execution: fix EIP-8037 state gas reservoir restore & CREATE state gas ordering

[yperbasis]

• Fix two uint64 underflow bugs in EIP-8037 multidimensional gas accounting that caused incorrect receipt gasUsed when child frames reverted with a state gas reservoir that grew beyond its initial value (via sub-child reverts)
• Move CREATE/CREATE2 state gas charge (account creation) from the dynamic gas functions into opCreate/opCreate2, after the static-context and initcode-size checks, so state gas is not consumed on early failures where no state is created (aligns with feat(spec-specs): EIP-8037 - move CREATE state gas charge after initcode size validation ethereum/execution-specs#2608)
• Update execution-spec-tests submodule to bal@v5.6.1
• Skip 2 BAL tests where coinbase==target exposes a separate TxIn bug in exec3_parallel finalize (TODO)

[yperbasis]

The scenario that triggers both bugs

EIP-8037 says:

On child revert or exceptional halt, all state gas consumed by the child, both from the reservoir and any that spilled into gas_left, is restored to the parent's reservoir.

"Spill" is state gas that was charged from gas_left (regular gas) because the reservoir ran dry. When a child reverts, that spill gets moved into the parent's reservoir. This means a frame's reservoir can grow beyond its initial value after a sub-child revert.

Concrete example with three nested frames:

1. Frame A calls Frame B with reservoir = 100
2. Frame B calls Frame C with reservoir = 100
3. Frame C charges 120 state gas: 100 from reservoir, 20 from regular (spill). Reservoir = 0.
4. Frame C reverts. Per the EIP quote above, all 120 goes back to B's reservoir. B's reservoir is now 120 — above the 100 it started with. The 20 regular gas spent on spill has been converted into reservoir gas.
5. Frame B charges 10 state gas from reservoir. Reservoir = 110.
6. Frame B reverts.

Bug 1: handleFrameRevert (evm.go:215)

At step 6, handleFrameRevert runs for Frame B with initialChildState = 100 and gas.State = 110.

The old code:

reservoirUsed := initialChildState - gas.State   // 100 - 110 → uint64 underflow!

This wraps to ~2^64, which poisons the spill calculation and the subsequent reservoir restoration:

gas.State = initialChildState + spill            // overwrites to ~100, losing the 20 from C's revert

The fix guards the subtraction and changes the restoration to preserve sub-child contributions:

var reservoirUsed uint64
if initialChildState > gas.State {
    reservoirUsed = initialChildState - gas.State
}
// ...
gas.State += childStateConsumed                  // 110 + 10 = 120, preserving C's 20

Bug 2: txn_executor.go receipt gasUsed

EIP-8037 defines receipt gas:

tx_gas_used_before_refund = tx.gas - tx_output.gas_left - tx_output.state_gas_reservoir

The old code computed this via MdGas.Minus():

func (g MdGas) Minus(other MdGas) MdGas {
    return MdGas{
        Regular: g.Regular - other.Regular,
        State:   g.State - other.State,      // underflows when reservoir grew
    }
}

When gasRemaining.State > initialGas.State (same reservoir-growth scenario, at the top-level frame), the .State component underflows, and .Total() returns garbage.

The fix implements the EIP formula directly on the combined sum:

st.initialGas.Total() - st.gasRemaining.Total()

This works because spill transfers gas between dimensions but preserves the total: if State grew by 20, Regular shrank by 20 (the spill came from regular gas). So gasRemaining.Total() ≤ initialGas.Total() always holds, even when individual components don't.

[yperbasis]

Observation on depth-0 spill computation

The spill computation at depth 0 can produce a value that doesn't correspond to the actual spill in the depth-0 frame's own execution. For example, if depth-0 consumed state gas entirely from the reservoir but a sub-child's spill-and-revert caused the reservoir to grow, the computed "spill" includes gas that wasn't really spilled at this depth.

This is not a bug because RevertedSpillGas exactly cancels the spill added to gas.Regular in the final receipt formula (initialGas.Total() - gasRemaining.Total() + RevertedSpillGas()). But it means gas.Regular and RevertedSpillGas individually carry inexact intermediate values — worth keeping in mind if they're ever used independently in the future.

[Copilot]

Pull request overview

Fixes EIP-8037 multi-dimensional gas accounting on reverts so state gas reservoir restoration doesn’t trigger uint64 underflows and receipt gasUsed remains correct when child-frame reverts cause the reservoir to grow.

Changes:

• Adjust handleFrameRevert to restore child-consumed state gas by incrementing the existing reservoir (preserving sub-child restorations) and compute spill safely when the reservoir grows.
• Update transaction receipt gas used computation to avoid per-dimension subtraction underflow by subtracting at Total() level.
• Misc: remove unsafe MdGas.Minus, fix tracer test gas used math, tweak EEST devnet test skips, and CI setup (Windows longpaths + broader LFS fixture include globs).

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
execution/vm/interpreter.go	Updates comment describing revert-path reservoir restoration behavior.
execution/vm/evm.go	Fixes EIP-8037 revert accounting: spill computation and reservoir restoration on child revert.
execution/tracing/tracers/js/tracer_test.go	Avoids MdGas.Minus/underflow by computing gas used via total subtraction.
execution/tests/eest_devnet/block_test.go	Skips a BAL devnet test due to a known recording bug.
execution/protocol/txn_executor.go	Computes receipt gasUsed using Total()-level subtraction; removes mdGasUsed() helper.
execution/protocol/mdgas/md_gas.go	Removes MdGas.Minus (unsafe under uint64 underflow).
.github/actions/setup-erigon/action.yml	Enables git long paths on Windows; broadens LFS fixture include patterns for devnet blobs/RLP-limit tests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.