-
Notifications
You must be signed in to change notification settings - Fork 4.5k
Feature gate builtin consumes static units during processing instruction #30702
Feature gate builtin consumes static units during processing instruction #30702
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change looks good to me! To prevent this in the future, do you want to add something in the native instruction processor which errors if no compute units are used? This can be addressed in a followup with a separate feature gate if you prefer.
ce1c510
to
e121b44
Compare
Like this idea, makes sense to include this change in same feature gate. But can you say more about it? Not super clear what "native instruction processor" refer to, and how that would prevent future native program to consume units. As for error, would a new |
e121b44
to
33af2ef
Compare
Also I wish to refactor the hardcoded number into named constants. so
Would this break any convention? @joncinque @Lichtso |
33af2ef
to
90f05ad
Compare
In your other PR, you checked to see if consumed compute units was 0 before deducting the default amount at https://github.com/solana-labs/solana/pull/30680/files#diff-9ac236825ce9b87946d6820e3ec3096bc841818c66037b38b6d98142318f4b0aR783-R791 How about returning an error if consumed compute units is 0? |
If it's only used in one place, I think it's fine to keep the hardcoded amounts, but it's a matter of taste |
Aaah, gotcha! The word "native" threw me off, thought it's something else 😜 Thanks for explaining,
Yeah ok, let's leave this one out for now. It can be done as separately without needing another feature gate. |
Aaah, gotcha. Sorry "native" threw me off early, thought referring to something else 😜 . comment 254da8b does it. |
da7a35d
to
b5f3f27
Compare
@@ -769,6 +773,17 @@ impl<'a> InvokeContext<'a> { | |||
let post_remaining_units = self.get_remaining(); | |||
*compute_units_consumed = pre_remaining_units.saturating_sub(post_remaining_units); | |||
|
|||
// startign from feature `native_programs_consume_cu`, all builtin programs should consume |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding this to enforce future native programs to consume units.
// programs that do not consume units. | ||
let mut deactivate_feature_set = HashSet::default(); | ||
deactivate_feature_set.insert(solana_sdk::feature_set::native_programs_consume_cu::id()); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Existing mock/test programs do not consume units, the enforcement added above not only breaks all tests under program-test/tests
and some zk-token-proof tests, it also breaks downstream tests (such as spl). I deactivated this feature for ProgramTest here to continue support existing tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, that makes sense for these, especially in "native" mode. We could eventually change program-test to consume some default amount in "native" mode.
runtime/src/bank.rs
Outdated
@@ -281,7 +281,7 @@ impl RentDebits { | |||
} | |||
|
|||
pub type BankStatusCache = StatusCache<Result<()>>; | |||
#[frozen_abi(digest = "3qia1Zm8X66bzFaBuC8ahz3hADRRATyUPRV36ZzrSois")] | |||
#[frozen_abi(digest = "FT6XYtzchg9h2JACEKKf8FZD5skSnPzKY4YrJ1jUWr8U")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
abi change due to adding InstructionError
Codecov Report
@@ Coverage Diff @@
## master #30702 +/- ##
=========================================
- Coverage 81.5% 81.5% -0.1%
=========================================
Files 726 726
Lines 204809 204914 +105
=========================================
+ Hits 167027 167080 +53
- Misses 37782 37834 +52 |
@joncinque @Lichtso adding check to enforce builtin to consume units broke a ton tests all over place :) Took time to use the opportunity to learn some details about runtime and program_test. This PR is cleaned up, ready for another review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fixing up all those tests, this is looking really close!
// programs that do not consume units. | ||
let mut deactivate_feature_set = HashSet::default(); | ||
deactivate_feature_set.insert(solana_sdk::feature_set::native_programs_consume_cu::id()); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, that makes sense for these, especially in "native" mode. We could eventually change program-test to consume some default amount in "native" mode.
.feature_set | ||
.is_active(&native_programs_consume_cu::id()) | ||
{ | ||
return Err(InstructionError::BuiltinProgramsMustConsumeUnits); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that I think about it more -- consuming 0 units is a programmer error and not a user error, so we could be even more aggressive and assert.
On the flipside, since the runtime is used by other developers, like in all of the program tests, they should probably get a nice error rather than an assert. I'm leaning toward keeping this as an error, but I wanted to bring up the discussion to see how you thought.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great observation! I agree it'd be a programmer error. Also agree runtime is library other developers use; so it'd be great, as good SDK, to return meaningful errors for unsupported user invokes. I'd vote for keep error too.
a77cb21
to
6c199dc
Compare
6c199dc
to
de8a840
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, but be sure to get feedback from @Lichtso too, to make sure that it interacts properly with any runtime changes
- return error if builtin did not consume units, as a way to enforce builtin to consume units; - updated related tests
…re to continue support existing mock/test programs that do not consume units
de8a840
to
d661745
Compare
Problem
For below mentioned feature gated issue, PR #30680 presented one possible solution to charge default units if (and only if) builtins don't manually deduct units after process_instruction(). @Lichtso pointed out two issues with it:
@Lichtso and I huddled offline, proposed to update all builtins to consume statically defined units at beginning of
process_instruction
. The pros: above mentioned 2 concerns are addressed; the cons: it is not easy to abandon builtin costs (re)defined inruntime/src/block_cost_limits.rs
, which adds cost of maintenance. (with previous approach, i was planning to remove that HashMap from block_cost_limit, instead fetch builtin cost from bank.builtins.default_compute_unit_cost)Summary of Changes
Feature Gate Issue: #30620