Hybrid Session Verification through Endpoint API Generation

© Springer-Verlag Berlin Heidelberg 2016.This paper proposes a new hybrid session verification methodology for applying session types directly to mainstream languages, based on generating protocol-specific endpoint APIs from multiparty session types. The API generation promotes static type checking of the behavioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the target language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid verification guarantees the absence of protocol violation errors during the execution of the session. We implement our methodology for Java as an extension to the Scribble framework, and use it to specify and implement compliant clients and servers for real-world protocols such as HTTP and SMTP

Behavioral types in programming languages

A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types

Explicit connection actions in multiparty session types

This work extends asynchronous multiparty session types (MPST) with explicit connection actions to support protocols with op- tional and dynamic participants. The actions by which endpoints are connected and disconnected are a key element of real-world protocols that is not treated in existing MPST works. In addition, the use cases motivating explicit connections often require a more relaxed form of mul- tiparty choice: these extensions do not satisfy the conservative restric- tions used to ensure safety in standard syntactic MPST. Instead, we de- velop a modelling-based approach to validate MPST safety and progress for these enriched protocols. We present a toolchain implementation, for distributed programming based on our extended MPST in Java, and a core formalism, demonstrating the soundness of our approach. We discuss key implementation issues related to the proposed extensions: a practi- cal treatment of choice subtyping for MPST progress, and multiparty correlation of dynamic binary connections

MindTheDApp: A Toolchain for Complex Network-Driven Structural Analysis of Ethereum-based Decentralised Applications

This paper presents MindTheDApp, a toolchain designed specifically for the structural analysis of Ethereum-based Decentralized Applications (DApps), with a distinct focus on a complex network-driven approach. Unlike existing tools, our toolchain combines the power of ANTLR4 and Abstract Syntax Tree (AST) traversal techniques to transform the architecture and interactions within smart contracts into a specialized bipartite graph. This enables advanced network analytics to highlight operational efficiencies within the DApp’s architecture. The bipartite graph generated by the proposed tool comprises two sets of nodes: one representing smart contracts, interfaces, and libraries, and the other including functions, events, and modifiers. Edges in the graph connect functions to smart contracts they interact with, offering a granular view of interdependencies and execution flow within the DApp. This network-centric approach allows researchers and practitioners to apply complex network theory in understanding the robustness, adaptability, and intricacies of decentralized systems. Our work contributes to the enhancement of security in smart contracts by allowing the visualisation of the network, and it provides a deep understanding of the architecture and operational logic within DApps. Given the growing importance of smart contracts in the blockchain ecosystem and the emerging application of complex network theory in technology, our toolchain offers a timely contribution to both academic research and practical applications in the field of blockchain technology.10.13039/501100015595-Ethereum Foundation (Grant Number: FY23-1048

A Preliminary Analysis of Software Metrics in Decentralised Applications

This study examines software metrics in decentralized applications (dApps) to analyze their structural and behavioral characteristics as they grow in complexity. Sixty dApps were categorized into Small (3 to 29 contracts), Medium (30 to 46 contracts), and Large (47 to 206 contracts) based on their contract count. Initial analysis showed a non-normal data distribution, leading to the use of Spearman's correlation method. Findings revealed that Medium dApps have strong correlations between metrics like 'Average Local Variables' and 'Maximum Local Variables', while Large dApps show higher correlations between 'Number of Functions' and 'State Variable Count', indicating more complex contract structures. The higher Coupling Between Objects (CBO) in large dApps suggests increased interactions with other contracts or libraries, potentially elevating security risks. These insights are valuable for developers and stakeholders in the blockchain and IoT sectors, aiding in understanding how dApps evolve with increasing complexity and the implications on software metric relationships.Ethereum Foundation grant FY23-1048

Timed runtime monitoring for multiparty conversations

We propose a dynamic verification framework for protocols in real-time distributed systems. The framework is based on Scribble, a tool-chain for design and verification of choreographies based on multiparty session types, which we have developed with our industrial partners. Drawing from recent work on multiparty session types for real-time interactions, we extend Scribble with clocks, resets, and clock predicates in order to constrain the times inwhich interactions occur.We present a timedAPI for Python to programdistributed implementations of Scribble specifications. A dynamic verification framework ensures the safe execution of applications written with our timed API: we have implemented dedicated runtime monitors that check that each interaction occurs at a correct timing with respect to the corresponding Scribble specification. To demonstrate the practicality of the proposed framework, we express and verify four categories of widely used temporal patterns from use cases in literature.We analyse the performance of our implementation via benchmarking and show negligible overhead

Asynchronous timed session types: from duality to time-sensitive processes

We present a behavioural typing system for a higher-order timed calculus, using session types to model timed protocols, and the calculus to abstract implementations. Behavioural typing ensures that processes in the calculus will perform actions in the time-windows prescribed by their protocols. We introduce duality and subtyping for timed asynchronous session types. Duality includes a class of protocols that previous work on asynchronous timed session types could not type-check. Subtyping is critical for precision of our typing system, especially for session delegation. The composition of dual (timed asynchronous) types enjoys progress when using an urgent receive semantics, in which receive actions are executed as soon as the expected message is available. Our calculus increases the modelling power of calculi used in the previous work on timed sessions, adding a blocking receive primitive with timeout, and a primitive that consumes an arbitrary amount of time in a given range