A Concurrent Perspective on Smart Contracts. 1st Workshop on Trusted Smart Contracts

Similar documents
arxiv: v1 [cs.dc] 17 Feb 2017

Implementing and Mechanically Verifying Smart Contracts

Table of contents. Abstract. Disclaimer. Scope. Procedure. AS-IS overview. Audit overview. Conclusion. Appendix A. Automated tools reports 12

Smart Contract Security Tips. Ethereum devcon2 Sep Joseph Chow

Securify: Practical Security Analysis of Smart Contracts

Ethereum. Smart Contracts Programming Model

Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic.

Declarative Static Analysis of Smart Contracts

Lecture 10. A2 - will post tonight - due in two weeks

Specifying the Ethereum Virtual Machine for Theorem Provers

FXY TOKEN SMART CONTRACT AUDIT RESULTS FOR FIXY NETWORK LTD

SECURITY AUDIT REPORT

Concurrent Objects and Linearizability

Concurrent Objects. Companion slides for The Art of Multiprocessor Programming by Maurice Herlihy & Nir Shavit

Smart!= Secure - Breaking Ethereum Smart Contracts. Elliot Ward & Jake Humphries

BLOCKCHAIN CADEC Pär Wenåker & Peter Larsson

Formal Methods for Java

The C/C++ Memory Model: Overview and Formalization

Oyente: Making Smart Contracts Smarter

Improving Interrupt Response Time in a Verifiable Protected Microkernel

Taming release-acquire consistency

Productive Design of Extensible Cache Coherence Protocols!

Abstraction: Distributed Ledger

How Formal Analysis and Verification Add Security to Blockchain-based Systems

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

Synapse: Decentralized Intelligence

Name: After line 1: After line 3: After line 5: After line 8: After line 11:

CPU Cacheline False Sharing - What is it? - How it can impact performance. - How to find it? (new tool)

COEN 241 Term Project. A Blockchain-based Cloud Service

Java SE 7 Programming

Introduction. Companion slides for The Art of Multiprocessor Programming by Maurice Herlihy & Nir Shavit

Active Testing for Concurrent Programs

Porosity Decompiling Ethereum Smart-Contracts. Matt Suiche Founder, Comae Technologies

CS 347 Parallel and Distributed Data Processing

A Non-Blocking Concurrent Queue Algorithm

Review of last lecture. Goals of this lecture. DPHPC Overview. Lock-based queue. Lock-based queue

Stanford University Computer Science Department CS 140 Midterm Exam Dawson Engler Winter 1999

C++ Memory Model Tutorial

Formal Specification of RISC-V Systems Instructions

cchannel Generalized State Channel Specification

Blockchains: new home for proven-correct software. Paris, Yoichi Hirai formal verification engineer, the Ethereum Foundation

Parallelization and Synchronization. CS165 Section 8

A Java Framework for Smart Contracts

Programming Paradigms for Concurrency Lecture 3 Concurrent Objects

Calculating Correct Compilers

Smart Contract Security Audit Report. Loopring Protocol Smart Contract version 2

The promise and peril of smart contracts

CS 347 Parallel and Distributed Data Processing

Priority Queue ADT. Revised based on textbook author s notes.

Assertions, pre/postconditions

Technical Analysis of Established Blockchain Systems

CS 241 Honors Concurrent Data Structures

Logistics. Templates. Plan for today. Logistics. A quick intro to Templates. A quick intro to Templates. Project. Questions? Introduction to Templates

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

The Wait-Free Hierarchy

Cover Page. The handle holds various files of this Leiden University dissertation

The Java Memory Model

Design and Implementation of Modern Programming Languages (Seminar)

Wanchain Documentation

GENESIS VISION NETWORK

Active Testing for Concurrent Programs

Review of last lecture. Peer Quiz. DPHPC Overview. Goals of this lecture. Lock-based queue

Specification of a transacted memory for smart cards in Java and JML

Lock free Algorithm for Multi-core architecture. SDY Corporation Hiromasa Kanda SDY

Java SE 7 Programming

LDetector: A low overhead data race detector for GPU programs

The Spin Model Checker : Part I/II

CS510 Advanced Topics in Concurrency. Jonathan Walpole

Where does the insert method place the new entry in the array? Assume array indexing starts from 0(zero).

Leveraging Lock Contention to Improve Transaction Applications. University of Washington

Review of last lecture. Peer Quiz. DPHPC Overview. Goals of this lecture. Is coherence everything?

Overview of Lecture 4. Memory Models, Atomicity & Performance. Ben-Ari Concurrency Model. Dekker s Algorithm 4

Lecture 10 Design by Contract

Thread-Local. Lecture 27: Concurrency 3. Dealing with the Rest. Immutable. Whenever possible, don t share resources

Strong Formal Verification for RISC-V From Instruction-Set Manual to RTL

Java PathFinder JPF 2 Second Generation of Java Model Checker

W4118 Operating Systems. Junfeng Yang

Plural and : Protocols in Practice. Jonathan Aldrich Workshop on Behavioral Types April School of Computer Science

Internet of secure things: issues and perspectives. Pasquale Pace Dimes - UNICAL

Program Verification (6EC version only)

CSE544 Database Architecture

Concept of a process

Hazard Pointers. Number of threads unbounded time to check hazard pointers also unbounded! difficult dynamic bookkeeping! thread B - hp1 - hp2

Synchronization SPL/2010 SPL/20 1

A Semantic Framework for the Security Analysis of Ethereum smart contracts

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I

Dept. of CSE, York Univ. 1

Outline of lecture. i219 Software Design Methodology 10. Multithreaded programming. Kazuhiro Ogata (JAIST)

Midterm on next week Tuesday May 4. CS 361 Concurrent programming Drexel University Fall 2004 Lecture 9

ZILLIQA / ZILIKƏ/ NEXT GEN HIGH-THROUGHPUT BLOCKCHAIN PLATFORM DONG XINSHU, CEO JIA YAOQI, BLOCKCHAIN ZILLIQA.

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Defining the Ethereum Virtual Machine for Interactive Theorem Provers

Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)

Models of concurrency & synchronization algorithms

Wanchain Hackathon Handbook San Jose

Computation Abstractions. Processes vs. Threads. So, What Is a Thread? CMSC 433 Programming Language Technologies and Paradigms Spring 2007

Audience. Revising the Java Thread/Memory Model. Java Thread Specification. Revising the Thread Spec. Proposed Changes. When s the JSR?

1. Draw and explain program flow of control without and with interrupts. [16]

Whatever can go wrong will go wrong. attributed to Edward A. Murphy. Murphy was an optimist. authors of lock-free programs LOCK FREE KERNEL

OCL Support in MOF Repositories

Transcription:

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017

class ConcurrentQueue <E> { public synchronized void enqueue(e elem) { public synchronized E dequeue() {

class ConcurrentQueue <E> { public synchronized void enqueue(e elem) { public synchronized E dequeue() { class MyQClient { public void foo (ConcurrentQueue<Integer> q) { q.enqueue(1); q.enqueue(2); dostuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue();

class MyQClient { public void foo (ConcurrentQueue<Integer> q) { q.enqueue(1); q.enqueue(2); dostuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue(); Queue q = new ConcurentQueue<Integer>(); MyQClient c1 = new MyQClient(); MyQClient c2 = new MyQClient(); c1.foo(q) c2.foo(q)

class MyQClient { public void foo (ConcurrentQueue<Integer> q) { q.enqueue(1); q.enqueue(2); dostuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue(); assert fails c1.foo(q) enq(1) enq(2) deq()=2 c2.foo(q) enq(1) enq(2) deq()=1 deq()=1

contract MyQContract { Queue q = QueueContract(0x1d11e5fbe221); function foo() { q.enqueue(addr1); q.enqueue(addr2); someaddr.call.value( ); address i = q.dequeue(); // Assuming i == addr1 i.send(reward); q.dequeue();

contract MyQContract { Queue q = QueueContract(0x1d11e5fbe221); function foo() { q.enqueue(addr1); q.enqueue(addr2); someaddr.call.value( ); address i = q.dequeue(); // Assuming i == addr1 i.send(reward); q.dequeue(); Transaction mqc.foo(): enq(addr1) enq(addr2) deq() =? someaddr(): Any manipulation with q

Accounts using smart contracts in a blockchain are like threads using concurrent objects in shared memory.

Accounts using smart contracts in a blockchain are like threads using concurrent objects in shared memory. contract state object state call/send context switching Reentrancy (Un)cooperative multitasking

Reentrancy and multitasking 1010 // Burn DAO Tokens 1011 Transfer(msg.sender, 0, balances[msg.sender]); 1012 withdrawrewardfor(msg.sender); // be nice, and get his rewards 1013 totalsupply -= balances[msg.sender]; 1014 balances[msg.sender] = 0; 1015 paidout[msg.sender] = 0; 1016 return true; 1017

Reentrancy and multitasking 1010 // Burn DAO Tokens 1011 Transfer(msg.sender, 0, balances[msg.sender]); 1012 withdrawrewardfor(msg.sender); // be nice, and get his rewards 1013 totalsupply -= balances[msg.sender]; 1014 balances[msg.sender] = 0; 1015 paidout[msg.sender] = 0; 1016 return true; 1017 DAO: withdrawrewardfor() balances[msg.sender] = 0 _recipient.call.value( ): Manipulation with DAO

DAO: withdrawrewardfor() Inv balances[msg.sender] = 0 _recipient.call.value( ): Manipulation with DAO Inv(contract.state, balance) Inv Inv Inv Inv Inv Inv c.atomicmethod() c.atomicmethod() c.atomicmethod() Environment Environment

Accounts using smart contracts in a blockchain are like threads using concurrent objects in shared memory. contract state object state call/send context switching Reentrancy (Un)cooperative multitasking Invariants Atomicity

Querying an Oracle Transaction 1 Transaction 2 c.preparerequest() o.respond() o.raiseevent() c. callback(data)

Querying an Oracle Block N Block N+M Transaction 1 c.preparerequest() o.raiseevent() Transaction 2 o.respond() c. callback(data)

BlockKing via Oraclize function enter() { if (msg.value < 50 finney) { msg.sender.send(msg.value); return; warrior = msg.sender; warriorgold = msg.value; warriorblock = block.number; bytes32 myid = oraclize_query(0, WolframAlpha","random number between 1 and 9"); function callback(bytes32 myid, string result) { if (msg.sender!= oraclize_cbaddress()) throw; randomnumber = uint(bytes(result)[0]) - 48; process_payment();

Accounts using smart contracts in a blockchain are like threads using concurrent objects in shared memory. contract state object state call/send context switching Reentrancy (Un)cooperative multitasking Invariants Atomicity Non-determinism data races

Reasoning about High-level Behavior of Contracts (as of Concurrent Objects)

Temporal Properties Q since P s s, s c * s, P(s) Q(s, s ) Token price only goes up ; No payments accepted after the quorum is reached ; No changes can be made after locking ; Consensus results are irrevocable ; etc.

Work in Progress A Coq-based DSL for formally defining high-level contract behavior as of a concurrent object ; Definitions of generic semantic contract properties; Formal proofs for several case studies (in Coq); Reasoning about contract/object composition; A verified compiler from the DSL to EVM; A compiler from Solidity to the DSL;

To take away Accounts using smart contracts in a blockchain are like threads using concurrent objects in shared memory. Understanding intra- and inter-transactional behavior; Detecting atomicity violations and data races; Repurposing existing verification ideas; Thanks!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback