* check android builds
* feature: set rent_epoch to Epoch::MAX
* tweaks
* Update runtime/src/rent_collector.rs
Co-authored-by: Brooks Prumo <brooks@prumo.org>
* simplify changes to tests
* back out some test changes
* calculate_rent_result passes through Exempt
* move calc outside loop
* if rent epoch is already max, use 'NoRentCollectionNow'
Co-authored-by: Brooks Prumo <brooks@prumo.org>
The commit allocates 2% of slots to running experiments with different
turbine fanouts based on the slot number.
The experiment is feature gated with an additional feature to disable
the experiment.
* Bump sbf-tools to v1.32
This version of sbf-tools is based on Rust 1.65.0 and LLVM 15.0.
* Temporary ignore build-sbf tests until issue with buildkite cache resolved
* vote: Prevent commission update in the second half of epochs
* Address feedback
* Fix tests
* Make the feature enabled by single-contributor
* Use a cooler pubkey
* Registers the feature enable_program_redeployment_cooldown.
* Adds redeployment slot constraint.
* Adds test to assert that closed programs can not be reopened.
* Ensure that program close truncates the account data.
* Adds set_sysvar_for_tests() to SBF program tests.
* Update cost model to use requested_cu instead of estimated cu #27608
* remove CostUpdate and CostModel from replay/tvu
* revive cost update service to send cost tracker stats
* CostModel is now static
* remove unused package
Co-authored-by: Tao Zhu <tao@solana.com>
- Add new compute-budget instruction to set transaction-wide accounts data size limit
- Set default accounts data limit to 10MB, and max to 100MB, per transaction;
- Add getters to make changing default and/or max values easier in the future with feature gates;
- added error counter for transactions exceed data size limit
* Adds proc_macro_derive(CloneZeroed).
* Switches over all use sites of clone_zeroed() and copy_field().
* Removes clone_zeroed() and copy_field().
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
* Add docs for system_instruction and some of its functions
* Apply suggestions from code review
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
* Apply review feedback
* Use PDAs in system_instruction examples
* Fix 'bump seed' terminology in system_instruction docs
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
* SetAuthorityChecked
* restore old logic for loader
* add more upgrade authority checked test cases
* setBufferAuthority checked tests
* format
* add set_buffer_authority_checked instruction to sdk
* Update transaction-status/src/parse_bpf_loader.rs
Co-authored-by: Justin Starry <justin.m.starry@gmail.com>
* add is_set_authority_checked function
* fix set_buffer_authority_checked sdk instruction
* feature gate setAuthorityChecked
* add bpf loader tests for setAuthorityChecked ixs
* test that you can set to same authority
* allow set_authority_checked to be called via cpi (if feature is enabled)
* fix ci
* fmt
Co-authored-by: Justin Starry <justin.m.starry@gmail.com>
Co-authored-by: Justin Starry <justin@solana.com>
* Extends is_nonoverlapping() to be able to deal with two different lengths.
* Uses is_nonoverlapping() for syscall output parameters.
* Feature gates the new throws of SyscallError::CopyOverlapping.
* Adds tests which trigger SyscallError::CopyOverlapping.
* Split out voting and banking threads in banking stage
Additionally this allows us to aggressively prune the buffer for voting threads
as with the new vote state only the latest vote from each validator is
necessary.
* Update local cluster test to use new Vote ix
* Encapsulate transaction storage filtering better
* Address pr comments
* Commit cargo lock change
* clippy
* Remove unsafe impls
* pr comments
* compute_sanitized_transaction -> build_sanitized_transaction
* &Arc -> Arc
* Move test
* Refactor metrics enums
* clippy
* add Eq, PartialEq to EpochInfo
* add Eq, PartialEq related to transactions and messages
* add Eq, PartialEq to Ed25519SignatureOffsets
* add Eq, PartialEq to FeatureSet
* add Eq, PartialEq to fee.rs
* add Eq, PartialEq to GenesisConfig
* don't add Eq to GenesisConfig because floats
* add Eq, PartialEq to PohConfig
* add Eq, PartialEq to SecpSignatureOffsets
* add some missing derives to transaction_context.rs
* add Eq, PartialEq to ProcessedSiblingInstruction
* Use infallible, unchecked methods to write into the serialization buffer
We serialize in two steps: first we compute the size of the buffer, then
we write into it. Therefore there's no need to check if each individual
write fits the buffer - we know it does we just computed the required
size.
* serialize_parameters: remove extra loop/borrows
Remove one extra loop over accounts to gather account lengths. Also
gather all accounts at once and avoid temporary borrows.
* Move creating MemoryRegions for serialized parameters from create_vm to serialize_parameters
This is in preparation of using multiple MemoryRegions once we land direct account mapping.
* bpf_loader: introduce internal API to build serialization buffer/regions
This is prep work for landing the direct_mapping feature, which maps account
data in their own memory regions.
* serialization: fix after API changes
* BorrowedAccount: add set_data_from_slice(), make set_data() take owned values
set_data() used to take a slice and would force alloc+copy if the caller
has owned values (eg account creation, account lookup table).
Expose set_data_from_slice() for callers that have slices, and switch
set_data() to taking an owned Vec.
* BorrowAccount: refactor common accounts_update_delta code in helper method
* BorrowedAccount: add extend_from_slice()
This allows avoiding copies appending entries to account lookup tables.
* BorrowedAccount: remove unnecessary ifs around update_accounts_resize_delta
* Add structure to collect and coalesce vote packets
Will be used in banking stage to throw out extraneous vote packets
before processing
* pr comments
* Update inner lock to arc to improve performance
* keygen: add --use-derivation-path for new & grind
* keygen: add prompt:// uri scheme to new and grind
* fmt
* migrate to clap-v3-utils
* Revert "migrate to clap-v3-utils"
This reverts commit 77f33262ce6c4e95ac1cc62cca32749516f7f357.
* Revert "fmt"
This reverts commit 038cd4ce9628c57dec1f5a4716e2c5baacbe57b3.
* Revert "keygen: add prompt:// uri scheme to new and grind"
This reverts commit 029ea61409a1a16ba2c45483ade2c01f84f25fac.
* - remove `use` from arg
- fix issue from first commit with default value for derivation path
- refactor arg definition and acquiring
* Lets instruction_accounts_lamport_sum() have the &InstructionContext as parameter directly.
* Updates docu comments.
* Uses accessors methods instead of accessing private properties of other structs.
* Adds #![deny(clippy::indexing_slicing)].
* Has get_signers() return a Result instead of using unwrap().
* Removes InvokeContext::get_key_of_account_at_index().
* Replaces InstructionContext::new() by InstructionContext::configure().
Adds TransactionContext::get_next_instruction_context().
* Switch back to using references as parameters.
* Hoists InstructionContext::configure() from TransactionContext::push() into InvokeContext::push().
* Moves InstructionContext::config() to the beginning of InvokeContext::push().
* Hoists InstructionContext::configure() from InvokeContext::push() into InvokeContext::process_instruction().
* Review feedback: Updates docu comments.
* Marks methods and structs which are only to be used by the program runtime.
* Removes TransactionContext::get_keys_of_accounts().
* Adds InstructionContext::get_instruction_accounts_lamport_sum().
* Add a SanitizedMessage type that caches writable accounts indexes
* Add is_writable_account_cache to both SanitizedMessage variants, cache is initialized in constructors
* Check overflow on vote tx compaction boundary
Check for overflow during the conversion between VoteStateUpdate and
CompactVoteStateUpdate.
* Try removing clippy supress
* Relax authority signer check for lookup table creation
* cli: support creating lookup tables without authority signer
* add another create lookup table ix function
* improve help message
* Flattens TransactionContext::instruction_trace.
* Stop the search at transaction level.
* Renames get_instruction_context_at => get_instruction_context_at_nesting_level.
* Removes TransactionContext::get_instruction_trace().
Adds TransactionContext::get_instruction_trace_length() and TransactionContext::get_instruction_context_at_index().
* Have TransactionContext::instruction_accounts_lamport_sum() accept an iterator instead of a slice.
* Removes instruction_trace from ExecutionRecord.
* make InstructionContext::new() private
* Adds the feature disable_cpi_setting_executable_and_rent_epoch.
* Adds the feature gate for disable_cpi_setting_executable_and_rent_epoch.
* Removes TEST_EXECUTABLE_LAMPORTS.
* Test that is_executable and rent_epoch are ignored.
This change sets the receive_window for non-staked node to 1 * PACKET_DATA_SIZE, and maps the staked nodes's connection's receive_window between 1.2 * PACKET_DATA_SIZE to 10 * PACKET_DATA_SIZE based on the stakes.
The changes is based on Quinn library change to support per connection receive_window tweak at the server side. quinn-rs/quinn#1393
* Add API docs for secp256k1_instruction and secp256k1_recover
* typo
* Remove unused variable from secp256k1 program test
* Bump solana_bpf_rust_secp256k1_recover ix count
Co-authored-by: Tyera Eulberg <tyera@solana.com>
* Keypair: implement clone()
This was not implemented upstream in ed25519-dalek to force everyone to
think twice before creating another copy of a potentially sensitive
private key in memory.
See https://github.com/dalek-cryptography/ed25519-dalek/issues/76
However, there are now 9 instances of
Keypair::from_bytes(&keypair.to_bytes())
in the solana codebase and it would be preferable to have a function.
In particular since this also comes up when writing programs and can
cause users to either start messing with lifetimes or discover the
from_bytes() workaround themselves.
This patch opts to not implement the Clone trait. This avoids automatic
use in order to preserve some of the original "let developers think
twice about this" intention.
* Use Keypair::clone
* Concurrent replay slots
* Split out concurrent and single bank replay paths
* Sub function processing of replay results for readability
* Add feature switch for concurrent replay
https://github.com/solana-labs/solana/pull/22292
prevents rent paying accounts creation going forward. However a rent
paying account can linger on for ever if it is continually topped up but
stays below the rent-exempt minimum.
This can prevent eliminating accounts-rewrites and the problematic
rent_epoch field in accounts.
Link to discord discussion:
https://discord.com/channels/428295358100013066/943609352068145162/995202300001927219
This commit restricts rent-paying accounts lifetime extension by
preventing increasing lamports on the account if the account stays below
the rent-exempt minimum.
* Adjusts test cases for stricter requirements.
* Removes account reset in deserialization test.
* Removes verify related test cases.
* Replicates account modification verification logic of PreAccount in BorrowedAccount.
* Adds TransactionContext::account_touched_flags.
* Adds account modification verification to the BPF ABIv0 and ABIv1 deserialization, CPI syscall and program-test.
* Replicates the total sum of all lamports verification of PreAccounts in InstructionContext
* Check that the callers instruction balance is maintained during a call / push.
* Replicates PreAccount statistics in TransactionContext.
* Disable verify() and verify_and_update() if the feature enable_early_verification_of_account_modifications is enabled.
* Moves Option<Rent> of enable_early_verification_of_account_modifications into TransactionContext::new().
* Relaxes AccountDataMeter related test cases.
* Don't touch the account if nothing changes.
* Adds two tests to trigger InstructionError::UnbalancedInstruction.
Co-authored-by: Justin Starry <justin@solana.com>
* Allow extending upgradeable program data account length
* Add is_writable check
* Fix cargo version
* System program fix, comment, and test
* Switch to u32 for serialized bytes value in ix
https://github.com/solana-labs/solana/pull/22292
prevents rent paying account creation going forward. As a result
rent_epoch field for rent exempt accounts is redundant, and advancing
this field will incur expensive account rewrites and cause discrepancy
between accounts-db and cached vote/stake accounts.
This commit adds a feature which upon activation preserves rent_epoch
field for rent exempt accounts so that the field is frozen and is no
longer advanced.
Indirect dependency packages introduce variations in features of other
dependencies, which affect the fingerprints of previously built
packages such as solana-program and cause redundant rebuilds of
affected packages. These changes specify several features in
dependencies specifications explicitly to a common set of
features. The result of such consolidation is improved re-usability of
previously built binary packages across programs/bpf/rust/ packages
when these packages are built in CI jobs.
Follow up commit removes feature gate code separating durable nonce from
blockhash domain. This commit allows to encapsulate any logic
distinguishing legacy vs current nonce versions in the nonce module
after removing the feature gate.
This partially reverts commit 47e62add5b.
Adding back the feature-id so that the master branch can successfully
run ledger-tool across epoch-boundary which enabled the feature.
Note that #25963 backport did not remove the feature-id.
* Adds methods based on instruction_account_index to InstructionContext.
Removes methods which are based on index_in_instruction.
* Adjusts program-runtime.
* Adjusts runtime.
* Adjusts bpf loader.
* Adjusts built-in programs.
* Adjusts program-test and bpf tests.
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority if it's a derived key for which you control the base key
* [vote_authorize_with_seed] Add test helper to create a vote account whose authorities are derived keys
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] Feature gate the `VoteInstruction::AuthorizeWithSeed` processor
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to transaction status parser
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to docs
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority (while checking that the new authority has signed) if it's a derived
key for which you control the base key
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed` to transaction status parser
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeCheckedWithSeed`
https://github.com/solana-labs/solana/pull/25788
permanently disables durable transactions with legacy nonce versions
which are within chain blockhash domain.
This commit adds a new system instruction for a one-time idempotent
upgrade of legacy nonce accounts in order to bump them out of chain
blockhash domain.
https://github.com/solana-labs/solana/pull/25744
separated durable nonce and blockhash domains, which will stop double
execution going forward. However it is possible that a durable
transaction has *already* been executed once as a normal transaction and
it is now a valid durable transaction. #25744 cannot stop such
transactions to be re-executed until the nonce accounts are advanced.
This commit adds a new nonce version indicating that the nonce is moved
out of the blockhash domain, and permanently disables durable
transactions for legacy nonces which are in the blockhash domain.
Usernames and other environment specific information can be revealed
in on-chain program binary files that compiler generates, because it
includes paths to source files as strings in the binary files. The
added option instructs the compiler to strip the path parts up to
and including crate root subdirectory from the path strings added to
the generated binary files.
* Award one credit per dequeued vote when processing VoteStateUpdate instruction,
to match vote rewards of Vote instruction.
* Update feature pubkey to one owned by cc (ashwin)
Co-authored-by: Ashwin Sekar <ashwin@solana.com>
Previous commit separates durable nonce and blockhash domains with a
feature gate. A 2nd feature added in this commit enables durable nonce
at least one epoch after the 1st feature.
By the time 2nd feature is activated, some nonce accounts will have an
old blockhash, but no nonce account can have a recent blockhash.
As a result no transaction (durable or normal) can be executed twice.
AdvanceNonceAccount instruction updates nonce to blockhash. This makes it
possible that a durable transaction is executed twice both as a normal
transaction and a nonce transaction if it uses blockhash (as opposed to nonce)
for its recent_blockhash field.
The commit prevents this double execution by separating nonce and blockhash
domains; when advancing nonce account, blockhash is hashed with a fixed string.
As a result a blockhash cannot be a valid nonce value; and if transaction was
once executed as a normal transaction it cannot be re-executed as a durable
transaction again and vice-versa.
Packets are at the boundary of the system where, vast majority of the
time, they are received from an untrusted source. Raw indexing into the
data buffer can open attack vectors if the offsets are invalid.
Validating offsets beforehand is verbose and error prone.
The commit updates Packet::data() api to take a SliceIndex and always to
return an Option. The call-sites are so forced to explicitly handle the
case where the offsets are invalid.
Move all syscall declarations under solana_program::syscalls. If the target
supports static syscalls (sbfv2), then actually define them statically to avoid
dynamic relocations.
Indices for code and data shreds of the same slot overlap; and so they
will have the same random number generator seed when shuffling cluster
nodes for turbine broadcast.
This results in the same propagation path for code and data shreds of
the same index and effectively smaller sample size for re-transmitter
nodes. For example a 32:32 batch (32 code + 32 data shreds), is
retransmitted through _at most_ 32 unique nodes, whereas ideally we want
~64 unique re-transmitters.
This commit adds shred-type to seed function so that code and data
sherds of the same (slot, index) will (most likely) have different
propagation paths.
Bytes past Packet.meta.size are not valid to read from.
The commit makes the buffer field private and instead provides two
methods:
* Packet::data() which returns an immutable reference to the underlying
buffer up to Packet.meta.size. The rest of the buffer is not valid to
read from.
* Packet::buffer_mut() which returns a mutable reference to the entirety
of the underlying buffer to write into. The caller is responsible to
update Packet.meta.size after writing to the buffer.
* Removes the offset InstructionContext::get_number_of_program_accounts() from InstructionAccount::index_in_caller.
* Removes unreachable SyscallError::InvalidLength in orig_data_lens.get().
* Introduces result return types to get_data_mut(), set_data() and set_data_length() of BorrowedAccount.
* Introduces result return types to set_owner(), set_lamports() and set_executable() of BorrowedAccount.
behzad nouri
dependabot[bot]
Trent Nelson
Brennan Watt
Tao Zhu
HaoranYi
Yihau Chen
Dmitri Makarov
Alexander Meißner
Jeff Washington (jwash)
acheron
Jon Cinque
Brian Anderson
Tyera
ananas-block
apfitzge
Maximilian Schneider
bji
Lijun Wang
Brooks Prumo
Denis K
Sergey Melnychuk
Dmitri Makarov
ryleung-solana
0xripleys
Ashwin Sekar
kirill lykov
Justin Starry
Alexey Skibin
samkim-crypto
Kevin Heavey
Jeff Biseda
Alessandro Decina
Will Hickey
Christian Kamm
DimAn
Florian Hartwig
carllin
leonardkulms
Jon Cinque
Michael Vines
Justin Malčić
Richard Patel
github-actions[bot]
apfitzge
Jeff Washington (jwash)
Richard Patel
Pankaj Garg
Jack May
Ryo Onodera
Steven Luscher
steviez