Merge pull request #5060 from ethereum-optimism/clabby/ctb/bytes-slice-memsafety-test

feat(ctb): Test for memory safety of `Bytes.slice`

Merge pull request #5060 from ethereum-optimism/clabby/ctb/bytes-slice-memsafety-test
feat(ctb): Test for memory safety of `Bytes.slice`
33e3fcdd · mergify[bot] · GitHub · c10214b0 · 91403c21 · 33e3fcdd
Commit 33e3fcdd authored Mar 06, 2023 by mergify[bot] Committed by GitHub Mar 06, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 4 deletions

.gas-snapshot packages/contracts-bedrock/.gas-snapshot +4 -4

Bytes.t.sol packages/contracts-bedrock/contracts/test/Bytes.t.sol +52 -0

No files found.
--- a/packages/contracts-bedrock/.gas-snapshot
+++ b/packages/contracts-bedrock/.gas-snapshot
-Bytes_slice_Test:test_slice_acrossMultipleWords_works() (gas: 9423)
-Bytes_slice_Test:test_slice_acrossWords_works() (gas: 1418)
-Bytes_slice_Test:test_slice_fromNonZeroIdx_works() (gas: 17154)
-Bytes_slice_Test:test_slice_fromZeroIdx_works() (gas: 20694)
+Bytes_slice_Test:test_slice_acrossMultipleWords_works() (gas: 9413)
+Bytes_slice_Test:test_slice_acrossWords_works() (gas: 1430)
+Bytes_slice_Test:test_slice_fromNonZeroIdx_works() (gas: 17240)
+Bytes_slice_Test:test_slice_fromZeroIdx_works() (gas: 20826)
 Bytes_toNibbles_Test:test_toNibbles_expectedResult128Bytes_works() (gas: 129874)
 Bytes_toNibbles_Test:test_toNibbles_expectedResult5Bytes_works() (gas: 6132)
 Bytes_toNibbles_Test:test_toNibbles_zeroLengthInput_works() (gas: 944)

--- a/packages/contracts-bedrock/contracts/test/Bytes.t.sol
+++ b/packages/contracts-bedrock/contracts/test/Bytes.t.sol
@@ -122,6 +122,58 @@ contract Bytes_slice_Test is Test {
        vm.expectRevert("slice_overflow");
        Bytes.slice(_input, _start, _length);
    }
+
+    /**
+     * @notice Tests that the `slice` function correctly updates the free memory pointer depending
+     *         on the length of the slice.
+     */
+    function testFuzz_slice_memorySafety_succeeds(
+        bytes memory _input,
+        uint256 _start,
+        uint256 _length
+    ) public {
+        // The start should never be more than the length of the input bytes array - 1
+        vm.assume(_start < _input.length);
+        // The length should never be more than the length of the input bytes array - the starting
+        // slice index.
+        vm.assume(_length <= _input.length - _start);
+
+        // Grab the free memory pointer before the slice operation
+        uint256 initPtr;
+        assembly {
+            initPtr := mload(0x40)
+        }
+
+        // Slice the input bytes array from `_start` to `_start + _length`
+        bytes memory slice = Bytes.slice(_input, _start, _length);
+
+        // Grab the free memory pointer after the slice operation
+        uint256 finalPtr;
+        assembly {
+            finalPtr := mload(0x40)
+        }
+
+        // The free memory pointer should have been updated properly
+        if (_length == 0) {
+            // If the slice length is zero, only 32 bytes of memory should have been allocated.
+            assertEq(finalPtr, initPtr + 0x20);
+        } else {
+            // If the slice length is greater than zero, the memory allocated should be the
+            // length of the slice rounded up to the next 32 byte word + 32 bytes for the
+            // length of the byte array.
+            //
+            // Note that we use a slightly less efficient, but equivalent method of rounding
+            // up `_length` to the next multiple of 32 than is used in the `slice` function.
+            // This is to diff test the method used in `slice`.
+            assertEq(finalPtr, initPtr + 0x20 + (((_length + 0x1F) >> 5) << 5));
+
+            // Sanity check for equivalence of the rounding methods.
+            assertEq(((_length + 0x1F) >> 5) << 5, (_length + 0x1F) & ~uint256(0x1F));
+        }
+
+        // The slice length should be equal to `_length`
+        assertEq(slice.length, _length);
+    }
 }

 contract Bytes_toNibbles_Test is Test {