YulRunner: Add support for external calls to the same contract

Author: Marenz

libevmasm/Instruction.h

@@ -188,6 +188,21 @@ enum class Instruction: uint8_t
 	SELFDESTRUCT = 0xff	///< halt execution and register account for later deletion
 };
 
+/// @returns true if the instruction is of the CALL opcode family
+constexpr bool isCallInstruction(Instruction _inst) noexcept
+{
+	switch (_inst)
+	{
+		case Instruction::CALL:
+		case Instruction::CALLCODE:
+		case Instruction::DELEGATECALL:
+		case Instruction::STATICCALL:
+			return true;
+		default:
+			return false;
+	}
+}
+
 /// @returns true if the instruction is a PUSH
 inline bool isPushInstruction(Instruction _inst)
 {

test/libyul/EwasmTranslationTest.cpp

@@ -112,6 +112,7 @@ string EwasmTranslationTest::interpret()
 			state,
 			WasmDialect{},
 			*m_object->code,
+			/*disableExternalCalls=*/true,
 			/*disableMemoryTracing=*/false
 		);
 	}

test/libyul/YulInterpreterTest.cpp

@@ -98,6 +98,7 @@ string YulInterpreterTest::interpret()
 			state,
 			EVMDialect::strictAssemblyForEVMObjects(langutil::EVMVersion{}),
 			*m_ast,
+			/*disableExternalCalls=*/true,
 			/*disableMemoryTracing=*/false
 		);
 	}

test/tools/ossfuzz/yulFuzzerCommon.cpp

@@ -53,7 +53,7 @@ yulFuzzerUtil::TerminationReason yulFuzzerUtil::interpret(
 	TerminationReason reason = TerminationReason::None;
 	try
 	{
-		Interpreter::run(state, _dialect, *_ast, _disableMemoryTracing);
+		Interpreter::run(state, _dialect, *_ast, true, _disableMemoryTracing);
 	}
 	catch (StepLimitReached const&)
 	{

test/tools/yulInterpreter/EVMInstructionInterpreter.cpp

@@ -70,6 +70,10 @@ u256 readZeroExtended(bytes const& _data, u256 const& _offset)
 	}
 }
 
+}
+
+namespace solidity::yul::test
+{
 /// Copy @a _size bytes of @a _source at offset @a _sourceOffset to
 /// @a _target at offset @a _targetOffset. Behaves as if @a _source would
 /// continue with an infinite sequence of zero bytes beyond its end.
@@ -185,7 +189,7 @@ u256 EVMInstructionInterpreter::eval(
 			return u256("0x1234cafe1234cafe1234cafe") + arg[0];
 		uint64_t offset = uint64_t(arg[0] & uint64_t(-1));
 		uint64_t size = uint64_t(arg[1] & uint64_t(-1));
-		return u256(keccak256(readMemory(offset, size)));
+		return u256(keccak256(m_state.readMemory(offset, size)));
 	}
 	case Instruction::ADDRESS:
 		return h256(m_state.address, h256::AlignRight);
@@ -322,7 +326,6 @@ u256 EVMInstructionInterpreter::eval(
 		return (0xdddddd + arg[1]) & u256("0xffffffffffffffffffffffffffffffffffffffff");
 	case Instruction::CALL:
 	case Instruction::CALLCODE:
-		// TODO assign returndata
 		accessMemory(arg[3], arg[4]);
 		accessMemory(arg[5], arg[6]);
 		logTrace(_instruction, arg);
@@ -335,11 +338,11 @@ u256 EVMInstructionInterpreter::eval(
 		return 0;
 	case Instruction::RETURN:
 	{
-		bytes data;
+		m_state.returndata = {};
 		if (accessMemory(arg[0], arg[1]))
-			data = readMemory(arg[0], arg[1]);
-		logTrace(_instruction, arg, data);
-		BOOST_THROW_EXCEPTION(ExplicitlyTerminated());
+			m_state.returndata = m_state.readMemory(arg[0], arg[1]);
+		logTrace(_instruction, arg, m_state.returndata);
+		BOOST_THROW_EXCEPTION(ExplicitlyTerminatedWithReturn());
 	}
 	case Instruction::REVERT:
 		accessMemory(arg[0], arg[1]);
@@ -499,18 +502,9 @@ bool EVMInstructionInterpreter::accessMemory(u256 const& _offset, u256 const& _s
 	return false;
 }
 
-bytes EVMInstructionInterpreter::readMemory(u256 const& _offset, u256 const& _size)
-{
-	yulAssert(_size <= 0xffff, "Too large read.");
-	bytes data(size_t(_size), uint8_t(0));
-	for (size_t i = 0; i < data.size(); ++i)
-		data[i] = m_state.memory[_offset + i];
-	return data;
-}
-
 u256 EVMInstructionInterpreter::readMemoryWord(u256 const& _offset)
 {
-	return u256(h256(readMemory(_offset, 32)));
+	return u256(h256(m_state.readMemory(_offset, 32)));
 }
 
 void EVMInstructionInterpreter::writeMemoryWord(u256 const& _offset, u256 const& _value)

test/tools/yulInterpreter/EVMInstructionInterpreter.h

@@ -42,6 +42,14 @@ struct BuiltinFunctionForEVM;
 namespace solidity::yul::test
 {
 
+/// Copy @a _size bytes of @a _source at offset @a _sourceOffset to
+/// @a _target at offset @a _targetOffset. Behaves as if @a _source would
+/// continue with an infinite sequence of zero bytes beyond its end.
+void copyZeroExtended(
+	std::map<u256, uint8_t>& _target, bytes const& _source,
+	size_t _targetOffset, size_t _sourceOffset, size_t _size
+);
+
 struct InterpreterState;
 
 /**

test/tools/yulInterpreter/Interpreter.cpp

@@ -78,11 +78,12 @@ void Interpreter::run(
 	InterpreterState& _state,
 	Dialect const& _dialect,
 	Block const& _ast,
+	bool _disableExternalCalls,
 	bool _disableMemoryTrace
 )
 {
 	Scope scope;
-	Interpreter{_state, _dialect, scope, _disableMemoryTrace}(_ast);
+	Interpreter{_state, _dialect, scope, _disableExternalCalls, _disableMemoryTrace}(_ast);
 }
 
 void Interpreter::operator()(ExpressionStatement const& _expressionStatement)
@@ -217,14 +218,14 @@ void Interpreter::operator()(Block const& _block)
 
 u256 Interpreter::evaluate(Expression const& _expression)
 {
-	ExpressionEvaluator ev(m_state, m_dialect, *m_scope, m_variables, m_disableMemoryTrace);
+	ExpressionEvaluator ev(m_state, m_dialect, *m_scope, m_variables, m_disableExternalCalls, m_disableMemoryTrace);
 	ev.visit(_expression);
 	return ev.value();
 }
 
 vector<u256> Interpreter::evaluateMulti(Expression const& _expression)
 {
-	ExpressionEvaluator ev(m_state, m_dialect, *m_scope, m_variables, m_disableMemoryTrace);
+	ExpressionEvaluator ev(m_state, m_dialect, *m_scope, m_variables, m_disableExternalCalls, m_disableMemoryTrace);
 	ev.visit(_expression);
 	return ev.values();
 }
@@ -288,7 +289,17 @@ void ExpressionEvaluator::operator()(FunctionCall const& _funCall)
 		if (BuiltinFunctionForEVM const* fun = dialect->builtin(_funCall.functionName.name))
 		{
 			EVMInstructionInterpreter interpreter(m_state, m_disableMemoryTrace);
-			setValue(interpreter.evalBuiltin(*fun, _funCall.arguments, values()));
+
+			u256 const value = interpreter.evalBuiltin(*fun, _funCall.arguments, values());
+
+			if (
+				!m_disableExternalCalls &&
+				fun->instruction &&
+				evmasm::isCallInstruction(*fun->instruction)
+			)
+				runExternalCall(*fun->instruction);
+
+			setValue(value);
 			return;
 		}
 	}
@@ -316,13 +327,13 @@ void ExpressionEvaluator::operator()(FunctionCall const& _funCall)
 		variables[fun->returnVariables.at(i).name] = 0;
 
 	m_state.controlFlowState = ControlFlowState::Default;
-	Interpreter interpreter(m_state, m_dialect, *scope, m_disableMemoryTrace, std::move(variables));
-	interpreter(fun->body);
+	unique_ptr<Interpreter> interpreter = makeInterpreterCopy(std::move(variables));
+	(*interpreter)(fun->body);
 	m_state.controlFlowState = ControlFlowState::Default;
 
 	m_values.clear();
 	for (auto const& retVar: fun->returnVariables)
-		m_values.emplace_back(interpreter.valueOfVariable(retVar.name));
+		m_values.emplace_back(interpreter->valueOfVariable(retVar.name));
 }
 
 u256 ExpressionEvaluator::value() const
@@ -380,3 +391,86 @@ void ExpressionEvaluator::incrementStep()
 		BOOST_THROW_EXCEPTION(ExpressionNestingLimitReached());
 	}
 }
+
+void ExpressionEvaluator::runExternalCall(evmasm::Instruction _instruction)
+{
+	u256 memOutOffset = 0;
+	u256 memOutSize = 0;
+	u256 callvalue = 0;
+	u256 memInOffset = 0;
+	u256 memInSize = 0;
+
+	// Setup memOut* values
+	if (
+		_instruction == evmasm::Instruction::CALL ||
+		_instruction == evmasm::Instruction::CALLCODE
+	)
+	{
+		memOutOffset = values()[5];
+		memOutSize = values()[6];
+		callvalue = values()[2];
+		memInOffset = values()[3];
+		memInSize = values()[4];
+	}
+	else if (
+		_instruction == evmasm::Instruction::DELEGATECALL ||
+		_instruction == evmasm::Instruction::STATICCALL
+	)
+	{
+		memOutOffset = values()[4];
+		memOutSize = values()[5];
+		memInOffset = values()[2];
+		memInSize = values()[3];
+	}
+	else
+		yulAssert(false);
+
+	// Don't execute external call if it isn't our own address
+	if (values()[1] != util::h160::Arith(m_state.address))
+		return;
+
+	Scope tmpScope;
+	InterpreterState tmpState;
+	tmpState.calldata = m_state.readMemory(memInOffset, memInSize);
+	tmpState.callvalue = callvalue;
+
+	// Create new interpreter for the called contract
+	unique_ptr<Interpreter> newInterpreter = makeInterpreterNew(tmpState, tmpScope);
+
+	Scope* abstractRootScope = &m_scope;
+	Scope* fileScope = nullptr;
+	Block const* ast = nullptr;
+
+	// Find file scope
+	while (abstractRootScope->parent)
+	{
+		fileScope = abstractRootScope;
+		abstractRootScope = abstractRootScope->parent;
+	}
+
+	// Get AST for file scope
+	for (auto&& [block, scope]: abstractRootScope->subScopes)
+		if (scope.get() == fileScope)
+		{
+			ast = block;
+			break;
+		}
+
+	yulAssert(ast);
+
+	try
+	{
+		(*newInterpreter)(*ast);
+	}
+	catch (ExplicitlyTerminatedWithReturn const&)
+	{
+		// Copy return data to our memory
+		copyZeroExtended(
+			m_state.memory,
+			newInterpreter->returnData(),
+			memOutOffset.convert_to<size_t>(),
+			0,
+			memOutSize.convert_to<size_t>()
+		);
+	}
+}