Yi Li | Associate Professor | NTU

Papers accepted by ASE 2025

2025-09-26T00:00:00-00:00

We have three technical papers and a tool demonstration paper accepted at ASE’25:

Defects4C [1]: The first major benchmark for evaluating LLMs on fixing real-world C/C++ bugs, closing a crucial gap in automated program repair.
DeFiScope [2]: An LLM-powered detector that finds DeFi price manipulation attacks with 96% precision, uncovering 81 previously unknown incidents.
Co^2FuLL [3]: Makes binary code analysis accurate and explainable by fusing context with content and using LLMs for verification, boosting precision by 142.5%.
DeepTx [4]: A real-time Web3 transaction shield that uses multi-modal LLM reasoning to stop phishing attacks before they happen.

DeepTx is open-source and a video demostration can be found below:

DeepTx Demo Video

This year, ASE received 1190 submissions and 1136 were remaining after desk rejection. Out of the 1136 submissions, 113 papers were directly accepted and 132 were accepted after major revisions, which gives an overall acceptance rate of 21.6%.

References

Wang, J., Xie, X., Hu, Q., Liu, S., Yu, J., Kong, J., & Li, Y. (2025, November). Defects4C: Benchmarking Large Language Model Repair Capability with C/C++ Bugs. Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE).
Zhong, J., Wu, D., Liu, Y., Xie, M., Liu, Y., Li, Y., & Liu, N. (2025, November). Detecting Various DeFi Price Manipulations with LLM Reasoning. Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE).
Dong, C., Guo, J., Yang, S., Li, Y., Fang, D., Xiao, Y., Chen, Y., & Sun, L. (2025, November). Advancing Binary Code Similarity Detection via Context-Content Fusion and LLM Verification. Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE).
Liu, Y., Li, X., & Li, Y. (2025, November). DeepTx: Real-Time Transaction Risk Analysis via Multi-Modal Features and LLM Reasoning. Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE).

Papers accepted by ASE 2025 was originally published by Yi Li at Yi Li | Associate Professor | NTU on September 26, 2025.

Paper accepted by ISSTA 2025

2025-06-14T00:00:00-00:00

A paper [1] in collaboration with Xiufeng Xu (my PhD student), Fuman Xie, Chenguang Zhu, Guangdong Bai, and Sarfraz Khurshid was accepted at ISSTA’25. A summary of the paper is below:

Modern AI- and Data-intensive software systems rely heavily on data science and machine learning libraries that provide essential algorithmic implementations and computational frameworks. These libraries expose complex APIs whose correct usage has to follow constraints among multiple interdependent parameters. Developers using these APIs are expected to learn about the constraints through the provided documentation and any discrepancy may lead to unexpected behaviors. However, maintaining correct and consistent multi- parameter constraints in API documentation remains a significant challenge for API compatibility and reliability. To address this challenge, we propose MPChecker for detecting inconsistencies between code and documentation, specifically focusing on multi-parameter constraints. MPChecker identifies these constraints at the code level by exploring execution paths through symbolic execution and further extracts corresponding constraints from documentation using large language models (LLMs). We propose a customized fuzzy constraint logic to reconcile the unpredictability of LLM outputs and detect logical inconsistencies between the code and documentation constraints. We collected and constructed two datasets from four popular data science libraries and evaluated MPChecker on them. The results demonstrate that MPChecker can effectively detect inconsistency issues with the precision of 92.8%. We further reported 14 detected inconsistency issues to the library developers, who have confirmed 11 issues at the time of writing.

This year, 107 out of 550 submissions were accepted at ISSTA, which gives an acceptance rate of 19.4%.

References

Xu, X., Xie, F., Zhu, C., Bai, G., Khurshid, S., & Li, Y. (2025, June). Identifying Multi-Parameter Constraint Errors in Python Data Science Library API Documentations. Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).

Paper accepted by ISSTA 2025 was originally published by Yi Li at Yi Li | Associate Professor | NTU on March 30, 2025.

Won Distinguished Paper Award at NDSS'25

2025-02-27T00:00:00-00:00

Our paper, “PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation” [1], have won a Distinguished Paper Award at NDSS’25.

References

Liu, Y., Xue, Y., Wu, D., Sun, Y., Li, Y., Shi, M., & Liu, Y. (2025, February). PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation. Proceedings of 32nd Annual Network and Distributed System Security Symposium (NDSS).

Won Distinguished Paper Award at NDSS'25 was originally published by Yi Li at Yi Li | Associate Professor | NTU on February 27, 2025.

Paper accepted by ICSE 2025

2024-11-03T00:00:00-00:00

A paper [1] in collaboration with Lezhi Ma, Shangqing Liu, Xiaofei Xie, and Lei Bu was accepted at ICSE’25. A summary of the paper is below:

In the software development process, formal program specifications play a crucial role in various stages, including requirement analysis, software testing, and verification. However, manually crafting formal program specifications is rather difficult, making the job time-consuming and labor-intensive. Moreover, it is even more challenging to write specifications that correctly and comprehensively describe the semantics of complex programs. To reduce the burden on software developers, automated specification generation methods have emerged. However, existing methods usually rely on predefined templates or grammar, making them struggle to accurately describe the behavior and functionality of complex real-world programs.

To tackle this challenge, we introduce SpecGen, a novel technique for formal program specification generation based on Large Language Models (LLMs). Our key insight is to overcome the limitations of existing methods by leveraging the code comprehension capability of LLMs. The process of SpecGen consists of two phases. The first phase employs a conversational approach that guides the LLM to generate appropriate specifications for a given program, aiming to utilize the ability of LLM to generate high-quality specifications. The second phase, designed for where the LLM fails to generate correct specifications, applies four mutation operators to the model-generated specifications and selects verifiable specifications from the mutated ones through a novel heuristic selection strategy by assigning different weights of variants in an efficient manner. We evaluate SpecGen on two datasets, including the SV-COMP Java category benchmark and a manually constructed dataset containing 120 programs. Experimental results demonstrate that SpecGen succeeds in generating verifiable specifications for 279 out of 385 programs, outperforming the existing LLM-based approaches and conventional specification generation tools like Houdini and Daikon. Further investigations on the quality of generated specifications indicate that SpecGen can comprehensively articulate the behaviors of the input program.

References

Ma, L., Liu, S., Li, Y., Xie, X., & Bu, L. (2025, April). SpecGen: Automated Generation of Formal Program Specifications via Large Language Models. Proceedings of the 47th International Conference on Software Engineering (ICSE).

Paper accepted by ICSE 2025 was originally published by Yi Li at Yi Li | Associate Professor | NTU on November 03, 2024.

Papers accepted by ASE 2024

2024-08-10T00:00:00-00:00

We have a technical paper [1] and a tool demonstration paper [2] accepted at ASE’24. The first paper presents an empirical study evaluating existing AIGC detectors in the software domain. Despite its potential, the misuse of LLMs, especially in security and safety-critical domains, such as academic integrity and answering questions on Stack Overflow, poses significant concerns. In the second paper, we introduce OpenTracer, which offers comprehensive tracking of complete transaction information to extract user-desired data such as invariant-related data. OpenTracer has been employed to analyze 350,800 Ethereum transactions, successfully inferring 23 different types of invariant from predefined templates. OpenTracer is open-source and a video demostration can be found below.

OpenTracer Demo Video

This year, 118 out of 587 submissions were accepted (another 37 were conditionally accepted) at ASE, which gives an acceptance rate of 27.3%.

References

Wang, J., Liu, S., Xie, X., & Li, Y. (2024). An Empirical Study to Evaluate AIGC Detectors on Code Content. Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), 844–856.
Chen, Z., Liu, Y., Beillahi, S. M., Li, Y., & Long, F. (2024). OpenTracer: A Dynamic Transaction Trace Analyzer for Smart Contract Invariant Generation and Beyond. Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2399–2402.

Papers accepted by ASE 2024 was originally published by Yi Li at Yi Li | Associate Professor | NTU on August 08, 2024.

Paper accepted by FSE 2024

2024-04-15T00:00:00-00:00

A paper [1] in collaboration with Zhiyang Chen, Ye Liu, Sidi Mohamed Beillahi, and Fan Long was accepted at FSE’24. A summary of the paper is below:

Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared with historical benign transactions before the attacking events. While many runtime monitoring and guarding mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. Using these well-established invariants as templates, we developed a tool which dynamically generates new invariants customized for a given contract based on its historical transaction data. We evaluated our tool on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants remain effective even when the experienced attackers attempt to bypass them. Additionally, we explored the possibility of combining multiple invariant guards, resulting in enhanced true positive rates and reduced false positive rates.

References

Chen, Z., Liu, Y., Beillahi, S. M., Li, Y., & Long, F. (2024). Demystifying Invariant Effectiveness for Securing Smart Contracts. Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (FSE), 1(FSE), 1772–1795.

Paper accepted by FSE 2024 was originally published by Yi Li at Yi Li | Associate Professor | NTU on April 15, 2024.

Paper accepted by ACM Computing Surveys

2024-04-03T00:00:00-00:00

A paper [1] in collaboration with Jacob Krüger, Kirill Lossev, Chenguang Zhu, Marsha Chechik, Thorsten Berger, and Julia Rubin was accepted by ACM Computing Surveys. A quick summary of the paper is given below.

Every software system undergoes changes, for example, to add new features, fix bugs, or refactor code. The importance of understanding software changes has been widely recognized, resulting in various techniques and studies, for instance, on change-impact analysis or classifying developers’ activities. Since changes are triggered by developers’ intentions—something they plan or want to change in the system, many researchers have studied intentions behind changes. While there appears to be a consensus among software-engineering researchers and practitioners that knowing the intentions behind software changes is important, it is not clear how developers can actually benefit from this knowledge. In fact, there is no consolidated, recent overview of the state-of-the-art on software-change intentions (SCIs) and their relevance for software engineering. We present a meta-study of 122 publications, which we used to derive a categorization of SCIs; and to discuss motivations, evidence, and techniques relating to SCIs. Unfortunately, we found that individual pieces of research are often disconnected from each other because a common understanding is missing. Similarly, some publications showcase the potential of knowing SCIs, but more substantial research to understand the practical benefits of knowing SCIs is needed. Our contributions can help researchers and practitioners improve their understanding of SCIs and how SCIs can aid software engineering tasks.

References

Krüger, J., Li, Y., Lossev, K., Zhu, C., Chechik, M., Berger, T., & Rubin, J. (2024). A Meta-Study of Software-Change Intentions. ACM Computing Surveys, 56(12), 1–41.

Paper accepted by ACM Computing Surveys was originally published by Yi Li at Yi Li | Associate Professor | NTU on April 03, 2024.

Paper accepted by INFOCOM 2024

2023-12-01T00:00:00-00:00

Xiaodong Qi’s paper [1] was accepted at INFOCOM. A quick summary of the paper is given below.

Sharding is a prevailing solution to enhance the scalability of current blockchain systems. However, the cross-shard commit protocols adopted in these systems to commit cross-shard transactions commonly incur multi-round shard-to-shard communication, leading to low performance. Furthermore, most solutions only focus on simple transfer transactions without supporting complex smart contracts, preventing sharding from widespread applications. In this paper, we propose LightCross, a novel blockchain sharding system that enables efficient execution of complex cross-shard smart contracts. First, LightCross offloads the execution of cross-shard transactions into off-chain executors equipped with the TEE hardware, which can accommodate execution for arbitrarily complex contracts. Second, we design a lightweight cross-shard commit protocol to commit cross-shard transactions without multi-round shard-to-shard communication between shards. Last, LightCross lowers the cross-shard transaction ratio by dynamically changing the distribution of contracts according to historical transactions. We implemented the LightCross prototype based on the FISCO-BCOS project and evaluated it in real-world blockchain environments, showing that LightCross can achieve 2.6× more throughput than state-of-the-art sharding systems.

This year, 256 out of 1307 submissions were accepted at INFOCOM, which gives an acceptance rate of 19.6%.

References

Qi, X., & Li, Y. (2024). LightCross: Sharding with Lightweight Cross-Shard Execution for Smart Contracts. Proceedings of the 42nd IEEE International Conference on Computer Communications (INFOCOM), 1681–1690.

Paper accepted by INFOCOM 2024 was originally published by Yi Li at Yi Li | Associate Professor | NTU on December 01, 2023.

Won ACM SIGSOFT Distinguished Paper Award at ASE'23

2023-09-14T00:00:00-00:00

Our paper, “EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software” [1], have won an ACM SIGSOFT Distinguished Paper Award at ASE’23. These were among the ten Distinguished Paper Awards selected from the 134 accepted papers (out of 629 submissions).

References

Zhang, Y., Xie, X., Li, Y., Chen, S., Zhang, C., & Li, X. (2023). EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software. Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 686–697.

Won ACM SIGSOFT Distinguished Paper Award at ASE'23 was originally published by Yi Li at Yi Li | Associate Professor | NTU on September 14, 2023.

Paper accepted by FSE 2023 Ideas, Visions and Reflections Track

2023-07-19T00:00:00-00:00

A vision paper [1] tegother with Jacob Krüger, Chenguang Zhu, Marsha Chechik, Thorsten Berger, and Julia Rubin, is accepted at the FSE’23 Ideas, Visions and Reflections track. A summary of the paper is below:

Intentions are fundamental in software engineering, but are typically only implicitly considered through various related abstractions, such as requirements, use cases, features, or issues. Specifically, software engineers develop and evolve a software system based on such abstractions of a stakeholder’s intention—something a stakeholder wants the system to be able to do. Unfortunately, existing abstractions are (inherently) limited when it comes to representing stakeholder intentions and are used for documenting only. So, whether a change in a system fulfills its underlying intention (and only this one) is an essential problem in practice that motivates many research areas (e.g., testing to ensure intended behavior, untangling intentions in commits). We argue that none of the existing abstractions is ideal for capturing intentions and controlling software evolution, which is why intentions are often vague and must be recovered, untangled, or understood in retrospect. In this paper, we reflect on the role of intentions in software engineering and sketch how improving their management may support developers. Particularly, per we argue that continuously managing and controlling intentions as well as their fulfillment has the potential to improve the reasoning about what stakeholder requests have been addressed, avoid misunderstandings, and prevent expensive retrospective analyses. To guide future research for achieving such benefits for researchers and practitioners, we discuss the relations of different abstractions to intentions and propose steps towards managing intentions.

References

Krüger, J., Li, Y., Zhu, C., Chechik, M., Berger, T., & Rubin, J. (2023). A Vision on Intentions in Software Engineering. Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), 2117–2121.

Paper accepted by FSE 2023 Ideas, Visions and Reflections Track was originally published by Yi Li at Yi Li | Associate Professor | NTU on July 19, 2023.

Papers accepted by ASE 2023

2023-07-18T00:00:00-00:00

We have a technical paper [1] and a tool demonstration paper [2] accepted at ASE’23. The technical paper presents a practical method for detecting no-termination bugs in real-world software systems. While loop termination has been studied for many years, existing methods have limited scalability and are only effective on small programs. Our technique, EndWatch, is shown more effective than the state-of-the-art tools on standard benchmarks (detecting 87% of non-terminating programs while the best baseline detects only 67%), and useful in detecting non-termination in real-world projects (detecting 90% of known non-termination CVEs and 4 unknown bugs). In the second paper, we introduce a new dataset, CompSuite, which includes 123 real-world incompatibility issues. CompSuite is made available online and a video demostration can be found below.

CompSuite Demo Video

This year, 103 out of 629 submissions were accepted (another 31 were conditionally accepted) at ASE, which gives an acceptance rate of 21%.

References

Zhang, Y., Xie, X., Li, Y., Chen, S., Zhang, C., & Li, X. (2023). EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software. Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 686–697.
Xu, X., Zhu, C., & Li, Y. (2023). CompSuite: A Dataset of Java Library Upgrade Incompatibility Issues. Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2098–2101.

Papers accepted by ASE 2023 was originally published by Yi Li at Yi Li | Associate Professor | NTU on July 18, 2023.

Paper accepted by ICDCS 2023

2023-04-10T00:00:00-00:00

Our paper [1] in collaboration with Xiaodong Qi and Jiao Jiao was accepted at ICDCS. A quick summary of the paper is given below.

As various optimizations being proposed recently, the performance of blockchains is no longer limited by the consensus protocols, successfully scaling to thousands of transactions per second. To further improve blockchains’ throughput, exploiting the parallelism in smart contract executions becomes a clear solution to resolve the new performance bottleneck. The existing techniques perform concurrency control on smart contract transactions based on pre-determined read/write sets, which can hardly be calculated precisely. As a result, many parallelization opportunities are missed in order to maintain the correctness of transaction executions. In this paper, we propose a novel execution scheduling framework, DMVCC, to further increase the parallelism in smart contract executions, via more fine-grained control on state accesses. DMVCC improves over existing techniques with two key features: (1) write versioning, eliminating the write-write conflicts between transactions, and (2) early-write visibility, enabling other transactions to read the writes from a transaction earlier, before it being committed. We integrated DMVCC into the Ethereum Virtual Machine, to evaluate its performance in real-world blockchain environments. The experimental results show that DMVCC doubles the parallel speedup achievable to a 20× overall speedup, compared with the serial execution baseline, approaching the theoretical optimum.

This year, 83 out of 439 submissions were accepted at ICDCS, which gives an acceptance rate of 18.9%.

References

Qi, X., Jiao, J., & Li, Y. (2023). Smart Contract Parallel Execution with Fine-Grained State Accesses. Proceedings of the 43rd IEEE International Conference on Distributed Computing Systems (ICDCS), 841–852.

Paper accepted by ICDCS 2023 was originally published by Yi Li at Yi Li | Associate Professor | NTU on April 10, 2023.

Paper accepted by ICSE 2023

2022-12-11T00:00:00-00:00

Our paper [1] in collaboration with Sahar Badihi, Khaled Ahmed, and Julia Rubin was accepted at ICSE. A quick summary of the paper is given below.

Numerous program slicing approaches aim at helping developers troubleshoot regression failures – one of the most time-consuming development tasks. The main idea behind these approaches is to identify a subset of interdependent program statements relevant to the failure, minimizing the amount of code developers need to inspect. Accuracy and reduction rate achieved by these techniques are key considerations toward their applicability in practice: inspecting only the statements identified in the slice should be faster and more efficient than inspecting the code in full. This paper reports on our experiment applying one of the most recent and accurate slicing approaches, dual slicing, to the task of troubleshooting regression failures in eight large, open-source software projects. The results of our experiments show that slices produced in this setup are still very large to be comfortably managed. Moreover, we observe that most statements in the slice deal with propagation of information between changed code blocks; these statements are essential for obtaining the necessary context for the changes but are not responsible for the failure directly. Motivated by this insight, we propose a novel approach, implemented in a tool named ConSumSlice, for reducing the size of a slice by accurately identifying and summarizing the propagation-related code blocks. Our evaluation of ConSumSlice shows that it is able to produce slices that are 75% shorter than the original ones for our case-study projects (299 vs. 2,449 code-level statements, on average), thus, reducing the amount of information developers need to inspect without losing the necessary contextual information. We believe our study and the proposed approach will help promote the efficient integration of slicing-based techniques in debugging activities and will inspire further research in this area.

This year, 209 out of 796 submissions were accepted at ICSE, and 35 of them were conditionally accepted, which gives an acceptance rate of 26%.

References

Badihi, S., Ahmed, K., Li, Y., & Rubin, J. (2023). Responsibility in Context: On Applicability of Slicing in Semantic Regression Analysis. Proceedings of the 45th International Conference on Software Engineering (ICSE), 563–575.

Paper accepted by ICSE 2023 was originally published by Yi Li at Yi Li | Associate Professor | NTU on December 11, 2022.

Paper accepted by ACM Transactions on Software Engineering and Methodology

2022-11-26T00:00:00-00:00

Our paper [1] in collaboration with Chenguang Zhu, Mengshi Zhang, Xiuheng Wu, and Xiufeng Xu was accepted by TOSEM. A quick summary of the paper is given below.

Modern software systems are complex and they heavily rely on external libraries developed by different teams and organizations. Such systems suffer from higher instability due to incompatibility issues caused by library upgrades. In this paper, we address the problem by investigating the impact of a library upgrade on the behaviors of its clients. We developed CompCheck, an automated upgrade compatibility checking framework which generates incompatibility-revealing tests based on previous examples. CompCheck first establishes an offline knowledge base of incompatibility issues by mining from open source projects and their upgrades. It then discovers incompatibilities for a specific client project, by searching for similar library usages in the knowledge base and generating tests to reveal the problems. We evaluated CompCheck on 202 call sites of 35 open-source projects and the results show that CompCheck successfully revealed incompatibility issues on 76 call sites, 72.7% and 94.9% more than two existing techniques, confirming CompCheck’s applicability and effectiveness.

References

Zhu, C., Zhang, M., Wu, X., Xu, X., & Li, Y. (2023). Client-Specific Upgrade Compatibility Checking via Knowledge-Guided Discovery. ACM Transactions on Software Engineering and Methodology, 32(4), 1–31.

Paper accepted by ACM Transactions on Software Engineering and Methodology was originally published by Yi Li at Yi Li | Associate Professor | NTU on November 26, 2022.

Papers accepted by ASE 2022

2022-09-15T00:00:00-00:00

Two papers were recently accepted at ASE’22. The first one [1] is on the detection of API documentation errors in Solidity smart contract libraries. This is a joint work with my former research assistant, Chenguang Zhu, as well as my PhD students, Ye Liu and Xiuheng Wu. The second one [2] is an empirical study on the third-party library dependencies in the C/C++ Ecosystem.

This year, 78 out of 527 submissions (4 desk rejected) were accepted at ASE, and 38 submissions were conditionally accepted, which gives an acceptance rate of 22%.

References

Zhu, C., Liu, Y., Wu, X., & Li, Y. (2022). Identifying Solidity Smart Contract API Documentation Errors. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), 1–13.
Tang, W., Xu, Z., Liu, C., Wu, J., Yang, S., Li, Y., Luo, P., & Liu, Y. (2022). Towards Understanding Third-Party Library Dependency in C/C++ Ecosystem. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), 1–12.

Papers accepted by ASE 2022 was originally published by Yi Li at Yi Li | Associate Professor | NTU on September 15, 2022.

Paper accepted by FSE 2022 Demonstrations Track

2022-08-12T00:00:00-00:00

Most of the existing smart contract symbolic execution tools perform analysis on bytecode, which loses high-level semantic information presented in source code. This makes interactive analysis tasks—such as visualization and debugging—extremely challenging, and significantly limits the tool usability.

With Shang-Wei Lin, Palina Tolmach, and Ye Liu, we present SolSEE, a source-level symbolic execution engine for Solidity smart contracts. We describe the design of SolSEE, highlight its key features, and demonstrate its usages through a Web-based user interface. SolSEE demonstrates advantages over other existing source-level analysis tools in the advanced Solidity language features it supports and analysis flexibility.

A paper [1] describing SolSEE is accepted at the FSE’22 Demonstration track. You can find the video demonstration of the tool below.

SolSEE Demo Video

References

Lin, S.-W., Tolmach, P., Liu, Y., & Li, Y. (2022). SolSEE: A Source-Level Symbolic Execution Engine for Solidity. Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), 1687–1691.

Paper accepted by FSE 2022 Demonstrations Track was originally published by Yi Li at Yi Li | Associate Professor | NTU on August 12, 2022.

PhD Scholarship Available at NTU

2022-08-04T00:00:00-00:00

A fully-funded PhD position is available at the Nanyang Technological University (NTU) in the area of Blockchain and Smart Contracts. The successful applicant will start from Aug 2023.

Students with strong background in software engineering, software security, distributed systems, and other relevant fields are encouraged to apply. The NTU Research Scholarship provides a monthly stipend plus a tuition fee subsidy.

Interested candidates should send their CVs to Yi Li ([email protected]?subject=PhD Application">[email protected]).

About NTU, SCSE, and Singapore

NTU is a fast-rising young university. It is now placed No. 11 in the world according to the QS World University Rankings (2020) and No. 2 among universities under 50 years by the Times Higher Education (2022). The School of Computer Science and Engineering (SCSE) of NTU is ranked 4th and 8th in the computer science subject in the world according to the 2021 US News ranking and 2022 Global Ranking of Academic Subjects (Shanghai Ranking), respectively. Moreover, you will enjoy multiple advantages of studying in Singapore including (1) internationally competitive stipend, (2) high-quality living, and (3) world’s safest multicultural environment.

PhD Scholarship Available at NTU was originally published by Yi Li at Yi Li | Associate Professor | NTU on August 02, 2022.

Won two ACM SIGSOFT Distinguished Paper Awards

2022-07-13T00:00:00-00:00

Both of our papers, “Finding Permission Bugs in Smart Contracts with Role Mining” and “Cross-Lingual Transfer Learning for Statistical Type Inference”, have won ACM SIGSOFT Distinguished Paper Awards at ISSTA’22.

Won two ACM SIGSOFT Distinguished Paper Awards was originally published by Yi Li at Yi Li | Associate Professor | NTU on July 13, 2022.

Paper accepted by ASE 2022 NIER Track

2022-07-09T00:00:00-00:00

Programming errors enable security attacks on smart contracts, which are used to manage large sums of financial assets. Automated program repair (APR) techniques aim to reduce developers’ burden of manually fixing bugs by automatically generating patches for a given issue. Existing APR tools for smart contracts focus on mitigating typical smart contract vulnerabilities rather than violations of functional specification. However, in decentralized financial (DeFi) smart contracts, the inconsistency between intended behavior and implementation translates into the deviation from the underlying financial model, resulting in irrecoverable monetary losses for the application and its users.

With Palina Tolmach and Shang-Wei Lin, we propose DeFinery [1]—a technique for automated repair of a smart contract that does not satisfy a user-defined correctness property, financial or otherwise. To explore a larger set of diverse patches while providing formal correctness guarantees w.r.t. the intended behavior, we combine search-based patch generation with semantic analysis of an original program for inferring its specification. Our experiments in repairing nine real-world and benchmark smart contracts reveal that DeFinery efficiently navigates the search space and generates higher-quality patches that cannot be obtained by other smart contract APR tools.

References

Tolmach, P., Li, Y., & Lin, S.-W. (2022). Property-Based Automated Repair of DeFi Protocols. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), 1–5.

Paper accepted by ASE 2022 NIER Track was originally published by Yi Li at Yi Li | Associate Professor | NTU on July 09, 2022.

Paper accepted by ASE 2022 Demonstrations Track

2022-07-09T00:00:00-00:00

Smart contracts are self-executing computer programs deployed on blockchain to enable trustworthy exchange of value without the need of a central authority. With the absence of documentation and specifications, routine tasks such as program understanding, maintenance, verification, and validation, remain challenging for smart contracts.

With my PhD student, Ye Liu, we propose a dynamic invariant detection tool, InvCon, for Ethereum smart contracts to mitigate this issue. The detected invariants can be used to not only support the reverse engineering of contract specifications, but also enable standard-compliance checking for contract implementations. InvCon provides a Web-based interface.

A paper [1] describing InvCon is accepted at the ASE’22 Demonstration track. You can find the video demonstration of the tool below.

InvCon Demo Video

References

Liu, Y., & Li, Y. (2022). InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts. Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), 1–4.

Paper accepted by ASE 2022 Demonstrations Track was originally published by Yi Li at Yi Li | Associate Professor | NTU on July 09, 2022.