I join Ethereum as an official verification engineer. My reasoning: formal verification has meaning as a profession only in a rare situation where
- The verification target follows short and simple rules (EVM);
- The target has a lot of value (ETH and other tokens);
- The objective is delicate enough to do well (any non -trivial program);
- And the community is aware that it is important to do things well (perhaps).
My last job as a formal verification engineer prepared me for this challenge. Besides, around Ethereum, I played with two projects: an online service called Dr Y Ethereum contract analysis And A GitHub repository containing rooster evidence. These projects are at the opposite extremes of a spectrum between an automatic analyzer and a development of manual evidence.
Given the collective impact on the entire ecosystem, I am attracted by an automatic analyzer integrated into a compiler. Many people would direct him and some would notice his warnings. On the other hand, as any surprising behavior can be considered a bug, any surprise must be deleted, but computers cannot feel human expectations. To talk about human expectations for machines, some manual efforts are necessary. Contractual developers must specify the contract in a machine readable by machine and give advice to machines why the implementation corresponds to the specification (in most cases, the machine wants more and more indices until humans make a bug, frequently in the specification). This is a high intensity of labor, but these manual efforts are justifiable when a contract is designed to transport several million dollars.
Having a person dedicated to formal methods not only gives us the possibility of moving more quickly in this important but also fruitful area, we hope that we will also allow us to better communicate with the academic world in order to link the various singular projects that have appeared in recent weeks.
Here are some projects that we would like to tackle in the future, most of them will probably be carried out in cooperation with other teams.
Solidity:
- Extend solidity to the translation of Why3 in the complete solidity language (perhaps switch to F *)
- Formal specification of solidity
- Syntax and semantics of modal logics for reasoning on several parts
Community:
- Creation of a form of formal verification projects on Ethereum
- Buggy solidity codes collection for the analysis of automatic analyzers
- Analysis of contracts deployed on blockchain for vulnerabilities (linked: Oyente tool))
Tools:
- Provide formalization readable by humans and EVM machine, which can also be executed
- Develop officially verified libraries in EVM bytecode or Solidey
- Develop a formally verified compiler for a small language
- Explore the language potential focused on interaction (“If x is going, then do Y; you can only do Z if you have done one”)
