cuixiaoyiyi

CUI Baoquan Personal Page

---

Project maintained by cuixiaoyiyi Hosted on GitHub Pages — Theme by mattgraham

崔保全 CUI Baoquan

cuibq@ios.ac.cn
【CUI Baoquan@dblp】
【CUI Baoquan@Google Scholar】

程序分析与软件测试

Program Analysis and Software Testing

@ SQuARE Group Leader 张健 研究员

zj@ios.ac.cn
【小组ZJ@SQuARE】
【中国科学院大学ZJ@UCAS】
【计算机科学国家重点实验室ZJ@SKLCS】

Ongoing

Realistic Test Data Generation for Java Programs Guided by Annotations
From Thread to Pool: A Unified Formal Model and Static Detection of Thread Pool Misuses in Java Programs
Breaking the Structural Symmetry: Semantic-Aware Graph Learning for Malicious Package Detection
Solving String Split Constraints via Structural Relaxation
Yog: Interface-Driven Test Generation for SMT Solvers via UF-Realization Refinement
Efficient Code Analysis via Graph-Guided Large Language Models
Revisiting Causal Graph Neural Networks: An Atomic Theoretical Framework for Valid Inference
Think in Graphs: Infrastructure and Benchmark for Large Language Model Reasoning Frameworks
SCOPE++: A Scope-aware Mutation Testing Framework for C++ Compilers

2025

[C11 QRS2025] Liwei Zhang, Baoquan Cui, Xutong Ma, Jian Zhang:
An Empirical Study: mems as a Static Performance Metric
[PDF-Preprint] [Slides] [Bibtex Cited Format]

[C10 ICSE2025] Baoquan Cui, Rong Qu, Zhen Tang, Jian Zhang:
Static Analysis of Remote Procedure Call in Java Programs. ICSE 2025
[PDF] [Slides] [Project of RPCBridge] [Bibtex Cited Format]

2024

[C9 ISSTA2024] Baoquan Cui, Jiwei Yan, Jian Zhang:
DMMPP: Constructing Dummy Main Methods for Android Apps with Path-Sensitive Predicates. ISSTA 2024: 1826-1830
[PDF] [Slides] [Project of DMMPP] [Bibtex Cited Format]

2023

[C8 ASE2023] Baoquan Cui, Miaomiao Wang, Chi Zhang, Jiwei Yan, Jun Yan, Jian Zhang:
Detection of Java Basic Thread Misuses Based on Static Event Analysis. ASE 2023: 1049-1060
[PDF] [Slides] [Project of Leopard] [Bibtex Cited Format]

[C7] Fuqi Jia, Rui Han, Xutong Ma, Baoquan Cui, Minghao Liu, Pei Huang, Feifei Ma, Jian Zhang:
PSMT: Satisfiability Modulo Theories Meets Probability Distribution. ASE 2023: 1756-1760
[PDF] [Slides][Bibtex Cited Format]

2022

[C6 ISSRE2022] Miaomiao Wang, Baoquan Cui (Contributed Equally), Jiwei Yan, Jun Yan, Jian Zhang:
String Test Data Generation for Java Programs. ISSRE 2022: 251-262
[PDF] [Slides] [Project of JustinStr] [Bibtex Cited Format]

[C5] Xin Zhang, Rongjie Yan, Jiwei Yan, Baoquan Cui, Jun Yan, Jian Zhang:
ExcePy: A Python Benchmark for Bugs with Python Built-in Types. SANER 2022: 856-866
[PDF] [Poster of ExcePy][Project of ExcePy] [Bibtex Cited Format]

2021

[C4 QRS2021] Qing Liu, Linjie Pan, Baoquan Cui, Jun Yan, Jian Zhang:
Dynamic Detection of AsyncTask Related Defects. QRS 2021: 357-366
[PDF] [Bibtex Cited Format]

[C3] Xin Zhang, Jiwei Yan, Baoquan Cui, Jun Yan, Jian Zhang:
Are the Scala Checks Effective? Evaluating Checks with Real-world Projects. QRS 2021: 978-989
[PDF] [Slides][Bibtex Cited Format]

2020

[C2] Linjie Pan, Baoquan Cui, Hao Liu, Jiwei Yan, Siqi Wang, Jun Yan, Jian Zhang:
Static asynchronous component misuse detection for Android applications. ESEC/SIGSOFT FSE 2020: 952-963
[PDF] [Slides] [Project of AsyncChecker] [Bibtex Cited Format]

2019

[C1] Linjie Pan, Baoquan Cui, Jiwei Yan, Xutong Ma, Jun Yan, Jian Zhang:
Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android. ISSTA 2019: 394-397
[PDF] [Slides] [Project of Androlic] [Bibtex Cited Format]

工具找到的缺陷列表

Lepoard (Confirmed: 66; Fixed: 22) [Project of Leopard]
Justin (26开源应用缺陷+2083企业应用缺陷) [Project of JustinStr] [Bibtex Cited Format]
PoolGuard (Confirmed: 50; Fixed: 4)

By Lepoard (线程缺陷 ASE2023)

|NO.|App|Fork|Star|#Download on GooglePaly |#Misuse (Fixed)|Confirmed Issue Id| |-|-|-|-|-|-|-| |01|VocableTrainer|10|27|-|1|93| |02|toposuite|2|12|5,000+|4|3| |03|APK-Explorer-Editorcite | 53 | 278 |100+ |1|29 | |04|LRC-Editorcite | 9 | 43 |100,000+| 3 |35 | |05|Nextcloudcite | 1.5K | 3.2K |100,000+| 7 |10691 | |06|TRIfAcite | 52 | 220 | -| 14 |382 | |07|AppManagercite | 174 | 2.3K | -| 1 |854 | |08|Siteswap Generatorcite | 3 | 13 | 1,000+ | 9 |55 | |09|TC Slimcite | 66 | 1.1K | 10,000+ | 2 |336 | |10|blabber.imcite | 16 | 41 | - | 6* |674 | |11|OSMDashboardcite | 8 | 52 | 500+ | 1* |169 | |12|Ghost Commander | - | - | 1,000,000+ | 1* |93 | |13|Offline Puzzle Solver | - | 1 | - | 1* |1 | |14|FitoTrack | 49 | 161 | 5,000+ | 3 | 400 | |15|Conversations | 1.3K | 4.2K | 100,000+ | 2* | 4366| |16|monocles chat | 7 | 10 | - | 6* | 44 | |17|ccgt| 4 | 11 | - | 1 | 7 | |18|Notes| 121 | 769 | 10K+ | 1* | 1574 | |-|Total |-|-|-|66(Fixed 22)|-

By Justin （开源应用）

| 程序 | 版本 | 描述 | Star | 缺陷数量 | 缺陷ID(s) | |——|——|——|——|———-|———–| | commons-cli | 1.0 | 命令行参数解析工具 | 330 | 1 | commit(55886e) | | groovy | 2.5.6 | 敏捷开发语言包 | 16.5k | 1 | pull(1643) | | libgdx | 1.10.0 | Java 游戏开发框架 | 22.8k | 1 | 6709 | | hutool | 5.7.15 | Java 工具类库 | 28.5k | 4 | 1975,1982,1980,1981 (CVE-2025-52111, 52112) | | asm | 5.1 | Java字节码操作框架 | 16.5k | 1 | mergerequests(330) | | openjdk | 8u292
7u75

12.0.2 | 开源 Java 开发工具包 | 18.5k | 17 | commit(12bd18, *a404a9, *ba7d11),
8278186,8278993,8279129,8279128,
8279198,8279218,8279336, 8279341,
8279342, 8279422,8279423,8279424,
8279362 | | bishengjdk | 1.8 | OpenJDK 定制版本 | 502 | 1 | I4MWI1 | | 共计 | | | | 26 | |

By Justin （企业应用）

| 被测软件描述 | 有效缺陷 | 被测软件描述 | 有效缺陷 | |————–|———-|————–|———-| | 开源加密工具包 | 20 | 格式化及文件操作等工具包 | 332 | | 验证集日期处理等工具包 | 71 | 集合及反射等常用类库 | 184 | | 智能开发平台基础类库 | 97 | 医疗质量管理系统管理模块 | 200 | | JSON及数值计算等基础类库 | 511 | 知识库系统 | 11 | | Java 开发基础类库 | 211 | java.lang 增强工具包 | 94 | | 物流供应链管理 | 352 | - | -| | 共计 | 2,083 个有效缺陷 | | |

By PoolGuard （线程池缺陷）

|NO.|Project|Fork|Star|#Misuse (*Fixed)|Confirmed Issue Id| |:—|:—|:—|:—|:—|:—| |1|Apache Dubbo|26.6k|41.7k|2 (1)|15969, 15886| |2|Apache Pulsar|3.7k|15.1k|2 (1)|25153, 25135| |3|Apache RocketMQ|12.2k|20.8k|2 (1)|9983, 9985| |4|Apache Curator|1.8k|3.5k|2 (0)|1282, 1283| |5|Apollo Kotlin|689|3.9k|2 (0)|6821, 6822| |6|Apache Iceberg|3.0k|8.4k|1 (1)|15031| |7|Google Guava|11.1k|51.4k|1 (0)|8152| |8|Apache Shenyu|3.0k|8.7k|1 (0)|6262| |9|Apache HugeGraph|576|2.9k|1 (0)|2939| |10|Apache IoTDB|1.1k|6.3k|1 (0)|17016| |11|Redis Lettuce|1.1k|5.7k|1 (0)|3604| |12|AWS Amplify Android|549|1.1k|1 (0)|3685| |13|ShedLock|564|4.1k|1 (0)|3145| |14|Jenkins Office365|86|96|1 (0)|422| |15|React Native WebRTC|1.3k|4.9k|1 (0)|1783| |16|HttpToolkit Android|93|587|1 (0)|38| |17|Apache ShardingSphere|7.2k|19.5k|1 (0)|37714| |18|ElasticJob|3.3k|8.2k|1 (0)|2493| |19|Apache InLong|800|2.1k|1 (0)|12064| |20|Alibaba Canal|7.3k|27.5k|1 (0)|5563| |21|KIE Drools|2.5k|5.1k|1 (0)|6554| |22|SSH on Web|32|140|1 (0)|3| |23|Web3j|1.7k|5.1k|1 (0)|2244| |24|OpenFeign|3.6k|8.5k|1 (0)|3178| |25|Spring Security|6.3k|9.2k|1 (0)|18389| |26|Spring Cloud OpenFeign|1.5k|3.1k|1 (0)|1308| |27|AWS SDK Java|3.6k|5.8k|1 (0)|3196| |28|Netflix Hystrix|4.7k|24.1k|1 (0)|2116| |29|Reactor Core|1.5k|5.1k|1 (0)|4176| |30|HikariCP|3.1k|18.5k|1 (0)|2378| |31|JetCache|1.2k|5.3k|1 (0)|1000| |32|AWS Glue Client|150|180|1 (0)|86| |33|Olap4j|80|220|1 (0)|73| |34|AndroidPerfMon|1.1k|6.2k|1 (0)|154| |35|Semantic Metrics|60|150|1 (0)|144| |36|TLS Channel|60|240|1 (0)|329| |37|JBoss Threads|150|200|1 (0)|284| |38|Google Truth|400|2.8k|1 (0)|1624| |39|PP4J|10|40|1 (0)|16| |40|Concurrency Limits|250|1.5k|1 (0)|231| |41|Spring Statemachine|1.2k|1.8k|1 (0)|1208| |42|Spring Integration|2.5k|2.5k|1 (0)|10696| |43|Spring Integration Ext|300|200|1 (0)|264| |44|NativeStackBlur|100|500|1 (0)|11| |45|gRPC Java|10.5k|40k|1 (0)|12601| |Total||||50 (5)||