plonky2/evm/src/generation/state.rs

use std::collections::HashMap;

use ethereum_types::{Address, BigEndianHash, H160, H256, U256};
use keccak_hash::keccak;
use plonky2::field::types::Field;

use crate::cpu::kernel::aggregator::KERNEL;
use crate::cpu::kernel::constants::context_metadata::ContextMetadata;
use crate::generation::mpt::all_mpt_prover_inputs_reversed;
use crate::generation::rlp::all_rlp_prover_inputs_reversed;
use crate::generation::GenerationInputs;
use crate::memory::segments::Segment;
use crate::util::u256_to_usize;
use crate::witness::errors::ProgramError;
use crate::witness::memory::{MemoryAddress, MemoryState};
use crate::witness::state::RegistersState;
use crate::witness::traces::{TraceCheckpoint, Traces};
use crate::witness::util::stack_peek;

pub(crate) struct GenerationStateCheckpoint {
    pub(crate) registers: RegistersState,
    pub(crate) traces: TraceCheckpoint,
}

#[derive(Debug)]
pub(crate) struct GenerationState<F: Field> {
    pub(crate) inputs: GenerationInputs,
    pub(crate) registers: RegistersState,
    pub(crate) memory: MemoryState,
    pub(crate) traces: Traces<F>,

    pub(crate) next_txn_index: usize,

    /// Prover inputs containing MPT data, in reverse order so that the next input can be obtained
    /// via `pop()`.
    pub(crate) mpt_prover_inputs: Vec<U256>,

    /// Prover inputs containing RLP data, in reverse order so that the next input can be obtained
    /// via `pop()`.
    pub(crate) rlp_prover_inputs: Vec<U256>,

    /// The state trie only stores state keys, which are hashes of addresses, but sometimes it is
    /// useful to see the actual addresses for debugging. Here we store the mapping for all known
    /// addresses.
    pub(crate) state_key_to_address: HashMap<H256, Address>,

    /// Prover inputs containing the result of a MODMUL operation, in little-endian order (so that
    /// inputs are obtained in big-endian order via `pop()`). Contains both the remainder and the
    /// quotient, in that order.
    pub(crate) bignum_modmul_result_limbs: Vec<U256>,
}

impl<F: Field> GenerationState<F> {
    pub(crate) fn new(inputs: GenerationInputs, kernel_code: &[u8]) -> Result<Self, ProgramError> {
        log::debug!("Input signed_txns: {:?}", &inputs.signed_txns);
        log::debug!("Input state_trie: {:?}", &inputs.tries.state_trie);
        log::debug!(
            "Input transactions_trie: {:?}",
            &inputs.tries.transactions_trie
        );
        log::debug!("Input receipts_trie: {:?}", &inputs.tries.receipts_trie);
        log::debug!("Input storage_tries: {:?}", &inputs.tries.storage_tries);
        log::debug!("Input contract_code: {:?}", &inputs.contract_code);
        let mpt_prover_inputs = all_mpt_prover_inputs_reversed(&inputs.tries)?;
        let rlp_prover_inputs = all_rlp_prover_inputs_reversed(&inputs.signed_txns);
        let bignum_modmul_result_limbs = Vec::new();

        Ok(Self {
            inputs,
            registers: Default::default(),
            memory: MemoryState::new(kernel_code),
            traces: Traces::default(),
            next_txn_index: 0,
            mpt_prover_inputs,
            rlp_prover_inputs,
            state_key_to_address: HashMap::new(),
            bignum_modmul_result_limbs,
        })
    }

    /// Updates `program_counter`, and potentially adds some extra handling if we're jumping to a
    /// special location.
    pub fn jump_to(&mut self, dst: usize) -> Result<(), ProgramError> {
        self.registers.program_counter = dst;
        if dst == KERNEL.global_labels["observe_new_address"] {
            let tip_u256 = stack_peek(self, 0)?;
            let tip_h256 = H256::from_uint(&tip_u256);
            let tip_h160 = H160::from(tip_h256);
            self.observe_address(tip_h160);
        } else if dst == KERNEL.global_labels["observe_new_contract"] {
            let tip_u256 = stack_peek(self, 0)?;
            let tip_h256 = H256::from_uint(&tip_u256);
            self.observe_contract(tip_h256)?;
        }

        Ok(())
    }

    /// Observe the given address, so that we will be able to recognize the associated state key.
    /// This is just for debugging purposes.
    pub fn observe_address(&mut self, address: Address) {
        let state_key = keccak(address.0);
        self.state_key_to_address.insert(state_key, address);
    }

    /// Observe the given code hash and store the associated code.
    /// When called, the code corresponding to `codehash` should be stored in the return data.
    pub fn observe_contract(&mut self, codehash: H256) -> Result<(), ProgramError> {
        if self.inputs.contract_code.contains_key(&codehash) {
            return Ok(()); // Return early if the code hash has already been observed.
        }

        let ctx = self.registers.context;
        let returndata_size_addr = MemoryAddress::new(
            ctx,
            Segment::ContextMetadata,
            ContextMetadata::ReturndataSize as usize,
        );
        let returndata_size = u256_to_usize(self.memory.get(returndata_size_addr))?;
        let code = self.memory.contexts[ctx].segments[Segment::Returndata as usize].content
            [..returndata_size]
            .iter()
            .map(|x| x.low_u32() as u8)
            .collect::<Vec<_>>();
        debug_assert_eq!(keccak(&code), codehash);

        self.inputs.contract_code.insert(codehash, code);

        Ok(())
    }

    pub fn checkpoint(&self) -> GenerationStateCheckpoint {
        GenerationStateCheckpoint {
            registers: self.registers,
            traces: self.traces.checkpoint(),
        }
    }

    pub fn rollback(&mut self, checkpoint: GenerationStateCheckpoint) {
        self.registers = checkpoint.registers;
        self.traces.rollback(checkpoint.traces);
    }

    pub(crate) fn stack(&self) -> Vec<U256> {
        const MAX_TO_SHOW: usize = 10;
        (0..self.registers.stack_len.min(MAX_TO_SHOW))
            .map(|i| stack_peek(self, i).unwrap())
            .collect()
    }
}
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`use std::collections::HashMap;`

Contract creation fixes 2023-03-20 21:40:58 -07:00			`use ethereum_types::{Address, BigEndianHash, H160, H256, U256};`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`use keccak_hash::keccak;`
Begin work on witness generation and kernel bootstrapping 2022-06-15 09:33:52 -07:00			`use plonky2::field::types::Field;`

Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`use crate::cpu::kernel::aggregator::KERNEL;`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`use crate::cpu::kernel::constants::context_metadata::ContextMetadata;`
More MPT logic 2022-09-22 20:09:48 -07:00			`use crate::generation::mpt::all_mpt_prover_inputs_reversed;`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`use crate::generation::rlp::all_rlp_prover_inputs_reversed;`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`use crate::generation::GenerationInputs;`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`use crate::memory::segments::Segment;`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`use crate::util::u256_to_usize;`
			`use crate::witness::errors::ProgramError;`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`use crate::witness::memory::{MemoryAddress, MemoryState};`
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`use crate::witness::state::RegistersState;`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`use crate::witness::traces::{TraceCheckpoint, Traces};`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`use crate::witness::util::stack_peek;`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00
			`pub(crate) struct GenerationStateCheckpoint {`
			`pub(crate) registers: RegistersState,`
			`pub(crate) traces: TraceCheckpoint,`
			`}`
Begin work on witness generation and kernel bootstrapping 2022-06-15 09:33:52 -07:00
			`#[derive(Debug)]`
			`pub(crate) struct GenerationState<F: Field> {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`pub(crate) inputs: GenerationInputs,`
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`pub(crate) registers: RegistersState,`
Store memory values as `U256`s Ultimately they're encoded as `[F; 8]`s in the table, but I don't anticipate that we'll have any use cases where we want to store more than 256 bits. Might as well store `U256` until we actually build the table since they're more compact. 2022-07-16 09:14:51 -07:00			`pub(crate) memory: MemoryState,`
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`pub(crate) traces: Traces<F>,`
Begin work on witness generation and kernel bootstrapping 2022-06-15 09:33:52 -07:00
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`pub(crate) next_txn_index: usize,`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
			`/// Prover inputs containing MPT data, in reverse order so that the next input can be obtained`
			/// via `pop()`.
			`pub(crate) mpt_prover_inputs: Vec<U256>,`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00
			`/// Prover inputs containing RLP data, in reverse order so that the next input can be obtained`
			/// via `pop()`.
			`pub(crate) rlp_prover_inputs: Vec<U256>,`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00
			`/// The state trie only stores state keys, which are hashes of addresses, but sometimes it is`
			`/// useful to see the actual addresses for debugging. Here we store the mapping for all known`
			`/// addresses.`
			`pub(crate) state_key_to_address: HashMap<H256, Address>,`
fmt 2023-03-16 15:10:49 -07:00
fixes, testing, and in-progress debugging 2023-03-21 16:03:54 -07:00			`/// Prover inputs containing the result of a MODMUL operation, in little-endian order (so that`
			/// inputs are obtained in big-endian order via `pop()`). Contains both the remainder and the
			`/// quotient, in that order.`
			`pub(crate) bignum_modmul_result_limbs: Vec<U256>,`
Begin work on witness generation and kernel bootstrapping 2022-06-15 09:33:52 -07:00			`}`

			`impl<F: Field> GenerationState<F> {`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`pub(crate) fn new(inputs: GenerationInputs, kernel_code: &[u8]) -> Result<Self, ProgramError> {`
Misc EVM fixes 2023-02-25 07:59:51 -08:00			`log::debug!("Input signed_txns: {:?}", &inputs.signed_txns);`
			`log::debug!("Input state_trie: {:?}", &inputs.tries.state_trie);`
			`log::debug!(`
			`"Input transactions_trie: {:?}",`
			`&inputs.tries.transactions_trie`
			`);`
			`log::debug!("Input receipts_trie: {:?}", &inputs.tries.receipts_trie);`
			`log::debug!("Input storage_tries: {:?}", &inputs.tries.storage_tries);`
			`log::debug!("Input contract_code: {:?}", &inputs.contract_code);`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`let mpt_prover_inputs = all_mpt_prover_inputs_reversed(&inputs.tries)?;`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`let rlp_prover_inputs = all_rlp_prover_inputs_reversed(&inputs.signed_txns);`
fixes, testing, and in-progress debugging 2023-03-21 16:03:54 -07:00			`let bignum_modmul_result_limbs = Vec::new();`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`Ok(Self {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`inputs,`
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`registers: Default::default(),`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`memory: MemoryState::new(kernel_code),`
Misc work on witness generation 2022-11-30 12:55:41 -08:00			`traces: Traces::default(),`
			`next_txn_index: 0,`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`mpt_prover_inputs,`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`rlp_prover_inputs,`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`state_key_to_address: HashMap::new(),`
fixes, testing, and in-progress debugging 2023-03-21 16:03:54 -07:00			`bignum_modmul_result_limbs,`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`})`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`}`

Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			/// Updates `program_counter`, and potentially adds some extra handling if we're jumping to a
			`/// special location.`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`pub fn jump_to(&mut self, dst: usize) -> Result<(), ProgramError> {`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`self.registers.program_counter = dst;`
			`if dst == KERNEL.global_labels["observe_new_address"] {`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`let tip_u256 = stack_peek(self, 0)?;`
Contract creation fixes 2023-03-20 21:40:58 -07:00			`let tip_h256 = H256::from_uint(&tip_u256);`
			`let tip_h160 = H160::from(tip_h256);`
			`self.observe_address(tip_h160);`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`} else if dst == KERNEL.global_labels["observe_new_contract"] {`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`let tip_u256 = stack_peek(self, 0)?;`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`let tip_h256 = H256::from_uint(&tip_u256);`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`self.observe_contract(tip_h256)?;`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`}`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00
			`Ok(())`
Add a `prove_with_outputs` method Which returns information about the post-state after execution. This is useful for debugging purposes. 2023-03-16 13:32:34 -07:00			`}`

			`/// Observe the given address, so that we will be able to recognize the associated state key.`
			`/// This is just for debugging purposes.`
			`pub fn observe_address(&mut self, address: Address) {`
			`let state_key = keccak(address.0);`
			`self.state_key_to_address.insert(state_key, address);`
			`}`

New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`/// Observe the given code hash and store the associated code.`
			/// When called, the code corresponding to `codehash` should be stored in the return data.
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`pub fn observe_contract(&mut self, codehash: H256) -> Result<(), ProgramError> {`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`if self.inputs.contract_code.contains_key(&codehash) {`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`return Ok(()); // Return early if the code hash has already been observed.`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`}`

			`let ctx = self.registers.context;`
			`let returndata_size_addr = MemoryAddress::new(`
			`ctx,`
			`Segment::ContextMetadata,`
			`ContextMetadata::ReturndataSize as usize,`
			`);`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00			`let returndata_size = u256_to_usize(self.memory.get(returndata_size_addr))?;`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`let code = self.memory.contexts[ctx].segments[Segment::Returndata as usize].content`
			`[..returndata_size]`
			`.iter()`
Remove risks of panic 2023-09-12 19:23:16 -04:00			`.map(\|x\| x.low_u32() as u8)`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`.collect::<Vec<_>>();`
			`debug_assert_eq!(keccak(&code), codehash);`

			`self.inputs.contract_code.insert(codehash, code);`
Handle additional panics (#1250) * Remove some panic risks * Remove more panics * Handle jump with empty stack * Handle last expect * More panics * Handle from_big_endian * Handle from_little_endian * Remove remaining risky as_usize() * Remove explicit panic * Clippy * Handle unwrap * Make error messages more explicit * Simplify u256 to usize conversion 2023-09-26 11:13:57 -04:00
			`Ok(())`
New contract hook (#1002) * New contract hook * Minor * PR feedback 2023-04-24 09:07:00 +02:00			`}`

Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`pub fn checkpoint(&self) -> GenerationStateCheckpoint {`
			`GenerationStateCheckpoint {`
			`registers: self.registers,`
			`traces: self.traces.checkpoint(),`
			`}`
			`}`

			`pub fn rollback(&mut self, checkpoint: GenerationStateCheckpoint) {`
			`self.registers = checkpoint.registers;`
			`self.traces.rollback(checkpoint.traces);`
			`}`
Log stack on panic 2023-03-15 11:23:29 -07:00
			`pub(crate) fn stack(&self) -> Vec<U256> {`
Fix reads from not-found ext nodes 2023-03-19 14:13:42 -07:00			`const MAX_TO_SHOW: usize = 10;`
			`(0..self.registers.stack_len.min(MAX_TO_SHOW))`
Log stack on panic 2023-03-15 11:23:29 -07:00			`.map(\|i\| stack_peek(self, i).unwrap())`
			`.collect()`
			`}`
Begin work on witness generation and kernel bootstrapping 2022-06-15 09:33:52 -07:00			`}`