https://github.com/solana-labs/solana/pull/22292
prevents rent paying accounts creation going forward. However a rent
paying account can linger on for ever if it is continually topped up but
stays below the rent-exempt minimum.
This can prevent eliminating accounts-rewrites and the problematic
rent_epoch field in accounts.
Link to discord discussion:
https://discord.com/channels/428295358100013066/943609352068145162/995202300001927219
This commit restricts rent-paying accounts lifetime extension by
preventing increasing lamports on the account if the account stays below
the rent-exempt minimum.
* Adjusts test cases for stricter requirements.
* Removes account reset in deserialization test.
* Removes verify related test cases.
* Replicates account modification verification logic of PreAccount in BorrowedAccount.
* Adds TransactionContext::account_touched_flags.
* Adds account modification verification to the BPF ABIv0 and ABIv1 deserialization, CPI syscall and program-test.
* Replicates the total sum of all lamports verification of PreAccounts in InstructionContext
* Check that the callers instruction balance is maintained during a call / push.
* Replicates PreAccount statistics in TransactionContext.
* Disable verify() and verify_and_update() if the feature enable_early_verification_of_account_modifications is enabled.
* Moves Option<Rent> of enable_early_verification_of_account_modifications into TransactionContext::new().
* Relaxes AccountDataMeter related test cases.
* Don't touch the account if nothing changes.
* Adds two tests to trigger InstructionError::UnbalancedInstruction.
Co-authored-by: Justin Starry <justin@solana.com>
* Allow extending upgradeable program data account length
* Add is_writable check
* Fix cargo version
* System program fix, comment, and test
* Switch to u32 for serialized bytes value in ix
https://github.com/solana-labs/solana/pull/22292
prevents rent paying account creation going forward. As a result
rent_epoch field for rent exempt accounts is redundant, and advancing
this field will incur expensive account rewrites and cause discrepancy
between accounts-db and cached vote/stake accounts.
This commit adds a feature which upon activation preserves rent_epoch
field for rent exempt accounts so that the field is frozen and is no
longer advanced.
This partially reverts commit 47e62add5b.
Adding back the feature-id so that the master branch can successfully
run ledger-tool across epoch-boundary which enabled the feature.
Note that #25963 backport did not remove the feature-id.
* Adds methods based on instruction_account_index to InstructionContext.
Removes methods which are based on index_in_instruction.
* Adjusts program-runtime.
* Adjusts runtime.
* Adjusts bpf loader.
* Adjusts built-in programs.
* Adjusts program-test and bpf tests.
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority if it's a derived key for which you control the base key
* [vote_authorize_with_seed] Add test helper to create a vote account whose authorities are derived keys
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] Feature gate the `VoteInstruction::AuthorizeWithSeed` processor
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to transaction status parser
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to docs
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority (while checking that the new authority has signed) if it's a derived
key for which you control the base key
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed` to transaction status parser
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeCheckedWithSeed`
https://github.com/solana-labs/solana/pull/25744
separated durable nonce and blockhash domains, which will stop double
execution going forward. However it is possible that a durable
transaction has *already* been executed once as a normal transaction and
it is now a valid durable transaction. #25744 cannot stop such
transactions to be re-executed until the nonce accounts are advanced.
This commit adds a new nonce version indicating that the nonce is moved
out of the blockhash domain, and permanently disables durable
transactions for legacy nonces which are in the blockhash domain.
* Award one credit per dequeued vote when processing VoteStateUpdate instruction,
to match vote rewards of Vote instruction.
* Update feature pubkey to one owned by cc (ashwin)
Co-authored-by: Ashwin Sekar <ashwin@solana.com>
Previous commit separates durable nonce and blockhash domains with a
feature gate. A 2nd feature added in this commit enables durable nonce
at least one epoch after the 1st feature.
By the time 2nd feature is activated, some nonce accounts will have an
old blockhash, but no nonce account can have a recent blockhash.
As a result no transaction (durable or normal) can be executed twice.
AdvanceNonceAccount instruction updates nonce to blockhash. This makes it
possible that a durable transaction is executed twice both as a normal
transaction and a nonce transaction if it uses blockhash (as opposed to nonce)
for its recent_blockhash field.
The commit prevents this double execution by separating nonce and blockhash
domains; when advancing nonce account, blockhash is hashed with a fixed string.
As a result a blockhash cannot be a valid nonce value; and if transaction was
once executed as a normal transaction it cannot be re-executed as a durable
transaction again and vice-versa.
Packets are at the boundary of the system where, vast majority of the
time, they are received from an untrusted source. Raw indexing into the
data buffer can open attack vectors if the offsets are invalid.
Validating offsets beforehand is verbose and error prone.
The commit updates Packet::data() api to take a SliceIndex and always to
return an Option. The call-sites are so forced to explicitly handle the
case where the offsets are invalid.
Indices for code and data shreds of the same slot overlap; and so they
will have the same random number generator seed when shuffling cluster
nodes for turbine broadcast.
This results in the same propagation path for code and data shreds of
the same index and effectively smaller sample size for re-transmitter
nodes. For example a 32:32 batch (32 code + 32 data shreds), is
retransmitted through _at most_ 32 unique nodes, whereas ideally we want
~64 unique re-transmitters.
This commit adds shred-type to seed function so that code and data
sherds of the same (slot, index) will (most likely) have different
propagation paths.
Bytes past Packet.meta.size are not valid to read from.
The commit makes the buffer field private and instead provides two
methods:
* Packet::data() which returns an immutable reference to the underlying
buffer up to Packet.meta.size. The rest of the buffer is not valid to
read from.
* Packet::buffer_mut() which returns a mutable reference to the entirety
of the underlying buffer to write into. The caller is responsible to
update Packet.meta.size after writing to the buffer.
* Removes the offset InstructionContext::get_number_of_program_accounts() from InstructionAccount::index_in_caller.
* Removes unreachable SyscallError::InvalidLength in orig_data_lens.get().
* Introduces result return types to get_data_mut(), set_data() and set_data_length() of BorrowedAccount.
* Introduces result return types to set_owner(), set_lamports() and set_executable() of BorrowedAccount.
* - get prioritization fee from compute_budget instruction;
- update compute_budget::process_instruction function to take instruction iter to support sanitized versioned message;
- updated runtime.md
* update transaction fee calculation for prioritization fee rate as lamports per 10K CUs
* review changes
* fix test
* fix a bpf test
* fix bpf test
* patch feedback
* fix clippy
* fix bpf test
* feedback
* rename prioritization fee rate to compute unit price
* feedback
Co-authored-by: Justin Starry <justin@solana.com>
* zk-token-sdk: implement group ops trait for curve25519
* zk-token-sdk: extend syscall trait implementation for group ops for ristretto
* zk-token-sdk: register curve25519 group ops to bpf loader
* zk-token-sdk: update curve25519_syscall_enabled address
* zk-token-sdk: add curve25519 basic ops
* zk-token-sdk: add bpf operations for curve25519 ops
* zk-token-sdk: rebase
* zk-token-sdk: add tests for curve25519 opertions
* zk-token-sdk: rustfmt
* zk-token-sdk: organize syscalls by trait
* zk-token-sdk: organize syscalls by trait
* zk-token-sdk: cleaning up
* zk-token-sdk: rename mods
* zk-token-sdk: cargo fmt
* zk-token-sdk: fix tests for edwards and ristretto
* zk-token-sdk: add Syscall object for curve point validation
* zk-token-sdk: docs for curve syscall traits
* zk-token-sdk: fix errors from rebase
* zk-token-sdk: update Vec to slice
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* zk-token-sdk: use enum with num-derive for curve ids
* zk-token-sdk: update vec to slice
* zk-token-sdk: make curve25519 tests be deterministic
* zk-token-sdk: rebase
* token-2022: re-organizing curve point validation
* token-2022: cargo fmt
* zk-token-sdk: minor
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* stake: Allow initialized stakes to be below the min delegation
* Add PR number in feature
* Fixup RPC subscription test
* Address feedback pt 1
* Address feedback pt 2
* Update FrozenAbi Digest
* Address feedback: no new error type, more comments
Most nodes in the cluster receive the same shred from two different
nodes: parent, and the first node of their neighborhood:
https://github.com/solana-labs/solana/blob/a8c695ba5/core/src/cluster_nodes.rs#L178-L197
Because of the erasure codings, half of the shreds are already
redundant. So this redundant propagation path will only add extra
overhead.
Additionally the very first node of the broadcast tree has 2x fanout
(i.e. 400 nodes) which adds too much load at one node.
This commit simplifies the broadcast tree by dropping the redundant
propagation path and removing the 2x fanout at root node.
* Increase connection timeouts
* Bump quic connection cache to 1024
* Use constant for quic connection timeout and add warm cache service
* Fixes to QUIC warmup service
* fix check failure
* fixes after rebase
* fix timeout test
Co-authored-by: Pankaj Garg <pankaj@solana.com>
* Adds transaction_context and instruction_context where invoke_context.get_keyed_accounts() is used.
* Use instruction_context.get_instruction_data() instead of an explicit parameter.
* Removes instruction_data parameter from Executor::execute().
* Removes instruction_data parameter from ProcessInstructionWithContext.
* transaction-status: Add return data to meta
* Add return data to simulation results
* Use pretty-hex for printing return data
* Update arg name, make TransactionRecord struct
* Rename TransactionRecord -> ExecutionRecord
* support u8 slice in frozen abi digester
* use slice in account struct
* add bpf cargo lock file
* no need to pass account.data to serializer
* fix comments
* Add quic-client module to send transactions via quic, abstracted behind the TpuConnection trait (along with a legacy UDP implementation of TpuConnection) and change thin-client to use TpuConnection
* Adds get_sysvar_with_account_check2 for ABIv2.
* Replaces get_signers() and get_sysvar_with_account_check() in system_instruction_processor.
* Replaces KeyedAccount by BorrowedAccount in nonce_keyed_account.
* Moves TransactionContext::get_program_key() to InstructionContext::get_program_key().
* Removes TransactionContext::get_loader_key().
* Test full program and loader executable account chain in BPF loader.
* Moves stack_height of the instruction_trace into InstructionContext.
* Uses nesting_level instead of stack_height internally in transaction_context.rs
* Uses the instruction_trace instead of the instruction_context_stack internally.
* Adds feature gate: record_instruction_in_transaction_context_push.
* Adds BorrowedAccount::check_sysvar().
* Adds BorrowedAccount::get_data_mut().
* Implements account resizing in BorrowedAccount.
* Exposes is_signer() and is_writable() in InstructionContext.
* Removes AccountMeta and get_instruction_accounts_metas().
* Makes throwing errors in BorrowedAccount optional.
* Removes result return values from BorrowedAccount.
* Replaces from_keyed_account() by SysvarCache in stake instruction.
* Replaces from_keyed_account() by SysvarCache in system instruction processor.
* Removes from_keyed_account().
Moves check_sysvar_keyed_account() into sysvar_cache.rs
* Removes tests which test for incorrectly serialized sysvars.
* 10461 Reject close of vote accounts unless it earned no credits in the previous epoch. This is checked by comparing current epoch (from clock sysvar) with the most recent epoch with credits in vote state.
* Fixup typo
* Add new feature
* Add new TransactionError
* Add framework for checking account state before and after transaction processing
* Fail transactions that leave new rent-paying accounts
* Only check rent-state of writable tx accounts
* Review comments: combine process_result success behavior; log and metrics before feature activation
* Fix tests that assume rent-exempt accounts are okay
* Remove test no longer relevant
* Remove native/sysvar special case
* Move metrics submission to report legacy->legacy rent paying transitions as well
* Makes error handling in BorrowedAccount optional.
Adds BorrowedAccount ::get_rent_epoch().
Exposes InstructionContext::get_index_in_transaction().
Turns accounts and account_keys into pinned boxed slices.
* Introduces "unsafe" to InvokeContext::push().
* Turns &TransactionContext into &mut TransactionContext in InvokeContext.
* Push and pop InstructionContext in InvokeContext.
Makes test_process_cross_program and test_native_invoke symmetric.
Removes the borrow check from test_invoke_context_verify.
* Removes keyed_accounts from prepare_instruction()
* Removes usage of invoke_stack.
* Removes keyed_accounts from program-test.
* Removes caller_write_privileges.
* Removes keyed_accounts from BPF parameter (de-)serialization.
* Add more-legitimate conversion from legacy Transaction to SanitizedTransaction
* Add Banks method with preflight checks
* Expose BanksClient method with preflight checks
* Unwrap simulation err
* Add Bank simulation method that works on unfrozen Banks
* Add simpler api
* Better name: BanksTransactionResultWithSimulation
* Adds TransactionContext, InstructionContext and BorrowedAccount.
* Redirects the usage of accounts in InvokeContext through TransactionContext.
Also use the types declared in transaction_context.rs everywhere.
* Adjusts all affected tests.
* use cost model to limit new account creation
* handle every system instruction
* remove &
* simplify match
* simplify match
* add datapoint for account data size
* add postgres error handling
* handle accounts:unlock_accounts
* Remove dependency on `hex`
* Update lock file
* Use `debug_struct` instead of own format
* Share code, add test, and fix rent_epoch spelling
Co-authored-by: Tyera Eulberg <tyera@solana.com>
- Adds feature reject_section_virtual_address_file_offset_mismatch.
- Adds feature start_verify_shift32_imm.
- Enables enable_symbol_and_section_labels only in the rbpf-cli.
Allows the use of GPU acceleration in verifying the signatures in Entry's after deserialization in the replay stage
Co-authored-by: Stephen Akridge <sakridge@gmail.com>
Co-authored-by: Ryan Leung <ryan.leung@solana.com>
* Moves the Executor dyn Trait to instruction_processor.rs
* Moves the Logger dyn Trait as well as the ic_msg and ic_logger_msg macros to log_collector.rs,
and moves the stable_log to stable_log.rs
* Moves the ComputeMeter dyn Trait to invoke_context.rs
* Moves the InvokeContext dyn Trait and the ProcessInstructionWithContext type to invoke_context.rs
* Updates cargo files.
* Re-export InvokeContext in program-test
Co-authored-by: Jon Cinque <jon.cinque@gmail.com>
* - cache calculated transaction cost to allow sharing;
- atomic cost tracking op;
- only lock accounts for transactions eligible for current block;
- moved qos service and stats reporting to its own model;
- add cost_weight default to neutral (as 1), vote has zero weight;
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
* Update core/src/qos_service.rs
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
* Update core/src/qos_service.rs
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
Co-authored-by: Tyera Eulberg <teulberg@gmail.com>
Pankaj Garg
Alexander Meißner
Justin Starry
behzad nouri
ryleung-solana
Brooks Prumo
Jack May
Ryo Onodera
Jeff Washington (jwash)
Michael Vines
Lijun Wang
Steven Luscher
samkim-crypto
carllin
bji
HaoranYi
Tyera Eulberg
Tao Zhu
Jon Cinque
Tao Zhu
sakridge
Trent Nelson
buffalu
Will Hickey
Sean Young
Brian Anderson
Tyera Eulberg
Ashwin Sekar
fee1-dead
Kirill Fomichev
Jeff Washington (jwash)