https://github.com/FuelLabs/fuel-specs/blob/master/specs/vm/opcodes.md#call-call-contract

Ensure the following is properly implemented according to the specs:

A call frame is pushed at $sp. In addition to filling in the values of the call frame, the following registers are set:
...
4. $bal = $rD (forward coins)
5. $cgas = $rD or all available gas (forward gas)

In order to keep the serialized representation of the tx consistent with it's malleated state, set the receipt_root on the serialized form of the transaction as well. Keeping the serialized representation of the tx will allow it to be easily copied and reused for merkle hashing later on.

#93 (comment)

This line

The specs actually say that the overflow value should be placed into $of in the case of overflow, no simple a Boolean.

At the very least this needs to be done for add, subtract, multiply, divide, and mod. Pow can be left as-is.

According to the specs, the VM needs to modify the transaction in-memory to finalize output amounts for Change and Variable outputs.

After execution, the following is extracted:

1. The transaction in-memory on VM termination is used as the final transaction which is included in the block.

• Variable outputs need to be updated on the fly as VM execution progresses
• The free balances are only moved into change outputs at the very end of execution, once.

When a contract or script uses the revert opcode, the interpreter returns the program state as Revert(_). However, the script result receipt returns as successful (0 / RESERV00).

The expected behavior would be that the script result would return the RVRT in the instruction result and use PanicReason::Revert.

The docs for panic reason say:

/// Panic reason representation for the interpreter.
pub enum PanicReason {
    /// Found `RVRT` instruction.
    Revert = 0x01,

However, when I run a script that reverts, the panic reason is returned as RESERV00.

repro:

#[test]
fn revert_returns_value() {
    let script = vec![Opcode::RVRT(REG_ONE)];
    let result = TestBuilder::new(2322).script(script).execute();
    eprintln!("{:#?}", result);
}

Currently the error structure is centralized into InterpreterError::Opcode(op) to facilitate the development process and debug.

However, the error structure should be improved to contain the ID of the current contract, runtime information such as $pc, the current opcode, the involved registers and some stack trace data

Implement a new feature optimized to shield all unsafe usage.

When this feature is on, unsafe is allowed

When this feature is off, we should introduce forbid_unsafe in the root of the library:
src/lib.rs: #![cfg_attr(not(feature = "optimized"), forbid(unsafe_code))]

This means that all functions that use unsafe will have to be reimplemented with their safer (and potentially slower) counterparts

This line should throw some overflow error instead of insufficient balance I think.

It looks like we currently only set the receipts root in post script execution. The desired behaviour is probably to update that value before then so that contract methods can get it given what receipts have been generated so far.

This is needed to implement the L1 <=> L2 Bridge, specifically for the L2ERC20Gateway contract, but most likely in more places as well.
cc @vlopes11

This was originally surfaced by FuelLabs/sway#135 when testing contract calls.

The two transactions below describe a contract deployment and then calling that contract (to the address provided by the seed in both the VM testing and Sway's test suite). While the contract is successfully located, it is found to have a program of all null bytes, resulting in Undefined opcode errors.

Contract deploy bytes:

[0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 0, 0, 0, 39, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 95, 241, 169, 232, 11, 103, 33, 18, 196, 97, 138, 125, 107, 66, 162, 19, 18, 18, 63, 44, 175, 173, 97, 21, 67, 224, 38, 93, 137, 241, 194, 182, 0, 0, 0, 0, 0, 0, 0, 5, 161, 61, 115, 13, 198, 248, 9, 193, 241, 242, 212, 52, 230, 24, 126, 237, 15, 87, 50, 233, 32, 190, 40, 39, 252, 222, 86, 15, 152, 198, 140, 204, 0, 0, 0, 0, 0, 0, 0, 12, 92, 0, 0, 0, 240, 0, 0, 0, 52, 64, 0, 0, 0, 0, 0, 0]

Contract call bytes:

[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 0, 0, 0, 39, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 212, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 50, 0, 0, 4, 240, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 92, 67, 184, 192, 1, 16, 186, 227, 0, 67, 66, 224, 13, 16, 65, 3, 0, 67, 70, 224, 4, 67, 74, 224, 5, 67, 78, 224, 6, 67, 82, 224, 7, 31, 85, 0, 0, 67, 66, 224, 14, 16, 65, 3, 0, 31, 88, 80, 0, 64, 0, 0, 48, 67, 94, 224, 12, 71, 89, 5, 192, 74, 89, 16, 4, 74, 89, 32, 5, 83, 89, 69, 83, 52, 64, 0, 0, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 0, 0, 0, 0, 253, 49, 221, 178, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 161, 61, 115, 13, 198, 248, 9, 193, 241, 242, 212, 52, 230, 24, 126, 237, 15, 87, 50, 233, 32, 190, 40, 39, 252, 222, 86, 15, 152, 198, 140, 204, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 92, 0, 0, 0, 0, 0, 0, 0, 156, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 161, 61, 115, 13, 198, 248, 9, 193, 241, 242, 212, 52, 230, 24, 126, 237, 15, 87, 50, 233, 32, 190, 40, 39, 252, 222, 86, 15, 152, 198, 140, 204, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

Apply the changes proposed in FuelLabs/fuel-specs#249

Right now, WORD_SIZE is being redefined in many places [0] and these definitions aren't pub, forcing external dependencies to redefine the same const. The origin of this discussion happened here FuelLabs/fuels-rs#9 (comment).

At some point, we should put this const definition in a single place and make it pub.

[0]:

1. https://github.com/FuelLabs/fuel-vm/blob/master/src/interpreter/blockchain.rs#L11
2. https://github.com/FuelLabs/fuel-vm/blob/master/src/call.rs#L10
3. https://github.com/FuelLabs/fuel-vm/blob/master/src/interpreter/initialization.rs#L15
4. https://github.com/FuelLabs/fuel-vm/blob/master/src/interpreter/internal.rs#L13
5. https://github.com/FuelLabs/fuel-vm/blob/master/src/interpreter/executors/instruction.rs#L14

This will be more useful when source mapping is available in Sway.

In the Call receipt when running a script, the id seems to be the same as to. However, according to the specs, id/from should be the callee, in the case of a script 0x0000....

Currently we have several match patterns for every opcode that is executed.

We should perform only one match, and that is for the opcode identifier. The remainder opcode data must be parsed by default and used when applicable.

Implement the MCPI opcode added as of: FuelLabs/fuel-asm#21

Specs: https://github.com/FuelLabs/fuel-specs/blob/master/specs/vm/opcodes.md#mcpi-memory-copy-immediate

Implement LDC opcode

Steps

1. Implement a new function load_contract_code in src/interpreter/blockchain.rs
2. This function should return an error if $ssp + $rC > $hp || $rA + Bytes32::LEN > VM_MAX_RAM || $rC > cmp::min(CONTRACT_MAX_SIZE, MEM_MAX_ACCESS_SIZE) || $ssp != $sp
   1. $ra is obtained via self.registers[ra]. ra is guaranteed to fit self.registers due to the opcode structure
   2. $ssp, $sp and $hp are obtained via self.registers[REG_SSP | REG_SP | REG_HP]
3. Fetch the contract ID from $rA
   1. To fetch the contract ID from memory, a similar code to blockchain.rs should be used - but using rA instead
4. Check if id is in tx.inputs
   1. An iterator over the contract IDs in the transaction inputs can be obtained via self.tx.input_contracts()
5. Fetch the contract code from the storage
   1. To fetch the contract code, Interpreter::contract should be used - as in frame.rs
6. Calculate the word aligned padded len based on $rC
   1. Use fuel_types::bytes::padded_len
7. Fetch the code contract.as_ref()[$rb..$rb + len]
   1. Should be zeroes if the padded len is bigger than the contract length code.as_ref().len()
8. Increment the frame code size by len defined in memory
   1. Memory: self.memory[$fp + ContractId::LEN + Color::LEN + WORD_SIZE * VM_REGISTER_COUNT, WORD_SIZE]
9. Push the contract code to the stack
   1. Check Interpreter::push_stack
10. Increment the stack pointer $sp += len
11. Optionally, append the copied code to self.frame.last.code
12. Implement the call to this function in the opcodes execution

Using criterion or similar frameworks, implement some basic benchmarks for fuel-vm.

Some benchmark ideas:

• script tx with only predicates
• script tx calling a contract
• script tx with nested contract calls
• create tx with a simple contract
• create tx with storage slots + a contract

The current instruction executors are duplicating code because the implementation is split into one storage backend that supports contract instructions and the other that won't

One alternative is to use macros to avoid code duplication, but this compromises code debug since macros are usually not expanded in IDEs.

Other option is to create a single function that will match for regular instructions, and branch for contract opcodes to check the context of the execution. This is not desirable too because it would increase the computation cost of the entirety of the execution.

We need to analyze the rationale of these options and come with the best solution for this tech-debt.

Given the following contract, the example test is passing. It should not be, as the assembly block which calls gm should return true in this case.

As noted by @adlerjohn on slack:

If used from a contract that was called directly from a script, then
Set $rA to true if parent is an external context, false otherwise.

ref: https://github.com/FuelLabs/fuel-specs/blob/master/specs/vm/opcodes.md#gm-get-metadata

Contract

contract;

abi AuthTesting {
    fn is_caller_external(gas_: u64, amount_: u64, color_: b256, value: bool) -> bool;
}

impl AuthTesting for Contract {
    fn is_caller_external(gas_: u64, amount_: u64, color_: b256, value: bool) -> bool {
        asm(r1) {
            gm r1 i1;
            r1: bool
        }
    }
}

Test:

#[tokio::test]
async fn is_external_from_sdk() {
    abigen!(AuthContract, "test_artifacts/auth_testing_contract/src/abi-output.json");
    let salt = Salt::from([0u8; 32]);
    let compiled = Contract::compile_sway_contract("test_artifacts/auth_testing_contract", salt).unwrap();
    let (client, auth_id) = Contract::launch_and_deploy(&compiled).await.unwrap();
    let auth_instance = AuthContract::new(compiled, client);

    let result = auth_instance
        .is_caller_external(true)
        .call()
        .await
        .unwrap();

    assert_eq!(result.value, false);
}

Now that FuelLabs/fuel-specs#211 is in, the VM should implement the GM instruction to unblock authentication.

Currently, CI does not run a cargo test with serde feature. There might be problems that CI is presently not catching.

Originally posted by @kayagokalp in #115 (comment)

The debugger currently has only a few parameters: breakpoints and single stepping. When it gains more, builder pattern should be used for constructing it.

We are to use words as pairs of encoded instructions.

However, jump instructions are half-word. And we also might interrupt a program (e.g. debug) in a half-word

This means that incrementing by word might lead to invalid memory access in case the code is in the memory boundary.

We need to have a test case covering that - and, if applicable, fix the code so no panic occur.

Update contract id calculation based on initialized storage slots using SMT as per FuelLabs/fuel-specs#276

Blocked by: FuelLabs/fuel-tx#74

related to FuelLabs/fuel-specs#335

With EXP/EXPI, we currently set the result register to the wrapped value rust returns from overflowing_pow. We should set the result to zero instead.

serde implementation for the error type is currently not working. It should be included, but serde isn't implemented for std::io::Error - therefore, some research to find an optimal solution will be required.

The broken serde implementation for the error type was removed in #115

When creating a new block or when importing a block from the network we need to have the ability to execute all transactions in some temporary state. Check if outputs/storages/hashes/merkletriees matches what is given, or in case of a new block, they need to be created. And then apply that temporary state to the database, or for new block send it to consensus for signing.

Maybe call it SubState? (name pending)

SubState should have its own changed state and in case if a state item (Storage/utxo) is not found it should have the ability to fetch it from DB.
It should probably contain the malleable list of executed transactions.

Downstream crates, such as fuels-rs started to rely on cryptographic functions that live under fuel-vm such as secp256k1_sign_compact_recoverable() and secp256k1_sign_compact_recover() in scr/crypto.rs.

Since they're not exclusive to the FuelVM and will be used in other places, to avoid (1) implementation of cryptographic functions and (2) depending on the FuelVM for those, we should extract these and other cryptographic-related functions into another, lighter weight crate.

Currently the VM performs several validity checks on a transaction in the init/run methods. This includes things like:

• Checking the input vs output amounts
• Verifying predicates (currently only done for create txs)
• Verifying contract outputs have corresponding inputs

Along with many other checks. Since these are internalized to the VM, the only way for the client to perform all these internal validations is to dry-run each tx. While feasible, it may be better if VM provided an interface for purely validating txs, which could be reused in many places such as both tx pool submission or block execution. This would make it easier to prevent blocks with invalid / unspendable utxos from ever being constructed.

We have a in-memory implementation of the binary merkle tree in

To avoid code duplication, its better to consume the fuel-merkle implementation when a memory backend for cheap trees is available.

For that, we either use fuel-merkle itself as a dependency of fuel-vm, or a dedicated repo.

The consumers of fuel-vm use tracing as log mechanism

We should add tracing with DEBUG and TRACE levels to track the VM execution

Use the following criteria:

• after any mutation, log with debug
• upon any request, log with trace

Implement the new jnzi introduced in FuelLabs/fuel-specs#306

Perform predicate verification for:

1. Create Transactions
2. Script Transactions

Ensure predicates can be validated without running the entire transaction.

• ensure predicate execution doesn't consume gas
• reset registers between predicates
• ensure PC doesn't jump backward or outside of predicate code

The heap and ALOC haven't been used at all in the Sway compiler or runtime until recently and I've noticed what I think is a slight incongruity in the way $hp is treated.

This is assuming what I think is the case (by testing the VM via Sway/ASM and by looking briefly at memory.rs) that $hp holds the address of the last available byte not in the heap, or the end of the memory between the stack and heap.

It is initialised to VM_MAX_RAM - 1 which asserts this idea. And in my experience if you try to read from $hp you'll get a memory overflow panic. Reading from $hp + 1 is fine (provided it's below VM_MAX_RAM).

This is a bit weird. I think $hp should point to the first byte in the allocated heap. It should therefore be initialised to VM_MAX_RAM -- I've suggested as much in FuelLabs/fuel-specs#322.

Then the use of $sp & CFEI/CFSI and $hp & ALOC would be symmetric, just in different directions.

To allocate 16 bytes on the stack, result in r0:

move r0 sp
cfei 16

To allocate r1 bytes on the heap, result in r0 currently:

aloc r1
addi r0 hp 1  ; Weird. :)

To allocate r1 bytes on the heap, result in r0 after proposed adjustment:

aloc r1
move r0 hp

After writing all this down and reading back I know it's a pretty subtle difference and not exactly high priority, but when coming across this behaviour initially I was really confused. Using an inclusive range for free memory isn't usually how it's done -- usually end will point to the first invalid item rather than the last valid one.

Per instruction gas usage profiling.

• Enabled using a feature flag
• Can be used with source mapping to profile original source code
• Attempt to use standard formats for output, maybe perf or pprof
  • https://github.com/flamegraph-rs/flamegraph

While trying to use the sll opcode, I'm seeing output that doesn't match my expectations.
For my use case, I want to use the sll opcode, and recover any overflow value placed in $of. To do so I've created a function shift_left_with_overflow() which returns both the shifted value and the value of the $of register from an asm block.
The following example script can be run to observe what is currently happening, and the flags can be modified to test different behaviour.
My assumption was that using the flag 2 opcode would allow the overflow to be placed in $of rather than causing a VM panic, but atm it seems that this logic is not yet implemented (meaning overflows never cause panics, the overflow is sometimes places in $of, and the shifted value sometimes demonstrates wrapping.

Note: I've not tested srl but it will be simple to do so by modifying the shift opcode in the asm block.

script;

use std::assert::assert;
use std::chain::log_u64;

const FLAG= 2;

pub fn shift_left_with_overflow(word: u64, shift_amount: u64) -> (u64, u64) {
    let mut output = (0, 0);
    let (shifted, overflow) = asm(out: output, r1: word, r2: shift_amount, r3, r4: FLAG) {
       flag r4;        // set the flag to allow overflow without panic
       sll r3 r1 r2;   // shift 'word' left 'shift_amount' and put result in r3
       sw out r3 i0;   // store the word at r4 in output + 0 bytes
       sw out of i1;   // store the word at r4 in output + 0 bytes
       out: (u64, u64) // return both values
    };

    (shifted, overflow)
}


fn main() -> bool {

    let max_u64 = 18_446_744_073_709_551_615;

    let (shifted, overflow) = shift_left_with_overflow(1, 1);
    // log_u64(shifted);
    // log_u64(overflow);
    assert(shifted == 2);
    assert(overflow == 0);

    let (shifted_2, overflow_2) = shift_left_with_overflow(max_u64, 1);
    assert(shifted_2 == max_u64 - 1);
    assert(overflow_2 == 0); // I would expect this to be 1 !?

    let (shifted_3, overflow_3) = shift_left_with_overflow(1, 63);
    assert(shifted_3 == 9223372036854775808); // (1*2^63)
    assert(overflow_3 == 0);

    let (shifted_4, overflow_4) = shift_left_with_overflow(1, 64);
    assert(shifted_4 == 1); // I would expect this to be 0 !?
    assert(overflow_4 == 1);

    let (shifted_5, overflow_5) = shift_left_with_overflow(9223372036854775808, 1);
    assert(shifted_5 == 0);
    assert(overflow_5 == 0); // I would expect this to be 1 !?

    true // currently returning true
}

cargo fmt was not running in test targets, so there may be a lot of formatting issues to fix.

The UX around a failing contract call is rough. The same error, Failed to execute opcode CALL(...), is thrown in all of the following cases:

1. not enough gas forwarded
2. too much gas forwarded
3. Contract not in TX inputs
4. Contract in inputs not in TX outputs
5. probably more things

Would it be possible for the log message to tell the user a bit more about what went wrong?

Apply the changes in FuelLabs/fuel-specs#251

In some transactions that revert, there are two Revert receipts sent back by the VM. A repro is available here:
https://github.com/FuelLabs/fuels-rs/tree/vnepveu/repro-two-revert-receipts.

Nit: shouldn't this be called something like collision instead of overflow?

Originally posted by @adlerjohn in #17 (comment)

Fuel-core needs a way to easily extract and store the amount of gas actually consumed by executing a transaction. While this may be available in a register, it would be helpful if it was included in the returned StateTransitionRef or some other more direct way.

According to the specs, forwarding excess gas should result in all remaining gas being forwarded, not an error.

The gas charge function is designed in a way to make it possible to use constants for most of opcodes that charge gas based on constants, and use callbacks for opcodes with variable gas cost (example: ALOC).

The execute function must be refactored to reduce the match count to one and then benefit of constant gas cost calculation.

Replace usages of VmValidationError with corresponding fuel-tx variants. This is reliant on FuelLabs/fuel-tx#94 being released.

There is a tx builder in fuel-vm, which has been largely superseded by the one provided by fuel-tx. Remove the fuel-vm version and standardize around the fuel-tx tx builder.

Depends on FuelLabs/fuel-tx#84