Refactor - Delay visibility of program un-/re-/deployment #29654
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lichtso
added
work in progress
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
5 times, most recently
from
689c831 to
d0f1e9c
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
3 times, most recently
from
7c56ecf to
d631faf
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
5 times, most recently
from
b579aa5 to
115644a
Compare
Closed
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
from
115644a to
a729199
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
from
a729199 to
76cc1e7
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
2 times, most recently
from
a6fa38a to
90850fb
Compare
jackcmay
reviewed
Feb 7, 2023
| self.executors.insert(key, Some(executor.clone())); | ||
| } else { | ||
| // Do not overwrite an existing entry | ||
| self.executors.entry(key).or_insert(None); |
There was a problem hiding this comment.
Why insert None if not found?
There was a problem hiding this comment.
That is essentially an explicit invalid entry similar to a tombstone. So that if a program was not deployed before the transaction begins, and it is deployed during the transaction, that the rest of the transaction still sees it as undeployed. In other words it is necessary to get case 1 (deployment invisibility) right.
tao-stones
reviewed
Feb 7, 2023
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
from
90850fb to
28f3ed2
Compare
jackcmay
reviewed
Feb 9, 2023
jackcmay
reviewed
Feb 9, 2023
jackcmay
reviewed
Feb 9, 2023
jackcmay
reviewed
Feb 9, 2023
jackcmay
reviewed
Feb 9, 2023
| // Executor exists and is cached, use it | ||
| Some(Some(executor)) => return Ok((executor, None)), | ||
| // We cached that the Executor does not exist, abort | ||
| Some(None) => return Err(InstructionError::InvalidAccountData), |
There was a problem hiding this comment.
This looks a little scary since it is a new error condition that is not directly featurized. Afaict this case can only occur once the delay feature is activated, but that is a bit distant and could potentially lead to confusion or a missed code path
There was a problem hiding this comment.
Hm yes, I added a comment to point out that this case only exists when the feature is active.
The thing is, if we made a condition here that would check the feature, it would still result in an error being returned.
Not much gained IMO.
jackcmay
reviewed
Feb 9, 2023
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
4 times, most recently
from
b3d1b70 to
473f9d5
Compare
jackcmay
previously approved these changes
Feb 9, 2023
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
2 times, most recently
from
3bc4d2f to
b18c0da
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
from
b18c0da to
9a469fe
Compare
Lichtso
force-pushed
the
refactor/delay_visibility_of_program_deployment
branch
from
9a469fe to
640ef50
Compare
Lichtso
changed the title
tao-stones
approved these changes
Feb 10, 2023
| if upgrade { | ||
| if delay_visibility_of_program_deployment { | ||
| // Place a tombstone in the cache so that | ||
| // we don't load the new version from the database as it should remain invisible |
nickfrosty
pushed a commit
to nickfrosty/solana
that referenced
this pull request
Mar 12, 2023
…s#29654) * Use three separate HashMaps instead of the enum TxBankExecutorCacheDiff. * Replaces all places which deploy programs by a macro. * Adds a feature gate. * Adjust tests. * Makes undeployment visible immediately.
steveluscher
added a commit
to solana-labs/solana-web3.js
that referenced
this pull request
May 24, 2023
## Summary solana-labs/solana#29654 introduced a delay between the slot a program is deployed and when it can be called. Let's build this into the loader now so as to remove a footgun from folks trying to call programs immediately after deploying them. ## Test Plan ``` pnpm test:live-with-test-validator ```
steveluscher
added a commit
to solana-labs/solana-web3.js
that referenced
this pull request
May 24, 2023
## Summary solana-labs/solana#29654 introduced a delay between the slot a program is deployed and when it can be called. Let's build this into the loader now so as to remove a footgun from folks trying to call programs immediately after deploying them. ## Test Plan ``` pnpm test:live-with-test-validator ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Currently some changes to programs made by un-/re-/deployment are visible immediately, even within the same transaction. These inconsistency between top-level instructions and CPI should be removed. This is a preparation for the replacement of the current executor cache by one that supports a bitemporal model. Once that is done, the new executor cache will further delay the visibility from the end of the transaction to a slot in the future, with a constant offset from the slot the action occurred in.
Summary of Changes
HashMaps instead of theenumTxBankExecutorCacheDiffOld vs New Behavior (inside the same transaction)
In other words the new consistent behavior is, that whenever a program is un-/re-/deployed,
it becomes unavailable for the rest of the transaction.
Feature Gate Issue: #30085