cuixiaoyiyi

CUI Baoquan Personal Page

Project maintained by cuixiaoyiyi Hosted on GitHub Pages — Theme by mattgraham

崔保全 CUI Baoquan

cuibq@ios.ac.cn
【CUI Baoquan@dblp
【CUI Baoquan@Google Scholar

程序分析与软件测试

Program Analysis and Software Testing

@ SQuARE Group Leader 张健 研究员

zj@ios.ac.cn
【小组ZJ@SQuARE
【中国科学院大学ZJ@UCAS
【计算机科学国家重点实验室ZJ@SKLCS

Ongoing

2026

[C13 ICML2026] Hang Gao, Tao Peng, Baoquan Cui (Corresponding Author), Hong Huang, Fengge Wu, Zhao Junsuo, Jian Zhang
Efficient Code Analysis via Graph-Guided Large Language Models (Accepted OpenReview)

[C12 ISSTA2026] Rui Han, Ziheng Wang, Baoquan Cui, Yuhang Dong, Fuqi Jia, Feifei Ma, Jian Zhang
Solving String Split Constraints via Structural Relaxation (Accepted)

2025

[C11 QRS2025] Liwei Zhang, Baoquan Cui, Xutong Ma, Jian Zhang:
An Empirical Study: mems as a Static Performance Metric
[PDF-Preprint] [Slides] [Bibtex Cited Format]

[C10 ICSE2025] Baoquan Cui, Rong Qu, Zhen Tang, Jian Zhang:
Static Analysis of Remote Procedure Call in Java Programs. ICSE 2025
[PDF] [Slides] [Project of RPCBridge] [Bibtex Cited Format]

2024

[C9 ISSTA2024] Baoquan Cui, Jiwei Yan, Jian Zhang:
DMMPP: Constructing Dummy Main Methods for Android Apps with Path-Sensitive Predicates. ISSTA 2024: 1826-1830
[PDF] [Slides] [Project of DMMPP] [Bibtex Cited Format]

2023

[C8 ASE2023] Baoquan Cui, Miaomiao Wang, Chi Zhang, Jiwei Yan, Jun Yan, Jian Zhang:
Detection of Java Basic Thread Misuses Based on Static Event Analysis. ASE 2023: 1049-1060
[PDF] [Slides] [Project of Leopard] [Bibtex Cited Format]

[C7] Fuqi Jia, Rui Han, Xutong Ma, Baoquan Cui, Minghao Liu, Pei Huang, Feifei Ma, Jian Zhang:
PSMT: Satisfiability Modulo Theories Meets Probability Distribution. ASE 2023: 1756-1760
[PDF] [Slides][Bibtex Cited Format]

2022

[C6 ISSRE2022] Miaomiao Wang, Baoquan Cui (Co-first authors), Jiwei Yan, Jun Yan, Jian Zhang:
String Test Data Generation for Java Programs. ISSRE 2022: 251-262
[PDF] [Slides] [Project of JustinStr] [Bibtex Cited Format]

[C5] Xin Zhang, Rongjie Yan, Jiwei Yan, Baoquan Cui, Jun Yan, Jian Zhang:
ExcePy: A Python Benchmark for Bugs with Python Built-in Types. SANER 2022: 856-866
[PDF] [Poster of ExcePy][Project of ExcePy] [Bibtex Cited Format]

2021

[C4 QRS2021] Qing Liu, Linjie Pan, Baoquan Cui, Jun Yan, Jian Zhang:
Dynamic Detection of AsyncTask Related Defects. QRS 2021: 357-366
[PDF] [Bibtex Cited Format]

[C3] Xin Zhang, Jiwei Yan, Baoquan Cui, Jun Yan, Jian Zhang:
Are the Scala Checks Effective? Evaluating Checks with Real-world Projects. QRS 2021: 978-989
[PDF] [Slides][Bibtex Cited Format]

2020

[C2] Linjie Pan, Baoquan Cui, Hao Liu, Jiwei Yan, Siqi Wang, Jun Yan, Jian Zhang:
Static asynchronous component misuse detection for Android applications. ESEC/SIGSOFT FSE 2020: 952-963
[PDF] [Slides] [Project of AsyncChecker] [Bibtex Cited Format]

2019

[C1] Linjie Pan, Baoquan Cui, Jiwei Yan, Xutong Ma, Jun Yan, Jian Zhang:
Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android. ISSTA 2019: 394-397
[PDF] [Slides] [Project of Androlic] [Bibtex Cited Format]

工具找到的缺陷列表

Lepoard (Confirmed: 66; Fixed: 22) [Project of Leopard]
Justin (26开源应用缺陷+2083企业应用缺陷) [Project of JustinStr] [Bibtex Cited Format]
PoolGuard (Confirmed: 50; Fixed: 4)

By Leopard (线程缺陷 ASE2023)

NO. App Fork Star # Download on Google Play # Misuse (*Fixed) Confirmed Issue Id
01 VocableTrainer 10 27 - 1 93
02 toposuite 2 12 5,000+ 4 3
03 APK-Explorer-Editor 53 278 100+ 1* 29
04 LRC-Editor 9 43 100,000+ 3 35
05 Nextcloud 1.5K 3.2K 100,000+ 7 10691
06 TRIfA 52 220 - 14 382
07 AppManager 174 2.3K - 1 854
08 Siteswap Generator 3 13 1,000+ 9 55
09 TC Slim 66 1.1K 10,000+ 2 336
10 blabber.im 16 41 - 6* 674
11 OSMDashboard 8 52 500+ 1* 169
12 Ghost Commander - - 1,000,000+ 1* 93
13 Offline Puzzle Solver - 1 - 1* 1
14 FitoTrack 49 161 5,000+ 3 400
15 Conversations 1.3K 4.2K 100,000+ 2* 4366
16 monocles chat 7 10 - 6* 44
17 ccgt 4 11 - 1 7
18 Notes 121 769 10K+ 1* 1574
Total - - - - 66 (Fixed 22) -

By Justin(开源应用)

程序 版本 描述 Star 缺陷数量 缺陷 ID(s)
commons-cli 1.0 命令行参数解析工具 330 1 commit(*55886e)
groovy 2.5.6 敏捷开发语言包 16.5k 1 pull(1643)
libgdx 1.10.0 Java 游戏开发框架 22.8k 1 6709
hutool 5.7.15 Java 工具类库 28.5k 4 1975, 1982, 1980, 1981 (CVE-2025-52111, CVE-2025-52112)
asm 5.1 Java 字节码操作框架 16.5k 1 mergerequests(330)
openjdk 8u292
7u75

12.0.2		 开源 Java 开发工具包 18.5k 17 commit(*12bd18, *a404a9, *ba7d11),
8278186, 8278993, 8279129, 8279128,
8279198, 8279218, 8279336, 8279341,
8279342, 8279422, 8279423, 8279424,
8279362
bishengjdk 1.8 OpenJDK 定制版本 502 1 I4MWI1
共计 - - - 26 -

By Justin(企业应用)

被测软件描述 有效缺陷 被测软件描述 有效缺陷
开源加密工具包 20 格式化及文件操作等工具包 332
验证集日期处理等工具包 71 集合及反射等常用类库 184
智能开发平台基础类库 97 医疗质量管理系统管理模块 200
JSON 及数值计算等基础类库 511 知识库系统 11
Java 开发基础类库 211 java.lang 增强工具包 94
物流供应链管理 352 - -
共计 2,083 个有效缺陷 - -

By PoolGuard(线程池缺陷)

NO. Project Fork Star # Misuse (*Fixed) Confirmed Issue Id
1 Apache Dubbo 26.4k 41.5k 2 (1) #15969, #15886
2 Apache Pulsar 3.7k 15.3k 2 (2) #25153, #25135
3 Apache RocketMQ 12k 22.4k 2 (2) #9983, #9985
4 Apache Curator 1.8k 3.5k 2 (0) #1282, #1283
5 Apollo Kotlin 689 3.9k 2 (0) #6821, #6822
6 Apache Iceberg 3.3k 8.9k 1 (1) #15031
7 Google Guava 11.1k 51.5k 1 (1) #8152
8 Apache Shenyu 3.0k 8.8k 1 (1) #6262
9 Apache HugeGraph 611 3.1k 1 (1) #2939
10 Apache IoTDB 1.1k 6.3k 1 (1) #17016
11 Redis Lettuce 1.1k 5.7k 1 (0) #3604
12 AWS Amplify Android 549 1.1k 1 (0) #3685
13 ShedLock 564 4.1k 1 (0) #3145
14 Jenkins Office365 86 96 1 (0) #422
15 React Native WebRTC 1.3k 5k 1 (1) #1783
16 HttpToolkit Android 93 587 1 (0) #38
17 Apache ShardingSphere 7.2k 19.5k 1 (0) #37714
18 ElasticJob 3.3k 8.2k 1 (0) #2493
19 Apache InLong 568 1.5k 1 (1) #12064
20 Alibaba Canal 7.3k 27.5k 1 (0) #5563
21 KIE Drools 2.5k 5.1k 1 (0) #6554
22 SSH on Web 32 140 1 (0) #3
23 Web3j 1.8k 5.4k 1 (1) #2244
24 OpenFeign 1.9k 9.8k 1 (1) #3178
25 Spring Security 6.3k 9.2k 1 (0) #18389
26 Spring Cloud OpenFeign 830 1.3k 1 (1) #1308
27 AWS SDK Java 3.6k 5.8k 1 (0) #3196
28 Netflix Hystrix 4.7k 24.1k 1 (0) #2116
29 Reactor Core 1.5k 5.1k 1 (0) #4176
30 HikariCP 3.1k 18.5k 1 (0) #2378
31 JetCache 1.2k 5.3k 1 (0) #1000
32 AWS Glue Client 150 180 1 (0) #86
33 Olap4j 80 220 1 (0) #73
34 AndroidPerfMon 1.1k 6.2k 1 (0) #154
35 Semantic Metrics 60 150 1 (0) #144
36 TLS Channel 60 240 1 (0) #329
37 JBoss Threads 150 200 1 (0) #284
38 Google Truth 268 2.8k 1 (1) #1624
39 PP4J 10 40 1 (0) #16
40 Concurrency Limits 250 1.5k 1 (0) #231
41 Spring Statemachine 1.2k 1.8k 1 (0) #1208
42 Spring Integration 2.5k 2.5k 1 (0) #10696
43 Spring Integration Ext 300 200 1 (0) #264
44 NativeStackBlur 100 500 1 (0) #11
45 gRPC Java 10.5k 40k 1 (0) #12601
Total - - - 50 (16) -

By TLDoctor(ThreadLocal缺陷)

NO. Project Fork Star # Misuse (*Fixed) Confirmed Issue Id
1 quickfix-j/quickfixj 661 1.1k 1 (1) #1137
2 redis/redis-om-spring 104 648 1 (1) #718
3 ben-manes/caffeine 1.7k 17.6k 1 (1) #1944
4 apache/karaf 663 708 1 (1) #2278
5 micrometer-metrics/micrometer 1.1k 4.8k 1 (0) #7184
6 neo4j/neo4j-ogm 166 356 1 (1) #1395
7 Azure/azure-sdk-for-java 2.2k 2.6k 1 (1) #48018
8 togglz/togglz 261 1k 1 (1) #1344
9 vsilaev/tascalate-javaflow 7 89 1 (1) #15
10 spotify-web-api-java/spotify-web-api-java 289 1.1k 1 (1) #450
11 LWJGL/lwjgl3 688 5.3k 2 (0) #1109, #169
12 DataDog/java-dogstatsd-client 107 185 1 (0) #292
13 seasarorg/dbflute 6 22 1 (1) #8
14 apache/poi 821 2.2k 1 (1) #1015
15 influxdata/influxdb-java 473 1.2k 1 (1) #1019
16 mybatis/redis-cache 212 407 1 (1) #351
17 apache/bookkeeper 962 2k 1 (0) #4714
18 crotwell/seisFile 20 35 1 (1) #41
19 apache/iceberg 3.1k 8.7k 1 (1) #15284
20 cadence-workflow/cadence-java-client 121 148 1 (0) #1047
21 reportportal/client-java 29 25 1 (0) #314
22 duzechao/OKHttpUtils 82 286 1 (0) #10
23 cglib/cglib 886 4.9k 1 (0) #232
24 beanshell/beanshell 184 930 1 (0) #785
25 Netflix/Hystrix 4.7k 24.5k 1 (0) #2117
26 Blankj/AndroidUtilCode 10.7k 33.7k 1 (0) #1848
27 square/reader-sdk-flutter-plugin 31 89 1 (0) #122
28 jitsi/jitsi-utils 38 19 1 (0) #155
29 h2database/h2database 1.3k 4.6k 2 (0) #4326, #4333
30 apache/shiro 2.3k 4.4k 1 (0) #2560
31 dcm4che/dcm4che 691 1.4k 1 (0) #1560
32 karatelabs/karate 2k 8.8k 1 (1) #2745
33 scanban/traceragent 0 1 1 (0) #1
34 eclipse-ee4j/glassfish 170 435 1 (0) #25932
35 apache/ignite 1.9k 5.1k 1 (0) #12771
36 glowroot/glowroot 333 1.3k 1 (0) #1162
37 elastic/ecs-logging-java 78 149 1 (1) #381
38 apache/parquet-java 1.5k 3k 1 (1) #3398
39 carnellj/spmia-chapter5 99 33 1 (0) #4
40 hazelcast/hazelcast-code-samples 604 559 1 (0) #763
41 patrickfav/armadillo 53 308 1 (0) #58
42 baomidou/mybatis-plus 4.4k 17.3k 1 (0) #7031
43 google/guice 1.7k 12.7k 1 (0) #1929
44 google/allocation-instrumenter 88 489 1 (0) #60
45 kabutz/javaspecialists 33 147 1 (0) #60
46 Nike-Inc/wingtips 65 332 1 (0) #141
47 kofemann/vfs4j 3 13 1 (0) #8
48 graphql-java/java-dataloader 97 524 1 (0) #266
49 alibaba/fastjson2 554 4.3k 1 (0) #3995
50 alibaba/DataX 5.7k 17.1k 1 (0) #2346
51 jobrunr/jobrunr 311 2.9k 1 (0) #1495
52 sumanentc/multitenant 82 122 1 (0) #13
53 shevek/parallelgzip 7 59 1 (0) #13
54 lmdbjava/lmdbjava 126 870 1 (0) #284
55 UniTime/unitime 193 331 1 (0) #220
Total - - - 57 (18) -

Agent Security 缺陷

NO. Project Fork Star # Misuse (*Fixed) Confirmed Issue Id Fixed PR / Commit
Mode 1 - - - - - -
1 agno-agi/agno 5.6k 40.9k 1 (1) #8288 PR #8289 merged
2 TransformerOptimus/SuperAGI 2.2k 17.6k 1 (0) #1561 -
3 openinterpreter/openinterpreter 5.6k 64.1k 1 (0) GHSA-mj45-wj38-4fmh Not publicly accessible
4 camel-ai/camel 2k 17.2k 2 (0) GHSA-fj6c-h8x4-3m97, GHSA-pf8v-vwcx-28gh Not publicly accessible
5 chatchat-space/Langchain-Chatchat 6.2k 38.2k 2 (0) #5482, #5483 -
6 stitionai/devika 2.6k 19.5k 1 (0) #716 -
7 OpenBMB/ChatDev 4.2k 33.5k 1 (0) #637 -
8 zylon-ai/private-gpt 7.6k 57.3k 1 (0) #2269 -
Mode 1 Total - - - 10 (1) - -
Mode 2 - - - - - -
9 FoundationAgents/MetaGPT 8.8k 69k 1 (0) #2064 -
10 microsoft/semantic-kernel 4.6k 28.1k 1 (0) #14072 -
11 agiresearch/AIOS 835 6k 1 (0) #549 -
12 stanfordnlp/dspy 3k 35.3k 1 (0) #9918 Closed; no public fixing PR/commit found
13 sweepai/sweep 463 7.7k 1 (0) #4177 -
14 zylon-ai/private-gpt 7.6k 57.3k 1 (0) #2270 -
15 BerriAI/litellm 9k 50.8k 1 (0) #30416 PR #31487
16 openai/swarm 2.3k 21.7k 2 (0) #97, #98 PR #100 for #98, open PR
17 browser-use/browser-use 11.2k 100k 1 (0) #5041 PR #5077, open PR
18 browser-use/workflow-use 330 4.1k 1 (0) #159 -
Mode 2 Total - - - 11 (0) - -
Mode 3 - - - - - -
19 SWE-bench/SWE-bench 902 5.2k 3 (0) #600, #601, #602 commit 6a99eb3, PR #606 for #600, open PR; PR #607, commit 4635739 for #602; PR #608, for #601
20 OpenHands/OpenHands 9.9k 78.1k 1 (0) #14902 PR #14939, open PR
21 FoundationAgents/MetaGPT 8.8k 69k 1 (0) #2073 PR #31487
22 agno-agi/agno 5.6k 40.9k 1 (0) #8482 PR #8500, open PR
23 huggingface/smolagents 2.7k 28k 1 (0) #2395 PR #2406, open PR; PR #2398, open PR
24 stitionai/devika 2.6k 19.5k 1 (0) #717 -
25 letta-ai/letta 2.5k 23.5k 1 (0) #3388 -
Mode 3 Total - - - 9 (0) - -
Mode 4 - - - - - -
26 langchain-ai/langchain-mcp-adapters 448 3.6k 1 (0) #551 -
27 run-llama/llama_index 7.6k 50.4k 2 (0) #22101, #22140 PR #22110, open PR; PR #22106, open PR; PR #22142, open PR
28 agno-agi/agno 5.6k 40.9k 3 (2) #8533, #8534, #8535 PR #8539 for #8533, merged; PR #8537 for #8534, merged; PR #8535for #8535, Merged
29 FoundationAgents/MetaGPT 8.8k 69.1k 2 (0) #2078, #2079 -
30 langgenius/dify 23.1k 147k 3 (0) #37884, #37885, #37886 PR #37895, open PR, fixes #37884/#37885/#37886; PR #38052, open PR, fixes #37885; PR #38070, open PR, fixes #37884/#37886
31 letta-ai/letta 2.5k 23.5k 1 (0) #3390 -
32 FlowiseAI/Flowise 24.6k 54k 1 (0) #6567 PR #6570, open PR
33 langflow-ai/langflow 9.3k 150k 1 (0) #13827 PR #13849, open PR
Mode 4 Total - - - 14 (2) - -
Total - - - 44 (3) - -