Here we recall some blog articles that we have written since this summer, on the formal verification of the protocol of Tezos. For this project, we are verifying a code base of around 100,000 lines of OCaml code. We automatically convert the OCaml code to the proof system Coq using the converter coq-of-ocaml. We then apply various proof techniques to make sure that the protocol of Tezos does not contain bugs.
Our primary goal at Formal Land 🌲 is to make Tezos the first crypto-currency with a formally verified implementation. With formal verification, thanks to mathematical methods, we can check that a program behaves as expected for all possible inputs. Formal verification goes beyond what testing can do, as testing can only handle a finite amount of cases. That is critical as cryptocurrencies hold a large amount of money (around $3B for Tezos today). The current result of our verification project is available on nomadic-labs.gitlab.io/coq-tezos-of-ocaml. Formal verification is also key to allowing Tezos to evolve constantly in a safe and backward compatible manner.
Recently, we added two new blog posts about the verification of the crypto-currency Tezos:
- Verify the Michelson types of Mi-Cho-Coq to compare the types defined in the Tezos code for the Michelson interpreter and in the Mi-Cho-Coq library to verify smart contracts;
- Translate the Tenderbake's code to Coq to explain how we translated the recent changes in Tezos to the Coq using coq-of-ocaml. In particular we translated the code of the new Tenderbake consensus algorithm.
We also talked at the Lambda Lille Meetup (in French) to present our work on
coq-of-ocaml for Tezos. A video on the Youtube channel of the Meetup should be available shortly. We thanks the organizers for hosting the talk.