Overflow checking for the EVM
EIP-1051 proposes the addition of overflow checking for arithmetic operations in the Ethereum Virtual Machine (EVM). Currently, manual checks are required for every arithmetic operation to prevent overflow, which can be inefficient and insecure. The proposal suggests adding two new flags to the EVM state: overflow (ovf) and signed overflow (sovf). The ovf flag would be set when an ADD, SUB, or MUL opcode produces an output that exceeds 2^256 - 1 or is less than 0. The sovf flag would be set whenever the ovf flag is set, as well as in specific circumstances such as when an ADD or SUB opcode results in a different most significant bit (MSB) or when a MUL opcode with both inputs being positive has a negative output. The proposal aims to facilitate efficient and secure contracts by allowing for periodic overflow checks rather than manual checks after every operation.
Video
Original
Abstract
This EIP adds overflow checking for EVM arithmetic operations, and two new opcodes that check and clear the overflow flags.
Motivation
The correct functioning of many contracts today is dependent on detecting and preventing overflow of arithmetic operations. Since the EVM operates on mod 2^256 integers and provides no built-in overflow detection or prevention, this requires manual checks on every arithmetic operation.
In the interests of facilitating efficient and secure contracts, we propose new opcodes that permit efficient detection of overflows, which can be checked periodically rather than after each operation.
Specification
Two new flags are added to the EVM state: overflow (ovf) and signed overflow (sovf).
The ovf flag is set in the following circumstances:
- When an
ADD(0x01) opcode, with both inputs treated as unsigned integers, produces an ideal output in excess of 2^256 - 1. - When a
SUB(0x03) opcode, with both inputs treated as unsigned integers, produces an ideal output less than 0. - When a
MUL(0x02) opcode, with both inputs treated as unsigned integers, produces an ideal output in excess of 2^256 - 1.
The sovf flag is set whenever the ovf flag is set, and additionally in the following circumstances:
- When an
ADDopcode with both inputs having the same MSB results in the output having a different MSB (eg,(+a) + (+b) = (-c)or(-a) + (-b) = (+c)). - When a
SUBopcode occurs and the result has the same MSB as the subtractand (second argument) (eg,(+a) - (-b) = (-c)or(-a) - (+b) = (+c). - When a
MULopcode with both inputs being positive has a negative output. - When a
MULopcode with both inputs being negative has a negative output. - When a
MULopcode with one negative input and one positive input has a positive output.
A new opcode, OFV is added, with number 0x0c. This opcode takes 0 arguments from the stack. When executed, it pushes 1 if the ovf flag is set, and 0 otherwise. It then sets the ovf flag to false.
A new opcode, SOVF is added, with number 0x0d. This opcode takes 0 arguments from the stack. When executed, it pushes 1 if the sovf flag is set, and 0 otherwise. It then sets the sovf flag to false.
Rationale
Any change to implement overflow protection needs to preserve behaviour of existing contracts, which precludes many changes to the arithmetic operations themselves. One option would be to provide an opcode that enables overflow protection, causing a throw or revert if an overflow happens. However, this limits the manner in which overflows can be handled.
Instead, we replicate functionality from real world CPUs, which typically implement 'carry' and 'overflow' flags.
Separate flags for signed and unsigned overflow are necessary due to the fact that a signed overflow may not result in an unsigned overflow.
Backwards Compatibility
This EIP introduces no backwards compatibility issues.
Test Cases
TBD
Implementation
TBD
Copyright
Copyright and related rights waived via CC0.
Not miss a beat of EIPs' update?
Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.
View all