Jian Zhu,Kai Hu,Mamoun Filali,Jean-Paul Bodeveix,Jean-Pierre Talpin

DOI: https://doi.org/10.48550/arXiv.2005.01261

2020-05-13

Abstract:Smart contracts are the artifact of the blockchain that provide immutable and verifiable specifications of physical transactions. Solidity is a domain-specific programming language with the purpose of defining smart contracts. It aims at reducing the transaction costs occasioned by the execution of contracts on the distributed ledgers such as the Ethereum. However, Solidity contracts need to adhere safety and security requirements that require formal verification and certification. This paper proposes a method to meet such requirements by translating Solidity contracts to Event-B models, supporting certification. To that purpose, we define a restrained Solidity subset and a transfer function which translates Solidity contracts to Event-B models. Then we take advantage of Event-B method capabilities to refine models at different levels of abstraction to verify Solidity contracts' properties. And we can verify the generated proof obligations of the Event-B model with the help of the Rodin platform.

Software Engineering

Paulius Stankaitis,Alexei Iliasov,David Adjepon-Yamoah,Alexander Romanovsky

DOI: https://doi.org/10.48550/arXiv.1611.02923

2016-11-09

Abstract:Event-B is one of more popular notations for model-based, proof driven specification. It offers a fairly high-level mathematical lan- guage based on FOL and ZF set theory and an economical yet expres- sive modelling notation. Model correctness is established by discharging proving a number conjectures constructed via a syntactic instantiation of schematic conditions. A large proportion of provable conjectures re- quires proof hints from a user. For larger models this becomes extremely onerous as identical or similar proofs have to be repeated over and over, especially after model refactoring stages. In the paper we briefly present a new Rodin Platform proof back-end based on the Why3 umbrella prover.

Software Engineering

Xiaomin Bai,Zijing Cheng,Zhangbo Duan,Kai Hu

DOI: https://doi.org/10.1145/3185089.3185138

2018-01-01

Abstract:Smart contracts can automatically perform the contract terms according to the received information, and it is one of the most important research fields in digital society. The core of smart contracts is algorithm contract, that is, the parties reach an agreement on the contents of the contract and perform the contracts according to the behaviors written in certain computer algorithms. It not only needs to make sure about the correctness of smart contracts code, but also should provide a credible contract code execution environment. Blockchain provides a trusted execution and storage environment for smart contracts by the distributed secure storage, consistency verification and encryption technology. Current challenge is how to assure that smart contract can be executed as the parties' willingness. This paper introduces formal modeling and verification in formal methods to make smart contract model and verify the properties of smart contracts. Formal methods combined with smart contracts aim to reduce the potential errors and cost during contract development process. The description of a general and formal smart contract template is provided. The tool of model checking, SPIN, is used to verify the correctness and necessary properties for a smart contract template. The research shows model checking will be useful and necessary for smart contracts.

Xiaoyu Li,Cheng Su,Yan Xiong,Wenchao Huang,Wansen Wang

DOI: https://doi.org/10.1109/bigcom.2019.00021

2019-01-01

Abstract:Blockchain is a decentralized cryptocurrency framework which has gained considerable attention in research and many industries. Ethereum is an implementation based on blockchain technology. Ethereum blockchain offers smart contracts, a piece of program codes which can execute and record the transactions in blockchain. Users can use smart contracts to create their own tokens based on ERC-20 standard, and token smart contracts have been used to manage and transfer tokens, carrying millions dollars worth of virtual currencies. However, keeping token smart contracts secure can be difficult. When smart contracts are deployed on Ethereum successfully, they cannot be changed. Due to the openness of Ethereum, both users and attackers can invoke contracts. So errors in smart contracts have led and will lead to a loss. For example, the DAO bug led to a 60 million US dollar loss in June 2016. Therefore, the researches on security of smart contracts are urgently important. In this paper, we use a formal approach to verify smart contracts. We apply formal verification on a concrete smart contract example, BNB contract, which is one of the most popular token contracts. We analyze the contract and discover the two attributes in the contract, one is transfer attribute involving the functions of transferring tokens operations, and the other is owner attribute which involves the authority of contract owner. We verify these two attributes respectively. We model the contract using SAPIC, the applied pi calculus and then verify by Tamarin prover. We specify the processes of modeling and verifying. The results show we cannot find an attack path. The research method reduces the complexity of verifying smart contracts and can be used to analyze complex contracts.

Hongjiang Gao,Yongsheng Zhao,Jun Liu,Zheng Qin

2007-01-01

Abstract:With increasingly complexity in intellectualized information management systems (IIMS), the problem of their verification and validation is acquiring increasing importance, and rigorous design practices are needed in case of critical applications. In this paper, a practical approach for increasingly developing flexible and reliable formal specifications of IIMS using Event-B is described, with a roles-based collaboration model, exemplified on iterated contract net interaction protocol in the interaction of IIMS, and then B models generated with evt2b supported by Atelier B are then proven in consistency and correctness.

Abeer Saeed Abdo Hadad,Chunyan Ma,Adeeb Abdulwakeel Obadi Ahmed

DOI: https://doi.org/10.1109/access.2020.2987972

IF: 3.9

2020-01-01

IEEE Access

Abstract:AADL is widely used to depict the architecture and behavior of real-time safety-critical systems such as avionics and aerospace. The development of these systems has strict requirements for building fault-free systems. Formal verification is frequently applied to verify the critical properties of the systems, such as safety and liveness; however, the formal verification is not supported by AADL. Model transformation is commonly applied to provide formal semantics; hence, the AADL model can be verified by a language that supports formal verification in addition to the ability to cover all AADL model behavior. Event-B, with its proof obligation, is increasingly used to model and verify safety-critical systems. This paper presents the transformation of the AADL model into Event-B, which captures most AADL components and behavioral actions to be effective in the verification of current real-time systems models. Then, we define theorems and invariants of safety and liveness properties to be proven by using the RODIN platform. To demonstrate the efficacy of our method, we model the AADL of movement authority (MA) control of the Chinese Train Control System, transform the AADL model to Event-B and verify its crucial properties.

Yuqian Guan,Jian Guo,Qin Li

DOI: https://doi.org/10.1109/access.2021.3073398

IF: 3.9

2021-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is becoming an increasingly common paradigm. As IoT usage scenarios have increased, many challenges in IoT operating systems' safety and adaptability have remained. According to the programming model, IoT operating systems can be categorized into three types: multithreading, event-driven, and hybrid. Different operating system models are applied in different scenarios depending on the real-time requirements or resource richness. The safety of IoT operating systems is critical; hence, formal verification is an important method of detecting potential vulnerabilities and providing safety guarantees. This paper proposes a hybrid model for an IoT operating system and employs the Event-B method for modeling and verification. We rewrite the requirements and divide the Event-Bus hybrid operating system model into eight levels for refinement. The safety and liveness properties of Event-Bus are guaranteed by generating and proving the proof obligations at each model level. A large proportion of the proof obligations (91%) are automatically proven on the Rodin platform to simplify the development process.

Alexandre Mota,Fei Yang,Cristiano Teixeira

2023-07-05

Abstract:Nowadays, smart contracts have become increasingly popular and, as with software development in general, testing is the standard method for verifying their correctness. However, smart contracts require a higher level of certainty regarding correctness because they are diffcult to modify once deployed and errors can result in significant financial losses. Therefore, formal verification is essential. In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.

Software Engineering

Ning Ge,Arnaud Dieumegard,Eric Jenn,Laurent Voisin

DOI: https://doi.org/10.48550/arxiv.1610.07410

2016-01-01

Abstract:This work addresses the correct translation of an Event-B model to C code via an intermediate formal language, HLL. The proof of correctness follows two main steps. First, the final refinement of the Event-B model, including invariants, is translated to HLL. At that point, additional properties (e.g., deadlock-freeness, liveness properties, etc.) are added to the HLL model. The proof of the invariants and additional properties at the HLL level guarantees the correctness of the translation. Second, the C code is automatically generated from the HLL model for most of the system functions and manually for the remaining ones; in this case, the HLL model provides formal contracts to the software developer. An equivalence proof between the C code and the HLL model guarantees the correctness of the code.

Ning Ge,Arnaud Dieumegard,Eric Jenn,Laurent Voisin

DOI: https://doi.org/10.1002/smr.1959

2018-01-01

Journal of Software

Abstract:Event‐B is a formal notation and method for the systems development. The key feature of this method is to produce correct‐by‐construction system designs. Once the correct design is established, the remaining work is to generate or implement correct code from the design. Two main problems remain in the process from the correct‐by‐construction design to the correct software. First, the Event‐B design is “quasi‐correct” due to some technical limitations. For instance, it is still difficult to prove the liveness properties by the Rodin platform; it is not possible to construct the Event‐B design with floating‐point arithmetic, and sometimes, the Event‐B model is incomplete and must rely on the third‐party libraries. Therefore, a method is needed to complement these modeling and proof gaps. Secondly, proving the correctness of an automatic code generator is very difficult; therefore, a method is needed to guarantee the correctness of the produced code without proving the code generator. In this article, we address the above 2 problems by introducing an intermediate formal language called High‐Level Language (HLL) between the Event‐B models and the C code. The Event‐B model is translated to HLL with an additional schedule configuration, where Event‐B invariants and system invariants (here, deadlock‐freeness and liveness properties) are proved using a SAT‐based model checker called S3. This proof guarantees the correctness of the HLL model with respect to the Event‐B model. The C code is then automatically generated from the HLL model for most functions and is manually implemented for the third‐party ones according to the function contracts defined in Event‐B. The correctness of the generated C code is guaranteed using the equivalence proof, and the correctness of the implemented C code is guaranteed using the conformance proof. Through the article, we use a traffic light controller to illustrate the proposed method; then, we apply the method to an automatic protection function of a 3‐wheeled robot to evaluate its feasibility.

Wen Su,Jean-Raymond Abrial,Huibiao Zhu

DOI: https://doi.org/10.1016/j.scico.2014.04.015

IF: 1.039

2014-01-01

Science of Computer Programming

Abstract:This paper contains the development of hybrid systems with Event-B and the Rodin Platform. It follows the seminal approach introduced at the turn of the century in Action Systems. Many examples that have been entirely proved with the Rodin Platform illustrate our approach. We propose to complement the Event-B/Rodin Platform approach with the usage of Matlab, either to simulate examples with some correct as well as incorrect set of parameters, or to use the analytical power of Matlab to complement the usage of Event-B.

Zheng Yang,Hang Lei,Weizhong Qian

DOI: https://doi.org/10.1109/access.2020.2969437

IF: 3.9

2020-01-01

IEEE Access

Abstract:This paper reports a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. A Coq proof assistant is employed for programming the system and for proving its correctness. The current version of FSPVM-E adopts execution-verification isomorphism, which is an application extension of Curry-Howard isomorphism, as its fundamental theoretical framework to combine symbolic execution and higher-order logic theorem proving. The four primary components of FSPVM-E include a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language denoted as Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes, the corresponding formally verified interpreter of Lolisa, denoted as FEther, and assistant tools and libraries. The self-correctness of all components is certified in Coq. FSPVM-E supports the ERC20 token standard, and can automatically and symbolically execute Ethereum-based smart contracts, scan their standard vulnerabilities, and verify their reliability and security properties with Hoare-style logic in Coq.

Jean-Raymond Abrial,Wen Su,Huibiao Zhu

DOI: https://doi.org/10.1007/978-3-642-30885-7_13

2012-01-01

Abstract:This paper contains the development of hybrid systems in Event-B and the Rodin Platform. It follows the seminal approach introduced at the turn of the century in Action Systems. Many examples illustrate our approach.

Yu Dong,Yue Li,Dongqi Cui,Jianbo Gao,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.18293/seke2022-128

2022-01-01

Abstract:Ensuring functional correctness of smart contracts is a pressing security concern to blockchain-based systems.With the development of blockchain application, the trading scenarios and function implementation of smart contracts have become increasing complex, containing several interacted contracts or related functions.However, the existing contracts verifiers for proving functional correctness focus on verifying isolated contract or function but ignore the interactions between them, which makes it difficult to verify correctness of composite transactions, i.e., complex transaction scenarios that invoke multiple contracts or trigger a set of transactions.In this paper, we present SMIFIER, a formal verification tool for smart contracts to prove functional properties in composite transactions.SMIFIER defines a set of specifications for composite transactions and can automatically specify properties in these multiple complex transactions.Based on states extraction and mapping, SMIFIER translates annotated Solidity program into Boogie program and verifies relations between functions and properties for interacted contracts.Our experimental evaluation on 12 real-world projects and 65 properties, demonstrates that SMIFIER is practically effective in ensuring functional correctness of properties in composite transactions.

Toni Mancini,Federico Mari,Annalisa Massini,Igor Melatti,Enrico Tronci

DOI: https://doi.org/10.4204/EPTCS.193.7

2015-09-24

Abstract:Many simulation based Bounded Model Checking approaches to System Level Formal Verification (SLFV) have been devised. Typically such approaches exploit the capability of simulators to save computation time by saving and restoring the state of the system under simulation. However, even though such approaches aim to (bounded) formal verification, as a matter of fact, the simulator behaviour is not formally modelled and the proof of correctness of the proposed approaches basically relies on the intuitive notion of simulator behaviour. This gap makes it hard to check if the optimisations introduced to speed up the simulation do not actually omit checking relevant behaviours of the system under verification. The aim of this paper is to fill the above gap by presenting a formal semantics for simulators.

Software Engineering,Systems and Control

Yuepeng Wang,Shuvendu K. Lahiri,Shuo Chen,Rong Pan,Isil Dillig,Cody Born,Immad Naseer

DOI: https://doi.org/10.48550/arXiv.1812.08829

2019-04-30

Abstract:Ensuring correctness of smart contracts is paramount to ensuring trust in blockchain-based systems. This paper studies the safety and security of smart contracts in the \emph{Azure Blockchain Workbench}, an enterprise Blockchain-as-a-Service offering from Microsoft. As part of this study, we formalize \emph{semantic conformance} of smart contracts against a state machine model with access-control policy and develop a highly-automated formal verifier for Solidity that can produce proofs as well as counterexamples. We have applied our verifier {\sc VeriSol} to analyze {\it all} contracts shipped with the Azure Blockchain Workbench, which includes application samples as well as a governance contract for Proof of Authority (PoA). We have found previously unknown bugs in these published smart contracts. After fixing these bugs, {\sc VeriSol} was able to successfully perform full verification for all of these contracts.

Programming Languages

W. T. Tsai,Xinyu Zhou,Yinong Chen

DOI: https://doi.org/10.1109/anss-41.2008.30

2008-01-01

Abstract:The verification of SOA (Service-Oriented Architecture) applications is important, and, simulation is a promising method because it provides runtime behavior and performance analysis. This paper uses a BPEL engine as a simulation engine to simulate SOA applications, and proposes an event- driven policy enforcement framework to verify the SOA applications during simulation.

Sarah Hussein Toman,Lazhar Hamel,Aida Lahouij,Zinah Hussein Toman,Mohamed Graiet

DOI: https://doi.org/10.1002/stvr.1904

2024-11-03

Software Testing Verification and Reliability

Abstract:This paper presents a robust framework using Event‐B for IoT communication systems, emphasizing formal modeling, validation and verification. Key findings demonstrate enhanced reliability and error reduction through automated tools, improving our understanding and development of complex IoT systems. During the early phases of software system development, error detection can be challenging due to the complexity of both the requirements and the operating environments. This paper advocates for the utilization of formal modelling and verification throughout the first phases of systems development to promptly detect and correct errors. The formalism employed throughout is Event‐B, which is backed by the Rodin toolset. To conquer requirements complexity, the frameworks of set theory and first‐order logic are employed, which provide the necessary tools for formalizing and analysing the properties and behaviours associated with Event‐B. Also, we detail the way in which modelling may be used to achieve abstraction, as well as the way in which refinement can be used to manage complexity through layering. Furthermore, we emphasize the significance of model validation and verification in improving the precision of formal models and requirements in IoT communication systems. The model is exemplified using a Content‐Based Publish Subscribe System (CBPS), with a special emphasis on a fire alarm system as a motivating example.

computer science, software engineering

Palina Tolmach,Yi Li,Shang-Wei Lin,Yang Liu,Zengxiang Li

DOI: https://doi.org/10.1145/3464421

IF: 16.6

2022-09-30

ACM Computing Surveys

Abstract:A smart contract is a computer program that allows users to automate their actions on the blockchain platform. Given the significance of smart contracts in supporting important activities across industry sectors including supply chain, finance, legal, and medical services, there is a strong demand for verification and validation techniques. Yet, the vast majority of smart contracts lack any kind of formal specification, which is essential for establishing their correctness. In this survey, we investigate formal models and specifications of smart contracts presented in the literature and present a systematic overview to understand the common trends. We also discuss the current approaches used in verifying such property specifications and identify gaps with the hope to recognize promising directions for future work.

computer science, theory & methods

Jie Meng,Zheng Li,Ruiliang Zhao,Ying Shang

DOI: https://doi.org/10.1007/978-981-16-7993-3_30

2021-01-01

Abstract:Smart contracts are one of the core components of the block-chain system and have been widely used across various fields. Since a smart contract cannot be easily changed or updated once instantiated, one has to be absolutely sure that the program code works as expected. However, there are no uniform definitions for smart contracts, and the programming of smart contracts requires professional developers with expert domain knowledge. This paper proposed a formal modeling method for start contracts. First, the formal definition of smart contracts is proposed. Second, we introduce an EFSM based modeling method for smart contracts. Finally, we design a visual modeling tool EFSMSolid for creating EFSM on an easy-to-use graphical platform. To verify the effectiveness of the method, we conduct experiments on smart contracts of five blockchain applications, and the experimental results show that the proposed method can automatically and effectively create smart contracts models.