A formal verification tool for Ethereum VM bytecode

Park, Daejun; Zhang, Yi; Saxena, Manasvi; Daian, Philip; Roşu, Grigore

doi:10.1145/3236024.3264591

Cited by 97 publications

(73 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this reason, the applications are illustrative only, not meant to serve as a comprehensive evaluation or make any claim of scalability. Moreover, the reported performance of the applications is not optimized 14 , and there is room for improvement, e.g., by providing custom abstractions and lemmas specific to x86-64, similarly to [189]. However, we believe that each application has the potential to be leveraged into a standalone tool, with its own user interface and case studies, but this is not our goal here.…”

Section: Applicationsmentioning

confidence: 99%

Scalable validation of binary lifters

Dasgupta

Dinesh

Venkatesh

et al. 2020

Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

The ability to directly reason about binary machine code is desirable, not only because it allows analyzing binaries even when the source code is not available (e.g., legacy code, closed-source software, or malware), but also avoids the need to trust the correctness of compilers. Binary analysis is generally performed by existing decompiler projects by (1) converting raw bytes from the binary into a stream of assembly instructions through disassembly, (2) translating machine code to an intermediate representation (IR) using a binary lifter, and (3) performing various analysis and transformations on the IR pertaining to the specific goals of the decompiler. Many binary analysis frameworks published in academia or as open-source code, use such a lifter as the first step in their pipeline. Validating the correctness of binary lifters is pivotal to gain trust in binary analysis, especially when used in scenarios where correctness is essential. Unfortunately, existing approaches focus on validating the correctness of lifting a single instruction and do not scale to full programs. I believe an effort in the direction would enable both the developers of binary translators, to validate their implementation, and the clients of those translators, to gain trust in their analysis results. The overall goal of my work is to develop formal and informal techniques to achieve high confidence in the correctness of binary lifting by leveraging the semantics of the languages involved (e.g., Intel's x86-64 and LLVM IR). Towards that goal, I made two broad contributions. First, I defined the most complete and thoroughly tested formal semantics of x86-64 to date. The semantics faithfully formalizes all the non-deprecated, sequential user-level instructions of the x86-64 Haswell instruction set architecture. The formal specification covers 3155 instruction variants, corresponding to 774 mnemonics. The semantics is fully executable and has been tested against the GCC C-torture test suite. Moreover, each instruction is individually tested against more than 7,000 instruction-level test cases. This extensive testing paid off, revealing bugs in both the x86-64 reference manual and other existing semantics, which are all acknowledged, and some are fixed. Also, I illustrated potential applications of the semantics in different formal analyses, and discuss how it can be useful for processor verification. Second, I show that formal translation validation of single instructions for a complex ISA like x86-64 is not only practical but can be used as a building block for scalable full-program validation. My work is the first to do translation validation of single instructions on an Coming up to this point is one of the biggest challenges I have ever pursued in my life. This thesis would not have been possible if I did not have the support of the following people. I owe my deepest gratitude to my adviser, Professor Vikram Adve, whose guidance, patience, and encouragement have been pivotal in the successful completion of this thesis. He is one of the ...

show abstract

Section: Applicationsmentioning

confidence: 99%

Scalable validation of binary lifters

Dasgupta

Dinesh

Venkatesh

et al. 2020

Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

show abstract

“…Based on F * , Grishchenko et al presented the first complete small-step semantics of EVM bytecode [25]. Hildenbrandt et al presented an executable formal semantics for the Ethereum platform, named KEVM [27], based on which, Park et al [46] presented a deductive verification tool, capable of verifying various high-profile and safety-critical contracts. Jiao et al developed the operational formal semantics for the Solidity programming language, named K-Solidity [32,33].…”

Section: Smart Contract Analysis and Verificationmentioning

confidence: 99%

Towards automated verification of smart contract fairness

Liu

Lin

et al. 2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

View full text Add to dashboard Cite

Smart contracts are computer programs allowing users to define and execute transactions automatically on top of the blockchain platform. Many of such smart contracts can be viewed as games. A game-like contract accepts inputs from multiple participants, and upon ending, automatically derives an outcome while distributing assets according to some predefined rules. Without clear understanding of the game rules, participants may suffer from fraudulent advertisements and financial losses. In this paper, we present a framework to perform (semi-)automated verification of smart contract fairness, whose results can be used to refute false claims with concrete examples or certify contract implementations with respect to desired fairness properties. We implement FairCon, which is able to check fairness properties including truthfulness, efficiency, optimality, and collusion-freeness for Ethereum smart contracts. We evaluate FairCon on a set of real-world benchmarks and the experiment result indicates that FairCon is effective in detecting property violations and able to prove fairness for common types of contracts. CCS CONCEPTS • Software and its engineering → Software verification; Software verification and validation.

show abstract

“…The smart contract language Michelson, used by Tezos, has also been formalised in Coq [30]. EVM, the virtual machine of Ethereum, has been formalised in K [32], in Isabelle/HOL [24,7], and in F * [21]. For a more complete account of blockchain projects involving formal methods see [22].…”

Section: For Fun and Profitmentioning

confidence: 99%

System F in Agda, for Fun and Profit

Chapman¹,

Kireev²,

Nester

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

System F, also known as the polymorphic λ-calculus, is a typed λcalculus independently discovered by the logician Jean-Yves Girard and the computer scientist John Reynolds. We consider F ωµ , which adds higher-order kinds and iso-recursive types. We present the first complete, intrinsically typed, executable, formalisation of System F ωµ that we are aware of. The work is motivated by verifying the core language of a smart contract system based on System F ωµ. The paper is a literate Agda script [14].

show abstract

A formal verification tool for Ethereum VM bytecode

Cited by 97 publications

References 10 publications

Scalable validation of binary lifters

Scalable validation of binary lifters

Towards automated verification of smart contract fairness

System F in Agda, for Fun and Profit

Contact Info

Product

Resources

About