solana/programs/bpf_loader/src/serialization.rs

#![allow(clippy::arithmetic_side_effects)]

use {
    byteorder::{ByteOrder, LittleEndian},
    solana_program_runtime::invoke_context::SerializedAccountMetadata,
    solana_rbpf::{
        aligned_memory::{AlignedMemory, Pod},
        ebpf::{HOST_ALIGN, MM_INPUT_START},
        memory_region::{MemoryRegion, MemoryState},
    },
    solana_sdk::{
        bpf_loader_deprecated,
        entrypoint::{BPF_ALIGN_OF_U128, MAX_PERMITTED_DATA_INCREASE, NON_DUP_MARKER},
        instruction::InstructionError,
        pubkey::Pubkey,
        system_instruction::MAX_PERMITTED_DATA_LENGTH,
        transaction_context::{
            BorrowedAccount, IndexOfAccount, InstructionContext, TransactionContext,
        },
    },
    std::mem::{self, size_of},
};

/// Maximum number of instruction accounts that can be serialized into the
/// SBF VM.
const MAX_INSTRUCTION_ACCOUNTS: u8 = NON_DUP_MARKER;

enum SerializeAccount<'a> {
    Account(IndexOfAccount, BorrowedAccount<'a>),
    Duplicate(IndexOfAccount),
}

struct Serializer {
    pub buffer: AlignedMemory<HOST_ALIGN>,
    regions: Vec<MemoryRegion>,
    vaddr: u64,
    region_start: usize,
    aligned: bool,
    copy_account_data: bool,
}

impl Serializer {
    fn new(size: usize, start_addr: u64, aligned: bool, copy_account_data: bool) -> Serializer {
        Serializer {
            buffer: AlignedMemory::with_capacity(size),
            regions: Vec::new(),
            region_start: 0,
            vaddr: start_addr,
            aligned,
            copy_account_data,
        }
    }

    fn fill_write(&mut self, num: usize, value: u8) -> std::io::Result<()> {
        self.buffer.fill_write(num, value)
    }

    pub fn write<T: Pod>(&mut self, value: T) -> u64 {
        self.debug_assert_alignment::<T>();
        let vaddr = self
            .vaddr
            .saturating_add(self.buffer.len() as u64)
            .saturating_sub(self.region_start as u64);
        // Safety:
        // in serialize_parameters_(aligned|unaligned) first we compute the
        // required size then we write into the newly allocated buffer. There's
        // no need to check bounds at every write.
        //
        // AlignedMemory::write_unchecked _does_ debug_assert!() that the capacity
        // is enough, so in the unlikely case we introduce a bug in the size
        // computation, tests will abort.
        unsafe {
            self.buffer.write_unchecked(value);
        }

        vaddr
    }

    fn write_all(&mut self, value: &[u8]) -> u64 {
        let vaddr = self
            .vaddr
            .saturating_add(self.buffer.len() as u64)
            .saturating_sub(self.region_start as u64);
        // Safety:
        // see write() - the buffer is guaranteed to be large enough
        unsafe {
            self.buffer.write_all_unchecked(value);
        }

        vaddr
    }

    fn write_account(
        &mut self,
        account: &mut BorrowedAccount<'_>,
    ) -> Result<u64, InstructionError> {
        let vm_data_addr = if self.copy_account_data {
            let vm_data_addr = self.vaddr.saturating_add(self.buffer.len() as u64);
            self.write_all(account.get_data());
            vm_data_addr
        } else {
            self.push_region(true);
            let vaddr = self.vaddr;
            self.push_account_data_region(account)?;
            vaddr
        };

        if self.aligned {
            let align_offset =
                (account.get_data().len() as *const u8).align_offset(BPF_ALIGN_OF_U128);
            if self.copy_account_data {
                self.fill_write(MAX_PERMITTED_DATA_INCREASE + align_offset, 0)
                    .map_err(|_| InstructionError::InvalidArgument)?;
            } else {
                // The deserialization code is going to align the vm_addr to
                // BPF_ALIGN_OF_U128. Always add one BPF_ALIGN_OF_U128 worth of
                // padding and shift the start of the next region, so that once
                // vm_addr is aligned, the corresponding host_addr is aligned
                // too.
                self.fill_write(MAX_PERMITTED_DATA_INCREASE + BPF_ALIGN_OF_U128, 0)
                    .map_err(|_| InstructionError::InvalidArgument)?;
                self.region_start += BPF_ALIGN_OF_U128.saturating_sub(align_offset);
                // put the realloc padding in its own region
                self.push_region(account.can_data_be_changed().is_ok());
            }
        }

        Ok(vm_data_addr)
    }

    fn push_account_data_region(
        &mut self,
        account: &mut BorrowedAccount<'_>,
    ) -> Result<(), InstructionError> {
        if !account.get_data().is_empty() {
            let region = match account_data_region_memory_state(account) {
                MemoryState::Readable => MemoryRegion::new_readonly(account.get_data(), self.vaddr),
                MemoryState::Writable => {
                    MemoryRegion::new_writable(account.get_data_mut()?, self.vaddr)
                }
                MemoryState::Cow(index_in_transaction) => {
                    MemoryRegion::new_cow(account.get_data(), self.vaddr, index_in_transaction)
                }
            };
            self.vaddr += region.len;
            self.regions.push(region);
        }

        Ok(())
    }

    fn push_region(&mut self, writable: bool) {
        let range = self.region_start..self.buffer.len();
        let region = if writable {
            MemoryRegion::new_writable(
                self.buffer.as_slice_mut().get_mut(range.clone()).unwrap(),
                self.vaddr,
            )
        } else {
            MemoryRegion::new_readonly(
                self.buffer.as_slice().get(range.clone()).unwrap(),
                self.vaddr,
            )
        };
        self.regions.push(region);
        self.region_start = range.end;
        self.vaddr += range.len() as u64;
    }

    fn finish(mut self) -> (AlignedMemory<HOST_ALIGN>, Vec<MemoryRegion>) {
        self.push_region(true);
        debug_assert_eq!(self.region_start, self.buffer.len());
        (self.buffer, self.regions)
    }

    fn debug_assert_alignment<T>(&self) {
        debug_assert!(
            !self.aligned
                || self
                    .buffer
                    .as_slice()
                    .as_ptr_range()
                    .end
                    .align_offset(mem::align_of::<T>())
                    == 0
        );
    }
}

pub fn serialize_parameters(
    transaction_context: &TransactionContext,
    instruction_context: &InstructionContext,
    should_cap_ix_accounts: bool,
    copy_account_data: bool,
) -> Result<
    (
        AlignedMemory<HOST_ALIGN>,
        Vec<MemoryRegion>,
        Vec<SerializedAccountMetadata>,
    ),
    InstructionError,
> {
    let num_ix_accounts = instruction_context.get_number_of_instruction_accounts();
    if should_cap_ix_accounts && num_ix_accounts > MAX_INSTRUCTION_ACCOUNTS as IndexOfAccount {
        return Err(InstructionError::MaxAccountsExceeded);
    }

    let (program_id, is_loader_deprecated) = {
        let program_account =
            instruction_context.try_borrow_last_program_account(transaction_context)?;
        (
            *program_account.get_key(),
            *program_account.get_owner() == bpf_loader_deprecated::id(),
        )
    };

    let accounts = (0..instruction_context.get_number_of_instruction_accounts())
        .map(|instruction_account_index| {
            if let Some(index) = instruction_context
                .is_instruction_account_duplicate(instruction_account_index)
                .unwrap()
            {
                SerializeAccount::Duplicate(index)
            } else {
                let account = instruction_context
                    .try_borrow_instruction_account(transaction_context, instruction_account_index)
                    .unwrap();
                SerializeAccount::Account(instruction_account_index, account)
            }
        })
        // fun fact: jemalloc is good at caching tiny allocations like this one,
        // so collecting here is actually faster than passing the iterator
        // around, since the iterator does the work to produce its items each
        // time it's iterated on.
        .collect::<Vec<_>>();

    if is_loader_deprecated {
        serialize_parameters_unaligned(
            accounts,
            instruction_context.get_instruction_data(),
            &program_id,
            copy_account_data,
        )
    } else {
        serialize_parameters_aligned(
            accounts,
            instruction_context.get_instruction_data(),
            &program_id,
            copy_account_data,
        )
    }
}

pub fn deserialize_parameters(
    transaction_context: &TransactionContext,
    instruction_context: &InstructionContext,
    copy_account_data: bool,
    buffer: &[u8],
    accounts_metadata: &[SerializedAccountMetadata],
) -> Result<(), InstructionError> {
    let is_loader_deprecated = *instruction_context
        .try_borrow_last_program_account(transaction_context)?
        .get_owner()
        == bpf_loader_deprecated::id();
    let account_lengths = accounts_metadata.iter().map(|a| a.original_data_len);
    if is_loader_deprecated {
        deserialize_parameters_unaligned(
            transaction_context,
            instruction_context,
            copy_account_data,
            buffer,
            account_lengths,
        )
    } else {
        deserialize_parameters_aligned(
            transaction_context,
            instruction_context,
            copy_account_data,
            buffer,
            account_lengths,
        )
    }
}

fn serialize_parameters_unaligned(
    accounts: Vec<SerializeAccount>,
    instruction_data: &[u8],
    program_id: &Pubkey,
    copy_account_data: bool,
) -> Result<
    (
        AlignedMemory<HOST_ALIGN>,
        Vec<MemoryRegion>,
        Vec<SerializedAccountMetadata>,
    ),
    InstructionError,
> {
    // Calculate size in order to alloc once
    let mut size = size_of::<u64>();
    for account in &accounts {
        size += 1; // dup
        match account {
            SerializeAccount::Duplicate(_) => {}
            SerializeAccount::Account(_, account) => {
                size += size_of::<u8>() // is_signer
                + size_of::<u8>() // is_writable
                + size_of::<Pubkey>() // key
                + size_of::<u64>()  // lamports
                + size_of::<u64>()  // data len
                + size_of::<Pubkey>() // owner
                + size_of::<u8>() // executable
                + size_of::<u64>(); // rent_epoch
                if copy_account_data {
                    size += account.get_data().len();
                }
            }
        }
    }
    size += size_of::<u64>() // instruction data len
         + instruction_data.len() // instruction data
         + size_of::<Pubkey>(); // program id

    let mut s = Serializer::new(size, MM_INPUT_START, false, copy_account_data);

    let mut accounts_metadata: Vec<SerializedAccountMetadata> = Vec::with_capacity(accounts.len());
    s.write::<u64>((accounts.len() as u64).to_le());
    for account in accounts {
        match account {
            SerializeAccount::Duplicate(position) => {
                accounts_metadata.push(accounts_metadata.get(position as usize).unwrap().clone());
                s.write(position as u8);
            }
            SerializeAccount::Account(_, mut account) => {
                s.write::<u8>(NON_DUP_MARKER);
                s.write::<u8>(account.is_signer() as u8);
                s.write::<u8>(account.is_writable() as u8);
                let vm_key_addr = s.write_all(account.get_key().as_ref());
                let vm_lamports_addr = s.write::<u64>(account.get_lamports().to_le());
                s.write::<u64>((account.get_data().len() as u64).to_le());
                let vm_data_addr = s.write_account(&mut account)?;
                let vm_owner_addr = s.write_all(account.get_owner().as_ref());
                s.write::<u8>(account.is_executable() as u8);
                s.write::<u64>((account.get_rent_epoch()).to_le());
                accounts_metadata.push(SerializedAccountMetadata {
                    original_data_len: account.get_data().len(),
                    vm_key_addr,
                    vm_lamports_addr,
                    vm_owner_addr,
                    vm_data_addr,
                });
            }
        };
    }
    s.write::<u64>((instruction_data.len() as u64).to_le());
    s.write_all(instruction_data);
    s.write_all(program_id.as_ref());

    let (mem, regions) = s.finish();
    Ok((mem, regions, accounts_metadata))
}

pub fn deserialize_parameters_unaligned<I: IntoIterator<Item = usize>>(
    transaction_context: &TransactionContext,
    instruction_context: &InstructionContext,
    copy_account_data: bool,
    buffer: &[u8],
    account_lengths: I,
) -> Result<(), InstructionError> {
    let mut start = size_of::<u64>(); // number of accounts
    for (instruction_account_index, pre_len) in (0..instruction_context
        .get_number_of_instruction_accounts())
        .zip(account_lengths.into_iter())
    {
        let duplicate =
            instruction_context.is_instruction_account_duplicate(instruction_account_index)?;
        start += 1; // is_dup
        if duplicate.is_none() {
            let mut borrowed_account = instruction_context
                .try_borrow_instruction_account(transaction_context, instruction_account_index)?;
            start += size_of::<u8>(); // is_signer
            start += size_of::<u8>(); // is_writable
            start += size_of::<Pubkey>(); // key
            let lamports = LittleEndian::read_u64(
                buffer
                    .get(start..)
                    .ok_or(InstructionError::InvalidArgument)?,
            );
            if borrowed_account.get_lamports() != lamports {
                borrowed_account.set_lamports(lamports)?;
            }
            start += size_of::<u64>() // lamports
                + size_of::<u64>(); // data length
            if copy_account_data {
                let data = buffer
                    .get(start..start + pre_len)
                    .ok_or(InstructionError::InvalidArgument)?;
                // The redundant check helps to avoid the expensive data comparison if we can
                match borrowed_account
                    .can_data_be_resized(data.len())
                    .and_then(|_| borrowed_account.can_data_be_changed())
                {
                    Ok(()) => borrowed_account.set_data_from_slice(data)?,
                    Err(err) if borrowed_account.get_data() != data => return Err(err),
                    _ => {}
                }
                start += pre_len; // data
            }
            start += size_of::<Pubkey>() // owner
                + size_of::<u8>() // executable
                + size_of::<u64>(); // rent_epoch
        }
    }
    Ok(())
}

fn serialize_parameters_aligned(
    accounts: Vec<SerializeAccount>,
    instruction_data: &[u8],
    program_id: &Pubkey,
    copy_account_data: bool,
) -> Result<
    (
        AlignedMemory<HOST_ALIGN>,
        Vec<MemoryRegion>,
        Vec<SerializedAccountMetadata>,
    ),
    InstructionError,
> {
    let mut accounts_metadata = Vec::with_capacity(accounts.len());
    // Calculate size in order to alloc once
    let mut size = size_of::<u64>();
    for account in &accounts {
        size += 1; // dup
        match account {
            SerializeAccount::Duplicate(_) => size += 7, // padding to 64-bit aligned
            SerializeAccount::Account(_, account) => {
                let data_len = account.get_data().len();
                size += size_of::<u8>() // is_signer
                + size_of::<u8>() // is_writable
                + size_of::<u8>() // executable
                + size_of::<u32>() // original_data_len
                + size_of::<Pubkey>()  // key
                + size_of::<Pubkey>() // owner
                + size_of::<u64>()  // lamports
                + size_of::<u64>()  // data len
                + MAX_PERMITTED_DATA_INCREASE
                + size_of::<u64>(); // rent epoch
                if copy_account_data {
                    size += data_len + (data_len as *const u8).align_offset(BPF_ALIGN_OF_U128);
                } else {
                    size += BPF_ALIGN_OF_U128;
                }
            }
        }
    }
    size += size_of::<u64>() // data len
    + instruction_data.len()
    + size_of::<Pubkey>(); // program id;

    let mut s = Serializer::new(size, MM_INPUT_START, true, copy_account_data);

    // Serialize into the buffer
    s.write::<u64>((accounts.len() as u64).to_le());
    for account in accounts {
        match account {
            SerializeAccount::Account(_, mut borrowed_account) => {
                s.write::<u8>(NON_DUP_MARKER);
                s.write::<u8>(borrowed_account.is_signer() as u8);
                s.write::<u8>(borrowed_account.is_writable() as u8);
                s.write::<u8>(borrowed_account.is_executable() as u8);
                s.write_all(&[0u8, 0, 0, 0]);
                let vm_key_addr = s.write_all(borrowed_account.get_key().as_ref());
                let vm_owner_addr = s.write_all(borrowed_account.get_owner().as_ref());
                let vm_lamports_addr = s.write::<u64>(borrowed_account.get_lamports().to_le());
                s.write::<u64>((borrowed_account.get_data().len() as u64).to_le());
                let vm_data_addr = s.write_account(&mut borrowed_account)?;
                s.write::<u64>((borrowed_account.get_rent_epoch()).to_le());
                accounts_metadata.push(SerializedAccountMetadata {
                    original_data_len: borrowed_account.get_data().len(),
                    vm_key_addr,
                    vm_owner_addr,
                    vm_lamports_addr,
                    vm_data_addr,
                });
            }
            SerializeAccount::Duplicate(position) => {
                accounts_metadata.push(accounts_metadata.get(position as usize).unwrap().clone());
                s.write::<u8>(position as u8);
                s.write_all(&[0u8, 0, 0, 0, 0, 0, 0]);
            }
        };
    }
    s.write::<u64>((instruction_data.len() as u64).to_le());
    s.write_all(instruction_data);
    s.write_all(program_id.as_ref());

    let (mem, regions) = s.finish();
    Ok((mem, regions, accounts_metadata))
}

pub fn deserialize_parameters_aligned<I: IntoIterator<Item = usize>>(
    transaction_context: &TransactionContext,
    instruction_context: &InstructionContext,
    copy_account_data: bool,
    buffer: &[u8],
    account_lengths: I,
) -> Result<(), InstructionError> {
    let mut start = size_of::<u64>(); // number of accounts
    for (instruction_account_index, pre_len) in (0..instruction_context
        .get_number_of_instruction_accounts())
        .zip(account_lengths.into_iter())
    {
        let duplicate =
            instruction_context.is_instruction_account_duplicate(instruction_account_index)?;
        start += size_of::<u8>(); // position
        if duplicate.is_some() {
            start += 7; // padding to 64-bit aligned
        } else {
            let mut borrowed_account = instruction_context
                .try_borrow_instruction_account(transaction_context, instruction_account_index)?;
            start += size_of::<u8>() // is_signer
                + size_of::<u8>() // is_writable
                + size_of::<u8>() // executable
                + size_of::<u32>() // original_data_len
                + size_of::<Pubkey>(); // key
            let owner = buffer
                .get(start..start + size_of::<Pubkey>())
                .ok_or(InstructionError::InvalidArgument)?;
            start += size_of::<Pubkey>(); // owner
            let lamports = LittleEndian::read_u64(
                buffer
                    .get(start..)
                    .ok_or(InstructionError::InvalidArgument)?,
            );
            if borrowed_account.get_lamports() != lamports {
                borrowed_account.set_lamports(lamports)?;
            }
            start += size_of::<u64>(); // lamports
            let post_len = LittleEndian::read_u64(
                buffer
                    .get(start..)
                    .ok_or(InstructionError::InvalidArgument)?,
            ) as usize;
            start += size_of::<u64>(); // data length
            if post_len.saturating_sub(pre_len) > MAX_PERMITTED_DATA_INCREASE
                || post_len > MAX_PERMITTED_DATA_LENGTH as usize
            {
                return Err(InstructionError::InvalidRealloc);
            }
            // The redundant check helps to avoid the expensive data comparison if we can
            let alignment_offset = (pre_len as *const u8).align_offset(BPF_ALIGN_OF_U128);
            if copy_account_data {
                let data = buffer
                    .get(start..start + post_len)
                    .ok_or(InstructionError::InvalidArgument)?;
                match borrowed_account
                    .can_data_be_resized(post_len)
                    .and_then(|_| borrowed_account.can_data_be_changed())
                {
                    Ok(()) => borrowed_account.set_data_from_slice(data)?,
                    Err(err) if borrowed_account.get_data() != data => return Err(err),
                    _ => {}
                }
                start += pre_len; // data
            } else {
                // See Serializer::write_account() as to why we have this
                // padding before the realloc region here.
                start += BPF_ALIGN_OF_U128.saturating_sub(alignment_offset);
                let data = buffer
                    .get(start..start + MAX_PERMITTED_DATA_INCREASE)
                    .ok_or(InstructionError::InvalidArgument)?;
                match borrowed_account
                    .can_data_be_resized(post_len)
                    .and_then(|_| borrowed_account.can_data_be_changed())
                {
                    Ok(()) => {
                        borrowed_account.set_data_length(post_len)?;
                        let allocated_bytes = post_len.saturating_sub(pre_len);
                        if allocated_bytes > 0 {
                            borrowed_account
                                .get_data_mut()?
                                .get_mut(pre_len..pre_len.saturating_add(allocated_bytes))
                                .ok_or(InstructionError::InvalidArgument)?
                                .copy_from_slice(
                                    data.get(0..allocated_bytes)
                                        .ok_or(InstructionError::InvalidArgument)?,
                                );
                        }
                    }
                    Err(err) if borrowed_account.get_data().len() != post_len => return Err(err),
                    _ => {}
                }
            }
            start += MAX_PERMITTED_DATA_INCREASE;
            start += alignment_offset;
            start += size_of::<u64>(); // rent_epoch
            if borrowed_account.get_owner().to_bytes() != owner {
                // Change the owner at the end so that we are allowed to change the lamports and data before
                borrowed_account.set_owner(owner)?;
            }
        }
    }
    Ok(())
}

pub(crate) fn account_data_region_memory_state(account: &BorrowedAccount<'_>) -> MemoryState {
    if account.can_data_be_changed().is_ok() {
        if account.is_shared() {
            MemoryState::Cow(account.get_index_in_transaction() as u64)
        } else {
            MemoryState::Writable
        }
    } else {
        MemoryState::Readable
    }
}

#[cfg(test)]
#[allow(clippy::indexing_slicing)]
mod tests {
    use {
        super::*,
        solana_program_runtime::with_mock_invoke_context,
        solana_sdk::{
            account::{Account, AccountSharedData, WritableAccount},
            account_info::AccountInfo,
            bpf_loader,
            entrypoint::deserialize,
            transaction_context::InstructionAccount,
        },
        std::{
            cell::RefCell,
            mem::transmute,
            rc::Rc,
            slice::{self, from_raw_parts, from_raw_parts_mut},
        },
    };

    #[test]
    fn test_serialize_parameters_with_many_accounts() {
        struct TestCase {
            num_ix_accounts: usize,
            append_dup_account: bool,
            should_cap_ix_accounts: bool,
            expected_err: Option<InstructionError>,
            name: &'static str,
        }

        for copy_account_data in [true] {
            for TestCase {
                num_ix_accounts,
                append_dup_account,
                should_cap_ix_accounts,
                expected_err,
                name,
            } in [
                TestCase {
                    name: "serialize max accounts without cap",
                    num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS),
                    should_cap_ix_accounts: false,
                    append_dup_account: false,
                    expected_err: None,
                },
                TestCase {
                    name: "serialize max accounts and append dup without cap",
                    num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS),
                    should_cap_ix_accounts: false,
                    append_dup_account: true,
                    expected_err: None,
                },
                TestCase {
                    name: "serialize max accounts with cap",
                    num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS),
                    should_cap_ix_accounts: true,
                    append_dup_account: false,
                    expected_err: None,
                },
                TestCase {
                    name: "serialize too many accounts with cap",
                    num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS) + 1,
                    should_cap_ix_accounts: true,
                    append_dup_account: false,
                    expected_err: Some(InstructionError::MaxAccountsExceeded),
                },
                TestCase {
                    name: "serialize too many accounts and append dup with cap",
                    num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS),
                    should_cap_ix_accounts: true,
                    append_dup_account: true,
                    expected_err: Some(InstructionError::MaxAccountsExceeded),
                },
                // This test case breaks parameter deserialization and can be cleaned up
                // when should_cap_ix_accounts is enabled.
                //
                // TestCase {
                //     name: "serialize too many accounts and append dup without cap",
                //     num_ix_accounts: usize::from(MAX_INSTRUCTION_ACCOUNTS) + 1,
                //     should_cap_ix_accounts: false,
                //     append_dup_account: true,
                //     expected_err: None,
                // },
            ] {
                let program_id = solana_sdk::pubkey::new_rand();
                let mut transaction_accounts = vec![(
                    program_id,
                    AccountSharedData::from(Account {
                        lamports: 0,
                        data: vec![],
                        owner: bpf_loader::id(),
                        executable: true,
                        rent_epoch: 0,
                    }),
                )];
                for _ in 0..num_ix_accounts {
                    transaction_accounts.push((
                        Pubkey::new_unique(),
                        AccountSharedData::from(Account {
                            lamports: 0,
                            data: vec![],
                            owner: program_id,
                            executable: false,
                            rent_epoch: 0,
                        }),
                    ));
                }
                let mut instruction_accounts: Vec<_> = (0..num_ix_accounts as IndexOfAccount)
                    .map(|index_in_callee| InstructionAccount {
                        index_in_transaction: index_in_callee + 1,
                        index_in_caller: index_in_callee + 1,
                        index_in_callee,
                        is_signer: false,
                        is_writable: false,
                    })
                    .collect();
                if append_dup_account {
                    instruction_accounts.push(instruction_accounts.last().cloned().unwrap());
                }
                let program_indices = [0];
                let instruction_data = vec![];

                with_mock_invoke_context!(
                    invoke_context,
                    transaction_context,
                    transaction_accounts
                );
                invoke_context
                    .transaction_context
                    .get_next_instruction_context()
                    .unwrap()
                    .configure(&program_indices, &instruction_accounts, &instruction_data);
                invoke_context.push().unwrap();
                let instruction_context = invoke_context
                    .transaction_context
                    .get_current_instruction_context()
                    .unwrap();

                let serialization_result = serialize_parameters(
                    invoke_context.transaction_context,
                    instruction_context,
                    should_cap_ix_accounts,
                    copy_account_data,
                );
                assert_eq!(
                    serialization_result.as_ref().err(),
                    expected_err.as_ref(),
                    "{name} test case failed",
                );
                if expected_err.is_some() {
                    continue;
                }

                let (mut serialized, regions, _account_lengths) = serialization_result.unwrap();
                let mut serialized_regions = concat_regions(&regions);
                let (de_program_id, de_accounts, de_instruction_data) = unsafe {
                    deserialize(
                        if copy_account_data {
                            serialized.as_slice_mut()
                        } else {
                            serialized_regions.as_slice_mut()
                        }
                        .first_mut()
                        .unwrap() as *mut u8,
                    )
                };
                assert_eq!(de_program_id, &program_id);
                assert_eq!(de_instruction_data, &instruction_data);
                for account_info in de_accounts {
                    let index_in_transaction = invoke_context
                        .transaction_context
                        .find_index_of_account(account_info.key)
                        .unwrap();
                    let account = invoke_context
                        .transaction_context
                        .get_account_at_index(index_in_transaction)
                        .unwrap()
                        .borrow();
                    assert_eq!(account.lamports(), account_info.lamports());
                    assert_eq!(account.data(), &account_info.data.borrow()[..]);
                    assert_eq!(account.owner(), account_info.owner);
                    assert_eq!(account.executable(), account_info.executable);
                    assert_eq!(account.rent_epoch(), account_info.rent_epoch);
                }
            }
        }
    }

    #[test]
    fn test_serialize_parameters() {
        for copy_account_data in [false, true] {
            let program_id = solana_sdk::pubkey::new_rand();
            let transaction_accounts = vec![
                (
                    program_id,
                    AccountSharedData::from(Account {
                        lamports: 0,
                        data: vec![],
                        owner: bpf_loader::id(),
                        executable: true,
                        rent_epoch: 0,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 1,
                        data: vec![1u8, 2, 3, 4, 5],
                        owner: bpf_loader::id(),
                        executable: false,
                        rent_epoch: 100,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 2,
                        data: vec![11u8, 12, 13, 14, 15, 16, 17, 18, 19],
                        owner: bpf_loader::id(),
                        executable: true,
                        rent_epoch: 200,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 3,
                        data: vec![],
                        owner: bpf_loader::id(),
                        executable: false,
                        rent_epoch: 3100,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 4,
                        data: vec![1u8, 2, 3, 4, 5],
                        owner: bpf_loader::id(),
                        executable: false,
                        rent_epoch: 100,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 5,
                        data: vec![11u8, 12, 13, 14, 15, 16, 17, 18, 19],
                        owner: bpf_loader::id(),
                        executable: true,
                        rent_epoch: 200,
                    }),
                ),
                (
                    solana_sdk::pubkey::new_rand(),
                    AccountSharedData::from(Account {
                        lamports: 6,
                        data: vec![],
                        owner: bpf_loader::id(),
                        executable: false,
                        rent_epoch: 3100,
                    }),
                ),
            ];
            let instruction_accounts: Vec<InstructionAccount> = [1, 1, 2, 3, 4, 4, 5, 6]
                .into_iter()
                .enumerate()
                .map(
                    |(index_in_instruction, index_in_transaction)| InstructionAccount {
                        index_in_transaction,
                        index_in_caller: index_in_transaction,
                        index_in_callee: index_in_transaction - 1,
                        is_signer: false,
                        is_writable: index_in_instruction >= 4,
                    },
                )
                .collect();
            let instruction_data = vec![1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11];
            let program_indices = [0];
            let mut original_accounts = transaction_accounts.clone();
            with_mock_invoke_context!(invoke_context, transaction_context, transaction_accounts);
            invoke_context
                .transaction_context
                .get_next_instruction_context()
                .unwrap()
                .configure(&program_indices, &instruction_accounts, &instruction_data);
            invoke_context.push().unwrap();
            let instruction_context = invoke_context
                .transaction_context
                .get_current_instruction_context()
                .unwrap();

            // check serialize_parameters_aligned
            let (mut serialized, regions, accounts_metadata) = serialize_parameters(
                invoke_context.transaction_context,
                instruction_context,
                true,
                copy_account_data,
            )
            .unwrap();

            let mut serialized_regions = concat_regions(&regions);
            if copy_account_data {
                assert_eq!(serialized.as_slice(), serialized_regions.as_slice());
            }
            let (de_program_id, de_accounts, de_instruction_data) = unsafe {
                deserialize(
                    if copy_account_data {
                        serialized.as_slice_mut()
                    } else {
                        serialized_regions.as_slice_mut()
                    }
                    .first_mut()
                    .unwrap() as *mut u8,
                )
            };

            assert_eq!(&program_id, de_program_id);
            assert_eq!(instruction_data, de_instruction_data);
            assert_eq!(
                (de_instruction_data.first().unwrap() as *const u8).align_offset(BPF_ALIGN_OF_U128),
                0
            );
            for account_info in de_accounts {
                let index_in_transaction = invoke_context
                    .transaction_context
                    .find_index_of_account(account_info.key)
                    .unwrap();
                let account = invoke_context
                    .transaction_context
                    .get_account_at_index(index_in_transaction)
                    .unwrap()
                    .borrow();
                assert_eq!(account.lamports(), account_info.lamports());
                assert_eq!(account.data(), &account_info.data.borrow()[..]);
                assert_eq!(account.owner(), account_info.owner);
                assert_eq!(account.executable(), account_info.executable);
                assert_eq!(account.rent_epoch(), account_info.rent_epoch);

                assert_eq!(
                    (*account_info.lamports.borrow() as *const u64).align_offset(BPF_ALIGN_OF_U128),
                    0
                );
                assert_eq!(
                    account_info
                        .data
                        .borrow()
                        .as_ptr()
                        .align_offset(BPF_ALIGN_OF_U128),
                    0
                );
            }

            deserialize_parameters(
                invoke_context.transaction_context,
                instruction_context,
                copy_account_data,
                serialized.as_slice(),
                &accounts_metadata,
            )
            .unwrap();
            for (index_in_transaction, (_key, original_account)) in
                original_accounts.iter().enumerate()
            {
                let account = invoke_context
                    .transaction_context
                    .get_account_at_index(index_in_transaction as IndexOfAccount)
                    .unwrap()
                    .borrow();
                assert_eq!(&*account, original_account);
            }

            // check serialize_parameters_unaligned
            original_accounts
                .first_mut()
                .unwrap()
                .1
                .set_owner(bpf_loader_deprecated::id());
            invoke_context
                .transaction_context
                .get_account_at_index(0)
                .unwrap()
                .borrow_mut()
                .set_owner(bpf_loader_deprecated::id());

            let (mut serialized, regions, account_lengths) = serialize_parameters(
                invoke_context.transaction_context,
                instruction_context,
                true,
                copy_account_data,
            )
            .unwrap();
            let mut serialized_regions = concat_regions(&regions);

            let (de_program_id, de_accounts, de_instruction_data) = unsafe {
                deserialize_unaligned(
                    if copy_account_data {
                        serialized.as_slice_mut()
                    } else {
                        serialized_regions.as_slice_mut()
                    }
                    .first_mut()
                    .unwrap() as *mut u8,
                )
            };
            assert_eq!(&program_id, de_program_id);
            assert_eq!(instruction_data, de_instruction_data);
            for account_info in de_accounts {
                let index_in_transaction = invoke_context
                    .transaction_context
                    .find_index_of_account(account_info.key)
                    .unwrap();
                let account = invoke_context
                    .transaction_context
                    .get_account_at_index(index_in_transaction)
                    .unwrap()
                    .borrow();
                assert_eq!(account.lamports(), account_info.lamports());
                assert_eq!(account.data(), &account_info.data.borrow()[..]);
                assert_eq!(account.owner(), account_info.owner);
                assert_eq!(account.executable(), account_info.executable);
                assert_eq!(account.rent_epoch(), account_info.rent_epoch);
            }

            deserialize_parameters(
                invoke_context.transaction_context,
                instruction_context,
                copy_account_data,
                serialized.as_slice(),
                &account_lengths,
            )
            .unwrap();
            for (index_in_transaction, (_key, original_account)) in
                original_accounts.iter().enumerate()
            {
                let account = invoke_context
                    .transaction_context
                    .get_account_at_index(index_in_transaction as IndexOfAccount)
                    .unwrap()
                    .borrow();
                assert_eq!(&*account, original_account);
            }
        }
    }

    // the old bpf_loader in-program deserializer bpf_loader::id()
    #[deny(unsafe_op_in_unsafe_fn)]
    pub unsafe fn deserialize_unaligned<'a>(
        input: *mut u8,
    ) -> (&'a Pubkey, Vec<AccountInfo<'a>>, &'a [u8]) {
        // this boring boilerplate struct is needed until inline const...
        struct Ptr<T>(std::marker::PhantomData<T>);
        impl<T> Ptr<T> {
            const COULD_BE_UNALIGNED: bool = std::mem::align_of::<T>() > 1;

            #[inline(always)]
            fn read_possibly_unaligned(input: *mut u8, offset: usize) -> T {
                unsafe {
                    let src = input.add(offset) as *const T;
                    if Self::COULD_BE_UNALIGNED {
                        src.read_unaligned()
                    } else {
                        src.read()
                    }
                }
            }

            // rustc inserts debug_assert! for misaligned pointer dereferences when
            // deserializing, starting from [1]. so, use std::mem::transmute as the last resort
            // while preventing clippy from complaining to suggest not to use it.
            // [1]: https://github.com/rust-lang/rust/commit/22a7a19f9333bc1fcba97ce444a3515cb5fb33e6
            // as for the ub nature of the misaligned pointer dereference, this is
            // acceptable in this code, given that this is cfg(test) and it's cared only with
            // x86-64 and the target only incurs some performance penalty, not like segfaults
            // in other targets.
            #[inline(always)]
            fn ref_possibly_unaligned<'a>(input: *mut u8, offset: usize) -> &'a T {
                #[allow(clippy::transmute_ptr_to_ref)]
                unsafe {
                    transmute(input.add(offset) as *const T)
                }
            }

            // See ref_possibly_unaligned's comment
            #[inline(always)]
            fn mut_possibly_unaligned<'a>(input: *mut u8, offset: usize) -> &'a mut T {
                #[allow(clippy::transmute_ptr_to_ref)]
                unsafe {
                    transmute(input.add(offset) as *mut T)
                }
            }
        }

        let mut offset: usize = 0;

        // number of accounts present

        let num_accounts = Ptr::<u64>::read_possibly_unaligned(input, offset) as usize;
        offset += size_of::<u64>();

        // account Infos

        let mut accounts = Vec::with_capacity(num_accounts);
        for _ in 0..num_accounts {
            let dup_info = Ptr::<u8>::read_possibly_unaligned(input, offset);
            offset += size_of::<u8>();
            if dup_info == NON_DUP_MARKER {
                let is_signer = Ptr::<u8>::read_possibly_unaligned(input, offset) != 0;
                offset += size_of::<u8>();

                let is_writable = Ptr::<u8>::read_possibly_unaligned(input, offset) != 0;
                offset += size_of::<u8>();

                let key = Ptr::<Pubkey>::ref_possibly_unaligned(input, offset);
                offset += size_of::<Pubkey>();

                let lamports = Rc::new(RefCell::new(Ptr::mut_possibly_unaligned(input, offset)));
                offset += size_of::<u64>();

                let data_len = Ptr::<u64>::read_possibly_unaligned(input, offset) as usize;
                offset += size_of::<u64>();

                let data = Rc::new(RefCell::new(unsafe {
                    from_raw_parts_mut(input.add(offset), data_len)
                }));
                offset += data_len;

                let owner: &Pubkey = Ptr::<Pubkey>::ref_possibly_unaligned(input, offset);
                offset += size_of::<Pubkey>();

                let executable = Ptr::<u8>::read_possibly_unaligned(input, offset) != 0;
                offset += size_of::<u8>();

                let rent_epoch = Ptr::<u64>::read_possibly_unaligned(input, offset);
                offset += size_of::<u64>();

                accounts.push(AccountInfo {
                    key,
                    is_signer,
                    is_writable,
                    lamports,
                    data,
                    owner,
                    executable,
                    rent_epoch,
                });
            } else {
                // duplicate account, clone the original
                accounts.push(accounts.get(dup_info as usize).unwrap().clone());
            }
        }

        // instruction data

        let instruction_data_len = Ptr::<u64>::read_possibly_unaligned(input, offset) as usize;
        offset += size_of::<u64>();

        let instruction_data = unsafe { from_raw_parts(input.add(offset), instruction_data_len) };
        offset += instruction_data_len;

        // program Id

        let program_id = Ptr::<Pubkey>::ref_possibly_unaligned(input, offset);

        (program_id, accounts, instruction_data)
    }

    fn concat_regions(regions: &[MemoryRegion]) -> AlignedMemory<HOST_ALIGN> {
        let len = regions.iter().fold(0, |len, region| len + region.len) as usize;
        let mut mem = AlignedMemory::zero_filled(len);
        for region in regions {
            let host_slice = unsafe {
                slice::from_raw_parts(region.host_addr.get() as *const u8, region.len as usize)
            };
            mem.as_slice_mut()[(region.vm_addr - MM_INPUT_START) as usize..][..region.len as usize]
                .copy_from_slice(host_slice)
        }
        mem
    }
}