SIF: A Framework for Solidity Contract Instrumentation and Analysis

Chao Peng; Sefa Akca; Ajitha Rajan

doi:10.1109/APSEC48747.2019.00069

SIF: A Framework for Solidity Contract Instrumentation and Analysis

Chao Peng, Sefa Akca, Ajitha Rajan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Solidity is an object-oriented and high-level language for writing smart contracts that are used to execute, verify and enforce credible transactions on permissionless blockchains. In the last few years, analysis of smart contracts has raised considerable interest and numerous techniques have been proposed to check the presence of vulnerabilities in them. Current techniques lack traceability in source code and have widely differing work flows. There is no single unifying framework for analysis, instrumentation, optimisation and code generation of Solidity contracts. In this paper, we present SIF, a comprehensive framework for Solidity contract analysis, query, instrumentation, and code generation. SIF provides support for Solidity contract developers and testers to build source level techniques for analysis, understanding, diagnostics, optimisations and code generation. We show feasibility and applicability of the framework by building practical tools on top of it and running them on 1838 real smart contracts deployed on the Ethereum network.

Original language	English
Title of host publication	2019 26th Asia-Pacific Software Engineering Conference (APSEC)
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	466-473
Number of pages	8
ISBN (Electronic)	978-1-7281-4648-5
ISBN (Print)	978-1-7281-4649-2
DOIs	https://doi.org/10.1109/APSEC48747.2019.00069
Publication status	Published - 2 Jan 2020
Event	The 26th Asia-Pacific Software Engineering Conference - Putrajaya, Malaysia Duration: 2 Dec 2019 → 5 Dec 2019 https://seminar.utmspace.edu.my/apsec2019/

Publication series

Name
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
ISSN (Print)	1530-1362
ISSN (Electronic)	2640-0715

Conference

Conference	The 26th Asia-Pacific Software Engineering Conference
Abbreviated title	APSEC 2019
Country/Territory	Malaysia
City	Putrajaya
Period	2/12/19 → 5/12/19
Internet address	https://seminar.utmspace.edu.my/apsec2019/

Keywords

high level languages
software testing
code instrumentation
program analysis

Access to Document

10.1109/APSEC48747.2019.00069Licence: All Rights Reserved

SIF A Framework_PENG_DOA29092019_AFVAccepted author manuscript, 371 KB

https://ieeexplore.ieee.org/document/8945726Licence: All Rights Reserved

Cite this

@inproceedings{43216d4ef9a24cca822a691fd07dc927,

title = "SIF: A Framework for Solidity Contract Instrumentation and Analysis",

abstract = "Solidity is an object-oriented and high-level language for writing smart contracts that are used to execute, verify and enforce credible transactions on permissionless blockchains. In the last few years, analysis of smart contracts has raised considerable interest and numerous techniques have been proposed to check the presence of vulnerabilities in them. Current techniques lack traceability in source code and have widely differing work flows. There is no single unifying framework for analysis, instrumentation, optimisation and code generation of Solidity contracts. In this paper, we present SIF, a comprehensive framework for Solidity contract analysis, query, instrumentation, and code generation. SIF provides support for Solidity contract developers and testers to build source level techniques for analysis, understanding, diagnostics, optimisations and code generation. We show feasibility and applicability of the framework by building practical tools on top of it and running them on 1838 real smart contracts deployed on the Ethereum network.",

keywords = "high level languages, software testing, code instrumentation, program analysis",

author = "Chao Peng and Sefa Akca and Ajitha Rajan",

year = "2020",

month = jan,

day = "2",

doi = "10.1109/APSEC48747.2019.00069",

language = "English",

isbn = "978-1-7281-4649-2",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "466--473",

booktitle = "2019 26th Asia-Pacific Software Engineering Conference (APSEC)",

address = "United States",

note = "The 26th Asia-Pacific Software Engineering Conference, APSEC 2019 ; Conference date: 02-12-2019 Through 05-12-2019",

url = "https://seminar.utmspace.edu.my/apsec2019/",

}

Peng, C, Akca, S & Rajan, A 2020, SIF: A Framework for Solidity Contract Instrumentation and Analysis. in 2019 26th Asia-Pacific Software Engineering Conference (APSEC). Institute of Electrical and Electronics Engineers (IEEE), pp. 466-473, The 26th Asia-Pacific Software Engineering Conference, Putrajaya, Malaysia, 2/12/19. https://doi.org/10.1109/APSEC48747.2019.00069

TY - GEN

T1 - SIF: A Framework for Solidity Contract Instrumentation and Analysis

AU - Peng, Chao

AU - Akca, Sefa

AU - Rajan, Ajitha

PY - 2020/1/2

Y1 - 2020/1/2

N2 - Solidity is an object-oriented and high-level language for writing smart contracts that are used to execute, verify and enforce credible transactions on permissionless blockchains. In the last few years, analysis of smart contracts has raised considerable interest and numerous techniques have been proposed to check the presence of vulnerabilities in them. Current techniques lack traceability in source code and have widely differing work flows. There is no single unifying framework for analysis, instrumentation, optimisation and code generation of Solidity contracts. In this paper, we present SIF, a comprehensive framework for Solidity contract analysis, query, instrumentation, and code generation. SIF provides support for Solidity contract developers and testers to build source level techniques for analysis, understanding, diagnostics, optimisations and code generation. We show feasibility and applicability of the framework by building practical tools on top of it and running them on 1838 real smart contracts deployed on the Ethereum network.

AB - Solidity is an object-oriented and high-level language for writing smart contracts that are used to execute, verify and enforce credible transactions on permissionless blockchains. In the last few years, analysis of smart contracts has raised considerable interest and numerous techniques have been proposed to check the presence of vulnerabilities in them. Current techniques lack traceability in source code and have widely differing work flows. There is no single unifying framework for analysis, instrumentation, optimisation and code generation of Solidity contracts. In this paper, we present SIF, a comprehensive framework for Solidity contract analysis, query, instrumentation, and code generation. SIF provides support for Solidity contract developers and testers to build source level techniques for analysis, understanding, diagnostics, optimisations and code generation. We show feasibility and applicability of the framework by building practical tools on top of it and running them on 1838 real smart contracts deployed on the Ethereum network.

KW - high level languages

KW - software testing

KW - code instrumentation

KW - program analysis

U2 - 10.1109/APSEC48747.2019.00069

DO - 10.1109/APSEC48747.2019.00069

M3 - Conference contribution

SN - 978-1-7281-4649-2

SP - 466

EP - 473

BT - 2019 26th Asia-Pacific Software Engineering Conference (APSEC)

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - The 26th Asia-Pacific Software Engineering Conference

Y2 - 2 December 2019 through 5 December 2019

ER -

SIF: A Framework for Solidity Contract Instrumentation and Analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this