Charles Zhang

Associate Professor, Director of Cybersecurity Laboratory
Department of Computer Science and Engineering (direction)
The Hongkong University of Science and Technology
Room 3516 (lift 25/26) Tel: (852)23586997 Fax: (852)23581477

If you like programming and care about writing more secure programs, send me emails for Post-Doc, PhD, and RA positions.


I am currently involved with the following:

ASE 22

   

FSE 22 Industrial

   
[ Publications | Students | Teaching | Professional Activities | Bio | Fun]


Highlights

  • Congrats to Peisen who is now Dr. Yao!
  • Congrats to Heqing who is now Dr. Huang!
  • Congrats to Jiajun on his Oakland 22 acceptance!
  • Congrats to Chengpeng on his OOPSLA 22 paper on container usage synthesis. Joint work with Ant Group
  • Congrats to Yiyuan on his ICSE 22 paper. Joint work with Ant Group
  • Received Huawei distinguished collaborator award on deploying Pangolin (Oakland 20)!
  • Congrats to Heqing on his directed fuzzing work accepted by Oakland 22! Two PLDI and OOPSLA papers accepted, still about static analysis.
  • Sourcebrella acquired after a four-year and incredible journey of commercializing Pinpoint!
  • Research
    My general reseach interest centers around the use of both static and dynamic programm analysis techniques for making complex software systems more secure and reliable.

    The 10-million-lines static analysis statement: "to achieve all-sensitive precision and sublinear scalability while SIMULTANEOUSLY addressing the CODA requirements : achieve scalability by being continuous both in time, incremental, and in space, accumulative (Continuous); be open for defining customized source-code test cases through APIs or DSLs (Open); respect the fact that source code is largely unavailable(Dark code); understand assembled program dependency (Aassembled) introduced by frameworks and middleware.

    Recent Papers

    1. Jiajun Gong, Wuqi Zhang, Charles Zhang, and Tao Wang. Surakav: Generating Realistic Traces for a Strong Website Fingerprinting Defense, In S&P'22: The 43rd IEEE Symposium on Security and Privacy, San Francisco, USA, May 23-26, 2022

    2. Chengpeng Wang, Peisen Yao, Wensheng Tang, Qingkai Shi, and Charles Zhang, Complexity-Guided Container Replacement Synthesis, In OOPSLA 2022 : The ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages and Applications, Nov, 2022

    3. Yiyuan Guo, Jinguo Zhou, Peisen Yao, Qingkai Shi, Charles Zhang. Precise Divide-By-Zero Detection with Affirmative Evidence In ICSE 2022: 44th International Conference on Software Engineering, Pittsburgh, USA, May 21-29, 2022

    4. Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, Charles Zhang Beacon: Directed Grey-Box Fuzzing with Provable Path Pruning In S&P'22: The 43rd IEEE Symposium on Security and Privacy, San Francisco, USA, May 23-26, 2022

    5. Wensheng Tang, Yikun Hu, Gang Fan, Peisen Yao, Rongxin Wu, Guangyuan Bai, Pengcheng Wang, and Charles Zhang. Transcode: Detecting Status Code Translation Errors in Large-Scale Systems. In ASE'21: The 2021 IEEE/ACM Automated Software Engineering Conference

    6. Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang. Program Analysis via Efficient Symbolic Abstraction In OOPSLA'21: The 36th ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications.

    7. Peisen Yao, Heqing Huang, Tang Wensheng, Qingkai Shi, Rongxin Wu, Charles Zhang Skeletal Approximation Enumeration for SMT Solver Testing In FSE 2021:29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Aug 23-27, 2021

    8. Yuandao Cai, Peisen Yao, and Charles Zhang. Canary: Practical Static Detection of Inter-Thread Value-Flow Bugs. In PLDI 2021: The 42nd ACM SIGPLAN Conference on Programming Language Design and Implementation, June 20-25, Virtual, UK, https://doi.org/10.1145/3453483.3454099. (draft)

    9. Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang. Path-Sensitive Sparse Analysis without Path Conditions. In PLDI 2021: The 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation , June 20-25, 2021, Virtual, https://doi.org/10.1145/3453483.3454086(draft)

    10. Peisen Yao, Heqing Huang, Tang Wensheng, Qingkai Shi, Rongxin Wu, Charles Zhang Fuzzing SMT Solvers via Two-Dimensional Input Space Exploration In ISSTA 2021:The 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 11-17 July, 2021

    11. Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang Fast Bit-Vector Satisfiability In ISSTA 2020: The 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, 18-22 July, 2020

    12. Gang Fan, Chengpeng Wang, Rongxin Wu, Qingkai Shi, Charles Zhang Escaping Dependency Hell: Finding Build Dependency Errors with the Unified Dependency Graph In ISSTA 2020:The 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, 18-22 July, 2020

    13. Heqing Huang, Peisen Yao, Rongxin Wu, Charles Zhang Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction In IEEE S&P 2020:: Proceedings of the 41st IEEE Symposium on Security and Privacy, San Francisco, USA, May, 2020.

    14. Qingkai Shi, Charles Zhang, Pipelining Bottom-up Data Flow Analysis, In ICSE 2020: The 42nd ACM/IEEE International Conference on Software Engineering, Seoul, Korea, May, 2020

    15. Qingkai Shi, Rongxin Wu, Gang Fan, Charles Zhang, Conquering the Extensional Scalability Problem for Value-Flow Analysis Frameworks In ICSE 2020:The 42nd ACM/IEEE International Conference on Software Engineering, Seoul, Korea, May, 2020

    16. (ICSE Distinguished Paper) Gang Fan, Rongxin Wu, Qingkai Shi, Xiao Xiao, Jinguo Zhou, Charles Zhang SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code In ICSE 2019: The 41st International Conference on Software Engineering, Montreal, Canada, May, 2019.

    17. Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Fan Gang and Charles Zhang Pinpoint: Fast and Precise Sparse Value Flow Analysis for Million Lines of Code. In PLDI 2018: the 39th annual ACM SIGPLAN conference on Programming Language Design and Implementation. Philadelphia, USA, June, 2018

    View all publications

    Students

    I am fortunate to work with the following students:

    In progress:

    Heqing Huang(Post Doc), Wensheng Tang, Yongchao Wang, Yiyuan Guo, Chengpeng Wang, Yuandao Cai, Maryam Masoudian, Anshunkang Zhou, Hao Ling, Chengfeng Ye, HongChun Chiu, Bowen Zhang, Jiajun Gong, Kexin Ma (M.Phil), Wei Chen (RA), Sixiang Peng(RA)
    Alumni with last known employment:
  • Peisen Yao
  • Qingkai Shi (Ph.D), Ant Financial
  • Gang Fan (Ph.D) , Staff Engineer, SourceBrella Inc., now at Ant Financial
  • Rongxin Wu (Post-Doc), Associate Professor, Xiamen University
  • Yepang Liu (Post-Doc), Assistant Professor, SUSTech
  • Richard Xiao (Ph.D, Post-Doc), SourceBrella Inc. (Founder, CEO), now at Ant Financial
  • Jinguo(Andy) Zhou (Post-Doc), SourceBrella Inc. (Co-Founder), now at Ant Financial
  • Qirun Zhang (Post Doc) Assistant Professor, Georgia Tech
  • Peng Liu (Ph.D), Researcher, IBM T.J.Watson Research Lab
  • Jeff Huang (Ph.D), Assitant Professor, Texas A&M University
  • Lingjie Huang (M.Phil)
  • Yushan Zhang (M.Phil), Software Engineer, Tencent
  • Bin Xu (M.Phil) Software Engineer, Facebook
  • Fan Yu(M.Phil), Software Engineer, Pinduoduo.
  • Teaching

    COMP3511: Operating Systems (Fall 2020)
    COMP4111: Software Engineering Practices(Spring 2019, Spring 2018)
    COMP3021: Java Programming (Spring 2022, Spring 2020, Fall 2015, Spring 2014; Spring, 2013; Spring 2012)
    COMP5111: Fundamentals of Software Analysis (Spring 2014; Spring, 2013; Spring 2011; Fall, 2009; Fall, 2008)
    COMP3111: Introduction to Software Engineerings (Fall 2019,Fall, 2014;Fall, 2011;Fall, 2010; Spring, 2010,Spring 2009)
    COMP610: Topics in Engineering Enterprise Middleware Platforms. (Spring, 2009)

    Professional Activities

    1. Editorial Services

      IEEE TSE: Associate Editor, 2015-2018

    2. Program Committee Services

      ASE:2022(TPC), 2018 (TPC),   2016(Demo),    2013 (TPC)
      ECOOP:    2016(ERC)
      FSE: 2022 (Industrial track), 2019 (TPC),    2014 (TPC, DS, SRC)     2012 (TPC, NIER)
      ICSE:   2014 (TPC)     2012 (Demo, SRC)     2009 (Demo)
      ISSTA:    2014 (TPC)     2012 (TPC)
      OOPSLA:     2015 (TPC)    2014 (ERC)     2012 (ERC)     2011 (TPC)
      VMCAI:    2018(PC)

    3. Chairs

      ISSTA:    2019 (Doctoral Symposium Co-Chair)
      ICSE:    2017 (SRC Co-Chair)
      ICSE:    2016 (Proceedings Chair)
      PLDI:    2012 (Pacific Publicity Chair)
      AOSD:    2013 (Demo Chair)
      APSEC:   2012 (Postgraduate Symposium Chair)
      InternetWare: 2014 (Co-Chair)

    4. Inviated Talks

      SETTA 2021 Keynote: Enterprise-Scale Static Analysis: A Pinpoint Experience
      Splash Rebase 2020: Enterprise-Scale Static Analysis: A Pinpoint Experience
      ICSE 2020 New Faculty Symposium: Balancing teaching, service and research
      IEEE SCAM 2017 Keynote: Stop the bleeding from the heart

    Group Activities

    1. Group hiking of HKUST hills pic1 pic2 pic3 pic4 pic5
    2. Group Photos at HKUST or anywhere else pic1
    3. Santa Fe, New Mexico, USA (FSE 2010) pic1 pic2 pic3 pic4 pic5
    4. Honolulu, Hawaii, USA (ICSE 2011) pic1 pic2 pic3 pic4 pic5 pic6 pic7 pic8
    5. Toronto, Ontario, Canada (ISSTA 2011) pic1 pic2 pic3 pic4 pic5 pic6 pic7
    6. Venice, Italy, (SAS 2011) pic1 pic2 pic3 pic4 pic5

    Bio

    Charles Zhang is an Associate Professor and the director of the Cybersecurity Lab in the Department of Computer Science and Engineering, HKUST. His major research interest is the use of program analysis techniques to improve software reliability. He has published extensively at premium conferences and journals of programming languages and software engineering. He has served as an associate editor of IEEE TSE, in addition to numerous organizational and technical committees of international conferences. His research received many awards including the ICSE distinguished paper award, the PLDI distinguished paper award, the ACM SIGSOFT Doctoral Dissertation Award, and IBM PhD fellowships. Dr. Zhang has also assumed numerous industrial roles, most noteworthy the software engineer at Motorola Inc, expert advisor to Huawei Inc, and expert security panelist of the Hong Kong Monetary Authority. He successfully co-founded and served as the chairman of Sourcebrella Inc, a static analysis tool vendor. His research is supported by Research Grant Council, Innovation and Technology Fund, and grants from Huawei, TCL, Microsoft and IBM. Charles obtained his Ph.D, M.Sc, and B.Sc. with honours, all from University of Toronto.