Abstract
Blockchain platforms are coming into use for processing critical transactions among participants who have not established mutual trust. Many blockchains are programmable, supporting smart contracts, which maintain persistent state and support transactions that transform the state. Unfortunately, bugs in many smart contracts have been exploited by hackers. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. Obsidian is based on a core calculus, Silica, for which we proved type soundness. Obsidian uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. We integrated a permissions system that encodes a notion of ownership to allow for safe, flexible aliasing. We describe two case studies that evaluate Obsidian’s applicability to the domains of parametric insurance and supply chain management, finding that Obsidian’s type system facilitates reasoning about high-level states and ownership of resources. We compared our Obsidian implementation to a Solidity implementation, observing that the Solidity implementation requires much boilerplate checking and tracking of state, whereas Obsidian does this work statically.
- Jonathan Aldrich, Joshua Sunshine, Darpan Saini, and Zachary Sparks. 2009. Typestate-oriented Programming. In Companion of Object Oriented Programming Systems, Languages, and Applications (OOPSLA’09). 1015--1022. DOI:https://doi.org/10.1145/1639950.1640073Google Scholar
- Leonardo Alt and Christian Reitwiessner. 2018. SMT-based verification of solidity smart contracts. In Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice.Google Scholar
- Tara Astigarraga, Xiaoyan Chen, Yaoliang Chen, Jingxiao Gu, Richard Hull, Limei Jiao, Yuliang Li, and Petr Novotny. 2018. Empowering business-level blockchain users with a rules framework for smart contracts. In International Conference on Service-Oriented Computing (ICSOC’18). DOI:https://doi.org/10.1007/978-3-030-03596-9_8Google Scholar
Cross Ref
- Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts SoK. In Principles of Security and Trust (POST’17). DOI:https://doi.org/10.1007/978-3-662-54455-6_8Google Scholar
- Celeste Barnaby, Michael Coblenz, Tyler Etzel, Eliezer Kanal, Joshua Sunshine, Brad Myers, and Jonathan Aldrich. 2017. A user study to inform the design of the obsidian blockchain DSL. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’17).Google Scholar
- Karthikeyan Bhargavan, Nikhil Swamy, Santiago Zanella-Béguelin, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, and Thomas Sibut-Pinote. 2016. Formal verification of smart contracts. In ACM Workshop on Programming Languages and Analysis for Security (PLAS’16). DOI:https://doi.org/10.1145/2993600.2993611Google Scholar
Digital Library
- Kevin Bierhoff and Jonathan Aldrich. 2008. PLURAL: Checking protocol compliance under aliasing. In Companion of International Conference on Software Engineering (ICSE Companion’08). 971--972. DOI:https://doi.org/10.1145/1370175.1370213Google Scholar
Digital Library
- Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2009. Practical API protocol checking with access permissions. In European Conference on Object-Oriented Programming (ECOOP’09). DOI:https://doi.org/10.1007/978-3-642-03013-0_10Google Scholar
Digital Library
- Kevin Bierhoff, Nels E. Beckman, and Jonathan Aldrich. 2011. Checking concurrent typestate with access permissions in Plural: A retrospective. In Engineering of Software, P. Tarr and A. Wolf (Eds.). Springer, Berlin, Heidelberg. DOI:https://doi.org/10.1007/978-3-642-19823-6_4Google Scholar
- John Boyland. 2003. Checking interference with fractional permissions. In International Conference on Static Analysis (SAS’03). DOI:https://doi.org/10.1007/3-540-44898-5_4Google Scholar
Digital Library
- John Boyland, James Noble, and William Retert. 2001. Capabilities for sharing: A generalisation of uniqueness and read-only. In European Conference on Object-Oriented Programming (ECOOP’01). DOI:https://doi.org/10.1007/3-540-45337-7_2Google Scholar
- Luís Caires and Frank Pfenning. 2010. Session types as intuitionistic linear propositions. In International Conference on Concurrency Theory (CONCUR’10). DOI:https://doi.org/10.1007/978-3-642-15375-4_16Google Scholar
Cross Ref
- David G. Clarke, John M. Potter, and James Noble. 1998. Ownership types for flexible alias protection. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’98). DOI:https://doi.org/10.1145/286936.286947Google Scholar
- David G. Clarke, Tobias Wrigstad, and James Noble. 2013. Aliasing in Object-oriented Programming: Types, Analysis and Verification. Lecture Notes in Computer Science, Vol. 7850. Springer. DOI:https://doi.org/10.1007/978-3-642-36946-9Google Scholar
- Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2014. Considering productivity effects of explicit type declarations. In Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU’14). 3. DOI:https://doi.org/10.1145/2688204.2688218Google Scholar
Digital Library
- Michael Coblenz, Jonathan Aldrich, Brad Myers, and Joshua Sunshine. 2020b. Obsidian smart contract programming language. Carnegie Mellon University. DOI:https://doi.org/10.1184/R1/12814202.v1Google Scholar
- Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2018. Interdisciplinary programming language design. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!’18). 133--146. DOI:https://doi.org/10.1145/3276954.3276965Google Scholar
Digital Library
- Michael Coblenz, Jonathan Aldrich, Brad A. Myers, and Joshua Sunshine. 2020a. Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in obsidian. In Object-oriented Programming Systems, Languages, and Applications (OOPSLA’20). Submitted for publication.Google Scholar
- Michael Coblenz, Gauri Kambhatla, Paulette Koronkevich, Jenna L. Wise, Celeste Barnaby, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019a. PLIERS: A Process that Integrates User-Centered Methods into Programming Language Design. arxiv:1912.04719. Retrieved from http://arxiv.org/abs/1912.04719.Google Scholar
- Michael Coblenz, Joshua Sunshine, Jonathan Aldrich, and Brad A. Myers. 2019b. Smarter smart contract development tools. In 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. DOI:https://doi.org/10.1109/WETSEB.2019.00013Google Scholar
Digital Library
- Phil Daian. 2016. Analysis of the DAO exploit. Retrieved August 21, 2018 from http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/.Google Scholar
- Robert DeLine and Manuel Fähndrich. 2004. Typestates for objects. In European Conference on Object-Oriented Programming (ECOOP’04). DOI:https://doi.org/10.1007/978-3-540-24851-4_21Google Scholar
Cross Ref
- Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In International Conference on Financial Cryptography and Data Security. DOI:https://doi.org/10.1007/978-3-662-53357-4_6Google Scholar
Cross Ref
- Vincent Dieterich, Marko Ivanovic, Thomas Meier, Sebastian Zäpfel, Manuel Utz, and Philipp Sandner. 2017. Retrieved February 18, 2020 from https://medium.com/@philippsandner/application-of-blockchain-technology-in-the-manufacturing-industry-d03a8ed3ba5e.Google Scholar
- Digital Asset, Inc. 2019. An Introduction to DAML. Retrieved February 18, 2020 from https://docs.daml.com/daml/intro/0_Intro.html.Google Scholar
- Sophia Drossopoulou, Ferruccio Damiani, Mariangiola Dezani-Ciancaglini, and Paola Giannini. 2002. More dynamic object reclassification: Fickle II. ACM Trans. Program. Lang. Syst. 24, 2 (Mar. 2002), 153--191. DOI:https://doi.org/10.1145/514952.514955Google Scholar
- Chris Elsden, Arthi Manohar, Jo Briggs, Mike Harding, Chris Speed, and John Vines. 2018. Making sense of blockchain applications: A typology for HCI. In CHI Conference on Human Factors in Computing Systems (CHI’18). 1--14. DOI:https://doi.org/10.1145/3173574.3174032Google Scholar
Digital Library
- Encyclopædia Britannica. 2020. Obsidian. Retrieved May 24, 2020 from https://www.britannica.com/science/obsidian.Google Scholar
- Ethereum Foundation. 2020c. Common Patterns. Retrieved February 18, 2020 from http://solidity.readthedocs.io/en/develop/common-patterns.html.Google Scholar
- Ethereum Foundation. 2020b. Ethereum Project. Retrieved February 18, 2020 from http://www.ethereum.org.Google Scholar
- Ethereum Foundation. 2020a. Solidity. Retrieved February 18, 2020 from https://solidity.readthedocs.io/en/develop/.Google Scholar
- Manuel Fahndrich and Robert DeLine. 2002. Adoption and focus: Practical linear types for imperative programming. In Programming Language Design and Implementation (PLDI’02). 12. DOI:https://doi.org/10.1145/512529.512532Google Scholar
- J. Feist, G. Grieco, and A. Groce. 2019. Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).Google Scholar
- Ronald Garcia, Éric Tanter, Roger Wolff, and Jonathan Aldrich. 2014. Foundations of typestate-oriented programming. ACM Trans. Program. Lang. Syst. 36, 4, Article 12 (October 2014), 44 pages. DOI:https://doi.org/10.1145/2629609Google Scholar
Digital Library
- Google Inc. 2019. Protocol Buffers. Retrieved February 18, 2020 from https://developers.google.com/protocol-buffers/.Google Scholar
- Colin S. Gordon, Matthew J. Parkinson, Jared Parsons, Aleks Bromfield, and Joe Duffy. 2012. Uniqueness and reference immutability for safe parallelism. In Object-oriented Programming, Systems, Languages, and Applications (2012). DOI:https://doi.org/10.1145/2398857.2384619Google Scholar
Digital Library
- Luke Graham. 2017. $32 million worth of digital currency ether stolen by hackers. Retrieved November 2, 2017 from https://www.cnbc.com/2017/07/20/32-million-worth-of-digital-currency-ether-stolen-by-hackers.html.Google Scholar
- Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2020. MadMax: Analyzing the out-of-gas world of smart contracts. Commun. ACM 63, 6 (2020).Google Scholar
Digital Library
- Harvard Business Review. 2017. The Potential for Blockchain to Transform Electronic Health Records. Retrieved February 18, 2020 from https://hbr.org/2017/03/the-potential-for-blockchain-to-transform-electronic-health-records.Google Scholar
- Dominik Harz and William Knottenbelt. 2018. Towards Safer Smart Contracts: A Survey of Languages and Verification Methods. arxiv:1809.09805. Retrieved from http://arxiv.org/abs/1809.09805.Google Scholar
- Richard Hull, Vishal S. Batra, Yi-Min Chen, Alin Deutsch, Fenno F. Terry Heath III, and Victor Vianu. 2016. Towards a shared ledger business collaboration language based on data-aware processes. In International Conference on Service-Oriented Computing (ICSOC’16).Google Scholar
- IBM. 2019. Blockchain for supply chain. Retrieved March 31, 2019 from https://www.ibm.com/blockchain/supply-chain/.Google Scholar
- Atsushi Igarashi, Benjamin C. Pierce, and Philip Wadler. 2001. Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst. 23, 3 (May 2001), 396--450.Google Scholar
Digital Library
- Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: Analyzing safety of smart contracts. In Network and Distributed System Security Symposium (NDSS’18).Google Scholar
Cross Ref
- Theodoros Kasampalis, Dwight Guth, Brandon Moore, Traian Florin Şerbănuţă, Yi Zhang, Daniele Filaretti, Virgil Şerbănuţă, Ralph Johnson, and Grigore Roşu. 2019. IELE: A rigorously designed language and tool ecosystem for the blockchain. In International Symposium on Formal Methods (FM’19).Google Scholar
Cross Ref
- H. T. Kung and John T. Robinson. 1981. On optimistic methods for concurrency control. ACM Trans. Database Syst. 6, 2 (June 1981), 213--226. DOI:https://doi.org/10.1145/319566.319567Google Scholar
Digital Library
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Computer and Communications Security (CCS’16). DOI:https://doi.org/10.1145/2976749.2978309Google Scholar
- Robert C. Martin, Jan M. Rabaey, Anantha P. Chandrakasan, and Borivoje Nikolic. 2003. Agile Software Development: Principles, Patterns, and Practices. Pearson Education. 95022672Google Scholar
- Leonid Mikhajlov and Emil Sekerinski. 1998. A study of the fragile base class problem. In European Conference on Object-Oriented Programming (ECOOP 1998). 355--382.Google Scholar
Cross Ref
- Brad A. Myers, Amy J. Ko, Thomas D. LaToza, and YoungSeok Yoon. 2016. Programmers are users too: Human-centered methods for improving programming tools. Computer 49, 7 (July 2016), 44--52. DOI:https://doi.org/10.1109/MC.2016.200Google Scholar
Digital Library
- Karl Naden, Robert Bocchino, Jonathan Aldrich, and Kevin Bierhoff. 2012. A type system for borrowing permissions. In Principles of Programming Languages (POPL’12). DOI:https://doi.org/10.1145/2103621.2103722Google Scholar
- Jakob Nielsen and Rolf Molich. 1990. Heuristic evaluation of user interfaces. In SIGCHI Conference on Human Factors in Computing Systems (CHI 1990).Google Scholar
Digital Library
- John F. Pane, Brad A. Myers, and Leah B. Miller. 2002. Using HCI techniques to design a more usable programming system. In Human Centric Computing Languages and Environments (HCC’02). 198--206. DOI:https://doi.org/10.1109/HCC.2002.1046372Google Scholar
Digital Library
- Benjamin C. Pierce and David N. Turner. 2000. Local type inference. ACM Trans. Program. Lang. Syst. 22, 1 (2000), 1--44.Google Scholar
Digital Library
- Mozilla Research. 2015. The Rust Programming Language. Retrieved February 18, 2020 from https://www.rust-lang.org.Google Scholar
- Grigore Roşu and Traian Florin Şerbănuţă. 2010. An overview of the K semantic framework. J. Logic Algebr. Program. 79, 6 (2010), 397--434.Google Scholar
Cross Ref
- Amr Sabry and Matthias Felleisen. 1992. Reasoning about programs in continuation-passing style. In Conference on LISP and Functional Programming (LFP’92). 11. DOI:https://doi.org/10.1145/141471.141563Google Scholar
Digital Library
- Franklin Schrans and Susan Eisenbach. 2019. Introduce the Asset trait. Retrieved February 18, 2020 from https://github.com/flintlang/flint/blob/master/proposals/0001-asset-trait.md.Google Scholar
- Franklin Schrans, Daniel Hails, Alexander Harkness, Sophia Drossopoulou, and Susan Eisenbach. 2019. Flint for safer smart contracts. arxiv:1904.06534. Retrieved from https://arxiv.org/abs/1904.06534.Google Scholar
- Ilya Sergey, Vaivaswatha Nagaraj, Jacob Johannsen, Amrit Kumar, Anton Trunov, and Ken Chan Guan Hao. 2019. Safer smart contract programming with Scilla. In Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’19). DOI:https://doi.org/10.1145/3360611Google Scholar
- Emin Gün Sirer. 2016. Thoughts on The DAO Hack. Retrieved February 18, 2020 from http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/.Google Scholar
- Andreas Stefik and Stefan Hanenberg. 2014. The programming language wars: Questions and responsibilities for the programming language community. In Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2014). 283--299. DOI:https://doi.org/10.1145/2661136.2661156Google Scholar
Digital Library
- Andreas Stefik and Susanna Siebert. 2013. An empirical investigation into programming language syntax. ACM Trans. Comput. Educ. 13, 4 (2013), 19.Google Scholar
Digital Library
- Robert E. Strom and Shaula Yemini. 1986. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng. SE-12, 1 (1986), 157--171. DOI:https://doi.org/10.1109/TSE.1986.6312929Google Scholar
Digital Library
- Jeffrey Stylos and Steven Clarke. 2007. Usability implications of requiring parameters in objects’ constructors. In International Conference on Software Engineering (ICSE’07). DOI:https://doi.org/10.1109/ICSE.2007.92Google Scholar
Digital Library
- Joshua Sunshine, James D. Herbsleb, and Jonathan Aldrich. 2014. Structuring documentation to support state search: A laboratory experiment about protocol programming. In European Conference on Object-Oriented Programming (ECOOP’14). DOI:https://doi.org/10.1007/978-3-662-44202-9_7Google Scholar
Digital Library
- Joshua Sunshine, Karl Naden, Sven Stork, Jonathan Aldrich, and Éric Tanter. 2011. First-class state change in Plaid. In Object Oriented Programming Systems, Languages, and Applications (OOPSLA’11). DOI:https://doi.org/10.1145/2076021.2048122Google Scholar
- Nick Szabo. 1997. Formalizing and securing relationships on public networks. First Monday 2, 9 (1997). DOI:https://doi.org/10.5210/fm.v2i9.548Google Scholar
- The Linux Foundation. 2020. Hyperledger Fabric. Retrieved February 18, 2020 from https://www.hyperledger.org/projects/fabric.Google Scholar
- Jesse A. Tov and Riccardo Pucella. 2011. Practical affine types. In Principles of Programming Languages (POPL’11). DOI:https://doi.org/10.1145/1926385.1926436Google Scholar
- Fabian Vogelsteller and Vitalik Buterin. 2015. EIP 20: ERC-20 Token Standard. Retrieved February 18, 2020 from https://eips.ethereum.org/EIPS/eip-20.Google Scholar
- Philip Wadler. 1990. Linear types can change the world. In Programming Concepts and Methods, Vol. 2. 347--359.Google Scholar
- Max Willsey, Rokhini Prabhu, and Frank Pfenning. 2017. Design and Implementation of Concurrent C0. arxiv:cs.PL/1701.04929. Retrieved from https://arxiv.org/abs/1701.04929.Google Scholar
- Xiwei Xu, Ingo Weber, Mark Staples, Liming Zhu, Jan Bosch, Len Bass, Cesare Pautasso, and Paul Rimba. 2017. A taxonomy of blockchain-based systems for architecture design. In International Conference on Software Architecture (ICSA’17).Google Scholar
Cross Ref
- Jakub Zakrzewski. 2018. Towards verification of ethereum smart contracts: A formalization of core of solidity. In Verified Software. Theories, Tools, and Experiments.Google Scholar
Index Terms
Obsidian: Typestate and Assets for Safer Blockchain Programming
Recommendations
Can advanced type systems be usable? An empirical study of ownership, assets, and typestate in Obsidian
Some blockchain programs (smart contracts) have included serious security vulnerabilities. Obsidian is a new typestate-oriented programming language that uses a strong type system to rule out some of these vulnerabilities. Although Obsidian was designed ...
Usability Hypotheses in the Design of Plaid
PLATEAU '14: Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and ToolsPlaid is a research programming language with a focus on typestate, permissions, and concurrency. Typestate describes ordering constraints on method calls to an object; Plaid incorporates typestate into both its object model and its type system. ...
Functional translation of a calculus of capabilities
ICFP '08: Proceedings of the 13th ACM SIGPLAN international conference on Functional programmingReasoning about imperative programs requires the ability to track aliasing and ownership properties. We present a type system that provides this ability, by using regions, capabilities, and singleton types. It is designed for a high-level calculus with ...






Comments