wcventure
Guangzhou Institute of Technology,Xidian University
Paper Accepted By CAV 2024
Author: Cheng Wen, Jialun Cao, Jie Su, Zhiwu Xu, Shengchao Qin, Mengda He, Haokun Li, Shing-Chi Cheung, Cong Tian.
Title: Enchanting Program Specification Synthesis by Large Language Models using Static Analysis and Program Verification.
22-27th July 2024, Montreal, Canada.
Paper Accepted By ICSE 2024
Author: Zhiwu Xu, Bohao Wu, Cheng Wen, Bin Zhang, Shengchao Qin, Mengda He.
Title: RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support.
14-20th April 2024, Lisbon, Poptugal.
Paper Accepted By Transactions on Knowledge Discovery from Data (TKDD). 2024.
Author: Cheng Wen, Yuandao Cai, Bin Zhang, Jie Su, Zhiwu Xu, Dugang Liu, Shengchao Qin, Zhong Ming, Cong Tian.
Title: Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?
26th March 2024.
Join Xidian University
I have joined Guangzhou Institute of Technology, Xidian University as a lecturer.
30th December 2012, Xidian University, China.
Paper Accepted By ICSE 2022
Author: Cheng Wen, Mengda He, Bohao Wu, Zhiwu Xu, Shengchao Qin.
Title: Controlled Concurrency Testing via Periodical Scheduling.
21-29th May 2022, PA, USA.
Paper Accepted By ICSE 2020
Author: Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu and Ting Liu.
Title: MemLock: Memory Usage Guided Fuzzing.
5-1th October 2020, Seoul, South Korea.
Paper Accepted By ICSE 2020
Author: Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen and Yulei Sui.
Title: Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
5-11th October 2020, Seoul, South Korea.
Paper Accepted By IEEE Transactions on Reliability
Xu, Zhiwu, Cheng Wen, and Shengchao Qin.
Title: Type Learning for Binaries and its Applications.
IEEE Transactions on Reliability (2019).
11th November 2018.
Best Paper Award on FAMC 2018
Author: Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Title: Extracting Automata from Neural Networks Using Active Learning.
3-4th November 2018, Chongqin, China.
| Pseudonym | : | wcventure |
| Name | : | Cheng Wen |
| Institution | : | Guangzhou Institute of Technology, Xidian University |
| : | wencheng[at]xidian.edu.cn | |
| Skype | : | wcventure |
| Address | : | Guangzhou City, Guangdong Province, China, 510530 |
| Homepage | : | https://wcventure.github.io/ |
| Github | : | https://github.com/wcventure |
| CSDN | : | https://blog.csdn.net/wcventure |
| Google Scholar | : | https://scholar.google.com/citations?hl=en&user=wcventure |
文成雕龙与天骄,
心若白云常自在。
雕陂之水清且泚,
龙归洞府暮将雨!
Cheng Wen
About Me
Cheng Wen is currently a lecturer at the Guangzhou Institute of Technology, Xidian University, where Prof. Tian and I co-run the ICTT (Guangzhou) Research Group. Cheng Wen's research interests are in the areas of Software Engineering (SE), Cyber Security (SEC), Artificial Intelligence for SE (AI4SE), and Formal Methods (FM). In particular, he focuses on the use of program analysis, testing, verification, and AI techniques to make software systems more secure and reliable. His research has led to the discovery of hundreds of real-world security-critical bugs, assigning 73 CVEs. The tools he has developed are deployed and used in the enterprise. Before joining Xidian University, Cheng Wen received his Ph.D. in Computer Science and Technology from Shenzhen University in 2022 under the supervision of Prof. Shengchao Qin. He received his bachelor's and master's degrees in software engineering from Shenzhen University in 2015 and 2018, respectively. In addition, he worked as a visiting researcher at the Cyber Security Lab of Nanyang Technological University Singapore from 2018 to 2019. He also worked as an intern at the Trustworthiness Testing Engineering Lab at Huawei Technologies Co., Ltd from July 2021 to July 2022. Collaborations are warmly welcome from both academia or industry! More information here.
Education
-
ShenZhen University, ShenZhen, China
- Ph.D in Computer science and technology
- September 2019 – December 2022
- Supervisor: Prof. Shengchao Qin
-
ShenZhen University, ShenZhen, China
- M.S. in Software Engineering
- September 2015 – June 2018
- Supervisor: Prof. Shengchao Qin
-
ShenZhen University, ShenZhen, China
- B.S. in Software Engineering
- September 2011 – June 2015
Work Experience
-
Xidian University, Guangzhou, China
- Lecturer in Guangzhou Institute of Technology
- December 2022 – Now
Research Experience
-
Huawei Technologies Co., Ltd, Shenzhen, China
- Intern in Trustworthiness Testing Engineering Lab
- September 2021 – December 2022
- Duties included: Controlled Concurrency Testing via Periodical Scheduling, Program Verification with CBMC.
-
Huawei Technologies Co., Ltd, Dongguan, China
- Intern in Data Communication Trustworthiness Enabling and IPD Dept
- September 2020 – March 2021
- Duties included: Formal verification of Secure Boot Module.
-
Nanyang Technological University, Singapore
- Visiting researcher
- July 2018 – July 2019
- Duties included: MemLock: Memory Usage Guided Fuzzing; Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
- Co-supervisor: Prof. Yang Liu
Pulications
See also at Google Scholar and DBLP.
2024
-
Cheng Wen, Jialun Cao, Jie Su, Zhiwu Xu, Shengchao Qin, Mengda He, Haokun Li, Shing-Chi Cheung, Cong Tian.
Enchanting Program Specification Synthesis by Large Language Models using Static Analysis and Program Verification.
Accepted by 36th International Conference on Computer Aided Verification (CAV). Montreal, Canada, 22-27th July 2024.
Learn more at https://sites.google.com/view/autospecification/
PDF, 
DOI, 
Code
-
Zhiwu Xu, Bohao Wu, Cheng Wen, Bin Zhang, Shengchao Qin, Mengda He.
RPG: Rust Library Fuzzing with Pool-based Fuzz Target Generation and Generic Support.
IEEE/ACM 46th International Conference on Software Engineering (ICSE). Lisbon, Poptugal, 14-20th April 2024.
ICSE'22 Artifact Evaluation Committee awarded 
available badge for RPG!
Learn more at https://sites.google.com/view/rust-rpg/
PDF, DOI, Code
-
Cheng Wen, Yuandao Cai, Bin Zhang, Jie Su, Zhiwu Xu, Dugang Liu, Shengchao Qin, Zhong Ming, Cong Tian.
Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?
Accepted by Transactions on Knowledge Discovery from Data (TKDD). 2024.
PDF, DOI, Code
-
Jie Su, Liansai Deng, Cheng Wen, Shengchao Qin and Cong Tian.
CFStra: Enhancing Configurable Program Analysis Through LLM-driven Strategy Selection Based on Code Features.
Accepted by the 18th Theoretical Aspects of Software Engineering Conference (TASE). 2024.
-
Jiacheng Jiang, Cheng Wen, Shengchao Qin.
CtxFuzz: Discovering Heap-based Memory Vulnerabilities Through Context Heap Operation Sequence Guided Fuzzing.
Accepted by the 18th Theoretical Aspects of Software Engineering Conference (TASE). 2024.
2022
-
Cheng Wen, Mengda He, Bohao Wu, Zhiwu Xu and Shengchao Qin.
Controlled Concurrency Testing via Periodical Scheduling.
IEEE/ACM 44th International Conference on Software Engineering (ICSE). PA, USA, 21-29th May 2022.
ICSE'22 Artifact Evaluation Committee awarded 
reusable badge and available badge for PERIOD!
Learn more at https://sites.google.com/view/period-cct/
PDF, 
BibTex, DOI, 
Slides, 
DataSet, 
Video, Code
2021
-
Zhiwu Xu, Cheng Wen, Shengchao Qin and Mengda He.
Extracting automata from neural networks using active learning.
PeerJ Computer Science. April 2021.
PDF, BibTex, DOI
2020
-
Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu and Ting Liu.
MemLock: Memory Usage Guided Fuzzing.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11th July 2020.
ICSE'20 Artifact Evaluation Committee awarded reusable badge and available badge for MemLock!
Learn more at https://wcventure.github.io/MemLock/
PDF, BibTex, DOI, Slides, DataSet, Video, Code
-
Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen and Yulei Sui.
Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11 July 2020.
Learn more at https://sites.google.com/view/uafl/
PDF, BibTex, DOI, Slides, DataSet, Video
2019
2018
-
Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Extracting Automata from Neural Networks Using Active Learning.
National Conference on Formal Methods and Applications (FMAC). Chongqin, China. 3-4th Nov 2018.
Best Paper Award
PDF, BibTex, DOI
-
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
State-taint analysis for detecting resource bugs.
Science of Computer Programming. Elsevier, 162:93-109, 15th Sep 2018.
PDF, BibTex, DOI
2017
-
Zhiwu Xu, Cheng Wen, Shengchao Qin and Zhong Ming.
Effective malware detection based on behaviour and data features.
International Conference on Smart Computing and Communication (SmartCom). Springer, Cham, Shenzhen, China. 12-14th Dec 2017.
Best Student Paper Award
PDF, BibTex, DOI, Slides, Code
-
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
Learning types for binaries.
International Conference on Formal Engineering Methods (ICFEM). Springer, Cham, Xi'an, China. 13-17th Nov 2017.
PDF, BibTex, DOI, Slides, DataSet, Code
Misc
Services
Practical Security Impact
I have found several security-critical vulnerabilities in widely used open-source projects and libraries, such as Bintuils, Elfutils, Libtiff, Binaryen, NASM, MJS, etc.
CVEs List (73 CVEs)
| CVE ID | Package | Vulnerability Type | CVE ID | Package | Vulnerability Type |
|---|---|---|---|---|---|
| CVE-2022-26291 | Lrzip v0.641 | Concurrency Use-after-free | |||
| CVE-2020-36375 | MJS 1.20.1 | Stack Overflow | CVE-2020-36374 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36373 | MJS 1.20.1 | Stack Overflow | CVE-2020-36372 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36371 | MJS 1.20.1 | Stack Overflow | CVE-2020-36370 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36369 | MJS 1.20.1 | Stack Overflow | CVE-2020-36368 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36367 | MJS 1.20.1 | Stack Overflow | CVE-2020-36366 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-18900 | libyal libexe 20181128 | Heap Buffer Overflow | CVE-2020-18897 | libyal Libpff before 20180623 | Use-after-free |
| CVE-2020-18899 | Exiv2 0.27 | Uncontrolled Memory Allocation | CVE-2020-18898 | Exiv2 0.27 | Stack Overflow |
| CVE-2020-18395 | GNU Gama 2.04 | NULL Pointer Dereference | CVE-2020-18392 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-18382 | Binaryen 1.38.25 | NULL Pointer Dereference | CVE-2020-18378 | Binaryen 1.38.26 | Heap Buffer Overflow |
| CVE-2019-16166 | GNU cflow 1.6 | Heap Buffer Overflow | CVE-2019-16165 | GNU cflow 1.6 | Use-after-free |
| CVE-2019-15140 | ImageMagick 7.0.8-43 | Use-after-free | CVE-2019-11471 | Libheif v1.4.0 | Use-after-free |
| CVE-2019-7704 | Binaryen 1.38.22 | Uncontrolled Memory Allocation | CVE-2019-7703 | Binaryen 1.38.22 | Use-after-free |
| CVE-2019-7702 | Binaryen 1.38.22 | NULL pointer dereference | CVE-2019-7701 | Binaryen 1.38.22 | Heap Buffer Overflow |
| CVE-2019-7700 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7699 | Bento4 v1.5.1-627 | Heap Buffer Overflow |
| CVE-2019-7698 | Bento4 v1.5.1-627 | Uncontrolled Memory Allocation | CVE-2019-7697 | Bento4 v1.5.1-627 | Assertion failed |
| CVE-2019-7665 | Elfutils 0.175 | Heap Buffer Overflow | CVE-2019-7664 | Elfutils 0.175 | negative-size in memcpy |
| CVE-2019-7663 | Libtiff 4.0.10 | Invalid Address Read | CVE-2019-7662 | Binaryen 1.38.22 | Assertion failed |
| CVE-2019-7154 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7153 | Binaryen 1.38.22 | NULL pointer dereference |
| CVE-2019-7152 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7151 | Binaryen 1.38.22 | NULL pointer dereference |
| CVE-2019-7150 | Elfutils 0.175 | Unknown Crash | CVE-2019-7149 | Elfutils 0.175 | Heap Buffer Overflow |
| CVE-2019-7148 | Elfutils 0.175 | Uncontrolled Memory Allocation | CVE-2019-7147 | NASM 2.14rc16 | Global buffer overflow |
| CVE-2019-6293 | Elfutils 0.175 | Heap Buffer Overflow | CVE-2019-6293 | Flex 2.6.4 | Stack Overflow |
| CVE-2019-6292 | Yaml-cpp v0.6.2 | Stack Overflow | CVE-2019-6291 | NASM 2.14.03rc1 | Stack Overflow |
| CVE-2019-6290 | NASM 2.14.03rc1 | Stack Overflow | CVE-2018-20712 | Binutils 2.31 | Heap Buffer Overflow |
| CVE-2018-20657 | Binutils 2.31 | Memory Leak | CVE-2018-20652 | Tinyexr v0.9.5 | Uncontrolled Memory Allocation |
| CVE-2018-20651 | Binutils 2.31 | Invalid Address Read | CVE-2018-20593 | Mini Xml v2.1 | Stack Buffer Overflow |
| CVE-2018-20592 | Mini Xml v2.1 | Use-after-free | CVE-2018-20591 | libming v0.4.8 | Heap Buffer Overflow |
| CVE-2018-20002 | Binutils 2.31 | Memory Leak | CVE-2018-18701 | Binutils 2.31 | Stack Overflow |
| CVE-2018-18700 | Binutils 2.31 | Stack Overflow | CVE-2018-18607 | Binutils 2.31 | NULL Pointer Dereference |
| CVE-2018-18606 | Binutils 2.31 | NULL Pointer Dereference | CVE-2018-18605 | Binutils 2.31 | Heap Buffer Overflow |
| CVE-2018-18521 | Elfutils 0.174 | Divide-by-zero | CVE-2018-18520 | Elfutils 0.174 | Invalid Address Read |
| CVE-2018-18484 | Binutils 2.31 | Stack Overflow | CVE-2018-18483 | Binutils 2.31 | Integer overflow |
| CVE-2018-18310 | Elfutils 0.174 | Invalid Address Read | CVE-2018-18309 | Binutils 2.31 | Invalid Address Read |
| CVE-2018-17985 | Binutils 2.31 | Stack Overflow | CVE-2018-17795 | LibTIFF 4.0.9 | Heap Buffer Overflow |
| CVE-2018-17794 | Binutils 2.31 | NULL Pointer Dereference | CVE-2018-16403 | Elfutils 0.173 | Heap Buffer Overflow |
| CVE-2018-16402 | Elfutils 0.173 | Double Free | CVE-2018-16062 | Elfutils 0.173 | Heap Buffer Overflow |
Open Source Project
Here are some open-source project. Share it with you in the spirit of open source. more detail can be seen at https://github.com/wcventure.
-
p
(ICSE2022) Controlled Concurrency Testing via Periodical Scheduling
https://github.com/wcventure/PERIOD -
d
MemLock
(ICSE2020) A feed-back directed fuzzer that guided by both memory usage and brach coverage.
https://github.com/wcventure/MemLock-Fuzz
-
m
These are my own summary notes after reading interesting papers. They are posted on CSDN blog.
https://blog.csdn.net/wcventure -
b
(ICFEM2017 / IEEE Transactions on Reliability) Learning Type for Binary / Type Learning for Binaries and its Applications
https://github.com/wcventure/BITY -
e
(SmartCom2017) An Effective Malware Detection based on Behaviour and Data Feature
https://github.com/wcventure/PC-Malware-Sklearner
Gallery
This gallery shows my colorful trace in different activity. Learn more at here.
Activity
I often share papers that I have read on CSDN. Welcome to exchange the view point on interesting research work. I am also an E-sports enthusiast, focusing on E-sports games and host games. If you want to play with me, you can add me to your friend list.
wcventure
CSDN
I have a blog of CSDN. After reading some interesting papers, I often share my experience on CSDN blog. Sometimes I will provide some translation of English papers.
wcventure
Github
This is my GitHub homepage. My GitHub is mainly used to publish open source projects and published papers. I often focus on the general trend of affairs of GitHub.
wcventure
Steam Community
My ID in Steam Community is wcventure. I've played a lot of interesting games. I will continue to be active in the steam community.
136025205
DOTA2
I like DOTA2 very much and focus on the TI competition every year. I believe that "CN DOTA, the best DOTA". I would like to thank all of the players, talent, and everyone in the Dota community for helping bring this game to life.
wcventure
Youku
I am also a video game maker. I often record video games and publish my game strategy. I used to do live broadcast on Douyu TV. My Youku channel also has many people's attention.
计算机论文笔记-wcventure
Zhihu
The articles in my Zhihu homepage ususlly is same as the articles in my CSDN homepage. After reading some interesting papers, I often share my experience on CSDN blog. Sometimes I will provide some translation of English papers.