Proper Revert reasons

[cburgdorf]

What was wrong?

As described in #288 we do currently not support revert reason strings in assert statements.

How was it fixed?

1. Added a bit machinery to test solidity fixtures and added a new category of tests for such cases
2. Added tests to prove how solidity handles revert reason strings
3. Added a new runtime function revert_with_reason_string which follows the error encoding that solidity uses: https://docs.soliditylang.org/en/latest/control-structures.html#revert
4. Added tests for this new runtime method and as a byproduct refactored some helpers to allow detailed testing of reverts as well as setting up a runtime that exposes static strings
5. Hooked up the mapping of assert to use the new runtime method when a string reason is given
6. Added several test cases to prove the functionality of assert strings with static strings, longer strings, passed in strings

[codecov-io]

Codecov Report

Merging #342 (7626e6d) into master (dd017d8) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #342   +/-   ##
=======================================
  Coverage   92.60%   92.60%           
=======================================
  Files          56       56           
  Lines        3882     3882           
=======================================
  Hits         3595     3595           
  Misses        287      287           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dd017d8...7626e6d. Read the comment docs.

[cburgdorf]

@satyamakgec This is all just WIP code in this PR but I wanted to make you aware of it because it adds a way to run tests against solidity code (which I needed to prove some assumptions about revert reason encoding). Since the differential contract testing will also need to run solidity code I thought you might find it useful to look at.

[satyamakgec]

You are a saviour @cburgdorf I was worried about this today when I was doing researching and planning over the differential testing.

[g-r-a-n-t]

Very useful tools!

[codecov-commenter]

Codecov Report

Merging #342 (90601cb) into master (32c3f00) will increase coverage by 0.00%.
The diff coverage is 100.00%.

❗ Current head 90601cb differs from pull request most recent head cf736bf. Consider uploading reports for the commit cf736bf to get more accurate results

@@           Coverage Diff           @@
##           master     #342   +/-   ##
=======================================
  Coverage   92.79%   92.80%           
=======================================
  Files          59       59           
  Lines        4012     4015    +3     
=======================================
+ Hits         3723     3726    +3     
  Misses        289      289           

Impacted Files	Coverage Δ
compiler/src/yul/mappers/functions.rs	100.00% <ø> (ø)
compiler/src/yul/runtime/functions/data.rs	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 32c3f00...cf736bf. Read the comment docs.

[cburgdorf]

I wonder why I can't do this instead:

(let ptr := alloc_mstoren(3963877391197344453575983046348115674221700746820753546331534351508065746944, 4))

[g-r-a-n-t]

Here's my understanding of what's happening here:

3963877391197344453575983046348115674221700746820753546331534351508065746944 is the decimal number equivalent to the selector (0x08C379A0) padded with 28 zero bytes on the right. We're allocating 4 bytes and then writing the decimal selector to 32 bytes of memory. Since the number in bytes is all zeros on the right side, we don't actually end up writing any bits past the highest allocated memory address, so things are technically fine.

What we want is:

let ptr := alloc_mstoren(0x08C379A0, 4)

Also,

let ptr := alloc_mstoren(3963877391197344453575983046348115674221700746820753546331534351508065746944, 4)

is equivalent to:

let ptr := alloc_mstoren(0x08C379A000000000000000000000000000000000000000000000000000000000, 4)

which will only write the 4 least-significant bytes to memory (zero).

[cburgdorf]

Ooooh! Now it all makes sense. THANK YOU 🙏

[cburgdorf]

That's the only new one. I just sorted them alphabetically

[cburgdorf]

I have to confess that I don't fully grasp the rationale for this ☝️ I tried to follow the conversation in ethereum/EIPs#838 but it doesn't go into much detail (or not enough for me to properly understand it). I think this data offset of 32 is just meant to say that the actual reason string is found at an offset of 32 bytes simply because thats how ABI encoded strings are defined. But to me it seems pointless to have this. After all Error(string) returns a string so it should be clear that there's a 32 data offset but maybe I'm just misunderstanding the whole thing haha. Anyway, this is how the encoding works and the tests prove that it is working in the same way as solidity.

[g-r-a-n-t]

Yeah, just how ABI encoding works. It makes sense when there's more items being encoded.

[cburgdorf]

It makes sense when there's more items being encoded.

Do you have an example where the dataoffset becomes useful? Let's say we have Error(AnyOtherABIType). Why would I need the dataoffset for anything? Wouldn't it work just as fine without it? Whatever follows the selector would be the data that is decoded as the ABI type that is specified with the selector.

[g-r-a-n-t]

If we're encoding something like (string, string), we need to provide the offsets to both pieces of dynamically sized data. This way we only need to read the offset, size, and the data when reading each string. If offsets were not provided, we would need to read each dynamic size and sum them together to get the offset. This would make implementations much more error prone.

For reference, the encoding would look roughly like this:

[offset_1, offset_2], [(size_1, data_1), (size_2, data_2)]

With a single dynamic element, it's not necessary to provide this offset, but it's best to make a few simple rules with encoding schemes and stick with them - even if it seems silly at times.

[cburgdorf]

if offsets were not provided, we would need to read each dynamic size and sum them together to get the offset

But isn't that what I would also have to do if I'm reading the output of pub foo -> (string, string)? In that case, the returned data will also only be [(size_1, data_1), (size_2, data_2)] without providing me the offsets separately, no?

[g-r-a-n-t]

The encoding of (string, string) would include the offsets of each string item. Then to decode, we read the offset, size, and data for each string.

Is there something I'm missing?

[g-r-a-n-t]

The examples are quite helpful.

[cburgdorf]

Without a revert string the data will simply be empty (NOT the same as having a revert string of "")

[cburgdorf]

I introduced the Runtime object with the builder pattern to not introduce a data parameter to every test that most of them would not end up using.

We could actually go a bit further and incorporate the testing functions on the Runtime object, too so that the code becomes something like:

test_runtime_functions_revert(
            Runtime::default()
                .with_data(
                    vec![yul::Data { name: keccak::full(reason.as_bytes()), value: reason.to_owned() }]
                )
                .with_test_statements(
                statements! {
                    (let reason := load_data_string((dataoffset([literal_expression! { (reason_id) }])), (datasize([literal_expression! { (reason_id) }]))))
                    (revert_with_reason_string(reason))
                })
                .execute(executor)
                .expect_revert_with(reason)
        );

I'm happy to create an issue / PR if you happen to like it @g-r-a-n-t

[g-r-a-n-t]

Seems like a more rusty way of doing things 👍 I'm open to refactoring this way.

[cburgdorf]

This is proving that our encode_error_reason is producing the same encoding that solidity does

[cburgdorf]

@g-r-a-n-t Celebrating your return with this PR to review

🏄‍♂️

[g-r-a-n-t]

Looks good.

Added some clarification around the selector stuff and suggested using pop in a few places.

[g-r-a-n-t]

Here's my understanding of what's happening here:

3963877391197344453575983046348115674221700746820753546331534351508065746944 is the decimal number equivalent to the selector (0x08C379A0) padded with 28 zero bytes on the right. We're allocating 4 bytes and then writing the decimal selector to 32 bytes of memory. Since the number in bytes is all zeros on the right side, we don't actually end up writing any bits past the highest allocated memory address, so things are technically fine.

What we want is:

let ptr := alloc_mstoren(0x08C379A0, 4)

Also,

let ptr := alloc_mstoren(3963877391197344453575983046348115674221700746820753546331534351508065746944, 4)

is equivalent to:

let ptr := alloc_mstoren(0x08C379A000000000000000000000000000000000000000000000000000000000, 4)

which will only write the 4 least-significant bytes to memory (zero).

[g-r-a-n-t]

Yeah, just how ABI encoding works. It makes sense when there's more items being encoded.

[g-r-a-n-t]

We can also pop these values right off the stack.

(pop((mcopym(reason , (add(reason_size, 32))))))

All function arguments are matched as token trees, so expressions like mcopym(reason , (add(reason_size, 32))) need to be wrapped in parens. Biggest downside with these macros imo.

[cburgdorf]

Ah, right, thanks. Does it make any practical difference whether to assign them to an unused variable or pop them?

[g-r-a-n-t]

The optimizer will probably convert these to pops anyway.

Even if we weren't running the optimizer, I don't think it would make any difference in terms of gas. We would just keep these values on the stack a bit longer.

[g-r-a-n-t]

Very useful tools!

[g-r-a-n-t]

Makes sense 👍

[g-r-a-n-t]

Seems like a more rusty way of doing things 👍 I'm open to refactoring this way.