* Enable frozen_abi on banking trace file
* Fix ci with really correct bugfix...
* Remove tracker_callers
* Fix typo...
* Fix AbiExample for Arc/Rc's Weaks
* Added comment for AbiExample impl of SystemTime
* Simplify and document EvenAsOpaque with new usage
* Minor clean-ups
* Simplify SystemTime::example() with UNIX_EPOCH...
* Add comment for AbiExample subtleties
* replace program account
* modify for all cases
* remove non-data swap
* address tests & conditional feedback
* get the rent involved
* mix in owner & executable
* feature-related cases
* stripped back to feature-specific case only
* added feature
* address initial feedback
* added more lamport checks
* condense tests
* using test_case
* add fail cases to tests
* more cleanup
* add verifiably built program
* update program account state
* cleaned up serializing logic
* use full word capitalization
* rename old & new to dst & src
* swap src and dst in parameters
* add warnings and errors
* rename feature to programify
* test suite description clarity
* remove strings from datapoints
* spell out source and destination
* more verbose comments in account replace functions
* move lamport calculation
* swap lamport check for state check
* move replace functions to helper module
* make replace_account methods fallible
* refactor error handling
* add test for source program state
* fix stake deactivation in the same epoch after redelegation bug
add tests
refactor common code into fn
avoid early return
add feature gate for the new stake redelegate behavior
move stake tests out of cli
add stake-program-test crate
reimplemnt stake test with program-test
remove stake-program-test crate
reviews
add setup.rs
remove clippy
reveiws
* reviews
* review comments
---------
Co-authored-by: HaoranYi <haoran.yi@solana.com>
* solana-program - altbn128: add g1 & g2 compression
still fixing tests for point of infinity
feat: proof compression syscall working
add rust test to ci
remove prints
added c test
added sycall pricing
* fixed ci checks
* refactored altbn128 and compression
Replaces `TransactionError::InstructionError(0, InstructionError::UnbalancedInstruction)` with `TransactionError::UnbalancedTransaction`.
Co-authored-by: Alexander Meißner <AlexanderMeissner@gmx.net>
* Add feature gate
* Add helper fn
* Require split destination to be rent-exempt if it is active
* Update cli to prefund split accounts
* cli: require rent param with sign-only
* Update tokens to prefund split accounts
* Update split tests with sysvar accounts
* Fix test_split_to_account_with_rent_exempt_reserve
* Fix test_staked_split_destination_minimum_balance
* Fix test_split_more_than_staked
* Fix test_split_minimum_stake_delegation and remove misleading StakeState::Initialized case
* Fix test_split_from_larger_sized_account
* Add test for pre-/post-activation behavior splitting some or all of stake account
* Assert active stake
* Fix runtime test
* Ignore stake-pool downstream
* Review comments
* Feature gate sysvar reads
* Processors to compile and send LoaderV4 CLI commands
* suppress unused code warning
* clippy fixes
* redeploy program using source buffer
* unify deploy and redeploy to a single function
* clippy fixes
* fixes after testing the CLI frontend
Recalculating new_warmup_cooldown_rate_epoch for each item is redundant
and wasteful and instead can be done only once outside the iterators and
for loops.
Also NewWarmupCooldownRateEpoch is unnecessary and verbose and is
removed in this commit.
* Adds a module `address_lookup_table` to the SDK.
* Adds a module `address_lookup_table::instruction` to the SDK.
* Adds a module `address_lookup_table::error` to the SDK.
* Adds a module `address_lookup_table::state` to the SDK.
* Moves AddressLookupTable into SDK as well.
* Moves AddressLookupTableAccount into address_lookup_table.
* Adds deprecation messages.
* Disentangles dependencies across cargo files.
* Fix a typo & phrasing of `bpf_loader_upgradeable` docs
Originally, I was just going to fix the typo, replacing 'the' with
'that.' But I thought that the sentence was phrased awkwardly anyway, so
I tried to correct that as well.
* Fix second typo
Co-authored-by: ripatel-fd <ripatel+git@jumptrading.com>
---------
Co-authored-by: ripatel-fd <ripatel+git@jumptrading.com>
* allow pedantic invalid cast lint
* allow lint with false-positive triggered by `test-case` crate
* nightly `fmt` correction
* adapt to rust layout changes
* remove dubious test
* Use transmute instead of pointer cast and de/ref when check_aligned is false.
* Renames clippy::integer_arithmetic to clippy::arithmetic_side_effects.
* bump rust nightly to 2023-08-25
* Upgrades Rust to 1.72.0
---------
Co-authored-by: Trent Nelson <trent@solana.com>
* Moves initialization and growth of program accounts
from "write" to "truncate" instruction in loader-v4.
* Removes the parameter payer account from the truncate instruction.
Computing Poseidon[0] hashes is too expensive to be done in a Solana
program in one transaction. Poseidon is a zero-knowlege proof friendly
hash function, used by the majority of ZK-based projects, including the
ones built on top of Solana.
This change introduces the `sol_poseidon` syscall which takes 2D byte
slice as an input and then calculates a Poseidon hash using a BN254
curve and the following Poseidon parameters:
* x^5 S-boxes
* width - 2 ≤ t ≤ 13
* inputs - 1 ≤ n ≤ 12
* 8 full rounds and partial rounds depending on t: [56, 57, 56, 60, 60,
63, 64, 63, 60, 66, 60, 65]
Computation of Poseidon hashes is done with the light-poseidon[1]
crate, which is audited[2] and compatible with Circom[3] (BN254 curve,
the same parameters and constants).
Proposed compute costs depend on number of inputs and are based on
light-poseidon benchmarks[4].
[0] https://www.poseidon-hash.info/
[1] https://crates.io/crates/light-poseidon
[2] https://github.com/Lightprotocol/light-poseidon/blob/main/assets/audit.pdf
[3] https://docs.circom.io/
[4] https://github.com/Lightprotocol/light-poseidon/tree/main#performance
* transaction_context: update make_data_mut comment
* bpf_loader: cpi: pass SerializeAccountMetadata to CallerAccount::from*
We now have a way to provide CallerAccount with trusted values coming
from our internal serialization code and not from untrusted vm space
* bpf_loader: direct_mapping: enforce account info pointers to be immutable
When direct mapping is enabled, we might need to update account data
memory regions across CPI calls. Since the only way we have to retrieve
the regions is based on their vm addresses, we enforce vm addresses to
be stable. Accounts can still be mutated and resized of course, but it
must be done in place.
This also locks all other AccountInfo pointers, since there's no legitimate
reason to make them point to anything else.
* bpf_loader: cpi: access ref_to_len_in_vm through VmValue
Direct mapping needs to translate vm values at each access since
permissions of the underlying memory might have changed.
* direct mapping: improve memory permission tracking across CPI calls
Ensure that the data and realloc regions of an account always track the
account's permissions. In order to do this, we also need to split
realloc regions in their own self contained regions, where before we
had:
[account fields][account data][account realloc + more account fields + next account fields][next account data][...]
we now have:
[account fields][account data][account realloc][more account fields + next account fields][next account data][...]
Tested in TEST_[FORBID|ALLOW]_WRITE_AFTER_OWNERSHIP_CHANGE*
Additionally when direct mapping is on, we must update all perms at once before
doing account data updates. Otherwise, updating an account might write into
another account whose perms we haven't updated yet. Tested in
TEST_FORBID_LEN_UPDATE_AFTER_OWNERSHIP_CHANGE.
* bpf_loader: serialization: address review comment don't return vm_addr from push_account_region
* bpf_loader: rename push_account_region to push_account_data_region
* cpi: fix slow edge case zeroing extra account capacity after shrinking an account
When returning from CPI we need to zero all the account memory up to the
original length only if we know we're potentially dealing with uninitialized
memory.
When we know that the spare capacity has deterministic content, we only need to
zero new_len..prev_len.
This fixes a slow edge case that was triggerable by the following scenario:
- load a large account (say 10MB) into the vm
- shrink to 10 bytes - would memset 10..10MB
- shrink to 9 bytes - would memset 9..10MB
- shrink to 8 bytes - would memset 8..10MB
- ...
Now instead in the scenario above the following will happen:
- load a large account (say 10MB) into the vm
- shrink to 10 bytes - memsets 10..10MB
- shrink to 9 bytes - memsets 9..10
- shrink to 8 bytes - memset 8..9
- ...
* bpf_loader: add account_data_region_memory_state helper
Shared between serialization and CPI to figure out the MemoryState of an
account.
* cpi: direct_mapping: error out if ref_to_len_in_vm points to account memory
If ref_to_len_in_vm is allowed to be in account memory, calles could mutate it,
essentially letting callees directly mutate callers memory.
* bpf_loader: direct_mapping: map AccessViolation -> InstructionError
Return the proper ReadonlyDataModified / ExecutableDataModified /
ExternalAccountDataModified depending on where the violation occurs
* bpf_loader: cpi: remove unnecessary infallible slice::get call
* dereplicode address alignment check
* Uses `checked_div` and `checked_rem` in built-in loaders.
* Uses `checked_div` and `checked_rem`.
* sdk: replace sub() with saturating_sub()
* eliminate `String` "arithmetic"
* allow arithmetic side-effects in tests and benches and on types we don't control
---------
Co-authored-by: Trent Nelson <trent@solana.com>
Bank::get_leader_schedule_epoch returns: 1 + EpochSchedule::get_epoch.
As a result, at the epoch boundaries when the propagated shred is from
the next epoch, we are looking for epoch stakes for 2 epochs ahead of
the root or working bank's epoch.
However, the bank structure only contains epoch stakes for one epoch
ahead. This results in shreds propagated at epoch boundary having
unknown epoch stakes.
* sdk: Add concurrent support for rand 0.7 and 0.8
* Update rand, rand_chacha, and getrandom versions
* Run command to replace `gen_range`
Run `git grep -l gen_range | xargs sed -i'' -e 's/gen_range(\(\S*\), /gen_range(\1../'
* sdk: Fix users of older `gen_range`
* Replace `hash::new_rand` with `hash::new_with_thread_rng`
Run:
```
git grep -l hash::new_rand | xargs sed -i'' -e 's/hash::new_rand([^)]*/hash::new_with_thread_rng(/'
```
* perf: Use `Keypair::new()` instead of `generate`
* Use older rand version in zk-token-sdk
* program-runtime: Inline random key generation
* bloom: Fix clippy warnings in tests
* streamer: Scope rng usage correctly
* perf: Fix clippy warning
* accounts-db: Map to char to generate a random string
* Remove `from_secret_key_bytes`, it's just `keypair_from_seed`
* ledger: Generate keypairs by hand
* ed25519-tests: Use new rand
* runtime: Use new rand in all tests
* gossip: Clean up clippy and inline keypair generators
* core: Inline keypair generation for tests
* Push sbf lockfile change
* sdk: Sort dependencies correctly
* Remove `hash::new_with_thread_rng`, use `Hash::new_unique()`
* Use Keypair::new where chacha isn't used
* sdk: Fix build by marking rand 0.7 optional
* Hardcode secret key length, add static assertion
* Unify `getrandom` crate usage to fix linking errors
* bloom: Fix tests that require a random hash
* Remove some dependencies, try to unify others
* Remove unnecessary uses of rand and rand_core
* Update lockfiles
* Add back some dependencies to reduce rebuilds
* Increase max rebuilds from 14 to 15
* frozen-abi: Remove `getrandom`
* Bump rebuilds to 17
* Remove getrandom from zk-token-proof
Alexander Meißner
Ryo Onodera
Sammy Harris
Joe C
Andrew Fitzgerald
Will Hickey
ch9xy
Yihau Chen
HaoranYi
samkim-crypto
ananas-block
Trent Nelson
Tyera
Kevin Heavey
Pankaj Garg
Brooks
behzad nouri
Christian Kamm
bji
Alessandro Decina
Proph3t
vadorovsky
Jon Cinque
steviez
Lijun Wang