-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use reserved account keys list to restrict tx write locks #541
Conversation
16c5927
to
51c6b9b
Compare
Seems i'm coming in late in the process here; what's the reason we are taking this path of making these consensus breaking? It seems the Anza's client could simply choose to filter such transactions out early without adding complexity to the protocol. |
@apfitzge you're right that filtering could happen instead and that's what firedancer is planning to do Here's my main reasoning:
|
The CI failure looks legit. |
Well, first of all I think it's unfortunate that the most convenient place for the sanitized types has always been On the other hand, since master has moved to 2.0, it's ok to introduce breaking changes here. I think the most unfortunate API change is the message |
e30fb17
to
9503a62
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #541 +/- ##
=========================================
- Coverage 81.9% 81.9% -0.1%
=========================================
Files 851 851
Lines 231209 231373 +164
=========================================
+ Hits 189495 189611 +116
- Misses 41714 41762 +48 |
Sorry about the delay; I was ooo for a few days. Thanks for your api/backward compatibility thoughts; echoes my thinking exactly.
Yes, I agree. I think it would be best to preserve |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks good, aside from the Message::is_writable
breakage. However, the first commit is a bear; I would have more confidence in my review if it were broken up a bit. For instance, the bank.rs changes that add and update the Bank::reserved_account_keys
field should probably be a separate commit. And if any of the api interface changes can be separated from each other (and built on top of each other), that would be a natural progression.
.build_sanitized_transaction( | ||
&bank.feature_set, | ||
bank.vote_only_bank(), | ||
bank, | ||
bank.get_reserved_account_keys(), | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sidenote: not a thing to be dealt with in this PR, but it seems really clunky that this method takes 4 different bank-related things, including the Bank itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, hurts my eyes every time too.
9503a62
to
a4771a9
Compare
Reverted the breakage here: a4771a9
Broken up here: #769
Open to ideas but that first commit (51e49c6) now basically only has two functional changes (applying the reserved account keys set in |
a4771a9
to
fd03ab9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Open to ideas
That commit actually touches 7 different methods, which is a lot of plumbing to follow. If it were me, I would have started with a commit for each top-level method (ie. each of the SanitizedTransaction
methods) to show the scope of those changes. And then a commit for each of the LegacyMessage
/LoadedMessage
/SanitizedMessage
methods, since those are dependent on the SanitizedTransaction
changes.
Looks like the is_writable
change could be done at any time in that progression, but could easily be a separate commit.
To be explicit, I am talking about splitting into separate commits, not separate PRs. I understand that merging the method changes into the code-base piecemeal is a bad idea.
Well, anyway, I'm approving this as-is (or will re-approve, if you merge #769 first and then rebase this)
}; | ||
|
||
fn new_sanitized_message(message: LegacyMessage) -> SanitizedMessage { | ||
SanitizedMessage::try_from_legacy_message(message).unwrap() | ||
SanitizedMessage::try_from_legacy_message(message, &HashSet::default()).unwrap() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this just to avoid importing ReservedAccountKeys
? You use ReservedAccountKeys::empty_key_set()
everywhere else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah can't import it from solana-program
Problem
The transaction scheduler and the runtime both demote transaction write locks for builtin programs and sysvars using a static list of reserved IDs. This change replaces the currently used static lists of builtin program and sysvar IDs with a dynamic set of reserved account keys that can be updated at epoch boundaries with feature gates (added here: #84)
Summary of Changes
reserved_account_keys
argument to properly assess if a transaction account can be write locked.The change is split into two commits so that the functional changes aren't drowned in test updates to plumb the new reserved account keys argument through.
Breaking Changes
solana_sdk::transaction::SanitizedTransaction::try_from_legacy_transaction
has a newreserved_account_keys
argumentsolana_sdk::transaction::SanitizedTransaction::try_create
has a newreserved_account_keys
argumentsolana_sdk::transaction::SanitizedTransaction::try_new
has a newreserved_account_keys
argumentsolana_program::message::LegacyMessage::new
has a newreserved_account_keys
argumentsolana_program::message::SanitizedMessage::try_new
has a newreserved_account_keys
argumentsolana_program::message::LoadedMessage::new
has a newreserved_account_keys
argumentsolana_program::message::LoadedMessage::new_borrowed
has a newreserved_account_keys
argumentFeature Gate Issue: #540