Line data Source code
1 : #ifndef HEADER_fd_src_disco_pack_fd_compute_budget_program_h
2 : #define HEADER_fd_src_disco_pack_fd_compute_budget_program_h
3 :
4 : #include "../../ballet/fd_ballet_base.h"
5 : #include "../../ballet/txn/fd_txn.h"
6 :
7 : /* This header contains utility functions for parsing compute budget
8 : program instructions from a transaction. I.e. given a transaction,
9 : what is its compute budget limit (in compute units) and what is the
10 : additional reward for including it? Unfortunately, due to the way
11 : compute budget program instructions are included in transactions,
12 : this is a per-transaction stateful process.
13 :
14 : This code is designed for high-performance use and so only error
15 : checks data coming from the transaction. */
16 :
17 :
18 : /* In general, compute budget instructions can occur at most once in a
19 : transaction. If an instruction is duplicated, the transaction is
20 : malformed and fails. These flags are used to keep track of what
21 : instructions have been seen so far. Have I seen a ... */
22 1436496 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU ((ushort)0x01) /* ... SetComputeUnitLimit ... */
23 1436484 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE ((ushort)0x02) /* ... SetComputeUnitPrice ... */
24 21 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP ((ushort)0x04) /* ... RequestHeapFrame ... */
25 1436448 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ ((ushort)0x08) /* ... LoadedAccountDataSize ... */
26 : /* ... so far? */
27 :
28 :
29 : /* NOTE: THE FOLLOWING CONSTANTS ARE CONSENSUS CRITICAL AND CANNOT BE
30 : CHANGED WITHOUT COORDINATING WITH ANZA. */
31 :
32 : /* base58 decode of ComputeBudget111111111111111111111111111111 */
33 : static const uchar FD_COMPUTE_BUDGET_PROGRAM_ID[FD_TXN_ACCT_ADDR_SZ] = {
34 : 0x03,0x06,0x46,0x6f,0xe5,0x21,0x17,0x32,0xff,0xec,0xad,0xba,0x72,0xc3,0x9b,0xe7,
35 : 0xbc,0x8c,0xe5,0xbb,0xc5,0xf7,0x12,0x6b,0x2c,0x43,0x9b,0x3a,0x40,0x00,0x00,0x00
36 : };
37 :
38 : /* Any requests for larger heap frames must be a multiple of 1k or the
39 : transaction is malformed. */
40 21 : #define FD_COMPUTE_BUDGET_HEAP_FRAME_GRANULARITY ( 1024UL)
41 : /* SetComputeUnitPrice specifies the price in "micro-lamports," which is
42 : 10^(-6) lamports, so 10^(-15) SOL. */
43 95471754 : #define FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT ( 1000000UL)
44 :
45 12202350 : #define FD_COMPUTE_BUDGET_MAX_BUILTIN_CU_LIMIT ( 3000UL)
46 12202350 : #define FD_COMPUTE_BUDGET_DEFAULT_INSTR_CU_LIMIT ( 200000UL)
47 15075318 : #define FD_COMPUTE_BUDGET_MAX_CU_LIMIT ( 1400000UL)
48 13638822 : #define FD_COMPUTE_BUDGET_HEAP_COST ( 8UL)
49 27277644 : #define FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE (32UL * 1024UL)
50 :
51 : /* Max loaded data size is 64 MiB */
52 13638837 : #define FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ (64UL*1024UL*1024UL)
53 :
54 : /* ---- End consensus-critical constants */
55 :
56 :
57 : struct fd_compute_budget_program_private_state {
58 : /* flags: Which instructions have been parsed so far in this transaction? See
59 : above for their meaning. */
60 : ushort flags;
61 : /* compute_budge_instr_cnt: How many compute budget instructions have been
62 : parsed so far? compute_budget_instr_cnt in [0, 4]. */
63 : ushort compute_budget_instr_cnt;
64 : /* compute_units: if SET_CU is in flags, this stores the total requested
65 : compute units for the whole transaction. Otherwise 0. Realistically should
66 : be less than 12M, but there's nothing enforcing that at this stage. */
67 : uint compute_units;
68 : /* loaded_acct_data_sz: if SET_LOADED_DATA_SZ is in flags, this stores
69 : the max total data (in bytes) that the transaction will load from
70 : the accounts it references. Otherwise, 0. */
71 : uint loaded_acct_data_sz;
72 : /* heap_size: if SET_HEAP is in flags, this stores the size in bytes of the
73 : BPF heap used for executing this transaction. Otherwise, 0. Must be a
74 : multiple of 1024. */
75 : uint heap_size;
76 : /* micro_lamports_per_cu: if SET_FEE is in flags, this stores the
77 : requested prioritization fee in micro-lamports per compute unit.
78 : Otherwise, 0. */
79 : ulong micro_lamports_per_cu;
80 : };
81 : typedef struct fd_compute_budget_program_private_state fd_compute_budget_program_state_t;
82 :
83 : /* fd_compute_budge_program_init: initializes an
84 : fd_compute_budget_program_state_t to prepare it for parsing a transaction.
85 : Also equivalent to just initializing the state on the stack with = {0}. */
86 13638861 : static inline void fd_compute_budget_program_init( fd_compute_budget_program_state_t * state ) {
87 13638861 : *state = (fd_compute_budget_program_state_t) {0};
88 13638861 : }
89 : /* fd_compute_budget_program_parse: Parses a single ComputeBudgetProgram
90 : instruction. Updates the state stored in state. Returns 0 if the
91 : instruction was invalid, which means the transaction should fail.
92 : instr_data points to the first byte of the instruction data from the
93 : transaction. data_sz specifies the length of the instruction data, so
94 : instr_data[ i ] for i in [0, data_sz) gives the instruction data. */
95 : static inline int
96 : fd_compute_budget_program_parse( uchar const * instr_data,
97 : ulong data_sz,
98 4309479 : fd_compute_budget_program_state_t * state ) {
99 4309479 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
100 4309479 : switch( *instr_data ) {
101 18 : case 0:
102 : /* Formerly RequestUnitsDeprecated, but invalid since
103 : EfhYd3SafzGT472tYQDUc4dPd2xdEfKs5fwkowUgVt4W. */
104 18 : return 0;
105 21 : case 1:
106 : /* Parse a RequestHeapFrame instruction */
107 21 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
108 21 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP)!=0 ) ) return 0;
109 21 : state->heap_size = FD_LOAD( uint, instr_data+1 );
110 21 : if( (state->heap_size%FD_COMPUTE_BUDGET_HEAP_FRAME_GRANULARITY) ) return 0;
111 21 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP;
112 21 : state->compute_budget_instr_cnt++;
113 21 : return 1;
114 1436499 : case 2:
115 : /* Parse a SetComputeUnitLimit instruction */
116 1436499 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
117 1436499 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU)!=0 ) ) return 0;
118 1436496 : state->compute_units = FD_LOAD( uint, instr_data+1 );
119 1436496 : state->compute_units = fd_uint_min( state->compute_units, FD_COMPUTE_BUDGET_MAX_CU_LIMIT );
120 1436496 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU;
121 1436496 : state->compute_budget_instr_cnt++;
122 1436496 : return 1;
123 1436487 : case 3:
124 : /* Parse a SetComputeUnitPrice instruction */
125 1436487 : if( FD_UNLIKELY( data_sz<9 ) ) return 0;
126 1436487 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE)!=0 ) ) return 0;
127 1436484 : state->micro_lamports_per_cu = FD_LOAD( ulong, instr_data+1 );
128 1436484 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE;
129 1436484 : state->compute_budget_instr_cnt++;
130 1436484 : return 1;
131 1436451 : case 4:
132 : /* Parse a SetLoadedAccountsDataSizeLimit instruction */
133 1436451 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
134 1436451 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ)!=0 ) ) return 0;
135 1436448 : state->loaded_acct_data_sz = FD_LOAD( uint, instr_data+1 );
136 1436448 : if( FD_UNLIKELY( state->loaded_acct_data_sz==0U ) ) return 0;
137 1436448 : state->loaded_acct_data_sz = fd_uint_min( state->loaded_acct_data_sz, FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ );
138 1436448 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ;
139 1436448 : state->compute_budget_instr_cnt++;
140 1436448 : return 1;
141 3 : default:
142 3 : return 0;
143 4309479 : }
144 4309479 : }
145 :
146 : /* fd_compute_budget_program_finalize: digests the state that resulted
147 : from processing all of the ComputeBudgetProgram instructions in a
148 : transaction to compute the total priority rewards for the
149 : transaction. state must point to a previously initialized
150 : fd_compute_budget_program_state_t. instr_cnt is the total number of
151 : instructions in the transaction, including ComputeBudgetProgram
152 : instructions. builtin_instr_cnt is the total number of builtin
153 : instructions in the transaction. The set of builtin instructions is
154 : dependent on both the agave codebase and active feature flags. This
155 : codebase uses a hardcoded list of instructions that should be updated
156 : to exclude instructions as they are migrated to non-builtin status.
157 : out_rewards and out_compute must be non-null. The total priority
158 : rewards for the transaction (i.e. not counting the per-signature fee)
159 : is stored in out_rewards. The maximum number of compute units this
160 : transaction can consume is stored in out_compute. If the transaction
161 : execution has not completed by this limit, it is terminated and
162 : considered failed. */
163 : static inline void
164 : fd_compute_budget_program_finalize( fd_compute_budget_program_state_t const * state,
165 : ulong instr_cnt,
166 : ulong builtin_instr_cnt,
167 : ulong * out_rewards,
168 : uint * out_compute,
169 13638822 : ulong * out_loaded_account_data_cost ) {
170 13638822 : ulong cu_limit = 0UL;
171 13638822 : if( FD_LIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU)==0U ) ) {
172 : /* Use default compute limit */
173 12202350 : cu_limit = (instr_cnt - builtin_instr_cnt) * FD_COMPUTE_BUDGET_DEFAULT_INSTR_CU_LIMIT + builtin_instr_cnt * FD_COMPUTE_BUDGET_MAX_BUILTIN_CU_LIMIT;
174 12202350 : } else cu_limit = state->compute_units;
175 :
176 13638822 : cu_limit = fd_ulong_min( cu_limit, FD_COMPUTE_BUDGET_MAX_CU_LIMIT );
177 :
178 13638822 : *out_compute = (uint)cu_limit;
179 :
180 13638822 : ulong loaded_accounts_data_size = 0UL;
181 13638822 : if( FD_LIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ)==0U ) ) {
182 : /* Use default loaded account data size */
183 12202389 : loaded_accounts_data_size = FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ;
184 12202389 : } else loaded_accounts_data_size = state->loaded_acct_data_sz;
185 :
186 : /* https://github.com/firedancer-io/agave/blob/927c6d30ed5e1baea30c06ebf2aa0c9bae0e1dd1/sdk/fee-structure/src/lib.rs#L122-L129
187 :
188 : loaded_accounts_data_size <= FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ
189 : means no overflow */
190 13638822 : ulong loaded_accounts_data_cost = FD_COMPUTE_BUDGET_HEAP_COST * ( (
191 13638822 : loaded_accounts_data_size + ( FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE - 1UL )
192 13638822 : ) / FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE );
193 13638822 : *out_loaded_account_data_cost = loaded_accounts_data_cost;
194 :
195 13638822 : ulong total_fee = 0UL;
196 :
197 : /* We need to compute max(ceil((cu_limit * micro_lamports_per_cu)/10^6),
198 : ULONG_MAX). Unfortunately, the product can overflow. Solana solves
199 : this by doing the arithmetic with ultra-wide integers, but that puts a
200 : 128-bit division on the critical path. Gross. It's frustrating because
201 : the overflow case likely results in a transaction that's so expensive
202 : nobody can afford it anyways, but we should not break compatibility with
203 : Solana over this. Instead we'll do the arithmetic carefully:
204 : Let cu_limit = c_h*10^6 + c_l, where 0 <= c_l < 10^6.
205 : Similarly, let micro_lamports_per_cu = p_h*10^6 + p_l, where
206 : 0 <= p_l < 10^6. Since cu_limit < 2^32, c_h < 2^13;
207 : micro_lamports_per_cu < 2^64, so p_h<2^45.
208 :
209 : ceil( (cu_limit * micro_lamports_per_cu)/10^6)
210 : = ceil( ((c_h*10^6+c_l)*(p_h*10^6+p_l))/10^6 )
211 : = c_h*p_h*10^6 + c_h*p_l + c_l*p_h + ceil( (c_l*p_l)/10^6 )
212 : c_h*p_h < 2^58, so we can compute it with normal multiplication.
213 : If c_h*p_h > floor(ULONG_MAX/10^6), then we know c_h*p_h*10^6 will hit
214 : the saturation point. The "cross" terms are less than 2^64 by
215 : construction (since we divided by 10^6 and then multiply by something
216 : strictly less than 10^6). c_l*p_l < 10^12 < 2^40, so that's safe as
217 : well.
218 : In fact, the sum of the right three terms is no larger than:
219 : floor((2^32-1)/10^6)*(10^6-1) + (10^6-1)*floor((2^64-1)/10^6) + 10^6-1
220 : == 0xffffef3a08574e4c < 2^64, so we can do the additions without
221 : worrying about overflow.
222 : Of course, we still need to check the final addition of the first term
223 : with the remaining terms. As a bonus, all of the divisions can now be
224 : done via "magic multiplication."
225 :
226 : Note that this computation was done before I was aware of the
227 : 1.4M CU limit. Taking that limit into account could make the
228 : code a little cleaner, but we'll just keep the version that
229 : supports CU limits up to UINT_MAX, since I'm sure the limit will
230 : go up someday. */
231 13638822 : do {
232 13638822 : ulong c_h = cu_limit / FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
233 13638822 : ulong c_l = cu_limit % FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
234 13638822 : ulong p_h = state->micro_lamports_per_cu / FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
235 13638822 : ulong p_l = state->micro_lamports_per_cu % FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
236 :
237 13638822 : ulong hh = c_h * p_h;
238 13638822 : if( FD_UNLIKELY( hh>(ULONG_MAX/FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT) ) ) {
239 0 : total_fee = ULONG_MAX;
240 0 : break;
241 0 : }
242 13638822 : hh *= FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
243 :
244 13638822 : ulong hl = c_h*p_l + c_l*p_h;
245 13638822 : ulong ll = (c_l*p_l + FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT - 1UL)/FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
246 13638822 : ulong right_three_terms = hl + ll;
247 :
248 13638822 : total_fee = hh + right_three_terms;
249 13638822 : if( FD_UNLIKELY( total_fee<hh ) ) total_fee = ULONG_MAX;
250 13638822 : } while( 0 );
251 0 : *out_rewards = total_fee;
252 13638822 : }
253 :
254 : #endif /* HEADER_fd_src_disco_pack_fd_compute_budget_program_h */
|
