* Fix C headers (the name of the syscall was incorrect).
* Add C SBF tests using the alt_bn128 syscall.
* Fix the Rust SBF program:
* Do not use serde and array-bytes, provide test cases as byte arrays
directly.
* Use the `custom_heap_default` macro.
* Replace `bpf` with `sbf` in the crate name.
* Execute both previously existing Rust tests and new C tests in
`programs/sbf/tests`, so they are actually tested on CI.
* AccountSharedData: make data_mut() private
This ensures that the inner Vec is never handed out. This is in
preparation of enforcing that the capacity of the inner vec never
shrinks, which is required for direct mapping.
* Adds the feature bpf_account_data_direct_mapping.
* Remaps EbpfError::AccessViolation into InstructionError::ReadonlyDataModified.
* WIP: Memory regions for each instruction account in create_vm().
* Fix serialization benches, run both copy and !copy variants
* rbpf-cli: fix build
* BorrowedAccount: ensure that account capacity is never reduced
Accounts can be directly mapped in address space. Their capacity can't
be reduced mid transaction as that would create holes in vm address
space that point to invalid host memory.
* bpf_load: run serialization tests for both copy and !copy account data
* bpf_loader: add Serializer::write_account
* fix lints
* BorrowedAccount: make_data_mut is host only
* Fix unused import warning
* Fix lints
* cpi: add explicit direct_mapping arg to update_(callee|caller)_account
* cpi: rename account_data_or_only_realloc_padding to serialized_data
* cpi: add CallerAccount::original_data_len comment
* cpi: add update_callee_account direct_mapping test
* cpi: add test_update_caller_account_data_direct_mapping and fix bug
We used to have a bug in zeroing data when shrinking account, where we zeroed
the spare account capacity but not the realloc padding.
* cpi: add tests for mutated readonly accounts
* cpi: update_caller_account doesn't need to change .serialized_data when direct_mapping is on
* cpi: update_caller_account: ensure that account capacity is always enough
Introduce a better way to ensure that account capacity never goes below what
might be mapped in memory regions.
* cpi: zero account capacity using the newly introduced BorrowedAccount::spare_data_capacity_mut()
Before we were using BorrowedAccount::get_data_mut() to get the base pointer to
the account data, then we were slicing the spare capacity from it. Calling
get_data_mut() doesn't work if an account has been closed tho, since the
current program doesn't own the account anymore and therefore get_data_mut()
errors out.
* bpf_loader: fix same lint for the umpteenth time
* bpf_loader: map AccessViolation to ReadonlyDataModified only for account region violations
* programs/sbf: realloc: add test for large write after realloc
Add a test that after a realloc does a large write that spans the
original account length and the realloc area. This ensures that memory
mapping works correctly across the boundary.
* programs/sbf: run test_program_sbf_realloc with both direct_mapping on and off
By default test banks test with all features on. This ensures we keep
testing the existing code until the new feature is enabled.
* bpf_loader: tweak memcmp syscall
Split the actual memcmp code in a separate function. Remove check
indexing the slices since the slices are guaranteed to have the correct
length by construction.
* bpf_loader: tweak the memset syscall
Use slice::fill, which is effectively memset.
* bpf_loader: syscalls: update mem syscalls to work with non contiguous memory
With direct mapping enabled, accounts can now span multiple memory
regions.
* fix lint, rebase mem_ops
* Implement CoW for writable accounts
* Fix CI
* Move CoW to the MemoryMapping level
* Update after rbpf API change
* Fix merge screwup
* Add create_vm macro. Fix benches.
* cpi: simplify update_caller_account
Simplify the logic to update a caller's memory region when a callee
causes an account data pointer to change (eg during CoW)
* benches/bpf_loader: move serialization out of create_vm bench
* benches/bpf_loader: don't copy accounts when direct mapping is on
* Fix review nits
* bpf_loader: mem_ops: handle u64 overflow in MemoryChunkIterator::new
When starting at u64::MAX, the chunk iterator would always return the
empty sequence (None on the first next()) call, instead of returning a
memory access violation.
Use checked instead of saturating arithmetic to detect the condition and
error out.
This commit also adds more tests around boundary conditions.
* Fix loader-v3 tests: data_mut => data_as_mut_slice
* Fix CI
* bpf_loader: fix tuner bench: account must be writable
With direct mapping on, invalid writes are caught early meaning the
tuner would fail on the first store and not consume the whole budget
like the benchmark expects.
---------
Co-authored-by: Alexander Meißner <AlexanderMeissner@gmx.net>
* Moves the registration of bpf_loader built-ins from the ledger into the runtime.
* Removes bpf_loader built-ins registration in tests and benchmarks.
* Removes declare_builtin!() of bpf_loader built-ins.
* Removes built-ins from the SDK.
* Adjusts tests.
* Uses declare_process_instruction!() in all tests.
* Adds post_adjustments to mock_process_instruction().
Removes "solana_sbf_rust_external_spend" from assert_instruction_count() as it panics.
* Moves stable_log::program_invoke(), stable_log::program_success() and stable_log::program_failure() calls from bpf_loader into InvokeContext::process_executable_chain().
* Turns result of ProcessInstructionWithContext from InstructionError into Box<dyn std::error::Error>.
* Bump to solana_rbpf v0.3.0
* Removes Result from return type of EbpfVm::new().
* Turns EbpfError into Box<dyn std::error::Error>.
* Removes BpfError.
* Removes SyscallError::InstructionError.
* Adds a type alias for Box<dyn std::error::Error> in syscalls.
* add feature gate
* builtins consume statically defined units at beginning of process_instruction()
* Add new instructionError; return error if builtin did not consume units to enforce builtin to consume units;
* updated related tests
* updated ProgramTest with deactivated native_programs_consume_cu feature to continue support existing mock/test programs that do not consume units
* include loaded accounts data size limit in transaction base fee calculation
* citing compute_budget for heap cost;
* update sbf tests
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* add default_cost as mandatory field for Builtin
* updated tests
* set zkp program default to VerifyTransfer CUs
---------
Co-authored-by: Jon Cinque <joncinque@pm.me>
* Use three separate HashMaps instead of the enum TxBankExecutorCacheDiff.
* Replaces all places which deploy programs by a macro.
* Adds a feature gate.
* Adjust tests.
* Makes undeployment visible immediately.
* Added support of consumed BPF units tracing
* Fixed "Inconsistent trace log stack" when logging units before first instruction trace
* Rewrote the solution in order to reuse `trace_log_stack` and check whether tracing is enabled
* Instruction tracing is disabled by default
* Fixed bug with mishmash of traces from different programs in single log
* Transformed instructions trace log into the stack of (sub)programs' trace logs
Unifies test_program_sbf_upgrade_and_invoke_in_same_tx() and test_program_sbf_upgrade_self_via_cpi() into test_program_sbf_invoke_in_same_tx_as_redeployment().
Adds test_program_sbf_invoke_in_same_tx_as_deployment() and test_program_sbf_invoke_in_same_tx_as_undeployment().
* Moves all the common code of tests and benches into loader utils.
* Removes write_sbf_program().
* Removes ignored test: test_program_sbf_test_use_latest_executor2().
* Bump sbf-tools to v1.32
This version of sbf-tools is based on Rust 1.65.0 and LLVM 15.0.
* Temporary ignore build-sbf tests until issue with buildkite cache resolved
* Registers the feature enable_program_redeployment_cooldown.
* Adds redeployment slot constraint.
* Adds test to assert that closed programs can not be reopened.
* Ensure that program close truncates the account data.
* Adds set_sysvar_for_tests() to SBF program tests.
* Bumps solana_rbpf to v0.2.36
* Removes ThisInstructionMeter.
* Removes one "unsafe" expression.
* Removes redundant call to solana_rbpf:🧝:register_bpf_function().
* Adjusts SyscallFunction and SyscallRegistry.
* Inlines ProgramEnvironment into EbpfVm.
* Refactors trait SyscallConsume into fn consume_compute_meter().
* Inlines ComputeMeter into InvokeContext.
* Removes solana-metrics dependency from bpf_loader.
* Replaces RBPF tracer functionality by the debugger.
* Take compute_units_consumed from execute_program().
* Merges execute_program_interpreted() and execute_program_jit().
- Add new compute-budget instruction to set transaction-wide accounts data size limit
- Set default accounts data limit to 10MB, and max to 100MB, per transaction;
- Add getters to make changing default and/or max values easier in the future with feature gates;
- added error counter for transactions exceed data size limit
* Moves disable_deploy_of_alloc_free_syscall parameter inside create_executor().
* Lets register_syscalls() take &FeatureSet only instead of the entire InvokeContext.
* Uses ic_logger_msg!() instead of ic_msg!() inside create_executor().
Inlines map_ebpf_error().
* Adds register_syscalls_us to executor_metrics::CreateMetrics.
* Moves timings accumulation into executor_metrics::CreateMetrics::submit_datapoint().
* Moves &invoke_context.feature_set into a variable.
* Lets create_executor() return executor_metrics::CreateMetrics via a mutable parameter.
* Dissolves invoke_context parameter in create_executor().
* Pulls assignment of create_executor_metrics.program_id outside of create_executor().
* Makes create_executor() take a byte slice instead of a BorrowedAccount.
* Adds create_executor_from_account().