Welcome to Heqing Huang’s homepage!

I am an assistant professor at the Department of Computer Science, City University of Hong Kong! Previously, I was a postdoc research fellow in the AST Lab at ETH Zurich, advised by Prof. Zhendong Su. I am also fortunate to obtain my Ph.D. supervised by Prof. Charles Zhang at the Hong Kong University of Science and Technology. My research focuses on application security, especially leveraging program analysis techniques to ensure software security rigorously. Specifically, my research takes advantage of both static and dynamic program analysis techniques as complements to address deficiency problems in existing vulnerability detection methods, such as fuzzing (S&P’20, 22, 24ab, TDSC’23, FSE’21, ISSTA 21), symbolic analysis (ISSTA’20, OOPSLA’21, ASPLOS’24a), and memory sanitization (ASPLOS’24b).

I am serving as the PC for CCS 2024. Look forward to seeing your submission!

  • NEWS!
    • Another ASPLOS 2024 submission gets conditional accepted!
    • Two ASPLOS 2024 submissions get accepted!
    • Another directed fuzzing work has been accepted by S&P 2024 (again)!
    • Our multi-target directed fuzzing work has been accepted by S&P 2024!
    • Received Google Research Paper award for our directed fuzzer published in S&P 2022!
    • Received Huawei distinguished collaborator award on deploying Pangolin (S&P 2020)!

I am looking for multiple Ph.D. students and RAs! If you pursue making the program more secure and reliable, please feel free to send me an email!

Publication

(* corresponding author)

ASPLOS’24b

GIANTSAN: Efficient Memory Sanitization with Segment Folding
Hao Ling, Heqing Huang*, Chengpeng Wang, Yuandao Cai, Charles Zhang.
ACM Conference on Architectural Support for Programming Languages and Operating Systems [Artifacts]

ASPLOS’24a

Plankton: Reconciling Binary Code and Debug Information
Anshunkang Zhou, Chengfeng Ye, Heqing Huang*, Yuandao Cai, Charles Zhang.
ACM Conference on Architectural Support for Programming Languages and Operating Systems

S&P’24b

Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference
Heqing Huang, Anshunkang Zhou, Mathias Payer, Charles Zhang.
The 45th IEEE Symposium on Security and Privacy.

S&P’24a

Titan: Efficient Multi-target Directed Greybox Fuzzing
Heqing Huang, Peisen Yao, Hung-Chun Chiu, Yiyuan Guo, Charles Zhang.
The 45th IEEE Symposium on Security and Privacy. [Artifacts]

TDSC’23

Balance Seed Scheduling via Monte Carlo Planning
Heqing Huang, Hung-Chun Chiu, Qingkai Shi, Peisen Yao, Charles Zhang.
IEEE Transactions on Dependable and Secure Computing. [Artifacts]

S&P’22

BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning
Heqing Huang, Yiyuan Guo, Qingkai Shi, Peisen Yao, Rongxin Wu, Charles Zhang.
The 43rd IEEE Symposium on Security and Privacy. [Artifacts]
Google Research Paper Award

OOPSLA’21

Program Analysis via Efficient Symbolic Abstraction
Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang.
The 36th ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages and Applications

FSE’21

Skeletal Approximation Enumeration for SMT Solver Testing
Peisen Yao, Heqing Huang*, Wensheng Tang, Qingkai Shi, Rongxin Wu, Charles Zhang.
The 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

ISSTA’21

Fuzzing SMT Solvers via Two-Dimentional Input Space Exploration
Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, Charles Zhang.
The 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.

S&P’20

Pangolin: Incremental Hybrid Fuzzing via Polyhedral Path Abstraction
Heqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, Charles Zhang.
The 41st IEEE Symposium on Security and Privacy.

ISSTA’20

Fast Bit-Vector Satisfiability
Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang.
The 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.

Award

  • Google Research Paper Award, 2022
  • Huawei Distinguish Collaborator, 2021

Academic Service

Sub-/Co-reviewer

Teaching Service

  • CS3402 - Database System (2024 Spring)

Funding and Cooperation

Our work Pangolin published in S&P 2020 has been successfully deployed in the Huawei tool-chain and detected more than 1000+ crashes/bugs! We have thus received the Huawei Distinguish Collaborator 2021 award! This is also reported by HKUST CSE department!

Bugs Hunting

Our self-built fuzzing framework (Integration of S&P’20, 22, 24, TDSC’23) has discovered more than 1000 bugs in the widely-used commercial and open-source projects, with over 100 of them assigned with CVE IDs and over $10K bounties. A partial of vulnerabilities detected can be found here. We also list the bugs found specifically for SMT theorem provers here.