1. co-advised with Cong Liu ^
  2. co-advised with Shiyi Wei ^
  3. co-advised with Deqing Zou ^


I am broadly interested in topics related to software engineering and security.

Efficiency Robustness

My current research is primarily driven by the need to adapt AI on edge devices such as mobile devices, IoT devices and autonomous vehicles. The line of work on efficiency robustness, pioneered by our group in 2019, began with the observation that different inputs may incur varied amount of computation costs on neural networks. We have developed various attacks such as white-box attack(CVPR 2020), black-box attack(ICSE 2022), and feed-forward attack(ASE 2022) on a range of applications such as Neural Machine Translation(FSE 2022), Neural Image Caption Generation(CVPR 2022), Transformer-based Language Models(ACL 2023), and Neural ODEs (ICCV-W 2023).

Infrastructure Support for AI Deployment

Another line of work to enable AI on edge devices is to provide infrastructure support. To this end, our main effort is to build a compiler toolchain (ISSTA 2023, IJCAI 2022) to enable compilation on dynamic-shaped neural networks. We have also investigated the security of such deployment on IoT devices (CCS 2019).

Mobile Testing

We have been working on mobile testing since we built one of the first automated mobile testing tools in 2012. We have performed a few studies (FSE 2016,ICSE 2017, ASE 2018) on existing mobile testing tools, and based on the study results, we have focused on solving the bottleneck issues such as generating textual inputs(IEEE S&P 2020) and avoiding exploration tarpits (FSE 2021).

Malware Detection

We have proposed a new notion of expectation context which contrasts user expectation and program behaviors to detect malware. This notion has opened up the new field of text analytics for mobile security. Specifically, on the user expectation side, we extract information such as app descriptions (Usenix Security 2013, RE 2018), contextual events(HotSoS 2014, ICSE 2015, JCS 2016, HotSoS 2017), ads information (NDSS 2016) and on-screen messages (VL/HCC 2018) to depict what users expect to happen in the apps. On the program behaviors side, we have been developing techniques such as entity-based program analysis(ICSE 2018), centrality analysis(ASE 2019), intimacy analysis(TOSEM 2021), homophily analysis (ISSTA 2021), and contrastive learning (TDSC 2022) to detect potentially unwanted apps (PUAs) and malware.

SE/Security for Deep Learning

We have investigated other topics in software engineering and security of DL models. We are one of the first to propose property inference attack(CCS 2018) and adversarial malware generation (ACSAC 2017, AAAI-W 2018). We are also the first to use a global property to interpret a DL model without a specific input (FSE 2020). We did some work in testing DL models such as NMT models(DSN 2019, ICSE 2019) and NLP models (COLING 2022). Realizing such testing may or may not result in a better model, recently, we begin to focus on improving inputs for better robustness (CVPR-W 2022) and accuracy of DL models.

Intelligent Software Testing/Security

I am generally interested in develop more intelligent tools for software engineers and security researchers. We have made tools for converting natural language specification to programing languages (EMNLP 2018, AAAI-W 2018), generating input grammars for fuzzing (FSE 2019), clone detection (ASE 2020), diagnosing database performance issues (ICSME 2020), analyzing UI flaky tests (ICSE 2020), mapping website changes (ISSTA 2021), detecting game bugs (FSE 2021, ISSRE 2023), and vulnerability detection (ICSE 2022).

Selected Recent Publications

PPM Reverse Chain-of-Thought: Benchmarking LLMs with Combined Subproblems
In FSE, 2024

WEFix Fixing flakiness in web testing
In WWW, 2024

DyCL Compilation for Dynamic Neural Network
In ISSTA, 2023

EfficFrog Efficiency Backdoor Injection on Dynamic Neural Networks
In CVPR, 2023

SAME Efficiency Attack on Language Models
In ACL, 2023

DeepPerform Performance Testing of Resource-Constrained Neural Networks.
In ASE, 2022

NMTSloth Energy Testing on Neural Machine Translation Systems.
In FSE, 2022

NNReverse Reverse Engineering DNN Models
In IJCAI, 2022

NICGSlowDown Efficiency Attack on NICG Models
In CVPR, 2022

EREBA Energy Testing on Adaptive Neural Networks.
In ICSE, 2022

VulCNN DL-based Vulnerability Detection.
In ICSE, 2022

Vet Enhancing Mobile Testing via Patching Apps.

ACM SIGSOFT Distinguished Paper Award.
In FSE, 2021

GLIB Automated Test Oracle for Mobile Games.
In FSE, 2021

HomDroid Malware Detection via Homophily Analysis.
In ISSTA, 2021

WebEvo Evolutionary Web Monitoring.
In ISSTA, 2021

UI-Flaky An Empirical Analysis of UI-based Flaky Tests.
In ICSE, 2021

SCDetector Code Clone Detection by Centrality Analysis.
In ASE, 2020

DENAS Automated Heuristic Generation for Non-ML Systems via ML
In FSE, 2020

ILFO Adversarial Attack on Adaptive Neural Networks
In CVPR, 2020

TextExerciser Feedback-driven Text Input Exercising for Android Applications
In IEEE S&P, 2020

MalScan Malware Detection by Centrality Analysis.
In ASE, 2019

iRuler Detecting inter-rule vulnerabilities in IoT applications.
In CCS, 2019

REINAM Synthesizing high-coverage context-free program input grammars.
In FSE, 2019

SemRegex Synthesizing regex from natural language descriptions.
In EMNLP, 2018

PermuteInvariance Inferring private properties of neural networks.
In CCS, 2018

WCTester Android test generation for industrial mobile applications.
In ASE, 2018

EnMobile Detection of command & control behaviors in mobile applications.
In ICSE, 2018

Other Publications

More Publications


PDF Code

. SlothSpeech: Denial-of-service Attack Against Speech Recognition Models. In INTERSPEECH, 2023.

PDF Code

. AntiNODE: Evaluating Efficiency Robustness of Neural ODEs. In ICCV-W, 2023.

PDF Code

. Contrastive Learning for Robust Android Malware Familial Classification. In TDSC, 2022.


. An Empirical Analysis of Compatibility Issues for Industrial Mobile Games. In ISSRE, 2022.

PDF Dataset

. TestAug: A Framework for Augmenting Capability-based NLP Tests. In COLING, 2022.

PDF Code

. CorrGAN:Input Transformation Technique Against Natural Corruptions. . In CVPR-W, 2022.


. Detecting Topology Attacks against Graph Neural Networks.
Best Paper Award RunnerUp.
In CIKM-W, 2022.

PDF Code

. IntDroid: Android Malware Detection Based on API Intimacy Analysis. In TOSEM, 2021.


. Database-Access Performance Antipatterns in Database-Backed Web Applications. In ICSME, 2020.


. Detecting Failures of Neural Machine Translation in the Absence of Reference Translations. In DSN, 2019.


. Testing Untestable Neural Machine Translation: An Industrial Case. In ICSE, 2019.


. A Large-Scale Empirical Study on Android Runtime Permission Rationale Messages. In VL/HCC, 2018.


. Mining Android App Description for Permission Requirements Recommendation. In RE, 2018.


. Generating Regular Expressions from Natural Language Specifications: Are We There Yet?. In AAAI-W, 2018.


. Automated Test Input Generation for Android: Towards Getting There in an Industrial Case. In ICSE, 2017.



Associate Editor: [TOSEM (2023 - present)]

Organizing Committee Member: [ISSTA 2020] [APSEC 2020] [ASE 2017] …

Program Committee Member: [FSE 2024] [ISSTA 2024] [ICST 2024] [ICSE 2023] [ASE 2023] [ICST 2023] [MSR 2023] [ISSRE 2023] [FSE Demo 2023] [ASE 2022] [ISSRE 2022] [ICST 2022] [MSR 2022] [ICSE Demo 2022] [ISSTA DS 2022] [ICSE 2021] [ICST 2021] …

Check CV and researchr profile for more.


  • (972) 883-4173
  • ECSS 4.225, 800 W. Campbell Rd., Richardson, TX 75080, USA.
  • email for appointment