Witness generation fixes when comparing to Reth

[jsign]

This PR contains fixes to the witness generation spec:

• The code incorrectly tracked MPT nodes while mutating the MPT nodes in post-state root calculation. While this is correct to detect sibilings in branch compressions, is not a generally correct approach, since these passes will track transient MPT node states. Both read and writes storage-slots accessed must be walked before any post-state root mutation. The post-state root procedure should only focus on potential sibilings required for branch compressions.
• Bytecode created during block execution was included in the witness, which is not correct. This happened since the state tracker tracks all used bytecode. This was solved by only including bytecodes from the state tracker that existed in the pre-state.
• Add a dirty field into IncrementalMPT nodes to track which ones were created or edited during post-state root calculation. This is a subtle need to correctly add sibiling nodes during branch compressions. Before the fix, we always included these sibiling nodes. This is not correct, since we must only include sibiling nodes if and only if they existed in the pre-state trie. If they were created during post-state root execution (say, in a previous storage slot update) then they are “runtime created nodes” that the stateless execution will have thus not require in the witness.
• Many EIP-7702 cases of code access didn’t track delegation as required bytecodes in the witness.
• We were including account accesses for all withdrawals. This was changed to only do it if the amount is not zero (which is a border case).
• For SELFDESTRUCT and 7702 cases, we need more aggressive short-circuiting of state access during gas charging logic. This is a quite subtle requirement, since we must avoid any unrequired state access for gas charging that might surface in OOG situations. During an OOG situation, any unrequired state access will surface as a bloated execution witness. Without execution witnesses involved, these details aren’t important for a spec implementation, but production ELs do short-circuiting since they are technically DoS vectors (i.e., you shouldn’t do state accesses without the guarantee they will be paid).

Apart from spec fixes, I added two new tests that are very simple but cover two corner cases that wasn’t detected (by pure chance) in the ~9k existing tests:

• Add a minimal test that surfaces the situation where a branch compression can be avoided by applying the requested rule: “do insertions/updatings first and deletions after”. This surfaces if an EL is not satisfying this, since it will include more MPT nodes than needed (i.e. a sibling). This test surfaced that Reth wasn’t applying this rule.
• Create another situation where a branch compression indeed applies when implementing the correct ordering for post-state root calculation. But the detail here is that the sibling during branch compression was created during block execution — this means this sibling must not be included in the witness, since it didn’t exist in the pre-state. This catches if ELs are not correctly considering this important detail.

I'm tempted to add more tests, but trying to keep that away from this PR and can keep stacking on top in separate ones.

Note: all these bugs were found by running the 9k tests with spec execution witness against Reth. Reth would run the test in stateful mode, generate its own witness and compare it against the fixture execution witness. Reth also had other bugs that the spec helped to find, but those live in other PRs.

Note: I keep this as a separate PR on top of #1 to help have a timeline on how things happened, and also keep #1 frozen since I know some people in STEEL already review it.

[jsign]

track_bytecode_access now checks if the provided address in the new parameter existed in the pre-state of the block. If it doesn't exist, this bytecode won't be in the witness since the bytecode was generated during block execution.

Probably with the official state tracker we might approach it differently -- just explaining the code change here.

[jsign]

This was the most tricky thing to fix in the spec, which is related to the point I mentioned in the PR description about avoiding bloating the execution witness in OOG situations.

The access_delegation function always did an account access and bytecode fetching before charging gas for a potential CALL/CALLCODE/DELEGATECALL/STATICCALL.

While this is nice to simplify things in the spec, revm is way more optimzed to avoid this unrequired state access before it is sure it can charge a potential COLD_ACCCESS. If you don't have enough gas for that charge, in theory you shouldn't have done the db access since is a DoS vector.

This means the spec must do the same, since if you still do it (apart that is a DoS vector) it will make the state tracker include it in the witness.

Most of this file changes are consequences of avoiding this access in access_delegation, and leaving that db access after the gas charging has passed -- done inside the generic_call which is "as late as possible" when the account data is needed (instead of "sooner than needed" which created this problem).

[jsign]

We need to charge gas in parts here. Because in L573 we do an account access. If you already didn't have gas to reach that point, that state access must be avoided to avoid bloating the witness.

[jsign]

We must move this check as soon as possible too -- if you do SELFDESTRUCT in a STATICCALL context you must fail since if the value isn't zero, this isn't allowed.

This is also done to avoid the bloating that is_account_alive / get_account in L574 would do if we don't fail fast enough.

[jsign]

This tracking of bytecode access in 7702 was missing.

[jsign]

If the withdrawal is for 0 ETH, then we avoid this call to avoid bloating the witness. The stateles validator can skip this withdrawal if won't modify the state, thus the witness data isn't required.

[jsign]

This is just a helper that I needed to debug all things -- we can remove it eventually.

[jsign]

This is related to the first bullet I mentioned in the PR description.

Any pre-state MPT proof should be captured before any state tree change. If we don't do this, we might capture "transient MPT nodes" that we edited while post-state root calculation.

[jsign]

As mentioned in the PR description, this is a new boolena marker for all types of nodes in the MPT tree.

This is required, since whenever we capture potential sibilings in branch compressions we must be sure they existed in the pre-state tree. If they were edited or created during post-state root calculation, they must not be in the witness.

[jsign]

I think these tests are a bit self describing.

[kevaundray]

small nit: Tuple[bool, Address, Uint]