Obsidian: Typestate and Assets for Safer Blockchain Programming

Blockchain platforms are coming into broad use for processing critical transactions among participants who have not established mutual trust. Many blockchains are programmable, supporting smart contracts, which maintain persistent state and support transactions that transform the state. Unfortunately, bugs in many smart contracts have been exploited by hackers. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. Obsidian is based on a core calculus, Silica, for which we proved type soundness. Obsidian uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. We describe two case studies that evaluate Obsidian's applicability to the domains of parametric insurance and supply chain management, finding that Obsidian's type system facilitates reasoning about high-level states and ownership of resources. We compared our Obsidian implementation to a Solidity implementation, observing that the Solidity implementation requires much boilerplate checking and tracking of state, whereas Obsidian does this work statically.

[1]  SOPHIA DROSSOPOULOU More Dynamic Object Reclassification : F ickleII , 2011 .

[2]  Alin Deutsch,et al.  Towards a Shared Ledger Business Collaboration Language Based on Data-Aware Processes , 2016, ICSOC.

[3]  Grigore Rosu,et al.  IELE: A Rigorously Designed Language and Tool Ecosystem for the Blockchain , 2019, FM.

[4]  Jonathan Aldrich,et al.  A type system for borrowing permissions , 2012, POPL '12.

[5]  Yannis Smaragdakis,et al.  MadMax , 2020, Commun. ACM.

[6]  Jonathan Aldrich,et al.  Checking Concurrent Typestate with Access Permissions in Plural: A Retrospective , 2011 .

[7]  William J. Knottenbelt,et al.  Towards Safer Smart Contracts: A Survey of Languages and Verification Methods , 2018, ArXiv.

[8]  Jonathan Aldrich,et al.  PLURAL: checking protocol compliance under aliasing , 2008, ICSE Companion '08.

[9]  Brad A. Myers,et al.  Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in Obsidian , 2020, Proc. ACM Program. Lang..

[10]  Frank Pfenning,et al.  Session Types as Intuitionistic Linear Propositions , 2010, CONCUR.

[11]  Sophia Drossopoulou,et al.  Fickle : Dynamic Object Re-classification , 2001, ECOOP.

[12]  Brad A. Myers,et al.  Using HCI techniques to design a more usable programming system , 2002, Proceedings IEEE 2002 Symposia on Human Centric Computing Languages and Environments.

[13]  Jonathan Aldrich,et al.  Typestate-oriented programming , 2009, OOPSLA Companion.

[14]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[15]  Sophia Drossopoulou,et al.  Flint for Safer Smart Contracts , 2019, ArXiv.

[16]  Thomas D. LaToza,et al.  Programmers Are Users Too: Human-Centered Methods for Improving Programming Tools , 2016, Computer.

[17]  Emil Sekerinski,et al.  A Study of The Fragile Base Class Problem , 1998, ECOOP.

[18]  John Tang Boyland,et al.  Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only , 2001, ECOOP.

[19]  Chris Speed,et al.  Making Sense of Blockchain Applications: A Typology for HCI , 2018, CHI.

[20]  Ilya Sergey,et al.  Safer smart contract programming with Scilla , 2019, Proc. ACM Program. Lang..

[21]  James D. Herbsleb,et al.  Structuring Documentation to Support State Search: A Laboratory Experiment about Protocol Programming , 2014, ECOOP.

[22]  Éric Tanter,et al.  First-class state change in plaid , 2011, OOPSLA '11.

[23]  Éric Tanter,et al.  Foundations of Typestate-Oriented Programming , 2014, ACM Trans. Program. Lang. Syst..

[24]  Andrew Lippman,et al.  The Potential for Blockchain to Transform Electronic Health Records , 2017 .

[25]  Robert J. Winter Cpt Agile Software Development: Principles, Patterns, and Practices , 2014 .

[26]  Cesare Pautasso,et al.  A Taxonomy of Blockchain-Based Systems for Architecture Design , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[27]  Brad A. Myers,et al.  Smarter Smart Contract Development Tools , 2019, 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[28]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[29]  James Noble,et al.  Aliasing in Object-Oriented Programming. Types, Analysis and Verification , 2013, Lecture Notes in Computer Science.

[30]  J. T. Robinson,et al.  On optimistic methods for concurrency control , 1979, TODS.

[31]  DrossopoulouSophia,et al.  More dynamic object reclassification , 2002 .

[32]  Richard Hull,et al.  Empowering Business-Level Blockchain Users with a Rules Framework for Smart Contracts , 2018, ICSOC.

[33]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[34]  Celeste Barnaby A User Study to Inform the Design of the Obsidian Blockchain DSL , 2017 .

[35]  Brad A. Myers,et al.  Considering Productivity Effects of Explicit Type Declarations , 2014, PLATEAU.

[36]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[37]  Stefan Hanenberg,et al.  The Programming Language Wars: Questions and Responsibilities for the Programming Language Community , 2014, Onward!.

[38]  K. Bhargavan,et al.  : Formal Verification of Smart Contracts , 2016 .

[39]  Benjamin C. Pierce,et al.  Local type inference , 1998, POPL '98.

[40]  Brad A. Myers,et al.  Interdisciplinary programming language design , 2018, Onward!.

[41]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[42]  Alex Groce,et al.  Slither: A Static Analysis Framework for Smart Contracts , 2019, 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[43]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[44]  Jakob Nielsen,et al.  Heuristic evaluation of user interfaces , 1990, CHI '90.

[45]  Matthew J. Parkinson,et al.  Uniqueness and reference immutability for safe parallelism , 2012, OOPSLA '12.

[46]  Egon Nelson Corengia,et al.  Blockchain in Supply Chain , 2019 .

[47]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 1999, OOPSLA '99.

[48]  Jeffrey Stylos,et al.  Usability Implications of Requiring Parameters in Objects' Constructors , 2007, 29th International Conference on Software Engineering (ICSE'07).

[49]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[50]  Riccardo Pucella,et al.  Practical affine types , 2011, POPL '11.

[51]  Frank Pfenning,et al.  Design and Implementation of Concurrent C0 , 2016, LINEARITY.

[52]  Leonardo Alt,et al.  SMT-Based Verification of Solidity Smart Contracts , 2018, ISoLA.

[53]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[54]  M. Felleisen,et al.  Reasoning about programs in continuation-passing style , 1993 .

[55]  Andreas Stefik,et al.  An Empirical Investigation into Programming Language Syntax , 2013, TOCE.

[56]  Ruiyuan Lu,et al.  A Scheme about Agricultural Produce Traceability Using Blockchain Based on Hyperledger Fabric , 2020 .

[57]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[58]  Jakub Zakrzewski,et al.  Towards Verification of Ethereum Smart Contracts: A Formalization of Core of Solidity , 2018, VSTTE.

[59]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[60]  Brad A. Myers,et al.  PLIERS: A Process that Integrates User-Centered Methods into Programming Language Design , 2019, ACM Trans. Comput. Hum. Interact..

[61]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[62]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[63]  Dan Boneh Solidity , 1973 .

[64]  Jonathan Aldrich,et al.  Practical API Protocol Checking with Access Permissions , 2009, ECOOP.

[65]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[66]  Paulee Koronkevich Obsidian in the Rough : A Case Study Evaluation of a New Blockchain Programming Language , 2018 .