Demystifying Loops in Smart Contracts

This paper aims to shed light on how loops are used in smart contracts. Towards this goal, we study various syntactic and semantic characteristics of loops used in over 20,000 Solidity contracts deployed on the Ethereum blockchain, with the goal of informing future research on program analysis for smart contracts. Based on our findings, we propose a small domain-specific language (DSL) that can be used to summarize common looping patterns in Solidity. To evaluate what percentage of smart contract loops can be expressed in our proposed DSL, we also design and implement a program synthesis toolchain called Solis that can synthesize loop summaries in our DSL. Our evaluation shows that at least 56% of the analyzed loops can be summarized in our DSL, and 81% of these summaries are exactly equivalent to the original loop.

[1]  Emina Torlak,et al.  A lightweight symbolic virtual machine for solver-aided host languages , 2014, PLDI.

[2]  Alvin Cheung,et al.  Optimizing database-backed applications with query synthesis , 2013, PLDI.

[3]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[4]  Alex Groce,et al.  Slither: A Static Analysis Framework for Smart Contracts , 2019, 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[5]  Dimitar Dimitrov,et al.  VerX: Safety Verification of Smart Contracts , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[6]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[7]  Daniel Kroening,et al.  Loop Summarization Using Abstract Transformers , 2008, ATVA.

[8]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[9]  Arjun Radhakrishna,et al.  Scaling Enumerative Program Synthesis via Divide and Conquer , 2017, TACAS.

[10]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[11]  Sumit Gulwani,et al.  Automating string processing in spreadsheets using input-output examples , 2011, POPL '11.

[12]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[13]  Yannis Smaragdakis,et al.  MadMax: surviving out-of-gas conditions in Ethereum smart contracts , 2018, Proc. ACM Program. Lang..

[14]  Gilles Barthe,et al.  Product programs and relational program logics , 2016, J. Log. Algebraic Methods Program..

[15]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[16]  Isil Dillig,et al.  Component-based synthesis for complex APIs , 2017, POPL.

[17]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[18]  Daniel Kroening,et al.  Loopfrog: A Static Analyzer for ANSI-C Programs , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[19]  Patrice Godefroid,et al.  Automatic partial loop summarization in dynamic test generation , 2011, ISSTA '11.

[20]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[21]  Isil Dillig,et al.  Relational verification using reinforcement learning , 2019, Proc. ACM Program. Lang..

[22]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[23]  Isil Dillig,et al.  Inductive invariant generation via abductive inference , 2013, OOPSLA.

[24]  Isil Dillig,et al.  Synthesis of circular compositional program proofs via abduction , 2013, International Journal on Software Tools for Technology Transfer.

[25]  Isil Dillig,et al.  Synthesizing data structure transformations from input-output examples , 2015, PLDI.

[26]  Shuvendu K. Lahiri,et al.  Differential assertion checking , 2013, ESEC/FSE 2013.

[27]  Somesh Jha,et al.  Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors , 2010, 2010 IEEE Symposium on Security and Privacy.

[28]  Isil Dillig,et al.  Synthesizing database programs for schema refactoring , 2019, PLDI.

[29]  Armando Solar-Lezama,et al.  Program synthesis from polymorphic refinement types , 2015, PLDI.

[30]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[31]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[32]  A. Azzouz 2011 , 2020, City.

[33]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[34]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[35]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[36]  Isil Dillig,et al.  Component-based synthesis of table consolidation and transformation tasks from examples , 2016, PLDI.

[37]  Yi Zhang,et al.  A formal verification tool for Ethereum VM bytecode , 2018, ESEC/SIGSOFT FSE.

[38]  Vladimir Klebanov,et al.  Automating regression verification , 2014, Software Engineering & Management.

[39]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[40]  Jake Silverman,et al.  Loop Summarization with Rational Vector Addition Systems (extended version) , 2019, ArXiv.

[41]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[42]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[43]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[44]  Isil Dillig,et al.  Formal Specification and Verification of Smart Contracts for Azure Blockchain , 2018, ArXiv.

[45]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[46]  Isil Dillig,et al.  Program synthesis using conflict-driven learning , 2017, PLDI.