Yao PeisenAssistant Professor (ZJU 100 Young Professor)School of Cyber Science and Technology College of Computer Science and Technology Zhejiang University Office: Room 311, Tower B06, ZJU-Hangzhou Global Scientific and Technological Innovation Center Email: pyaoaa@zju.edu.cn Official homepage at ZJU: https://person.zju.edu.cn/pyao |
News
- I am looking for self-motivated students (enrolled in 2025)! Please read this if you are a student interested in working with me (e.g., for Ph.D., Master, SRTP, and FYP).
- I am currently on the program committee of CCS 2025, OOPSLA 2025, POPL 2025, ISSTA 2025, and CCS 2024. Please consider submitting a paper!
Research Interests
I am broadly interested in programming languages, software engineering, and cybersecurity, focusing on techniques that make software secure, usable, and fast.Current Research
-
Program Analysis and Verification
- Path sensitivity [PLDI'21a] [ISSTA'20], context sensitivity (via CFL-reachability) [OOPSLA'22a]
- Alias analysis [PLDI'24] [ISSTA'24 ] [TOSEM'23] [OOPSLA'22a]
- Numerical analysis [ISSTA'25] [ASE'23a] [ICSE'22] [OOPSLA'21] [ASE'21]
- Concurrency analysis [USENIX Security'23] [PLDI21'b], change impact analysis [ASE'23b]
- Fuzzing: directed [S&P'24] [S&P'22 ], seed sheduling [TDSC'23], hybrid [S&P'20], oracle [ESEC/FSE'21], configuration [ISSTA'21]
-
Program Synthesis and Optimizations
- Program synthesis for code search [ECOOP'23] and translation [ASPLOS'24]
- Optimizations of Java collections [OOPSLA'22b ] and database-backed applications [ICSE'23]
- Logic and Automted Reasoning
Selected Publications
-
TOSEM: KBX: Verified Model Synchronization via Formal Bidirectional Transformation
Jianhong Zhao, Yongwang Zhao, Peisen Yao, Fanlang Zeng, Bohua Zhan, and Kui Ren
ACM Transactions on Software Engineering and Methodology (CCF Rank A) -
ISSTA 2025: Program Analysis Combining Generalized Bit-Level and Word-Level Abstractions
Guangsheng Fan, Liqian Chen, Banghu Yin, Wenyu Zhang, Peisen Yao, and Ji Wang
The ACM SIGSOFT International Symposium on Software Testing and Analysis (CCF Rank A) -
PLDI 2024: Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence Analysis
Peisen Yao, Jinguo Zhou, Xiao Xiao, Qingkai Shi, Rongxin Wu, and Charles Zhang
The ACM SIGPLAN Conference on Programming Language Design and Implementation (CCF Rank A)
The first PLDI paper from ZJU! -
ASPLOS 2024: SIRO: Empowering Version Compatibility in Intermediate Representations via Program Synthesis
Bowen Zhang, Wei Chen, Peisen Yao, Chengpeng Wang, Wensheng Tang, and Charles Zhang
ACM International Conference on Architectural Support for Programming Languages and Operating Systems (CCF Rank A) -
ISSTA 2024: Precise Compositional Buffer Overflow Detection via Heap Disjointness
Yiyuan Guo, Peisen Yao, and Charles Zhang
The ACM SIGSOFT International Symposium on Software Testing and Analysis (CCF Rank A)
ACM SIGSOFT Distinguished Paper Award - TOSEM 24: Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path Conditions
Wensheng Tang, Dejun Dong, Shijie Li, Chengpeng Wang, Peisen Yao, Jinguo Zhou, and Charles Zhang
ACM Transactions on Software Engineering and Methodology (CCF Rank A) -
ICSE 2024: Enabling Runtime Verification of Causal Discovery Algorithms with Automated Conditional Independence Reasoning
Pingchuan Ma, Zhenlan Ji, Peisen Yao, Shuai Wang, and Kui Ren
The 2024 IEEE/ACM International Conference on Software Engineering (CCF Rank A) -
S&P 2024: Titan: Efficient Multi-target Directed Greybox Fuzzing
Heqing Huang, Peisen Yao, Hung-Chun Chiu, Yiyuan Guo, and Charles Zhang
The 45th IEEE Symposium on Security and Privacy (Oakland) (CCF Rank A) -
ASE 2023a: Demystifying Template-based Invariant Generation for Bit-Vector Programs
Peisen Yao, Jingyu Ke, Jiahui Sun, Hongfei Fu, Rongxin Wu, and Kui Ren
The 2023 IEEE/ACM Automated Software Engineering Conference (CCF Rank A) -
ASE 2023b: DCLink: Bridging Data Constraint Changes and Implementations in FinTech Systems
Wensheng Tang, Chengpeng Wang, Peisen Yao, Rongxin Wu, Xianjin Fu, Gang Fan, and Charles Zhang
The 2023 IEEE/ACM Automated Software Engineering Conference (CCF Rank A) -
ECOOP 2023: Synthesizing Conjunctive Queries for Code Search
Chengpeng Wang, Peisen Yao, Wensheng Tang, Gang Fan, and Charles Zhang
European Conference on Object-Oriented Programming (CCF Rank B) -
TDSC 2023: Balance Seed Scheduling via Monte Carlo Planning
Heqing Huang, Hung-Chun Chiu, Qingkai Shi, Peisen Yao, and Charles Zhang
IEEE Transactions on Dependable and Secure Computing (CCF Rank A) -
ICSE 2023: Verifying Data Constraint Equivalence in FinTech Systems
Chengpeng Wang, Gang Fan, Peisen Yao, Fuxiong Pan, and Charles Zhang
The 2023 IEEE/ACM International Conference on Software Engineering (CCF Rank A) -
USENIX Security 2023: Place Your Locks Well: Understanding and Detecting Lock Misuse Bugs
Yuandao Cai, Peisen Yao, Chengfeng Ye, and Charles Zhang
The 32nd USENIX Security Symposium (CCF Rank A) -
TOSEM 2023: Anchor: Fast and Precise Value-Flow Analysis for Containers via Memory Orientation
Chengpeng Wang, Wenyang Wang, Peisen Yao, Qingkai Shi, Jinguo Zhou, Xiao Xiao, and Charles Zhang
ACM Transactions on Software Engineering and Methodology (CCF Rank A) -
OOPSLA 2022a: Indexing the Extended Dyck-CFL Reachability for Context-Sensitive Program Analysis
Qingkai Shi, Yongchao Wang, Peisen Yao, and Charles Zhang
The 37th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications (CCF Rank A) -
OOPSLA 2022b: Complexity-Guided Container Replacement Synthesis
Chengpeng Wang, Peisen Yao, Wensheng Tang, Qingkai Shi, and Charles Zhang
The 37th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications (CCF Rank A)
ACM SIGPLAN Distinguished Paper Award -
ICSE 2022: Precise Divide-By-Zero Detection with Affirmative Evidence
Yiyuan Guo, Jinguo Zhou, Peisen Yao, Qingkai Shi, and Charles Zhang
The 2022 IEEE/ACM International Conference on Software Engineering (CCF Rank A) -
S&P 2022: BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning
Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang
The 43rd IEEE Symposium on Security and Privacy (Oakland) (CCF Rank A)
Google Research Paper Rewards -
PhD Thesis: Solidifying and Scaling SMT-based Program Analysis, 2022. HKUST
Honorable Mention in the CSE Best Dissertation Award, HKUST -
OOPSLA 2021: Program Analysis via Efficient Symbolic Abstraction
Peisen Yao, Qingkai Shi, Heqing Huang, and Charles Zhang
The 36th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications (CCF Rank A)
(One of the algorithms has been integrated into SVF) -
ASE 2021: Transcode: Detecting Status Code Mapping Errors in Large-Scale Systems
Wensheng Tang, Yikun Hu, Gang Fan, Peisen Yao, Rongxin Wu, Guangyuan Bai, Pengcheng Wang, and Charles Zhang
The 2021 IEEE/ACM Automated Software Engineering Conference (CCF Rank A) -
ESEC/FSE 2021: Skeletal Approximation Enumeration for SMT Solver Testing
Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, and Charles Zhang
The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (CCF Rank A) -
ISSTA 2021: Fuzzing SMT Solvers via Two-Dimensional Input Space Exploration
Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, and Charles Zhang
The 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (CCF Rank A) -
PLDI 2021a: Path-Sensitive Sparse Analysis without Path Conditions
Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang
The 42nd ACM SIGPLAN Conference on Programming Language Design and Implementation (CCF Rank A) -
PLDI 2021b: Canary: Practical Static Detection of Inter-Thread Value-Flow Bugs
Yuandao Cai, Peisen Yao, and Charles Zhang
The 42nd ACM SIGPLAN Conference on Programming Language Design and Implementation (CCF Rank A) -
ISSTA 2020: Fast Bit-Vector Satisfiability
Peisen Yao, Qingkai Shi, Heqing Huang, and Charles Zhang
The 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (CCF Rank A) -
S&P 2020: Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
Heqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, and Charles Zhang
The 41st IEEE Symposium on Security and Privacy (Oakland) (CCF Rank A)
Honors & Awards
- ACM SIGSOFT Distinguished Paper Award (ISSTA 2024)
- CCF-Huawei Innovation Research Award (2023-formal method, 2024-compilers)
- NSFC Excellent Young Scientists Program (Overseas) 国家高层次青年人才计划
- Google Research Paper Rewards, 2022
- ACM SIGPLAN Distinguished Paper Award (OOPSLA 2022)
- Qizhen Scholar of ZJU (浙江大学启真优秀青年学者)
- Honorable Mention in the CSE Best Dissertation Award, HKUST, 2022
- Huawei Distinguished Collaborator, 2021
- Outstanding Undergraduate Award, HUST
- Second Place in Linpack Track (We broke the world record!), ASC 2014
- Technical Excellence Award, Unique Hackday
Software
- Current Projects
-
canary is a static analyzer for C/C++ source code built on top of LLVM, CUDD, Z3, and Crab (ISSTA'25)
-
??? is a binary analysis framework
-
arlib is a Python library for playing with various automated reasoning tasks, such as model counting, quantifier elimination, etc. (ICSE'24)
-
pyomt is a solver for Optimization Modulo Theory (OMT) problems over bit-vectors, integers, and reals.
-
z3-owl is a data-driven parallel constraint solving engine.
-
- Former Projects
-
Pinpoint is an SMT-based, industrial-strength static analysis framework (PLDI'21a, PLDI'21b, ASE'21, ICSE'22, OOPSLA'22a, USENIX Security'23, TOSEM'23...)
- Pinpoint has found hundreds of bugs in many mature and fundamental open-source projects, including Linux Kernel, FreeBSD, Firefox, HBase, OpenSSL, PostgreSQL, MySQL, Memcached, Redis, FFmpeg, Apache HTTPd, Git, Python, Tmux, Vim, and many others
- Pinpoint was commercialized at Sourcebrella Inc, which was acquired by Ant Group in 2020.
-
Pangolin is a fuzzer for C/C++ source code and binaries (Pangolin S&P'20, Beacon S&P'22, BeliefFuzz TDSC'23, Titan S&P'24)
- A partial of of detected vulnerabilities in open-source projects can be found here
- Our work has been successfully deployed in the Huawei tool-chain and detected more than 1000+ bugs! We have thus received the Huawei Distinguished Collaborator 2021 award!
-
EqDAC is an equivalence checker for verifying data constraint equivalence (ICSE'23)
- EqDAC has been deployed in Ant Group, a global FinTech company with 1 billion activeusers
-
Cres is a program synthesizer for code optimization [OOPSLA'22b ] and code search [ECOOP'23]
-
smtfuzz is a fuzzer for SMT solvers (ESEC/FSE'21, ISSTA'21)
- Smtfuzz has found hundreds of bugs in several state-of-the-art SMT solvers and first-order theorem provers, such as Z3, CVC5, Yices2, STP, Boolector, MathSAT5, SMTInterpol, OpenSMT, SMT-RAT, DReal, SPASS, and Vampire.
-
Service
- Chair or Co-chair: CCF ChinaSoft'23优秀博士生论坛
-
Technical Program Committee:
- POPL: ACM Symposium on Principles of Programming Languages (2025) (first PC from ZJU)
- PLDI: ACM SIGPLAN Conference on Programming Language Design and Implementation (2023) (first PC from ZJU)
- OOPSLA: ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Application (2025) (first PC from ZJU)
- ISSTA: ACM SIGSOFT International Symposium on Software Testing and Analysis (2025, 2024)
- CCS: ACM Conference on Computer and Communications Security (2025, 2024)
- IEEE European Symposium on Security and Privacy (EuroS&P'24)
- RAID: International Symposium on Research in Attacks, Intrusions and Defenses (2023)
- SETTA: Symposium on Dependable Software Engineering. Theories, Tools and Applications (2024)
- CCF ChinaSoft (2024, 2023)
-
Journal Reviewer:
- TOPLAS: ACM Transactions on Programming Languages and Systems
- TOSEM: ACM Transactions on Software Engineering and Methodology
- TOPS: ACM Transactions on Privacy and Security
- TKDD: ACM Transactions on Knowledge Discovery from Data
- TR: IEEE Transactions on Reliability
- 电子学报,软件学报,计算机学报
-
Artifact Evaluation Committee:
- PLDI: ACM SIGPLAN Conference on Programming Language Design and Implementation (2024, 2023)
- OOPSLA: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (2024)
- ICSE: International Conference on Software Engineering (2024)
- USENIX Security: USENIX Security Symposium (2023)
- ATC: USENIX Annual Technical Conference (2022)
- OSDI: USENIX Symposium on Operating Systems Design and Implementation (2022)
- Program Committee of other Tracks: EuroSys'25 (Shadow PC), ASE'24 (Industry), SNAER'24 (Demo), OOPSLA'23 (SRC)
- Conference Reviewer/Sub-reviewer/Co-reviewer: ATVA'22, ISSRE'21, ESEC/FSE'19, ISSTA'19, ASE'18, VMCAI'17
Mentoring
- Long-term mentor of SIGPLAN-M
Teaching
- Principles of Compilers (Spring 2024), UG Course, ZJU
- 信息安全前沿技术和研究方法论, 研究生课程 (2023 春夏, 2024 春夏), 形式化方法部分, ZJU
- COMP4632: Practicing CyberSecurity: Attacks and Counter-measures, Teaching Assistant, HKUST
- COMP3021: Java Programming, Teaching Assistant, HKUST
- COMP3511: Operating System, Teaching Assistant, HKUST
Students
-
Current Students:
- Postgraduate Students: Weiqi Wang (Master from 23), Yuan Li (Ph.D. from 23), Hanrui Zuo (Ph.D. from 24), Zinan Gu (Master from 24), Guowei Tian (Master from 24), Hanyun Jiang (Master from 25), ??? (Ph.D. from 25)
- Co-supervised Students ("导师组"成员): Jianhong Zhao
- Final Year Project: Chenhao Gao, Yaoyang Ye, Jiening Siow
- Former Mentees
- Intern (>=3 months): Ruiyu Zhou (UG@CUHK(SZ), 23), Chenya Sun (UG@BUAA, 24)
- Final Year Project: Ruqing Yang, Xutao Zhou, Yitong Li, Xinyue Cai, Haobai Yin, Haowei Cao, Yichi Zhang, Mingming Luo