Open chfast opened 1 month ago
evm1: invalid_container_section_index
revm: 1
code: ef0001010004020001000504ff0300008000023a60cbee1800
ef0001 010004 0200010005 040000 00 00800002 3a60cbee18
ef0001010004020001000504000000008000023a60cbee18
Fixed by https://github.com/bluealloy/revm/pull/1648. Covered by https://github.com/ethereum/execution-spec-tests/blob/main/tests/prague/eip7692_eof_v1/eip7620_eof_create/test_returncontract.py#L35.
evm1: invalid_non_returning_flag
revm: 1
code: ef000101000c020003000400010003041d0000008000000080000000000000e300020000e50001
evm1: invalid_non_returning_flag
revm: 1
code: ef000101000c02000300110001000104000000008000000000000000000000e30001e30002e30001e30002e300025bfefee4
size: 50
The "invalid_non_returning_flag" means a code section is declared "non-returning" but there is the RETF
(or JUMPF
) instruction.
Fixed in revm.
Tests: https://github.com/ethereum/execution-spec-tests/pull/794.
evm1: success
revm: 0
code: ef00010100040200010001040000000080000000
This is actually the smallest EOF container. It looks revm is confused about the non-returning flag again. Fixed by https://github.com/chfast/fuzzers/pull/1.
evm1: unreachable_code_sections
revm: 1
code: ef000101000c02000300030001000304000000008000000080000000800000e50001fee50002
size: 38
0x # EOF
ef0001 # Magic and Version ( 1 )
01000c # Types length ( 12 )
020003 # Total code sections ( 3 )
0003 # Code section 0 , 3 bytes
0001 # Code section 1 , 1 bytes
0003 # Code section 2 , 3 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0000 # max stack: 0
# Code section 1 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0000 # max stack: 0
# Code section 2 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0000 # max stack: 0
# Code section 0 - in=0 out=non-returning height=0
e50001 # [0] JUMPF(0x0001 <truncated immediate>)
# Code section 1 - in=0 out=non-returning height=0
fe # [0] INVALID
# Code section 2 - in=0 out=non-returning height=0
e50002 # [0] JUMPF(0x0002 <truncated immediate>)
# Data section (empty)
EOF code is invalid - EOF Code Invalid : Unreachable code section 2
evm1: incompatible_container_kind
revm: 1
besu: 1
code: ef00010100040200010004030001001404000000008000025f5fee00ef000101000402000100010400000000800000fe
size: 48
revm: Fixed in the fuzzer by forcing "runtime" validation mode in revm. besu: FIXME
./evmtool pretty-print -f ef00010100040200010004030001001404000000008000025f5fee00ef000101000402000100010400000000800000fe
0x # EOF
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
0004 # Code section 0 , 4 bytes
030001 # Total subcontainers ( 1 )
0014 # Sub container 0, 20 byte
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0002 # max stack: 2
# Code section 0 - in=0 out=non-returning height=2
5f # [0] PUSH0
5f # [1] PUSH0
ee00 # [2] RETURNCONTRACT(0)
# Subcontainer 0 starts here
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
0001 # Code section 0 , 1 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0000 # max stack: 0
# Code section 0 - in=0 out=non-returning height=0
fe # [0] INVALID
# Data section (empty)
# Subcontainer 0 ends
# Data section (empty)
TEST_F(eof_validation, fuzzing_invalid_container_type)
{
// This case is top-level container using RETURNCONTRACT.
// This is not valid "runtime" EOF.
const auto code =
eof_bytecode(returncontract(0, OP_PUSH0, OP_PUSH0), 2).container(eof_bytecode(OP_INVALID));
EXPECT_EQ(code,
"ef00010100040200010004030001001404000000008000025f5fee00"
"ef000101000402000100010400000000800000fe");
add_test_case(code, EOFValidationError::incompatible_container_kind);
}
evm1: success
revm: 0
code: ef00010100100200040008000a00040007040000000080000200000001008000000000000260006000e3000100600035e10001e4e50002e3000300612015600155e4
size: 66
Fixed by forcing "runtime" mode in https://github.com/chfast/fuzzers/pull/1.
evm1: success
revm: 0
code: ef00010100100200040008000a00040002040000000080000200000001008000000000000060006028e3000100610034e10001e4e50002e30003005be4
size: 61
Fixed by forcing "runtime" mode in https://github.com/chfast/fuzzers/pull/1.
evm1: invalid_non_returning_flag
revm: 1
code: ef000101000c02000300040003000104000000008000000000000000000000e3000100e5000200
size: 39
Tests: https://github.com/ethereum/execution-spec-tests/pull/794
All above seems fixed.
Latest tested revm: #b30dff48
.
Besu stack overflow.
git: e57c811e472b7f9fc4d229ac5c9fd30983c9de52
crash.txt
evm1: invalid_max_stack_height
besu: 1
besu git: e57c811e472b7f9fc4d229ac5c9fd30983c9de52
code: ef0001010004020001001004002f0000800004444444440444e10003e10000444419001f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f1f
size: 82
evm1: invalid_max_stack_height
besu: 1
code: ef000101000402000100240400000000800009444444444444e100064244e1000944e100071044e10006444444e10006444401104452fd
size: 55
evm1: invalid_max_stack_height
besu: 1
code: ef0001 010004 0200010018 040000 00 00800004 444444e2000004e2000000444444e200000444e500004400
size: 43
evm1: invalid_max_stack_height
besu: 1
code: ef000101000402000113fc040000000080033f5fe113f75f5fe113f25f5fe113ed5f5fe113e85f5fe113e35f5fe113de5f5fe113d95f5fe113d45f5fe113cf5f5fe113ca5f5fe113c55f5fe113c05f5fe113bb5f5fe113b65f5fe113b15f5fe113ac5f5fe113a75f5fe113a25f5fe1139d5f5fe113985f5fe113935f5fe1138e5f5fe113895f5fe113845f5fe1137f5f5fe1137a5f5fe113755f5fe113705f5fe1136b5f5fe113665f5fe113615f5fe1135c5f5fe113575f5fe113525f5fe1134d5f5fe113485f5fe113435f5fe1133e5f5fe113395f5fe113345f5fe1132f5f5fe1132a5f5fe113255f5fe113205f5fe1131b5f5fe113165f5fe113115f5fe1130c5f5fe113075f5fe113025f5fe112fd5f5fe112f85f5fe112f35f5fe112ee5f5fe112e95f5fe112e45f5fe112df5f5fe112da5f5fe112d55f5fe112d05f5fe112cb5f5fe112c65f5fe112c15f5fe112bc5f5fe112b75f5fe112b25f5fe112ad5f5fe112a85f5fe112a35f5fe1129e5f5fe112995f5fe112945f5fe1128f5f5fe1128a5f5fe112855f5fe112805f5fe1127b5f5fe112765f5fe112715f5fe1126c5f5fe112675f5fe112625f5fe1125d5f5fe112585f5fe112535f5fe1124e5f5fe112495f5fe112445f5fe1123f5f5fe1123a5f5fe112355f5fe112305f5fe1122b5f5fe112265f5fe112215f5fe1121c5f5fe112175f5fe112125f5fe1120d5f5fe112085f5fe112035f5fe111fe5f5fe111f95f5fe111f45f5fe111ef5f5fe111ea5f5fe111e55f5fe111e05f5fe111db5f5de111d65f5fe111d15f5fe111cc5f5fe111c75f5fe111c25f5fe111bd5f5fe111b85f5fe111b35f5fe111ae5f5fe111a95f5fe111a45f5fe1119f5f5fe1119a5f5fe111955f5fe111905f5fe1118b5f5fe111865f5fe111815f5fe1117c5f5fe111775f5fe111725f5fe1116d5f5fe111685f5fe111635f5fe1115e5f5fe111595f5fe111545f5fe1114f5f5fe1114a5f5fe111455f5fe111405f5fe1113b5f5fe111365f5fe111315f5fe1112c5f5fe111275f5fe111225f5fe1111d5f5fe111185f5fe111135f5fe1110e5f5fe111095f5fe111045f5fe110ff5f5fe110fa5f5fe110f55f5fe110f05f5fe110eb5f5fe110e65f5fe110e15f5fe110dc5f5fe110d75f5fe110d25f5fe110cd5f5fe110c85f5fe110c35f5fe110be5f5fe110b95f5fe110b45f5fe110af5f5fe110aa5f5fe110a55f5fe110a05f5fe1109b5f5fe110965f5fe110915f5fe1108c5f5fe110875f5fe110825f5fe1107d5f5fe110785f5fe110735f5fe1106e5f5fe110695f5fe110645f5fe1105f5f5fe1105a5f5fe110555f5fe110505f5fe1104b5f5fe110465f5fe110415f5fe1103c5f5fe110375f5fe110325f5fe1102d5f5fe110285f5fe110235f5fe1101e5f5fe110195f5fe110145f5fe1100f5f5fe1100a5f5fe110055f5fe110005f5fe10ffb5f5fe10ff65f5fe10ff15f5fe10fec5f5fe10fe75f5fe10fe25f5fe10fdd5f5fe10fd85f5fe10fd35f5fe10fce5f5fe10fc95f5fe10fc45f5fe10fbf5f5fe10fba5f5fe10fb55f5fe10fb05f5fe10fab5f5fe10fa65f5fe10fa15f5fe10f9c5f5fe10f975f5fe10f925f5fe10f8d5f5fe10f885f5fe10f835f5fe10f7e5f5fe10f795f5fe10f745f5fe10f6f5f5fe10f6a5f5fe10f655f5fe10f605f5fe10f5b5f5fe10f565f5fe10f515f5fe10f4c5f5fe10f475f5fe10f425f5fe10f3d5f5fe10f385f5fe10f335f5fe10f2e5f5fe10f295f5fe10f245f5fe10f1f5f5fe10f1a5f5fe10f155f5fe10f105f5fe10f0b5f5fe10f065f5fe10f015f5fe10efc5f5fe10ef75f5fe10ef25f5fe10eed5f5fe10ee85f5fe10ee35f5fe10ede5f5fe10ed95f5fe10ed45f5fe10ecf5f5fe10eca5f5fe10ec55f5fe10ec05f5fe10ebb5f5fe10eb65f5fe10eb15f5fe10eac5f5fe10ea75f5fe10ea25f5fe10e9d5f5fe10e985f5fe10e935f5fe10e8e5f5fe10e895f5fe10e845f5fe10e7f5f5fe10e7a5f5fe10e755f5fe10e705f5fe10e6b5f5fe10e665f5fe10e615f5fe10e5c5f5fe10e575f5fe10e525f5fe10e4d5f5fe10e485f5fe10e435f5fe10e3e5f5fe10e395f5fe10e345f5fe10e2f5f5fe10e2a5f5fe10e255f5fe10e205f5fe10e1b5f5fe10e165f5fe10e115f5fe10e0c5f5fe10e075f5fe10e025f5fe10dfd5f5fe10df85f5fe10df35f5fe10dee5f5fe10de95f5fe10de45f5fe10ddf5f5fe10dda5f5fe10dd55f5fe10dd05f5fe10dcb5f5fe10dc65f5fe10dc15f5fe10dbc5f5fe10db75f5fe10db25f5fe10dad5f5fe10da85f5fe10da35f5fe10d9e5f5fe10d995f5fe10d945f5fe10d8f5f5fe10d8a5f5fe10d855f5fe10d805f5fe10d7b5f5fe10d765f5fe10d715f5fe10d6c5f5fe10d675f5fe10d625f5fe10d5d5f5fe10d585f5fe10d535f5fe10d4e5f5fe10d495f5fe10d445f5fe10d3f5f5fe10d3a5f5fe10d355f5fe10d305f5fe10d2b5f5fe10d265f5fe10d215f5fe10d1c5f5fe10d175f5fe10d125f5fe10d0d5f5fe10d085f5fe10d035f5fe10cfe5f5fe10cf95f5fe10cf45f5fe10cef5f5fe10cea5f5fe10ce55f5fe10ce05f5fe10cdb5f5fe10cd65f5fe10cd15f5fe10ccc5f5fe10cc75f5fe10cc25f5fe10cbd5f5fe10cb85f5fe10cb35f5fe10cae5f5fe10ca95f5fe10ca45f5fe10c9f5f5fe10c9a5f5fe10c955f5fe10c905f5fe10c8b5f5fe10c865f5fe10c815f5fe10c7c5f5fe10c775f5fe10c725f5fe10c6d5f5fe10c685f5fe10c635f5fe10c5e5f5fe10c595f5fe10c545f5fe10c4f5f5fe10c4a5f5fe10c455f5fe10c405f5fe10c3b5f5fe10c365f5fe10c315f5fe10c2c5f5fe10c275f5fe10c225f5fe10c1d5f5fe10c185f5fe10c135f5fe10c0e5f5fe10c095f5fe10c045f5fe10bff5f5fe10bfa5f5fe10bf55f5fe10bf05f5fe10beb5f5fe10be65f5fe10be15f5fe10bdc5f5fe10bd75f5fe10bd25f5fe10bcd5f5fe10bc85f5fe10bc35f5fe10bbe5f5fe10bb95f5fe10bb45f5fe10baf5f5fe10baa5f5fe10ba55f5fe10ba05f5fe10b9b5f5fe10b965f5fe10b915f5fe10b8c5f5fe10b875f5fe10b825f5fe10b7d5f5fe10b785f5fe10b735f5fe10b6e5f5fe10b695f5fe10b645f5fe10b5f5f5fe10b5a5f5fe10b555f5fe10b505f5fe10b4b5f5fe10b465f5fe10b415f5fe10b3c5f5fe10b375f5fe10b325f5fe10b2d5f5fe10b285f5fe10b235f5fe10b1e5f5fe10b195f5fe10b145f5fe10b0f5f5fe10b0a5f5fe10b055f5fe10b005f5fe10afb5f5fe10af65f5fe10af15f5fe10aec5f5fe10ae75f5fe10ae25f5fe10add5f5fe10ad85f5fe10ad35f5fe10ace5f5fe10ac95f5fe10ac45f5fe10abf5f5fe10aba5f5fe10ab55f5fe10ab05f5fe10aab5f5fe10aa65f5fe10aa15f5fe10a9c5f5fe10a975f5fe10a925f5fe10a8d5f5fe10a885f5fe10a835f5fe10a7e5f5fe10a795f5fe10a745f5fe10a6f5f5fe10a6a5f5fe10a655f5fe10a605f5fe10a5b5f5fe10a565f5fe10a515f5fe10a4c5f5fe10a475f5fe10a425f5fe10a3d5f5fe10a385f5fe10a335f5fe10a2e5f5fe10a295f5fe10a245f5fe10a1f5f5fe10a1a5f5fe10a155f5fe10a105f5fe10a0b5f5fe10a065f5fe10a015f5fe109fc5f5de109f75f5fe109f25f5fe109ed5f5fe109e85f5fe109e35f5fe109de5f5fe109d95f5fe109d45f5fe109cf5f5fe109ca5f5fe109c55f5fe109c05f5fe109bb5f5fe109b65f5fe109b15f5fe109ac5f5fe109a75f5fe109a25f5fe1099d5f5fe109985f5fe109935f5fe1098e5f5fe109895f5fe109845f5fe1097f5f5fe1097a5f5fe109755f5fe109705f5fe1096b5f5fe109665f5fe109615f5fe1095c5f5fe109575f5fe109525f5fe1094d5f5fe109485f5fe109435f5fe1093e5f5fe109395f5fe109345f5fe1092f5f5fe1092a5f5fe109255f5fe109205f5fe1091b5f5fe109165f5fe109115f5fe1090c5f5fe109075f5fe109025f5fe108fd5f5fe108f85f5fe108f35f5fe108ee5f5fe108e95f5fe108e45f5fe108df5f5fe108da5f5fe108d55f5fe108d05f5fe108cb5f5fe108c65f5fe108c15f5fe108bc5f5fe108b75f5fe108b25f5fe108ad5f5fe108a85f5fe108a35f5fe1089e5f5fe108995f5fe108945f5fe1050b5f5fe105065f5fe105015f5fe104fc5f5fe104f75f5fe104f25f5fe104ed5f5fe104e85f5fe104e35f5fe104de5f5fe104d95f5fe104d45f5fe104cf5f5fe104ca5f5fe104c55f5fe104c05f5fe104bb5f5fe104b65f5fe104b15f5fe104ac5f5fe104a75f5fe104a25f5fe1049d5f5fe104985f5fe104935f5fe1048e5f5fe104895f5fe104845f5fe1047f5f5fe1047a5f5fe104755f5fe104705f5fe1046b5f5fe104665f5fe104615f5fe1045c5f5fe104575f5fe104525f5fe1044d5f5fe104485f5fe104435f5fe1043e5f5fe104345f5fe104345f5fe1042f5f5fe1042a5f5fe104255f5fe104205f5fe1041b5f5fe104165f5fe104115f5fe1040c5f5fe104075f5fe104025f5fe103fd5f5fe103f85f5fe103f35f5fe103ee5f5fe103e95f5fe103e45f5fe103df5f5fe103da5f5fe103d55f5fe103d05f5fe103cb5f5fe103c65f5fe103c15f5fe103bc5f5fe103b75f5fe103b25f5fe103ad5f5fe103a85f5fe103a35f5fe1039e5f5fe103995f5fe103945f5fe1038f5f5fe1038a5f5fe103855f5fe107045f5fe106ff5f5fe106fa5f5fe106f55f5fe106f05f5fe106eb5f5fe106e65f5fe106e15f5fe106dc5f5fe106d75f5fe106d25f5fe106cd5f5fe106c85f5fe106c35f5fe106be5f5fe106b95f5fe106b45f5fe106af5f5fe106aa5f5fe106a55f5fe106a05f5fe1069b5f5fe106965f5fe106915f5fe1068c5f5fe106875f5fe106825f5fe1067d5f5fe106785f5fe106735f5fe1066e5f5fe106695f5fe106645f5fe1065f5f5fe1065a5f5fe106555f5fe106505f5fe1064b5f5fe106465f5fe106415f5fe1063c5f5fe106375f5fe106325f5fe1062d5f5fe106285f5fe106235f5fe1061e5f5fe106195f5fe106145f5fe1060f5f5fe1060a5f5fe106055f5fe106005f5fe105fb5f5fe105f65f5fe105f15f5fe105ec5f5fe105e75f5fe105e25f5fe105dd5f5fe105d85f5fe105d35f5fe105ce5f5fe105c95f5fe105c45f5fe105bf5f5fe105ba5f5fe105b55f5fe105b05f5fe105ab5f5fe105a65f5fe105a15f5fe1059c5f5fe105975f5fe105925f5fe1058d5f5fe105885f5fe105835f5fe1057e5f5fe105795f5fe105745f5fe1056f5f5fe1056a5f5fe105655f5fe105605f5fe1055b5f5fe105565f5fe105515f5fe1054c5f5fe105475f5fe105425f5fe1053d5f5fe105385f5fe105335f5fe1052e5f5fe105295f5fe105245f5fe1051f5f5fe1051a5f5fe105155f5fe105105f5fe1050b5f5fe105065f5fe105015f5fe104fc5f5fe104f75f5fe104f25f5fe104ed5f5fe104e85f5fe104e35f5fe104de5f5fe104d95f5fe104d45f5fe104cf5f5fe104ca5f5fe104c55f5fe104c05f5fe104bb5f5fe104b65f5fe104b15f5fe104ac5f5fe104a75f5fe104a25f5fe1049d5f5fe104985f5fe104935f5fe1048e5f5fe104895f5fe104845f5fe1047f5f5fe1047a5f5fe104755f5fe104705f5fe1046b5f5fe104665f5fe104615f5fe1045c5f5fe104575f5fe104525f5fe1044d5f5fe104485f5fe104435f5fe1043e5f5fe104345f5fe104345f5fe1042f5f5fe1042a5f5fe101dba0a0e104205f5fe1041b5f5fe104165f5fe104115f5fe1040c5f5fe104075f5fe104025f5fe103fd5f5fe103f85f5fe103f35f5fe103ee5f5fe103e95f5fe103e45f5fe103df5f5fe103da5f5fe103d55f5fe103d05f5fe103cb5f5fe103c65f5fe103c15f5fe103bc5f5fe103b75f5fe103b25f5fe103ad5f5fe103a85f5fe103a35f5fe1039e5f5fe103995f5fe103945f5fe1038f5f5fe1038a5f5fe10000000be103805f5fe1037b5f5fe103765f5fe103715f5fe1036c5f5fe103675f5fe103625f5fe1035d5f5fe103585f5fe103535f5fe1034e5f5fe103495f5fe103445f5fe1033f5f5fe1033a5f5fe103355f5fe103305f5fe1032b5f5fe103265f5fe103215f5fe1031c5f5fe103175f5fe103125f5fe1030d5f5fe103085f5fe103035f5fe102fe5f5fe102f95f5fe102f45f5fe102ef5f5fe102ea5f5fe102e55f5fe102e05f5fe102db5f5fe102d65f5fe102d15f5fe102cc5f5fe102c75f5fe102c25f5fe102bd5f5fe102b85f5fe102b35f5fe102ae5f5fe102a95f5fe102a45f5fe1029f5f5fe1029a5f5fe102955f5fe102905f5fe1028b5f5fe102865f5fe102815f5fe1027c5f5fe1025f775fe102725f5fe1026d5f5fe102685f5fe102635f5fe1025e5f5fe102595f5fe102545f5fe1024f5f5fe1024a5f5fe102455f5fe102405f5fe1023b5f5fe102365f5fe102315f5fe1022c5f5fe102275f5fe102225f5fe1021d5f5fe102185f5fe102135f5fe1020e5f5fe102095f5fe102045f5fe101ff5f5fe101fa5f5fe101f55f5fe101f05f5fe101eb5f5fe101e65f5fe101e15f5fe101dc5f5fe101d75f5fe101d25f5fe101cd5f5fe101c85f5fe101c35f5fe101be5f5fe101b95f5fe101b45f5fe101af5f5fe101aa5f5fe101a55f5fe101a05f5fe1019b5f5fe101965f5fe101915f5fe1018c5f5fe101875f5fe101825f5fe1017d5f5fe101785f5fe101735f5fe1016e5f5fe101695f5fe101645f5fe1015f5f5fe1015a5f5fe101555f5fe101505f5fe1014b5f5fe101465f5fe101415f5fe1013c5f5fe101375f5fe101325f5fe1012d5f5fe101285f5fe101235f5fe1011e5f5fe101195f5fe101145f5fe1010f5f5fe1010a5f5fe101055f5fe101005f5fe100fb5f5fe100f65f5fe100f15f5fe100ec5f5fe100e75f5fe100e25f5fe100dd5f5fe100d85f5fe100d35f5fe100ce5f5fe100c95f5fe100c45f5fe100bf5f5fe100ba5f5fe100b55f5fe100b05f5fe100ab5f5fe100a65f5fe100a15f5fe1009c5f5fe100975f5fe100925f5fe1008d5f5fe100885f5fe100835f5fe1007e5f5fe100795f5fe100745f5fe1006f5f5fe1006a5f5fe100655f5fe100605f5fe1005b5f5fe100565f5fe100515f5fe1004c5f5fe100475f5fe100425f5fe1003d5f5fe100385f5fe100335f5fe1002e5f5fe100295f5fe100245f5fe1001f5f5fe1001a5f5fe100155f5fe100105f5fe1000b5f5fe100065f5fe100015f00
size: 5135
The reduced test case is:
./evmtool pretty-print ef0001010004020001000b04000000008000025f5fe10003e100005f5ffe
0x # EOF
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
000b # Code section 0 , 11 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0002 # max stack: 2
# Code section 0 - in=0 out=non-returning height=2
5f # [0] PUSH0
5f # [1] PUSH0
e10003 # [2] RJUMPI(3)
e10000 # [5] RJUMPI(0)
5f # [8] PUSH0
5f # [9] PUSH0
fe # [10] INVALID
# Data section (empty)
At the INVALID
the correct stack height is [2-3]
however besu probably computes it as 2
and therefore for besu the max stack height of 2 is correct. Similarly as the below, the confusion is related to double RJUMPI
s.
evmone's repro:
TEST_F(eof_validation, fuzzing2)
{
const auto code = eof_bytecode(
OP_PUSH0 + rjumpi(3, OP_PUSH0) + OP_RJUMPI + "0000" + OP_PUSH0 + OP_PUSH0 + OP_INVALID, 2);
EXPECT_EQ(code, "ef0001010004020001000b04000000008000025f5fe10003e100005f5ffe");
add_test_case(code, EOFValidationError::invalid_max_stack_height);
}
evm1: stack_underflow
besu: 1
besu git: e57c811e472b7f9fc4d229ac5c9fd30983c9de52
code: ef00010100040200010016040000000080000544e200000444e100084444444444e100000444e50000
size: 41
The reduced test case is:
./evmtool pretty-print ef0001010004020001000b04000000008000035f5fe100055f5fe10000f3
0x # EOF
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
000b # Code section 0 , 11 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0003 # max stack: 3
# Code section 0 - in=0 out=non-returning height=3
5f # [0] PUSH0
5f # [1] PUSH0
e10005 # [2] RJUMPI(5)
5f # [5] PUSH0
5f # [6] PUSH0
e10000 # [7] RJUMPI(0)
f3 # [10] RETURN
# Data section (empty)
At the RETURN
the stack height is [1-2]
what should give the stack underflow error. However, besu thinks this is ok. The confusion comes probably from the second RJUMPI
targeting the same RETURN
. If the test is reduced to single RJUMPI
besu computes correct result.
evmone's repro:
TEST_F(eof_validation, fuzzing)
{
const auto code = eof_bytecode(
OP_PUSH0 + rjumpi(5, OP_PUSH0) + OP_PUSH0 + rjumpi(0, OP_PUSH0) + OP_RETURN, 3);
EXPECT_EQ(code, "ef0001010004020001000b04000000008000035f5fe100055f5fe10000f3");
add_test_case(code, EOFValidationError::stack_underflow);
}
evm1: success
besu: 0
besu git: e57c811e472b7f9fc4d229ac5c9fd30983c9de52
code: ef00010100040200010051040000000080000b424444e1fffc44e1fffc44e1fffc0244444480024444e1fffc4444e1fffc44e1fffc44e1fffc44e1fffc44e100054444e1fffc44e1fffc44e1fffc44e1fffc444480024444e1fffc44e1fffc44e1fffc00
size: 100
Reduced:
./evmtool pretty-print -f ef0001010004020001000b04000000008000025f5fe10003e10000e0fffd
0x # EOF
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
000b # Code section 0 , 11 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0002 # max stack: 2
# Code section 0 - in=0 out=non-returning height=2
5f # [0] PUSH0
5f # [1] PUSH0
e10003 # [2] RJUMPI(3)
e10000 # [5] RJUMPI(0)
e0fffd # [8] RJUMP(-3)
# Data section (empty)
EOF code is invalid - EOF Code Invalid : Stack maximum violation on backwards jump from 8 to 8, 1 != 0
evmone's repro:
TEST_F(eof_validation, fuzzing3)
{
const auto code =
eof_bytecode(OP_PUSH0 + rjumpi(3, OP_PUSH0) + OP_RJUMPI + "0000" + rjump(-3), 2);
EXPECT_EQ(code, "ef0001010004020001000b04000000008000025f5fe10003e10000e0fffd");
add_test_case(code, EOFValidationError::success);
}
fixed by https://github.com/ethereum/execution-spec-tests/pull/756/files#diff-de486eec197639146b2f760d2a8468589b30cea1268d1b3b1360b04bb74ecd1dR701
Can you add the version git commit being tested with each finding?
There were two non implemented checks, non-returning and container-kind (Initcode/Runtime) with container access checks. Commits related to Revm fixes
Added missing CALLF/JUMPF non-returning check. and Later commit is a fix on misunderstanding on spec. https://github.com/bluealloy/revm/pull/1663 and https://github.com/bluealloy/revm/pull/1664
This was a regression on e1236000
commit; code access must have a tracker. https://github.com/bluealloy/revm/pull/1659
Added missing Container kind check and container tracker (If it is used): https://github.com/bluealloy/revm/pull/1648
overflow panic https://github.com/bluealloy/revm/pull/1656
./evmtool pretty-print -f ef0001010004020001000b04000000008000024744e10003e10000e0fff5
0x # EOF
ef0001 # Magic and Version ( 1 )
010004 # Types length ( 4 )
020001 # Total code sections ( 1 )
000b # Code section 0 , 11 bytes
040000 # Data section length( 0 )
00 # Terminator (end of header)
# Code section 0 types
00 # 0 inputs
80 # 0 outputs (Non-returning function)
0002 # max stack: 2
# Code section 0 - in=0 out=non-returning height=2
47 # [0] SELFBALANCE
44 # [1] PREVRANDAO
e10003 # [2] RJUMPI(3)
e10000 # [5] RJUMPI(0)
e0fff5 # [8] RJUMP(-11)
# Data section (empty)
TEST_F(eof_validation, fuzzing4)
{
const auto code =
eof_bytecode(OP_PUSH0 + rjumpi(3, OP_PUSH0) + OP_RJUMPI + "0000" + rjump(-11), 2);
EXPECT_EQ(code, "ef0001010004020001000b04000000008000025f5fe10003e10000e0fff5");
add_test_case(code, EOFValidationError::stack_height_mismatch);
}
https://github.com/hyperledger/besu/pull/7419 appears to fix all the besu failures above -
Except for the stack exceptionsin https://github.com/ipsilon/eof/issues/146#issuecomment-2257859537, which is fixed by https://github.com/hyperledger/besu/pull/7396 which removes the recursive validation call
Geth RETF check (same as revm bug?)
besu: EOF Code Invalid : No RETF or qualifying JUMPF
geth: OK
evm1: err: invalid_non_returning_flag
code: ef00010100080200020005000d0400000000800002010200025fe3000100e1000760016005e000025f5f00
size: 43
This wasn't from the initial corpus, so it needs a unit test
covered by tests/prague/eip7692_eof_v1/eip4750_functions/test_code_validation.py::test_eof_validity[fork_CancunEIP7692-eof_test-callf_to_non_returning
in https://github.com/ethereum/execution-spec-tests/pull/756
Geth invalid jump destination (RJUMPV)
besu: OK
geth: err(18): invalid jump destination
evm1: OK 60c9e2c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe6800
code: ef00010100040200010199040000000080000160c9e2c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe6800
size: 428
covered by tests/prague/eip7692_eof_v1/eip4200_relative_jumps/test_rjumpv.py::test_rjumpv_large_backwards[fork_CancunEIP7692-eof_test-len_9] in https://github.com/ethereum/execution-spec-tests/pull/756
Geth invalid backwards jump
besu: OK
geth: err(0): invalid backward jump
evm1: OK 5f6400e100025f8080506000e200fff8e0fff5
code: ef0001010004020001001304000000008000045f6400e100025f8080506000e200fff8e0fff5
size: 38
I think this is a shorter version of the max negative test, which github won't let me paste.
Reduces to a backwards RJUMPI/RJUMPV onto a DUP
tests/prague/eip7692_eof_v1/eip4200_relative_jumps/test_rjumpv.py::test_rjumpv_backwards_onto_dup[fork_CancunEIP7692-eof_test]
and tests/prague/eip7692_eof_v1/eip4200_relative_jumps/test_rjumpi.py::test_rjumpi_backwards_onto_dup[fork_CancunEIP7692-eof_test]
in https://github.com/ethereum/execution-spec-tests/pull/756
@shemnon Can you post geth's commit SHA? this will be useful to reduce the test cases and write an EEST test to cover these
2e2bb7b6c198ccb1387c4ad2d9765d09463d6fa1 Off of an omnibus of fixes I'm getting ready for Marius when he's back from vacation - https://github.com/shemnon/go-ethereum/tree/eof/fuzzing-1
Geth stack check on LT - https://github.com/shemnon/go-ethereum/tree/eof/remove-txcreate@ 2e2bb7b6c198ccb1387c4ad2d9765d09463d6fa1
besu: EOF Code Invalid : Operation 0x10 requires stack of 2 but may only have 1 items
geth: OK
evm1: err: stack_underflow
code: ef0001010004020001001404000000008000025f6000e100086080e10007e000055fe000001000
size: 39
Covered by tests/prague/eip7692_eof_v1/eip4200_relative_jumps/test_rjumpi.py::test_tangled_rjumpi[fork_CancunEIP7692-eof_test]
in https://github.com/ethereum/execution-spec-tests/pull/756
revm - accepts initcode (commit b30dff48b32e2cc83e6ba2cb0c98ce0a4d384504
)
besu: Code is initcode, not runtime
geth: err(0): incompatible container kind
evm1: err: incompatible_container_kind
revm: OK
code: ef000101000402000100060300010014040000000080000260006000ee00ef000101000402000100010400000000800000fe
size: 50
@rakita is revme bytecode ef000101000402000100060300010014040000000080000260006000ee00ef000101000402000100010400000000800000fe
the best way to do fuzzing with revm? It doesn't handle large (valid) inputs at all. such as max code size tests.
How can I add EthereumJS to this fuzzing process? Should I provide an entrypoint?
Here's the interface besu, geth, and evm1 conform to:
For each input one line of output
A persistent process is needed because starting and stopping the CLI for each input will slow down fuzzing. Even for "lightweight" programs. Parsing should be so fast that such setup and tear down matters.
Ok, great, I will implement such interface and will report back :smile:
Do you have a code example of such interface, or a full description of this interface? Such that we can add EthereumJS in one-go without having to go back and forth a lot to fix any interface bugs :smile:
A loop I created for revm - https://github.com/bluealloy/revm/pull/1677
@shemnon could you check if this works? :smile: https://github.com/ethereumjs/ethereumjs-monorepo/pull/3553
ethjs from https://github.com/ethereumjs/ethereumjs-monorepo/pull/3553 @ 1973edfa633fffe893441fd740f1ea48f3c785e3
SWAPN stack checking
besu: EOF Code Invalid : Operation 0xE7 requires stack of 21 but may only have 20 items
revm: err validation: Stack requirement is above smallest stack items
etjs: OK
evm1: err: stack_underflow
code: ef0001010004020001002b040000000080001460016001600160016001600160016001600160016001600160016001600160016001600160016001e71300
size: 62
Added height 21 to tests/prague/eip7692_eof_v1/eip663_dupn_swapn_exchange/test_swapn.py::test_swapn_stack_underflow[fork_CancunEIP7692-eof_test-stack_height_*]
ethjs from https://github.com/ethereumjs/ethereumjs-monorepo/pull/3553 @ 1973edfa633fffe893441fd740f1ea48f3c785e3
besu: EOF Code Invalid : No RETF or qualifying JUMPF
revm: err validation: Non returning section is returning
etjs: OK
evm1: err: invalid_non_returning_flag
code: ef000101000802000200040007040001000080000000000000e3000100e00000e0000000ef
size: 37
Covered by tests/prague/eip7692_eof_v1/eip4750_functions/test_code_validation.py::test_eof_validity[fork_CancunEIP7692-eof_test-callf_to_non_returning
in https://github.com/ethereum/execution-spec-tests/pull/756
besu upgraded to 2ddfc2cbfb0ed9e5dd151c7e7df385d1aceafd18
and all reported issues are fixed.
Geth from https://github.com/MariusVanDerWijden/go-ethereum/commit/2ffab55c7f1263d2de9df615b4dfb7e9636d5349
geth: OK
this: err: EOF Code Invalid : jumpf_destination_incompatible_outputs target 2 with more outputs 3 than current section's outputs 0
evm1: err: jumpf_destination_incompatible_outputs
revm: err validation: JUMPF needs more outputs
code: ef000101000c020003080c0003000304000000008003ff00000000030300045f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5fe3000150505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505061201560015560006000f3e500025f50e4
size: 2097
Covered by unit tests in https://github.com/ethereum/execution-spec-tests/pull/789
Geth from https://github.com/MariusVanDerWijden/go-ethereum/commit/2ffab55c7f1263d2de9df615b4dfb7e9636d5349
geth: OK
this: err: EOF Code Invalid : stack_height_mismatch backwards RJUMPV from 18 to 10, min 4 != 3
evm1: err: stack_height_mismatch
revm: err validation: Backward jump has different smallest stack item
code: ef000101000402000100170400000000800005650000e100025f5f5f5f6000e10001506000e200fff400
size: 42
Covered by unit tests in https://github.com/ethereum/execution-spec-tests/pull/789 - also inspired RJUMPV variant
EOF validation fuzzing issues / missing test cases found by fuzzers.