CN112215618A - Verification method and device of intelligent contract - Google Patents
Verification method and device of intelligent contract Download PDFInfo
- Publication number
- CN112215618A CN112215618A CN202011435380.3A CN202011435380A CN112215618A CN 112215618 A CN112215618 A CN 112215618A CN 202011435380 A CN202011435380 A CN 202011435380A CN 112215618 A CN112215618 A CN 112215618A
- Authority
- CN
- China
- Prior art keywords
- program state
- target security
- security attribute
- verification
- reduction processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the specification provides a verification method and a verification device of an intelligent contract. According to the method of the embodiment, firstly, formalized verification of target security attributes is respectively carried out on each interface of the intelligent contract; then, reducing the program state generated by formal verification of different interfaces of the intelligent contract; then, if the program state obtained by the reduction processing does not meet the target security attribute, acquiring a program state instance which does not meet the target security attribute; and verifying whether the program state instances which do not meet the target security attribute are all invalid, and if not, failing to verify the target security attribute.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of computer application technologies, and in particular, to a method and an apparatus for verifying an intelligent contract in the field of blockchain technologies.
Background
An intelligent contract is a computer protocol intended to propagate, validate or execute contracts in an informational manner. Smart contracts allow trusted transactions to be conducted without third parties. In the field of blockchain technology, an intelligent contract is a set of commitments, designated in numerical form, that includes agreements in which parties fulfill the commitments. Due to the particularities of blockchain platforms, intelligent contracts are completely transparent to participants on the platform and are difficult to alter once deployed. It becomes necessary to ensure the security and correctness of the intelligent contracts before they are deployed.
Disclosure of Invention
One or more embodiments of the present specification describe a method and apparatus for verifying an intelligent contract to implement verification of the intelligent contract.
According to a first aspect, there is provided a method of validating an intelligent contract, the method comprising:
performing formal verification of target security attributes on each interface of the intelligent contract;
reducing the program state generated by formal verification of different interfaces of the intelligent contract;
if the program state obtained by the reduction processing does not meet the target security attribute, acquiring a program state instance which does not meet the target security attribute;
and verifying whether the program state instances which do not meet the target security attribute are all invalid, and if not, failing to verify the target security attribute.
In one embodiment, the method further comprises:
and if the program state obtained by the reduction processing meets the target security attribute, continuing to perform formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing.
In another embodiment, the method further comprises:
and if the program state instances which do not meet the target security attribute are verified to be invalid, excluding the invalid program state instances from the program state obtained by the reduction processing, and continuing to execute the formal verification of the target security attribute on each interface of the intelligent contract.
In one embodiment, before the step of performing the formalized verification of the target security attribute for each interface of the intelligent contract, the method further comprises:
judging whether the program state obtained by the reduction processing is stable or not;
if so, the target security attribute passes the verification, and the verification of the target security attribute is finished;
otherwise, continuing to execute the formal verification of the target security attribute of each interface of the intelligent contract based on the program state obtained by the reduction processing.
In another embodiment, the reduction process includes an abstract interpretation in a program analysis technique.
Wherein the judging whether the program state obtained by the reduction processing is stable includes:
and if the program state obtained by the reduction processing for N times is the same, determining that the program state obtained by the reduction processing is stable, wherein N is a positive integer greater than or equal to 2.
In one embodiment, said verifying that program state instances that do not satisfy said target security attributes are all invalid comprises:
performing formal verification of the program state instance through interfaces of the smart contract to verify whether the program state instance is invalid.
In another embodiment, the obtaining the instance of the program state that does not satisfy the target security attribute comprises:
from the program states generated by formal verification of the different interfaces of the smart contract, program state instances that do not satisfy the target security attribute are determined.
According to a second aspect, there is provided a verification apparatus for an intelligent contract, the apparatus comprising:
the formal verification unit is configured to perform formal verification of the target security attribute on each interface of the intelligent contract;
a reduction processing unit configured to perform reduction processing on the program state generated by the verification in the form of the different interface of each smart contract;
a state discrimination unit configured to judge whether or not the program state obtained by the reduction processing unit satisfies the target security attribute;
the instance verification unit is configured to acquire the program state instance which does not meet the target security attribute if the judgment result of the state judgment unit is negative; verifying whether program state instances that do not satisfy the target security attribute are all invalid;
and the result determining unit is configured to determine that the target security attribute fails to be verified if the verification result of the instance verifying unit is negative.
In an embodiment, the formal verification unit is further configured to, if the state discrimination unit determines that the program state obtained by the reduction processing satisfies the target security attribute, continue to perform the formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing.
In one embodiment, the formal verification unit is further configured to, if the verification result of the instance verification unit is yes, exclude the invalid program state instance from the program states obtained by the reduction processing, and continue to perform the formal verification of the target security attribute on each interface of the intelligent contract.
In another embodiment, the state determination unit is further configured to, if it is determined that the program state obtained by the reduction processing unit satisfies the target security attribute, further determine whether the program state obtained by the reduction processing reaches a stable state, and if not, trigger the formal verification unit to continue to perform formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing;
the result determining unit is further configured to determine that the target security attribute is verified if the state judging unit judges whether the program state obtained by the reduction processing is stable.
In one embodiment, the reduction process includes an abstract interpretation in a program analysis technique.
In another embodiment, the state determination unit is specifically configured to determine that the program state obtained by the reduction processing reaches a stable state if the program state obtained by the reduction processing for N consecutive times is the same, where N is a positive integer greater than or equal to 2.
In one embodiment, the instance verification unit is specifically configured to perform formal verification of the program state instance through interfaces of the intelligent contract to verify whether the program state instance is invalid.
In another embodiment, the instance verification unit, when obtaining the program state instance that does not satisfy the target security attribute, is specifically configured to determine the program state instance that does not satisfy the target security attribute from among the program states generated by formal verification of different interfaces of the smart contract.
According to a third aspect, there is provided a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of the first aspect.
According to the method and the device provided by the embodiment of the specification, the target security attributes of each interface of the intelligent contract are subjected to formal verification and reduction treatment in combination, and when the program state examples which do not meet the target security attributes are verified to be invalid, the target security attributes are determined to fail to be verified, so that the verification of the intelligent contract is realized. Based on the method, the safety and the correctness of the deployed intelligent contract can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 illustrates a flow diagram of a method for verification of a smart contract, according to one embodiment;
FIG. 2 illustrates a flow diagram of a method for validating a smart contract, according to another embodiment;
fig. 3 shows a schematic block diagram of a validation apparatus of a smart contract according to an embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
With the advent of blockchain technology, smart contracts need to be secured for security and correctness due to the characteristics that are difficult to change once deployed and often carry a higher economic value. At present, the method for verifying the intelligent contract based on the test scheme in the industry cannot ensure the correctness and the safety. Because the test scheme is to enumerate several instances to verify the intelligent contract, false positives and false negatives are easily generated.
In this specification, it is considered that the intelligent contract is about to ensure its security and correctness, and the key point is to verify whether the security attributes of the intelligent contract are correct. That is, the security attributes of the smart contract need to be verified to determine if the verification is passed. Therefore, a formal verification mode and a mode of reducing the program state are adopted, program state examples which do not meet the target security attribute are found, and the validity of the program state examples is further verified to determine whether the target security attribute passes the verification. The method reduces the situations of false alarm and false alarm, and improves the correctness and the safety of the intelligent contract.
Specific implementations of the above concepts are described below.
FIG. 1 illustrates a flow diagram of a method for verification of a smart contract, according to one embodiment. It is to be appreciated that the method can be performed by any apparatus, device, platform, cluster of devices having computing and processing capabilities. As shown in fig. 1, the method includes:
and 101, performing formal verification of target security attributes on each interface of the intelligent contract.
Formal verification is to mathematically prove the correctness of a program. Formal verification generally uses a mathematical language to describe the behavior of a program and the properties that need to be verified, and then uses specific mathematical rules to verify that all possible behaviors of the program satisfy the properties.
In this specification, formal verification techniques are introduced to ensure the correctness and security of intelligent contracts. Since formal verification is based on mathematical reasoning, its results are logically guaranteed. Once a property is certified, the program will satisfy the property under any possible program state and behavior. In the present description, the smart contracts are essentially "programs" in formal verification technology, and the security attributes are "attributes" in formal verification technology.
At least one security attribute exists in the intelligent contract, and if the security attributes are mutually independent, each security attribute is respectively used as a target security attribute to execute the verification process in the embodiment. If there is a dependency relationship between the security attributes, the security attribute with the dependency relationship may be used as a target security attribute to perform the verification process in the embodiment.
In addition, since the intelligent contract runs in the virtual machine, the only channel for interaction with the outside world, except for the user input and the code logic of the intelligent contract, is the intelligent contract interface provided by the blockchain platform, i.e., the API function. Also, verification of the contract requires that the correctness of all program behavior be guaranteed. Therefore, when the target security attribute of the intelligent contract is formally verified, the formalized verification of the target security attribute is respectively performed on each interface of the intelligent contract. During specific execution, the interfaces can be called in parallel to perform formal verification of the target security attributes, and the interfaces can also be called one by one to perform formal verification of the target security attributes.
The specific way of formal verification can adopt the existing mature technology, and the detailed processing of formal verification is not detailed here. It is understood that the present specification utilizes existing formal verification tools to perform formal verification of target security attributes for each interface of an intelligent contract.
And 103, reducing the program state generated by the formal verification of different interfaces of the intelligent contract.
Since formal verification techniques require accurate knowledge of the overall behavior of a program (i.e., an intelligent contract), if the logic of the program is complex, the involved program behavior can grow exponentially and even quickly out of the computational power range, resulting in a state space explosion. In this regard, the present specification adopts a combination of formal verification and reduction processing.
The reduction processing of the program state means that a plurality of program states are simplified and expressed by a certain reduction method, so as to achieve the purpose of compressing the program state.
The reduction processing specifically employed may be, for example, human intervention processing, static or dynamic rule-based processing, or the like. But as a preferred embodiment abstract interpretation in program analysis techniques may be used. Abstract interpretations express some type of program state in an abstract way. For example, if the target security attributes are: the variable x is always greater than 0. In the process of continuously performing formalized verification on the intelligent contract, the value of x needs to be continuously recorded. As the program is executed continuously, the value of x will be more and more, and a large part of the computing performance and the storage space will be occupied. However, if only the value of x is greater than 0, it can be abstracted and only the minimum value of x is recorded. Then the reduction can be performed to record only the minimum value of x in the resulting program state.
In this specification, after formal verification of the target security attribute is performed on each interface of the intelligent contract, a plurality of results of the formal verification may be obtained, and the results may be expressed as a plurality of program states. In this step, reduction processing is performed on the plurality of program states to obtain reduced program states. For example, after obtaining a plurality of values of x, only the minimum value of the plurality of values of x is retained and recorded as the program state after reduction. The reduction processing mode can effectively reduce the occupation of the calculation performance and the storage space and avoid space explosion.
And 105, if the program state obtained by the reduction processing does not meet the target security attribute, acquiring a program state instance which does not meet the target security attribute.
If the program state resulting from the reduction process does not meet the target security attributes, there may be two cases: one such case is that such incorrect program state is truly present; alternatively, false positives of program states are due to reduction processing. To further verify both cases, a way to verify whether a program state instance that does not satisfy the target security attributes is invalid is employed in this specification.
As a preferred embodiment, after obtaining the program state instance that does not satisfy the target security attribute obtained by the formal verification, the formal verification of the program state instance may be performed through each interface of the smart contract to verify whether the program state instance is invalid.
Program state instances that do not satisfy the target security attributes may be determined from the program states that were generated as a result of verification in the form of different interfaces of the smart contract in step 105 described above. In the formal verification process, program state instances are obtained that do not satisfy the target security attributes, which are "counter-examples" for intelligent contracts.
Continuing with the above example, assuming that a certain security attribute of the smart contract is that the variable x is always greater than 0, after formal verification is performed on each interface of the smart contract by calling a formal verification tool, program states such as x =1, x =3, x =5, and x = -2 are generated, and after reduction processing is performed on these program states, the minimum value of x is recorded as x = -2, which obviously does not satisfy the security attribute. An instance that does not satisfy the program status, i.e., x = -2, may be acquired from each program status obtained by the formal verification tool.
In addition to the above-described manner of determining a program state instance that does not satisfy a target security attribute from among the program states generated by formal verification of different interfaces of a smart contract, other realizable manners may also be used to obtain a program state instance that does not satisfy a target security attribute. For example, the program state resulting from the reduction process is compared to the target security attributes, instances that do not satisfy the program state are mathematically selected, and so on. For example, in the above example, the minimum value of the record x after the reduction process is x = -2, and the target security attribute requires that x is always greater than 0, then after the comparison, it can be determined mathematically that both x = -2 and x = -1 may be program state instances that do not satisfy the target security attribute. However, such mathematical approaches may introduce program state instances that do not exist in reality, and therefore, it is preferable to determine program state instances that do not satisfy the target security attributes from among the program states that are generated by the formal verification of the different interfaces of the smart contract.
Formal verification of the program state instance is performed by invoking interfaces of the smart contract. The verification process is similar to the process of program testing, i.e., the program state instances are delivered to the formal verification tool for actual execution. If the instance can actually perform outputting the correct result, e.g., output "True" is typically set for the actual presence in formal verification, the instance is considered valid and is actually present. That is, there is a true program state that does not satisfy the target security attribute, and therefore, the target security attribute verification fails.
An instance is considered invalid if it actually performs the result of an output error in formal verification, e.g., output "False" would normally be set for non-existent instances in formal verification. That is, program state that does not meet the target security attributes is not realistic.
The formal verification process for the instance is also performed by calling each interface of the intelligent contract, and the instance is considered invalid as long as the 'False' is output in the process. Formalized verification of a particular instance can result in a quick and efficient verification of whether the instance is invalid.
According to the technical scheme provided by the embodiment, the target security attributes of the interfaces of the intelligent contract are subjected to formal verification and reduction treatment, and when the program state instances which do not meet the target security attributes are verified to be invalid, the target security attributes are determined to fail to be verified, so that the intelligent contract is verified. Based on the method, the safety and the correctness of the deployed intelligent contract can be ensured.
The adoption of the reduction processing can effectively relieve space explosion possibly caused by formal verification and reduce the influence and occupation on the computing performance and the storage space.
FIG. 2 illustrates a flow diagram of a method for validating a smart contract, according to another embodiment. It is to be appreciated that the method can be performed by any apparatus, device, platform, cluster of devices having computing and processing capabilities. As shown in fig. 2, the method includes:
and step 201, performing formal verification of target security attributes on each interface of the intelligent contract.
The content of this part is described in relation to step 101 in the embodiment shown in fig. 1, and is not described herein again.
And step 203, reducing the program state generated by the formal verification of different interfaces of the intelligent contract.
For the content of this part, reference is made to the related description of step 103 in the embodiment shown in fig. 1, which is not described herein again.
The security attribute set in the smart contract must be satisfied in any case, and therefore, if the program status obtained by the reduction process does not satisfy the target security attribute, the smart contract may be unsafe and incorrect. However, as described in the embodiment shown in fig. 1, there may be two cases: one such case is that such incorrect program state is truly present; alternatively, false positives of program states are due to reduction processing. To further verify both cases, a way to verify whether a program state instance that does not satisfy the target security attributes is invalid is employed in this specification. Step 211 is performed.
If it is determined in step 205 that the program status obtained by the reduction processing satisfies the target security attribute, the process returns to step 201 if the program status obtained by the reduction processing does not reach a stable status. That is, steps 201 and 203 are processing executed in a loop until the program state resulting from the reduction processing reaches a steady state.
And if the program state obtained by the reduction processing for N times is the same, determining that the program state obtained by the reduction processing is stable, wherein N is a positive integer greater than or equal to 2. For example, if the program state obtained by the current reduction processing is the same as the program state obtained by the previous reduction processing, the program state is considered to be stable.
That is, until the program state is stable, the target security attribute verification is satisfied, which indicates that the target security attribute is safe and correct, and the verification is passed.
That is, if the target security attribute is not satisfied before the program state is stable, it needs to be further verified whether the program state instances that do not satisfy the target security attribute are all invalid. For the verification process in this step, reference may be made to the description of step 105 in the embodiment shown in fig. 1, which is not described herein again.
Step 213, the invalid program state instance is excluded from the program state obtained by the reduction process, and the process proceeds to step 201.
And the invalid program state instance is not the true program state, and is excluded from the program state obtained by reduction processing in order to avoid generating the invalid program state instance again in the intelligent contract verification process. And then go to step 201 to start the next round of verification.
Since smart contracts have multiple interfaces, these interfaces can be called by an unlimited number of loops. Thus, this amounts to an infinite loop from the life of the entire smart contract. This will cause the program states generated by each interface of the intelligent contract after being called to be different and gradually overlapped (i.e. calling another interface on the basis of one program state and generating a new program state), which theoretically easily causes the explosion of the program state space of the intelligent contract, i.e. the generated program states are more and more, and the program states to be recorded need to occupy more and more storage spaces. In the specification, formal verification is performed on the behavior of a single interface, but a reduction processing mode is used among a plurality of interfaces, that is, only the program state after reduction processing needs to be recorded, so that the occupation of the program state on the storage space is greatly reduced, the explosion of the program state space is avoided, and the intelligent contract is still usable under the condition that the plurality of interfaces are infinitely and circularly called.
To facilitate understanding of the above flow, an example is given here:
assume that a security attribute of a smart contract is: the integer x is never negative, i.e., x 0. If m interfaces exist in the intelligent contract, the program state is obtained after the formalized verification of the security attribute is carried out on each interface: x =1, x =3, x =5, …. These program states can become more and more formal verification over multiple cycles, creating a problem of state space explosion. Thus, after each formal verification, an abstract interpretation is performed, using the minimum value of x to represent all values of x, thereby reducing the potentially explosive program state space.
Assume that after a certain abstract interpretation, the minimum value of x is-2, i.e. the program state is x-2. It is clear that this state does not satisfy the security attribute x 0. From the formal verification process, program state instances that do not satisfy the security attributes can be obtained: x = -1 and x = -2.
First x = -1 is returned to formal verification for execution, this process is similar to the test process. If x = -1 does exist, outputting "true" after performing formal verification, which indicates that the security attribute is not safe and correct, and the test for the security attribute at this time fails.
If x = -1 does not exist, e.g., "False" is output after performing formal verification, then x = -1 is excluded from the current program state, i.e., the current program state is: x-2 and x-1.
And then returning x = -2 to the formal verification for execution, if x = -2 does exist, the safety attribute is not safe and correct, and the test for the safety attribute fails.
If x = -2 does not exist, e.g., "False" is output after performing formal verification, then x = -2 is excluded from the current program state, i.e., the current program state is: x-2 and x-1 and x-2. And continuing to perform formal verification of the security attributes for each interface based on the current program state, and repeating the process until the program state is stable, namely, no change is performed.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
According to an embodiment of another aspect, a verification apparatus for an intelligent contract is provided. Fig. 3 shows a schematic block diagram of a validation apparatus of a smart contract according to an embodiment. It is to be appreciated that the apparatus can be implemented by any apparatus, device, platform, and cluster of devices having computing and processing capabilities. As shown in fig. 3, the apparatus 300 includes: a formal verification unit 301, a reduction processing unit 302, a state discrimination unit 303, an instance verification unit 304, and a result determination unit 305. The main functions of each component unit are as follows:
and a formal verification unit 301 configured to perform formal verification of the target security attribute for each interface of the intelligent contract.
A reduction processing unit 302 configured to perform reduction processing on the program state generated by the verification in the form of the different interfaces of the smart contract.
A state discrimination unit 303 configured to determine whether or not the program state resulting from the reduction processing by the reduction processing unit 302 satisfies the target security attribute.
An instance verification unit 304 configured to acquire a program state instance that does not satisfy the target security attribute if the determination result of the state determination unit 303 is no; verifying whether the program state instances that do not satisfy the target security attribute are all invalid.
A result determination unit 305 configured to determine that the target security attribute verification fails if the verification result of the instance verification unit 304 is no.
In one embodiment, the formal verification unit 301 is further configured to continue performing formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing if the state discrimination unit 303 determines that the program state obtained by the reduction processing satisfies the target security attribute.
In one embodiment, formal verification unit 301 is further configured to, if the verification result of instance verification unit 304 is yes, exclude the invalid program state instance from the program state obtained by the reduction process, and continue to perform formal verification of the target security attribute for each interface of the smart contract.
In an embodiment, the state determination unit 303 is further configured to, if it is determined that the program state obtained by the reduction processing unit 302 satisfies the target security attribute, further determine whether the program state obtained by the reduction processing reaches a stable state, and if not, trigger the formal verification unit 301 to continue performing the formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing.
The result determination unit 305 is further configured to determine that the target security attribute verification is passed if the state discrimination unit 303 determines whether the program state obtained by the reduction processing has reached a stable state.
In one embodiment, the reduction process employed by the reduction processing unit 302 includes an abstract interpretation in program analysis techniques.
In one embodiment, the state determination unit 303 is specifically configured to determine that the program state obtained by the reduction processing is stable if the program state obtained by the reduction processing for N consecutive times is the same, where N is a positive integer greater than or equal to 2.
In one embodiment, instance verification unit 304 is specifically configured to perform formal verification of the program state instance via interfaces of the smart contract to verify whether the program state instance is invalid.
The instance verification unit 304, when obtaining the program state instance that does not satisfy the target security attribute, is specifically configured to determine the program state instance that does not satisfy the target security attribute from among the program states generated by formal verification of different interfaces of the smart contract.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method as described in fig. 1 or fig. 2.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory and a processor, the memory having stored therein executable code, the processor implementing the method of fig. 1 or fig. 2 when executing the executable code.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (18)
1. The verification method of the intelligent contract comprises the following steps:
performing formal verification of target security attributes on each interface of the intelligent contract;
reducing the program state generated by formal verification of different interfaces of the intelligent contract;
if the program state obtained by the reduction processing does not meet the target security attribute, acquiring a program state instance which does not meet the target security attribute;
and verifying whether the program state instances which do not meet the target security attribute are all invalid, and if not, failing to verify the target security attribute.
2. The method of claim 1, further comprising:
and if the program state obtained by the reduction processing meets the target security attribute, continuing to perform formal verification of the target security attribute on each interface of the intelligent contract based on the program state obtained by the reduction processing.
3. The method of claim 1, further comprising:
and if the program state instances which do not meet the target security attribute are verified to be invalid, excluding the invalid program state instances from the program state obtained by the reduction processing, and continuing to execute the formal verification of the target security attribute on each interface of the intelligent contract.
4. The method of claim 2, further comprising, prior to said transitioning to performing said formalized verification of target security attributes for each interface of the smart contract:
judging whether the program state obtained by the reduction processing is stable or not;
if so, the target security attribute passes the verification, and the verification of the target security attribute is finished;
otherwise, continuing to execute the formal verification of the target security attribute of each interface of the intelligent contract based on the program state obtained by the reduction processing.
5. The method of claim 1, wherein the reduction process comprises an abstract interpretation in a procedural analysis technique.
6. The method of claim 4, wherein determining whether the reduction-processed program state has stabilized comprises:
and if the program state obtained by the reduction processing for N times is the same, determining that the program state obtained by the reduction processing is stable, wherein N is a positive integer greater than or equal to 2.
7. The method of claim 1, wherein said verifying whether program state instances that do not satisfy the target security attribute are all invalid comprises:
performing formal verification of the program state instances through interfaces of the intelligent contract to verify whether the program state instances are all invalid.
8. The method of any of claims 1-7, wherein the obtaining the instance of program state that does not satisfy the target security property comprises:
program state instances that do not satisfy the target security attribute are determined from program state generated by formal verification of different interfaces of the smart contract.
9. The verifying device of the intelligent contract comprises:
a formal verification unit configured to perform formal verification of the target security attribute for each interface of the smart contract;
a reduction processing unit configured to perform reduction processing on the program state generated by the verification in the form of the different interfaces of the smart contract;
a state discrimination unit configured to judge whether or not the program state obtained by the reduction processing unit satisfies the target security attribute;
the instance verification unit is configured to acquire the program state instance which does not meet the target security attribute if the judgment result of the state judgment unit is negative; verifying whether program state instances that do not satisfy the target security attribute are all invalid;
and the result determining unit is configured to determine that the target security attribute fails to be verified if the verification result of the instance verifying unit is negative.
10. The apparatus according to claim 9, wherein the formal verification unit is further configured to continue performing formal verification of the target security attribute on each interface of the smart contract based on the program state obtained by the reduction processing if the state discrimination unit determines that the program state obtained by the reduction processing satisfies the target security attribute.
11. The apparatus according to claim 9, wherein the formal verification unit is further configured to exclude the invalid program state instance from the program state obtained by the reduction process and continue to perform the formal verification of the target security attribute for each interface of the smart contract if the verification result of the instance verification unit is yes.
12. The apparatus according to claim 10, wherein the state determination unit is further configured to, if it is determined that the program state obtained by the reduction processing unit satisfies the target security attribute, further determine whether the program state obtained by the reduction processing reaches a stable state, and if not, trigger the formal verification unit to continue formal verification of the target security attribute for each interface of the smart contract based on the program state obtained by the reduction processing;
the result determining unit is further configured to determine that the target security attribute is verified if the state discrimination unit determines that the program state obtained by the reduction processing is stable.
13. The apparatus of claim 9, wherein the reduction process comprises an abstract interpretation in a procedural analysis technique.
14. The apparatus according to claim 12, wherein the state determination unit is specifically configured to determine that the program state obtained by the reduction processing is stable if program states obtained by the reduction processing for N consecutive times are the same, where N is a positive integer greater than or equal to 2.
15. The apparatus according to claim 9, wherein the instance verification unit is specifically configured to perform formal verification of the program state instance over interfaces of the smart contract to verify whether the program state instance is invalid.
16. The apparatus according to any of claims 9 to 15, wherein the instance verification unit, when obtaining the program state instance that does not satisfy the target security property, is specifically configured to determine the program state instance that does not satisfy the target security property from among program states generated by formal verification of different interfaces of a smart contract.
17. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-8.
18. A computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, implements the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011435380.3A CN112215618B (en) | 2020-12-11 | 2020-12-11 | Verification method and device of intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011435380.3A CN112215618B (en) | 2020-12-11 | 2020-12-11 | Verification method and device of intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112215618A true CN112215618A (en) | 2021-01-12 |
| CN112215618B CN112215618B (en) | 2021-02-26 |
Family
ID=74067976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011435380.3A Active CN112215618B (en) | 2020-12-11 | 2020-12-11 | Verification method and device of intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112215618B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073513A (en) * | 2017-04-21 | 2018-05-25 | 富士通株式会社 | The apparatus and method tested the intelligent contract based on block chain |
| CN110533533A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of Formal Verification of over-the-counter trading intelligence contract |
| CN110532176A (en) * | 2019-07-31 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of formalization verification method, electronic device and the storage medium of intelligence contract |
| CN110705974A (en) * | 2019-09-03 | 2020-01-17 | 杭州趣链科技有限公司 | Complete intelligent contract form specification implementation method |
-
2020
- 2020-12-11 CN CN202011435380.3A patent/CN112215618B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073513A (en) * | 2017-04-21 | 2018-05-25 | 富士通株式会社 | The apparatus and method tested the intelligent contract based on block chain |
| CN110532176A (en) * | 2019-07-31 | 2019-12-03 | 平安科技(深圳)有限公司 | A kind of formalization verification method, electronic device and the storage medium of intelligence contract |
| CN110533533A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of Formal Verification of over-the-counter trading intelligence contract |
| CN110705974A (en) * | 2019-09-03 | 2020-01-17 | 杭州趣链科技有限公司 | Complete intelligent contract form specification implementation method |
Non-Patent Citations (1)
| Title |
|---|
| MOUHAMAD ALMAKHOUR 等: "Verification of smart contracts: A survey", 《PERVASICE AND MOBILE COMPUTING》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112215618B (en) | 2021-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190324772A1 (en) | Method and device for processing smart contracts | |
| Wasserman et al. | Software reliability via run-time result-checking | |
| US7665072B2 (en) | Generating test cases for software with complex preconditions | |
| Calvagna et al. | A formal logic approach to constrained combinatorial testing | |
| US6581026B2 (en) | Method and configuration for comparing a first characteristic with predetermined characteristics of a technical system | |
| JP6142705B2 (en) | Iterative generation of symbolic test drivers for object-oriented languages | |
| US9396095B2 (en) | Software verification | |
| Cockx et al. | Unifiers as equivalences: Proof-relevant unification of dependently typed data | |
| US10176086B2 (en) | Event-driven software test sequence determination | |
| CN112215618B (en) | Verification method and device of intelligent contract | |
| Cassez et al. | Model-checking for hybrid systems by quotienting and constraints solving | |
| Li et al. | Automated functional scenarios-based formal specification animation | |
| US8453116B2 (en) | Efficient invariant inference for program verification | |
| US9916412B2 (en) | Automatic generation of test layouts for testing a design rule checking tool | |
| Gadelha et al. | Towards counterexample-guided k-induction for fast bug detection | |
| CN115170312A (en) | Asset state information changing method and device on block chain | |
| Soeken et al. | Towards automatic determination of problem bounds for object instantiation in static model verification | |
| CN112907198A (en) | Service state circulation maintenance method and device and electronic equipment | |
| US20160349317A1 (en) | Method and apparatus for obtaining a maximally compressed verification test set | |
| US8639490B2 (en) | Concretization of abstracted traces | |
| WO2019142266A1 (en) | Test case generation device, test case generation method, and test case generation program | |
| CN112068814A (en) | Method, device, system and medium for generating executable file | |
| Schlichtkrull et al. | Differential Testing of Pushdown Reachability with a Formally Verified Oracle. | |
| CN113075537B (en) | Test method, storage medium and terminal for verifying and asserting null-flood strength in iterative mode | |
| US20180074926A1 (en) | Efficient validation of transactional memory in a computer processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40044739 Country of ref document: HK |