Merge pull request #105 from ethereum-optimism/feature/mininny/audit-6

Revert reserved immediate word shifts with imm[5]!=0

rvgo/fast/vm.go

@@ -682,8 +682,16 @@ func (inst *InstrumentedState) riscvStep() (outErr error) {
 		case 0: // 000 = ADDIW
 			rdValue = mask32Signed64(add64(rs1Value, imm))
 		case 1: // 001 = SLLIW
+			// SLLIW where imm[5] != 0 is reserved
+			if and64(imm, toU64(0x20)) != 0 {
+				revertWithCode(riscv.ErrInvalidSyscall, fmt.Errorf("illegal instruction %d: reserved instruction encoding", instr))
+			}
 			rdValue = mask32Signed64(shl64(and64(imm, toU64(0x1F)), rs1Value))
 		case 5: // 101 = SR~
+			// SRLIW and SRAIW where imm[5] != 0 is reserved
+			if and64(imm, toU64(0x20)) != 0 {
+				revertWithCode(riscv.ErrInvalidSyscall, fmt.Errorf("illegal instruction %d: reserved instruction encoding", instr))
+			}
 			shamt := and64(imm, toU64(0x1F))
 			switch shr64(toU64(5), imm) { // top 7 bits select the shift type
 			case 0x00: // 0000000 = SRLIW

rvgo/slow/vm.go

@@ -866,8 +866,16 @@ func Step(calldata []byte, po PreimageOracle) (stateHash common.Hash, outErr err
 		case 0: // 000 = ADDIW
 			rdValue = mask32Signed64(add64(rs1Value, imm))
 		case 1: // 001 = SLLIW
+			// SLLIW where imm[5] != 0 is reserved
+			if and64(imm, toU64(0x20)) != (U64{}) {
+				revertWithCode(riscv.ErrInvalidSyscall, fmt.Errorf("illegal instruction %d: reserved instruction encoding", instr))
+			}
 			rdValue = mask32Signed64(shl64(and64(imm, toU64(0x1F)), rs1Value))
 		case 5: // 101 = SR~
+			// SRLIW and SRAIW imm[5] != 0 is reserved
+			if and64(imm, toU64(0x20)) != (U64{}) {
+				revertWithCode(riscv.ErrInvalidSyscall, fmt.Errorf("illegal instruction %d: reserved instruction encoding", instr))
+			}
 			shamt := and64(imm, toU64(0x1F))
 			switch shr64(toU64(5), imm).val() { // top 7 bits select the shift type
 			case 0x00: // 0000000 = SRLIW

rvsol/src/RISCV.sol

@@ -1291,9 +1291,15 @@ contract RISCV is IBigStepper {
                 }
                 case 1 {
                     // 001 = SLLIW
+
+                    // SLLIW where imm[5] != 0 is reserved
+                    if and64(imm, toU64(0x20)) { revertWithCode(0xf001ca11) }
                     rdValue := mask32Signed64(shl64(and64(imm, toU64(0x1F)), rs1Value))
                 }
                 case 5 {
+                    // SRLIW and SRAIW where imm[5] != 0 is reserved
+                    if and64(imm, toU64(0x20)) { revertWithCode(0xf001ca11) }
+
                     // 101 = SR~
                     let shamt := and64(imm, toU64(0x1F))
                     switch shr64(toU64(5), imm)

rvsol/test/RISCV.t.sol

@@ -2479,13 +2479,26 @@ contract RISCV_Test is CommonTest {
         riscv.step(encodedState, proof, 0);
     }
 
+    function test_revert_reserved_slliw_instruction() public {
+        uint16 shamt = 0x15;
+        uint16 imm = (0 << 7) | shamt | 0x20; // set 0x20 to make imm[5] != 0
+        uint32 insn = encodeIType(0x1b, 17, 1, 25, imm); // slliw x17, x25, 0x15
+        (State memory state, bytes memory proof) = constructRISCVState(0, insn);
+        state.registers[25] = 0xf956;
+        bytes memory encodedState = encodeState(state);
+
+        vm.expectRevert(hex"00000000000000000000000000000000000000000000000000000000f001ca11");
+        riscv.step(encodedState, proof, 0);
+    }
+
     function test_reserved_load_instruction() public {
         bytes32 value = hex"61fb11d66dcc9d48";
         uint16 offset = 0x6bf;
         uint64 addr = 0xd34d + offset;
         uint32 insn = encodeIType(0x3, 21, 0x7, 4, offset); // lhu x21, funct 0x7, offset(x4)
         (State memory state, bytes memory proof) = constructRISCVState(0, insn, addr, value);
         state.registers[4] = 0xd34d;
+
         bytes memory encodedState = encodeState(state);
 
         vm.expectRevert(hex"00000000000000000000000000000000000000000000000000000000f001ca11");