Skip to main content

zksync_vm2/instruction_handlers/
ret.rs

1use primitive_types::U256;
2use zksync_vm2_interface::{
3    opcodes::{self, Normal, Panic, Revert, TypeLevelReturnType},
4    ReturnType, Tracer,
5};
6
7use super::{
8    common::full_boilerplate,
9    far_call::get_calldata,
10    monomorphization::{match_boolean, monomorphize, parameterize},
11};
12use crate::{
13    addressing_modes::{Arguments, Immediate1, Register1, Source, INVALID_INSTRUCTION_COST},
14    callframe::FrameRemnant,
15    instruction::{ExecutionEnd, ExecutionStatus},
16    mode_requirements::ModeRequirements,
17    page_ids::base_page_from_heap,
18    predication::Flags,
19    tracing::VmAndWorld,
20    Instruction, Predicate, VirtualMachine, World,
21};
22
23fn naked_ret<T: Tracer, W: World<T>, RT: TypeLevelReturnType, const TO_LABEL: bool>(
24    vm: &mut VirtualMachine<T, W>,
25    args: &Arguments,
26) -> ExecutionStatus {
27    let mut return_type = RT::VALUE;
28    let near_call_leftover_gas = vm.state.current_frame.gas;
29
30    let (snapshot, leftover_gas) = if let Some(FrameRemnant {
31        exception_handler,
32        snapshot,
33    }) = vm.state.current_frame.pop_near_call()
34    {
35        if TO_LABEL {
36            let pc = Immediate1::get_u16(args);
37            vm.state.current_frame.set_pc_from_u16(pc);
38        } else if return_type.is_failure() {
39            vm.state.current_frame.set_pc_from_u16(exception_handler);
40        }
41
42        (snapshot, near_call_leftover_gas)
43    } else {
44        let return_value_or_panic = if return_type == ReturnType::Panic {
45            None
46        } else {
47            let (raw_abi, is_pointer) = Register1::get_with_pointer_flag(args, &mut vm.state);
48            let result = get_calldata(raw_abi, is_pointer, vm, false).filter(|pointer| {
49                if vm.state.current_frame.is_kernel {
50                    true
51                } else {
52                    // Non-kernel returndata forwarding must be unidirectional: callers may pass
53                    // pointers down the stack, but callees must not forward pointers to older pages.
54                    // This mirrors zk_evm's restriction based on base memory page checks.
55                    pointer.memory_page.as_u32() >= base_page_from_heap(vm.state.current_frame.heap)
56                        && pointer.memory_page != vm.state.current_frame.calldata_heap
57                }
58            });
59
60            if result.is_none() {
61                return_type = ReturnType::Panic;
62            }
63            result
64        };
65
66        let leftover_gas = vm.state.current_frame.gas;
67
68        let Some(FrameRemnant {
69            exception_handler,
70            snapshot,
71        }) = vm.pop_frame(
72            return_value_or_panic
73                .as_ref()
74                .map(|pointer| pointer.memory_page),
75        )
76        else {
77            // The initial frame is not rolled back, even if it fails.
78            // It is the caller's job to clean up when the execution as a whole fails because
79            // the caller may take external snapshots while the VM is in the initial frame and
80            // these would break were the initial frame to be rolled back.
81
82            // But to continue execution would be nonsensical and can cause UB because there
83            // is no next instruction after a panic arising from some other instruction.
84            vm.state.current_frame.pc = invalid_instruction();
85
86            return if let Some(return_value) = return_value_or_panic {
87                let output = vm.state.heaps[return_value.memory_page]
88                    .read_range_big_endian(
89                        return_value.start..return_value.start + return_value.length,
90                    )
91                    .clone();
92                if return_type == ReturnType::Revert {
93                    ExecutionStatus::Stopped(ExecutionEnd::Reverted(output))
94                } else {
95                    ExecutionStatus::Stopped(ExecutionEnd::ProgramFinished(output))
96                }
97            } else {
98                ExecutionStatus::Stopped(ExecutionEnd::Panicked)
99            };
100        };
101
102        vm.state.set_context_u128(0);
103        vm.state.registers = [U256::zero(); 16];
104
105        if let Some(return_value) = return_value_or_panic {
106            vm.state.registers[1] = return_value.into_u256();
107        }
108        vm.state.register_pointer_flags = 2;
109
110        if return_type.is_failure() {
111            vm.state.current_frame.set_pc_from_u16(exception_handler);
112        }
113
114        (snapshot, leftover_gas)
115    };
116
117    if return_type.is_failure() {
118        vm.world_diff.append_rollback_logs(&snapshot);
119        vm.world_diff.rollback(snapshot);
120    }
121
122    vm.state.flags = Flags::new(return_type == ReturnType::Panic, false, false);
123    vm.state.current_frame.gas += leftover_gas;
124
125    ExecutionStatus::Running
126}
127
128fn ret<T: Tracer, W: World<T>, RT: TypeLevelReturnType, const TO_LABEL: bool>(
129    vm: &mut VirtualMachine<T, W>,
130    world: &mut W,
131    tracer: &mut T,
132) -> ExecutionStatus {
133    full_boilerplate::<opcodes::Ret<RT>, _, _>(vm, world, tracer, |vm, args, _, _| {
134        naked_ret::<T, W, RT, TO_LABEL>(vm, args)
135    })
136}
137
138/// Turn the current instruction into a panic at no extra cost. (Great value, I know.)
139///
140/// Call this when:
141/// - gas runs out when paying for the fixed cost of an instruction
142/// - causing side effects in a static context
143/// - using privileged instructions while not in a system call
144/// - the far call stack overflows
145///
146/// For all other panics, point the instruction pointer at [PANIC] instead.
147pub(crate) fn free_panic<T: Tracer, W: World<T>>(
148    vm: &mut VirtualMachine<T, W>,
149    world: &mut W,
150    tracer: &mut T,
151) -> ExecutionStatus {
152    tracer.before_instruction::<opcodes::Ret<Panic>, _>(&mut VmAndWorld { vm, world });
153    // args aren't used for panics unless TO_LABEL
154    naked_ret::<T, W, Panic, false>(
155        vm,
156        &Arguments::new(Predicate::Always, 0, ModeRequirements::none()),
157    )
158    .merge_tracer(tracer.after_instruction::<opcodes::Ret<Panic>, _>(&mut VmAndWorld { vm, world }))
159}
160
161fn invalid<T: Tracer, W: World<T>>(
162    vm: &mut VirtualMachine<T, W>,
163    world: &mut W,
164    tracer: &mut T,
165) -> ExecutionStatus {
166    vm.state.current_frame.gas = 0;
167    free_panic(vm, world, tracer)
168}
169
170trait GenericStatics<T, W> {
171    const PANIC: Instruction<T, W>;
172    const INVALID: Instruction<T, W>;
173}
174
175impl<T: Tracer, W: World<T>> GenericStatics<T, W> for () {
176    const PANIC: Instruction<T, W> = Instruction::from_spontaneous_panic();
177    const INVALID: Instruction<T, W> = Instruction::from_invalid();
178}
179
180// The following functions return references that live for 'static.
181// They aren't marked as such because returning any lifetime is more ergonomic.
182
183/// Point the program counter at this instruction when a panic occurs during the logic of and instruction.
184pub(crate) fn spontaneous_panic<'a, T: Tracer, W: World<T>>() -> &'a Instruction<T, W> {
185    &<()>::PANIC
186}
187
188/// Panics, burning all available gas.
189pub(crate) fn invalid_instruction<'a, T: Tracer, W: World<T>>() -> &'a Instruction<T, W> {
190    &<()>::INVALID
191}
192
193pub(crate) const RETURN_COST: u32 = 5;
194
195/// Variations of [`Ret`](opcodes::Ret) instructions.
196impl<T: Tracer, W: World<T>> Instruction<T, W> {
197    /// Creates a normal [`Ret`](opcodes::Ret) instruction with the provided params.
198    pub fn from_ret(src1: Register1, label: Option<Immediate1>, arguments: Arguments) -> Self {
199        let to_label = label.is_some();
200        Self {
201            handler: monomorphize!(ret [T W Normal] match_boolean to_label),
202            arguments: arguments.write_source(&src1).write_source(&label),
203        }
204    }
205
206    /// Creates a revert [`Ret`](opcodes::Ret) instruction with the provided params.
207    pub fn from_revert(src1: Register1, label: Option<Immediate1>, arguments: Arguments) -> Self {
208        let to_label = label.is_some();
209        Self {
210            handler: monomorphize!(ret [T W Revert] match_boolean to_label),
211            arguments: arguments.write_source(&src1).write_source(&label),
212        }
213    }
214
215    /// Creates a panic [`Ret`](opcodes::Ret) instruction with the provided params.
216    pub fn from_panic(label: Option<Immediate1>, arguments: Arguments) -> Self {
217        let to_label = label.is_some();
218        Self {
219            handler: monomorphize!(ret [T W Panic] match_boolean to_label),
220            arguments: arguments.write_source(&label),
221        }
222    }
223
224    /// Creates the instruction that is executed when anonther instruction encounters
225    /// an error.
226    pub(crate) const fn from_spontaneous_panic() -> Self {
227        Self {
228            handler: ret::<T, W, Panic, false>,
229            arguments: Arguments::new(Predicate::Always, RETURN_COST, ModeRequirements::none()),
230        }
231    }
232
233    /// Creates a *invalid* instruction that will panic by draining all gas.
234    pub const fn from_invalid() -> Self {
235        Self {
236            handler: invalid,
237            arguments: Arguments::new(
238                Predicate::Always,
239                INVALID_INSTRUCTION_COST,
240                ModeRequirements::none(),
241            ),
242        }
243    }
244}