Sam Blackshear's research while affiliated with Meta and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (16)
The Move language provides abstractions for programming with digital assets via a mix of value semantics and reference semantics. Ensuring memory safety in programs with references that access a shared, mutable global ledger is difficult, yet essential for the use-cases targeted by Move. The language meets this challenge with a novel memory model a...
A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy \emph{robust safety}. Proving that a program written in a mainstream language is robustly safe is typically challenging because it requires static verification tools that work precisely even in the presence of language features like d...
The Libra blockchain is designed to store billions of dollars in assets, so the security of code that executes transactions is important. The Libra blockchain has a new language for implementing transactions, called “Move.” This paper describes the Move Prover, an automatic formal verification system for Move. We overview the unique features of the...
Smart contracts are programs that implement transactions on modern blockchain platforms. In this rapidly evolving environment, smart-contract programming languages must allow users to write programs that flexibly manage and transfer assets, while providing strong protection against sophisticated attacks. Addressing this need, we present flexible an...
Automatic static detection of data races is one of the most basic problems in reasoning about concurrency. We present RacerD—a static program analysis for detecting data races in Java programs which is fast, can scale to large code, and has proven effective in an industrial software engineering scenario. To our knowledge, RacerD is the first inter-...
We present jumping, a form of selective control-flow abstraction useful for improving the scalability of goal-directed static analyses. Jumping is useful for analyzing programs with complex control-flow such as event-driven systems. In such systems, accounting for orderings between certain events is important for precision, yet analyzing the produc...
We present an approach and tool for general-purpose modeling of Android for static analysis. Our approach is to explicate the reflective bridge between the Android framework and an application to make the framework source amenable to static analysis. Our Droidel tool does this by automatically generating application-specific stubs that summarize th...
We introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base program P. Environmental conditions can either be sufficient conditions (implying the safety of P)...
We introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base program P. Environmental conditions can either be sufficient conditions (implying the safety of P)...
The increasingly larger selection of mobile apps has made it difficult for users to understand what a particular app does and how it differs from the others. A user typically learns about an app from the app's public information (while deciding whether to install it), from the app's UI (while exploring the UI), and from the app's actual behaviors (...
Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial envi...
Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial envi...
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found t...
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found t...
We present techniques for determining the precision gap between Andersen's points-to analysis and precise flow-insensitive points-to analysis in practice. While previous work has shown that such a gap may exist, no efficient algorithm for precise flow-insensitive analysis is known, making measurement of the gap on real-world programs difficult. We...
Citations
... Secondly, Libra uses the Move programming language for smart contracts. The Move language offers security and formal verifiability needed for smart contracts [40], [41]. Libra also has modules for network synchronization, storage, and cryptographic primitives, among others. ...
... Static bug-finders are increasingly used in industry [1], [2]. Infer [1], for example, is probably the most well-known bugfinding static analyzer based on academic research [3], which has been used at Meta to catch important issues such as memory safety errors in C/C++ codebases [4] and data races in Java programs [5]. Other large software companies such as Apple [6], Google [2], [7], and Microsoft [8] are also actively building static analysis tools in order to catch latent bugs early in their software development process [7], [9]. ...
... This rule is the backwards version of the usual Hoare rule of consequence. A similar judgment may be written for an app transition Σ ⊢ t (as described by Blackshear et al. [2013]). For clarity, the semantics is written with explicitly materialized points-to for message arguments and return values (e.g., * ↦ ˆ ). ...
... Without callbackordering constraints, a verifier cannot possibly prove correct the accepted fix for Figure 1. Thus, many static analyzers for Android attempt to eagerly encode the callback control flow of core classes of the framework (e.g., the Activity Lifecycle [Android Developers 2022a] modeled by [Arzt et al. 2014;Blackshear et al. 2015b;Yang et al. 2015]). This approach also has some significant limitations. ...
... The result showed that most tools support a few of the five sensitivities and the number of sensitivities supported by these tools varies. Hopper [4] and Thresher [3] are the only two tools that support five sensitivities while they integrate sensitivity into the algorithm designed for concrete analysis tasks, which make them difficult to extend. ...
... There has been work on equivalence checking of sequential executions across program versions using uninterpreted function abstraction and program verifiers [11,16]. Verification Modulo Versions [17,18] compares two sequential programs w.r.t. a set of assertions. Differential symbolic execution [21] summarizes differences in summaries of two procedures, and Marinescu et al. [20] use symbolic execution for generating tests over program differences. ...
... There have been many works that focus on matching and prioritizing warnings or faults between multiple versions of a program [17][18][19][20][21][22][23][24][25] . [17][18][19]24] uses GNU diff, AST, and Verification Modulo Versions to provide matching, while [21,22] use source control revisions to prioritize static warnings. ...
... We note that there are many other approaches interested in detecting anti-patterns in the code level as introduced by Morales et al. (2016) and Alharbi et al. (2014). However, it has been noted that anti-pattern detection at the design level reduces many code anti-patterns and is more general. ...
... In literature review of static analysis tools for android apps [20], the authors looked in multiple tools and their precision. One of their findings is that path sensitivity was often overlooked, with only 5 out of 30 of the surveyed tools provided it: Woodpecker [16], Apparecium [32], Anadroid [21], THRESHER [5] and ContentScope [36]. ...
... More recently, other kinds of program features have been used to statistically classify analysis alarms [39,11,34,77]. Further out, there is a large body of work on using statistical techniques for mining likely specifications and reporting anomalies as bugs (e.g., [60,52,43,72]) and for improving the performance of static analyzers (e.g., [32,33,17]). ...