Xiao Cheng

Xiao Cheng is a lecturer (~U.S.Assistant Professor) at School of Computing, Faculty of Science and Engineering, Macquarie University. His research lies at the intersection of Programming Languages (PL) and Software Engineering (SE), focusing on enhancing the security and reliability of modern software systems through program analysis and verification techniques, including abstract interpretation, typestate analysis, IFDS, sparse value-flow analysis and fuzz testing. He is also exploring the integration of artificial intelligence, such as graph neural networks, language models and uncertainty quantification, with classical PL/SE tasks to further enhance these domains.

His papers have been published in top-tier conferences and journals in the field of software engineering (TOSEM, FSE, ICSE, ISSTA), programming languages (OOPSLA) and security (S&P, NDSS, TDSC), and awarded ACM SIGSOFT Distinguished Paper Award for FSE 2024 and ACM SIGPLAN Distinguished Paper Award for OOPSLA 2020. He is one of the major contributors of the SVF project and the author of the DeepWukong project. He is serving or has served as TPC member for ICSE 2027, ASE 2026, ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, ACISP 2026, APSEC 2025 (SEIP), LMPL 2025, FSE 2025 (SRC), ISSRE 2024 (DS track), and artifact evaluation committee members for PLDI 2026, ICSE 2025, ISSTA 2024/2023, SAS 2023 and FormaliSE 2025/2024/2023.

CV / Google Scholar / CMS Profile / Github / ORCID / Twitter

📜 Openings: I am looking for self-motivated PhD/MRes students, research assistants, and visiting students/scholars to work on program analysis, software security, and AI for SE. See details →

News

📌 03/2026, I’m serving on the program committee for ICSE 2027. Please consider submitting your work!
📌 12/2025, I’m serving on the program committee for ASE 2026. Please consider submitting your work!
03/2026, Our work on SVGD-based hazardous scenario generation for autonomous driving testing accepted at FSE 2026. Congrats to Linfeng Liang, T.Y. Chen, and Xi Zheng!
03/2026, Our work on ReDoS attack string generation accepted at IEEE S&P 2026. Congrats to Shangzhi Xu, Ziqi Ding, Yuekang Li, Nan Sun, Benjamin Turnbull, Shuangxiang Kan, and Siqi Ma!
12/2025, Our work on codebase-level C memory error repair accepted at FSE 2026. Thanks to Zhihao Guo, Huan Huo, and Yulei Sui!
04/2025, Our work on recursion dissection in abstract interpretation accepted at ECOOP 2025. Congrats to Jiawei Yang, Bor-Yuh Evan Chang, Xiapu Luo, and Yulei Sui!
06/2024, We’re honored to receive the Distinguished Paper Award at FSE. Thanks to Jiawei Ren and Yulei Sui for the collaboration!
01/2024, Our work on quantum speedups on dynamic transitive closure-based static analysis accepted at TOSEM. Congrats to Jiawei Ren, Yulei Sui, Yuan Feng, and Jianjun Zhao!
01/2024, Our work on path-sensitive typestate analysis accepted at FSE 2024. Thanks to Jiawei Ren and Yulei Sui!
12/2023, Our work on cross-domain abstract execution accepted at ICSE 2024. Thanks to Jiawei Wang and Yulei Sui!

Research Directions

Scalable and Precise Static Analysis
- Abstract interpretation [C5: ICSE '24] [C9: ECOOP '25] [C10: OOPSLA '25]
- Typestate analysis [C6: FSE '24]
- Pointer analysis and specification inference [C11: ICSE '26] [P1: arXiv]
- Quantum-accelerated analysis [J3: TOSEM '24]
AI for Software Engineering
- LLM-driven program repair [C13: FSE '26]
- LLM-driven specification generation [C11: ICSE '26]
- Code embedding [C2: OOPSLA '20] [C3: ISSTA '22]
- Vulnerability detection [J1: TOSEM '21] [J2: TDSC]
Software Security and Testing
- Memory safety [C6: FSE '24] [C13: FSE '26]
- Dynamic testing [C15: FSE '26] [C14: S&P '26] [C12: NDSS '26]
- Malware detection [C8: FSE '25] [C7: ISSTA '25]

Publications

(^# Equal contribution, ^* Corresponding author)

Preprints

[P1] Flow Sensitivity without Control Flow Graph: An Efficient Andersen-Style Flow-Sensitive Pointer Analysis
Jiahao Zhang^#, Xiao Cheng^#, Yuxiang Lei.
arXiv PDF

Selected Publications

2026 {{s26 ? '▾' : '▸'}}

[C15] From Particles to Perils: SVGD-Based Hazardous Scenario Generation for Autonomous Driving Systems Testing CORE-A* CCF-A
Linfeng Liang, Xiao Cheng^*, T.Y. Chen, Xi Zheng.
FSE '26 PDF Slides
[C14] PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities CORE-A* CCF-A
Shangzhi Xu, Ziqi Ding, Xiao Cheng^*, Yuekang Li, Nan Sun, Benjamin Turnbull, Shuangxiang Kan, Siqi Ma^*.
S&P '26 (acceptance rate: 135/1070=12.62%) PDF Slides
[C13] TLR: Codebase-Level C Memory Management Error Repair with Large Language Models CORE-A* CCF-A
Xiao Cheng^#, Zhihao Guo^#, Huan Huo, Yulei Sui.
FSE '26 (acceptance rate: 87/920=9.46%) PDF Slides
[C12] MUTATO: Enhancing Fuzz Drivers with Adaptive API Option Mutation CORE-A* CCF-A
Shuangxiang Kan, Xiao Cheng^*, Yuekang Li.
NDSS '26 PDF Slides
[C11] SpecGuru: Hierarchical LLM-Driven API Points-to Specification Generation with Self-Validation CORE-A* CCF-A
Shuangxiang Kan, Yuekang Li, Xiao Cheng^*, Yulei Sui.
ICSE '26 PDF Slides BIB

2025 {{s25 ? '▾' : '▸'}}

[C10] Efficient Abstract Interpretation via Selective Widening CORE-A CCF-A
Jiawei Wang^#, Xiao Cheng^#, Yulei Sui.
OOPSLA '25 PDF Slides BIB
[C8] Mitigating Emergent Malware Label Noise in DNN-Based Android Malware Detection CORE-A* CCF-A
Haodong Li^#, Xiao Cheng^#, Guohan Zhang^*, Guosheng Xu, Guoai Xu and Haoyu Wang^*.
FSE '25 (acceptance rate: 70/612=11.44%) PDF Slides BIB
[C7] Understanding Model Weaknesses: A Path to Strengthening DNN-Based Android Malware Detection CORE-A* CCF-A
Haodong Li, Xiao Cheng^*, Yanjie Zhao, Guosheng Xu, Guoai Xu and Haoyu Wang^*.
ISSTA '25 (acceptance rate: 23/553=4.16%) PDF Slides BIB

2024 {{s24 ? '▾' : '▸'}}

[C6] Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point Slicing CORE-A* CCF-A ACM SIGSOFT Distinguished Paper AWARD
Xiao Cheng, Jiawei Ren, Yulei Sui
FSE '24 PDF Slides BIB
[C5] Precise Sparse Abstract Execution via Cross-Domain Interaction CORE-A* CCF-A
Xiao Cheng, Jiawei Wang, Yulei Sui
ICSE '24 PDF Slides BIB

2022 {{s22 ? '▾' : '▸'}}

[C3] Path-Sensitive Code Embedding via Contrastive Learning for Software Vulnerability Detection CORE-A* CCF-A
Xiao Cheng, Guanqin Zhang, Haoyu Wang and Yulei Sui
ISSTA '22 PDF Slides BIB

2020 {{s20 ? '▾' : '▸'}}

[C2] Flow2Vec: Value-Flow-Based Precise Code Embedding CORE-A* CCF-A ACM SIGPLAN Distinguished Paper AWARD
Yulei Sui, Xiao Cheng, Guanqin Zhang and Haoyu Wang
OOPSLA '20 PDF BIB

Full List →

Services

Webchair of LCTES 2024.
TPC member of ICSE 2027, ASE 2026, ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, ACISP 2026, APSEC 2025 (SEIP), LMPL 2025, FSE 2025 (SRC), ISSRE 2024 (DS track).
Artifact Evaluation Committee of PLDI 2026, ICSE 2025, ISSTA 2024/2023, SAS 2023, FormaliSE 2025/2024/2023.
Reviewer of SAS 2025, TOSEM, TSE, TDSC, TACO, ASEJ.

Teaching Experience

Convenor, Lecturer and SGTA, COMP3050 Software Systems Development and Operations, Macquarie University, 2026 S1 (with Dr Lachlan Patrick).
Lecturer, COMP8700 IT Professional Practice, Macquarie University, 2025 S2 & 2026 S1 (with Dr Adnan Mahmood).
Developer and mantainer, Software-Security-Analysis, an online open courses for learning software security analysis via SVF.
Tutor, 41181 Information Security and Management, UTS, 2024.
Lecturer, 41128 Software Analysis Studio, UTS, 2021-2024 (with Dr Yanjun Zhang). [Course Material]
Course admin, COMP6131 Software Security Analysis, UNSW, 2024
Lecturer, Software Analysis, SSTC Software Engineering Studio, NEUQ, 2021-2024 (with Dr Yanjun Zhang).
Lecturer, 41184 Secure Programming and Penetration Testing, UTS, 2024 (with Dr Yanjun Zhang).

Tools

Developer and mantainer, SVF (authored by Yulei Sui), a source code analysis framework that enables interprocedural dependence analysis for LLVM-based languages.
Creator, DeepWukong, a graph neural network based software vulnerability detector.

Education

2021-2024, Ph.D. in Computer Science and Engineering, University of New South Wales (UNSW).
2014-2021, B.Eng and M.Res in Engineering, Beijing University of Posts and Telecommunications (BUPT).

Awards

2025, Amazon Research Award (ARA), "Path-Sensitive Typestate Analysis through Sparse Abstract Execution", Key Participant.
2025, The Norman Foo Memorial Best Research Paper Prize
2024, ACM SIGSOFT Distinguished Paper Award (FSE).
2024, ACM SIGSOFT CAPS Travel Grant
2024, Development and Research Training Grant (DRTG), UNSW.
2023, Google ASPIRE Award, "Cross-Component Cross-Language Static Value-Flow Analysis for Android Ecosystem", Key Participant.
2022, Apple Scholars in AI/ML PhD fellowship nomination.
2020, ACM SIGPLAN Distinguished Paper Award (OOPSLA).

Misc

Tips on writing a research paper, Doing Research in Software Analysis Lessons and Tips.
Abstract Interpretation, Static Program Analysis, and more
LLVM, Z3, SVF, Tai-e, Qilin, IKOS, Crab, POCR.
Overleaf Tutorials, SimpleTex, Markdown Guide, Docker.
CPP/C, LLVM IR.

Website source code by ✩