Feature - Loader built-in program v4 #30464
Conversation
Lichtso
force-pushed
the
feature/loader-v3
branch
2 times, most recently
from
6862312 to
9d96f81
Compare
|
How to read this
is there CPI or is there no CPI? In the absence of CPI how one on-chain program can invoke another on-chain program? |
|
I updated the PR description. Yes programs will be able to call other programs, but that won't be called CPI anymore and use a different mechanism (no more VM nesting). |
Looks good. Thank you. |
Lichtso
force-pushed
the
feature/loader-v3
branch
from
9d96f81 to
a124743
Compare
Codecov Report
@@ Coverage Diff @@
## master #30464 +/- ##
========================================
Coverage 81.4% 81.5%
========================================
Files 723 726 +3
Lines 203812 204742 +930
========================================
+ Hits 166064 166962 +898
- Misses 37748 37780 +32 |
Lichtso
force-pushed
the
feature/loader-v3
branch
from
a124743 to
3075725
Compare
programs/loader-v3/src/lib.rs
Outdated
| .get_data() | ||
| .len() | ||
| .saturating_sub(LoaderV3State::program_data_offset()); | ||
| if offset as usize > program_size { |
There was a problem hiding this comment.
Do we need to support out of order writes for the program data? Since, there are multiple transactions to write/update the program.
There was a problem hiding this comment.
Random access writes are supported once the data is initialized.
We could lift that restriction and define a write beyond the end as automatically filling the gap with zeros.
programs/loader-v3/src/lib.rs
Outdated
| &program, | ||
| authority_address, | ||
| )?; | ||
| if !state.is_deployed { |
There was a problem hiding this comment.
Should we check DEPLOYMENT_COOLDOWN_IN_SLOTS for the program before it can be retracted?
There was a problem hiding this comment.
That would prevent the user from upgrading a program in a single transaction.
There was a problem hiding this comment.
I was mostly viewing it by the comment here: https://github.com/solana-labs/solana/pull/30464/files#diff-122620648d15121d8a722c52f2dcf42e3587ad87b0c254162edc8f857d6d218fR9
/// Cooldown before a program can be un-/redeployed again
pub const DEPLOYMENT_COOLDOWN_IN_SLOTS: u64 = 750;
I am likely confused.
There was a problem hiding this comment.
No, you are right, I misunderstood the first comment. Yes, we should check it here as well, just not reset / restart the cooldown.
| /// # Account references | ||
| /// 0. `[writable]` The program account to deploy. | ||
| /// 1. `[signer]` The authority of the program. | ||
| /// 2. `[signer]` Optional, an undeployed source program account to take data and lamports from. |
There was a problem hiding this comment.
replace signer with source_program?
There was a problem hiding this comment.
Good catch. It should be [writable] instead for the source_program.
| let instruction_data = instruction_context.get_instruction_data(); | ||
| let program_id = instruction_context.get_last_program_key(transaction_context)?; | ||
| if loader_v3::check_id(program_id) { | ||
| match limited_deserialize(instruction_data)? { |
There was a problem hiding this comment.
Should we refactor this into smaller functions?
|
This is pretty cool. Looks good overall. There are some minor comments/questions. |
Lichtso
force-pushed
the
feature/loader-v3
branch
from
3075725 to
e26d2ff
Compare
Lichtso
force-pushed
the
feature/loader-v3
branch
from
e26d2ff to
3f38812
Compare
Lichtso
force-pushed
the
feature/loader-v3
branch
from
3f38812 to
641a8a3
Compare
Lichtso
changed the title
Problem
This is the bare bones prototype for of the loader for the program runtime v2.
It is going to be fleshed out over the course of many PRs yet to come.
Summary of Changes
Adds the prototype of the new loader, which will:
is_executableaccount flag anymore (thus not require a proxy account like the upgradeable loader does)New Program Management Workflow
Buffer accounts will no longer be special and instead become normal program accounts which are simply never deployed.
The use of buffer accounts will become optional, it is more expensive than not using them but also more reliable.
Explicit control of the program account size will be provided by the
Truncateinstruction.Deployment
Truncateinstruction initializes the program account and allocates memoryWriteinstructions upload the program codeDeployinstruction verifies and enables the programRedeployment
Retractinstruction disables the programTruncateinstruction shrinks or grows the program data account if necessaryWriteinstructions change the data in the program accountDeployinstruction verifies and (re)enables the programRedeployment with a buffer account
Truncateinstruction initializes a buffer account and allocates memoryWriteinstructions upload the program codeRetractinstruction disables the programDeployinstruction verifies the buffer, replaces the program accounts data, closes the buffer account and (re)enables the programUndeployment
Retractinstruction disables the programTruncateinstruction closes the program accountFinalization
TransferAuthorityinstruction finalizes the program