Qingkai (Thomas) Shi
Department of Computer Science and Engineering
Hong Kong University of Science and Technology
Email: qingkaishi AT gmail DOT com, qshiaa AT cse DOT ust DOT hk
- System Security
- Programming Language
- Fuzzing and Testing
- Qingkai Shi, Charles Zhang. Pipelining Bottom-up Data Flow Analysis. In ICSE 2020: the 42nd ACM/IEEE International Conference on Software Engineering. Seoul, South Korea. May 2020. (to appear)
- Qingkai Shi, Rongxin Wu, Gang Fan, Charles Zhang. Conquering the Extensional Scalability Problem for Value-Flow Analysis Frameworks. In ICSE 2020: the 42nd ACM/IEEE International Conference on Software Engineering. Seoul, South Korea. May 2020. (to appear)
- Gang Fan, Rongxin Wu, Qingkai Shi, Xiao Xiao, Jinguo Zhou,
Charles Zhang. SMOKE: Scalable
Path-Sensitive Memory Leak Detection for Millions of Lines of Code. In
2019: the 41st ACM/IEEE International Conference on Software
Engineering. Montreal, QC, Canada. May 2019.
ACM SIGSOFT Distinguished Paper Award
- Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Gang Fan, Charles Zhang. Pinpoint: Fast and Precise Sparse Value Flow Analysis for Million Lines of Code. In PLDI 2018: the 39th annual ACM SIGPLAN conference on Programming Language Design and Implementation. Philadelphia, Pennsylvania, United States. June 2018. (Slides) (Artifact Evaluation) (Media)
- Qingkai Shi, Jeff Huang, Zhenyu Chen, Baowen Xu. Verifying Synchronization for Atomicity Violation Fixing. In TSE 2016: the IEEE Transactions on Software Engineering, Vol. 42, No. 3, 2016.
- Qingkai Shi, Zhenyu Chen, Chunrong Fang, Yang Feng, Baowen Xu. Measuring the Diversity of a Test Set with Distance Entropy. In TR 2016: the IEEE Transactions on Reliability, Vol. 65, No. 1, 2016.
Pinpoint is an industrial-strength next-generation automated bug finding tool through static analysis and AI. It is built on top of LLVM. It has found about a hundred vulnerabilities in many mature open-source projects, including Apache, MySQL, Firefox, Python, OpenSSL, etc. Some of the detected vulnerabilities have been assigned CVE IDs. This project is being commercialized at Sourcebrella Inc.. For more information, interested readers can refer to our technical papers: <PLDI 2018> <ICSE 2019> <ICSE 2020a> <ICSE 2020b>.
Canary is a set of tools built on a unification-based alias analysis. Currently, it contains an order-based record/replay tool, and a trace-based bug detector for concurrent C/C++ programs. It is implemented for C/C++ programs based on LLVM. This project currently is used in the Sourcebrella Inc. for vulnerability detection.
Swan is a prototype tool for verifying whether an atomicity violation is fixed sufficiently or not. It analyzes a dynamic buggy trace with fix (i.e., synchronization) information. It does not require developers should fully understand the bugs before fixing, thus being more practical. It is implemented for Java programs based on Soot. For more information, interested readers can refer to our technical papers: <IEEE TSE 2016>.
- TA for COMP4111: Software Engineering Practices (Fall 2016, Spring 2018)
- TA for COMP3111/3111H: Software Engineering (Fall 2018)
- ACM SIGSOFT Distinguished Paper Award
- Hong Kong Phd Fellowship
- China National Scholarship
- Blog: Qingkai Shi, 2017/10/06, A double-free vulnerability in International Components for Unicode (ICU)
- Blog: Qingkai Shi, 2017/07/31, Use-after-free vulnerabilities in MySQL
- Reading (Security)