Publications

* corresponding author         † equal contribution        

[38] Yiran Zhang, Chengwei Liu, Yuqiang Sun, Zhengzi Xu, Weisong Sun, Wenke Li, Wuxia Jin, Yang Liu. Semantic-Enhanced Automatic Refinement of Architecture Recovery Results Using LLMs. Accepted, 48th IEEE/ACM International Conference on Software Engineering (ICSE 2026). Lisbon, Portugal.

[37] Wenbo Guo, Chengwei Liu, Limin Wang, Yiran Zhang, Jiahui Wu, Zhengzi Xu, Yang Liu. IntelliRadar: A Comprehensive Platform to Pinpoint Malicious Packages from Cyber Intelligence. Accepted, 48th IEEE/ACM International Conference on Software Engineering (ICSE 2026). Lisbon, Portugal.

[36] Yiran Zhang, Zhengzi Xu*, Zhe Lang, Chengyue Liu, Yuqiang Sun, Wenbo Guo, Chengwei Liu, Weisong Sun, Yang Liu. BinStruct: Binary Structure Recovery Combining Static Analysis and Semantics. Accepted, 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025). Seoul, South Korea.

[35] Kairan Sun, Zhengzi Xu*, Kaixuan Li, Lyuye Zhang, Yebo Feng, Daoyuan Wu, Yang Liu. Learning from the Past: Real-World Exploit Migration for Smart Contract PoC Generation. Accepted, 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025). Seoul, South Korea.

[34] Kairan Sun, Zhengzi Xu*, Kaixuan Li, Lyuye Zhang, Yuqiang Sun, Liwei Tan, Yang Liu. FAULTSEEKER: LLM-Empowered Framework for Blockchain Transaction Fault Localization. Accepted, 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025). Seoul, South Korea.

[33] Jingyi Shi, Yufeng Chen, Yang Xiao, Yuekang Li, Zhengzi Xu, Sihao Qiu, Chi Zhang, Keyu Qi, Yeting Li, Xingchu Chen, Yanyan Zou, Yang Liu, Wei Huo. A Large Scale Study of AI-based Binary Function Similarity Detection Techniques for Security Researchers and Practitioners. Accepted, 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025). Seoul, South Korea.

[32] Kai Huang, Zhengzi Xu, Su Yang, Hongyu Sun, Xuejun Li, Zheng Yan, Yuqing Zhang. Evolving Paradigms in Automated Program Repair: Taxonomy, Challenges, and Opportunities. ACM Comput. Surv. 57(2): 36:1-36:43 (2025)

[31] Zhiling Zhu, Tieming Chen, Chengwei Liu, Han Liu, Qijie Song, Zhengzi Xu, Yang Liu. Doctor: Optimizing Container Rebuild Efficiency by Instruction Re-orchestration. Proc. ACM Softw. Eng. 2(ISSTA): 1-23 (2025)

[30] Zhe Lang, Zhengzi Xu*, Xiaohui Chen, Shichao Lv, Zhanwei Song, Zhiqiang Shi, and Limin Sun. 2024. DeLink: Source File Information Recovery in Binaries. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024). Association for Computing Machinery, New York, NY, USA, 1009–1021. https://doi.org/10.1145/3650212.3680338

[29] Yi Liu, Gelei Deng, Zhengzi Xu*, Yuekang Li, Yaowen Zheng, Ying Zhang, Lida Zhao, Tianwei Zhang, and Kailong Wang. 2024. A Hitchhiker’s Guide to Jailbreaking ChatGPT via Prompt Engineering. In Proceedings of the 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things (SEA4DQ 2024). Association for Computing Machinery, New York, NY, USA, 12–21. https://doi.org/10.1145/3663530.3665021

[28] Xiaoling Zhang, Zhengzi Xu*, Shouguo Yang, Zhi Li, Zhiqiang Shi, and Limin Sun. 2024. Enhancing Function Name Prediction using Votes-Based Name Tokenization and Multi-task Learning. Proc. ACM Softw. Eng. 1, FSE, Article 75 (July 2024), 24 pages. https://doi.org/10.1145/3660782 

[27] Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu. 2024. GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE '24). Association for Computing Machinery, New York, NY, USA, Article 166, 1–13. https://doi.org/10.1145/3597503.3639117 

[26] Ruofan Zhu, Xingyu Wang, Chengwei Liu, Zhengzi Xu, Wenbo Shen, Rui Chang, and Yang Liu. 2024. ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE '24). Association for Computing Machinery, New York, NY, USA, Article 211, 1–12. https://doi.org/10.1145/3597503.3639221 

[25] Kai Huang, Zhengzi Xu, Su Yang, Hongyu Sun, Xuejun Li, Zheng Yan, and Yuqing Zhang. 2024. Evolving Paradigms in Automated Program Repair: Taxonomy, Challenges, and Opportunities. ACM Comput. Surv. Just Accepted (September 2024). https://doi.org/10.1145/3696450 

[24] Lida Zhao, Sen Chen, Zhengzi Xu*, Chengwei Liu, Lyuye Zhang, Jiahui Wu, Jun Sun, and Yang Liu. 2023. Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023). Association for Computing Machinery, New York, NY, USA, 960–972. https://doi.org/10.1145/3611643.3616299 

[23] Yiran Zhang, Zhengzi Xu, Chengwei Liu, Hongxu Chen, Jianwen Sun, Dong Qiu, and Yang Liu. 2023. Software Architecture Recovery with Information Fusion. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023). Association for Computing Machinery, New York, NY, USA, 1535–1547. https://doi.org/10.1145/3611643.3616285 

[22] Kairan Sun, Zhengzi Xu*, Chengwei Liu, Kaixuan Li, and Yang Liu. 2023. Demystifying the Composition and Code Reuse in Solidity Smart Contracts. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023). Association for Computing Machinery, New York, NY, USA, 796–807. https://doi.org/10.1145/3611643.3616270 

[21] Su Yang, Yang Xiao, Zhengzi Xu, Chengyi Sun, Chen Ji, and Yuqing Zhang. 2023. Enhancing OSS Patch Backporting with Semantics. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS '23). Association for Computing Machinery, New York, NY, USA, 2366–2380. https://doi.org/10.1145/3576915.3623188 

[20] Shouguo Yang, Zhengzi Xu*, Yang Xiao, Zhe Lang, Wei Tang, Yang Liu, Zhiqiang Shi, Hong Li, and Limin Sun. 2023. Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis. ACM Trans. Softw. Eng. Methodol. 32, 6, Article 158 [1] (November 2023), 29 pages. https://doi.org/10.1145/3604608 

[19] Wenbo Guo, Zhengzi Xu*, Chengwei Liu, Cheng Huang, Yong Fang, and Yang Liu. 2024. An Empirical Study of Malicious Code In PyPI Ecosystem. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE '23). IEEE Press, 166–177. https://doi.org/10.1109/ASE56229.2023.00135 

[18] Yuqiang Sun, Zhengzi Xu*, Chengwei Liu, Yiran Zhang, and Yang Liu. 2024. Who is the Real Hero? Measuring Developer Contribution via Multi-Dimensional Data Integration. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE '23). IEEE Press, 825–836. https://doi.org/10.1109/ASE56229.2023.00102 

[17] Lyuye Zhang, Chengwei Liu, Sen Chen, Zhengzi Xu, Lingling Fan, Lida Zhao, Yiran Zhang, and Yang Liu. 2024. Mitigating Persistence of Open-Source Vulnerabilities in Maven Ecosystem. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE '23). IEEE Press, 191–203. https://doi.org/10.1109/ASE56229.2023.00058 

[16] Meng Xi, Jianwei Yin, Zhengzi Xu, Ying Li, Shuiguang Deng, and Yang Liu. 2023. Service Pattern Optimization: Focusing on Collaboration in Service Ecosystems. IEEE Transactions on Services Computing 16, 6 (2023), 3958–3971. https://doi.org/10.1109/TSC.2023.3299360 

[15] Han Liu, Sen Chen, Ruitao Feng, Chengwei Liu, Kaixuan Li, Zhengzi Xu, Liming Nie, Yang Liu, and Yixiang Chen. 2023. A Comprehensive Study on Quality Assurance Tools for Java. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023). Association for Computing Machinery, New York, NY, USA, 285–297. https://doi.org/10.1145/3597926.3598056 

[14] Jiahui Wu, Zhengzi Xu*, Wei Tang, Lyuye Zhang, Yueming Wu, Chengyue Liu, Kairan Sun, Lida Zhao, and Yang Liu. 2023. OSSFP: Precise and Scalable C/C++ Third-Party Library Detection Using Fingerprinting Functions. In Proceedings of the 45th International Conference on Software Engineering (ICSE '23). IEEE Press, 270–282. https://doi.org/10.1109/ICSE48619.2023.00034 

[13] Lyuye Zhang, Chengwei Liu, Zhengzi Xu, Sen Chen, Lingling Fan, Lida Zhao, Jiahui Wu, and Yang Liu. 2023. Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects. In Proceedings of the 45th International Conference on Software Engineering (ICSE '23). IEEE Press, 2540–2552. https://doi.org/10.1109/ICSE48619.2023.00212 

[12] Lyuye Zhang, Chengwei Liu, Zhengzi Xu*, Sen Chen, Lingling Fan, Bihuan Chen, and Yang Liu. 2023. Has My Release Disobeyed Semantic Versioning? Static Detection Based on Semantic Differencing. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22). Association for Computing Machinery, New York, NY, USA, Article 51, 1–12. https://doi.org/10.1145/3551349.3556956 

[11] Wei Tang, Zhengzi Xu*, Chengwei Liu, Jiahui Wu, Shouguo Yang, Yi Li, Ping Luo, and Yang Liu. 2023. Towards Understanding Third-party Library Dependency in C/C++ Ecosystem. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22). Association for Computing Machinery, New York, NY, USA, Article 106, 1–12. https://doi.org/10.1145/3551349.3560432 

[10] Can Yang, Zhengzi Xu*, Hongxu Chen, Yang Liu, Xiaorui Gong, and Baoxu Liu. 2022. ModX: binary level partially imported third-party library detection via program modularization and semantic matching. In Proceedings of the 44th International Conference on Software Engineering (ICSE '22). Association for Computing Machinery, New York, NY, USA, 1393–1405. https://doi.org/10.1145/3510003.3510627 

[9] Yang Xiao, Zhengzi Xu*, Weiwei Zhang, Chendong Yu, Longquan Liu, Wei Zou, Zimu Yuan, Yang Liu, Aihua Piao, and Wei Huo. 2021. VIVA: Binary Level Vulnerability Identification via Partial Signature. In 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 213–224. https://doi.org/10.1109/SANER50967.2021.00028 

[8] Zhengzi Xu. 2021. Source code and binary level vulnerability detection and hot patching. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE '20). Association for Computing Machinery, New York, NY, USA, 1397–1399. https://doi.org/10.1145/3324884.3418914 

[7] Yifei Xu†, Zhengzi Xu†, Bihuan Chen, Fu Song, Yang Liu, and Ting Liu. 2020. Patch based vulnerability matching for binary programs. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2020). Association for Computing Machinery, New York, NY, USA, 376–387. https://doi.org/10.1145/3395363.3397361 

[6] Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: detecting vulnerabilities using patch-enhanced vulnerability signatures. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 66, 1165–1182.

[5] Zhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang, and Yang Liu. 2020. Automatic hot patch generation for android kernels. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 135, 2397–2414.

[4] Yinxing Xue, Zhengzi Xu, Mahinthan Chandramohan, and Yang Liu. 2019. Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation. IEEE Transactions on Software Engineering 45, 11 (2019), 1125–1149. https://doi.org/10.1109/TSE.2018.2827379 

[3] Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, and Fu Song. 2017. SPAIN: security patch analysis for binaries towards understanding the pain and pills. In Proceedings of the 39th International Conference on Software Engineering (ICSE '17). IEEE Press, 462–472. https://doi.org/10.1109/ICSE.2017.49 

[2] Mahinthan Chandramohan, Yinxing Xue, Zhengzi Xu, Yang Liu, Chia Yuan Cho, and Hee Beng Kuan Tan. 2016. BinGo: cross-architecture cross-OS binary search. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016). Association for Computing Machinery, New York, NY, USA, 678–689. https://doi.org/10.1145/2950290.2950350 

[1] Guozhu Meng, Yinxing Xue, Zhengzi Xu, Yang Liu, Jie Zhang, and Annamalai Narayanan. 2016. Semantic modelling of Android malware for effective malware comprehension, detection, and classification. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). Association for Computing Machinery, New York, NY, USA, 306–317. https://doi.org/10.1145/2931037.2931043