EVM Words
requires "krypto.k"
JSON Formatting
The JSON format is used extensively for communication in the Ethereum circles. Writing a JSON-ish parser in K takes 6 lines.
module JSON
imports INT
imports STRING
imports BOOL
syntax JSONs ::= List{JSON,","} [klabel(JSONs) , symbol]
syntax JSONKey ::= String
syntax JSON ::= "null" [klabel(JSONnull) , symbol]
| String | Int | Bool
| JSONKey ":" JSON [klabel(JSONEntry) , symbol]
| "{" JSONs "}" [klabel(JSONObject) , symbol]
| "[" JSONs "]" [klabel(JSONList) , symbol]
// --------------------------------------------------------------------
endmodule
EVM uses bounded 256 bit integer words, and sometimes also bytes (8 bit words).
Here we provide the arithmetic of these words, as well as some data-structures over them.
Both are implemented using K’s Int
.
module EVM-DATA
imports KRYPTO
imports STRING-BUFFER
imports MAP-SYMBOLIC
imports COLLECTIONS
imports JSON
```{.k .concrete .bytes} imports BYTES
**TODO**: Adding `Int` to `JSONKey` is a hack to make certain parts of semantics easier.
```k
syntax JSONKey ::= Int
// ----------------------
Utilities
Important Powers
Some important numbers that are referred to often during execution.
These can be used for pattern-matching on the LHS of rules as well (macro
attribute expands all occurances of these in rules).
syntax Int ::= "pow256" /* 2 ^Int 256 */
| "pow255" /* 2 ^Int 255 */
| "pow160" /* 2 ^Int 160 */
| "pow16" /* 2 ^Int 16 */
// ----------------------------------------
rule pow256 => 115792089237316195423570985008687907853269984665640564039457584007913129639936 [macro]
rule pow255 => 57896044618658097711785492504343953926634992332820282019728792003956564819968 [macro]
rule pow160 => 1461501637330902918203684832716283019655932542976 [macro]
rule pow16 => 65536 [macro]
syntax Int ::= "minSInt128"
| "maxSInt128"
| "minUInt8"
| "maxUInt8"
| "minUInt16"
| "maxUInt16"
| "minUInt48"
| "maxUInt48"
| "minUInt128"
| "maxUInt128"
| "minUInt160"
| "maxUInt160"
| "minSInt256"
| "maxSInt256"
| "minUInt256"
| "maxUInt256"
| "minSFixed128x10"
| "maxSFixed128x10"
| "minUFixed128x10"
| "maxUFixed128x10"
// --------------------------------
rule minSInt128 => -170141183460469231731687303715884105728 [macro] /* -2^127 */
rule maxSInt128 => 170141183460469231731687303715884105727 [macro] /* 2^127 - 1 */
rule minSFixed128x10 => -1701411834604692317316873037158841057280000000000 [macro] /* (-2^127 ) * 10^10 */
rule maxSFixed128x10 => 1701411834604692317316873037158841057270000000000 [macro] /* ( 2^127 - 1) * 10^10 */
rule minSInt256 => -57896044618658097711785492504343953926634992332820282019728792003956564819968 [macro] /* -2^255 */
rule maxSInt256 => 57896044618658097711785492504343953926634992332820282019728792003956564819967 [macro] /* 2^255 - 1 */
rule minUInt8 => 0 [macro]
rule maxUInt8 => 255 [macro]
rule minUInt16 => 0 [macro]
rule maxUInt16 => 65535 [macro] /* 2^16 - 1 */
rule minUInt48 => 0 [macro]
rule maxUInt48 => 281474976710655 [macro] /* 2^48 - 1 */
rule minUInt128 => 0 [macro]
rule maxUInt128 => 340282366920938463463374607431768211455 [macro] /* 2^128 - 1 */
rule minUFixed128x10 => 0 [macro]
rule maxUFixed128x10 => 3402823669209384634633746074317682114550000000000 [macro] /* ( 2^128 - 1) * 10^10 */
rule minUInt160 => 0 [macro]
rule maxUInt160 => 1461501637330902918203684832716283019655932542975 [macro] /* 2^160 - 1 */
rule minUInt256 => 0 [macro]
rule maxUInt256 => 115792089237316195423570985008687907853269984665640564039457584007913129639935 [macro] /* 2^256 - 1 */
syntax Int ::= "eth"
// --------------------
rule eth => 1000000000000000000 [macro]
- Range of types
syntax Bool ::= #rangeSInt ( Int , Int )
| #rangeUInt ( Int , Int )
| #rangeSFixed ( Int , Int , Int )
| #rangeUFixed ( Int , Int , Int )
| #rangeAddress ( Int )
| #rangeBytes ( Int , Int )
// -------------------------------------------
rule #rangeSInt ( 128 , X ) => #range ( minSInt128 <= X <= maxSInt128 ) [macro]
rule #rangeSInt ( 256 , X ) => #range ( minSInt256 <= X <= maxSInt256 ) [macro]
rule #rangeUInt ( 8 , X ) => #range ( minUInt8 <= X <= maxUInt8 ) [macro]
rule #rangeUInt ( 16 , X ) => #range ( minUInt16 <= X <= maxUInt16 ) [macro]
rule #rangeUInt ( 48 , X ) => #range ( minUInt48 <= X <= maxUInt48 ) [macro]
rule #rangeUInt ( 128 , X ) => #range ( minUInt128 <= X <= maxUInt128 ) [macro]
rule #rangeUInt ( 256 , X ) => #range ( minUInt256 <= X <= maxUInt256 ) [macro]
rule #rangeSFixed ( 128 , 10 , X ) => #range ( minSFixed128x10 <= X <= maxSFixed128x10 ) [macro]
rule #rangeUFixed ( 128 , 10 , X ) => #range ( minUFixed128x10 <= X <= maxUFixed128x10 ) [macro]
rule #rangeAddress ( X ) => #range ( minUInt160 <= X <= maxUInt160 ) [macro]
rule #rangeBytes ( N , X ) => #range ( 0 <= X <= #nBytes(N) ) [macro]
syntax Bool ::= "#range" "(" Int "<" Int "<" Int ")"
| "#range" "(" Int "<" Int "<=" Int ")"
| "#range" "(" Int "<=" Int "<" Int ")"
| "#range" "(" Int "<=" Int "<=" Int ")"
// ------------------------------------------------------
rule #range ( LB < X < UB ) => LB <Int X andBool X <Int UB [macro]
rule #range ( LB < X <= UB ) => LB <Int X andBool X <=Int UB [macro]
rule #range ( LB <= X < UB ) => LB <=Int X andBool X <Int UB [macro]
rule #range ( LB <= X <= UB ) => LB <=Int X andBool X <=Int UB [macro]
chop
interprets an integer modulo $2^256$.
syntax Int ::= chop ( Int ) [function, functional, smtlib(chop)]
// ----------------------------------------------------------------
rule chop ( I:Int ) => I modInt pow256 [concrete, smt-lemma]
Boolean Conversions
Primitives provide the basic conversion from K’s sorts Int
and Bool
to EVM’s words.
bool2Word
interprets aBool
as aInt
.word2Bool
interprets aInt
as aBool
.
syntax Int ::= bool2Word ( Bool ) [function, functional]
// --------------------------------------------------------
rule bool2Word( B:Bool ) => 1 requires B
rule bool2Word( B:Bool ) => 0 requires notBool B
syntax Bool ::= word2Bool ( Int ) [function, functional]
// --------------------------------------------------------
rule word2Bool( W ) => false requires W ==Int 0
rule word2Bool( W ) => true requires W =/=Int 0
sgn
gives the twos-complement interperetation of the sign of a word.abs
gives the twos-complement interperetation of the magnitude of a word.
syntax Int ::= sgn ( Int ) [function, functional]
| abs ( Int ) [function, functional]
// -------------------------------------------------
rule sgn(I) => -1 requires I >=Int pow255
rule sgn(I) => 1 requires I <Int pow255
rule abs(I) => 0 -Word I requires sgn(I) ==Int -1
rule abs(I) => I requires sgn(I) ==Int 1
- #signed : uInt256 -> sInt256 (i.e., [minUInt256..maxUInt256] -> [minSInt256..maxSInt256])
- #unsigned : sInt256 -> uInt256 (i.e., [minSInt256..maxSInt256] -> [minUInt256..maxUInt256])
syntax Int ::= #signed ( Int ) [function]
// -----------------------------------------
rule [#signed.positive]: #signed(DATA) => DATA
requires 0 <=Int DATA andBool DATA <=Int maxSInt256
rule [#signed.negative]: #signed(DATA) => DATA -Int pow256
requires maxSInt256 <Int DATA andBool DATA <=Int maxUInt256
syntax Int ::= #unsigned ( Int ) [function]
// -------------------------------------------
rule [#unsigned.positive]: #unsigned(DATA) => DATA
requires 0 <=Int DATA andBool DATA <=Int maxSInt256
rule [#unsigned.negative]: #unsigned(DATA) => pow256 +Int DATA
requires minSInt256 <=Int DATA andBool DATA <Int 0
Empty Account
.Account
represents the case when an account ID is referenced in the yellowpaper, but the actual value of the account ID is the empty set. This is used, for example, when referring to the destination of a message which creates a new contract.
syntax Account ::= ".Account" | Int
// -----------------------------------
Word Operations
Low-Level
up/Int
performs integer division but rounds up instead of down.
NOTE: Here, we choose to add I2 -Int 1
to the numerator beforing doing the division to mimic the C++ implementation.
You could alternatively calculate I1 modInt I2
, then add one to the normal integer division afterward depending on the result.
syntax Int ::= Int "up/Int" Int [function]
// ------------------------------------------
rule I1 up/Int 0 => 0
rule I1 up/Int 1 => I1
rule I1 up/Int I2 => (I1 +Int (I2 -Int 1)) /Int I2 requires I2 >Int 1
log256Int
returns the log base 256 (floored) of an integer.
syntax Int ::= log256Int ( Int ) [function]
// -------------------------------------------
rule log256Int(N) => log2Int(N) /Int 8
The corresponding <op>Word
operations automatically perform the correct modulus for EVM words.
Warning: operands are assumed to be within the range of a 256 bit EVM word. Unbound integers may not return the correct result.
syntax Int ::= Int "+Word" Int [function, functional]
| Int "*Word" Int [function, functional]
| Int "-Word" Int [function, functional]
| Int "/Word" Int [function, functional]
| Int "%Word" Int [function, functional]
// -----------------------------------------------------
rule W0 +Word W1 => chop( W0 +Int W1 )
rule W0 -Word W1 => W0 -Int W1 requires W0 >=Int W1
rule W0 -Word W1 => chop( (W0 +Int pow256) -Int W1 ) requires W0 <Int W1
rule W0 *Word W1 => chop( W0 *Int W1 )
rule W0 /Word W1 => 0 requires W1 ==Int 0
rule W0 /Word W1 => W0 /Int W1 requires W1 =/=Int 0
rule W0 %Word W1 => 0 requires W1 ==Int 0
rule W0 %Word W1 => W0 modInt W1 requires W1 =/=Int 0
Care is needed for ^Word
to avoid big exponentiation.
The helper powmod
is a totalization of the operator _^%Int__
(which comes with K).
_^%Int__
is not defined when the modulus (third argument) is zero, but powmod
is.
syntax Int ::= Int "^Word" Int [function]
syntax Int ::= powmod(Int, Int, Int) [function, functional]
// -----------------------------------------------------------
rule W0 ^Word W1 => powmod(W0, W1, pow256)
rule [powmod.nonzero]: powmod(W0, W1, W2) => W0 ^%Int W1 W2 requires W2 =/=Int 0
rule [powmod.zero]: powmod(W0, W1, W2) => 0 requires W2 ==Int 0
/sWord
and %sWord
give the signed interperetations of /Word
and %Word
.
syntax Int ::= Int "/sWord" Int [function]
| Int "%sWord" Int [function]
// ------------------------------------------
rule W0 /sWord W1 => #sgnInterp(sgn(W0) *Int sgn(W1) , abs(W0) /Word abs(W1))
rule W0 %sWord W1 => #sgnInterp(sgn(W0) , abs(W0) %Word abs(W1))
syntax Int ::= #sgnInterp ( Int , Int ) [function, functional]
// --------------------------------------------------------------
rule #sgnInterp( W0 , W1 ) => 0 requires W0 ==Int 0
rule #sgnInterp( W0 , W1 ) => W1 requires W0 >Int 0
rule #sgnInterp( W0 , W1 ) => 0 -Word W1 requires W0 <Int 0
Word Comparison
The <op>Word
comparisons similarly lift K operators to EVM ones:
syntax Int ::= Int "<Word" Int [function, functional]
| Int ">Word" Int [function, functional]
| Int "<=Word" Int [function, functional]
| Int ">=Word" Int [function, functional]
| Int "==Word" Int [function, functional]
// ------------------------------------------------------
rule W0 <Word W1 => bool2Word(W0 <Int W1)
rule W0 >Word W1 => bool2Word(W0 >Int W1)
rule W0 <=Word W1 => bool2Word(W0 <=Int W1)
rule W0 >=Word W1 => bool2Word(W0 >=Int W1)
rule W0 ==Word W1 => bool2Word(W0 ==Int W1)
s<Word
implements a less-than forWord
(with signed interperetation).
syntax Int ::= Int "s<Word" Int [function, functional]
// ------------------------------------------------------
rule [s<Word.pp]: W0 s<Word W1 => W0 <Word W1 requires sgn(W0) ==K 1 andBool sgn(W1) ==K 1
rule [s<Word.pn]: W0 s<Word W1 => bool2Word(false) requires sgn(W0) ==K 1 andBool sgn(W1) ==K -1
rule [s<Word.np]: W0 s<Word W1 => bool2Word(true) requires sgn(W0) ==K -1 andBool sgn(W1) ==K 1
rule [s<Word.nn]: W0 s<Word W1 => abs(W1) <Word abs(W0) requires sgn(W0) ==K -1 andBool sgn(W1) ==K -1
Bitwise Operators
Bitwise logical operators are lifted from the integer versions.
syntax Int ::= "~Word" Int [function, functional]
| Int "|Word" Int [function, functional]
| Int "&Word" Int [function, functional]
| Int "xorWord" Int [function, functional]
| Int "<<Word" Int [function]
| Int ">>Word" Int [function]
| Int ">>sWord" Int [function]
// -------------------------------------------
rule ~Word W => W xorInt maxUInt256
rule W0 |Word W1 => W0 |Int W1
rule W0 &Word W1 => W0 &Int W1
rule W0 xorWord W1 => W0 xorInt W1
rule W0 <<Word W1 => chop( W0 <<Int W1 ) requires W1 <Int 256
rule W0 <<Word W1 => 0 requires W1 >=Int 256
rule W0 >>Word W1 => W0 >>Int W1
rule W0 >>sWord W1 => chop( (abs(W0) *Int sgn(W0)) >>Int W1 )
bit
gets bit $N$ (0 being MSB).byte
gets byte $N$ (0 being the MSB).
syntax Int ::= bit ( Int , Int ) [function]
| byte ( Int , Int ) [function]
// --------------------------------------------
rule bit (N, _) => 0 requires notBool (N >=Int 0 andBool N <Int 256)
rule byte(N, _) => 0 requires notBool (N >=Int 0 andBool N <Int 32)
rule bit (N, W) => bitRangeInt(W , (255 -Int N) , 1) requires N >=Int 0 andBool N <Int 256
rule byte(N, W) => bitRangeInt(W , ( 31 -Int N) *Int 8 , 8) requires N >=Int 0 andBool N <Int 32
#nBits
shifts in $N$ ones from the right.#nBytes
shifts in $N$ bytes of ones from the right._<<Byte_
shifts an integer 8 bits to the left._>>Byte_
shifts an integer 8 bits to the right.
syntax Int ::= #nBits ( Int ) [function]
| #nBytes ( Int ) [function]
| Int "<<Byte" Int [function]
| Int ">>Byte" Int [function]
// ------------------------------------------
rule #nBits(N) => (1 <<Int N) -Int 1 requires N >=Int 0
rule #nBytes(N) => #nBits(N *Int 8) requires N >=Int 0
rule N <<Byte M => N <<Int (8 *Int M)
rule N >>Byte M => N >>Int (8 *Int M)
signextend(N, W)
sign-extends from byte $N$ of $W$ (0 being MSB).
syntax Int ::= signextend( Int , Int ) [function, functional]
// -------------------------------------------------------------
rule [signextend.invalid]: signextend(N, W) => W requires N >=Int 32 orBool N <Int 0
rule [signextend.negative]: signextend(N, W) => chop( (#nBytes(31 -Int N) <<Byte (N +Int 1)) |Int W ) requires N <Int 32 andBool N >=Int 0 andBool word2Bool(bit(256 -Int (8 *Int (N +Int 1)), W))
rule [signextend.positive]: signextend(N, W) => chop( #nBytes(N +Int 1) &Int W ) requires N <Int 32 andBool N >=Int 0 andBool notBool word2Bool(bit(256 -Int (8 *Int (N +Int 1)), W))
keccak
serves as a wrapper around theKeccak256
inKRYPTO
.
syntax Int ::= keccak ( ByteArray ) [function, smtlib(smt_keccak)]
// ------------------------------------------------------------------
rule [keccak]: keccak(WS) => #parseHexWord(Keccak256(#unparseByteStack(WS)))
Data-Structures over Word
A WordStack for EVM
As a cons-list
A cons-list is used for the EVM wordstack.
.WordStack
serves as the empty worstack, and_:_
serves as the “cons” operator.
syntax WordStack [flatPredicate]
syntax WordStack ::= ".WordStack" [smtlib(_dotWS)]
| Int ":" WordStack [klabel(_:_WS), smtlib(_WS_)]
// --------------------------------------------------------------------
#take(N , WS)
keeps the first $N$ elements of aWordStack
(passing with zeros as needed).#drop(N , WS)
removes the first $N$ elements of aWordStack
.
syntax WordStack ::= #take ( Int , WordStack ) [function, functional]
// ---------------------------------------------------------------------
rule [#take.base]: #take(N, WS) => .WordStack requires notBool N >Int 0
rule [#take.zero-pad]: #take(N, .WordStack) => 0 : #take(N -Int 1, .WordStack) requires N >Int 0
rule [#take.recursive]: #take(N, (W : WS)) => W : #take(N -Int 1, WS) requires N >Int 0
syntax WordStack ::= #drop ( Int , WordStack ) [function, functional]
// ---------------------------------------------------------------------
rule #drop(N, WS) => WS requires notBool N >Int 0
rule #drop(N, .WordStack) => .WordStack
rule #drop(N, (W : WS)) => #drop(1, #drop(N -Int 1, (W : WS))) requires N >Int 1
rule #drop(1, (_ : WS)) => WS
Element Access
WS [ N ]
accesses element $N$ of $WS$.WS [ N := W ]
sets element $N$ of $WS$ to $W$ (padding with zeros as needed).
syntax Int ::= WordStack "[" Int "]" [function]
// -----------------------------------------------
rule (W : _) [ N ] => W requires N ==Int 0
rule WS [ N ] => #drop(N, WS) [ 0 ] requires N >Int 0
syntax WordStack ::= WordStack "[" Int ":=" Int "]" [function]
// --------------------------------------------------------------
rule (W0 : WS) [ N := W ] => W : WS requires N ==Int 0
rule (W0 : WS) [ N := W ] => W0 : (WS [ N -Int 1 := W ]) requires N >Int 0
- Definedness conditions for
WS [ N ]
andWS [ N := W ]
```{.k .symbolic} rule #Ceil(WS[N]) => {((0 <=Int N) andBool (N <Int #sizeWordStack(WS))) #Equals true} [anywhere] rule #Ceil(WS[ N := W ]) => {((0 <=Int N) andBool (N <Int #sizeWordStack(WS))) #Equals true} [anywhere]
- `#sizeWordStack` calculates the size of a `WordStack`.
- `_in_` determines if a `Int` occurs in a `WordStack`.
```k
syntax Int ::= #sizeWordStack ( WordStack ) [function, functional, smtlib(sizeWordStack)]
| #sizeWordStack ( WordStack , Int ) [function, functional, klabel(sizeWordStackAux), smtlib(sizeWordStackAux)]
// ----------------------------------------------------------------------------------------------------------------------------
rule #sizeWordStack ( WS ) => #sizeWordStack(WS, 0)
rule #sizeWordStack ( .WordStack, SIZE ) => SIZE
rule #sizeWordStack ( W : WS, SIZE ) => #sizeWordStack(WS, SIZE +Int 1)
syntax Bool ::= Int "in" WordStack [function]
// ---------------------------------------------
rule W in .WordStack => false
rule W in (W' : WS) => (W ==K W') orElseBool (W in WS)
#replicateAux
pushesN
copies ofA
onto aWordStack
.#replicate
is aWordStack
of lengthN
withA
the value of every element.
syntax WordStack ::= #replicate ( Int, Int ) [function, functional]
| #replicateAux ( Int, Int, WordStack ) [function, functional]
// ---------------------------------------------------------------------------------
rule #replicate ( N, A ) => #replicateAux(N, A, .WordStack)
rule #replicateAux( N, A, WS ) => #replicateAux(N -Int 1, A, A : WS) requires N >Int 0
rule #replicateAux( N, A, WS ) => WS requires notBool N >Int 0
WordStack2List
converts a term of sortWordStack
to a term of sortList
.
syntax List ::= WordStack2List ( WordStack ) [function, functional]
// -------------------------------------------------------------------
rule WordStack2List(.WordStack) => .List
rule WordStack2List(W : WS) => ListItem(W) WordStack2List(WS)
Byte Arrays
The local memory of execution is a byte-array (instead of a word-array).
#asWord
will interperet a stack of bytes as a single word (with MSB first).#asInteger
will interperet a stack of bytes as a single arbitrary-precision integer (with MSB first).#asAccount
will interpret a stack of bytes as a single account id (with MSB first). Differs from#asWord
only in that an empty stack represents the empty account, not account zero.#asByteStack
will split a single word up into aByteArray
._++_
acts asByteArray
append.WS [ N .. W ]
access the range ofWS
beginning withN
of widthW
.#sizeByteArray
calculates the size of aByteArray
.#padToWidth(N, WS)
and#padRightToWidth
make sure that aWordStack
is the correct size.
```{.k .bytes} syntax ByteArray = Bytes syntax ByteArray ::= “.ByteArray” [function, functional] // ——————————————————– rule .ByteArray => .Bytes
syntax Int ::= #asWord ( ByteArray ) [function, smtlib(asWord)] // ---------------------------------------------------------------
rule #asWord(WS) => chop(Bytes2Int(WS, BE, Unsigned))
syntax Int ::= #asInteger ( ByteArray ) [function] // --------------------------------------------------
rule #asInteger(WS) => Bytes2Int(WS, BE, Unsigned)
syntax String ::= #asString ( ByteArray ) [function] // ----------------------------------------------------
rule #asString(WS) => Bytes2String(WS)
syntax Account ::= #asAccount ( ByteArray ) [function] // ------------------------------------------------------
rule #asAccount(BS) => .Account requires lengthBytes(BS) ==Int 0
rule #asAccount(BS) => #asWord(BS) [owise]
syntax ByteArray ::= #asByteStack ( Int ) [function] // ----------------------------------------------------
rule #asByteStack(W) => Int2Bytes(W, BE, Unsigned)
syntax ByteArray ::= ByteArray "++" ByteArray [function, right, klabel(_++_WS), smtlib(_plusWS_)] // -------------------------------------------------------------------------------------------------
rule WS ++ WS' => WS +Bytes WS'
syntax ByteArray ::= ByteArray "[" Int ".." Int "]" [function] // --------------------------------------------------------------
rule WS [ START .. WIDTH ] => substrBytes(padRightBytes(WS, START +Int WIDTH, 0), START, START +Int WIDTH) requires START <Int #sizeByteArray(WS)
rule WS [ START .. WIDTH ] => padRightBytes(.Bytes, WIDTH, 0) [owise]
syntax Int ::= #sizeByteArray ( ByteArray ) [function, functional] // ------------------------------------------------------------------
rule #sizeByteArray ( WS ) => lengthBytes(WS)
syntax ByteArray ::= #padToWidth ( Int , ByteArray ) [function] // ---------------------------------------------------------------
rule #padToWidth(N, WS) => padLeftBytes(WS, N, 0) ```
```{.k .nobytes} syntax ByteArray = WordStack syntax ByteArray ::= “.ByteArray” [function] // ——————————————– rule .ByteArray => .WordStack
syntax Int ::= #asWord ( ByteArray ) [function, functional, smtlib(asWord)] // ---------------------------------------------------------------------------
rule [#asWord.base-empty]: #asWord( .WordStack ) => 0
rule [#asWord.base-single]: #asWord( W : .WordStack ) => W
rule [#asWord.recursive]: #asWord( W0 : W1 : WS ) => #asWord(((W0 *Word 256) +Word W1) : WS)
syntax Int ::= #asInteger ( ByteArray ) [function] // --------------------------------------------------
rule #asInteger( .WordStack ) => 0
rule #asInteger( W : .WordStack ) => W
rule #asInteger( W0 : W1 : WS ) => #asInteger(((W0 *Int 256) +Int W1) : WS)
syntax String ::= #asString ( ByteArray ) [function] // ----------------------------------------------------
rule #asString( .WordStack ) => ""
rule #asString( W : .WordStack ) => chrChar( W )
rule #asString( W0 : WS ) => chrChar( W0 ) +String #asString( WS )
syntax Account ::= #asAccount ( ByteArray ) [function] // ------------------------------------------------------
rule #asAccount( .WordStack ) => .Account
rule #asAccount( W : WS ) => #asWord(W : WS)
syntax ByteArray ::= #asByteStack ( Int ) [function, functional]
| #asByteStack ( Int , ByteArray ) [function, klabel(#asByteStackAux), smtlib(asByteStack)] // --------------------------------------------------------------------------------------------------------------
rule [#asByteStack]: #asByteStack( W ) => #asByteStack( W , .WordStack )
rule [#asByteStackAux.base]: #asByteStack( 0 , WS ) => WS
rule [#asByteStackAux.recursive]: #asByteStack( W , WS ) => #asByteStack( W /Int 256 , W modInt 256 : WS ) requires W =/=K 0
syntax ByteArray ::= ByteArray "++" ByteArray [function, memo, right, klabel(_++_WS), smtlib(_plusWS_)] // -------------------------------------------------------------------------------------------------------
rule .WordStack ++ WS' => WS'
rule (W : WS) ++ WS' => W : (WS ++ WS')
syntax ByteArray ::= ByteArray "[" Int ".." Int "]" [function, functional, memo] // --------------------------------------------------------------------------------
rule WS [ START .. WIDTH ] => #take(WIDTH, #drop(START, WS))
syntax Int ::= #sizeByteArray ( ByteArray ) [function, functional, memo] // ------------------------------------------------------------------------
rule #sizeByteArray ( WS ) => #sizeWordStack(WS)
syntax ByteArray ::= #padToWidth ( Int , ByteArray ) [function, functional, memo]
| #padRightToWidth ( Int , ByteArray ) [function, memo] // --------------------------------------------------------------------------------------
rule [#padToWidth]: #padToWidth(N, WS) => #replicateAux(N -Int #sizeByteArray(WS), 0, WS)
rule [#padRightToWidth]: #padRightToWidth(N, WS) => WS ++ #replicate(N -Int #sizeByteArray(WS), 0) ```
Addresses
#addr
turns an Ethereum word into the corresponding Ethereum address (160 LSB).
syntax Int ::= #addr ( Int ) [function]
// ---------------------------------------
rule #addr(W) => W %Word pow160
#newAddr
computes the address of a new account given the address and nonce of the creating account.#sender
computes the sender of the transaction from its data and signature.#addrFromPrivateKey
computes the address of an account given its private key
syntax Int ::= #newAddr ( Int , Int ) [function]
| #newAddr ( Int , Int , ByteArray ) [function, klabel(#newAddrCreate2)]
// -------------------------------------------------------------------------------------
rule [#newAddr]: #newAddr(ACCT, NONCE) => #addr(#parseHexWord(Keccak256(#rlpEncodeLength(#rlpEncodeBytes(ACCT, 20) +String #rlpEncodeWord(NONCE), 192))))
rule [#newAddrCreate2]: #newAddr(ACCT, SALT, INITCODE) => #addr(#parseHexWord(Keccak256("\xff" +String #unparseByteStack(#padToWidth(20, #asByteStack(ACCT))) +String #unparseByteStack(#padToWidth(32, #asByteStack(SALT))) +String #unparseByteStack(#parseHexBytes(Keccak256(#unparseByteStack(INITCODE)))))))
syntax Account ::= #sender ( Int , Int , Int , Account , Int , String , Int , ByteArray , ByteArray ) [function]
| #sender ( String , Int , String , String ) [function, klabel(#senderAux)]
| #sender ( String ) [function, klabel(#senderAux2)]
// -------------------------------------------------------------------------------------------------------------------------------------
rule #sender(TN, TP, TG, TT, TV, DATA, TW, TR, TS)
=> #sender(#unparseByteStack(#parseHexBytes(Keccak256(#rlpEncodeLength(#rlpEncodeWordStack(TN : TP : TG : .WordStack) +String #rlpEncodeAccount(TT) +String #rlpEncodeWord(TV) +String #rlpEncodeString(DATA), 192)))), TW, #unparseByteStack(TR), #unparseByteStack(TS))
rule #sender(HT, TW, TR, TS) => #sender(ECDSARecover(HT, TW, TR, TS))
rule #sender("") => .Account
rule #sender(STR) => #addr(#parseHexWord(Keccak256(STR))) requires STR =/=String ""
syntax Int ::= #addrFromPrivateKey ( String ) [function]
// --------------------------------------------------------
rule #addrFromPrivateKey ( KEY ) => #addr( #parseHexWord( Keccak256 ( Hex2Raw( ECDSAPubKey( Hex2Raw( KEY ) ) ) ) ) )
#blockHeaderHash
computes the hash of a block header given all the block data.
syntax Int ::= #blockHeaderHash( Int , Int , Int , Int , Int , Int , ByteArray , Int , Int , Int , Int , Int , ByteArray , Int , Int ) [function, klabel(blockHeaderHash), symbol]
| #blockHeaderHash(String, String, String, String, String, String, String, String, String, String, String, String, String, String, String) [function, klabel(#blockHashHeaderStr), symbol]
// -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
rule #blockHeaderHash(HP, HO, HC, HR, HT, HE, HB, HD, HI, HL, HG, HS, HX, HM, HN)
=> #blockHeaderHash(#asWord(#parseByteStackRaw(HP)),
#asWord(#parseByteStackRaw(HO)),
#asWord(#parseByteStackRaw(HC)),
#asWord(#parseByteStackRaw(HR)),
#asWord(#parseByteStackRaw(HT)),
#asWord(#parseByteStackRaw(HE)),
#parseByteStackRaw(HB) ,
#asWord(#parseByteStackRaw(HD)),
#asWord(#parseByteStackRaw(HI)),
#asWord(#parseByteStackRaw(HL)),
#asWord(#parseByteStackRaw(HG)),
#asWord(#parseByteStackRaw(HS)),
#parseByteStackRaw(HX) ,
#asWord(#parseByteStackRaw(HM)),
#asWord(#parseByteStackRaw(HN)))
rule #blockHeaderHash(HP, HO, HC, HR, HT, HE, HB, HD, HI, HL, HG, HS, HX, HM, HN)
=> #parseHexWord(Keccak256(#rlpEncodeLength( #rlpEncodeBytes(HP, 32)
+String #rlpEncodeBytes(HO, 32)
+String #rlpEncodeBytes(HC, 20)
+String #rlpEncodeBytes(HR, 32)
+String #rlpEncodeBytes(HT, 32)
+String #rlpEncodeBytes(HE, 32)
+String #rlpEncodeString(#unparseByteStack(HB))
+String #rlpEncodeWordStack(HD : HI : HL : HG : HS : .WordStack)
+String #rlpEncodeString(#unparseByteStack(HX))
+String #rlpEncodeBytes(HM, 32)
+String #rlpEncodeBytes(HN, 8),
192)))
M3:2048
computes the 2048-bit hash of a log entry in which exactly 3 bits are set. This is used to compute the Bloom filter of a log entry.
syntax Int ::= "M3:2048" "(" ByteArray ")" [function]
// -----------------------------------------------------
rule M3:2048(WS) => setBloomFilterBits(#parseByteStack(Keccak256(#unparseByteStack(WS))))
syntax Int ::= setBloomFilterBits(ByteArray) [function]
// -------------------------------------------------------
rule setBloomFilterBits(HASH) => (1 <<Int getBloomFilterBit(HASH, 0)) |Int (1 <<Int getBloomFilterBit(HASH, 2)) |Int (1 <<Int getBloomFilterBit(HASH, 4))
syntax Int ::= getBloomFilterBit(ByteArray, Int) [function]
// -----------------------------------------------------------
rule getBloomFilterBit(X, I) => #asInteger(X [ I .. 2 ]) %Int 2048
Word Map
Most of EVM data is held in finite maps.
We are using the polymorphic Map
sort for these word maps.
WM [ N := WS ]
assigns a contiguous chunk of $WM$ to $WS$ starting at position $W$.#range(M, START, WIDTH)
reads off $WIDTH$ elements from $WM$ beginning at position $START$ (padding with zeros as needed).
```{.k .bytes} syntax Map ::= Map “[” Int “:=” ByteArray “]” [function, klabel(mapWriteBytes)] // ——————————————————————————- rule WM[ N := WS ] => WM [ N := WS, 0, #sizeByteArray(WS) ]
syntax Map ::= Map "[" Int ":=" ByteArray "," Int "," Int "]" [function] // ------------------------------------------------------------------------
rule WM [ N := WS, I, I ] => WM
rule WM [ N := WS, I, J ] => (WM[N <- WS[I]])[ N +Int 1 := WS, I +Int 1, J ] [owise]
syntax ByteArray ::= #range ( Map , Int , Int ) [function]
| #range ( Map , Int , Int , Int , ByteArray ) [function, klabel(#rangeAux)] // -----------------------------------------------------------------------------------------------
rule #range(WM, START, WIDTH) => #range(WM, START, 0, WIDTH, padLeftBytes(.Bytes, WIDTH, 0))
rule #range(WM, I, WIDTH, WIDTH, WS) => WS
rule #range(WM, I, J, WIDTH, WS) => #range(WM, I +Int 1, J +Int 1, WIDTH, WS [ J <- {WM[I] orDefault 0}:>Int ]) [owise] ```
```{.k .nobytes} syntax Map ::= Map “[” Int “:=” ByteArray “]” [function, functional] // ——————————————————————– rule [mapWriteBytes.base]: WM[ N := .WordStack ] => WM rule [mapWriteBytes.recursive]: WM[ N := W : WS ] => (WM[N <- W])[N +Int 1 := WS]
syntax ByteArray ::= #range ( Map , Int , Int ) [function, functional]
syntax ByteArray ::= #range ( Map , Int , Int , ByteArray ) [function, functional, klabel(#rangeAux)] // -----------------------------------------------------------------------------------------------------
rule [#range]: #range(WM, START, WIDTH) => #range(WM, START +Int WIDTH -Int 1, WIDTH, .WordStack)
rule [#rangeAux.base]: #range(WM, END, WIDTH, WS) => WS requires notBool WIDTH >Int 0
rule [#rangeAux.none]: #range(WM, END, WIDTH, WS) => #range(WM, END -Int 1, WIDTH -Int 1, 0 : WS) requires (WIDTH >Int 0) andBool notBool END in_keys(WM)
rule [#rangeAux.some]: #range(END |-> W WM, END, WIDTH, WS) => #range(WM, END -Int 1, WIDTH -Int 1, W : WS) requires (WIDTH >Int 0) ```
#removeZeros
removes any entries in a map with zero values.
syntax Map ::= #removeZeros ( Map ) [function]
| #removeZeros ( List , Map ) [function, klabel(#removeZerosAux)]
// ------------------------------------------------------------------------------
rule #removeZeros( M ) => #removeZeros(Set2List(keys(M)), M)
rule #removeZeros( .List, .Map ) => .Map
rule #removeZeros( ListItem(KEY) L, KEY |-> 0 REST ) => #removeZeros(L, REST)
rule #removeZeros( ListItem(KEY) L, KEY |-> VALUE REST ) => KEY |-> VALUE #removeZeros(L, REST) requires VALUE =/=K 0
#lookup
looks up a key in a map and returns 0 if the key doesn’t exist, otherwise returning its value.
syntax Int ::= #lookup ( Map , Int ) [function]
// -----------------------------------------------
rule [#lookup.some]: #lookup( (KEY |-> VAL) M, KEY ) => VAL
rule [#lookup.none]: #lookup( M, KEY ) => 0 requires notBool KEY in_keys(M)
Parsing/Unparsing
The EVM test-sets are represented in JSON format with hex-encoding of the data and programs. Here we provide some standard parser/unparser functions for that format.
Parsing
These parsers can interperet hex-encoded strings as Int
s, ByteArray
s, and Map
s.
#parseHexWord
interprets a string as a single hex-encodedWord
.#parseHexBytes
interprets a string as a hex-encoded stack of bytes.#alignHexString
makes sure that the length of a (hex)string is even.#parseByteStack
interprets a string as a hex-encoded stack of bytes, but makes sure to remove the leading “0x”.#parseByteStackRaw
casts a string as a stack of bytes, ignoring any encoding.#parseWordStack
interprets a JSON list as a stack ofWord
.#parseMap
interprets a JSON key/value object as a map fromWord
toWord
.#parseAddr
interprets a string as a 160 bit hex-endcoded address.
syntax Int ::= #parseHexWord ( String ) [function]
| #parseWord ( String ) [function]
// --------------------------------------------------
rule #parseHexWord("") => 0
rule #parseHexWord("0x") => 0
rule #parseHexWord(S) => String2Base(replaceAll(S, "0x", ""), 16) requires (S =/=String "") andBool (S =/=String "0x")
rule #parseWord("") => 0
rule #parseWord(S) => #parseHexWord(S) requires lengthString(S) >=Int 2 andBool substrString(S, 0, 2) ==String "0x"
rule #parseWord(S) => String2Int(S) [owise]
syntax String ::= #alignHexString ( String ) [function, functional]
// -------------------------------------------------------------------
rule #alignHexString(S) => S requires lengthString(S) modInt 2 ==Int 0
rule #alignHexString(S) => "0" +String S requires notBool lengthString(S) modInt 2 ==Int 0
```{.k .bytes} syntax ByteArray ::= #parseHexBytes ( String ) [function] | #parseHexBytesAux ( String ) [function] | #parseByteStack ( String ) [function, memo] | #parseByteStackRaw ( String ) [function] // ——————————————————————- rule #parseByteStack(S) => #parseHexBytes(replaceAll(S, “0x”, “”))
rule #parseHexBytes(S) => #parseHexBytesAux(#alignHexString(S))
rule #parseHexBytesAux("") => .ByteArray
rule #parseHexBytesAux(S) => Int2Bytes(1, String2Base(substrString(S, 0, 2), 16), BE) +Bytes #parseHexBytesAux(substrString(S, 2, lengthString(S)))
requires lengthString(S) >=Int 2
rule #parseByteStackRaw(S) => String2Bytes(S) ```
```{.k .nobytes} syntax ByteArray ::= #parseHexBytes ( String ) [function] | #parseHexBytesAux ( String ) [function] | #parseByteStack ( String ) [function] | #parseByteStackRaw ( String ) [function] // ————————————————————- rule #parseByteStack(S) => #parseHexBytes(replaceAll(S, “0x”, “”))
rule #parseHexBytes(S) => #parseHexBytesAux(#alignHexString(S))
rule #parseHexBytesAux("") => .WordStack
rule #parseHexBytesAux(S) => #parseHexWord(substrString(S, 0, 2)) : #parseHexBytesAux(substrString(S, 2, lengthString(S)))
requires lengthString(S) >=Int 2
rule #parseByteStackRaw(S) => ordChar(substrString(S, 0, 1)) : #parseByteStackRaw(substrString(S, 1, lengthString(S))) requires lengthString(S) >=Int 1
rule #parseByteStackRaw("") => .WordStack ```
syntax Map ::= #parseMap ( JSON ) [function]
// --------------------------------------------
rule #parseMap( { .JSONs } ) => .Map
rule #parseMap( { _ : (VALUE:String) , REST } ) => #parseMap({ REST }) requires #parseHexWord(VALUE) ==K 0
rule #parseMap( { KEY : (VALUE:String) , REST } ) => #parseMap({ REST }) [ #parseHexWord(KEY) <- #parseHexWord(VALUE) ] requires #parseHexWord(VALUE) =/=K 0
syntax Int ::= #parseAddr ( String ) [function]
// -----------------------------------------------
rule #parseAddr(S) => #addr(#parseHexWord(S))
Unparsing
We need to interperet a ByteArray
as a String
again so that we can call Keccak256
on it from KRYPTO
.
#unparseByteStack
turns a stack of bytes (as aByteArray
) into aString
.#padByte
ensures that theString
interperetation of aInt
is wide enough.
```{.k .bytes} syntax String ::= #unparseByteStack ( ByteArray ) [function, klabel(unparseByteStack), symbol] // ———————————————————————————————- rule #unparseByteStack(WS) => Bytes2String(WS)
```{.k .nobytes}
syntax String ::= #unparseByteStack ( ByteArray ) [function, klabel(unparseByteStack), symbol]
| #unparseByteStack ( ByteArray , StringBuffer ) [function, klabel(#unparseByteStackAux)]
// ---------------------------------------------------------------------------------------------------------
rule #unparseByteStack ( WS ) => #unparseByteStack(WS, .StringBuffer)
rule #unparseByteStack( .WordStack, BUFFER ) => StringBuffer2String(BUFFER)
rule #unparseByteStack( W : WS, BUFFER ) => #unparseByteStack(WS, BUFFER +String chrChar(W modInt (2 ^Int 8)))
syntax String ::= #padByte( String ) [function]
// -----------------------------------------------
rule #padByte( S ) => S requires lengthString(S) ==K 2
rule #padByte( S ) => "0" +String S requires lengthString(S) ==K 1
syntax String ::= #unparseQuantity( Int ) [function]
// ----------------------------------------------------
rule #unparseQuantity( I ) => "0x" +String Base2String(I, 16)
syntax String ::= #unparseData ( Int, Int ) [function]
| #unparseDataByteArray ( ByteArray ) [function]
// ----------------------------------------------------------------
rule #unparseData( DATA, LENGTH ) => #unparseDataByteArray(#padToWidth(LENGTH,#asByteStack(DATA)))
rule #unparseDataByteArray( DATA ) => replaceFirst(Base2String(#asInteger(#asByteStack(1) ++ DATA), 16), "1", "0x")
String Helper Functions
Hex2Raw
Takes a string of hex encoded bytes and converts it to a raw bytestringRaw2Hex
Takes a string of raw bytes and converts it to a hex representation
syntax String ::= Hex2Raw ( String ) [function]
| Raw2Hex ( String ) [function]
// -----------------------------------------------
rule Hex2Raw ( S ) => #unparseByteStack( #parseByteStack ( S ) )
rule Raw2Hex ( S ) => #unparseDataByteArray( #parseByteStackRaw ( S ) )
Recursive Length Prefix (RLP)
RLP encoding is used extensively for executing the blocks of a transaction. For details about RLP encoding, see the YellowPaper Appendix B.
Encoding
#rlpEncodeWord
RLP encodes a single EVM word.#rlpEncodeString
RLP encodes a singleString
.
syntax String ::= #rlpEncodeWord ( Int ) [function]
| #rlpEncodeBytes ( Int , Int ) [function]
| #rlpEncodeWordStack ( WordStack ) [function]
| #rlpEncodeString ( String ) [function]
| #rlpEncodeAccount ( Account ) [function]
// --------------------------------------------------------------
rule #rlpEncodeWord(0) => "\x80"
rule #rlpEncodeWord(WORD) => chrChar(WORD) requires WORD >Int 0 andBool WORD <Int 128
rule #rlpEncodeWord(WORD) => #rlpEncodeLength(#unparseByteStack(#asByteStack(WORD)), 128) requires WORD >=Int 128
rule #rlpEncodeBytes(WORD, LEN) => #rlpEncodeString(#unparseByteStack(#padToWidth(LEN, #asByteStack(WORD))))
rule #rlpEncodeWordStack(.WordStack) => ""
rule #rlpEncodeWordStack(W : WS) => #rlpEncodeWord(W) +String #rlpEncodeWordStack(WS)
rule #rlpEncodeString(STR) => STR requires lengthString(STR) ==Int 1 andBool ordChar(STR) <Int 128
rule #rlpEncodeString(STR) => #rlpEncodeLength(STR, 128) requires notBool ( lengthString(STR) ==Int 1 andBool ordChar(STR) <Int 128 )
rule #rlpEncodeAccount(.Account) => "\x80"
rule #rlpEncodeAccount(ACCT) => #rlpEncodeBytes(ACCT, 20) requires ACCT =/=K .Account
syntax String ::= #rlpEncodeLength ( String , Int ) [function]
| #rlpEncodeLength ( String , Int , String ) [function, klabel(#rlpEncodeLengthAux)]
// ----------------------------------------------------------------------------------------------------
rule #rlpEncodeLength(STR, OFFSET) => chrChar(lengthString(STR) +Int OFFSET) +String STR requires lengthString(STR) <Int 56
rule #rlpEncodeLength(STR, OFFSET) => #rlpEncodeLength(STR, OFFSET, #unparseByteStack(#asByteStack(lengthString(STR)))) requires notBool ( lengthString(STR) <Int 56 )
rule #rlpEncodeLength(STR, OFFSET, BL) => chrChar(lengthString(BL) +Int OFFSET +Int 55) +String BL +String STR
syntax String ::= #rlpEncodeMerkleTree ( MerkleTree ) [function]
// ----------------------------------------------------------------
rule #rlpEncodeMerkleTree ( .MerkleTree ) => "\x80"
rule #rlpEncodeMerkleTree ( MerkleLeaf ( PATH, VALUE ) )
=> #rlpEncodeLength( #rlpEncodeString( #asString( #HPEncode( PATH, 1 ) ) )
+String #rlpEncodeString( VALUE )
, 192
)
rule #rlpEncodeMerkleTree ( MerkleExtension ( PATH, TREE ) )
=> #rlpEncodeLength( #rlpEncodeString( #asString( #HPEncode( PATH, 0 ) ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( TREE ) )
, 192
)
rule #rlpEncodeMerkleTree ( MerkleBranch ( 0 |-> P0:MerkleTree 1 |-> P1:MerkleTree 2 |-> P2:MerkleTree 3 |-> P3:MerkleTree
4 |-> P4:MerkleTree 5 |-> P5:MerkleTree 6 |-> P6:MerkleTree 7 |-> P7:MerkleTree
8 |-> P8:MerkleTree 9 |-> P9:MerkleTree 10 |-> P10:MerkleTree 11 |-> P11:MerkleTree
12 |-> P12:MerkleTree 13 |-> P13:MerkleTree 14 |-> P14:MerkleTree 15 |-> P15:MerkleTree
, VALUE
)
)
=> #rlpEncodeLength( #rlpMerkleH( #rlpEncodeMerkleTree( P0 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P1 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P2 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P3 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P4 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P5 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P6 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P7 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P8 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P9 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P10 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P11 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P12 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P13 ) )
+String #rlpMerkleH( #rlpEncodeMerkleTree( P14 ) ) +String #rlpMerkleH( #rlpEncodeMerkleTree( P15 ) )
+String #rlpEncodeString( VALUE )
, 192
)
syntax String ::= #rlpMerkleH ( String ) [function,klabel(MerkleRLPAux)]
// ------------------------------------------------------------------------
rule #rlpMerkleH ( X ) => #rlpEncodeString( Hex2Raw( Keccak256( X ) ) )
requires lengthString(X) >=Int 32
rule #rlpMerkleH ( X ) => X
requires notBool lengthString(X) >=Int 32
Decoding
#rlpDecode
RLP decodes a singleString
into aJSON
.#rlpDecodeList
RLP decodes a singleString
into aJSONs
, interpereting the string as the RLP encoding of a list.
syntax JSON ::= #rlpDecode(String) [function]
| #rlpDecode(String, LengthPrefix) [function, klabel(#rlpDecodeAux)]
// ----------------------------------------------------------------------------------
rule #rlpDecode(STR) => #rlpDecode(STR, #decodeLengthPrefix(STR, 0))
rule #rlpDecode(STR, #str(LEN, POS)) => substrString(STR, POS, POS +Int LEN)
rule #rlpDecode(STR, #list(LEN, POS)) => [#rlpDecodeList(STR, POS)]
syntax JSONs ::= #rlpDecodeList(String, Int) [function]
| #rlpDecodeList(String, Int, LengthPrefix) [function, klabel(#rlpDecodeListAux)]
// ------------------------------------------------------------------------------------------------
rule #rlpDecodeList(STR, POS) => #rlpDecodeList(STR, POS, #decodeLengthPrefix(STR, POS)) requires POS <Int lengthString(STR)
rule #rlpDecodeList(STR, POS) => .JSONs [owise]
rule #rlpDecodeList(STR, POS, _:LengthPrefixType(L, P)) => #rlpDecode(substrString(STR, POS, L +Int P)) , #rlpDecodeList(STR, L +Int P)
syntax LengthPrefixType ::= "#str" | "#list"
syntax LengthPrefix ::= LengthPrefixType "(" Int "," Int ")"
| #decodeLengthPrefix ( String , Int ) [function]
| #decodeLengthPrefix ( String , Int , Int ) [function, klabel(#decodeLengthPrefixAux)]
| #decodeLengthPrefixLength ( LengthPrefixType , String , Int , Int ) [function]
| #decodeLengthPrefixLength ( LengthPrefixType , Int , Int , Int ) [function, klabel(#decodeLengthPrefixLengthAux)]
// --------------------------------------------------------------------------------------------------------------------------------------------
rule #decodeLengthPrefix(STR, START) => #decodeLengthPrefix(STR, START, ordChar(substrString(STR, START, START +Int 1)))
rule #decodeLengthPrefix(STR, START, B0) => #str(1, START) requires B0 <Int 128
rule #decodeLengthPrefix(STR, START, B0) => #str(B0 -Int 128, START +Int 1) requires B0 >=Int 128 andBool B0 <Int (128 +Int 56)
rule #decodeLengthPrefix(STR, START, B0) => #decodeLengthPrefixLength(#str, STR, START, B0) requires B0 >=Int (128 +Int 56) andBool B0 <Int 192
rule #decodeLengthPrefix(STR, START, B0) => #list(B0 -Int 192, START +Int 1) requires B0 >=Int 192 andBool B0 <Int 192 +Int 56
rule #decodeLengthPrefix(STR, START, B0) => #decodeLengthPrefixLength(#list, STR, START, B0) [owise]
rule #decodeLengthPrefixLength(#str, STR, START, B0) => #decodeLengthPrefixLength(#str, START, B0 -Int 128 -Int 56 +Int 1, #asWord(#parseByteStackRaw(substrString(STR, START +Int 1, START +Int 1 +Int (B0 -Int 128 -Int 56 +Int 1)))))
rule #decodeLengthPrefixLength(#list, STR, START, B0) => #decodeLengthPrefixLength(#list, START, B0 -Int 192 -Int 56 +Int 1, #asWord(#parseByteStackRaw(substrString(STR, START +Int 1, START +Int 1 +Int (B0 -Int 192 -Int 56 +Int 1)))))
rule #decodeLengthPrefixLength(TYPE, START, LL, L) => TYPE(L, START +Int 1 +Int LL)
Merkle Patricia Tree
- Appendix C and D from the Ethereum Yellow Paper
- https://github.com/ethereum/wiki/wiki/Patricia-Tree
syntax KItem ::= Int | MerkleTree // For testing purposes
syntax MerkleTree ::= MerkleBranch ( Map, String )
| MerkleExtension ( ByteArray, MerkleTree )
| MerkleLeaf ( ByteArray, String )
| ".MerkleTree"
| ".MerkleBranch" [function]
// -----------------------------------------------------------
rule .MerkleBranch
=> MerkleBranch ( 0 |-> .MerkleTree 1 |-> .MerkleTree 2 |-> .MerkleTree 3 |-> .MerkleTree
4 |-> .MerkleTree 5 |-> .MerkleTree 6 |-> .MerkleTree 7 |-> .MerkleTree
8 |-> .MerkleTree 9 |-> .MerkleTree 10 |-> .MerkleTree 11 |-> .MerkleTree
12 |-> .MerkleTree 13 |-> .MerkleTree 14 |-> .MerkleTree 15 |-> .MerkleTree
, ""
)
syntax MerkleTree ::= MerkleUpdate ( MerkleTree, String, String ) [function]
| MerkleUpdate ( MerkleTree, ByteArray, String ) [function,klabel(MerkleUpdateAux)]
// --------------------------------------------------------------------------------------------------------
rule MerkleUpdate ( TREE, S:String, VALUE ) => MerkleUpdate ( TREE, #nibbleize ( #parseByteStackRaw( S ) ), VALUE )
rule MerkleUpdate ( .MerkleTree, PATH:ByteArray, VALUE ) => MerkleLeaf ( PATH, VALUE )
rule MerkleUpdate ( MerkleLeaf ( LEAFPATH, _ ), PATH, VALUE )
=> MerkleLeaf( LEAFPATH, VALUE )
requires #asString( LEAFPATH ) ==String #asString( PATH )
rule MerkleUpdate ( MerkleLeaf ( LEAFPATH, LEAFVALUE ), PATH, VALUE )
=> MerkleUpdate ( MerkleUpdate ( .MerkleBranch, LEAFPATH, LEAFVALUE ), PATH, VALUE )
requires #sizeByteArray( LEAFPATH ) >Int 0
andBool #sizeByteArray( PATH ) >Int 0
andBool LEAFPATH[0] =/=Int PATH[0]
rule MerkleUpdate ( MerkleLeaf ( LEAFPATH, LEAFVALUE ), PATH, VALUE )
=> #merkleExtensionBuilder( .ByteArray, LEAFPATH, LEAFVALUE, PATH, VALUE ) [owise]
rule MerkleUpdate ( MerkleExtension ( EXTPATH, EXTTREE ), PATH, VALUE )
=> MerkleExtension ( EXTPATH, MerkleUpdate ( EXTTREE, .ByteArray, VALUE ) )
requires #asString( EXTPATH ) ==String #asString( PATH )
rule MerkleUpdate ( MerkleExtension ( EXTPATH, EXTTREE ), PATH, VALUE )
=> #merkleExtensionBrancher( MerkleUpdate( .MerkleBranch, PATH, VALUE ), EXTPATH, EXTTREE )
requires #sizeByteArray( EXTPATH ) >Int 0
andBool #sizeByteArray( PATH ) >Int 0
andBool EXTPATH[0] =/=Int PATH[0]
rule MerkleUpdate ( MerkleExtension ( EXTPATH, EXTTREE ), PATH, VALUE )
=> #merkleExtensionSplitter( .ByteArray, EXTPATH, EXTTREE, PATH, VALUE ) [owise]
rule MerkleUpdate ( MerkleBranch( M, _ ), PATH, VALUE )
=> MerkleBranch( M, VALUE )
requires #sizeByteArray( PATH ) ==Int 0
rule MerkleUpdate ( MerkleBranch( M, BRANCHVALUE ), PATH, VALUE )
=> #merkleBrancher ( M, BRANCHVALUE, PATH[0], PATH[1 .. #sizeByteArray(PATH) -Int 1], VALUE ) [owise]
MerkleUpdateMap
Takes a mapping ofByteArray |-> String
and generates a trie
syntax MerkleTree ::= MerkleUpdateMap ( MerkleTree , Map ) [function]
| MerkleUpdateMapAux ( MerkleTree , Map , List ) [function]
// -------------------------------------------------------------------------------
rule MerkleUpdateMap(TREE, MMAP) => MerkleUpdateMapAux(TREE, MMAP, keys_list(MMAP))
rule MerkleUpdateMapAux(TREE, _, .List ) => TREE
rule MerkleUpdateMapAux(TREE , MMAP, ListItem(KEY) REST)
=> MerkleUpdateMapAux(MerkleUpdate(TREE, #nibbleize(KEY), {MMAP[KEY]}:>String), MMAP, REST)
Merkle Tree Aux Functions
syntax ByteArray ::= #nibbleize ( ByteArray ) [function]
| #byteify ( ByteArray ) [function]
// --------------------------------------------------------
rule #nibbleize ( B ) => ( #asByteStack ( B [ 0 ] /Int 16 )[0 .. 1]
++ ( #asByteStack ( B [ 0 ] %Int 16 )[0 .. 1] )
) ++ #nibbleize ( B[1 .. #sizeByteArray(B) -Int 1] )
requires #sizeByteArray(B) >Int 0
rule #nibbleize ( B ) => .ByteArray
requires notBool #sizeByteArray(B) >Int 0
rule #byteify ( B ) => #asByteStack ( B[0] *Int 16 +Int B[1] )[0 .. 1]
++ #byteify ( B[2 .. #sizeByteArray(B) -Int 2] )
requires #sizeByteArray(B) >Int 0
rule #byteify ( B ) => .ByteArray
requires notBool #sizeByteArray(B) >Int 0
syntax ByteArray ::= #HPEncode ( ByteArray, Int ) [function]
// ------------------------------------------------------------
rule #HPEncode ( X, T ) => #asByteStack ( ( HPEncodeAux(T) +Int 1 ) *Int 16 +Int X[0] ) ++ #byteify( X[1 .. #sizeByteArray(X) -Int 1] )
requires #sizeByteArray(X) %Int 2 =/=Int 0
rule #HPEncode ( X, T ) => #asByteStack ( HPEncodeAux(T) *Int 16 )[0 .. 1] ++ #byteify( X )
requires notBool #sizeByteArray(X) %Int 2 =/=Int 0
syntax Int ::= HPEncodeAux ( Int ) [function]
// ---------------------------------------------
rule HPEncodeAux ( X ) => 0 requires X ==Int 0
rule HPEncodeAux ( X ) => 2 requires notBool X ==Int 0
syntax MerkleTree ::= #merkleBrancher ( Map, String, Int, ByteArray, String ) [function]
// ----------------------------------------------------------------------------------------
rule #merkleBrancher ( X |-> TREE M, BRANCHVALUE, X, PATH, VALUE )
=> MerkleBranch( M[X <- MerkleUpdate( TREE, PATH, VALUE )], BRANCHVALUE )
syntax MerkleTree ::= #merkleExtensionBuilder( ByteArray, ByteArray, String, ByteArray, String ) [function]
// -----------------------------------------------------------------------------------------------------------
rule #merkleExtensionBuilder( PATH, P1, V1, P2, V2 )
=> #merkleExtensionBuilder( PATH ++ ( #asByteStack( P1[0] )[0 .. 1] )
, P1[1 .. #sizeByteArray(P1) -Int 1], V1
, P2[1 .. #sizeByteArray(P2) -Int 1], V2
)
[owise]
rule #merkleExtensionBuilder( PATH, P1, V1, P2, V2 )
=> MerkleExtension( PATH, MerkleUpdate( MerkleUpdate( .MerkleBranch, P1, V1 ), P2, V2 ) )
requires #sizeByteArray(P1) >Int 0
andBool #sizeByteArray(P2) >Int 0
andBool P1[0] =/=Int P2[0]
rule #merkleExtensionBuilder( PATH, P1, V1, P2, V2 )
=> MerkleExtension( PATH, MerkleUpdate( MerkleUpdate( .MerkleBranch, P1, V1 ), P2, V2 ) )
requires #sizeByteArray(P1) ==Int 0
orBool #sizeByteArray(P2) ==Int 0
syntax MerkleTree ::= #merkleExtensionBrancher ( MerkleTree, ByteArray, MerkleTree ) [function]
| #merkleExtensionSplitter ( ByteArray, ByteArray, MerkleTree, ByteArray, String ) [function]
// -----------------------------------------------------------------------------------------------------------------
rule #merkleExtensionBrancher( MerkleBranch(M, VALUE), PATH, EXTTREE )
=> MerkleBranch( M[PATH[0] <- MerkleExtension( PATH[1 .. #sizeByteArray(PATH) -Int 1], EXTTREE )], VALUE )
rule #merkleExtensionSplitter( PATH, P1, TREE, P2, VALUE )
=> #merkleExtensionSplitter( PATH ++ ( #asByteStack( P1[0] )[0 .. 1] )
, P1[1 .. #sizeByteArray(P1) -Int 1], TREE
, P2[1 .. #sizeByteArray(P2) -Int 1], VALUE
)
[owise]
rule #merkleExtensionSplitter( PATH, P1, TREE, P2, VALUE )
=> MerkleExtension( PATH, #merkleExtensionBrancher( MerkleUpdate( .MerkleBranch, P2, VALUE ), P1, TREE ) )
requires #sizeByteArray(P1) >Int 0
andBool #sizeByteArray(P2) >Int 0
andBool P1[0] =/=Int P2[0]
rule #merkleExtensionSplitter( PATH, P1, TREE, P2, VALUE )
=> MerkleExtension( PATH, MerkleUpdate( TREE, P2, VALUE ) )
requires #sizeByteArray(P1) ==Int 0
rule #merkleExtensionSplitter( PATH, P1, TREE, P2, VALUE )
=> MerkleExtension( PATH, #merkleExtensionBrancher( MerkleUpdate( .MerkleBranch, P2, VALUE ), P1, TREE ) )
requires #sizeByteArray(P2) ==Int 0
Tree Root Helper Functions
Storage Root
syntax Map ::= #intMap2StorageMap( Map ) [function]
// ---------------------------------------------------
rule #intMap2StorageMap( .Map ) => .Map
rule #intMap2StorageMap( KEY |-> VAL M ) => #padToWidth( 32, #asByteStack( KEY ) ) |-> #rlpEncodeWord( VAL ) #intMap2StorageMap(M)
syntax MerkleTree ::= #storageRoot( Map ) [function]
// ----------------------------------------------------
rule #storageRoot( STORAGE ) => MerkleUpdateMap( .MerkleTree, #intMap2StorageMap( STORAGE ) )
State Root
syntax Map ::= "#precompiledContracts" [function]
// -------------------------------------------------
rule #precompiledContracts
=> #parseByteStackRaw( Hex2Raw( #unparseData( 1, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 2, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 3, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 4, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 5, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 6, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 7, 20 ) ) ) |-> #emptyContractRLP
#parseByteStackRaw( Hex2Raw( #unparseData( 8, 20 ) ) ) |-> #emptyContractRLP
syntax String ::= "#emptyContractRLP" [function]
// ------------------------------------------------
rule #emptyContractRLP => #rlpEncodeLength( #rlpEncodeWord(0)
+String #rlpEncodeWord(0)
+String #rlpEncodeString( Hex2Raw( Keccak256("\x80") ) )
+String #rlpEncodeString( Hex2Raw( Keccak256("") ) )
, 192
)
syntax AccountData ::= AcctData ( nonce: Int, balance: Int, store: Map, code: ByteArray )
// -----------------------------------------------------------------------------------------
syntax String ::= #rlpEncodeFullAccount( AccountData ) [function]
// ----------------------------------------------------------------------
rule #rlpEncodeFullAccount( AcctData( NONCE, BAL, STORAGE, CODE ) )
=> #rlpEncodeLength( #rlpEncodeWord(NONCE)
+String #rlpEncodeWord(BAL)
+String #rlpEncodeString( Hex2Raw( Keccak256( #rlpEncodeMerkleTree( #storageRoot( STORAGE ) ) ) ) )
+String #rlpEncodeString( Hex2Raw( Keccak256( #asString( CODE ) ) ) )
, 192
)
endmodule