Penghui Li Postdoctoral Research Scientist Columbia University Email | Google Scholar | GitHub | Awards | Services

I am a Postdoctoral Research Scientist at Columbia University, where I work with Prof. Junfeng Yang and collaborate closely with Prof. Yinzhi Cao from Johns Hopkins University.

My research focuses on software security and program analysis for web and systems, with a recent emphasis on neuro-symbolic approaches. My research frequently intersects software engineering, programming languages, and machine learning.

I received my Ph.D. from the Chinese University of Hong Kong, where I was fortunate to be advised by Prof. Wei Meng. During my Ph.D., I had the privilege of working with Prof. Kangjie Lu from University of Minnesota and Prof. Chao Zhang from Tsinghua University. Prior to that, I received my B.Eng. from University of Chinese Academy of Sciences.

Awards and Honors

• ACM CCS Distinguished Paper Award, 2024

• USENIX Security Distinguished Artifact Reviewer, 2024

• ACM CCS Best Paper Honorable Mention, 2022

• HKSAR Reaching Out Award, 2022

• IEEE/ACM ASE Best Software Artifact Nomination, 2021

• The Web Conference Student Scholarship, 2021

Selected Publications [Full List]

• FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache [PDF]
  Penghui Li, Mingxue Zhang
  In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), October 2024
  ★ Distinguished Paper Award

• SDFuzz: Target States Driven Directed Fuzzing [PDF]
  Penghui Li, Wei Meng, Chao Zhang
  In Proceedings of the 33rd USENIX Security Symposium (Security), August 2024
  

• Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis [PDF]
  Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo
  In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), May 2024
  

• SEDiff: Scope-Aware Differential Fuzzing to Test Internal Function Models in Symbolic Execution [PDF]
  Penghui Li, Wei Meng, Kangjie Lu
  In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), November 2022
  

• Understanding and Detecting Performance Bugs in Markdown Compilers [PDF]
  Penghui Li, Yinxi Liu, Wei Meng
  In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), November 2021
  ★ Best Software Artifact Nomination

• LChecker: Detecting Loose Comparison Bugs in PHP [PDF]
  Penghui Li, Wei Meng
  In Proceedings of the Web Conference (WWW), April 2021
  

• On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution [PDF]
  Penghui Li, Wei Meng, Kangjie Lu, Changhua Luo
  In Proceedings of the Web Conference (WWW), April 2021
  

Services

Program Committee

• USENIX Security, 2026

• ACM CCS, 2025

• MADWeb, 2024, 2025

• EuroSys, Shadow PC, 2024

• USENIX Security, Artifact Evaluation Committee, 2024

• ACM CCS, Artifact Evaluation Committee, 2023

Journal Reviewer

• ACM Transactions on Software Engineering and Methodology

• IEEE Transactions on Dependable and Secure Computing

• IEEE Transactions on Software Engineering