Wait for one slot to be produced (#10257)

automerge

(cherry picked from commit 22a98bd27a)

ci/run-sanity.sh

@@ -19,6 +19,9 @@ while [[ ! -f config/run/init-completed ]]; do
   fi
 done
 
+while [[ $($solana_cli slot --commitment recent) -eq 0 ]]; do
+  sleep 1
+done
 curl -X POST -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","id":1, "method":"validatorExit"}' http://localhost:8899
 
 wait $pid

cli/src/cli.rs

@@ -1655,7 +1655,7 @@ pub fn process_command(config: &CliConfig) -> ProcessResult {
             seed,
             program_id,
         } => process_create_address_with_seed(config, from_pubkey.as_ref(), &seed, &program_id),
-        CliCommand::Fees => process_fees(&rpc_client),
+        CliCommand::Fees => process_fees(&rpc_client, config),
         CliCommand::GetBlockTime { slot } => process_get_block_time(&rpc_client, config, *slot),
         CliCommand::GetGenesisHash => process_get_genesis_hash(&rpc_client),
         CliCommand::GetEpochInfo { commitment_config } => {

cli/src/cli_output.rs

@@ -900,6 +900,7 @@ impl fmt::Display for CliSignOnlyData {
 }
 
 #[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
 pub struct CliSignature {
     pub signature: String,
 }
@@ -913,6 +914,7 @@ impl fmt::Display for CliSignature {
 }
 
 #[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
 pub struct CliAccountBalances {
     pub accounts: Vec<RpcAccountBalance>,
 }
@@ -937,6 +939,7 @@ impl fmt::Display for CliAccountBalances {
 }
 
 #[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
 pub struct CliSupply {
     pub total: u64,
     pub circulating: u64,
@@ -981,3 +984,25 @@ impl fmt::Display for CliSupply {
         Ok(())
     }
 }
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct CliFees {
+    pub slot: Slot,
+    pub blockhash: String,
+    pub lamports_per_signature: u64,
+    pub last_valid_slot: Slot,
+}
+
+impl fmt::Display for CliFees {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        writeln_name_value(f, "Blockhash:", &self.blockhash)?;
+        writeln_name_value(
+            f,
+            "Lamports per signature:",
+            &self.lamports_per_signature.to_string(),
+        )?;
+        writeln_name_value(f, "Last valid slot:", &self.last_valid_slot.to_string())?;
+        Ok(())
+    }
+}

cli/src/cluster_query.rs

@@ -597,13 +597,16 @@ pub fn process_cluster_version(rpc_client: &RpcClient) -> ProcessResult {
     Ok(remote_version.solana_core)
 }
 
-pub fn process_fees(rpc_client: &RpcClient) -> ProcessResult {
-    let (recent_blockhash, fee_calculator) = rpc_client.get_recent_blockhash()?;
-
-    Ok(format!(
-        "blockhash: {}\nlamports per signature: {}",
-        recent_blockhash, fee_calculator.lamports_per_signature
-    ))
+pub fn process_fees(rpc_client: &RpcClient, config: &CliConfig) -> ProcessResult {
+    let result = rpc_client.get_recent_blockhash_with_commitment(CommitmentConfig::default())?;
+    let (recent_blockhash, fee_calculator, last_valid_slot) = result.value;
+    let fees = CliFees {
+        slot: result.context.slot,
+        blockhash: recent_blockhash.to_string(),
+        lamports_per_signature: fee_calculator.lamports_per_signature,
+        last_valid_slot,
+    };
+    Ok(config.output_format.formatted_string(&fees))
 }
 
 pub fn process_leader_schedule(rpc_client: &RpcClient) -> ProcessResult {

client/src/rpc_client.rs

@@ -614,26 +614,46 @@ impl RpcClient {
     }
 
     pub fn get_recent_blockhash(&self) -> ClientResult<(Hash, FeeCalculator)> {
-        Ok(self
+        let (blockhash, fee_calculator, _last_valid_slot) = self
             .get_recent_blockhash_with_commitment(CommitmentConfig::default())?
-            .value)
+            .value;
+        Ok((blockhash, fee_calculator))
     }
 
     pub fn get_recent_blockhash_with_commitment(
         &self,
         commitment_config: CommitmentConfig,
-    ) -> RpcResult<(Hash, FeeCalculator)> {
-        let Response {
+    ) -> RpcResult<(Hash, FeeCalculator, Slot)> {
+        let (context, blockhash, fee_calculator, last_valid_slot) = if let Ok(Response {
+            context,
+            value:
+                RpcFees {
+                    blockhash,
+                    fee_calculator,
+                    last_valid_slot,
+                },
+        }) =
+            self.send::<Response<RpcFees>>(RpcRequest::GetFees, json!([commitment_config]))
+        {
+            (context, blockhash, fee_calculator, last_valid_slot)
+        } else if let Ok(Response {
             context,
             value:
                 RpcBlockhashFeeCalculator {
                     blockhash,
                     fee_calculator,
                 },
-        } = self.send::<Response<RpcBlockhashFeeCalculator>>(
+        }) = self.send::<Response<RpcBlockhashFeeCalculator>>(
             RpcRequest::GetRecentBlockhash,
             json!([commitment_config]),
-        )?;
+        ) {
+            (context, blockhash, fee_calculator, 0)
+        } else {
+            return Err(ClientError::new_with_request(
+                RpcError::ParseError("RpcBlockhashFeeCalculator or RpcFees".to_string()).into(),
+                RpcRequest::GetRecentBlockhash,
+            ));
+        };
 
         let blockhash = blockhash.parse().map_err(|_| {
             ClientError::new_with_request(
@@ -643,7 +663,7 @@ impl RpcClient {
         })?;
         Ok(Response {
             context,
-            value: (blockhash, fee_calculator),
+            value: (blockhash, fee_calculator, last_valid_slot),
         })
     }
 

client/src/rpc_request.rs

@@ -16,15 +16,17 @@ pub enum RpcRequest {
     GetConfirmedTransaction,
     GetEpochInfo,
     GetEpochSchedule,
+    GetFeeCalculatorForBlockhash,
+    GetFeeRateGovernor,
+    GetFees,
     GetGenesisHash,
     GetIdentity,
     GetInflation,
     GetLargestAccounts,
     GetLeaderSchedule,
+    GetMinimumBalanceForRentExemption,
     GetProgramAccounts,
     GetRecentBlockhash,
-    GetFeeCalculatorForBlockhash,
-    GetFeeRateGovernor,
     GetSignatureStatuses,
     GetSlot,
     GetSlotLeader,
@@ -37,13 +39,12 @@ pub enum RpcRequest {
     GetTransactionCount,
     GetVersion,
     GetVoteAccounts,
+    MinimumLedgerSlot,
     RegisterNode,
     RequestAirdrop,
     SendTransaction,
     SimulateTransaction,
     SignVote,
-    GetMinimumBalanceForRentExemption,
-    MinimumLedgerSlot,
 }
 
 impl fmt::Display for RpcRequest {
@@ -61,15 +62,17 @@ impl fmt::Display for RpcRequest {
             RpcRequest::GetConfirmedTransaction => "getConfirmedTransaction",
             RpcRequest::GetEpochInfo => "getEpochInfo",
             RpcRequest::GetEpochSchedule => "getEpochSchedule",
+            RpcRequest::GetFeeCalculatorForBlockhash => "getFeeCalculatorForBlockhash",
+            RpcRequest::GetFeeRateGovernor => "getFeeRateGovernor",
+            RpcRequest::GetFees => "getFees",
             RpcRequest::GetGenesisHash => "getGenesisHash",
             RpcRequest::GetIdentity => "getIdentity",
             RpcRequest::GetInflation => "getInflation",
             RpcRequest::GetLargestAccounts => "getLargestAccounts",
             RpcRequest::GetLeaderSchedule => "getLeaderSchedule",
+            RpcRequest::GetMinimumBalanceForRentExemption => "getMinimumBalanceForRentExemption",
             RpcRequest::GetProgramAccounts => "getProgramAccounts",
             RpcRequest::GetRecentBlockhash => "getRecentBlockhash",
-            RpcRequest::GetFeeCalculatorForBlockhash => "getFeeCalculatorForBlockhash",
-            RpcRequest::GetFeeRateGovernor => "getFeeRateGovernor",
             RpcRequest::GetSignatureStatuses => "getSignatureStatuses",
             RpcRequest::GetSlot => "getSlot",
             RpcRequest::GetSlotLeader => "getSlotLeader",
@@ -82,13 +85,12 @@ impl fmt::Display for RpcRequest {
             RpcRequest::GetTransactionCount => "getTransactionCount",
             RpcRequest::GetVersion => "getVersion",
             RpcRequest::GetVoteAccounts => "getVoteAccounts",
+            RpcRequest::MinimumLedgerSlot => "minimumLedgerSlot",
             RpcRequest::RegisterNode => "registerNode",
             RpcRequest::RequestAirdrop => "requestAirdrop",
             RpcRequest::SendTransaction => "sendTransaction",
             RpcRequest::SimulateTransaction => "simulateTransaction",
             RpcRequest::SignVote => "signVote",
-            RpcRequest::GetMinimumBalanceForRentExemption => "getMinimumBalanceForRentExemption",
-            RpcRequest::MinimumLedgerSlot => "minimumLedgerSlot",
         };
 
         write!(f, "{}", method)

client/src/rpc_response.rs

@@ -35,6 +35,14 @@ pub struct RpcBlockhashFeeCalculator {
     pub fee_calculator: FeeCalculator,
 }
 
+#[derive(Serialize, Deserialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct RpcFees {
+    pub blockhash: String,
+    pub fee_calculator: FeeCalculator,
+    pub last_valid_slot: Slot,
+}
+
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(rename_all = "camelCase")]
 pub struct RpcFeeCalculator {

client/src/thin_client.rs

@@ -441,7 +441,7 @@ impl SyncClient for ThinClient {
         match recent_blockhash {
             Ok(Response { value, .. }) => {
                 self.optimizer.report(index, duration_as_ms(&now.elapsed()));
-                Ok(value)
+                Ok((value.0, value.1))
             }
             Err(e) => {
                 self.optimizer.report(index, std::u64::MAX);

core/src/cluster_info.rs

@@ -55,7 +55,7 @@ use solana_sdk::{
     clock::{Slot, DEFAULT_MS_PER_SLOT, DEFAULT_SLOTS_PER_EPOCH},
     pubkey::Pubkey,
     signature::{Keypair, Signable, Signature, Signer},
-    timing::{duration_as_ms, timestamp},
+    timing::timestamp,
     transaction::Transaction,
 };
 use solana_streamer::sendmmsg::multicast;
@@ -66,8 +66,9 @@ use std::{
     collections::{HashMap, HashSet},
     fmt,
     net::{IpAddr, Ipv4Addr, SocketAddr, TcpListener, UdpSocket},
-    sync::atomic::{AtomicBool, Ordering},
-    sync::{Arc, RwLock},
+    ops::{Deref, DerefMut},
+    sync::atomic::{AtomicBool, AtomicU64, Ordering},
+    sync::{Arc, RwLock, RwLockReadGuard, RwLockWriteGuard},
     thread::{sleep, Builder, JoinHandle},
     time::{Duration, Instant},
 };
@@ -108,6 +109,127 @@ pub struct DataBudget {
                   // used to detect when to up the bytes budget again
 }
 
+struct GossipWriteLock<'a> {
+    gossip: RwLockWriteGuard<'a, CrdsGossip>,
+    timer: Measure,
+    counter: &'a Counter,
+}
+
+impl<'a> GossipWriteLock<'a> {
+    fn new(
+        gossip: RwLockWriteGuard<'a, CrdsGossip>,
+        label: &'static str,
+        counter: &'a Counter,
+    ) -> Self {
+        Self {
+            gossip,
+            timer: Measure::start(label),
+            counter,
+        }
+    }
+}
+
+impl<'a> Deref for GossipWriteLock<'a> {
+    type Target = RwLockWriteGuard<'a, CrdsGossip>;
+    fn deref(&self) -> &Self::Target {
+        &self.gossip
+    }
+}
+
+impl<'a> DerefMut for GossipWriteLock<'a> {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.gossip
+    }
+}
+
+impl<'a> Drop for GossipWriteLock<'a> {
+    fn drop(&mut self) {
+        self.timer.stop();
+        self.counter.add_measure(&mut self.timer);
+    }
+}
+
+struct GossipReadLock<'a> {
+    gossip: RwLockReadGuard<'a, CrdsGossip>,
+    timer: Measure,
+    counter: &'a Counter,
+}
+
+impl<'a> GossipReadLock<'a> {
+    fn new(
+        gossip: RwLockReadGuard<'a, CrdsGossip>,
+        label: &'static str,
+        counter: &'a Counter,
+    ) -> Self {
+        Self {
+            gossip,
+            timer: Measure::start(label),
+            counter,
+        }
+    }
+}
+
+impl<'a> Deref for GossipReadLock<'a> {
+    type Target = RwLockReadGuard<'a, CrdsGossip>;
+    fn deref(&self) -> &Self::Target {
+        &self.gossip
+    }
+}
+
+impl<'a> Drop for GossipReadLock<'a> {
+    fn drop(&mut self) {
+        self.timer.stop();
+        self.counter.add_measure(&mut self.timer);
+    }
+}
+
+#[derive(Default)]
+struct Counter(AtomicU64);
+
+impl Counter {
+    fn add_measure(&self, x: &mut Measure) {
+        x.stop();
+        self.0.fetch_add(x.as_us(), Ordering::Relaxed);
+    }
+    fn add_relaxed(&self, x: u64) {
+        self.0.fetch_add(x, Ordering::Relaxed);
+    }
+    fn clear(&self) -> u64 {
+        self.0.swap(0, Ordering::Relaxed)
+    }
+}
+
+#[derive(Default)]
+struct GossipStats {
+    entrypoint: Counter,
+    entrypoint2: Counter,
+    push_vote_read: Counter,
+    vote_process_push: Counter,
+    get_votes: Counter,
+    get_accounts_hash: Counter,
+    get_snapshot_hash: Counter,
+    all_tvu_peers: Counter,
+    tvu_peers: Counter,
+    retransmit_peers: Counter,
+    repair_peers: Counter,
+    new_push_requests: Counter,
+    new_push_requests2: Counter,
+    process_pull_response: Counter,
+    process_pull_response_count: Counter,
+    process_pull_response_len: Counter,
+    process_pull_response_timeout: Counter,
+    process_pull_requests: Counter,
+    process_prune: Counter,
+    process_push_message: Counter,
+    prune_received_cache: Counter,
+    purge: Counter,
+    epoch_slots_lookup: Counter,
+    epoch_slots_push: Counter,
+    push_message: Counter,
+    new_pull_requests: Counter,
+    mark_pull_request: Counter,
+}
+
 pub struct ClusterInfo {
     /// The network
     pub gossip: RwLock<CrdsGossip>,
@@ -118,6 +240,7 @@ pub struct ClusterInfo {
     outbound_budget: RwLock<DataBudget>,
     my_contact_info: RwLock<ContactInfo>,
     id: Pubkey,
+    stats: GossipStats,
 }
 
 #[derive(Default, Clone)]
@@ -266,6 +389,7 @@ impl ClusterInfo {
             }),
             my_contact_info: RwLock::new(contact_info),
             id,
+            stats: GossipStats::default(),
         };
         {
             let mut gossip = me.gossip.write().unwrap();
@@ -290,6 +414,7 @@ impl ClusterInfo {
             outbound_budget: RwLock::new(self.outbound_budget.read().unwrap().clone()),
             my_contact_info: RwLock::new(my_contact_info),
             id: *new_id,
+            stats: GossipStats::default(),
         }
     }
 
@@ -475,13 +600,14 @@ impl ClusterInfo {
         let mut current_slots: Vec<_> = (0..crds_value::MAX_EPOCH_SLOTS)
             .filter_map(|ix| {
                 Some((
-                    self.gossip
-                        .read()
-                        .unwrap()
-                        .crds
-                        .lookup(&CrdsValueLabel::EpochSlots(ix, self.id()))
-                        .and_then(CrdsValue::epoch_slots)
-                        .and_then(|x| Some((x.wallclock, x.first_slot()?)))?,
+                    self.time_gossip_read_lock(
+                        "lookup_epoch_slots",
+                        &self.stats.epoch_slots_lookup,
+                    )
+                    .crds
+                    .lookup(&CrdsValueLabel::EpochSlots(ix, self.id()))
+                    .and_then(CrdsValue::epoch_slots)
+                    .and_then(|x| Some((x.wallclock, x.first_slot()?)))?,
                     ix,
                 ))
             })
@@ -518,9 +644,7 @@ impl ClusterInfo {
             let n = slots.fill(&update[num..], now);
             if n > 0 {
                 let entry = CrdsValue::new_signed(CrdsData::EpochSlots(ix, slots), &self.keypair);
-                self.gossip
-                    .write()
-                    .unwrap()
+                self.time_gossip_write_lock("epcoh_slots_push", &self.stats.epoch_slots_push)
                     .process_push_message(&self.id(), vec![entry], now);
             }
             num += n;
@@ -531,12 +655,26 @@ impl ClusterInfo {
         }
     }
 
+    fn time_gossip_read_lock<'a>(
+        &'a self,
+        label: &'static str,
+        counter: &'a Counter,
+    ) -> GossipReadLock<'a> {
+        GossipReadLock::new(self.gossip.read().unwrap(), label, counter)
+    }
+
+    fn time_gossip_write_lock<'a>(
+        &'a self,
+        label: &'static str,
+        counter: &'a Counter,
+    ) -> GossipWriteLock<'a> {
+        GossipWriteLock::new(self.gossip.write().unwrap(), label, counter)
+    }
+
     pub fn push_message(&self, message: CrdsValue) {
         let now = message.wallclock();
         let id = message.pubkey();
-        self.gossip
-            .write()
-            .unwrap()
+        self.time_gossip_write_lock("process_push_message", &self.stats.push_message)
             .process_push_message(&id, vec![message], now);
     }
 
@@ -570,16 +708,15 @@ impl ClusterInfo {
         let now = timestamp();
         let vote = Vote::new(&self.id(), vote, now);
         let vote_ix = {
-            let r_gossip = self.gossip.read().unwrap();
+            let r_gossip =
+                self.time_gossip_read_lock("gossip_read_push_vote", &self.stats.push_vote_read);
             let current_votes: Vec<_> = (0..crds_value::MAX_VOTES)
                 .filter_map(|ix| r_gossip.crds.lookup(&CrdsValueLabel::Vote(ix, self.id())))
                 .collect();
             CrdsValue::compute_vote_index(tower_index, current_votes)
         };
         let entry = CrdsValue::new_signed(CrdsData::Vote(vote_ix, vote), &self.keypair);
-        self.gossip
-            .write()
-            .unwrap()
+        self.time_gossip_write_lock("push_vote_process_push", &self.stats.vote_process_push)
             .process_push_message(&self.id(), vec![entry], now);
     }
 
@@ -591,9 +728,7 @@ impl ClusterInfo {
     pub fn get_votes(&self, since: u64) -> (Vec<CrdsValueLabel>, Vec<Transaction>, u64) {
         let mut max_ts = since;
         let (labels, txs): (Vec<CrdsValueLabel>, Vec<Transaction>) = self
-            .gossip
-            .read()
-            .unwrap()
+            .time_gossip_read_lock("get_votes", &self.stats.get_votes)
             .crds
             .table
             .iter()
@@ -610,9 +745,7 @@ impl ClusterInfo {
     }
 
     pub fn get_snapshot_hash(&self, slot: Slot) -> Vec<(Pubkey, Hash)> {
-        self.gossip
-            .read()
-            .unwrap()
+        self.time_gossip_read_lock("get_snapshot_hash", &self.stats.get_snapshot_hash)
             .crds
             .table
             .values()
@@ -632,9 +765,7 @@ impl ClusterInfo {
     where
         F: FnOnce(&Vec<(Slot, Hash)>) -> Y,
     {
-        self.gossip
-            .read()
-            .unwrap()
+        self.time_gossip_read_lock("get_accounts_hash", &self.stats.get_accounts_hash)
             .crds
             .table
             .get(&CrdsValueLabel::AccountsHashes(*pubkey))
@@ -758,9 +889,7 @@ impl ClusterInfo {
 
     /// all validators that have a valid tvu port regardless of `shred_version`.
     pub fn all_tvu_peers(&self) -> Vec<ContactInfo> {
-        self.gossip
-            .read()
-            .unwrap()
+        self.time_gossip_read_lock("all_tvu_peers", &self.stats.all_tvu_peers)
             .crds
             .table
             .values()
@@ -772,9 +901,7 @@ impl ClusterInfo {
 
     /// all validators that have a valid tvu port and are on the same `shred_version`.
     pub fn tvu_peers(&self) -> Vec<ContactInfo> {
-        self.gossip
-            .read()
-            .unwrap()
+        self.time_gossip_read_lock("tvu_peers", &self.stats.tvu_peers)
             .crds
             .table
             .values()
@@ -790,9 +917,7 @@ impl ClusterInfo {
 
     /// all peers that have a valid tvu
     pub fn retransmit_peers(&self) -> Vec<ContactInfo> {
-        self.gossip
-            .read()
-            .unwrap()
+        self.time_gossip_read_lock("retransmit_peers", &self.stats.retransmit_peers)
             .crds
             .table
             .values()
@@ -809,7 +934,8 @@ impl ClusterInfo {
 
     /// all tvu peers with valid gossip addrs that likely have the slot being requested
     pub fn repair_peers(&self, slot: Slot) -> Vec<ContactInfo> {
-        ClusterInfo::tvu_peers(self)
+        let mut time = Measure::start("repair_peers");
+        let ret = ClusterInfo::tvu_peers(self)
             .into_iter()
             .filter(|x| {
                 x.id != self.id()
@@ -822,7 +948,9 @@ impl ClusterInfo {
                         .unwrap_or_else(|| /* fallback to legacy behavior */ true)
                     }
             })
-            .collect()
+            .collect();
+        self.stats.repair_peers.add_measure(&mut time);
+        ret
     }
 
     fn is_spy_node(contact_info: &ContactInfo) -> bool {
@@ -1105,8 +1233,12 @@ impl ClusterInfo {
                         false
                     } else {
                         entrypoint.wallclock = now;
-                        let found_entrypoint =
-                            self.gossip.read().unwrap().crds.table.iter().any(|(_, v)| {
+                        let found_entrypoint = self
+                            .time_gossip_read_lock("entrypoint", &self.stats.entrypoint)
+                            .crds
+                            .table
+                            .iter()
+                            .any(|(_, v)| {
                                 v.value
                                     .contact_info()
                                     .map(|ci| ci.gossip == entrypoint.gossip)
@@ -1129,12 +1261,12 @@ impl ClusterInfo {
                     .map(|e| (e.id, e.gossip))
             };
             if let Some((id, gossip)) = id_and_gossip {
-                let r_gossip = self.gossip.read().unwrap();
+                let r_gossip = self.time_gossip_read_lock("entrypoint", &self.stats.entrypoint2);
                 let self_info = r_gossip
                     .crds
                     .lookup(&CrdsValueLabel::ContactInfo(self.id()))
                     .unwrap_or_else(|| panic!("self_id invalid {}", self.id()));
-                return r_gossip
+                r_gossip
                     .pull
                     .build_crds_filters(&r_gossip.crds, MAX_BLOOM_SIZE)
                     .into_iter()
@@ -1186,8 +1318,8 @@ impl ClusterInfo {
     fn new_pull_requests(&self, stakes: &HashMap<Pubkey, u64>) -> Vec<(SocketAddr, Protocol)> {
         let now = timestamp();
         let mut pulls: Vec<_> = {
-            let r_gossip = self.gossip.read().unwrap();
-
+            let r_gossip =
+                self.time_gossip_read_lock("new_pull_reqs", &self.stats.new_pull_requests);
             r_gossip
                 .new_pull_request(now, stakes, MAX_BLOOM_SIZE)
                 .ok()
@@ -1211,9 +1343,7 @@ impl ClusterInfo {
         pulls
             .into_iter()
             .map(|(peer, filter, gossip, self_info)| {
-                self.gossip
-                    .write()
-                    .unwrap()
+                self.time_gossip_write_lock("mark_pull", &self.stats.mark_pull_request)
                     .mark_pull_request_creation_time(&peer, now);
                 (gossip, Protocol::PullRequest(filter, self_info))
             })
@@ -1221,14 +1351,14 @@ impl ClusterInfo {
     }
     fn new_push_requests(&self) -> Vec<(SocketAddr, Protocol)> {
         let self_id = self.id();
-        let (_, push_messages) = self.gossip.write().unwrap().new_push_messages(timestamp());
+        let (_, push_messages) = self
+            .time_gossip_write_lock("new_push_requests", &self.stats.new_push_requests)
+            .new_push_messages(timestamp());
         push_messages
             .into_iter()
             .filter_map(|(peer, messages)| {
                 let peer_label = CrdsValueLabel::ContactInfo(peer);
-                self.gossip
-                    .read()
-                    .unwrap()
+                self.time_gossip_read_lock("push_req_lookup", &self.stats.new_push_requests2)
                     .crds
                     .lookup(&peer_label)
                     .and_then(CrdsValue::contact_info)
@@ -1312,7 +1442,9 @@ impl ClusterInfo {
                         }
                     };
                     let timeouts = obj.gossip.read().unwrap().make_timeouts(&stakes, timeout);
-                    let num_purged = obj.gossip.write().unwrap().purge(timestamp(), &timeouts);
+                    let num_purged = obj
+                        .time_gossip_write_lock("purge", &obj.stats.purge)
+                        .purge(timestamp(), &timeouts);
                     inc_new_counter_info!("cluster_info-purge-count", num_purged);
                     let table_size = obj.gossip.read().unwrap().crds.table.len();
                     datapoint_debug!(
@@ -1454,13 +1586,15 @@ impl ClusterInfo {
                                 "cluster_info-prune_message-size",
                                 data.prunes.len()
                             );
-                            match me.gossip.write().unwrap().process_prune_msg(
-                                &from,
-                                &data.destination,
-                                &data.prunes,
-                                data.wallclock,
-                                timestamp(),
-                            ) {
+                            match me
+                                .time_gossip_write_lock("process_prune", &me.stats.process_prune)
+                                .process_prune_msg(
+                                    &from,
+                                    &data.destination,
+                                    &data.prunes,
+                                    data.wallclock,
+                                    timestamp(),
+                                ) {
                                 Err(CrdsGossipError::PruneMessageTimeout) => {
                                     inc_new_counter_debug!("cluster_info-prune_message_timeout", 1)
                                 }
@@ -1524,9 +1658,7 @@ impl ClusterInfo {
         let now = timestamp();
         let self_id = me.id();
         let pull_responses = me
-            .gossip
-            .write()
-            .unwrap()
+            .time_gossip_write_lock("process_pull_reqs", &me.stats.process_pull_requests)
             .process_pull_requests(caller_and_filters, now);
 
         // Filter bad to addresses
@@ -1630,17 +1762,15 @@ impl ClusterInfo {
         timeouts: &HashMap<Pubkey, u64>,
     ) {
         let len = data.len();
-        let now = Instant::now();
-        let self_id = me.gossip.read().unwrap().id;
-        trace!("PullResponse me: {} from: {} len={}", self_id, from, len);
-        me.gossip
-            .write()
-            .unwrap()
+        trace!("PullResponse me: {} from: {} len={}", me.id, from, len);
+        let (_fail, timeout_count) = me
+            .time_gossip_write_lock("process_pull", &me.stats.process_pull_response)
             .process_pull_response(from, timeouts, data, timestamp());
-        inc_new_counter_debug!("cluster_info-pull_request_response", 1);
-        inc_new_counter_debug!("cluster_info-pull_request_response-size", len);
-
-        report_time_spent("ReceiveUpdates", &now.elapsed(), &format!(" len: {}", len));
+        me.stats.process_pull_response_count.add_relaxed(1);
+        me.stats.process_pull_response_len.add_relaxed(len as u64);
+        me.stats
+            .process_pull_response_timeout
+            .add_relaxed(timeout_count as u64);
     }
 
     fn handle_push_message(
@@ -1653,17 +1783,13 @@ impl ClusterInfo {
         let self_id = me.id();
         inc_new_counter_debug!("cluster_info-push_message", 1);
 
-        let updated: Vec<_> =
-            me.gossip
-                .write()
-                .unwrap()
-                .process_push_message(from, data, timestamp());
+        let updated: Vec<_> = me
+            .time_gossip_write_lock("process_push", &me.stats.process_push_message)
+            .process_push_message(from, data, timestamp());
 
         let updated_labels: Vec<_> = updated.into_iter().map(|u| u.value.label()).collect();
         let prunes_map: HashMap<Pubkey, HashSet<Pubkey>> = me
-            .gossip
-            .write()
-            .unwrap()
+            .time_gossip_write_lock("prune_received_cache", &me.stats.prune_received_cache)
             .prune_received_cache(updated_labels, stakes);
 
         let rsp: Vec<_> = prunes_map
@@ -1714,6 +1840,7 @@ impl ClusterInfo {
         requests_receiver: &PacketReceiver,
         response_sender: &PacketSender,
         thread_pool: &ThreadPool,
+        last_print: &mut Instant,
     ) -> Result<()> {
         //TODO cache connections
         let timeout = Duration::new(1, 0);
@@ -1754,8 +1881,104 @@ impl ClusterInfo {
             });
         });
 
+        Self::print_reset_stats(obj, last_print);
+
         Ok(())
     }
+
+    fn print_reset_stats(&self, last_print: &mut Instant) {
+        if last_print.elapsed().as_millis() > 1000 {
+            datapoint_info!(
+                "cluster_info_stats",
+                ("entrypoint", self.stats.entrypoint.clear(), i64),
+                ("entrypoint2", self.stats.entrypoint2.clear(), i64),
+                ("push_vote_read", self.stats.push_vote_read.clear(), i64),
+                (
+                    "vote_process_push",
+                    self.stats.vote_process_push.clear(),
+                    i64
+                ),
+                ("get_votes", self.stats.get_votes.clear(), i64),
+                (
+                    "get_accounts_hash",
+                    self.stats.get_accounts_hash.clear(),
+                    i64
+                ),
+                ("all_tvu_peers", self.stats.all_tvu_peers.clear(), i64),
+                ("tvu_peers", self.stats.tvu_peers.clear(), i64),
+            );
+            datapoint_info!(
+                "cluster_info_stats2",
+                ("retransmit_peers", self.stats.retransmit_peers.clear(), i64),
+                ("repair_peers", self.stats.repair_peers.clear(), i64),
+                (
+                    "new_push_requests",
+                    self.stats.new_push_requests.clear(),
+                    i64
+                ),
+                (
+                    "new_push_requests2",
+                    self.stats.new_push_requests2.clear(),
+                    i64
+                ),
+                ("purge", self.stats.purge.clear(), i64),
+                (
+                    "process_pull_resp",
+                    self.stats.process_pull_response.clear(),
+                    i64
+                ),
+                (
+                    "process_pull_resp_count",
+                    self.stats.process_pull_response_count.clear(),
+                    i64
+                ),
+            );
+            datapoint_info!(
+                "cluster_info_stats3",
+                (
+                    "process_pull_resp_len",
+                    self.stats.process_pull_response_len.clear(),
+                    i64
+                ),
+                (
+                    "process_pull_requests",
+                    self.stats.process_pull_requests.clear(),
+                    i64
+                ),
+                ("process_prune", self.stats.process_prune.clear(), i64),
+                (
+                    "process_push_message",
+                    self.stats.process_push_message.clear(),
+                    i64
+                ),
+                (
+                    "prune_received_cache",
+                    self.stats.prune_received_cache.clear(),
+                    i64
+                ),
+                (
+                    "epoch_slots_lookup",
+                    self.stats.epoch_slots_lookup.clear(),
+                    i64
+                ),
+                ("epoch_slots_push", self.stats.epoch_slots_push.clear(), i64),
+                ("push_message", self.stats.push_message.clear(), i64),
+                (
+                    "new_pull_requests",
+                    self.stats.new_pull_requests.clear(),
+                    i64
+                ),
+                (
+                    "mark_pull_request",
+                    self.stats.mark_pull_request.clear(),
+                    i64
+                ),
+            );
+
+            *last_print = Instant::now();
+        }
+    }
+
     pub fn listen(
         me: Arc<Self>,
         bank_forks: Option<Arc<RwLock<BankForks>>>,
@@ -1772,6 +1995,7 @@ impl ClusterInfo {
                     .num_threads(get_thread_count())
                     .build()
                     .unwrap();
+                let mut last_print = Instant::now();
                 loop {
                     let e = Self::run_listen(
                         &me,
@@ -1780,6 +2004,7 @@ impl ClusterInfo {
                         &requests_receiver,
                         &response_sender,
                         &thread_pool,
+                        &mut last_print,
                     );
                     if exit.load(Ordering::Relaxed) {
                         return;
@@ -2034,13 +2259,6 @@ impl Node {
     }
 }
 
-fn report_time_spent(label: &str, time: &Duration, extra: &str) {
-    let time_ms = duration_as_ms(time);
-    if time_ms > 100 {
-        info!("{} took: {} ms {}", label, time_ms, extra);
-    }
-}
-
 pub fn stake_weight_peers<S: std::hash::BuildHasher>(
     peers: &mut Vec<ContactInfo>,
     stakes: Option<Arc<HashMap<Pubkey, u64, S>>>,

core/src/crds_gossip.rs

@@ -173,7 +173,7 @@ impl CrdsGossip {
         timeouts: &HashMap<Pubkey, u64>,
         response: Vec<CrdsValue>,
         now: u64,
-    ) -> usize {
+    ) -> (usize, usize) {
         self.pull
             .process_pull_response(&mut self.crds, from, timeouts, response, now)
     }

core/src/crds_gossip_pull.rs

@@ -231,8 +231,9 @@ impl CrdsGossipPull {
         timeouts: &HashMap<Pubkey, u64>,
         response: Vec<CrdsValue>,
         now: u64,
-    ) -> usize {
+    ) -> (usize, usize) {
         let mut failed = 0;
+        let mut timeout_count = 0;
         for r in response {
             let owner = r.label().pubkey();
             // Check if the crds value is older than the msg_timeout
@@ -252,10 +253,7 @@ impl CrdsGossipPull {
                         if now > r.wallclock().checked_add(timeout).unwrap_or_else(|| 0)
                             || now + timeout < r.wallclock()
                         {
-                            inc_new_counter_warn!(
-                                "cluster_info-gossip_pull_response_value_timeout",
-                                1
-                            );
+                            timeout_count += 1;
                             failed += 1;
                             continue;
                         }
@@ -264,10 +262,7 @@ impl CrdsGossipPull {
                         // Before discarding this value, check if a ContactInfo for the owner
                         // exists in the table. If it doesn't, that implies that this value can be discarded
                         if crds.lookup(&CrdsValueLabel::ContactInfo(owner)).is_none() {
-                            inc_new_counter_warn!(
-                                "cluster_info-gossip_pull_response_value_timeout",
-                                1
-                            );
+                            timeout_count += 1;
                             failed += 1;
                             continue;
                         } else {
@@ -289,7 +284,7 @@ impl CrdsGossipPull {
             });
         }
         crds.update_record_timestamp(from, now);
-        failed
+        (failed, timeout_count)
     }
     // build a set of filters of the current crds table
     // num_filters - used to increase the likelyhood of a value in crds being added to some filter
@@ -660,13 +655,15 @@ mod test {
                 continue;
             }
             assert_eq!(rsp.len(), 1);
-            let failed = node.process_pull_response(
-                &mut node_crds,
-                &node_pubkey,
-                &node.make_timeouts_def(&node_pubkey, &HashMap::new(), 0, 1),
-                rsp.pop().unwrap(),
-                1,
-            );
+            let failed = node
+                .process_pull_response(
+                    &mut node_crds,
+                    &node_pubkey,
+                    &node.make_timeouts_def(&node_pubkey, &HashMap::new(), 0, 1),
+                    rsp.pop().unwrap(),
+                    1,
+                )
+                .0;
             assert_eq!(failed, 0);
             assert_eq!(
                 node_crds
@@ -827,7 +824,8 @@ mod test {
                 &timeouts,
                 vec![peer_entry.clone()],
                 1,
-            ),
+            )
+            .0,
             0
         );
 
@@ -843,7 +841,8 @@ mod test {
                 &timeouts,
                 vec![peer_entry.clone(), unstaked_peer_entry],
                 node.msg_timeout + 100,
-            ),
+            )
+            .0,
             2
         );
 
@@ -856,7 +855,8 @@ mod test {
                 &timeouts,
                 vec![peer_entry],
                 node.msg_timeout + 1,
-            ),
+            )
+            .0,
             0
         );
 
@@ -872,7 +872,8 @@ mod test {
                 &timeouts,
                 vec![peer_vote.clone()],
                 node.msg_timeout + 1,
-            ),
+            )
+            .0,
             0
         );
 
@@ -885,7 +886,8 @@ mod test {
                 &timeouts,
                 vec![peer_vote],
                 node.msg_timeout + 1,
-            ),
+            )
+            .0,
             1
         );
     }

core/src/rpc.rs

@@ -207,6 +207,22 @@ impl JsonRpcRequestProcessor {
         )
     }
 
+    fn get_fees(&self, commitment: Option<CommitmentConfig>) -> RpcResponse<RpcFees> {
+        let bank = &*self.bank(commitment)?;
+        let (blockhash, fee_calculator) = bank.confirmed_last_blockhash();
+        let last_valid_slot = bank
+            .get_blockhash_last_valid_slot(&blockhash)
+            .expect("bank blockhash queue should contain blockhash");
+        new_response(
+            bank,
+            RpcFees {
+                blockhash: blockhash.to_string(),
+                fee_calculator,
+                last_valid_slot,
+            },
+        )
+    }
+
     fn get_fee_calculator_for_blockhash(
         &self,
         blockhash: &Hash,
@@ -793,6 +809,13 @@ pub trait RpcSol {
         commitment: Option<CommitmentConfig>,
     ) -> RpcResponse<RpcBlockhashFeeCalculator>;
 
+    #[rpc(meta, name = "getFees")]
+    fn get_fees(
+        &self,
+        meta: Self::Metadata,
+        commitment: Option<CommitmentConfig>,
+    ) -> RpcResponse<RpcFees>;
+
     #[rpc(meta, name = "getFeeCalculatorForBlockhash")]
     fn get_fee_calculator_for_blockhash(
         &self,
@@ -1126,6 +1149,15 @@ impl RpcSol for RpcSolImpl {
             .get_recent_blockhash(commitment)
     }
 
+    fn get_fees(
+        &self,
+        meta: Self::Metadata,
+        commitment: Option<CommitmentConfig>,
+    ) -> RpcResponse<RpcFees> {
+        debug!("get_fees rpc request received");
+        meta.request_processor.read().unwrap().get_fees(commitment)
+    }
+
     fn get_fee_calculator_for_blockhash(
         &self,
         meta: Self::Metadata,
@@ -1571,6 +1603,7 @@ pub mod tests {
         get_tmp_ledger_path,
     };
     use solana_sdk::{
+        clock::MAX_RECENT_BLOCKHASHES,
         fee_calculator::DEFAULT_BURN_PERCENT,
         hash::{hash, Hash},
         instruction::InstructionError,
@@ -2517,6 +2550,38 @@ pub mod tests {
         assert_eq!(expected, result);
     }
 
+    #[test]
+    fn test_rpc_get_fees() {
+        let bob_pubkey = Pubkey::new_rand();
+        let RpcHandler {
+            io,
+            meta,
+            blockhash,
+            ..
+        } = start_rpc_handler_with_tx(&bob_pubkey);
+
+        let req = r#"{"jsonrpc":"2.0","id":1,"method":"getFees"}"#;
+        let res = io.handle_request_sync(&req, meta);
+        let expected = json!({
+            "jsonrpc": "2.0",
+            "result": {
+            "context":{"slot":0},
+            "value":{
+                "blockhash": blockhash.to_string(),
+                "feeCalculator": {
+                    "lamportsPerSignature": 0,
+                },
+                "lastValidSlot": MAX_RECENT_BLOCKHASHES,
+            }},
+            "id": 1
+        });
+        let expected: Response =
+            serde_json::from_value(expected).expect("expected response deserialization");
+        let result: Response = serde_json::from_str(&res.expect("actual response"))
+            .expect("actual response deserialization");
+        assert_eq!(expected, result);
+    }
+
     #[test]
     fn test_rpc_get_fee_calculator_for_blockhash() {
         let bob_pubkey = Pubkey::new_rand();

core/tests/crds_gossip.rs

@@ -455,7 +455,8 @@ fn network_run_pull(
                     overhead += node
                         .lock()
                         .unwrap()
-                        .process_pull_response(&from, &timeouts, rsp, now);
+                        .process_pull_response(&from, &timeouts, rsp, now)
+                        .0;
                 }
                 (bytes, msgs, overhead)
             })

docs/src/SUMMARY.md

@@ -95,14 +95,14 @@
   * [Validator Timestamp Oracle](implemented-proposals/validator-timestamp-oracle.md)
   * [Commitment](implemented-proposals/commitment.md)
   * [Snapshot Verification](implemented-proposals/snapshot-verification.md)
+  * [Cross-Program Invocation](implemented-proposals/cross-program-invocation.md)
+  * [Program Derived Addresses](implemented-proposals/program-derived-addresses.md)
 * [Accepted Design Proposals](proposals/README.md)
   * [Optimistic Confirmation and Slashing](proposals/optimistic-confirmation-and-slashing.md)
   * [Secure Vote Signing](proposals/vote-signing-to-implement.md)
   * [Cluster Test Framework](proposals/cluster-test-framework.md)
   * [Validator](proposals/validator-proposal.md)
   * [Simple Payment and State Verification](proposals/simple-payment-and-state-verification.md)
-  * [Cross-Program Invocation](proposals/cross-program-invocation.md)
-  * [Program Keys and Signatures](proposals/program-keys-and-signatures.md)
   * [Inter-chain Transaction Verification](proposals/interchain-transaction-verification.md)
   * [Snapshot Verification](proposals/snapshot-verification.md)
   * [Bankless Leader](proposals/bankless-leader.md)

docs/src/apps/jsonrpc-api.md

@@ -27,6 +27,7 @@ To interact with a Solana node inside a JavaScript application, use the [solana-
 * [getEpochSchedule](jsonrpc-api.md#getepochschedule)
 * [getFeeCalculatorForBlockhash](jsonrpc-api.md#getfeecalculatorforblockhash)
 * [getFeeRateGovernor](jsonrpc-api.md#getfeerategovernor)
+* [getFees](jsonrpc-api.md#getfees)
 * [getFirstAvailableBlock](jsonrpc-api.md#getfirstavailableblock)
 * [getGenesisHash](jsonrpc-api.md#getgenesishash)
 * [getIdentity](jsonrpc-api.md#getidentity)
@@ -39,10 +40,6 @@ To interact with a Solana node inside a JavaScript application, use the [solana-
 * [getSignatureStatuses](jsonrpc-api.md#getsignaturestatuses)
 * [getSlot](jsonrpc-api.md#getslot)
 * [getSlotLeader](jsonrpc-api.md#getslotleader)
-* [getSlotsPerSegment](jsonrpc-api.md#getslotspersegment)
-* [getStoragePubkeysForSlot](jsonrpc-api.md#getstoragepubkeysforslot)
-* [getStorageTurn](jsonrpc-api.md#getstorageturn)
-* [getStorageTurnRate](jsonrpc-api.md#getstorageturnrate)
 * [getSupply](jsonrpc-api.md#getsupply)
 * [getTransactionCount](jsonrpc-api.md#gettransactioncount)
 * [getVersion](jsonrpc-api.md#getversion)
@@ -542,6 +539,34 @@ curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "m
 {"jsonrpc":"2.0","result":{"context":{"slot":54},"value":{"feeRateGovernor":{"burnPercent":50,"maxLamportsPerSignature":100000,"minLamportsPerSignature":5000,"targetLamportsPerSignature":10000,"targetSignaturesPerSlot":20000}}},"id":1}
 ```
 
+### getFees
+
+Returns a recent block hash from the ledger, a fee schedule that can be used to
+compute the cost of submitting a transaction using it, and the last slot in
+which the blockhash will be valid.
+
+#### Parameters:
+
+* `<object>` - (optional) [Commitment](jsonrpc-api.md#configuring-state-commitment)
+
+#### Results:
+
+The result will be an RpcResponse JSON object with `value` set to a JSON object with the following fields:
+
+* `blockhash: <string>` - a Hash as base-58 encoded string
+* `feeCalculator: <object>` - FeeCalculator object, the fee schedule for this block hash
+* `lastValidSlot: <u64>` - last slot in which a blockhash will be valid
+
+#### Example:
+
+```bash
+// Request
+curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getFees"}' http://localhost:8899
+
+// Result
+{"jsonrpc":"2.0","result":{"context":{"slot":1},"value":{"blockhash":"CSymwgTNX1j3E4qhKfJAUE41nBWEwXufoYryPbkde5RR","feeCalculator":{lamportsPerSignature":5000},"lastValidSlot":297}},"id":1}
+```
+
 ### getFirstAvailableBlock
 
 Returns the slot of the lowest confirmed block that has not been purged from the ledger
@@ -769,7 +794,7 @@ An RpcResponse containing a JSON object consisting of a string blockhash and Fee
 curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getRecentBlockhash"}' http://localhost:8899
 
 // Result
-{"jsonrpc":"2.0","result":{"context":{"slot":1},"value":{"blockhash":"CSymwgTNX1j3E4qhKfJAUE41nBWEwXufoYryPbkde5RR","feeCalculator":{"burnPercent":50,"lamportsPerSignature":5000,"maxLamportsPerSignature":100000,"minLamportsPerSignature":5000,"targetLamportsPerSignature":10000,"targetSignaturesPerSlot":20000}}},"id":1}
+{"jsonrpc":"2.0","result":{"context":{"slot":1},"value":{"blockhash":"CSymwgTNX1j3E4qhKfJAUE41nBWEwXufoYryPbkde5RR","feeCalculator":{"lamportsPerSignature":5000}}},"id":1}
 ```
 
 ### getSignatureStatuses
@@ -862,93 +887,6 @@ curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "m
 {"jsonrpc":"2.0","result":"ENvAW7JScgYq6o4zKZwewtkzzJgDzuJAFxYasvmEQdpS","id":1}
 ```
 
-### getSlotsPerSegment
-
-Returns the current storage segment size in terms of slots
-
-#### Parameters:
-
-* `<object>` - (optional) [Commitment](jsonrpc-api.md#configuring-state-commitment)
-
-#### Results:
-
-* `<u64>` - Number of slots in a storage segment
-
-#### Example:
-
-```bash
-// Request
-curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getSlotsPerSegment"}' http://localhost:8899
-// Result
-{"jsonrpc":"2.0","result":1024,"id":1}
-```
-
-### getStoragePubkeysForSlot
-
-Returns the storage Pubkeys for a particular slot
-
-#### Parameters:
-
-None
-
-#### Results:
-
-An array of Pubkeys, as base-58 encoded strings
-
-#### Example:
-
-```bash
-// Request
-curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getStoragePubkeysForSlot","params":[1]}' http://localhost:8899
- // Result
-{"jsonrpc":"2.0","result":["GH7ome3EiwEr7tu9JuTh2dpYWBJK3z69Xm1ZE3MEE6JC"],"id":1}
-```
-
-### getStorageTurn
-
-Returns the current storage turn's blockhash and slot
-
-#### Parameters:
-
-None
-
-#### Results:
-
-A JSON object consisting of
-
-* `blockhash: <string>` - a Hash as base-58 encoded string indicating the blockhash of the turn slot
-* `slot: <u64>` - the current storage turn slot
-
-#### Example:
-
-```bash
-// Request
-curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getStorageTurn"}' http://localhost:8899
- // Result
-{"jsonrpc":"2.0","result":{"blockhash": "GH7ome3EiwEr7tu9JuTh2dpYWBJK3z69Xm1ZE3MEE6JC", "slot": 2048},"id":1}
-```
-
-### getStorageTurnRate
-
-Returns the current storage turn rate in terms of slots per turn
-
-#### Parameters:
-
-None
-
-#### Results:
-
-* `<u64>` - Number of slots in storage turn
-
-#### Example:
-
-```bash
-// Request
-curl -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1, "method":"getStorageTurnRate"}' http://localhost:8899
- // Result
-{"jsonrpc":"2.0","result":1024,"id":1}
-```
-
 ### getSupply
 
 Returns information about the current supply.

docs/src/implemented-proposals/cross-program-invocation.md

@@ -0,0 +1,95 @@
+# Cross-Program Invocation
+
+## Problem
+
+In today's implementation, a client can create a transaction that modifies two accounts, each owned by a separate on-chain program:
+
+```rust,ignore
+let message = Message::new(vec![
+    token_instruction::pay(&alice_pubkey),
+    acme_instruction::launch_missiles(&bob_pubkey),
+]);
+client.send_message(&[&alice_keypair, &bob_keypair], &message);
+```
+
+However, the current implementation does not allow the `acme` program to conveniently invoke `token` instructions on the client's behalf:
+
+```rust,ignore
+let message = Message::new(vec![
+    acme_instruction::pay_and_launch_missiles(&alice_pubkey, &bob_pubkey),
+]);
+client.send_message(&[&alice_keypair, &bob_keypair], &message);
+```
+
+Currently, there is no way to create instruction `pay_and_launch_missiles` that executes `token_instruction::pay` from the `acme` program. A possible workaround is to extend the `acme` program with the implementation of the `token` program and create `token` accounts with `ACME_PROGRAM_ID`, which the `acme` program is permitted to modify. With that workaround, `acme` can modify token-like accounts created by the `acme` program, but not token accounts created by the `token` program.
+
+## Proposed Solution
+
+The goal of this design is to modify Solana's runtime such that an on-chain program can invoke an instruction from another program.
+
+Given two on-chain programs `token` and `acme`, each implementing instructions `pay()` and `launch_missiles()` respectively, we would ideally like to implement the `acme` module with a call to a function defined in the `token` module:
+
+```rust,ignore
+mod acme {
+    use token;
+
+    fn launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
+        ...
+    }
+
+    fn pay_and_launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
+        token::pay(&keyed_accounts[1..])?;
+
+        launch_missiles(keyed_accounts)?;
+    }
+```
+
+The above code would require that the `token` crate be dynamically linked so that a custom linker could intercept calls and validate accesses to `keyed_accounts`. Even though the client intends to modify both `token` and `acme` accounts, only `token` program is permitted to modify the `token` account, and only the `acme` program is allowed to modify the `acme` account.
+
+Backing off from that ideal direct cross-program call, a slightly more verbose solution is to allow `acme` to invoke `token` by issuing a token instruction via the runtime.
+
+```rust,ignore
+mod acme {
+    use token_instruction;
+
+    fn launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
+        ...
+    }
+
+    fn pay_and_launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
+        let alice_pubkey = keyed_accounts[1].key;
+        let instruction = token_instruction::pay(&alice_pubkey);
+        invoke(&instruction, accounts)?;
+
+        launch_missiles(keyed_accounts)?;
+    }
+```
+
+`invoke()` is built into Solana's runtime and is responsible for routing the given instruction to the `token` program via the instruction's `program_id` field.
+
+Before invoking `pay()`, the runtime must ensure that `acme` didn't modify any accounts owned by `token`.  It does this by applying the runtime's policy to the current state of the accounts at the time `acme` calls `invoke` vs. the initial state of the accounts at the beginning of the `acme`'s instruction.  After `pay()` completes, the runtime must again ensure that `token` didn't modify any accounts owned by `acme` by again applying the runtime's policy, but this time with the `token` program ID.  Lastly, after `pay_and_launch_missiles()` completes, the runtime must apply the runtime policy one more time, where it normally would, but using all updated `pre_*` variables. If executing `pay_and_launch_missiles()` up to `pay()` made no invalid account changes, `pay()` made no invalid changes, and executing from `pay()` until `pay_and_launch_missiles()` returns made no invalid changes, then the runtime can transitively assume `pay_and_launch_missiles()` as whole made no invalid account changes, and therefore commit all these account modifications.
+
+### Instructions that require privileges
+
+The runtime uses the privileges granted to the caller program to determine what privileges can be extended to the callee.  Privileges in this context refer to signers and writable accounts.  For example, if the instruction the caller is processing contains a signer or writable account, then the caller can invoke an instruction that also contains that signer and/or writable account.
+
+This privilege extension relies on the fact that programs are immutable.  In the case of the `acme` program, the runtime can safely treat the transaction's signature as a signature of a `token` instruction.  When the runtime sees the `token` instruction references `alice_pubkey`, it looks up the key in the `acme` instruction to see if that key corresponds to a signed account. In this case, it does and thereby authorizes the `token` program to modify Alice's account.
+
+### Program signed accounts
+
+Programs can issue instructions that contain signed accounts that were not signed in the original transaction by
+using [Program derived addresses](program-derived-addresses.md).
+
+To sign an account with program derived addresses, a program may `invoke_signed()`.
+
+```rust,ignore
+        invoke_signed(
+            &instruction,
+            accounts,
+            &[&["First addresses seed"],
+              &["Second addresses first seed", "Second addresses second seed"]],
+        )?;
+
+### Reentrancy
+
+Reentrancy is currently limited to direct self recursion capped at a fixed depth.  This restriction prevents situations where a program might invoke another from an intermediary state without the knowledge that it might later be called back into.  Direct recursion gives the program full control of its state at the point that it gets called back.

docs/src/implemented-proposals/program-derived-addresses.md

@@ -0,0 +1,154 @@
+# Program Derived Addresses
+
+## Problem
+
+Programs cannot generate signatures when issuing instructions to
+other programs as defined in the [Cross-Program Invocations](cross-program-invocation.md)
+design.
+
+The lack of programmatic signature generation limits the kinds of programs
+that can be implemented in Solana.  A program may be given the
+authority over an account and later want to transfer that authority to another.
+This is impossible today because the program cannot act as the signer in the transaction that gives authority.
+
+For example, if two users want
+to make a wager on the outcome of a game in Solana, they must each
+transfer their wager's assets to some intermediary that will honor
+their agreement.  Currently, there is no way to implement this intermediary
+as a program in Solana because the intermediary program cannot transfer the
+assets to the winner.
+
+This capability is necessary for many DeFi applications since they
+require assets to be transferred to an escrow agent until some event
+occurs that determines the new owner.
+
+* Decentralized Exchanges that transfer assets between matching bid and
+ask orders.
+
+* Auctions that transfer assets to the winner.
+
+* Games or prediction markets that collect and redistribute prizes to
+the winners.
+
+## Proposed Solution
+
+The key to the design is two-fold:
+
+1. Allow programs to control specific addresses, called Program-Addresses, in such a way that no external
+user can generate valid transactions with signatures for those
+addresses.
+
+2. Allow programs to programmatically sign for Program-Addresses that are
+present in instructions invoked via [Cross-Program Invocations](cross-program-invocation.md).
+
+Given the two conditions, users can securely transfer or assign
+the authority of on-chain assets to Program-Addresses and the program
+can then assign that authority elsewhere at its discretion.
+
+### Private keys for Program Addresses
+
+A Program -Address has no private key associated with it, and generating
+a signature for it is impossible.  While it has no private key of
+its own, it can issue an instruction that includes the Program-Address as a signer.
+
+### Hash-based generated Program Addresses
+
+All 256-bit values are valid ed25519 curve points and valid ed25519 public
+keys.  All are equally secure and equally as hard to break.
+Based on this assumption, Program Addresses can be deterministically
+derived from a base seed using a 256-bit preimage resistant hash function.
+
+Deterministic Program Addresses for programs follow a similar derivation
+path as Accounts created with `SystemInstruction::CreateAccountWithSeed`
+which is implemented with `system_instruction::create_address_with_seed`.
+
+For reference that implementation is as follows:
+
+```rust,ignore
+pub fn create_address_with_seed(
+    base: &Pubkey,
+    seed: &str,
+    program_id: &Pubkey,
+) -> Result<Pubkey, SystemError> {
+    if seed.len() > MAX_ADDRESS_SEED_LEN {
+        return Err(SystemError::MaxSeedLengthExceeded);
+    }
+
+    Ok(Pubkey::new(
+        hashv(&[base.as_ref(), seed.as_ref(), program_id.as_ref()]).as_ref(),
+    ))
+}
+```
+
+Programs can deterministically derive any number of addresses by
+using keywords.  These keywords can symbolically identify how the addresses are used.
+
+```rust,ignore
+//! Generate a derived program address
+//!     * seeds, symbolic keywords used to derive the key
+//!     * owner, program that the key is derived for
+pub fn create_program_address(seeds: &[&str], owner: &Pubkey) -> Result<Pubkey, PubkeyError> {
+  let mut hasher = Hasher::default();
+  for seed in seeds.iter() {
+      if seed.len() > MAX_SEED_LEN {
+          return Err(PubkeyError::MaxSeedLengthExceeded);
+      }
+      hasher.hash(seed.as_ref());
+  }
+  hasher.hashv(&[owner.as_ref(), "ProgramDerivedAddress".as_ref()]);
+
+  Ok(Pubkey::new(hashv(&[hasher.result().as_ref()]).as_ref()))
+}
+```
+
+### Using Program Addresses
+
+Clients can use the `create_program_address` function to generate
+a destination address.
+
+```rust,ignore
+//deterministically derive the escrow key
+let escrow_pubkey = create_program_address(&[&["escrow"]], &escrow_program_id);
+let message = Message::new(vec![
+    token_instruction::transfer(&alice_pubkey, &escrow_pubkey, 1),
+]);
+//transfer 1 token to escrow
+client.send_message(&[&alice_keypair], &message);
+```
+
+Programs can use the same function to generate the same address.
+In the function below the program issues a `token_instruction::transfer` from
+Program Address as if it had the private key to sign the transaction.
+
+```rust,ignore
+fn transfer_one_token_from_escrow(
+    program_id: &Pubkey,
+    keyed_accounts: &[KeyedAccount]
+) -> Result<()> {
+
+    // User supplies the destination
+    let alice_pubkey = keyed_accounts[1].unsigned_key();
+
+    // Deterministically derive the escrow pubkey.
+    let escrow_pubkey = create_program_address(&[&["escrow"]], program_id);
+
+    // Create the transfer instruction
+    let instruction = token_instruction::transfer(&escrow_pubkey, &alice_pubkey, 1);
+
+    // The runtime deterministically derives the key from the currently
+    // executing program ID and the supplied keywords.
+    // If the derived key matches a key marked as signed in the instruction
+    // then that key is accepted as signed.
+    invoke_signed(&instruction,  &[&["escrow"]])?
+}
+```
+
+### Instructions that require signers
+
+The addresses generated with `create_program_address` are indistinguishable
+from any other public key.  The only way for the runtime to verify that the
+address belongs to a program is for the program to supply the keywords used
+to generate the address.
+
+The runtime will internally call `create_program_address`, and compare the
+result against the addresses supplied in the instruction.

docs/src/proposals/cross-program-invocation.md

@@ -1,71 +0,0 @@
-# Cross-Program Invocation
-
-## Problem
-
-In today's implementation a client can create a transaction that modifies two accounts, each owned by a separate on-chain program:
-
-```text
-let message = Message::new(vec![
-    token_instruction::pay(&alice_pubkey),
-    acme_instruction::launch_missiles(&bob_pubkey),
-]);
-client.send_message(&[&alice_keypair, &bob_keypair], &message);
-```
-
-The current implementation does not, however, allow the `acme` program to conveniently invoke `token` instructions on the client's behalf:
-
-```text
-let message = Message::new(vec![
-    acme_instruction::pay_and_launch_missiles(&alice_pubkey, &bob_pubkey),
-]);
-client.send_message(&[&alice_keypair, &bob_keypair], &message);
-```
-
-Currently, there is no way to create instruction `pay_and_launch_missiles` that executes `token_instruction::pay` from the `acme` program. The workaround is to extend the `acme` program with the implementation of the `token` program, and create `token` accounts with `ACME_PROGRAM_ID`, which the `acme` program is permitted to modify. With that workaround, `acme` can modify token-like accounts created by the `acme` program, but not token accounts created by the `token` program.
-
-## Proposed Solution
-
-The goal of this design is to modify Solana's runtime such that an on-chain program can invoke an instruction from another program.
-
-Given two on-chain programs `token` and `acme`, each implementing instructions `pay()` and `launch_missiles()` respectively, we would ideally like to implement the `acme` module with a call to a function defined in the `token` module:
-
-```text
-use token;
-
-fn launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
-    ...
-}
-
-fn pay_and_launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
-    token::pay(&keyed_accounts[1..])?;
-
-    launch_missiles(keyed_accounts)?;
-}
-```
-
-The above code would require that the `token` crate be dynamically linked, so that a custom linker could intercept calls and validate accesses to `keyed_accounts`. That is, even though the client intends to modify both `token` and `acme` accounts, only `token` program is permitted to modify the `token` account, and only the `acme` program is permitted to modify the `acme` account.
-
-Backing off from that ideal cross-program call, a slightly more verbose solution is to expose token's existing `process_instruction()` entrypoint to the acme program:
-
-```text
-use token_instruction;
-
-fn launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
-    ...
-}
-
-fn pay_and_launch_missiles(keyed_accounts: &[KeyedAccount]) -> Result<()> {
-    let alice_pubkey = keyed_accounts[1].key;
-    let instruction = token_instruction::pay(&alice_pubkey);
-    process_instruction(&instruction)?;
-
-    launch_missiles(keyed_accounts)?;
-}
-```
-
-where `process_instruction()` is built into Solana's runtime and responsible for routing the given instruction to the `token` program via the instruction's `program_id` field. Before invoking `pay()`, the runtime must also ensure that `acme` didn't modify any accounts owned by `token`. It does this by calling `runtime::verify_account_changes()` and then afterward updating all the `pre_*` variables to tentatively commit `acme`'s account modifications. After `pay()` completes, the runtime must again ensure that `token` didn't modify any accounts owned by `acme`. It should call `verify_account_changes()` again, but this time with the `token` program ID. Lastly, after `pay_and_launch_missiles()` completes, the runtime must call `verify_account_changes()` one more time, where it normally would, but using all updated `pre_*` variables. If executing `pay_and_launch_missiles()` up to `pay()` made no invalid account changes, `pay()` made no invalid changes, and executing from `pay()` until `pay_and_launch_missiles()` returns made no invalid changes, then the runtime can transitively assume `pay_and_launch_missiles()` as whole made no invalid account changes, and therefore commit all account modifications.
-
-### Setting `KeyedAccount.is_signer`
-
-When `process_instruction()` is invoked, the runtime must create a new `KeyedAccounts` parameter using the signatures from the _original_ transaction data. Since the `token` program is immutable and existed on-chain prior to the `acme` program, the runtime can safely treat the transaction signature as a signature of a transaction with a `token` instruction. When the runtime sees the given instruction references `alice_pubkey`, it looks up the key in the transaction to see if that key corresponds to a transaction signature. In this case it does and so sets `KeyedAccount.is_signer`, thereby authorizing the `token` program to modify Alice's account.
-

docs/src/proposals/program-keys-and-signatures.md

@@ -1,169 +0,0 @@
-# Program Keys and Signatures
-
-## Problem
-
-Programs cannot generate their own signatures in `process_instruction`
-as defined in the [Cross-Program Invocations](cross-program-invocation.md)
-design.
-
-Lack of programmatic signature generation limits the kinds of programs
-that can be implemented in Solana.  For example, a program cannot take
-ownership of a TokenAccount and later in a different transaction transfer
-the ownership based on the state of another program.  If two users want
-to make a wager in tokens on the outcome of a game in Solana, they must
-transfer tokens to some intermediary that will honor their agreement.
-Currently there is no way to implement this intermediary as a program
-in Solana.
-
-This capability is necessary for many DeFi applications, since they
-require assets to be transferred to an escrow agent until some event
-occurs that determines the new owner.
-
-* Decentralized Exchanges that transfer assets between matching bid and
-ask orders.
-
-* Auctions that transfer assets to the winner.
-
-* Games or prediction markets that collect and redistribute prizes to
-the winners.
-
-## Proposed Solution
-
-The key to the design is two fold:
-
-1. Allow programs to control specific addresses, called Program
-Addresses, in such a way that it is impossible for any external
-user to generate valid transactions with signatures for those
-addresses.
-
-2. To allow programs to programatically control
-`KeyedAccount::is_signer` value for Program Addresses that are
-present in instructions that is invoked via `process_instruction()`.
-
-Given the two conditions, users can securely transfer or assign
-ownershp of on chain assets to Program Addresses.  Once assigned,
-the program and only the program can execute instructions that
-refences a Program Address with `KeyedAccount::is_signer` set to
-true.
-
-### Private keys for Program Addresses
-
-This address has no private key associated with it, and generating
-a signature for it is impossible.  While it has no private key of
-its own, the program can issue an instruction to set the
-`KeyedAccount::is_signer` flag for this address.
-
-### Hash based generated Program Addresses
-
-All 256 bit values are valid ed25519 curve points, and valid ed25519 public
-keys.  All are equally secure and equally as hard to break.
-Based on this assumption, Program Addresses can be deterministically
-derived from a base seed using a 256 bit preimage resistant hash function.
-
-Deterministic Program Addresses for programs follow a similar derivation
-path as Accounts created with `SystemInstruction::CreateAccountWithSeed`
-which is implemented with `system_instruction::create_address_with_seed`.
-
-For reference the implementation is as follows:
-
-```rust,ignore
-pub fn create_address_with_seed(
-    base: &Pubkey,
-    seed: &str,
-    program_id: &Pubkey,
-) -> Result<Pubkey, SystemError> {
-    if seed.len() > MAX_ADDRESS_SEED_LEN {
-        return Err(SystemError::MaxSeedLengthExceeded);
-    }
-
-    Ok(Pubkey::new(
-        hashv(&[base.as_ref(), seed.as_ref(), program_id.as_ref()]).as_ref(),
-    ))
-}
-```
-
-Programs can deterministically derive any number of addresses by
-using a keyword.  The keyword can symbolically identify how this
-address is used.
-
-```rust,ignore
-//! Generate a derived program address
-//!     * program_id, the program's id
-//!     * key_base, can be any public key chosen by the program
-//!     * keyword, symbolic keyword to identify the key
-//!
-//! The tuple (`key_base`, `keyword`) is used by programs to create user specific
-//! symbolic keys.  For example for the staking contact, the program may need:
-//!     * <user account>/<"withdrawer">
-//!     * <user account>/<"staker">
-//!     * <user account>/<"custodian">
-//! As generated keys to control a single stake account for each user.
-pub fn derive_program_address(
-    program_id: &Pubkey,
-    key_base, &Pubkey,
-    keyword, &str,
-) -> Result<Pubkey, SystemError> {
-
-    // Generate a deterministic base for all program addresses that
-    // are owned by `program_id`.
-    // Hashing twice is recommended to prevent lenght extension attacks.
-    Ok(Pubkey::new(
-        hashv(&[hashv(&[program_id.as_ref(), key_base.as_ref(), keyword.as_ref(),
-            &"ProgramAddress11111111111111111111111111111"]).as_ref()])
-    ))
-}
-```
-
-### Using Program Addresses
-
-Clients can use the `derive_program_address` function to generate
-a destination address.
-
-```rust,ignore
-//deterministically derive the escrow key
-let escrow_pubkey = derive_program_address(&escrow_program_id, &alice_pubkey, &"escrow");
-let message = Message::new(vec![
-    token_instruction::transfer(&alice_pubkey, &escrow_pubkey, 1),
-]);
-//transfer 1 token to escrow
-client.send_message(&[&alice_keypair], &message);
-```
-
-Programs can use the same function to generate the same address.
-Below the program issue a `token_instruction::transfer` from its
-own address as if it had a private key to sign the transaction.
-
-```rust,ignore
-fn transfer_one_token_from_escrow(
-    program_id: &Pubkey,
-    keyed_accounts: &[KeyedAccount]
-) -> Result<()> {
-
-
-    //user supplies the destination
-    let alice_pubkey = keyed_accounts[1].key;
-
-    // Deterministically derive the escrow pubkey.
-    let escrow_pubkey = derive_program_address(program_id, &alice_pubkey, &"escrow");
-
-    //create the transfer instruction
-    let instruction = token_instruction::transfer(&escrow_pubkey, &alice_pubkey, 1);
-
-    // The runtime deterministically derives the key from the current
-    // program id and the supplied keywords.
-    // If the derived key matches a key in the instruction
-    // the `is_signed` flag is set.
-    process_signed_instruction(&instruction,  &[(&alice_pubkey, &"escrow")])?
-}
-```
-
-### Setting `KeyedAccount::is_signer`
-
-The addresses generated with `derive_program_address` are blinded
-and are indistinguishable from any other pubkey.  The only way for
-the runtime to verify that the address belongs to a program is for
-the program to supply the keyword used to generate the address.
-
-The runtime will internally run  `derive_program_address(program_id,
-&alice_pubkey, &"escrow")`, and compare the result against the addresses
-supplied in the instruction.

programs/bpf/benches/bpf_loader.rs

@@ -80,7 +80,7 @@ fn bench_program_alu(bencher: &mut Bencher) {
     let mut invoke_context = MockInvokeContext::default();
 
     let elf = load_elf().unwrap();
-    let (mut vm, _) = solana_bpf_loader_program::create_vm(&elf, &mut invoke_context).unwrap();
+    let (mut vm, _) = solana_bpf_loader_program::create_vm(&elf, &[], &mut invoke_context).unwrap();
 
     println!("Interpreted:");
     assert_eq!(
@@ -145,7 +145,6 @@ impl InvokeContext for MockInvokeContext {
         &mut self,
         _message: &Message,
         _instruction: &CompiledInstruction,
-        _signers: &[Pubkey],
         _accounts: &[Rc<RefCell<Account>>],
     ) -> Result<(), InstructionError> {
         Ok(())

programs/bpf/c/src/invoke/invoke.c

@@ -4,6 +4,10 @@
 #include "../invoked/instruction.h"
 #include <solana_sdk.h>
 
+static const uint8_t TEST_SUCCESS = 1;
+static const uint8_t TEST_PRIVILEGE_ESCALATION_SIGNER = 2;
+static const uint8_t TEST_PRIVILEGE_ESCALATION_WRITABLE = 3;
+
 static const int MINT_INDEX = 0;
 static const int ARGUMENT_INDEX = 1;
 static const int INVOKED_PROGRAM_INDEX = 2;
@@ -26,127 +30,168 @@ extern uint64_t entrypoint(const uint8_t *input) {
     return ERROR_INVALID_ARGUMENT;
   }
 
-  sol_log("Call system program");
-  {
-    sol_assert(*accounts[FROM_INDEX].lamports = 43);
-    sol_assert(*accounts[ARGUMENT_INDEX].lamports = 41);
-    SolAccountMeta arguments[] = {{accounts[FROM_INDEX].key, false, true},
-                                  {accounts[ARGUMENT_INDEX].key, false, false}};
-    uint8_t data[] = {2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0};
-    const SolInstruction instruction = {accounts[SYSTEM_PROGRAM_INDEX].key,
-                                        arguments, SOL_ARRAY_SIZE(arguments),
-                                        data, SOL_ARRAY_SIZE(data)};
-    sol_assert(SUCCESS ==
-               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
-    sol_assert(*accounts[FROM_INDEX].lamports = 42);
-    sol_assert(*accounts[ARGUMENT_INDEX].lamports = 42);
-  }
-
-  sol_log("Test data translation");
-  {
-    for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
-      accounts[ARGUMENT_INDEX].data[i] = i;
+  switch (params.data[0]) {
+  case TEST_SUCCESS: {
+    sol_log("Call system program");
+    {
+      sol_assert(*accounts[FROM_INDEX].lamports = 43);
+      sol_assert(*accounts[ARGUMENT_INDEX].lamports = 41);
+      SolAccountMeta arguments[] = {
+          {accounts[FROM_INDEX].key, false, true},
+          {accounts[ARGUMENT_INDEX].key, false, false}};
+      uint8_t data[] = {2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0};
+      const SolInstruction instruction = {accounts[SYSTEM_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+      sol_assert(SUCCESS ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+      sol_assert(*accounts[FROM_INDEX].lamports = 42);
+      sol_assert(*accounts[ARGUMENT_INDEX].lamports = 42);
     }
 
-    SolAccountMeta arguments[] = {
-        {accounts[ARGUMENT_INDEX].key, true, true},
-        {accounts[INVOKED_ARGUMENT_INDEX].key, true, true},
-        {accounts[INVOKED_PROGRAM_INDEX].key, false, false},
-        {accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false}};
-    uint8_t data[] = {TEST_VERIFY_TRANSLATIONS, 1, 2, 3, 4, 5};
-    const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
-                                        arguments, SOL_ARRAY_SIZE(arguments),
-                                        data, SOL_ARRAY_SIZE(data)};
+    sol_log("Test data translation");
+    {
+      for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
+        accounts[ARGUMENT_INDEX].data[i] = i;
+      }
 
-    sol_assert(SUCCESS ==
-               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+      SolAccountMeta arguments[] = {
+          {accounts[ARGUMENT_INDEX].key, true, true},
+          {accounts[INVOKED_ARGUMENT_INDEX].key, true, true},
+          {accounts[INVOKED_PROGRAM_INDEX].key, false, false},
+          {accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false}};
+      uint8_t data[] = {TEST_VERIFY_TRANSLATIONS, 1, 2, 3, 4, 5};
+      const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+
+      sol_assert(SUCCESS ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+    }
+
+    sol_log("Test return error");
+    {
+      SolAccountMeta arguments[] = {{accounts[ARGUMENT_INDEX].key, true, true}};
+      uint8_t data[] = {TEST_RETURN_ERROR};
+      const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+
+      sol_assert(42 ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+    }
+
+    sol_log("Test derived signers");
+    {
+      sol_assert(!accounts[DERIVED_KEY1_INDEX].is_signer);
+      sol_assert(!accounts[DERIVED_KEY2_INDEX].is_signer);
+      sol_assert(!accounts[DERIVED_KEY3_INDEX].is_signer);
+
+      SolAccountMeta arguments[] = {
+          {accounts[INVOKED_PROGRAM_INDEX].key, false, false},
+          {accounts[DERIVED_KEY1_INDEX].key, true, true},
+          {accounts[DERIVED_KEY2_INDEX].key, true, false},
+          {accounts[DERIVED_KEY3_INDEX].key, false, false}};
+      uint8_t data[] = {TEST_DERIVED_SIGNERS};
+      const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+      char seed1[] = "You pass butter";
+      char seed2[] = "Lil'";
+      char seed3[] = "Bits";
+      const SolSignerSeed seeds1[] = {{seed1, sol_strlen(seed1)}};
+      const SolSignerSeed seeds2[] = {{seed2, sol_strlen(seed2)},
+                                      {seed3, sol_strlen(seed3)}};
+      const SolSignerSeeds signers_seeds[] = {{seeds1, SOL_ARRAY_SIZE(seeds1)},
+                                              {seeds2, SOL_ARRAY_SIZE(seeds2)}};
+      sol_assert(SUCCESS == sol_invoke_signed(&instruction, accounts,
+                                              SOL_ARRAY_SIZE(accounts),
+                                              signers_seeds,
+                                              SOL_ARRAY_SIZE(signers_seeds)));
+    }
+
+    sol_log("Test readonly with writable account");
+    {
+      SolAccountMeta arguments[] = {
+          {accounts[INVOKED_ARGUMENT_INDEX].key, true, false}};
+      uint8_t data[] = {TEST_VERIFY_WRITER};
+      const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+
+      sol_assert(SUCCESS ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+    }
+
+    sol_log("Test invoke");
+    {
+      sol_assert(accounts[ARGUMENT_INDEX].is_signer);
+
+      *accounts[ARGUMENT_INDEX].lamports -= 5;
+      *accounts[INVOKED_ARGUMENT_INDEX].lamports += 5;
+
+      SolAccountMeta arguments[] = {
+          {accounts[INVOKED_ARGUMENT_INDEX].key, true, true},
+          {accounts[ARGUMENT_INDEX].key, true, true}};
+      uint8_t data[] = {TEST_NESTED_INVOKE};
+      const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
+                                          arguments, SOL_ARRAY_SIZE(arguments),
+                                          data, SOL_ARRAY_SIZE(data)};
+
+      sol_log("First invoke");
+      sol_assert(SUCCESS ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+      sol_log("2nd invoke from first program");
+      sol_assert(SUCCESS ==
+                 sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+
+      sol_assert(*accounts[ARGUMENT_INDEX].lamports == 42 - 5 + 1 + 1);
+      sol_assert(*accounts[INVOKED_ARGUMENT_INDEX].lamports == 10 + 5 - 1 - 1);
+    }
+
+    sol_log("Verify data values are retained and updated");
+    for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
+      sol_assert(accounts[ARGUMENT_INDEX].data[i] == i);
+    }
+    for (int i = 0; i < accounts[INVOKED_ARGUMENT_INDEX].data_len; i++) {
+      sol_assert(accounts[INVOKED_ARGUMENT_INDEX].data[i] == i);
+    }
+    break;
   }
-
-  sol_log("Test return error");
-  {
-    SolAccountMeta arguments[] = {{accounts[ARGUMENT_INDEX].key, true, true}};
-    uint8_t data[] = {TEST_RETURN_ERROR};
-    const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
-                                        arguments, SOL_ARRAY_SIZE(arguments),
-                                        data, SOL_ARRAY_SIZE(data)};
-
-    sol_assert(42 ==
-               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
-  }
-
-  sol_log("Test derived signers");
-  {
-    sol_assert(!accounts[DERIVED_KEY1_INDEX].is_signer);
-    sol_assert(!accounts[DERIVED_KEY2_INDEX].is_signer);
-    sol_assert(!accounts[DERIVED_KEY3_INDEX].is_signer);
-
+  case TEST_PRIVILEGE_ESCALATION_SIGNER: {
+    sol_log("Test privilege escalation signer");
     SolAccountMeta arguments[] = {
-        {accounts[INVOKED_PROGRAM_INDEX].key, false, false},
-        {accounts[DERIVED_KEY1_INDEX].key, true, true},
-        {accounts[DERIVED_KEY2_INDEX].key, true, false},
         {accounts[DERIVED_KEY3_INDEX].key, false, false}};
-    uint8_t data[] = {TEST_DERIVED_SIGNERS};
+    uint8_t data[] = {TEST_VERIFY_PRIVILEGE_ESCALATION};
     const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
                                         arguments, SOL_ARRAY_SIZE(arguments),
                                         data, SOL_ARRAY_SIZE(data)};
-    char seed1[] = "You pass butter";
-    char seed2[] = "Lil'";
-    char seed3[] = "Bits";
-    const SolSignerSeed seeds1[] = {{seed1, sol_strlen(seed1)}};
-    const SolSignerSeed seeds2[] = {{seed2, sol_strlen(seed2)},
-                                    {seed3, sol_strlen(seed3)}};
-    const SolSignerSeeds signers_seeds[] = {{seeds1, SOL_ARRAY_SIZE(seeds1)},
-                                            {seeds2, SOL_ARRAY_SIZE(seeds2)}};
-    sol_assert(SUCCESS == sol_invoke_signed(
-                              &instruction, accounts, SOL_ARRAY_SIZE(accounts),
-                              signers_seeds, SOL_ARRAY_SIZE(signers_seeds)));
-  }
+    sol_assert(SUCCESS ==
+               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
 
-  sol_log("Test readonly with writable account");
-  {
+    instruction.accounts[0].is_signer = true;
+    sol_assert(SUCCESS !=
+               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+    break;
+  }
+  case TEST_PRIVILEGE_ESCALATION_WRITABLE: {
+    sol_log("Test privilege escalation writable");
     SolAccountMeta arguments[] = {
-        {accounts[INVOKED_ARGUMENT_INDEX].key, true, false}};
-    uint8_t data[] = {TEST_VERIFY_WRITER};
+        {accounts[DERIVED_KEY3_INDEX].key, false, false}};
+    uint8_t data[] = {TEST_VERIFY_PRIVILEGE_ESCALATION};
     const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
                                         arguments, SOL_ARRAY_SIZE(arguments),
                                         data, SOL_ARRAY_SIZE(data)};
-
-    sol_assert(SUCCESS ==
-               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
-  }
-
-  sol_log("Test invoke");
-  {
-    sol_assert(accounts[ARGUMENT_INDEX].is_signer);
-
-    *accounts[ARGUMENT_INDEX].lamports -= 5;
-    *accounts[INVOKED_ARGUMENT_INDEX].lamports += 5;
-
-    SolAccountMeta arguments[] = {
-        {accounts[INVOKED_ARGUMENT_INDEX].key, true, true},
-        {accounts[ARGUMENT_INDEX].key, true, true}};
-    uint8_t data[] = {TEST_NESTED_INVOKE};
-    const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
-                                        arguments, SOL_ARRAY_SIZE(arguments),
-                                        data, SOL_ARRAY_SIZE(data)};
-
-    sol_log("Fist invoke");
-    sol_assert(SUCCESS ==
-               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
-    sol_log("2nd invoke from first program");
     sol_assert(SUCCESS ==
                sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
 
-    sol_assert(*accounts[ARGUMENT_INDEX].lamports == 42 - 5 + 1 + 1);
-    sol_assert(*accounts[INVOKED_ARGUMENT_INDEX].lamports == 10 + 5 - 1 - 1);
+    instruction.accounts[0].is_writable = true;
+    sol_assert(SUCCESS !=
+               sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
+    break;
   }
-
-  sol_log("Verify data values are retained and updated");
-  for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
-    sol_assert(accounts[ARGUMENT_INDEX].data[i] == i);
-  }
-  for (int i = 0; i < accounts[INVOKED_ARGUMENT_INDEX].data_len; i++) {
-    sol_assert(accounts[INVOKED_ARGUMENT_INDEX].data[i] == i);
+  default:
+    sol_panic();
   }
 
   return SUCCESS;

programs/bpf/c/src/invoked/instruction.h

@@ -2,9 +2,12 @@
  * @brief Instruction definitions for the invoked program
  */
 
-const int TEST_VERIFY_TRANSLATIONS = 0;
-const int TEST_RETURN_ERROR = 1;
-const int TEST_DERIVED_SIGNERS = 2;
-const int TEST_VERIFY_NESTED_SIGNERS = 3;
-const int TEST_VERIFY_WRITER = 4;
-const int TEST_NESTED_INVOKE = 5;
+#include <solana_sdk.h>
+
+const uint8_t TEST_VERIFY_TRANSLATIONS = 0;
+const uint8_t TEST_RETURN_ERROR = 1;
+const uint8_t TEST_DERIVED_SIGNERS = 2;
+const uint8_t TEST_VERIFY_NESTED_SIGNERS = 3;
+const uint8_t TEST_VERIFY_WRITER = 4;
+const uint8_t TEST_VERIFY_PRIVILEGE_ESCALATION = 5;
+const uint8_t TEST_NESTED_INVOKE = 6;

programs/bpf/c/src/invoked/invoked.c

@@ -136,6 +136,9 @@ extern uint64_t entrypoint(const uint8_t *input) {
     sol_assert(accounts[ARGUMENT_INDEX].is_writable);
     break;
   }
+  case TEST_VERIFY_PRIVILEGE_ESCALATION: {
+    sol_log("Success");
+  }
   case TEST_NESTED_INVOKE: {
     sol_log("invoke");
 

programs/bpf/rust/invoke/src/lib.rs

@@ -16,6 +16,10 @@ use solana_sdk::{
     system_instruction,
 };
 
+const TEST_SUCCESS: u8 = 1;
+const TEST_PRIVILEGE_ESCALATION_SIGNER: u8 = 2;
+const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
+
 // const MINT_INDEX: usize = 0;
 const ARGUMENT_INDEX: usize = 1;
 const INVOKED_PROGRAM_INDEX: usize = 2;
@@ -32,128 +36,166 @@ entrypoint!(process_instruction);
 fn process_instruction(
     _program_id: &Pubkey,
     accounts: &[AccountInfo],
-    _instruction_data: &[u8],
+    instruction_data: &[u8],
 ) -> ProgramResult {
     info!("invoke Rust program");
 
-    info!("Call system program");
-    {
-        assert_eq!(accounts[FROM_INDEX].lamports(), 43);
-        assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 41);
-        let instruction =
-            system_instruction::transfer(accounts[FROM_INDEX].key, accounts[ARGUMENT_INDEX].key, 1);
-        invoke(&instruction, accounts)?;
-        assert_eq!(accounts[FROM_INDEX].lamports(), 42);
-        assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 42);
-    }
+    match instruction_data[0] {
+        TEST_SUCCESS => {
+            info!("Call system program");
+            {
+                assert_eq!(accounts[FROM_INDEX].lamports(), 43);
+                assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 41);
+                let instruction = system_instruction::transfer(
+                    accounts[FROM_INDEX].key,
+                    accounts[ARGUMENT_INDEX].key,
+                    1,
+                );
+                invoke(&instruction, accounts)?;
+                assert_eq!(accounts[FROM_INDEX].lamports(), 42);
+                assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 42);
+            }
 
-    info!("Test data translation");
-    {
-        {
-            let mut data = accounts[ARGUMENT_INDEX].try_borrow_mut_data()?;
-            for i in 0..100 {
-                data[i as usize] = i;
+            info!("Test data translation");
+            {
+                {
+                    let mut data = accounts[ARGUMENT_INDEX].try_borrow_mut_data()?;
+                    for i in 0..100 {
+                        data[i as usize] = i;
+                    }
+                }
+
+                let instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[
+                        (accounts[ARGUMENT_INDEX].key, true, true),
+                        (accounts[INVOKED_ARGUMENT_INDEX].key, true, true),
+                        (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
+                        (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
+                    ],
+                    vec![TEST_VERIFY_TRANSLATIONS, 1, 2, 3, 4, 5],
+                );
+                invoke(&instruction, accounts)?;
+            }
+
+            info!("Test return error");
+            {
+                let instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[(accounts[ARGUMENT_INDEX].key, true, true)],
+                    vec![TEST_RETURN_ERROR],
+                );
+                assert_eq!(
+                    invoke(&instruction, accounts),
+                    Err(ProgramError::Custom(42))
+                );
+            }
+
+            info!("Test derived signers");
+            {
+                assert!(!accounts[DERIVED_KEY1_INDEX].is_signer);
+                assert!(!accounts[DERIVED_KEY2_INDEX].is_signer);
+                assert!(!accounts[DERIVED_KEY3_INDEX].is_signer);
+
+                let invoked_instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[
+                        (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
+                        (accounts[DERIVED_KEY1_INDEX].key, true, true),
+                        (accounts[DERIVED_KEY2_INDEX].key, true, false),
+                        (accounts[DERIVED_KEY3_INDEX].key, false, false),
+                    ],
+                    vec![TEST_DERIVED_SIGNERS],
+                );
+                invoke_signed(
+                    &invoked_instruction,
+                    accounts,
+                    &[&["You pass butter"], &["Lil'", "Bits"]],
+                )?;
+            }
+
+            info!("Test readonly with writable account");
+            {
+                let invoked_instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[(accounts[ARGUMENT_INDEX].key, false, true)],
+                    vec![TEST_VERIFY_WRITER],
+                );
+                invoke(&invoked_instruction, accounts)?;
+            }
+
+            info!("Test nested invoke");
+            {
+                assert!(accounts[ARGUMENT_INDEX].is_signer);
+
+                **accounts[ARGUMENT_INDEX].lamports.borrow_mut() -= 5;
+                **accounts[INVOKED_ARGUMENT_INDEX].lamports.borrow_mut() += 5;
+
+                info!("First invoke");
+                let instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[
+                        (accounts[ARGUMENT_INDEX].key, true, true),
+                        (accounts[INVOKED_ARGUMENT_INDEX].key, true, true),
+                        (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
+                        (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
+                    ],
+                    vec![TEST_NESTED_INVOKE],
+                );
+                invoke(&instruction, accounts)?;
+                info!("2nd invoke from first program");
+                invoke(&instruction, accounts)?;
+
+                assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 42 - 5 + 1 + 1 + 1 + 1);
+                assert_eq!(
+                    accounts[INVOKED_ARGUMENT_INDEX].lamports(),
+                    10 + 5 - 1 - 1 - 1 - 1
+                );
+            }
+
+            info!("Verify data values are retained and updated");
+            {
+                let data = accounts[ARGUMENT_INDEX].try_borrow_data()?;
+                for i in 0..100 {
+                    assert_eq!(data[i as usize], i);
+                }
+                let data = accounts[INVOKED_ARGUMENT_INDEX].try_borrow_data()?;
+                for i in 0..10 {
+                    assert_eq!(data[i as usize], i);
+                }
             }
         }
+        TEST_PRIVILEGE_ESCALATION_SIGNER => {
+            info!("Test privilege escalation signer");
+            let mut invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[(accounts[DERIVED_KEY3_INDEX].key, false, false)],
+                vec![TEST_VERIFY_PRIVILEGE_ESCALATION],
+            );
+            invoke(&invoked_instruction, accounts)?;
 
-        let instruction = create_instruction(
-            *accounts[INVOKED_PROGRAM_INDEX].key,
-            &[
-                (accounts[ARGUMENT_INDEX].key, true, true),
-                (accounts[INVOKED_ARGUMENT_INDEX].key, true, true),
-                (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
-                (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
-            ],
-            vec![TEST_VERIFY_TRANSLATIONS, 1, 2, 3, 4, 5],
-        );
-        invoke(&instruction, accounts)?;
-    }
-
-    info!("Test return error");
-    {
-        let instruction = create_instruction(
-            *accounts[INVOKED_PROGRAM_INDEX].key,
-            &[(accounts[ARGUMENT_INDEX].key, true, true)],
-            vec![TEST_RETURN_ERROR],
-        );
-        assert_eq!(
-            invoke(&instruction, accounts),
-            Err(ProgramError::Custom(42))
-        );
-    }
-
-    info!("Test derived signers");
-    {
-        assert!(!accounts[DERIVED_KEY1_INDEX].is_signer);
-        assert!(!accounts[DERIVED_KEY2_INDEX].is_signer);
-        assert!(!accounts[DERIVED_KEY3_INDEX].is_signer);
-
-        let invoked_instruction = create_instruction(
-            *accounts[INVOKED_PROGRAM_INDEX].key,
-            &[
-                (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
-                (accounts[DERIVED_KEY1_INDEX].key, true, true),
-                (accounts[DERIVED_KEY2_INDEX].key, true, false),
-                (accounts[DERIVED_KEY3_INDEX].key, false, false),
-            ],
-            vec![TEST_DERIVED_SIGNERS],
-        );
-        invoke_signed(
-            &invoked_instruction,
-            accounts,
-            &[&["You pass butter"], &["Lil'", "Bits"]],
-        )?;
-    }
-
-    info!("Test readonly with writable account");
-    {
-        let invoked_instruction = create_instruction(
-            *accounts[INVOKED_PROGRAM_INDEX].key,
-            &[(accounts[ARGUMENT_INDEX].key, false, true)],
-            vec![TEST_VERIFY_WRITER],
-        );
-        invoke(&invoked_instruction, accounts)?;
-    }
-
-    info!("Test nested invoke");
-    {
-        assert!(accounts[ARGUMENT_INDEX].is_signer);
-
-        **accounts[ARGUMENT_INDEX].lamports.borrow_mut() -= 5;
-        **accounts[INVOKED_ARGUMENT_INDEX].lamports.borrow_mut() += 5;
-
-        info!("Fist invoke");
-        let instruction = create_instruction(
-            *accounts[INVOKED_PROGRAM_INDEX].key,
-            &[
-                (accounts[ARGUMENT_INDEX].key, true, true),
-                (accounts[INVOKED_ARGUMENT_INDEX].key, true, true),
-                (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
-                (accounts[INVOKED_PROGRAM_DUP_INDEX].key, false, false),
-            ],
-            vec![TEST_NESTED_INVOKE],
-        );
-        invoke(&instruction, accounts)?;
-        info!("2nd invoke from first program");
-        invoke(&instruction, accounts)?;
-
-        assert_eq!(accounts[ARGUMENT_INDEX].lamports(), 42 - 5 + 1 + 1 + 1 + 1);
-        assert_eq!(
-            accounts[INVOKED_ARGUMENT_INDEX].lamports(),
-            10 + 5 - 1 - 1 - 1 - 1
-        );
-    }
-
-    info!("Verify data values are retained and updated");
-    {
-        let data = accounts[ARGUMENT_INDEX].try_borrow_data()?;
-        for i in 0..100 {
-            assert_eq!(data[i as usize], i);
+            invoked_instruction.accounts[0].is_signer = true;
+            assert_eq!(
+                invoke(&invoked_instruction, accounts),
+                Err(ProgramError::Custom(0x0b9f_0002))
+            );
         }
-        let data = accounts[INVOKED_ARGUMENT_INDEX].try_borrow_data()?;
-        for i in 0..10 {
-            assert_eq!(data[i as usize], i);
+        TEST_PRIVILEGE_ESCALATION_WRITABLE => {
+            info!("Test privilege escalation writable");
+            let mut invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[(accounts[DERIVED_KEY3_INDEX].key, false, false)],
+                vec![TEST_VERIFY_PRIVILEGE_ESCALATION],
+            );
+            invoke(&invoked_instruction, accounts)?;
+
+            invoked_instruction.accounts[0].is_writable = true;
+            assert_eq!(
+                invoke(&invoked_instruction, accounts),
+                Err(ProgramError::Custom(0x0b9f_0002))
+            );
         }
+        _ => panic!(),
     }
 
     Ok(())

programs/bpf/rust/invoked/src/instruction.rs

@@ -10,7 +10,8 @@ pub const TEST_RETURN_ERROR: u8 = 1;
 pub const TEST_DERIVED_SIGNERS: u8 = 2;
 pub const TEST_VERIFY_NESTED_SIGNERS: u8 = 3;
 pub const TEST_VERIFY_WRITER: u8 = 4;
-pub const TEST_NESTED_INVOKE: u8 = 5;
+pub const TEST_VERIFY_PRIVILEGE_ESCALATION: u8 = 5;
+pub const TEST_NESTED_INVOKE: u8 = 6;
 
 pub fn create_instruction(
     program_id: Pubkey,

programs/bpf/rust/invoked/src/lib.rs

@@ -151,6 +151,9 @@ fn process_instruction(
 
             assert!(!accounts[ARGUMENT_INDEX].is_writable);
         }
+        TEST_VERIFY_PRIVILEGE_ESCALATION => {
+            info!("Success");
+        }
         TEST_NESTED_INVOKE => {
             info!("nested invoke");
 

programs/bpf/tests/programs.rs

@@ -309,6 +309,10 @@ mod bpf {
     fn test_program_bpf_invoke() {
         solana_logger::setup();
 
+        const TEST_SUCCESS: u8 = 1;
+        const TEST_PRIVILEGE_ESCALATION_SIGNER: u8 = 2;
+        const TEST_PRIVILEGE_ESCALATION_WRITABLE: u8 = 3;
+
         let mut programs = Vec::new();
         #[cfg(feature = "bpf_c")]
         {
@@ -369,9 +373,11 @@ mod bpf {
                 AccountMeta::new(from_keypair.pubkey(), true),
             ];
 
-            let instruction = Instruction::new(invoke_program_id, &1u8, account_metas);
-            let message = Message::new(&[instruction]);
+            // success cases
 
+            let instruction =
+                Instruction::new(invoke_program_id, &TEST_SUCCESS, account_metas.clone());
+            let message = Message::new(&[instruction]);
             assert!(bank_client
                 .send_message(
                     &[
@@ -383,6 +389,52 @@ mod bpf {
                     message,
                 )
                 .is_ok());
+
+            // failure cases
+
+            let instruction = Instruction::new(
+                invoke_program_id,
+                &TEST_PRIVILEGE_ESCALATION_SIGNER,
+                account_metas.clone(),
+            );
+            let message = Message::new(&[instruction]);
+            assert_eq!(
+                bank_client
+                    .send_message(
+                        &[
+                            &mint_keypair,
+                            &argument_keypair,
+                            &invoked_argument_keypair,
+                            &from_keypair
+                        ],
+                        message,
+                    )
+                    .unwrap_err()
+                    .unwrap(),
+                TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            );
+
+            let instruction = Instruction::new(
+                invoke_program_id,
+                &TEST_PRIVILEGE_ESCALATION_WRITABLE,
+                account_metas.clone(),
+            );
+            let message = Message::new(&[instruction]);
+            assert_eq!(
+                bank_client
+                    .send_message(
+                        &[
+                            &mint_keypair,
+                            &argument_keypair,
+                            &invoked_argument_keypair,
+                            &from_keypair
+                        ],
+                        message,
+                    )
+                    .unwrap_err()
+                    .unwrap(),
+                TransactionError::InstructionError(0, InstructionError::Custom(194969602))
+            );
         }
     }
 }

programs/bpf_loader/src/lib.rs

@@ -57,6 +57,7 @@ impl UserDefinedError for BPFError {}
 
 pub fn create_vm<'a>(
     prog: &'a [u8],
+    parameter_accounts: &'a [KeyedAccount<'a>],
     invoke_context: &'a mut dyn InvokeContext,
 ) -> Result<(EbpfVm<'a, BPFError>, MemoryRegion), EbpfError<BPFError>> {
     let mut vm = EbpfVm::new(None)?;
@@ -64,7 +65,7 @@ pub fn create_vm<'a>(
     vm.set_max_instruction_count(100_000)?;
     vm.set_elf(&prog)?;
 
-    let heap_region = syscalls::register_syscalls(&mut vm, invoke_context)?;
+    let heap_region = syscalls::register_syscalls(&mut vm, parameter_accounts, invoke_context)?;
 
     Ok((vm, heap_region))
 }
@@ -182,13 +183,14 @@ pub fn process_instruction(
         )?;
         {
             let program_account = program.try_account_ref_mut()?;
-            let (mut vm, heap_region) = match create_vm(&program_account.data, invoke_context) {
-                Ok(info) => info,
-                Err(e) => {
-                    warn!("Failed to create BPF VM: {}", e);
-                    return Err(BPFLoaderError::VirtualMachineCreationFailed.into());
-                }
-            };
+            let (mut vm, heap_region) =
+                match create_vm(&program_account.data, &parameter_accounts, invoke_context) {
+                    Ok(info) => info,
+                    Err(e) => {
+                        warn!("Failed to create BPF VM: {}", e);
+                        return Err(BPFLoaderError::VirtualMachineCreationFailed.into());
+                    }
+                };
 
             info!("Call BPF program {}", program.unsigned_key());
             match vm.execute_program(parameter_bytes.as_slice(), &[], &[heap_region]) {
@@ -274,7 +276,6 @@ mod tests {
             &mut self,
             _message: &Message,
             _instruction: &CompiledInstruction,
-            _signers: &[Pubkey],
             _accounts: &[Rc<RefCell<Account>>],
         ) -> Result<(), InstructionError> {
             Ok(())

programs/bpf_loader/src/syscalls.rs

@@ -9,6 +9,7 @@ use solana_rbpf::{
 use solana_runtime::{builtin_programs::get_builtin_programs, message_processor::MessageProcessor};
 use solana_sdk::{
     account::Account,
+    account::KeyedAccount,
     account_info::AccountInfo,
     bpf_loader,
     entrypoint::SUCCESS,
@@ -48,6 +49,8 @@ pub enum SyscallError {
     ProgramNotSupported,
     #[error("{0}")]
     InstructionError(InstructionError),
+    #[error("Cross-program invocation with unauthorized signer or writable account")]
+    PrivilegeEscalation,
 }
 impl From<SyscallError> for EbpfError<BPFError> {
     fn from(error: SyscallError) -> Self {
@@ -69,6 +72,7 @@ const DEFAULT_HEAP_SIZE: usize = 32 * 1024;
 
 pub fn register_syscalls<'a>(
     vm: &mut EbpfVm<'a, BPFError>,
+    callers_keyed_accounts: &'a [KeyedAccount<'a>],
     invoke_context: &'a mut dyn InvokeContext,
 ) -> Result<MemoryRegion, EbpfError<BPFError>> {
     // Syscall function common across languages
@@ -83,12 +87,14 @@ pub fn register_syscalls<'a>(
         vm.register_syscall_with_context_ex(
             "sol_invoke_signed_c",
             Box::new(SyscallProcessSolInstructionC {
+                callers_keyed_accounts,
                 invoke_context: invoke_context.clone(),
             }),
         )?;
         vm.register_syscall_with_context_ex(
             "sol_invoke_signed_rust",
             Box::new(SyscallProcessInstructionRust {
+                callers_keyed_accounts,
                 invoke_context: invoke_context.clone(),
             }),
         )?;
@@ -301,6 +307,7 @@ pub type TranslatedAccounts<'a> = (Vec<Rc<RefCell<Account>>>, Vec<(&'a mut u64,
 /// Implemented by language specific data structure translators
 trait SyscallProcessInstruction<'a> {
     fn get_context_mut(&self) -> Result<RefMut<&'a mut dyn InvokeContext>, EbpfError<BPFError>>;
+    fn get_callers_keyed_accounts(&self) -> &'a [KeyedAccount<'a>];
     fn translate_instruction(
         &self,
         addr: u64,
@@ -325,6 +332,7 @@ trait SyscallProcessInstruction<'a> {
 
 /// Cross-program invocation called from Rust
 pub struct SyscallProcessInstructionRust<'a> {
+    callers_keyed_accounts: &'a [KeyedAccount<'a>],
     invoke_context: Rc<RefCell<&'a mut dyn InvokeContext>>,
 }
 impl<'a> SyscallProcessInstruction<'a> for SyscallProcessInstructionRust<'a> {
@@ -333,6 +341,9 @@ impl<'a> SyscallProcessInstruction<'a> for SyscallProcessInstructionRust<'a> {
             .try_borrow_mut()
             .map_err(|_| SyscallError::InvokeContextBorrowFailed.into())
     }
+    fn get_callers_keyed_accounts(&self) -> &'a [KeyedAccount<'a>] {
+        self.callers_keyed_accounts
+    }
     fn translate_instruction(
         &self,
         addr: u64,
@@ -519,6 +530,7 @@ struct SolSignerSeedsC {
 
 /// Cross-program invocation called from C
 pub struct SyscallProcessSolInstructionC<'a> {
+    callers_keyed_accounts: &'a [KeyedAccount<'a>],
     invoke_context: Rc<RefCell<&'a mut dyn InvokeContext>>,
 }
 impl<'a> SyscallProcessInstruction<'a> for SyscallProcessSolInstructionC<'a> {
@@ -527,7 +539,9 @@ impl<'a> SyscallProcessInstruction<'a> for SyscallProcessSolInstructionC<'a> {
             .try_borrow_mut()
             .map_err(|_| SyscallError::InvokeContextBorrowFailed.into())
     }
-
+    fn get_callers_keyed_accounts(&self) -> &'a [KeyedAccount<'a>] {
+        self.callers_keyed_accounts
+    }
     fn translate_instruction(
         &self,
         addr: u64,
@@ -673,6 +687,44 @@ impl<'a> SyscallObject<BPFError> for SyscallProcessSolInstructionC<'a> {
     }
 }
 
+fn verify_instruction<'a>(
+    syscall: &dyn SyscallProcessInstruction<'a>,
+    instruction: &Instruction,
+    signers: &[Pubkey],
+) -> Result<(), EbpfError<BPFError>> {
+    let callers_keyed_accounts = syscall.get_callers_keyed_accounts();
+
+    // Check for privilege escalation
+    for account in instruction.accounts.iter() {
+        let keyed_account = callers_keyed_accounts
+            .iter()
+            .find_map(|keyed_account| {
+                if &account.pubkey == keyed_account.unsigned_key() {
+                    Some(keyed_account)
+                } else {
+                    None
+                }
+            })
+            .ok_or(SyscallError::InstructionError(
+                InstructionError::MissingAccount,
+            ))?;
+        // Readonly account cannot become writable
+        if account.is_writable && !keyed_account.is_writable() {
+            return Err(SyscallError::PrivilegeEscalation.into());
+        }
+
+        if account.is_signer && // If message indicates account is signed
+        !( // one of the following needs to be true:
+            keyed_account.signer_key().is_some() // Signed in the parent instruction
+            || signers.contains(&account.pubkey) // Signed by the program
+        ) {
+            return Err(SyscallError::PrivilegeEscalation.into());
+        }
+    }
+
+    Ok(())
+}
+
 /// Call process instruction, common to both Rust and C
 fn call<'a>(
     syscall: &mut dyn SyscallProcessInstruction<'a>,
@@ -689,12 +741,19 @@ fn call<'a>(
     // Translate data passed from the VM
 
     let instruction = syscall.translate_instruction(instruction_addr, ro_regions)?;
-    let message = Message::new_with_payer(&[instruction], None);
-    let callee_program_id_index = message.instructions[0].program_id_index as usize;
-    let callee_program_id = message.account_keys[callee_program_id_index];
     let caller_program_id = invoke_context
         .get_caller()
         .map_err(SyscallError::InstructionError)?;
+    let signers = syscall.translate_signers(
+        caller_program_id,
+        signers_seeds_addr,
+        signers_seeds_len as usize,
+        ro_regions,
+    )?;
+    verify_instruction(syscall, &instruction, &signers)?;
+    let message = Message::new_with_payer(&[instruction], None);
+    let callee_program_id_index = message.instructions[0].program_id_index as usize;
+    let callee_program_id = message.account_keys[callee_program_id_index];
     let (accounts, refs) = syscall.translate_accounts(
         &message,
         account_infos_addr,
@@ -702,12 +761,6 @@ fn call<'a>(
         ro_regions,
         rw_regions,
     )?;
-    let signers = syscall.translate_signers(
-        caller_program_id,
-        signers_seeds_addr,
-        signers_seeds_len as usize,
-        ro_regions,
-    )?;
 
     // Process instruction
 
@@ -725,7 +778,6 @@ fn call<'a>(
         &message,
         &executable_accounts,
         &accounts,
-        &signers,
         *(&mut *invoke_context),
     ) {
         Ok(()) => (),

runtime/src/accounts_db.rs

@@ -1162,7 +1162,7 @@ impl AccountsDB {
         assert!(self.storage.read().unwrap().0.get(&remove_slot).is_none());
     }
 
-    pub fn hash_stored_account(slot: Slot, account: &StoredAccount) -> Hash {
+    pub fn hash_stored_account(slot: Slot, account: &StoredAccount, include_owner: bool) -> Hash {
         Self::hash_account_data(
             slot,
             account.account_meta.lamports,
@@ -1171,10 +1171,16 @@ impl AccountsDB {
             account.account_meta.rent_epoch,
             account.data,
             &account.meta.pubkey,
+            include_owner,
         )
     }
 
-    pub fn hash_account(slot: Slot, account: &Account, pubkey: &Pubkey) -> Hash {
+    pub fn hash_account(
+        slot: Slot,
+        account: &Account,
+        pubkey: &Pubkey,
+        include_owner: bool,
+    ) -> Hash {
         Self::hash_account_data(
             slot,
             account.lamports,
@@ -1183,6 +1189,7 @@ impl AccountsDB {
             account.rent_epoch,
             &account.data,
             pubkey,
+            include_owner,
         )
     }
 
@@ -1201,6 +1208,13 @@ impl AccountsDB {
         hasher.result()
     }
 
+    pub fn include_owner_in_hash(slot: Slot) -> bool {
+        // Account hashing will be updated to include owner at this slot on the devnet.
+        // For testnet, it fully transitioned already thanks to eager rent collection,
+        // so, this check is irrelevant, strictly speaking.
+        slot >= 5_800_000
+    }
+
     pub fn hash_account_data(
         slot: Slot,
         lamports: u64,
@@ -1209,6 +1223,7 @@ impl AccountsDB {
         rent_epoch: Epoch,
         data: &[u8],
         pubkey: &Pubkey,
+        include_owner: bool,
     ) -> Hash {
         if lamports == 0 {
             return Hash::default();
@@ -1234,7 +1249,10 @@ impl AccountsDB {
             hasher.hash(&[0u8; 1]);
         }
 
-        hasher.hash(&owner.as_ref());
+        if include_owner {
+            hasher.hash(&owner.as_ref());
+        }
+
         hasher.hash(&pubkey.as_ref());
 
         hasher.result()
@@ -1459,7 +1477,11 @@ impl AccountsDB {
                                 let account = store.accounts.get_account(account_info.offset)?.0;
 
                                 if check_hash {
-                                    let hash = Self::hash_stored_account(*slot, &account);
+                                    let hash = Self::hash_stored_account(
+                                        *slot,
+                                        &account,
+                                        Self::include_owner_in_hash(*slot),
+                                    );
                                     if hash != *account.hash {
                                         mismatch_found.fetch_add(1, Ordering::Relaxed);
                                         return None;
@@ -1691,7 +1713,7 @@ impl AccountsDB {
             .iter()
             .map(|(pubkey, account)| {
                 stats.update(account);
-                Self::hash_account(slot, account, pubkey)
+                Self::hash_account(slot, account, pubkey, Self::include_owner_in_hash(slot))
             })
             .collect();
 
@@ -3312,19 +3334,33 @@ pub mod tests {
             hash: &hash,
         };
         let account = stored_account.clone_account();
-        let expected_account_hash =
-            Hash::from_str("5iRNZVcAnq9JLYjSF2ibFhGEeq48r9Eq9HXxwm3BxywN").unwrap();
+        let expected_account_hash_without_owner =
+            Hash::from_str("GGTsxvxwnMsNfN6yYbBVQaRgvbVLfxeWnGXNyB8iXDyE").unwrap();
 
         assert_eq!(
-            AccountsDB::hash_stored_account(slot, &stored_account),
-            expected_account_hash,
+            AccountsDB::hash_stored_account(slot, &stored_account, false),
+            expected_account_hash_without_owner,
             "StoredAccount's data layout might be changed; update hashing if needed."
         );
         assert_eq!(
-            AccountsDB::hash_account(slot, &account, &stored_account.meta.pubkey),
-            expected_account_hash,
+            AccountsDB::hash_account(slot, &account, &stored_account.meta.pubkey, false),
+            expected_account_hash_without_owner,
             "Account-based hashing must be consistent with StoredAccount-based one."
         );
+
+        let expected_account_hash_with_owner =
+            Hash::from_str("5iRNZVcAnq9JLYjSF2ibFhGEeq48r9Eq9HXxwm3BxywN").unwrap();
+
+        assert_eq!(
+            AccountsDB::hash_stored_account(slot, &stored_account, true),
+            expected_account_hash_with_owner,
+            "StoredAccount's data layout might be changed; update hashing if needed (with owner)."
+        );
+        assert_eq!(
+            AccountsDB::hash_account(slot, &account, &stored_account.meta.pubkey, true),
+            expected_account_hash_with_owner,
+            "Account-based hashing must be consistent with StoredAccount-based one (with owner)."
+        );
     }
 
     #[test]
@@ -3463,7 +3499,7 @@ pub mod tests {
             for (key, account) in &accounts_keys {
                 assert_eq!(
                     db.load_account_hash(&ancestors, key),
-                    AccountsDB::hash_account(some_slot, &account, &key)
+                    AccountsDB::hash_account(some_slot, &account, &key, false)
                 );
             }
         }

runtime/src/bank.rs

@@ -936,6 +936,15 @@ impl Bank {
         &self.fee_rate_governor
     }
 
+    pub fn get_blockhash_last_valid_slot(&self, blockhash: &Hash) -> Option<Slot> {
+        let blockhash_queue = self.blockhash_queue.read().unwrap();
+        // This calculation will need to be updated to consider epoch boundaries if BlockhashQueue
+        // length is made variable by epoch
+        blockhash_queue
+            .get_hash_age(blockhash)
+            .map(|age| self.slot + blockhash_queue.len() as u64 - age)
+    }
+
     pub fn confirmed_last_blockhash(&self) -> (Hash, FeeCalculator) {
         const NUM_BLOCKHASH_CONFIRMATIONS: usize = 3;
 
@@ -6882,25 +6891,25 @@ mod tests {
             if bank.slot == 0 {
                 assert_eq!(
                     bank.hash().to_string(),
-                    "7MKHH6P7J5aQNN29Cr6aZQbEpQcXe8KTgchd4Suk9NCG"
+                    "hRgSMcWvZVveC8TqHHBfeU3h6vkPy6qzR5bHXfDTCyd"
                 );
             }
             if bank.slot == 32 {
                 assert_eq!(
                     bank.hash().to_string(),
-                    "3AxuV6GGcoqRi6pksN6btNEmeJCTesLbjgA88QZt9a8Q"
+                    "C2isNuN27FB9wVFpR1txa6SsXi94td6WSy7Va5deGpX5"
                 );
             }
             if bank.slot == 64 {
                 assert_eq!(
                     bank.hash().to_string(),
-                    "B32ZLAzeCW5FueeauiGYnujh8Efmxvpeac74W9JU68oB"
+                    "2FJC56qpMyDFNtCvbr1MhyR2bawrhLtViaLVoBEMbj1n"
                 );
             }
             if bank.slot == 128 {
                 assert_eq!(
                     bank.hash().to_string(),
-                    "A2tCz2EqryRZ7tHpw9H2918RZLCbqnSGzRWUqbnnESGz"
+                    "GUae7X3qX6aRu5UJ6MTRmPEUNi94GP6thagRi9uFRHpG"
                 );
                 break;
             }

runtime/src/blockhash_queue.rs

@@ -58,6 +58,12 @@ impl BlockhashQueue {
             .map(|age| self.hash_height - age.hash_height <= max_age as u64)
     }
 
+    pub fn get_hash_age(&self, hash: &Hash) -> Option<u64> {
+        self.ages
+            .get(hash)
+            .map(|age| self.hash_height - age.hash_height)
+    }
+
     /// check if hash is valid
     #[cfg(test)]
     pub fn check_hash(&self, hash: Hash) -> bool {
@@ -119,6 +125,10 @@ impl BlockhashQueue {
             .iter()
             .map(|(k, v)| recent_blockhashes::IterItem(v.hash_height, k, &v.fee_calculator))
     }
+
+    pub fn len(&self) -> usize {
+        self.max_age
+    }
 }
 #[cfg(test)]
 mod tests {

runtime/src/message_processor.rs

@@ -122,31 +122,6 @@ impl PreAccount {
         Ok(())
     }
 
-    pub fn verify_cross_program(
-        &self,
-        is_writable: bool,
-        is_signer: bool,
-        signers: &[Pubkey],
-        program_id: &Pubkey,
-        rent: &Rent,
-        post: &Account,
-    ) -> Result<(), InstructionError> {
-        // Readonly account cannot become writable
-        if is_writable && !self.is_writable {
-            return Err(InstructionError::WritableModified);
-        }
-
-        if is_signer && // If message indicates account is signed
-        !( // one of the following needs to be true:
-            self.is_signer // Signed in the original transaction
-            || signers.contains(&self.key) // Signed by the program
-        ) {
-            return Err(InstructionError::SignerModified);
-        }
-
-        self.verify(program_id, rent, post)
-    }
-
     pub fn update(&mut self, account: &Account) {
         self.lamports = account.lamports;
         if self.data.len() != account.data.len() {
@@ -213,7 +188,6 @@ impl InvokeContext for ThisInvokeContext {
         &mut self,
         message: &Message,
         instruction: &CompiledInstruction,
-        signers: &[Pubkey],
         accounts: &[Rc<RefCell<Account>>],
     ) -> Result<(), InstructionError> {
         match self.program_ids.last() {
@@ -221,10 +195,9 @@ impl InvokeContext for ThisInvokeContext {
                 message,
                 instruction,
                 &mut self.pre_accounts,
+                accounts,
                 key,
                 &self.rent,
-                signers,
-                accounts,
             ),
             None => Err(InstructionError::GenericError), // Should never happen
         }
@@ -353,13 +326,12 @@ impl MessageProcessor {
         message: &Message,
         executable_accounts: &[(Pubkey, RefCell<Account>)],
         accounts: &[Rc<RefCell<Account>>],
-        signers: &[Pubkey],
         invoke_context: &mut dyn InvokeContext,
     ) -> Result<(), InstructionError> {
         let instruction = &message.instructions[0];
 
         // Verify the calling program hasn't misbehaved
-        invoke_context.verify_and_update(message, instruction, signers, accounts)?;
+        invoke_context.verify_and_update(message, instruction, accounts)?;
 
         // Construct keyed accounts
         let keyed_accounts =
@@ -371,7 +343,7 @@ impl MessageProcessor {
             self.process_instruction(&keyed_accounts, &instruction.data, invoke_context);
         if result.is_ok() {
             // Verify the called program has not misbehaved
-            result = invoke_context.verify_and_update(message, instruction, signers, accounts);
+            result = invoke_context.verify_and_update(message, instruction, accounts);
         }
         invoke_context.pop();
 
@@ -419,7 +391,7 @@ impl MessageProcessor {
         pre_accounts: &[PreAccount],
         executable_accounts: &[(Pubkey, RefCell<Account>)],
         accounts: &[Rc<RefCell<Account>>],
-        rent_collector: &RentCollector,
+        rent: &Rent,
     ) -> Result<(), InstructionError> {
         // Verify all executable accounts have zero outstanding refs
         Self::verify_account_references(executable_accounts)?;
@@ -433,7 +405,7 @@ impl MessageProcessor {
                 let account = accounts[account_index]
                     .try_borrow_mut()
                     .map_err(|_| InstructionError::AccountBorrowOutstanding)?;
-                pre_accounts[unique_index].verify(&program_id, &rent_collector.rent, &account)?;
+                pre_accounts[unique_index].verify(&program_id, rent, &account)?;
                 pre_sum += u128::from(pre_accounts[unique_index].lamports());
                 post_sum += u128::from(account.lamports);
                 Ok(())
@@ -453,10 +425,9 @@ impl MessageProcessor {
         message: &Message,
         instruction: &CompiledInstruction,
         pre_accounts: &mut [PreAccount],
+        accounts: &[Rc<RefCell<Account>>],
         program_id: &Pubkey,
         rent: &Rent,
-        signers: &[Pubkey],
-        accounts: &[Rc<RefCell<Account>>],
     ) -> Result<(), InstructionError> {
         // Verify the per-account instruction results
         let (mut pre_sum, mut post_sum) = (0_u128, 0_u128);
@@ -471,14 +442,7 @@ impl MessageProcessor {
                         .try_borrow_mut()
                         .map_err(|_| InstructionError::AccountBorrowOutstanding)?;
 
-                    pre_account.verify_cross_program(
-                        message.is_writable(account_index),
-                        message.is_signer(account_index),
-                        signers,
-                        &program_id,
-                        &rent,
-                        &account,
-                    )?;
+                    pre_account.verify(&program_id, &rent, &account)?;
                     pre_sum += u128::from(pre_account.lamports());
                     post_sum += u128::from(account.lamports);
 
@@ -525,7 +489,7 @@ impl MessageProcessor {
             &invoke_context.pre_accounts,
             executable_accounts,
             accounts,
-            rent_collector,
+            &rent_collector.rent,
         )?;
         Ok(())
     }
@@ -622,7 +586,6 @@ mod tests {
                 .verify_and_update(
                     &message,
                     &message.instructions[0],
-                    &[],
                     &accounts[not_owned_index..owned_index + 1],
                 )
                 .unwrap();
@@ -638,7 +601,6 @@ mod tests {
                 invoke_context.verify_and_update(
                     &message,
                     &message.instructions[0],
-                    &[],
                     &accounts[not_owned_index..owned_index + 1],
                 ),
                 Err(InstructionError::ExternalAccountDataModified)
@@ -685,23 +647,16 @@ mod tests {
         );
     }
 
-    struct Change<'a> {
+    struct Change {
         program_id: Pubkey,
-        message_is_writable: bool,
-        message_is_signer: bool,
-        signers: &'a [Pubkey],
         rent: Rent,
         pre: PreAccount,
         post: Account,
     }
-    impl<'a> Change<'a> {
+    impl Change {
         pub fn new(owner: &Pubkey, program_id: &Pubkey) -> Self {
             Self {
-                // key: Pubkey::new_rand(),
                 program_id: *program_id,
-                message_is_writable: false,
-                message_is_signer: false,
-                signers: &[],
                 rent: Rent::default(),
                 pre: PreAccount::new(
                     &Pubkey::new_rand(),
@@ -721,26 +676,10 @@ mod tests {
                 },
             }
         }
-        pub fn new_cross_program(owner: &Pubkey, program_id: &Pubkey, key: &Pubkey) -> Self {
-            let mut change = Change::new(owner, program_id);
-            change.pre.key = *key;
-            change
-        }
         pub fn read_only(mut self) -> Self {
             self.pre.is_writable = false;
             self
         }
-        pub fn writable(mut self, pre: bool, message_is_writable: bool) -> Self {
-            self.pre.is_writable = pre;
-            self.message_is_writable = message_is_writable;
-            self
-        }
-        pub fn signer(mut self, pre: bool, message_is_signer: bool, signers: &'a [Pubkey]) -> Self {
-            self.pre.is_signer = pre;
-            self.message_is_signer = message_is_signer;
-            self.signers = signers;
-            self
-        }
         pub fn executable(mut self, pre: bool, post: bool) -> Self {
             self.pre.is_executable = pre;
             self.post.executable = post;
@@ -768,16 +707,6 @@ mod tests {
         pub fn verify(&self) -> Result<(), InstructionError> {
             self.pre.verify(&self.program_id, &self.rent, &self.post)
         }
-        pub fn verify_cross_program(&self) -> Result<(), InstructionError> {
-            self.pre.verify_cross_program(
-                self.message_is_writable,
-                self.message_is_signer,
-                self.signers,
-                &self.program_id,
-                &self.rent,
-                &self.post,
-            )
-        }
     }
 
     #[test]
@@ -940,59 +869,6 @@ mod tests {
         );
     }
 
-    #[test]
-    fn test_verify_account_changes_writable() {
-        let owner = Pubkey::new_rand();
-        let system_program_id = system_program::id();
-
-        assert_eq!(
-            Change::new(&owner, &system_program_id)
-                .writable(true, false)
-                .verify_cross_program(),
-            Ok(()),
-            "account can we changed to readonly"
-        );
-
-        assert_eq!(
-            Change::new(&owner, &system_program_id)
-                .writable(false, true)
-                .verify_cross_program(),
-            Err(InstructionError::WritableModified),
-            "account cannot be changed to writable"
-        );
-    }
-
-    #[test]
-    fn test_verify_account_changes_signer() {
-        let owner = Pubkey::new_rand();
-        let system_program_id = system_program::id();
-        let key = Pubkey::new_rand();
-
-        assert_eq!(
-            Change::new_cross_program(&owner, &system_program_id, &key)
-                .signer(false, true, &[key])
-                .verify_cross_program(),
-            Ok(()),
-            "account signed by a signer"
-        );
-
-        assert_eq!(
-            Change::new_cross_program(&owner, &system_program_id, &key)
-                .signer(false, true, &[])
-                .verify_cross_program(),
-            Err(InstructionError::SignerModified),
-            "account cannot be changed to signed if no signer"
-        );
-
-        assert_eq!(
-            Change::new_cross_program(&owner, &system_program_id, &key)
-                .signer(false, true, &[Pubkey::new_rand(), Pubkey::new_rand()])
-                .verify_cross_program(),
-            Err(InstructionError::SignerModified),
-            "account cannot be changed to signed if no signer exists"
-        );
-    }
-
     #[test]
     fn test_verify_account_changes_data_len() {
         let alice_program_id = Pubkey::new_rand();
@@ -1446,7 +1322,6 @@ mod tests {
                 &message,
                 &executable_accounts,
                 &accounts,
-                &[],
                 &mut invoke_context,
             ),
             Err(InstructionError::ExternalAccountDataModified)
@@ -1474,7 +1349,6 @@ mod tests {
                     &message,
                     &executable_accounts,
                     &accounts,
-                    &[],
                     &mut invoke_context,
                 ),
                 case.1

sdk/docker-solana/build.sh

@@ -21,7 +21,7 @@ fi
 cd "$(dirname "$0")"
 rm -rf usr/
 ../../ci/docker-run.sh "$rust_stable_docker_image" \
-  scripts/cargo-install-all.sh sdk/docker-solana/usr
+  scripts/cargo-install-all.sh --use-move sdk/docker-solana/usr
 
 cp -f ../../run.sh usr/bin/solana-run.sh
 

sdk/src/entrypoint_native.rs

@@ -154,7 +154,6 @@ pub trait InvokeContext {
         &mut self,
         message: &Message,
         instruction: &CompiledInstruction,
-        signers: &[Pubkey],
         accounts: &[Rc<RefCell<Account>>],
     ) -> Result<(), InstructionError>;
     fn get_caller(&self) -> Result<&Pubkey, InstructionError>;

sdk/src/instruction.rs

@@ -140,14 +140,6 @@ pub enum InstructionError {
     #[error("Unsupported program id")]
     UnsupportedProgramId,
 
-    /// Writable bit on account info changed, but shouldn't have
-    #[error("Writable bit on account info changed, but shouldn't have")]
-    WritableModified,
-
-    /// Signer bit on account info changed, but shouldn't have
-    #[error("Signer bit on account info changed, but shouldn't have")]
-    SignerModified,
-
     /// Cross-program invocation call depth too deep
     #[error("Cross-program invocation call depth too deep")]
     CallDepth,