Translation certification for smart contracts

Jacco O.G. Krijnen; Manuel M.T. Chakravarty; Gabriele Keller; Wouter Swierstra

doi:10.1016/j.scico.2023.103051

Translation certification for smart contracts

Jacco O.G. Krijnen^*, Manuel M.T. Chakravarty^*, Gabriele Keller^*, Wouter Swierstra^*

^*Corresponding author for this work

Sub Software Technology

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

Compiler correctness is an old problem, but with the emergence of smart contracts on blockchains that problem presents itself in a new light. Smart contracts are self-contained pieces of software that control (valuable) assets in an adversarial environment; once committed to the blockchain, these smart contracts cannot be modified. Smart contracts are typically developed in a high-level contract language and compiled to low-level virtual machine code before being committed to the blockchain. For a smart contract user to trust a given piece of low-level code on the blockchain, they must convince themselves that (a) they are in possession of the matching source code and (b) that the compiler has correctly translated the source code to the given low-level code. Classic approaches to compiler correctness tackle the second point. We argue that translation certification also squarely addresses the first. We describe the proof architecture of a translation certification framework and demonstrate how we can model the compilation pipeline as a sequence of translation relations. We give a detailed account of such relations for most passes of the Plutus Tx compiler, which we formalised in Coq. This approach facilitates a modular verification methodology and is robust in the face of an evolving compiler implementation.

Original language	English
Article number	103051
Number of pages	25
Journal	Science of Computer Programming
Volume	233
DOIs	https://doi.org/10.1016/j.scico.2023.103051
Publication status	Published - Mar 2024

Bibliographical note

Publisher Copyright:
© 2023 The Authors

Funding

This work was jointly funded by IOG and NWO in the project on A certifying compiler for smart contracts ( ENPPS.LIFT.019.032 ). Furthermore, we would like to thank Michael Peyton Jones for his feedback and Joris Dral for his contributions in the Coq implementation.

Funders	Funder number
IOG
Nederlandse Organisatie voor Wetenschappelijk Onderzoek	ENPPS.LIFT.019.032

Keywords

Certified compilation
Compiler correctness
Smart contracts
Translation validation

Access to Document

10.1016/j.scico.2023.103051Licence: CC BY

1-s2.0-S0167642323001338-mainFinal published version, 987 KBLicence: CC BY

Cite this

@article{3bf37ef4e15f4eed9f5a24d8d0607100,

title = "Translation certification for smart contracts",

abstract = "Compiler correctness is an old problem, but with the emergence of smart contracts on blockchains that problem presents itself in a new light. Smart contracts are self-contained pieces of software that control (valuable) assets in an adversarial environment; once committed to the blockchain, these smart contracts cannot be modified. Smart contracts are typically developed in a high-level contract language and compiled to low-level virtual machine code before being committed to the blockchain. For a smart contract user to trust a given piece of low-level code on the blockchain, they must convince themselves that (a) they are in possession of the matching source code and (b) that the compiler has correctly translated the source code to the given low-level code. Classic approaches to compiler correctness tackle the second point. We argue that translation certification also squarely addresses the first. We describe the proof architecture of a translation certification framework and demonstrate how we can model the compilation pipeline as a sequence of translation relations. We give a detailed account of such relations for most passes of the Plutus Tx compiler, which we formalised in Coq. This approach facilitates a modular verification methodology and is robust in the face of an evolving compiler implementation.",

keywords = "Certified compilation, Compiler correctness, Smart contracts, Translation validation",

author = "Krijnen, \{Jacco O.G.\} and Chakravarty, \{Manuel M.T.\} and Gabriele Keller and Wouter Swierstra",

note = "Publisher Copyright: {\textcopyright} 2023 The Authors",

year = "2024",

month = mar,

doi = "10.1016/j.scico.2023.103051",

language = "English",

volume = "233",

journal = "Science of Computer Programming",

issn = "0167-6423",

publisher = "Elsevier BV",

}

TY - JOUR

T1 - Translation certification for smart contracts

AU - Krijnen, Jacco O.G.

AU - Chakravarty, Manuel M.T.

AU - Keller, Gabriele

AU - Swierstra, Wouter

PY - 2024/3

Y1 - 2024/3

N2 - Compiler correctness is an old problem, but with the emergence of smart contracts on blockchains that problem presents itself in a new light. Smart contracts are self-contained pieces of software that control (valuable) assets in an adversarial environment; once committed to the blockchain, these smart contracts cannot be modified. Smart contracts are typically developed in a high-level contract language and compiled to low-level virtual machine code before being committed to the blockchain. For a smart contract user to trust a given piece of low-level code on the blockchain, they must convince themselves that (a) they are in possession of the matching source code and (b) that the compiler has correctly translated the source code to the given low-level code. Classic approaches to compiler correctness tackle the second point. We argue that translation certification also squarely addresses the first. We describe the proof architecture of a translation certification framework and demonstrate how we can model the compilation pipeline as a sequence of translation relations. We give a detailed account of such relations for most passes of the Plutus Tx compiler, which we formalised in Coq. This approach facilitates a modular verification methodology and is robust in the face of an evolving compiler implementation.

AB - Compiler correctness is an old problem, but with the emergence of smart contracts on blockchains that problem presents itself in a new light. Smart contracts are self-contained pieces of software that control (valuable) assets in an adversarial environment; once committed to the blockchain, these smart contracts cannot be modified. Smart contracts are typically developed in a high-level contract language and compiled to low-level virtual machine code before being committed to the blockchain. For a smart contract user to trust a given piece of low-level code on the blockchain, they must convince themselves that (a) they are in possession of the matching source code and (b) that the compiler has correctly translated the source code to the given low-level code. Classic approaches to compiler correctness tackle the second point. We argue that translation certification also squarely addresses the first. We describe the proof architecture of a translation certification framework and demonstrate how we can model the compilation pipeline as a sequence of translation relations. We give a detailed account of such relations for most passes of the Plutus Tx compiler, which we formalised in Coq. This approach facilitates a modular verification methodology and is robust in the face of an evolving compiler implementation.

KW - Certified compilation

KW - Compiler correctness

KW - Smart contracts

KW - Translation validation

UR - http://www.scopus.com/inward/record.url?scp=85177875776&partnerID=8YFLogxK

U2 - 10.1016/j.scico.2023.103051

DO - 10.1016/j.scico.2023.103051

M3 - Article

SN - 0167-6423

VL - 233

JO - Science of Computer Programming

JF - Science of Computer Programming

M1 - 103051

ER -

Translation certification for smart contracts

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this