Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TMPA-2021: Formal Verification of the Eth2.0 be...

Exactpro
November 26, 2021

TMPA-2021: Formal Verification of the Eth2.0 beacon Chain

Franck Cassez, ConsenSys

Formal Verification of the Eth2.0 beacon Chain

TMPA is an annual International Conference on Software Testing, Machine Learning and Complex Process Analysis. The conference will focus on the application of modern methods of data science to the analysis of software quality.

To learn more about Exactpro, visit our website https://exactpro.com/

Follow us on
LinkedIn https://www.linkedin.com/company/exactpro-systems-llc
Twitter https://twitter.com/exactpro

Exactpro

November 26, 2021
Tweet

More Decks by Exactpro

Other Decks in Technology

Transcript

  1. 1 Formal Verification of the Beacon Chain Specs Franck Cassez

    Trustworthy Smart Contracts Team November 2021 Franck Cassez ConsenSys https://franck44.github.io/ Joanne Fuller ConsenSys Aditya Asgaonkar Ethereum Foundation
  2. 4 4 The Beacon Chain Ethereum 2.0 overall architecture. Original

    diagram by Ben Edgington. & Hsiao-Wei Wang Original diagram by Ben Edgington. & Hsiao-Wei Wang
  3. 6 6 Why/What Formal Verification? Proposed Solution • Use formal

    verification for thorough analysis • Report/fix issues • Source code (git repo) for: ▪ Formal specifications ▪ Correctness/termination proofs ▪ Implementation (e.g. serialise/deserialise) Problems • Management of huge amount of assets • Specs may be ambiguous & buggy • Hard for developers to understand • Bugs critical/costly consequences • Absence of functional specs • Mission critical embedded system
  4. 9 9 Scope of the project Design a formal specification

    of the Beacon Chain No runtime errors Functional Guarantees Develop a machine-checkable proof that code is correct Provide guarantees on code executed on a node Termination
  5. 12 12 How does it work? Pre/post conditions – Floyd-Hoare

    Logic function get_next_power_of_two(n : int) : int requires n >= 0 // pre-condition ensures get_next_power_of_two(n) >= 1 // post-condition { if n <= 2 then 2 else 2 * get_next_power_of_two( (n + 1) / 2) } Implementation How the result is computed Specification What properties should the result satisfy? Floyd-Hoare Logic Sir C.A.R. Hoare (1934 –) Turing Award 1980 R. W. Floyd (1936 – 2001) Turing Award 1978
  6. 13 13 Dafny – A Verification-Friendly Programming Language Program +

    Pre/Post conditions Dafny Verification Engine Verification Condition F (Logical formula) Solver F is valid program/proofs are correct F is not valid counter-example Proofs As Programs Inconclusive Timeout
  7. 15 15 Beacon Chain (Phase 0) Components State Transition •

    Update client state • Process slots ▪ epochs • Process block ▪ block tree ▪ validators ▪ balances ▪ votes ▪ slashings SSZ/Merkle • Serialisation (SSZ) ▪ Data structures ▪ Serialise/deserialise • Merkleisation ▪ Data structures ▪ Merkle trees ▪ Merkle proofs ForkChoice • LMD-GHOST • Canonical chain • Finalised blocks • Justified blocks https://github.com/ConsenSys/eth2.0-dafny
  8. 17 17 Serialise/Deserialise (SSZ) – Example What: Convert object O

    to sequence of bytes and back 1 1 0 1 1 1 1 0 1 0 1 0 1 1 0 1 1 1 1 0 1 0 1 0 1 0 0 0 Serialise Deserialise Main proof (involution): Deserialise( Serialise( O ) ) = O 8 bits padding Bit list:
  9. 20 20 State change Epoch 1 Epoch 2 Epoch 3

    Slots S1 S’1 S’’1 S2 S3 S’3 Beacon Blocks
  10. 21 21 Proof Strategy Outcome: • absence of runtime errors

    • Proof of termination • functional correctness Imperative implementation Functional correctness
  11. 39 39 Context - Rewards and Penalties process_rewards_and_penalties get_attestation_deltas get_target_deltas

    get_source_deltas get_inclusion_delay_deltas get_head_deltas get_inactivity_penalty_deltas get_attestation_component_deltas get_unslashed_attesting_indices get_attesting_indices
  12. 41 41 Analysis & Calculations Number of Active Validators V

    No Array out of bounds? V ≤ 4, 194, 304 ✅ 4, 194, 304 < V < 4, 196, 352 at least one input s.t. array-out-of-bounds 4, 196, 352 ≤ V for all input array-out-of-bounds
  13. 44 44 Limitations, Assumptions and Simplifications Simplifications • ForkChoice ▪

    Dafny data types ▪ deposit is 1ETH/validator • Known environment bounds assumed ▪ Finite amount of ETH ▪ Max number of validators Limitations • Abstract hash function • SSZ ▪ generic types ▪ not used in StateTransition/ForkChoice • Randomness ▪ not taken into account Assumptions • Trust base: Dafny + Z3 • Python -> Dafny preserves semantics
  14. 46 46 Reading group Gasper, Advanced verification, Dafny Verification Effort

    Person/mth 24 Dafny projects top 5 Ethereum Foundation Support Dedicated contact point Formal verification Dafny coding sessions + Background Theory
  15. 49 49 Key Takeaways Verifier PL Dafny Eth2 specs verified

    85% Eth2.0 bug reports/fixes 20 Dafny bug reports 5 Lines of Code 9000+ Lines of Document. 4800+ Theorems proved 231 Joint Effort EF+CSI
  16. 50 50 Impact Foster Use of Formal Methods • Blogs

    & Presentations ▪ Blog Formally Verifying Eth2.0 Specs ▪ Blog Coding Journey to Dafny Evangelist ▪ Ethereum Engineering Meet-up talk ▪ R&D week Formal verification of Eth2 BC • Paper Formal Verification of Eth2.0 Improve Software Reliability • Formally verified SSZ/Merkle/ForkChoice • Proofs machine-checkable • Specs ▪ language-agnostic ▪ candidate reference spec • Embedded documentation
  17. 51 51 Conclusion Resources • EF spec writers team ~8

    • CSI spec verification team ~2 ▪ Absence of runtime errors ▪ Extracting functional specs ▪ Proving consistency • Dafny adoption ▪ EF Eth2.0 spec writers – 4 sessions Main Roadblocks • Eth2.0 specs ▪ Unstructured ▪ Imperative/exception ⇔ invalid ▪ Duplicate data structures • Dafny ▪ Limited VSCode support ▪ Proof logical complexity/time complexity Improving Dafny Specs • Functional specifications of ▪ valid attestations • Specs ▪ Candidate reference spec • Extract Embedded documentation
  18. 52 52 Resources Blogs Formally Verifying Eth2.0 Specs Aug 2020

    Coding Journey to Dafny Evangelist December 2020 Code Eth2.0 Specs in Dafny Deposit Smart Contract in Dafny Dafny coding sessions https://arxiv.org/abs/2110.12909