matthias}},
  title        = {{{Frameworks and Methodologies for Search-based Approximate Logic Synthesis}}},
  doi          = {{10.17619/UNIPB/1-1649}},
  year         = {{2022}},
}

@inproceedings{32342,
  author       = {{Ahmed, Qazi Arbab and Platzner, Marco}},
  location     = {{Pafos, Cyprus}},
  publisher    = {{IEEE Computer Society Annual Symposium on VLSI (ISVLSI,2022)}},
  title        = {{{On the Detection and Circumvention of Bitstream-Level Trojans in FPGAs}}},
  year         = {{2022}},
}

@inproceedings{45248,
  author       = {{Dongol, Brijesh and Schellhorn, Gerhard and Wehrheim, Heike}},
  booktitle    = {{33rd International Conference on Concurrency Theory, CONCUR 2022, September 12-16, 2022, Warsaw, Poland}},
  editor       = {{Klin, Bartek and Lasota, Slawomir and Muscholl, Anca}},
  pages        = {{31:1–31:23}},
  publisher    = {{Schloss Dagstuhl - Leibniz-Zentrum für Informatik}},
  title        = {{{Weak Progressive Forward Simulation Is Necessary and Sufficient for Strong Observational Refinement}}},
  doi          = {{10.4230/LIPIcs.CONCUR.2022.31}},
  volume       = {{243}},
  year         = {{2022}},
}

@article{30511,
  abstract     = {{<jats:title>Abstract</jats:title><jats:p>Many critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any static code analysis. SPLlift, a previously presented approach for analyzing software product lines, is limited to Java programs that use a rather simple feature encoding and to analysis problems with a finite and ideally small domain. Other approaches that allow the analysis of real-world C software product lines use special-purpose analyses, preventing the reuse of existing analysis infrastructures and ignoring the progress made by the static analysis community. This work presents <jats:sc>VarAlyzer</jats:sc>, a novel static analysis approach for software product lines. <jats:sc>VarAlyzer</jats:sc> first transforms preprocessor constructs to plain C while preserving their variability and semantics. It then solves any given distributive analysis problem on transformed product lines in a variability-aware manner. <jats:sc>VarAlyzer</jats:sc> ’s analysis results are annotated with feature constraints that encode in which configurations each result holds. Our experiments with 95 compilation units of OpenSSL show that applying <jats:sc>VarAlyzer</jats:sc> enables one to conduct inter-procedural, flow-, field- and context-sensitive data-flow analyses on entire product lines for the first time, outperforming the product-based approach for highly-configurable systems.</jats:p>}},
  author       = {{Schubert, Philipp and Gazzillo, Paul and Patterson, Zach and Braha, Julian and Schiebel, Fabian Benedikt and Hermann, Ben and Wei, Shiyi and Bodden, Eric}},
  issn         = {{0928-8910}},
  journal      = {{Automated Software Engineering}},
  keywords     = {{inter-procedural static analysis, software product lines, preprocessor, LLVM, C/C++}},
  number       = {{1}},
  publisher    = {{Springer Science and Business Media LLC}},
  title        = {{{Static data-flow analysis for software product lines in C}}},
  doi          = {{10.1007/s10515-022-00333-1}},
  volume       = {{29}},
  year         = {{2022}},
}

@phdthesis{26746,
  abstract     = {{Previous research in proof-carrying hardware has established the feasibility and utility of the approach, and provided a concrete solution for employing it for the certification of functional equivalence checking against a specification, but fell short in connecting it to state-of-the-art formal verification insights, methods and tools. Due to the immense complexity of modern circuits, and verification challenges such as the state explosion problem for sequential circuits, this restriction of readily-available verification solutions severely limited the applicability of the approach in wider contexts.

This thesis closes the gap between the PCH approach and current advances in formal hardware verification, provides methods and tools to express and certify a wide range of circuit properties, both functional and non-functional, and presents for the first time prototypes in which circuits that are implemented on actual reconfigurable hardware are verified with PCH methods. Using these results, designers can now apply PCH to establish trust in more complex circuits, by using more diverse properties which they can express using modern, efficient property specification techniques.}},
  author       = {{Wiersema, Tobias}},
  keywords     = {{Proof-Carrying Hardware, Formal Verification, Sequential Circuits, Non-Functional Properties, Functional Properties}},
  pages        = {{293}},
  publisher    = {{Paderborn University}},
  title        = {{{Guaranteeing Properties of Reconfigurable Hardware Circuits with Proof-Carrying Hardware}}},
  year         = {{2021}},
}

@article{27045,
  abstract     = {{Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench, the first real-world malware benchmark suite with documented taint flows. TaintBench benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using TaintBench reveal new insights for the taint analysis tools Amandroid and FlowDroid: (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.}},
  author       = {{Luo, Linghui and Pauck, Felix and Piskachev, Goran and Benz, Manuel and Pashchenko, Ivan and Mory, Martin and Bodden, Eric and Hermann, Ben and Massacci, Fabio}},
  issn         = {{1382-3256}},
  journal      = {{Empirical Software Engineering}},
  title        = {{{TaintBench: Automatic real-world malware benchmarking of Android taint analyses}}},
  doi          = {{10.1007/s10664-021-10013-5}},
  year         = {{2021}},
}

@misc{22304,
  author       = {{Schott, Stefan}},
  title        = {{{Android App Analysis Benchmark Case Generation}}},
  year         = {{2021}},
}

@inproceedings{22927,
  author       = {{Derrick, John and Doherty, Simon and Dongol, Brijesh and Schellhorn, Gerhard and Wehrheim, Heike}},
  booktitle    = {{Proceedings of the 35th International Symposium on Distributed Computing (DISC)}},
  publisher    = {{Schloß Dagstuhl}},
  title        = {{{On Strong Observational Refinement and Forward Simulation}}},
  year         = {{2021}},
}

@inproceedings{21953,
  author       = {{Witschen, Linus Matthias and Wiersema, Tobias and Raeisi Nafchi, Masood and Bockhorn, Arne and Platzner, Marco}},
  booktitle    = {{Proceedings of International Symposium on Applied Reconfigurable Computing (ARC'21)}},
  editor       = {{Hannig, Frank and Derrien, Steven and Diniz, Pedro and Chillet, Daniel}},
  location     = {{Virtual conference}},
  publisher    = {{Springer Lecture Notes in Computer Science}},
  title        = {{{Timing Optimization for Virtual FPGA Configurations}}},
  doi          = {{10.1007/978-3-030-79025-7_4}},
  year         = {{2021}},
}

@inproceedings{21598,
  abstract     = {{Static analysis is used to automatically detect bugs and security breaches, and aids compileroptimization. Whole-program analysis (WPA) can yield high precision, however causes long analysistimes and thus does not match common software-development workflows, making it often impracticalto use for large, real-world applications.This paper thus presents the design and implementation ofModAlyzer, a novel static-analysisapproach that aims at accelerating whole-program analysis by making the analysis modular andcompositional. It shows how to computelossless, persisted summaries for callgraph, points-to anddata-flow information, and it reports under which circumstances this function-level compositionalanalysis outperforms WPA.We implementedModAlyzeras an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time,ModAlyzermodularly and losslessly summarizesthe analysis effect of the library code those applications share, hence avoiding its repeated re-analysis.The experimental results show that the reuse of these summaries can save, on average, 72% ofanalysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retainsprecision and recall. Surprisingly, as our results show, it sometimes even yields precision superior toWPA. The initial summary generation, on average, takes about 3.67 times as long as WPA.}},
  author       = {{Schubert, Philipp and Hermann, Ben and Bodden, Eric}},
  booktitle    = {{European Conference on Object-Oriented Programming (ECOOP)}},
  title        = {{{Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis}}},
  year         = {{2021}},
}