I am Hong Jin, a PhD candidate at Singapore Management University under the SOAR group. I am very fortunate to be advised by Prof. David Lo and to collaborate and learn from many brilliant and talented researchers.
Software is eating the world but there is an incoming software apocalypse. We desperately need better ways of understanding software systems. My research aims to develop approaches to design and mine abstractions to address important Software Engineering problems. In my PhD, my research focused on bugs and vulnerabilities related to APIs and third-party components, e.g. libraries.
I am on the job market (my PhD journey will end this year)!
Mining abstractions. I am interested in mining task-specific abstractions (e.g. specifications, rules, features) of programs. We mined behavioral models from traces generated using search-based test generation [TOSEM 2020] and inferred sandbox rules (specified as Alloy models) for an IoT system [ICST 2021].
Related to the abstractions of programs used in Machine Learning for Software Engineering, we analyzed the generalizability of a representative token-based embeddings [ASE 2019]. For filtering false alarms from static analysis, we addressed methodological issues [ICSE 2022 (Poster)] and proposed a new method for call graph pruning [FSE 2022].
Library and API usage. Modern software development involves the heavy use of third-party systems. We are interested in improving the use of third-party systems (libraries and APIs). For managing library vulnerabilities, we have:
- extracted features using pre-trained transformer models to automatically identify the libraries described in NVD entries (to be deployed by our industrial partner, Veracode) [ICPC 2022],
- combined information from multiple sources in identifying possible vulnerabilities based on the commit history of open-source projects [SANER 2022], and
- generated test cases for programs to assess the exploitability of library vulnerabilities [ISSTA 2022].
Program transformation. We developed Coccinelle4J [ECOOP 2019] for program transformation of Java programs, extending the Coccinelle program matching and transformation tool. Coccinelle is widely adopted in the Linux kernel and C systems software. To build better tools, there are many lessons we can learn from Coccinelle.
Building on Coccinelle4J, we have worked on the migration of deprecated Android API methods [ICSME 2019>, ICPC ERA, EMSE 2022]. Other work include machine learning on code changes/commits [ICSE 2020, SANER 2022]
Better research on program transformation will help automate more programming.
|May 25-27, 2022||I presented our work on "Detecting False Alarms from Automatic Static Analysis Tools: How Far are We?" (nominated for a Distinguished Paper Award! :) ) and "Active Learning of Discriminative Subgraph Patterns for API Misuse Detection" at ICSE 2022 in Pittsburgh!|
|April 4, 2022||Our paper "Test Mimicry to Assess the Exploitability of Library Vulnerabilities" has been accepted at ISSTA!|
|Mar 9, 2022||Our paper "Automated Identification of Libraries from Vulnerability Data: Can We Do Better?" has been accepted at ICPC!|
|Dec 17, 2021||Our paper "HERMES: Using Commit-Issue Linking to Detect Vulnerability-Fixing Commits" has been accepted at SANER!|
|Dec 11, 2021||Our paper "BiasFinder: Metamorphic Test Generation to Uncover Bias for Sentiment Analysis Systems" has been accepted at TSE!|
|Dec 3, 2021||Our paper "Detecting False Alarms from Automatic Static Analysis Tools: How Far are We?" has been accepted at ICSE 2022!|
|July 5, 2021||I received the Presidential Doctoral Fellowship 2021 at SMU. Again, thanks to my advisor, Prof. David Lo, for the help and advice!|
|March 19, 2021||Our work on Active Learning of Discriminative Subgraph Patterns for API Misuse Detection was accepted at TSE!|
|Dec 12, 2020||Our work on IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems was accepted at ICST!|
|Sept 13, 2020||Our work on Adversarial Specification Mining was accepted at TOSEM!|
|July 10, 2020||I received the Presidential Doctoral Fellowship at SMU. Thanks to my advisor, Prof. David Lo, for all the help!|
|Nov 12, 2019||I presented our work on Assessing the Generalizability of code2vec Token Embeddings at ASE 2019 in San Diego!|
|Oct 6, 2019||I have a website now!|
|Jul 18, 2019||I presented our work on Semantic Patches for Java Program Transformation at ECOOP 2019 in London!|