Incidents with smart contracts over the last few years (such as the DAO and Parity hacks) have shown that implemented operational semantics of smart contract languages often admit rather subtle behaviour that diverge from the intuitive understanding of the language in the minds of contract developers.
?In order to prevent such incidents to recur, it is required to have a safe-by-design smart contract language that is both expressive and tractable.