-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
69 lines (69 loc) · 4.79 KB
/
index.html
File metadata and controls
69 lines (69 loc) · 4.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="description" content="Advanced analysis and testing techniques for code auditing and understanding.">
<meta name="keywords" content="Program Analysis, Testing, Formal Methods, LLM, Decompilation, Code Auditing">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Research Highlights of PurCL</title>
<link href="https://fonts.googleapis.com/css?family=Google+Sans|Noto+Sans|Castoro" rel="stylesheet">
<link rel="stylesheet" href="./static/css/bulma.min.css">
<link rel="stylesheet" href="./static/css/index.css">
<link rel="icon" href="./static/images/favicon.svg">
<style>
.main-title {
color: #a0004d;
font-weight: bold;
margin-top: 2rem;
margin-bottom: 1rem;
font-size: 2.2rem;
}
.section-header {
font-weight: bold;
font-size: 1.6rem;
margin-top: 2rem;
margin-bottom: 1rem;
}
.custom-container {
max-width: 1100px;
margin: 0 auto;
padding: 2rem 1rem;
}
ul.achievement-list {
margin-top: 1.5rem;
margin-left: 0.2rem;
}
ul.achievement-list li {
margin-bottom: 1.1em;
font-size: 1.08rem;
line-height: 1.6;
}
body { background: #fcfcfc; }
a.tool-link {
color: #a0004d;
text-decoration: underline;
font-weight: bold;
}
a.award-link {
color: #a0004d;
text-decoration: underline;
font-weight: bold;
}
</style>
</head>
<body>
<div class="custom-container">
<div class="main-title">Research Highlights of PurCL</div>
<div style="font-size:1.1rem; margin-bottom: 1.7rem;">
Under the DARPA VSPELLS program, we've developed a suite of advanced analysis and testing techniques spanning diverse program domains for code lifting and understanding. Below, you can find a list of the most notable achievements.
</div>
<div class="section-header">Selected Achievements</div>
<ul class="achievement-list">
<li>• A formal method-based program lifting technique that abstracts input formats using symbolic finite automata, enabling downstream tasks such as fuzzing (<a href="https://www.usenix.org/system/files/usenixsecurity23-shi-qingkai.pdf" class="tool-link" target="_blank" rel="noopener noreferrer">StateLifter</a>, <a href="https://github.com/qingkaishi/netlifter" class="tool-link" target="_blank" rel="noopener noreferrer">NetLifter</a>) and differential symbolic analysis (<a href="https://github.com/zmw12306/ParDiff" class="tool-link" target="_blank" rel="noopener noreferrer">ParDiff</a>). ParDiff was awarded with <a href="https://2024.splashcon.org/details/splash-2024-oopsla/44/ParDiff-Practical-Static-Differential-Analysis-of-Network-Protocol-Parsers" class="award-link" target="_blank" rel="noopener noreferrer">OOPSLA 2024 Distinguished Paper Award</a>.</li>
<li>• Lifting network protocol specifications from documentation using large language models, supporting parser validation (<a href="https://arxiv.org/pdf/2504.18050" class="tool-link" target="_blank" rel="noopener noreferrer">ParCleanse</a>) and functional bug detection (<a href="https://github.com/zmw12306/RFCScan" class="tool-link" target="_blank" rel="noopener noreferrer">RFCScan</a>).</li>
<li>• Decompiler augmentation using large language models for variable and type recovery (<a href="https://github.com/XZ-X/gennm-ndss-ae" class="tool-link" target="_blank" rel="noopener noreferrer">GymNM</a> and <a href="https://github.com/lt-asset/resym" class="tool-link" target="_blank" rel="noopener noreferrer">ReSym</a>), enhancing malware reverse engineering and binary code summarization. ReSym was awarded with <a href="https://www.sigsac.org/ccs/CCS2024/program/awards.html" class="award-link" target="_blank" rel="noopener noreferrer">CCS 2024 Distinguished Paper Award</a>.</li>
<li>• Autonomous LLM agents for repository-level code understanding and auditing (<a href="https://github.com/chengpeng-wang/LLMDFA" class="tool-link" target="_blank" rel="noopener noreferrer">LLMDFA</a>, <a href="https://github.com/chengpeng-wang/LLMSAN" class="tool-link" target="_blank" rel="noopener noreferrer">LLMSAN</a>, and <a href="https://github.com/PurCL/RepoAudit" class="tool-link" target="_blank" rel="noopener noreferrer">RepoAudit</a>), enabling build-free, customizable bug detection during development. The agents have uncovered over 300 previously unknown vulnerabilities in open-source projects (<a href="https://repoaudit-home.github.io/bugreports.html" class="tool-link" target="_blank" rel="noopener noreferrer">Bug Gallery</a>), drawing attention from industry leaders like <a href="https://www.youtube.com/watch?v=nOS56VC0FTQ" class="tool-link" target="_blank" rel="noopener noreferrer">GitHub CodeQL</a>.</li>
</ul>
</div>
</body>
</html>