# What Does EVM's JUMPDEST Do?
The **JUMPDEST** opcode (byte value **0x5b**) serves as a **marker** in the bytecode to designate **valid destinations** for jump instructions. It doesn’t perform any computation or modify the stack, memory, or storage—it simply indicates a location where the EVM can safely redirect execution. This is essential because the EVM uses jumps to implement control structures like loops, conditionals, and internal branching within a contract’s code.
In the EVM, there are two primary jump-related opcodes:
- **JUMP (0x56)**: Unconditionally jumps to a target address specified on the stack.
- **JUMPI (0x57)**: Conditionally jumps to a target address based on a condition value from the stack (jumps if the condition is non-zero; otherwise, continues sequentially).
For either of these opcodes to succeed, the target address they jump to **must** point to a **JUMPDEST** opcode. If the target is not a JUMPDEST, the EVM will throw an exception, causing the transaction to revert. This restriction ensures that jumps only land at intended, valid points in the code.
---
### Why is JUMPDEST Necessary?
The requirement for JUMPDEST stems from the EVM’s design as a **bytecode interpreter** and its focus on security and predictability:
1. **Prevents Invalid Jumps**:
- EVM bytecode is a sequence of instructions, where each opcode may be followed by data bytes (e.g., PUSH1 0x05 pushes the value 0x05 onto the stack, occupying two bytes: 0x60 0x05).
- If a jump could land on an arbitrary byte—like the data byte of a multi-byte instruction (e.g., 0x05)—the EVM might misinterpret it as an opcode, leading to corrupted execution.
- By restricting jumps to JUMPDEST locations, which mark the start of valid instructions, the EVM ensures execution always begins at a proper instruction boundary.
2. **Enhances Security**:
- Without JUMPDEST, malicious or erroneous code could jump to unintended locations, potentially enabling attacks like “jump-oriented programming,” where an attacker manipulates control flow to execute arbitrary sequences of code.
- The JUMPDEST requirement mitigates such risks by enforcing predefined jump targets.
3. **Supports Structured Control Flow**:
- In smart contracts, control structures (e.g., if-else statements, loops) are compiled into jumps in the bytecode. JUMPDEST marks the entry points of these blocks, making the control flow explicit and verifiable.
---
### How Does JUMPDEST Work in Execution?
Here’s how JUMPDEST interacts with jump opcodes during execution:
- **Stack-Based Jumps**:
- The EVM is a stack-based machine, meaning jump targets are determined by values on the stack.
- For **JUMP**, the top stack item is the target address. The opcode consumes this value and redirects execution to that address, but only if it’s a JUMPDEST.
- For **JUMPI**, two stack items are consumed: the target address and a condition. If the condition is true (non-zero), execution jumps to the target (which must be a JUMPDEST); otherwise, it proceeds to the next instruction.
- **Runtime Validation**:
- When a JUMP or JUMPI is executed, the EVM checks the target address in the bytecode. If the byte at that address is 0x5b (JUMPDEST), the jump succeeds, and execution continues from there. If not, the transaction reverts.
- This validation happens at **runtime**, not at contract deployment, ensuring flexibility while maintaining safety.
- **Sequential Execution**:
- If execution reaches a JUMPDEST opcode naturally (without a jump), it acts as a **no-op**. The EVM simply moves to the next instruction without any effect on the stack or state.
---
### Gas Cost of JUMPDEST
In the EVM, every opcode has a **gas cost**, reflecting the computational resources it consumes. Since JUMPDEST performs no computation and exists only as a marker, it has a **minimal gas cost of 1 gas**. This is among the lowest costs in the EVM, compared to 3 gas for basic operations like ADD or 10 gas for JUMP itself. The low cost reflects its passive role in execution.
---
### Examples of JUMPDEST in Action
To illustrate, consider how JUMPDEST is used in common control structures:
#### 1. Loop Example
Suppose a smart contract implements a simple loop in bytecode:
```
PUSH1 0x0A // Loop counter (10 iterations)
PUSH1 0x05 // Jump destination (start of loop body)
JUMPDEST // 0x05: Marks the loop body start
... // Loop body instructions
SUB // Decrement counter
DUP1 // Duplicate counter for condition
PUSH1 0x05 // Target: start of loop
JUMPI // Jump back if counter > 0
```
- The JUMPDEST at position 0x05 marks the loop’s entry.
- JUMPI checks the counter and jumps back to 0x05 if non-zero, forming the loop.
#### 2. Conditional Branch
For an if-else structure:
```
PUSH1 0x01 // Condition (true)
PUSH1 0x04 // "If" block target
JUMPI // Jump to "if" block if true
... // "Else" block
JUMPDEST // 0x04: "If" block start
... // "If" block instructions
```
- JUMPDEST at 0x04 marks the “if” block, and JUMPI directs execution there if the condition holds.
---
### JUMPDEST in Smart Contract Development
When writing smart contracts:
- In high-level languages like **Solidity**, the compiler handles JUMPDEST placement automatically when generating bytecode for control structures.
- In **inline assembly** (Solidity’s low-level interface), developers must explicitly place JUMPDEST opcodes at jump targets. For example:
```assembly
jumpdest loop_start
// Loop body
jumpi(loop_start, condition)
```
The compiler translates this into bytecode with JUMPDEST at `loop_start`.
Compilers and static analysis tools may also optimize bytecode, ensuring JUMPDEST opcodes are placed efficiently while maintaining correctness.
---
### Security and Debugging Implications
- **Security**: The JUMPDEST requirement prevents jumps to arbitrary locations, reducing the attack surface for exploits that manipulate control flow.
- **Debugging**: When analyzing bytecode (e.g., for security audits), JUMPDEST locations help map the **control flow graph**, revealing how execution branches and loops.
Sign in with Wallet
Connect another wallet