feat: define initcode mode and require validation of RETURNCONTRACT

[charles-cooper]

require EOFCREATE to point to initcode, and RETURNCONTRACT to point to runtime code.

[pdobacz]

Can EOFCREATE point to a container which contains only REVERT or INVALID?

[charles-cooper]

hm, interesting! are there any implicit STOP instructions in EOF?

[pdobacz]

hm, interesting! are there any implicit STOP instructions in EOF?

no, a terminating instruction or an unconditional jump is required at the end of each code section.

[charles-cooper]

in this case, maybe i should change the wording to:

the subcontainer pointed to by initcontainer_index must be an "initcode" subcontainer, that is, it must not contain a RETURN or STOP instruction.

[pdobacz]

the subcontainer pointed to by initcontainer_index must be an "initcode" subcontainer, that is, it must not contain a RETURN or STOP instruction.

I think this is too weak of a definition, in light of the conditions which are listed below. Also, this makes a REVERT-only subcontainer an "initcode" one, which is not natural IMO.

To be clear: I think the current wording is fine, we just need to be aware of how we treat containers which contain only REVERTs and INVALIDs. As of now, such container is invalid when pointed to by EOFCREATE and valid when pointed to by RETURNCONTRACT, and this rule is implicit. Maybe better to add a **Note** at the bottom to make it explicit?

[charles-cooper]

maybe three types of containers -- RETURN/STOP (0b01), RETURNCONTRACT (0b10) and none (0b00). 0b11 is invalid, but 0b00 can be referenced by either EOFCREATE or RETURNCONTRACT. i don't think an initcode which can only REVERT or INVALID would be very useful, but it might be used somehow for a signaling purpose (like there is information in the revertdata)? but in such a case you would just want to call the contract.

[charles-cooper]

speaking of signaling - should EOFCREATE and/or TXCREATE return status codes, like EXT*CALL?

[pdobacz]

maybe three types of containers

This is now unclear to me - does your proposition introduce explicit types in the header or implicit based on the instructions? I thought implicit, without modification to the header

speaking of signaling - should EOFCREATE and/or TXCREATE return status codes, like EXT*CALL?

Both return new address (or zero on failure). I don't recall any discussion happening on this topic.

[charles-cooper]

This is now unclear to me - does your proposition introduce explicit types in the header or implicit based on the instructions? I thought implicit, without modification to the header

it's still implicit, but i was saying we could allow containers with only REVERT or INVALID (and no RETURN/STOP/RETURNCONTRACT) as initcode. i don't think it's very useful though, especially without signaling. (it essentially would be a way to call a subcontainer without actually deploying it.)

[pdobacz]

apologies for late feedback, it took me some time to get to this

[pdobacz]

"not contain RETURNCONTRACT" is not the negation of "initcode" subcontainer definition from 2 lines above - that would be "may contain RETURN or STOP". I think trying to define "initcode" container or mode doesn't help, let's just list the rules (exact wording pending):

1. EOFCREATE points to container without RETURN or STOP
2. RETURNCONTRACT points to container without RETURNCONTRACT

and that's it, no? I think it covers all the situations described here, following the "lax" ruleset; that is, a container with only REVERT & INVALID is always good.

And actually there's a third one, which is missed here altogether (just realized it), I'm not sure it belongs better here or in the TXCREATE runtime spec:

3. Top-level container from initcodes pointed to with TXCREATE is without RETURN or STOP

This leaves us with a potential rule to consider: what about subcontainers not pointed to at all? I would simply not allow them, as they're just dead code which may become "undead" on upgrades if we miss it.

4. Container with a subcontainer not pointed to by either EOFCREATE or RETURNCONTRACT is invalid.

(lastly, albeit this can't be fixed in this PR, just need to remember to fix it in the future, in case #78 goes through:)

5. Top-level container from tx data in "Creation transaction (to is nil)" is without RETURN or STOP

[charles-cooper]

ok I'll make the changes and remove "initcode-mode"

3. i can make the change in this PR
4. i don't know how they could become "undead", but yea i think it is a good idea in general to ban dead code

[charles-cooper]

although i think it's helpful to have "initcode" as a term for discussion purposes, i'll update the wording and see what you think

[pdobacz]

If I'm not mistaken, there was consensus in favor of this change on the EOF impl call, with the expansion of banning dead subcontainers in a follow-up PR. @gumb0 can you take another look before we merge?

[gumb0]

It needs rebase now

1. TXCREATE addition should go into eof_future_upgrades.md file where TXCREATE lives now
2. Similar to TXCREATE validation check that top level container is initcontainer should be added to creation transaction.

[pdobacz]

2 nits, lgtm