Java

The Java execution engine is the main execution environment for smart contracts on ICON. This environment is equivalent to the Java Virtual Machine (opens in a new tab) developed by the OpenJDK (opens in a new tab) project with a translation and auditing layer wrapped around it to provide features supporting a cryptocurrency distributed computing network. The translation and auditing layer is based off of the Aion (opens in a new tab) Virtual Machine. The purpose of this layer is to provide cryptocurrency-specific features and address specific security concerns. A short overview of the features and security considerations in the overall Java execution environment for Java are described below.

Features

Multi-threading

ICON supports multi-threaded code due to support from the JVM. This means that multiple transactions can be executed in parallel on a single node.

Data storage

The Java execution environment uses a combination of the Java Object Graph (opens in a new tab) as well as the typical Merkle Patricia Tree (opens in a new tab). All objects must be serializable. The contract developer can choose to place objects into the object graph or the tree. If the object is specified to be associated with either VarDB, ArrayDB, or DictDB, then it will be stored as a key-value pair in the merkle tree.

Else, it will go into the object graph. Storing data in the object graph is very expensive, as the entire object must be copied and stored each time that the object is modified. For those who are curious, the object graph is stored as a heap (opens in a new tab).

Fees per instruction

The ICON translation and audit layer modifies the written smart contract code to include cryptocurrency-specific instructions for accumulating fees related for each computational instruction. Objects in the graph are lazy-loaded and incur fees related to the amount of I/O required to load them.

The step of adding per-instruction fees happens after smart contracts are deployed to the blockchain.

Aion Virtual Machine

ICON's usage of the Aion Virtual Machine (opens in a new tab) includes modified versions of the following features:

• Data storage layer
• Java class library restrictions
  • E.g. prevention of non-deterministic behavior
• Insertion of per-instruction fees
• Internal error-handling

Here are some articles where you can learn more about the Aion Virtual Machine:

• Why Java? (opens in a new tab)
• Why not WASM? (opens in a new tab)
• AVM Hybrid Storage (opens in a new tab)

Language Support

As the smart contract code ultimately runs on the Java Virtual Machine, theoretically there is support for development using the other JVM languages, such as Scala (opens in a new tab), Kotlin (opens in a new tab), or Groovy (opens in a new tab). However, this is highly untested, and is probably an area that deserves more attention. If you have interest, feel free to experiment and organize a working group through the ICON Technical Forum (opens in a new tab) or ICON Community Development Organization (opens in a new tab).

Security

This section details the security features implemented in the Java execution environment. It is separated from the prior Features section in order to highlight security-specific components of the execution environment.

Blacklisting Java features & classes

Among the blacklisted features and classes are the following:

• Random operation
• Floating point operation
• Network calls
• System calls (incl. file management)
• Long-running operations

Type-safe heap for data in the object graph

Type-safety (opens in a new tab) is a Java feature that ensures that the only functions allowed to operate on an object are the functions that are defined for that object type. This prevents some types of attacks from occurring on objects in the graph.