General State, Opcodes, etc
word size: 256 bits
volatile memory, denoted μ.
persistent state/storage (on the blockchain), denoted σ.
All memory locations are initially zero. Program code is stored in a ROM, not easily accessible
A JUMP or JUMPI instruction sets the program counter and therefore starts execution off again from some newly- specified instruction. These must jump to some explicit JUMPDEST instruction, that is not an argument literal of another instruction.
There is only one type of exception. If one occurs, return to the state prior to the current execution, but consume all gas. Exceptions may occur in any of the following circumstances:
There is insufficient remaining gas to cover the cost of an instruction;
An undefined instruction is to be executed;
A jump to an invalid destination occurs.
The stack size would exceed 1024 if the next instruction were to be executed
Gas fees may be charged for the following reasons:
Intrinsic fees charged for computation performed by each instruction
gas may be deducted to pay for a subordinate contract call or creation
gas may be paid to compensate for extra memory usage
The currently executing contract has access to a tuple I , with the following fields:
I_a : the address of the account owning the executing code
I_o : the address of the transaction originating this execution
I_p : the gas price in the originating transaction
I_d : a byte array of the input data
I_s : sender address
I_v : the value (in wei) passed to this account
I_b : the byte array containing the machine code to be executed
I_H : the current block header
I_e : the current contract stack depth (number of CALL and CREATE instructions that have been executed)
The memory state μ , of the currently running contract, is itself subdivided thus:
μ_s : the stack, holds up to 1024 words; initially empty
μ_m : memory contents, initially implicitly 2^256 bytes of zeroes (word-addressed byte array, words stored
big-endian);
μ_g : remaining gas
μ_pc : The program counter (a positive 256 bit integer)
μ_i : the size of the active memory region in words
We also have a substate A, maintained during execution, which contains the following fields (initially empty or zero):
A_s : The suicide set. Accounts to be discarded following transaction completion.
A_l : Log series. archived and indexable "checkpoints" that help contract calls to be tracked.
A_r : Refund balance, accrued by setting nonzero values in σ to zero, using the SSTORE instruction.
At each instruction, gas fees are charged, state is update, and the program counter increments (or jumps).
μ : the EVM's memory; by a slight overloading of terms, this shall mean the same thing as μ_m , above. If a
value v is said to be saved to memory at address α, this means μ[α] <- v. If v is a word, it is saved in big-
endian order in the address range [α, α + 31].
τ : the EVM's execution stack; the same thing as μ_s , above. We have τ[0] the top stack element, and τ[k] the
element k from the top. If an instruction pops m values off the stack and pushes n values onto it, this
behaviour will be denoted -m+n in the table. The size of the stack aer an operation is then (n - m). The
result of operations is usually pushed to the stack.
ρ : the persistent storage available to the executing account. This is equivalent to σ [ I_a ].
I_d : a byte array of extra data that may have been included with the transaction as input to the currently
running contract.
I_b : the bytecode of the currently running contract.
wei : the smallest denomination of the ether currency ether. 10^18 wei constitutes one ether. All ether values
will be given in wei.
Behaviour will mostly be given approximately, and in English. See the yellow paper for precise definitions.
Value Name Behaviour Stack GasCost^
0x00 STOP Halts Execution. -0+0 0
0x01 ADD Sums two numbers. -2+1 3
0x02 MUL Multiplies two numbers. -2+1 5
0x03 SUB Difference: τ[0] - τ[1]. -2+1 3
0x04 DIV Integer floor division resulting from produces a zero result. τ[0] / τ[1]. Division by zero^ -2+1 5
0x05 SDIV Signed division. Fractional parts are truncated towards zero. -2+1 5
0x06 MOD Modulo: τ[0] % τ[1]. Zero modulus produces a zero result. -2+1 5
0x07 SMOD Signed modulo. The sign is that of τ[0]. -2+1 5
0x08 ADDMOD Modular addition: (τ[0] + τ[1]) % τ[2]. -3+1 8
0x09 MULMOD Modular multiplication: (τ[0] τ[1]) % τ*[2]. -3+1 8
0x0a EXP Exponentiation: τ[0] ^ τ[1]. -2+
log(τ*
[1])
0x0b SIGNEXTEND
Extend the sign bit of a smaller integer up to 32 bytes. Let b be the
high bit of the τ[0]'th byte of τ[1]. Set all bits in the result more
significant than b equal to b. The remaining bits are copied from τ[1].
In what follows, truth is represented by 1, falsehood by 0.
Value Name Behaviour Stack Gas Cost
0x10 LT Unsigned less-than relation: τ[0] < τ[1] -2+1 3
0x11 GT Unsigned greater-than relation: τ[0] > τ[1] -2+1 3
0x12 SLT Signed less-than relation: τ[0] < τ[1] -2+1 3
0x13 SGT Signed greater-than relation: τ[0] > τ[1] -2+1 3
0x14 EQ equality: τ[0] = τ[1] -2+1 3
0x15 ISZERO Logical negation. 1 if τ[0] is 0, 0 otherwise. -1+1 3
0x16 AND Bitwise AND. -2+1 3
0x17 OR Bitwise OR. -2+1 3
0x18 XOR Bitwise XOR. -2+1 3
0x19 NOT Bitwise NOT. -1+1 3
0x1a BYTE Retrieve the τ[0]'th byte from τ[1]. Zero if τ[0] is greater than 31. -2+1 3
Value Name Behaviour Stack Gas Cost
0x20 SHA3 Calculate the hash of the memory region from address address (τ[0] + τ[1] - 1). τ[0] up to the^ -2+1 30 + 6 [1] / 32) (τ*
Value Name Behaviour Stack GasCost^
0x30 ADDRESS Get the address of the currently executing contract. -0+1 2
0x31 BALANCE Get the balance of the account at address no such account. τ[0]. Zero if there is^ -1+1 20
0x32 ORIGIN Get the externally-controlled account which originated thecurrent execution. That is, the root of the contract call tree.^ -0+1 2
0x33 CALLER Get the address of the account that's directly responsible forthe current transaction.^ -0+1 2
0x34 CALLVALUE Get the value of ether sent with this transaction. -0+1 2
0x35 CALLDATALOAD Fetch the word and place it on the stack. Out-of-range values are zero.τ[0] from the input data I_d of this transaction,^ -1+1 3
0x36 CALLDATASIZE The length of I_d in bytes. -0+1 2
0x37 CALLDATACOPY Copy are zero.τ[2] bytes from I_d [τ[1]] into μ[τ[0]]. Out-of-range values^ -3+
3 (τ*
[2] /
32)
0x38 CODESIZE Get the size of the currently-running code. -0+1 2
0x39 CODECOPY Copy are STOP.τ[2] bytes from I_b [τ[1]] into μ[τ[0]]. Out-of-range values^ -3+
3 (τ*
[2] /
32)
0x3a GASPRICE Get the transaction gas price -0+1 2
0x3b EXTCODESIZE Get the size of the code in the account at the address τ[0]. -1+1 20
0x3c EXTCODECOPY
Let I_c be the contract code of the account at address τ[0].
Copy τ[3] bytes from I_c [τ[2]], into μ[τ[1]]; Out-of-range values
are interpreted as STOP.
3 (τ*
[3]/32)
0x3d RETURNDATASIZE Get the size of output data from the previous call from thecurrent environment.^ -0+1 2
0x3e RETURNDATACOPY
Copy output data ( O ) from previous call to memory. Copies τ[2]
bytes from O [τ[1]], into μ[τ[0]]; Out-of-range values are
interpreted as 0.
3 (τ*
[2] /
32)
Value Name Behaviour Stack GasCost^
0x40 BLOCKHASH Return the hash of block recent blocks. Zero otherwise.τ[1], as long as it was one of the 256 most^ -1+1 20
0x41 COINBASE Return the block beneficiary address (where the mining reward is sent). -0+1 2
0x42 TIMESTAMP Return this block's timestamp. -0+1 2
0x43 NUMBER Return this block's number. -0+1 2
0x44 DIFFICULTY Return this block's difficulty. -0+1 2
0x45 GASLIMIT Return this block's gas limit. -0+1 2
Any of the following instructions which access μ may increase μ_i , the size of the active memory region in words. At any time, μ_i is the highest address that has yet been accessed, divided by 32, more or less.
Value Name Behaviour Stack Gas Cost
0x50 POP Remove an item from thestack.^ -1+0 2
0x51 MLOAD Load the word from address τ[0] onto the stack.μ at the^ -1+1 3
0x52 MSTORE
Save the word τ[1] to
memory in the 32 bytes
starting at address τ[0].
0x53 MSTORE8 Save the lowest byte of to memory at address ττ[0][1]^ -2+0 3
0x54 SLOAD
Load the word at address
τ[0] from storage onto the
stack.
0x55 SSTORE Save a word to storage:ρ[τ[0]] = τ[1].^ -2+
20000 if target cell value is set to nonzero from
zero, 5000 otherwise. A refund of 15000 is
credited to A_r whenever a nonzero cell is set to
zero.
0x56 JUMP Jump execution to theaddress on the stack.^ -1+0 8
0x57 JUMPI Jump to τ[1] is not zero.τ[0] if and only if^ -2+0 10
0x58 PC
Push the address of the last
executed instruction to the
stack.
0x59 MSIZE
Push 32 μ_i to the stack.
This is the size of the active
memory region in bytes*.
0x5a GAS
Push to the stack the
remaining gas aer
executing this instruction.
0x5b JUMPDEST Purely a destination forjumps. Otherwise a NOP.^ -0+0 1
PUSH instructions can push anywhere from 1 to 32 bytes onto the stack as a single word, aligned to the right. These values follow the PUSH immediately in the bytecode. Any out of range values are interpreted as zero. DUP and SWAP instructions have versions for n between 1 and 16. Although the stack operations seem to depend on the value of n chosen, the effect does not, and the gas cost is constant. That is, the appropriate memory is accessed directly in implementations, rather than through a series of stack and memory operations.
Value Name Behaviour Stack Gas Cost
0x60 + (n-1) PUSHn Push the next n bytes from code to the stack. -0+1 3
0x80 + (n-1) DUPn Push a copy of τ[n-1] to the stack. -n+(n+1) 3
0x90 + (n-1) SWAPn Swap τ[0] with τ[n]. -(n+1)+(n+1) 3
Each LOGn instruction, n between 0 and 4, appends a log entry to the substate’s log series. A log contains:
The address of the logging account;
a topic series containing the n words on the stack following τ[1];
a data blob copied from the memory region between τ[0] and (τ[0] + τ[1] - 1). So τ[1] is the number of bytes
to store.
Value Name Behaviour Stack Gas Cost
0xa0 + n LOGn Add a log record with n topics. -(n+2)+0 (8 τ[1]) + ((n + 1) 375)
Value Name Behaviour Stack Gas Cost
0xf0 CREATE
Create a new contract. τ[0] is the Ethereum endowment of the
new contract. Pass a τ[2]-byte-long data block starting at
memory location τ[1] to the new contract as input. Push to the
stack the address of the new contract, or else 0 if creation
failed.
0xf1 CALL
τ[0]: gas quantity to provide for execution. τ[1]: address of the
contract to call. τ[2]: value of ether to send. Send along τ[4]
bytes of memory starting at the address τ[3]. Target contract
returns its result into the τ[6] byte memory region starting at
τ[5]. Push a 0 on the stack if the call failed, or else 1.
(if some
ether is
sent) +
25000 (if
the
target
account
doesn't
exist) +
τ[0]
0xf2 CALLCODE The same as CALL, except execute the code of the currentcontract instead of the code of the receiving contract.^ -7+1 As CALL.
0xf3 RETURN Halt and return the τ[1] bytes of memory from μ[τ[0]]. -2+0 0
0xf4 DELEGATECALL
The same as CALLCODE, except the sender and value of the
parent contract are propagated directly to the called contract.
So the executing contract is acting simply as a relay between its
parent and its child.
-6+1 As CALL.
0xfa STATICCALL
The same as CALL, except the value of ether to be sent is 0, and
the other arguments are all shied down one position, and any
state-changing operations made during the sub-exection will
throw an exception.
0xfd REVERT Halt execution, reverting state changes, refunding remaininggas, and returning the bytes of memory as in RETURN.^ -2+0 0
0xfe INVALID Designated invalid instruction. Immediately halts, consumingall remaining gas.^ -0+0 0
0xff SELFDESTRUCT Halt execution, and add the account to the suicide list. Transferthe balance in this account to the address τ[0].^ -1+
0 gas
cost.
Refund
24000
gas if the
contract
is not
already
in the
suicide
list.