Qingkai Shi, Ph.D.

Associate Professor · Recipient of NSFC for Excellent Young Scientists

Department of Computer Science and Technology, Nanjing University

Address: 163 Xianlin Avenue, Nanjing, Jiangsu 210023, PRC

Email: qingkaishi (AT) nju (DOT) edu (DOT) cn      Twitter: @QingkaiS
Qingkai Shi is an associate professor in the Department of Computer Science and Technology at Nanjing University. His research focuses on the use of compiler techniques, especially static program analysis, to rigorously ensure software security. He has published extensively at premium venues of programming languages (PLDI, OOPSLA), cybersecurity (SP, CCS), and software engineering (ICSE, ESEC/FSE). His research received many awards including an ACM SIGPLAN Distinguished Paper Award, an ACM SIGSOFT Distinguished Paper Award, a Google Research Paper Reward, and the Hong Kong Ph.D. Fellowship.
Qingkai obtained his Ph.D. from the Hong Kong University of Science and Technology. He co-founded Sourcebrella LLC, where his research was commercialized. He then moved to Ant Group as Sourcebrella was acquired. Qingkai also enjoyed a wonderful period as a postdoctoral researcher at Purdue University.
  • Static Analysis for Bug Scanning
      path-sensitive and sparse dataflow analysis  
      memory corruptions  
      taint issues  

    Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of vulnerabilities with many CVEs in mature systems . It has been successfully commercialized at Sourcebrella LLC, which was acquired by Ant Group in 2020 for improving the quality of many products such as Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to this doctoral dissertation as well as follow-up works on path-sensitive sparse dataflow analysis (PLDI'18, PLDI'21, OOPSLA'22a, PLDI'24, ) and approaches to detecting specific bug types (OOPSLA'21, OOPSLA'22b, ). Two ACM Distinguished Paper Awards were awarded for these studies.

  • Static Analysis for Reverse Engineering
      binary similarity  
      network security  

    Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. This research focuses on the reverse engineering of machine code for binary analysis (SP'23, ISSTA'23, ESEC/FSE'23), and the reverse engineering of network implementations to obtain the formal specification of network protocols (CCS'23, SEC'23, OOPSLA'24). These techniques are expected to facilitate automated security analysis such as bug scanning and fuzz testing. To date, many zero-day vulnerabilities have been discovered through these techniques .

  • Static Analysis for Fuzz Testing
      incremental fuzzing  
      directed fuzzing  
      testing of large and complex systems  

    Fuzz testing is powerful for revealing security loopholes in software, networks, or operating systems. The research group is interested in leveraging static program analyses, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (SP'20, SP'22, ). The group is also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, network or distributed systems, to name a few (TSE'16, ISSTA'21, ESEC/FSE'21, TOSEM'24, ). By fuzzing, hundreds of bugs in state-of-the-art constraint solvers have been discovered and a Google Research Paper Reward was received.