Seungheon Han

• Computer science and engineering
• Combined master’s and doctoral program
• Lab of Software (LOFT) in UNIST (Ulsan National Institute of Science and Technology)
• Program Verification, Automated Program Repair, Software Testing and Analysis, Software Security, Fuzzing, Symbolic Execution
• E-Mail: shhan@unist.ac.kr
• github: https://github.com/hsh814

Publications

2025

SymRadar: PoC-Centered Bounded Verification for Vulnerability Repairs (ICSE 2026)

• Patch Verification
• Function-level Symbolic Execution

Abstract

In this paper, we tackle the problem of patch verification. While automated vulnerability repair (AVR) techniques are gaining traction, it is not sufficient to merely generate patches; providing evidence of their correctness is also essential. However, the current state-of-the-art patch verification methods are not sufficiently effective. To address this issue, we present SymRadar, a patch verification tool based on under-constrained symbolic execution (UC-SE). What distinguishes SymRadar from existing patch verification techniques is its use of function-level symbolic execution with inputs centered around the provided proof-of-concept (PoC) input. As demonstrated in our evaluation, this PoC-centered symbolic execution is effective, achieving the highest recall (100%) and specificity (78%) among all compared techniques.

2024

Enhancing the Efficiency of Automated Program Repair via Greybox Analysis (ASE 2024)

• Automated Program Repair
• Patch Selection Scheduling with Branch Hit Feedback

Abstract

In this paper, we pay attention to the efficiency of automated program repair (APR). Recently, an efficient patch scheduling algorithm, Casino, has been proposed to improve APR efficiency. Inspired by fuzzing, Casino adaptively chooses the next patch candidate to evaluate based on the results of previous evaluations. However, we observe that Casino utilizes only the test results, treating the patched program as a black box. Inspired by greybox fuzzing, we propose a novel patch-scheduling algorithm, Gresino, which leverages the internal state of the program to further enhance APR efficiency. Specifically, Gresino monitors the hit counts of branches observed during the execution of the program and uses them to guide the search for a valid patch. Our experimental evaluation on the Defects4J benchmark and eight APR tools demonstrates the efficacy of our approach.

2023

Automated Program Repair from Fuzzing Perspective (ISSTA 2023)

• Automated Program Repair
• Patch Selection Scheduling

Abstract

In this work, we present a novel approach that connects two closely-related topics: fuzzing and automated program repair (APR). The paper is divided into two parts. In the first part, we describe the similarities between fuzzing and APR both of which can be viewed as a search problem. In the second part, we introduce a new patch-scheduling algorithm called Casino, which is designed from a fuzzing perspective to enhance search efficiency. Our experiments demonstrate that Casino outperforms existing algorithms. We also promote open science by sharing SimAPR, a simulation tool that can be used to evaluate new patch-scheduling algorithms.

Projects

• SimAPR: a patch scheduling framework for the patch searching problem. Used for Casino (ISSTA’23) and Gresino (ASE’24) research.
• symradar: a patch verification tool for vulnerability repair. Based on KLEE symbolic execution engine. Supports symbolic execution and lazy initialization. Used for SymRadar (ICSE’26) research.

EDUCATION

• Combined Master and Ph.D. in Computer Science and Engineering ◦ UNIST (Ulsan National Institute of Science and Technology), Ulsan, South Korea ◦ March 2022 – Present ◦ Adviser: Prof. Jooyong Yi • Bachelor in Computer Science and Engineering ◦ UNIST (Ulsan National Institute of Science and Technology), Ulsan, South Korea ◦ March 2018 – February 2022