Ziliang Lai, The Chinese University of Hong Kong
"Deterministic Concurrency Control for Private Blockchain" (SIGMOD 2021)

Private blockchain has gained popularity in inter-organization business processing (e.g., supply chain management [15] and crossborder payment [9]). It allows mutually untrusted parties to share data and mutate data in an endorsed manner. A typical private blockchain is composed of a consensus layer pipelined with an execution layer, where the organizations agree on the blocks of  transactions using the consensus layer and the transaction blocks are then passed to each organization’s executor for execution. To ensure the organizations share an identical view of data, one core requirement of the executor is determinism, i.e., given the same transaction blocks and the same initial state, the executors must produce an identical new state. While the consensus layer was regarded ... [Read more]

Haotian Zhang, The University of  Texas at Arlington
"Smaller and More Secure: Static Debloating of MIPS Firmware Shared Libraries"(PLDI 2021)

Over the past few years, the spotlight has been on the Internet of Things (IoT) market due to the sheer amount being deployed worldwide. With the IoT boom taking place, cyberattacks on embedded devices are now accelerating at an unprecedented rate [1]. The vulnerabilities in firmware, a class of software that is written to an embedded device to control user applications and various hardware functions, leave embedded systems open to attacks [2]. Although memory corruption vulnerabilities [3] have been around for decades, they also dominate the share of top-rated threats in embedded devices [4]. For example, buffer overflow bugs in WiFi routers and smart home devices allows remote attackers to completely take over the device and enter the home network [5]. Besides, returnoriented programming (ROP) techniques enable attackers to chain together short instruction sequences (i.e., code gadgets) already present in the program’s memory to bypass the executable-space protection...  [Read more]

Madhurima Chakraborty, University of California, Riverside
"A Study of Call Graph Effectiveness for Framework-Based Web Applications" (SPLASH 2021)

Advances in technology and the internet have made web applications an integral part of businesses, enabling them to thrive in increasingly competitive environments. However, this emergence of web applications has also led to the development of sophisticated cyber-threats. As a result, insecure web applications are now highly vulnerable to cyber-threats, like malware and cyber-attacks. An attack may break the functionality of the application, preventwebsite visitors from accessing it, and even compromise customers’ personal information. Based on a data generated from more than 15 million application security scans performed by different companies throughout 2021, researchers at NTT Application Security [6] found that half of all sites had at least one serious exploitable vulnerability throughout the year. Moreover, these web applications often use JavaScript (JS) to improve the interactivity and functionality of the websites... [Read more]

Zizheng Guo, Peking University 
"Heterogeneous Timing Estimation, Optimization, and Verification for VLSI Circuit Design Automation" (ICCAD 2021)

The semiconductor industry is experiencing both a widespread supply shortage and an unprecedented surge in demand for highly-customized chip designs ranging from data centers to consumer electronics. As the process node continues to shrink down below 5nm, tens of billions of transistors have been integrated into a single chip, introducing significant challenges to the chip performance analysis and optimization flow. A typical design flow optimizes chip performance through consecutidesign stages by iteratively invoking performance estimation routines guidance. The chip is then verified against its performance target. Such a flow requires months of effort even with experienced designers and the latest electronics design automation (EDA) software... [Read more]

Yihong Zhang,  The University of Washington
"Towards a Relational E-graph" (PLDI 2021)

 The congruence closure data structure, also known as the e-graph,compactly represents a set of terms and an equivalence relation over the terms. It is a central component of equality saturationbased optimizers [13, 15]. It has been rejuvenated with the recent egg framework and proven successful in many areas, including floating-point arithmetic [12], ML compilers [16], and digital signal processors [14]. Such applications typically populate a large number of equivalence classes (or e-classes). Therefore, the performance of e-graph frameworks is key to the success of modern e-graph based applications. E-matching, the procedure of performing pattern matching over an e-graph, is a major bottleneck in these modern e-graphworkloads. In a typical application [15], e-matching is responsible for 60–90% of the overall run time. The wide variety of e-graph applications is also placing new demands on the capability of e-graph frameworks. ... [Read more]

Chen Yang, Tianjin University
"Accelerating Redundancy-Based Program Repair via Code Representation Learning and Adaptive Patch Filtering" (ESEC/FSE 2021)

Automated program repair (APR) has attracted extensive attention and many APR techniques have been proposed recently, in which redundancy-based techniques have achieved great success. However, they still suffer from the efficiency issue. One key problem is how to advance the generation and validation of correct patches. Traditional redundancy-based approaches often use simple methods, such as statistical-based methods, to measure code similarity.This could result in the inaccuracy of measuring code similarity, which may produce meaningless patches that hinder the generation and validation of correct patches. Recently, state-of-the-art studies demonstrate that neural models can better represent source code. Therefore, to solve this issue, we propose a novel method AccPR, which leverages neural network for code representation learning to measure code similarity accurately and employs adaptive patch filtering to accelerate redundancy-based APR. We have implemented a prototype of AccPR and integrated it with a state-of-the-art APR tool, SimFix. We conducted a preliminary study on the benchmark, Defects4J, where the average improvement of repairing efficiency is 47.85%, indicating AccPR is promising. [Read more]