Skip to content

[WIP] Feat - Namespaced storage inspection: forge inspect storage-layout --eip7201 #11672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[WIP] Feat - Namespaced storage inspection: forge inspect storage-layout --eip7201 #11672

wants to merge 3 commits into from
+1,338 −138

Conversation

MerkleBoy
Copy link

Motivation

It would be pretty nice to inspect the storage layout of contracts with namespaced storage; especially since this development pattern has become more and more prevalent over the years

Solution

I introduce a few Natspec custom flags that, with the help of AST artifacts, is enough to reliably detect the exact layout of an EIP7201 storage slot and its underlying, or even nested Structs.

  • @custom:storage-bucket <BUCKET_ID> : to declare over the constructor of the contract implementing the namespaced storage
  • @custom:storage-bucket-transient <BUCKET_ID> : same, but for transient storage slots
  • @custom:storage-bucket-schema <BUCKET_ID>: to declare over a getter function that returns the Namespaced storage object
  • @custom:storage-bucket-slot (opt.) <?SLOT_ID> : to be put just before a storage slot's declaration.
  • @custom:storage-bucket-transient-slot (opt.) <SLOT_ID?>: same, but for transient storage

My hope is that, with enough build artifacts trickery, it would be possible to reduce the amount of natspecs comments to one per SLOT_ID; more in line with the EIP.

Screenshot from 2025-09-17 01-16-14

PR Checklist

  • Added Tests
  • Added Documentation
  • Breaking changes

@MerkleBoy
forge inspect storage-layout eip7201 expansion (multi-source)
93c7f92 
I introduce here a new flag for `forge inspect storage-layout --ast` , `--eip7201`;
While it's not completely automated, it is now possible to inspect eip7201 storage, even if it was through the use of libraries and other proxy patterns.

It requires a good knowledge of the storage schemas to begin with, as it requires to flag in the source code pertinent bits.

Available Natspec flag are as follows:

- `@custom:storage-bucket <GETTER_NAME>` : to be put just before a contract's constructor that uses eip7201 storage, for each slot used
- `@custom:storage-bucket-transient <GETER_NAME>` :  same, but for transient storage slots
- `@custom:storage-bucket-slot (opt.) <?SLOT_ID> ` : to be put just before a storage slot's declaration.
- `@custom:storage-bucket-transient-slot (opt.) <SLOT_ID?>`:  same, but for transient storage
- `@custom:storage-bucket-struct <NAMESPACE>:<STRUCT_NAME>` : to put above all declared structs
- `@custom:storage-bucket-enum <NAMESPACE>:<ENUM_NAME>` : for enum declarations
- `@custom:storage-bucket-usertype <NAMESPACE>:<USERTYPE_NAME>` : for user type declarations
- `@custom:storage-bucket-type ${@Custom:storage-bucket} <"keyvalue" / "singleton">` : tags the eip7201 storage's getter with the right name and type (schemaless getter, key/value pair; arrays are not supported yet)
- `@custom:storage-bucket-value <GETTER_RETURN_VALUE>`

The script is able to fill in the blancs most of the time; it'll  get better with time tho
@MerkleBoy
⚡ simplifying usage
3823e92 
removed a few Natspec tags   (storage-bucket-value, storage-bucket-key); made optional the `storage-bucket-slot` (it is now inferred from the contract itself);

To make eip7201 storage detectable by Foundry, just add :
- `@custom:storage-bucket-schema <STORAGE-ID>` over a getter function that reads from the eip7201 slot
- `@custom:storage-bucket <STORAGE-ID>` over the constructor of a contract that uses that storage slot

<STORAGE-ID> must match
@MerkleBoy MerkleBoy mentioned this pull request Sep 17, 2025
Open
2 tasks
@MerkleBoy
Copy link
Author

this solves #7662

@DaniPopes
Copy link
Member

  1. Sorry I don't quite understand your implementation; what are the @custom tags you're searching for, they're not mentioned in the ERC?
  2. we are migrating all usage of solc and solang AST to solar. See:
  1. We have code scattered throughout the code base to handle storage layouts, and more recently PRs to fix this issue implement similar logic: Cannot find the storage slot for a public string variable #3869

@MerkleBoy
Copy link
Author

MerkleBoy commented Sep 17, 2025
edited
Loading

I didn't know about Solar, that's on me

As for the custom tags, yeah, they're not part of the original EIP (though they do define one @custom:storage-location Tag in it); the ones I came up with are mostly there to make a working prototype, and talk whether it would be a good idea to add eip7201 support in a format close to this 👍

onbjerg
onbjerg requested changes Sep 17, 2025
View reviewed changes
Copy link
Contributor

@onbjerg onbjerg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate the effort put into this, but as @DaniPopes mentioned we have most of the tools in place to do this already, and this re-implements a lot of it. For example, we already have Natspec parsers, and we also have a more robust parsing approach for user defined types like structs/enums/mappings.

This PR is also not up to spec with the EIP, which I think is important: I don't think it is super useful that we roll our own approach, even if we think it would be better, as people are already using EIP7201 as-is. As such, I would only be willing to merge something that is up to spec. The spec is also relatively simple:

  • Parse the source file, looking for any user defined types that have @custom:storage-location eip7201:<offset>
  • Add these to the storage layout, computing their storage layout as normal but adding the offset.

Let me know if you need pointers on how to implement this :)

@MerkleBoy
Copy link
Author

MerkleBoy commented Sep 18, 2025
edited
Loading

I'll gladly remove my own parsing logic in favour of something more robust like Solar's; I've started reading the documentation, but if there are specific sections you'd recommend starting with, please let me know @onbjerg.

Regarding the Natspec flags, I think we could rearrange things and re-use the one from the EIP verbatim; however, I suspect we may still need at least one more. Let me explain:

In the EIP, the author defined @custom:storage-location <FORMULA_ID>:<NAMESPACE_ID>. For eip7201, the formula is erc7201(id: string) = keccak256(keccak256(id) - 1) & ~0xff. This works well for defining the slot used as the root of whatever goes into storage there.

But when it comes to storage layout, we’re missing context on how that slot is actually used: are we storing a single instance of a structure, or is that slot acting as the base of a mapping or an array? Maybe I’m overthinking it and we don’t need this level of detail in a storage-layout report... but I thought it would be valuable if we could.

I can’t really say the authors of the EIP were shortsighted, given how popular this storage abstraction has become in just a couple of years, but re-reading it, we have:

Preliminaries

A namespace consists of a set of ordered variables, some of which may be dynamic arrays or mappings, with its values laid out following the same rules as the default storage layout but rooted in some location that is not necessarily slot 0. A contract using namespaces to organize storage is said to use namespaced storage. [...]
link to the EIP here

I get that the authors probably didn’t want to open that can of worms, but the lack of detail on “is this namespace meant to be a single object, a mapping, or an array” makes a big difference:

  • single objects start using storage slots 0-indexed from that root slot
  • mappings use that slot as the base for keccak-based key-pair addressing, with the base itself reserved
  • dynamic arrays use that slot to store the array’s length, and the array itself begins at keccak(base)

We can’t use the same namespace for more than one of these three cases without overwriting critical data. So to compute a valid storage layout, that context either needs to be given explicitly or inferred from compiler artifacts (which is what I was attempting to do here, a bit haphazardly).

Hopefully Solar’s parsing capabilities are strong enough that this becomes trivial. But if it's not, what do you think we should do ?

On a side-note, Certora is using a somewhat-similar method, and have created a few storage layout annotations of their own to bridge that gap.

@MerkleBoy MerkleBoy changed the title Feat - Namespaced storage inspection: forge inspect storage-layout --eip7201 [WIP] Feat - Namespaced storage inspection: forge inspect storage-layout --eip7201 Sep 18, 2025
@onbjerg
Copy link
Contributor

onbjerg commented Sep 19, 2025

But when it comes to storage layout, we’re missing context on how that slot is actually used: are we storing a single instance of a structure, or is that slot acting as the base of a mapping or an array? Maybe I’m overthinking it and we don’t need this level of detail in a storage-layout report... but I thought it would be valuable if we could.

What this EIP does is allow you to specify what p is when you compute storage slots. For example, the storage slot of a key k in a mapping is s = keccak256(h(k) . p) where h is a padding function that depends on the key type, and . is concatenation. Normally, p is determined by the order the storage variable is defined in, but obviously that does not work when you manually set the storage slot.

The way this trick plays out in practice is usually that you define a struct. That is to say, I don't recall anyone using a mapping directly, they'd define a wrapper struct that holds a mapping. There is (almost?) no cost to doing so.

@MerkleBoy
Copy link
Author

The way this trick plays out in practice is usually that you define a struct. That is to say, I don't recall anyone using a mapping directly, they'd define a wrapper struct that holds a mapping. There is (almost?) no cost to doing so.

That makes a lot of sense; not only that, that means I have been using that EIP the wrong way for a while. Thank you very much

I'll keep you guys posted when the Solar version for this PR is ready

@onbjerg onbjerg self-assigned this Sep 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@onbjerg onbjerg onbjerg requested changes

@DaniPopes DaniPopes Awaiting requested review from DaniPopes DaniPopes is a code owner

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@grandizzy grandizzy Awaiting requested review from grandizzy grandizzy is a code owner

@yash-atreya yash-atreya Awaiting requested review from yash-atreya yash-atreya is a code owner

@zerosnacks zerosnacks Awaiting requested review from zerosnacks zerosnacks is a code owner

@0xrusowsky 0xrusowsky Awaiting requested review from 0xrusowsky 0xrusowsky is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@onbjerg onbjerg

Labels
None yet
Projects
Foundry
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MerkleBoy @DaniPopes @onbjerg