research-article

Open Access

Obsidian: Typestate and Assets for Safer Blockchain Programming

Authors:
Michael Coblenz

Carnegie Mellon University, PA, USA

Carnegie Mellon University, PA, USA

0000-0002-9369-4069
View Profile

,
Reed Oei

University of Illinois at Urbana-Champaign, Urbana, IL, USA

University of Illinois at Urbana-Champaign, Urbana, IL, USA
View Profile

,
Tyler Etzel

Facebook, CA, USA

Facebook, CA, USA
View Profile

,
Paulette Koronkevich

University of British Columbia, Vancouver, BC, Canada

University of British Columbia, Vancouver, BC, Canada
View Profile

,
Miles Baker

Amazon, Seattle, WA, USA

Amazon, Seattle, WA, USA
View Profile

,
Yannick Bloem

Apple, Inc, Cupertino, CA, USA

Apple, Inc, Cupertino, CA, USA
View Profile

,
Brad A. Myers

Carnegie Mellon University, PA, USA

Carnegie Mellon University, PA, USA
View Profile

,
Joshua Sunshine

Carnegie Mellon University, PA, USA

Carnegie Mellon University, PA, USA
View Profile

,
Jonathan Aldrich

Carnegie Mellon University, PA, USA

Carnegie Mellon University, PA, USA

0000-0003-0631-5591
View Profile

ACM Transactions on Programming Languages and Systems Volume 42 Issue 3Article No.: 14pp 1–82https://doi.org/10.1145/3417516

Published:25 November 2020Publication History

ACM Transactions on Programming Languages and Systems

Abstract

Blockchain platforms are coming into use for processing critical transactions among participants who have not established mutual trust. Many blockchains are programmable, supporting smart contracts, which maintain persistent state and support transactions that transform the state. Unfortunately, bugs in many smart contracts have been exploited by hackers. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. Obsidian is based on a core calculus, Silica, for which we proved type soundness. Obsidian uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. We integrated a permissions system that encodes a notion of ownership to allow for safe, flexible aliasing. We describe two case studies that evaluate Obsidian’s applicability to the domains of parametric insurance and supply chain management, finding that Obsidian’s type system facilitates reasoning about high-level states and ownership of resources. We compared our Obsidian implementation to a Solidity implementation, observing that the Solidity implementation requires much boilerplate checking and tracking of state, whereas Obsidian does this work statically.

References

Jonathan Aldrich, Joshua Sunshine, Darpan Saini, and Zachary Sparks. 2009. Typestate-oriented Programming. In Companion of Object Oriented Programming Systems, Languages, and Applications (OOPSLA’09). 1015--1022. DOI:https://doi.org/10.1145/1639950.1640073Google ScholarDigital Library
Leonardo Alt and Christian Reitwiessner. 2018. SMT-based verification of solidity smart contracts. In Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice.Google Scholar
Tara Astigarraga, Xiaoyan Chen, Yaoliang Chen, Jingxiao Gu, Richard Hull, Limei Jiao, Yuliang Li, and Petr Novotny. 2018. Empowering business-level blockchain users with a rules framework for smart contracts. In International Conference on Service-Oriented Computing (ICSOC’18). DOI:https://doi.org/10.1007/978-3-030-03596-9_8Google ScholarDigital Library
Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts SoK. In Principles of Security and Trust (POST’17). DOI:https://doi.org/10.1007/978-3-662-54455-6_8Google ScholarDigital Library
Celeste Barnaby, Michael Coblenz, Tyler Etzel, Eliezer Kanal, Joshua Sunshine, Brad Myers, and Jonathan Aldrich. 2017. A user study to inform the design of the obsidian blockchain DSL. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’17).Google Scholar
Karthikeyan Bhargavan, Nikhil Swamy, Santiago Zanella-Béguelin, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, and Thomas Sibut-Pinote. 2016. Formal verification of smart contracts. In ACM Workshop on Programming Languages and Analysis for Security (PLAS’16). DOI:https://doi.org/10.1145/2993600.2993611Google ScholarDigital Library
Kevin Bierhoff and Jonathan Aldrich. 2008. PLURAL: Checking protocol compliance under aliasing. In Companion of International Conference on Software Engineering (ICSE Companion’08). 971--972. DOI:https://doi.org/10.1145/1370175.1370213Google ScholarDigital Library
Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2009. Practical API protocol checking with access permissions. In European Conference on Object-Oriented Programming (ECOOP’09). DOI:https://doi.org/10.1007/978-3-642-03013-0_10Google ScholarDigital Library
Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2011. Checking concurrent typestate with access permissions in Plural: A retrospective. In Engineering of Software, P. Tarr and A. Wolf (Eds.). Springer, Berlin, Heidelberg. DOI:https://doi.org/10.1007/978-3-642-19823-6_4Google ScholarCross Ref
John Boyland. 2003. Checking interference with fractional permissions. In International Conference on Static Analysis (SAS’03). DOI:https://doi.org/10.1007/3-540-44898-5_4Google ScholarCross Ref
John Boyland, James Noble, and William Retert. 2001. Capabilities for sharing: A generalisation of uniqueness and read-only. In European Conference on Object-Oriented Programming (ECOOP’01). DOI:https://doi.org/10.1007/3-540-45337-7_2Google ScholarCross Ref
Luís Caires and Frank Pfenning. 2010. Session types as intuitionistic linear propositions. In International Conference on Concurrency Theory (CONCUR’10). DOI:https://doi.org/10.1007/978-3-642-15375-4_16Google ScholarCross Ref
David G. Clarke, John M. Potter, and James Noble. 1998. Ownership types for flexible alias protection. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’98). DOI:https://doi.org/10.1145/286936.286947Google ScholarDigital Library
David G. Clarke, Tobias Wrigstad, and James Noble. 2013. Aliasing in Object-oriented Programming: Types, Analysis and Verification. Lecture Notes in Computer Science, Vol. 7850. Springer. DOI:https://doi.org/10.1007/978-3-642-36946-9Google ScholarCross Ref
Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2014. Considering productivity effects of explicit type declarations. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’14). 3. DOI:https://doi.org/10.1145/2688204.2688218Google ScholarDigital Library
Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2020b. Obsidian smart contract programming language. Carnegie Mellon University. DOI:https://doi.org/10.1184/R1/12814202.v1Google ScholarCross Ref
Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2018. Interdisciplinary programming language design. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!’18). 133--146. DOI:https://doi.org/10.1145/3276954.3276965Google ScholarDigital Library
Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2020a. Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in obsidian. In Object-oriented Programming Systems, Languages, and Applications (OOPSLA’20). Submitted for publication.Google Scholar
Michael Coblenz, Gauri Kambhatla, Paulette Koronkevich, Jenna L. Wise, Celeste Barnaby, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019a. PLIERS: A Process that Integrates User-Centered Methods into Programming Language Design. arxiv:1912.04719. Retrieved from http://arxiv.org/abs/1912.04719.Google Scholar
Michael Coblenz, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019b. Smarter smart contract development tools. In 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. DOI:https://doi.org/10.1109/WETSEB.2019.00013Google ScholarDigital Library
Phil Daian. 2016. Analysis of the DAO exploit. Retrieved August 21, 2018 from http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/.Google Scholar
Robert DeLine and Manuel Fähndrich. 2004. Typestates for objects. In European Conference on Object-Oriented Programming (ECOOP’04). DOI:https://doi.org/10.1007/978-3-540-24851-4_21Google ScholarCross Ref
Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In International Conference on Financial Cryptography and Data Security. DOI:https://doi.org/10.1007/978-3-662-53357-4_6Google ScholarCross Ref
Vincent Dieterich, Marko Ivanovic, Thomas Meier, Sebastian Zäpfel, Manuel Utz, and Philipp Sandner. 2017. Retrieved February 18, 2020 from https://medium.com/@philippsandner/application-of-blockchain-technology-in-the-manufacturing-industry-d03a8ed3ba5e.Google Scholar
Digital Asset, Inc. 2019. An Introduction to DAML. Retrieved February 18, 2020 from https://docs.daml.com/daml/intro/0_Intro.html.Google Scholar
Sophia Drossopoulou, Ferruccio Damiani, Mariangiola Dezani-Ciancaglini, and Paola Giannini. 2002. More dynamic object reclassification: Fickle II. ACM Trans. Program. Lang. Syst. 24, 2 (Mar. 2002), 153--191. DOI:https://doi.org/10.1145/514952.514955Google ScholarDigital Library
Chris Elsden, Arthi Manohar, Jo Briggs, Mike Harding, Chris Speed, and John Vines. 2018. Making sense of blockchain applications: A typology for HCI. In CHI Conference on Human Factors in Computing Systems (CHI’18). 1--14. DOI:https://doi.org/10.1145/3173574.3174032Google ScholarDigital Library
Encyclopædia Britannica. 2020. Obsidian. Retrieved May 24, 2020 from https://www.britannica.com/science/obsidian.Google Scholar
Ethereum Foundation. 2020c. Common Patterns. Retrieved February 18, 2020 from http://solidity.readthedocs.io/en/develop/common-patterns.html.Google Scholar
Ethereum Foundation. 2020b. Ethereum Project. Retrieved February 18, 2020 from http://www.ethereum.org.Google Scholar
Ethereum Foundation. 2020a. Solidity. Retrieved February 18, 2020 from https://solidity.readthedocs.io/en/develop/.Google Scholar
Manuel Fahndrich and Robert DeLine. 2002. Adoption and focus: Practical linear types for imperative programming. In Programming Language Design and Implementation (PLDI’02). 12. DOI:https://doi.org/10.1145/512529.512532Google ScholarDigital Library
J. Feist, G. Grieco, and A. Groce. 2019. Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).Google Scholar
Ronald Garcia, Éric Tanter, Roger Wolff, and Jonathan Aldrich. 2014. Foundations of typestate-oriented programming. ACM Trans. Program. Lang. Syst. 36, 4, Article 12 (October 2014), 44 pages. DOI:https://doi.org/10.1145/2629609Google ScholarDigital Library
Google Inc. 2019. Protocol Buffers. Retrieved February 18, 2020 from https://developers.google.com/protocol-buffers/.Google Scholar
Colin S. Gordon, Matthew J. Parkinson, Jared Parsons, Aleks Bromfield, and Joe Duffy. 2012. Uniqueness and reference immutability for safe parallelism. In Object-oriented Programming, Systems, Languages, and Applications (2012). DOI:https://doi.org/10.1145/2398857.2384619Google ScholarDigital Library
Luke Graham. 2017. $32 million worth of digital currency ether stolen by hackers. Retrieved November 2, 2017 from https://www.cnbc.com/2017/07/20/32-million-worth-of-digital-currency-ether-stolen-by-hackers.html.Google Scholar
Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2020. MadMax: Analyzing the out-of-gas world of smart contracts. Commun. ACM 63, 6 (2020).Google ScholarDigital Library
Harvard Business Review. 2017. The Potential for Blockchain to Transform Electronic Health Records. Retrieved February 18, 2020 from https://hbr.org/2017/03/the-potential-for-blockchain-to-transform-electronic-health-records.Google Scholar
Dominik Harz and William Knottenbelt. 2018. Towards Safer Smart Contracts: A Survey of Languages and Verification Methods. arxiv:1809.09805. Retrieved from http://arxiv.org/abs/1809.09805.Google Scholar
Richard Hull, Vishal S. Batra, Yi-Min Chen, Alin Deutsch, Fenno F. Terry Heath III, and Victor Vianu. 2016. Towards a shared ledger business collaboration language based on data-aware processes. In International Conference on Service-Oriented Computing (ICSOC’16).Google Scholar
IBM. 2019. Blockchain for supply chain. Retrieved March 31, 2019 from https://www.ibm.com/blockchain/supply-chain/.Google Scholar
Atsushi Igarashi, Benjamin C. Pierce, and Philip Wadler. 2001. Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst. 23, 3 (May 2001), 396--450.Google ScholarDigital Library
Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: Analyzing safety of smart contracts. In Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
Theodoros Kasampalis, Dwight Guth, Brandon Moore, Traian Florin Şerbănuţă, Yi Zhang, Daniele Filaretti, Virgil Şerbănuţă, Ralph Johnson, and Grigore Roşu. 2019. IELE: A rigorously designed language and tool ecosystem for the blockchain. In International Symposium on Formal Methods (FM’19).Google ScholarDigital Library
H. T. Kung and John T. Robinson. 1981. On optimistic methods for concurrency control. ACM Trans. Database Syst. 6, 2 (June 1981), 213--226. DOI:https://doi.org/10.1145/319566.319567Google ScholarDigital Library
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Computer and Communications Security (CCS’16). DOI:https://doi.org/10.1145/2976749.2978309Google ScholarDigital Library
Robert C. Martin, Jan M. Rabaey, Anantha P. Chandrakasan, and Borivoje Nikolic. 2003. Agile Software Development: Principles, Patterns, and Practices. Pearson Education. 95022672Google Scholar
Leonid Mikhajlov and Emil Sekerinski. 1998. A study of the fragile base class problem. In European Conference on Object-Oriented Programming (ECOOP 1998). 355--382.Google ScholarCross Ref
Brad A. Myers, Amy J. Ko, Thomas D. LaToza, and YoungSeok Yoon. 2016. Programmers are users too: Human-centered methods for improving programming tools. Computer 49, 7 (July 2016), 44--52. DOI:https://doi.org/10.1109/MC.2016.200Google ScholarDigital Library
Karl Naden, Robert Bocchino, Jonathan Aldrich, and Kevin Bierhoff. 2012. A type system for borrowing permissions. In Principles of Programming Languages (POPL’12). DOI:https://doi.org/10.1145/2103621.2103722Google ScholarDigital Library
Jakob Nielsen and Rolf Molich. 1990. Heuristic evaluation of user interfaces. In SIGCHI Conference on Human Factors in Computing Systems (CHI 1990).Google ScholarDigital Library
John F. Pane, Brad A. Myers, and Leah B. Miller. 2002. Using HCI techniques to design a more usable programming system. In Human Centric Computing Languages and Environments (HCC’02). 198--206. DOI:https://doi.org/10.1109/HCC.2002.1046372Google ScholarCross Ref
Benjamin C. Pierce and David N. Turner. 2000. Local type inference. ACM Trans. Program. Lang. Syst. 22, 1 (2000), 1--44.Google ScholarDigital Library
Mozilla Research. 2015. The Rust Programming Language. Retrieved February 18, 2020 from https://www.rust-lang.org.Google Scholar
Grigore Roşu and Traian Florin Şerbănuţă. 2010. An overview of the K semantic framework. J. Logic Algebr. Program. 79, 6 (2010), 397--434.Google ScholarCross Ref
Amr Sabry and Matthias Felleisen. 1992. Reasoning about programs in continuation-passing style. In Conference on LISP and Functional Programming (LFP’92). 11. DOI:https://doi.org/10.1145/141471.141563Google ScholarDigital Library
Franklin Schrans and Susan Eisenbach. 2019. Introduce the Asset trait. Retrieved February 18, 2020 from https://github.com/flintlang/flint/blob/master/proposals/0001-asset-trait.md.Google Scholar
Franklin Schrans, Daniel Hails, Alexander Harkness, Sophia Drossopoulou, and Susan Eisenbach. 2019. Flint for safer smart contracts. arxiv:1904.06534. Retrieved from https://arxiv.org/abs/1904.06534.Google Scholar
Ilya Sergey, Vaivaswatha Nagaraj, Jacob Johannsen, Amrit Kumar, Anton Trunov, and Ken Chan Guan Hao. 2019. Safer smart contract programming with Scilla. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’19). DOI:https://doi.org/10.1145/3360611Google ScholarDigital Library
Emin Gün Sirer. 2016. Thoughts on The DAO Hack. Retrieved February 18, 2020 from http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/.Google Scholar
Andreas Stefik and Stefan Hanenberg. 2014. The programming language wars: Questions and responsibilities for the programming language community. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2014). 283--299. DOI:https://doi.org/10.1145/2661136.2661156Google ScholarDigital Library
Andreas Stefik and Susanna Siebert. 2013. An empirical investigation into programming language syntax. ACM Trans. Comput. Educ. 13, 4 (2013), 19.Google ScholarDigital Library
Robert E. Strom and Shaula Yemini. 1986. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng. SE-12, 1 (1986), 157--171. DOI:https://doi.org/10.1109/TSE.1986.6312929Google ScholarDigital Library
Jeffrey Stylos and Steven Clarke. 2007. Usability implications of requiring parameters in objects’ constructors. In International Conference on Software Engineering (ICSE’07). DOI:https://doi.org/10.1109/ICSE.2007.92Google ScholarDigital Library
Joshua Sunshine, James D. Herbsleb, and Jonathan Aldrich. 2014. Structuring documentation to support state search: A laboratory experiment about protocol programming. In European Conference on Object-Oriented Programming (ECOOP’14). DOI:https://doi.org/10.1007/978-3-662-44202-9_7Google ScholarDigital Library
Joshua Sunshine, Karl Naden, Sven Stork, Jonathan Aldrich, and Éric Tanter. 2011. First-class state change in Plaid. In Object Oriented Programming Systems, Languages, and Applications (OOPSLA’11). DOI:https://doi.org/10.1145/2076021.2048122Google ScholarDigital Library
Nick Szabo. 1997. Formalizing and securing relationships on public networks. First Monday 2, 9 (1997). DOI:https://doi.org/10.5210/fm.v2i9.548Google ScholarCross Ref
The Linux Foundation. 2020. Hyperledger Fabric. Retrieved February 18, 2020 from https://www.hyperledger.org/projects/fabric.Google Scholar
Jesse A. Tov and Riccardo Pucella. 2011. Practical affine types. In Principles of Programming Languages (POPL’11). DOI:https://doi.org/10.1145/1926385.1926436Google ScholarDigital Library
Fabian Vogelsteller and Vitalik Buterin. 2015. EIP 20: ERC-20 Token Standard. Retrieved February 18, 2020 from https://eips.ethereum.org/EIPS/eip-20.Google Scholar
Philip Wadler. 1990. Linear types can change the world. In Programming Concepts and Methods, Vol. 2. 347--359.Google Scholar
Max Willsey, Rokhini Prabhu, and Frank Pfenning. 2017. Design and Implementation of Concurrent C0. arxiv:cs.PL/1701.04929. Retrieved from https://arxiv.org/abs/1701.04929.Google Scholar
Xiwei Xu, Ingo Weber, Mark Staples, Liming Zhu, Jan Bosch, Len Bass, Cesare Pautasso, and Paul Rimba. 2017. A taxonomy of blockchain-based systems for architecture design. In International Conference on Software Architecture (ICSA’17).Google ScholarCross Ref
Jakub Zakrzewski. 2018. Towards verification of ethereum smart contracts: A formalization of core of solidity. In Verified Software. Theories, Tools, and Experiments.Google Scholar

Index Terms

Obsidian: Typestate and Assets for Safer Blockchain Programming
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Domain specific languages
    2. General programming languages
      1. Language features

Recommendations

Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in Obsidian

Some blockchain programs (smart contracts) have included serious security vulnerabilities. Obsidian is a new typestate-oriented programming language that uses a strong type system to rule out some of these vulnerabilities. Although Obsidian was designed ...
Read More
Functional translation of a calculus of capabilities
ICFP '08: Proceedings of the 13th ACM SIGPLAN international conference on Functional programming

Reasoning about imperative programs requires the ability to track aliasing and ownership properties. We present a type system that provides this ability, by using regions, capabilities, and singleton types. It is designed for a high-level calculus with ...
Read More
Usability Hypotheses in the Design of Plaid
PLATEAU '14: Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and Tools

Plaid is a research programming language with a focus on typestate, permissions, and concurrency. Typestate describes ordering constraints on method calls to an object; Plaid incorporates typestate into both its object model and its type system. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Programming Languages and Systems Volume 42, Issue 3
September 2020
230 pages
ISSN:0164-0925
EISSN:1558-4593
DOI:10.1145/3430314
Editor:
Andrew Myers
Cornell University, USA
Issue’s Table of Contents
Copyright © 2020 Owner/Author
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 November 2020
- Accepted: 1 August 2020
- Revised: 1 July 2020
- Received: 1 August 2019
Published in toplas Volume 42, Issue 3

Check for updates
Author Tags
Typestate
alias control
blockchain
linearity
ownership
permissions
smart contracts
type systems
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 12
  Total Citations
  View Citations
- 2,286
  Total Downloads
- Downloads (Last 12 months)695
- Downloads (Last 6 weeks)132
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Obsidian: Typestate and Assets for Safer Blockchain Programming

ACM Transactions on Programming Languages and Systems

Abstract

References

Cited By

Index Terms

Recommendations

Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in Obsidian

Functional translation of a calculus of capabilities

Usability Hypotheses in the Design of Plaid