Toward an Extensible Blockchain

# Toward an Extensible Blockchain Martin Becze github.com/wanderer Alex Beregszaszi github.com/axic [comment]: # (this talk will give an overview of ewasm) --- ## Evolution of the web 1. HTML as a markup 2. Scripting languages: Javascript with high level methods 3. Browser plugins: for CPU intensive operations, such as Java and Flash 4. HTML5: implementing what browser plugins do natively in the browser (video/audio input/output, etc.) 5. ? --- ## The Extensible Web Manifesto - See extensiblewebmanifesto.org - Focus on adding new low-level capabilities to the web platform that are secure and efficient. - Expose low-level capabilities that explain existing features - Develop, describe and test new high-level features in terms of the low-level capabilites  --- ## The Extensible Web Manifesto - Contain new security surface area. - Reduce the rate of growth in complexity, and therefore bugs, in implementations. - Allow browser vendors and library authors to iterate on libraries that provide developer-friendly, high-level APIs. --- ## The Extensible Web Manifesto - WebAssembly (wasm) - Canvas - WebGL - simd.js --- ## Useful Generalities A generality in software development is axiom or low level feature that can be used to implement two or more desired high level features You know you have a useful generality when axiom or set of axiom not only encompasses the desired high level features but also reduces implementation complexity  --- ## Evolution of the blockchain 1. Bitcoin (scripting restricted early on)  2. Namecoin and OP_RETURN usage  3. Ethereum  4. Ethereum Precompiles  5. ?  --- ## The Extensible Blockchain? - New capabilities require hardforks  - Strong incentive against expanding the trusted computing base  - Hard to iterate on features  --- ## What we face today ![](https://docs.google.com/drawings/d/1zUNIkJgooMP0jVbasWVUGKXgA-BRi7F5ANuNC3AKP_U/pub?w=787&h=359) --- ## What we face today - Precompiles - Potential new precompiles in Metropolis (hard fork):  - Elliptic curve arithmetic  - Big number arithmetic (modexp)  - Elliptic curve pairing functions  - Later hard forks:  - Blake2  - SHA1  - Also SHA3 as an instruction and not as a precompile  --- ## What we face today - IPC - Current IPC methods: - CALL - CALLDELEGATE - CALLCODE - Upcoming new IPC methods: - CALL_STATIC - CALL_PURE --- ## What we face today - Inextensible VM - State & environment operations: - BLOCKHASH - SELFDESTRUCT - BALANCE - ORIGIN - CALLER - CALLVALUE - CALLDATALOAD - CALLDATASIZE - etc. --- ## What we face today - Calculations - Current arithmetics:  - only 256 bit wide operations  - no shift operations  - Upcoming arithmetics:  - additional 64 bit wide operations  - shift operations  - additional SIMD operations  --- ## What we face today - Interpolarity - Incompatible with the ecosystem outside of Ethereum  - It is a new compilation target for programming languages  --- ## What we face today Big Trusted Computing bases are really bad for symmetric computation platform --- ## Ze future ![](https://docs.google.com/drawings/d/1AOV5J2tKJjh_KXnkozmv7eZbpbwM68-kYC6fYbWryCw/pub?w=960&h=720) --- ## Waist Thin ![](https://docs.google.com/drawings/d/1sXkSbMx-f2OYKEHXJFLSCQPXapZvN4U6qpxrXwZM9ug/pub?w=951&h=591) --- ## Risk of becoming a Big Ball of Mud ![](https://docs.google.com/drawings/d/178bK7ooePlnMP1U8mEnIh1yz_bWJmkFAsbrsMaqUIic/pub?w=653&h=544) Footnote: Interesting read "Big Ball of Mud" on Wikipedia. --- ## Modular Ethereum ![](https://docs.google.com/drawings/d/1f87beiJ7VakT9ififzN0f_NMO6UAOTdmDPSBioVXato/pub?w=653&h=544) --- ## Modular Ethereum ![](https://docs.google.com/drawings/d/1yquesWIOFG_sTMYypVMZsO2GbfhQy4uKRRCJD6as9EY/pub?w=653&h=544) --- ## Low Level Primitives - RISC VM (like WebAssembly)  - Non-atomic messaging  - Filesystem like model for I/O (and create State Trie on top of it) - Microkernel for IPC management  --- ## Why do we need it? - We don't need C, you can do it all Assembly!  - We don't need Java/Python/Ruby, you can do it all in C!  - 640K is more memory than anyone will ever need - Bill Gates  - Give me any ethereum use-case & I'll tell you how to do it with bitcoin. - Paul Sztorc  --- ## Why do we need it? ![](https://upload.wikimedia.org/wikipedia/commons/0/00/Transistor_Count_and_Moore%27s_Law_-_2011.svg) --- ## Can there be a better way? --- ## What is WebAssembly? > WebAssembly or wasm is a new, portable, size- and load-time-efficient binary format that aims to execute at native speed by taking advantage of common hardware capabilities available on a wide range of platforms. --- ## What is WebAssembly? - Fast & Efficient  - Secure Sandbox  - Toolchain Compatibility  - Extensible  --- ### W3C Working Group www.w3.org/community/webassembly - Participants (660)  - Mozilla  - Google  - Microsoft  - Apple  --- ### Instruction Set - RISC like  - Integer and floating point operations  - Defined as an annotated stack machine  - can be easily processed - can be easily transformed - can be interpreted with a Stack Machine - or JITed --- ### Assembly represented in S-Expressions ```clojure= (module (import $useGas "ethereum" "useGas" (param i32)) (memory 1) (export "memory" memory) (export "main" $main) (func $main (local $sp i32) (local $jump_dest i32) (set_local $sp (i32.const -32)) (set_local $jump_dest (i32.const -1)) (loop $done $loop (block $1 (block $0 (br_table $0 (if (i32.eq (get_local $jump_dest) (i32.const -1)) (then (i32.const 0)) (else (unreachable))))) (call_import $useGas (i32.const 6)) (if (i32.gt_s (get_local $sp) (i32.const 32672)) (then (unreachable))) (call $PUSH (i64.const 0) (i64.const 0) (i64.const 0) (i64.const 96) (get_local $sp)) (set_local $sp (i32.add (get_local $sp) (i32.const 32))) (call $PUSH (i64.const 0) (i64.const 0) (i64.const 0) (i64.const 0) (get_local $sp)) (set_local $sp (i32.add (get_local $sp) (i32.const 32))))))) ``` --- ### Semantics * Types * i32 (i32.<instr> <args..>) * i64 (i64.<instr> <args..>) *  (i64.const 42) *  (local $a) * Memory Access  * (i64.load (i64.const 4)) * (i64.store (get_local $a) (i64.const 4)) * Arithmetics * Conditionals  * Calls * (call_import $useGas (i64.const 33)) --- ### Binary Encoding ``` 0061 736d 0b00 0000 0474 7970 6500 0140 0201 0101 0108 6675 6e63 7469 6f6e 0001 0002 0665 7870 6f72 7400 0100 0206 6164 6454 776f 0463 6f64 6500 0100 0014 ``` - Fast decoding  - Single pass validation  - Extensible  --- ### Binary Dissected ```python= 0000000: 0061 736d ; WASM_BINARY_MAGIC 0000004: 0b00 0000 ; WASM_BINARY_VERSION ; section "type" 0000008: 04 ; string length 0000009: 7479 7065 ; section id: "type" 000000d: 00 ; section size (guess) 000000e: 01 ; num types ; type 0 000000f: 40 ; function form 0000010: 02 ; num params 0000011: 01 ; param type 0000012: 01 ; param type 0000013: 01 ; num results 0000014: 01 ; result_type ; section "function" 0000015: 08 ; string length 0000016: 6675 6e63 7469 6f6e ; section id: "function" 000001e: 00 ; section size (guess) 000001f: 01 ; num functions 0000020: 00 ; function 0 signature index 000001e: 02 ; FIXUP section size ; section "export" 0000021: 06 ; string length 0000022: 6578 706f 7274 ; section id: "export" 0000028: 00 ; section size (guess) 0000029: 01 ; num exports 000002a: 00 ; export func index 000002b: 06 ; string length 000002c: 6164 6454 776f ; export name ; section "code" 0000032: 04 ; string length 0000033: 636f 6465 ; section id: "code" 0000037: 00 ; section size (guess) 0000038: 01 ; num functions ; function body 0 0000039: 00 ; func body size (guess) 000003a: 00 ; local decl count 000003b: 14 ; OPCODE_GET_LOCAL ``` --- ### Availability of VMs - Chrome (chrome://flags - enable-webassembly) - Firefox Nightly (about:config and set javascript.options.wasm to true) - Microsoft Edge - node.js 7.0 (--enable-wasm) - wasm-jit-prototype (github.com/WebAssembly/wasm-jit-prototype) - Ocaml "the spec" (github.com/WebAssembly/spec) - interpreters - wabt (github.com/WebAssembly/wabt) - binaryen (github.com/WebAssembly/binaryen) --- ## Ethereum flavored WebAssembly `e^WASM` - A proposed replacement for EVM - A restricted subset of WebAssembly - No floating point operations - Defines Backwards Compatibility - Defines Metering - Defines an interface for interacting with the Ethereum Blockchain --- ### EVM2WASM - Transcompiles EVM code to WebAssembly - Can be run as a contract - Compliant with the offical EVM tests - Produces very fast EVM code - ~5000 line of wasm - ~400 line of js --- ### EVM2WASM ![](https://i.imgur.com/KOsU7mB.png) Visit: https://ewasm.github.io/evm2wasm-frontend/dist/ --- ### Metering Injection Metering is decoupled from the VM ```flow st=>start: raw wasm e=>end: run op=>operation: Validate op2=>operation: Injection Metering cond=>condition: Yes or No? st->op->op2->e ``` --- ### Metering By Branch ![](https://i.imgur.com/axIXk25.jpg) --- ### Metering By Branch ![](https://i.imgur.com/dngglBx.jpg) --- ## Gas Cost Calculation 1) Gas cost is based on the cycle count of the instructions. 2) "Gas cost oracle": The gas cost table is stored in a contract. 3) SHA256 performance (of 8kb data): - precompile cost: ~3 100 - eWASM cost: ~6 500 - EVM (Solidity) cost: ~32 000 000 - EVM (Solidity) cost (with shifts): ~1 000 000 --- ## Interfaces  *Glueing all this together* --- ### eWASM Ethereum Interface (EEI) Defines the Ethereum blockchain methods for contracts: - getCallDataSize ~ CALLDATASIZE - callDataCopy ~ CALLDATACOPY - storageLoad ~ SLOAD - storageStore ~ SSTORE - call ~ CALL - delegateCall ~ DELEGATECALL - return ~ RETURN - ... A total of 32 methods. --- ### Example: storageLoad ```clojure (call_import $storageLoad (i32.const 0) (i32.const 32)) ;; ^ key offset in memory ;; ^ result offset in memory ``` Simples. ---  ### eWASM Contract Interface (ECI) Defines the format of contracts: - WebAssembly binary encoding version 0xd - Single entry point: *main* - Sets other limitations. --- ### Example contract Drumroll: ```clojure (module (memory 1 (segment 0 "Hello World!") ) (import $return "ethereum" "return" (param i32 i32)) (export "main" $main) (func $main (call_import $return (i32.const 0) (i32.const 12)) ) ) ``` ---  ### System Contracts 1) Sentinel - ECI validation - metering injection - wrap into deployer 2) evm2wasm!  3) EVM1 precompiled contracts  ---  ## VM Semantics Only 3 new rules for a client: 1) Check contract code for eWASM signature  2) Use evm2wasm to transcompile if needed  3) Use sentinel contract during contract creation   --- ## ewasm-kernel and Hera 1) ewasm-kernel - Javascript - runs in browsers and node.js - < 1000 lines for the interface and VM core 2) Hera - C++ - *EVM-C compatible* - works with cpp-ethereum (eth --vm hera) - and pyethereum \o/ - ... and hopefully go-ethereum + parity in the future ---  ## Programming in C and the precompiles *clang & ewasm-libc* --- ## Example: sha256 ```c #include "ethereum.h" #define BASE_FEE 60 #define WORD_FEE 12 void main() { size_t datasize = ethereum_calldatasize(); unsigned char data[datasize]; unsigned char ret[32] = { 0 }; ethereum_calldatacopy(data, 0, datasize); ethereum_usegas(BASE_FEE + (((datasize + 31) / 32) * WORD_FEE)); mbedtls_sha256(data, datasize, ret, 0); ethereum_return(ret, 32); } ``` ---  ## Solidity for eWASM Input: ```js contract A { function a() { throw; } function b() payable returns (uint64) { uint64 x = 42; return x; } } ``` --- ## Solidity for eWASM Output: ```clojure ;; Contract: A (module (import $callDataCopy "ethereum" "callDataCopy" (param i32 i32 i32)) (import $getCallValue "ethereum" "getCallValue" (param i32)) (import $return "ethereum" "return" (param i32)) (memory 1 1) (export "memory" memory) (export "main" $main) (func $main (call_import $callDataCopy (i32.const 0) (i32.const 0) (i32.const 4)) (call $dispatcher (i32.load (i32.const 0))) (unreachable) ) (func $ensureNotPayable (call_import $getCallValue (i32.const 0)) (if (i64.ne (i64.const 0) (i64.load (i32.const 0)) (unreachable)) (if (i64.ne (i64.const 0) (i64.load (i32.const 8)) (unreachable)) ) (func $dispatcher (param $sig i32) (if (i32.eq (get_local $sig) (i32.const 0x0dbe671f)) (then (call $__0dbe671f))) (if (i32.eq (get_local $sig) (i32.const 0x4df7e3d0)) (then (call $__4df7e3d0))) (unreachable) ) ;; function: a() (func $__0dbe671f (call $ensureNotPayable) (block (unreachable) ) ) ;; function: b() payable (func $__4df7e3d0 (block (local $x (param i64)) (set_local $x (i64.const 42)) (i64.store (i32.const 0) (i64.const 0)) (i64.store (i32.const 8) (i64.const 0)) (i64.store (i32.const 16) (i64.const 0)) (i64.store (i32.const 24) (get_local $x)) (call_import $return (i32.const 0) (i32.const 32)) ) ) ) ``` --- ## (call_import $ethereumReturn) See more awesome details at https://github.com/ewasm >:::danger >:fire: Error: Out-Of-Gas! :fire: >:::