Xiao Xiao

Senior Staff Engineer @ Ant Group
profile_img

I obtained my PhD from HKUST in computer science. I have broad interests in any automatic tools and methods to improve software development productivity. To name a few, I'm working on following topics:

  • Program analysis techniques to reason modern architecture software such as microservice and serverless systems
  • Binary code program analysis for mobile apps
  • Program analysis via big data and AI techniques
  • Knowledge discovery from big code
  • Productized program analysis solutions for software development infrastructure

Publications

  1. Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence Analysis, To appear in PLDI' 2024
    Peisen Yao, Jinguo Zhou, Xiao Xiao, Qingkai Shi, Rongxin Wu and Charles Zhang
  2. LibAlchemy: A Two-Layer Persistent Summary Design for Taming Third-Party Libraries in Static Bug-Finding Systems, ICSE' 2024
    Rongxin Wu, Yuxuan He, Jiafeng Huang, Chengpeng Wang, Wensheng Tang, Qingkai Shi, Xiao Xiao and Charles Zhang.
  3. Anchor: Fast and Precise Value-Flow Analysis for Containers via Memory Orientation, TOSEM' 2023
    Chengpeng Wang, Wenyang Wang, Peisen Yao, Qingkai Shi, Jinguo Zhou, Xiao Xiao, Charles Zhang
  4. Escaping Dependency Hell: Finding Build Dependency Errors with the Unified Dependency Graph, ISSTA 2020
    Gang Fan, Chengpeng Wang, Rongxin Wu, Xiao Xiao, Qingkai Shi, Charles Zhang
  5. SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code, ICSE 2019 (ACM SIGSOFT Distinguished Paper Award)
    Gang Fan, Rongxin Wu, Qingkai Shi, Xiao Xiao, Jinguo Zhou, Charles Zhang
  6. Pinpoint: Fast and Precise Sparse Value Flow Analysis for Million Lines of Code, PLDI 2018
    Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Gang Fan, Charles Zhang
  7. Casper: An Efficient Approach to Call Trace Collection, POPL 2016
    Thanks very much for Prof. Tom Reps to present the paper for us.
    Rongxin Wu, Xiao Xiao, Shing-Chi Cheung, Hongyu Zhang and Charles Zhang
  8. Uncovering JavaScript Performance Code Smells Relevant to Type Mutations, APLAS 2015 [Code]
    Xiao Xiao, Shi Han, Charles Zhang and Dongmei Zhang
  9. Efficient subcubic alias analysis for COOPSLA 2014
    Qirun Zhang, Xiao Xiao, Charles Zhang, Hao Yuan, Zhendong Su
  10. Persistent Pointer InformationPLDI 2014 [Code]
    Xiao Xiao, Qirun Zhang, Jinguo Zhou, Charles Zhang
  11. Stride: Search-based Deterministic Replay in Polynomial Time via Bounded LinkageICSE 2012
    Jinguo Zhou, Xiao Xiao, and Charles Zhang
  12. Geometric Encoding: Forging the High Performance Context Sensitive Points-to Analysis for JavaISSTA 2011. You can try this algorithm with Soot by following this tutorial.
    Xiao Xiao, Charles Zhang
  13. Tracking Data Structures for Postmortem Analysis, ICSE 2011 NIER TRACK [slides]
    Xiao Xiao, Jinguo Zhou, Charles Zhang

Manuscripts

  • On the K-reachability Problem for Data Flow Analysis
    Tom Ball Visiting Talk
  • On the Importance of Program Representations in Static Analysis [slides]
    PQE Survey
  • Scaling Context Sensitive Points-to Analysis by Geometric Encoding
    Technical report of the ISSTA 2011 paper

    • Work Experiences

    Director

    Ant Group | 2020 - Present
    Lead the infrastructure team CodeInsight to build world's leading DevSecOps and development tools to serve developers writing better code faster. Main contributions include:
    1. Build the company's first central platform to schedule all static analysis tools in production use.
    2. Build the world's first industrial scale code governance tool empowered by a SQL-like querying language supporting recursive logic.
    3. Build the company's first trust software supply chain protection solution for all projects.
    4. Significantly advance Pinpoint for cloud native applications and publish 7 CCF-A class papers.

    CEO

    Sourcebrella | 2016 - 2020
    Architect and commercialize theorem proving powered static code analysis product Pinpoint to improve software quality and security. Pinpoint has been well recognized and adopted by leading ISP, financial, and software enterprises in China, such as Baidu, Tencent, Huatai securities, Huawei, TCL and etc. Here's a list of achievements generated from the Pinpoint project, including papers and confirmed bugs from open source projects.

    Research Intern

    Microsoft Research Asia | 2013

    Study the Javascript performance problems due to the violation of the sweet spots of type-feedback JIT engines such as V8. The workout is a tool that can automatically point out the code snippets that caused JIT failures.

    Software Developer

    Baidu | 2008

    My job is to recognize the searching queries that demand recent results rather than out-of-date information, such as 奥运会,电脑价格。