Qingkai Shi's Homepage

Qingkai Shi, Ph.D.

Associate Professor · Recipient of NSFC for Excellent Young Scientists

Department of Computer Science and Technology, Nanjing University

Address: 163 Xianlin Avenue, Nanjing, Jiangsu 210023, PRC

Email: qingkaishi (AT) nju (DOT) edu (DOT) cn Twitter: @QingkaiS

If you like programming and are interested in compilers and compiler-based security techniques, drop by my office (518) or send me emails for Ph.D. and Master positions. Bachelor's thesis topics are also available for undergraduates.

Dr. Qingkai Shi is an associate professor in the Department of Computer Science and Technology at Nanjing University. He is a recipient of the national natural science fund for excellent young scientists. His research interests focus on the use of compiler techniques, especially static program analysis, to rigorously ensure software security. He has published extensively at premium venues of programming languages (PLDI, OOPSLA), cybersecurity (S&P, CCS), and software engineering (ICSE, ESEC/FSE). His research received many awards including ACM SIGPLAN Distinguished Paper Award, ACM SIGSOFT Distinguished Paper Award, Google Research Paper Reward, and Hong Kong Ph.D. Fellowship.

Qingkai obtained his Ph.D. from the Hong Kong University of Science and Technology. He co-founded Sourcebrella LLC. where his research was commercialized. He then moved to Ant Group as Sourcebrella was acquired. Qingkai was also a postdoctoral researcher at Purdue University.

Static Analysis for Bug Scanning
Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of vulnerabilities with many CVEs in mature systems . It has been successfully commercialized at Sourcebrella Inc, which was acquired by Ant Group in 2020 for improving the quality of many products such as Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to my doctoral dissertation as well as follow-up works on general sparse dataflow analysis (PLDI'18, ICSE'20a, ICSE'20b, ISSTA'20a, PLDI'21, OOPSLA'21, OOPSLA'22a, TOSEM'23, ICSE'24, …) and approaches to detecting specific bug types (OOPSLA'22b, S&P'24, …). We received two ACM Distinguished Paper Awards.
Static Analysis for Reverse Engineering
Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. We reverse engineer machine code for binary analysis (S&P'23, ISSTA'23, ESEC/FSE'23); we reverse engineer network implementations to obtain the formal specification of protocol formats and state machines (CCS'23, Security'23). We expect to use these techniques to facilitate automated security analysis such as bug scanning and fuzz testing. To date, we have discovered many zero-day vulnerabilities through these techniques .
Static Analysis for Fuzz Testing
Fuzz testing is powerful for revealing security loopholes in software, networks, or operating systems. We are interested in leveraging static program analysis techniques, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (S&P'20, S&P'22, TDSC'23, …). We are also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, internet of things or network systems, to name a few (TRel'16, TSE'16, ISSTA'20, ISSTA'21, ESEC/FSE'21, …). We received a Google Research Paper Reward and, by fuzzing, have discovered hundreds of bugs in state-of-the-art constraint solvers .