My research focuses on program analysis techniques. I currently lead the program analysis research group at the Institute of Computing Technology, Chinese Academy of Sciences. Our group aims to develop new program analysis techniques and tools to enhance software reliability and security. We have developed a new program analysis tool Wukong, which can detect deepl software errors involving complex inter-procedural dependences via pointers and references. Wukong supports program languages including C/C++, Java, and has detected hundreds of deep errors and potential vulnerabilities from popular open source applications including Google Chromium, Bash, Sed, Hadoop, etc. Hundreds of bugs have already been confirmed by the original developers, with more than 50 CVEs granted. Our research has been published in top conferences, including SOSP、FSE、ASE、USENIX SECURITY、CCS ​and CGO, and was recognized with the ASE2019 Distinguished paper award and the CCS2022 Best paper honorable mention. For more information, please visit our group page  ICT-PAG - Home. 

2003-03--2007-08   University of New South Wales, Australia  Ph.D in Computer Science

                                Ph.D Thesis “ScratchPad Management for Static Data Aggregates", advised by Professor Jingling Xue

1993-09--1998-06   Tsinghua University  Bachelor in Engineering Physiscs

2015-04~ , Institute of Computing Technology, Chinese Academy of Sciences,  Professor (100-talent program)

2011-06~2015-03, Oracle Labs, Australia,  Principal member of technical staff

2008-06~2011-06, Sun Microsystems Laboratories, Senior Member of Technical Staff 

2007-09~2008-05,University of New South Wales, Australia, PostDoc

   

（1） Performance-Boosting Sparsification of the IFDS Algorithm with Applications to Taint Analysis (Distinguished Paper Award), the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19), 2019-11
（2） CrashTuner: Detecting Crash Recovery Bugs in Cloud Systems via Meta-info Analysis, Symposium on Operating Systems Principles (SOSP'19), 2019
（3） Understanding Node Change Bugs for Distributed Systems, IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER'19), 2019
（4） CloudRaid : Hunting Concurrency Bugs in the Cloud via Log-Mining, ACM conference on the Foundations of Software Engineering (FSE'18), 2018
（5） Understanding and Detecting Evolution-induced Compatibility Issues in Android Apps, The 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE'18), 2018
（6） May-Happen-in-Parallel Analysis with Static Vector Clocks, International Symposium on Code Generation and Optimization (CGO'18), 2018
（7） Dynamic Symbolic Execution for Polymorphism, 26th International Conference on Compiler Construction (CC'17), 2017
（8） Symbolic Execution with Value-range Analysis for Floating-point Exception Detection, 24th Asia-Pacific Software Engineering Conference (APSEC'17), 2017
（9） Memos: A Full Hierarchy Hybrid Memory Management Framework, The 34th International Conference on Computer Design (ICCD'16), 2016
（10） Precise and Scalable Context-sensitive Pointer Analysis via Value Flow Graph, International Symposium on Memory Management (ISMM'13), 2013
（11） Path-Sensitive Data Flow Analysis Simplified, International Conference on Formal Engineering Methods (ICFEM'13), 2013
（12） Through the Looking Glass: Transitioning Parfait into a Development Tool, IEEE Security & Privacy Journal, 2012
（13） SEED: A Statically-Greedy and Dynamically-Adaptive Approach for Speculative Loop Execution, IEEE Transaction on Computers, 2012
（14） Boosting the Performance of Flow-sensitive Pointer Analysis using Value Flow, ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2011
（15） Static Deep Error Checking in Large System Applications using Parfait, ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2011
（16） Practical and Effective Symbolic Analysis for Buffer Overow Detection, ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2010
（17） Scratchpad Memory Allocation for Data Aggregates via Interval Coloring in Superperfect Graphs, ACM Transaction on Embedded Computing Systems, 2010
（18） Program Analysis for Bug Detection using Parfait, Workshop on Partial Evaluation and Semantic-Based Program Manipulation, 2009
（19） BegBunch: Benchmarking for C Bug Detection Tools, Workshop on Defects in Large Software Systems, 2009
（20） Compiler-directed Scratchpad Memory Management via Graph Coloring, ACM Transaction on Architecture and Code Optimisation, 2009
（21） Exploiting Speculative TLP in Recursive Pro-grams by Dynamic Thread Prediction, International Conference on Compiler Construction, 2009
（22） Thread-Sensitive Modulo Scheduling for Multi-core Processors, International Conference on Parallel Processing, 2008
（23） Towards Data Tiling for Whole Programs in Scratchpad Memory Allocation, Asia-Pacfic Computer Systems Architecture Conference, 2007
（24） Scratchpad Allocation for Data Aggregates in Superperfect Graphs, ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems, 2007
（25） Trace-based leakage energy optimisations at link time, Journal of Systems Architecture, 2007
（26） Loop recreation for thread-level speculation, International Conference on Parallel and Distributed Systems, 2007
（27） Trace-Based Data Cache Leakage Reduction at Link Time, Asia-Paci_c Computer Systems Architecture Conference, 2006
（28） Memory Coloring: A Compiler Approach for Scratchpad Memory Management, International Conference on Parallel Architecture and Compilation Techniques, 2005
（29） A trace-based binary compilation framework for energy-aware computing, ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems, 2004

（ 1 ） System and method for overflow detection using symbolic analysis,  Primary Inventor, US 12/642,729

（ 2 ） Points-to analysis as value flow, Primary Inventor, US 13/117,058

（ 3 ） Context-sensitive analysis framework using value flows, Primary Inventor, US 13/117,078

（ 4 ） Path-sensitive analysis framework for bug checking, Primary Inventor, US 14/188,552

  ( 5 )   Method and system for code analysis using symbolic types, Primary Inventor, US20150269061A1

（ 6 ） Method and system for performing backward-driven path-sensitive dataflow analysis, 3rd Inventor, US 13/192,349

已指导学生

周卿  博士研究生  081201-计算机系统结构  

陆杰  博士研究生  081201-计算机系统结构  

王科峰  硕士研究生  085211-计算机技术  

何冬杰  硕士研究生  081201-计算机系统结构  

张馨元  硕士研究生  081201-计算机系统结构  

郑恒杰  硕士研究生  081202-计算机软件与理论  

现指导学生

袁挺  博士研究生  081201-计算机系统结构  

孟海宁  博士研究生  081202-计算机软件与理论  

刘晨  博士研究生  081202-计算机软件与理论  

李广威  博士研究生  081202-计算机软件与理论  

李昊峰  博士研究生  081202-计算机软件与理论  

陈宇翔  博士研究生  081202-计算机软件与理论  

黄永恒  硕士研究生  081202-计算机软件与理论