- Published on
Web3 Programming Language Design
- Authors
- Name
- Frank
Exploring Programming Languages for Blockchain: Insights, Trends, and Challenges
Sam Blackshear, a programming language specialist, shared fascinating insights into blockchain languages on a recent podcast. This article explores his thoughts on language evolution, bad patterns, and future directions in blockchain programming.
Cross-Platform Languages and Move
Sam discussed Move, a language designed for multiple blockchains, aiming to be the "WASM for smart contracts." Move avoids Ethereum-specific constraints, making it cross-platform, like how SQL became a universal database language. Solidity dominates blockchain but Move's agnostic design could unify diverse blockchain environments, opening new possibilities for Web3.
Trends in Language Design: Static vs. Dynamic Typing
Early on, dynamic typing in languages like JavaScript enabled quick iteration, while today, static typing provides safety and predictability. This shift suits smart contracts where compile-time checks can identify vulnerabilities before deployment. Rust's static typing, for instance, combines security and performance, appealing to backend developers who prioritize robust, error-free code.
Smart Contracts: Security and Environment Constraints
Smart contracts bring unique security challenges. Solidity, the most used language for Ethereum, requires developers to understand gas costs and resource management. Sam pointed out that smart contracts must be flexible initially, then secured with strict types. Security is crucial as these contracts run in adversarial environments. They need protections against copying, deletion, and unauthorized access—demands rarely seen outside blockchain.
Bad Patterns in Programming Languages: Lessons from the Idea Maze
Sam Blackshear and his colleagues explored the evolution of programming languages, identifying both productive and problematic patterns that emerged over time. Here's a look at some of these patterns and the lessons they've provided:
The Influence of Imperative and Functional Languages
Programming languages have historically followed two major paradigms: imperative and functional. Imperative languages, like C and Java, rely on a sequence of commands that alter the program state, making them suitable for explicit, step-by-step processes. However, this approach can lead to complex, hard-to-maintain code as the program grows, especially in environments like blockchain where predictability and security are critical.
In contrast, functional programming focuses on immutable data and declarative structures, as seen in languages like Haskell. This approach minimizes side effects, offering safer code that's easier to reason about. While functional languages have seen niche adoption, they inspire hybrid languages like Rust, which blend both paradigms. Rust's approach to resource management and memory safety highlights the strengths of both imperative and functional styles, showing how a balanced mix can lead to more robust and predictable code.
The Long Shadow of C and Standard ML
The journey through programming history reveals that languages like C and Standard ML, both born in the late 1970s, have left a significant legacy. Standard ML, for instance, has influenced modern languages such as OCaml, Rust, and Move. Despite being lesser-known, its impact is evident in how these languages handle types, memory, and concurrency. C, meanwhile, defined a low-level, imperative approach that has influenced countless languages but also introduced pitfalls related to manual memory management and pointer arithmetic, which often lead to vulnerabilities.
Common Pitfalls and Language Trade-offs
Over-Reliance on Dynamic Dispatch: In blockchain, dynamic dispatch—the practice of determining function calls at runtime—can be dangerous. While traditional programming often uses dynamic dispatch for flexibility, blockchain requires predictability. The “blank check” effect of dynamic dispatch allows attackers to manipulate functions in unforeseen ways, leading to vulnerabilities like re-entrancy attacks in Ethereum. Instead, capabilities like those in Move, which restrict behaviors based on explicit type definitions, offer safer alternatives.
Misuse of Interfaces: Many languages use interfaces to define expected behaviors, but interfaces alone do not guarantee actual behaviors. This is especially problematic in blockchain, where smart contracts can be exploited if an interface is improperly implemented. Blackshear mentioned that in “a world where code is law, interfaces are a crime,” because they provide only an intended contract, not an enforceable one. With no guarantee on behavior, interfaces may open doors to exploits, such as poison tokens where attackers override critical functions like
transfer
.Inflexible Type Systems: A rigid type system can limit a language's adaptability, but excessive flexibility can introduce security risks. In blockchain, a well-designed type system is essential for preventing unauthorized copying, dropping, or misuse of data. Languages like Move enforce rules on these operations, making it explicit when a type can be copied, discarded, or stored globally. For instance, a struct in Move without the “hasCopy” trait cannot be duplicated, preventing unauthorized token replication.
Learning from History to Build Safer Languages
The podcast discussed how historical language patterns shaped the landscape but often failed to consider security needs as critical as those in blockchain. These lessons are now guiding the development of newer languages that prioritize safety at both the language and VM levels, reducing the burden on developers to manage intricate security details. By reflecting on these past patterns, the language design community can avoid repeating mistakes, leading to safer and more reliable programming environments for blockchain and beyond.
Innovations at the Virtual Machine Level
Blockchain innovations extend beyond language syntax to the VM layer. The EVM shapes Ethereum's ecosystem but slowly adapts to new needs. Move provides bytecode-level protections, with explicit rules against unauthorized operations like data copying and dropping. This ensures security even if source languages lack enforcement capabilities.
Emerging Languages and the Future of Smart Contracts
While Solidity remains the go-to, new languages like Vyper and Move offer enhanced protections. Vyper, a Python-inspired language, targets simplicity and security, but as a newer language, it still faces stability challenges. Move, however, integrates security at the VM level, protecting bytecode as well as source code, providing a secure framework for blockchain.
Cross-Platform Flexibility and Resource Management
Blockchain languages tend to be tied to specific platforms, limiting adaptability. Move's platform-neutral design enables it to operate across blockchains, avoiding Ethereum-centric constraints and enhancing cross-chain utility. Resource management remains critical—Ethereum's gas metering demands fine-grained control, but trends suggest a shift towards coarser metering that allows developers to focus on meaningful optimizations over minor resource tweaks.
Tooling and Formal Verification
With security at the forefront, blockchain tooling extends to formal verification, which rigorously proves program correctness. Though complex, this approach validates smart contracts under all conditions. Fuzzing serves as a less rigorous but practical method for testing contracts with random inputs to uncover vulnerabilities.
A Shift in Developer Mindset
Blockchain development demands an adversarial mindset, where bugs can't simply be patched. Developers must foresee potential exploits and craft flawless code from the outset. Traditional programming can limit access to APIs, but smart contracts must safely interact with public functions, often in transparent and immutable ways. The security stakes are high, with hacks all too common in the space. As such, blockchain languages are evolving to offer developers the tools they need to protect against these attacks, setting the stage for more secure blockchain development.