摘要
作为当前最大的支持智能合约的区块链平台,数以百万计的智能合约被部署在以太坊上。由于即使发现包含bug也无法修改已部署的智能合约,因此对于开发人员而言,在部署合约前修复合约中的bug至关重要。当前研究人员已经提出了许多智能合约分析工具,用于检测合约中的bug。这些工具要么使用基于以太坊虚拟机字节码的符号执行来检测bug,要么将源代码转换为中间表示形式后再检测bug。然而,基于符号执行的工具通常无法覆盖合约中的大部分bug;将源代码转换为中间表示形式会对检测速度产生负面影响。此外,现有的工具都只能检测bug,而无法根据检测结果自动修复bug。为了解除以上限制,提出了一种名为SolidityCheck的方法,该方法通过使用正则表达式、程序插桩和语句替换等技术,实现快速检测合约中的bug并自动修复其中某些种类bug的目的。文中进行了一系列实验来评估SolidityCheck,实验结果表明,与现有方法相比,SolidityCheck在多个指标上显示出了优异的性能。
As the largest blockchain platform supporting smart contracts,millions of smart contracts have been deployed on Ethereum.Since the deployed smart contracts cannot be modified even if the contracts contain bugs,it is critical for developers to eliminate bugs prior to the deployment.Many smart contract analysis tools have been proposed.These tools either use bytecode-based symbolic execution to detect bugs,or convert the source code to an intermediate representation and then detect bugs.The tools based on symbolic execution usually cannot cover many types of bugs in source code.Converting the source code to an intermediate representation negatively impacts the detection speed.Moreover,these tools are bug detectors,which cannot automatically fix bugs based on analysis results.To address these limitations,we propose an approach named SolidityCheck,which employs regular expressions,program instrumentation and statement replacement in source code to quickly detect bugs and fix certain types of bugs.We conduct extensive experiments to evaluate SolidityCheck.The experimental results show that,compared with existing approaches,SolidityCheck demonstrates excellent performances on multiple indicators.
作者
肖锋
张鹏程
罗夏朴
XIAO Feng;ZHANG Peng-cheng;LUO Xia-pu(College of Computer and Information,Hohai University,Nanjing 211100,China;Department of Computing,The Hong Kong Polytechnic University,Hong Kong 999077,China)
出处
《计算机科学》
CSCD
北大核心
2021年第11期89-101,共13页
Computer Science
基金
中央高校基本科研业务费专项资金(B210203107)
国家自然科学基金(6157217)
江苏省自然科学基金(BK20191297)。
