research-article

Public Access

Demystifying loops in smart contracts

Authors:

Benjamin Mariano,

Shuvendu K. Lahiri,

Isil DilligAuthors Info & Claims

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Pages 262 - 274

https://doi.org/10.1145/3324884.3416626

Published: 27 January 2021 Publication History

Abstract

This paper aims to shed light on how loops are used in smart contracts. Towards this goal, we study various syntactic and semantic characteristics of loops used in over 20,000 Solidity contracts deployed on the Ethereum blockchain, with the goal of informing future research on program analysis for smart contracts. Based on our findings, we propose a small domain-specific language (DSL) that can be used to summarize common looping patterns in Solidity. To evaluate what percentage of smart contract loops can be expressed in our proposed DSL, we also design and implement a program synthesis toolchain called Solis that can synthesize loop summaries in our DSL. Our evaluation shows that at least 56% of the analyzed loops can be summarized in our DSL, and 81% of these summaries are exactly equivalent to the original loop.

References

[1]

2016. Manticore. https://github.com/trailofbits/manticore/. [Online; accessed 01/09/2019].

[2]

2018. Mythril Classic. https://github.com/ConsenSys/mythril-classic. [Online; accessed 12/01/2018].

[3]

Rajeev Alur, Rastislav Bodík, Eric Dallal, Dana Fisman, Pranav Garg, Garvit Juniwal, Hadas Kress-Gazit, P. Madhusudan, Milo M. K. Martin, Mukund Raghothaman, Shambwaditya Saha, Sanjit A. Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2015. Syntax-Guided Synthesis. In Dependable Software Systems Engineering. 1--25.

[4]

Rajeev Alur, Arjun Radhakrishna, and Abhishek Udupa. 2017. Scaling Enumerative Program Synthesis via Divide and Conquer. In Tools and Algorithms for the Construction and Analysis of Systems - 23rd International Conference, TACAS 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22--29, 2017, Proceedings, Part I. 319--336.

[5]

Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational Verification Using Product Programs. In FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20--24, 2011. Proceedings. 200--214.

[6]

Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2016. Product programs and relational program logics. J. Log. Algebraic Methods Program. 85, 5 (2016), 847--859.

[7]

Jia Chen, Jiayi Wei, Yu Feng, Osbert Bastani, and Isil Dillig. 2019. Relational verification using reinforcement learning. Proc. ACM Program. Lang. 3, OOPSLA (2019), 141:1--141:30.

Digital Library

[8]

Alvin Cheung, Armando Solar-Lezama, and Samuel Madden. 2013. Optimizing database-backed applications with query synthesis. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '13, Seattle, WA, USA, June 16--19, 2013. 3--14.

Digital Library

[9]

Michael A Colón, Sriram Sankaranarayanan, and Henny B Sipma. 2003. Linear invariant generation using non-linear constraint solving. In International Conference on Computer Aided Verification. Springer, 420--432.

[10]

Patrick Cousot and Nicolas Halbwachs. 1978. Automatic discovery of linear restraints among variables of a program. In Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages. 84--96.

Digital Library

[11]

Isil Dillig, Thomas Dillig, Boyang Li, and Ken McMillan. 2013. Inductive invariant generation via abductive inference. Acm Sigplan Notices 48, 10 (2013), 443--456.

Digital Library

[12]

Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB@ICSE 2019, Montreal, QC, Canada, May 27, 2019. 8--15.

Digital Library

[13]

Dennis Felsing, Sarah Grebing, Vladimir Klebanov, Philipp Rümmer, and Mattias Ulbrich. 2014. Automating regression verification. In ACM/IEEE International Conference on Automated Software Engineering, ASE '14, Vasteras, Sweden - September 15 - 19, 2014. 349--360.

Digital Library

[14]

Yu Feng, Ruben Martins, Osbert Bastani, and Isil Dillig. 2018. Program synthesis using conflict-driven learning. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18--22, 2018. 420--435.

Digital Library

[15]

Yu Feng, Ruben Martins, Jacob Van Geffen, Isil Dillig, and Swarat Chaudhuri. 2017. Component-based synthesis of table consolidation and transformation tasks from examples. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18--23, 2017. 422--436.

Digital Library

[16]

Yu Feng, Ruben Martins, Yuepeng Wang, Isil Dillig, and Thomas Reps. 2017. Component-Based Synthesis for Complex APIs. In Proc. Symposium on Principles of Programming Languages. ACM, 599--612.

Digital Library

[17]

John K. Feser, Swarat Chaudhuri, and Isil Dillig. 2015. Synthesizing data structure transformations from input-output examples. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15--17, 2015. 229--239.

Digital Library

[18]

Matt Fredrikson, Somesh Jha, Mihai Christodorescu, Reiner Sailer, and Xifeng Yan. 2010. Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16--19 May 2010, Berleley/Oakland, California, USA. 45--60.

Digital Library

[19]

Patrice Godefroid and Daniel Luchaup. 2011. Automatic Partial Loop Summarization in Dynamic Test Generation. In Proceedings of the 2011 International Symposium on Software Testing and Analysis (Toronto, Ontario, Canada) (ISSTA '11). Association for Computing Machinery, New York, NY, USA, 23--33.

Digital Library

[20]

Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. MadMax: surviving out-of-gas conditions in Ethereum smart contracts. In Proc. International Conference on Object-Oriented Programming, Systems, Languages, and Applications. 116:1--116:27.

[21]

Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust - 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14--20, 2018, Proceedings. 243--269.

[22]

Sumit Gulwani. 2011. Automating string processing in spreadsheets using input-output examples. In Proc. Symposium on Principles of Programming Languages. ACM, 317--330.

Digital Library

[23]

Sumit Gulwani, Saurabh Srivastava, and Ramarathnam Venkatesan. 2008. Program analysis as constraint solving. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation. 281--292.

Digital Library

[24]

Thomas A Henzinger, Ranjit Jhala, Rupak Majumdar, and Kenneth L McMillan. 2004. Abstractions from proofs. ACM SIGPLAN Notices 39, 1 (2004), 232--244.

Digital Library

[25]

Yoichi Hirai. 2017. Defining the Ethereum Virtual Machine for Interactive Theorem Provers. In Financial Cryptography and Data Security - FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers. 520--535.

[26]

Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: fuzzing smart contracts for vulnerability detection. In Proc. International Conference on Automated Software Engineering. 259--269.

[27]

Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In Proc. The Network and Distributed System Security Symposium.

[28]

Daniel Kroening, Natasha Sharygina, Stefano Tonetta, Aliaksei Tsitovich, and Christoph M. Wintersteiger. 2008. Loop Summarization Using Abstract Transformers. In Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis (Seoul, Korea) (ATVA '08). Springer-Verlag, Berlin, Heidelberg, 111--125.

Digital Library

[29]

Daniel Kroening, Natasha Sharygina, Stefano Tonetta, Aliaksei Tsitovich, and Christoph M. Wintersteiger. 2009. Loopfrog: A Static Analyzer for ANSI-C Programs. In ASE 2009, 24th IEEE/ACM International Conference on Automated Software Engineering, Auckland, New Zealand, November 16--20, 2009. 668--670.

[30]

Shuvendu K. Lahiri, Shuo Chen, Yuepeng Wang, and Isil Dillig. 2018. Formal Specification and Verification of Smart Contracts for Azure Blockchain. CoRR abs/1812.08829 (2018).

[31]

Shuvendu K. Lahiri, Chris Hawblitzel, Ming Kawaguchi, and Henrique Rebêlo. 2012. SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs. In Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7--13, 2012 Proceedings. 712--717.

[32]

Shuvendu K. Lahiri, Kenneth L. McMillan, Rahul Sharma, and Chris Hawblitzel. 2013. Differential assertion checking. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE'13, Saint Petersburg, Russian Federation, August 18--26, 2013. 345--355.

Digital Library

[33]

Boyang Li, Isil Dillig, Thomas Dillig, Ken McMillan, and Mooly Sagiv. 2013. Synthesis of circular compositional program proofs via abduction. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 370--384.

Digital Library

[34]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Proc. Conference on Computer and Communications Security. 254--269.

Digital Library

[35]

Kenneth L McMillan. 2006. Lazy abstraction with interpolants. In International Conference on Computer Aided Verification. Springer, 123--136.

Digital Library

[36]

Antoine Miné. 2006. The octagon abstract domain. Higher-order and symbolic computation 19, 1 (2006), 31--100.

Digital Library

[37]

George C. Necula. 2000. Translation validation for an optimizing compiler. In Proceedings of the 2000 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Vancouver, Britith Columbia, Canada, June 18--21, 2000. 83--94.

Digital Library

[38]

Daejun Park, Yi Zhang, Manasvi Saxena, Philip Daian, and Grigore Rosu. 2018. A formal verification tool for Ethereum VM bytecode. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena Vista, FL, USA, November 04--09, 2018. 912--915.

Digital Library

[39]

F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (2011), 2825--2830.

Digital Library

[40]

Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin Vechev. 2020. Verx: Safety verification of smart contracts. In 2020 IEEE Symposium on Security and Privacy, SP. 18--20.

[41]

Nadia Polikarpova, Ivan Kuraj, and Armando Solar-Lezama. 2016. Program synthesis from polymorphic refinement types. Proc. Conference on Programming Language Design and Implementation (2016), 522--538.

Digital Library

[42]

Jake Silverman and Zachary Kincaid. 2019. Loop Summarization with Rational Vector Addition Systems (extended version). CoRR abs/1905.06495 (2019). arXiv:1905.06495 http://arxiv.org/abs/1905.06495

[43]

Marcelo Sousa and Isil Dillig. 2016. Cartesian hoare logic for verifying k-safety properties. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13--17, 2016. 57--69.

Digital Library

[44]

Emina Torlak and Rastislav Bodík. 2014. A lightweight symbolic virtual machine for solver-aided host languages. In Proc. Conference on Programming Language Design and Implementation. 530--541.

Digital Library

[45]

Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin T. Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proc. Conference on Computer and Communications Security. 67--82.

[46]

Yuepeng Wang, James Dong, Rushi Shah, and Isil Dillig. 2019. Synthesizing database programs for schema refactoring. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, June 22--26, 2019. 286--300.

Digital Library

[47]

Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. 2014. Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3--7, 2014. 1105--1116.

Digital Library

Cited By

Liu YSong WChristakis MPradel M(2024)FunRedisp: A Function Redispatch Tool to Reduce Invocation Gas Fees in Solidity Smart ContractsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685312(1876-1880)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685312
Liu YSong WChristakis MPradel M(2024)FunRedisp: Reordering Function Dispatch in Smart Contract to Reduce Invocation Gas FeesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652146(516-527)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652146
Deng XBeillahi SMinwalla CDu HVeneris ALong FRoychoudhury APaiva AAbreu RStorey M(2024)Safeguarding DeFi Smart Contracts against Oracle DeviationsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639225(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639225
Show More Cited By

Recommendations

An overview on smart contracts: Challenges, advances and platforms
Abstract
Smart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a trusted ...
Highlights
- Opportunities of smart contracts for industrial internet of things.
- Lifecycle and platforms of smart contracts.
- Applications of smart contracts.
- Challenges and advances of smart contracts.
Software Pipelining of Nested Loops
CC '01: Proceedings of the 10th International Conference on Compiler Construction

Software pipelining is a technique to improve the performance of a loop by overlapping the execution of several iterations. The execution of a software-pipelined loop goes through three phases: prolog, kernel, and epilog. Software pipelining works best ...
Parallelizing tightly nested loops
IPPS '91: Proceedings of the Fifth International Parallel Processing Symposium

Presents a new technique to parallelize nested loops at the statement level. It transforms sequential nested loops, either vectorizable or not, into parallel ones. Previously, the wavefront method was used to parallelize non-vectorizable nested loops. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

December 2020

1449 pages

ISBN:9781450367684

DOI:10.1145/3324884

General Chair:
John Grundy,
Program Chairs:
Claire Le Goues,
David Lo

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

NSF
Microsoft Azure

Conference

ASE '20

Sponsor:

ASE '20: 35th IEEE/ACM International Conference on Automated Software Engineering

December 21 - 25, 2020

Virtual Event, Australia

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
548
Total Downloads

Downloads (Last 12 months)173
Downloads (Last 6 weeks)43

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu YSong WChristakis MPradel M(2024)FunRedisp: A Function Redispatch Tool to Reduce Invocation Gas Fees in Solidity Smart ContractsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685312(1876-1880)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685312
Liu YSong WChristakis MPradel M(2024)FunRedisp: Reordering Function Dispatch in Smart Contract to Reduce Invocation Gas FeesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652146(516-527)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652146
Deng XBeillahi SMinwalla CDu HVeneris ALong FRoychoudhury APaiva AAbreu RStorey M(2024)Safeguarding DeFi Smart Contracts against Oracle DeviationsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639225(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639225
Chen YSun ZGong ZHao DRoychoudhury APaiva AAbreu RStorey M(2024)Improving Smart Contract Security with Contrastive Learning-based Vulnerability DetectionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639173(1-11)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639173
Li LLiang YLiu ZYu ZChandra SBlincoe KTonella P(2023)Understanding Solidity Event Logging Practices in the WildProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616342(300-312)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616342
Zhang GMariano BShen XDillig I(2023)Automated Translation of Functional Big Data Queries to SQLProceedings of the ACM on Programming Languages10.1145/35860477:OOPSLA1(580-608)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586047
Hu XBurgstaller BScholz B(2023)EVMTracer: Dynamic Analysis of the Parallelization and Redundancy Potential in the Ethereum Virtual MachineIEEE Access10.1109/ACCESS.2023.326727711(47159-47178)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3267277
Nguyen TPham LSun JLe Q(2023)An Idealist’s Approach for Smart Contract CorrectnessFormal Methods and Software Engineering10.1007/978-981-99-7584-6_2(11-28)Online publication date: 9-Nov-2023
https://doi.org/10.1007/978-981-99-7584-6_2
Bjørner NEisenhofer CKovács L(2023)Satisfiability Modulo Custom Theories in Z3Verification, Model Checking, and Abstract Interpretation10.1007/978-3-031-24950-1_5(91-105)Online publication date: 17-Jan-2023
https://doi.org/10.1007/978-3-031-24950-1_5
Wang HWang ZLiu SSun JZhao YWan YNguyen T(2023)sFuzz2.0: Storage‐access pattern guided smart contract fuzzingJournal of Software: Evolution and Process10.1002/smr.2557Online publication date: 16-Mar-2023
https://doi.org/10.1002/smr.2557
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents