\n \n \n
\n
\n\n \n \n \n \n \n \n How are Multilingual Systems Constructed: Characterizing Language Use and Selection in Open-Source Multilingual Software.\n \n \n \n \n\n\n \n Wen Li, Austin Marino, Haoran Yang, Na Meng, Li LI, & Haipeng Cai.\n\n\n \n\n\n\n
ACM Transactions on Software Engineering and Methodology (TOSEM),45. 2023.\n
(impact factor: 4.267; journal-first paper)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n project\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 21 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n\n\n\n
\n
@article{wen23tosem,\r\n\tauthor = \t {Wen Li and Austin Marino and Haoran Yang and Na Meng and Li LI and Haipeng Cai},\r\n\ttitle = \t {How are Multilingual Systems Constructed: Characterizing Language Use and Selection in Open-Source Multilingual Software},\r\n\tyear = \t {2023},\r\n\turl_pdf = {http://chapering.github.io/pubs/tosem23wen.pdf},\r\n\turl_project = {https://bitbucket.org/wsucailab/multilangstudy/},\r\n\tjournal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},\r\n\tKeywords = {empirical study, multi-language software},\r\n\tpages = {45},\r\n\tnote = {(impact factor: 4.267; journal-first paper)}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n Do Pre-trained Language Models Indeed Understand Software Engineering Tasks?.\n \n \n \n \n\n\n \n Yao Li, Tao Zhang, Xiapu Luo, Haipeng Cai, Sen Fang, & Dawei Yuan.\n\n\n \n\n\n\n
IEEE Transactions on Software Engineering (TSE), 49(10): 4639–4655. 2023.\n
(impact factor: 7.4; journal-first paper)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n arxiv\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 11 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@article{yao23tse,\r\n\tauthor = \t {Yao Li and Tao Zhang and Xiapu Luo and Haipeng Cai and Sen Fang and Dawei Yuan},\r\n\ttitle = \t {Do Pre-trained Language Models Indeed Understand Software Engineering Tasks?},\r\n\tjournal = {IEEE Transactions on Software Engineering (TSE)},\r\n\tdoi={10.1109/TSE.2023.3308952},\r\n\tvolume = {49},\r\n\tnumber = {10},\r\n\tpages = {4639--4655},\r\n\tyear = \t {2023},\r\n\turl_pdf = {http://chapering.github.io/pubs/tse23yao.pdf},\r\n\turl_arxiv = {https://arxiv.org/abs/2211.10623},\r\n\tKeywords = {Overinterpretation, deep learning, pre-trained language model},\r\n\tnote = {(impact factor: 7.4; journal-first paper)}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing.\n \n \n \n \n\n\n \n Wen Li, Haoran Yang, Xiapu Luo, Long Cheng, & Haipeng Cai.\n\n\n \n\n\n\n In
ACM Conference on Computer and Communications Security (CCS), pages 1645–-1659, 2023. \n
(artifact evaluated; badges: Available, Functional, Reproduced)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n project\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 83 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@InProceedings{wen23ccs,\r\n title={{PyRTFuzz}: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing},\r\n author={Wen Li and Haoran Yang and Xiapu Luo and Long Cheng and Haipeng Cai},\r\n booktitle={ACM Conference on Computer and Communications Security (CCS)},\r\n url_pdf = {http://chapering.github.io/pubs/ccs23wen.pdf},\r\n url_project = {https://bitbucket.org/wsucailab/pyrtfuzz},\r\n year={2023},\r\n doi={10.1145/3576915.3623166},\r\n note = {(artifact evaluated; badges: Available, Functional, Reproduced)},\r\n Keywords = {Software security, systems security, language runtime, compiler testing},\r\n pages = {1645–-1659}\r\n}\r\n\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase.\n \n \n \n \n\n\n \n Song Liao, Long Cheng, Haipeng Cai, Linke Guo, & Hongxin Hu.\n\n\n \n\n\n\n In
ACM Conference on Computer and Communications Security (CCS), pages 2321–-2335, 2023. \n
(artifact evaluated; badges: Available, Functional)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n arxiv\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 32 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@InProceedings{song23ccs,\r\n title={{SkillScanner}: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development Phase},\r\n author={Song Liao and Long Cheng and Haipeng Cai and Linke Guo and Hongxin Hu},\r\n booktitle={ACM Conference on Computer and Communications Security (CCS)},\r\n url_pdf = {http://chapering.github.io/pubs/ccs23song.pdf},\r\n url_arxiv = {https://arxiv.org/abs/2309.05867},\r\n year={2023},\r\n doi={10.1145/3576915.3616650},\r\n note = {(artifact evaluated; badges: Available, Functional)},\r\n Keywords = {Voice application, software security, static analysis},\r\n pages = {2321–-2335}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n Automatically Detecting Incompatible Android APIs.\n \n \n \n \n\n\n \n Pei Liu, Yanjie Zhao, Mattia Fazzini, Haipeng Cai, John Grundy, & Li LI.\n\n\n \n\n\n\n
ACM Transactions on Software Engineering and Methodology (TOSEM),1–33. 2023.\n
(impact factor: 4.267)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 30 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@article{pei23tosem,\r\n\tauthor = \t {Pei Liu and Yanjie Zhao and Mattia Fazzini and Haipeng Cai and John Grundy and Li LI},\r\n\ttitle = \t {Automatically Detecting Incompatible Android APIs},\r\n\turl_pdf = {http://chapering.github.io/pubs/tosem23pei.pdf},\r\n\tjournal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},\r\n\tKeywords = {Android, mobile software engineering, compatibility},\r\n\tissn = {1049-331X},\r\n\tdoi = {10.1145/3624737},\r\n\tyear = \t {2023},\r\n\tpages = {1--33},\r\n\tnote = {(impact factor: 4.267)}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n VulGen: Realistic Vulnerable Sample Generation via Pattern Mining and Deep Learning.\n \n \n \n \n\n\n \n Yu Nong, Yuzhe Ou, Michael Pradel, Feng Chen, & Haipeng Cai.\n\n\n \n\n\n\n In
IEEE/ACM International Conference on Software Engineering (ICSE), pages 2527–2539, 2023. \n
(artifact evaluated; badges: Available, Functional, Reusable)\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n project\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 85 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@InProceedings{nong23icse,\r\n\ttitle={{VulGen}: Realistic Vulnerable Sample Generation via Pattern Mining and Deep Learning},\r\n\tauthor={Yu Nong and Yuzhe Ou and Michael Pradel and Feng Chen and Haipeng Cai},\r\n\tbooktitle={IEEE/ACM International Conference on Software Engineering (ICSE)},\r\n\tKeywords = {program generation, vulnerability analysis, software security},\r\n\turl_pdf = {http://chapering.github.io/pubs/icse23yu.pdf},\r\n\turl_project = {https://figshare.com/s/faf2c8a24410b34b7e70},\r\n\tnote = {(artifact evaluated; badges: Available, Functional, Reusable)},\r\n\tdoi={10.1109/ICSE48619.2023.00211},\r\n\tpages = {2527--2539},\r\n\tyear={2023}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems.\n \n \n \n \n\n\n \n Wen Li, Jinyang Ruan, Guangbei Yi, Long Cheng, Xiapu Luo, & Haipeng Cai.\n\n\n \n\n\n\n In
32nd USENIX Security Symposium (USENIX Security 23), pages 1379–1396, Anaheim, CA, August 2023. USENIX Association\n
(artifact evaluated; badges: Available)\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n project\n \n \n \n pdf\n \n \n \n cves\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 86 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{wen23usenixsecurity,\r\n\tauthor = {Wen Li and Jinyang Ruan and Guangbei Yi and Long Cheng and Xiapu Luo and Haipeng Cai},\r\n\ttitle = {{PolyFuzz}: Holistic Greybox Fuzzing of {Multi-Language} Systems},\r\n\tbooktitle = {32nd USENIX Security Symposium (USENIX Security 23)},\r\n\tisbn = {978-1-939133-37-3},\r\n\taddress = {Anaheim, CA},\r\n\tpages = {1379--1396},\r\n\turl = {https://www.usenix.org/conference/usenixsecurity23/presentation/li-wen},\r\n\tpublisher = {USENIX Association},\r\n\tmonth = aug,\r\n\tKeywords = {cross-language program analysis, multi-language software, software security},\r\n\turl_project = {https://bitbucket.org/wsucailab/polyfuzz/},\r\n\turl_pdf = {http://chapering.github.io/pubs/sec23.pdf},\r\n\turl_CVEs = {https://bitbucket.org/wsucailab/polyfuzz/src/main/Vulnerability/NewVulnerabilities.pdf},\r\n\tyear={2023},\r\n\tnote = {(artifact evaluated; badges: Available)}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n Generating Vulnerable Code via Learning-Based Program Transformations.\n \n \n \n \n\n\n \n Haipeng Cai, Yu Nong, Yuzhe Ou, & Feng Chen.\n\n\n \n\n\n\n In Cliff Wang, S.S. Iyengar, & Kun Sun., editor(s),
AI Embedded Assurance for Cyber Systems, pages 123–138. Springer International Publishing, Cham, 2023.\n
\n\n
\n\n
\n\n
\n\n \n \n Paper\n \n \n \n pdf\n \n \n \n project\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n \n \n 6 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@incollection{cai23chapter,\r\n\tauthor="Cai, Haipeng and Nong, Yu and Ou, Yuzhe and Chen, Feng",\r\n\teditor="Wang, Cliff and Iyengar, S.S. and Sun, Kun",\r\n\ttitle="Generating Vulnerable Code via Learning-Based Program Transformations",\r\n\tbookTitle="AI Embedded Assurance for Cyber Systems",\r\n\tyear="2023",\r\n\tpublisher="Springer International Publishing",\r\n\taddress="Cham",\r\n\tpages="123--138",\r\n\tabstract="Software vulnerabilities are a major source of cybersecurity threats. Therefore, it is of paramount importance to defend against (e.g., detect and repair) them. Data-driven approaches, especially those based on machine/deep learning (ML/DL), have demonstrated a great potential to that end. To achieve practical efficacy, these approaches rely on a large number of training samples. However, currently such samples, especially those that are known as vulnerable, are not richly available, immediately impeding ML/DL applications for software vulnerability analysis. Moreover, these samples would also meet the critical need for making scientific progress in software assurance through objective benchmarking of existing techniques and tools.",\r\n\tisbn="978-3-031-42637-7",\r\n\tdoi="10.1007/978-3-031-42637-7_7",\r\n\turl="https://doi.org/10.1007/978-3-031-42637-7_7",\r\n\tKeywords = {program generation, vulnerability analysis, software security},\r\n\turl_pdf = {http://chapering.github.io/pubs/chapter23cai.pdf},\r\n\turl_project = {https://figshare.com/s/faf2c8a24410b34b7e70},\r\n}\r\n\r\n
\n
\n\n\n
\n Software vulnerabilities are a major source of cybersecurity threats. Therefore, it is of paramount importance to defend against (e.g., detect and repair) them. Data-driven approaches, especially those based on machine/deep learning (ML/DL), have demonstrated a great potential to that end. To achieve practical efficacy, these approaches rely on a large number of training samples. However, currently such samples, especially those that are known as vulnerable, are not richly available, immediately impeding ML/DL applications for software vulnerability analysis. Moreover, these samples would also meet the critical need for making scientific progress in software assurance through objective benchmarking of existing techniques and tools.\n
\n\n\n
\n\n\n
\n
\n\n \n \n \n \n \n \n A Control-Theoretic Approach to Auto-Tuning Dynamic Analysis for Distributed Services.\n \n \n \n \n\n\n \n Chandan Dhal, Xiaoqin Fu, & Haipeng Cai.\n\n\n \n\n\n\n In
IEEE/ACM International Conference on Software Engineering (ICSE), Poster (invited), pages 330-331, 2023. \n
\n\n
\n\n
\n\n
\n\n \n \n pdf\n \n \n \n project\n \n \n\n \n \n doi\n \n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 12 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n\n\n\n
\n
@inproceedings{chandan23icseposter,\r\n author = \t {Chandan Dhal and Xiaoqin Fu and Haipeng Cai},\r\n title = \t {A Control-Theoretic Approach to Auto-Tuning Dynamic Analysis for Distributed Services},\r\n booktitle = {IEEE/ACM International Conference on Software Engineering (ICSE), Poster (invited)},\r\n year = \t {2023},\r\n pages = {330-331},\r\n doi={10.1109/ICSE-Companion58688.2023.00092},\r\n url_pdf = {http://chapering.github.io/pubs/icse23-poster.pdf},\r\n url_project={https://bitbucket.org/wsucailab/distodd},\r\n Keywords = {distributed systems, dynamic analysis, self-adaptive program analysis}\r\n}\r\n\r\n
\n
\n\n\n\n
\n\n\n\n\n\n