Watch / S-gram: Statistical Linter For Incomplete Solidity Smart Contracts

S-gram: Statistical Linter For Incomplete Solidity Smart Contracts

  • YouTube
  • IPFS
  • Details

S-gram: Statistical Linter For Incomplete Solidity Smart Contracts

Duration: 00:06:55

Speaker: Han Liu

Type: Talk

Expertise: Expert

Event: Devcon 4

Date: Oct 2018

This presentation will introduce a statistical linting technique called S-gram for Solidity smart contracts. Generally, S-gram aims at finding bugs, stylistic errors, bad programming practice patterns in Solidity contracts. Unlike traditional approaches relying on program analysis which requires full/compilable contracts, S-gram offers automatic checking capability even for incomplete Solidity contracts, thus can help create better development experience where developers can almost code and check simultaneously. The key insight behind S-gram is that "unusual code is more likely to be buggy". The likelihood is measured via probability computation in statistical language models, e.g. N-gram. Specifically, S-gram builds an N-gram model out of a corpus of “good” contracts (“good” means meeting stylistic specifications and having no bugs). Given an incomplete contract c, S-gram first parses it into a token sequence based on abstract syntax tree types e.g., AssignExpr, CallExpr etc. Then, S-gram calculates probabilities with respect to the N-gram model for all the subsequences of c and further flags less-probable code as suspicious. This presentation will also introduce preliminary evaluation on S-gram in terms of capturing real-world smart contract errors. In the end, this presentation will highlight the future tooling support to integrate S-gram with a Solidity IDE.
About the speakers

HL

Han Liu

Postdoc Researcher

Dr. Han Liu is currently a postdoctoral researcher in the School of Software, Tsinghua University, Beijing, China, leading the blockchain security group. Before that, he worked as a senior researcher in Chieftin Fintech Research Lab at Shenzhen, leading the finance security group. He obtained his Ph.D. at Tsinghua University in 2017. In 2015, he worked as a visiting scholar in the University of California, Davis. The research interests of Dr. Han Liu span computer security, software engineering and programming languages. In the context of blockchain, he focuses on creating efficient and effective techniques for formal verification of smart contracts, attack-tolerant virtual machine and automatic semantic modeling of DApps. He has published many academic papers in top-tier conferences and journals (including three pieces of his recent works on blockchain security), such as ICSE, FSE, ASE, FM, TPDS, TIE etc. Dr. Han Liu has received the scholarship of Devcon4. He has been serving as PI for two national research projects and leading three industrial blockchain-based projects with Hongkong Exchange (Formal verification of the IFC DApp), Ant Financial (Automatic security auditing of smart contracts) and WeBank (Testing the BCOS blockchain).

  • Related