Scilla : a Smart Contract Intermediate-Level LAnguage Automata for Smart Contract Implementation and Verification

This paper outlines key design principles of Scilla—an intermediatelevel language for verified smart contracts. Scilla provides a clean separation between the communication aspect of smart contracts on a blockchain, allowing for the rich interaction patterns, and a programming component, which enjoys principled semantics and is amenable to formal verification. Scilla is not meant to be a high-level programming language, and we are going to use it as a translation target for high-level languages, such as Solidity, for performing program analysis and verification, before further compilation to an executable bytecode. We describe the automata-based model of Scilla, present its programming component and show how contracts definitions in terms of automata streamline the process of mechanised verification of their safety and temporal properties.

[1]  J. Y. Girard,et al.  Interpretation fonctionelle et elimination des coupures dans l'aritmetique d'ordre superieur , 1972 .

[2]  Benjamin Werner,et al.  Simple Types in Type Theory: Deep and Shallow Encodings , 2007, TPHOLs.

[3]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[4]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[5]  Philip Wadler,et al.  Packrat parsing:: simple, powerful, lazy, linear time, functional pearl , 2002, ICFP '02.

[6]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.

[7]  Edwin Brady,et al.  Idris, a general-purpose dependently typed programming language: Design and implementation , 2013, Journal of Functional Programming.

[8]  Nikhil Swamy,et al.  Dijkstra monads for free , 2016, POPL.

[9]  Andrew W. Appel,et al.  Compiling with Continuations , 1991 .

[10]  John C. Reynolds,et al.  Towards a theory of type structure , 1974, Symposium on Programming.

[11]  Marcin Andrychowicz,et al.  Modeling Bitcoin Contracts by Timed Automata , 2014, FORMATS.

[12]  Olivier Danvy,et al.  Defunctionalized interpreters for programming languages , 2008, ICFP.

[13]  Zhong Shao,et al.  CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels , 2016, OSDI.

[14]  Ilya Sergey,et al.  Mechanized verification of fine-grained concurrent programs , 2015, PLDI.

[15]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[16]  Ulf Norell,et al.  A Brief Overview of Agda - A Functional Language with Dependent Types , 2009, TPHOLs.

[17]  Kenneth L. McMillan,et al.  Ivy: safety verification by interactive generalization , 2016, PLDI.

[18]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[19]  Ilya Sergey,et al.  Mechanising blockchain consensus , 2018, CPP.

[20]  Olivier Danvy,et al.  Defunctionalization at Work , 2001 .

[21]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[22]  Stephanie Weirich,et al.  Language-based verification will change the world , 2010, FoSER '10.

[23]  Ilya Sergey,et al.  Programming and proving with distributed protocols , 2017, Proc. ACM Program. Lang..

[24]  Robin Milner,et al.  Definition of standard ML , 1990 .

[25]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[26]  Adam Chlipala,et al.  Chapar: certified causally consistent distributed key-value stores , 2016, POPL.

[27]  Karl Crary,et al.  Peer-to-peer affine commitment using bitcoin , 2015, PLDI.

[28]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[29]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[30]  John C. Reynolds,et al.  Definitional Interpreters for Higher-Order Programming Languages , 1972, ACM '72.