46
47

Why Turing-complete smart contracts are doomed: "Kurt Gödel and Alan Turing both posed the same question: 'Can we find a universal procedure to prove that a mathematical theory is true or false?' They each, in their own way, answered 'NO': there exist some mathematical truths that cannot be proven." (self.btc)

ydtm 投稿

Summary:

(1) Turing-complete languages are fundamentally inappropriate for writing "smart contracts" - because such languages are inherently undecidable, which makes it impossible to know what a "smart contract" will do before running it.

(2) We should learn from Wall Street's existing DSLs (domain-specific languages) for financial products and smart contracts, based on declarative and functional languages such as Ocaml and Haskell - instead of doing what the Web 2.0 "brogrammers" behind Solidity did, and what Peter Todd is also apparently embarking upon: ie, ignoring the lessons that Wall Street has already learned, and "reinventing the wheel", using less-suitable languages such as C++ and JavaScript-like languages (Solidity), simply because they seem "easier" for the "masses" to use.

(3) We should also consider using specification languages (to say what a contract does) along with implementation languages (saying how it should do it) - because specifications are higher-level and easier for people to read than implementations which are lower-level meant for machines to run - and also because ecosystems of specification/implementation language pairs (such as Coq/Ocaml) support formal reasoning and verification tools which could be used to mathematically prove that a smart contract's implementation is "correct" (ie, it satisfies its specification) before even running it.

Details:

http://www.otherpress.com/features/alan-turing-kurt-godel-two-asymptotic-destinies/

https://duckduckgo.com/?q=turing+g%C3%B6del+undecidability&ia=web

https://duckduckgo.com/?q=turing+g%C3%B6del+incompleteness&ia=web

https://duckduckgo.com/?q=%22turing+complete%22+%22g%C3%B6del+incompleteness%22&ia=web

When I have more time later, I will hopefully be able to write up a more gentle introduction on all this stuff, providing more explanations, motivations, and examples for laypersons who are interested in getting a feel for the deep subtle mathematical implications at play here in these emerging "language design wars" around recent proposals to add "smart contracts" to cryptocurrencies.

Right now I'm just providing this quick heads-up / reminder / warning, alluded to in the title of the OP, with some more pointers to the literature in the links above.

People who already do have a deep understanding of mathematics and its history will get the message right away - by recalling the crisis in the foundations of mathematics which occurred in the early 1900s, involving concepts like Russell's paradox, Gödel's incompleteness theorem, undecidability, Turing completeness, etc.

Turing-complete languages lead to "undecidable" programs (ie, you cannot figure out what you do until after you run them)

One hint: recall that Gödel's incompleteness theorem proved that any mathematical system which is (Turing)-complete, must also be inconsistent - that is, in any such system, it must be possible to formulate propositions which are undecidable within that system.

This is related to things like the Halting Problem.

And by the way, Ethereum's concept of "gas" is not a real solution to the Halting Problem: Yes, running out of "gas" means that the machine will "stop" eventually, but this naïve approach does not overcome the more fundamental problems regarding undecidability of programs written using a Turing-complete language.

The take-away is that:

When using any Turing-complete language, it will always be possible for someone (eg, the DAO hacker, or some crook like Bernie Madoff, or some well-meaning but clueless dev from slock.it) to formulate a "smart contract" whose meaning cannot be determined in advance by merely inspecting the code: ie, it will always be possible to write a smart contract whose meaning can only be determined after running the code.

Take a moment to contemplate the full, deep (and horrifying) implications of all this.

Some of the greatest mathematicians and computer scientists of the 20th century already discovered and definitively proved (much to the consternation most of their less-sophisticated (naïve) colleagues - who nevertheless eventually were forced to come around and begrudgingly agree with them) that:

  • Given a "smart contract" written in a Turing-complete language...

  • it is impossible to determine the semantics / behavior of that "smart contract" in advance, by mere inspection - either by a human, or even by a machine such as a theorem prover or formal reasoning tool (because such tools unfortunately only work on more-restricted languages, not on Turing-complete languages - for info on such more-restricted languages, see further below on "constructivism" and "intuitionistic logic").

The horrifying conclusion is that:

  • the only way to determine the semantics / behavior of a "smart contract" is "after-the-fact" - ie, by actually running it on some machine (eg, the notorious EVM) - and waiting to see what happens (eg, waiting for a hacker to "steal" tens of millions of dollars - simply because he understood the semantics / behavior of the code better than the developers did.

This all is based on a very, very deep result of mathematics (Gödel's Incompleteness Theorem, as referenced in some of the links above) - which even many mathematicians themselves had a hard time understanding and accepting.

And it is also very, very common for programmers to not understand or accept this deep mathematical result.

Most programmers do not understand the implications of Gödel's incompleteness theorem on Turing-complete languages

As a mathematician first, and a programmer second, I can confirm from my own experience that most programmers do not understand this important mathematical history at all, and its implications - it is simply too subtle or too foreign for them to grasp.

Their understanding of computing is childish, naïve, and simplistic.

They simply view a computer as a marvelous machine which can execute a sequence of instructions in some language (and please note that, for them, that language usually happens to simply "come with" the machine, so they unquestionably accept whatever language that happens to be - ie, they almost never dive deeper into the subtle concepts of "language design" itself - a specialized area of theoretical computer science which few of them ever think about).

Paradigms lost

As we've seen, time after time, this failure of most programmers contemplate the deeper implications of "language design" has has led to the familiar litany of disasters and "learning experiences" where programmers have slowly abandoned one "programming paradigm" and moved on to the next, after learning (through bitter experience) certain hard facts and unpleasant, non-intuitive realities which initially escaped their attention when they were simply enjoying the naïve thrill of programming - such as the following:

  • GO TO is considered harmful;

  • TRY / CATCH / THROW constructs are considered harmful (they're not much better than GO TO in terms of program control flow);

  • callbacks in languages like node.js are considered harmful (they result in unreadable spaghetti code, which is totally obviated in more advanced functional languages with monads);

  • destructive update / assignment is considered harmful (when compared with immutable data structures - which are by the way essential for parallelism - and we should remember that any cryptocurrency runtime environment will by definition be parallel);

  • the procedural / imperative paradigm is considered harmful (when compared with the declarative paradigm);

  • even the object-oriented paradigm is starting to be considered harmful (when compared with the pure functional paradigm): this is where many programmers are today, going through the "epiphany" of moving away from object-oriented languages like C++ or Java, to languages incorporating functional aspects like C# or Scala, or languages which are even more functional such as Haskell, ML, or OCaml;

  • more advanced programmers are even starting see that it is considered harmful to not initially write (or, just as bad, to never even get around to writing after the fact) a specification stating "what" a program is supposed to do, before proceeding to write (or semi-automatically derive) an implementation stating "how" it should do it (cough, cough - see the "Bitcoin reference implementation" in the low-level C++ language, with which all other implementations are expected to be "100% bug compatible": this is an utter abomination and disgrace, to expect the "worldwide ledger" to run on a system which no carefully designed human-readable specification - merely an increasingly spaghetti-code-like implementation which can only be parsed by the inner priesthood of pinheads at Core/Blockstream - and trust me, this is one "worse is better" situation which they're perfectly comfortable with, because it simply cements their power even further by discouraging the rest of us from examining "their" code and contributing to "their" project) - and by the way, the Curry-Howard Isomorphism tells us that providing an implementation without a specification would be just as bad / ridiculous / meaningless / pointless as (ie, it is mathematically equivalent / isomorphic to) stating a proof without stating the theorem that is being proved.

Today, in cryptocurrencies, we are seeing this sad history repeat itself, with plenty of examples of programmers who don't understand these subtle concepts involving the foundations of mathematics - specifically, the mathematical fact (Gödel's Incompleteness Theorem) that any logical system or language which is "powerful" enough to be "Turing complete" must also be inconsistent.

The naïve Ethereum people think they've cleverly sidestepped this with the notion of "gas" but actually all they're doing is cheating with this messy kludge: because simply saying "we'll arbitrarily make the program stop running at some point" does not make "smart contracts" written in Ethereum "decidable" - as we've seen, these contracts can still blow up / go wrong in other ways before they run out of gas.

Peter Todd /u/petertodd might also be an example of this confusion (given his history, my hunch is that he probably is - but I haven't had time to do a thorough investigation yet) - with his recent post proposing smart contracts in Bitcoin based on the lambda calculus.

Basically, the only way to avoid falling into the "Turing tar-pit" of confusing and misleading semantics / behavior and undecidability will be to use slightly more restricted languages which are carefully designed / selected to not be Turing-complete.

There are plenty of non-Turing-complete lanaguages available to learn from.

One possibility would be to consider languages which are based on intuitionistic logic / constructivism / Martin-Löf's Type theory / Heyting Logic - which is similar to classical Boolean logic except that Heyting Logic rejects the Law of the Excluded Middle.

What all these "schools of mathematics" have in common is a more restricted and more concrete notion of "proof", supporting a safer mode of computation, where something is considered "proven" or "true" only if you can provide concrete evidence.

By the way, the word "witness" in "Segregated Witness" - meaning a proof that has been constructed, to "witness" the truth of a proposition, or the validity of a block - comes from the realm of constructivism in mathematics.

These languages are somewhat more restricted than Turing-complete languages, but they are still quite expressive and efficient enough to specify nearly any sort of financial rules or "smart contracts" which we might desire.

In fact, the notion "smart contracts" is actually not new at all, and a lot of related work has already been done in this area - and, interestingly, it is based mostly on the kinds of "functional languages" which most of the developers at Core/Blockstream, and at slock.it, are not familiar with (since they are trapped in the imperative paradigm of less-safe procedural languages such as C++ and JavaScript):

Wall Street is already writing DSLs for "smart contracts" - mostly using functional languages

Check out the many, many languages for smart contracts already being used major financial firms, and notice how most of them are functional (based on Ocaml and Haskell), and not procedural (like C++ and JavaScript):

http://dslfin.org/resources.html

https://stackoverflow.com/questions/23448/dsl-in-finance

The lesson to learn here is simple: Just because we are storing our data on a blockchain and running our code on a permissionless distributed network, does not mean that we should ignore the rich, successful history of existing related work on designing financial products and "smart contracts" which has already been happening on Wall Street using functional languages.

In fact, if we want to run "smart contracts" on a permissionless distributed concurrent parallel network (rather than on a centralized system), then it actually becomes even more important to use functional and declarative paradigms and immutable data structures supported by languages like Ocaml and Haskell, and avoid the imperative and procedural paradigms involving mutable data structures, which are almost impossible to get right in a distributed concurrent parallel architecture. (See the video "The Future is Parallel, and the Future of Parallel is Declarative" for an excellent 1-hour explanation of this).

Only non-Turing-complete languages support formal reasoning and verification

Basically, a language which is not Turing complete, but is instead based on the slightly more restricted "Intuitionistic Logic" or "Constructivism", satisfies an important property where it is possible to do "formal reasoning and verification" about any program written in that language.

This is what we need when dealing with financial products and smart contracts: we need to be able to know in advance "what" the program does (ie, before running it) - which can be done using tools such as formal reasoning and verification and "correctness proofs" (which are not applicable to Turing-complete languages).

Turing-complete languages for "smart contracts" are needlessly dangerous because you can't figure out in advance what they do

As the "language design wars" around cryptocurrencies and "smart contracts" begin to heat up, we must always insist on using only non-Turing-complete languages which enable us to use the tools of formal reasoning and verification to mathematically prove in advance that a "smart contract" program actually does "what" it is supposed to do.

Separating specification from implementation is essential for proving correctness

A specification stating "what the smart contract does" should ideally be spelled out separately from the implementation stating "how" it should do it.

In other words, a high-level, more compact & human-readable specification language can be used to mathematically (and in many cases (semi-)automatically) derive (and formally verify - ie, provide a mathematical correctness proof for) the low-level, hard-to-read machine-runnable program in an implementation language, which tell them machine "how the smart contract does what it does".

A simple list of "language design" requirements for smart contracts

The following considerations are important for ensuring safety of smart contracts:

So, the requirements for languages for smart contracts should include:

(1) Our language should be non-Turing complete - ie, it should be based instead on "Intuititionistic Logic" / "Constructivism";

(2) We should favor declarative languages (and also things like immutable data structures) - because these are the easiest to run on parallel architectures.

(3) Our toolbox should support formal reasoning and verification, allowing us to mathematically prove that a low-level machine-runnable implementation satisfies its high-level, human-readable specification before we actually run it

Some YouTube videos for further study

There's a video discussing how declarative languages with immutable data structures (such as Haskell, which is pure functional) are a nice "fit" for parallel programming:

The Future is Parallel, and the Future of Parallel is Declarative

https://www.youtube.com/watch?v=hlyQjK1qjw8

There's also some videos about how Jane Street Capital has been successfully using the language OCaml (which includes functional, object-oriented, and imperative paradigms) to develop financial products:

Why OCaml

https://www.youtube.com/watch?v=v1CmGbOGb2I

Caml Trading

https://www.youtube.com/watch?v=hKcOkWzj0_s

Lessons from history

When I see Peter Todd writing a blog post where he embarks on informally specifying a new language for "smart contracts for Bitcoin" based on lambda calculus, it makes me shudder and recollect Greenspun's Tenth Rule, which states:

Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp.

Only now, it looks like Peter Todd is going to try to single-handedly re-implement languages like Ocaml and Haskell, and then try to build the same financial DSLs (domain-specific languages) which Wall Street already built on them.

I think a much better approach would be to look show a bit more humility, and a little less of the "NIH" (not invented here) syndrome, and see what we can learn from the vast amount of existing work in this area - specifically, the DSLs (domain-specific languages) which Wall Street is already using with great success for automating financial products and smart contracts:

http://dslfin.org/resources.html

https://stackoverflow.com/questions/23448/dsl-in-finance

And remember, most of that existing work involving DSLs for financial products and smart contracts was done on top of functional languages like Ocaml and Haskell - it was not done on top of imperative languages like C++ and JavaScript (and Solidity, which is "JavaScript-like" in many ways).

There are reasons for this - and any so-called dev who ignores that vast body of existing, related work is simply a victim of too much ego and too little awareness of the fin-tech giants who have gone before him.

I'm sure Peter Todd is having a wonderful time being geek with all this - and the hordes of suck-ups and wanna-be's who slavishly worship the C++ pinheads at Core/Blockstream will be duly impressed by all his pseudo-mathematical mumbo-jumbo - but this is mere mental masturbation, if it ignores the major amount of related work that's already been done in this area.

Smart contracts for cryptocurrencies should use Wall Street's existing DSLs financial contracts written in Ocaml and Haskell as a starting point. Eventually maybe we could also even use a language like Coq for writing specifications, and proving that the implementations satisfy the specifications. Any so-called "dev" who fails to acknowledge this previous work is simply not serious.

Ignorance is bliss, and cock-sure Peter Todd is probably merely embarking on a futile mission of hubris by trying to create all this stuff from scratch based on his limited experience as a hacker gamer coder coming from the procedural / imperative paradigm, apparently unaware of the decades of related work which have shown that doing provably correct parallel programming is a gargantuan arduous challenge which may very well turn out to be insurmountable at this time.**

Lord help us if this immature, ignorant vandal who wants Bitcoin to fail takes the ignorant followers of r\bitcoin and Core down the path of these so-called "smart contracts" - reinventing decades of work already done on Wall Street and academia using Haskell and Ocaml, as they screw around with "easier" languages based on C++ and JavaScript.

Further reading

For more discussion about the emerging "language design wars" around the idea of possibly adding "smart contracts" to cryptocurrencies, here are some recent links from Reddit:

The bug which the "DAO hacker" exploited was not "merely in the DAO itself" (ie, separate from Ethereum). The bug was in Ethereum's language design itself (Solidity / EVM - Ethereum Virtual Machine) - shown by the "recursive call bug discovery" divulged (and dismissed) on slock.it last week.

https://np.reddit.com/r/btc/comments/4op2es/the_bug_which_the_dao_hacker_exploited_was_not/

https://np.reddit.com/r/ethereum/comments/4opjov/the_bug_which_the_dao_hacker_exploited_was_not/

Can we please never again put 100m in a contract without formal correctness proofs?

https://np.reddit.com/r/ethereum/comments/4oimok/can_we_please_never_again_put_100m_in_a_contract/

Would the smart formal methods people here mind chiming in with some calm advice on this thread?

https://np.reddit.com/r/haskell/comments/4ois15/would_the_smart_formal_methods_people_here_mind/

全 67 件のコメント
並べ替え:
ベスト
トップ新着論争中古い順Q&A

[–]RoboTeddy 33ポイント34ポイント  (7子コメント)

Just because we can write programs whose behavior we cannot prove ahead of time, it doesn't mean we're required to. If a contract author decided to, they could limit themselves to writing programs that they can prove things about. Doing so might make it easier to get people to adopt the contract!

I don't see a particular reason to hamstring the virtual machine-- and even if we did, we'd still need to scrutinize contracts extremely carefully.

[–]jeanduluoz 12ポイント13ポイント  (0子コメント)

Seriously. This witch hunt throughout the ethereum community is over smart contract risks? That smart contracts somehow doom a platform? All sorts of crazy sky-is-falling hyperbole in the wake of this DAO crash.

Smart contracts are fucking amazing and just a fundamental data structure that is inherent in the blockchain. Of course the DAO was a risky investment - it was a fucking terrible and perhaps unenforceable contract that those guys bought into. But didbthe south sea bubble of 1720 end colonial commercialization? Did Mt gox ruin the market for bitcoin? Did the Dao demonstrate that smart contracts are broken? No, no, and no. There are bad investments across the forefront of innovation and exploration.

In the near future will develop a best practices methodology and structure for making and using smart contracts. People will look at the code we've written today and laugh at how stupid it was. But the community is moving forward.

Out of all the things that are fucked up around the bitcoin community right now, and this is what we choose to argue about? Smart contracts should be a slam dunk opportunity everyone (at least on r/btc) can agree on. There are much more severe matters at the moment to begin a smart contract inquisition.

Edit: as another redditor noted, a final point - the fear over Turing-complete languages in smart contracts has not yet dissuaded us from using a Turing complete language (C++) to build the bitcoin blockchain itself.

[–]throughnothing 2ポイント3ポイント  (0子コメント)

But a lot of the value is calling to other contracts. If we have guarantees that all contracts abide by those rules, we can be much more confident and do many more things.

[–]Zyoman 4ポイント5ポイント  (0子コメント)

the problem with that is that as a client you will never know if the contract the other has written doesn't contains a hidden part. The DAO was written by the expert and was review by the expert and they didn't found out. What are the chance that I would pick it up?

[–]deadalnix 1ポイント2ポイント  (0子コメント)

Especially since ether is not actually turing complete in the mathematical sense because of gaz. So you can prove a ton of things.

[–]ydtm[S] 2ポイント3ポイント  (1子コメント)

Ok, well basically you're saying that there could be guidelines warning the programmers to not use certain constructs which could lead to programs which can't be verified before running.

On the other hand, it would seem better to bake these guidelines into the language itself - rather than presenting them outside the language, where the programmer might ignore them.

Regarding the virtual machine - we don't have to hamstring it. But again, if the language running on top of it could be guaranteed to not produce certain undesirable results, then that would be a good safety feature, so that the mere fact of a contract being written in that language could serve as some kind of guarantee to investors that certain kinds of bugs in the contract can never occur (eg, the recursion bug which Solidity allows - and which other languages based on CPS - continuation passing style - would not allow).

People working on other systems - such as Tezos, which generalizes Bitcoin and Ethereum - know about CPS:

https://en.wikipedia.org/wiki/Continuation-passing_style

https://twitter.com/ArthurB/status/744923572116742144

It makes Solidity's recursion bug impossible.

[–]RoboTeddy 2ポイント3ポイント  (0子コメント)

I'm in favor of languages that make it easier to reason about side effects and whatnot. Solidity indeed doesn't look ideal for its task. I just felt like I couldn't agree with the title of the post-- Turing complete smart contracts are not doomed due to Godel's theorem. It's that very Turing completeness that will let us experiment with various tradeoffs in our language designs!

[–]Polycephal_Lee 0ポイント1ポイント  (0子コメント)

Exactly right. Arithmetic being Godel Incomplete is not a barrier to us using parts of it to get to the moon.

[–]robmyers 9ポイント10ポイント  (4子コメント)

Do read up on Ethereum's "gas" system.

[–]bitcoind3 5ポイント6ポイント  (1子コメント)

This.

I don't know how the op can earnestly write 5 pages about how bad Turing completeness is without even mentioning the gas system - this mechanism is specifically put in place to mitigate the problems the op mentions!

I'm very willing to listen to reasoned arguments about why gas might not be sufficient or whatever but I struggle to take the op seriously because he's not acknowledged any of the previous thoughts on this issue!

[–]a7437345 0ポイント1ポイント  (1子コメント)

Technically, this makes Ethereum non Turing-complete, because it can't run forever.

[–]Richy_T 5ポイント6ポイント  (0子コメント)

No computer is Turing complete as there is no such thing as infinite storage.

The point remains.

[–]reversedefenestrator 7ポイント8ポイント  (6子コメント)

Bitcoin was written in a turing complete language and we're sure enough about what it does to trust it with our money.

[–]TofuCasserole 4ポイント5ポイント  (0子コメント)

Bitcoin's scripting language is not turing complete. That's what we're talking about here.

[–]Harfatum 4ポイント5ポイント  (0子コメント)

This is a very well-thought-out post; I am an Ethereum fan but discussions like this need to be had.

History has demonstrated that code reliable enough to put billions of dollars on it can be written, whether to send astronauts into space or to run stock exchanges. What we really need is a much much higher level of care when writing (and auditing) smart contracts. Unprovability may be less important in practice than theory.

Still, I strongly support any sort of tools to make it easier to write and verify smart contracts.

[–]yonilevy 1ポイント2ポイント  (0子コメント)

There's this talk: https://www.youtube.com/watch?v=xeg_Q5uN73Q about Imandra which mentions a verifiable subset of OCaml compiling to Ethereum VM bytecode. Anyone knows what happened with that project?

[–]ForkiusMaximus 1ポイント2ポイント  (0子コメント)

I'd put the gas comment at the start because it was my first question going in. A related question: does this give specific hints about where to look in smart contracts for possible exploits?

Godel's theorem gives the typical recursive exploit, which I argue is not mathematically valid because it requires an infinite number of steps ("This sentence is false" is an incoherent statement, not a "true" one), but in code this particular failing seems to be obviate by gas: 

 This sentence is false so this sentence is true so this sentence is false so this sentence is true...OUTTA GAS, therefore this sentence is deemed true.

Yeah, it does halt; the problem is that it halts in one of two mutually exclusive states and we cannot know which. Do I have the right idea?

[–]Jonnyb42 1ポイント2ポイント  (7子コメント)

You wrote too much, by occams razor I'm not guna trust this post.

[–]ydtm[S] 1ポイント2ポイント  (5子コメント)

You write too little, we don't even need Occam's razor to realize that there is no content in your post.

(And I'm not sure Occam's razor is about prolixity.)

[–]Jonnyb42 1ポイント2ポイント  (4子コメント)

My half-joking post aside, I appreciate the information you've gathered and presented. My questions are the following:

You emphasize the need for 2 different language, implementation language and a specification language. Aren't EVM assembly and Solidity intended for those purposes?

What specifically is it about a turing-complete language that makes it harmful and dangerous? The only argument I saw (after the mathematic theorem references) was that it's impossible to determine the outcomes of these programs in general, but why is that bad? I don't see how that is equivalent to saying all smart contract will be exploitable.

[–]ydtm[S] 1ポイント2ポイント  (3子コメント)

What specifically is it about a turing-complete language that makes it harmful and dangerous?

You provided the answer yourself:

it's impossible to determine the outcomes of these programs in general

Maybe you're fine with non-deterministic, non-verifiable (ie, hackable) contracts?

I don't think most investors are.

[–]Jonnyb42 1ポイント2ポイント  (2子コメント)

Thanks for the reply, but you haven't answered my question. You are basing your arguments on the premise that non-deterministic and non-verifiable is the same as hackable, but I'm not seeing that connection and if you could explain or provide a reference that would help. You also haven't addressed solidity and evm assembly as specification/implementation (respectively) languages already.

[–]ydtm[S] 2ポイント3ポイント  (1子コメント)

Solidity is not what is typically considered a "specification" language.

It is an implementation language.

And the next language further down - EVM - is a virtual machine language.

Generally, specification languages merely describe "what" a program does - without getting into the details of "how" it's supposed to do it.

Examples of specification languages include Z, VDM, and Maude.

Maude is perhaps the most interesting of these - because it is one of the few specification languages which is also executable:

https://duckduckgo.com/?q=specification+verification+maude&ia=web

It's been used to verify a wide range of programs, in areas such as hardware design, space exploration, cryptography, etc:

https://np.reddit.com/r/ethereum/comments/4p0um9/why_turingcomplete_smart_contracts_are_doomed/d4heh97

As far as I can tell, the programmers involved with Solidity aren't even aware of this related work.

[–]hermanmaas 0ポイント1ポイント  (0子コメント)

You keep providing text book answers for describing implementation language or specifications languages. It makes me question your ability or experience in using them or even full understanding of these languages. After all you don't know a language until you have produced real life working code for a number of years. So your posts read as stale and theoretical only all repeating the same thing. The DAO hack and the struggle for its resolution actually proves how powerful a smart contract on ethereum platform can be once its security flaws are detected and addressed.

[–]monkyyy 0ポイント1ポイント  (0子コメント)

Side effecty code is a bad idea when money is on the table

[–]homerjthompson_ 1ポイント2ポイント  (1子コメント)

Despite the criticism, I thought this was a great read.

[–]Th0mm 1ポイント2ポイント  (0子コメント)

Because of the criticism, I thought this was a great read.

FTFY. This is exactly what the crypto space needs right now. If we can't take criticism or learn from the past it is already doomed.

[–]Th0mm 1ポイント2ポイント  (0子コメント)

Thanks again for a great read.

This is exactly the kind of sobering facts and criticism that the crypto community needs learn from if to be taken seriously. Too bad it seems to fall on deaf ears.

[–]xhiggy 1ポイント2ポイント  (0子コメント)

Whole heatedly agree.

[–]monkyyy 1ポイント2ポイント  (1子コメント)

Is anyone working on a coin thats doing this

[–]tl121 1ポイント2ポイント  (1子コメント)

I agree with everything you said, but believe that your post will be effectively useless, because most people won't be able to understand it. They won't have the motivation, determination and/or intelligence to ever understand it. They certainly could not go back and understand Turing and Godel's original papers, let alone the subsequent developments.

For these people I have a simpler view: write code, distribute it, you are responsible. If your code has a bug you make good or you die. How many people would have the knowledge or guts to continue programming under these circumstances? But this kind of attitude is what is needed to have reliable software.

"If a builder builds a house for someone, and does not construct it properly and the house falls in and kills its owner, then that builder shall be put to death." - Code of Hammurabi, 1750 BC.

[–]ForkiusMaximus 0ポイント1ポイント  (0子コメント)

Yes this is what will happen and the effect will be similar. I mean, the very first DAO was a disaster right away. Unfortunately for Ethereum, the way /u/ydtm's insights will most likely be applied is by people hacking smart contracts by searching for ways to do recursion and such...or worse, writing contracts with such loopholes then investing big money in them and hacking them if they start to lose, then asking for a bailout from the Ethereum miner-node "judiciary." Heads I win, tails you bail me out.

The whole facade of Ethereum's flashy high-tech image is unraveling as it becomes increasingly cleae they just through together all the most futuristic-sounding stuff they could and marketed the hell out of it.

[–]cypherdoc2 1ポイント2ポイント  (0子コメント)

how would you apply this to LN & SW?

[–]homerjthompson_ 2ポイント3ポイント  (4子コメント)

...any logical system or language which is "powerful" enough to be "Turing complete" must also be inconsistent.

I think you mean incomplete.

[–]ydtm[S] 0ポイント1ポイント  (3子コメント)

Yeah, it's been a while since I read up on Gödel, it is possible that I get the concepts of (in)consistency and (in)completeness mixed up sometimes.

The main thing I do remember from Gödel is that there are systems in mathematics and programming (eg arithmetic) where you can formulate a statement which you can't prove (and you also can't disprove) within the system itself.

This is analogous to what happens in a Turing-complete language - where it is possible to write code where you can't determine in advance whether the code produces the desired result.

This is the main problem with Turing-complete languages - but fortunately there are other, slightly restricted ones, which do allow determining in advance what a program does (instead of only being able to see this after the fact, by actually running it).

[–]tl121 0ポイント1ポイント  (1子コメント)

There is no true system of logic that is powerful enough to prove all true theorems of arithmetic that is not inconsistent.

Arithmetic is already too complex. If you eliminate multiplication and just have addition (e.g. group theory) then you have a decidable system.

I have never been much of a believer in programming languages as a tool to make dumb people write correct programs. This goes out of the realm of mathematics and logic and into soft sciences such as psychology. But then, when I started programming we had to use machine code, because we didn't even have an assembler.

[–]ForkiusMaximus 1ポイント2ポイント  (0子コメント)

What kind of theorem is undecidable in a system with multiplication?

[–]ChrisHallquist 0ポイント1ポイント  (0子コメント)

homerjthompson_ is right, and I recommend editing OP to fix this.

[–]embicoin 0ポイント1ポイント  (0子コメント)

I think this was answered before... https://np.reddit.com/r/ethereum/comments/4f367i/why_use_telephone_when_we_have_a_perfectly_good/d263nzg

[–]CatatonicMan 0ポイント1ポイント  (4子コメント)

This post is based on a flawed premise.

The completeness theorem doesn't say that all inputs are undecidable, only that at least one is.

Like the halting problem: it's impossible to determine if all programs will halt, but it's easy to prove that some will.

The obvious answer is to only use smart contracts that are provably consistent.

[–]ForkiusMaximus 0ポイント1ポイント  (1子コメント)

No recursion?

[–]CatatonicMan 0ポイント1ポイント  (0子コメント)

Is it provably consistent?

[–]Richy_T 0ポイント1ポイント  (1子コメント)

Which is why you use a domain specific language that can only be consistent.

[–]CatatonicMan 0ポイント1ポイント  (0子コメント)

That's one option, but it's hardly the only option.

[–]aredfish 0ポイント1ポイント  (0子コメント)

Turing completeness is not an obstacle to formal verification.

[–]tsontar 0ポイント1ポイント  (0子コメント)

I think you're in left field here.

Most every line of code we run on modern devices runs on "Turing complete" languages including Bitcoin which runs on C++.

Obviously it's possible for Turing-complete systems to be sufficiently secure, we use them daily.

Bitcoin will get its own Turing complete layer one day if it survives.

Nobody wants a blockchain with truly unstoppable contracts. It allows the potential of weaponized contracts. A blockchain that will support a contract that will destroy the blockchain is oxymoronic to consensus.

Blockchains are not uncensorable. They are censorship resistant. Ethereum's blockchain and EVM resists censorship. That's the point, and it's working.

[–]TotesMessenger 0ポイント1ポイント  (0子コメント)

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)

[–]redlightsaber 0ポイント1ポイント  (0子コメント)

Excellent post. I think you could use less personal attacks to drive your point home just as effectively, but I definitely understand the anger. Now let's see Mr Todd ignore this completely.

[–]vattenj 0ポイント1ポイント  (2子コメント)

I remember seeing this claim years ago. There should be a balance between the complexity and security. To reach maximum security you will need minimum level of complexity. A complex system will always have enormous loopholes to be covered, even many years later, thus not suitable for finance function

[–]BadLibertarian 0ポイント1ポイント  (1子コメント)

This can be managed at the protocol level by requiring programs to not only expend gas when deployed to the network, but by also requiring that a test copy with an attached bounty be installed to the test net at the same time.

No sufficiently bountied test net code means no live code.

And then link the bounty to a reasonable percentage of funds guarded by the live code, so that as the code is used more -hopefully as an element of a well tested common library for critical functions, bounties will rise.

When bounties are claimed on the test net - the live code gets updated to a new version of the contract. If someone tries to claim a "bounty" on the live net, as recently happened, then the network simply rolls back the transaction and sends the 'tester' the appropriate bounty amount assigned to that code on the test net.

[–]vattenj 0ポイント1ポイント  (0子コメント)

Even this explanation is too complex for average investors to understand, and who is going to guarantee this measurement is enough

[–]zeptochain 0ポイント1ポイント  (0子コメント)

Yep. +1

Just because someone once jumped out of a plane at 30,000 ft and survived does not invalidate the theory and effects of gravitation. Discussions about software are often somewhat like that where the obvious gets buried in edge cases.

[–]shadowsha256man -3ポイント-2ポイント  (4子コメント)

So much noise. If Haskell and Ocam are so freaking great and secure, why are they not in use: http://githut.info/ The gras is always so green on the other side.

...and Peter Todd; please, he is a nutcase!

[–]Th0mm 2ポイント3ポイント  (0子コメント)

Every task has different requirements. There is no panacea when choosing a programming language. It is always a choice between different trade offs.

A web front end naturally has different requirements than a financial backend. So they are build with different tools.

[–]ydtm[S] 2ポイント3ポイント  (2子コメント)

Maybe in the midst of all of the noise, you neglected to click on this link in the OP:

http://dslfin.org/resources.html

This shows that many major firms on Wall Street are using functional languages like Haskell and Ocaml to design DSLs (domain-specific languages) powering billions of dollars in financial products and smart contracts.

You can use popularity as a metric, on that site you linked.

But Wall Street (and NASA, and the Department of Defense) use another metric: correctness.

That's why derivatives contracts and nuclear reactors and missile defense systems are not coded in the "popular" languages in your link.

So... you might not know much about functional languages like Haskell and Ocaml. But the big boys do.

[–]shadowsha256man 1ポイント2ポイント  (0子コメント)

I work in that industry. Which is why I am comfortable saying that this is way too categorical.

[–]marcoski711 -3ポイント-2ポイント  (2子コメント)

P vs NP is still an outstanding question. You're writing as though P!=NP has been proven.

[–]homerjthompson_ 2ポイント3ポイント  (1子コメント)

It's about Goedel's theorem, which has been proven.

[–]marcoski711 0ポイント1ポイント  (0子コメント)

I stand corrected. I only read first para or so of ydtm as his posts are so mammoth!