Highlights

Wei's work on kernel driver bug detection using static analysis has been accepted by Eurosys 25!

Yongchao's work on redundancy reduction of value-flow summaries has been accepted by ICSE 25!

Yuandao received Honorable Mention in 2024 Best PhD Thesis of our department.

Yiyuan's work received ACM SIGSOFT Distinguished Paper Award!

Maryam's work accepted by TSE. Her very first publication!

Ling Hao's work received ASPLOS 2024 Best Paper Award!

Research

My general reseach interest centers around the use of both static and dynamic programm analysis techniques for making complex software systems more secure and reliable.

The 10-million-line static analysis statement: "to achieve all-sensitive precision and sublinear scalability while SIMULTANEOUSLY addressing the CODA requirements : achieve scalability by being continuous both in time, incremental, and in space, accumulative (Continuous); be open for defining customized source-code test cases through APIs or DSLs (Open); respect the fact that source code is largely unavailable(Dark code); understand assembled program dependency (Aassembled) introduced by frameworks and middleware.

Our answer to these challenges is the Clearblue research project, a database-like software analysis platform. Clearblue analyzes software in its binary form with or without debug symbols, with or without sourcecode. It is capable, currently, of generating precise data flow information for Linux kernel, almost 30M lines of code, in 30 mins and materializes it on disk. Investigation tasks such as bug finding can be coded via the Clearblue API, on average, in 30 mins.

Achievements

Charles' research has received many awards and led to successful commercialization:ASPLOS 24 best paper, ICSE 24 distinguished reviewer, distinguished paper in ISSTA 24, OOPSLA 22, ICSE 19, and PLDI 13. ACM SIGSOFT Best PhD Dissertation 2013 (student Jeff Huang), Honorable Mention of Best PhD Dissertation of CSE in 2024 (Yuandao Cai) and 2022 (Peisen Yao), Huawei Distinguished Collaborator both 2022 and 2021 , Ant Group Outstanding Collaboration 2023 , start-up Sourcebrella acquired by Ant Group in 2020.

Recent Papers

1. Wei CHEN, Bowen Zhang, Chengpeng Wang, Wensheng Tang, Charles Zhang Seal: Towards Diverse Specification Inference for Linux Interfaces from Security Patches In Eurosys 2025:the 20th European Conference on Computer Systems, Rotterdam, March 30 - April 3, 2025

2. Yongchao Wang, Yuandao Cai, Charles Zhang Boosting Path-Sensitive Value Flow Analysis via Removal of Redundant Summaries In ICSE 2025: 47th International Conference on Software Engineering Sun 27 April - Sat 3 May 2025 Ottawa, Ontario, Canada

3. Maryam Masoudian, Heqing Huang, Morteza Amini, Charles Zhang Mole: Efficient Crash Reproduction in Android Applications with Enforcing Necessary UI Events In IEEE TSE: IEEE Transactions on Software Engineering. vol. 50, no. 8, pp. 2200-2218, Aug. 2024

4. Chengpeng Wang, Jipeng Zhang, Rongxin Wu, Charles Zhang DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic Optimization In FSE 2024: ACM International Conference on the Foundations of Software Engineering, Mon 15 - Fri 19 July 2024 Porto de Galinhas, Brazil, Brazil

5. Chengfeng Ye , Yuandao Cai, Anshunkang Zhou, Heqing Huang, Hao Ling, Charles Zhang Manta: Hybrid-Sensitive Type Inference Toward Type-Assisted Bug Detection for Stripped Binaries In ASPLOS 2024: ACM Conference on Architectural Support for Programming Languages and Operating Systems, San Diego, USA, April 27- May 1, 2024

6. Bowen Zhang, Wei Chen, Peisen Yao, Chengpeng Wang, Wensheng Tang, Charles Zhang SIRO: Empowering Version Compatibility in Intermediate Representations via Program Synthesis In ASPLOS 2024: ACM Conference on Architectural Support for Programming Languages and Operating Systems, San Diego, USA, April 27- May 1, 2024

7. (ACM SIGSOFT Distinguished Paper Award) Yiyuan Guo, Peisen Yao, and Charles Zhang Precise Compositional Buffer Overflow Detection via Heap Disjointness In ISSTA 2024:The 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, Vienna, Austria, 16-20 Sept, 2024

8. Peisen Yao, Jinguo Zhou, Xiao Xiao, Qingkai Shi, Rongxin Wu, Charles Zhang Efficient Path-Sensitive Data Dependence Analysis for Millions of Lines of Code In PLDI 2024:The 45nd ACM SIGPLAN Conference on Programming Language Design and Implementation, 24-28 June, 2024, Copenhagen, Denmark

9. Chengfeng Ye, Yuandao Cai, Charles Zhang When Threads Meet Interrupts: Effective Static Detection of Interrupt-Based Deadlocks in Linux In USENIX Security 24:the 33nd USENIX Security Symposium, August 14-16, 2024, Philadelphia, PA, USA

10. Anshunkang Zhou, Yikun Hu, Xiangzhe Xu, Charles Zhang ARCTURUS: Full Coverage Binary Similarity Analysis with Reachability-Guided Emulation, In ACM TOSEM:: ACM Transactions on Software Engineering and Methodology, 2024

11. Anshunkang Zhou, Chengfeng Ye, Heqing Huang, Yuandao Cai, Charles Zhang Plankton: Reconciling Binary Code and Debug Information, In ASPLOS 2024: ACM Conference on Architectural Support for Programming Languages and Operating Systems, San Diego, USA, April 27- May 1, 2024

12. (ASPLOS Best Paper Award) Hao Ling, Heqing Huang, Chengpeng Wang, Yuandao Cai, Charles Zhang GIANTSAN: Efficient Memory Sanitization with Segment Folding, In ASPLOS 2024: ACM Conference on Architectural Support for Programming Languages and Operating Systems, San Diego, USA, April 27- May 1, 2024

13. Heqing Huang, Anshunkang Zhou, Mathias Payer, Charles Zhang, Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference, In S&P'24: The 45th IEEE Symposium on Security and Privacy, San Francisco, USA, May 20-23, 2024

14. J. Gong, W. Zhang, C. Zhang and T. Wang, WFDefProxy: Real World Implementation and Evaluation of Website Fingerprinting Defenses In TIFS: IEEE Transactions on Information Forensics and Security, doi: 10.1109/TIFS.2023.3327662.

15. Rongxin Wu, Yuxuan He, Jiafeng Huang, Chengpeng Wang, Wensheng Tang, Qingkai Shi, Xiao Xiao, and Charles Zhang. LibAlchemy: A Two-Layer Persistent Summary Design for Taming Third-Party Libraries in Static Bug-Finding Systems. In ICSE 2024: 46th International Conference on Software Engineering, April 14-20, Lisbon, Portugal.

16. Wensheng Tang, Dejun Dong, Shijie Li, Chengpeng Wang, Peisen Yao, Jinguo Zhou, and Charles Zhang. Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path Conditions. In TOSEM: ACM Transactions on Software Engineering and Methodology, 2023

17. Yuandao Cai, Yibo Jin, Charles Zhang. Unleashing the Power of Type-Based Call Graph Construction by Using Regional Pointer Information, In USENIX Security 24:the 33nd USENIX Security Symposium, August 14-16, 2024, Philadelphia, PA, USA

18. Heqing Huang, Peisen Yao, Hung-Chun Chiu, Yiyuan Guo, Charles Zhang. Titan : Efficient Multi-target Directed Greybox Fuzzing, In S&P'24: The 45th IEEE Symposium on Security and Privacy, San Francisco, USA, May 20-23, 2024

View all publications

I am fortunate to work with the following students:

In progress:

Yongchao Wang, Yiyuan Guo, Maryam Masoudian, Anshunkang Zhou, Hao Ling, Chengfeng Ye, HongChun Chiu, Bowen Zhang, Yibo Jin, Wei Chen, Sixiang Peng, Bangyan DU,Shuhao Fu,Xiang Chen,Chenyang Sun, Qi Zhang, Yuanchen Gao

Alumni with last known employment:

Wensheng Tang, Huawei

Chengpeng Wang, Post Doc, Purdue,

Yuandao Cai, Huawei

Heqing Huang(Post Doc), Post Doc, ETH

Peisen Yao , Assistant Professor, Zhejiang University

Jiajun Gong, Post Doc, NUS

Kexin Ma (M.Phil)

Qingkai Shi (Ph.D), Ant Financial

Gang Fan (Ph.D) , Staff Engineer, SourceBrella Inc., now at Ant Financial

Rongxin Wu (Post-Doc), Associate Professor, Xiamen University

Yepang Liu (Post-Doc), Assistant Professor, SUSTech

Richard Xiao (Ph.D, Post-Doc), SourceBrella Inc. (Founder, CEO), now at Ant Financial

Jinguo(Andy) Zhou (Post-Doc), SourceBrella Inc. (Co-Founder), now at Ant Financial

Qirun Zhang (Post Doc) Assistant Professor, Georgia Tech

Peng Liu (Ph.D), Researcher, IBM T.J.Watson Research Lab

Jeff Huang (Ph.D), Assitant Professor, Texas A&M University

Lingjie Huang (M.Phil)

Yushan Zhang (M.Phil), Software Engineer, Tencent

Bin Xu (M.Phil) Software Engineer, Facebook

Fan Yu(M.Phil), Software Engineer, Pinduoduo.

COMP3511: Operating Systems (Fall 2020)
COMP4111: Software Engineering Practices(Spring 2020, Spring 2019, Spring 2018, Spring 2016)
COMP3021: Java Programming (Spring 2024, 2023, 2022, Spring 2020, Fall 2015, Spring 2014; Spring, 2013; Spring 2012)
COMP5111: Fundamentals of Software Analysis (Spring 2014; Spring, 2013; Spring 2011; Fall, 2009; Fall, 2008)
COMP3111: Introduction to Software Engineerings (Fall 2019,Fall, 2014;Fall, 2011;Fall, 2010; Spring, 2010,Spring 2009)
COMP610: Topics in Engineering Enterprise Middleware Platforms. (Spring, 2009)

Professional Activities

1. Editorial Services

   IEEE TSE: Associate Editor, 2015-2018

2. Program Committee Services

   ASE:2022(TPC), 2018 (TPC),   2016(Demo),    2013 (TPC)
   ECOOP:    2016(ERC)
   FSE: 2022 (Industrial track), 2019 (TPC),    2014 (TPC, DS, SRC)     2012 (TPC, NIER)
   ICSE: 2024 TPC,   2014 (TPC)     2012 (Demo, SRC)     2009 (Demo)
   ISSTA: 2023 TPC,    2014 (TPC)     2012 (TPC)
   OOPSLA:     2015 (TPC)    2014 (ERC)     2012 (ERC)     2011 (TPC)
   VMCAI:    2018(PC)
   

3. Chairs

   ISSTA:    2019 (Doctoral Symposium Co-Chair)
   ICSE:    2017 (SRC Co-Chair)
   ICSE:    2016 (Proceedings Chair)
   PLDI:    2012 (Pacific Publicity Chair)
   AOSD:    2013 (Demo Chair)
   APSEC:   2012 (Postgraduate Symposium Chair)
   InternetWare: 2014 (Co-Chair)

4. Keynotes and inviated talks

   Invited Talk:, Finding good research problems, ICSE 2022 New Faculty Symposium, May 16, Pittsburgh, USA
   Keynote: Enterprise-Scale Static Analysis, The Second International Conference on Code Quality Sat 23 Apr 2022 Innopolis, Kazan, Russia
   Keynote: Enterprise-Scale Static Analysis: A Pinpoint Experience, Symposium on Dependable Software Engineering Theories, Tools and Applications, Beijing, China, Nov. 25-27, 2021
   Invited Talk:Enterprise-Scale Static Analysis: A Pinpoint Experience, Splash Rebase 2020:,Sun 15 - Sat 21 November 2020, online
   Invited Talk: Balancing teaching, service and research, ICSE 2020 New Faculty Symposium, July 14, 2020, online
   Keynote: Stop the bleeding from the heart, IEEE SCAM 2017: Source Code Analysis and Manipulation Working Conference, September 17-18, 2017, Shanghai, China

Group Activities

1. Group hiking of HKUST hills pic1 pic2 pic3 pic4 pic5
2. Group Photos at HKUST or anywhere else pic1
3. Santa Fe, New Mexico, USA (FSE 2010) pic1 pic2 pic3 pic4 pic5
4. Honolulu, Hawaii, USA (ICSE 2011) pic1 pic2 pic3 pic4 pic5 pic6 pic7 pic8
5. Toronto, Ontario, Canada (ISSTA 2011) pic1 pic2 pic3 pic4 pic5 pic6 pic7
6. Venice, Italy, (SAS 2011) pic1 pic2 pic3 pic4 pic5

Bio

Charles Zhang is a professor and the director of the Cybersecurity Lab in the Department of Computer Science and Engineering, the Hong Kong University of Science and Technology (HKUST). He likes using program analysis techniques to improve software reliability. He was an associate editor of IEEE TSE and served on many organizational and technical committees of leading international conferences. His research awards include the distinguished paper awards of PLDI, OOPSLA, and ICSE, as well as the ACM SIGSOFT Doctoral Dissertation Award. His notable industrial impact includes the commercialization of research through Sourcebrella, acquired by the Ant Group, the research collaboration award from Ant Group, and the first to win twice the Huawei distinguished collaborator award. He worked as a software engineer in Motorola Inc, an expert advisor to Huawei, and an expert security panelist of the Hong Kong Monetary Authority. His research is supported by Research Grant Council, Innovation and Technology Fund, and grants from Huawei, Ant, Tencent, TCL, Microsoft, and IBM. Charles obtained his Ph.D, M.Sc, and B.Sc. with honours, all from University of Toronto.