Qingkai Shi, Ph.D.

Postdoctoral Research Associate Working with Prof. Xiangyu Zhang

Department of Computer Science, Purdue University, USA

Address: 305 N. University Street, West Lafayette, IN 47907

Email: shi553 AT purdue DOT edu       Twitter: @QingkaiS


Qingkai Shi is a Postdoctoral Research Associate in the department of computer science at Purdue University. His major research interests focus on the use of compiler techniques, especially static analysis, to rigorously ensure software security. He has published extensively at premium venues of programming languages (PLDI, OOPSLA), software engineering (ICSE, FSE), and cybersecurity (S&P). His research received many awards including ACM SIGSOFT Distinguished Paper Award and Hong Kong Ph.D. Fellowship. His research has led to the discovery of hundreds of zero-day software vulnerabilities in open-source software and has been successfully commercialized in Sourcebrella Inc, a static analysis tool vendor. Qingkai obtained his B.S. and Ph.D. from Nanjing University and the Hong Kong University of Science and Technology, respectively.

  • Static Analysis for Reverse Engineering

    I am currently working on reverse engineering, which attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. We reverse engineer, or disassemble, binary code into assembly code (S&P'23); we reverse engineer software implementations to obtain the specification of input formats and system state machines. We expect to use these techniques to facilitate automated security analysis such as vulnerability scanning and fuzz testing. To date, we have discovered many zero-day vulnerabilities through these techniques.

  • Static Analysis for Vulnerability Scanning

    Pinpoint is an industrial-strength automated software vulnerability scanner. It has found hundreds of bugs, including many CVEs, in mature systems. Pinpoint has been successfully commercialized at Sourcebrella Inc (acquired by Ant Group in 2020) and deployed in daily operations for improving the quality of Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to my Ph.D. dissertation as well as works on general value-flow analysis (PLDI'18, ICSE'20a, ICSE'20b, OOPSLA'22a, TOSEM'23) and detecting specific bug types (ICSE'19 , ISSTA'20b, ISSTA'20c, ICSE'22, OOPSLA'22b, ESEC/FSE'22).

  • Static Analysis for Fuzz Testing

    Fuzz testing is powerful for revealing coding errors and security loopholes in software, networks, or operating systems. We are interested in leveraging static analysis techniques, particularly, abstract interpretation, to make fuzz testers incremental (S&P'20) and directed (S&P'22). We also apply fuzz testers to domain-specific application scenarios, including testing black boxes with entropy (TRel'16, ISSTA'20d), testing multi-threading programs (TSE'16), and testing SMT solvers (ISSTA'21, ESEC/FSE'21). We received the Huawei distinguished collaborator 2021 award on deploying our S&P'20 work.

  • Static Analysis for Theorem Proving

    Automated theorem proving is an infrastructure technology for effective vulnerability scanning and fuzz testing. Directly employing a general-purpose theorem prover, e.g., the Z3 theorem prover, could miss a lot of optimization opportunities. We aim to provide dedicated theorem provers (ISSTA'20a, PLDI'21, OOPSLA'21), particularly taking advantage of program semantics to make a theorem prover faster and, in turn, improve the vulnerability scanners and fuzz testers. We also utilze fuzz testing to ensure the quality of theorem provers (ISSTA'21, ESEC/FSE'21) and have discovered hundreds of bugs in Z3 and CVC4.

My research has let me win the following honors:

  • Overseas High-Caliber Personnel in Shenzhen (2021)
  • ACM SIGSOFT Distinguished Paper Award (2019)
  • Champion in NASAC Prototype Competition (2016, 2018a, 2018b)
  • Hong Kong Ph.D. Fellowship (2015)
  • China National Scholarship (2010, 2014)