Qingkai Shi, Ph.D.
Associate Professor · Recipient of NSFC for Excellent Young Scientists
Department of Computer Science and Technology, Nanjing University
Address: 163 Xianlin Avenue, Nanjing, Jiangsu 210023, PRC
Email: qingkaishi (AT) nju (DOT) edu (DOT) cn Twitter: @QingkaiS
- Static Analysis for Bug Scanning
Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of vulnerabilities with many CVEs in mature systems . It has been successfully commercialized at Sourcebrella Inc, which was acquired by Ant Group in 2020 for improving the quality of many products such as Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to my doctoral dissertation as well as follow-up works on general sparse dataflow analysis (PLDI'18, PLDI'21, OOPSLA'21, OOPSLA'22a, …) and approaches to detecting specific bug types (OOPSLA'22b, S&P'24, …). We received two ACM Distinguished Paper Awards.
- Static Analysis for Reverse Engineering
Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. We reverse engineer machine code for binary analysis (S&P'23, ISSTA'23, ESEC/FSE'23); we reverse engineer network implementations to obtain the formal specification of protocol formats and state machines (CCS'23, Security'23). We expect to use these techniques to facilitate automated security analysis such as bug scanning and fuzz testing. To date, we have discovered many zero-day vulnerabilities through these techniques .
- Static Analysis for Fuzz Testing
Fuzz testing is powerful for revealing security loopholes in software, networks, or operating systems. We are interested in leveraging static program analysis techniques, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (S&P'20, S&P'22, …). We are also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, internet of things or network systems, to name a few (ISSTA'20, ISSTA'21, ESEC/FSE'21, …). We received a Google Research Paper Reward and, by fuzzing, have discovered hundreds of bugs in state-of-the-art constraint solvers .