# EVM Object Format v1
### [EIP-3540](https://eips.ethereum.org/EIPS/eip-3540)
---
## Introduction
Current EVM executes whatever bytes thrown at it
**EOF** adds structure and restrictions to EVM bytecode
---
## (Main) Motivation
1. `JUMPDEST` analysis prior to execution
- can be cached
- BUT not for _initcode_
2. On-chain code analysis
- Code - data separation
- Optimism
3. Other benefits (more later)
- Subroutines
- Code versioning
- Multi-byte opcodes
---
## EOF Prefix
1. Differentiate EOF bytecode from _legacy_ bytecode
2. Provides code versioning
3. Guaranteed to be valid
---
## EOF Prefix
| description | length | value | |
|-------------|-----------|-------|--------------------------------|
| `FORMAT` | 1-byte | 0xEF | |
| magic | n-byte(s) | TBD | n >= 0 (zero in the best case) |
| version | 1-byte | 0x01 | means EOF1 |
---
## EOF Validation
#### Guarantees that all deployed EOF code is valid
##### Rules depend on the EOF version
----
## Validation affects contract creation
```graphviz
digraph ContractCreationWorkflowHF2 {
node [color=gray]
CREATE_EOF1 [label="create"]
{
rank=same; ABORT; DEPLOY
}
subgraph HF2 {
node [color=steelblue]
rank=same
validate_EOF1_initcode [shape=diamond; label="validate"]
execute_EOF1 [shape=diamond; label="execute"]
validate_EOF1_code [shape=diamond; label="validate"]
}
CREATE_EOF1 -> validate_EOF1_initcode [label="initcode"]
validate_EOF1_initcode -> execute_EOF1 [label="valid"]
validate_EOF1_initcode -> ABORT [label="invalid"]
execute_EOF1 -> validate_EOF1_code [label="code"]
execute_EOF1 -> ABORT [label="failure"]
validate_EOF1_code -> DEPLOY [label="valid"]
validate_EOF1_code -> ABORT [label="invalid"]
}
```
---
#### What if invalid EOF bytecode is deployed<br>before EOF rules are activated?
---
## Two HF required
### HF1
### After HF1
### HF2
----
## Two HF required
### HF1
- [EIP-3541](https://eips.ethereum.org/EIPS/eip-3541)
- Simple
- Forbids deploying code staring with `0xEF`
- To be activated in London HF (summer 2021)
### After HF1
### HF2
----
## Two HF required
### HF1
### After HF1
- Search space is freezed by HF1
- including testnets
- Pick magic bytes for EOF Prefix
### HF2
----
## Two HF required
### HF1
### After HF1
### HF2
- Activate EOF1
---
# EOF1: code and data separation
---
## EOF1 spec
1. EOF prefix with version 1 🥱
2. Section headers
3. Sections
---
## EOF1 spec:<br>section headers
| description | length | |
|--------------|---------|-----------------------------------|
| section_kind | 1-byte | 8-bit unsigned number |
| section_size | 2-bytes | 16-bit unsigned BE number |
---
## EOF1 spec:<br>section kinds
| section_kind | meaning |
|--------------|------------|
| 0 | terminator |
| 1 | code |
| 2 | data |
---
## EOF1 validation rules
1. `section_size` MUST NOT be 0.
2. Exactly one code section MUST be present.
3. The code section MUST be the first section.
4. A single data section MAY follow the code section.
5. Stray bytes outside of sections MUST NOT be present.
6. Any other version is invalid.
---
## EOF1 spec:<br>format summary
```
format,
magic,
version,
(section_kind, section_size)+,
0,
<section contents>
```
---
## EVM execution changes — definitions
- *container* — complete account code
- *code* — contents of the code section only
---
## EVM execution changes
1. `JUMPDEST` analysis only run on the *code*
2. Execution starts at the first byte of the *code* (e.g. `PC=10`)
3. Execution aborts if `PC` goes outside of the code section bounds
4. Other instructions are unchanged (details below)
----
## EVM execution changes — more details
5. `PC` returns position within the *container*
6. `JUMP`/`JUMPI` uses an absolute offset within the *container*
7. `CODECOPY`/`CODESIZE`/`EXTCODECOPY`/`EXTCODESIZE`/`EXTCODEHASH` keeps operating on the entire *container*
8. Input to `CREATE`/`CREATE2` is still the entire *container*
---
## Implementers' notes
- [geth's implementation](https://github.com/ethereum/go-ethereum/pull/22958)
- [evmone's implementation](https://github.com/ethereum/evmone/pull/334)
---
## Potential future EOF uses (1/2)
- Valid `JUMPDEST`-table included
- Introduce static jumps and jump tables
- Require code section terminated with `STOP`
<small>(speed up of ~7% seen in [evmone](https://github.com/ethereum/evmone/pull/295))</small>
- Multi-byte opcodes without workarounds
- EVM functions/subroutines
---
## Potential future EOF uses (2/2)
- Specific section for the [EIP-2938 Account Abstraction](https://eips.ethereum.org/EIPS/eip-2938) "top-level AA execution frame"
- Easier deprecation of existing EVM instructions (e.g. `SELFDESTRUCT`)
- Tooling (compilers/frameworks/analyzers)
- Overhauled control flow (static relative jumps and no jumpdests)
---
# END.
{"title":"Ethereum Object Format v1","tags":"presentation","slideOptions":{"theme":"beige"}}