Peng Li

Peng Li is a security engineer at ByteDance. He received his PH.D. degree from school of computing in University of Utah under the surpervision of Prof. Ganesh Gopalakrishnan. His development & research concentrate on but not limited to:

News

• Hiring interns with strong backgrounds in static analysis and dynamic analysis, if you are interested, please send me an e-mail.
• 2019/12: Paper accepted by ICSE 2020 — on SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection (PDF).
• 2019/11: Invited to be committee member in SPAI 2020 — please consider submitting your work.

Projects

• SAVIOR: A practical bug driven hybrid fuzzing framework leveraging greybox fuzzing and concolic execution. [Source Code]


• SymJS: A symbolic executor and test case generator for JavaScript prograrms and JavaScript-based web application. I significantly extended it to scale to realistic web applications and hybrid selendroid web applications.


• KLOVER: A symbolic executor and test case generator for c++ prograrms, it was built on top of KLEE. I combined KLOVER and a C++ unit test generator to intensively test Fujitsu router systems.


• GKLEE: A symbolic analysis assisted checker and test generator for C++ CUDA programs.


• IOC: An integer overflow checker for C/C++, integrated into Clang/LLVM as part of Undefined Behavior Sanitizer.


• T-Check: A bug finding framework leveraging bounded model checking and random testing for sensor networks.

Publications

• Zhenxiao Qi, Qian Feng, Yueqiang Cheng, Mengjia Yan, Peng Li, Heng Yin, and Tao Wei SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets,
  In Proceedings of the Network and Distributed System Security Symposium, (NDSS 2021).


• Shengjian Guo, Yueqi Cheng, Jiyong Yu, Meng Wu, Zhiqiang Zuo, Peng Li, Yueqiang Cheng, and Huibo Wang. Exposing Cache Timing Leaks through Out-of-Order Symbolic Execution,
  OOPSLA 2020.


• Shengjian Guo, Yueqi Chen, Peng Li, Yueqiang Cheng, Huibo Wang, Meng Wu, Zhiqiang Zuo. SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection,
  In Proceedings of the 42nd International Conference on Software Engineering, (ICSE 2020).


• Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, Long Lu. SAVIOR: Towards Bug-Driven Hybrid Testing,
  In Proceedings of the 41st IEEE Symposium on Security and Privacy, (S&P 2020).


• Peng Li. ConcFuzzer: A Sanitizer Guided Hybrid Fuzzing Framework Leveraging Greybox Fuzzing and Concolic Execution,
  Invited industry keynote in KLEE workshop 2018. London, UK, 2018


• Alastair F. Donaldson, Ganesh Gopalakrishnan, Nathan Chong, Jeroen Ketema, Guodong Li, Peng Li, Anton Lokhmotov, Shaz Qadeer.
  Formal Analysis Techniques for Reliable GPU Programming: Current Solutions and Call to Action.
  Book chapter in Advances in GPU Research and Practice, pp. 3-21 (Morgan Kaufmann), 2017


• Will Dietz, Peng Li, John Regehr, and Vikram Adve. Understanding Integer Overflow in C/C++,
  ACM Transactions on Software Engineering and Methodology (TOSEM), 2015.


• Peng Li, Guodong Li, Ganesh Gopalakrishnan, Practical Symbolic Race Checking of GPU Programs,
  In Proceedings of the 26th ACM/IEEE International Conference on High Performance Computing, Networking, Storage and Analysis Conference (SC'14). New Orlean, LA, 2014.


• Peng Li, Guodong Li, Ganesh Gopalakrishnan, Parametric Flows: Automated Behavior Equivalencing for Symbolic Analysis of Races in CUDA Programs,
  In Proceedings of the 24th ACM/IEEE International Conference on High Performance Computing, Networking, Storage and Analysis Conference (SC'12). Salt Lake City, UT, 2012.


• Guodong Li, Peng Li, Geof Sawaya, Ganesh Gopalakrishnan, Indradeep Ghosh and Sreeranga P. Rajan, GKLEE: Concolic Verification and Test Generation for GPUs,
  In Proceedings of 17th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'12). New Orlean, LA, USA, 2012, pp. 215-224.


• Will Dietz, Peng Li, John Regehr, and Vikram Adve, Understanding Integer Overflow in C/C++,
  In Proceedings of the 34th International Conference on Software Engineering (ICSE'12). Zurich, Switzerland, June 2012.
  ACM SIGSOFT Distinguished Paper Award


• Peng Li and John Regehr, T-Check: Bug Finding for Sensor Networks,
  In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN'10). SPOTS track, Stockholm, Sweden, April 2010.


• Peng Li, Qing Gu, Keqiang Cao, Daoxu Chen and Jianmin Zhu. Compositional Schedulability Analysis of workflow using Timing Constraint Petri nets,
  In Proceedings of the 10th IASTED International Conference on Software Engineering and Applications (SEA'06), Dallas, TX, U.S. 2006.

Recognition

• It is my great honor to receive the 2012 NVIDIA graduate fellowship to fund my research on extending our symbolic assisted checker for C++ CUDA programs: GKLEE.