ZKEVM - State Circuit Extension - `StateDB`

Reversion

In EVM, there are multiple kinds of StateDB update could be reverted when any internal call fails.

tx_access_list_account - (tx_id, address) -> accessed
tx_access_list_storage_slot - (tx_id, address, storage_slot) -> accessed
account_nonce - address -> nonce
account_balance - address -> balance
account_code_hash - address -> code_hash
account_storage - (address, storage_slot) -> storage

The complete list could be found here. Some of them like tx_refund, tx_log, account_destructed we don't need to write and revert because it doesn't affect future execution, we only write them when is_persistent=1.

Visualization

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

Black arrow represents the time, which is composed by points of sequential global_counter.
Red circle represents the revert section.

Those actions write StateDB inside red box will also revert itself in revert section (red circle), but in reverse order.

Each call needs to know its global_counter_end_of_revert_section to revert with the correct global_counter. If callee is a success call but in some red box (is_persistent=0), we need to copy caller's global_counter_end_of_revert_section and state_db_write_counter to callee's.

`SELFDESTRUCT`

The opcode SELFDESTRUCT set is_destructed of the account, but before that transaction ends, the account still can be executed, receive ether, and access storage as usual. The is_destructed only takes effect only after a transaction ends.

In detail, the state trie gets finalized each transaction, and only when state trie gets finalized the account would be actually deleted. After the SELFDESTRUCT transaction finalized, the further transactions treat the account as an empty account.

So if some contract executed SELFDESTRUCT but then receive some ether, those ether will vanish into thin air after the transaction is finalized. Soooo weird.
han

The SELFDESTRUCT is powerful that could affect many state at a time including:

account_nonce
account_balance
account_code_hash
all slot of account_storage

The first 3 value is relatively easier to handle in circuit, we could track an extra selfdestruct_counter and global_counter_end_of_tx and set them to empty value at global_counter_end_of_tx - selfdestruct_counter, which just like how we handle revert.

However, the account_storage is tricky because we don't track the storage trie value and update it after each transaction, instead we only track each used slot in storage trie and update the storage trie after the whole block.

Workaround for consistency check

It seems that we need to annotate each account a revision_id, and the revision_id increases only when is_destructed is set and tx_id changes. With the different revision_id, we can reset the values in State circuit for nonce, balance, code_hash, and each storage just like how we initialize the memroy.

So address -> is_destructed becomes (tx_id, address) -> (revision_id, is_destructed).

And then we add an extra revision_id to nonce, balance, code_hash and storage. For nonce, balance and code_hash we group them by (address, revision_id) -> {nonce,balance,code_hash}, for storage we group them by (address, storage_slot, revision_id) -> storage.

Here is an example of account_balance with revision_id:

\begin{array}{cc} address & revision_id & gc & balance & balance_prev & is_write & note \\ 0xfd & - & - & - & - & - \\ 0xfe & 1 & x & 10 & x & 1 & open from trie \\ 0xfe & 1 & 23 & 20 & 10 & 1 \\ 0xfe & 1 & 45 & 20 & 20 & 0 \\ 0xfe & 1 & 60 & 0 & 20 & 1 \\ 0xfe & 1 & 63 & 5 & 0 & 1 \\ 0xfe & 2 & x & 0 & x & 1 & reset \\ 0xfe & 2 & 72 & 0 & 0 & 0 \\ 0xff & - & - & - & - & - \end{array}

Note that after contract selfdestructs, it can still receive ether, but the ether will vanish into thin air after transaction gets finalized. The reset is like the lazy initlization of memory, it set the value to 0 when revision_id is different.

Here is how we increase the revision_id:

\begin{array}{cc} address & tx_id & gc & revision_id & is_destructed & is_destructed_prev & is_write & note \\ 0xfd & - & - & - & - & - & - \\ 0xff & 1 & x & 1 & 0 & x & 1 & init \\ 0xff & 1 & 11 & 1 & 0 & 0 & 0 \\ 0xff & 1 & 17 & 1 & 1 & 0 & 1 & self destruct \\ 0xff & 1 & 29 & 1 & 1 & 1 & 1 & self destruct again \\ 0xff & 2 & x & 2 & 0 & x & 1 & increase \\ 0xff & 2 & 40 & 2 & 0 & 0 & 0 \\ 0xff & 3 & x & 2 & 0 & x & 1 & no increase \\ 0xff & - & - & - & - & - & - \end{array}

Becasue self destruct only takes effect after transaction, so we increase the revision_id only when tx_id is different and is_destructed is set.

Workaround for trie update

The State circuit not only checks consistency, it also triggers the update of the storage tries and state trie.

Originally, some part of State circuit would assign the first row value and collect the last row value of each account's nonce, balance, code_hash and the first & last used slots of storage, then update the state trie.

With revision_id, it needs to peek the final revision_id first, and collect the last row value with the revision_id to make sure all values are actually reset.

Reversion

Visualization

SELFDESTRUCT

Workaround for consistency check

Workaround for trie update

Reference

Read more

2024 zkVM team summary (PRECON)

Halo2 Peak Memory Usage

2024-01-11 Milestone review

2023-11-18 PSE tooling

`SELFDESTRUCT`