Welcome to Qingkai's Homepage

Qingkai Shi is an associate professor in the School of Computer Science at Nanjing University. His research focuses on the use of compiler techniques, especially static program analysis, to rigorously ensure software security. He has published extensively at premium venues of programming languages (PLDI, OOPSLA), cybersecurity (SP, CCS), and software engineering (ICSE, ESEC/FSE). His research received many awards, including two ACM SIGPLAN Distinguished Paper Awards, two ACM SIGSOFT Distinguished Paper Awards, a Google Research Paper Reward, and the Hong Kong Ph.D. Fellowship.
Qingkai obtained his Ph.D. from the Hong Kong University of Science and Technology. He co-founded Sourcebrella LLC, where his research was commercialized. He then moved to Ant Group as Sourcebrella was acquired. Qingkai also enjoyed a wonderful period as a postdoctoral researcher at Purdue University.
  • Static Analysis for Bug Scanning

    Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of vulnerabilities with many CVEs in mature systems . It was successfully commercialized at Sourcebrella LLC, which was acquired by Ant Group in 2020 for improving the quality of many products such as Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to this doctoral dissertation as well as follow-up works on path-sensitive sparse dataflow analysis (PLDI'18, PLDI'21, OOPSLA'22a, PLDI'24, ) and approaches to detecting specific bug types (OOPSLA'21, OOPSLA'22b, ). Two ACM Distinguished Paper Awards were awarded for these studies.

    Keywords: path-sensitive and sparse dataflow analysis, memory safety analysis, taint analysis.

  • Static Analysis for Reverse Engineering

    Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. The research group focuses on network protocol reverse engineering to ensure network security (CCS'23, SEC'23, OOPSLA'24), as well as reverse engineering of machine code for binary analysis (SP'23, ISSTA'23, ESEC/FSE'23). These techniques are expected to facilitate automated security analysis, such as bug scanning and fuzz testing. To date, many zero-day vulnerabilities have been discovered through these techniques , and an ACM SIGPLAN Distinguished Paper Award was received.

    Keywords: network security, network protocols, disassembly, binary similarity.

  • Static Analysis for Fuzz Testing

    Fuzz testing is powerful for revealing security loopholes in software. The research group is interested in leveraging static program analyses, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (SP'20, SP'22, ). The group is also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, network or distributed systems, to name a few (ESEC/FSE'21, ISSTA'21, ASE'24, ISSTA'24, ). By fuzzing, hundreds of bugs in state-of-the-art constraint solvers and open-source software have been discovered. The study received an ACM SIGSOFT Distinguished Paper Award and a Google Research Paper Reward.

    Keywords: incremental fuzzing, directed fuzzing, testing large and complex systems.