# EVM Object Format v1 ### [EIP-3540](https://eips.ethereum.org/EIPS/eip-3540) --- ## Introduction Current EVM executes whatever bytes thrown at it **EOF** adds structure and restrictions to EVM bytecode --- ## (Main) Motivation 1. `JUMPDEST` analysis prior to execution - can be cached - BUT not for _initcode_ 2. On-chain code analysis - Code - data separation - Optimism 3. Other benefits (more later) - Subroutines - Code versioning - Multi-byte opcodes --- ## EOF Prefix 1. Differentiate EOF bytecode from _legacy_ bytecode 2. Provides code versioning 3. Guaranteed to be valid --- ## EOF Prefix | description | length | value | | |-------------|-----------|-------|--------------------------------| | `FORMAT` | 1-byte | 0xEF | | | magic | n-byte(s) | TBD | n >= 0 (zero in the best case) | | version | 1-byte | 0x01 | means EOF1 | --- ## EOF Validation #### Guarantees that all deployed EOF code is valid ##### Rules depend on the EOF version ---- ## Validation affects contract creation ```graphviz digraph ContractCreationWorkflowHF2 { node [color=gray] CREATE_EOF1 [label="create"] { rank=same; ABORT; DEPLOY } subgraph HF2 { node [color=steelblue] rank=same validate_EOF1_initcode [shape=diamond; label="validate"] execute_EOF1 [shape=diamond; label="execute"] validate_EOF1_code [shape=diamond; label="validate"] } CREATE_EOF1 -> validate_EOF1_initcode [label="initcode"] validate_EOF1_initcode -> execute_EOF1 [label="valid"] validate_EOF1_initcode -> ABORT [label="invalid"] execute_EOF1 -> validate_EOF1_code [label="code"] execute_EOF1 -> ABORT [label="failure"] validate_EOF1_code -> DEPLOY [label="valid"] validate_EOF1_code -> ABORT [label="invalid"] } ``` --- #### What if invalid EOF bytecode is deployed<br>before EOF rules are activated? --- ## Two HF required ### HF1 ### After HF1 ### HF2 ---- ## Two HF required ### HF1 - [EIP-3541](https://eips.ethereum.org/EIPS/eip-3541) - Simple - Forbids deploying code staring with `0xEF` - To be activated in London HF (summer 2021) ### After HF1 ### HF2 ---- ## Two HF required ### HF1 ### After HF1 - Search space is freezed by HF1 - including testnets - Pick magic bytes for EOF Prefix ### HF2 ---- ## Two HF required ### HF1 ### After HF1 ### HF2 - Activate EOF1 --- # EOF1: code and data separation --- ## EOF1 spec 1. EOF prefix with version 1 🥱 2. Section headers 3. Sections --- ## EOF1 spec:<br>section headers | description | length | | |--------------|---------|-----------------------------------| | section_kind | 1-byte | 8-bit unsigned number | | section_size | 2-bytes | 16-bit unsigned BE number | --- ## EOF1 spec:<br>section kinds | section_kind | meaning | |--------------|------------| | 0 | terminator | | 1 | code | | 2 | data | --- ## EOF1 validation rules 1. `section_size` MUST NOT be 0. 2. Exactly one code section MUST be present. 3. The code section MUST be the first section. 4. A single data section MAY follow the code section. 5. Stray bytes outside of sections MUST NOT be present. 6. Any other version is invalid. --- ## EOF1 spec:<br>format summary ``` format, magic, version, (section_kind, section_size)+, 0, <section contents> ``` --- ## EVM execution changes — definitions - *container* — complete account code - *code* — contents of the code section only --- ## EVM execution changes 1. `JUMPDEST` analysis only run on the *code* 2. Execution starts at the first byte of the *code* (e.g. `PC=10`) 3. Execution aborts if `PC` goes outside of the code section bounds 4. Other instructions are unchanged (details below) ---- ## EVM execution changes — more details 5. `PC` returns position within the *container* 6. `JUMP`/`JUMPI` uses an absolute offset within the *container* 7. `CODECOPY`/`CODESIZE`/`EXTCODECOPY`/`EXTCODESIZE`/`EXTCODEHASH` keeps operating on the entire *container* 8. Input to `CREATE`/`CREATE2` is still the entire *container* --- ## Implementers' notes - [geth's implementation](https://github.com/ethereum/go-ethereum/pull/22958) - [evmone's implementation](https://github.com/ethereum/evmone/pull/334) --- ## Potential future EOF uses (1/2) - Valid `JUMPDEST`-table included - Introduce static jumps and jump tables - Require code section terminated with `STOP` <small>(speed up of ~7% seen in [evmone](https://github.com/ethereum/evmone/pull/295))</small> - Multi-byte opcodes without workarounds - EVM functions/subroutines --- ## Potential future EOF uses (2/2) - Specific section for the [EIP-2938 Account Abstraction](https://eips.ethereum.org/EIPS/eip-2938) "top-level AA execution frame" - Easier deprecation of existing EVM instructions (e.g. `SELFDESTRUCT`) - Tooling (compilers/frameworks/analyzers) - Overhauled control flow (static relative jumps and no jumpdests) --- # END.
{"title":"Ethereum Object Format v1","tags":"presentation","slideOptions":{"theme":"beige"}}
    9607 views
   owned this note