Fix reimbursment. (#59)

Author: dvc94ch

.gitignore

@@ -1,24 +1,4 @@
-# Compiler files
 cache/
 out/
-
-# Ignores development broadcast logs
-!/broadcast
-/broadcast/*/31337/
-/broadcast/**/dry-run/
-
-# Docs
-docs/
-
-# Dotenv file
-.env
-
-# MacOS
-**/.DS_Store
-
-# built artifacts
-src/artifacts/
-
-
-# Soldeer
-/dependencies
+dependencies/
+gas.csv

foundry.toml

@@ -5,7 +5,7 @@ out = "out"
 libs = ["dependencies"]
 auto_detect_remappings = false
 # Permissions
-fs_permissions = [{ access = "read", path = "./lib/universal-factory/abi" }]
+fs_permissions = [{ access = "read-write", path = "gas.csv" }]
 
 ########
 # Lint #

plot_gas.py

@@ -0,0 +1,89 @@
+import csv
+import matplotlib.pyplot as plt
+
+
+def read_csv(path):
+    data = {}
+    with open(path, 'r') as f:
+        r = csv.reader(f)
+        r.__next__()
+        for row in r:
+            data[int(row[0])] = (int(row[1]), int(row[2]), int(row[3]))
+        data = dict(sorted(data.items()))
+    x, y0, y1, y2 = [], [], [], []
+    for (k, (v0, v1, v2)) in data.items():
+        x.append(k)
+        y0.append(v0)
+        y1.append(v1)
+        y2.append(v2)
+    return (x, y0, y1, y2)
+
+
+def lin(x, y):
+    slope = (y[-1] - y[0]) / (x[-1] - x[0])
+    offset = y[0] - slope * x[0]
+    return (offset, slope)
+
+
+def plot(c0, c1, max_x):
+    xp = [x in range(0, max_x, 100)]
+    yp = [c1 * x + c0 for x in xp]
+    plt.plot(xp, yp)
+
+
+msg_size, exec, reimb, base = read_csv('gas.csv')
+#print(msg_size, exec, reimb, base)
+c_exec = lin(msg_size, exec)
+c_reimb = lin(msg_size, reimb)
+c_base = lin(msg_size, base)
+print('measured functions')
+print('==================')
+print('exec(msg_size, gas_limit):', c_exec[0], '+', c_exec[1], '*', 'msg_size', '+', 'gas_limit')
+print('reimb(msg_size):', c_reimb[0], '+', c_reimb[1], '*', 'msg_size')
+print('base(msg_size):', c_base[0], '+', c_base[1], '*', 'msg_size')
+print()
+
+# cost per session
+cb = c_base[0] + c_reimb[0]
+# cost per session and message byte
+cm = c_base[1] + c_exec[1]
+# cost of execution
+cd = c_exec[0] - c_reimb[0]
+
+print('sessions size independent constants')
+print('===================================')
+print('session cost (cb)', cb)
+print('message byte cost (cm)', cm)
+print('execution cost (cd)', cd)
+print()
+
+def coefs(s):
+    c0 = int(s * cb + cd)
+    c1 = int(s * cm)
+    print('session_size', s, 'c0', c0, 'c1', c1)
+    return (s, c0, c1)
+
+# number of sessions for shard
+def sessions(n, t):
+    return n - t + 1
+
+print('session size dependent constants')
+print('================================')
+s1 = coefs(sessions(1, 1))
+s2 = coefs(sessions(3, 2))
+s3 = coefs(sessions(6, 4))
+print()
+
+def msg_gas(s, msg_size):
+    gas = s[2] * msg_size + s[1]
+    print('gas(s=%s, x=%s) = %s' % (s[0], msg_size, gas))
+
+print('gas for message size')
+print('====================')
+max_msg_size = 0x6000
+msg_gas(s1, 0)
+msg_gas(s1, max_msg_size)
+msg_gas(s2, 0)
+msg_gas(s2, max_msg_size)
+msg_gas(s3, 0)
+msg_gas(s3, max_msg_size)

src/GasUtils.sol

@@ -11,6 +11,10 @@ import {PrimitiveUtils} from "./Primitives.sol";
 library GasUtils {
     using PrimitiveUtils for uint256;
 
+    function calldataSize(uint16 messageSize) internal pure returns (uint256) {
+        return uint256(messageSize).align32() + 708; // selector + Signature + Batch
+    }
+
     /**
      * @dev Compute the amount of gas used by the `GatewayProxy`.
      * @param calldataLen The length of the calldata in bytes

src/Gateway.sol

@@ -68,6 +68,9 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
      */
     event ShardsUnregistered(TssKey[] keys);
 
+    // number of signing sessions per batch
+    mapping(uint64 => uint16) internal _signingSessions;
+
     // GMP message status
     mapping(bytes32 => GmpStatus) public messages;
 
@@ -247,7 +250,7 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     /**
      * @dev Dispatch a single GMP message.
      */
-    function _gmpCommand(bytes calldata params) private returns (bytes32 operationHash) {
+    function _gmpCommand(bytes calldata params, bool dry) private returns (bytes32 operationHash) {
         require(params.length >= 256, "invalid GmpMessage");
         GmpMessage calldata gmp;
         assembly {
@@ -266,6 +269,10 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
         GmpCallback memory callback = gmp.toCallback();
         operationHash = callback.opHash;
 
+        if (dry) {
+            return operationHash;
+        }
+
         // Verify if this GMP message was already executed
         bytes32 msgId = callback.messageId();
         require(messages[msgId] == GmpStatus.NOT_FOUND, "message already executed");
@@ -325,14 +332,18 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     /**
      * @dev Register a single shard and returns the GatewayOp hash.
      */
-    function _registerShardCommand(bytes calldata params) private returns (bytes32 operationHash) {
+    function _registerShardCommand(bytes calldata params, bool dry) private returns (bytes32 operationHash) {
         require(params.length == 64, "invalid TssKey");
         TssKey calldata publicKey;
         assembly {
             publicKey := params.offset
         }
         operationHash = PrimitiveUtils.hash(publicKey.yParity, publicKey.xCoord);
 
+        if (dry) {
+            return operationHash;
+        }
+
         bool isSuccess = ShardStore.getMainStorage().register(publicKey);
         if (isSuccess) {
             TssKey[] memory keys = new TssKey[](1);
@@ -344,14 +355,18 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     /**
      * @dev Removes a single shard from the set.
      */
-    function _unregisterShardCommand(bytes calldata params) private returns (bytes32 operationHash) {
+    function _unregisterShardCommand(bytes calldata params, bool dry) private returns (bytes32 operationHash) {
         require(params.length == 64, "invalid TssKey");
         TssKey calldata publicKey;
         assembly {
             publicKey := params.offset
         }
         operationHash = PrimitiveUtils.hash(publicKey.yParity, publicKey.xCoord);
 
+        if (dry) {
+            return operationHash;
+        }
+
         bool isSuccess = ShardStore.getMainStorage().revoke(publicKey);
         if (isSuccess) {
             TssKey[] memory keys = new TssKey[](1);
@@ -363,7 +378,7 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     /**
      * Cast the command function into a uint256.
      */
-    function fnToPtr(function(bytes calldata) internal returns (bytes32) fn) private pure returns (uint256 ptr) {
+    function fnToPtr(function(bytes calldata, bool) internal returns (bytes32) fn) private pure returns (uint256 ptr) {
         assembly {
             ptr := fn
         }
@@ -393,7 +408,7 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     function _cmdTableLookup(CommandsLookUpTable lut, Command command)
         private
         pure
-        returns (function(bytes calldata) internal returns (bytes32) fn)
+        returns (function(bytes calldata, bool) internal returns (bytes32) fn)
     {
         unchecked {
             // Extract the function pointer from the table using the `Command` as index.
@@ -421,7 +436,7 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
      * increase the cost exponentially.
      * @return (uint256, bytes32) Returns a tuple containing the maximum amount of memory used in bytes and the operations root hash.
      */
-    function _executeCommands(GatewayOp[] calldata operations) private returns (uint256, bytes32) {
+    function _executeCommands(GatewayOp[] calldata operations, bool dry) private returns (uint256, bytes32) {
         // Track the free memory pointer, to reset the memory after each command executed.
         uint256 freeMemPointer = PrimitiveUtils.readAllocatedMemory();
         uint256 maxAllocatedMemory = freeMemPointer;
@@ -434,10 +449,11 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
             GatewayOp calldata operation = operations[i];
 
             // Lookup the command function pointer
-            function(bytes calldata) internal returns (bytes32) commandFN = _cmdTableLookup(lut, operation.command);
+            function(bytes calldata, bool) internal returns (bytes32) commandFN =
+                _cmdTableLookup(lut, operation.command);
 
             // Execute the command
-            bytes32 operationHash = commandFN(operation.params);
+            bytes32 operationHash = commandFN(operation.params, dry);
 
             // Update the operations root hash
             operationsRootHash =
@@ -462,12 +478,24 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
     function execute(Signature calldata signature, Batch calldata batch) external {
         uint256 initialGas = gasleft();
 
+        uint16 numSigningSessions = _signingSessions[batch.batchId];
+        bool dry;
+        if (numSigningSessions == 0) {
+            numSigningSessions = batch.numSigningSessions;
+        } else if (numSigningSessions == 1) {
+            revert("batch already executed");
+        } else if (numSigningSessions > 1) {
+            numSigningSessions -= 1;
+            dry = true;
+        }
+        _signingSessions[batch.batchId] = numSigningSessions;
+
         // Execute the commands and compute the operations root hash
-        (, bytes32 rootHash) = _executeCommands(batch.ops);
+        (, bytes32 rootHash) = _executeCommands(batch.ops, dry);
         emit BatchExecuted(batch.batchId);
 
         // Compute the Batch signing hash
-        rootHash = PrimitiveUtils.hash(batch.version, batch.batchId, uint256(rootHash));
+        rootHash = PrimitiveUtils.hash(batch.version, batch.batchId, batch.numSigningSessions, uint256(rootHash));
         bytes32 signingHash = keccak256(
             abi.encodePacked("Analog GMP v2", networkId(), bytes32(uint256(uint160(address(this)))), rootHash)
         );
@@ -484,7 +512,7 @@ contract Gateway is IGateway, UUPSUpgradeable, OwnableUpgradeable {
         // Refund the chronicle gas
         unchecked {
             // Extra gas overhead used to execute the refund logic + selector overhead
-            uint256 gasUsed = 2964;
+            uint256 gasUsed = 2890;
 
             // Compute the gas used + base cost + proxy overhead
             gasUsed += GasUtils.txBaseGas();

src/Primitives.sol

@@ -84,10 +84,13 @@ struct GatewayOp {
  * @param ops List of operations to execute.
  */
 struct Batch {
+    /// @dev The batch format version
     uint8 version;
     /// @dev The batch identifier
     uint64 batchId;
-    /// @dev
+    /// @dev The number of signing sessions
+    uint16 numSigningSessions;
+    /// @dev The ops to execute
     GatewayOp[] ops;
 }
 
@@ -153,6 +156,12 @@ library PrimitiveUtils {
      */
     uint256 internal constant ALLOCATED_MEMORY = 0x40;
 
+    /**
+     * @dev Solidity's reserved location for the scratch memory.
+     * Reference: https://docs.soliditylang.org/en/v0.8.28/internals/layout_in_memory.html
+     */
+    uint256 internal constant SCRATCH_MEMORY = 0x60;
+
     /**
      * @dev Read the current allocated size (a.k.a free memory pointer).
      */
@@ -207,6 +216,36 @@ library PrimitiveUtils {
         }
     }
 
+    /**
+     * @dev Hashes four 256-bit words without memory allocation, uses the memory between 0x00~0x80.
+     *
+     * The reserverd memory region `0x40~0x80` is restored to its previous state after execution.
+     * See https://docs.soliditylang.org/en/v0.8.28/internals/layout_in_memory.html for more details.
+     */
+    function hash(uint256 a, uint256 b, uint256 c, uint256 d) internal pure returns (bytes32 h) {
+        assembly ("memory-safe") {
+            mstore(0x00, a)
+            mstore(0x20, b)
+
+            // Backup the free memory pointer
+            let freeMemBackup := mload(ALLOCATED_MEMORY)
+            mstore(ALLOCATED_MEMORY, c)
+            {
+                // Backup the scratch space 0x60
+                let backup := mload(0x60)
+
+                // Compute the hash
+                mstore(SCRATCH_MEMORY, d)
+                h := keccak256(0x00, 0x80)
+
+                // Restore the scratch space 0x60
+                mstore(SCRATCH_MEMORY, backup)
+            }
+            // Restore the free memory pointer
+            mstore(ALLOCATED_MEMORY, freeMemBackup)
+        }
+    }
+
     /**
      * @dev Returns the smallest of two numbers.
      */

test/Batching.t.sol

@@ -112,7 +112,8 @@ contract Batching is Test {
                 })
             )
         });
-        Batch memory batch = Batch({version: 0, batchId: uint64(uint256(keccak256("some batch"))), ops: ops});
+        Batch memory batch =
+            Batch({version: 0, batchId: uint64(uint256(keccak256("some batch"))), numSigningSessions: 1, ops: ops});
 
         Signature memory sig = TestUtils.sign(shard, gateway, batch, SIGNING_NONCE);
         gateway.execute(sig, batch);