🚧 Stagnant Standards Track: Core

EIP-1051: Overflow checking for the EVM

Authors	Nick Johnson <arachnid@notdot.net>
Created	2018-05-02
Discussion Link	https://ethereum-magicians.org/t/eip-arithmetic-overflow-detection-for-the-evm/261

Abstract
Motivation
Specification
Rationale
Backwards Compatibility
Test Cases
Implementation
Copyright

Abstract

This EIP adds overflow checking for EVM arithmetic operations, and two new opcodes that check and clear the overflow flags.

Motivation

The correct functioning of many contracts today is dependent on detecting and preventing overflow of arithmetic operations. Since the EVM operates on mod 2^256 integers and provides no built-in overflow detection or prevention, this requires manual checks on every arithmetic operation.

In the interests of facilitating efficient and secure contracts, we propose new opcodes that permit efficient detection of overflows, which can be checked periodically rather than after each operation.

Specification

Two new flags are added to the EVM state: overflow (ovf) and signed overflow (sovf).

The ovf flag is set in the following circumstances:

When an ADD (0x01) opcode, with both inputs treated as unsigned integers, produces an ideal output in excess of 2^256 - 1.
When a SUB (0x03) opcode, with both inputs treated as unsigned integers, produces an ideal output less than 0.
When a MUL(0x02) opcode, with both inputs treated as unsigned integers, produces an ideal output in excess of 2^256 - 1.

The sovf flag is set whenever the ovf flag is set, and additionally in the following circumstances:

When an ADD opcode with both inputs having the same MSB results in the output having a different MSB (eg, (+a) + (+b) = (-c) or (-a) + (-b) = (+c)).
When a SUB opcode occurs and the result has the same MSB as the subtractand (second argument) (eg, (+a) - (-b) = (-c) or (-a) - (+b) = (+c).
When a MUL opcode with both inputs being positive has a negative output.
When a MUL opcode with both inputs being negative has a negative output.
When a MUL opcode with one negative input and one positive input has a positive output.

A new opcode, OFV is added, with number 0x0c. This opcode takes 0 arguments from the stack. When executed, it pushes 1 if the ovf flag is set, and 0 otherwise. It then sets the ovf flag to false.

A new opcode, SOVF is added, with number 0x0d. This opcode takes 0 arguments from the stack. When executed, it pushes 1 if the sovf flag is set, and 0 otherwise. It then sets the sovf flag to false.

Rationale

Any change to implement overflow protection needs to preserve behaviour of existing contracts, which precludes many changes to the arithmetic operations themselves. One option would be to provide an opcode that enables overflow protection, causing a throw or revert if an overflow happens. However, this limits the manner in which overflows can be handled.

Instead, we replicate functionality from real world CPUs, which typically implement ‘carry’ and ‘overflow’ flags.

Separate flags for signed and unsigned overflow are necessary due to the fact that a signed overflow may not result in an unsigned overflow.

Backwards Compatibility

This EIP introduces no backwards compatibility issues.

Test Cases

TBD

Implementation

TBD

Copyright

Citation

Please cite this document as:

Nick Johnson <arachnid@notdot.net>, "EIP-1051: Overflow checking for the EVM [DRAFT]," Ethereum Improvement Proposals, no. 1051, May 2018. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-1051.