Merge remote-tracking branch 'origin/master' into split-resource-kind-storage-access

Author: MishkaRogachev

arbnode/batch_poster.go

@@ -2071,9 +2071,9 @@ func (b *BatchPoster) GetBacklogEstimate() uint64 {
 }
 
 func (b *BatchPoster) Start(ctxIn context.Context) {
-	b.dataPoster.Start(ctxIn)
-	b.redisLock.Start(ctxIn)
 	b.StopWaiter.Start(ctxIn, b)
+	b.dataPoster.Start(b.GetContext())
+	b.redisLock.Start(b.GetContext())
 	b.LaunchThread(b.pollForReverts)
 	b.LaunchThread(b.pollForL1PriceData)
 	commonEphemeralErrorHandler := util.NewEphemeralErrorHandler(time.Minute, "", 0)
@@ -2157,9 +2157,9 @@ func (b *BatchPoster) Start(ctxIn context.Context) {
 }
 
 func (b *BatchPoster) StopAndWait() {
-	b.StopWaiter.StopAndWait()
-	b.dataPoster.StopAndWait()
 	b.redisLock.StopAndWait()
+	b.dataPoster.StopAndWait()
+	b.StopWaiter.StopAndWait()
 }
 
 type BoolRing struct {

arbos/programs/programs.go

@@ -116,7 +116,11 @@ func (p Programs) ActivateProgram(evm *vm.EVM, address common.Address, runCtx *c
 		// already activated and up to date
 		return 0, codeHash, common.Hash{}, nil, false, ProgramUpToDateError()
 	}
-	wasm, err := getWasm(statedb, address, params, burner)
+	charger, err := newFragmentReadCharger(burner, evm.ChainConfig().MaxCodeSize())
+	if err != nil {
+		return 0, codeHash, common.Hash{}, nil, false, err
+	}
+	wasm, err := getWasm(statedb, address, params, charger)
 	if err != nil {
 		return 0, codeHash, common.Hash{}, nil, false, err
 	}
@@ -310,14 +314,65 @@ func evmMemoryCost(size uint64) uint64 {
 	return linearCost + squareCost
 }
 
-func getWasm(statedb vm.StateDB, program common.Address, params *StylusParams, burner burn.Burner) ([]byte, error) {
+type fragmentReadCharger struct {
+	burner      burn.Burner
+	maxCodeSize uint64
+}
+
+func newFragmentReadCharger(burner burn.Burner, maxCodeSize uint64) (*fragmentReadCharger, error) {
+	if burner == nil {
+		if maxCodeSize != 0 {
+			return nil, errors.New("maxCodeSize requires fragment read burner")
+		}
+		return nil, nil
+	}
+	if maxCodeSize == 0 {
+		return nil, errors.New("fragment read burner requires maxCodeSize")
+	}
+	return &fragmentReadCharger{
+		burner:      burner,
+		maxCodeSize: maxCodeSize,
+	}, nil
+}
+
+func (charger *fragmentReadCharger) canReadNewFragment(statedb vm.StateDB, addr common.Address) error {
+	if charger == nil {
+		return nil
+	}
+	cost, err := fragmentReadGasCost(statedb.AddressInAccessList(addr), charger.maxCodeSize)
+	if err != nil {
+		return err
+	}
+	if charger.burner.GasLeft() < cost.SingleGas() {
+		return charger.burner.BurnOut()
+	}
+	return nil
+}
+
+func (charger *fragmentReadCharger) chargeForReadingFragment(statedb vm.StateDB, addr common.Address, codeSize uint64) error {
+	if charger == nil {
+		return nil
+	}
+	warm := statedb.AddressInAccessList(addr)
+	if !warm {
+		statedb.AddAddressToAccessList(addr)
+	}
+	cost, err := fragmentReadGasCost(warm, codeSize)
+	if err != nil {
+		log.Trace("fragment copy gas overflow", "address", addr, "codeSize", codeSize, "err", err)
+		return err
+	}
+	return charger.burner.BurnMultiGas(cost)
+}
+
+func getWasm(statedb vm.StateDB, program common.Address, params *StylusParams, charger *fragmentReadCharger) ([]byte, error) {
 	prefixedWasm := statedb.GetCode(program)
-	return getWasmFromContractCode(statedb, prefixedWasm, params, burner)
+	return getWasmFromContractCode(statedb, prefixedWasm, params, charger)
 }
 
-// burner is used to charge gas for reading fragments. If it is present activation is assumed, and activation checks are enforced.
-// Only pass a burner if activating the program.
-func getWasmFromContractCode(statedb vm.StateDB, prefixedWasm []byte, params *StylusParams, burner burn.Burner) ([]byte, error) {
+// charger is used to charge gas for reading fragments. If it is present activation is assumed, and activation checks are enforced.
+// Only pass a charger if activating the program.
+func getWasmFromContractCode(statedb vm.StateDB, prefixedWasm []byte, params *StylusParams, charger *fragmentReadCharger) ([]byte, error) {
 	if len(prefixedWasm) == 0 {
 		return nil, ProgramNotWasmError()
 	}
@@ -328,7 +383,7 @@ func getWasmFromContractCode(statedb vm.StateDB, prefixedWasm []byte, params *St
 
 	if params.arbosVersion >= gethParams.ArbosVersion_StylusContractLimit {
 		if state.IsStylusRootProgramPrefix(prefixedWasm) {
-			return getWasmFromRootStylus(statedb, prefixedWasm, params.MaxWasmSize, params.MaxFragmentCount, burner)
+			return getWasmFromRootStylus(statedb, prefixedWasm, params.MaxWasmSize, params.MaxFragmentCount, charger)
 		}
 
 		if state.IsStylusFragmentPrefix(prefixedWasm) {
@@ -353,15 +408,15 @@ func getWasmFromClassicStylus(data []byte, maxSize uint32) ([]byte, error) {
 	return arbcompress.DecompressWithDictionary(wasm, int(maxSize), dict)
 }
 
-// burner is used to charge gas for reading fragments. If it is present activation is assumed, and activation checks are enforced.
-// Only pass a burner if activating the program.
-func getWasmFromRootStylus(statedb vm.StateDB, data []byte, maxSize uint32, maxFragments uint8, burner burn.Burner) ([]byte, error) {
+// charger is used to charge gas for reading fragments. If it is present activation is assumed, and activation checks are enforced.
+// Only pass a charger if activating the program.
+func getWasmFromRootStylus(statedb vm.StateDB, data []byte, maxSize uint32, maxFragments uint8, charger *fragmentReadCharger) ([]byte, error) {
 	root, err := state.NewStylusRoot(data)
 	if err != nil {
 		return nil, err
 	}
 
-	if burner != nil {
+	if charger != nil {
 		if root.DecompressedLength > maxSize {
 			return nil, fmt.Errorf("invalid wasm: decompressedLength %d is greater then MaxWasmSize %d", root.DecompressedLength, maxSize)
 		}
@@ -376,11 +431,15 @@ func getWasmFromRootStylus(statedb vm.StateDB, data []byte, maxSize uint32, maxF
 
 	var compressedWasm []byte
 	for _, addr := range root.Addresses {
+		// Fail before touching state unless the caller can afford a max-sized fragment
+		// read; once the fragment length is known, charge only the actual read cost.
+		if err := charger.canReadNewFragment(statedb, addr); err != nil {
+			return nil, err
+		}
+
 		fragCode := statedb.GetCode(addr)
-		if burner != nil {
-			if err := chargeFragmentReadGas(burner, statedb, addr, uint64(len(fragCode))); err != nil {
-				return nil, err
-			}
+		if err := charger.chargeForReadingFragment(statedb, addr, uint64(len(fragCode))); err != nil {
+			return nil, err
 		}
 
 		payload, err := state.StripStylusFragmentPrefix(fragCode)
@@ -408,31 +467,24 @@ func getWasmFromRootStylus(statedb vm.StateDB, data []byte, maxSize uint32, maxF
 	return wasm, nil
 }
 
-// chargeFragmentReadGas charges EXTCODECOPY-style gas for reading fragment code.
-func chargeFragmentReadGas(burner burn.Burner, statedb vm.StateDB, addr common.Address, codeSize uint64) error {
-	// charge access gas
+func fragmentReadGasCost(warm bool, codeSize uint64) (multigas.MultiGas, error) {
 	var cost multigas.MultiGas
-	if statedb.AddressInAccessList(addr) {
+	if warm {
 		cost = multigas.ComputationGas(gethParams.WarmStorageReadCostEIP2929)
 	} else {
-		statedb.AddAddressToAccessList(addr)
 		cost = multigas.StorageAccessReadGas(gethParams.ColdAccountAccessCostEIP2929)
 	}
-	// charge copy gas
 	words := ToWordSize(codeSize)
 	copyGas, overflow := gethMath.SafeMul(words, gethParams.CopyGas)
 	if overflow {
-		log.Trace("fragment copy gas overflow", "address", addr, "codeSize", codeSize, "words", words, "copyGas", gethParams.CopyGas)
-		return vm.ErrGasUintOverflow
+		log.Trace("fragment copy gas overflow", "codeSize", codeSize, "words", words, "copyGas", gethParams.CopyGas)
+		return multigas.ZeroGas(), vm.ErrGasUintOverflow
 	}
 	if cost, overflow = cost.SafeIncrement(multigas.ResourceKindStorageAccessRead, copyGas); overflow {
-		log.Trace("fragment copy gas overflow", "address", addr, "codeSize", codeSize, "copyGas", copyGas)
-		return vm.ErrGasUintOverflow
-	}
-	if err := burner.BurnMultiGas(cost); err != nil {
-		return err
+		log.Trace("fragment copy gas overflow", "codeSize", codeSize, "copyGas", copyGas)
+		return multigas.ZeroGas(), vm.ErrGasUintOverflow
 	}
-	return nil
+	return cost, nil
 }
 
 func getStylusCompressionDict(id byte) (arbcompress.Dictionary, error) {

arbos/programs/programs_fragment_test.go

@@ -0,0 +1,164 @@
+// Copyright 2026, Offchain Labs, Inc.
+// For license information, see https://github.com/offchainlabs/nitro/blob/master/LICENSE.md
+
+package programs
+
+import (
+	"encoding/binary"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/ethereum/go-ethereum/arbitrum/multigas"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/state"
+	"github.com/ethereum/go-ethereum/core/tracing"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/core/vm"
+	gethParams "github.com/ethereum/go-ethereum/params"
+
+	"github.com/offchainlabs/nitro/arbcompress"
+	"github.com/offchainlabs/nitro/arbos/util"
+)
+
+type testBurner struct {
+	gasSupplied uint64
+	gasUsed     multigas.MultiGas
+}
+
+func newTestBurner(gasSupplied uint64) *testBurner {
+	return &testBurner{gasSupplied: gasSupplied}
+}
+
+func (b *testBurner) Burn(kind multigas.ResourceKind, amount uint64) error {
+	if b.GasLeft() < amount {
+		return b.BurnOut()
+	}
+	b.gasUsed.SaturatingIncrementInto(kind, amount)
+	return nil
+}
+
+func (b *testBurner) BurnMultiGas(amount multigas.MultiGas) error {
+	if b.GasLeft() < amount.SingleGas() {
+		return b.BurnOut()
+	}
+	b.gasUsed.SaturatingAddInto(amount)
+	return nil
+}
+
+func (b *testBurner) Burned() uint64 {
+	return b.gasUsed.SingleGas()
+}
+
+func (b *testBurner) GasLeft() uint64 {
+	return b.gasSupplied - b.gasUsed.SingleGas()
+}
+
+func (b *testBurner) BurnOut() error {
+	b.gasUsed.SaturatingIncrementInto(multigas.ResourceKindComputation, b.GasLeft())
+	return vm.ErrOutOfGas
+}
+
+func (*testBurner) Restrict(error) {}
+
+func (*testBurner) HandleError(err error) error {
+	return err
+}
+
+func (*testBurner) ReadOnly() bool {
+	return false
+}
+
+func (*testBurner) TracingInfo() *util.TracingInfo {
+	return nil
+}
+
+func makeFragmentedRootForTest(t *testing.T) (*state.StateDB, []byte, []byte, common.Address, []byte) {
+	t.Helper()
+
+	statedb, err := state.New(types.EmptyRootHash, state.NewDatabaseForTesting())
+	require.NoError(t, err)
+
+	wasm := []byte("fragment gas reserve regression test")
+	compressedWasm, err := arbcompress.Compress(wasm, arbcompress.LEVEL_WELL, arbcompress.EmptyDictionary)
+	require.NoError(t, err)
+
+	fragmentCode := append(state.NewStylusFragmentPrefix(), compressedWasm...)
+	fragmentAddr := common.Address{1}
+	statedb.SetCode(fragmentAddr, fragmentCode, tracing.CodeChangeUnspecified)
+
+	rootCode := make([]byte, 0, 8+common.AddressLength)
+	rootCode = append(rootCode, state.NewStylusRootPrefix(byte(arbcompress.EmptyDictionary))...)
+	var decompressedLen [4]byte
+	// #nosec G115
+	binary.BigEndian.PutUint32(decompressedLen[:], uint32(len(wasm)))
+	rootCode = append(rootCode, decompressedLen[:]...)
+	rootCode = append(rootCode, fragmentAddr.Bytes()...)
+
+	return statedb, rootCode, wasm, fragmentAddr, fragmentCode
+}
+
+func TestGetWasmFromRootStylusRequiresMaxFragmentReadReserve(t *testing.T) {
+	statedb, rootCode, _, fragmentAddr, fragmentCode := makeFragmentedRootForTest(t)
+
+	actualCost, err := fragmentReadGasCost(false, uint64(len(fragmentCode)))
+	require.NoError(t, err)
+	maxCost, err := fragmentReadGasCost(false, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+	require.Greater(t, maxCost.SingleGas(), actualCost.SingleGas())
+
+	burner := newTestBurner(actualCost.SingleGas())
+	charger, err := newFragmentReadCharger(burner, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+
+	wasm, err := getWasmFromRootStylus(statedb, rootCode, 1<<20, 1, charger)
+	require.Nil(t, wasm)
+	require.ErrorIs(t, err, vm.ErrOutOfGas)
+	require.Equal(t, actualCost.SingleGas(), burner.Burned())
+	require.False(t, statedb.AddressInAccessList(fragmentAddr))
+}
+
+func TestGetWasmFromRootStylusBurnsActualFragmentReadCostAfterPreflight(t *testing.T) {
+	statedb, rootCode, expectedWasm, fragmentAddr, fragmentCode := makeFragmentedRootForTest(t)
+
+	actualCost, err := fragmentReadGasCost(false, uint64(len(fragmentCode)))
+	require.NoError(t, err)
+	maxCost, err := fragmentReadGasCost(false, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+	require.Greater(t, maxCost.SingleGas(), actualCost.SingleGas())
+
+	burner := newTestBurner(maxCost.SingleGas())
+	charger, err := newFragmentReadCharger(burner, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+
+	// #nosec G115
+	wasm, err := getWasmFromRootStylus(statedb, rootCode, uint32(len(expectedWasm)), 1, charger)
+	require.NoError(t, err)
+	require.Equal(t, expectedWasm, wasm)
+	require.Equal(t, actualCost.SingleGas(), burner.Burned())
+	require.Equal(t, maxCost.SingleGas()-actualCost.SingleGas(), burner.GasLeft())
+	require.True(t, statedb.AddressInAccessList(fragmentAddr))
+}
+
+func TestGetWasmFromRootStylusUsesWarmFragmentReadCostWhenAddressIsWarm(t *testing.T) {
+	statedb, rootCode, expectedWasm, fragmentAddr, fragmentCode := makeFragmentedRootForTest(t)
+	statedb.AddAddressToAccessList(fragmentAddr)
+
+	actualCost, err := fragmentReadGasCost(true, uint64(len(fragmentCode)))
+	require.NoError(t, err)
+	maxCost, err := fragmentReadGasCost(true, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+	require.Greater(t, maxCost.SingleGas(), actualCost.SingleGas())
+
+	burner := newTestBurner(maxCost.SingleGas())
+	charger, err := newFragmentReadCharger(burner, gethParams.DefaultMaxCodeSize)
+	require.NoError(t, err)
+
+	// #nosec G115
+	wasm, err := getWasmFromRootStylus(statedb, rootCode, uint32(len(expectedWasm)), 1, charger)
+	require.NoError(t, err)
+	require.Equal(t, expectedWasm, wasm)
+	require.Equal(t, actualCost.SingleGas(), burner.Burned())
+	require.Equal(t, maxCost.SingleGas()-actualCost.SingleGas(), burner.GasLeft())
+	require.True(t, statedb.AddressInAccessList(fragmentAddr))
+}

changelog/kolbyml-nit-4634.md

@@ -0,0 +1,2 @@
+### Changed
+- Preflight the worst-case fragment read gas during multi-fragment Stylus activation, then charge the actual EXTCODECOPY-style cost after the fragment code is read.

changelog/pmikolajczyk-nit-4666.md

@@ -0,0 +1,2 @@
+### Fixed
+ - Fix StopWaiter lifecycle ordering: stop children before parent in StopAndWait, and pass managed context to children in Start

cmd/el-proxy/main.go

@@ -137,12 +137,12 @@ func NewExpressLaneProxy(
 
 func (p *ExpressLaneProxy) Start(ctx context.Context) {
 	p.StopWaiter.Start(ctx, p)
-	p.expressLaneTracker.Start(ctx)
+	p.expressLaneTracker.Start(p.GetContext())
 }
 
 func (p *ExpressLaneProxy) StopAndWait() {
-	p.StopWaiter.StopAndWait()
 	p.expressLaneTracker.StopAndWait()
+	p.StopWaiter.StopAndWait()
 }
 
 var ErrorInternalConnectionError = errors.New("internal connection error")

execution/gethexec/addressfilter/service.go

@@ -84,7 +84,7 @@ func (s *FilterService) Start(ctx context.Context) {
 		return s.config.PollInterval
 	})
 
-	s.addressChecker.Start(ctx)
+	s.addressChecker.Start(s.GetContext())
 
 	log.Info("address-filter service started",
 		"poll_interval", s.config.PollInterval,