Slide 1

Slide 1 text

Rostislav Yavorskiy, PhD Head of Research at Exactpro VERIFICATION OF SMART CONTRACTS ON THE ETHEREUM BLOCKCHAIN Lecture #1 Formal verification of software 06 April 2022

Slide 2

Slide 2 text

The course schedule Wed, 06 Apr - Lecture 1. Formal verification of software Fri, 08 Apr - Lecture 2. Decentralized finance on Ethereum Mon, 11 Apr - Seminar 1. Microsoft z3 practice Tue, 12 Apr - Seminar 2. Smart contracts with Solidity Mon, 18 Apr - Lecture 3. Verification of Solidity contracts Tue, 19 Apr - Seminar 3. Smart contract verification practice. Thu, 21 Apr - Closing session. Homework results, certificates, pizza&cola

Slide 3

Slide 3 text

The course schedule Wed, 06 Apr - Lecture 1. Formal verification of software Fri, 08 Apr - Lecture 2. Decentralized finance on Ethereum Mon, 11 Apr - Seminar 1. Microsoft z3 practice Tue, 12 Apr - Seminar 2. Smart contracts with Solidity Mon, 18 Apr - Lecture 3. Verification of Solidity contracts Tue, 19 Apr - Seminar 3. Smart contract verification practice. Thu, 21 Apr - Closing session. Homework results, certificates, pizza&cola

Slide 4

Slide 4 text

Plan 1. Formal proofs, axioms and rules of inference 2. Hoare logic, preconditions, postconditions 3. Formal verification of safety critical systems 4. Automated proofs with Microsoft Z3 theorem prover Homework: theory test, Z3 basics 4

Slide 5

Slide 5 text

5 https://www.q-files.com/ https://cars.usnews.com/

Slide 6

Slide 6 text

6 https://www.q-files.com/ axiomatic method (proof engine)

Slide 7

Slide 7 text

Reasoning about Infinity

Slide 8

Slide 8 text

Example How to ensure that (x + 1)(x - 1) = x2 - 1 Test# x (x + 1)(x - 1) x2 - 1 (x + 1)(x - 1) = x2 - 1 1 0 -1 -1 True 2 1 0 0 True 3 -5 24 24 True 4 259 67080 67080 True 5 -324 104975 104975 True … … … … … 8 Note: billions of tests cannot guarantee 100% correctness

Slide 9

Slide 9 text

Axiomatic method 1. A(B+C) = AB + AC for all A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 9

Slide 10

Slide 10 text

Axiomatic method 1. A(B+C) = AB + AC for all A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 10 domain axioms truisms postulates basic rules

Slide 11

Slide 11 text

1. A(B+C) = AB + AC for all A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6, 7 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 Axiomatic method 11 theorems conclusions statements assertions claims

Slide 12

Slide 12 text

Pros and Contras 12 Testing (by executing) Formal Verification Simple and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

Slide 13

Slide 13 text

Pros and Contras 13 Testing (by executing) Formal Verification Simple and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

Slide 14

Slide 14 text

Pros and Contras 14 Testing (by executing) Formal Verification Simple and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever SUT a b c

Slide 15

Slide 15 text

Reasoning about Software

Slide 16

Slide 16 text

Axiomatic method 1. A(B+C) = AB + AC for all A, B, C - the distributive property 2. AB = BA, A+B=B+A for all A, B - the commutative property 3. A=B and B=C implies A=C for all A, B, C - the transitivity axiom 4. A=B and C=D implies A+C=B+D for all A, B, C, D 5. 1A = A, 0A = 0, A+0 = A, A-A=0 for any A 6. (x + 1)(x - 1) = x(x - 1) + 1(x - 1) - follows from 1, 2 7. x(x - 1) = x2 - x - follows from 1 8. x(x - 1) + 1(x - 1) = x2 - x + x - 1 - follows from 4, 5, 6 9. (x + 1)(x - 1) = x2 - 1 - follows from 3, 5, 6, 8 16 domain axioms truisms postulates basic rules theorems conclusions statements assertions claims

Slide 17

Slide 17 text

Hoare triple 17 A triple describes how the execution of a piece of code changes the state of the computation: precondition postcondition program Meaning: when the precondition is met, executing the command establishes the postcondition

Slide 18

Slide 18 text

Hoare logic for programming languages 18

Slide 19

Slide 19 text

Hoare logic for programming languages 19 Looks like a good topic for PhD...

Slide 20

Slide 20 text

Tony Hoare 20 British computer scientist who has made foundational contributions to ● programming languages, ● algorithms, ● operating systems, ● formal verification, and ● concurrent computing Worked at the University of Oxford and Microsoft Research in Cambridge Born 11 January 1934 in Colombo, his mother was the daughter of a tea planter

Slide 21

Slide 21 text

Safety critical systems 21

Slide 22

Slide 22 text

Examples of safety-critical systems ● Emergency services dispatch systems ● Electricity generation, transmission and distribution ● Heart-lung machines ● Mechanical ventilation systems ● Infusion pumps and Insulin pumps ● Radiation therapy machines ● Robotic surgery machines ● Pacemaker devices ● Railway signalling and control systems ● Platform detection to control train doors ● Automatic train stop 22 ● Airbag systems ● Braking systems ● Power steering systems ● Advanced driver-assistance systems ● Electronic throttle control ● Battery management system for hybrids and electric vehicles ● Electric park brake ● Air traffic control systems ● Avionics, fly-by-wire systems ● Engine control systems ● Aircrew life support systems ● Nuclear reactor control systems

Slide 23

Slide 23 text

Formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics 23

Slide 24

Slide 24 text

What contributes to the product quality ● Enterprise factors ○ Organizational structure and business process ● Good specification ○ Precise and complete ○ Validated by the stakeholders ● Professional team ○ Educated, experienced, well-coordinated ● Functional testing ○ Test plan ○ Manual and automated tests ○ Formal verification ● Non-functional testing ● Support 24

Slide 25

Slide 25 text

Formal Verification Benchmarks ● 2004 - Intel, parameterized verification of cache-coherent protocol ● 2005 - CompCert, a formally verified optimizing compiler for a large subset of the C99 programming language ● 2011 - several operating systems have been formally verified ● 2016 - CertiKOS, a formal verification protocol for blockchain ● 2017 - formal verification has been applied to the design of large computer networks ● Formal verification is used by most of leading hardware companies 25

Slide 26

Slide 26 text

Microsoft Z3 theorem prover Satisfiability Modulo Theories (SMT) Solver

Slide 27

Slide 27 text

27 ● Computer algebra systems (arithmetic, calculus etc.) ○ https://www.cymath.com/practice/algebra-inequalities ○ https://quickmath.com/ ● SAT solvers (boolean logic) - see overview here ○ https://msoos.github.io/cryptominisat_web/ ○ http://logicrunch.it.uu.se:4096/~wv/minisat/ ● SMT solvers (boolean logic + arithmetic etc.) Three types of solvers

Slide 28

Slide 28 text

28 ● Z3 is an SMT solver, which supports the SMTLIB format ● One can run Z3 in browser ● See Q&A at StackOverflow ● Use from Python https://github.com/Z3Prover/z3 Z3

Slide 29

Slide 29 text

Awards: ● “The most influential tool paper in the first 20 years of TACAS” (> 3500 citations) ● Programming Languages Software Award from ACM SIGPLAN Ships with many popular systems ● Isabelle, Pex, SAGE, SLAM/SDV, Visual Studio, … Solved more than 5 billion constraints created by SAGE when checking Win8/Office Leonardo de Moura, Microsoft Research, 19 July 2017 Z3 impact

Slide 30

Slide 30 text

30 https://compsys-tools.ens-lyon.fr/z3

Slide 31

Slide 31 text

31 https://compsys-tools.ens-lyon.fr/z3 a, b, c are integer variables (a > 0) & (b > 0) & (c > 0) & (a2 + b2 = c2) Check if exist values a, b, c which satisfy the constraint. If yes, provide a solution

Slide 32

Slide 32 text

Home assignment

Slide 33

Slide 33 text

Deadline: Friday, 15 April 2022 ● Theory test https://forms.gle/Fz7GDqsTgfvfxEj76 ● Check in Z3 if for any integer x and y the following holds, or provide a counterexample: (x + y > -5) and (x - y < 5) → (2x - y < 15) or (x + 3y > 7) 33

Slide 34

Slide 34 text

Questions? Thank you! 34