Formal Verification Platform As a Service: WebAssembly Vulnerability Detection Application.
Liangjun Deng,Hang Lei,Zheng Yang,Weizhong Qian,Xiaoyu Li,Hao Wu,Sihao Deng,Ruchao Sha,Weidong Deng
DOI: https://doi.org/10.32604/csse.2023.027680
IF: 4.397
2023-01-01
Computer Systems Science and Engineering
Abstract:In order to realize a general-purpose automatic formal verification platform based on WebAssembly technology as a web service (FVPS), which aims to provide an automated report of vulnerability detections, this work builds a Hyperledger Fabric blockchain runtime model.It proposes an optimized methodology of the functional equivalent translation from source program languages to formal languages.This methodology utilizes an external application programming interface (API) table to replace the source codes in compilation, thereby pruning the part of housekeeping codes to ease code inflation.Code inflation is a significant metric in formal language translation.Namely, minor code inflation enhances verification scale and performance efficiency.It determines the efficiency of formal verification, involving launching, running, and memory usage.For instance, path explosion increases exponentially, resulting in out-of-memory.The experimental results conclude that program languages like golang severely impact code inflation.FVPS reduces the wasm code size by over 90%, achieving two orders of optimization magnitude, from 2000 kilobyte (KB) to 90 KB.That means we can cope with golang applications up to 20 times larger than the original in scale.This work eliminates the gap between Hyperledger Fabric smart contracts and WebAssembly.Our approach is pragmatic, adaptable, extendable, and flexible.Nowadays, FVPS is successfully applied in a Railway-Port-Aviation blockchain transportation system.