@zkasm/zkevm-rom 0.0.1-security → 6.0.1

package/main/main.zkasm

@@ -0,0 +1,237 @@
+INCLUDE "constants.zkasm"
+INCLUDE "vars.zkasm"
+
+; Blocks zkROM
+;       A - Load initial registers into memory: oldStateRoot (B), oldAccInputHash (C), oldNumBatch (SP) & chainID (GAS)
+;       B - Compute keccaks needed to finish the batch
+;       C - Loop parsing RLP transactions
+;       D - Load blockNum variable & Loop processing transactions
+;       E - Batch computations: get newLocalExitRoot, assert transactions size, compute batchHashData & compute newAccInputHash
+;       F - Finalize execution
+
+start: ; main zkROM entry point
+;;;;;;;;;;;;;;;;;;
+;; A - Load input variables
+;;;;;;;;;;;;;;;;;;
+        STEP => A
+        0                                       :ASSERT ; Ensure it is the beginning of the execution
+
+        CTX                                     :MSTORE(forkID)
+        CTX - %FORK_ID                          :JMPNZ(failAssert)
+
+        B => A                                  :MSTORE(oldStateRoot)
+
+        ; safety check that the input root is indeed inside the range limit of 4 goldilocks fields elements
+        %FOUR_GOLDILOCKS => B
+        1                                       :LT4
+
+        C                                       :MSTORE(oldAccInputHash)
+        SP                                      :MSTORE(oldNumBatch)
+        GAS                                     :MSTORE(chainID) ; assumed to be less than 32 bits
+
+        ${getL1InfoRoot()}                      :MSTORE(l1InfoRoot)
+        ${getSequencerAddr()}                   :MSTORE(sequencerAddr)
+        ${getTimestampLimit()}                  :MSTORE(timestampLimit)
+        ${getTxsLen()}                          :MSTORE(batchL2DataLength) ; less than 120000 bytes. Enforced by the smart contract
+        ${getForcedBlockHashL1()} => A          :MSTORE(forcedBlockHashL1)
+
+        ;set initial state root
+        $ => SR                                 :MLOAD(oldStateRoot)
+        SR                                      :MSTORE(batchSR)
+        ; Increase batch number
+        SP + 1                                  :MSTORE(newNumBatch)
+        ; compute isForced flag
+        0 => B
+        $                                       :EQ, JMPC(computeKeccaks)
+        1                                       :MSTORE(isForced)
+
+;;;;;;;;;;;;;;;;;;
+;; B - Compute keccaks needed to finish the batch
+;;;;;;;;;;;;;;;;;;
+computeKeccaks:
+        $${eventLog(onStartBatch, C)}
+
+        ; Compute necessary keccak counters to finish batch
+        $ => A                                  :MLOAD(batchL2DataLength)
+        ; Divide the total data length + 1 by 136 to obtain the keccak counter increment.
+        ; 136 is the value used by the prover to increment keccak counters
+        A + 1                                   :MSTORE(arithA)
+        136                                     :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+        $ => B                                  :MLOAD(arithRes1)
+        ; Compute minimum necessary keccaks to finish the batch
+        B + 1 + %MIN_CNT_KECCAK_BATCH => B      :MSTORE(cntKeccakPreProcess)
+        %MAX_CNT_KECCAK_F - CNT_KECCAK_F - B    :JMPN(outOfCountersKeccak)
+
+;;;;;;;;;;;;;;;;;;
+;; C - Loop parsing RLP transactions
+;;      - Load transaction RLP data and ensure it has correct RLP encoding
+;;      - If an error is found in any transaction, the batch will not process any transaction
+;;;;;;;;;;;;;;;;;;
+
+        1 => E                                  :MSTORE(lastHashKIdUsed)
+        0                                       :MSTORE(batchHashPos)
+        E                                       :MSTORE(batchHashDataId)
+        $ => A                                  :MLOAD(lastCtxUsed)
+        A + %CALLDATA_RESERVED_CTX => A         :MSTORE(ctxTxToUse) ; Points at first context to be used when processing transactions. We reserve ctx = 1 for calldata
+        A                                       :MSTORE(lastCtxUsed)
+        $${var p = 0}
+        ; set flag isLoadingRLP to 1
+        1                                       :MSTORE(isLoadingRLP)
+
+txLoopRLP:
+        $ => A                                  :MLOAD(lastCtxUsed)
+        A+1 => CTX                              :MSTORE(lastCtxUsed)
+        ; If batchL2DataLength is zero, we finalize batch
+        $ => A                                  :MLOAD(batchL2DataLength), JMPZ(finalizeBatch)
+        $ => C                                  :MLOAD(batchL2DataParsed)
+        C - A                                   :JMPN(loadTx_rlp, endCheckRLP)
+
+endCheckRLP:
+        ; set flag isLoadingRLP to 0
+        0                                       :MSTORE(isLoadingRLP)
+
+;;;;;;;;;;;;;;;;;;
+;; D - Load blockNum variable
+;;     - Loop processing transactions
+;;     - Load transaction data and interpret it
+;;;;;;;;;;;;;;;;;;
+
+setBlockNum:
+        %LAST_BLOCK_STORAGE_POS => C
+        %ADDRESS_SYSTEM => A
+        %SMT_KEY_SC_STORAGE => B
+        $                                       :SLOAD,MSTORE(blockNum)
+        ; If forced batch ==> process a forced changeL2BlockTx
+        $                                       :MLOAD(isForced), JMPZ(txLoop, handleForcedBatch)
+
+handleForcedBatch:
+        1                                       :MSTORE(currentTx), JMP(processChangeL2Block)
+
+txLoop:
+        $ => A                                  :MLOAD(pendingTxs)
+        A - 1                                   :MSTORE(pendingTxs), JMPN(processTxsEnd)
+        $ => A                                  :MLOAD(currentTx)
+        A + 1                                   :MSTORE(currentTx)
+        $ => A                                  :MLOAD(ctxTxToUse) ; Load first context used by transaction
+        A + 1 => CTX                            :MSTORE(ctxTxToUse)
+        ; Detect if transaction is a change L2 block tx
+        ; Store initial state at the beginning of the transaction
+        SR                                      :MSTORE(originSR)
+        $ => A                                  :MLOAD(isChangeL2BlockTx)
+        A - 1                                   :JMPZ(processChangeL2Block, processTx)
+
+processTxFinished:
+        %MAX_CNT_BINARY - CNT_BINARY - 1        :JMPN(outOfCountersBinary)
+        ; Increase cumulativeGasUsed
+        $ => A                                  :MLOAD(txGasLimit)
+        A - GAS => A
+        $ => B                                  :MLOAD(cumulativeGasUsed)
+        $                                       :ADD, MSTORE(cumulativeGasUsed), CALL(fillBlockInfoTreeWithTxReceipt)
+        ; Increase txIndex
+        $ => A                                  :MLOAD(txIndex)
+        A + 1                                   :MSTORE(txIndex)
+processIntrinsicTxFinished:
+        $${eventLog(onFinishTx)}                :JMP(txLoop)
+
+processTxsEnd:
+        ;  Write values at storage at the end of block processing
+                                                :CALL(consolidateBlock)
+finalizeBatch:
+
+;;;;;;;;;;;;;;;;;;
+;; E - Batch asserts & computations:
+;;      - get newLocalExitRoot
+;;      - assert transactions size
+;;      - compute batchHashData
+;;      - compute newAccInputHash
+;;;;;;;;;;;;;;;;;;
+
+;; Batch must be always end correctly
+;; Meaning that enough zk-counters should be available to finalize it
+;;   - 'keccaks' are reserved at the very beginning of the batch in order to be able to perform the final 'accInputHash' hash
+;;   - the rest of counters will not overflow since it is added a %SAFE_RANGE bandwith
+
+;; Get local exit root
+        ; Read 'localExitRoot' variable from GLOBAL_EXIT_ROOT_MANAGER_L2 and store
+        ; it to the 'newLocalExitRoot' input
+        %ADDRESS_GLOBAL_EXIT_ROOT_MANAGER_L2  => A
+        %SMT_KEY_SC_STORAGE => B
+        %LOCAL_EXIT_ROOT_STORAGE_POS => C
+        $ => A                                  :SLOAD
+        A                                       :MSTORE(newLocalExitRoot)
+
+;; Transactions size verification
+        ; Ensure bytes added to compute the 'batchHashData' matches the number of bytes loaded from input
+        $ => A                                  :MLOAD(batchHashPos)
+        $                                       :MLOAD(batchL2DataLength), ASSERT
+
+;; Compute 'batchHashData'
+        A => HASHPOS
+        $ => E                                  :MLOAD(batchHashDataId)
+
+        HASHPOS                                 :HASHKLEN(E)
+        $ => A                                  :HASHKDIGEST(E)
+
+        A                                       :MSTORE(batchHashData)
+
+;; Compute 'newAccInputHash'
+        0 => HASHPOS
+
+        32 => D
+        $ => A                          :MLOAD(oldAccInputHash)
+        A                               :HASHK(0)
+
+        $ => A                          :MLOAD(batchHashData)
+        A                               :HASHK(0)
+
+        $ => A                          :MLOAD(l1InfoRoot)
+        A                               :HASHK(0)
+
+        8 => D
+        $ => A                          :MLOAD(timestampLimit)
+        A                               :HASHK(0)
+
+        20 => D
+        $ => A                          :MLOAD(sequencerAddr)
+        A                               :HASHK(0)
+
+        32 => D
+        $ => A                          :MLOAD(forcedBlockHashL1)
+        A                               :HASHK(0)
+
+        ; finish accInputHash
+        HASHPOS                         :HASHKLEN(0)
+
+        $ => C                          :HASHKDIGEST(0)
+        C                               :MSTORE(newAccInputHash)
+        $${eventLog(onFinishBatch)}
+
+;;;;;;;;;;;;;;;;;;
+;; F - Finalize execution
+;;;;;;;;;;;;;;;;;;
+        ; safety check that the output root is indeed inside the range limit of 4 goldilocks fields elements
+        SR => A
+        %FOUR_GOLDILOCKS => B
+        1                               :LT4
+
+        ; Set output registers
+        $ => D                          :MLOAD(newAccInputHash)
+        $ => E                          :MLOAD(newLocalExitRoot)
+        $ => PC                         :MLOAD(newNumBatch)
+
+        ; Set registers to its initials values
+        $ => CTX                        :MLOAD(forkID)
+        $ => B                          :MLOAD(oldStateRoot)
+        $ => C                          :MLOAD(oldAccInputHash)
+        $ => SP                         :MLOAD(oldNumBatch)
+        $ => GAS                        :MLOAD(chainID)
+        finalizeExecution:
+                                        :JMP(finalWait)
+
+INCLUDE "end.zkasm"
+INCLUDE "load-tx-rlp.zkasm"
+INCLUDE "process-tx.zkasm"
+INCLUDE "process-change-l2-block.zkasm"
+INCLUDE "utils.zkasm"
+INCLUDE "block-info.zkasm"
+

package/main/map-opcodes.zkasm

@@ -0,0 +1,274 @@
+INCLUDE "opcodes/arithmetic.zkasm"
+INCLUDE "opcodes/block.zkasm"
+INCLUDE "opcodes/comparison.zkasm"
+INCLUDE "opcodes/context-information.zkasm"
+INCLUDE "opcodes/create-terminate-context.zkasm"
+INCLUDE "opcodes/crypto.zkasm"
+INCLUDE "opcodes/flow-control.zkasm"
+INCLUDE "opcodes/logs.zkasm"
+INCLUDE "opcodes/stack-operations.zkasm"
+INCLUDE "opcodes/storage-memory.zkasm"
+INCLUDE "opcodes/calldata-returndata-code.zkasm"
+
+
+/**
+ * Map all Ethereum opcodes to its rom address
+ * empty opcodes are set to INVALID opcode
+ */
+mapping_opcodes:
+    :JMP(opSTOP)            ; 0x00
+    :JMP(opADD)             ; 0x01
+    :JMP(opMUL)             ; 0x02
+    :JMP(opSUB)             ; 0x03
+    :JMP(opDIV)             ; 0x04
+    :JMP(opSDIV)            ; 0x05
+    :JMP(opMOD)             ; 0x06
+    :JMP(opSMOD)            ; 0x07
+    :JMP(opADDMOD)          ; 0x08
+    :JMP(opMULMOD)          ; 0x09
+    :JMP(opEXP)             ; 0x0a
+    :JMP(opSIGNEXTEND)      ; 0x0b
+    :JMP(opINVALID)         ; 0x0c
+    :JMP(opINVALID)         ; 0x0d
+    :JMP(opINVALID)         ; 0x0e
+    :JMP(opINVALID)         ; 0x0f
+    :JMP(opLT)              ; 0x10
+    :JMP(opGT)              ; 0x11
+    :JMP(opSLT)             ; 0x12
+    :JMP(opSGT)             ; 0x13
+    :JMP(opEQ)              ; 0x14
+    :JMP(opISZERO)          ; 0x15
+    :JMP(opAND)             ; 0x16
+    :JMP(opOR)              ; 0x17
+    :JMP(opXOR)             ; 0x18
+    :JMP(opNOT)             ; 0x19
+    :JMP(opBYTE)            ; 0x1a
+    :JMP(opSHL)             ; 0x1b
+    :JMP(opSHR)             ; 0x1c
+    :JMP(opSAR)             ; 0x1d
+    :JMP(opINVALID)         ; 0x1e
+    :JMP(opINVALID)         ; 0x1f
+    :JMP(opSHA3)            ; 0x20
+    :JMP(opINVALID)         ; 0x21
+    :JMP(opINVALID)         ; 0x22
+    :JMP(opINVALID)         ; 0x23
+    :JMP(opINVALID)         ; 0x24
+    :JMP(opINVALID)         ; 0x25
+    :JMP(opINVALID)         ; 0x26
+    :JMP(opINVALID)         ; 0x27
+    :JMP(opINVALID)         ; 0x28
+    :JMP(opINVALID)         ; 0x29
+    :JMP(opINVALID)         ; 0x2a
+    :JMP(opINVALID)         ; 0x2b
+    :JMP(opINVALID)         ; 0x2c
+    :JMP(opINVALID)         ; 0x2d
+    :JMP(opINVALID)         ; 0x2e
+    :JMP(opINVALID)         ; 0x2f
+    :JMP(opADDRESS)         ; 0x30
+    :JMP(opBALANCE)         ; 0x31
+    :JMP(opORIGIN)          ; 0x32
+    :JMP(opCALLER)          ; 0x33
+    :JMP(opCALLVALUE)       ; 0x34
+    :JMP(opCALLDATALOAD)    ; 0x35
+    :JMP(opCALLDATASIZE)    ; 0x36
+    :JMP(opCALLDATACOPY)    ; 0x37
+    :JMP(opCODESIZE)        ; 0x38
+    :JMP(opCODECOPY)        ; 0x39
+    :JMP(opGASPRICE)        ; 0x3a
+    :JMP(opEXTCODESIZE)     ; 0x3b
+    :JMP(opEXTCODECOPY)     ; 0x3c
+    :JMP(opRETURNDATASIZE)  ; 0x3d
+    :JMP(opRETURNDATACOPY)  ; 0x3e
+    :JMP(opEXTCODEHASH)     ; 0x3f
+    :JMP(opBLOCKHASH)       ; 0x40
+    :JMP(opCOINBASE)        ; 0x41
+    :JMP(opTIMESTAMP)       ; 0x42
+    :JMP(opNUMBER)          ; 0x43
+    :JMP(opDIFFICULTY)      ; 0x44
+    :JMP(opGASLIMIT)        ; 0x45
+    :JMP(opCHAINID)         ; 0x46
+    :JMP(opSELFBALANCE)     ; 0x47
+    :JMP(opINVALID)         ; 0x48
+    :JMP(opINVALID)         ; 0x49
+    :JMP(opINVALID)         ; 0x4A
+    :JMP(opINVALID)         ; 0x4B
+    :JMP(opINVALID)         ; 0x4C
+    :JMP(opINVALID)         ; 0x4D
+    :JMP(opINVALID)         ; 0x4E
+    :JMP(opINVALID)         ; 0x4F
+    :JMP(opPOP)             ; 0x50
+    :JMP(opMLOAD)           ; 0x51
+    :JMP(opMSTORE)          ; 0x52
+    :JMP(opMSTORE8)         ; 0x53
+    :JMP(opSLOAD)           ; 0x54
+    :JMP(opSSTORE)          ; 0x55
+    :JMP(opJUMP)            ; 0x56
+    :JMP(opJUMPI)           ; 0x57
+    :JMP(opPC)              ; 0x58
+    :JMP(opMSIZE)           ; 0x59
+    :JMP(opGAS)             ; 0x5a
+    :JMP(opJUMPDEST)        ; 0x5b
+    :JMP(opINVALID)         ; 0x5C
+    :JMP(opINVALID)         ; 0x5D
+    :JMP(opINVALID)         ; 0x5E
+    :JMP(opPUSH0)           ; 0x5F
+    1 => D      :JMP(opPUSH1)           ; 0x60
+    2 => D      :JMP(opPUSH2)           ; 0x61
+    3 => D      :JMP(opPUSH3)           ; 0x62
+    4 => D      :JMP(opPUSH4)           ; 0x63
+    5 => D      :JMP(opPUSH5)           ; 0x64
+    6 => D      :JMP(opPUSH6)           ; 0x65
+    7 => D      :JMP(opPUSH7)           ; 0x66
+    8 => D      :JMP(opPUSH8)           ; 0x67
+    9 => D      :JMP(opPUSH9)           ; 0x68
+    10 => D     :JMP(opPUSH10)          ; 0x69
+    11 => D     :JMP(opPUSH11)          ; 0x6a
+    12 => D     :JMP(opPUSH12)          ; 0x6b
+    13 => D     :JMP(opPUSH13)          ; 0x6c
+    14 => D     :JMP(opPUSH14)          ; 0x6d
+    15 => D     :JMP(opPUSH15)          ; 0x6e
+    16 => D     :JMP(opPUSH16)          ; 0x6f
+    17 => D     :JMP(opPUSH17)          ; 0x70
+    18 => D     :JMP(opPUSH18)          ; 0x71
+    19 => D     :JMP(opPUSH19)          ; 0x72
+    20 => D     :JMP(opPUSH20)          ; 0x73
+    21 => D     :JMP(opPUSH21)          ; 0x74
+    22 => D     :JMP(opPUSH22)          ; 0x75
+    23 => D     :JMP(opPUSH23)          ; 0x76
+    24 => D     :JMP(opPUSH24)          ; 0x77
+    25 => D     :JMP(opPUSH25)          ; 0x78
+    26 => D     :JMP(opPUSH26)          ; 0x79
+    27 => D     :JMP(opPUSH27)          ; 0x7a
+    28 => D     :JMP(opPUSH28)          ; 0x7b
+    29 => D     :JMP(opPUSH29)          ; 0x7c
+    30 => D     :JMP(opPUSH30)          ; 0x7d
+    31 => D     :JMP(opPUSH31)          ; 0x7e
+    32 => D     :JMP(opPUSH32)          ; 0x7f
+    :JMP(opDUP1)            ; 0x80
+    :JMP(opDUP2)            ; 0x81
+    :JMP(opDUP3)            ; 0x82
+    :JMP(opDUP4)            ; 0x83
+    :JMP(opDUP5)            ; 0x84
+    :JMP(opDUP6)            ; 0x85
+    :JMP(opDUP7)            ; 0x86
+    :JMP(opDUP8)            ; 0x87
+    :JMP(opDUP9)            ; 0x88
+    :JMP(opDUP10)           ; 0x89
+    :JMP(opDUP11)           ; 0x8a
+    :JMP(opDUP12)           ; 0x8b
+    :JMP(opDUP13)           ; 0x8c
+    :JMP(opDUP14)           ; 0x8d
+    :JMP(opDUP15)           ; 0x8e
+    :JMP(opDUP16)           ; 0x8f
+    :JMP(opSWAP1)           ; 0x90
+    :JMP(opSWAP2)           ; 0x91
+    :JMP(opSWAP3)           ; 0x92
+    :JMP(opSWAP4)           ; 0x93
+    :JMP(opSWAP5)           ; 0x94
+    :JMP(opSWAP6)           ; 0x95
+    :JMP(opSWAP7)           ; 0x96
+    :JMP(opSWAP8)           ; 0x97
+    :JMP(opSWAP9)           ; 0x98
+    :JMP(opSWAP10)          ; 0x99
+    :JMP(opSWAP11)          ; 0x9a
+    :JMP(opSWAP12)          ; 0x9b
+    :JMP(opSWAP13)          ; 0x9c
+    :JMP(opSWAP14)          ; 0x9d
+    :JMP(opSWAP15)          ; 0x9e
+    :JMP(opSWAP16)          ; 0x9f
+    :JMP(opLOG0)            ; 0xa0
+    :JMP(opLOG1)            ; 0xa1
+    :JMP(opLOG2)            ; 0xa2
+    :JMP(opLOG3)            ; 0xa3
+    :JMP(opLOG4)            ; 0xa4
+    :JMP(opINVALID)         ; 0xA5
+    :JMP(opINVALID)         ; 0xA6
+    :JMP(opINVALID)         ; 0xA7
+    :JMP(opINVALID)         ; 0xA8
+    :JMP(opINVALID)         ; 0xA9
+    :JMP(opINVALID)         ; 0xAA
+    :JMP(opINVALID)         ; 0xAB
+    :JMP(opINVALID)         ; 0xAC
+    :JMP(opINVALID)         ; 0xAD
+    :JMP(opINVALID)         ; 0xAE
+    :JMP(opINVALID)         ; 0xAF
+    :JMP(opINVALID)         ; 0xB0
+    :JMP(opINVALID)         ; 0xB1
+    :JMP(opINVALID)         ; 0xB2
+    :JMP(opINVALID)         ; 0xB3
+    :JMP(opINVALID)         ; 0xB4
+    :JMP(opINVALID)         ; 0xB5
+    :JMP(opINVALID)         ; 0xB6
+    :JMP(opINVALID)         ; 0xB7
+    :JMP(opINVALID)         ; 0xB8
+    :JMP(opINVALID)         ; 0xB9
+    :JMP(opINVALID)         ; 0xBA
+    :JMP(opINVALID)         ; 0xBB
+    :JMP(opINVALID)         ; 0xBC
+    :JMP(opINVALID)         ; 0xBD
+    :JMP(opINVALID)         ; 0xBE
+    :JMP(opINVALID)         ; 0xBF
+    :JMP(opINVALID)         ; 0xC0
+    :JMP(opINVALID)         ; 0xC1
+    :JMP(opINVALID)         ; 0xC2
+    :JMP(opINVALID)         ; 0xC3
+    :JMP(opINVALID)         ; 0xC4
+    :JMP(opINVALID)         ; 0xC5
+    :JMP(opINVALID)         ; 0xC6
+    :JMP(opINVALID)         ; 0xC7
+    :JMP(opINVALID)         ; 0xC8
+    :JMP(opINVALID)         ; 0xC9
+    :JMP(opINVALID)         ; 0xCA
+    :JMP(opINVALID)         ; 0xCB
+    :JMP(opINVALID)         ; 0xCC
+    :JMP(opINVALID)         ; 0xCD
+    :JMP(opINVALID)         ; 0xCE
+    :JMP(opINVALID)         ; 0xCF
+    :JMP(opINVALID)         ; 0xD0
+    :JMP(opINVALID)         ; 0xD1
+    :JMP(opINVALID)         ; 0xD2
+    :JMP(opINVALID)         ; 0xD3
+    :JMP(opINVALID)         ; 0xD4
+    :JMP(opINVALID)         ; 0xD5
+    :JMP(opINVALID)         ; 0xD6
+    :JMP(opINVALID)         ; 0xD7
+    :JMP(opINVALID)         ; 0xD8
+    :JMP(opINVALID)         ; 0xD9
+    :JMP(opINVALID)         ; 0xDA
+    :JMP(opINVALID)         ; 0xDB
+    :JMP(opINVALID)         ; 0xDC
+    :JMP(opINVALID)         ; 0xDD
+    :JMP(opINVALID)         ; 0xDE
+    :JMP(opINVALID)         ; 0xDF
+    :JMP(opINVALID)         ; 0xE0
+    :JMP(opINVALID)         ; 0xE1
+    :JMP(opINVALID)         ; 0xE2
+    :JMP(opINVALID)         ; 0xE3
+    :JMP(opINVALID)         ; 0xE4
+    :JMP(opINVALID)         ; 0xE5
+    :JMP(opINVALID)         ; 0xE6
+    :JMP(opINVALID)         ; 0xE7
+    :JMP(opINVALID)         ; 0xE8
+    :JMP(opINVALID)         ; 0xE9
+    :JMP(opINVALID)         ; 0xEA
+    :JMP(opINVALID)         ; 0xEB
+    :JMP(opINVALID)         ; 0xEC
+    :JMP(opINVALID)         ; 0xED
+    :JMP(opINVALID)         ; 0xEE
+    :JMP(opINVALID)         ; 0xEF
+    :JMP(opCREATE)          ; 0xf0
+    :JMP(opCALL)            ; 0xf1
+    :JMP(opCALLCODE)        ; 0xf2
+    :JMP(opRETURN)          ; 0xf3
+    :JMP(opDELEGATECALL)    ; 0xf4
+    :JMP(opCREATE2)         ; 0xf5
+    :JMP(opINVALID)         ; 0xf6
+    :JMP(opINVALID)         ; 0xf7
+    :JMP(opINVALID)         ; 0xf8
+    :JMP(opINVALID)         ; 0xf9
+    :JMP(opSTATICCALL)      ; 0xfa
+    :JMP(opINVALID)         ; 0xfb
+    :JMP(opINVALID)         ; 0xfc
+    :JMP(opREVERT)          ; 0xfd
+    :JMP(opINVALID)         ; 0xfe
+    :JMP(opSENDALL)         ; 0xff

package/main/modexp/array_lib/array_add_AGTB.zkasm

@@ -0,0 +1,123 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: len(inA) >= len(inB)
+;;
+;;
+;; array_add_AGTB:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · out = inA + inB, with len(out) <= C + 1
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_add_AGTB(a: bigint[], b: bigint[], base: bigint): bigint[] {
+;     const alen = a.length;
+;     const blen = b.length;
+;     let result = new Array<bigint>(alen);
+;     let sum = 0n;
+;     let carry = 0n;
+;     for (let i = 0; i < blen; i++) {
+;         sum = a[i] + b[i] + carry;
+;         carry = sum >= base ? 1n : 0n;
+;         out[i] = sum - carry * base;
+;     }
+;     for (let i = blen; i < alen; i++) {
+;         sum = a[i] + carry;
+;         carry = sum == base ? 1n : 0n; // the past carry is at most 1n
+;         out[i] = sum - carry * base;
+;     }
+
+;     if (carry === 1n) {
+;         result.push(carry);
+;     }
+;     return result;
+; }
+
+; NOTE: It's unoptimized for the case where len(inB) = 1. Use array_add_short instead.
+
+VAR GLOBAL array_add_AGTB_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_add_AGTB_inB[%ARRAY_MAX_LEN]
+VAR GLOBAL array_add_AGTB_out[%ARRAY_MAX_LEN_PLUS_ONE]
+VAR GLOBAL array_add_AGTB_len_inA
+VAR GLOBAL array_add_AGTB_len_inB
+VAR GLOBAL array_add_AGTB_len_out
+
+VAR GLOBAL array_add_AGTB_carry
+
+VAR GLOBAL array_add_AGTB_RR
+
+array_add_AGTB:
+        %MAX_CNT_BINARY - CNT_BINARY     -  2*D     -   C+  D           :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 5 - 14*D - 3 - 9*C+9*D - 8       :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_add_AGTB_RR)
+
+        C               :MSTORE(array_add_AGTB_len_inA)
+        D               :MSTORE(array_add_AGTB_len_inB)
+
+        0 => E ; index in loops
+        0               :MSTORE(array_add_AGTB_carry)
+
+array_add_AGTB_loopZero2inB:
+        ; The result will be stored as D·base + C
+
+        0 => D  ; reset the carry chunk
+
+        ; a[i] + b[i], where a[i],b[i] ∈ [0,base-1]: This number cannot be GT base + (base - 2), two chunks
+        $ => A          :MLOAD(array_add_AGTB_inA + E)
+        $ => B          :MLOAD(array_add_AGTB_inB + E)
+        $ => C          :ADD, JMPNC(__array_add_AGTB_continue_1)
+        1 => D
+                        __array_add_AGTB_continue_1:
+
+        ; sum = (a[i] + b[i]) + carry: This number cannot be GT base + (base - 1), two chunks
+        $ => A          :MLOAD(array_add_AGTB_carry)
+        C => B
+        $ => C          :ADD, JMPNC(__array_add_AGTB_continue_2)
+        1 => D
+                        __array_add_AGTB_continue_2:
+
+        C               :MSTORE(array_add_AGTB_out + E)
+        D               :MSTORE(array_add_AGTB_carry)
+
+        E + 1 => E,A
+        $ => B          :MLOAD(array_add_AGTB_len_inB)
+        B - A           :JMPZ(array_add_AGTB_loop_index_check, array_add_AGTB_loopZero2inB)
+
+array_add_AGTB_loop_index_check:
+        $ => B          :MLOAD(array_add_AGTB_len_inA)
+        B - A           :JMPZ(array_add_AGTB_check_carry)
+
+array_add_AGTB_loopInB2InA:
+        0 => D ; reset the carry chunk
+
+        ; sum = a[i] + carry: This number cannot be GT base, two chunks
+        $ => A          :MLOAD(array_add_AGTB_inA + E)
+        $ => B          :MLOAD(array_add_AGTB_carry)
+        $ => C          :ADD, JMPNC(__array_add_AGTB_continue_3)
+        1 => D
+                        __array_add_AGTB_continue_3:
+
+        C               :MSTORE(array_add_AGTB_out + E)
+        D               :MSTORE(array_add_AGTB_carry)
+
+        E + 1 => E,A
+        $ => B          :MLOAD(array_add_AGTB_len_inA)
+        B - A           :JMPZ(array_add_AGTB_check_carry, array_add_AGTB_loopInB2InA)
+
+array_add_AGTB_check_carry:
+        D => A
+        A               :JMPZ(__array_add_AGTB_continue_4)
+        ; In this case, the carry = 1 and we should append it to the result
+        1               :MSTORE(array_add_AGTB_out + E)
+        E + 1           :MSTORE(array_add_AGTB_len_out)
+                        :JMP(array_add_AGTB_end)
+                        __array_add_AGTB_continue_4:
+        E               :MSTORE(array_add_AGTB_len_out)
+
+array_add_AGTB_end:
+        $ => RR         :MLOAD(array_add_AGTB_RR)
+                        :RETURN