Skip adding builtins if they will be removed #23233
Conversation
jstarry
force-pushed
the
fix-builtin-deactivation
branch
from
a525b16 to
9efe5c1
Compare
ci/test-checks.sh
Outdated
| @@ -44,6 +44,8 @@ echo --- build environment | |||
| export RUST_BACKTRACE=1 | |||
| export RUSTFLAGS="-D warnings -A incomplete_features" | |||
|
|
|||
| _ "$cargo" stable clean | |||
There was a problem hiding this comment.
is this intended to be included in this pr? i think this increase the build time sometimes needlessly by removing the build cache too much?
There was a problem hiding this comment.
It was my only way to get past a compiler issue on CI. I will remove before merging. I mentioned it in #devops on Discord as well
|
Oops I still need to fix the Abi changes. But the logic of the PR should still be reviewable in its current form |
runtime/src/builtins.rs
Outdated
| RemoveOrRetain { | ||
| previous_builtin: Builtin, | ||
| removal_feature_id: Pubkey, | ||
| }, |
There was a problem hiding this comment.
nits: how about commenting about the lack of the obvious Remove like this?:
// historically, we had Remove to fully remove a builtin. however there's no use case for now. restore it if needed.
There was a problem hiding this comment.
In case you didn't see this from the linked issue. This is why we need the remove and retain:
- For v1.8 compatibility, we need to be able to keep adding a builtin until a feature is activated.
- For v1.9 compatibility, we need to avoid adding a builtin if a feature is already activated.
There was a problem hiding this comment.
also, I'm omitting Replace as it's really useless now. That's because builtins now has access to feature_set. Replace was relic before the widespread use of feature activation mechanism...
There was a problem hiding this comment.
lastly, i wonder when Remove would be needed in the (distant) future. so, I'm just saying leaving a comment would be just enough to work as a pointer to this pr in the future.
There was a problem hiding this comment.
Yes, that's exactly why I removed Replace. Relic of the past and not useful anymore.
There was a problem hiding this comment.
Great yeah I will add a comment, I agree it probably won't be needed in the future
runtime/src/builtins.rs
Outdated
| feature_id: Pubkey, | ||
| }, | ||
| /// Remove a builtin program if a feature is activated or | ||
| /// retain a previously added builtin. |
There was a problem hiding this comment.
nit: /// Specifically, this is needed for rather the exceptional builtin -> precompile transition feature
| }; | ||
|
|
||
| #[test] | ||
| fn test_startup_from_snapshot_after_precompile_transition() { |
There was a problem hiding this comment.
thanks for writing this. yeah, feature activation needs more test coverage...
runtime/src/builtins.rs
Outdated
| ActivationType::NewProgram, | ||
| ), | ||
| feature_id: feature_set::add_compute_budget_program::id(), | ||
| }, | ||
| // TODO when feature `prevent_calling_precompiles_as_programs` is |
There was a problem hiding this comment.
These comments can be removed
|
Looks good @jstarry thanks! On main and devnet all existing builtin and precompile accounts are owned by the native loader. I added a change to this pr to keep that consistency. Also added a few nits |
jackcmay
force-pushed
the
fix-builtin-deactivation
branch
from
3578333 to
63d1c3e
Compare
runtime/src/builtins.rs
Outdated
| @@ -51,63 +51,6 @@ macro_rules! with_program_logging { | |||
| }; | |||
| } | |||
|
|
|||
| /// State transition enum used for adding and removing builtin programs through | |||
There was a problem hiding this comment.
This block and the next are purely cosmetic, right? Hard to follow major cosmetics in a functional change set
|
Cool, I would prefer the owner fix to be separate but looks safe |
jackcmay
force-pushed
the
fix-builtin-deactivation
branch
from
63d1c3e to
bd40fa4
Compare
mergify
bot
dismissed
t-nelson’s stale review
Pull request has been modified.
jackcmay
force-pushed
the
fix-builtin-deactivation
branch
from
8a93aea to
1a91f9e
Compare
Codecov Report
@@ Coverage Diff @@
## master #23233 +/- ##
=========================================
- Coverage 81.3% 81.3% -0.1%
=========================================
Files 570 571 +1
Lines 155438 155451 +13
=========================================
+ Hits 126452 126454 +2
- Misses 28986 28997 +11 |
|
let's go? |
* Add failing test for precompile transition * Skip adding builtins if they will be removed * cargo clean * nits * fix abi check * remove workaround Co-authored-by: Jack May <[email protected]> (cherry picked from commit 1719d23) # Conflicts: # runtime/src/bank.rs # runtime/src/builtins.rs
* Skip adding builtins if they will be removed (#23233) * Add failing test for precompile transition * Skip adding builtins if they will be removed * cargo clean * nits * fix abi check * remove workaround Co-authored-by: Jack May <[email protected]> (cherry picked from commit 1719d23) # Conflicts: # runtime/src/bank.rs # runtime/src/builtins.rs * resolve conflicts Co-authored-by: Justin Starry <[email protected]> Co-authored-by: Jack May <[email protected]>
| } else { | ||
| // Retaining is no different from adding a new builtin. | ||
| Some(BuiltinAction::Add(previous_builtin.clone())) | ||
| } |
There was a problem hiding this comment.
I believe this branch introduced a new bug for epoch boundaries. On epoch boundaries, the should_apply_action_for_feature(removal_feature_id) condition will be false if the removal feature id wasn't newly activated. This causes the builtin to be re-added even if it was previously removed.
* Add failing test for precompile transition * Skip adding builtins if they will be removed * cargo clean * nits * fix abi check * remove workaround Co-authored-by: Jack May <[email protected]>
Problem
When loading from a snapshot, a validator adds and removes builtins and precompiles according to which runtime features are activated. Also, it's important to note that builtin additions are always processed before removals. So after a builtin has been turned into a precompile account on a cluster, the validator will still try to re-add it whenever it starts up from a snapshot. When the builtin is re-added while starting from a snapshot, the builtin account is checked to see whether it is owned by the native loader (precompiles are system-owned) and if not, the validator will hard exit because it thinks it booted from an incompatible snapshot.
Summary of Changes
Fixes #23231