Rostislav Yavorskiy, Exactpro Head of Research VERIFICATION OF SMART CONTRACTS ON THE ETHEREUM BLOCKCHAIN Q&A session #1 Formal verification of software 11 April 2022

2 Lecture slides questions and comments

3 https://www.q-files.com/ Axiomatic method (verification proof engine) Users don’t have to know what’s inside. Yet that is fascinating!

Pros and Contras 4 Testing (by executing) Formal Verification Simple and straightforward Laborious and difficult Teachable and accessible Knowledgeable and competent Always applicable Domain formalization is necessary Never complete Convincing and complete Hardly reusable Prove once, use forever Definitely, one can reuse - bug reports - test cases - domain knowledge but not the testing results.

Proof of termination 5 A triple describes how the execution of a piece of code changes the state of the computation: precondition postcondition program Meaning: when the precondition is met, executing the command establishes the postcondition

Proof of termination ⦅p=a⦆ foo() ⦅p

Proof of termination ⦅p=a⦆ foo() ⦅p

Automated theorem provers 8 Name Developer(s) Implementation language Features Higher-orde r logic Dependent types Proof automation Code generation ACL2 Matt Kaufmann and J Strother Moore Common Lisp No Untyped Yes Executable Agda Ulf Norell, Nils Anders Danielsson, and Andreas Abel (Chalmers and Gothenburg) Haskell Yes Yes No Already executable Coq INRIA OCaml Yes Yes Yes Yes F* Microsoft Research and INRIA F* Yes Yes Yes Yes HOL Light John Harrison OCaml Yes No Yes No HOL4 Michael Norrish, Konrad Slind, and others Standard ML Yes No Yes Yes Isabelle Larry Paulson (Cambridge), Tobias Nipkow (München) and Makarius Wenzel Standard ML, Scala Yes No Yes Yes Lean Microsoft Research C++ Yes Yes Yes Un known LEGO Randy Pollack (Edinburgh) Standard ML Yes Yes No No Mizar Białystok University Free Pascal Partial Yes No No NuPRL Cornell University Common Lisp Yes Yes Yes Yes PVS SRI International Common Lisp Yes Yes Yes Un known

Automated theorem provers 9 Name Developer(s) Implementation language Features Higher-orde r logic Dependent types Proof automation Code generation ACL2 Matt Kaufmann and J Strother Moore Common Lisp No Untyped Yes Executable Agda Ulf Norell, Nils Anders Danielsson, and Andreas Abel (Chalmers and Gothenburg) Haskell Yes Yes No Already executable Coq INRIA OCaml Yes Yes Yes Yes F* Microsoft Research and INRIA F* Yes Yes Yes Yes HOL Light John Harrison OCaml Yes No Yes No HOL4 Michael Norrish, Konrad Slind, and others Standard ML Yes No Yes Yes Isabelle Larry Paulson (Cambridge), Tobias Nipkow (München) and Makarius Wenzel Standard ML, Scala Yes No Yes Yes Lean Microsoft Research C++ Yes Yes Yes Un known LEGO Randy Pollack (Edinburgh) Standard ML Yes Yes No No Mizar Białystok University Free Pascal Partial Yes No No NuPRL Cornell University Common Lisp Yes Yes Yes Yes PVS SRI International Common Lisp Yes Yes Yes Un known Next generation AI?

Proofs or counterexamples For all x holds P(x) is equivalent to Not exists x such that “not P(x)” holds 10

Proofs or counterexamples For all x holds P(x) is equivalent to Not exists x such that “not P(x)” holds So, in order to “find proof for P(x)” we ask “find model for not P(x)” 11

Proofs or counterexamples For all x holds P(x) is equivalent to Not exists x such that “not P(x)” holds So, in order to “find proof for P(x)” we ask “find model for not P(x)” 12 Proof by contradiction

13 Theory test

https://forms.gle/Fz7GDqsTgfvfxEj76 Theory test #1

15 Practical z3 task

16 https://compsys-tools.ens-lyon.fr/z3 a, b, c are integer variables (a > 0) & (b > 0) & (c > 0) & (a2 + b2 = c2) Check if exist values a, b, c which satisfy the constraint. If yes, provide a solution

The arithmetic constraint z3 task 17 ● Check in Z3 if for any integer x and y the following holds, or provide a counterexample: (2x + y > 3) and (x + y >2) → (y > -3) or (x > -3)

The arithmetic constraint z3 task 18 ● Let’s prove it by contradiction. We try to find x, y such that “(2x + y > 3) and (x + y >2) → (y > -3) or (x > -3)” is false ● Implication is false whenever the premise is correct and the conclusion is false. So, the counterexample has to fulfil the conditions: 2x + y > 3 x + y > 2 y ≤ -3 x ≤ -3

The arithmetic constraint z3 task 19 (declare-fun x () Int) (declare-fun y () Int) (assert (> (+ (* 2 x) y) 3)) (assert (> (+ x y) 2)) (assert (<= y -3)) (assert (<= x -3)) (check-sat) (get-model) 2x + y > 3 x + y > 2 y ≤ -3 x ≤ -3 https://compsys-tools.ens-lyon.fr/z3

Thank you! 20