SIMD-0164: ExtendProgramChecked loader-v3 instruction
#164
Conversation
| stable), thus a new instruction needs to be added, similar to `SetAuthority` | ||
| and `SetAuthorityChecked`. | ||
|
|
||
| Adds `ExtendProgramChecked` which is exactly the same as `ExtendProgram`, |
There was a problem hiding this comment.
Could we describe:
- The discriminant of the new instruction.
- The data structure of the new instruction.
- What the new instruction will do - does it just call the
ExtendProgramlogic?
I know it's identical to ExtendProgram with some extra checks, but SIMD's should be able to be implemented without looking at the Agave source code.
There was a problem hiding this comment.
I added a description of the interface of the new instruction. However, as we don't have a complete specification defining the exact behavior of the entire instruction is out-of-scope for this PR, in my opinion. I will gladly do so for the upcoming loader-v4 as that is more symmetric.
Lichtso
force-pushed
the
extend-program-checked
branch
from
2d1a5ef to
419fe82
Compare
Lichtso
force-pushed
the
extend-program-checked
branch
from
419fe82 to
2870ad5
Compare
There was a problem hiding this comment.
This proposal looks good to me. I'm just a bit hung up on the new instruction's name.
We use the *Checked suffix across programs in SPL to typically imply that there's some kind of check being applied on the account data. Since the original ExtendProgram does this already (finalized check), naming the new one ExtendProgramChecked implies that there's been an additive check to the program's account data. However, this is not the case. It expects a signature now.
Is it possible to just change the instruction itself, since the feature gate you've proposed would disable the old one and enable the new one? Specifically, can't we add a feature gate to ExtendProgram that, once activated, requires this signer and performs the check?
This would be akin to the reverse of the Relax Authority feature gate for the Lookup Table builtin.
|
We can't modify / add stuff to existing instructions. That would break block explorer instruction parsing and the CLI tools. The reason the new instruction is named |
Hm, okay - if we definitely need to do a new instruction and you've already used the |
|
The SIMD looks good to me. |
There was a problem hiding this comment.
Note that for tools like multisigs (squads, etc) and DAOs (realms, etc), this constitutes a breaking change, since the upgrade authority is typically a PDA, and those programs give limited control over what instructions they will sign with the DAO / multisig's PDA.
Before, it was very easy to just increase the size of the program permissionlessly if needed on a new deployment, and stick with the old process for upgrading the program. With this change, they'll need to check the size and optionally add the new instruction to extend whenever needed.
As another option, is it possible to simply add a lower bound for the extension? For example, just require that a program must be extended by at least 10k bytes.
|
We will concentrate our efforts on loader-v4 (and migrating loader-v3 programs to it). That combined with the concerns raised here made me retract this proposal. |
No description provided.