My research focuses on observability, correctness, efficiency, and trustworthy data engineeringin build systems, continuous integration, security analysis, and agent-assisted software development. I work on build dependency errors, incremental build reliability, automatic repair of missing dependencies, and LLM-assisted build environment generation, with the goal of bringing Coding Agents and software analysis techniques into real development workflows.
Intelligence in software engineering is not merely about calling large language models. It requires integrating models, tools, context, execution environments, and quality validation into real development workflows.
This is my most continuous research thread: starting from why incremental builds go wrong, I further study how to detect, explain, and repair such errors, and how to generate reliable build environments.
Modern build systems rely on scripts, declarative files, toolchains, system environments, and historical build states. When dependency declarations are missing, build execution diverges from declarations, configuration-switching orders are inappropriate, or environmental dependencies are incomplete, incremental builds may produce stale artifacts, incorrect binaries, or non-reproducible results. Therefore, build research is not only about acceleration; it also involves correctness boundaries, dependency evidence, error localization, and automated repair.
I study build reuse relations and ordering sensitivity across configurations, and explore how to schedule configuration builds to reduce redundant work while preserving correctness.
For hidden missing dependencies in incremental builds, I identify which file, command, or artifact relations are not correctly modeled by the build system.
By dynamically analyzing build execution behavior and comparing it with build declarations, I detect incomplete declarations, over-declarations, and execution-declaration dependency deviations.
I move from detection to repair by combining error logs, project structure, package-management knowledge, and validation feedback to generate deployable dependency repair solutions.
For Dockerfile generation and build environment reproduction, I combine build knowledge, repository context, and execution validation to improve automation in environment configuration.
My research starts from real software repositories and engineering workflows, with automated observation, verifiable experiments, and tool prototypes as core deliverables.
I study missing dependencies in incremental builds, inconsistencies between build execution and declarations, and missing system/library dependencies, forming a continuous research chain from detection and explanation to automated repair.
I analyze build time from three levels—multi-configuration builds, single builds, and critical paths—characterizing rebuild closures, waiting losses, long-chain phases, and attainable acceleration upper bounds.
Through call chains and capability paths, I identify real dependency components in LLM applications and analyze the gaps among declared dependencies, actual usage, configuration-mediated usage, and vulnerability reachability.
This project focuses on real tasks such as environment configuration, dependency repair, and build failure diagnosis. It records process behaviors including task planning, command execution, tool invocation, error recovery, rollback, and retry, and safeguards data quality through automated solvability checks, build/test validation, and risk filtering.
By combining static analysis, dynamic execution evidence, vulnerability knowledge, and LLM reasoning, I study vulnerability detection, malicious injection variant detection, bug localization, and code repair.
I integrate code, configuration, dependency declarations, build logs, test results, tool invocation traces, and repository history into traceable evidence chains.
I combine program analysis, rule systems, knowledge graphs, and LLMs to support localization, diagnosis, repair, scheduling, and data generation.
I evaluate correctness, stability, efficiency, and deployability through benchmarks, sandboxes, real-repository reproduction, and industrial scenario trials.
Rather than stopping at conceptual contributions, I emphasize engineering-verifiable outcomes: data specifications, task libraries, trajectory libraries, validation tools, prototype systems, experimental reports, and industrial scenario validation.
This work studies explainable automated models for measuring software engineer contribution, supporting R&D efficiency assessment and engineering management decisions.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024: 783–794.This work uses graph-based modeling to prioritize code review requests, improving review resource allocation and engineering collaboration efficiency.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024: 104–116.This work constructs a layered taxonomy and quality-attribute-driven decision support method for selecting blockchain-based application design patterns.
IEEE Transactions on Software Engineering, 2025, 51(4): 1039–1066.This work explores context organization, knowledge injection, and localization effectiveness of knowledge-enhanced LLMs for bug localization.
Proceedings of the ACM on Software Engineering, 2025, 2(FSE): 1914–1936.This work analyzes the applicability boundaries of perplexity for detecting LLM-generated code and reveals the limitations of one-size-fits-all detection strategies across different scenarios.
ACM Transactions on Software Engineering and Methodology, 2024.This work studies robust software security detection methods and generalization capability for malicious injection variants.
IEEE Transactions on Software Engineering, 2026 [to appear].I especially welcome students who have engineering implementation skills, are willing to dive into real toolchains and open-source repositories, and are interested in software security, testing, or AI4SE.
Software build, software supply-chain security, program analysis, LLM agents, code intelligence, automated testing, and vulnerability detection.
Ability to read and modify real codebases, familiarity with at least one of Python/Java/C, and willingness to conduct experiments, reproduction studies, and tool development.
Starting from students’ interests and small concrete problems, we gradually develop reproducible experiments, tool prototypes, paper submissions, or industrial collaboration deliverables, with weekly one-on-one meetings.
Please feel free to reach out if you are interested in software R&D efficiency, build systems, software security, AI4SE, Agentic Coding, or the deployment of enterprise-level development tools.