I am currently the VP Research & Development at Certora, Inc.. In this capacity, I have found multiple bugs in the Solidity compiler’s output, which you can read all about on medium. This is my personal/academic homepage; if you want to reach out about smart contracts or the blockchain: don’t.
I was formerly a post-doctoral researcher at Kyoto University in the lab of Prof. Atsushi Igarashi. I graduated with a PhD in March 2019 from the Computer Science and Engineering department at the University of Washington.
Most recently I worked on the automated verification of object-oriented programs. More generally my research has focused on using program analysis to solve practical software engineering problems and improving the soundness and precision of analyses on difficult-to-analyze, framework-based applications. My research vision is outlined in my SNAPL ‘17 paper.
My prior research has used static analysis to find consistency errors in programs that interact with dynamic execution environments, techniques from model checking to check for memory safety errors in Rust, dynamic taint analysis to find bugs in dynamic configuration update schemes, and type systems and program instrumentation to find type errors in Ruby programs. You can find links to all of my publications below, or look at my CV.
I received my BS in Computer Science at the University of Maryland, College Park. My honors project - which helped develop an undergraduate PL curriculum - was advised by Dr. Jeffrey Foster. I also had the pleasure of working with Dr. Michael Hicks.
Learning to Adapt: Analysis for Configurable Software
John Toman. PhD Dissertation.
Staccato: A Bug-Finder for Dynamic Configuration Updates.
John Toman and Dan Grossman. In ECOOP ‘16.
Winner: Distinguished Artifact Award and Distinguished Poster Award.
Paper (PDF) | GitHub | Web | Talk (YouTube) | Artifact