1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
use super::prelude::*;
use super::utils::USIZE_MAX;
use crate::{ExitError, ExitFatal};
use core::cmp::min;
use core::ops::{BitAnd, Not};
use primitive_types::{H256, U256};
/// A sequential memory. It uses Rust's `Vec` for internal
/// representation.
#[derive(Clone, Debug)]
pub struct Memory {
/// Memory data
data: Vec<u8>,
/// Memory effective length, that changed after resize operations.
effective_len: usize,
/// Memory limit
limit: usize,
}
impl Memory {
/// Create a new memory with the given limit.
#[must_use]
pub const fn new(limit: usize) -> Self {
Self {
data: Vec::new(),
effective_len: 0,
limit,
}
}
/// Memory limit.
#[must_use]
pub const fn limit(&self) -> usize {
self.limit
}
/// Get the length of the current memory range.
#[must_use]
// TODO: rust-v1.87 - const fn
#[allow(clippy::missing_const_for_fn)]
pub fn len(&self) -> usize {
self.data.len()
}
/// Get the effective length.
#[must_use]
pub const fn effective_len(&self) -> usize {
self.effective_len
}
/// Return true if current effective memory range is zero.
#[must_use]
// TODO: rust-v1.87 - const fn
#[allow(clippy::missing_const_for_fn)]
pub fn is_empty(&self) -> bool {
self.len() == 0
}
/// Return the full memory.
#[must_use]
pub const fn data(&self) -> &Vec<u8> {
&self.data
}
/// Resize the memory, making it cover the memory region of `offset..offset + len`,
/// with 32 bytes as the step. If the length is zero, this function does nothing.
///
/// # Errors
/// Return `ExitError::InvalidRange` if `offset + len` is overflow.
pub fn resize_offset(&mut self, offset: usize, len: usize) -> Result<(), ExitError> {
if len == 0 {
return Ok(());
}
offset
.checked_add(len)
.map_or(Err(ExitError::InvalidRange), |end| self.resize_end(end))
}
/// Resize the memory, making it cover to `end`, with 32 bytes as the step.
///
/// # Errors
/// Return `ExitError::InvalidRange` if `end` value is overflow in `next_multiple_of_32` call.
pub fn resize_end(&mut self, end: usize) -> Result<(), ExitError> {
if end > self.effective_len {
let new_end = next_multiple_of_32(end).ok_or(ExitError::InvalidRange)?;
self.effective_len = new_end;
}
Ok(())
}
/// Get memory region at given offset.
///
/// ## Panics
///
/// Value of `size` is considered trusted. If they're too large,
/// the program can run out of memory, or it can overflow.
#[must_use]
pub fn get(&self, mut offset: usize, size: usize) -> Vec<u8> {
if offset > self.data.len() {
offset = self.data.len();
}
let mut end = offset + size;
if end > self.data.len() {
end = self.data.len();
}
let mut ret = self.data[offset..end].to_vec();
ret.resize(size, 0);
ret
}
/// Get `H256` value from a specific offset in memory.
#[must_use]
pub fn get_h256(&self, offset: usize) -> H256 {
let mut ret = [0; 32];
let data_len = self.data.len();
if offset >= data_len {
return H256(ret);
}
let available_bytes = data_len - offset;
let count = 32.min(available_bytes);
ret[..count].copy_from_slice(&self.data[offset..offset + count]);
H256(ret)
}
/// Set memory region at given offset. The offset and value is considered
/// untrusted.
///
/// # Errors
/// Return `ExitFatal::NotSupported` if `offset + target_size` is out of memory limit or overflow.
pub fn set(
&mut self,
offset: usize,
value: &[u8],
target_size: usize,
) -> Result<(), ExitFatal> {
if target_size == 0 {
return Ok(());
}
let end_offset = match offset.checked_add(target_size) {
Some(pos) if pos <= self.limit => pos,
_ => return Err(ExitFatal::NotSupported),
};
if self.data.len() < end_offset {
self.data.resize(end_offset, 0);
}
let copy_len = min(value.len(), target_size);
let dest_slice = &mut self.data[offset..end_offset];
if copy_len > 0 {
dest_slice[..copy_len].copy_from_slice(&value[..copy_len]);
}
if target_size > copy_len {
dest_slice[copy_len..].fill(0);
}
Ok(())
}
/// Copy memory region form `src` to `dst` with length.
/// `copy_within` uses `memmove` to avoid `DoS` attacks.
///
/// # Errors
/// Return `ExitFatal::Other`:
/// - `OverflowOnCopy` if `offset + length` is overflow
/// - `OutOfGasOnCopy` if `offst_length` out of memory limit
pub fn copy(
&mut self,
src_offset: usize,
dst_offset: usize,
length: usize,
) -> Result<(), ExitFatal> {
// If length is zero - do nothing
if length == 0 {
return Ok(());
}
// Get maximum offset
let offset = core::cmp::max(src_offset, dst_offset);
let offset_length = offset
.checked_add(length)
.ok_or_else(|| ExitFatal::Other(Cow::from("OverflowOnCopy")))?;
if offset_length > self.limit {
return Err(ExitFatal::Other(Cow::from("OutOfGasOnCopy")));
}
// Resize data memory
if self.data.len() < offset_length {
self.data.resize(offset_length, 0);
}
self.data
.copy_within(src_offset..src_offset + length, dst_offset);
Ok(())
}
/// Copy `data` into the memory, for the given `length`.
///
/// Copies `min(length, available_source_bytes)` from the source `data`
/// starting at `data_offset`, into `self.data` starting at `memory_offset`.
/// If `length` is greater than the number of bytes copied from source, the
/// remaining bytes in the destination range (up to `length`) are filled with zeros.
///
/// # Errors
/// Returns `ExitFatal::NotSupported` if the destination range `memory_offset..memory_offset + length`
/// exceeds the memory limit or causes usize overflow.
pub fn copy_data(
&mut self,
memory_offset: usize,
data_offset: U256,
length: usize,
data: &[u8],
) -> Result<(), ExitFatal> {
// 1. Handle zero length copy (no-op)
if length == 0 {
return Ok(());
}
// 2. Check destination bounds and calculate end offset
let dest_end_offset = match memory_offset.checked_add(length) {
Some(pos) if pos <= self.limit => pos,
_ => return Err(ExitFatal::NotSupported), // Error if overflow or exceeds limit
};
// 3. Ensure destination buffer (`self.data`) is large enough
// Resize before taking mutable slices.
if self.data.len() < dest_end_offset {
self.data.resize(dest_end_offset, 0);
}
// 4. Preparing the copy and padding directly into self.data
// Get the mutable slice of the exact destination region length
// This is safe because we resized self.data to at least `dest_end_offset`
let dest_slice = &mut self.data[memory_offset..dest_end_offset];
// 5. Check source bounds and rethink zero the data slice
if data_offset > USIZE_MAX {
dest_slice.fill(0);
return Ok(());
}
let data_offset = data_offset.as_usize();
if data_offset > data.len() {
dest_slice.fill(0);
return Ok(());
}
// Calculate how many bytes are available in `data` from `data_offset`
let actual_len = data.len() - data_offset;
// Calculate copy length as the minimum of requested length and available length
let copy_len = min(actual_len, length);
// Copy data to `dest_slice`
if copy_len > 0 {
dest_slice[..copy_len].copy_from_slice(&data[data_offset..data_offset + copy_len]);
}
if length > copy_len {
dest_slice[copy_len..].fill(0);
}
Ok(())
}
}
/// Rounds up `x` to the closest multiple of 32. If `x % 32 == 0` then `x` is returned.
#[inline]
fn next_multiple_of_32(x: usize) -> Option<usize> {
let r = x.bitand(31).not().wrapping_add(1).bitand(31);
x.checked_add(r)
}
#[cfg(test)]
mod tests {
use super::next_multiple_of_32;
#[test]
fn test_next_multiple_of_32() {
// next_multiple_of_32 returns x when it is a multiple of 32
for i in 0..32 {
let x = i * 32;
assert_eq!(Some(x), next_multiple_of_32(x));
}
// next_multiple_of_32 rounds up to the nearest multiple of 32 when `x % 32 != 0`
for x in 0..1024 {
if x % 32 == 0 {
continue;
}
let next_multiple = x + 32 - (x % 32);
assert_eq!(Some(next_multiple), next_multiple_of_32(x));
}
// next_multiple_of_32 returns None when the next multiple of 32 is too big
let last_multiple_of_32 = usize::MAX & !31;
for i in 0..63 {
let x = usize::MAX - i;
if x > last_multiple_of_32 {
assert_eq!(None, next_multiple_of_32(x));
} else {
assert_eq!(Some(last_multiple_of_32), next_multiple_of_32(x));
}
}
}
}