Line data Source code
1 : #ifndef HEADER_fd_src_ballet_pack_fd_compute_budget_program_h
2 : #define HEADER_fd_src_ballet_pack_fd_compute_budget_program_h
3 : #include "../../ballet/fd_ballet_base.h"
4 : #include "../../ballet/txn/fd_txn.h"
5 :
6 : /* This header contains utility functions for parsing compute budget
7 : program instructions from a transaction. I.e. given a transaction,
8 : what is its compute budget limit (in compute units) and what is the
9 : additional reward for including it? Unfortunately, due to the way
10 : compute budget program instructions are included in transactions,
11 : this is a per-transaction stateful process.
12 :
13 : This code is designed for high-performance use and so only error
14 : checks data coming from the transaction. */
15 :
16 :
17 : /* In general, compute budget instructions can occur at most once in a
18 : transaction. If an instruction is duplicated, the transaction is
19 : malformed and fails. These flags are used to keep track of what
20 : instructions have been seen so far. Have I seen a ... */
21 1436496 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU ((ushort)0x01) /* ... SetComputeUnitLimit ... */
22 1436484 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE ((ushort)0x02) /* ... SetComputeUnitPrice ... */
23 21 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP ((ushort)0x04) /* ... RequestHeapFrame ... */
24 1436448 : #define FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ ((ushort)0x08) /* ... LoadedAccountDataSize ... */
25 : /* ... so far? */
26 :
27 :
28 : /* NOTE: THE FOLLOWING CONSTANTS ARE CONSENSUS CRITICAL AND CANNOT BE
29 : CHANGED WITHOUT COORDINATING WITH ANZA. */
30 :
31 : /* base58 decode of ComputeBudget111111111111111111111111111111 */
32 : static const uchar FD_COMPUTE_BUDGET_PROGRAM_ID[FD_TXN_ACCT_ADDR_SZ] = {
33 : 0x03,0x06,0x46,0x6f,0xe5,0x21,0x17,0x32,0xff,0xec,0xad,0xba,0x72,0xc3,0x9b,0xe7,
34 : 0xbc,0x8c,0xe5,0xbb,0xc5,0xf7,0x12,0x6b,0x2c,0x43,0x9b,0x3a,0x40,0x00,0x00,0x00
35 : };
36 :
37 : /* Any requests for larger heap frames must be a multiple of 1k or the
38 : transaction is malformed. */
39 21 : #define FD_COMPUTE_BUDGET_HEAP_FRAME_GRANULARITY ( 1024UL)
40 : /* SetComputeUnitPrice specifies the price in "micro-lamports," which is
41 : 10^(-6) lamports, so 10^(-15) SOL. */
42 95471754 : #define FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT ( 1000000UL)
43 :
44 12202350 : #define FD_COMPUTE_BUDGET_MAX_BUILTIN_CU_LIMIT ( 3000UL)
45 12202350 : #define FD_COMPUTE_BUDGET_DEFAULT_INSTR_CU_LIMIT ( 200000UL)
46 15075318 : #define FD_COMPUTE_BUDGET_MAX_CU_LIMIT ( 1400000UL)
47 13638822 : #define FD_COMPUTE_BUDGET_HEAP_COST ( 8UL)
48 27277644 : #define FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE (32UL * 1024UL)
49 :
50 : /* Max loaded data size is 64 MiB */
51 13638837 : #define FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ (64UL*1024UL*1024UL)
52 :
53 : /* ---- End consensus-critical constants */
54 :
55 :
56 : struct fd_compute_budget_program_private_state {
57 : /* flags: Which instructions have been parsed so far in this transaction? See
58 : above for their meaning. */
59 : ushort flags;
60 : /* compute_budge_instr_cnt: How many compute budget instructions have been
61 : parsed so far? compute_budget_instr_cnt in [0, 4]. */
62 : ushort compute_budget_instr_cnt;
63 : /* compute_units: if SET_CU is in flags, this stores the total requested
64 : compute units for the whole transaction. Otherwise 0. Realistically should
65 : be less than 12M, but there's nothing enforcing that at this stage. */
66 : uint compute_units;
67 : /* loaded_acct_data_sz: if SET_LOADED_DATA_SZ is in flags, this stores
68 : the max total data (in bytes) that the transaction will load from
69 : the accounts it references. Otherwise, 0. */
70 : uint loaded_acct_data_sz;
71 : /* heap_size: if SET_HEAP is in flags, this stores the size in bytes of the
72 : BPF heap used for executing this transaction. Otherwise, 0. Must be a
73 : multiple of 1024. */
74 : uint heap_size;
75 : /* micro_lamports_per_cu: if SET_FEE is in flags, this stores the
76 : requested prioritization fee in micro-lamports per compute unit.
77 : Otherwise, 0. */
78 : ulong micro_lamports_per_cu;
79 : };
80 : typedef struct fd_compute_budget_program_private_state fd_compute_budget_program_state_t;
81 :
82 : /* fd_compute_budge_program_init: initializes an
83 : fd_compute_budget_program_state_t to prepare it for parsing a transaction.
84 : Also equivalent to just initializing the state on the stack with = {0}. */
85 13638861 : static inline void fd_compute_budget_program_init( fd_compute_budget_program_state_t * state ) {
86 13638861 : *state = (fd_compute_budget_program_state_t) {0};
87 13638861 : }
88 : /* fd_compute_budget_program_parse: Parses a single ComputeBudgetProgram
89 : instruction. Updates the state stored in state. Returns 0 if the
90 : instruction was invalid, which means the transaction should fail.
91 : instr_data points to the first byte of the instruction data from the
92 : transaction. data_sz specifies the length of the instruction data, so
93 : instr_data[ i ] for i in [0, data_sz) gives the instruction data. */
94 : static inline int
95 : fd_compute_budget_program_parse( uchar const * instr_data,
96 : ulong data_sz,
97 4309479 : fd_compute_budget_program_state_t * state ) {
98 4309479 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
99 4309479 : switch( *instr_data ) {
100 18 : case 0:
101 : /* Formerly RequestUnitsDeprecated, but invalid since
102 : EfhYd3SafzGT472tYQDUc4dPd2xdEfKs5fwkowUgVt4W. */
103 18 : return 0;
104 21 : case 1:
105 : /* Parse a RequestHeapFrame instruction */
106 21 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
107 21 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP)!=0 ) ) return 0;
108 21 : state->heap_size = FD_LOAD( uint, instr_data+1 );
109 21 : if( (state->heap_size%FD_COMPUTE_BUDGET_HEAP_FRAME_GRANULARITY) ) return 0;
110 21 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_HEAP;
111 21 : state->compute_budget_instr_cnt++;
112 21 : return 1;
113 1436499 : case 2:
114 : /* Parse a SetComputeUnitLimit instruction */
115 1436499 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
116 1436499 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU)!=0 ) ) return 0;
117 1436496 : state->compute_units = FD_LOAD( uint, instr_data+1 );
118 1436496 : state->compute_units = fd_uint_min( state->compute_units, FD_COMPUTE_BUDGET_MAX_CU_LIMIT );
119 1436496 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU;
120 1436496 : state->compute_budget_instr_cnt++;
121 1436496 : return 1;
122 1436487 : case 3:
123 : /* Parse a SetComputeUnitPrice instruction */
124 1436487 : if( FD_UNLIKELY( data_sz<9 ) ) return 0;
125 1436487 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE)!=0 ) ) return 0;
126 1436484 : state->micro_lamports_per_cu = FD_LOAD( ulong, instr_data+1 );
127 1436484 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_FEE;
128 1436484 : state->compute_budget_instr_cnt++;
129 1436484 : return 1;
130 1436451 : case 4:
131 : /* Parse a SetLoadedAccountsDataSizeLimit instruction */
132 1436451 : if( FD_UNLIKELY( data_sz<5 ) ) return 0;
133 1436451 : if( FD_UNLIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ)!=0 ) ) return 0;
134 1436448 : state->loaded_acct_data_sz = FD_LOAD( uint, instr_data+1 );
135 1436448 : if( FD_UNLIKELY( state->loaded_acct_data_sz==0U ) ) return 0;
136 1436448 : state->loaded_acct_data_sz = fd_uint_min( state->loaded_acct_data_sz, FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ );
137 1436448 : state->flags |= FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ;
138 1436448 : state->compute_budget_instr_cnt++;
139 1436448 : return 1;
140 3 : default:
141 3 : return 0;
142 4309479 : }
143 4309479 : }
144 :
145 : /* fd_compute_budget_program_finalize: digests the state that resulted
146 : from processing all of the ComputeBudgetProgram instructions in a
147 : transaction to compute the total priority rewards for the
148 : transaction. state must point to a previously initialized
149 : fd_compute_budget_program_state_t. instr_cnt is the total number of
150 : instructions in the transaction, including ComputeBudgetProgram
151 : instructions. builtin_instr_cnt is the total number of builtin
152 : instructions in the transaction. The set of builtin instructions is
153 : dependent on both the agave codebase and active feature flags. This
154 : codebase uses a hardcoded list of instructions that should be updated
155 : to exclude instructions as they are migrated to non-builtin status.
156 : out_rewards and out_compute must be non-null. The total priority
157 : rewards for the transaction (i.e. not counting the per-signature fee)
158 : is stored in out_rewards. The maximum number of compute units this
159 : transaction can consume is stored in out_compute. If the transaction
160 : execution has not completed by this limit, it is terminated and
161 : considered failed. */
162 : static inline void
163 : fd_compute_budget_program_finalize( fd_compute_budget_program_state_t const * state,
164 : ulong instr_cnt,
165 : ulong builtin_instr_cnt,
166 : ulong * out_rewards,
167 : uint * out_compute,
168 13638822 : ulong * out_loaded_account_data_cost ) {
169 13638822 : ulong cu_limit = 0UL;
170 13638822 : if( FD_LIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_CU)==0U ) ) {
171 : /* Use default compute limit */
172 12202350 : cu_limit = (instr_cnt - builtin_instr_cnt) * FD_COMPUTE_BUDGET_DEFAULT_INSTR_CU_LIMIT + builtin_instr_cnt * FD_COMPUTE_BUDGET_MAX_BUILTIN_CU_LIMIT;
173 12202350 : } else cu_limit = state->compute_units;
174 :
175 13638822 : cu_limit = fd_ulong_min( cu_limit, FD_COMPUTE_BUDGET_MAX_CU_LIMIT );
176 :
177 13638822 : *out_compute = (uint)cu_limit;
178 :
179 13638822 : ulong loaded_accounts_data_size = 0UL;
180 13638822 : if( FD_LIKELY( (state->flags & FD_COMPUTE_BUDGET_PROGRAM_FLAG_SET_LOADED_DATA_SZ)==0U ) ) {
181 : /* Use default loaded account data size */
182 12202389 : loaded_accounts_data_size = FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ;
183 12202389 : } else loaded_accounts_data_size = state->loaded_acct_data_sz;
184 :
185 : /* https://github.com/firedancer-io/agave/blob/927c6d30ed5e1baea30c06ebf2aa0c9bae0e1dd1/sdk/fee-structure/src/lib.rs#L122-L129
186 :
187 : loaded_accounts_data_size <= FD_COMPUTE_BUDGET_MAX_LOADED_DATA_SZ
188 : means no overflow */
189 13638822 : ulong loaded_accounts_data_cost = FD_COMPUTE_BUDGET_HEAP_COST * ( (
190 13638822 : loaded_accounts_data_size + ( FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE - 1UL )
191 13638822 : ) / FD_COMPUTE_BUDGET_ACCOUNT_DATA_COST_PAGE_SIZE );
192 13638822 : *out_loaded_account_data_cost = loaded_accounts_data_cost;
193 :
194 13638822 : ulong total_fee = 0UL;
195 :
196 : /* We need to compute max(ceil((cu_limit * micro_lamports_per_cu)/10^6),
197 : ULONG_MAX). Unfortunately, the product can overflow. Solana solves
198 : this by doing the arithmetic with ultra-wide integers, but that puts a
199 : 128-bit division on the critical path. Gross. It's frustrating because
200 : the overflow case likely results in a transaction that's so expensive
201 : nobody can afford it anyways, but we should not break compatibility with
202 : Solana over this. Instead we'll do the arithmetic carefully:
203 : Let cu_limit = c_h*10^6 + c_l, where 0 <= c_l < 10^6.
204 : Similarly, let micro_lamports_per_cu = p_h*10^6 + p_l, where
205 : 0 <= p_l < 10^6. Since cu_limit < 2^32, c_h < 2^13;
206 : micro_lamports_per_cu < 2^64, so p_h<2^45.
207 :
208 : ceil( (cu_limit * micro_lamports_per_cu)/10^6)
209 : = ceil( ((c_h*10^6+c_l)*(p_h*10^6+p_l))/10^6 )
210 : = c_h*p_h*10^6 + c_h*p_l + c_l*p_h + ceil( (c_l*p_l)/10^6 )
211 : c_h*p_h < 2^58, so we can compute it with normal multiplication.
212 : If c_h*p_h > floor(ULONG_MAX/10^6), then we know c_h*p_h*10^6 will hit
213 : the saturation point. The "cross" terms are less than 2^64 by
214 : construction (since we divided by 10^6 and then multiply by something
215 : strictly less than 10^6). c_l*p_l < 10^12 < 2^40, so that's safe as
216 : well.
217 : In fact, the sum of the right three terms is no larger than:
218 : floor((2^32-1)/10^6)*(10^6-1) + (10^6-1)*floor((2^64-1)/10^6) + 10^6-1
219 : == 0xffffef3a08574e4c < 2^64, so we can do the additions without
220 : worrying about overflow.
221 : Of course, we still need to check the final addition of the first term
222 : with the remaining terms. As a bonus, all of the divisions can now be
223 : done via "magic multiplication."
224 :
225 : Note that this computation was done before I was aware of the
226 : 1.4M CU limit. Taking that limit into account could make the
227 : code a little cleaner, but we'll just keep the version that
228 : supports CU limits up to UINT_MAX, since I'm sure the limit will
229 : go up someday. */
230 13638822 : do {
231 13638822 : ulong c_h = cu_limit / FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
232 13638822 : ulong c_l = cu_limit % FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
233 13638822 : ulong p_h = state->micro_lamports_per_cu / FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
234 13638822 : ulong p_l = state->micro_lamports_per_cu % FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
235 :
236 13638822 : ulong hh = c_h * p_h;
237 13638822 : if( FD_UNLIKELY( hh>(ULONG_MAX/FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT) ) ) {
238 0 : total_fee = ULONG_MAX;
239 0 : break;
240 0 : }
241 13638822 : hh *= FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
242 :
243 13638822 : ulong hl = c_h*p_l + c_l*p_h;
244 13638822 : ulong ll = (c_l*p_l + FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT - 1UL)/FD_COMPUTE_BUDGET_MICRO_LAMPORTS_PER_LAMPORT;
245 13638822 : ulong right_three_terms = hl + ll;
246 :
247 13638822 : total_fee = hh + right_three_terms;
248 13638822 : if( FD_UNLIKELY( total_fee<hh ) ) total_fee = ULONG_MAX;
249 13638822 : } while( 0 );
250 0 : *out_rewards = total_fee;
251 13638822 : }
252 :
253 : #endif /* HEADER_fd_src_ballet_pack_fd_compute_budget_program_h */
|
