|
个人信息:Personal Information
讲师 研究生导师
性别:男
学历:博士研究生毕业
学位:工学博士学位
在职信息:在岗
所在单位:广州研究院
入职时间:2022-12-31
学科:计算机软件与理论 计算机科学与技术 软件工程
办公地点:广州市黄埔区新龙镇知明路83号西安电子科技大学广州研究院求真楼A714
联系方式:wencheng [at] xidian.edu.cn
Publications
1. Cheng Wen, Jaolun Cao*, Jie Su, Zhiwu Xu, Shengchao Qin*, Mengda He, Haokun Li, Shing-Chi Cheung, Cong Tian. Enchanting Program Specification Synthesis by Large Language Models using Static Analysis and Program Verification. Accepted by 36th International Conference on Computer Aided Verification. 2024. (CCF A类)
2. Zhiwu Xu, Bohao Wu, Cheng Wen*, Bin Zhang, Shengchao Qin*, Mengda He. RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support. IEEE/ACM 46th International Conference on Software Engineering (ICSE). 2024. (CCF A)
3. Cheng Wen, Yuandao Cai, Bin Zhang, Jie Su*, Zhiwu Xu, Dugang Liu, Shengchao Qin*, Zhong Ming, Cong Tian. Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We? Accepted by Transactions on Knowledge Discovery from Data. 2024. (CCF B)
4. Cheng Wen, Mengda He*, Bohao Wu, Zhiwu Xu, Shengchao Qin*. Controlled Concurrency Testing via Periodical Scheduling. IEEE/ACM 44th International Conference on Software Engineering (ICSE). 2022. (CCF A)
5. Cheng Wen, Haijun Wang*, Yuekang Li, Shengchao Qin*, et al. MemLock: Memory Usage Guided Fuzzing. IEEE/ACM 42nd International Conference on Software Engineering (ICSE). 2020. (CCF A)
6. Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, et al. Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities. IEEE/ACM 42nd International Conference on Software Engineering (ICSE). 2020*. (CCF A)
7. Zhiwu Xu, Cheng Wen, Shengchao Qin* and Mengda He. Extracting automata from neural networks using active learning. PeerJ Computer Science, April 2021. (JCR 二区)
8. Zhiwu Xu, Cheng Wen, and Shengchao Qin*. Type Learning for Binaries and its Applications. IEEE Transactions on Reliability (Volume: 68:893-912, Issue:3, Sep 2019). (SCI 二区)
9. Zhiwu Xu, Cheng Wen, and Shengchao Qin*. State-taint analysis for detecting resource bugs. Science of Computer Programming. Elsevier, 162:93-109, 15th Sep 2018. (SCI/ESI, CCF B)
10. Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin*. Extracting Automata from Neural Networks Using Active Learning. National Conference on Formal Methods and Applications. 2018. (Best Paper Award)
11. Zhiwu Xu, Cheng Wen, Shengchao Qin* and Zhong Ming. Effective malware detection based on behaviour and data features. International Conference on Smart Computing and Communication(SmartCom). Springer, 2017. (Best Student Paper Award)
12. Zhiwu Xu, Cheng Wen, and Shengchao Qin*. Learning types for binaries. International Conference on Formal Engineering Methods(ICFEM). Springer, 2017. (CCF C)
Practical Security Impact (73 CVEs)
I have found several security-critical vulnerabilities in widely used real-world programs.
CVE-2022-26291, CVE-2020-36375, CVE-2020-36374, CVE-2020-36373, CVE-2020-36372, CVE-2020-36371, CVE-2020-36370, CVE-2020-36369, CVE-2020-36368, CVE-2020-36367, CVE-2020-36366, CVE-2020-18900, CVE-2020-18899, CVE-2020-18898, CVE-2020-18897, CVE-2020-18395, CVE-2020-18392, CVE-2020-18382, CVE-2020-18378, CVE-2019-16166, CVE-2019-16165, CVE-2019-15140, CVE-2019-11471, CVE-2019-7704, CVE-2019-7703, CVE-2019-7702, CVE-2019-7701, CVE-2019-7700, CVE-2019-7699, CVE-2019-7698, CVE-2019-7697, CVE-2019-7665, CVE-2019-7664, CVE-2019-7663, CVE-2019-7662, CVE-2019-7154, CVE-2019-7153, CVE-2019-7152, CVE-2019-7151, CVE-2019-7150, CVE-2019-7149, CVE-2019-7148, CVE-2019-7147, CVE-2019-7146, CVE-2019-6293, CVE-2019-6292, CVE-2019-6291, CVE-2019-6290, CVE-2018-20712, CVE-2018-20657, CVE-2018-20652, CVE-2018-20651, CVE-2018-20593, CVE-2018-20592, CVE-2018-20591, CVE-2018-20002, CVE-2018-18701, CVE-2018-18700, CVE-2018-18607, CVE-2018-18606, CVE-2018-18605, CVE-2018-18521, CVE-2018-18520, CVE-2018-18484, CVE-2018-18483, CVE-2018-18310, CVE-2018-18309, CVE-2018-17985, CVE-2018-17795, CVE-2018-17794, CVE-2018-16403, CVE-2018-16402, CVE-2018-16062