-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature - Loader built-in program v4 #30464
Conversation
6862312
to
9d96f81
Compare
How to read this
is there CPI or is there no CPI? In the absence of CPI how one on-chain program can invoke another on-chain program? |
I updated the PR description. Yes programs will be able to call other programs, but that won't be called CPI anymore and use a different mechanism (no more VM nesting). |
Looks good. Thank you. |
9d96f81
to
a124743
Compare
Codecov Report
@@ Coverage Diff @@
## master #30464 +/- ##
========================================
Coverage 81.4% 81.5%
========================================
Files 723 726 +3
Lines 203812 204742 +930
========================================
+ Hits 166064 166962 +898
- Misses 37748 37780 +32 |
a124743
to
3075725
Compare
programs/loader-v3/src/lib.rs
Outdated
.get_data() | ||
.len() | ||
.saturating_sub(LoaderV3State::program_data_offset()); | ||
if offset as usize > program_size { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to support out of order writes for the program data? Since, there are multiple transactions to write/update the program.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Random access writes are supported once the data is initialized.
We could lift that restriction and define a write beyond the end as automatically filling the gap with zeros.
programs/loader-v3/src/lib.rs
Outdated
&program, | ||
authority_address, | ||
)?; | ||
if !state.is_deployed { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we check DEPLOYMENT_COOLDOWN_IN_SLOTS
for the program before it can be retracted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would prevent the user from upgrading a program in a single transaction.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was mostly viewing it by the comment here: https://github.com/solana-labs/solana/pull/30464/files#diff-122620648d15121d8a722c52f2dcf42e3587ad87b0c254162edc8f857d6d218fR9
/// Cooldown before a program can be un-/redeployed again
pub const DEPLOYMENT_COOLDOWN_IN_SLOTS: u64 = 750;
I am likely confused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, you are right, I misunderstood the first comment. Yes, we should check it here as well, just not reset / restart the cooldown.
/// # Account references | ||
/// 0. `[writable]` The program account to deploy. | ||
/// 1. `[signer]` The authority of the program. | ||
/// 2. `[signer]` Optional, an undeployed source program account to take data and lamports from. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
replace signer
with source_program
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. It should be [writable]
instead for the source_program.
let instruction_data = instruction_context.get_instruction_data(); | ||
let program_id = instruction_context.get_last_program_key(transaction_context)?; | ||
if loader_v3::check_id(program_id) { | ||
match limited_deserialize(instruction_data)? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we refactor this into smaller functions?
This is pretty cool. Looks good overall. There are some minor comments/questions. |
3075725
to
e26d2ff
Compare
e26d2ff
to
3f38812
Compare
3f38812
to
641a8a3
Compare
Problem
This is the bare bones prototype for of the loader for the program runtime v2.
It is going to be fleshed out over the course of many PRs yet to come.
Summary of Changes
Adds the prototype of the new loader, which will:
is_executable
account flag anymore (thus not require a proxy account like the upgradeable loader does)New Program Management Workflow
Buffer accounts will no longer be special and instead become normal program accounts which are simply never deployed.
The use of buffer accounts will become optional, it is more expensive than not using them but also more reliable.
Explicit control of the program account size will be provided by the
Truncate
instruction.Deployment
Truncate
instruction initializes the program account and allocates memoryWrite
instructions upload the program codeDeploy
instruction verifies and enables the programRedeployment
Retract
instruction disables the programTruncate
instruction shrinks or grows the program data account if necessaryWrite
instructions change the data in the program accountDeploy
instruction verifies and (re)enables the programRedeployment with a buffer account
Truncate
instruction initializes a buffer account and allocates memoryWrite
instructions upload the program codeRetract
instruction disables the programDeploy
instruction verifies the buffer, replaces the program accounts data, closes the buffer account and (re)enables the programUndeployment
Retract
instruction disables the programTruncate
instruction closes the program accountFinalization
TransferAuthority
instruction finalizes the program