Fix partial reads for returndata, code, and transient storage

gnidan · gnidan · commit 60925f944c8e · 2026-03-09T16:34:01.000-04:00
Copy-based reads (returndata, code) returned left-aligned values
from MLOAD without right-aligning for partial reads (length &lt; 32).
Add shift+mask path matching calldata's partial read handling.

Transient storage reads used TLOAD without offset/length handling.
Add the same partial-slot extraction as regular storage reads.
diff --git a/packages/bugc/src/evmgen/generation/instructions/storage.test.ts b/packages/bugc/src/evmgen/generation/instructions/storage.test.ts
@@ -102,7 +102,7 @@ describe("generateRead", () => {
   });
 
   describe("returndata reads", () => {
-    it("should use RETURNDATACOPY + MLOAD", () => {
+    it("should use RETURNDATACOPY + MLOAD for full read", () => {
       const mnemonics = mnemonicsFor([
         {
           kind: "read",
@@ -127,11 +127,40 @@ describe("generateRead", () => {
       expect(mnemonics).toContain("MLOAD");
       // Should zero scratch memory first
       expect(mnemonics).toContain("MSTORE");
+      // Full read — no shift/mask needed
+      expect(mnemonics).not.toContain("SHR");
+    });
+
+    it("should shift+mask for partial returndata read", () => {
+      const mnemonics = mnemonicsFor([
+        {
+          kind: "read",
+          location: "returndata",
+          offset: {
+            kind: "const",
+            value: 0n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          length: {
+            kind: "const",
+            value: 20n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          type: Ir.Type.Scalar.address,
+          dest: "%1",
+          operationDebug: {},
+        },
+      ]);
+
+      expect(mnemonics).toContain("RETURNDATACOPY");
+      expect(mnemonics).toContain("MLOAD");
+      expect(mnemonics).toContain("SHR");
+      expect(mnemonics).toContain("AND");
     });
   });
 
   describe("code reads", () => {
-    it("should use CODECOPY + MLOAD", () => {
+    it("should use CODECOPY + MLOAD for full read", () => {
       const mnemonics = mnemonicsFor([
         {
           kind: "read",
@@ -154,11 +183,59 @@ describe("generateRead", () => {
 
       expect(mnemonics).toContain("CODECOPY");
       expect(mnemonics).toContain("MLOAD");
+      expect(mnemonics).not.toContain("SHR");
+    });
+
+    it("should shift+mask for partial code read", () => {
+      const mnemonics = mnemonicsFor([
+        {
+          kind: "read",
+          location: "code",
+          offset: {
+            kind: "const",
+            value: 0n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          length: {
+            kind: "const",
+            value: 4n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          type: Ir.Type.Scalar.uint256,
+          dest: "%1",
+          operationDebug: {},
+        },
+      ]);
+
+      expect(mnemonics).toContain("CODECOPY");
+      expect(mnemonics).toContain("MLOAD");
+      expect(mnemonics).toContain("SHR");
+      expect(mnemonics).toContain("AND");
     });
   });
 
   describe("transient storage reads", () => {
-    it("should use TLOAD", () => {
+    it("should use TLOAD for full read", () => {
+      const mnemonics = mnemonicsFor([
+        {
+          kind: "read",
+          location: "transient",
+          slot: {
+            kind: "const",
+            value: 0n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          type: Ir.Type.Scalar.uint256,
+          dest: "%1",
+          operationDebug: {},
+        },
+      ]);
+
+      expect(mnemonics).toContain("TLOAD");
+      expect(mnemonics).not.toContain("SHR");
+    });
+
+    it("should shift+mask for partial transient read", () => {
       const mnemonics = mnemonicsFor([
         {
           kind: "read",
@@ -168,13 +245,25 @@ describe("generateRead", () => {
             value: 0n,
             type: Ir.Type.Scalar.uint256,
           },
+          offset: {
+            kind: "const",
+            value: 0n,
+            type: Ir.Type.Scalar.uint256,
+          },
+          length: {
+            kind: "const",
+            value: 1n,
+            type: Ir.Type.Scalar.uint256,
+          },
           type: Ir.Type.Scalar.uint256,
           dest: "%1",
           operationDebug: {},
         },
       ]);
 
       expect(mnemonics).toContain("TLOAD");
+      expect(mnemonics).toContain("SHR");
+      expect(mnemonics).toContain("AND");
     });
   });
 });
diff --git a/packages/bugc/src/evmgen/generation/instructions/storage.ts b/packages/bugc/src/evmgen/generation/instructions/storage.ts
@@ -45,11 +45,7 @@ export function generateRead<S extends Stack>(
 
   // Handle transient storage reads
   if (inst.location === "transient" && inst.slot) {
-    return pipe<S>()
-      .then(loadValue(inst.slot, { debug }), { as: "key" })
-      .then(TLOAD({ debug }), { as: "value" })
-      .then(storeValueIfNeeded(inst.dest, { debug }))
-      .done();
+    return generateTransientRead(inst, debug);
   }
 
   // Handle memory reads
@@ -131,6 +127,57 @@ function generateStorageRead<S extends Stack>(
   );
 }
 
+/**
+ * Transient storage read: TLOAD with optional partial extraction.
+ * Same shift+mask logic as regular storage reads.
+ */
+function generateTransientRead<S extends Stack>(
+  inst: Ir.Instruction.Read,
+  debug: Ir.Instruction.Debug,
+): Transition<S, readonly ["value", ...S]> {
+  const offset = inst.offset?.kind === "const" ? inst.offset.value : 0n;
+  const length = inst.length?.kind === "const" ? inst.length.value : 32n;
+
+  if (offset === 0n && length === 32n) {
+    return pipe<S>()
+      .then(loadValue(inst.slot!, { debug }), { as: "key" })
+      .then(TLOAD({ debug }), { as: "value" })
+      .then(storeValueIfNeeded(inst.dest, { debug }))
+      .done();
+  }
+
+  // Partial read - same shift+mask as storage
+  return (
+    pipe<S>()
+      .then(loadValue(inst.slot!, { debug }), { as: "key" })
+      .then(TLOAD({ debug }), { as: "value" })
+
+      .then(PUSHn((32n - BigInt(offset) - BigInt(length)) * 8n, { debug }), {
+        as: "shift",
+      })
+      .then(SHR({ debug }), { as: "shiftedValue" })
+      .then(PUSHn(1n, { debug }), { as: "b" })
+
+      // mask = (1 << (length * 8)) - 1
+      .then(PUSHn(1n, { debug }), { as: "value" })
+      .then(PUSHn(BigInt(length) * 8n, { debug }), {
+        as: "shift",
+      })
+      .then(SHL({ debug }), { as: "a" })
+      .then(SUB({ debug }), { as: "mask" })
+      .then(
+        rebrand<"mask", "a", "shiftedValue", "b">({
+          1: "a",
+          2: "b",
+        }),
+      )
+
+      .then(AND({ debug }), { as: "value" })
+      .then(storeValueIfNeeded(inst.dest, { debug }))
+      .done()
+  );
+}
+
 /**
  * Calldata read: CALLDATALOAD reads 32 bytes at a given offset.
  * For partial reads, shift+mask to extract the desired bytes.
@@ -194,7 +241,38 @@ function generateCopyBasedRead<S extends Stack>(
 ): Transition<S, readonly ["value", ...S]> {
   const length = inst.length?.kind === "const" ? inst.length.value : 32n;
 
-  // Clear scratch memory first so partial copies are zero-padded
+  if (length === 32n) {
+    // Full 32-byte read — copy and load directly
+    return (
+      pipe<S>()
+        // Zero out scratch: MSTORE(0x60, 0)
+        .then(PUSHn(0n, { debug }), { as: "value" })
+        .then(PUSHn(SCRATCH_OFFSET, { debug }), { as: "offset" })
+        .then(MSTORE({ debug }))
+
+        // COPY(destOffset=0x60, offset, size=32)
+        .then(PUSHn(32n, { debug }), { as: "size" })
+        .then(loadValue(inst.offset!, { debug }), {
+          as: "offset",
+        })
+        .then(PUSHn(SCRATCH_OFFSET, { debug }), {
+          as: "destOffset",
+        })
+        .then(copyOp({ debug }))
+
+        // MLOAD from scratch
+        .then(PUSHn(SCRATCH_OFFSET, { debug }), {
+          as: "offset",
+        })
+        .then(MLOAD({ debug }), { as: "value" })
+        .then(storeValueIfNeeded(inst.dest, { debug }))
+        .done()
+    );
+  }
+
+  // Partial read: copy `length` bytes to scratch, MLOAD
+  // returns left-aligned data, shift right to right-align,
+  // then mask.
   return (
     pipe<S>()
       // Zero out scratch: MSTORE(0x60, 0)
@@ -204,13 +282,40 @@ function generateCopyBasedRead<S extends Stack>(
 
       // COPY(destOffset=0x60, offset, size=length)
       .then(PUSHn(BigInt(length), { debug }), { as: "size" })
-      .then(loadValue(inst.offset!, { debug }), { as: "offset" })
-      .then(PUSHn(SCRATCH_OFFSET, { debug }), { as: "destOffset" })
+      .then(loadValue(inst.offset!, { debug }), {
+        as: "offset",
+      })
+      .then(PUSHn(SCRATCH_OFFSET, { debug }), {
+        as: "destOffset",
+      })
       .then(copyOp({ debug }))
 
-      // MLOAD from scratch
-      .then(PUSHn(SCRATCH_OFFSET, { debug }), { as: "offset" })
+      // MLOAD from scratch — value is left-aligned
+      .then(PUSHn(SCRATCH_OFFSET, { debug }), {
+        as: "offset",
+      })
       .then(MLOAD({ debug }), { as: "value" })
+
+      // Shift right to right-align
+      .then(PUSHn((32n - BigInt(length)) * 8n, { debug }), { as: "shift" })
+      .then(SHR({ debug }), { as: "shiftedValue" })
+      .then(PUSHn(1n, { debug }), { as: "b" })
+
+      // mask = (1 << (length * 8)) - 1
+      .then(PUSHn(1n, { debug }), { as: "value" })
+      .then(PUSHn(BigInt(length) * 8n, { debug }), {
+        as: "shift",
+      })
+      .then(SHL({ debug }), { as: "a" })
+      .then(SUB({ debug }), { as: "mask" })
+      .then(
+        rebrand<"mask", "a", "shiftedValue", "b">({
+          1: "a",
+          2: "b",
+        }),
+      )
+
+      .then(AND({ debug }), { as: "value" })
       .then(storeValueIfNeeded(inst.dest, { debug }))
       .done()
   );
