-
Notifications
You must be signed in to change notification settings - Fork 4.5k
Propose traced transaction construction #17796
Conversation
|
||
## Problem | ||
|
||
With more composition comes in the Solana's program ecosystem, it will be harder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doc is still in the draft phase. but I think the first half of this is written decently. ;)
|
||
## Future possible expansions | ||
|
||
- Wallet account balance delta check: append VerifyTokenBalances ix at last and pass the expected balances of spl-tokens or hash of it (also with delegation status). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is my (hopefully nice) solution to this: #17762
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, dynamic ix append as directed traced simulation might also be useful.
## Future possible expansions | ||
|
||
- Wallet account balance delta check: append VerifyTokenBalances ix at last and pass the expected balances of spl-tokens or hash of it (also with delegation status). | ||
- Browser-side bpf program simualtion for server-less architecture with online wasm translation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is only possible because solana tx execution doesn't touch the whole account state in the chain. :)
This reduces the number of required accounts for CPI and clients from 7 to 3, reducing by 4. | ||
(Obviously, we can't actually deploy these changes because this will break | ||
compatibility. This is only for illustration of effective applicability to | ||
moderately-complex program construct.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
prevent program detect to be simulated or really-executed | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, write about the strip of is_signer and no use case limited by this stripping.
deployed programs can be now upgradeable. This severely hampers ongoing | ||
consumed-program's implementation refinement in the areas of data migration and | ||
improved concurrency, by preventing transparent account switching and | ||
sharding with vectorized accounts, respectively. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is meant by "vectorized accounts"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jstarry don't be bothered with it.. ;) well, I used this fancy adjective, remotely referencing the usage like vectorization with SSE4/AVX2
. Maybe sharding
by itself should be enough.
Sharding
here means avoiding write lock to the same internal account by using different accounts to write by deriving from the first byte of other account addresses like order_id for DEX. So, program can avoid write lock contention easily. Also, see the sharding example for code.
I want to say, hiding internal account addresses in this way makes these optimizations can be introduced by drop-in basis.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah got it, I like the idea of abstracting away implementation details like this, thanks for the explanation!
can be traced: | ||
|
||
```rust | ||
fn access_as_unsigned(address: &Pubkey, flags = enum { READ, WRITE}): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Considering this #17901,
Maybe we should augment this by returning enum {AccountInfo, AccountRef}
with new flag ACCESS_AS_REF
. so that we can avoid any serializing into program execution environment.
AccountRef can only be used for passing to child cpi.
program_id, | ||
); | ||
let transfer_counter = access_as_unsigned(counter_address, READ_WRITE)?; | ||
let clock_sysvar = access_as_unsigned(sysvars::clock::id(), READ_WRITE)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is clock rw?
], | ||
program_id, | ||
); | ||
let transfer_counter = access_as_unsigned(counter_address, READ_WRITE)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What type is transfer_counter
?
This is interesting. I like that it reduces and simplifies a program's calling interface by hiding internal-only accounts that the caller doesn't need to be or shouldn't be aware of. |
In addition to a syscall used to discover dependent accounts, if any cpi is invoked during simulation that specifies new accounts, those new accounts should also be added to the list. During non-simulation those dependent accounts would be listed in the tx, loaded along with the rest of the accounts and referenced as needed. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
This stale pull request has been automatically closed. Thank you for your contributions. |
@@ -22,13 +22,12 @@ pub fn process_instruction( | ||
let account_info_iter = &mut accounts.iter(); | ||
|
||
let funder_info = next_account_info(account_info_iter)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
related to #18588
@@ -0,0 +1,247 @@ | |||
# Traced transaction construction via RPC's `simulateTransaction` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
traced => instrumented?
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Tracing can only reveal references in code that is actually executed. Consider something like let clock = Clock::get()?;
if clock.slot % 2 == 0 {
reference_account_a();
} else {
reference_account_b();
} If the RPC traces the program execution and says it referenced account A, then it is likely that by the time it executes for real, the program will try to reference account B. This is similar to how tests can only reveal bugs in code that is executed; to get an exhaustive answer, you need some kind of (static) program analysis or abstract interpretation. |
@ruuda thanks for chiming in! you're first penguin from community. I really appreciate that. Yeah, I understand the limitation. You have a point. But I still think this proposal could be reasonable solution for the problems described, at the cost of the strict requirement of rpc's simulation when issuing transactions to any advanced programs. Maybe I should have added a prose like this?:
How do you like? |
|
||
race condition around program deploy (= possible account loading change) => just retry also seek to the ix versioning for perfection | ||
|
||
(traced program just load dummy addresses for tx versionsing for completeness) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, I have to embed this pr comment into doc: #17796 (comment)
I don’t have a strong opinion on it, I just wanted to point out the limitation. Personally I think that with the way the Solana runtime is exposed to Rust at the moment, Rust is not a great language for writing Solana programs, and in the long run I expect some DSL to take over. A DSL could take care of those details internally, with a compiler figuring out which accounts are referenced. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
This stale pull request has been automatically closed. Thank you for your contributions. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
This stale pull request has been automatically closed. Thank you for your contributions. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
(boring meta-joke due to imminent sleep time.)
Problem
This is half-done!
Summary of Changes
Push more commitz and squaz
context (original idea is written when the itoken reviewing: #15927 (comment))