XIAO
profile photo

Xiao Cheng

Xiao Cheng is a lecturer (~U.S.Assistant Professor) at School of Computing, Faculty of Science and Engineering, Macquarie University. His research lies at the intersection of Programming Languages (PL) and Software Engineering (SE), focusing on enhancing the security and reliability of modern software systems through program analysis and verification techniques, including abstract interpretation, typestate analysis, IFDS, sparse value-flow analysis and fuzz testing. He is also exploring the integration of artificial intelligence, such as graph neural networks, language models and uncertainty quantification, with classical PL/SE tasks to further enhance these domains.

His papers have been published in top-tier conferences and journals in the field of software engineering (TOSEM, FSE, ICSE, ISSTA), programming languages (OOPSLA) and security (TDSC), and awarded ACM SIGSOFT Distinguished Paper Award for FSE 2024 and ACM SIGPLAN Distinguished Paper Award for OOPSLA 2020. He is one of the major contributors of the SVF project and the author of the DeepWukong project. He is serving or has served as TPC member for ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, FSE 2025 (SRC), ISSRE 2024 (DS track), and artifact evaluation committee members for ICSE 2025, ISSTA 2024/2023, SAS 2023 and FormaliSE 2025/2024/2023.

CV  /  Google Scholar  /  CMS Profile  /  Github  /  ORCID  /  Twitter

News

  • news 09/2025, I’m serving on the program committee for ISSTA 2026. Please consider submitting your work!
  • news 07/2025, I’m serving on the program committee for FSE 2026. Please consider submitting your work!
  • news 04/2025, Our work on recursion dissection in abstract interpretation accepted at ECOOP 2025. Congrats to Jiawei Yang!
  • news 06/2024, We're honored to receive the Distinguished Paper Award at FSE. Thanks to the community for recognizing our work!
  • news 01/2024, Our work on quantum speedups on dynamic transitive closure-based static analysis accepted at TOSEM.
  • news 01/2024, Our work on path-sensitive typestate analysis accepted at FSE 2024.
  • news 12/2023, Our work on cross-domain abstract execution accepted at ICSE 2024.

    • Publications

    (# Equal contribution,  * Corresponding author)

    Preprints

    Selected Publications

    Full List

    (expand to view)

    Published Papers

    • [C9] Taming and Dissecting Recursions through Interprocedural Weak Topological Ordering CORE-A CCF-B
      Jiawei Yang#, Xiao Cheng#, Bor-Yuh Evan Chang, Xiapu Luo, Yulei Sui.
      2025 European Conference on Object-Oriented Programming (ECOOP '25) PDF Slides BIB
    • [C8] Mitigating Emergent Malware Label Noise in DNN-Based Android Malware Detection CORE-A* CCF-A
      Haodong Li#, Xiao Cheng#, Guohan Zhang*, Guosheng Xu, Guoai Xu and Haoyu Wang*.
      FSE 2025 (acceptance rate: 70/612=11.44%) PDF Slides BIB
    • [C7] Understanding Model Weaknesses: A Path to Strengthening DNN-Based Android Malware Detection CORE-A* CCF-A
      Haodong Li, Xiao Cheng*, Yanjie Zhao, Guosheng Xu, Guoai Xu and Haoyu Wang*.
      ISSTA 2025 (acceptance rate: 23/553=4.16%) PDF Slides BIB
    • [J3] Dynamic Transitive Closure-Based Static Analysis through the Lens of Quantum Search CORE-A* CCF-A
      Jiawei Ren, Yulei Sui, Xiao Cheng, Yuan Feng and Jianjun Zhao
      ACM Transactions on Software Engineering and Methodology (TOSEM) PDF BIB
    • [C6] Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point Slicing CORE-A* CCF-A ACM SIGSOFT Distinguished Paper AWARD
      Xiao Cheng, Jiawei Ren, Yulei Sui
      32nd ACM International Conference on the Foundations of Software Engineering (FSE '24) PDF Slides BIB
    • [C5] Precise Sparse Abstract Execution via Cross-Domain Interaction CORE-A* CCF-A
      Xiao Cheng, Jiawei Wang, Yulei Sui
      46th International Conference on Software Engineering (ICSE '24) PDF Slides BIB
    • [C4] Vulnerability Detection via Typestate-Guided Code Representation Learning CCF-C
      Xiao Cheng
      International Conference on Formal Engineering Methods (ICFEM '23) PDF BIB
    • [J2] How About Bug-Triggering Paths? - Understanding and Characterizing Learning-Based Vulnerability Detectors CORE-A* CCF-A
      Xiao Cheng, Xu Nie, Ningke Li, Haoyu Wang, Zheng Zheng, Yulei Sui
      IEEE Transactions on Dependable and Secure Computing (TDSC) PDF BIB
    • [C3] Path-Sensitive Code Embedding via Contrastive Learning for Software Vulnerability Detection CORE-A* CCF-A
      Xiao Cheng, Guanqin Zhang, Haoyu Wang and Yulei Sui
      The 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '22) PDF Slides BIB
    • [J1] DeepWukong: Statically Detecting Software Vulnerabilities using Deep Graph Neural Network CORE-A* CCF-A
      Xiao Cheng, Haoyu Wang*, Jiayi Hua, Guoai Xu* and Yulei Sui
      ACM Transactions on Software Engineering and Methodology (TOSEM) PDF BIB
    • [C2] Flow2Vec: Value-Flow-Based Precise Code Embedding CORE-A* CCF-A ACM SIGPLAN Distinguished Paper AWARD
      Yulei Sui, Xiao Cheng, Guanqin Zhang and Haoyu Wang
      Proceedings of ACM OOPSLA 2020 PDF BIB
    • [C1] Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding CORE-A CCF-C
      Xiao Cheng, Haoyu Wang*, Jiayi Hua, Miao Zhang, Guoai Xu, Li Yi* and Yulei Sui
      The 24th International Conference on Engineering of Complex Computer Systems (ICECCS 2019) PDF BIB

    Services

  • Webchair of LCTES 2024.
  • TPC member of ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, APSEC 2025 (SEIP), LMPL 2025, FSE 2025 (SRC), ISSRE 2024 (DS track).
  • Artifact Evaluation Committee of ICSE 2025, ISSTA 2024/2023, SAS 2023, FormaliSE 2025/2024/2023.
  • Reviewer of SAS 2025, TOSEM, TSE, TDSC, TACO, ASEJ.

    • Teaching Experience

  • Developer and mantainer, Software-Security-Analysis, an online open courses for learning software security analysis via SVF.
  • Tutor, 41181 Information Security and Management, UTS, 2024.
  • Tutor, 41128 Software Analysis Studio, UTS, 2021-2024.
  • Course admin, COMP6131 Software Security Analysis, UNSW, 2024
  • Tutor, Software Analysis, SSTC Software Engineering Studio, NEUQ, 2021-2024.
  • Tutor and lab demonstrator, 41184 Secure Programming and Penetration Testing, UTS, 2024

    • Tools

  • Developer and mantainer, SVF (authored by Yulei Sui), a source code analysis framework that enables interprocedural dependence analysis for LLVM-based languages.
  • Creator, DeepWukong, a graph neural network based software vulnerability detector.

    • Education

  • 2021-2024, Ph.D. in Computer Science and Engineering, University of New South Wales (UNSW).
  • 2014-2021, B.Eng and M.Res in Engineering, Beijing University of Posts and Telecommunications (BUPT).

    • Awards

  • 2025, Amazon Research Award (ARA), "Path-Sensitive Typestate Analysis through Sparse Abstract Execution", Key Participant.
  • 2025, The Norman Foo Memorial Best Research Paper Prize
  • 2024, ACM SIGSOFT Distinguished Paper Award (FSE).
  • 2024, ACM SIGSOFT CAPS Travel Grant
  • 2024, Development and Research Training Grant (DRTG), UNSW.
  • 2023, Google ASPIRE Award, "Cross-Component Cross-Language Static Value-Flow Analysis for Android Ecosystem", Key Participant.
  • 2022, Apple Scholars in AI/ML PhD fellowship nomination.
  • 2020, ACM SIGPLAN Distinguished Paper Award (OOPSLA).

    • Misc

  • Tips on writing a research paper, Doing Research in Software Analysis Lessons and Tips.
  • Abstract Interpretation, Static Program Analysis, and more
  • LLVM, Z3, SVF, Tai-e, Qilin, IKOS, Crab, POCR.
  • Overleaf Tutorials, SimpleTex, Markdown Guide, Docker.
  • CPP/C, LLVM IR.
    • Welcome to use this website's source code, just add a link back to here. .