Implement ecrecover

smoelius · smoelius · commit 55350177c997 · 2025-12-13T07:45:00.000-05:00
diff --git a/integration/stylus/ecrecover.sol b/integration/stylus/ecrecover.sol
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >=0.8.0;
+
+// smoelius: The hash and signature were generated with the default private and public key at:
+// https://8gwifi.org/ecsignverify.jsp
+//
+// The message was the four byte string "1234".
+//
+// For completeness, here are the private and public keys:
+//
+// -----BEGIN EC PRIVATE KEY-----
+// MHQCAQEEIJF1nrba+yqP4mT1I1B3ov1/Mx2ZGT7hLJJaeutk6+lxoAcGBSuBBAAK
+// oUQDQgAEQb1xJnh9HhX7pYbh9pwAVcVEPlhHRwxkAnI8db53xOV39WHzidZ3n9+o
+// yIfQIPWBkAbzwTcB0Ntj+Q4XrcPc5A==
+// -----END EC PRIVATE KEY-----
+//
+// -----BEGIN PUBLIC KEY-----
+// MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEQb1xJnh9HhX7pYbh9pwAVcVEPlhHRwxk
+// AnI8db53xOV39WHzidZ3n9+oyIfQIPWBkAbzwTcB0Ntj+Q4XrcPc5A==
+// -----END PUBLIC KEY-----
+
+contract C {
+    function test_ecrecover() public pure {
+        bytes32 hash = 0x03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4;
+        bytes32 r = 0x46a24eba93079bc1442a5f0d6aa74025305faf5e04f58f35ae4961b5b268aef5;
+        bytes32 s = 0x23bf6d6a32fd70b66e1ff51edfd511cc018e8e7f4c8b3ddd4082c597b458a73c;
+        bytes1 v = 27;
+
+        address actual = ecrecover(hash, v, r, s);
+
+        print("actual = {}".format(actual));
+
+        assert(address(0x6913bA9D8b921aa6702ecB2AEE31Bf41747d84f9) == actual);
+    }
+}
diff --git a/src/codegen/expression.rs b/src/codegen/expression.rs
@@ -2319,12 +2319,37 @@ fn expr_builtin(
 
             // Polkadot: call ecdsa_recover(): https://docs.rs/pallet-contracts/latest/pallet_contracts/api_doc/trait.Version0.html#tymethod.ecdsa_recover
             // Solana: see how neon implements this
-            cfg.add(vartab, Instr::Unimplemented { reachable: true });
+            let var_temp = vartab.temp(
+                &pt::Identifier {
+                    name: "signer".to_owned(),
+                    loc: *loc,
+                },
+                &Type::Address(false),
+            );
 
-            Expression::NumberLiteral {
-                loc: *loc,
-                ty: Type::Bool,
-                value: 0.into(),
+            let [hash, v, r, s] = args else {
+                panic!();
+            };
+
+            let hash = expression(hash, cfg, contract_no, func, ns, vartab, opt);
+            let v = expression(v, cfg, contract_no, func, ns, vartab, opt);
+            let r = expression(r, cfg, contract_no, func, ns, vartab, opt);
+            let s = expression(s, cfg, contract_no, func, ns, vartab, opt);
+
+            cfg.add(
+                vartab,
+                Instr::Call {
+                    res: vec![var_temp],
+                    return_tys: vec![Type::Address(false)],
+                    call: InternalCallTy::Builtin { ast_func_no: 0 },
+                    args: vec![hash, v, r, s],
+                },
+            );
+
+            Expression::Variable {
+                loc: Loc::Codegen,
+                ty: Type::Address(false),
+                var_no: var_temp,
             }
         }
         ast::Builtin::TypeName => {
diff --git a/src/emit/stylus/target.rs b/src/emit/stylus/target.rs
@@ -651,7 +651,176 @@ impl<'a> TargetRuntime<'a> for StylusTarget {
         args: &[BasicMetadataValueEnum<'a>],
         first_arg_type: Option<BasicTypeEnum>,
     ) -> Option<BasicValueEnum<'a>> {
-        unimplemented!()
+        emit_context!(bin);
+
+        assert_eq!(5, args.len());
+
+        let [hash, v, r, s, res] = args else {
+            panic!();
+        };
+
+        // Construct the precompile address (0x0000000000000000000000000000000000000001)
+        // Address is stored in big-endian, so 0x01 goes in the last byte
+        let contract = bin
+            .builder
+            .build_alloca(bin.value_type(), "contract")
+            .unwrap();
+        // Initialize address to zero
+        bin.builder
+            .build_store(contract, bin.address_type().const_zero())
+            .unwrap();
+        // Set last byte to 0x01 by casting to byte pointer
+        let contract_byte_ptr = bin
+            .builder
+            .build_pointer_cast(
+                contract,
+                bin.context.ptr_type(AddressSpace::default()),
+                "contract_byte_ptr",
+            )
+            .unwrap();
+        bin.builder
+            .build_store(
+                ptr_plus_offset(
+                    bin,
+                    contract_byte_ptr,
+                    bin.context.i32_type().const_int(19 as u64, false),
+                ),
+                bin.context.i8_type().const_int(0x01, false),
+            )
+            .unwrap();
+
+        // Construct calldata: hash (32 bytes) + v (1 byte encoded as 32 bytes) + r (32 bytes) + s (32 bytes)
+        // ecrecover expects big-endian format, so we need to byte-swap hash, v, r, and s
+        let calldata = bin
+            .builder
+            .build_array_alloca(
+                bin.context.i8_type(),
+                i32_const!(32 + 32 + 32 + 32 as u64),
+                "buffer",
+            )
+            .unwrap();
+
+        // Convert hash from little-endian to big-endian
+        let hash_be = bin
+            .builder
+            .build_alloca(bin.value_type(), "hash_be")
+            .unwrap();
+        let hash_ptr = bin
+            .builder
+            .build_alloca(bin.value_type(), "hash_ptr")
+            .unwrap();
+        bin.builder
+            .build_store(hash_ptr, hash.into_int_value())
+            .unwrap();
+        call!(
+            "__leNtobeN",
+            &[hash_ptr.into(), hash_be.into(), i32_const!(32).into()]
+        );
+        call!(
+            "__memcpy",
+            &[calldata.into(), hash_be.into(), i32_const!(32).into()]
+        );
+
+        // Convert v from little-endian to big-endian
+        let v_be = bin.builder.build_alloca(bin.value_type(), "v_be").unwrap();
+        let v_ptr = bin.builder.build_alloca(bin.value_type(), "v_ptr").unwrap();
+        bin.builder.build_store(v_ptr, v.into_int_value()).unwrap();
+        call!(
+            "__leNtobeN",
+            &[v_ptr.into(), v_be.into(), i32_const!(32).into()]
+        );
+        call!(
+            "__memcpy",
+            &[
+                ptr_plus_offset(bin, calldata, i32_const!(32)).into(),
+                v_be.into(),
+                i32_const!(32).into()
+            ]
+        );
+
+        // Convert r from little-endian to big-endian
+        let r_be = bin.builder.build_alloca(bin.value_type(), "r_be").unwrap();
+        let r_ptr = bin.builder.build_alloca(bin.value_type(), "r_ptr").unwrap();
+        bin.builder.build_store(r_ptr, r.into_int_value()).unwrap();
+        call!(
+            "__leNtobeN",
+            &[r_ptr.into(), r_be.into(), i32_const!(32).into()]
+        );
+        call!(
+            "__memcpy",
+            &[
+                ptr_plus_offset(bin, calldata, i32_const!(64)).into(),
+                r_be.into(),
+                i32_const!(32).into()
+            ]
+        );
+
+        // Convert s from little-endian to big-endian
+        let s_be = bin.builder.build_alloca(bin.value_type(), "s_be").unwrap();
+        let s_ptr = bin.builder.build_alloca(bin.value_type(), "s_ptr").unwrap();
+        bin.builder.build_store(s_ptr, s.into_int_value()).unwrap();
+        call!(
+            "__leNtobeN",
+            &[s_ptr.into(), s_be.into(), i32_const!(32).into()]
+        );
+        call!(
+            "__memcpy",
+            &[
+                ptr_plus_offset(bin, calldata, i32_const!(96)).into(),
+                s_be.into(),
+                i32_const!(32).into()
+            ]
+        );
+
+        let calldata_len = i32_const!(32 + 32 + 32 + 32);
+
+        let gas = i64_const!(i32::MAX as u64);
+
+        let return_data_len = bin
+            .builder
+            .build_alloca(bin.llvm_type(&Type::Uint(32)), "return_data_len")
+            .unwrap();
+
+        call!(
+            "static_call_contract",
+            &[
+                contract.into(),
+                calldata.into(),
+                calldata_len.into(),
+                gas.into(),
+                return_data_len.into()
+            ],
+            "static_call_contract"
+        );
+
+        // ecrecover returns 32 bytes with the address right-aligned (last 20 bytes)
+        let return_data_buffer = bin
+            .builder
+            .build_array_alloca(bin.context.i8_type(), i32_const!(32), "return_data_buffer")
+            .unwrap();
+
+        call!(
+            "read_return_data",
+            &[
+                return_data_buffer.into(),
+                i32_zero!().into(),
+                i32_const!(32).into()
+            ],
+            "read_return_data"
+        );
+
+        // Skip the first 12 bytes of padding to get the 20-byte address
+        let address_ptr = ptr_plus_offset(bin, return_data_buffer, i32_const!(12));
+        let signer = bin
+            .builder
+            .build_load(bin.address_type(), address_ptr, "signer")
+            .unwrap();
+
+        bin.builder
+            .build_store(res.into_pointer_value(), signer)
+            .unwrap();
+
+        None
     }
 
     /// Calls constructor
@@ -1545,3 +1714,28 @@ mod local {
             .unwrap()
     }
 }
+
+// smoelius: `dump_array` is useful for debugging.
+#[allow(dead_code)]
+fn dump_array<'a, T: TargetRuntime<'a>>(
+    target: &T,
+    bin: &Binary<'a>,
+    array: BasicValueEnum<'a>,
+    array_len: u64,
+    function: FunctionValue<'a>,
+) {
+    emit_context!(bin);
+    let p = array.into_pointer_value();
+    for i in 0..array_len {
+        let x = bin
+            .builder
+            .build_load(
+                bin.llvm_type(&ast::Type::Uint(8)),
+                ptr_plus_offset(bin, p, i32_const!(i)),
+                "x",
+            )
+            .unwrap()
+            .into_int_value();
+        crate::emit::debug_value!(target, bin, Type::Uint(8), x, function);
+    }
+}
diff --git a/src/sema/builtin.rs b/src/sema/builtin.rs
@@ -332,7 +332,7 @@ pub static BUILTIN_FUNCTIONS: Lazy<[Prototype; 29]> = Lazy::new(|| {
                 Type::Bytes(32),
             ],
             ret: vec![Type::Address(false)],
-            target: vec![Target::EVM],
+            target: vec![Target::EVM, Target::Stylus],
             doc: "Recover the address associated with the public key from elliptic curve signature",
             constant: false,
         },
@@ -1939,5 +1939,80 @@ impl Namespace {
             cache_no: None,
             import_no: None,
         });
+
+        let loc = pt::Loc::Builtin;
+        let identifier = |name: &str| Identifier {
+            name: name.into(),
+            loc,
+        };
+
+        self.functions.push(Function::new(
+            loc,
+            loc,
+            identifier("ecrecover"),
+            None,
+            Vec::new(),
+            pt::FunctionTy::Function,
+            Some(pt::Mutability::Pure(loc)),
+            pt::Visibility::Public(Some(loc)),
+            vec![
+                Parameter {
+                    loc,
+                    id: Some(identifier("hash")),
+                    ty: Type::Bytes(32),
+                    ty_loc: Some(loc),
+                    readonly: false,
+                    indexed: false,
+                    infinite_size: false,
+                    recursive: false,
+                    annotation: None,
+                },
+                Parameter {
+                    loc,
+                    id: Some(identifier("v")),
+                    ty: Type::Uint(8),
+                    ty_loc: Some(loc),
+                    readonly: false,
+                    indexed: false,
+                    infinite_size: false,
+                    recursive: false,
+                    annotation: None,
+                },
+                Parameter {
+                    loc,
+                    id: Some(identifier("r")),
+                    ty: Type::Bytes(32),
+                    ty_loc: Some(loc),
+                    readonly: false,
+                    indexed: false,
+                    infinite_size: false,
+                    recursive: false,
+                    annotation: None,
+                },
+                Parameter {
+                    loc,
+                    id: Some(identifier("s")),
+                    ty: Type::Bytes(32),
+                    ty_loc: Some(loc),
+                    readonly: false,
+                    indexed: false,
+                    infinite_size: false,
+                    recursive: false,
+                    annotation: None,
+                },
+            ],
+            vec![Parameter {
+                loc: pt::Loc::Builtin,
+                id: None,
+                ty: Type::Address(false),
+                ty_loc: None,
+                readonly: false,
+                indexed: false,
+                infinite_size: false,
+                recursive: false,
+                annotation: None,
+            }],
+            self,
+        ));
     }
 }
diff --git a/src/sema/expression/literals.rs b/src/sema/expression/literals.rs
@@ -133,7 +133,7 @@ pub(crate) fn hex_number_literal(
     if n.starts_with("0x") && !n.chars().any(|c| c == '_') && n.len() == 42 {
         let address = to_hexstr_eip55(n);
 
-        if ns.target == Target::EVM {
+        if ns.target == Target::EVM || ns.target == Target::Stylus {
             return if address == *n {
                 let s: String = address.chars().skip(2).collect();
 
diff --git a/tests/stylus_tests/ecrecover.rs b/tests/stylus_tests/ecrecover.rs
diff --git a/tests/stylus_tests/mod.rs b/tests/stylus_tests/mod.rs
