Skip to content

flamenco, vm: implement provide_instruction_data_offset_in_vm_r2 #7389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 28, 2025
Merged

flamenco, vm: implement provide_instruction_data_offset_in_vm_r2 #7389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/flamenco/features/fd_features_generated.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1697,6 +1697,12 @@ fd_feature_id_t const ids[] = {
.name = "relax_intrabatch_account_locks",
.cleaned_up = {UINT_MAX, UINT_MAX, UINT_MAX} },

{ .index = offsetof(fd_features_t, provide_instruction_data_offset_in_vm_r2)>>3,
.id = {"\x49\xa8\x3f\xba\xb8\x02\x48\x7c\x34\x1e\x07\x66\xab\xd9\x59\xba\x04\xfd\xce\xcc\xe6\xbf\xdf\xd4\xc6\xe1\x62\xec\x0b\x10\x26\x6f"},
/* 5xXZc66h4UdB6Yq7FzdBxBiRAFMMScMLwHxk2QZDaNZL */
.name = "provide_instruction_data_offset_in_vm_r2",
.cleaned_up = {UINT_MAX, UINT_MAX, UINT_MAX} },

{ .index = ULONG_MAX }
};
/* TODO replace this with fd_map_perfect */
Expand Down Expand Up @@ -1951,6 +1957,7 @@ fd_feature_id_query( ulong prefix ) {
case 0xf08a42c3c040e908: return &ids[ 245 ];
case 0x8c7bee4552d93e0c: return &ids[ 246 ];
case 0x866094bbfe00a7c6: return &ids[ 247 ];
case 0x7c4802b8ba3fa849: return &ids[ 248 ];
default: break;
}
return NULL;
Expand Down Expand Up @@ -2204,4 +2211,5 @@ FD_STATIC_ASSERT( offsetof( fd_features_t, account_data_direct_mapping
FD_STATIC_ASSERT( offsetof( fd_features_t, fix_alt_bn128_pairing_length_check )>>3==245UL, layout );
FD_STATIC_ASSERT( offsetof( fd_features_t, poseidon_enforce_padding )>>3==246UL, layout );
FD_STATIC_ASSERT( offsetof( fd_features_t, relax_intrabatch_account_locks )>>3==247UL, layout );
FD_STATIC_ASSERT( offsetof( fd_features_t, provide_instruction_data_offset_in_vm_r2 )>>3==248UL, layout );
FD_STATIC_ASSERT( sizeof( fd_features_t )>>3==FD_FEATURE_ID_CNT, layout );
5 changes: 3 additions & 2 deletions src/flamenco/features/fd_features_generated.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
#endif

/* FEATURE_ID_CNT is the number of features in ids */
#define FD_FEATURE_ID_CNT (248UL)
#define FD_FEATURE_ID_CNT (249UL)

/* Feature set ID calculated from all feature names */
#define FD_FEATURE_SET_ID (1636000132U)
#define FD_FEATURE_SET_ID (4167120720U)

union fd_features {
ulong f[ FD_FEATURE_ID_CNT ];
Expand Down Expand Up @@ -264,5 +264,6 @@ union fd_features {
/* 0xf08a42c3c040e908 */ ulong fix_alt_bn128_pairing_length_check;
/* 0x8c7bee4552d93e0c */ ulong poseidon_enforce_padding;
/* 0x866094bbfe00a7c6 */ ulong relax_intrabatch_account_locks;
/* 0x7c4802b8ba3fa849 */ ulong provide_instruction_data_offset_in_vm_r2;
};
};
3 changes: 2 additions & 1 deletion src/flamenco/features/feature_map.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,5 +246,6 @@
{"name":"account_data_direct_mapping","pubkey":"DFN8MyKpQqFW31qczcahgnnxcAHQc6P94wtTEX5EP1RA","old":"9s3RKimHWS44rJcJ9P1rwCmn2TvMqtZQBmz815ZUUHqJ"},
{"name":"fix_alt_bn128_pairing_length_check","pubkey":"bnYzodLwmybj7e1HAe98yZrdJTd7we69eMMLgCXqKZm"},
{"name":"poseidon_enforce_padding","pubkey":"poUdAqRXXsNmfqAZ6UqpjbeYgwBygbfQLEvWSqVhSnb"},
{"name":"relax_intrabatch_account_locks","pubkey":"ENTRYnPAoT5Swwx73YDGzMp3XnNH1kxacyvLosRHza1i"}
{"name":"relax_intrabatch_account_locks","pubkey":"ENTRYnPAoT5Swwx73YDGzMp3XnNH1kxacyvLosRHza1i"},
{"name":"provide_instruction_data_offset_in_vm_r2","pubkey":"5xXZc66h4UdB6Yq7FzdBxBiRAFMMScMLwHxk2QZDaNZL"}
]
3 changes: 2 additions & 1 deletion src/flamenco/progcache/fd_progcache_rec.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ fd_progcache_rec_new( void * mem,
0,
FD_FEATURE_ACTIVE( load_slot, features, account_data_direct_mapping ),
FD_FEATURE_ACTIVE( load_slot, features, stricter_abi_and_runtime_constraints ),
0 );
0,
0UL );
if( FD_UNLIKELY( !vm ) ) FD_LOG_CRIT(( "fd_vm_init failed" ));

if( FD_UNLIKELY( fd_vm_validate( vm )!=FD_VM_SUCCESS ) ) return NULL;
Expand Down
30 changes: 19 additions & 11 deletions src/flamenco/runtime/program/fd_bpf_loader_program.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,8 @@ fd_deploy_program( fd_exec_instr_ctx_t * instr_ctx,
/* is_deprecated */ 0,
/* direct mapping */ direct_mapping,
/* stricter_abi_and_runtime_constraints */ stricter_abi_and_runtime_constraints,
/* dump_syscall_to_pb */ 0 );
/* dump_syscall_to_pb */ 0,
/* r2_initial_value */ 0UL );
if ( FD_UNLIKELY( vm == NULL ) ) {
FD_LOG_WARNING(( "NULL vm" ));
return FD_EXECUTOR_INSTR_ERR_PROGRAM_ENVIRONMENT_SETUP_FAILURE;
Expand Down Expand Up @@ -391,18 +392,21 @@ fd_bpf_execute( fd_exec_instr_ctx_t * instr_ctx,
0 );

/* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1362-L1368 */
ulong input_sz = 0UL;
ulong pre_lens[256] = {0};
fd_vm_input_region_t input_mem_regions[1000] = {0}; /* We can have a max of (3 * num accounts + 1) regions */
fd_vm_acc_region_meta_t acc_region_metas[256] = {0}; /* instr acc idx to idx */
uint input_mem_regions_cnt = 0U;
int direct_mapping = FD_FEATURE_ACTIVE_BANK( instr_ctx->bank, account_data_direct_mapping );
int stricter_abi_and_runtime_constraints = FD_FEATURE_ACTIVE_BANK( instr_ctx->bank, stricter_abi_and_runtime_constraints );

ulong input_sz = 0UL;
ulong pre_lens[256] = {0};
fd_vm_input_region_t input_mem_regions[1000] = {0}; /* We can have a max of (3 * num accounts + 1) regions */
fd_vm_acc_region_meta_t acc_region_metas[256] = {0}; /* instr acc idx to idx */
uint input_mem_regions_cnt = 0U;
int direct_mapping = FD_FEATURE_ACTIVE_BANK( instr_ctx->bank, account_data_direct_mapping );
int stricter_abi_and_runtime_constraints = FD_FEATURE_ACTIVE_BANK( instr_ctx->bank, stricter_abi_and_runtime_constraints );
int provide_instruction_data_offset_in_vm_r2 = FD_FEATURE_ACTIVE_BANK( instr_ctx->bank, provide_instruction_data_offset_in_vm_r2 );

ulong instruction_data_offset = 0UL;
uchar * input = NULL;
err = fd_bpf_loader_input_serialize_parameters( instr_ctx, &input_sz, pre_lens,
input_mem_regions, &input_mem_regions_cnt,
acc_region_metas, stricter_abi_and_runtime_constraints, direct_mapping, is_deprecated, &input );
acc_region_metas, stricter_abi_and_runtime_constraints, direct_mapping, is_deprecated,
&instruction_data_offset, &input );
if( FD_UNLIKELY( err ) ) {
return err;
}
Expand Down Expand Up @@ -432,6 +436,9 @@ fd_bpf_execute( fd_exec_instr_ctx_t * instr_ctx,
fd_bank_slot_get( instr_ctx->bank ) >= instr_ctx->runtime->log.capture_ctx->dump_proto_start_slot &&
instr_ctx->runtime->log.capture_ctx->dump_syscall_to_pb;

/* https://github.com/anza-xyz/agave/blob/v3.1.1/programs/bpf_loader/src/lib.rs#L1525-L1528 */
ulong r2_initial_value = provide_instruction_data_offset_in_vm_r2 ? instruction_data_offset : 0UL;

/* TODO: (topointon): correctly set check_size in vm setup */
vm = fd_vm_init(
/* vm */ vm,
Expand All @@ -456,7 +463,8 @@ fd_bpf_execute( fd_exec_instr_ctx_t * instr_ctx,
/* is_deprecated */ is_deprecated,
/* direct_mapping */ direct_mapping,
/* stricter_abi_and_runtime_constraints */ stricter_abi_and_runtime_constraints,
/* dump_syscall_to_pb */ dump_syscall_to_pb );
/* dump_syscall_to_pb */ dump_syscall_to_pb,
/* r2_initial_value */ r2_initial_value );
if( FD_UNLIKELY( !vm ) ) {
/* We throw an error here because it could be the case that the given heap_size > HEAP_MAX.
In this case, Agave fails the transaction but does not error out.
Expand Down
27 changes: 23 additions & 4 deletions src/flamenco/runtime/program/fd_bpf_loader_serialization.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,8 @@ fd_bpf_loader_input_serialize_aligned( fd_exec_instr_ctx_t * ctx,
uint * input_mem_regions_cnt,
fd_vm_acc_region_meta_t * acc_region_metas,
int stricter_abi_and_runtime_constraints,
int direct_mapping ) {
int direct_mapping,
ulong * instr_data_offset ) {
fd_pubkey_t * txn_accs = ctx->txn_out->accounts.account_keys;

uchar acc_idx_seen[ FD_INSTR_ACCT_MAX ] = {0};
Expand Down Expand Up @@ -381,6 +382,14 @@ fd_bpf_loader_input_serialize_aligned( fd_exec_instr_ctx_t * ctx,
FD_STORE( ulong, serialized_params, instr_data_len );
serialized_params += sizeof(ulong);

/* https://github.com/anza-xyz/agave/blob/v3.1.1/program-runtime/src/serialization.rs#L568 */
ulong region_vaddr_offset = 0UL;
if( *input_mem_regions_cnt > 0 ) {
region_vaddr_offset = input_mem_regions[*input_mem_regions_cnt-1U].vaddr_offset +
input_mem_regions[*input_mem_regions_cnt-1U].address_space_reserved;
}
*instr_data_offset = FD_VM_MEM_MAP_INPUT_REGION_START + region_vaddr_offset + (ulong)(serialized_params - curr_serialized_params_start);

/* https://github.com/anza-xyz/agave/blob/v3.0.0/program-runtime/src/serialization.rs#L559 */
uchar * instr_data = ctx->instr->data;
fd_memcpy( serialized_params, instr_data, instr_data_len );
Expand Down Expand Up @@ -538,7 +547,8 @@ fd_bpf_loader_input_serialize_unaligned( fd_exec_instr_ctx_t * ctx,
uint * input_mem_regions_cnt,
fd_vm_acc_region_meta_t * acc_region_metas,
int stricter_abi_and_runtime_constraints,
int direct_mapping ) {
int direct_mapping,
ulong * instr_data_offset ) {
fd_pubkey_t const * txn_accs = ctx->txn_out->accounts.account_keys;

uchar acc_idx_seen[FD_INSTR_ACCT_MAX] = {0};
Expand Down Expand Up @@ -623,6 +633,14 @@ fd_bpf_loader_input_serialize_unaligned( fd_exec_instr_ctx_t * ctx,
FD_STORE( ulong, serialized_params, instr_data_len );
serialized_params += sizeof(ulong);

/* https://github.com/anza-xyz/agave/blob/v3.1.1/program-runtime/src/serialization.rs#L400 */
ulong region_vaddr_offset = 0UL;
if( *input_mem_regions_cnt > 0 ) {
region_vaddr_offset = input_mem_regions[*input_mem_regions_cnt-1U].vaddr_offset +
input_mem_regions[*input_mem_regions_cnt-1U].address_space_reserved;
}
*instr_data_offset = FD_VM_MEM_MAP_INPUT_REGION_START + region_vaddr_offset + (ulong)(serialized_params - curr_serialized_params_start);

uchar * instr_data = (uchar *)ctx->instr->data;
fd_memcpy( serialized_params, instr_data, instr_data_len );
serialized_params += instr_data_len;
Expand Down Expand Up @@ -740,6 +758,7 @@ fd_bpf_loader_input_serialize_parameters( fd_exec_instr_ctx_t * instr_ctx,
int stricter_abi_and_runtime_constraints,
int direct_mapping,
uchar is_deprecated,
ulong * instr_data_offset,
uchar ** out /* output */ ) {

/* https://github.com/anza-xyz/agave/blob/v3.0.0/program-runtime/src/serialization.rs#L234-L237 */
Expand All @@ -755,12 +774,12 @@ fd_bpf_loader_input_serialize_parameters( fd_exec_instr_ctx_t * instr_ctx,
*out = fd_bpf_loader_input_serialize_unaligned( instr_ctx, sz, pre_lens,
input_mem_regions, input_mem_regions_cnt,
acc_region_metas, stricter_abi_and_runtime_constraints,
direct_mapping );
direct_mapping, instr_data_offset );
} else {
*out = fd_bpf_loader_input_serialize_aligned( instr_ctx, sz, pre_lens,
input_mem_regions, input_mem_regions_cnt,
acc_region_metas, stricter_abi_and_runtime_constraints,
direct_mapping );
direct_mapping, instr_data_offset );
}

return FD_EXECUTOR_INSTR_SUCCESS;
Expand Down
1 change: 1 addition & 0 deletions src/flamenco/runtime/program/fd_bpf_loader_serialization.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ fd_bpf_loader_input_serialize_parameters( fd_exec_instr_ctx_t * instr_ctx,
int stricter_abi_and_runtime_constraints,
int direct_mapping,
uchar is_deprecated,
ulong * instr_data_offset,
uchar ** out /* output */ );

int
Expand Down
12 changes: 9 additions & 3 deletions src/flamenco/runtime/tests/fd_vm_harness.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ do{
}

/* Serialize accounts into input memory region. */
ulong instr_data_offset = 0UL;
int err = fd_bpf_loader_input_serialize_parameters( instr_ctx,
&input_sz,
pre_lens,
Expand All @@ -180,6 +181,7 @@ do{
stricter_abi_and_runtime_constraints,
direct_mapping,
is_deprecated,
&instr_data_offset,
&input_ptr );
if( FD_UNLIKELY( err ) ) {
fd_solfuzz_pb_instr_ctx_destroy( runner, instr_ctx );
Expand Down Expand Up @@ -258,12 +260,13 @@ do{
is_deprecated, /* is deprecated */
direct_mapping, /* direct mapping */
stricter_abi_and_runtime_constraints, /* stricter_abi_and_runtime_constraints */
0 /* dump_syscall_to_pb */
0 /* dump_syscall_to_pb */,
0UL /* r2 is set by the fuzzer below */
);

/* Setup registers.
r1, r10, r11 are initialized by EbpfVm::new (r10) or EbpfVm::execute_program (r1, r11),
or equivalently by fd_vm_init and fd_vm_setup_state_for_execution.
or equivalently by fd_vm_init.
Modifying them will most like break execution.
In syscalls we allow override them (especially r1) because that simulates the fact
that a program partially executed before reaching the syscall.
Expand Down Expand Up @@ -482,6 +485,7 @@ fd_solfuzz_pb_syscall_run( fd_solfuzz_runner_t * runner,
}

/* Serialize accounts into input memory region. */
ulong instr_data_offset = 0UL;
int err = fd_bpf_loader_input_serialize_parameters( ctx,
&input_sz,
pre_lens,
Expand All @@ -491,6 +495,7 @@ fd_solfuzz_pb_syscall_run( fd_solfuzz_runner_t * runner,
stricter_abi_and_runtime_constraints,
direct_mapping,
is_deprecated,
&instr_data_offset,
&input_ptr );
if( FD_UNLIKELY( err ) ) {
FD_LOG_WARNING(( "bpf loader input serialize parameters err" ));
Expand Down Expand Up @@ -519,7 +524,8 @@ fd_solfuzz_pb_syscall_run( fd_solfuzz_runner_t * runner,
is_deprecated,
direct_mapping,
stricter_abi_and_runtime_constraints,
0 /* dump_syscall_to_pb */ );
0 /* dump_syscall_to_pb */,
0UL /* r2 is set by the fuzzer below */ );

// Override some execution state values from the syscall fuzzer input
// This is so we can test if the syscall mutates any of these erroneously
Expand Down
1 change: 1 addition & 0 deletions src/flamenco/runtime/tests/run_backtest_all.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,3 +91,4 @@ src/flamenco/runtime/tests/run_ledger_backtest.sh -l testnet-362107883-direct-ma
src/flamenco/runtime/tests/run_ledger_backtest.sh -l devnet-413869565 -y 40 -m 100000000 -e 413869600
src/flamenco/runtime/tests/run_ledger_backtest.sh -l mainnet-376969880 -y 1 -m 2000000 -e 376969900
src/flamenco/runtime/tests/run_ledger_backtest.sh -l devnet-422969842 -y 1 -m 2000000 -e 422969848
src/flamenco/runtime/tests/run_ledger_backtest.sh -l mainnet-376969880-r2 -y 1 -m 2000000 -e 376969900 -o 5xXZc66h4UdB6Yq7FzdBxBiRAFMMScMLwHxk2QZDaNZL
67 changes: 26 additions & 41 deletions src/flamenco/vm/fd_vm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -574,29 +574,30 @@ fd_vm_delete( void * shmem ) {

fd_vm_t *
fd_vm_init(
fd_vm_t * vm,
fd_exec_instr_ctx_t *instr_ctx,
ulong heap_max,
ulong entry_cu,
uchar const * rodata,
ulong rodata_sz,
ulong const * text,
ulong text_cnt,
ulong text_off,
ulong text_sz,
ulong entry_pc,
ulong const * calldests,
ulong sbpf_version,
fd_sbpf_syscalls_t * syscalls,
fd_vm_trace_t * trace,
fd_sha256_t * sha,
fd_vm_input_region_t * mem_regions,
uint mem_regions_cnt,
fd_vm_t * vm,
fd_exec_instr_ctx_t * instr_ctx,
ulong heap_max,
ulong entry_cu,
uchar const * rodata,
ulong rodata_sz,
ulong const * text,
ulong text_cnt,
ulong text_off,
ulong text_sz,
ulong entry_pc,
ulong const * calldests,
ulong sbpf_version,
fd_sbpf_syscalls_t * syscalls,
fd_vm_trace_t * trace,
fd_sha256_t * sha,
fd_vm_input_region_t * mem_regions,
uint mem_regions_cnt,
fd_vm_acc_region_meta_t * acc_region_metas,
uchar is_deprecated,
int direct_mapping,
int stricter_abi_and_runtime_constraints,
int dump_syscall_to_pb ) {
uchar is_deprecated,
int direct_mapping,
int stricter_abi_and_runtime_constraints,
int dump_syscall_to_pb,
ulong r2_initial_value ) {

if ( FD_UNLIKELY( vm == NULL ) ) {
FD_LOG_WARNING(( "NULL vm" ));
Expand Down Expand Up @@ -648,30 +649,14 @@ fd_vm_init(
vm->segv_access_type = 0;
vm->dump_syscall_to_pb = dump_syscall_to_pb;

/* Unpack the configuration */
int err = fd_vm_setup_state_for_execution( vm );
if( FD_UNLIKELY( err != FD_VM_SUCCESS ) ) {
return NULL;
}

return vm;
}

int
fd_vm_setup_state_for_execution( fd_vm_t * vm ) {

if ( FD_UNLIKELY( !vm ) ) {
FD_LOG_WARNING(( "NULL vm" ));
return FD_VM_ERR_INVAL;
}

/* Unpack input and rodata */
fd_vm_mem_cfg( vm );

/* Initialize registers */
/* FIXME: Zero out shadow, stack and heap here? */
fd_memset( vm->reg, 0, FD_VM_REG_MAX * sizeof(ulong) );
vm->reg[ 1] = FD_VM_MEM_MAP_INPUT_REGION_START;
vm->reg[1] = FD_VM_MEM_MAP_INPUT_REGION_START;
vm->reg[2] = r2_initial_value;
/* https://github.com/solana-labs/rbpf/blob/4ad935be45e5663be23b30cfc750b1ae1ad03c44/src/vm.rs#L326-L333 */
vm->reg[10] = FD_VM_MEM_MAP_STACK_REGION_START +
( FD_VM_SBPF_DYNAMIC_STACK_FRAMES( vm->sbpf_version ) ? FD_VM_STACK_MAX : FD_VM_STACK_FRAME_SZ );
Expand All @@ -687,5 +672,5 @@ fd_vm_setup_state_for_execution( fd_vm_t * vm ) {

/* Do NOT reset logs */

return FD_VM_SUCCESS;
return vm;
}
Loading
Loading