Sam Blackshear's research while affiliated with Meta and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (15)
The Move language provides abstractions for programming with digital assets via a mix of value semantics and reference semantics. Ensuring memory safety in programs with references that access a shared, mutable global ledger is difficult, yet essential for the use-cases targeted by Move. The language meets this challenge with a novel memory model a...
A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy \emph{robust safety}. Proving that a program written in a mainstream language is robustly safe is typically challenging because it requires static verification tools that work precisely even in the presence of language features like d...
The Libra blockchain is designed to store billions of dollars in assets, so the security of code that executes transactions is important. The Libra blockchain has a new language for implementing transactions, called “Move.” This paper describes the Move Prover, an automatic formal verification system for Move. We overview the unique features of the...
Smart contracts are programs that implement transactions on modern blockchain platforms. In this rapidly evolving environment, smart-contract programming languages must allow users to write programs that flexibly manage and transfer assets, while providing strong protection against sophisticated attacks. Addressing this need, we present flexible an...
Automatic static detection of data races is one of the most basic problems in reasoning about concurrency. We present RacerD—a static program analysis for detecting data races in Java programs which is fast, can scale to large code, and has proven effective in an industrial software engineering scenario. To our knowledge, RacerD is the first inter-...
We present jumping, a form of selective control-flow abstraction useful for improving the scalability of goal-directed static analyses. Jumping is useful for analyzing programs with complex control-flow such as event-driven systems. In such systems, accounting for orderings between certain events is important for precision, yet analyzing the produc...
We present an approach and tool for general-purpose modeling of Android for static analysis. Our approach is to explicate the reflective bridge between the Android framework and an application to make the framework source amenable to static analysis. Our Droidel tool does this by automatically generating application-specific stubs that summarize th...
We introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base program P. Environmental conditions can either be sufficient conditions (implying the safety of P)...
We introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base program P. Environmental conditions can either be sufficient conditions (implying the safety of P)...
The increasingly larger selection of mobile apps has made it difficult for users to understand what a particular app does and how it differs from the others. A user typically learns about an app from the app's public information (while deciding whether to install it), from the app's UI (while exploring the UI), and from the app's actual behaviors (...
Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial envi...
Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial envi...
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found t...
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found t...
We present techniques for determining the precision gap between Andersen's points-to analysis and precise flow-insensitive points-to analysis in practice. While previous work has shown that such a gap may exist, no efficient algorithm for precise flow-insensitive analysis is known, making measurement of the gap on real-world programs difficult. We...
Citations
... Data races form a popular category of bugs in sharedmemory systems (including Go) and have been the focus of many proposals to detect them in the last three decades [1,30]. Two techniques for data race detection are popularstatic analysis [28,41,42,61,71,84] and dynamic analysis [27,39,43,44,48,57,58,66,69,74,76,77,80]. Google's Go distribution ships with a built-in dynamic data race detector [10] based on ThreadSanitizer [79], which integrates lock-set [76] and happens-before [44,66] algorithms to report races. ...
Reference: A Study of Real-World Data Races in Golang
... In literature review of static analysis tools for android apps [20], the authors looked in multiple tools and their precision. One of their findings is that path sensitivity was often overlooked, with only 5 out of 30 of the surveyed tools provided it: Woodpecker [16], Apparecium [32], Anadroid [21], THRESHER [5] and ContentScope [36]. ...
... EdgeMiner [11] and Scandal [29] model the registration of callbacks. Droidel [9] also captures callback registration by modeling the reflection calls inside the Android framework code. Similarly, Pasket [25] automatically learns implementations of framework classes that behave according to particular design patterns. ...
... The result showed that most tools support a few of the five sensitivities and the number of sensitivities supported by these tools varies. Hopper [4] and Thresher [3] are the only two tools that support five sensitivities while they integrate sensitivity into the algorithm designed for concrete analysis tasks, which make them difficult to extend. ...
... There has been work on equivalence checking of sequential executions across program versions using uninterpreted function abstraction and program verifiers [11,16]. Verification Modulo Versions [17,18] compares two sequential programs w.r.t. a set of assertions. Differential symbolic execution [21] summarizes differences in summaries of two procedures, and Marinescu et al. [20] use symbolic execution for generating tests over program differences. ...
... The drastic consequences of small program changes on verification tools is sometimes recognized as verification's "butterfly effect" [Leino and Pit-Claudel 2016]. Many program analysis techniques exhibit brittle behaviors [Karpenkov et al. 2016;Logozzo et al. 2014]. This may be in line with the inherent hardness; for instance, the class of programs for which an abstract interpreter is complete is undecidable [Giacobazzi et al. 2015]. ...
... We note that there are many other approaches interested in detecting anti-patterns in the code level as introduced by Morales et al. (2016) and Alharbi et al. (2014). However, it has been noted that anti-pattern detection at the design level reduces many code anti-patterns and is more general. ...
... Memory leaks impact a considerable number of real Android apps, as it has been shown in the recent work by Toffalini et al. [14], and therefore a number of solutions to detect them have been proposed in the literature. Since memory leaks are usually due to bad programming practices that negatively impact the app's memory usage, several source code static analysis approaches have been proposed in the literature to detect possible root causes of Android memory leaks [15], [19]- [22]. A key limitation of these approaches is that they focus only on subsets of bad practices. ...
... More recently, other kinds of program features have been used to statistically classify analysis alarms [39,11,34,77]. Further out, there is a large body of work on using statistical techniques for mining likely specifications and reporting anomalies as bugs (e.g., [60,52,43,72]) and for improving the performance of static analyzers (e.g., [32,33,17]). ...
... Inclusion-based points-to analysis [5] is more precise than equality-based analysis. A study by Blackshear et al. [9] shows that "The precision gap between Andersen's and precise flow-insensitive analysis is non-existent in practice." An inclusion-based points-to analysis collects a set of inclusion constraints from the input program and constructs a constraint graph. ...