* keygen: add --use-derivation-path for new & grind
* keygen: add prompt:// uri scheme to new and grind
* fmt
* migrate to clap-v3-utils
* Revert "migrate to clap-v3-utils"
This reverts commit 77f33262ce6c4e95ac1cc62cca32749516f7f357.
* Revert "fmt"
This reverts commit 038cd4ce9628c57dec1f5a4716e2c5baacbe57b3.
* Revert "keygen: add prompt:// uri scheme to new and grind"
This reverts commit 029ea61409a1a16ba2c45483ade2c01f84f25fac.
* - remove `use` from arg
- fix issue from first commit with default value for derivation path
- refactor arg definition and acquiring
* Lets instruction_accounts_lamport_sum() have the &InstructionContext as parameter directly.
* Updates docu comments.
* Uses accessors methods instead of accessing private properties of other structs.
* Adds #![deny(clippy::indexing_slicing)].
* Has get_signers() return a Result instead of using unwrap().
* Removes InvokeContext::get_key_of_account_at_index().
* Replaces InstructionContext::new() by InstructionContext::configure().
Adds TransactionContext::get_next_instruction_context().
* Switch back to using references as parameters.
* Hoists InstructionContext::configure() from TransactionContext::push() into InvokeContext::push().
* Moves InstructionContext::config() to the beginning of InvokeContext::push().
* Hoists InstructionContext::configure() from InvokeContext::push() into InvokeContext::process_instruction().
* Review feedback: Updates docu comments.
* Marks methods and structs which are only to be used by the program runtime.
* Removes TransactionContext::get_keys_of_accounts().
* Adds InstructionContext::get_instruction_accounts_lamport_sum().
* Add a SanitizedMessage type that caches writable accounts indexes
* Add is_writable_account_cache to both SanitizedMessage variants, cache is initialized in constructors
* Check overflow on vote tx compaction boundary
Check for overflow during the conversion between VoteStateUpdate and
CompactVoteStateUpdate.
* Try removing clippy supress
* Relax authority signer check for lookup table creation
* cli: support creating lookup tables without authority signer
* add another create lookup table ix function
* improve help message
* Flattens TransactionContext::instruction_trace.
* Stop the search at transaction level.
* Renames get_instruction_context_at => get_instruction_context_at_nesting_level.
* Removes TransactionContext::get_instruction_trace().
Adds TransactionContext::get_instruction_trace_length() and TransactionContext::get_instruction_context_at_index().
* Have TransactionContext::instruction_accounts_lamport_sum() accept an iterator instead of a slice.
* Removes instruction_trace from ExecutionRecord.
* make InstructionContext::new() private
* Adds the feature disable_cpi_setting_executable_and_rent_epoch.
* Adds the feature gate for disable_cpi_setting_executable_and_rent_epoch.
* Removes TEST_EXECUTABLE_LAMPORTS.
* Test that is_executable and rent_epoch are ignored.
This change sets the receive_window for non-staked node to 1 * PACKET_DATA_SIZE, and maps the staked nodes's connection's receive_window between 1.2 * PACKET_DATA_SIZE to 10 * PACKET_DATA_SIZE based on the stakes.
The changes is based on Quinn library change to support per connection receive_window tweak at the server side. quinn-rs/quinn#1393
* Add API docs for secp256k1_instruction and secp256k1_recover
* typo
* Remove unused variable from secp256k1 program test
* Bump solana_bpf_rust_secp256k1_recover ix count
Co-authored-by: Tyera Eulberg <tyera@solana.com>
* Keypair: implement clone()
This was not implemented upstream in ed25519-dalek to force everyone to
think twice before creating another copy of a potentially sensitive
private key in memory.
See https://github.com/dalek-cryptography/ed25519-dalek/issues/76
However, there are now 9 instances of
Keypair::from_bytes(&keypair.to_bytes())
in the solana codebase and it would be preferable to have a function.
In particular since this also comes up when writing programs and can
cause users to either start messing with lifetimes or discover the
from_bytes() workaround themselves.
This patch opts to not implement the Clone trait. This avoids automatic
use in order to preserve some of the original "let developers think
twice about this" intention.
* Use Keypair::clone
* Concurrent replay slots
* Split out concurrent and single bank replay paths
* Sub function processing of replay results for readability
* Add feature switch for concurrent replay
https://github.com/solana-labs/solana/pull/22292
prevents rent paying accounts creation going forward. However a rent
paying account can linger on for ever if it is continually topped up but
stays below the rent-exempt minimum.
This can prevent eliminating accounts-rewrites and the problematic
rent_epoch field in accounts.
Link to discord discussion:
https://discord.com/channels/428295358100013066/943609352068145162/995202300001927219
This commit restricts rent-paying accounts lifetime extension by
preventing increasing lamports on the account if the account stays below
the rent-exempt minimum.
* Adjusts test cases for stricter requirements.
* Removes account reset in deserialization test.
* Removes verify related test cases.
* Replicates account modification verification logic of PreAccount in BorrowedAccount.
* Adds TransactionContext::account_touched_flags.
* Adds account modification verification to the BPF ABIv0 and ABIv1 deserialization, CPI syscall and program-test.
* Replicates the total sum of all lamports verification of PreAccounts in InstructionContext
* Check that the callers instruction balance is maintained during a call / push.
* Replicates PreAccount statistics in TransactionContext.
* Disable verify() and verify_and_update() if the feature enable_early_verification_of_account_modifications is enabled.
* Moves Option<Rent> of enable_early_verification_of_account_modifications into TransactionContext::new().
* Relaxes AccountDataMeter related test cases.
* Don't touch the account if nothing changes.
* Adds two tests to trigger InstructionError::UnbalancedInstruction.
Co-authored-by: Justin Starry <justin@solana.com>
* Allow extending upgradeable program data account length
* Add is_writable check
* Fix cargo version
* System program fix, comment, and test
* Switch to u32 for serialized bytes value in ix
https://github.com/solana-labs/solana/pull/22292
prevents rent paying account creation going forward. As a result
rent_epoch field for rent exempt accounts is redundant, and advancing
this field will incur expensive account rewrites and cause discrepancy
between accounts-db and cached vote/stake accounts.
This commit adds a feature which upon activation preserves rent_epoch
field for rent exempt accounts so that the field is frozen and is no
longer advanced.
Indirect dependency packages introduce variations in features of other
dependencies, which affect the fingerprints of previously built
packages such as solana-program and cause redundant rebuilds of
affected packages. These changes specify several features in
dependencies specifications explicitly to a common set of
features. The result of such consolidation is improved re-usability of
previously built binary packages across programs/bpf/rust/ packages
when these packages are built in CI jobs.
Follow up commit removes feature gate code separating durable nonce from
blockhash domain. This commit allows to encapsulate any logic
distinguishing legacy vs current nonce versions in the nonce module
after removing the feature gate.
This partially reverts commit 47e62add5b.
Adding back the feature-id so that the master branch can successfully
run ledger-tool across epoch-boundary which enabled the feature.
Note that #25963 backport did not remove the feature-id.
* Adds methods based on instruction_account_index to InstructionContext.
Removes methods which are based on index_in_instruction.
* Adjusts program-runtime.
* Adjusts runtime.
* Adjusts bpf loader.
* Adjusts built-in programs.
* Adjusts program-test and bpf tests.
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority if it's a derived key for which you control the base key
* [vote_authorize_with_seed] Add test helper to create a vote account whose authorities are derived keys
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] Feature gate the `VoteInstruction::AuthorizeWithSeed` processor
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to transaction status parser
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to docs
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority (while checking that the new authority has signed) if it's a derived
key for which you control the base key
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed` to transaction status parser
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeCheckedWithSeed`
https://github.com/solana-labs/solana/pull/25788
permanently disables durable transactions with legacy nonce versions
which are within chain blockhash domain.
This commit adds a new system instruction for a one-time idempotent
upgrade of legacy nonce accounts in order to bump them out of chain
blockhash domain.
https://github.com/solana-labs/solana/pull/25744
separated durable nonce and blockhash domains, which will stop double
execution going forward. However it is possible that a durable
transaction has *already* been executed once as a normal transaction and
it is now a valid durable transaction. #25744 cannot stop such
transactions to be re-executed until the nonce accounts are advanced.
This commit adds a new nonce version indicating that the nonce is moved
out of the blockhash domain, and permanently disables durable
transactions for legacy nonces which are in the blockhash domain.
Usernames and other environment specific information can be revealed
in on-chain program binary files that compiler generates, because it
includes paths to source files as strings in the binary files. The
added option instructs the compiler to strip the path parts up to
and including crate root subdirectory from the path strings added to
the generated binary files.
* Award one credit per dequeued vote when processing VoteStateUpdate instruction,
to match vote rewards of Vote instruction.
* Update feature pubkey to one owned by cc (ashwin)
Co-authored-by: Ashwin Sekar <ashwin@solana.com>
Previous commit separates durable nonce and blockhash domains with a
feature gate. A 2nd feature added in this commit enables durable nonce
at least one epoch after the 1st feature.
By the time 2nd feature is activated, some nonce accounts will have an
old blockhash, but no nonce account can have a recent blockhash.
As a result no transaction (durable or normal) can be executed twice.
AdvanceNonceAccount instruction updates nonce to blockhash. This makes it
possible that a durable transaction is executed twice both as a normal
transaction and a nonce transaction if it uses blockhash (as opposed to nonce)
for its recent_blockhash field.
The commit prevents this double execution by separating nonce and blockhash
domains; when advancing nonce account, blockhash is hashed with a fixed string.
As a result a blockhash cannot be a valid nonce value; and if transaction was
once executed as a normal transaction it cannot be re-executed as a durable
transaction again and vice-versa.
Packets are at the boundary of the system where, vast majority of the
time, they are received from an untrusted source. Raw indexing into the
data buffer can open attack vectors if the offsets are invalid.
Validating offsets beforehand is verbose and error prone.
The commit updates Packet::data() api to take a SliceIndex and always to
return an Option. The call-sites are so forced to explicitly handle the
case where the offsets are invalid.
Move all syscall declarations under solana_program::syscalls. If the target
supports static syscalls (sbfv2), then actually define them statically to avoid
dynamic relocations.
Indices for code and data shreds of the same slot overlap; and so they
will have the same random number generator seed when shuffling cluster
nodes for turbine broadcast.
This results in the same propagation path for code and data shreds of
the same index and effectively smaller sample size for re-transmitter
nodes. For example a 32:32 batch (32 code + 32 data shreds), is
retransmitted through _at most_ 32 unique nodes, whereas ideally we want
~64 unique re-transmitters.
This commit adds shred-type to seed function so that code and data
sherds of the same (slot, index) will (most likely) have different
propagation paths.
Bytes past Packet.meta.size are not valid to read from.
The commit makes the buffer field private and instead provides two
methods:
* Packet::data() which returns an immutable reference to the underlying
buffer up to Packet.meta.size. The rest of the buffer is not valid to
read from.
* Packet::buffer_mut() which returns a mutable reference to the entirety
of the underlying buffer to write into. The caller is responsible to
update Packet.meta.size after writing to the buffer.
* Removes the offset InstructionContext::get_number_of_program_accounts() from InstructionAccount::index_in_caller.
* Removes unreachable SyscallError::InvalidLength in orig_data_lens.get().
* Introduces result return types to get_data_mut(), set_data() and set_data_length() of BorrowedAccount.
* Introduces result return types to set_owner(), set_lamports() and set_executable() of BorrowedAccount.
* - get prioritization fee from compute_budget instruction;
- update compute_budget::process_instruction function to take instruction iter to support sanitized versioned message;
- updated runtime.md
* update transaction fee calculation for prioritization fee rate as lamports per 10K CUs
* review changes
* fix test
* fix a bpf test
* fix bpf test
* patch feedback
* fix clippy
* fix bpf test
* feedback
* rename prioritization fee rate to compute unit price
* feedback
Co-authored-by: Justin Starry <justin@solana.com>
* zk-token-sdk: implement group ops trait for curve25519
* zk-token-sdk: extend syscall trait implementation for group ops for ristretto
* zk-token-sdk: register curve25519 group ops to bpf loader
* zk-token-sdk: update curve25519_syscall_enabled address
* zk-token-sdk: add curve25519 basic ops
* zk-token-sdk: add bpf operations for curve25519 ops
* zk-token-sdk: rebase
* zk-token-sdk: add tests for curve25519 opertions
* zk-token-sdk: rustfmt
* zk-token-sdk: organize syscalls by trait
* zk-token-sdk: organize syscalls by trait
* zk-token-sdk: cleaning up
* zk-token-sdk: rename mods
* zk-token-sdk: cargo fmt
* zk-token-sdk: fix tests for edwards and ristretto
* zk-token-sdk: add Syscall object for curve point validation
* zk-token-sdk: docs for curve syscall traits
* zk-token-sdk: fix errors from rebase
* zk-token-sdk: update Vec to slice
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* zk-token-sdk: use enum with num-derive for curve ids
* zk-token-sdk: update vec to slice
* zk-token-sdk: make curve25519 tests be deterministic
* zk-token-sdk: rebase
* token-2022: re-organizing curve point validation
* token-2022: cargo fmt
* zk-token-sdk: minor
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* Move a computation to where it's actually needed in is_writable(), which speeds up the code.
* Simplified a bool expr, even though it's a little less clear now
* Reorganize to make demote_program_id explicit again
* Remove the unnecessary let; replace it with a comment
* try different comment style
* Used cargo fmt that time
* Made demote_program_id its own function, for clarity
* stake: Allow initialized stakes to be below the min delegation
* Add PR number in feature
* Fixup RPC subscription test
* Address feedback pt 1
* Address feedback pt 2
* Update FrozenAbi Digest
* Address feedback: no new error type, more comments
bincode::serialized_sized requires constructing a temporary object and
it is slow. Silently changing serialized size of these structs can also
be a backward incompatible change.
This commit instead hard-codes serialized size of VoteState, Feature and
Nonce, and defines the functions as const. Added tests verify hard-coded
values.
Most nodes in the cluster receive the same shred from two different
nodes: parent, and the first node of their neighborhood:
https://github.com/solana-labs/solana/blob/a8c695ba5/core/src/cluster_nodes.rs#L178-L197
Because of the erasure codings, half of the shreds are already
redundant. So this redundant propagation path will only add extra
overhead.
Additionally the very first node of the broadcast tree has 2x fanout
(i.e. 400 nodes) which adds too much load at one node.
This commit simplifies the broadcast tree by dropping the redundant
propagation path and removing the 2x fanout at root node.
* Increase connection timeouts
* Bump quic connection cache to 1024
* Use constant for quic connection timeout and add warm cache service
* Fixes to QUIC warmup service
* fix check failure
* fixes after rebase
* fix timeout test
Co-authored-by: Pankaj Garg <pankaj@solana.com>
- Tweak linker script
Ensure that all read only sections end up in one segment, and
everything else in other segments. Discard .eh_frame, .hash and
.gnu.hash since they are unused.
- Don't create invalid string slices in stdout/stderr on Solana
- Report exceeded stack size as a warning if dynamic frames are off
- Native support for signed division in SBF
Adds BPF_SDIV, which is enabled only for the SBF subtarget.
- Introduce dynamic stack frames and the SBFv2 flag
Dynamic stack frames are currently opt-in and enabled setting
cpu=sbfv2. When sbfv2 is used, ELF files are flagged with
e_flags=EF_SBF_V2 so the runtime can detect it and react
accordingly.
* Adds transaction_context and instruction_context where invoke_context.get_keyed_accounts() is used.
* Use instruction_context.get_instruction_data() instead of an explicit parameter.
* Removes instruction_data parameter from Executor::execute().
* Removes instruction_data parameter from ProcessInstructionWithContext.
dependabot[bot]
Brian Anderson
DimAn
Brooks Prumo
Alexander Meißner
Florian Hartwig
Brennan Watt
Justin Starry
Yihau Chen
Tao Zhu
Tyera Eulberg
carllin
Ashwin Sekar
leonardkulms
Jon Cinque
Dmitri Makarov
Jeff Biseda
Michael Vines
Lijun Wang
Justin Malčić
Will Hickey
Christian Kamm
Richard Patel
github-actions[bot]
apfitzge
Jeff Washington (jwash)
Richard Patel
Pankaj Garg
behzad nouri
bji
Alessandro Decina
ryleung-solana
Jack May
samkim-crypto
Ryo Onodera
Steven Luscher
steviez
HaoranYi
Justin Starry
Jason
Caio
Tao Zhu
arusso-certik
sakridge
Ikko Ashimine
ignassew