1,720,981 research outputs found
Smart Contract Testing: Challenges and Opportunities
No full textBlockchain technologies have found important and concrete applications in the real world. Active solutions leverage Smart Contracts for the management of cryptocurrencies, sensitive data, and other valuable assets. One of the core objectives of blockchain-oriented software engineering (BOSE) is ensuring that Smart Contracts receive adequate pre-release testing to guarantee the deployment of reliable code. However, the novelty and the complexity of the blockchain environment pose new challenges to the validation and verification of Smart Contract based software. In this paper, we analyze the aforementioned challenges to foster the discussion on the specific topic of Smart Contract testing and identify relevant research directions
ChorSSI: A BPMN-Based Execution Framework for Self-Sovereign Identity Systems on Blockchain
No full textThe digital age has made identity a crucial aspect of online activities due to our increasing reliance on digital platforms. This has led to the development of different identity management systems, relying on centralised infrastructures but exposed to security vulnerabilities. Self-Sovereign Identity (SSI) is a promising alternative, as it allows individuals to control their personal data and securely share it with others without relying on a central authority. However, developing such systems and executing the related operations is complex and challenging, especially for non-expert users. To simplify the development process, we propose ChorSSI, a BPMN-based framework that supports the modelling of an SSI system and the execution of the related interactions. The design relies on BPMN choreography diagrams, permitting the representation of SSI interactions between parties in a distributed manner. The proposed framework was implemented and tested over the real Chromaway property transaction case study
ReSuMo: Regression Mutation Testing for Solidity Smart Contracts
No full textMutation testing is a powerful test adequacy assessment technique that can guarantee the deployment of more reliable Smart Contract code. Developers add new features, fix bugs, and refactor modern distributed applications at a quick pace, thus they must perform continuous re-testing to ensure that the project evolution does not break existing functionalities. However, regularly re-running the entire test suite can be time intensive, especially when mutation testing is involved. This paper presents ReSuMo, the first regression mutation testing approach and tool for Solidity Smart Contracts. ReSuMo uses a static, file-level technique to select a subset of Smart Contracts to mutate and a subset of test files to re-run during a regression mutation testing campaign. ReSuMo incrementally updates the mutation testing results considering the outcomes of the old program version; in this way, it can speed up mutation testing on evolving projects without compromising the mutation score
Enhanced mutation testing of smart contracts in support of code inspection
No full textSmart contracts hold the potential to revolutionize various industries, but their implementation requires thorough testing due to the associated financial risks. Mutation testing is a powerful technique that can boost the fault-detection capabilities of a test suite, but it can also foster a deeper understanding of smart contract behavior. This work investigates the productivity of mutants with respect to their capabilities in disclosing Solidity issues. Based on these findings, it proposes an enhanced mutation strategy to better assist smart contract auditors during code inspection activities. 9 novel mutation operators are introduced in this paper and 13 existing operators are improved. The results show a 30 % reduction in the number of generated mutants and time savings of 62 %, while increasing the set of productive mutants related to issues by 43 % overall. We note that the most valuable type of mutants that could help disclose an issue as a result of manual mutant inspection was increased by 125 %
A Data Extraction Methodology for Ethereum Smart Contracts
Full text linkThe broader adoption of blockchain for creating decentralised applications has raised interest in employing analysis techniques to support continuous improvement. Data extraction is crucial in this context, as it permits a better understanding of how applications behave. However, due to the variety of data sources (e.g., transactions and events) and the characterisation of the blockchain structure, several challenges arise in automatically extracting data. In particular, retrieving smart contract state changes remains unexplored despite its potential usage for discovering unexpected behaviour. For such reasons, this work proposes a methodology and a supporting tool for extracting data from smart contract executions and state changes. The obtained data is then offered in a way that can be easily converted to purpose-specific standards. The methodology was tested on the PancakeSwap Ethereum bridge smart contract
TLV-dissγ : A Dissimilarity Measure for Public Administration Process Logs
Full text linkEvery day Public Administrations (PA) provide citizens with plenty of services. Due to different factors, such as the involvement of different human resources or the will to deliver lean and versatile services, the same service can show some variability across different organizations. Log files contain the proof of PA process’ variability thus, being able to analyze logs, can be very helpful both for the PA, in order to establish good practices or contextual rules, as well as for the software house companies that need to analyse and to better customize the software they provide. In this paper, we present a methodology that, using log files as inputs, and based on the so-called TLV-dissγ, a parametric dissimilarity measure, allows a data analyst to perform a cluster analysis. This methodology helps both PA and software producers to better understand how services are delivered through informative systems and then to better customize them. We show that our methodology can be used to capture the differences in control flow and components resulting from the log files, and then to better reason on the delivery of public services
Managing Variability of Large Public Administration Event Log Collections: Dealing with Concept Drift
No full textThe analysis of large event log collections aimed at variability management requires an intensive pre-processing phase. It is intuitive that obsolete behaviour that could be present in the logs must be removed in order to gain insight into the collection. Changes in the information system may indeed generate obsolete behaviour, more specifically, in the case of public administration, changes in the law may imply a change in the process, which must be updated in the information system. The logs containing the updated behaviour can then be used in variability management practices, such as the creation of configurable models. This type of analysis has numerous criticalities, one of which is the difficulty of obtaining an effective representation of the process, without running into excessive complexity of the model produced. Obsolete behavior results in an unnecessary increase in complexity and should therefore be removed. This paper introduces an event log analysis and visualisation technique based on the notion of complexity introduced by Lempel Ziv. The visualization enables process analysts to identify concept drift in the logs, thereby facilitating the removal of outdated behavior. Furthermore, when equilibrium is achieved, it indicates that the behavior is representative of the entire log. Consequently, during variability analysis, it becomes possible to prune the log, reducing computational complexity
CATANA: Replay Testing for the Ethereum Blockchain
No full textBlockchain technology is increasingly being adopted in various domains where the immutability of recorded information can foster trust among stakeholders. However, upgradeability mechanisms such as the proxy pattern permit modifying the terms encoded by a Smart Contract even after its deployment. Ensuring that such changes do not impact previous users is of paramount importance. This paper introduces CATANA, a replay testing approach for proxy-based Ethereum applications. Experiments conducted on real-world projects demonstrate the viability of using the public history of transactions to evaluate new versions of a deployed contract and perform more reliable upgrades
Well-structuredness, safeness and soundness: A formal classification of BPMN collaborations
No full textThe BPMN standard has a huge uptake in modelling business processes within the same organisation or collaborations involving multiple interacting participants. It is widely accepted by the Business Process Management community that a solid formal framework for the notation can help designers to properly understand their BPMN models as well as to state and verify model properties. With this aim in mind, we provide a formal characterisation of BPMN collaborations and some of the most significant correctness properties in the business process domain; namely, well-structuredness, safeness and soundness. We exploit this formalisation to classify BPMN models according to the properties they satisfy and their compositionality, resulting in a systematic study that gives evidence of expected results, closes conjectures and provides novel results. An experimentation to assess the impact of the considered properties on the practice of modelling is carried out on the BPMN models available in a public and populated repository
- …
