0f41719918
* transaction_context: update make_data_mut comment * bpf_loader: cpi: pass SerializeAccountMetadata to CallerAccount::from* We now have a way to provide CallerAccount with trusted values coming from our internal serialization code and not from untrusted vm space * bpf_loader: direct_mapping: enforce account info pointers to be immutable When direct mapping is enabled, we might need to update account data memory regions across CPI calls. Since the only way we have to retrieve the regions is based on their vm addresses, we enforce vm addresses to be stable. Accounts can still be mutated and resized of course, but it must be done in place. This also locks all other AccountInfo pointers, since there's no legitimate reason to make them point to anything else. * bpf_loader: cpi: access ref_to_len_in_vm through VmValue Direct mapping needs to translate vm values at each access since permissions of the underlying memory might have changed. * direct mapping: improve memory permission tracking across CPI calls Ensure that the data and realloc regions of an account always track the account's permissions. In order to do this, we also need to split realloc regions in their own self contained regions, where before we had: [account fields][account data][account realloc + more account fields + next account fields][next account data][...] we now have: [account fields][account data][account realloc][more account fields + next account fields][next account data][...] Tested in TEST_[FORBID|ALLOW]_WRITE_AFTER_OWNERSHIP_CHANGE* Additionally when direct mapping is on, we must update all perms at once before doing account data updates. Otherwise, updating an account might write into another account whose perms we haven't updated yet. Tested in TEST_FORBID_LEN_UPDATE_AFTER_OWNERSHIP_CHANGE. * bpf_loader: serialization: address review comment don't return vm_addr from push_account_region * bpf_loader: rename push_account_region to push_account_data_region * cpi: fix slow edge case zeroing extra account capacity after shrinking an account When returning from CPI we need to zero all the account memory up to the original length only if we know we're potentially dealing with uninitialized memory. When we know that the spare capacity has deterministic content, we only need to zero new_len..prev_len. This fixes a slow edge case that was triggerable by the following scenario: - load a large account (say 10MB) into the vm - shrink to 10 bytes - would memset 10..10MB - shrink to 9 bytes - would memset 9..10MB - shrink to 8 bytes - would memset 8..10MB - ... Now instead in the scenario above the following will happen: - load a large account (say 10MB) into the vm - shrink to 10 bytes - memsets 10..10MB - shrink to 9 bytes - memsets 9..10 - shrink to 8 bytes - memset 8..9 - ... * bpf_loader: add account_data_region_memory_state helper Shared between serialization and CPI to figure out the MemoryState of an account. * cpi: direct_mapping: error out if ref_to_len_in_vm points to account memory If ref_to_len_in_vm is allowed to be in account memory, calles could mutate it, essentially letting callees directly mutate callers memory. * bpf_loader: direct_mapping: map AccessViolation -> InstructionError Return the proper ReadonlyDataModified / ExecutableDataModified / ExternalAccountDataModified depending on where the violation occurs * bpf_loader: cpi: remove unnecessary infallible slice::get call |
||
---|---|---|
.buildkite | ||
.github | ||
account-decoder | ||
accounts-bench | ||
accounts-cluster-bench | ||
accounts-db | ||
banking-bench | ||
banks-client | ||
banks-interface | ||
banks-server | ||
bench-streamer | ||
bench-tps | ||
bloom | ||
bucket_map | ||
cd | ||
ci | ||
clap-utils | ||
clap-v3-utils | ||
cli | ||
cli-config | ||
cli-output | ||
client | ||
client-test | ||
connection-cache | ||
core | ||
cost-model | ||
docs | ||
dos | ||
download-utils | ||
entry | ||
faucet | ||
frozen-abi | ||
genesis | ||
genesis-utils | ||
geyser-plugin-interface | ||
geyser-plugin-manager | ||
gossip | ||
install | ||
keygen | ||
ledger | ||
ledger-tool | ||
local-cluster | ||
log-analyzer | ||
logger | ||
measure | ||
memory-management | ||
merkle-root-bench | ||
merkle-tree | ||
metrics | ||
multinode-demo | ||
net | ||
net-shaper | ||
net-utils | ||
notifier | ||
perf | ||
poh | ||
poh-bench | ||
program-runtime | ||
program-test | ||
programs | ||
pubsub-client | ||
quic-client | ||
rayon-threadlimit | ||
rbpf-cli | ||
remote-wallet | ||
rpc | ||
rpc-client | ||
rpc-client-api | ||
rpc-client-nonce-utils | ||
rpc-test | ||
runtime | ||
scripts | ||
sdk | ||
send-transaction-service | ||
stake-accounts | ||
storage-bigtable | ||
storage-proto | ||
streamer | ||
system-test | ||
test-validator | ||
thin-client | ||
tokens | ||
tpu-client | ||
transaction-dos | ||
transaction-status | ||
turbine | ||
udp-client | ||
upload-perf | ||
validator | ||
version | ||
watchtower | ||
web3.js | ||
zk-keygen | ||
zk-token-sdk | ||
.clippy.toml | ||
.codecov.yml | ||
.gitignore | ||
.mergify.yml | ||
.travis.yml | ||
CHANGELOG.md | ||
CONTRIBUTING.md | ||
Cargo.lock | ||
Cargo.toml | ||
LICENSE | ||
README.md | ||
RELEASE.md | ||
SECURITY.md | ||
cargo | ||
cargo-build-bpf | ||
cargo-build-sbf | ||
cargo-test-bpf | ||
cargo-test-sbf | ||
fetch-perf-libs.sh | ||
fetch-spl.sh | ||
nextest.toml | ||
run.sh | ||
rust-toolchain.toml | ||
rustfmt.toml | ||
test-abi.sh | ||
vercel.json |
README.md
Building
1. Install rustc, cargo and rustfmt.
$ curl https://sh.rustup.rs -sSf | sh
$ source $HOME/.cargo/env
$ rustup component add rustfmt
When building the master branch, please make sure you are using the latest stable rust version by running:
$ rustup update
When building a specific release branch, you should check the rust version in ci/rust-version.sh
and if necessary, install that version by running:
$ rustup install VERSION
Note that if this is not the latest rust version on your machine, cargo commands may require an override in order to use the correct version.
On Linux systems you may need to install libssl-dev, pkg-config, zlib1g-dev, protobuf etc.
On Ubuntu:
$ sudo apt-get update
$ sudo apt-get install libssl-dev libudev-dev pkg-config zlib1g-dev llvm clang cmake make libprotobuf-dev protobuf-compiler
On Fedora:
$ sudo dnf install openssl-devel systemd-devel pkg-config zlib-devel llvm clang cmake make protobuf-devel protobuf-compiler perl-core
2. Download the source code.
$ git clone https://github.com/solana-labs/solana.git
$ cd solana
3. Build.
$ ./cargo build
Testing
Run the test suite:
$ ./cargo test
Starting a local testnet
Start your own testnet locally, instructions are in the online docs.
Accessing the remote development cluster
devnet
- stable public cluster for development accessible via devnet.solana.com. Runs 24/7. Learn more about the public clusters
Benchmarking
First, install the nightly build of rustc. cargo bench
requires the use of the
unstable features only available in the nightly build.
$ rustup install nightly
Run the benchmarks:
$ cargo +nightly bench
Release Process
The release process for this project is described here.
Code coverage
To generate code coverage statistics:
$ scripts/coverage.sh
$ open target/cov/lcov-local/index.html
Why coverage? While most see coverage as a code quality metric, we see it primarily as a developer productivity metric. When a developer makes a change to the codebase, presumably it's a solution to some problem. Our unit-test suite is how we encode the set of problems the codebase solves. Running the test suite should indicate that your change didn't infringe on anyone else's solutions. Adding a test protects your solution from future changes. Say you don't understand why a line of code exists, try deleting it and running the unit-tests. The nearest test failure should tell you what problem was solved by that code. If no test fails, go ahead and submit a Pull Request that asks, "what problem is solved by this code?" On the other hand, if a test does fail and you can think of a better way to solve the same problem, a Pull Request with your solution would most certainly be welcome! Likewise, if rewriting a test can better communicate what code it's protecting, please send us that patch!
Disclaimer
All claims, content, designs, algorithms, estimates, roadmaps, specifications, and performance measurements described in this project are done with the Solana Labs, Inc. (“SL”) good faith efforts. It is up to the reader to check and validate their accuracy and truthfulness. Furthermore, nothing in this project constitutes a solicitation for investment.
Any content produced by SL or developer resources that SL provides are for educational and inspirational purposes only. SL does not encourage, induce or sanction the deployment, integration or use of any such applications (including the code comprising the Solana blockchain protocol) in violation of applicable laws or regulations and hereby prohibits any such deployment, integration or use. This includes the use of any such applications by the reader (a) in violation of export control or sanctions laws of the United States or any other applicable jurisdiction, (b) if the reader is located in or ordinarily resident in a country or territory subject to comprehensive sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), or (c) if the reader is or is working on behalf of a Specially Designated National (SDN) or a person subject to similar blocking or denied party prohibitions.
The reader should be aware that U.S. export control and sanctions laws prohibit U.S. persons (and other persons that are subject to such laws) from transacting with persons in certain countries and territories or that are on the SDN list. Accordingly, there is a risk to individuals that other persons using any of the code contained in this repo, or a derivation thereof, may be sanctioned persons and that transactions with such persons would be a violation of U.S. export controls and sanctions law.