Qingkai Shi, Ph.D.

Qingkai Shi, Ph.D.

Postdoctoral Research Associate Working with Prof. Xiangyu Zhang

Department of Computer Science, Purdue University, USA

Address: 305 N. University Street, West Lafayette, IN 47907

Email: shi553 AT purdue DOT edu       Twitter: @QingkaiS

Qingkai Shi is a Postdoctoral Research Associate in the Department of Computer Science at Purdue University. His major research interests focus on the use of compiler techniques, especially static analysis, to rigorously ensure software security. He has published extensively at premium venues of programming languages (PLDI, OOPSLA), software engineering (ICSE, ESEC/FSE), and cybersecurity (S&P, CCS). His research received many awards including ACM SIGPLAN Distinguished Paper Award, ACM SIGSOFT Distinguished Paper Award, Google Research Paper Reward, and Hong Kong Ph.D. Fellowship. His research has led to the discovery of hundreds of zero-day software vulnerabilities and has been successfully commercialized in Sourcebrella Inc, acquired by Ant Group. Qingkai obtained his B.S. and Ph.D. from Nanjing University and the Hong Kong University of Science and Technology.

• Static Analysis for Bug Scanning

  Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of bugs, including many CVEs, in mature systems. It has been successfully commercialized at Sourcebrella Inc (acquired by Ant Group in 2020) and deployed in daily operations for improving the quality of Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to my doctoral dissertation as well as follow-up works on path-sensitive sparse dataflow analysis (PLDI'18, ICSE'20a, ICSE'20b, ISSTA'20a, PLDI'21, OOPSLA'21, OOPSLA'22a, TOSEM'23, …) and techniques that detect specific bug types (ICSE'19, ISSTA'20b, ISSTA'20c, ICSE'22, OOPSLA'22b, ESEC/FSE'22, …). We received two ACM Distinguished Paper Awards for these works.

• Static Analysis for Reverse Engineering

  Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. We reverse engineer machine code for binary analysis (S&P'23, ISSTA'23, ESEC/FSE'23); we reverse engineer network implementations to obtain the specification of protocol formats and state machines (CCS'23, Security'23). We expect to use these techniques to facilitate automated security analysis such as bug scanning and fuzz testing. To date, we have discovered many zero-day vulnerabilities through these techniques.

• Static Analysis for Fuzz Testing

  Fuzz testing is powerful for revealing security loopholes in software, networks, or operating systems. We are interested in leveraging static program analysis techniques, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (S&P'20, S&P'22). We are also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, internet of things or network systems, to name a few (TRel'16, TSE'16, ISSTA'20d, ISSTA'21, ESEC/FSE'21, …). We received the Google Research Paper Reward and, by fuzzing, have discovered hundreds of bugs in state-of-the-art constraint solvers.