From cbec09450aa72b6aef04eacbd524ad7a32b7e392 Mon Sep 17 00:00:00 2001 From: Asuka Date: Fri, 8 May 2026 17:04:34 +0800 Subject: [PATCH 1/3] feat(vm): serve historical block hashes from state (TIP-2935) Activates via ALLOW_TVM_PRAGUE proposal: deploy() installs the BlockHashHistory bytecode + metadata at the canonical address; write() propagates parent hashes to a 8191-slot ring buffer. --- .../org/tron/core/utils/ProposalUtil.java | 24 ++ .../core/store/DynamicPropertiesStore.java | 39 +++ .../src/main/java/org/tron/core/Wallet.java | 5 + .../tron/core/consensus/ProposalService.java | 6 + .../tron/core/db/HistoryBlockHashUtil.java | 158 +++++++++++ .../main/java/org/tron/core/db/Manager.java | 1 + .../core/actuator/utils/ProposalUtilTest.java | 67 +++++ .../db/HistoryBlockHashIntegrationTest.java | 266 ++++++++++++++++++ .../core/db/HistoryBlockHashUtilTest.java | 199 +++++++++++++ .../tron/core/db/HistoryBlockHashVmTest.java | 243 ++++++++++++++++ 10 files changed, 1008 insertions(+) create mode 100644 framework/src/main/java/org/tron/core/db/HistoryBlockHashUtil.java create mode 100644 framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java create mode 100644 framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java create mode 100644 framework/src/test/java/org/tron/core/db/HistoryBlockHashVmTest.java diff --git a/actuator/src/main/java/org/tron/core/utils/ProposalUtil.java b/actuator/src/main/java/org/tron/core/utils/ProposalUtil.java index 8254a862927..74d332c5611 100644 --- a/actuator/src/main/java/org/tron/core/utils/ProposalUtil.java +++ b/actuator/src/main/java/org/tron/core/utils/ProposalUtil.java @@ -886,6 +886,29 @@ public static void validator(DynamicPropertiesStore dynamicPropertiesStore, } break; } + case ALLOW_TVM_PRAGUE: { + if (!forkController.pass(ForkBlockVersionEnum.VERSION_4_8_2)) { + throw new ContractValidateException( + "Bad chain parameter id [ALLOW_TVM_PRAGUE]"); + } + // The deployed BlockHashHistory bytecode contains PUSH0 (0x5f), which + // is itself gated on ALLOW_TVM_SHANGHAI at execution time. Refuse the + // proposal until Shanghai is enacted so an out-of-order activation + // can't leave a contract whose every STATICCALL hits InvalidOpcode. + if (dynamicPropertiesStore.getAllowTvmShangHai() != 1) { + throw new ContractValidateException( + "[ALLOW_TVM_PRAGUE] requires [ALLOW_TVM_SHANGHAI] to be enacted first"); + } + if (dynamicPropertiesStore.getAllowTvmPrague() == 1) { + throw new ContractValidateException( + "[ALLOW_TVM_PRAGUE] has been valid, no need to propose again"); + } + if (value != 1) { + throw new ContractValidateException( + "This value[ALLOW_TVM_PRAGUE] is only allowed to be 1"); + } + break; + } case ALLOW_HARDEN_RESOURCE_CALCULATION: { if (!forkController.pass(ForkBlockVersionEnum.VERSION_4_8_2)) { throw new ContractValidateException( @@ -1003,6 +1026,7 @@ public enum ProposalType { // current value, value range ALLOW_TVM_BLOB(89), // 0, 1 PROPOSAL_EXPIRE_TIME(92), // (0, 31536003000) ALLOW_TVM_SELFDESTRUCT_RESTRICTION(94), // 0, 1 + ALLOW_TVM_PRAGUE(95), // 0, 1 ALLOW_TVM_OSAKA(96), // 0, 1 ALLOW_HARDEN_RESOURCE_CALCULATION(97), // 0, 1 ALLOW_HARDEN_EXCHANGE_CALCULATION(98); // 0, 1 diff --git a/chainbase/src/main/java/org/tron/core/store/DynamicPropertiesStore.java b/chainbase/src/main/java/org/tron/core/store/DynamicPropertiesStore.java index bac91115b49..2c8a1d9e898 100644 --- a/chainbase/src/main/java/org/tron/core/store/DynamicPropertiesStore.java +++ b/chainbase/src/main/java/org/tron/core/store/DynamicPropertiesStore.java @@ -240,6 +240,15 @@ public class DynamicPropertiesStore extends TronStoreWithRevoking private static final byte[] ALLOW_TVM_OSAKA = "ALLOW_TVM_OSAKA".getBytes(); + private static final byte[] ALLOW_TVM_PRAGUE = "ALLOW_TVM_PRAGUE".getBytes(); + + // TIP-2935 install marker — flipped to 1 inside HistoryBlockHashUtil.deploy() + // only after the three store writes succeed. Stays 0 when deploy() skips on + // foreign-state collision; HistoryBlockHashUtil.write() reads this to decide + // whether StorageRowStore at the canonical address is ours to mutate. + private static final byte[] BLOCK_HASH_HISTORY_INSTALLED = + "BLOCK_HASH_HISTORY_INSTALLED".getBytes(); + private static final byte[] ALLOW_HARDEN_RESOURCE_CALCULATION = "ALLOW_HARDEN_RESOURCE_CALCULATION".getBytes(); @@ -2999,6 +3008,36 @@ public void saveAllowTvmOsaka(long value) { this.put(ALLOW_TVM_OSAKA, new BytesCapsule(ByteArray.fromLong(value))); } + public long getAllowTvmPrague() { + return Optional.ofNullable(getUnchecked(ALLOW_TVM_PRAGUE)) + .map(BytesCapsule::getData) + .map(ByteArray::toLong) + .orElse(0L); + } + + public void saveAllowTvmPrague(long value) { + this.put(ALLOW_TVM_PRAGUE, new BytesCapsule(ByteArray.fromLong(value))); + } + + public boolean allowTvmPrague() { + return getAllowTvmPrague() == 1L; + } + + public long getBlockHashHistoryInstalled() { + return Optional.ofNullable(getUnchecked(BLOCK_HASH_HISTORY_INSTALLED)) + .map(BytesCapsule::getData) + .map(ByteArray::toLong) + .orElse(0L); + } + + public void saveBlockHashHistoryInstalled(long value) { + this.put(BLOCK_HASH_HISTORY_INSTALLED, new BytesCapsule(ByteArray.fromLong(value))); + } + + public boolean isBlockHashHistoryInstalled() { + return getBlockHashHistoryInstalled() == 1L; + } + public long getAllowHardenResourceCalculation() { return Optional.ofNullable(getUnchecked(ALLOW_HARDEN_RESOURCE_CALCULATION)) .map(BytesCapsule::getData) diff --git a/framework/src/main/java/org/tron/core/Wallet.java b/framework/src/main/java/org/tron/core/Wallet.java index 279153115d9..0482643d8d0 100755 --- a/framework/src/main/java/org/tron/core/Wallet.java +++ b/framework/src/main/java/org/tron/core/Wallet.java @@ -1480,6 +1480,11 @@ public Protocol.ChainParameters getChainParameters() { .setValue(dbManager.getDynamicPropertiesStore().getAllowTvmOsaka()) .build()); + builder.addChainParameter(Protocol.ChainParameters.ChainParameter.newBuilder() + .setKey("getAllowTvmPrague") + .setValue(dbManager.getDynamicPropertiesStore().getAllowTvmPrague()) + .build()); + builder.addChainParameter(Protocol.ChainParameters.ChainParameter.newBuilder() .setKey("getAllowHardenResourceCalculation") .setValue(dbManager.getDynamicPropertiesStore().getAllowHardenResourceCalculation()) diff --git a/framework/src/main/java/org/tron/core/consensus/ProposalService.java b/framework/src/main/java/org/tron/core/consensus/ProposalService.java index c95ec1c657d..543deab2fc6 100644 --- a/framework/src/main/java/org/tron/core/consensus/ProposalService.java +++ b/framework/src/main/java/org/tron/core/consensus/ProposalService.java @@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j; import org.tron.core.capsule.ProposalCapsule; import org.tron.core.config.Parameter.ForkBlockVersionEnum; +import org.tron.core.db.HistoryBlockHashUtil; import org.tron.core.db.Manager; import org.tron.core.store.DynamicPropertiesStore; import org.tron.core.utils.ProposalUtil; @@ -396,6 +397,11 @@ public static boolean process(Manager manager, ProposalCapsule proposalCapsule) manager.getDynamicPropertiesStore().saveAllowTvmOsaka(entry.getValue()); break; } + case ALLOW_TVM_PRAGUE: { + manager.getDynamicPropertiesStore().saveAllowTvmPrague(entry.getValue()); + HistoryBlockHashUtil.deploy(manager); + break; + } case ALLOW_HARDEN_RESOURCE_CALCULATION: { manager.getDynamicPropertiesStore() .saveAllowHardenResourceCalculation(entry.getValue()); diff --git a/framework/src/main/java/org/tron/core/db/HistoryBlockHashUtil.java b/framework/src/main/java/org/tron/core/db/HistoryBlockHashUtil.java new file mode 100644 index 00000000000..19a0e278e08 --- /dev/null +++ b/framework/src/main/java/org/tron/core/db/HistoryBlockHashUtil.java @@ -0,0 +1,158 @@ +package org.tron.core.db; + +import com.google.protobuf.ByteString; +import lombok.extern.slf4j.Slf4j; +import org.bouncycastle.util.encoders.Hex; +import org.tron.common.runtime.vm.DataWord; +import org.tron.core.capsule.AccountCapsule; +import org.tron.core.capsule.BlockCapsule; +import org.tron.core.capsule.CodeCapsule; +import org.tron.core.capsule.ContractCapsule; +import org.tron.core.vm.program.Storage; +import org.tron.protos.Protocol; +import org.tron.protos.Protocol.Account; +import org.tron.protos.contract.SmartContractOuterClass.SmartContract; + +/** + * TIP-2935 (EIP-2935): serve historical block hashes from state. + * + *

Approach A1 — at proposal activation, deploy the BlockHashHistory bytecode + * and minimal contract/account metadata via direct store writes; on every block + * (before the tx loop) write the parent block hash to slot + * {@code (blockNum - 1) % HISTORY_SERVE_WINDOW} via {@link Storage}. + * No VM execution is needed for {@code set()}; user contracts read via normal + * STATICCALL which executes the deployed bytecode. + */ +@Slf4j(topic = "DB") +public class HistoryBlockHashUtil { + + public static final long HISTORY_SERVE_WINDOW = 8191L; + + // 21-byte TRON address (0x41 prefix + 20-byte EVM address 0x0000F908...2935) + public static final byte[] HISTORY_STORAGE_ADDRESS = + Hex.decode("410000f90827f1c53a10cb7a02335b175320002935"); + + // Recovered sender of the EIP-2935 presigned (no-private-key) deploy + // transaction on Ethereum, in TRON 21-byte form. Used as {@code originAddress} + // on the deployed SmartContract so the deployer-of-record matches Ethereum + // byte-for-byte; cross-chain tooling that inspects this field sees the same + // address on both sides. + public static final byte[] HISTORY_DEPLOYER_ADDRESS = + Hex.decode("413462413af4609098e1e27a490f554f260213d685"); + + // TIP-2935 runtime bytecode (83 bytes, no constructor prefix). Identical to + // EIP-2935's so the same address resolves to the same code on both chains. + public static final byte[] HISTORY_STORAGE_CODE = Hex.decode( + "3373fffffffffffffffffffffffffffffffffffffffe" + + "14604657602036036042575f35600143038111604257" + + "611fff81430311604257611fff9006545f5260205ff3" + + "5b5f5ffd5b5f35611fff60014303065500"); + + public static final String HISTORY_STORAGE_NAME = "BlockHashHistory"; + + // Account template for the new-account branch of {@code deploy()} (no prior + // state at the canonical address). Equivalent to create2's + // {@code createAccount(addr, name, Contract)}: only type, accountName, and + // address are set. The pre-existing-account branch never uses this template + // — it mutates the existing capsule in place to preserve balance / asset + // state, mirroring the CREATE2 collision path. Safe to share: the proto is + // immutable, and AccountCapsule mutations rebuild via {@code toBuilder}. + private static final Account HISTORY_STORAGE_ACCOUNT = Account.newBuilder() + .setType(Protocol.AccountType.Contract) + .setAccountName(ByteString.copyFromUtf8(HISTORY_STORAGE_NAME)) + .setAddress(ByteString.copyFrom(HISTORY_STORAGE_ADDRESS)) + .build(); + + // SmartContract template: every field is fixed at activation time, so the + // proto is immutable and shared across calls. Mirrors the create2 path's + // shape (version=0, contractAddress, consumeUserResourcePercent=100, + // originAddress) plus a descriptive name. No trxHash since activation is + // not a transaction. + private static final SmartContract HISTORY_STORAGE_CONTRACT = SmartContract.newBuilder() + .setName(HISTORY_STORAGE_NAME) + .setContractAddress(ByteString.copyFrom(HISTORY_STORAGE_ADDRESS)) + .setOriginAddress(ByteString.copyFrom(HISTORY_DEPLOYER_ADDRESS)) + .setConsumeUserResourcePercent(100L) + .build(); + + private HistoryBlockHashUtil() { + } + + /** + * Deploy the TIP-2935 BlockHashHistory contract at {@code HISTORY_STORAGE_ADDRESS}. + * If foreign code or contract metadata already sits at the canonical address, + * logs a warning and returns without writing — the collision is deterministic + * across nodes (same pre-state ⇒ same decision), so the proposal flag still + * commits and chain consensus is intact. The foreign contract executes as-is + * on every node; TIP-2935 functionality is silently absent at this address. + * A SHA-3 pre-image of the address is the only realistic way that branch + * fires, so it's belt-and-braces. A pre-existing non-contract account at the + * address is the common case (anyone can transfer TRX there to activate it + * as an EOA), so we upgrade its type to {@code Contract} in place — matching + * the CREATE2 collision branch ({@code updateAccountType} + + * {@code clearDelegatedResource}) and preserving balance/asset state. + * + *

Called only from {@code ProposalService} inside maintenance-time block + * processing. Proposal validation rejects re-activation, so this runs at most + * once per chain history; the three store writes share the block's revoking + * session, so any node-local exception (RocksDB / IO) propagates and rolls + * the {@code saveAllowTvmPrague(1)} write back atomically. + */ + public static void deploy(Manager manager) { + if (manager.getCodeStore().has(HISTORY_STORAGE_ADDRESS) + || manager.getContractStore().has(HISTORY_STORAGE_ADDRESS)) { + logger.warn("TIP-2935: foreign state at {}, skipping deploy", + Hex.toHexString(HISTORY_STORAGE_ADDRESS)); + return; + } + + manager.getCodeStore().put(HISTORY_STORAGE_ADDRESS, + new CodeCapsule(HISTORY_STORAGE_CODE)); + manager.getContractStore().put(HISTORY_STORAGE_ADDRESS, + new ContractCapsule(HISTORY_STORAGE_CONTRACT)); + + AccountCapsule account = manager.getAccountStore().get(HISTORY_STORAGE_ADDRESS); + boolean accountExisting = account != null; + if (!accountExisting) { + account = new AccountCapsule(HISTORY_STORAGE_ACCOUNT); + } else { + account.updateAccountType(Protocol.AccountType.Contract); + account.clearDelegatedResource(); + } + manager.getAccountStore().put(HISTORY_STORAGE_ADDRESS, account); + + // Flip the install marker only after all three store writes succeed; this + // gates the per-block write() path so a skipped deploy never mutates + // foreign storage. Any node-local exception above propagates and rolls + // the marker back together with the partial writes via the revoking session. + manager.getDynamicPropertiesStore().saveBlockHashHistoryInstalled(1L); + + logger.info("TIP-2935: deployed BlockHashHistory at {} (preExistingAccount={})", + Hex.toHexString(HISTORY_STORAGE_ADDRESS), accountExisting); + } + + /** + * Write the parent block hash to storage at slot + * {@code (blockNum - 1) % HISTORY_SERVE_WINDOW}. Called from + * {@code Manager.processBlock} before the tx loop so transactions can SLOAD + * it via STATICCALL to the deployed bytecode. + */ + public static void write(Manager manager, BlockCapsule block) { + // Genesis has no parent; applyBlock never invokes this for block 0, but be + // explicit so (0-1) % 8191 = -1 in Java can never corrupt a slot. + if (block.getNum() <= 0) { + return; + } + // Defense-in-depth: deploy() skips on foreign state at the canonical + // address, but the proposal flag still commits. Gate on the install + // marker (set at the tail of a successful deploy()) so write() can never + // overwrite an unrelated contract's storage. Single store hit, cached. + if (!manager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()) { + return; + } + long slot = (block.getNum() - 1) % HISTORY_SERVE_WINDOW; + Storage storage = new Storage(HISTORY_STORAGE_ADDRESS, manager.getStorageRowStore()); + storage.put(new DataWord(slot), new DataWord(block.getParentHash().getBytes())); + storage.commit(); + } +} diff --git a/framework/src/main/java/org/tron/core/db/Manager.java b/framework/src/main/java/org/tron/core/db/Manager.java index 470dbb1650f..0c55a657950 100644 --- a/framework/src/main/java/org/tron/core/db/Manager.java +++ b/framework/src/main/java/org/tron/core/db/Manager.java @@ -1858,6 +1858,7 @@ private void processBlock(BlockCapsule block, List txs) TransactionRetCapsule transactionRetCapsule = new TransactionRetCapsule(block); + HistoryBlockHashUtil.write(this, block); try { merkleContainer.resetCurrentMerkleTree(); accountStateCallBack.preExecute(block); diff --git a/framework/src/test/java/org/tron/core/actuator/utils/ProposalUtilTest.java b/framework/src/test/java/org/tron/core/actuator/utils/ProposalUtilTest.java index efe2c2b871b..16a3cb3a5bb 100644 --- a/framework/src/test/java/org/tron/core/actuator/utils/ProposalUtilTest.java +++ b/framework/src/test/java/org/tron/core/actuator/utils/ProposalUtilTest.java @@ -343,6 +343,8 @@ public void validateCheck() { testAllowTvmSelfdestructRestrictionProposal(); + testAllowTvmPragueProposal(); + testAllowHardenResourceCalculationProposal(); testAllowHardenExchangeCalculationProposal(); @@ -577,6 +579,8 @@ private void testAllowHardenResourceCalculationProposal() { byte[] stats = new byte[27]; forkUtils.getManager().getDynamicPropertiesStore() .statsByVersion(ForkBlockVersionEnum.VERSION_4_8_1.getValue(), stats); + forkUtils.getManager().getDynamicPropertiesStore() + .statsByVersion(ForkBlockVersionEnum.VERSION_4_8_2.getValue(), stats); ContractValidateException e1 = Assert.assertThrows(ContractValidateException.class, () -> ProposalUtil.validator(dynamicPropertiesStore, forkUtils, ProposalType.ALLOW_HARDEN_RESOURCE_CALCULATION.getCode(), 1)); @@ -615,6 +619,69 @@ private void testAllowHardenResourceCalculationProposal() { e3.getMessage()); } + private void testAllowTvmPragueProposal() { + byte[] stats = new byte[27]; + forkUtils.getManager().getDynamicPropertiesStore() + .statsByVersion(ForkBlockVersionEnum.VERSION_4_8_2.getValue(), stats); + try { + ProposalUtil.validator(dynamicPropertiesStore, forkUtils, + ProposalType.ALLOW_TVM_PRAGUE.getCode(), 1); + Assert.fail(); + } catch (ContractValidateException e) { + Assert.assertEquals( + "Bad chain parameter id [ALLOW_TVM_PRAGUE]", + e.getMessage()); + } + + long maintenanceTimeInterval = forkUtils.getManager().getDynamicPropertiesStore() + .getMaintenanceTimeInterval(); + long hardForkTime = + ((ForkBlockVersionEnum.VERSION_4_8_2.getHardForkTime() - 1) / maintenanceTimeInterval + 1) + * maintenanceTimeInterval; + forkUtils.getManager().getDynamicPropertiesStore() + .saveLatestBlockHeaderTimestamp(hardForkTime + 1); + + stats = new byte[27]; + Arrays.fill(stats, (byte) 1); + forkUtils.getManager().getDynamicPropertiesStore() + .statsByVersion(ForkBlockVersionEnum.VERSION_4_8_2.getValue(), stats); + + // Fork passed but Shanghai not yet enacted: prague validator must refuse, + // since the deployed bytecode uses PUSH0 (gated on ALLOW_TVM_SHANGHAI). + try { + ProposalUtil.validator(dynamicPropertiesStore, forkUtils, + ProposalType.ALLOW_TVM_PRAGUE.getCode(), 1); + Assert.fail(); + } catch (ContractValidateException e) { + Assert.assertEquals( + "[ALLOW_TVM_PRAGUE] requires [ALLOW_TVM_SHANGHAI] to be enacted first", + e.getMessage()); + } + + dynamicPropertiesStore.saveAllowTvmShangHai(1); + + try { + ProposalUtil.validator(dynamicPropertiesStore, forkUtils, + ProposalType.ALLOW_TVM_PRAGUE.getCode(), 2); + Assert.fail(); + } catch (ContractValidateException e) { + Assert.assertEquals( + "This value[ALLOW_TVM_PRAGUE] is only allowed to be 1", + e.getMessage()); + } + + dynamicPropertiesStore.saveAllowTvmPrague(1); + try { + ProposalUtil.validator(dynamicPropertiesStore, forkUtils, + ProposalType.ALLOW_TVM_PRAGUE.getCode(), 1); + Assert.fail(); + } catch (ContractValidateException e) { + Assert.assertEquals( + "[ALLOW_TVM_PRAGUE] has been valid, no need to propose again", + e.getMessage()); + } + } + private void testAllowHardenExchangeCalculationProposal() { long code = ProposalType.ALLOW_HARDEN_EXCHANGE_CALCULATION.getCode(); ThrowingRunnable proposeZero = () -> ProposalUtil.validator(dynamicPropertiesStore, forkUtils, diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java new file mode 100644 index 00000000000..a4aaa4a80b7 --- /dev/null +++ b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java @@ -0,0 +1,266 @@ +package org.tron.core.db; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import com.google.protobuf.ByteString; +import java.util.Arrays; +import org.junit.Before; +import org.junit.Test; +import org.tron.common.BaseTest; +import org.tron.common.TestConstants; +import org.tron.common.runtime.vm.DataWord; +import org.tron.common.utils.Sha256Hash; +import org.tron.core.capsule.AccountCapsule; +import org.tron.core.capsule.BlockCapsule; +import org.tron.core.capsule.CodeCapsule; +import org.tron.core.capsule.ContractCapsule; +import org.tron.core.config.args.Args; +import org.tron.core.store.DynamicPropertiesStore; +import org.tron.core.store.StoreFactory; +import org.tron.core.vm.program.Storage; +import org.tron.core.vm.repository.RepositoryImpl; +import org.tron.protos.Protocol; +import org.tron.protos.contract.SmartContractOuterClass.SmartContract; + +/** + * TIP-2935 end-to-end: activation deploys the contract, subsequent blocks + * populate the ring buffer via the pre-tx hook, and the VM repository reads + * back written hashes through the same {@code Storage.compose()} layer that + * production {@code SLOAD} uses. + */ +public class HistoryBlockHashIntegrationTest extends BaseTest { + + static { + Args.setParam(new String[]{"--output-directory", dbPath()}, TestConstants.TEST_CONF); + } + + @Before + public void resetState() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(0L); + chainBaseManager.getDynamicPropertiesStore().saveBlockHashHistoryInstalled(0L); + chainBaseManager.getCodeStore().delete(addr); + chainBaseManager.getContractStore().delete(addr); + chainBaseManager.getAccountStore().delete(addr); + // Storage.commit() translates a zero write into a row delete (see + // Storage#commit), so writing ZERO to every slot the suite touches is + // the cheapest way to clear leftover state between tests. + Storage storage = new Storage(addr, chainBaseManager.getStorageRowStore()); + for (long slot : new long[]{0L, 99L, 499L, 776L}) { + storage.put(new DataWord(slot), DataWord.ZERO()); + } + storage.commit(); + } + + private DataWord readSlot(long slot) { + Storage storage = new Storage( + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, + chainBaseManager.getStorageRowStore()); + return storage.getValue(new DataWord(slot)); + } + + @Test + public void activationDeploysContractAndFlagIsSet() { + DynamicPropertiesStore dps = chainBaseManager.getDynamicPropertiesStore(); + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + + assertEquals(0L, dps.getAllowTvmPrague()); + assertFalse(chainBaseManager.getCodeStore().has(addr)); + + dps.saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + assertEquals(1L, dps.getAllowTvmPrague()); + assertTrue(chainBaseManager.getCodeStore().has(addr)); + CodeCapsule code = chainBaseManager.getCodeStore().get(addr); + assertNotNull(code); + assertArrayEquals(HistoryBlockHashUtil.HISTORY_STORAGE_CODE, code.getData()); + } + + @Test + public void writeAfterActivationFillsStorageSlot() { + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + long blockNum = 500L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0x5a); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + DataWord readBack = readSlot(499L); + assertNotNull(readBack); + assertArrayEquals(parentHash, readBack.getData()); + } + + @Test + public void vmRepositoryReadsBackWrittenHash() { + // Full round-trip: direct-write through Storage -> VM Repository -> getStorageValue. + // Proves write and read go through the same Storage.compose() layer. + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + long blockNum = 777L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0x77); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + HistoryBlockHashUtil.write(dbManager, block); + + RepositoryImpl repo = RepositoryImpl.createRoot(StoreFactory.getInstance()); + + // (777 - 1) % 8191 = 776 + DataWord slotKey = new DataWord(776L); + DataWord readBack = repo.getStorageValue( + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, slotKey); + + assertNotNull("VM repository failed to read stored hash", readBack); + assertArrayEquals("VM read-back != direct-written hash", + parentHash, readBack.getData()); + } + + @Test + public void noWriteBeforeActivation() { + assertEquals(0L, + chainBaseManager.getDynamicPropertiesStore().getAllowTvmPrague()); + assertFalse(chainBaseManager.getDynamicPropertiesStore() + .isBlockHashHistoryInstalled()); + + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xff); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + // Manager calls write() unconditionally; the install marker stays 0 + // before activation, so write() must early-return. + HistoryBlockHashUtil.write(dbManager, block); + + assertNull(readSlot(99L)); + } + + /** + * Block 1 is the first block to go through {@code applyBlock -> processBlock}. + * Its parent is the genesis block, so slot 0 must hold the genesis block hash. + */ + @Test + public void writeForBlock1StoresGenesisHashAtSlot0() { + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + byte[] genesisHash = new byte[32]; + Arrays.fill(genesisHash, (byte) 0x01); + BlockCapsule block1 = new BlockCapsule( + 1L, + Sha256Hash.wrap(genesisHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block1); + + DataWord readBack = readSlot(0L); + assertNotNull(readBack); + assertArrayEquals(genesisHash, readBack.getData()); + } + + /** + * Genesis never goes through {@code applyBlock}, but the guard keeps + * {@code (0 - 1) % 8191 = -1} from ever corrupting a slot if it ever did. + */ + @Test + public void writeIsNoOpForGenesisBlock() { + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + byte[] zeroHash = new byte[32]; + BlockCapsule genesis = new BlockCapsule( + 0L, + Sha256Hash.wrap(zeroHash), + 0L, + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, genesis); + + assertNull(readSlot(0L)); + } + + /** + * Collision guard: if foreign bytecode already sits at the canonical address + * (theoretically impossible short of a hash pre-image), activation must skip + * the deploy entirely — leaving the foreign code intact and writing nothing + * to ContractStore / AccountStore — rather than silently merging into a + * broken contract. Same expectation applies to foreign contract metadata. + */ + @Test + public void deploySkipsWhenForeignBytecodePresent() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + byte[] foreignCode = new byte[]{0x60, 0x00}; + chainBaseManager.getCodeStore().put(addr, new CodeCapsule(foreignCode)); + + HistoryBlockHashUtil.deploy(dbManager); + + assertArrayEquals(foreignCode, + chainBaseManager.getCodeStore().get(addr).getData()); + assertFalse(chainBaseManager.getContractStore().has(addr)); + assertFalse(chainBaseManager.getAccountStore().has(addr)); + } + + @Test + public void deploySkipsWhenForeignContractPresent() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + SmartContract foreign = SmartContract.newBuilder() + .setName("NotBlockHashHistory") + .setContractAddress(ByteString.copyFrom(addr)) + .setOriginAddress(ByteString.copyFrom(addr)) + .build(); + chainBaseManager.getContractStore().put(addr, new ContractCapsule(foreign)); + + HistoryBlockHashUtil.deploy(dbManager); + + assertEquals("NotBlockHashHistory", + chainBaseManager.getContractStore().get(addr).getInstance().getName()); + assertFalse(chainBaseManager.getCodeStore().has(addr)); + assertFalse(chainBaseManager.getAccountStore().has(addr)); + } + + /** + * Anyone can transfer TRX to {@code HISTORY_STORAGE_ADDRESS} before the + * proposal fires, leaving an EOA at the canonical address. Activation must + * upgrade the type to {@code Contract} in place — preserving balance — + * rather than failing or zeroing the account. + */ + @Test + public void deployUpgradesPreExistingNormalAccountPreservingBalance() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + long balance = 12345L; + AccountCapsule eoa = new AccountCapsule( + ByteString.copyFrom(addr), Protocol.AccountType.Normal); + eoa.setBalance(balance); + chainBaseManager.getAccountStore().put(addr, eoa); + + HistoryBlockHashUtil.deploy(dbManager); + + AccountCapsule after = chainBaseManager.getAccountStore().get(addr); + assertEquals(Protocol.AccountType.Contract, after.getType()); + assertEquals(balance, after.getBalance()); + assertTrue(chainBaseManager.getCodeStore().has(addr)); + assertTrue(chainBaseManager.getContractStore().has(addr)); + } + +} diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java new file mode 100644 index 00000000000..07b026be335 --- /dev/null +++ b/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java @@ -0,0 +1,199 @@ +package org.tron.core.db; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import com.google.protobuf.ByteString; +import java.util.Arrays; +import org.bouncycastle.util.encoders.Hex; +import org.junit.Before; +import org.junit.Test; +import org.tron.common.BaseTest; +import org.tron.common.TestConstants; +import org.tron.common.runtime.vm.DataWord; +import org.tron.common.utils.Sha256Hash; +import org.tron.core.capsule.AccountCapsule; +import org.tron.core.capsule.BlockCapsule; +import org.tron.core.capsule.CodeCapsule; +import org.tron.core.capsule.ContractCapsule; +import org.tron.core.config.args.Args; +import org.tron.core.vm.program.Storage; +import org.tron.protos.Protocol; +import org.tron.protos.contract.SmartContractOuterClass.SmartContract; + +public class HistoryBlockHashUtilTest extends BaseTest { + + static { + Args.setParam(new String[]{"--output-directory", dbPath()}, TestConstants.TEST_CONF); + } + + @Before + public void resetState() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + chainBaseManager.getCodeStore().delete(addr); + chainBaseManager.getContractStore().delete(addr); + chainBaseManager.getAccountStore().delete(addr); + chainBaseManager.getDynamicPropertiesStore().saveBlockHashHistoryInstalled(0L); + // Storage.commit() translates a zero write into a row delete (see + // Storage#commit), so writing ZERO to every slot the suite touches is + // the cheapest way to clear leftover state between tests. + Storage storage = new Storage(addr, chainBaseManager.getStorageRowStore()); + for (long slot : new long[]{0L, 99L, 499L, 776L}) { + storage.put(new DataWord(slot), DataWord.ZERO()); + } + storage.commit(); + } + + private DataWord readSlot(long slot) { + Storage storage = new Storage( + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, + chainBaseManager.getStorageRowStore()); + return storage.getValue(new DataWord(slot)); + } + + @Test + public void deployCreatesCodeContractAndAccount() { + HistoryBlockHashUtil.deploy(dbManager); + + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + + assertTrue(chainBaseManager.getCodeStore().has(addr)); + CodeCapsule code = chainBaseManager.getCodeStore().get(addr); + assertNotNull(code); + assertArrayEquals(HistoryBlockHashUtil.HISTORY_STORAGE_CODE, code.getData()); + + ContractCapsule contract = chainBaseManager.getContractStore().get(addr); + assertNotNull(contract); + SmartContract proto = contract.getInstance(); + assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, proto.getName()); + assertArrayEquals(addr, proto.getContractAddress().toByteArray()); + assertEquals("version must be 0", 0, proto.getVersion()); + assertEquals(100L, proto.getConsumeUserResourcePercent()); + assertArrayEquals("originAddress must be the EIP-2935 system caller", + HistoryBlockHashUtil.HISTORY_DEPLOYER_ADDRESS, + proto.getOriginAddress().toByteArray()); + + assertTrue(chainBaseManager.getAccountStore().has(addr)); + AccountCapsule account = chainBaseManager.getAccountStore().get(addr); + assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, + account.getAccountName().toStringUtf8()); + assertEquals(Protocol.AccountType.Contract, account.getType()); + assertTrue("install marker must flip after a successful deploy", + chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); + } + + @Test + public void writeStoresParentHashAtCorrectSlot() { + HistoryBlockHashUtil.deploy(dbManager); + + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xab); + + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + DataWord readBack = readSlot(99L); + assertNotNull(readBack); + assertArrayEquals(parentHash, readBack.getData()); + } + + @Test + public void writeUsesRingBufferModulo() { + HistoryBlockHashUtil.deploy(dbManager); + + // (8192 - 1) % 8191 = 0 + long blockNum = 8192L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xcd); + + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + DataWord readBack = readSlot(0L); + assertNotNull(readBack); + assertArrayEquals(parentHash, readBack.getData()); + } + + @Test + public void beforeDeployNothingIsWritten() { + assertFalse(chainBaseManager.getCodeStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + assertFalse(chainBaseManager.getContractStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + assertFalse(chainBaseManager.getAccountStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + } + + /** + * If {@code deploy()} never ran (e.g. flag flipped without the deploy path), + * {@code write()} must not mutate {@code StorageRowStore} at the canonical + * address — otherwise the next call to {@code deploy()} would land on top of + * partially-written state. + */ + @Test + public void writeIsNoOpBeforeDeploy() { + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xab); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + assertNull("write() must be a no-op without an installed BlockHashHistory", + readSlot(99L)); + } + + /** + * Defense-in-depth: when foreign bytecode sits at the canonical address, + * {@code deploy()} skips and the install marker stays 0, so {@code write()} + * must refuse to overwrite that contract's storage every block. Triggering + * the collision in practice requires a SHA-3 pre-image of the address, but + * the marker check is a single cached store hit. + */ + @Test + public void writeIsNoOpOnForeignCode() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + byte[] foreignCode = Hex.decode("60016002"); + chainBaseManager.getCodeStore().put(addr, new CodeCapsule(foreignCode)); + + HistoryBlockHashUtil.deploy(dbManager); + + assertFalse("install marker must stay 0 when deploy skipped", + chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); + + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xcd); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + assertNull("write() must not overwrite a foreign contract's storage", + readSlot(99L)); + assertArrayEquals("foreign code must remain intact", + foreignCode, chainBaseManager.getCodeStore().get(addr).getData()); + } +} diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashVmTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashVmTest.java new file mode 100644 index 00000000000..2dd15392684 --- /dev/null +++ b/framework/src/test/java/org/tron/core/db/HistoryBlockHashVmTest.java @@ -0,0 +1,243 @@ +package org.tron.core.db; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import com.google.protobuf.ByteString; +import java.util.Arrays; +import org.bouncycastle.util.encoders.Hex; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.tron.common.BaseTest; +import org.tron.common.TestConstants; +import org.tron.common.runtime.TVMTestResult; +import org.tron.common.runtime.TvmTestUtils; +import org.tron.common.runtime.vm.DataWord; +import org.tron.common.utils.Sha256Hash; +import org.tron.core.capsule.AccountCapsule; +import org.tron.core.capsule.BlockCapsule; +import org.tron.core.config.args.Args; +import org.tron.core.store.DynamicPropertiesStore; +import org.tron.core.vm.config.ConfigLoader; +import org.tron.core.vm.program.Program.IllegalOperationException; +import org.tron.core.vm.program.Storage; +import org.tron.protos.Protocol; + +/** + * Real STATICCALL execution of the deployed TIP-2935 bytecode through the VM + * trace path. Complements {@link HistoryBlockHashIntegrationTest}, which only + * verifies that storage writes round-trip through {@code RepositoryImpl}. + * + *

Each test prepares storage and a {@code BlockCapsule} (which fixes the + * EVM {@code block.number}), invokes the deployed contract via + * {@code TvmTestUtils.triggerContract...}, and asserts the bytecode's + * documented branches: normal return, bootstrap zero, three revert paths, + * and PUSH0 not tripping {@code IllegalOperationException} under Shanghai. + */ +public class HistoryBlockHashVmTest extends BaseTest { + + static { + Args.setParam( + new String[]{"--output-directory", dbPath(), "--debug"}, + TestConstants.TEST_CONF); + } + + private static final byte[] OWNER = + Hex.decode("41abd4b9367799eaa3197fecb144eb71de1e049abc"); + private static final long FEE_LIMIT = 1_000_000_000L; + + @Before + public void init() { + // Some prior tests in the same Gradle JVM batch may flip ConfigLoader.disable + // to true, which would freeze VMConfig at whatever it last held. Reset so + // VMActuator picks up the DPS values we set below. + ConfigLoader.disable = false; + + DynamicPropertiesStore dps = chainBaseManager.getDynamicPropertiesStore(); + dps.saveAllowTvmConstantinople(1L); + dps.saveAllowTvmTransferTrc10(1L); + dps.saveAllowTvmSolidity059(1L); + dps.saveAllowTvmIstanbul(1L); + dps.saveAllowTvmLondon(1L); + dps.saveAllowTvmShangHai(1L); + dps.saveAllowTvmPrague(1L); + + AccountCapsule owner = new AccountCapsule( + ByteString.copyFrom(OWNER), Protocol.AccountType.Normal); + owner.setBalance(30_000_000_000_000L); + chainBaseManager.getAccountStore().put(OWNER, owner); + + HistoryBlockHashUtil.deploy(dbManager); + } + + @After + public void cleanup() { + // BaseTest shares the Spring context across @Test methods in this class, + // so reset every store we touched. + DynamicPropertiesStore dps = chainBaseManager.getDynamicPropertiesStore(); + dps.saveAllowTvmShangHai(0L); + dps.saveAllowTvmPrague(0L); + dps.saveBlockHashHistoryInstalled(0L); + + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + chainBaseManager.getCodeStore().delete(addr); + chainBaseManager.getContractStore().delete(addr); + chainBaseManager.getAccountStore().delete(addr); + + Storage storage = new Storage(addr, chainBaseManager.getStorageRowStore()); + for (long slot : new long[]{0L, 1L, 50L, 100L, 900L, 999L, 1000L}) { + storage.put(new DataWord(slot), DataWord.ZERO()); + } + storage.commit(); + } + + private void writeSlot(long slot, byte[] hash) { + Storage storage = new Storage( + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, + chainBaseManager.getStorageRowStore()); + storage.put(new DataWord(slot), new DataWord(hash)); + storage.commit(); + } + + private BlockCapsule blockAt(long num) { + BlockCapsule block = new BlockCapsule( + num, + Sha256Hash.wrap(new byte[32]), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + // Skip the cpu-limit-ratio path that reads {@code trx.getRet(0)}; the + // bare TriggerSmartContract built by TvmTestUtils carries no Ret entry. + block.generatedByMyself = true; + return block; + } + + private static byte[] uint256(long n) { + return new DataWord(n).getData(); + } + + private TVMTestResult call(byte[] calldata, long currentBlockNum) throws Exception { + return TvmTestUtils.triggerContractAndReturnTvmTestResult( + OWNER, + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, + calldata, + 0L, + FEE_LIMIT, + dbManager, + blockAt(currentBlockNum)); + } + + /** + * Normal read: 32-byte calldata pointing at a block within the sliding + * window whose slot has been populated. The bytecode SLOAD-and-RETURNs + * the stored hash; this also exercises every PUSH0 in the read path. + */ + @Test + public void vmReturnsWrittenHashForBlockInWindow() throws Exception { + long current = 1000L; + long queried = current - 100L; + byte[] hash = new byte[32]; + Arrays.fill(hash, (byte) 0xab); + writeSlot(queried % HistoryBlockHashUtil.HISTORY_SERVE_WINDOW, hash); + + TVMTestResult result = call(uint256(queried), current); + + assertFalse("must not revert", result.getRuntime().getResult().isRevert()); + assertNull("must not throw", result.getRuntime().getResult().getException()); + byte[] hReturn = result.getRuntime().getResult().getHReturn(); + assertNotNull("must return data", hReturn); + assertArrayEquals(hash, hReturn); + } + + /** + * Bootstrap behavior: when a slot has not been written yet (pre-activation + * blocks within the sliding window, or fresh post-activation), the SLOAD + * returns 0 and the contract returns {@code bytes32(0)} — never reverts. + */ + @Test + public void vmReturnsZeroForUnwrittenSlot() throws Exception { + long current = 1000L; + long queried = current - 50L; + + TVMTestResult result = call(uint256(queried), current); + + assertFalse("must not revert", result.getRuntime().getResult().isRevert()); + assertNull("must not throw", result.getRuntime().getResult().getException()); + byte[] hReturn = result.getRuntime().getResult().getHReturn(); + assertNotNull("must return data", hReturn); + assertArrayEquals(new byte[32], hReturn); + } + + /** + * Out-of-range upper bound: querying the current block number (or any + * future block) is not serviceable — the bytecode reverts via 5f5ffd. + */ + @Test + public void vmRevertsForFutureBlock() throws Exception { + long current = 1000L; + long queried = current; + + TVMTestResult result = call(uint256(queried), current); + + assertTrue("must revert for queried >= current", + result.getRuntime().getResult().isRevert()); + } + + /** + * Out-of-range lower bound: once {@code queried + 8191 < current}, the slot + * has already been overwritten by a newer block in the ring buffer, so the + * bytecode reverts rather than returning a stale hash. + */ + @Test + public void vmRevertsForBlockOutsideWindow() throws Exception { + long current = 1000L + HistoryBlockHashUtil.HISTORY_SERVE_WINDOW + 1L; + long queried = 1000L; + + TVMTestResult result = call(uint256(queried), current); + + assertTrue("must revert for queried + window < current", + result.getRuntime().getResult().isRevert()); + } + + /** + * Calldata length guard: anything other than 32 bytes — including the + * 4-byte ABI selector shape Solidity callers might accidentally encode — + * reverts immediately at the {@code 60203603604257} preamble. + */ + @Test + public void vmRevertsForBadCalldataLength() throws Exception { + long current = 1000L; + byte[] shortCalldata = new byte[]{0x01, 0x02, 0x03, 0x04}; + + TVMTestResult result = call(shortCalldata, current); + + assertTrue("must revert for calldata.size != 32", + result.getRuntime().getResult().isRevert()); + } + + /** + * Shanghai gate: the bytecode contains four PUSH0 (0x5f) opcodes on the + * read path. With {@code ALLOW_TVM_SHANGHAI=1}, a normal call must reach + * the RETURN without {@code IllegalOperationException} — i.e., PUSH0 is + * recognized and not treated as an invalid opcode. + */ + @Test + public void vmExecutionDoesNotInvalidOpcodeUnderShanghai() throws Exception { + long current = 1000L; + long queried = current - 1L; + byte[] hash = new byte[32]; + Arrays.fill(hash, (byte) 0xcd); + writeSlot(queried % HistoryBlockHashUtil.HISTORY_SERVE_WINDOW, hash); + + TVMTestResult result = call(uint256(queried), current); + + Throwable ex = result.getRuntime().getResult().getException(); + assertFalse("PUSH0 must not be an invalid opcode under Shanghai", + ex instanceof IllegalOperationException); + assertFalse("normal read must not revert", + result.getRuntime().getResult().isRevert()); + } +} From b5b8ee5b5437cfb764651d8dedb411144f130173 Mon Sep 17 00:00:00 2001 From: Asuka Date: Fri, 8 May 2026 17:05:27 +0800 Subject: [PATCH 2/3] fix(vm): write TIP-2935 parent hash before tx loop in generateBlock processBlock writes the parent block hash before iterating transactions; generateBlock did not, so the producer's simulation loop saw a stale/empty slot at HISTORY_STORAGE_ADDRESS while validators saw the live value. Mirror processBlock's call order. --- .../main/java/org/tron/core/db/Manager.java | 1 + .../db/HistoryBlockHashIntegrationTest.java | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/framework/src/main/java/org/tron/core/db/Manager.java b/framework/src/main/java/org/tron/core/db/Manager.java index 0c55a657950..d3aeb5bb2d6 100644 --- a/framework/src/main/java/org/tron/core/db/Manager.java +++ b/framework/src/main/java/org/tron/core/db/Manager.java @@ -1629,6 +1629,7 @@ public BlockCapsule generateBlock(Miner miner, long blockTime, long timeout) { session.reset(); session.setValue(revokingStore.buildSession()); + HistoryBlockHashUtil.write(this, blockCapsule); accountStateCallBack.preExecute(blockCapsule); if (getDynamicPropertiesStore().getAllowMultiSign() == 1) { diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java index a4aaa4a80b7..6def2230c13 100644 --- a/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java +++ b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java @@ -8,18 +8,24 @@ import static org.junit.Assert.assertTrue; import com.google.protobuf.ByteString; +import java.lang.reflect.Field; import java.util.Arrays; +import java.util.concurrent.atomic.AtomicReference; import org.junit.Before; import org.junit.Test; +import org.mockito.Mockito; import org.tron.common.BaseTest; import org.tron.common.TestConstants; +import org.tron.common.crypto.ECKey; import org.tron.common.runtime.vm.DataWord; import org.tron.common.utils.Sha256Hash; +import org.tron.consensus.base.Param; import org.tron.core.capsule.AccountCapsule; import org.tron.core.capsule.BlockCapsule; import org.tron.core.capsule.CodeCapsule; import org.tron.core.capsule.ContractCapsule; import org.tron.core.config.args.Args; +import org.tron.core.db.accountstate.callback.AccountStateCallBack; import org.tron.core.store.DynamicPropertiesStore; import org.tron.core.store.StoreFactory; import org.tron.core.vm.program.Storage; @@ -245,6 +251,64 @@ public void deploySkipsWhenForeignContractPresent() { * upgrade the type to {@code Contract} in place — preserving balance — * rather than failing or zeroing the account. */ + /** + * SR / validator parity: the producer's {@code generateBlock} simulation + * loop and the validator's {@code processBlock} apply loop must see the + * same storage state when transactions hit {@code HISTORY_STORAGE_ADDRESS}. + * That requires {@link HistoryBlockHashUtil#write} to run before the tx + * loop on both paths. {@code processBlock} writes at line 1858; this test + * pins the matching write inside {@code generateBlock}. + * + *

Spy {@code accountStateCallBack.preExecute} — called between the + * write and the tx loop on both paths — and snapshot the slot from inside + * the revoking session. Pre-fix the slot is empty (write never ran); + * post-fix it holds the parent block hash. + */ + @Test + public void generateBlockWritesParentHashBeforeTxLoop() throws Exception { + chainBaseManager.getDynamicPropertiesStore().saveAllowTvmPrague(1L); + HistoryBlockHashUtil.deploy(dbManager); + + byte[] expectedParentHash = chainBaseManager.getHeadBlockId().getBytes(); + long nextBlockNum = chainBaseManager.getHeadBlockNum() + 1; + long expectedSlot = + (nextBlockNum - 1) % HistoryBlockHashUtil.HISTORY_SERVE_WINDOW; + + Field cbField = Manager.class.getDeclaredField("accountStateCallBack"); + cbField.setAccessible(true); + AccountStateCallBack realCb = (AccountStateCallBack) cbField.get(dbManager); + AccountStateCallBack spy = Mockito.spy(realCb); + AtomicReference captured = new AtomicReference<>(); + Mockito.doAnswer(inv -> { + Storage st = new Storage( + HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, + chainBaseManager.getStorageRowStore()); + captured.set(st.getValue(new DataWord(expectedSlot))); + return inv.callRealMethod(); + }).when(spy).preExecute(Mockito.any(BlockCapsule.class)); + cbField.set(dbManager, spy); + + try { + ECKey ecKey = new ECKey(); + ByteString witness = ByteString.copyFrom(ecKey.getAddress()); + Param.Miner miner = + Param.getInstance().new Miner(ecKey.getPrivKeyBytes(), witness, witness); + long blockTime = System.currentTimeMillis() / 3000 * 3000; + BlockCapsule generated = dbManager.generateBlock( + miner, blockTime, System.currentTimeMillis() + 1000); + assertNotNull("generateBlock returned null", generated); + } finally { + cbField.set(dbManager, realCb); + } + + assertNotNull( + "preExecute fired with an empty slot — write() must run before preExecute", + captured.get()); + assertArrayEquals( + "slot must hold the parent block hash before the tx loop runs", + expectedParentHash, captured.get().getData()); + } + @Test public void deployUpgradesPreExistingNormalAccountPreservingBalance() { byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; From 6ec19f524b1014e834cd8fe0b0e9498a22edcfc9 Mon Sep 17 00:00:00 2001 From: Asuka Date: Fri, 8 May 2026 18:04:09 +0800 Subject: [PATCH 3/3] test(vm): consolidate TIP-2935 unit tests into integration suite --- .../db/HistoryBlockHashIntegrationTest.java | 143 +++++++++++++ .../core/db/HistoryBlockHashUtilTest.java | 199 ------------------ 2 files changed, 143 insertions(+), 199 deletions(-) delete mode 100644 framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java index 6def2230c13..186d897effa 100644 --- a/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java +++ b/framework/src/test/java/org/tron/core/db/HistoryBlockHashIntegrationTest.java @@ -11,6 +11,7 @@ import java.lang.reflect.Field; import java.util.Arrays; import java.util.concurrent.atomic.AtomicReference; +import org.bouncycastle.util.encoders.Hex; import org.junit.Before; import org.junit.Test; import org.mockito.Mockito; @@ -327,4 +328,146 @@ public void deployUpgradesPreExistingNormalAccountPreservingBalance() { assertTrue(chainBaseManager.getContractStore().has(addr)); } + @Test + public void deployCreatesCodeContractAndAccount() { + HistoryBlockHashUtil.deploy(dbManager); + + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + + assertTrue(chainBaseManager.getCodeStore().has(addr)); + CodeCapsule code = chainBaseManager.getCodeStore().get(addr); + assertNotNull(code); + assertArrayEquals(HistoryBlockHashUtil.HISTORY_STORAGE_CODE, code.getData()); + + ContractCapsule contract = chainBaseManager.getContractStore().get(addr); + assertNotNull(contract); + SmartContract proto = contract.getInstance(); + assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, proto.getName()); + assertArrayEquals(addr, proto.getContractAddress().toByteArray()); + assertEquals("version must be 0", 0, proto.getVersion()); + assertEquals(100L, proto.getConsumeUserResourcePercent()); + assertArrayEquals("originAddress must be the EIP-2935 system caller", + HistoryBlockHashUtil.HISTORY_DEPLOYER_ADDRESS, + proto.getOriginAddress().toByteArray()); + + assertTrue(chainBaseManager.getAccountStore().has(addr)); + AccountCapsule account = chainBaseManager.getAccountStore().get(addr); + assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, + account.getAccountName().toStringUtf8()); + assertEquals(Protocol.AccountType.Contract, account.getType()); + assertTrue("install marker must flip after a successful deploy", + chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); + } + + @Test + public void writeStoresParentHashAtCorrectSlot() { + HistoryBlockHashUtil.deploy(dbManager); + + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xab); + + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + DataWord readBack = readSlot(99L); + assertNotNull(readBack); + assertArrayEquals(parentHash, readBack.getData()); + } + + @Test + public void writeUsesRingBufferModulo() { + HistoryBlockHashUtil.deploy(dbManager); + + // (8192 - 1) % 8191 = 0 + long blockNum = 8192L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xcd); + + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + DataWord readBack = readSlot(0L); + assertNotNull(readBack); + assertArrayEquals(parentHash, readBack.getData()); + } + + @Test + public void beforeDeployNothingIsWritten() { + assertFalse(chainBaseManager.getCodeStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + assertFalse(chainBaseManager.getContractStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + assertFalse(chainBaseManager.getAccountStore() + .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); + } + + /** + * If {@code deploy()} never ran (e.g. flag flipped without the deploy path), + * {@code write()} must not mutate {@code StorageRowStore} at the canonical + * address — otherwise the next call to {@code deploy()} would land on top of + * partially-written state. + */ + @Test + public void writeIsNoOpBeforeDeploy() { + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xab); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + assertNull("write() must be a no-op without an installed BlockHashHistory", + readSlot(99L)); + } + + /** + * Defense-in-depth: when foreign bytecode sits at the canonical address, + * {@code deploy()} skips and the install marker stays 0, so {@code write()} + * must refuse to overwrite that contract's storage every block. Triggering + * the collision in practice requires a SHA-3 pre-image of the address, but + * the marker check is a single cached store hit. + */ + @Test + public void writeIsNoOpOnForeignCode() { + byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; + byte[] foreignCode = Hex.decode("60016002"); + chainBaseManager.getCodeStore().put(addr, new CodeCapsule(foreignCode)); + + HistoryBlockHashUtil.deploy(dbManager); + + assertFalse("install marker must stay 0 when deploy skipped", + chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); + + long blockNum = 100L; + byte[] parentHash = new byte[32]; + Arrays.fill(parentHash, (byte) 0xcd); + BlockCapsule block = new BlockCapsule( + blockNum, + Sha256Hash.wrap(parentHash), + System.currentTimeMillis(), + ByteString.copyFrom(new byte[21])); + + HistoryBlockHashUtil.write(dbManager, block); + + assertNull("write() must not overwrite a foreign contract's storage", + readSlot(99L)); + assertArrayEquals("foreign code must remain intact", + foreignCode, chainBaseManager.getCodeStore().get(addr).getData()); + } + } diff --git a/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java b/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java deleted file mode 100644 index 07b026be335..00000000000 --- a/framework/src/test/java/org/tron/core/db/HistoryBlockHashUtilTest.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.tron.core.db; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - -import com.google.protobuf.ByteString; -import java.util.Arrays; -import org.bouncycastle.util.encoders.Hex; -import org.junit.Before; -import org.junit.Test; -import org.tron.common.BaseTest; -import org.tron.common.TestConstants; -import org.tron.common.runtime.vm.DataWord; -import org.tron.common.utils.Sha256Hash; -import org.tron.core.capsule.AccountCapsule; -import org.tron.core.capsule.BlockCapsule; -import org.tron.core.capsule.CodeCapsule; -import org.tron.core.capsule.ContractCapsule; -import org.tron.core.config.args.Args; -import org.tron.core.vm.program.Storage; -import org.tron.protos.Protocol; -import org.tron.protos.contract.SmartContractOuterClass.SmartContract; - -public class HistoryBlockHashUtilTest extends BaseTest { - - static { - Args.setParam(new String[]{"--output-directory", dbPath()}, TestConstants.TEST_CONF); - } - - @Before - public void resetState() { - byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; - chainBaseManager.getCodeStore().delete(addr); - chainBaseManager.getContractStore().delete(addr); - chainBaseManager.getAccountStore().delete(addr); - chainBaseManager.getDynamicPropertiesStore().saveBlockHashHistoryInstalled(0L); - // Storage.commit() translates a zero write into a row delete (see - // Storage#commit), so writing ZERO to every slot the suite touches is - // the cheapest way to clear leftover state between tests. - Storage storage = new Storage(addr, chainBaseManager.getStorageRowStore()); - for (long slot : new long[]{0L, 99L, 499L, 776L}) { - storage.put(new DataWord(slot), DataWord.ZERO()); - } - storage.commit(); - } - - private DataWord readSlot(long slot) { - Storage storage = new Storage( - HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS, - chainBaseManager.getStorageRowStore()); - return storage.getValue(new DataWord(slot)); - } - - @Test - public void deployCreatesCodeContractAndAccount() { - HistoryBlockHashUtil.deploy(dbManager); - - byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; - - assertTrue(chainBaseManager.getCodeStore().has(addr)); - CodeCapsule code = chainBaseManager.getCodeStore().get(addr); - assertNotNull(code); - assertArrayEquals(HistoryBlockHashUtil.HISTORY_STORAGE_CODE, code.getData()); - - ContractCapsule contract = chainBaseManager.getContractStore().get(addr); - assertNotNull(contract); - SmartContract proto = contract.getInstance(); - assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, proto.getName()); - assertArrayEquals(addr, proto.getContractAddress().toByteArray()); - assertEquals("version must be 0", 0, proto.getVersion()); - assertEquals(100L, proto.getConsumeUserResourcePercent()); - assertArrayEquals("originAddress must be the EIP-2935 system caller", - HistoryBlockHashUtil.HISTORY_DEPLOYER_ADDRESS, - proto.getOriginAddress().toByteArray()); - - assertTrue(chainBaseManager.getAccountStore().has(addr)); - AccountCapsule account = chainBaseManager.getAccountStore().get(addr); - assertEquals(HistoryBlockHashUtil.HISTORY_STORAGE_NAME, - account.getAccountName().toStringUtf8()); - assertEquals(Protocol.AccountType.Contract, account.getType()); - assertTrue("install marker must flip after a successful deploy", - chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); - } - - @Test - public void writeStoresParentHashAtCorrectSlot() { - HistoryBlockHashUtil.deploy(dbManager); - - long blockNum = 100L; - byte[] parentHash = new byte[32]; - Arrays.fill(parentHash, (byte) 0xab); - - BlockCapsule block = new BlockCapsule( - blockNum, - Sha256Hash.wrap(parentHash), - System.currentTimeMillis(), - ByteString.copyFrom(new byte[21])); - - HistoryBlockHashUtil.write(dbManager, block); - - DataWord readBack = readSlot(99L); - assertNotNull(readBack); - assertArrayEquals(parentHash, readBack.getData()); - } - - @Test - public void writeUsesRingBufferModulo() { - HistoryBlockHashUtil.deploy(dbManager); - - // (8192 - 1) % 8191 = 0 - long blockNum = 8192L; - byte[] parentHash = new byte[32]; - Arrays.fill(parentHash, (byte) 0xcd); - - BlockCapsule block = new BlockCapsule( - blockNum, - Sha256Hash.wrap(parentHash), - System.currentTimeMillis(), - ByteString.copyFrom(new byte[21])); - - HistoryBlockHashUtil.write(dbManager, block); - - DataWord readBack = readSlot(0L); - assertNotNull(readBack); - assertArrayEquals(parentHash, readBack.getData()); - } - - @Test - public void beforeDeployNothingIsWritten() { - assertFalse(chainBaseManager.getCodeStore() - .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); - assertFalse(chainBaseManager.getContractStore() - .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); - assertFalse(chainBaseManager.getAccountStore() - .has(HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS)); - } - - /** - * If {@code deploy()} never ran (e.g. flag flipped without the deploy path), - * {@code write()} must not mutate {@code StorageRowStore} at the canonical - * address — otherwise the next call to {@code deploy()} would land on top of - * partially-written state. - */ - @Test - public void writeIsNoOpBeforeDeploy() { - long blockNum = 100L; - byte[] parentHash = new byte[32]; - Arrays.fill(parentHash, (byte) 0xab); - BlockCapsule block = new BlockCapsule( - blockNum, - Sha256Hash.wrap(parentHash), - System.currentTimeMillis(), - ByteString.copyFrom(new byte[21])); - - HistoryBlockHashUtil.write(dbManager, block); - - assertNull("write() must be a no-op without an installed BlockHashHistory", - readSlot(99L)); - } - - /** - * Defense-in-depth: when foreign bytecode sits at the canonical address, - * {@code deploy()} skips and the install marker stays 0, so {@code write()} - * must refuse to overwrite that contract's storage every block. Triggering - * the collision in practice requires a SHA-3 pre-image of the address, but - * the marker check is a single cached store hit. - */ - @Test - public void writeIsNoOpOnForeignCode() { - byte[] addr = HistoryBlockHashUtil.HISTORY_STORAGE_ADDRESS; - byte[] foreignCode = Hex.decode("60016002"); - chainBaseManager.getCodeStore().put(addr, new CodeCapsule(foreignCode)); - - HistoryBlockHashUtil.deploy(dbManager); - - assertFalse("install marker must stay 0 when deploy skipped", - chainBaseManager.getDynamicPropertiesStore().isBlockHashHistoryInstalled()); - - long blockNum = 100L; - byte[] parentHash = new byte[32]; - Arrays.fill(parentHash, (byte) 0xcd); - BlockCapsule block = new BlockCapsule( - blockNum, - Sha256Hash.wrap(parentHash), - System.currentTimeMillis(), - ByteString.copyFrom(new byte[21])); - - HistoryBlockHashUtil.write(dbManager, block); - - assertNull("write() must not overwrite a foreign contract's storage", - readSlot(99L)); - assertArrayEquals("foreign code must remain intact", - foreignCode, chainBaseManager.getCodeStore().get(addr).getData()); - } -}