Formal verification of software

Transcript

1. Rostislav Yavorskiy, PhD Head of Research at Exactpro VERIFICATION OF

   SMART CONTRACTS ON THE ETHEREUM BLOCKCHAIN Lecture #1 Formal verification of software 06 April 2022

2. The course schedule Wed, 06 Apr - Lecture 1. Formal

   verification of software Fri, 08 Apr - Lecture 2. Decentralized finance on Ethereum Mon, 11 Apr - Seminar 1. Microsoft z3 practice Tue, 12 Apr - Seminar 2. Smart contracts with Solidity Mon, 18 Apr - Lecture 3. Verification of Solidity contracts Tue, 19 Apr - Seminar 3. Smart contract verification practice. Thu, 21 Apr - Closing session. Homework results, certificates, pizza&cola

3. The course schedule Wed, 06 Apr - Lecture 1. Formal

   verification of software Fri, 08 Apr - Lecture 2. Decentralized finance on Ethereum Mon, 11 Apr - Seminar 1. Microsoft z3 practice Tue, 12 Apr - Seminar 2. Smart contracts with Solidity Mon, 18 Apr - Lecture 3. Verification of Solidity contracts Tue, 19 Apr - Seminar 3. Smart contract verification practice. Thu, 21 Apr - Closing session. Homework results, certificates, pizza&cola

4. Plan 1. Formal proofs, axioms and rules of inference 2.

   Hoare logic, preconditions, postconditions 3. Formal verification of safety critical systems 4. Automated proofs with Microsoft Z3 theorem prover Homework: theory test, Z3 basics 4

5. 5 https://www.q-files.com/ https://cars.usnews.com/

6. 6 https://www.q-files.com/ axiomatic method (proof engine)

7. Reasoning about Infinity

8. Example How to ensure that (x + 1)(x - 1)

   = x2 - 1 Test# x (x + 1)(x - 1) x2 - 1 (x + 1)(x - 1) = x2 - 1 1 0 -1 -1 True 2 1 0 0 True 3 -5 24 24 True 4 259 67080 67080 True 5 -324 104975 104975 True … … … … … 8 Note: billions of tests cannot guarantee 100% correctness

9. Axiomatic method 1. A(B+C) = AB + AC for all

   A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 9

10. Axiomatic method 1. A(B+C) = AB + AC for all

    A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 10 domain axioms truisms postulates basic rules

11. 1. A(B+C) = AB + AC for all A, B,

    C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6, 7 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 Axiomatic method 11 theorems conclusions statements assertions claims

12. Pros and Contras 12 Testing (by executing) Formal Verification Simple

    and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

13. Pros and Contras 13 Testing (by executing) Formal Verification Simple

    and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

14. Pros and Contras 14 Testing (by executing) Formal Verification Simple

    and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

15. Reasoning about Software

16. Axiomatic method 1. A(B+C) = AB + AC for all

    A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 16 domain axioms truisms postulates basic rules theorems conclusions statements assertions claims

17. Hoare triple 17 A triple describes how the execution of

    a piece of code changes the state of the computation: precondition postcondition program Meaning: when the precondition is met, executing the command establishes the postcondition

18. Hoare logic for programming languages 18

19. Hoare logic for programming languages 19 Looks like a good

    topic for PhD...

20. Tony Hoare 20 British computer scientist who has made foundational

    contributions to • programming languages, • algorithms, • operating systems, • formal verification, and • concurrent computing Worked at the University of Oxford and Microsoft Research in Cambridge Born 11 January 1934 in Colombo, his mother was the daughter of a tea planter

21. Safety critical systems 21

22. Examples of safety-critical systems • Emergency services dispatch systems •

    Electricity generation, transmission and distribution • Heart-lung machines • Mechanical ventilation systems • Infusion pumps and Insulin pumps • Radiation therapy machines • Robotic surgery machines • Pacemaker devices • Railway signalling and control systems • Platform detection to control train doors • Automatic train stop 22 • Airbag systems • Braking systems • Power steering systems • Advanced driver-assistance systems • Electronic throttle control • Battery management system for hybrids and electric vehicles • Electric park brake • Air traffic control systems • Avionics, fly-by-wire systems • Engine control systems • Aircrew life support systems • Nuclear reactor control systems

23. Formal verification is the act of proving or disproving the

    correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics 23

24. What contributes to the product quality • Enterprise factors ◦

    Organizational structure and business process • Good specification ◦ Precise and complete ◦ Validated by the stakeholders • Professional team ◦ Educated, experienced, well-coordinated • Functional testing ◦ Test plan ◦ Manual and automated tests ◦ Formal verification • Non-functional testing • Support 24

25. Formal Verification Benchmarks • 2004 - Intel, parameterized verification of

    cache-coherent protocol • 2005 - CompCert, a formally verified optimizing compiler for a large subset of the C99 programming language • 2011 - several operating systems have been formally verified • 2016 - CertiKOS, a formal verification protocol for blockchain • 2017 - formal verification has been applied to the design of large computer networks • Formal verification is used by most of leading hardware companies 25

26. Microsoft Z3 theorem prover Satisfiability Modulo Theories (SMT) Solver

27. 27 • Computer algebra systems (arithmetic, calculus etc.) ◦ https://www.cymath.com/practice/algebra-inequalities

    ◦ https://quickmath.com/ • SAT solvers (boolean logic) - see overview here ◦ https://msoos.github.io/cryptominisat_web/ ◦ http://logicrunch.it.uu.se:4096/~wv/minisat/ • SMT solvers (boolean logic + arithmetic etc.) Three types of solvers

28. 28 • Z3 is an SMT solver, which supports the

    SMTLIB format • One can run Z3 in browser • See Q&A at StackOverflow • Use from Python https://github.com/Z3Prover/z3 Z3

29. Awards: • “The most influential tool paper in the first

    20 years of TACAS” (> 3500 citations) • Programming Languages Software Award from ACM SIGPLAN Ships with many popular systems • Isabelle, Pex, SAGE, SLAM/SDV, Visual Studio, … Solved more than 5 billion constraints created by SAGE when checking Win8/Office Leonardo de Moura, Microsoft Research, 19 July 2017 Z3 impact

30. 30 https://compsys-tools.ens-lyon.fr/z3

31. 31 https://compsys-tools.ens-lyon.fr/z3 a, b, c are integer variables (a >

    0) & (b > 0) & (c > 0) & (a2 + b2 = c2) Check if exist values a, b, c which satisfy the constraint. If yes, provide a solution

32. Home assignment

33. Deadline: Friday, 15 April 2022 • Theory test https://forms.gle/Fz7GDqsTgfvfxEj76 •

    Check in Z3 if for any integer x and y the following holds, or provide a counterexample: (x + y > -5) and (x - y < 5) → (2x - y < 15) or (x + 3y > 7) 33

34. Questions? Thank you! 34