Documente Academic
Documente Profesional
Documente Cultură
P14 and P17 described thinking about the problem in a The results here revealed concerns about the design of the
dynamic way rather than a static way, which was a prob- typestate system. First, typestate inference may be impor-
lem when using a static tool. For example, P17 wrote if tant to reduce the annotation burden. Second, users may
(@Owned prescription), attempting to indicate a dy- have difficulty adding typestate specifications on variables
namic check of ownership. P18 had trouble guessing the when appropriate. With a real compiler, this would result in
compiler’s behavior, expecting a sophisticated interproce- a lot of error messages when users attempt to invoke meth-
dural analysis rather than typechecking. In a case where ods that are not guaranteed to be available; again, type-
Acknowledgments: This
an owned object was being consumed twice, he expected state inference may help. Finally, guaranteeing typestate
material is based upon work
the compiler to give an error on the second spend invoca- requires understanding and using ownership, so priority
supported by NSF grant
tion rather than on the invocation of a method that took an should be on helping people use ownership effectively.
CNS-1734138, NSF grant
CNS-1423054, by NSA lablet owned argument and invoked the second spend.
Understanding the limitations of the type system and com-
contract H98230-14-C-0140, piler may be an obstacle for some people. Thinking about
Using ownership requires determining which variables
by the Software Engineering using static features rather than dynamic tests proved un-
should be annotated @Owned, a problem that three par-
Institute, and by AFRL and natural for some. Users will need training to reason about
ticipants had difficulty with. In one case, a lookup method
DARPA under agreement what typestate can do, but tools could mitigate the problem
took an object to search for, but P18 specified that it should
#FA8750-16-2-0042. Any by providing sophisticated static analyses rather than tak-
take an owned reference. Then he was stuck after invoking
opinions, findings, and con- ing a traditional typechecking approach, and by providing
it: “How can I get the annotation back?” Likewise P18 was
clusions or recommendations detailed, explanatory error messages.
confused by accessors: should they return an owned ref-
expressed in this material are
erence? In P20’s case, making a class that was contained
those of the authors and do Conclusions
in a collection @Owned unnecessarily was a costly mistake
not necessarily reflect the Obsidian represents a promising approach toward a safer,
because then he had a problem iterating through the collec-
views of the sponsors. more usable way of programming for blockchains. Though
tion. He made the loop index @Owned, which would require
the computational environment for code running in block-
Figure 1: Obsidian Language Example chain is mostly traditional (e.g. serial, shared-state), the
high-stakes and other aspects of the application domains
1 contract Wallet { offer promising opportunities for a much better program-
2 state HasMoney { ming language than is currently in use. Our user-centered
Language Modifications
3 owned Money m ; design approach is a novel way of designing programming
We modified the language as
4 transaction forgetMoney1 (); languages and has provided useful insight into how to make
a result of the user studies. 5 transaction forgetMoney2 (); sophisticated safety-related features more usable and effec-
The example in Fig. 1 shows 6 } tive for programmers.
a version after the changes: 7 state NoMoney {
8 transaction getMoney ( owned Money m );
• Transactions (the REFERENCES
9 };
externally-invokable 1. Jonathan Aldrich, Joshua Sunshine, Darpan Saini, and
10 Wallet () ends in NoMoney {
APIs) are lexically out- 11 -> NoMoney ; Zachary Sparks. Typestate-oriented Programming. In
side states, but the IDE 12 } Proceedings of the 24th ACM SIGPLAN Conference
automatically inserts 13 transaction getMoney ( owned Money m ) Companion on Object Oriented Programming Systems
declarations in states 14 available in NoMoney ends in HasMoney { Languages and Applications (OOPSLA ’09).
(lines 4-5, 8) 15 HasMoney :: m = owned m ; 1015–1022. DOI:
16 -> HasMoney ; http://dx.doi.org/10.1145/1639950.1640073
• Destination states can 17 }
be configured before 18 transaction forgetMoney1 () 2. Michael Coblenz, Whitney Nelson, Jonathan Aldrich,
transitions: S::x = 19 available in HasMoney ends in NoMoney { Brad Myers, and Joshua Sunshine. 2017. Glacier:
r1; ->S (15) 20 disown m ; Transitive Class Immutability for Java. In Proceedings
21 // transition returns no resources of the 39th International Conference on Software
• Transitions can return 22 // because they have been disowned Engineering (ICSE ’17).
resources: r1 = ->S 23 -> NoMoney ;
24 } 3. Luke Graham. 2017. $32 million worth of digital
(28)
25 transaction forgetMoney2 () currency ether stolen by hackers. (2017). Retrieved
• Explicit owned syntax 26 available in HasMoney ends in NoMoney { November 2, 2017 from http://cnb.cx/2DVcWDu
for ownership transfer 27 // resources returned from transition
4. Emin Gün Sirer. 2016. Thoughts on The DAO Hack.
at assignment/invoca- 28 owned Money oldMoney = -> NoMoney ;
29 disown oldMoney ; (2016). http://hackingdistributed.com/2016/06/17/
tion (15, 34) thoughts-on-the-dao-hack/
30 }
• Keyword for dropping 31 } 5. IBM. 2017. Blockchain for supply chain. (2017).
ownership: disown 32 contract Test {
Retrieved October 31, 2017 from
(20) 33 transaction putAndGetMoney ()
https://www.ibm.com/blockchain/supply-chain/
34 available in NoMoney {
• Compiler infers type- 35 owned Money m = ... 6. MIT Digital Currency Initiative. 2017. Blockchain
state via a control flow 36 Wallet w = new Wallet (); Applications to Solar Panel Energy: Landscape
analysis when possible 37 w . putMoney ( owned m );
38 }
(36)
39 }
Analysis. (2017). Retrieved October 31, 2017 from 12. Terrence W. Pratt and Marvin V. Zelkowitz. 1996.
http://dci.mit.edu/assets/papers/15.998_solar.pdf Programming Languages: Design and Implementation.
Pearson.
7. J. F. Kelley. 1983. An Empirical Methodology for Writing
User-friendly Natural Language Computer Applications. 13. Mitchel Resnick, John Maloney, Andrés
In Proceedings of the SIGCHI Conference on Human Monroy-Hernández, Natalie Rusk, Evelyn Eastmond,
Factors in Computing Systems (CHI ’83). ACM, New Karen Brennan, Amon Millner, Eric Rosenbaum, Jay
York, NY, USA, 193–196. DOI: Silver, Brian Silverman, and others. 2009. Scratch:
http://dx.doi.org/10.1145/800045.801609 programming for all. Commun. ACM 52, 11 (2009),
60–67.
8. Andrew J Ko and Brad A Myers. 2004. Designing the
Whyline: a Debugging Interface for Asking Questions 14. Harvard Business Review. 2017. The Potential for
about Program Behavior. In Proceedings of the SIGCHI Blockchain to Transform Electronic Health Records.
Conference on Human Factors in Computing Systems. (2017). https:
ACM, 151–158. //hbr.org/2017/03/the-potential-for-blockchain-
to-transform-electronic-health-records.
9. Andrew J. Ko, Brad A. Myers, Michael J. Coblenz, and
Htet Htet Aung. 2006. An Exploratory Study of How 15. Robert W. Sebesta. 2006. Concepts of Programming
Developers Seek, Relate, and Collect Relevant Languages, Seventh Edition. Addison Wesley.
Information During Software Maintenance Tasks. IEEE 16. Andreas Stefik and Stefan Hanenberg. 2014. The
Trans. Softw. Eng. 32, 12 (Dec. 2006), 971–987. DOI: Programming Language Wars: Questions and
http://dx.doi.org/10.1109/TSE.2006.116 Responsibilities for the Programming Language
10. B. A. Myers, A. J. Ko, T. D. LaToza, and Y. Yoon. 2016. Community. In Proceedings of the 2014 ACM
Programmers Are Users Too: Human-Centered International Symposium on New Ideas, New
Methods for Improving Programming Tools. Computer Paradigms, and Reflections on Programming &
49, 7 (July 2016), 44–52. DOI: Software (Onward! 2014). ACM, New York, NY, USA,
http://dx.doi.org/10.1109/MC.2016.200 283–299. DOI:
http://dx.doi.org/10.1145/2661136.2661156
11. Brad A. Myers, John F. Pane, and Andy Ko. 2004.
Natural Programming Languages and Environments. 17. Nick Szabo. 1997. Formalizing and Securing
Commun. ACM 47 (2004), 47–52. Issue 9. Relationships on Public Networks. First Monday 2, 9
(1997). DOI:http://dx.doi.org/10.5210/fm.v2i9.548