Abstract
Blockchain platforms are coming into use for processing critical transactions among participants who have not established mutual trust. Many blockchains are programmable, supporting smart contracts, which maintain persistent state and support transactions that transform the state. Unfortunately, bugs in many smart contracts have been exploited by hackers. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. Obsidian is based on a core calculus, Silica, for which we proved type soundness. Obsidian uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. We integrated a permissions system that encodes a notion of ownership to allow for safe, flexible aliasing. We describe two case studies that evaluate Obsidian’s applicability to the domains of parametric insurance and supply chain management, finding that Obsidian’s type system facilitates reasoning about high-level states and ownership of resources. We compared our Obsidian implementation to a Solidity implementation, observing that the Solidity implementation requires much boilerplate checking and tracking of state, whereas Obsidian does this work statically.
- Jonathan Aldrich, Joshua Sunshine, Darpan Saini, and Zachary Sparks. 2009. Typestate-oriented Programming. In Companion of Object Oriented Programming Systems, Languages, and Applications (OOPSLA’09). 1015--1022. DOI:https://doi.org/10.1145/1639950.1640073Google ScholarDigital Library
- Leonardo Alt and Christian Reitwiessner. 2018. SMT-based verification of solidity smart contracts. In Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice.Google Scholar
- Tara Astigarraga, Xiaoyan Chen, Yaoliang Chen, Jingxiao Gu, Richard Hull, Limei Jiao, Yuliang Li, and Petr Novotny. 2018. Empowering business-level blockchain users with a rules framework for smart contracts. In International Conference on Service-Oriented Computing (ICSOC’18). DOI:https://doi.org/10.1007/978-3-030-03596-9_8Google ScholarDigital Library
- Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts SoK. In Principles of Security and Trust (POST’17). DOI:https://doi.org/10.1007/978-3-662-54455-6_8Google ScholarDigital Library
- Celeste Barnaby, Michael Coblenz, Tyler Etzel, Eliezer Kanal, Joshua Sunshine, Brad Myers, and Jonathan Aldrich. 2017. A user study to inform the design of the obsidian blockchain DSL. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’17).Google Scholar
- Karthikeyan Bhargavan, Nikhil Swamy, Santiago Zanella-Béguelin, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, and Thomas Sibut-Pinote. 2016. Formal verification of smart contracts. In ACM Workshop on Programming Languages and Analysis for Security (PLAS’16). DOI:https://doi.org/10.1145/2993600.2993611Google ScholarDigital Library
- Kevin Bierhoff and Jonathan Aldrich. 2008. PLURAL: Checking protocol compliance under aliasing. In Companion of International Conference on Software Engineering (ICSE Companion’08). 971--972. DOI:https://doi.org/10.1145/1370175.1370213Google ScholarDigital Library
- Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2009. Practical API protocol checking with access permissions. In European Conference on Object-Oriented Programming (ECOOP’09). DOI:https://doi.org/10.1007/978-3-642-03013-0_10Google ScholarDigital Library
- Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2011. Checking concurrent typestate with access permissions in Plural: A retrospective. In Engineering of Software, P. Tarr and A. Wolf (Eds.). Springer, Berlin, Heidelberg. DOI:https://doi.org/10.1007/978-3-642-19823-6_4Google ScholarCross Ref
- John Boyland. 2003. Checking interference with fractional permissions. In International Conference on Static Analysis (SAS’03). DOI:https://doi.org/10.1007/3-540-44898-5_4Google ScholarCross Ref
- John Boyland, James Noble, and William Retert. 2001. Capabilities for sharing: A generalisation of uniqueness and read-only. In European Conference on Object-Oriented Programming (ECOOP’01). DOI:https://doi.org/10.1007/3-540-45337-7_2Google ScholarCross Ref
- Luís Caires and Frank Pfenning. 2010. Session types as intuitionistic linear propositions. In International Conference on Concurrency Theory (CONCUR’10). DOI:https://doi.org/10.1007/978-3-642-15375-4_16Google ScholarCross Ref
- David G. Clarke, John M. Potter, and James Noble. 1998. Ownership types for flexible alias protection. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’98). DOI:https://doi.org/10.1145/286936.286947Google ScholarDigital Library
- David G. Clarke, Tobias Wrigstad, and James Noble. 2013. Aliasing in Object-oriented Programming: Types, Analysis and Verification. Lecture Notes in Computer Science, Vol. 7850. Springer. DOI:https://doi.org/10.1007/978-3-642-36946-9Google ScholarCross Ref
- Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2014. Considering productivity effects of explicit type declarations. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’14). 3. DOI:https://doi.org/10.1145/2688204.2688218Google ScholarDigital Library
- Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2020b. Obsidian smart contract programming language. Carnegie Mellon University. DOI:https://doi.org/10.1184/R1/12814202.v1Google ScholarCross Ref
- Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2018. Interdisciplinary programming language design. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!’18). 133--146. DOI:https://doi.org/10.1145/3276954.3276965Google ScholarDigital Library
- Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2020a. Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in obsidian. In Object-oriented Programming Systems, Languages, and Applications (OOPSLA’20). Submitted for publication.Google Scholar
- Michael Coblenz, Gauri Kambhatla, Paulette Koronkevich, Jenna L. Wise, Celeste Barnaby, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019a. PLIERS: A Process that Integrates User-Centered Methods into Programming Language Design. arxiv:1912.04719. Retrieved from http://arxiv.org/abs/1912.04719.Google Scholar
- Michael Coblenz, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019b. Smarter smart contract development tools. In 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. DOI:https://doi.org/10.1109/WETSEB.2019.00013Google ScholarDigital Library
- Phil Daian. 2016. Analysis of the DAO exploit. Retrieved August 21, 2018 from http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/.Google Scholar
- Robert DeLine and Manuel Fähndrich. 2004. Typestates for objects. In European Conference on Object-Oriented Programming (ECOOP’04). DOI:https://doi.org/10.1007/978-3-540-24851-4_21Google ScholarCross Ref
- Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In International Conference on Financial Cryptography and Data Security. DOI:https://doi.org/10.1007/978-3-662-53357-4_6Google ScholarCross Ref
- Vincent Dieterich, Marko Ivanovic, Thomas Meier, Sebastian Zäpfel, Manuel Utz, and Philipp Sandner. 2017. Retrieved February 18, 2020 from https://medium.com/@philippsandner/application-of-blockchain-technology-in-the-manufacturing-industry-d03a8ed3ba5e.Google Scholar
- Digital Asset, Inc. 2019. An Introduction to DAML. Retrieved February 18, 2020 from https://docs.daml.com/daml/intro/0_Intro.html.Google Scholar
- Sophia Drossopoulou, Ferruccio Damiani, Mariangiola Dezani-Ciancaglini, and Paola Giannini. 2002. More dynamic object reclassification: Fickle II. ACM Trans. Program. Lang. Syst. 24, 2 (Mar. 2002), 153--191. DOI:https://doi.org/10.1145/514952.514955Google ScholarDigital Library
- Chris Elsden, Arthi Manohar, Jo Briggs, Mike Harding, Chris Speed, and John Vines. 2018. Making sense of blockchain applications: A typology for HCI. In CHI Conference on Human Factors in Computing Systems (CHI’18). 1--14. DOI:https://doi.org/10.1145/3173574.3174032Google ScholarDigital Library
- Encyclopædia Britannica. 2020. Obsidian. Retrieved May 24, 2020 from https://www.britannica.com/science/obsidian.Google Scholar
- Ethereum Foundation. 2020c. Common Patterns. Retrieved February 18, 2020 from http://solidity.readthedocs.io/en/develop/common-patterns.html.Google Scholar
- Ethereum Foundation. 2020b. Ethereum Project. Retrieved February 18, 2020 from http://www.ethereum.org.Google Scholar
- Ethereum Foundation. 2020a. Solidity. Retrieved February 18, 2020 from https://solidity.readthedocs.io/en/develop/.Google Scholar
- Manuel Fahndrich and Robert DeLine. 2002. Adoption and focus: Practical linear types for imperative programming. In Programming Language Design and Implementation (PLDI’02). 12. DOI:https://doi.org/10.1145/512529.512532Google ScholarDigital Library
- J. Feist, G. Grieco, and A. Groce. 2019. Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).Google Scholar
- Ronald Garcia, Éric Tanter, Roger Wolff, and Jonathan Aldrich. 2014. Foundations of typestate-oriented programming. ACM Trans. Program. Lang. Syst. 36, 4, Article 12 (October 2014), 44 pages. DOI:https://doi.org/10.1145/2629609Google ScholarDigital Library
- Google Inc. 2019. Protocol Buffers. Retrieved February 18, 2020 from https://developers.google.com/protocol-buffers/.Google Scholar
- Colin S. Gordon, Matthew J. Parkinson, Jared Parsons, Aleks Bromfield, and Joe Duffy. 2012. Uniqueness and reference immutability for safe parallelism. In Object-oriented Programming, Systems, Languages, and Applications (2012). DOI:https://doi.org/10.1145/2398857.2384619Google ScholarDigital Library
- Luke Graham. 2017. $32 million worth of digital currency ether stolen by hackers. Retrieved November 2, 2017 from https://www.cnbc.com/2017/07/20/32-million-worth-of-digital-currency-ether-stolen-by-hackers.html.Google Scholar
- Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2020. MadMax: Analyzing the out-of-gas world of smart contracts. Commun. ACM 63, 6 (2020).Google ScholarDigital Library
- Harvard Business Review. 2017. The Potential for Blockchain to Transform Electronic Health Records. Retrieved February 18, 2020 from https://hbr.org/2017/03/the-potential-for-blockchain-to-transform-electronic-health-records.Google Scholar
- Dominik Harz and William Knottenbelt. 2018. Towards Safer Smart Contracts: A Survey of Languages and Verification Methods. arxiv:1809.09805. Retrieved from http://arxiv.org/abs/1809.09805.Google Scholar
- Richard Hull, Vishal S. Batra, Yi-Min Chen, Alin Deutsch, Fenno F. Terry Heath III, and Victor Vianu. 2016. Towards a shared ledger business collaboration language based on data-aware processes. In International Conference on Service-Oriented Computing (ICSOC’16).Google Scholar
- IBM. 2019. Blockchain for supply chain. Retrieved March 31, 2019 from https://www.ibm.com/blockchain/supply-chain/.Google Scholar
- Atsushi Igarashi, Benjamin C. Pierce, and Philip Wadler. 2001. Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst. 23, 3 (May 2001), 396--450.Google ScholarDigital Library
- Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: Analyzing safety of smart contracts. In Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
- Theodoros Kasampalis, Dwight Guth, Brandon Moore, Traian Florin Şerbănuţă, Yi Zhang, Daniele Filaretti, Virgil Şerbănuţă, Ralph Johnson, and Grigore Roşu. 2019. IELE: A rigorously designed language and tool ecosystem for the blockchain. In International Symposium on Formal Methods (FM’19).Google ScholarDigital Library
- H. T. Kung and John T. Robinson. 1981. On optimistic methods for concurrency control. ACM Trans. Database Syst. 6, 2 (June 1981), 213--226. DOI:https://doi.org/10.1145/319566.319567Google ScholarDigital Library
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Computer and Communications Security (CCS’16). DOI:https://doi.org/10.1145/2976749.2978309Google ScholarDigital Library
- Robert C. Martin, Jan M. Rabaey, Anantha P. Chandrakasan, and Borivoje Nikolic. 2003. Agile Software Development: Principles, Patterns, and Practices. Pearson Education. 95022672Google Scholar
- Leonid Mikhajlov and Emil Sekerinski. 1998. A study of the fragile base class problem. In European Conference on Object-Oriented Programming (ECOOP 1998). 355--382.Google ScholarCross Ref
- Brad A. Myers, Amy J. Ko, Thomas D. LaToza, and YoungSeok Yoon. 2016. Programmers are users too: Human-centered methods for improving programming tools. Computer 49, 7 (July 2016), 44--52. DOI:https://doi.org/10.1109/MC.2016.200Google ScholarDigital Library
- Karl Naden, Robert Bocchino, Jonathan Aldrich, and Kevin Bierhoff. 2012. A type system for borrowing permissions. In Principles of Programming Languages (POPL’12). DOI:https://doi.org/10.1145/2103621.2103722Google ScholarDigital Library
- Jakob Nielsen and Rolf Molich. 1990. Heuristic evaluation of user interfaces. In SIGCHI Conference on Human Factors in Computing Systems (CHI 1990).Google ScholarDigital Library
- John F. Pane, Brad A. Myers, and Leah B. Miller. 2002. Using HCI techniques to design a more usable programming system. In Human Centric Computing Languages and Environments (HCC’02). 198--206. DOI:https://doi.org/10.1109/HCC.2002.1046372Google ScholarCross Ref
- Benjamin C. Pierce and David N. Turner. 2000. Local type inference. ACM Trans. Program. Lang. Syst. 22, 1 (2000), 1--44.Google ScholarDigital Library
- Mozilla Research. 2015. The Rust Programming Language. Retrieved February 18, 2020 from https://www.rust-lang.org.Google Scholar
- Grigore Roşu and Traian Florin Şerbănuţă. 2010. An overview of the K semantic framework. J. Logic Algebr. Program. 79, 6 (2010), 397--434.Google ScholarCross Ref
- Amr Sabry and Matthias Felleisen. 1992. Reasoning about programs in continuation-passing style. In Conference on LISP and Functional Programming (LFP’92). 11. DOI:https://doi.org/10.1145/141471.141563Google ScholarDigital Library
- Franklin Schrans and Susan Eisenbach. 2019. Introduce the Asset trait. Retrieved February 18, 2020 from https://github.com/flintlang/flint/blob/master/proposals/0001-asset-trait.md.Google Scholar
- Franklin Schrans, Daniel Hails, Alexander Harkness, Sophia Drossopoulou, and Susan Eisenbach. 2019. Flint for safer smart contracts. arxiv:1904.06534. Retrieved from https://arxiv.org/abs/1904.06534.Google Scholar
- Ilya Sergey, Vaivaswatha Nagaraj, Jacob Johannsen, Amrit Kumar, Anton Trunov, and Ken Chan Guan Hao. 2019. Safer smart contract programming with Scilla. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’19). DOI:https://doi.org/10.1145/3360611Google ScholarDigital Library
- Emin Gün Sirer. 2016. Thoughts on The DAO Hack. Retrieved February 18, 2020 from http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/.Google Scholar
- Andreas Stefik and Stefan Hanenberg. 2014. The programming language wars: Questions and responsibilities for the programming language community. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2014). 283--299. DOI:https://doi.org/10.1145/2661136.2661156Google ScholarDigital Library
- Andreas Stefik and Susanna Siebert. 2013. An empirical investigation into programming language syntax. ACM Trans. Comput. Educ. 13, 4 (2013), 19.Google ScholarDigital Library
- Robert E. Strom and Shaula Yemini. 1986. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng. SE-12, 1 (1986), 157--171. DOI:https://doi.org/10.1109/TSE.1986.6312929Google ScholarDigital Library
- Jeffrey Stylos and Steven Clarke. 2007. Usability implications of requiring parameters in objects’ constructors. In International Conference on Software Engineering (ICSE’07). DOI:https://doi.org/10.1109/ICSE.2007.92Google ScholarDigital Library
- Joshua Sunshine, James D. Herbsleb, and Jonathan Aldrich. 2014. Structuring documentation to support state search: A laboratory experiment about protocol programming. In European Conference on Object-Oriented Programming (ECOOP’14). DOI:https://doi.org/10.1007/978-3-662-44202-9_7Google ScholarDigital Library
- Joshua Sunshine, Karl Naden, Sven Stork, Jonathan Aldrich, and Éric Tanter. 2011. First-class state change in Plaid. In Object Oriented Programming Systems, Languages, and Applications (OOPSLA’11). DOI:https://doi.org/10.1145/2076021.2048122Google ScholarDigital Library
- Nick Szabo. 1997. Formalizing and securing relationships on public networks. First Monday 2, 9 (1997). DOI:https://doi.org/10.5210/fm.v2i9.548Google ScholarCross Ref
- The Linux Foundation. 2020. Hyperledger Fabric. Retrieved February 18, 2020 from https://www.hyperledger.org/projects/fabric.Google Scholar
- Jesse A. Tov and Riccardo Pucella. 2011. Practical affine types. In Principles of Programming Languages (POPL’11). DOI:https://doi.org/10.1145/1926385.1926436Google ScholarDigital Library
- Fabian Vogelsteller and Vitalik Buterin. 2015. EIP 20: ERC-20 Token Standard. Retrieved February 18, 2020 from https://eips.ethereum.org/EIPS/eip-20.Google Scholar
- Philip Wadler. 1990. Linear types can change the world. In Programming Concepts and Methods, Vol. 2. 347--359.Google Scholar
- Max Willsey, Rokhini Prabhu, and Frank Pfenning. 2017. Design and Implementation of Concurrent C0. arxiv:cs.PL/1701.04929. Retrieved from https://arxiv.org/abs/1701.04929.Google Scholar
- Xiwei Xu, Ingo Weber, Mark Staples, Liming Zhu, Jan Bosch, Len Bass, Cesare Pautasso, and Paul Rimba. 2017. A taxonomy of blockchain-based systems for architecture design. In International Conference on Software Architecture (ICSA’17).Google ScholarCross Ref
- Jakub Zakrzewski. 2018. Towards verification of ethereum smart contracts: A formalization of core of solidity. In Verified Software. Theories, Tools, and Experiments.Google Scholar
Index Terms
- Obsidian: Typestate and Assets for Safer Blockchain Programming
Recommendations
Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in Obsidian
Some blockchain programs (smart contracts) have included serious security vulnerabilities. Obsidian is a new typestate-oriented programming language that uses a strong type system to rule out some of these vulnerabilities. Although Obsidian was designed ...
Functional translation of a calculus of capabilities
ICFP '08: Proceedings of the 13th ACM SIGPLAN international conference on Functional programmingReasoning about imperative programs requires the ability to track aliasing and ownership properties. We present a type system that provides this ability, by using regions, capabilities, and singleton types. It is designed for a high-level calculus with ...
Usability Hypotheses in the Design of Plaid
PLATEAU '14: Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and ToolsPlaid is a research programming language with a focus on typestate, permissions, and concurrency. Typestate describes ordering constraints on method calls to an object; Plaid incorporates typestate into both its object model and its type system. ...
Comments