当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Checking Smart Contracts with Structural Code Embedding
arXiv - CS - Software Engineering Pub Date : 2020-01-20 , DOI: arxiv-2001.07125 Zhipeng Gao, Lingxiao Jiang, Xin Xia, David Lo, John Grundy
arXiv - CS - Software Engineering Pub Date : 2020-01-20 , DOI: arxiv-2001.07125 Zhipeng Gao, Lingxiao Jiang, Xin Xia, David Lo, John Grundy
Smart contracts have been increasingly used together with blockchains to
automate financial and business transactions. However, many bugs and
vulnerabilities have been identified in many contracts which raises serious
concerns about smart contract security, not to mention that the blockchain
systems on which the smart contracts are built can be buggy. Thus, there is a
significant need to better maintain smart contract code and ensure its high
reliability. In this paper, we propose an automated approach to learn
characteristics of smart contracts in Solidity, which is useful for clone
detection, bug detection and contract validation on smart contracts. Our new
approach is based on word embeddings and vector space comparison. We parse
smart contract code into word streams with code structural information, convert
code elements (e.g., statements, functions) into numerical vectors that are
supposed to encode the code syntax and semantics, and compare the similarities
among the vectors encoding code and known bugs, to identify potential issues.
We have implemented the approach in a prototype, named SmartEmbed. Results show
that our tool can effectively identify many repetitive instances of Solidity
code, where the clone ratio is around 90\%. Code clones such as type-III or
even type-IV semantic clones can also be detected accurately. Our tool can
identify more than 1000 clone related bugs based on our bug databases
efficiently and accurately. Our tool can also help to efficiently validate any
given smart contract against a known set of bugs, which can help to improve the
users' confidence in the reliability of the contract. The anonymous replication packages can be accessed at:
https://drive.google.com/file/d/1kauLT3y2IiHPkUlVx4FSTda-dVAyL4za/view?usp=sharing,
and evaluated it with more than 22,000 smart contracts collected from the
Ethereum blockchain.
中文翻译:
使用结构代码嵌入检查智能合约
智能合约越来越多地与区块链一起使用,以实现金融和商业交易的自动化。然而,许多合约中已经发现了许多错误和漏洞,这引起了人们对智能合约安全性的严重担忧,更不用说构建智能合约的区块链系统可能存在漏洞。因此,非常需要更好地维护智能合约代码并确保其高可靠性。在本文中,我们提出了一种在 Solidity 中学习智能合约特征的自动化方法,这对于智能合约的克隆检测、错误检测和合约验证非常有用。我们的新方法基于词嵌入和向量空间比较。我们将智能合约代码解析为带有代码结构信息的词流,转换代码元素(例如语句、函数)转换为应该对代码语法和语义进行编码的数字向量,并比较编码代码和已知错误的向量之间的相似性,以识别潜在问题。我们已经在名为 SmartEmbed 的原型中实现了该方法。结果表明,我们的工具可以有效识别 Solidity 代码的许多重复实例,其中克隆率约为 90\%。也可以准确检测到代码克隆,例如 III 类甚至 IV 类语义克隆。我们的工具可以根据我们的错误数据库高效准确地识别 1000 多个与克隆相关的错误。我们的工具还可以帮助针对一组已知的错误有效地验证任何给定的智能合约,这有助于提高用户对合约可靠性的信心。匿名复制包可以通过以下网址访问:https:
更新日期:2020-05-21
中文翻译:
使用结构代码嵌入检查智能合约
智能合约越来越多地与区块链一起使用,以实现金融和商业交易的自动化。然而,许多合约中已经发现了许多错误和漏洞,这引起了人们对智能合约安全性的严重担忧,更不用说构建智能合约的区块链系统可能存在漏洞。因此,非常需要更好地维护智能合约代码并确保其高可靠性。在本文中,我们提出了一种在 Solidity 中学习智能合约特征的自动化方法,这对于智能合约的克隆检测、错误检测和合约验证非常有用。我们的新方法基于词嵌入和向量空间比较。我们将智能合约代码解析为带有代码结构信息的词流,转换代码元素(例如语句、函数)转换为应该对代码语法和语义进行编码的数字向量,并比较编码代码和已知错误的向量之间的相似性,以识别潜在问题。我们已经在名为 SmartEmbed 的原型中实现了该方法。结果表明,我们的工具可以有效识别 Solidity 代码的许多重复实例,其中克隆率约为 90\%。也可以准确检测到代码克隆,例如 III 类甚至 IV 类语义克隆。我们的工具可以根据我们的错误数据库高效准确地识别 1000 多个与克隆相关的错误。我们的工具还可以帮助针对一组已知的错误有效地验证任何给定的智能合约,这有助于提高用户对合约可靠性的信心。匿名复制包可以通过以下网址访问:https:
京公网安备 11010802027423号