/*
This file is part of solidity.
solidity is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
solidity is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with solidity. If not, see .
*/
// SPDX-License-Identifier: GPL-3.0
/**
* Yul interpreter module that evaluates EVM instructions.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
using namespace std;
using namespace solidity;
using namespace solidity::evmasm;
using namespace solidity::yul;
using namespace solidity::yul::test;
using solidity::util::h160;
using solidity::util::h256;
using solidity::util::keccak256;
namespace
{
/// Reads 32 bytes from @a _data at position @a _offset bytes while
/// interpreting @a _data to be padded with an infinite number of zero
/// bytes beyond its end.
u256 readZeroExtended(bytes const& _data, u256 const& _offset)
{
if (_offset >= _data.size())
return 0;
else if (_offset + 32 <= _data.size())
return *reinterpret_cast(_data.data() + static_cast(_offset));
else
{
size_t off = static_cast(_offset);
u256 val;
for (size_t i = 0; i < 32; ++i)
{
val <<= 8;
if (off + i < _data.size())
val += _data[off + i];
}
return val;
}
}
}
namespace solidity::yul::test
{
/// Copy @a _size bytes of @a _source at offset @a _sourceOffset to
/// @a _target at offset @a _targetOffset. Behaves as if @a _source would
/// continue with an infinite sequence of zero bytes beyond its end.
void copyZeroExtended(
map& _target, bytes const& _source,
size_t _targetOffset, size_t _sourceOffset, size_t _size
)
{
for (size_t i = 0; i < _size; ++i)
_target[_targetOffset + i] = _sourceOffset + i < _source.size() ? _source[_sourceOffset + i] : 0;
}
}
using u512 = boost::multiprecision::number>;
u256 EVMInstructionInterpreter::eval(
evmasm::Instruction _instruction,
vector const& _arguments
)
{
using namespace solidity::evmasm;
using evmasm::Instruction;
auto info = instructionInfo(_instruction);
yulAssert(static_cast(info.args) == _arguments.size(), "");
auto const& arg = _arguments;
switch (_instruction)
{
case Instruction::STOP:
logTrace(_instruction);
BOOST_THROW_EXCEPTION(ExplicitlyTerminated());
// --------------- arithmetic ---------------
case Instruction::ADD:
return arg[0] + arg[1];
case Instruction::MUL:
return arg[0] * arg[1];
case Instruction::SUB:
return arg[0] - arg[1];
case Instruction::DIV:
return arg[1] == 0 ? 0 : arg[0] / arg[1];
case Instruction::SDIV:
return arg[1] == 0 ? 0 : s2u(u2s(arg[0]) / u2s(arg[1]));
case Instruction::MOD:
return arg[1] == 0 ? 0 : arg[0] % arg[1];
case Instruction::SMOD:
return arg[1] == 0 ? 0 : s2u(u2s(arg[0]) % u2s(arg[1]));
case Instruction::EXP:
return exp256(arg[0], arg[1]);
case Instruction::NOT:
return ~arg[0];
case Instruction::LT:
return arg[0] < arg[1] ? 1 : 0;
case Instruction::GT:
return arg[0] > arg[1] ? 1 : 0;
case Instruction::SLT:
return u2s(arg[0]) < u2s(arg[1]) ? 1 : 0;
case Instruction::SGT:
return u2s(arg[0]) > u2s(arg[1]) ? 1 : 0;
case Instruction::EQ:
return arg[0] == arg[1] ? 1 : 0;
case Instruction::ISZERO:
return arg[0] == 0 ? 1 : 0;
case Instruction::AND:
return arg[0] & arg[1];
case Instruction::OR:
return arg[0] | arg[1];
case Instruction::XOR:
return arg[0] ^ arg[1];
case Instruction::BYTE:
return arg[0] >= 32 ? 0 : (arg[1] >> unsigned(8 * (31 - arg[0]))) & 0xff;
case Instruction::SHL:
return arg[0] > 255 ? 0 : (arg[1] << unsigned(arg[0]));
case Instruction::SHR:
return arg[0] > 255 ? 0 : (arg[1] >> unsigned(arg[0]));
case Instruction::SAR:
{
static u256 const hibit = u256(1) << 255;
if (arg[0] >= 256)
return arg[1] & hibit ? u256(-1) : 0;
else
{
unsigned amount = unsigned(arg[0]);
u256 v = arg[1] >> amount;
if (arg[1] & hibit)
v |= u256(-1) << (256 - amount);
return v;
}
}
case Instruction::ADDMOD:
return arg[2] == 0 ? 0 : u256((u512(arg[0]) + u512(arg[1])) % arg[2]);
case Instruction::MULMOD:
return arg[2] == 0 ? 0 : u256((u512(arg[0]) * u512(arg[1])) % arg[2]);
case Instruction::SIGNEXTEND:
if (arg[0] >= 31)
return arg[1];
else
{
unsigned testBit = unsigned(arg[0]) * 8 + 7;
u256 ret = arg[1];
u256 mask = ((u256(1) << testBit) - 1);
if (boost::multiprecision::bit_test(ret, testBit))
ret |= ~mask;
else
ret &= mask;
return ret;
}
// --------------- blockchain stuff ---------------
case Instruction::KECCAK256:
{
if (!accessMemory(arg[0], arg[1]))
return u256("0x1234cafe1234cafe1234cafe") + arg[0];
uint64_t offset = uint64_t(arg[0] & uint64_t(-1));
uint64_t size = uint64_t(arg[1] & uint64_t(-1));
return u256(keccak256(m_state.readMemory(offset, size)));
}
case Instruction::ADDRESS:
return h256(m_state.address, h256::AlignRight);
case Instruction::BALANCE:
if (arg[0] == h256(m_state.address, h256::AlignRight))
return m_state.selfbalance;
else
return m_state.balance;
case Instruction::SELFBALANCE:
return m_state.selfbalance;
case Instruction::ORIGIN:
return h256(m_state.origin, h256::AlignRight);
case Instruction::CALLER:
return h256(m_state.caller, h256::AlignRight);
case Instruction::CALLVALUE:
return m_state.callvalue;
case Instruction::CALLDATALOAD:
return readZeroExtended(m_state.calldata, arg[0]);
case Instruction::CALLDATASIZE:
return m_state.calldata.size();
case Instruction::CALLDATACOPY:
logTrace(_instruction, arg);
if (accessMemory(arg[0], arg[2]))
copyZeroExtended(
m_state.memory, m_state.calldata,
size_t(arg[0]), size_t(arg[1]), size_t(arg[2])
);
return 0;
case Instruction::CODESIZE:
return m_state.code.size();
case Instruction::CODECOPY:
logTrace(_instruction, arg);
if (accessMemory(arg[0], arg[2]))
copyZeroExtended(
m_state.memory, m_state.code,
size_t(arg[0]), size_t(arg[1]), size_t(arg[2])
);
return 0;
case Instruction::GASPRICE:
return m_state.gasprice;
case Instruction::CHAINID:
return m_state.chainid;
case Instruction::BASEFEE:
return m_state.basefee;
case Instruction::EXTCODESIZE:
return u256(keccak256(h256(arg[0]))) & 0xffffff;
case Instruction::EXTCODEHASH:
return u256(keccak256(h256(arg[0] + 1)));
case Instruction::EXTCODECOPY:
logTrace(_instruction, arg);
if (accessMemory(arg[1], arg[3]))
// TODO this way extcodecopy and codecopy do the same thing.
copyZeroExtended(
m_state.memory, m_state.code,
size_t(arg[1]), size_t(arg[2]), size_t(arg[3])
);
return 0;
case Instruction::RETURNDATASIZE:
return m_state.returndata.size();
case Instruction::RETURNDATACOPY:
logTrace(_instruction, arg);
if (accessMemory(arg[0], arg[2]))
copyZeroExtended(
m_state.memory, m_state.returndata,
size_t(arg[0]), size_t(arg[1]), size_t(arg[2])
);
return 0;
case Instruction::BLOCKHASH:
if (arg[0] >= m_state.blockNumber || arg[0] + 256 < m_state.blockNumber)
return 0;
else
return 0xaaaaaaaa + (arg[0] - m_state.blockNumber - 256);
case Instruction::COINBASE:
return h256(m_state.coinbase, h256::AlignRight);
case Instruction::TIMESTAMP:
return m_state.timestamp;
case Instruction::NUMBER:
return m_state.blockNumber;
case Instruction::DIFFICULTY:
return m_state.difficulty;
case Instruction::GASLIMIT:
return m_state.gaslimit;
// --------------- memory / storage / logs ---------------
case Instruction::MLOAD:
accessMemory(arg[0], 0x20);
return readMemoryWord(arg[0]);
case Instruction::MSTORE:
accessMemory(arg[0], 0x20);
writeMemoryWord(arg[0], arg[1]);
return 0;
case Instruction::MSTORE8:
accessMemory(arg[0], 1);
m_state.memory[arg[0]] = uint8_t(arg[1] & 0xff);
return 0;
case Instruction::SLOAD:
return m_state.storage[h256(arg[0])];
case Instruction::SSTORE:
m_state.storage[h256(arg[0])] = h256(arg[1]);
return 0;
case Instruction::PC:
return 0x77;
case Instruction::MSIZE:
return m_state.msize;
case Instruction::GAS:
return 0x99;
case Instruction::LOG0:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
return 0;
case Instruction::LOG1:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
return 0;
case Instruction::LOG2:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
return 0;
case Instruction::LOG3:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
return 0;
case Instruction::LOG4:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
return 0;
// --------------- calls ---------------
case Instruction::CREATE:
accessMemory(arg[1], arg[2]);
logTrace(_instruction, arg);
return (0xcccccc + arg[1]) & u256("0xffffffffffffffffffffffffffffffffffffffff");
case Instruction::CREATE2:
accessMemory(arg[1], arg[2]);
logTrace(_instruction, arg);
return (0xdddddd + arg[1]) & u256("0xffffffffffffffffffffffffffffffffffffffff");
case Instruction::CALL:
case Instruction::CALLCODE:
accessMemory(arg[3], arg[4]);
accessMemory(arg[5], arg[6]);
logTrace(_instruction, arg);
// Randomly fail based on the called address if it isn't a call to self.
// Used for fuzzing.
return (
(arg[0] > 0) &&
(arg[1] == util::h160::Arith(m_state.address) || (arg[1] & 1))
) ? 1 : 0;
case Instruction::DELEGATECALL:
case Instruction::STATICCALL:
accessMemory(arg[2], arg[3]);
accessMemory(arg[4], arg[5]);
logTrace(_instruction, arg);
// Randomly fail based on the called address if it isn't a call to self.
// Used for fuzzing.
return (
(arg[0] > 0) &&
(arg[1] == util::h160::Arith(m_state.address) || (arg[1] & 1))
) ? 1 : 0;
case Instruction::RETURN:
{
m_state.returndata = {};
if (accessMemory(arg[0], arg[1]))
m_state.returndata = m_state.readMemory(arg[0], arg[1]);
logTrace(_instruction, arg, m_state.returndata);
BOOST_THROW_EXCEPTION(ExplicitlyTerminatedWithReturn());
}
case Instruction::REVERT:
accessMemory(arg[0], arg[1]);
logTrace(_instruction, arg);
m_state.storage.clear();
m_state.trace.clear();
BOOST_THROW_EXCEPTION(ExplicitlyTerminated());
case Instruction::INVALID:
logTrace(_instruction);
m_state.storage.clear();
m_state.trace.clear();
BOOST_THROW_EXCEPTION(ExplicitlyTerminated());
case Instruction::SELFDESTRUCT:
logTrace(_instruction, arg);
m_state.storage.clear();
m_state.trace.clear();
BOOST_THROW_EXCEPTION(ExplicitlyTerminated());
case Instruction::POP:
break;
// --------------- invalid in strict assembly ---------------
case Instruction::JUMP:
case Instruction::JUMPI:
case Instruction::JUMPDEST:
case Instruction::PUSH1:
case Instruction::PUSH2:
case Instruction::PUSH3:
case Instruction::PUSH4:
case Instruction::PUSH5:
case Instruction::PUSH6:
case Instruction::PUSH7:
case Instruction::PUSH8:
case Instruction::PUSH9:
case Instruction::PUSH10:
case Instruction::PUSH11:
case Instruction::PUSH12:
case Instruction::PUSH13:
case Instruction::PUSH14:
case Instruction::PUSH15:
case Instruction::PUSH16:
case Instruction::PUSH17:
case Instruction::PUSH18:
case Instruction::PUSH19:
case Instruction::PUSH20:
case Instruction::PUSH21:
case Instruction::PUSH22:
case Instruction::PUSH23:
case Instruction::PUSH24:
case Instruction::PUSH25:
case Instruction::PUSH26:
case Instruction::PUSH27:
case Instruction::PUSH28:
case Instruction::PUSH29:
case Instruction::PUSH30:
case Instruction::PUSH31:
case Instruction::PUSH32:
case Instruction::DUP1:
case Instruction::DUP2:
case Instruction::DUP3:
case Instruction::DUP4:
case Instruction::DUP5:
case Instruction::DUP6:
case Instruction::DUP7:
case Instruction::DUP8:
case Instruction::DUP9:
case Instruction::DUP10:
case Instruction::DUP11:
case Instruction::DUP12:
case Instruction::DUP13:
case Instruction::DUP14:
case Instruction::DUP15:
case Instruction::DUP16:
case Instruction::SWAP1:
case Instruction::SWAP2:
case Instruction::SWAP3:
case Instruction::SWAP4:
case Instruction::SWAP5:
case Instruction::SWAP6:
case Instruction::SWAP7:
case Instruction::SWAP8:
case Instruction::SWAP9:
case Instruction::SWAP10:
case Instruction::SWAP11:
case Instruction::SWAP12:
case Instruction::SWAP13:
case Instruction::SWAP14:
case Instruction::SWAP15:
case Instruction::SWAP16:
{
yulAssert(false, "");
return 0;
}
}
return 0;
}
u256 EVMInstructionInterpreter::evalBuiltin(
BuiltinFunctionForEVM const& _fun,
vector const& _arguments,
vector const& _evaluatedArguments
)
{
if (_fun.instruction)
return eval(*_fun.instruction, _evaluatedArguments);
string fun = _fun.name.str();
// Evaluate datasize/offset/copy instructions
if (fun == "datasize" || fun == "dataoffset")
{
string arg = std::get(_arguments.at(0)).value.str();
if (arg.length() < 32)
arg.resize(32, 0);
if (fun == "datasize")
return u256(keccak256(arg)) & 0xfff;
else
{
// Force different value than for datasize
arg[31]++;
arg[31]++;
return u256(keccak256(arg)) & 0xfff;
}
}
else if (fun == "datacopy")
{
// This is identical to codecopy.
if (accessMemory(_evaluatedArguments.at(0), _evaluatedArguments.at(2)))
copyZeroExtended(
m_state.memory,
m_state.code,
size_t(_evaluatedArguments.at(0)),
size_t(_evaluatedArguments.at(1) & numeric_limits::max()),
size_t(_evaluatedArguments.at(2))
);
return 0;
}
else if (fun == "memoryguard")
return _evaluatedArguments.at(0);
else
yulAssert(false, "Unknown builtin: " + fun);
return 0;
}
bool EVMInstructionInterpreter::accessMemory(u256 const& _offset, u256 const& _size)
{
if (((_offset + _size) >= _offset) && ((_offset + _size + 0x1f) >= (_offset + _size)))
{
u256 newSize = (_offset + _size + 0x1f) & ~u256(0x1f);
m_state.msize = max(m_state.msize, newSize);
// We only record accesses to contiguous memory chunks that are at most 0xffff bytes
// in size and at an offset of at most numeric_limits::max() - 0xffff
return _size <= 0xffff && _offset <= u256(numeric_limits::max() - 0xffff);
}
else
m_state.msize = u256(-1);
return false;
}
u256 EVMInstructionInterpreter::readMemoryWord(u256 const& _offset)
{
return u256(h256(m_state.readMemory(_offset, 32)));
}
void EVMInstructionInterpreter::writeMemoryWord(u256 const& _offset, u256 const& _value)
{
for (size_t i = 0; i < 32; i++)
m_state.memory[_offset + i] = uint8_t((_value >> (8 * (31 - i))) & 0xff);
}
void EVMInstructionInterpreter::logTrace(
evmasm::Instruction _instruction,
std::vector const& _arguments,
bytes const& _data
)
{
logTrace(
evmasm::instructionInfo(_instruction).name,
SemanticInformation::memory(_instruction) == SemanticInformation::Effect::Write,
_arguments,
_data
);
}
void EVMInstructionInterpreter::logTrace(
std::string const& _pseudoInstruction,
bool _writesToMemory,
std::vector const& _arguments,
bytes const& _data
)
{
if (!(_writesToMemory && memWriteTracingDisabled()))
{
string message = _pseudoInstruction + "(";
for (size_t i = 0; i < _arguments.size(); ++i)
message += (i > 0 ? ", " : "") + formatNumber(_arguments[i]);
message += ")";
if (!_data.empty())
message += " [" + util::toHex(_data) + "]";
m_state.trace.emplace_back(std::move(message));
if (m_state.maxTraceSize > 0 && m_state.trace.size() >= m_state.maxTraceSize)
{
m_state.trace.emplace_back("Trace size limit reached.");
BOOST_THROW_EXCEPTION(TraceLimitReached());
}
}
}