Calls inspect_account() on the fee payer

[brooksprumo]

Problem

#2678 added a callback to inspect accounts prior to transaction processing. Unfortunately this did not include the fee payer, which is loaded separately.

Summary of Changes

Also inspect the fee payer.

[brooksprumo]

@HaoranYi - we missed this one earlier
@buffalojoec - you had reviewed the first PR, so wanted to include you on this one too
@jstarry - I asked you about where to put the call to inspect_account(), so wanted your review on the actual PR

[HaoranYi]

Ah. I missed this one. Looks like it is a recent refactoring that moved the fee accounts out of transaction account loading.

Good catch.

[jstarry]

Are there any tests for this inspect account feature? We should have a test to ensure all writable accounts are now inspected after this bug fix.

[brooksprumo]

Are there any tests for this inspect account feature? We should have a test to ensure all writable accounts are now inspected after this bug fix.

Good call. I've added tests in f3efdd4.

[jstarry]

The new tests look great but I was actually hoping for a test that would have caught this bug at a higher level. Namely an integration test that tests that all accounts in a transaction were inspected. Actually it would be nice to have two integration tests.. one for a fully loaded transaction and one for a transaction which only validated the fee payer but is still able to be committed (named FeesOnlyTransaction)

[jstarry]

So I guess this default header is causing all accounts to be loaded as writable because it means there are 0 signers and 0 readonly non-signers? And the program is loaded as readonly because it was demoted by demote_program_id? Do you mind adding comments describing this behavior?

[brooksprumo]

Sure, I can add a comment. I'm not familiar with these specifics; why is that information germane to this test?

[jstarry]

Because it's important that account inspection correctly captures whether an account is loaded with a write lock, right?

[brooksprumo]

I think no, not this test. This test only cares that the accounts are being inspected. The writability is assumed to be correct. (I imagine there are tests that are test this, yes?)

[jstarry]

Ok that seems reasonable to me

[HaoranYi]

Looking at the code, I think we might miss sysvar too.

[brooksprumo]

Looking at the code, I think we might miss sysvar too.

inspect_account() will only "see" accounts loaded by transactions**. Any other account that is modified outside of transaction processing will need to be handled separately. For our lt hash work, yeah, we'll need to handle some extra stuff. For this PR, I don't think we need anything special, right?

**: we should see all the accounts in the transactions, right?

[HaoranYi]

Looking at the code, I think we might miss sysvar too.

inspect_account() will only "see" accounts loaded by transactions**. Any other account that is modified outside of transaction processing will need to be handled separately. For our lt hash work, yeah, we'll need to handle some extra stuff. For this PR, I don't think we need anything special, right?

**: we should see all the accounts in the transactions, right?

Yeah. we will handle them specially in lt-hash work. Feel free to ignore the comments. It is out the scope of this PR.

[brooksprumo]

The new tests look great but I was actually hoping for a test that would have caught this bug at a higher level. Namely an integration test that tests that all accounts in a transaction were inspected.

Done! I've added an integration test in a401c5f.

Actually it would be nice to have two integration tests.. one for a fully loaded transaction and one for a transaction which only validated the fee payer but is still able to be committed (named FeesOnlyTransaction)

I'm not sure what this would be testing. Should the transaction not load the other accounts in the FeesOnlyTransaction case? If that's true, then I think it should be a test on load_transaction_accounts() then, and not inspect_accounts(). Wdyt?

[jstarry]

I'm not sure what this would be testing. Should the transaction not load the other accounts in the FeesOnlyTransaction case? If that's true, then I think it should be a test on load_transaction_accounts() then, and not inspect_accounts(). Wdyt?

Yeah I'm not really sure either. Maybe it can come later? I'm just thinking about how loading could bail halfway through and so some accounts would be recorded as inspected but others would not be. And in the end we will only be committing state changes for fee payer / nonce.

[jstarry]

Do we want the mock to push read-only accounts here?

[brooksprumo]

I was thinking 'yes', but I guess doesn't need to. What would you prefer here?

[jstarry]

I don't have any preference, we can keep it as is

[jstarry]

Should also assert that len of actual and expected accounts is the same. In your test, the actual inspected accounts includes extra read only accounts.

[brooksprumo]

Good call. I've added a len check, and also added read-only accounts in 877a38c.

[brooksprumo]

PR #2623 refactored the svm integration tests, so I need to rebase and rewrite the integration test in this PR.