CN113256296A - Intelligent contract execution method, system, device and storage medium - Google Patents

Intelligent contract execution method, system, device and storage medium Download PDF

Info

Publication number
CN113256296A
CN113256296A CN202110739999.1A CN202110739999A CN113256296A CN 113256296 A CN113256296 A CN 113256296A CN 202110739999 A CN202110739999 A CN 202110739999A CN 113256296 A CN113256296 A CN 113256296A
Authority
CN
China
Prior art keywords
container
contract
intelligent contract
execution
blockchain transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110739999.1A
Other languages
Chinese (zh)
Other versions
CN113256296B (en
Inventor
林志平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202110739999.1A priority Critical patent/CN113256296B/en
Publication of CN113256296A publication Critical patent/CN113256296A/en
Application granted granted Critical
Publication of CN113256296B publication Critical patent/CN113256296B/en
Priority to PCT/CN2022/100522 priority patent/WO2023273994A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Strategic Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the specification discloses an intelligent contract execution method, a system, a device and a storage medium. The method includes a node flow implemented by a block-linked node process running in a hosting environment, and a contract flow implemented by a process running in a secure container. The secure container is a container that does not share a kernel with the host environment. The node process comprises the following steps: receiving a blockchain transaction; in response to receiving a blockchain transaction, creating a process in the secure container to execute native execution code of an intelligent contract invoked by the blockchain transaction, the native execution code having a format corresponding to a high-level language to which source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction. The contract flow comprises the following steps: executing native execution code of the smart contract in the secure container.

Description

Intelligent contract execution method, system, device and storage medium
Technical Field
The present disclosure relates to the field of information technology, and in particular, to a method, a system, an apparatus, and a storage medium for executing an intelligent contract.
Background
Intelligent contract development (contract for short) is an important component of blockchain development, and most of the current blockchain industry is to compile contract source code written in a high-level language into low-end bytecode, and then run the intelligent contract in a virtual machine matched with the low-end bytecode (i.e. execute the low-end bytecode).
However, the high-level language variety supporting the conversion of the low-end bytecode is limited, that is, the high-level language variety to be selected when the contract execution mode is adopted is limited, and the requirement of various high-level language developers for developing intelligent contracts cannot be met.
Disclosure of Invention
One embodiment of the present specification provides an intelligent contract execution method. The method includes a node flow implemented by a block-linked node process running in a hosting environment, and a contract flow implemented by a process running in a secure container, the secure container being a container that does not share a kernel with the hosting environment. Wherein the node process comprises: receiving a blockchain transaction; in response to receiving a blockchain transaction, creating a process in the secure container to execute native execution code of an intelligent contract invoked by the blockchain transaction, the native execution code having a format corresponding to a high-level language to which source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction. The contract flow comprises the following steps: executing native execution code of the smart contract in the secure container.
One embodiment of the present specification provides an intelligent contract execution system. The system includes a chunk node process running in a hosting environment and a process running in a secure container, which is a container that does not share a kernel with the hosting environment. Wherein the blockchain node process is to: receiving a blockchain transaction, and in response to receiving the blockchain transaction, creating a process in the secure container to execute native execution code of the intelligent contract called by the blockchain transaction, the native execution code corresponding to a high-level language to which source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction. The process in the secure container is to: executing native execution code of the smart contract in the secure container.
One of the embodiments of the present specification provides an intelligent contract execution apparatus. The apparatus comprises a processor and a storage device, wherein the storage device is used for storing instructions, and when the processor executes the instructions, the intelligent contract execution method is realized according to any embodiment of the specification.
One of the embodiments of the present specification provides a computer storage medium storing instructions that, when executed by a processor, implement an intelligent contract execution method according to any one of the embodiments of the present specification.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a schematic flow diagram of a method of intelligent contract execution according to some embodiments of the present description;
FIG. 2 is an interaction diagram of a smart contract execution method in accordance with some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification, the terms "a", "an" and/or "the" are not intended to be inclusive of the singular, but rather are intended to be inclusive of the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Some basic concepts referred to in this specification will first be described.
Blockchain transactions (transaction for short) may be used to record various types of events and/or data. In some embodiments, the events of the transaction record may include one or more of an addition characterizing a new node, an exit of a node, a transfer, and the like. In some embodiments, the data of the transaction record may include one or more of medical information, electronic contracts, electronic credentials, electronic orders, digital fingerprints, and the like.
The desired code may be executed by a transaction trigger, which may also be referred to as execution of a transaction, and the block link points may be executors of the transaction. By way of example only, a transaction for recording transfer activity may trigger an update to the account balances of both transferring parties, a transaction for crediting data may trigger writing data to blockchain data, a transaction for querying data may trigger a query for blockchain data, and so on.
In some embodiments, execution of the transaction may include invocation of the smart contract. Intelligent contracts (contracts) may refer to digital protocols that are stored distributed across nodes in a blockchain system and that may be automatically executed under certain conditions. An intelligent contract is essentially a piece of code running in a blockchain network to complete the business logic assigned by a user.
With the continuous development of the blockchain, the application scene of the blockchain is continuously extended, and more developers are added into the blockchain development. In block chain development, intelligent contract development is very important. Most of the current block chaining industry is to compile contract source code written in a high-level language into low-end bytecode, and then run an intelligent contract (i.e., execute the low-end bytecode) in a virtual machine that matches the low-end bytecode. For example, EtherFang's contract developers typically choose to write contract source code in the Solidity language. Accordingly, after the contract source code written in the Solidity language is compiled into EVM-formatted bytecode (EVM bytecode for short), the EVM bytecode can be executed in the EVM virtual machine. For another example, most contract developers of an EOS (Enterprise Operating System) choose to write the contract source code in the C + + language. Accordingly, after compiling contract source code written in C + + language into wasm-formatted bytecode (referred to as wasm bytecode for short), the wasm bytecode may be executed in a wasm (web assembly) virtual machine.
Some features of the virtual machine can guarantee contract security (such as filtering unsafe statements in the code) to some extent, the contract security includes but is not limited to disallowing contracts to obtain unauthorized data, such as accessing local disk files, accessing network resources, etc., and/or disallowing contract behavior to break security of a host environment (operating system), such as disallowing intelligent contracts to obtain some call permissions (such as fork, kill, chmod, ptrace, etc.) that affect normal operation of the operating system. However, the high-level language variety supporting conversion into low-level bytecode is limited, so that the high-level language variety available for selection under the contract execution mode is limited, and the requirement of various high-level language developers for developing intelligent contracts cannot be met.
While there are also blockchain architectures (e.g., Fabric) that support executing intelligent contracts in a native execution, there are no restrictions on the operational rights of the contracts to secure the contracts, e.g., some federation chain architectures rely solely on the joining of authorized members to secure contracts. Under the condition that the operation authority of the contract is not limited, if some security vulnerabilities exist, meanwhile, the intelligent contract which is just badly done utilizes the security vulnerabilities, and the problems of leakage of private data, unreliable operation of nodes and the like are likely to be caused.
It should be noted that the native execution mode is also referred to as a conventional execution mode, and refers to compiling source code written in a high-level language into native execution code (distinguished from low-level bytecode) for execution. For example, for the Java language, the native execution mode refers to compiling source code written in the Java language into bytecode of class format to execute. For another example, for C + + language, the native execution mode refers to compiling source code written in C + + language into bytecode that matches a target CPU architecture, and it is understood that the target CPU architecture is specifically referred to as a CPU architecture for executing contracts. Each high-level language corresponds to a native execution code, while a limited variety of high-level languages support the conversion of source code into a uniform format of low-level bytecode. The intelligent contract code (native intelligent contract for short) executed according to the native execution mode can meet the requirement of various high-level language developers for developing the intelligent contract. In addition, the native executable code is more debuggable than the low-end bytecode.
In some embodiments, to support execution of the native intelligent contract, the container may be considered an execution environment for the native intelligent contract. The container has the advantages of less occupied resources, quick deployment, easy transplantation, isolation and the like. Contract execution for each transaction may establish a one-to-one correspondence with container instances, which, as will be appreciated, refer to a specific single container. In this manner, the isolatability of the container may be utilized to isolate contract executions for different transactions.
However, a common container (such as a Docker container (abbreviated as Docker) developed by Docker, inc.) shares a kernel with a host environment (operating system), and a "malicious" intelligent contract may exploit the kernel vulnerability to attack the host environment, steal private data, and even destroy the operating system. It should be noted that the kernel is the core of an Operating System (OS), and is responsible for managing processes, memories, device drivers, files, and network systems of the OS, and determines the performance and stability of the OS.
In view of this, embodiments of the present disclosure provide a method and a system for executing a native intelligent contract through a security container, which can meet requirements of various language developers for developing an intelligent contract, ensure higher code debuggability, and ensure security of the intelligent contract.
It is understood that a secure container refers to a container that does not share a kernel with the host environment, unlike a normal container (e.g., Docker). By way of example only, the secure container may include one or more of a kata container developed by the open source community (see https:// katacontainers. io /), a gVisor container developed by Google, a Firecracker developed by Amazon, and so on.
FIG. 1 is a flow diagram of a method for intelligent contract execution according to some embodiments of the present description.
The method may include a node flow implemented by a block-linked node process running in the hosting environment, and a contract flow implemented by a process running in the secure container. Wherein, the block link point process may refer to a running block link program. In some embodiments, the hosting environment and the secure container may be integrated on a single device (host) or may be distributed across multiple devices, e.g., the secure container may be run on a cloud server. In some embodiments, a communication connection between the hosting environment and the secure container may be established through a network module hosted by the hosting environment itself.
As shown in fig. 1, the node process may include: receiving a transaction; in response to receiving the transaction, creating a process in a secure container to execute native execution code of the smart contract invoked by the transaction; the results of the execution of the transaction (also referred to as a "receipt") are obtained. The contract flow may include native execution code that executes the intelligent contract in a secure container.
It is understood that multiple processes may be run in the block-node process/secure container to implement the corresponding flow.
In some embodiments, in response to receiving a transaction, the block-linked node process may first create a secure container for execution of the contract, and then create a daemon process in the secure container. Optionally, the chunk node process may also create a daemon process in the created security container. Alternatively, the block chain node process may directly use the daemon process that has been created. The daemon process can be used for managing the life cycle of the contract execution process, including being responsible for the creation, destruction, calling and the like of the contract execution process. Further, the daemon process may create a contract execution process in the security container, obtain native execution code of the smart contract invoked for the transaction from the block-node process, and pass the native execution code to the contract execution process. Wherein the contract execution process is operable to execute native execution code of the smart contract invoked by the transaction. In some embodiments, contract execution may include setting values of variables in intelligent contracts. Specifically, the contract execution process may obtain a value of a variable in the intelligent contract from the blockchain node process, set the value of the variable, and return the set value of the variable to the blockchain node process, so that the blockchain node process obtains a transaction execution result. Wherein, the name (key) of the variable to be set can be indicated in the transaction, and the block chain node process can inquire the value (value) of the variable according to the name of the variable. It will be appreciated that keys and values for the same variable may be stored in key-value pairs for querying.
It will be appreciated that certain features, structures or characteristics of one or more embodiments of the specification may be combined as appropriate. The following is exemplified in connection with fig. 2.
FIG. 2 is an interaction diagram of a smart contract execution method in accordance with some embodiments of the present description.
As shown in fig. 2, the block-link point program process may include a container interface, a Database (DB), a container management module, and a gRPC client, and the daemon process may include a gRPC server and a contract execution module. Wherein the container interface is operable to receive a transaction. The container management module may be operative to create a secure container and a process in the secure container to execute native execution code of the smart contract invoked by the transaction in response to the container interface receiving the transaction. A database may be used to store blockchain data. Blockchain data includes one or more of blockchain data, account status, account storage, contract code (e.g., native execution code), and the like.
The gRPC server may communicate with the gRPC client as a communication module for communicating with the block-linked node process, which may include native execution code to obtain the intelligent contract. Alternatively, the gRPC client may actively communicate with the gRPC server. Specifically, in response to the container interface receiving the transaction, the gRPC client may retrieve the native execution code of the smart contract invoked by the transaction from the database through the container interface and send it to the gRPC server.
The contract execution module obtains the native execution code of the invoked intelligent contract from the gRPC server and passes it to the contract execution process.
Thus, the contract execution process may execute the obtained native execution code.
In some embodiments, a container agent may be disposed between the container interface and the gRPC client, and the container interface may communicate with the daemon process through the container agent and the gRPC client after receiving the transaction.
In some embodiments, communication between the contract execution process and the block-node processes may also follow a client-server mode. That is, a gRPC client in a contract execution process may initiate a request to a gRPC server thread pool (thread set) in a chunk node process, which responds to the request of the contract execution process accordingly. Specifically, the request may include acquiring a value of a contract variable to be set, setting the value of the contract variable, and notifying a contract execution result.
The gRPC server thread pool may return data required to execute the contract, such as the value of the contract variable to be set, to the gRPC client in the contract execution process (e.g., Container1, Container2, etc.) through a VM (Virtual Machine) thread (e.g., VMthread1, VMthread2, etc.) and a Container. The IO thread/Container in the gRPC server thread pool may access the message through the queue. For example, an IO thread may put a message into a queue through an MsgPut function (operation), a Container may take the message out of the queue through an Msg Get function (operation), and then put the obtained response data into the queue through a Return function (operation) for the IO thread to take out.
Each thread (IO thread/VM thread) may be responsible for the execution of a transaction at a time. After the contract execution process informs the threads in the gPC server thread pool that the execution of the native intelligent contract called by a certain transaction is finished, the VM thread responsible for the execution of the transaction can determine that the execution of the transaction is finished. Accordingly, the container interface may obtain the results of the execution of the transaction (i.e., the receipt).
It should be noted that the above description of the flow is for illustration and description only and does not limit the scope of the application of the present specification. Various modifications and alterations to the flow may occur to those skilled in the art, given the benefit of this description. However, such modifications and variations are intended to be within the scope of the present description.
Referring to fig. 2, the present specification further provides an intelligent contract execution system, which may include a block-linked node process running in a hosting environment and a process running in a secure container.
Wherein the block link point process may be used to: receiving a blockchain transaction, and starting a process in the safety container according to the received blockchain transaction so as to execute a native execution code of the intelligent contract called by the blockchain transaction, wherein the native execution code corresponds to a high-level language to which a source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction.
The process in the secure container is to: executing native execution code of the smart contract in the secure container.
It should be appreciated that the intelligent contract execution system and its modules described above may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above description of the system and its modules is for convenience only and should not limit the present disclosure to the illustrated embodiments. It will be appreciated by those skilled in the art that, given the teachings of the system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, in some embodiments, as shown in FIG. 2, multiple processes may be run in the secure container that are separated by labor to collectively implement a contract flow. Such variations are within the scope of the present disclosure.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) the container is used as an execution environment of the native intelligent contract to support the execution of the native intelligent contract, the requirement of various language developers on developing the intelligent contract can be met by executing the intelligent contract in a native mode, higher code debugging performance is guaranteed, and the safety of the intelligent contract is guaranteed; (2) the security container which does not share the kernel with the host environment is introduced to ensure contract security, prevent the 'doing badness' intelligent contract from attacking the host environment through the kernel vulnerability, and protect the data security of the host environment. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the embodiments herein. Various modifications, improvements and adaptations to the embodiments described herein may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the embodiments of the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment.
Moreover, those skilled in the art will appreciate that aspects of the embodiments of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of embodiments of the present description may be carried out entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the embodiments of the present specification may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for operation of various portions of the embodiments of the present description may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or processing device. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
In addition, unless explicitly stated in the claims, the order of processing elements and sequences, use of numbers and letters, or use of other names in the embodiments of the present specification are not intended to limit the order of the processes and methods in the embodiments of the present specification. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing processing device or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more embodiments of the invention. This method of disclosure, however, is not intended to imply that more features are required than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are possible within the scope of the embodiments of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (10)

1. An intelligent contract execution method, wherein the method comprises a node flow implemented by a block-chain node process running in a hosting environment, and a contract flow implemented by a process running in a secure container, the secure container being a container that does not share a kernel with the hosting environment;
wherein the node process comprises: receiving a blockchain transaction; in response to receiving a blockchain transaction, creating a process in the secure container to execute native execution code of an intelligent contract invoked by the blockchain transaction, the native execution code having a format corresponding to a high-level language to which source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction;
the contract flow comprises the following steps: executing native execution code of the smart contract in the secure container.
2. The method of claim 1, wherein said creating a process in the secure container in response to receiving a blockchain transaction comprises:
creating a daemon process in the secure container in response to receiving a blockchain transaction; the daemon is configured to: the method includes creating a contract execution process in the security container for executing native execution code of the intelligent contract, obtaining the native execution code of the intelligent contract from the blockchain node process, and passing the native execution code to the contract execution process.
3. The method of claim 2, wherein the daemon comprises a communication module and a contract execution module; the communication module is used for communicating with the block link node process, and the communication comprises acquiring a native execution code of the intelligent contract; the contract execution module is used for acquiring the native execution code of the intelligent contract from the communication module and transmitting the native execution code to the contract execution process.
4. The method of claim 2, wherein the executing native execution code of the smart contract comprises:
and acquiring the value of the variable in the intelligent contract from the block chain node process, setting the value of the variable, and returning the set value of the variable to the block chain node process so as to enable the block chain node process to obtain the execution result of the block chain transaction.
5. The method of claim 1, wherein the blockchain node process includes a container interface for receiving blockchain transactions, the blockchain node process further including a container management module for: in response to the container interface receiving a blockchain transaction, a secure container is created and a process is created in the secure container to execute native execution code of a smart contract invoked by the blockchain transaction.
6. The method of claim 2, wherein the blockchain node process includes a container interface, a database, a container management module, and a gRPC client; the daemon process comprises a gPRC server and a contract running module;
wherein the container interface is to receive a blockchain transaction; the database is used for storing block chain data, and the block chain data comprises a native execution code of an intelligent contract; the container management module is used for responding to the container interface receiving the blockchain transaction, creating the safety container and the daemon process in the safety container so as to execute the native execution code of the intelligent contract called by the blockchain transaction; the gPC client is used for responding to the fact that the container interface receives the blockchain transaction, acquiring a native execution code of the intelligent contract called by the blockchain transaction from the database through the container interface, and sending the native execution code to the gPC server;
the contract execution module is used for acquiring the native execution code of the called intelligent contract from the gPC server and transmitting the native execution code to the contract execution process.
7. The method of claim 1, wherein the secure container comprises one or more of a kata container, a gVisor container, a Firecracker container.
8. An intelligent contract execution system, wherein the system comprises a block chain node process running in a host environment and a process running in a secure container, the secure container being a container that does not share a kernel with the host environment;
wherein the blockchain node process is to: receiving a blockchain transaction; in response to receiving a blockchain transaction, creating a process in the secure container to execute native execution code of an intelligent contract invoked by the blockchain transaction, the native execution code corresponding to a high-level language to which source code of the intelligent contract belongs; obtaining an execution result of the blockchain transaction;
the process in the secure container is to: executing native execution code of the smart contract in the secure container.
9. An intelligent contract execution apparatus comprising a processor and a storage device, the storage device being arranged to store instructions which, when executed by the processor, implement the method of any one of claims 1 to 7.
10. A computer storage medium, wherein the storage medium stores instructions that, when executed by a processor, implement the method of any one of claims 1-7.
CN202110739999.1A 2021-07-01 2021-07-01 Intelligent contract execution method, system, device and storage medium Active CN113256296B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110739999.1A CN113256296B (en) 2021-07-01 2021-07-01 Intelligent contract execution method, system, device and storage medium
PCT/CN2022/100522 WO2023273994A1 (en) 2021-07-01 2022-06-22 Method, system, and apparatus for executing smart contract, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110739999.1A CN113256296B (en) 2021-07-01 2021-07-01 Intelligent contract execution method, system, device and storage medium

Publications (2)

Publication Number Publication Date
CN113256296A true CN113256296A (en) 2021-08-13
CN113256296B CN113256296B (en) 2021-10-08

Family

ID=77190531

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110739999.1A Active CN113256296B (en) 2021-07-01 2021-07-01 Intelligent contract execution method, system, device and storage medium

Country Status (2)

Country Link
CN (1) CN113256296B (en)
WO (1) WO2023273994A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114327776A (en) * 2021-12-30 2022-04-12 支付宝(杭州)信息技术有限公司 Debugging method, debugging equipment and debugging system for intelligent contract
CN115437682A (en) * 2022-09-15 2022-12-06 中国安全生产科学研究院 Application development management system under ABAP development environment
WO2023273994A1 (en) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Method, system, and apparatus for executing smart contract, and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108765158A (en) * 2018-05-31 2018-11-06 杭州秘猿科技有限公司 A kind of intelligent contract automotive engine system and its contract execution method based on block chain
CN109800056A (en) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 A kind of block chain dispositions method based on container
CN110249307A (en) * 2018-12-29 2019-09-17 阿里巴巴集团控股有限公司 System and method for executing primary contract on block chain
CN110782251A (en) * 2019-09-18 2020-02-11 江苏电力信息技术有限公司 Method for automatically deploying block chain network based on intelligent contracts
CN111258725A (en) * 2020-01-17 2020-06-09 北京百度网讯科技有限公司 Data processing method, device, equipment and medium based on block chain
CN111752574A (en) * 2020-05-08 2020-10-09 北京科技大学 Intelligent executable contract construction and execution method and system of legal contract

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11502828B2 (en) * 2017-11-15 2022-11-15 International Business Machines Corporation Authenticating chaincode to chaincode invocations of a blockchain
CN108881440A (en) * 2018-06-19 2018-11-23 北京连琪科技有限公司 A kind of block chain contract method for building up and system for taking into account safety and performance
CN110008263A (en) * 2019-02-20 2019-07-12 顺丰科技有限公司 Dynamic organization's extended method and system under Hyperledger fabric cluster mode
CN111130841B (en) * 2019-11-21 2022-07-08 深圳壹账通智能科技有限公司 Block chain network deployment method, electronic device and computer-readable storage medium
CN111459573B (en) * 2020-04-01 2023-09-15 山东浪潮科学研究院有限公司 Method and device for starting intelligent contract execution environment
CN111651169B (en) * 2020-05-19 2023-07-04 鼎链数字科技(深圳)有限公司 Block chain intelligent contract operation method and system based on web container
CN112035090B (en) * 2020-07-13 2024-06-07 翼帆数字科技(苏州)有限公司 Intelligent contract intelligent management system and method based on containerization technology
CN112367194B (en) * 2020-10-27 2022-03-25 四川长虹电器股份有限公司 Method for updating channel configuration of Fabric intelligent contract
CN113256296B (en) * 2021-07-01 2021-10-08 支付宝(杭州)信息技术有限公司 Intelligent contract execution method, system, device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108765158A (en) * 2018-05-31 2018-11-06 杭州秘猿科技有限公司 A kind of intelligent contract automotive engine system and its contract execution method based on block chain
CN110249307A (en) * 2018-12-29 2019-09-17 阿里巴巴集团控股有限公司 System and method for executing primary contract on block chain
CN109800056A (en) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 A kind of block chain dispositions method based on container
CN110782251A (en) * 2019-09-18 2020-02-11 江苏电力信息技术有限公司 Method for automatically deploying block chain network based on intelligent contracts
CN111258725A (en) * 2020-01-17 2020-06-09 北京百度网讯科技有限公司 Data processing method, device, equipment and medium based on block chain
CN111752574A (en) * 2020-05-08 2020-10-09 北京科技大学 Intelligent executable contract construction and execution method and system of legal contract

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023273994A1 (en) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Method, system, and apparatus for executing smart contract, and storage medium
CN114327776A (en) * 2021-12-30 2022-04-12 支付宝(杭州)信息技术有限公司 Debugging method, debugging equipment and debugging system for intelligent contract
CN115437682A (en) * 2022-09-15 2022-12-06 中国安全生产科学研究院 Application development management system under ABAP development environment

Also Published As

Publication number Publication date
WO2023273994A1 (en) 2023-01-05
CN113256296B (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN113256296B (en) Intelligent contract execution method, system, device and storage medium
US10664592B2 (en) Method and system to securely run applications using containers
US20200120082A1 (en) Techniques for securing credentials used by functions
US9832226B2 (en) Automatic curation and modification of virtualized computer programs
US8893222B2 (en) Security system and method for the android operating system
US9229881B2 (en) Security in virtualized computer programs
US8127316B1 (en) System and method for intercepting process creation events
Ferreira et al. Containing malicious package updates in npm with a lightweight permission system
Armando et al. Securing the" bring your own device" paradigm
US20150332043A1 (en) Application analysis system for electronic devices
US9871800B2 (en) System and method for providing application security in a cloud computing environment
JP2019503539A (en) System and method for auditing virtual machines
JP2014521184A (en) Activate trust level
JP7291120B2 (en) Providing workflows based on configuration
CN110489310B (en) Method and device for recording user operation, storage medium and computer equipment
JP5990646B2 (en) Forced protection control in virtual machines
US20240143739A1 (en) Intelligent obfuscation of mobile applications
CN112214267A (en) Android shelling acceleration method and device, storage medium and computer equipment
US8635331B2 (en) Distributed workflow framework
US11128653B1 (en) Automatically generating a machine-readable threat model using a template associated with an application or service
Salehi et al. Welcome to Binder: A kernel level attack model for the Binder in Android operating system
CN113360251A (en) Intelligent contract execution and cross-contract calling method, device and storage medium
US20240144256A1 (en) Decentralized blockchain client authorization and authentication
US20240211323A1 (en) Automatically injecting shims into running containers
US20230306126A1 (en) Limiting cloud permissions in deployment pipelines

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40056976

Country of ref document: HK