defining the ethereum virtual machine for interactive
play

Defining the Ethereum Virtual Machine for Interactive Theorem - PowerPoint PPT Presentation

Dec 17, 2022 •213 likes •538 views

Overview Some Technicality Own Evaluation Summary Defining the Ethereum Virtual Machine for Interactive Theorem Provers Yoichi Hirai Ethereum Foundation Workshop on Trusted Smart Contracts Malta, Apr. 7, 2017 1/32 Yoichi Hirai Defining

  1. Overview Some Technicality Own Evaluation Summary Defining the Ethereum Virtual Machine for Interactive Theorem Provers Yoichi Hirai Ethereum Foundation Workshop on Trusted Smart Contracts Malta, Apr. 7, 2017 1/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  2. Overview Some Technicality Own Evaluation Summary Outline Overview 1 Why Prove Ethereum Programs Correct We Defined EVM for Theorem Provers Some Technicality 2 EVM Choice on Reentrancy 3 Own Evaluation Remaining Problems Summary 4 2/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  3. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Outline Overview 1 Why Prove Ethereum Programs Correct We Defined EVM for Theorem Provers Some Technicality 2 EVM Choice on Reentrancy 3 Own Evaluation Remaining Problems Summary 4 3/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  4. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Ethereum: Public Ledger with Code Public ledger with accounts: . . . some controlled by private key holders, . . . the others (called Ethereum contracts) controlled by code stored on the ledger. Accounts (including Ethereum contracts) can call other accounts and send balance. Calls invoke code in Ethereum contracts. 4/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  5. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Bugs in Ethereum Programs. The DAO: funds moved much more than expected / led to network split into two Programs stop working when array iteration becomes too long Ethereum Name Service (prev. version): in a secret auction, bids could be added after other bids were revealed . . . This does not work: Develop the source code of Ethereum contracts on GitHub. 1 Enough people would look at it. 2 Bugs would be found early enough. 3 5/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  6. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Potential Ways to Prevent Bugs in Ethereum Programs. Testing can check prepared scenarios cannot find unknown attacks without luck Code review sometimes finds attacks Never known: how much review is enough? Machine-checked theorem proving can enumerate everything that can happen, if it finishes. You can see when proofs finish. 6/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  7. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Why Formal Proofs might Make Sense for Ethereum Contracts My speculation: for Ethereum contracts the benefit of proving might outweigh the costs. You cannot change deployed programs Bugs remain. An upgradable Ethereum contract is somehow at odds with the cause of decentralization. The bugs are visible to all potential attackers Ethereum contracts sometimes manage big amount of fund 7/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  8. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Need of a Definition of a Programming Language in Theorem Provers In some cases, the semantics looks like an interpreter. In other cases, it contains clauses of possibilities. The definition in theorem provers is code, but it should be readable/comparable against spec. The definition needs to be tested Goal: what happens on-chain should be an instantiation of the definition in theorem provers 8/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  9. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Outline Overview 1 Why Prove Ethereum Programs Correct We Defined EVM for Theorem Provers Some Technicality 2 EVM Choice on Reentrancy 3 Own Evaluation Remaining Problems Summary 4 9/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  10. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary We Defined the Ethereum Virtual Machine for Isabelle/HOL, HOL4 and Coq Coq (27 yrs. old), Isabelle (31 yrs. old) and HOL4 (ca. 30 yrs. old) are interactive theorem provers, where one can develop math proofs and have them checked. one can also develop software and prove correctness. “Programs” look similar in all these theorem provers Strategic Goal: inviting users of these tools to Ethereum contract verification. 10/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  11. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Our EVM Definition is Originally in Lem We used a language called Lem. Lem code can be translated into HOL4, Isabelle/HOL, Coq and OCaml. 11/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  12. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary How the paper spec and Lem spec look The EVM definition in Lem has 2,000 lines. Most instructions are simply encoded as functions in Lem. . . Yellow Paper (original spec): Note the overflow semantic when − 2 is 0x06 2 1 Modulo remainder operation. MOD � 0 if µ s [1] = 0 µ ′ s [0] ≡ µ s [0] mod µ s [1] otherwise Lem: | A r i t h MOD − > stack_2_1_op v c ( fun a d i v i s o r − > ( i f d i v i s o r = 0 then 0 else word256FromInteger ( ( u i n t a ) mod ( u i n t d i v i s o r ) ) ) ) . . . except CALL and friends. 12/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  13. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Special Treatment of CALL During CALL instruction, nested calls can enter our program. Nasty effects after executing CALL: the balance of the contract might have changed the storage of the contract might have changed Our blackbox treatment of CALL: by default, the storage and the balance change arbitrarily during a CALL. optionally, you can impose an invariant of the contract, which is assumed to be kept during a CALL but you are supposed to prove the invariant. Currently, we are working on a precise model of what happens during a CALL . 13/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  14. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary We Tested Our EVM Definition against Implementations’ Common Test Luckily, we have test suites for EVM definitions The test suites compare Ethereum Virtual Machine implementations in Python, Go, Rust, C ++ , . . . All EVM implementations need to behave the same, lest the Ethereum network forks (ugly) Definitions in Lem are translated into OCaml Our OCaml test harness reads test cases from Json, runs the Lem-defined EVM, checks the result v.s. expectations in Json VM Test suite: 40,617 cases (24 cases skipped; they involve multiple calls) Running those 24 involves implementing multiple calls (current efforts). 14/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  15. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Problems in L A T EX Specification Test suits are the spec in effect; the L A T EX spec is not tested. While writing definitions in Lem (or previously in Coq) memory usage when accessing addresses [ 2 256 − 31 , 1 ) an instruction had a wrong number of arguments ambiguities in signed modulo: sgn ( µ s [ 0 ]) | µ s [ 0 ] | mod | µ s [ 1 ] | some instructions touched memory but did not charge for memory usage malformed definition: o was defined to be o While testing the Lem definition: spurious modulo 2 256 in read positions of call data exceptional halting did not consume all remaining gas 15/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

  16. Overview Some Technicality Why Prove Ethereum Programs Correct Own Evaluation We Defined EVM for Theorem Provers Summary Proving Theorems about Ethereum Programs We used Isabelle/HOL to prove theorems about Ethereum programs. One theorem about a program (501 instructions) says: If the caller’s address is not at the storage index 1, the call cannot decrease the balance On the same condition, the call cannot change the storage Techniques: Brute-force directly on the big-step semantics (naïvely ignoring many techniques from 1960’s and on). Human spends 3 days constructing the proof Machine spends 3 hours checking the proof 16/32 Yoichi Hirai Defining EVM for Interactive Theorem Provers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Smart Contract PL 2018-08-20 Blockchain intro Bitcoin Ethereum

Smart Contract PL 2018-08-20 Blockchain intro Bitcoin Ethereum

SIGPL Smart Contract PL 2018-08-20 Blockchain intro Bitcoin Ethereum Hyperledger Transaction Model State + account model Framework State n Transaction State n+1 + EVM (Ethereum Virtual Machine) -

625 views • 38 slides
When Virtual Reality Meets Internet of Things in the Gym: Enabling Immersive Interactive Machine

When Virtual Reality Meets Internet of Things in the Gym: Enabling Immersive Interactive Machine

When Virtual Reality Meets Internet of Things in the Gym: Enabling Immersive Interactive Machine Exercises Fazlay Rabbi Michigan State University Taiwoo Park* Mi Zhang Biyi Fang Fazlay Rabbi* Youngki Lee (MSU) (MSU) (MSU) (SMU) (MSU)

669 views • 20 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

IC2E18 An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li, Niannian Ji, Baochun Li Virtual Machine Placement Select the most suitable physical machine (PM) to host each virtual machine (VM).

417 views • 13 slides
Ethereum Introduction Prof. Tom Austin San Jos State University Some Brief Ethereum Facts

Ethereum Introduction Prof. Tom Austin San Jos State University Some Brief Ethereum Facts

Cryptocurrencies & Security on the Blockchain Ethereum Introduction Prof. Tom Austin San Jos State University Some Brief Ethereum Facts Number 2 cryptocurrency by market cap. Not why we are studying it Core developers

448 views • 13 slides
Ethereum: A blockchain-based smart contract platform Tien Dat Le Questions Bitcoin vs

Ethereum: A blockchain-based smart contract platform Tien Dat Le Questions Bitcoin vs

Ethereum: A blockchain-based smart contract platform Tien Dat Le Questions Bitcoin vs Ethereum ? Why Ethereum and Decentralized application (Dapps) ? How Ethereum work ? What is new challenges in Dapps context ? 20.03.2018 3

916 views • 44 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO Programs. 3. Dealing with Complex Programs. 4. A Graphics Library for Agda Anton Setzer: Interactive programs in dependent type theory 1 1. Defining

810 views • 35 slides
The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

Virtual Machines in Compilation Virtual Machines in Compilation Abstract Syntax Tree compile Compilation 2007 Compilation 2007 Virtual Machine Code The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code

541 views • 11 slides
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia Mavridou 1 and Aron Laszka 2 1 Vanderbilt University 2 University of Houston 2 Smart Contract Insecurity Smart contracts are riddled with bugs and

575 views • 21 slides
Defining Machine Learning Dr. Alex Williams August 21, 2020 COSC 425: Introduction to Machine

Defining Machine Learning Dr. Alex Williams August 21, 2020 COSC 425: Introduction to Machine

Defining Machine Learning Dr. Alex Williams August 21, 2020 COSC 425: Introduction to Machine Learning Fall 2020 (CRN: 44874) COSC 425: Intro. to Machine Learning 1 Syllabus Clarifications #1: No textbook requirement. (See Daume in Canvas.)

708 views • 53 slides
A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

http://infinite.barrel-of-knowledge.info/cryptoparty/ (Surface web) https://yhfitd2wvrz3aybh.onion/cryptoparty/ (Deep web) A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual LAN with all traffic

629 views • 9 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum

Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum

CS261: Security in Computer Systems Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum white paper Cryptocurrencies we cover in this class Four very di ff erent cryptocurrencies each introducing di

472 views • 16 slides
MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is Java "byte code" Java Virtual Machine invoked methods and local stack (is it related to MIPS assembly/machine code ?) variables ?

487 views • 4 slides
Defining Virtual Reality Websters New Universal Unabridged Dictionary (1989) defines

Defining Virtual Reality Websters New Universal Unabridged Dictionary (1989) defines

Defining Virtual Reality Websters New Universal Unabridged Dictionary (1989) defines Virtual as being in essence or effect, but not in fact Websters defines reality as the state or quality of being real Introduction

1.05k views • 83 slides
CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c

CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c

CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c Z , if a | b and a | c then a | ( b c ) . Integers closed under addition. Proof: Assume a | b and a | c Today: Proofs!!! b = aq and c = aq

162 views • 4 slides
CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy

CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy

Pre-Class Learning Goals By the start of class, for each proof strategy below, you CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy can prove. Sketch the structure of a proof that uses the

311 views • 15 slides
SMTtoTPTP - A Converter for Theorem Proving Formats Peter Baumgartner Introduction TPTP

SMTtoTPTP - A Converter for Theorem Proving Formats Peter Baumgartner Introduction TPTP

SMTtoTPTP - A Converter for Theorem Proving Formats Peter Baumgartner Introduction TPTP (Thousands of Problems for Theorem Proving) Languages : clause logic, [typed]FOL[+arithmetics], HOL Problem library : > 20k problems Infrastructure :

391 views • 38 slides
Propositional Logic: Completeness of Formal Deduction Alice Gao Lecture 10 CS 245 Logic and

Propositional Logic: Completeness of Formal Deduction Alice Gao Lecture 10 CS 245 Logic and

Propositional Logic: Completeness of Formal Deduction Alice Gao Lecture 10 CS 245 Logic and Computation Fall 2019 1 / 37 Learning Goals By the end of this lecture, you should be able to their defjnitions. theorem. CS 245 Logic and

600 views • 37 slides
4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the correctness of grammars, i.e., for proving that grammars generate the languages we want them to. 1 / 21 Definition of Suppose G is a grammar and

324 views • 21 slides
Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru Christoph Welzel Dept. of CS, TU

Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru Christoph Welzel Dept. of CS, TU

. . . . . . . . . . . . . . Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru Christoph Welzel Dept. of CS, TU Munich April 1, 2019 The project has received funding from the European Research Council (ERC) under the

642 views • 33 slides
Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic

Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic

Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic Pablo Rauzy Sylvain Guilley Zakaria Najm rauzy@enst.fr guilley@enst.fr znajm@enst.fr pablo.rauzy.name perso.enst.fr/ guilley Telecom

718 views • 52 slides
Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN

Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN

Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN NEW YORK TERRITORY September 23, 2016 2 Agenda Introduc)ons Todd Fabozzi, NYSERDA Clean Energy Communi)es Eastern

845 views • 47 slides

More recommend