CN117667676B - AIGC-based block chain intelligent contract IDE verification test method and system - Google Patents

Abstract

The invention provides a method and a system for testing block chain intelligent contract IDE verification based on AIGC, comprising the following steps: step 1: writing intelligent contracts; step 2: contract analysis optimization flow; step 3: modification of the smart contract; step 4: formalized verification; step 5: contract testing; step 6: final verification test on the chain; step 7: and performing data feeding training and model updating. The invention can analyze a large number of codes through a machine learning algorithm, quickly find potential security holes, improve the security detection efficiency, and has stronger capability of repairing identification codes by using AI prompt words.

Description

AIGC-based block chain intelligent contract IDE verification test method and system

Technical Field

The invention relates to the technical field of blockchains, in particular to a method and a system for testing block chain intelligent contract IDE verification based on AIGC.

Background

With the continuous development of blockchain technology, intelligent contracts have been widely used as one of important applications of blockchain technology. An intelligent contract is an automatically executed contract that automatically executes terms in the contract without intervention by a third party. The writing and testing of the intelligent contracts are important links in the development of the intelligent contracts, but the writing and testing efficiency of the intelligent contracts is low due to the complexity and difficult predictability of the intelligent contracts, and meanwhile, the intelligent contracts have the problems of safety, reliability and the like.

Patent document CN115841297a discloses a project implementation progress supervision method based on intelligent contracts, comprising the following steps: s1, taking ubantu systems as building bases, initializing an created block and building a private network through Go-Ethereum software; s2, using Remix ide as a development platform, and submitting and writing intelligent contracts on the upper chain of the enterprise project implementation progress through solidity language; s3, repeatedly testing the performance and safety of the intelligent contract, enabling the user to link and confirm the right, submitting the project progress, and successfully confirming the right. However, the present patent cannot completely solve the existing technical problems, and cannot meet the needs of the present invention.

In order to solve these problems, some methods, such as using static analysis tools, model detection tools, etc., have been proposed, but these methods have certain limitations, and cannot completely solve the problems of writing and testing intelligent contracts. AIGC (AI GENERATED content) technology is an intelligent contract analysis method based on inductive reasoning and counterexample guidance, and can automatically deduce specifications and invariants of intelligent contracts and generate counterexamples to help programmers to debug and repair.

An intelligent contract is an automated contract based on blockchain technology, the code of which is typically made up of a plurality of functions. The contract change responsible for logic is composed of many contract files; when the smart contract is written, it needs to be subjected to correlation analysis to determine whether its functions and logic meet expectations. Accordingly, there is a need to develop an analysis tool that enables static and dynamic analysis of smart contracts to discover potential errors and vulnerabilities and optimize their logic.

AIGC is currently a general model interface, and in order to enable the AI model to be more matched with the analysis optimization of the blockchain intelligent contracts, prompt words need to be optimized; due to the diversity and rapid iteration of on-chain attack techniques, timely collection and processing of the model training feed data is required.

The correctness of the intelligent contracts is critical to the security and stability of the blockchain system. Accordingly, there is a need to develop a formal verification tool that can formally verify smart contracts to ensure that they meet expected security and correctness requirements.

AIGC is an artificial intelligence technique that enables automated generation and optimization of code. However, AIGC cannot meet the requirement of directly identifying related errors, and more specialized prompt (AIPrompt) is needed, so that related prompt words are also needed to be added in the contract IDE module; in the invention, AIGC and the blockchain intelligent contracts are required to be integrated and fused to achieve the purpose of the scheme finally.

Disclosure of Invention

Aiming at the defects in the prior art, the invention aims to provide a AIGC-based block chain intelligent contract IDE verification test method and system.

The invention provides a AIGC-based block chain intelligent contract IDE verification test method, which comprises the following steps:

step 1: writing codes by using intelligent contract IDE and obtaining related prompt words of the codes;

step 2: the codes and related prompt words are transmitted to an AI through an interface, the AI is used for analyzing the intelligent contract, loopholes and errors in the intelligent contract are found out, and a corresponding repairing scheme is provided;

Step 3: modifying the intelligent contract code according to the repair scheme provided by the AI by the developer, and then submitting the repaired code to the AI again for analysis;

Step 4: after the intelligent contract code is compiled and verified by the platform, fusing prompt words related to the block chain contract security form verification;

Step 5: writing out a test case according to the service and the function logic through AI, testing the contract, and verifying the correctness of the contract;

step 6: performing simulation function logic case test and attack test on the blockchain network, and verifying the effectiveness and safety of intelligent contract code modification;

Step 7: and performing data feeding training and model updating.

Preferably, the step 2 includes:

step 2.1: preprocessing the new smart contract code, including removing annotations, formatting, and tokenizing;

Step 2.2: extracting the same feature set as that during model training from a new intelligent contract code, wherein the feature set comprises variable names, function calls and control flow structures;

step 2.3: loading a pre-trained AI model and inputting the extracted characteristic data;

step 2.4: analyzing the input intelligent contract code, marking errors or loopholes, and providing repair suggestions according to training data;

Step 2.5: performing manual auditing and verification;

step 2.6: feedback on problems found in practical applications is integrated into the next iteration of the model to further optimize its performance.

Preferably, the step 5 includes:

Simulation of normal test: simulating a user to use the intelligent contract under normal conditions, including normal transaction, data query and contract call; simulating simultaneous use of intelligent contracts by a large number of users in a short time to test performance of the contracts under high pressure; simulating the operation of users with different authority levels or other contracts on a target contract, wherein the operation comprises an administrator and a common user;

Simulation anomaly test: simulation provides input data to contracts that is in error, out of range, or significantly meaningless; simulating the condition that the same transaction is submitted for a plurality of times due to network delay or malicious attack; simulating a loop formed by calling two or more contracts mutually, thereby causing deadlock or resource exhaustion; simulating the expiration, aborted or deleted condition of the validity period of the contract; simulation contracts fail randomly during execution for some reason; updating the anomaly test according to a novel anomaly attack on an external blockchain, and then training a related model;

the countermeasure is fed back to the testing party after the code is modified through AI, so that the contract code is updated and perfected, and the method comprises the following steps: setting an error processing mechanism for contract; limiting and managing resource usage by setting gas prices and restrictions; performing authorization and access control; verifying the reliability of the time stamp and the random number generation; recording logs of key operation of the contract, and performing security audit regularly; an update and repair mechanism for contracts is provided.

Preferably, the step 6 includes:

Step 6.1: deploying the intelligent contract into a test network similar to the actual network, ensuring that the test is performed in a controlled environment;

step 6.2: simulating a functional logic case test;

Normal operation test: simulating conventional contractual operations, including transfers and queries;

Abnormal condition test: simulating erroneous inputs and anomalies of operation beyond limits;

Role and rights test: simulating different user roles to operate, including an administrator and a common user;

step 6.3: attack testing;

Replay attack: attempting to resubmit using the previous transaction data;

logical vulnerability attack: attempting to operate with potential logical vulnerabilities in the contract code, including double payment, advance access to certain functions;

Denial of service attack: attempting to disable the contract by sending a large number of requests or utilizing certain characteristics of the contract;

Timing dependent attack: attempting to exploit characteristics of the blockchain network to conduct an attack, including transaction validation time;

Randomness attack: attempting to predict or affect the randomness of contracts that rely on random number generation;

step 6.4: boundary testing;

Input/output boundary test: tests were performed using various extreme and boundary values, including maximum, minimum, negative, zero and null values;

time boundary test: contracts for time-dependent functions attempt to operate at various points in time.

Preferably, the step 7 includes:

and (3) data collection: collecting the latest attack manipulation data including public security reports, vulnerability notices and research papers;

and (3) data processing: processing the collected data into a format suitable for AI learning, including extracting key features and labeling results;

data injection: injecting the processed data into an AI training data set;

model updating: training a new model and then replacing the old model;

Monitoring and feedback: and monitoring the performance of the AI, if a new problem or attack technique is found, collecting data, and then continuing to train the model.

The invention provides a AIGC-based blockchain intelligent contract IDE verification test system, which comprises:

module M1: writing codes by using intelligent contract IDE and obtaining related prompt words of the codes;

Module M2: the codes and related prompt words are transmitted to an AI through an interface, the AI is used for analyzing the intelligent contract, loopholes and errors in the intelligent contract are found out, and a corresponding repairing scheme is provided;

Module M3: modifying the intelligent contract code according to the repair scheme provided by the AI by the developer, and then submitting the repaired code to the AI again for analysis;

module M4: after the intelligent contract code is compiled and verified by the platform, fusing prompt words related to the block chain contract security form verification;

module M5: writing out a test case according to the service and the function logic through AI, testing the contract, and verifying the correctness of the contract;

module M6: performing simulation function logic case test and attack test on the blockchain network, and verifying the effectiveness and safety of intelligent contract code modification;

module M7: and performing data feeding training and model updating.

Preferably, the module M2 comprises:

Module M2.1: preprocessing the new smart contract code, including removing annotations, formatting, and tokenizing;

module M2.2: extracting the same feature set as that during model training from a new intelligent contract code, wherein the feature set comprises variable names, function calls and control flow structures;

Module M2.3: loading a pre-trained AI model and inputting the extracted characteristic data;

module M2.4: analyzing the input intelligent contract code, marking errors or loopholes, and providing repair suggestions according to training data;

module M2.5: performing manual auditing and verification;

module M2.6: feedback on problems found in practical applications is integrated into the next iteration of the model to further optimize its performance.

Preferably, the module M5 comprises:

Simulation of normal test: simulating a user to use the intelligent contract under normal conditions, including normal transaction, data query and contract call; simulating simultaneous use of intelligent contracts by a large number of users in a short time to test performance of the contracts under high pressure; simulating the operation of users with different authority levels or other contracts on a target contract, wherein the operation comprises an administrator and a common user;

Simulation anomaly test: simulation provides input data to contracts that is in error, out of range, or significantly meaningless; simulating the condition that the same transaction is submitted for a plurality of times due to network delay or malicious attack; simulating a loop formed by calling two or more contracts mutually, thereby causing deadlock or resource exhaustion; simulating the expiration, aborted or deleted condition of the validity period of the contract; simulation contracts fail randomly during execution for some reason; updating the anomaly test according to a novel anomaly attack on an external blockchain, and then training a related model;

the countermeasure is fed back to the testing party after the code is modified through AI, so that the contract code is updated and perfected, and the method comprises the following steps: setting an error processing mechanism for contract; limiting and managing resource usage by setting gas prices and restrictions; performing authorization and access control; verifying the reliability of the time stamp and the random number generation; recording logs of key operation of the contract, and performing security audit regularly; an update and repair mechanism for contracts is provided.

Preferably, the module M6 comprises:

Module M6.1: deploying the intelligent contract into a test network similar to the actual network, ensuring that the test is performed in a controlled environment;

Module M6.2: simulating a functional logic case test;

Normal operation test: simulating conventional contractual operations, including transfers and queries;

Abnormal condition test: simulating erroneous inputs and anomalies of operation beyond limits;

Role and rights test: simulating different user roles to operate, including an administrator and a common user;

module M6.3: attack testing;

Replay attack: attempting to resubmit using the previous transaction data;

logical vulnerability attack: attempting to operate with potential logical vulnerabilities in the contract code, including double payment, advance access to certain functions;

Denial of service attack: attempting to disable the contract by sending a large number of requests or utilizing certain characteristics of the contract;

Timing dependent attack: attempting to exploit characteristics of the blockchain network to conduct an attack, including transaction validation time;

Randomness attack: attempting to predict or affect the randomness of contracts that rely on random number generation;

Module M6.4: boundary testing;

Input/output boundary test: tests were performed using various extreme and boundary values, including maximum, minimum, negative, zero and null values;

time boundary test: contracts for time-dependent functions attempt to operate at various points in time.

Preferably, the module M7 comprises:

and (3) data collection: collecting the latest attack manipulation data including public security reports, vulnerability notices and research papers;

and (3) data processing: processing the collected data into a format suitable for AI learning, including extracting key features and labeling results;

data injection: injecting the processed data into an AI training data set;

model updating: training a new model and then replacing the old model;

Monitoring and feedback: and monitoring the performance of the AI, if a new problem or attack technique is found, collecting data, and then continuing to train the model.

Compared with the prior art, the invention has the following beneficial effects:

(1) More efficient security detection: the traditional security detection needs to manually carry out code examination and vulnerability discovery, time and labor are wasted, a AIGC technical tool can analyze a large number of codes through a machine learning algorithm, potential security vulnerabilities can be quickly found, the security detection efficiency is improved, and the capability of repairing identification codes by using AI prompt words is stronger;

(2) More accurate formalized verification: the traditional formal verification needs to write complex logic rules manually, errors and vulnerabilities are easy to occur, and AIGC technical tools can automatically generate verification rules meeting specifications through natural language processing and other technologies, so that the accuracy and reliability of verification are improved; the capability of formal verification of data updating can be fed in real time;

(3) More comprehensive automated testing: while the traditional automatic test can only cover a part of code paths and boundary conditions, but cannot cover all possible conditions completely, the AI technology can realize comprehensive automatic test by simulating various conditions and abnormal conditions, thereby improving the quality and stability of contracts;

(4) Model adaptation after accurate feeding data training is more: when the AI interface is directly called in the traditional mode, the model is a general model, the recognition, optimization and repair capability of contracts are limited, and the model trained by feeding the updated data in the profession has professional matching with the intelligent contracts of the blockchain.

Drawings

Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:

FIG. 1 is a contract analysis optimization flow chart;

FIG. 2 is a contract test flow chart;

Fig. 3 is a formal verification flow chart.

Detailed Description

The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.

Example 1

The invention provides a AIGC-based block chain intelligent contract IDE verification test method, which completes analysis, modification test and formal verification of contracts through integration of AIGC and the block chain intelligent contracts, thereby improving the writing test efficiency of the intelligent contracts and the security of the contracts.

In the invention, AIGC is integrated with the blockchain intelligent contract, and the following functions can be realized:

1. Contract analysis optimization flow

As shown in fig. 1, after the developer completes development of BaaS platform intelligent contract IDE, code and related prompt words are transmitted to AI through interface; the AI can analyze the intelligent contract, find out vulnerabilities and errors therein, and return to provide corresponding repair schemes, which are then compiled, tested, and validated in the IDE of the intelligent contract.

2. Contract test flow

As shown in fig. 2, after the developer completes writing and modifying the intelligent contract code, AIGC can write out a test case according to the service and the functional logic; these test cases are then used to test the contract on the IDE to verify the correctness of the contract. Through contract testing, the correctness and the safety of the contract can be improved.

3. Formal verification

As shown in fig. 3, after the developer writes the code for completing the intelligent contract on the blockchain IDE, the developer is verified to be correct through platform compiling; fusing prompt words related to the block chain contract security form verification in BaaS platforms; then the data is sent to AI; the AI can perform associated formal verification on the intelligent contract, and output formal verification results and related modification opinions, so that the correctness and the safety of the contract are ensured. The correctness and the safety of the contract can be improved through formal verification. In addition, because the on-chain attack means is updated faster, the latest attack manipulation data can be fed to AI training learning in a timing and staged mode, so that the formal verification capability is improved.

Embodiments of the present invention include the steps of:

step 1: intelligent contract writing

When using the method of the present invention, it is first necessary to write the code of the smart contract, which can be accomplished through the smart contract IDE (Integrated Development Environment) on the blockchain platform, and the developer can write the code using the smart contract IDE and get the relevant hint words of the code.

Step 2: contract analysis optimization flow

After the developer completes developing the BaaS (Blockchain-as-a-Service) platform smart contract IDE, the code and related hints are passed to the AI via the interface. The AI can analyze the intelligent contracts, find vulnerabilities and errors therein, and return to provide corresponding repair schemes. The AI analyzes a large number of codes through a machine learning algorithm, so that potential security holes are quickly found, and the security detection efficiency is improved.

The main principle of AI is as follows: on the one hand, AI learns relevant code segments or logic to be associated with the past loopholes through relevant training models, and can quickly find out the loopholes to feed back to contract writers under the action of the prompt words; contract analysis, on the other hand, is a method of ensuring that a program meets its specifications. Machine learning models can be trained to help automate this process, particularly for complex smart contracts; it may take into account all possible execution paths and try to find errors or vulnerabilities that may trigger under certain input conditions.

The main flow is as follows:

1. Data collection and pretreatment: for new smart contract codes, pre-processing, such as removing notes, formatting, and tagging, is performed to make the model easier to understand and analyze.

2. Feature extraction: even with pre-trained models, the same feature set as when the model is trained needs to be extracted from the new contract code. Such as variable names, function calls, control flow structures, etc., which ensure that the model can function efficiently on new code.

3. Using a pre-training model: and loading a pre-trained AI model and inputting the characteristic data extracted in the first two steps.

4. Vulnerability detection and repair suggestions: the model analyzes the entered smart contract code, marks out possible errors or vulnerabilities, and provides repair suggestions based on its previous training data.

5. Manual auditing and verification: although AI models can automatically identify and suggest repairing vulnerabilities, ultimately the developer is still required to finally verify. The developer needs to check the suggestions of the model, determine if they are applicable to the current context, and make the necessary modifications.

6. Feedback and optimization: if some suggestions of the model are found inaccurate or missing some holes in the actual application, these feedback can be integrated into the next iteration of the model to further optimize its performance.

Step 3: modification of smart contracts

AIGC the resolved vulnerabilities and errors need to be repaired. The developer modifies the smart contract code according to the repair scheme provided by the AI. The repaired code is again submitted to AIGC for analysis.

Step 4: formal verification

After the developer writes the codes of the intelligent contracts on the block chain BaaS platform IDE, the codes are compiled and verified by the platform, and then the codes are fused by prompt words related to the block chain contract security form verification in the BaaS platform; therein, baaS platform verifies that a set of preset contract syntax specifications and standards are met within BaaS platform, depending on the underlying blockchain virtual machine target platform, if the compiler is met to translate the source code into target code, typically machine code or bytecode. The steps are completed, and the description accords with the specification of the platform. The BaaS platform maintains a formalized hint word library that describes common security issues and unsafe behavior in smart contracts. During verification and compilation, when the code matches one or more entries in the hint word library, the IDE will send the hint word and code to the AIGC interface; feedback is provided immediately to the developer. For example, if a developer uses a code pattern that is known to cause security problems, the IDE may highlight the relevant code and provide a prompt to suggest a fix. The AI can perform formal verification of another layer of trained security model related to the sent intelligent contract and the fusion prompt word, and output formal verification results and related modification opinions, so that the correctness and the safety of the contract are ensured. The correctness and the safety of the contract can be improved through formal verification. In addition, because the on-chain attack means is updated faster, the latest attack manipulation data can be fed to AI training learning in a timing and staged mode, so that the formal verification capability is improved.

Step 5: contract testing

After the developer completes the writing and modification of the intelligent contract code, the AI can write out the test case according to the service and the functional logic. The AI realizes comprehensive automatic test by simulating various conditions and abnormal conditions, and improves the quality and stability of contracts. These test cases are then used to test the contract on the IDE to verify the correctness of the contract. Through contract testing, the correctness and the safety of the contract can be improved.

Comprising the following steps:

(1) Simulation of normal test:

The general operation is as follows: the simulation user normally uses smart contracts, such as normal transactions, data queries, contract invocations, and the like.

High concurrency request: simulation uses smart contracts simultaneously by a large number of users in a short time to test the performance of the contracts under high pressure.

Operations of different rights: the operation of a target contract by users of different permission levels or other contracts, such as administrators and general users, is simulated.

(2) Simulation anomaly test:

Invalid input data: simulation provides input data to contracts that is in the form of errors, out of range or significantly nonsensical.

Repeating the transaction: simulating the situation that the same transaction is submitted for a plurality of times due to network delay or malicious attack.

Contract call loops: simulating loops formed by two or more contracts invoking each other may result in deadlock or resource exhaustion.

Contract expiration or failure: simulating the expiration, aborted or deleted condition of the validity period of the contract.

Random failure: simulation contracts fail randomly during execution for various reasons (e.g., resource limitations, external dependency issues, etc.).

These anomaly tests can be updated according to novel anomaly attacks on the external blockchain; then training a related model;

(3) Countermeasures

Error handling mechanism: ensuring that contracts have proper error handling mechanisms can properly handle invalid input data and other expected anomalies.

Limiting and managing resource usage: for example, by setting the appropriate gas prices and limits, it is ensured that the contract does not run out of resources due to long cycles or extensive computation.

Authorization and access control: ensuring that only authorized users or contracts can perform certain operations, avoiding unauthorized access and operation.

Timestamp and random number generation: the time stamps and random numbers used by the contract are ensured to be reliable to prevent replay attacks and other related security issues.

Log and audit: the contract should log critical operations and periodically conduct security audits to check if there are abnormal or suspicious operations.

Contract update and repair: providing an update and repair mechanism for contracts ensures that known problems and vulnerabilities can be quickly responded to and repaired.

These relevant countermeasures can be fed back to the tester after the code is modified by the AI, so that the contract code is updated and perfected.

Step 6: in-chain final verification test

After the above is completed, the simulation function logic case test and the attack test can be performed on the blockchain network in a targeted manner. Deploying the intelligent contract on the blockchain network; the final test of the smart contract is then performed, which requires testing of all possible logic functions and security boundary conditions as well as some common attack tests. These ensure proper operation in all cases. Thereby enabling verification of validity and security of smart contract code modifications.

The final verification test process on the chain is as follows:

1. deploying smart contracts

Test network deployment: first, the intelligent contracts are deployed into a test network similar to the actual network, which ensures that the test is performed in a controlled environment without affecting the actual network.

2. Analog functional logic case test

Normal operation test: simulating conventional contract operations, such as transfers, queries, etc., ensures that contracts will perform properly under normal conditions.

Abnormal condition test: simulating abnormal situations such as false inputs, operations exceeding limits and the like ensures that the contract can properly handle the abnormal situations.

Role and rights test: different user roles are simulated to operate, such as an administrator, a common user and the like, so that normal operation of access control and authority management functions of contracts is ensured.

3. Attack testing

Replay attack: attempting to resubmit using the previous transaction data ensures that the contract is able to identify and block this type of attack.

Logical vulnerability attack: attempts to operate with potential logical vulnerabilities in the contract code, such as double payments, advanced access to certain functions, etc.

Denial of service attack: attempts have been made to make contracts inoperable by sending a large number of requests or utilizing certain characteristics of the contract.

Timing dependent attack: attempts are made to exploit the characteristics of the blockchain network, such as transaction validation time.

Randomness attack: if the contract relies on random number generation, an attempt is made to predict or affect its randomness.

4. Boundary testing

Input/output boundary test: tests were performed using various extreme and boundary values, such as maximum, minimum, negative, zero, null, etc.

Time boundary test: if the contract has time-dependent functions, such as expiration time, lock period, etc., an attempt is made to operate at various points in time to ensure that the contract is properly handled.

Through the above testing process on the blockchain network chain, the intelligent contract can be ensured to be correct in function and reach the expected standard in the aspects of safety, performance, stability and the like.

Step 7: data feeding training and updating of model

Feeding the latest attack manipulation data to AI training learning is a very important method to keep AI's understanding of the current attack approach. The following are the main relevant flows:

And (3) data collection: up-to-date attack-maneuver data is collected, which may include public security reports, vulnerability announcements, research papers, etc. The data should contain enough detailed information so that the AI can learn the specific operation and effect of the attack maneuver.

And (3) data processing: the collected data is processed into a format suitable for AI learning. This may include extracting key features, labeling results, etc. For example, if an exploit attack, it may be necessary to mark the target of the attack, exploit vulnerabilities, the steps of the attack, etc.

Data injection: and injecting the processed data into the training data set of the AI. The specific method depends on the training framework and model of the AI. For most machine learning models, this may only require new data to be added to the training dataset and then retrained.

Model updating: the new model is trained and then the old model is replaced. This may require some verification and testing to ensure the performance of the new model.

Monitoring and feedback: monitoring the performance of the AI, if a new problem or attack technique is found, more data needs to be collected and then the above steps are repeated.

Because the attack on the chain updates very quickly, this process may need to be done periodically to keep the AI up-to-date.

After updating the AI model, baaS platform intelligent contract IDE invokes the interface of AI-specific model to repeat steps 1-6.

Example 2

The present invention also provides a system for testing blockchain intelligent contract IDE verification based on AIGC, wherein the system for testing blockchain intelligent contract IDE verification based on AIGC can be implemented by executing the flow steps of the method for testing blockchain intelligent contract IDE verification based on AIGC, that is, a person skilled in the art can understand the method for testing blockchain intelligent contract IDE verification based on AIGC as a preferred implementation manner of the system for testing blockchain intelligent contract IDE verification based on AIGC.

The invention provides a AIGC-based blockchain intelligent contract IDE verification test system, which comprises: module M1: writing codes by using intelligent contract IDE and obtaining related prompt words of the codes; module M2: the codes and related prompt words are transmitted to an AI through an interface, the AI is used for analyzing the intelligent contract, loopholes and errors in the intelligent contract are found out, and a corresponding repairing scheme is provided; module M3: modifying the intelligent contract code according to the repair scheme provided by the AI by the developer, and then submitting the repaired code to the AI again for analysis; module M4: after the intelligent contract code is compiled and verified by the platform, fusing prompt words related to the block chain contract security form verification; module M5: writing out a test case according to the service and the function logic through AI, testing the contract, and verifying the correctness of the contract; module M6: performing simulation function logic case test and attack test on the blockchain network, and verifying the effectiveness and safety of intelligent contract code modification; module M7: and performing data feeding training and model updating.

The module M2 includes: module M2.1: preprocessing the new smart contract code, including removing annotations, formatting, and tokenizing; module M2.2: extracting the same feature set as that during model training from a new intelligent contract code, wherein the feature set comprises variable names, function calls and control flow structures; module M2.3: loading a pre-trained AI model and inputting the extracted characteristic data; module M2.4: analyzing the input intelligent contract code, marking errors or loopholes, and providing repair suggestions according to training data; module M2.5: performing manual auditing and verification; module M2.6: feedback on problems found in practical applications is integrated into the next iteration of the model to further optimize its performance.

The module M5 includes:

Simulation of normal test: simulating a user to use the intelligent contract under normal conditions, including normal transaction, data query and contract call; simulating simultaneous use of intelligent contracts by a large number of users in a short time to test performance of the contracts under high pressure; simulating the operation of users with different authority levels or other contracts on a target contract, wherein the operation comprises an administrator and a common user;

Simulation anomaly test: simulation provides input data to contracts that is in error, out of range, or significantly meaningless; simulating the condition that the same transaction is submitted for a plurality of times due to network delay or malicious attack; simulating a loop formed by calling two or more contracts mutually, thereby causing deadlock or resource exhaustion; simulating the expiration, aborted or deleted condition of the validity period of the contract; simulation contracts fail randomly during execution for some reason; updating the anomaly test according to a novel anomaly attack on an external blockchain, and then training a related model;

the countermeasure is fed back to the testing party after the code is modified through AI, so that the contract code is updated and perfected, and the method comprises the following steps: setting an error processing mechanism for contract; limiting and managing resource usage by setting gas prices and restrictions; performing authorization and access control; verifying the reliability of the time stamp and the random number generation; recording logs of key operation of the contract, and performing security audit regularly; an update and repair mechanism for contracts is provided.

The module M6 includes:

Module M6.1: deploying the intelligent contract into a test network similar to the actual network, ensuring that the test is performed in a controlled environment;

Module M6.2: simulating a functional logic case test;

Normal operation test: simulating conventional contractual operations, including transfers and queries;

Abnormal condition test: simulating erroneous inputs and anomalies of operation beyond limits;

Role and rights test: simulating different user roles to operate, including an administrator and a common user;

module M6.3: attack testing;

Replay attack: attempting to resubmit using the previous transaction data;

logical vulnerability attack: attempting to operate with potential logical vulnerabilities in the contract code, including double payment, advance access to certain functions;

Denial of service attack: attempting to disable the contract by sending a large number of requests or utilizing certain characteristics of the contract;

Timing dependent attack: attempting to exploit characteristics of the blockchain network to conduct an attack, including transaction validation time;

Randomness attack: attempting to predict or affect the randomness of contracts that rely on random number generation;

Module M6.4: boundary testing;

Input/output boundary test: tests were performed using various extreme and boundary values, including maximum, minimum, negative, zero and null values;

time boundary test: contracts for time-dependent functions attempt to operate at various points in time.

The module M7 includes:

and (3) data collection: collecting the latest attack manipulation data including public security reports, vulnerability notices and research papers;

and (3) data processing: processing the collected data into a format suitable for AI learning, including extracting key features and labeling results;

data injection: injecting the processed data into an AI training data set;

model updating: training a new model and then replacing the old model;

Monitoring and feedback: and monitoring the performance of the AI, if a new problem or attack technique is found, collecting data, and then continuing to train the model.

Those skilled in the art will appreciate that the systems, apparatus, and their respective modules provided herein may be implemented entirely by logic programming of method steps such that the systems, apparatus, and their respective modules are implemented as logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc., in addition to the systems, apparatus, and their respective modules being implemented as pure computer readable program code. Therefore, the system, the apparatus, and the respective modules thereof provided by the present invention may be regarded as one hardware component, and the modules included therein for implementing various programs may also be regarded as structures within the hardware component; modules for implementing various functions may also be regarded as being either software programs for implementing the methods or structures within hardware components.

The foregoing describes specific embodiments of the present application. It is to be understood that the application is not limited to the particular embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without affecting the spirit of the application. The embodiments of the application and the features of the embodiments may be combined with each other arbitrarily without conflict.

Claims (8)

1. AIGC-based blockchain intelligent contract IDE verification testing method is characterized by comprising the following steps:

step 1: writing codes by using intelligent contract IDE and obtaining related prompt words of the codes;

step 2: the codes and related prompt words are transmitted to an AI through an interface, the AI is used for analyzing the intelligent contract, loopholes and errors in the intelligent contract are found out, and a corresponding repairing scheme is provided;

Step 3: modifying the intelligent contract code according to the repair scheme provided by the AI by the developer, and then submitting the repaired code to the AI again for analysis;

Step 4: after the intelligent contract code is compiled and verified by the platform, fusing prompt words related to the block chain contract security form verification;

Step 5: writing out a test case according to the service and the function logic through AI, testing the contract, and verifying the correctness of the contract;

step 6: performing simulation function logic case test and attack test on the blockchain network, and verifying the effectiveness and safety of intelligent contract code modification;

step 7: performing data feeding training and model updating;

The step 5 comprises the following steps:

Simulation of normal test: simulating a user to use the intelligent contract under normal conditions, including normal transaction, data query and contract call; simulating simultaneous use of intelligent contracts by a large number of users in a short time to test performance of the contracts under high pressure; simulating the operation of users with different authority levels or other contracts on a target contract, wherein the operation comprises an administrator and a common user;

Simulation anomaly test: simulation provides input data to contracts that is in error, out of range, or significantly meaningless; simulating the condition that the same transaction is submitted for a plurality of times due to network delay or malicious attack; simulating a loop formed by calling two or more contracts mutually, thereby causing deadlock or resource exhaustion; simulating the expiration, aborted or deleted condition of the validity period of the contract; simulation contracts fail randomly during execution for some reason; updating the anomaly test according to a novel anomaly attack on an external blockchain, and then training a related model;

the countermeasure is fed back to the testing party after the code is modified through AI, so that the contract code is updated and perfected, and the method comprises the following steps: setting an error processing mechanism for contract; limiting and managing resource usage by setting gas prices and restrictions; performing authorization and access control; verifying the reliability of the time stamp and the random number generation; recording logs of key operation of the contract, and performing security audit regularly; an update and repair mechanism for contracts is provided.

2. The AIGC-based blockchain smart contract IDE verification test method as in claim 1, wherein step 2 includes:

step 2.1: preprocessing the new smart contract code, including removing annotations, formatting, and tokenizing;

Step 2.2: extracting the same feature set as that during model training from a new intelligent contract code, wherein the feature set comprises variable names, function calls and control flow structures;

step 2.3: loading a pre-trained AI model and inputting the extracted characteristic data;

step 2.4: analyzing the input intelligent contract code, marking errors or loopholes, and providing repair suggestions according to training data;

Step 2.5: performing manual auditing and verification;

step 2.6: feedback on problems found in practical applications is integrated into the next iteration of the model to further optimize its performance.

3. The AIGC-based blockchain smart contract IDE verification test method as in claim 1, wherein step 6 includes:

Step 6.1: deploying the intelligent contract into a test network similar to the actual network, ensuring that the test is performed in a controlled environment;

step 6.2: simulating a functional logic case test;

Normal operation test: simulating conventional contractual operations, including transfers and queries;

Abnormal condition test: simulating erroneous inputs and anomalies of operation beyond limits;

Role and rights test: simulating different user roles to operate, including an administrator and a common user;

step 6.3: attack testing;

Replay attack: attempting to resubmit using the previous transaction data;

logical vulnerability attack: attempting to operate with potential logical vulnerabilities in the contract code, including double payment, advance access to certain functions;

Denial of service attack: attempting to disable the contract by sending a large number of requests or utilizing certain characteristics of the contract;

Timing dependent attack: attempting to exploit characteristics of the blockchain network to conduct an attack, including transaction validation time;

Randomness attack: attempting to predict or affect the randomness of contracts that rely on random number generation;

step 6.4: boundary testing;

Input/output boundary test: tests were performed using various extreme and boundary values, including maximum, minimum, negative, zero and null values;

time boundary test: contracts for time-dependent functions attempt to operate at various points in time.

4. The AIGC-based blockchain smart contract IDE verification test method as in claim 1, wherein the step 7 includes:

and (3) data collection: collecting the latest attack manipulation data including public security reports, vulnerability notices and research papers;

and (3) data processing: processing the collected data into a format suitable for AI learning, including extracting key features and labeling results;

data injection: injecting the processed data into an AI training data set;

model updating: training a new model and then replacing the old model;

Monitoring and feedback: and monitoring the performance of the AI, if a new problem or attack technique is found, collecting data, and then continuing to train the model.

5. A AIGC-based blockchain smart contract IDE verification test system, comprising:

module M1: writing codes by using intelligent contract IDE and obtaining related prompt words of the codes;

Module M2: the codes and related prompt words are transmitted to an AI through an interface, the AI is used for analyzing the intelligent contract, loopholes and errors in the intelligent contract are found out, and a corresponding repairing scheme is provided;

Module M3: modifying the intelligent contract code according to the repair scheme provided by the AI by the developer, and then submitting the repaired code to the AI again for analysis;

module M4: after the intelligent contract code is compiled and verified by the platform, fusing prompt words related to the block chain contract security form verification;

module M5: writing out a test case according to the service and the function logic through AI, testing the contract, and verifying the correctness of the contract;

module M6: performing simulation function logic case test and attack test on the blockchain network, and verifying the effectiveness and safety of intelligent contract code modification;

Module M7: performing data feeding training and model updating;

The module M5 includes:

Simulation of normal test: simulating a user to use the intelligent contract under normal conditions, including normal transaction, data query and contract call; simulating simultaneous use of intelligent contracts by a large number of users in a short time to test performance of the contracts under high pressure; simulating the operation of users with different authority levels or other contracts on a target contract, wherein the operation comprises an administrator and a common user;

Simulation anomaly test: simulation provides input data to contracts that is in error, out of range, or significantly meaningless; simulating the condition that the same transaction is submitted for a plurality of times due to network delay or malicious attack; simulating a loop formed by calling two or more contracts mutually, thereby causing deadlock or resource exhaustion; simulating the expiration, aborted or deleted condition of the validity period of the contract; simulation contracts fail randomly during execution for some reason; updating the anomaly test according to a novel anomaly attack on an external blockchain, and then training a related model;

the countermeasure is fed back to the testing party after the code is modified through AI, so that the contract code is updated and perfected, and the method comprises the following steps: setting an error processing mechanism for contract; limiting and managing resource usage by setting gas prices and restrictions; performing authorization and access control; verifying the reliability of the time stamp and the random number generation; recording logs of key operation of the contract, and performing security audit regularly; an update and repair mechanism for contracts is provided.

6. The AIGC-based blockchain smart contract IDE verification test system of claim 5, wherein the module M2 includes:

Module M2.1: preprocessing the new smart contract code, including removing annotations, formatting, and tokenizing;

module M2.2: extracting the same feature set as that during model training from a new intelligent contract code, wherein the feature set comprises variable names, function calls and control flow structures;

Module M2.3: loading a pre-trained AI model and inputting the extracted characteristic data;

module M2.4: analyzing the input intelligent contract code, marking errors or loopholes, and providing repair suggestions according to training data;

module M2.5: performing manual auditing and verification;

module M2.6: feedback on problems found in practical applications is integrated into the next iteration of the model to further optimize its performance.

7. The AIGC-based blockchain smart contract IDE verification test system of claim 5, wherein the module M6 includes:

Module M6.1: deploying the intelligent contract into a test network similar to the actual network, ensuring that the test is performed in a controlled environment;

Module M6.2: simulating a functional logic case test;

Normal operation test: simulating conventional contractual operations, including transfers and queries;

Abnormal condition test: simulating erroneous inputs and anomalies of operation beyond limits;

Role and rights test: simulating different user roles to operate, including an administrator and a common user;

module M6.3: attack testing;

Replay attack: attempting to resubmit using the previous transaction data;

logical vulnerability attack: attempting to operate with potential logical vulnerabilities in the contract code, including double payment, advance access to certain functions;

Denial of service attack: attempting to disable the contract by sending a large number of requests or utilizing certain characteristics of the contract;

Timing dependent attack: attempting to exploit characteristics of the blockchain network to conduct an attack, including transaction validation time;

Randomness attack: attempting to predict or affect the randomness of contracts that rely on random number generation;

Module M6.4: boundary testing;

Input/output boundary test: tests were performed using various extreme and boundary values, including maximum, minimum, negative, zero and null values;

time boundary test: contracts for time-dependent functions attempt to operate at various points in time.

8. The AIGC-based blockchain smart contract IDE verification test system as in claim 5, wherein the module M7 includes:

and (3) data collection: collecting the latest attack manipulation data including public security reports, vulnerability notices and research papers;

and (3) data processing: processing the collected data into a format suitable for AI learning, including extracting key features and labeling results;

data injection: injecting the processed data into an AI training data set;

model updating: training a new model and then replacing the old model;

Monitoring and feedback: and monitoring the performance of the AI, if a new problem or attack technique is found, collecting data, and then continuing to train the model.