erigontech · yperbasis · Dec 6, 2022 · Dec 19, 2022 · Dec 8, 2022 · Dec 20, 2022
diff --git a/core/state_transition.go b/core/state_transition.go
@@ -17,6 +17,7 @@
 package core
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/holiman/uint256"
@@ -412,6 +413,13 @@ func (st *StateTransition) TransitionDb(refunds bool, gasBailout bool) (*Executi
 		// It does get incremented inside the `Create` call, after the computation
 		// of the contract's address, but before the execution of the code.
 		ret, _, st.gasRemaining, vmerr = st.evm.Create(sender, st.data, st.gasRemaining, st.value)
+		// Special case for EOF, if the initcode or deployed code is
+		// invalid, the tx is considered valid (so update nonce), but
+		// is to be treated as an exceptional abort (so burn all gas).
+		if errors.Is(vmerr, vm.ErrInvalidEOFInitcode) {
+			st.gasRemaining = 0
+			st.state.SetNonce(msg.From(), st.state.GetNonce(sender.Address())+1)
+		}
 	} else {
 		// Increment the nonce for the next transaction
 		st.state.SetNonce(msg.From(), st.state.GetNonce(sender.Address())+1)

diff --git a/core/vm/analysis.go b/core/vm/analysis.go
@@ -16,6 +16,50 @@
 
 package vm
 
+const (
+	set2BitsMask = uint16(0b11)
+	set3BitsMask = uint16(0b111)
+	set4BitsMask = uint16(0b1111)
+	set5BitsMask = uint16(0b1_1111)
+	set6BitsMask = uint16(0b11_1111)
+	set7BitsMask = uint16(0b111_1111)
+)
+
+// bitvec is a bit vector which maps bytes in a program.
+// An unset bit means the byte is an opcode, a set bit means
+// it's data (i.e. argument of PUSHxx).
+type bitvec []byte
+
+func (bits bitvec) set1(pos uint64) {
+	bits[pos/8] |= 1 << (pos % 8)
+}
+
+func (bits bitvec) setN(flag uint16, pos uint64) {
+	a := flag << (pos % 8)
+	bits[pos/8] |= byte(a)
+	if b := byte(a >> 8); b != 0 {
+		bits[pos/8+1] = b
+	}
+}
+
+func (bits bitvec) set8(pos uint64) {
+	a := byte(0xFF << (pos % 8))
+	bits[pos/8] |= a
+	bits[pos/8+1] = ^a
+}
+
+func (bits bitvec) set16(pos uint64) {
+	a := byte(0xFF << (pos % 8))
+	bits[pos/8] |= a
+	bits[pos/8+1] = 0xFF
+	bits[pos/8+2] = ^a
+}
+
+// codeSegment checks if the position is in a code segment.
+func (bits *bitvec) codeSegment(pos uint64) bool {
+	return (((*bits)[pos/8] >> (pos % 8)) & 1) == 0
+}
+
 // codeBitmap collects data locations in code.
 func codeBitmap(code []byte) []uint64 {
 	// The bitmap is 4 bytes longer than necessary, in case the code
@@ -41,3 +85,87 @@ func codeBitmap(code []byte) []uint64 {
 	}
 	return bits
 }
+
+// eofCodeBitmap collects data locations in code.
+func eofCodeBitmap(code []byte) bitvec {
+	// The bitmap is 4 bytes longer than necessary, in case the code
+	// ends with a PUSH32, the algorithm will push zeroes onto the
+	// bitvector outside the bounds of the actual code.
+	bits := make(bitvec, len(code)/8+1+4)
+	return eofCodeBitmapInternal(code, bits)
+}
+
+// eofCodeBitmapInternal is the internal implementation of codeBitmap for EOF
+// code validation.
+func eofCodeBitmapInternal(code, bits bitvec) bitvec {
+	for pc := uint64(0); pc < uint64(len(code)); {
+		var (
+			op      = OpCode(code[pc])
+			numbits uint8
+		)
+		pc++
+
+		switch {
+		case op >= PUSH1 && op <= PUSH32:
+			numbits = uint8(op - PUSH1 + 1)
+		case op == RJUMP || op == RJUMPI:
+			numbits = 2
+		case op == RJUMPV:
+			// RJUMPV is unique as it has a variable sized operand.
+			// The total size is determined by the count byte which
+			// immediate proceeds RJUMPV. Truncation will be caught
+			// in other validation steps -- for now, just return a
+			// valid bitmap for as much of the code as is
+			// available.
+			end := uint64(len(code))
+			if pc >= end {
+				// Count missing, no more bits to mark.
+				return bits
+			}
+			numbits = code[pc]*2 + 1
+			if pc+uint64(numbits) > end {
+				// Jump table is truncated, mark as many bits
+				// as possible.
+				numbits = uint8(end - pc)
+			}
+		default:
+			// Op had no immediate operand, continue.
+			continue
+		}
+
+		if numbits >= 8 {
+			for ; numbits >= 16; numbits -= 16 {
+				bits.set16(pc)
+				pc += 16
+			}
+			for ; numbits >= 8; numbits -= 8 {
+				bits.set8(pc)
+				pc += 8
+			}
+		}
+		switch numbits {
+		case 1:
+			bits.set1(pc)
+			pc += 1
+		case 2:
+			bits.setN(set2BitsMask, pc)
+			pc += 2
+		case 3:
+			bits.setN(set3BitsMask, pc)
+			pc += 3
+		case 4:
+			bits.setN(set4BitsMask, pc)
+			pc += 4
+		case 5:
+			bits.setN(set5BitsMask, pc)
+			pc += 5
+		case 6:
+			bits.setN(set6BitsMask, pc)
+			pc += 6
+		case 7:
+			bits.setN(set7BitsMask, pc)
+			pc += 7
+		}
+	}
+	return bits
+}
diff --git a/core/vm/analysis_test.go b/core/vm/analysis_test.go
@@ -17,6 +17,7 @@
 package vm
 
 import (
+	"encoding/binary"
 	"testing"
 
 	"github.com/holiman/uint256"
@@ -25,6 +26,18 @@ import (
 	"github.com/ledgerwatch/erigon/crypto"
 )
 
+func bitvecToUint64Slice(b bitvec) []uint64 {
+	n := (len(b) + 7) / 8
+	padded := make([]byte, n*8)
+	copy(padded, b)
+
+	res := make([]uint64, n)
+	for i := 0; i < n; i++ {
+		res[i] = binary.LittleEndian.Uint64(padded[i*8:])
+	}
+	return res
+}
+
 func TestJumpDestAnalysis(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
@@ -49,6 +62,28 @@ func TestJumpDestAnalysis(t *testing.T) {
 		if ret[test.which] != test.exp {
 			t.Fatalf("expected %x, got %02x", test.exp, ret[test.which])
 		}
+		retEof := bitvecToUint64Slice(eofCodeBitmap(test.code))
+		if retEof[test.which] != test.exp {
+			t.Fatalf("eof expected %x, got %02x", test.exp, retEof[test.which])
+		}
+	}
+}
+
+func TestEOFAnalysis(t *testing.T) {
+	tests := []struct {
+		code  []byte
+		exp   byte
+		which int
+	}{
+		{[]byte{byte(RJUMP), 0x01, 0x01, 0x01}, 0b0000_0110, 0},
+		{[]byte{byte(RJUMPI), byte(RJUMP), byte(RJUMP), byte(RJUMPI)}, 0b0011_0110, 0},
+		{[]byte{byte(RJUMPV), 0x02, byte(RJUMP), 0x00, byte(RJUMPI), 0x00}, 0b0011_1110, 0},
+	}
+	for i, test := range tests {
+		ret := eofCodeBitmap(test.code)
+		if ret[test.which] != test.exp {
+			t.Fatalf("test %d: expected %x, got %02x", i, test.exp, ret[test.which])
+		}
 	}
 }
 
@@ -101,3 +136,20 @@ func BenchmarkJumpDest(b *testing.B) {
 		b.StopTimer()
 	}
 }
+
+func TestCodeAnalysis(t *testing.T) {
+	for _, tc := range []string{
+		"5e30303030",
+	} {
+		eofCodeBitmap(libcommon.FromHex(tc))
+		codeBitmap(libcommon.FromHex(tc))
+	}
+}
+
+func FuzzCodeAnalysis(f *testing.F) {
+	f.Add(libcommon.FromHex("5e30303030"))
+	f.Fuzz(func(t *testing.T, data []byte) {
+		eofCodeBitmap(data)
+		codeBitmap(data)
+	})
+}
diff --git a/core/vm/contract.go b/core/vm/contract.go
@@ -51,10 +51,11 @@ type Contract struct {
 	analysis      []uint64                    // Locally cached result of JUMPDEST analysis
 	skipAnalysis  bool
 
-	Code     []byte
-	CodeHash libcommon.Hash
-	CodeAddr *libcommon.Address
-	Input    []byte
+	Code      []byte
+	Container *Container
+	CodeHash  libcommon.Hash
+	CodeAddr  *libcommon.Address
+	Input     []byte
 
 	Gas   uint64
 	value *uint256.Int
@@ -184,10 +185,30 @@ func (c *Contract) Value() *uint256.Int {
 	return c.value
 }
 
+// IsEOF returns whether the contract is EOF.
+func (c *Contract) IsEOF() bool {
+	return c.Container != nil
+}
+
+func (c *Contract) CodeAt(section uint64) []byte {
+	if c.Container == nil {
+		return c.Code
+	}
+	return c.Container.Code[section]
+}
+
+func (c *Contract) Data() []byte {
+	// if c.Container == nil {
+	// 	return nil
+	// }
+	return c.Container.Data
+}
+
 // SetCallCode sets the code of the contract and address of the backing data
 // object
-func (c *Contract) SetCallCode(addr *libcommon.Address, hash libcommon.Hash, code []byte) {
+func (c *Contract) SetCallCode(addr *libcommon.Address, hash libcommon.Hash, code []byte, container *Container) {
 	c.Code = code
+	c.Container = container
 	c.CodeHash = hash
 	c.CodeAddr = addr
 }