中文版

Yao Peisen

Email:

rainoftime - at - gmail - dot- com

pyao - at - cse - dot- ust - dot - hk

Research Interests

I am broadly interested in topics related to programming languages, software engineering, and cybersecurity, with an emphasis on using program reasoning techniques to ensure software reliability, e.g.,

• Static Program Analysis
  Value flow analysis, alias/pointer analysis
• Dynamic Program Analysis
  Metamorphic testing, fuzzing
• Automated Reasoning
  Symbolic abstraction, semantics-guided synthesis

News

• I am on the job market for 2022/2023 positions. Please reach out to me if you think I would be a good fit for your ...

Publications

• Complexity-Guided Container Replacement Synthesis (conditional accept). Chengpeng Wang, Peisen Yao*, Wensheng Tang, Qingkai Shi, and Charles Zhang. The 37th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications, OOPSLA 2022
• Precise Divide-By-Zero Detection with Affirmative Evidence. Yiyuan Guo, Jinguo Zhou, Peisen Yao*, Qingkai Shi, and Charles Zhang. The 2022 IEEE/ACM International Conference on Software Engineering, ICSE 2022 [data]
• BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning. Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang. The 43rd IEEE Symposium on Security and Privacy, S&P 2022 [pdf]
• Program Analysis via Efficient Symbolic Abstraction. Peisen Yao, Qingkai Shi, Heqing Huang, and Charles Zhang. The 36th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications, OOPSLA 2021 [pdf]
• Transcode: Detecting Status Code Mapping Errors in Large-Scale Systems. Wensheng Tang, Yikun Hu*, Gang Fan, Peisen Yao*, Rongxin Wu, Guangyuan Bai, Pengcheng Wang, and Charles Zhang. The 2021 IEEE/ACM Automated Software Engineering Conference, ASE 2021 [pdf]
  
• Skeletal Approximation Enumeration for SMT Solver Testing. Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, and Charles Zhang. The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2021 [pdf]
  
• Fuzzing SMT Solvers via Two-Dimensional Input Space Exploration. Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, and Charles Zhang. The 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2021 [pdf]
  
• Path-Sensitive Sparse Analysis without Path Conditions. Qingkai Shi, Peisen Yao*, Rongxin Wu, and Charles Zhang. The 42nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2021 [pdf]
  
• Canary: Practical Static Detection of Inter-Thread Value-Flow Bugs. Yuandao Cai, Peisen Yao*, and Charles Zhang. The 42nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2021 [pdf]
  
• Fast Bit-Vector Satisfiability. Peisen Yao, Qingkai Shi, Heqing Huang, and Charles Zhang. The 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2020 [pdf]
  
• Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction. Heqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, and Charles Zhang. The 41st IEEE Symposium on Security and Privacy, S&P 2020 [pdf]
  

Drafts/Technical Reports/Working Paper

• Efficient Path-Sensitive Data-Dependence Analysis. Peisen Yao, Jinguo Zhou, Xiao Xiao, Qingkai Shi, Rongxin Wu, and Charles Zhang. [pdf]
• Duplicate-sensitivity Guided Transformation Synthesis for DBMS Correctness Bug Detection. Yushan Zhang, Peisen Yao, Rongxin Wu, and Charles Zhang. [pdf]
• ...

* means corresponding author.

Projects

• Static Code Analysis / Static Vulnerability Detection

  Pinpoint/Fusion is an industrial-strength next-generation automated bug finding tool through static analysis (PLDI'21a, PLDI'21b, ASE'21, ICSE'22). It has found over two hundred bugs in many mature open-source projects, including Apache, MySQL, Firefox, and Python. Many of the detected bugs have been assigned CVE IDs due to their security impacts.

• Dynamic Vulnerability Analysis / Fuzz Testing

  Fuzz testing is an automated software testing technique that is conducted to reveal coding errors and security loopholes. We are interested in leveraging our static analysis knowledge to optimize fuzz testers (S&P'20, S&P'22) and applying fuzz testers to domain-specific application scenarios. Specificaly, the SMTFuzz framework (ESEC/FSE'21, ISSTA'21) has found 1000+ bugs in several state-of-the-art SMT solvers and first-order theorem provers, such as Z3, CVC5, Yices2, STP, Boolector, MathSAT5, SMTInterpol, OpenSMT, SMT-RAT, DReal, SPASS, and Vampire.

Reviewer/Sub-/Co-reviewer

• ISSRE'21 (industrial track)
  
• FSE'19, ISSTA'19
  
• ASE'18
  
• VMCAI'17
  

Teaching

• COMP4632: Practicing CyberSecurity: Attacks and Counter-measures
  
• COMP3021: Java Programming
  
• COMP3511: Operating System
  

Funding and Cooperation

• Wit has been accepted at ICSE 2022 (joint work with Ant Group).
  
• TransCode (ASE'21) has been deploped in WeChat.
  
• Pangolin (S&P 2020) has been successfully deployed in the Huawei tool-chain. We have thus received the Huawei Distinguish collaborator 2021 award.
  

Misc

• Some interesting papers
  
• Writing a technical paper by Michael Ernst
  
• Tips on writing a research paper by Tom Reps
  
• Programming Z3 Nikolaj Bjorner et al
  
• Z3 Python API tutorial