# Index Based EOF Container ## Objective Reformulate the EOF container to provide efficient access without validation, to support features such as banning code introspection and non-validated execution. ## Specification ``` container := header, managed_body, unmanaged_body header := magic, version, kind_container, container_end_index, kind_code, num_code_sections, code_index+, kind_data, data_index, terminator managed_body := types_section, code_section+, data_section types_section := (inputs, outputs, max_stack_height)+ ``` The types kind is removed with a container kind, where the ### Header | name | length | value | description | |-|-|-|-| | magic | 2 bytes | 0xEF00 | EOF prefix | | version | 1 byte | 0x01 | EOF version | | kind_container | 1 byte | 0x01 | kind marker for container size section | | container_end_index | 2 bytes | 0x00??-0xC000 | 16-bit unsigned big-endian integer denoting the length of managed container. Currently constrained by EIP-3680 | | kind_code | 1 byte | 0x02 | kind marker for code size section | | num_code_sections | 2 bytes | 0x0001-0xFFFF | 16-bit unsigned big-endian integer denoting the number of the code sections | | code_index | 2 bytes | 0x0001-0xFFFF | 16-bit unsigned big-endian integer denoting the length of the code section content | | kind_data | 1 byte | 0x03 | kind marker for data size section | | data_index| 2 bytes | 0x0000-0xFFFF | 16-bit unsigned big-endian integer denoting the length of the data section content inside teh manager portion of the container | | terminator | 1 byte | 0x00 | marks the end of the header | ### Body | name | length | value | description | |-|-|-|-| | types_section | variable | n/a | stores code section metadata | | inputs | 1 byte | 0x00-0x7F | number of stack elements the code section consumes | | outputs | 1 byte | 0x00-0x7F | number of stack elements the code section returns | | max_stack_height | 2 bytes | 0x0000-0x03FF | maximum number of elements ever placed onto the stack by the code section | | code_section | variable | n/a | arbitrary sequence of bytes | | data_section | variable | n/a | arbitrary sequence of bytes | | uncontained data | variable | n/a | arbitrary sequence of bytes following `container_end_index` | ### Container Validation The following validity constraints are placed on the container format: * minimum valid header size is `15` bytes * version must be `0x01` * the number of code sections must not exceed `1024` * the number of type sections is the same as the number of code sections * the first `code_index` must be `13 + 10*num_code_sections` * each subsequent `code_index` must be greater than the prior * `data_index` must be greater than the last `code_index` * `container_end_index` must be greater than or equal to `data_index` * There may be extra data after the `container_end_index` ### Notes on interactions * Bytes less than the `container_end_index` are the "managed" container. Bytes past the managed container are "unmanaged data". * The intent of data in the managed section is to be constants and data used by the code that need to be constant. * The data outside the managed section is appropriate for constructor parameters. * The contract should expect that the data outside the managed section will not be stable across deployments. * Any `[EXT]CODECOPY` must start no earlier than the `data_index`. * `[EXT]CODECOPY` may cross the "container boundary," where the offset is less than the `container_end_locaiton` and size is greater than the number of bytes remaining in the managed container. * This setup would provide an effieicnt means to implement the first alternative in the ["ban code intrpspection"](https://ethereum-magicians.org/t/eof-proposal-ban-code-introspection-of-eof-accounts/12113) proposal. * If allowed code and initcode size are increased beyond 64 KiB then alternate type headers can be introduced for 32-bit index values (0x81, 0x82, and 0x83) without disrupting the intent of the format.