Xiao Cheng

Xiao Cheng is a lecturer (~U.S.Assistant Professor) at School of Computing, Faculty of Science and Engineering, Macquarie University. His research lies at the intersection of Programming Languages (PL) and Software Engineering (SE), focusing on enhancing the security and reliability of modern software systems through program analysis and verification techniques, including abstract interpretation, typestate analysis, IFDS, sparse value-flow analysis and fuzz testing. He is also exploring the integration of artificial intelligence, such as graph neural networks, language models and uncertainty quantification, with classical PL/SE tasks to further enhance these domains.

His papers have been published in top-tier conferences and journals in the field of software engineering (TOSEM, FSE, ICSE, ISSTA), programming languages (OOPSLA) and security (TDSC), and awarded ACM SIGSOFT Distinguished Paper Award for FSE 2024 and ACM SIGPLAN Distinguished Paper Award for OOPSLA 2020. He is one of the major contributors of the SVF project and the author of the DeepWukong project. He is serving or has served as TPC member for ICSE 2027, ASE 2026, ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, ACISP 2026, APSEC 2025 (SEIP), LMPL 2025, FSE 2025 (SRC), ISSRE 2024 (DS track), and artifact evaluation committee members for ICSE 2025, ISSTA 2024/2023, SAS 2023 and FormaliSE 2025/2024/2023.

CV / Google Scholar / CMS Profile / Github / ORCID / Twitter

News

03/2026, I’m serving on the program committee for ICSE 2027. Please consider submitting your work!
12/2025, Our work on codebase-level C memory error repair accepted at FSE 2026.
12/2025, I’m serving on the program committee for ASE 2026. Please consider submitting your work!
04/2025, Our work on recursion dissection in abstract interpretation accepted at ECOOP 2025. Congrats to Jiawei Yang!
06/2024, We’re honored to receive the Distinguished Paper Award at FSE. Thanks to the community for recognizing our work!
01/2024, Our work on quantum speedups on dynamic transitive closure-based static analysis accepted at TOSEM.
01/2024, Our work on path-sensitive typestate analysis accepted at FSE 2024.
12/2023, Our work on cross-domain abstract execution accepted at ICSE 2024.

Publications

(^# Equal contribution, ^* Corresponding author)

Preprints

[P1] Flow Sensitivity without Control Flow Graph: An Efficient Andersen-Style Flow-Sensitive Pointer Analysis
Jiahao Zhang^#, Xiao Cheng^#, Yuxiang Lei.
arXiv PDF

Selected Publications

[C12] TLR: Codebase-Level C Memory Management Error Repair with Large Language Models CORE-A* CCF-A
Xiao Cheng^#, Zhihao Guo^#, Huan Huo, Yulei Sui.
ACM International Conference on the Foundations of Software Engineering (FSE '26) (acceptance rate: 87/920=9.46%) PDF Slides
[C11] SpecGuru: Hierarchical LLM-Driven API Points-to Specification Generation with Self-Validation CORE-A* CCF-A
Shuangxiang Kan, Yuekang Li, Xiao Cheng^*, Yulei Sui.
Proceedings of the IEEE/ACM 48th International Conference on Software Engineering (ICSE '26) PDF Slides BIB
[C10] Efficient Abstract Interpretation via Selective Widening CORE-A CCF-A
Jiawei Wang^#, Xiao Cheng^#, Yulei Sui.
Proceedings of the ACM on Programming Languages, Volume 9, Issue OOPSLA2 (OOPSLA '25) PDF Slides BIB
[C9] Taming and Dissecting Recursions through Interprocedural Weak Topological Ordering CORE-A CCF-B
Jiawei Yang^#, Xiao Cheng^#, Bor-Yuh Evan Chang, Xiapu Luo, Yulei Sui.
2025 European Conference on Object-Oriented Programming (ECOOP '25) PDF Slides BIB
[C6] Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point Slicing CORE-A* CCF-A ACM SIGSOFT Distinguished Paper AWARD
Xiao Cheng, Jiawei Ren, Yulei Sui
32nd ACM International Conference on the Foundations of Software Engineering (FSE '24) PDF Slides BIB
[C5] Precise Sparse Abstract Execution via Cross-Domain Interaction CORE-A* CCF-A
Xiao Cheng, Jiawei Wang, Yulei Sui
46th International Conference on Software Engineering (ICSE '24) PDF Slides BIB
[J2] How About Bug-Triggering Paths? - Understanding and Characterizing Learning-Based Vulnerability Detectors CORE-A* CCF-A
Xiao Cheng, Xu Nie, Ningke Li, Haoyu Wang, Zheng Zheng, Yulei Sui
IEEE Transactions on Dependable and Secure Computing (TDSC) PDF BIB
[C3] Path-Sensitive Code Embedding via Contrastive Learning for Software Vulnerability Detection CORE-A* CCF-A
Xiao Cheng, Guanqin Zhang, Haoyu Wang and Yulei Sui
The 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '22) PDF Slides BIB
[J1] DeepWukong: Statically Detecting Software Vulnerabilities using Deep Graph Neural Network CORE-A* CCF-A
Xiao Cheng, Haoyu Wang^*, Jiayi Hua, Guoai Xu^* and Yulei Sui
ACM Transactions on Software Engineering and Methodology (TOSEM) PDF BIB
[C2] Flow2Vec: Value-Flow-Based Precise Code Embedding CORE-A* CCF-A ACM SIGPLAN Distinguished Paper AWARD
Yulei Sui, Xiao Cheng, Guanqin Zhang and Haoyu Wang
Proceedings of ACM OOPSLA 2020 PDF BIB

Full List

(expand to view)

Published Papers

[C12] TLR: Codebase-Level C Memory Management Error Repair with Large Language Models CORE-A* CCF-A
Xiao Cheng^#, Zhihao Guo^#, Huan Huo, Yulei Sui.
ACM International Conference on the Foundations of Software Engineering (FSE '26) (acceptance rate: 87/920=9.46%) PDF Slides
[C11] SpecGuru: Hierarchical LLM-Driven API Points-to Specification Generation with Self-Validation CORE-A* CCF-A
Shuangxiang Kan, Yuekang Li, Xiao Cheng^*, Yulei Sui.
Proceedings of the IEEE/ACM 48th International Conference on Software Engineering (ICSE '26) PDF Slides BIB
[C10] Efficient Abstract Interpretation via Selective Widening CORE-A CCF-A
Jiawei Wang^#, Xiao Cheng^#, Yulei Sui.
Proceedings of the ACM on Programming Languages, Volume 9, Issue OOPSLA2 (OOPSLA '25) PDF Slides BIB
[C9] Taming and Dissecting Recursions through Interprocedural Weak Topological Ordering CORE-A CCF-B
Jiawei Yang^#, Xiao Cheng^#, Bor-Yuh Evan Chang, Xiapu Luo, Yulei Sui.
2025 European Conference on Object-Oriented Programming (ECOOP '25) PDF Slides BIB
[C8] Mitigating Emergent Malware Label Noise in DNN-Based Android Malware Detection CORE-A* CCF-A
Haodong Li^#, Xiao Cheng^#, Guohan Zhang^*, Guosheng Xu, Guoai Xu and Haoyu Wang^*.
FSE 2025 (acceptance rate: 70/612=11.44%) PDF Slides BIB
[C7] Understanding Model Weaknesses: A Path to Strengthening DNN-Based Android Malware Detection CORE-A* CCF-A
Haodong Li, Xiao Cheng^*, Yanjie Zhao, Guosheng Xu, Guoai Xu and Haoyu Wang^*.
ISSTA 2025 (acceptance rate: 23/553=4.16%) PDF Slides BIB
[J3] Dynamic Transitive Closure-Based Static Analysis through the Lens of Quantum Search CORE-A* CCF-A
Jiawei Ren, Yulei Sui, Xiao Cheng, Yuan Feng and Jianjun Zhao
ACM Transactions on Software Engineering and Methodology (TOSEM) PDF BIB
[C6] Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point Slicing CORE-A* CCF-A ACM SIGSOFT Distinguished Paper AWARD
Xiao Cheng, Jiawei Ren, Yulei Sui
32nd ACM International Conference on the Foundations of Software Engineering (FSE '24) PDF Slides BIB
[C5] Precise Sparse Abstract Execution via Cross-Domain Interaction CORE-A* CCF-A
Xiao Cheng, Jiawei Wang, Yulei Sui
46th International Conference on Software Engineering (ICSE '24) PDF Slides BIB
[C4] Vulnerability Detection via Typestate-Guided Code Representation Learning CCF-C
Xiao Cheng
International Conference on Formal Engineering Methods (ICFEM '23) PDF BIB
[J2] How About Bug-Triggering Paths? - Understanding and Characterizing Learning-Based Vulnerability Detectors CORE-A* CCF-A
Xiao Cheng, Xu Nie, Ningke Li, Haoyu Wang, Zheng Zheng, Yulei Sui
IEEE Transactions on Dependable and Secure Computing (TDSC) PDF BIB
[C3] Path-Sensitive Code Embedding via Contrastive Learning for Software Vulnerability Detection CORE-A* CCF-A
Xiao Cheng, Guanqin Zhang, Haoyu Wang and Yulei Sui
The 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '22) PDF Slides BIB
[J1] DeepWukong: Statically Detecting Software Vulnerabilities using Deep Graph Neural Network CORE-A* CCF-A
Xiao Cheng, Haoyu Wang^*, Jiayi Hua, Guoai Xu^* and Yulei Sui
ACM Transactions on Software Engineering and Methodology (TOSEM) PDF BIB
[C2] Flow2Vec: Value-Flow-Based Precise Code Embedding CORE-A* CCF-A ACM SIGPLAN Distinguished Paper AWARD
Yulei Sui, Xiao Cheng, Guanqin Zhang and Haoyu Wang
Proceedings of ACM OOPSLA 2020 PDF BIB
[C1] Static Detection of Control-Flow-Related Vulnerabilities Using Graph Embedding CORE-A CCF-C
Xiao Cheng, Haoyu Wang^*, Jiayi Hua, Miao Zhang, Guoai Xu, Li Yi^* and Yulei Sui
The 24th International Conference on Engineering of Complex Computer Systems (ICECCS 2019) PDF BIB

Services

Webchair of LCTES 2024.
TPC member of ICSE 2027, ASE 2026, ISSTA 2026, FSE 2026, ISSRE 2025, PAKDD 2026/2025, ACISP 2026, APSEC 2025 (SEIP), LMPL 2025, FSE 2025 (SRC), ISSRE 2024 (DS track).
Artifact Evaluation Committee of ICSE 2025, ISSTA 2024/2023, SAS 2023, FormaliSE 2025/2024/2023.
Reviewer of SAS 2025, TOSEM, TSE, TDSC, TACO, ASEJ.

Teaching Experience

Developer and mantainer, Software-Security-Analysis, an online open courses for learning software security analysis via SVF.
Tutor, 41181 Information Security and Management, UTS, 2024.
Tutor, 41128 Software Analysis Studio, UTS, 2021-2024.
Course admin, COMP6131 Software Security Analysis, UNSW, 2024
Tutor, Software Analysis, SSTC Software Engineering Studio, NEUQ, 2021-2024.
Tutor and lab demonstrator, 41184 Secure Programming and Penetration Testing, UTS, 2024

Tools

Developer and mantainer, SVF (authored by Yulei Sui), a source code analysis framework that enables interprocedural dependence analysis for LLVM-based languages.
Creator, DeepWukong, a graph neural network based software vulnerability detector.

Education

2021-2024, Ph.D. in Computer Science and Engineering, University of New South Wales (UNSW).
2014-2021, B.Eng and M.Res in Engineering, Beijing University of Posts and Telecommunications (BUPT).

Awards

2025, Amazon Research Award (ARA), "Path-Sensitive Typestate Analysis through Sparse Abstract Execution", Key Participant.
2025, The Norman Foo Memorial Best Research Paper Prize
2024, ACM SIGSOFT Distinguished Paper Award (FSE).
2024, ACM SIGSOFT CAPS Travel Grant
2024, Development and Research Training Grant (DRTG), UNSW.
2023, Google ASPIRE Award, "Cross-Component Cross-Language Static Value-Flow Analysis for Android Ecosystem", Key Participant.
2022, Apple Scholars in AI/ML PhD fellowship nomination.
2020, ACM SIGPLAN Distinguished Paper Award (OOPSLA).

Misc

Tips on writing a research paper, Doing Research in Software Analysis Lessons and Tips.
Abstract Interpretation, Static Program Analysis, and more
LLVM, Z3, SVF, Tai-e, Qilin, IKOS, Crab, POCR.
Overleaf Tutorials, SimpleTex, Markdown Guide, Docker.
CPP/C, LLVM IR.

Welcome to use this website's source code, just add a link back to here. . ✩