Add tests for the Debug and activation Vecs#11926
Conversation
|
fyi: Part of my patches were already got in #11916 ;) |
Codecov Report
@@ Coverage Diff @@
## master #11926 +/- ##
=======================================
Coverage 82.1% 82.2%
=======================================
Files 332 332
Lines 78095 78142 +47
=======================================
+ Hits 64153 64235 +82
+ Misses 13942 13907 -35 |
ryoqun
changed the title
| // guard against sysvars being made | ||
| if sysvar::check_id(&owner) { | ||
| // guard against sysvars and native loader programs being made | ||
| if sysvar::check_id(&owner) || native_loader::check_id(&owner) { |
There was a problem hiding this comment.
This is sneaky. For real safety here I think we need a compile-time check to inform us when additional restrictions are being added here so we can gate them. For example if there's a new sysvar or native_loader added, during the 33%-66% upgrade window, anybody can kill the cluster with a simple solana transfer.
There was a problem hiding this comment.
Would also be nice to reserve an upgrade path for our known ids like BPFLoader2111111111.... BPFLoader31111111....., etc...
There was a problem hiding this comment.
oops, odd. This is intended to be pushed to #11928...
There was a problem hiding this comment.
For real safety here I think we need a compile-time check to inform us when additional restrictions are being added here so we can gate them.
This is interesting and timely. :) Well, since Rust 1.46, we can do this to some extent thanks to const fn improvements: https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html#const-fn-improvements. Namely, we can digest the ast tokens at the compile-time and create sha256 and compare it against annootated frozen_code(digest = "fooBarbase58") as an auto-generated test just like frozen_abi(...).
For example if there's a new sysvar or native_loader added, during the 33%-66% upgrade window, anybody can kill the cluster with a simple solana transfer.
Well, the attack isn't involved with SystemInstruction::Transfer. This is related to SystemInstruction::Assign. Anyway, it's very easy to kill cluster without gating... I'll gate it.
There was a problem hiding this comment.
Would also be nice to reserve an upgrade path for our known ids like BPFLoader2111111111.... BPFLoader31111111....., etc...
@jackcmay gotcha!
|
silly me...:
|
ryoqun
force-pushed
the
program-activation-tests
branch
from
cc2169a to
abb9eb1
Compare
ryoqun
force-pushed
the
program-activation-tests
branch
from
abb9eb1 to
ef2a286
Compare
| assert!(next_start_epoch >= prev_start_epoch); | ||
| match program { | ||
| Program::Native((name, id)) => assert!(unique.insert((name, id))), | ||
| Program::BuiltinLoader((name, id, _)) => assert!(unique.insert((name, id))), |
There was a problem hiding this comment.
Well, we must require the uniqueness separately both for name and id, not for the tuple of (name, id).
* Add tests for the Debug and activation Vecs * Rename a bit (cherry picked from commit 11ac4eb)
3 participants
Problem
DebugforProgramsandMessageProcessorisn't tested. (TheDebugimpls aren't derived; it's manually written due to rustc bug/limitation around function pointer).Summary of Changes
Debug.Context
follow up of #11736