Towards Understanding the Bugs in Solidity Compiler

Haoyang Ma; Wuqi Zhang; Qingchao Shen; Yongqiang Tian; Junjie Chen; Shing Chi Cheung

doi:10.1145/3650212.3680362

Towards Understanding the Bugs in Solidity Compiler

Haoyang Ma
, Wuqi Zhang
, Qingchao Shen
, Yongqiang Tian
, Junjie Chen
, Shing Chi Cheung

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

8 Citations (Scopus)

Abstract

Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles.

Original language	English
Title of host publication	Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis
Editors	Maria Christakis, Michael Pradel
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	1312-1324
Number of pages	13
ISBN (Electronic)	9798400706127
DOIs	https://doi.org/10.1145/3650212.3680362
Publication status	Published - 2024
Externally published	Yes
Event	International Symposium on Software Testing and Analysis 2024 - Vienna, Austria Duration: 16 Sept 2024 → 20 Sept 2024 Conference number: 33rd https://dl.acm.org/doi/proceedings/10.1145/3650212 (Proceedings) https://conf.researchr.org/home/issta-2024 (Website)

Conference

Conference	International Symposium on Software Testing and Analysis 2024
Abbreviated title	ISSTA 2024
Country/Territory	Austria
City	Vienna
Period	16/09/24 → 20/09/24
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3650212 (Proceedings) https://conf.researchr.org/home/issta-2024 (Website)

Keywords

Compiler Testing
Empirical Study
Solidity Compiler Bug

Access to Document

10.1145/3650212.3680362

Cite this

@inproceedings{d62d47609ac84651a6903b718b6e4329,

title = "Towards Understanding the Bugs in Solidity Compiler",

abstract = "Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles.",

keywords = "Compiler Testing, Empirical Study, Solidity Compiler Bug",

author = "Haoyang Ma and Wuqi Zhang and Qingchao Shen and Yongqiang Tian and Junjie Chen and Cheung, \{Shing Chi\}",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.; International Symposium on Software Testing and Analysis 2024, ISSTA 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2024",

doi = "10.1145/3650212.3680362",

language = "English",

pages = "1312--1324",

editor = "Maria Christakis and Michael Pradel",

booktitle = "Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/3650212, https://conf.researchr.org/home/issta-2024",

}

Ma, H, Zhang, W, Shen, Q, Tian, Y, Chen, J & Cheung, SC 2024, Towards Understanding the Bugs in Solidity Compiler. in M Christakis & M Pradel (eds), Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery (ACM), New York NY USA, pp. 1312-1324, International Symposium on Software Testing and Analysis 2024, Vienna, Austria, 16/09/24. https://doi.org/10.1145/3650212.3680362

Towards Understanding the Bugs in Solidity Compiler. / Ma, Haoyang; Zhang, Wuqi; Shen, Qingchao et al.
Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. ed. / Maria Christakis; Michael Pradel. New York NY USA: Association for Computing Machinery (ACM), 2024. p. 1312-1324.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Towards Understanding the Bugs in Solidity Compiler

AU - Ma, Haoyang

AU - Zhang, Wuqi

AU - Shen, Qingchao

AU - Tian, Yongqiang

AU - Chen, Junjie

AU - Cheung, Shing Chi

N1 - Conference code: 33rd

PY - 2024

Y1 - 2024

N2 - Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles.

AB - Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code. The correctness of Solidity compiler is critical in fostering transparency, efficiency, and trust in industries reliant on smart contracts. However, like other software systems, Solidity compiler is prone to bugs, which may produce incorrect bytecodes on blockchain platforms, resulting in severe security concerns. As a domain-specific compiler for smart contracts, Solidity compiler differs from other compilers in many perspectives, posing unique challenges to detect its bugs. To understand the bugs in Solidity compiler and benefit future research, in this paper, we present the first systematic study on 533 Solidity compiler bugs. We carefully examined their characteristics (including symptoms, root causes, and distribution), and their triggering test cases. Our study leads to seven bug-revealing takeaways for Solidity compiler. Moreover, to study the limitations of Solidity compiler fuzzers and bring our findings into practical scenarios, we evaluate three Solidity compiler fuzzers on our constructed benchmark. The results show that these fuzzers are inefficient in detecting Solidity compiler bugs. The inefficiency arises from their failure to consider the interesting bug-inducing features, bug-related compilation flags, and test oracles.

KW - Compiler Testing

KW - Empirical Study

KW - Solidity Compiler Bug

UR - https://www.scopus.com/pages/publications/85205600530

U2 - 10.1145/3650212.3680362

DO - 10.1145/3650212.3680362

M3 - Conference Paper

AN - SCOPUS:85205600530

SP - 1312

EP - 1324

BT - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

A2 - Christakis, Maria

A2 - Pradel, Michael

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

T2 - International Symposium on Software Testing and Analysis 2024

Y2 - 16 September 2024 through 20 September 2024

ER -

Towards Understanding the Bugs in Solidity Compiler

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this