stop - stop execution, identical to return(0,0)
add(x, y) x + y
sub(x, y) x - y
mul(x, y) x * y
div(x, y) x / y
sdiv(x, y) x / y, for signed numbers in two’s complement
mod(x, y) x % y
smod(x, y) x % y, for signed numbers in two’s complement
exp(x, y) x to the power of y
not(x) ~x, every bit of x is negated
lt(x, y) 1 if x < y, 0 otherwise
gt(x, y) 1 if x > y, 0 otherwise
slt(x, y) 1 if x < y, 0 otherwise, for signed numbers in two’s complement
sgt(x, y) 1 if x > y, 0 otherwise, for signed numbers in two’s complement
eq(x, y) 1 if x == y, 0 otherwise
iszero(x) 1 if x == 0, 0 otherwise
and(x, y) bitwise and of x and y
or(x, y) bitwise or of x and y
xor(x, y) bitwise xor of x and y
byte(n, x) nth byte of x, where the most significant byte is the 0th byte
addmod(x, y, m) (x + y) % m with arbitrary precision arithmetics
mulmod(x, y, m) (x * y) % m with arbitrary precision arithmetics
signextend(i, x) sign extend from (i*8+7)th bit counting from least significant
keccak256(p, n) keccak(mem[p…(p+n)))
sha3(p, n) keccak(mem[p…(p+n)))
jump(label) - jump to label / code position
jumpi(label, cond) - jump to label if cond is nonzero
pc current position in code
pop(x) - remove the element pushed by x
dup1 … dup16 copy ith stack slot to the top (counting from top)
swap1 … swap16 * swap topmost and ith stack slot below it
mload(p) mem[p..(p+32))
mstore(p, v) - mem[p..(p+32)) := v
mstore8(p, v) - mem[p] := v & 0xff - only modifies a single byte
sload(p) storage[p]
sstore(p, v) - storage[p] := v
msize size of memory, i.e. largest accessed memory index
gas gas still available to execution
address address of the current contract / execution context
balance(a) wei balance at address a
caller call sender (excluding delegatecall)
callvalue wei sent together with the current call
calldataload(p) call data starting from position p (32 bytes)
calldatasize size of call data in bytes
calldatacopy(t, f, s) - copy s bytes from calldata at position f to mem at position t
codesize size of the code of the current contract / execution context
codecopy(t, f, s) - copy s bytes from code at position f to mem at position t
extcodesize(a) size of the code at address a
extcodecopy(a, t, f, s) - like codecopy(t, f, s) but take code at address a
returndatasize size of the last returndata
returndatacopy(t, f, s) - copy s bytes from returndata at position f to mem at position t
create(v, p, s) create new contract with code mem[p..(p+s)) and send v wei and return the new address
create2(v, n, p, s) create new contract with code mem[p..(p+s)) at address keccak256(
. n . keccak256(mem[p..(p+s))) and send v wei and return the new address
call(g, a, v, in, insize, out, outsize) call contract at address a with input mem[in..(in+insize)) providing g gas and v wei and output area mem[out..(out+outsize)) returning 0 on error (eg. out of gas) and 1 on success
callcode(g, a, v, in, insize, out, outsize) identical to call but only use the code from a and stay in the context of the current contract otherwise
delegatecall(g, a, in, insize, out, outsize) identical to callcode but also keep caller and callvalue
staticcall(g, a, in, insize, out, outsize) identical to call(g, a, 0, in, insize, out, outsize) but do not allow state modifications
return(p, s) - end execution, return data mem[p..(p+s))
revert(p, s) - end execution, revert state changes, return data mem[p..(p+s))
selfdestruct(a) - end execution, destroy current contract and send funds to a
invalid - end execution with invalid instruction
log0(p, s) - log without topics and data mem[p..(p+s))
log1(p, s, t1) - log with topic t1 and data mem[p..(p+s))
log2(p, s, t1, t2) - log with topics t1, t2 and data mem[p..(p+s))
log3(p, s, t1, t2, t3) - log with topics t1, t2, t3 and data mem[p..(p+s))
log4(p, s, t1, t2, t3, t4) - log with topics t1, t2, t3, t4 and data mem[p..(p+s))
origin transaction sender
gasprice gas price of the transaction
blockhash(b) hash of block nr b - only for last 256 blocks excluding current
coinbase current mining beneficiary
timestamp timestamp of the current block in seconds since the epoch
number current block number
difficulty difficulty of the current block
gaslimit block gas limit of the current block
文本
{
let n := calldataload(4)
let a := 1
let b := a
loop:
jumpi(loopend, eq(n, 0))
a add swap1
n := sub(n, 1)
jump(loop)
loopend:
mstore(0, a)
return(0, 0x20)
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
请注意,自动访问堆栈变量只有在汇编器知道当前堆栈高度时才能工作。 如果跳转源和目标具有不同的堆栈高度,则无法正常工作。 使用这种跳转仍然很好,但是在这种情况下,您应该不会访问任何堆栈变量(甚至汇编变量)。
编写的程序应该是可读的,即使代码是由Solidity的编译器生成的。
从汇编到字母代码的翻译应尽可能少的“惊喜”。
控制流程应易于检测,有助于形式验证和优化。
为了实现第一个和最后一个目标,程序集提供了高级结构,如循环,切换语句和函数调用。 应该可以编写不使用显式SWAP,DUP,JUMP和JUMPI语句的汇编程序,因为前两个模糊数据流和最后两个混淆控制流。 此外,mul(add(x,y),7)的函数语句优于纯操作码语句,如7 y x add mul,因为在第一种形式下,看起来哪个操作数用于哪个操作码要容易得多。
contract C {
function f(uint x) returns (uint y) {
y = 1;
for (uint i = 0; i < x; i++)
y = 2 * y;
}
}
1
2
3
4
5
6
7
8
9
将生成以下程序集:
{
mstore(0x40, 0x60) // 存储“可用内存指针”
// 函数调度程序
switch div(calldataload(0), exp(2, 226))
case 0xb3de648b {
let (r) = f(calldataload(4))
let ret := $allocate(0x20)
mstore(ret, r)
return(ret, 0x20)
}
default { revert(0, 0) }
// 内存分配器
function $allocate(size) -> pos {
pos := mload(0x40)
mstore(0x40, add(pos, size))
}
// 契约功能
function f(x) -> y {
y := 1
for { let i := 0 } lt(i, x) { i := add(i, 1) } {
y := mul(2, y)
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
在desug阶段之后,它看起来如下:
{
mstore(0x40, 0x60)
{
let $0 := div(calldataload(0), exp(2, 226))
jumpi($case1, eq($0, 0xb3de648b))
jump($caseDefault)
$case1:
{
// the function call - we put return label and arguments on the stack
$ret1 calldataload(4) jump(f)
// This is unreachable code. Opcodes are added that mirror the
// effect of the function on the stack height: Arguments are
// removed and return values are introduced.
pop pop
let r := 0
$ret1: // the actual return point
$ret2 0x20 jump($allocate)
pop pop let ret := 0
$ret2:
mstore(ret, r)
return(ret, 0x20)
// although it is useless, the jump is automatically inserted,
// since the desugaring process is a purely syntactic operation that
// does not analyze control-flow
jump($endswitch)
}
$caseDefault:
{
revert(0, 0)
jump($endswitch)
}
$endswitch:
}
jump($afterFunction)
allocate:
{
// we jump over the unreachable code that introduces the function arguments
jump($start)
let $retpos := 0 let size := 0
$start:
// output variables live in the same scope as the arguments and is
// actually allocated.
let pos := 0
{
pos := mload(0x40)
mstore(0x40, add(pos, size))
}
// This code replaces the arguments by the return values and jumps back.
swap1 pop swap1 jump
// Again unreachable code that corrects stack height.
0 0
}
f:
{
jump($start)
let $retpos := 0 let x := 0
$start:
let y := 0
{
let i := 0
$for_begin:
jumpi($for_end, iszero(lt(i, x)))
{
y := mul(2, y)
}
$for_continue:
{ i := add(i, 1) }
jump($for_begin)
$for_end:
} // Here, a pop instruction will be inserted for i
swap1 pop swap1 jump
0 0
}
$afterFunction:
stop
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
大会发生在四个阶段:
desugar item: AST -> AST =
match item {
AssemblyFunctionDefinition('function' name '(' arg1, ..., argn ')' '->' ( '(' ret1, ..., retm ')' body) ->
<name>:
{
jump($<name>_start)
let $retPC := 0 let argn := 0 ... let arg1 := 0
$<name>_start:
let ret1 := 0 ... let retm := 0
{ desugar(body) }
swap and pop items so that only ret1, ... retm, $retPC are left on the stack
jump
0 (1 + n times) to compensate removal of arg1, ..., argn and $retPC
}
AssemblyFor('for' { init } condition post body) ->
{
init // cannot be its own block because we want variable scope to extend into the body
// find I such that there are no labels $forI_*
$forI_begin:
jumpi($forI_end, iszero(condition))
{ body }
$forI_continue:
{ post }
jump($forI_begin)
$forI_end:
}
'break' ->
{
// find nearest enclosing scope with label $forI_end
pop all local variables that are defined at the current point
but not at $forI_end
jump($forI_end)
0 (as many as variables were removed above)
}
'continue' ->
{
// find nearest enclosing scope with label $forI_continue
pop all local variables that are defined at the current point
but not at $forI_continue
jump($forI_continue)
0 (as many as variables were removed above)
}
AssemblySwitch(switch condition cases ( default: defaultBlock )? ) ->
{
// find I such that there is no $switchI* label or variable
let $switchI_value := condition
for each of cases match {
case val: -> jumpi($switchI_caseJ, eq($switchI_value, val))
}
if default block present: ->
{ defaultBlock jump($switchI_end) }
for each of cases match {
case val: { body } -> $switchI_caseJ: { body jump($switchI_end) }
}
$switchI_end:
}
FunctionalAssemblyExpression( identifier(arg1, arg2, ..., argn) ) ->
{
if identifier is function <name> with n args and m ret values ->
{
// find I such that $funcallI_* does not exist
$funcallI_return argn ... arg2 arg1 jump(<name>)
pop (n + 1 times)
if the current context is `let (id1, ..., idm) := f(...)` ->
let id1 := 0 ... let idm := 0
$funcallI_return:
else ->
0 (m times)
$funcallI_return:
turn the functional expression that leads to the function call
into a statement stream
}
else -> desugar(children of node)
}
default node ->
desugar(children of node)
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
操作码流生成
codegen item: AST -> opcode_stream =
match item {
AssemblyBlock({ items }) ->
join(codegen(item) for item in items)
if last generated opcode has continuing control flow:
POP for all local variables registered at the block (including variables
introduced by labels)
warn if the stack height at this point is not the same as at the start of the block
Identifier(id) ->
lookup id in the syntactic stack of blocks
match type of id
Local Variable ->
DUPi where i = 1 + stack_height - stack_height_of_identifier(id)
Label ->
// reference to be resolved during bytecode generation
PUSH<bytecode position of label>
SubAssembly ->
PUSH<bytecode position of subassembly data>
FunctionalAssemblyExpression(id ( arguments ) ) ->
join(codegen(arg) for arg in arguments.reversed())
id (which has to be an opcode, might be a function name later)
AssemblyLocalDefinition(let (id1, ..., idn) := expr) ->
register identifiers id1, ..., idn as locals in current block at current stack height
codegen(expr) - assert that expr returns n items to the stack
FunctionalAssemblyAssignment((id1, ..., idn) := expr) ->
lookup id1, ..., idn in the syntactic stack of blocks, assert that they are variables
codegen(expr)
for j = n, ..., i:
SWAPi where i = 1 + stack_height - stack_height_of_identifier(idj)
POP
AssemblyAssignment(=: id) ->
look up id in the syntactic stack of blocks, assert that it is a variable
SWAPi where i = 1 + stack_height - stack_height_of_identifier(id)
POP
LabelDefinition(name:) ->
JUMPDEST
NumberLiteral(num) ->
PUSH<num interpreted as decimal and right-aligned>
HexLiteral(lit) ->
PUSH32<lit interpreted as hex and left-aligned>
StringLiteral(lit) ->
PUSH32<lit utf-8 encoded and left-aligned>
SubAssembly(assembly <name> block) ->
append codegen(block) at the end of the code
dataSize(<name>) ->
assert that <name> is a subassembly ->
PUSH32<size of code generated from subassembly <name>>
linkerSymbol(<lit>) ->
PUSH32<zeros> and append position to linker table
}作者: 梦缠绕的时候 时间: 2018-8-30 11:43 作者: 不二晨 时间: 2018-8-30 17:26
奈斯,加油加油
