Skip to content

test_tstore_rollback_on_failed_create()

Documentation for tests/cancun/eip1153_tstore/test_tstorage_create_contexts.py::test_tstore_rollback_on_failed_create@20373115.

Generate fixtures for these test cases for Amsterdam with:

fill -v tests/cancun/eip1153_tstore/test_tstorage_create_contexts.py::test_tstore_rollback_on_failed_create --fork Amsterdam

Test TSTORE is rolled back after failed CREATE/CREATE2 initcode.

Regression test for #917

Initcode does TLOAD(1) to compute a return size, then does TSTORE(1, 0x6000), then returns data of the computed size. When TLOAD(1) is 0, the return size is 0x600a (exceeds max code size 0x6000), so creation fails.

The caller invokes CREATE/CREATE2 twice with the same initcode. If TSTORE from the first (failed) creation is properly rolled back, the second creation also sees TLOAD(1)==0 and fails the same way. If not rolled back, TLOAD(1)==0x6000 and the second creation succeeds.

Source code in tests/cancun/eip1153_tstore/test_tstorage_create_contexts.py 
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
@pytest.mark.ported_from(
    [
        "https://github.com/holiman/goevmlab/blob/master/examples/tstore_bug-2/main.go",
    ],
)
@pytest.mark.parametrize("create_opcode", [Op.CREATE, Op.CREATE2])
def test_tstore_rollback_on_failed_create(
    state_test: StateTestFiller,
    pre: Alloc,
    create_opcode: Op,
    fork: Fork,
) -> None:
    """
    Test TSTORE is rolled back after failed CREATE/CREATE2 initcode.

    Regression test for
    https://github.com/ethereum/execution-specs/issues/917

    Initcode does TLOAD(1) to compute a return size, then does
    TSTORE(1, 0x6000), then returns data of the computed size.
    When TLOAD(1) is 0, the return size is 0x600a (exceeds max code
    size 0x6000), so creation fails.

    The caller invokes CREATE/CREATE2 twice with the same initcode.
    If TSTORE from the first (failed) creation is properly rolled
    back, the second creation also sees TLOAD(1)==0 and fails the
    same way. If not rolled back, TLOAD(1)==0x6000 and the second
    creation succeeds.
    """
    # Initcode:
    #   return_size = 0x600a - TLOAD(1)
    #   TSTORE(1, 0x6000)
    #   RETURN(offset=0, size=return_size)
    #
    # TLOAD(1)==0:     return_size = 0x600a > max code size -> fail
    # TLOAD(1)==0x6000: return_size = 0x0a <= max code size -> succeed
    max_code_size = fork.max_code_size()

    initcode = (
        Op.TLOAD(1)
        + Op.PUSH4(max_code_size + 0x0A)
        + Op.SUB
        + Op.TSTORE(1, max_code_size)
        + Op.PUSH1(0)
        + Op.RETURN
    )
    initcode_bytes = bytes(initcode)
    initcode_len = len(initcode_bytes)

    caller_code = (
        Om.MSTORE(initcode_bytes, 0)
        + Op.SSTORE(
            0,
            create_opcode(0, 0, initcode_len, 0)
            if create_opcode == Op.CREATE2
            else create_opcode(0, 0, initcode_len),
        )
        + Op.SSTORE(
            1,
            create_opcode(0, 0, initcode_len, 0)
            if create_opcode == Op.CREATE2
            else create_opcode(0, 0, initcode_len),
        )
    )
    caller_address = pre.deploy_contract(caller_code, storage={0: 1, 1: 1})

    sender = pre.fund_eoa()
    tx = Transaction(
        sender=sender,
        to=caller_address,
        gas_limit=16_000_000,
        access_list=[
            AccessList(address=caller_address, storage_keys=[0, 1]),
        ],
    )

    post = {
        # Both creations fail because TSTORE is rolled back;
        # initial storage {0: 1, 1: 1} is overwritten to zeros
        caller_address: Account(storage={0: 0, 1: 0}),
    }

    state_test(pre=pre, post=post, tx=tx)

Parametrized Test Cases

This test generates 2 parametrized test cases across 4 forks.