Line data Source code
1 : #ifndef HEADER_fd_src_disco_pack_fd_pack_h
2 : #define HEADER_fd_src_disco_pack_fd_pack_h
3 :
4 : /* fd_pack defines methods that prioritizes Solana transactions,
5 : selecting a subset (potentially all) and ordering them to attempt to
6 : maximize the overall profitability of the validator. */
7 :
8 : #include "../../ballet/fd_ballet_base.h"
9 : #include "../../ballet/txn/fd_txn.h"
10 : #include "../shred/fd_shred_batch.h"
11 : #include "fd_est_tbl.h"
12 : #include "fd_microblock.h"
13 : #include "fd_pack_rebate_sum.h"
14 : #include "../metrics/generated/fd_metrics_enums.h"
15 :
16 27 : #define FD_PACK_ALIGN (128UL)
17 :
18 45897 : #define FD_PACK_MAX_EXECLE_TILES 62UL
19 :
20 27105291 : #define FD_PACK_FEE_PER_SIGNATURE (5000UL) /* In lamports */
21 :
22 : /* limit_instruction_accounts limits the number of accounts an
23 : instruction can reference to 255. Any transactions that violate this
24 : limit are invalid and cannot be included in a block.
25 :
26 : To avoid feature-gating Pack, we always throw out transactions that
27 : violate this limit.
28 :
29 : https://github.com/anza-xyz/agave/blob/v4.0.0-alpha.0/runtime-transaction/src/runtime_transaction/sdk_transactions.rs#L93-L99 */
30 : #define FD_PACK_MAX_ACCOUNTS_PER_INSTRUCTION (255UL)
31 :
32 : /* Each block is limited to 32k parity shreds. We don't want pack to
33 : produce a block with so many transactions we can't shred it, but the
34 : correspondence between transactions and parity shreds is somewhat
35 : complicated, so we need to use conservative limits. */
36 0 : #define FD_PACK_MAX_DATA_PER_BLOCK (FD_SHRED_BATCH_BLOCK_DATA_SZ_MAX)
37 :
38 : /* Optionally allow up to 1M shreds per block for benchmarking. */
39 0 : #define LARGER_MAX_DATA_PER_BLOCK (32UL*FD_SHRED_BATCH_BLOCK_DATA_SZ_MAX)
40 :
41 : /* Optionally allow a larger limit for benchmarking */
42 0 : #define LARGER_MAX_COST_PER_BLOCK (18UL*FD_PACK_MAX_COST_PER_BLOCK_LOWER_BOUND)
43 :
44 : /* ---- End consensus-critical constants */
45 :
46 27135168 : #define FD_TXN_P_FLAGS_IS_SIMPLE_VOTE ( 1U)
47 13552557 : #define FD_TXN_P_FLAGS_BUNDLE ( 2U)
48 13554207 : #define FD_TXN_P_FLAGS_INITIALIZER_BUNDLE ( 4U)
49 63 : #define FD_TXN_P_FLAGS_SANITIZE_SUCCESS ( 8U)
50 150 : #define FD_TXN_P_FLAGS_EXECUTE_SUCCESS (16U)
51 : #define FD_TXN_P_FLAGS_FEES_ONLY (32U)
52 27105285 : #define FD_TXN_P_FLAGS_DURABLE_NONCE (64U)
53 :
54 108 : #define FD_TXN_P_FLAGS_RESULT_MASK (0xFF000000U)
55 :
56 : /* A bundle is a sequence of between 1 and FD_PACK_MAX_TXN_PER_BUNDLE
57 : transactions (both inclusive) that executes and commits atomically.
58 : */
59 13629 : #define FD_PACK_MAX_TXN_PER_BUNDLE 5UL
60 :
61 19214046 : #define FD_PACK_ACCT_BLOCKLIST_LG_MAX 4
62 600 : #define FD_PACK_ACCT_BLOCKLIST_MAX (1UL<<FD_PACK_ACCT_BLOCKLIST_LG_MAX)
63 :
64 : /* The percentage of the transaction fees that are burned */
65 13552644 : #define FD_PACK_TXN_FEE_BURN_PCT 50UL
66 :
67 : /* The Solana network and Firedancer implementation details impose
68 : several limits on what pack can produce. These limits are grouped in
69 : this one struct fd_pack_limits_t, which is just a convenient way to
70 : pass them around. The limits listed below are arithmetic limits.
71 : The limits imposed by practical constraints are almost certainly
72 : much, much tighter. */
73 : struct fd_pack_limits {
74 : /* max_{cost, vote_cost}_per_block, max_write_cost_per_acct are
75 : consensus-critical limits and must be agreed on cluster-wide. A
76 : block that consumes more than max_cost_per_block cost units
77 : (closely related to, but not identical to CUs) in total is invalid.
78 : Similarly, a block where the sum of the cost of all vote
79 : transactions exceeds max_vote_cost_per_block cost units is invalid.
80 : Similarly, a block in where the sum of the cost of all transactions
81 : that write to a given account exceeds max_write_cost_per_acct is
82 : invalid. */
83 : ulong max_cost_per_block; /* in [0, UINT_MAX) */
84 : ulong max_vote_cost_per_block; /* in [0, max_cost_per_block] */
85 : ulong max_write_cost_per_acct; /* in [0, max_cost_per_block] */
86 :
87 : /* max_data_bytes_per_block is derived from consensus-critical limits
88 : on the number of shreds in a block, but is not directly enforced.
89 : Separation of concerns means that it's not a good idea for pack to
90 : know exactly how the block will be shredded, but at the same time,
91 : we don't want to end up in a situation where we produced a block
92 : that had too many shreds, because the shred tile's only recourse
93 : would be to kill the block. To address this, pack limits the size
94 : of the data it puts into the block to a limit that we can prove
95 : will never cause the shred tile to produce too many shreds.
96 :
97 : This limit includes transaction and microblock headers for
98 : non-empty microblocks that pack produces. */
99 : ulong max_data_bytes_per_block; /* in [0, ULONG_MAX - 183] */
100 :
101 : /* max_txn_per_microblock and max_microblocks_per_block are
102 : Firedancer-imposed implementation limits to bound the amount of
103 : memory consumption that pack uses. Pack will produce microblocks
104 : with no more than max_txn_per_microblock transactions.
105 : Additionally, once pack produces max_microblocks_per_block
106 : non-empty microblocks in a block, all subsequent attempts to
107 : schedule a microblock will return an empty microblock until
108 : fd_pack_end_block is called. */
109 : ulong max_txn_per_microblock; /* in [0, 16777216] */
110 : ulong max_microblocks_per_block; /* in [0, 1e12) */
111 :
112 : /* max_allocated_data_per_block is a consensus-critical constant that
113 : limits the total amount of data that can be allocated by
114 : transactions in a block. This includes new accounts and extending
115 : existing accounts. This limit is not especially well specified,
116 : and rarely comes close to being hit in production, so we use a
117 : conservative estimate when packing to ensure we never hit it. It
118 : is currently limited to 100 MB, without any features to change it,
119 : but we include it here with other limits in case it is change-able
120 : in the future. */
121 : ulong max_allocated_data_per_block; /* in [1, 100,000,000 ] */
122 : };
123 : typedef struct fd_pack_limits fd_pack_limits_t;
124 :
125 : /* fd_pack_addr_use_t: Used for three distinct purposes:
126 : - to record that an address is in use and can't be used again until
127 : certain microblocks finish execution
128 : - to keep track of the cost of all transactions that write to the
129 : specified account.
130 : - to keep track of the write cost for accounts referenced by
131 : transactions in a bundle and which transactions use which
132 : accounts.
133 : Making these separate structs might make it more clear, but then
134 : they'd have identical shape and result in several fd_map_dynamic sets
135 : of functions with identical code. It doesn't seem like the compiler
136 : is very good at merging code like that, so in order to reduce code
137 : bloat, we'll just combine them. */
138 : struct fd_pack_private_addr_use_record {
139 : fd_acct_addr_t key; /* account address */
140 : union {
141 : ulong _;
142 : ulong in_use_by; /* Bitmask indicating which banks */
143 : ulong total_cost; /* In cost units/CUs */
144 : struct { uint carried_cost; /* In cost units */
145 : ushort ref_cnt; /* In transactions */
146 : ushort last_use_in; }; /* In transactions */
147 : };
148 : };
149 : typedef struct fd_pack_private_addr_use_record fd_pack_addr_use_t;
150 :
151 : /* The point of this array it to keep a simple heap of the top 5
152 : writable accounts by cus in a given slot. The top writers heap is
153 : constructed and available at the end of a leader slot, after all CUs
154 : have been rebated. */
155 1547550 : #define FD_PACK_TOP_WRITERS_CNT (5UL)
156 3114153 : #define FD_PACK_TOP_WRITERS_SORT_BEFORE(writer1,writer2) ( (memcmp( (writer1).key.b, &(uchar[32]){ 0 }, FD_TXN_ACCT_ADDR_SZ ) && (writer1).total_cost>(writer2).total_cost) || !memcmp( (writer2).key.b, &(uchar[32]){ 0 }, FD_TXN_ACCT_ADDR_SZ ))
157 :
158 : #define SORT_NAME fd_pack_writer_cost_sort
159 6209253 : #define SORT_KEY_T fd_pack_addr_use_t
160 3114153 : #define SORT_BEFORE(a,b) (FD_PACK_TOP_WRITERS_SORT_BEFORE(a,b))
161 : #define SORT_FN_ATTR __attribute__((no_sanitize("address", "undefined"))) /* excessive ASan slowdown */
162 : #include "../../util/tmpl/fd_sort.c"
163 :
164 : /* fd_pack_limit_usage_t is used to store the actual per-slot resource
165 : utilization. Each utilization field has a corresponding limit field
166 : in fd_pack_limits_t which is greater than or equal to the utilization
167 : field. */
168 : struct fd_pack_limits_usage {
169 : ulong block_cost;
170 : ulong vote_cost;
171 :
172 : /* Contains the top 5 writers in the block. If there are less than 5
173 : writeable accounts, unused slots will have their pubkey zeroed out. */
174 : fd_pack_addr_use_t top_writers[ FD_PACK_TOP_WRITERS_CNT ];
175 : ulong block_data_bytes;
176 : ulong microblocks;
177 : ulong alloc;
178 : };
179 :
180 : typedef struct fd_pack_limits_usage fd_pack_limits_usage_t;
181 :
182 : /* fd_pack_smallest: We want to keep track of the smallest transaction
183 : in each treap. That way, if we know the amount of space left in the
184 : block is less than the smallest transaction in the heap, we can just
185 : skip the heap. Since transactions can be deleted, etc. maintaining
186 : this precisely is hard, but we can maintain a conservative value
187 : fairly cheaply. Since the CU limit or the byte limit can be the one
188 : that matters, we keep track of the smallest by both. */
189 : struct fd_pack_smallest {
190 : ulong cus;
191 : ulong bytes;
192 : };
193 : typedef struct fd_pack_smallest fd_pack_smallest_t;
194 :
195 : /* Forward declare opaque handle */
196 : struct fd_pack_private;
197 : typedef struct fd_pack_private fd_pack_t;
198 :
199 : /* fd_pack_{align,footprint} return the required alignment and
200 : footprint in bytes for a region of memory to be used as a pack
201 : object.
202 :
203 : pack_depth sets the maximum number of pending transactions that pack
204 : stores and may eventually schedule. pack_depth must be at least 4.
205 :
206 : If bundle_meta_sz is non-zero, then the bundle-related functions on
207 : this pack object can be used, and it can schedule bundles.
208 : Additionally, if bundle_meta_sz is non-zero, then a region of size
209 : bundle_meta_sz bytes (with no additional alignment) will be reserved
210 : for each bundle.
211 :
212 : Note: if you'd like to use bundles, but don't require metadata for
213 : the bundles, simply use a small positive value (e.g. 1), always pass
214 : NULL in insert_bundle_fini, and never call fd_pack_peek_bundle_meta.
215 :
216 : bank_tile_cnt sets the number of bank tiles to which this pack object
217 : can schedule transactions. bank_tile_cnt must be in [1,
218 : FD_PACK_MAX_BANK_TILES].
219 :
220 : limits sets various limits for the blocks and microblocks that pack
221 : can produce. */
222 :
223 27 : FD_FN_CONST static inline ulong fd_pack_align ( void ) { return FD_PACK_ALIGN; }
224 :
225 : FD_FN_PURE ulong
226 : fd_pack_footprint( ulong pack_depth,
227 : ulong bundle_meta_sz,
228 : ulong bank_tile_cnt,
229 : fd_pack_limits_t const * limits );
230 :
231 :
232 : /* fd_pack_new formats a region of memory to be suitable for use as a
233 : pack object. mem is a non-NULL pointer to a region of memory in the
234 : local address space with the required alignment and footprint.
235 : pack_depth, bundle_meta_sz, bank_tile_cnt, and limits are as above.
236 : rng is a local join to a random number generator used to perturb
237 : estimates. acct_blocklist is a list of accounts that cannot be read
238 : or written to. acct_blocklist is accessed acct_blocklist[i] for i in
239 : [0, acct_blocklist_cnt). acct_blocklist==NULL is okay if
240 : acct_blocklist_cnt==0. acct_blocklist_cnt must be no more than
241 : FD_PACK_ACCT_BLOCKLIST_MAX. acct_blocklist must not contain
242 : duplicates or the zero address.
243 :
244 : Returns `mem` (which will be properly formatted as a pack object) on
245 : success and NULL on failure. Logs details on failure. The caller
246 : will not be joined to the pack object when this function returns. */
247 : void *
248 : fd_pack_new( void * mem,
249 : ulong pack_depth,
250 : ulong bundle_meta_sz,
251 : ulong bank_tile_cnt,
252 : fd_pack_limits_t const * limits,
253 : fd_acct_addr_t const * acct_blocklist,
254 : ulong acct_blocklist_cnt,
255 : fd_rng_t * rng );
256 :
257 : /* fd_pack_join joins the caller to the pack object. Every successful
258 : join should have a matching leave. Returns mem. */
259 : fd_pack_t * fd_pack_join( void * mem );
260 :
261 :
262 : /* fd_pack_avail_txn_cnt returns the number of transactions that this
263 : pack object has available to schedule but that have not been
264 : scheduled yet. pack must be a valid local join. The return value
265 : will be in [0, pack_depth). */
266 :
267 : /* For performance reasons, implement this here. The offset is STATIC_ASSERTed
268 : in fd_pack.c. */
269 82176 : #define FD_PACK_PENDING_TXN_CNT_OFF 80
270 : FD_FN_PURE static inline ulong
271 82176 : fd_pack_avail_txn_cnt( fd_pack_t const * pack ) {
272 82176 : return *((ulong const *)((uchar const *)pack + FD_PACK_PENDING_TXN_CNT_OFF));
273 82176 : }
274 :
275 : /* fd_pack_current_block_cost returns the number of CUs that have been
276 : scheduled in the current block, net of any rebates. It should be
277 : between 0 and the specified value of max_cost_per_block, but it can
278 : be slightly higher due to temporary cost model nonsense. Due to
279 : rebates, this number may decrease as the block progresses. pack must
280 : be a valid local join. */
281 : FD_FN_PURE ulong fd_pack_current_block_cost( fd_pack_t const * pack );
282 :
283 : /* fd_pack_bank_tile_cnt: returns the value of bank_tile_cnt provided in
284 : pack when the pack object was initialized with fd_pack_new. pack
285 : must be a valid local join. The result will be in [1,
286 : FD_PACK_MAX_BANK_TILES]. */
287 : FD_FN_PURE ulong fd_pack_bank_tile_cnt( fd_pack_t const * pack );
288 :
289 : /* fd_pack_set_block_limits: Updates the limits provided fd_pack_new to
290 : these new values. Any future microblocks produced by this pack
291 : object will not cause a block to have more than
292 : limits->max_microblocks_per_block non-empty microblocks or more than
293 : limits->max_data_bytes_per_block data bytes (counting microblock
294 : headers as before). future microblocks will also exclude those that
295 : cause the total block cost to exceed limits->max_cost_per_block.
296 : Similarly those that cause the total vote-only cost to exceed
297 : limits->max_vote_cost_per_block. Also, those that cause the total
298 : per-account, per block write cost to exceed
299 : limits->max_write_cost_per_acct. Note that
300 : limits->max_txn_per_microblock is ignored. Limits are inclusive, as
301 : per usual (i.e. a block may have exactly max_microblocks_per_block
302 : microblocks, but not more). pack must be a valid local join.
303 :
304 : The typical place to call this is immediately after
305 : fd_pack_end_block; if this is called after some microblocks have been
306 : produced for the current block, and the current block already exceeds
307 : the limits, all the remaining microblocks in the block will be empty,
308 : but the call is valid. */
309 : void fd_pack_set_block_limits( fd_pack_t * pack, fd_pack_limits_t const * limits );
310 :
311 : /* fd_pack_get_block_limits: Copies the currently active pack limits
312 : into opt_limits, if opt_limits is not NULL. Copies the current limit
313 : utilization in opt_limits_usage, if opt_limits_usage is not NULL.
314 :
315 : Limit utilization is updated both when each transactions is scheduled
316 : and when any used resources are rebated.
317 :
318 : The opt_limits_usage->top_writers field is ignored. */
319 : void fd_pack_get_block_limits( fd_pack_t * pack, fd_pack_limits_usage_t * opt_limits_usage, fd_pack_limits_t * opt_limits );
320 :
321 : /* fd_pack_get_top_writers copies the top FD_PACK_TOP_WRITERS_CNT by
322 : writer cost writers into top_writers. The copied elements will be
323 : sorted by writer cost in descending order.
324 :
325 : This should be called at the end of the relevant leader slot right
326 : after fd_pack_end_block, otherwise the copied data will be stale. */
327 : void fd_pack_get_top_writers( fd_pack_t const * pack, fd_pack_addr_use_t top_writers[static FD_PACK_TOP_WRITERS_CNT] );
328 :
329 : /* Copies the currently smallest pending,
330 : non-conflicting, non-vote transaction into opt_pending_smallest iff
331 : it is not NULL and the smallest pending vote into opt_vote_smallest
332 : iff it is not NULL. These values are updates any time a new
333 : transaction is inserted into the pending treap, or moved from another
334 : treap into the pending treap. */
335 : void fd_pack_get_pending_smallest( fd_pack_t * pack, fd_pack_smallest_t * opt_pending_smallest, fd_pack_smallest_t * opt_votes_smallest );
336 :
337 : /* Return values for fd_pack_insert_txn_fini: Non-negative values
338 : indicate the transaction was accepted and may be returned in a future
339 : microblock. Negative values indicate that the transaction was
340 : rejected and will never be returned in a future microblock.
341 : Transactions can be rejected through no fault of their own, so it
342 : doesn't necessarily imply bad behavior.
343 :
344 : The non-negative (success) codes are essentially a bitflag of three
345 : bits:
346 : * (1) whether the transaction met the criteria for a simple vote or
347 : not,
348 : * (2) whether this transaction replaced a previously accepted, low
349 : priority transaction, rather than being accepted in addition to
350 : all the previously accepted transactions.
351 : * (4) whether this transaction is a durable nonce transaction
352 :
353 : Since pack maintains a heap with a fixed max size of pack_depth,
354 : replacing transaction is necessary whenever the heap is full.
355 : Additionally, only one transaction with a given (nonce account, nonce
356 : authority, recent blockhash) value is allowed in pack's heap at a
357 : time, which means if there's already a lower priority transaction
358 : with the same nonce info, then this transaction will replace it.
359 : When the heap is full, and a nonce transaction is inserted, these
360 : return values don't allow you to disambiguate whether the replaced
361 : transaction had the same nonce info or not.
362 :
363 : Vote and durable nonce transactions are mutually exclusive.
364 :
365 : The negative (failure) codes are a normal enumeration (not a
366 : bitflag).
367 : * PRIORITY: pack's heap was full and the transaction's priority was
368 : lower than the worst currently accepted transaction.
369 : * NONCE_PRIORITY: pack's heap had a transaction with the same
370 : durable nonce info that was higher priority.
371 : * DUPLICATE: the transaction is a duplicate of a currently accepted
372 : transaction.
373 : * UNAFFORDABLE: the fee payer could not afford the transaction fee
374 : (not yet implemented).
375 : * ADDR_LUT: the transaction tried to load an account from an address
376 : lookup table, which is not yet supported.
377 : * EXPIRED: the transaction was already expired upon insertion based
378 : on the provided value of expires_at compared to the last call to
379 : fd_pack_expire_before.
380 : * TOO_LARGE: the transaction requested too many CUs and would never
381 : be scheduled if it had been accepted.
382 : * ACCOUNT_CNT: the transaction tried to load more than 64 account
383 : addresses.
384 : * DUPLICATE_ACCT: the transaction included an account address twice
385 : in its list of account addresses to load.
386 : * ESTIMATION_FAIL: estimation of the transaction's compute cost and
387 : fee failed, typically because the transaction contained a
388 : malformed ComputeBudgetProgram instruction.
389 : * WRITES_SYSVAR: the transaction attempts to write-lock a sysvar.
390 : Write-locking a sysvar can cause heavy contention. Agave
391 : solves this by downgrading these to read locks, but we instead
392 : solve it by refusing to pack such transactions.
393 : * INVALID_NONCE: the transaction looks like a durable nonce
394 : transaction, but the nonce authority did not sign the transaction.
395 : * BUNDLE_BLACKLIST: bundles are enabled and the transaction uses an
396 : account in the bundle blacklist, or the bundle contains a vote.
397 : * ACCT_BLOCKLIST: the transaction included an account address in the
398 : account blocklist.
399 : * NONCE_CONFLICT: bundle with two transactions that attempt to lock
400 : the exact same durable nonce (nonce account, authority, and block
401 : hash).
402 : * INSTR_ACCT_CNT: the transaction includes an instruction that
403 : references too many accounts.
404 :
405 : NOTE: The corresponding enum in metrics.xml must be kept in sync
406 : with any changes to these return values. */
407 : #define FD_PACK_INSERT_ACCEPT_NONCE_NONVOTE_REPLACE ( 6)
408 : #define FD_PACK_INSERT_ACCEPT_NONCE_NONVOTE_ADD ( 4)
409 : #define FD_PACK_INSERT_ACCEPT_VOTE_REPLACE ( 3)
410 : #define FD_PACK_INSERT_ACCEPT_NONVOTE_REPLACE ( 2)
411 : #define FD_PACK_INSERT_ACCEPT_VOTE_ADD ( 1)
412 : #define FD_PACK_INSERT_ACCEPT_NONVOTE_ADD ( 0)
413 0 : #define FD_PACK_INSERT_REJECT_PRIORITY ( -1)
414 9 : #define FD_PACK_INSERT_REJECT_NONCE_PRIORITY ( -2)
415 : #define FD_PACK_INSERT_REJECT_DUPLICATE ( -3)
416 0 : #define FD_PACK_INSERT_REJECT_UNAFFORDABLE ( -4)
417 : #define FD_PACK_INSERT_REJECT_ADDR_LUT ( -5)
418 12 : #define FD_PACK_INSERT_REJECT_EXPIRED ( -6)
419 0 : #define FD_PACK_INSERT_REJECT_TOO_LARGE ( -7)
420 3 : #define FD_PACK_INSERT_REJECT_ACCOUNT_CNT ( -8)
421 3 : #define FD_PACK_INSERT_REJECT_DUPLICATE_ACCT ( -9)
422 3 : #define FD_PACK_INSERT_REJECT_ESTIMATION_FAIL (-10)
423 93 : #define FD_PACK_INSERT_REJECT_WRITES_SYSVAR (-11)
424 3 : #define FD_PACK_INSERT_REJECT_INVALID_NONCE (-12)
425 3 : #define FD_PACK_INSERT_REJECT_BUNDLE_BLACKLIST (-13)
426 15 : #define FD_PACK_INSERT_REJECT_ACCT_BLOCKLIST (-14)
427 243 : #define FD_PACK_INSERT_REJECT_NONCE_CONFLICT (-15)
428 3 : #define FD_PACK_INSERT_REJECT_INSTR_ACCT_CNT (-16)
429 :
430 : /* The FD_PACK_INSERT_{ACCEPT, REJECT}_* values defined above are in the
431 : range [-FD_PACK_INSERT_RETVAL_OFF,
432 : -FD_PACK_INSERT_RETVAL_OFF+FD_PACK_INSERT_RETVAL_CNT ) */
433 0 : #define FD_PACK_INSERT_RETVAL_OFF 16
434 0 : #define FD_PACK_INSERT_RETVAL_CNT 23
435 :
436 : FD_STATIC_ASSERT( FD_PACK_INSERT_REJECT_INSTR_ACCT_CNT>=-FD_PACK_INSERT_RETVAL_OFF, pack_retval );
437 : FD_STATIC_ASSERT( FD_PACK_INSERT_ACCEPT_NONCE_NONVOTE_REPLACE<FD_PACK_INSERT_RETVAL_CNT-FD_PACK_INSERT_RETVAL_OFF, pack_retval );
438 :
439 : /* fd_pack_insert_txn_{init,fini,cancel} execute the process of
440 : inserting a new transaction into the pool of available transactions
441 : that may be scheduled by the pack object.
442 :
443 : fd_pack_insert_txn_init returns a piece of memory from the txnmem
444 : region where the transaction should be stored. The lifetime of this
445 : memory is managed by fd_pack as explained below.
446 :
447 : Every call to fd_pack_insert_init must be paired with a call to
448 : exactly one of _fini or _cancel. Calling fd_pack_insert_txn_fini
449 : finalizes the transaction insert process and makes the newly-inserted
450 : transaction available for scheduling. Calling
451 : fd_pack_insert_txn_cancel aborts the transaction insertion process.
452 : The txn pointer passed to _fini or _cancel must come from the most
453 : recent call to _init.
454 :
455 : The caller of these methods should not retain any read or write
456 : interest in the transaction after _fini or _cancel have been called.
457 :
458 : expires_at (for _fini only) bounds the lifetime of the inserted
459 : transaction. No particular unit is prescribed, and it need not be
460 : higher than the previous call to txn_fini. If fd_pack_expire_before
461 : has been previously called with a value larger (strictly) than the
462 : provided expires_at, the transaction will be rejected with EXPIRED.
463 : See fd_pack_expire_before for more details.
464 :
465 : pack must be a local join of a pack object. From the caller's
466 : perspective, these functions cannot fail, though pack may reject a
467 : transaction for a variety of reasons. fd_pack_insert_txn_fini
468 : returns one of the FD_PACK_INSERT_ACCEPT_* or FD_PACK_INSERT_REJECT_*
469 : codes explained above.
470 : */
471 : fd_txn_e_t * fd_pack_insert_txn_init ( fd_pack_t * pack );
472 : int fd_pack_insert_txn_fini ( fd_pack_t * pack, fd_txn_e_t * txn, ulong expires_at, ulong * delete_cnt );
473 : void fd_pack_insert_txn_cancel( fd_pack_t * pack, fd_txn_e_t * txn );
474 :
475 : /* fd_pack_insert_bundle_{init,fini,cancel} are parallel to the
476 : similarly named fd_pack_insert_txn functions but can be used to
477 : insert a bundle instead of a transaction.
478 :
479 : fd_pack_insert_bundle_init populates and returns bundle.
480 : Specifically, it populates bundle[0], ... bundle[txn_cnt-1] with
481 : pointers to fd_txn_p_t structs that should receive a new transaction.
482 : The pointers themselves should not be changed which is what the const
483 : indicates, but the contents of the fd_txn_p_t structs must be changed
484 : in order for this to be useful. bundle must be a pointer to the
485 : first element of an array of at least txn_cnt pointers.
486 :
487 : The bundle consists of the transactions in the order they are
488 : provided. I.e. bundle[0] will execute first in the bundle.
489 :
490 : Like with insert_txn, every call to fd_pack_insert_bundle_init must
491 : be paired with a call to exactly one of _fini or _cancel. Calling
492 : fd_pack_insert_bundle_fini finalizes the bundle insertion process and
493 : makes the newly-inserted bundle available for scheduling. Calling
494 : fd_pack_insert_bundle_cancel aborts the transaction insertion
495 : process. There can be at most two outstanding bundles, of which one
496 : should be an initializer bundle. The bundle argument passed to _fini
497 : or _cancel must be the return value of a call to _init with the same
498 : value of txn_cnt. Additionally, it is okay to interleave calls to
499 : the insert_txn family of functions with calls to the insert_bundle
500 : family of functions.
501 :
502 : The caller of these methods should not retain any read or write
503 : interest in the fd_txn_p_t structs that the entries of bundle
504 : point to after _fini or _cancel have been called.
505 :
506 : expires_at has the same meaning as above. Although transactions in
507 : the bundle may have different recent blockhashes, all transactions in
508 : the bundle have the same expires_at value, since if one expires, the
509 : whole bundle becomes invalid.
510 :
511 : If initializer_bundle is non-zero, this bundle will be inserted at
512 : the front of the bundle queue so that it is the next bundle
513 : scheduled. Otherwise, the bundle will be inserted at the back of the
514 : bundle queue, and will be scheduled in FIFO order with the rest of
515 : the bundles. If an initializer bundle is already present in pack's
516 : pending transactions, that bundle will be deleted. Additionally, if
517 : initializer_bundle is non-zero, the transactions in the bundle will
518 : not be checked against the bundle blacklist; otherwise, the check
519 : will be performed as normal. See the section below on initializer
520 : bundles for more details.
521 :
522 : Other than the blacklist check, transactions in a bundle are subject
523 : to the same checks as other transactions. If any transaction in the
524 : bundle fails validation, the whole bundle will be rejected.
525 :
526 : _fini also accepts bundle_meta, an optional opaque pointer to a
527 : region of memory of size bundle_meta_sz (as provided in pack_new).
528 : If bundle_meta is non-NULL, the contents of the memory will be copied
529 : to a metadata region associated with this bundle and can be retrieved
530 : later with fd_pack_peek_bundle_meta. The contents of bundle_meta is
531 : not retrievable if initializer_bundle is non-zero, so you may wish to
532 : just pass NULL in that case. This function does not retain any
533 : interest in the contents of bundle_meta after it returns.
534 :
535 : txn_cnt must be in [1, MAX_TXN_PER_BUNDLE]. A txn_cnt of 1 inserts a
536 : single-transaction bundle which is transaction with extremely high
537 : priority. That said, inserting transactions as bundles instead of
538 : transactions can hurt performance and throughput by introducing
539 : unnecessary stalls.
540 :
541 : fd_pack_insert_bundle_fini returns one of the FD_PACK_INSERT_ACCEPT_*
542 : or FD_PACK_INSERT_REJECT_* codes explained above. If there are
543 : multiple reasons for rejecting a bundle, the which of the reasons it
544 : returns is unspecified. delete_cnt is the number of existing
545 : transactions that were deleted as a side effect of insertion.
546 :
547 : These functions must not be called if the pack object was initialized
548 : with bundle_meta_sz==0. */
549 :
550 : fd_txn_e_t * const * fd_pack_insert_bundle_init ( fd_pack_t * pack, fd_txn_e_t * * bundle, ulong txn_cnt );
551 : int fd_pack_insert_bundle_fini ( fd_pack_t * pack, fd_txn_e_t * const * bundle, ulong txn_cnt,
552 : ulong expires_at, int initializer_bundle, void const * bundle_meta, ulong * delete_cnt );
553 : void fd_pack_insert_bundle_cancel( fd_pack_t * pack, fd_txn_e_t * const * bundle, ulong txn_cnt );
554 :
555 :
556 : /* =========== More details about initializer bundles ===============
557 : Initializer bundles are a special type of bundle with special support
558 : from the pack object to facilitate preparing on-chain state for the
559 : execution of bundles by this validator. This design is a bit
560 : complicated, but it eliminates excessive coupling between pack and
561 : block engine details.
562 :
563 : The pack object maintains a small state machine (initializer bundle
564 : abbreviated IB):
565 :
566 : [Not Initialized] ------------------------->|
567 : ^ | Schedule an
568 : | End Rebate shows | IB
569 : | block IB failed |
570 : |<----------[Failed]--------------| v
571 : | --===[Pending]
572 : |<------------------------------/ ^ |
573 : | End block /---| |
574 : | | | Rebate shows
575 : | Schedule | | IB succeeded
576 : | another IB | |
577 : | End block | V
578 : -----------------------------------===[Ready]
579 :
580 :
581 : When attempting to schedule a bundle the pack object checks the
582 : state, and employs the following rules:
583 : * [Not Initialized]: If the top bundle is an IB, schedule it,
584 : removing it like normal, then transition to [Pending]. Otherwise,
585 : do not schedule a bundle.
586 : * [Pending]: Do not schedule a bundle.
587 : * [Failed]: Do not schedule a bundle
588 : * [Ready]: Attempt to schedule the next bundle. If scheduling an IB,
589 : transition to [Pending].
590 :
591 : As described in the state machine, ending the block (via
592 : fd_pack_end_block) transitions to [Not Initialized], and calls to
593 : fd_pack_rebate_cus control the transition out of [Pending].
594 :
595 : This design supports a typical block engine system where some state
596 : may need to be initialized at the start of the slot and some state
597 : may need to change between runs of transactions (e.g. 5 transactions
598 : from block builder A followed by 5 transactions from block builder
599 : B). This can be done by inserting an initializer bundle whenever the
600 : top non-initializer bundle's metadata state (retrievable with
601 : fd_pack_peek_bundle_meta) doesn't match the current on-chain state.
602 : Since the initializer bundle will execute before the bundle that was
603 : previously the top one, by the time the non-initializer bundle
604 : executes, the on-chain state will be correctly configured. In this
605 : scheme, in the rare case that an initializer bundle was inserted but
606 : never executed, it should be deleted at the end of the slot.
607 :
608 : If at the start of the slot, it is determined that the on-chain state
609 : is in good shape, the state machine can transition directly to
610 : [Ready] by calling fd_pack_set_initializer_bundles_ready.
611 :
612 : Initializer bundles are not exempt from expiration, but it should not
613 : be a problem if they are always inserted with the most recent
614 : blockhash and deleted at the end of the slot.
615 :
616 : Additionally, a bundle marked as an IB is exempted from the bundle
617 : account blacklist checks. For this reason, it's important that IB be
618 : generated by trusted code with minimal or sanitized
619 : attacker-controlled input. */
620 :
621 :
622 : /* fd_pack_peek_bundle_meta returns a constant pointer to the bundle
623 : metadata associated with the bundle currently in line to be scheduled
624 : next, or NULL in any of the following cases:
625 : * There are no bundles
626 : * The bundle currently in line to be scheduled next is an IB
627 : * The bundle state is currently [Pending] or [Failed].
628 :
629 : The lifetime of the returned pointer is until the next pack insert,
630 : schedule, delete, or expire call. The size of the region pointed to
631 : by the returned pointer is bundle_meta_sz. If this bundle was
632 : inserted with bundle_meta==NULL, then the contents of the region
633 : pointed to by the returned pointer are arbitrary, but it will be safe
634 : to read.
635 :
636 : Pack doesn't do anything special to ensure the returned pointer
637 : points to memory with any particular alignment. It will naturally
638 : have an alignment of at least GCD( 64, bundle_meta_sz ). */
639 : void const * fd_pack_peek_bundle_meta( fd_pack_t const * pack );
640 :
641 : /* fd_pack_set_initializer_bundles_ready sets the IB state machine state
642 : (see long initializer bundle comment above) to the [Ready] state.
643 : This function makes it easy to use bundles without initializer
644 : bundles. pack must be a valid local join. */
645 : void fd_pack_set_initializer_bundles_ready( fd_pack_t * pack );
646 :
647 :
648 : /* FD_PACK_SCHEDULE_{VOTE,BUNDLE,TXN} form a set of bitflags used in
649 : fd_pack_schedule_next_microblock below. They control what types of
650 : scheduling are allowed. The names should be self-explanatory. */
651 1299618 : #define FD_PACK_SCHEDULE_VOTE 1
652 1299717 : #define FD_PACK_SCHEDULE_BUNDLE 2
653 1299714 : #define FD_PACK_SCHEDULE_TXN 4
654 :
655 : /* fd_pack_schedule_next_microblock schedules pending transactions.
656 : These transaction either form a microblock, which is a set of
657 : non-conflicting transactions, or a bundle. The semantics of this
658 : function are a bit different depending on which one it picks, but
659 : there are some reasons why they both use this function.
660 :
661 : For both codepaths, pack must be a local join of a pack object.
662 : schedule_flags must be a bitwise combination of the
663 : FD_PACK_SCHEDULE_* values defined above. When the bit is set
664 : corresponding to a transaction type, this function will consider
665 : scheduling transactions of that type. Passing 0 for schedule_flags
666 : is a no-op. The full policy is as follows:
667 : 1. If the VOTE bit is set, attempt to schedule votes. This is the
668 : microblock case.
669 : 2. If the BUNDLE bit is set, and step 1 did not schedule any votes,
670 : attempt to schedule bundles. This is the bundle case.
671 : 3. If the TXN bit is set, and step 2 did not schedule any bundles
672 : for a reason other than account conflicts, attempt to schedule
673 : normal transactions. This is the microblock case.
674 : Note that it is possible to schedule a microblock containing both
675 : votes and normal transactions, but bundles cannot be combined with
676 : either other type. Additionally, if the BUNDLE bit is not set, step
677 : 2 will not schedule any bundles for that reason, which is a reason
678 : other than account conflicts, so that clause will always be
679 : satisfied.
680 :
681 : Microblock case:
682 : Transactions part of the scheduled microblock are copied to out in no
683 : particular order. The cumulative cost of these transactions will not
684 : exceed total_cus, and the number of transactions will not exceed the
685 : value of max_txn_per_microblock given in fd_pack_new.
686 :
687 : The block will not contain more than
688 : vote_fraction*max_txn_per_microblock votes, and votes in total will
689 : not consume more than vote_fraction*total_cus of the microblock.
690 :
691 : Bundle case:
692 : Transactions part of the scheduled bundled are copied in execution
693 : order (i.e. out[0] must be executed first). The number of
694 : transactions will not exceed FD_PACK_MAX_TXN_PER_BUNDLE.
695 : max_txn_per_microblock, total_cus, and vote_fraction are ignored,
696 : though the block-level limits are respected.
697 :
698 : Both cases:
699 : The non_execution_cus and requested_exec_plus_acct_data_cus fields of
700 : each transaction will be populated with the non execution CUs and
701 : requested execution CUs (including cus derived from the requested
702 : loaded accounts data size), respectively. The sum of these two
703 : values is the total cost of the transaction, i.e. what is used for
704 : all limits, including the total_cus value. The lower 3 bits of the
705 : flags field will be populated (simple vote, bundle, initializer
706 : bundle). Inspecting these flags is the proper way to tell which
707 : codepath executed.
708 :
709 : Returns the number of transactions in the scheduled microblock or
710 : bundle. The return value may be 0 if there are no eligible
711 : transactions at the moment. */
712 :
713 : ulong
714 : fd_pack_schedule_next_microblock( fd_pack_t * pack,
715 : ulong total_cus,
716 : float vote_fraction,
717 : ulong bank_tile,
718 : int schedule_flags,
719 : fd_txn_e_t * out );
720 :
721 :
722 : /* fd_pack_rebate_cus adjusts the compute unit accounting for the
723 : specified transactions to take into account the actual consumed CUs
724 : after execution. When a transaction is scheduled by
725 : schedule_next_microblock, pack assumes that it uses all the CUs it
726 : requests for the purposes of several CU limits. If it doesn't use
727 : all the requested CUs, this function "rebates" them to pack so that
728 : they can be consumed by a different transaction in the block.
729 :
730 : pack must be a valid local join of a pack object. rebate must point
731 : to a valid rebate report produced by fd_pack_rebate_sum_t.
732 :
733 : IMPORTANT: CU limits are reset at the end of each block, so this
734 : should not be called for transactions from a prior block.
735 : Specifically, there must not be a call to fd_pack_end_block between
736 : the call to schedule_next_microblock this is paired with and the call
737 : to rebate_cus.
738 :
739 : This function operates independently of microblock_complete. In
740 : general, you probably need to call both. microblock_complete must be
741 : called before scheduling another microblock to that bank tile, while
742 : rebate_cus is optional and has much more relaxed ordering
743 : constraints. The restriction about intervening calls to end_block
744 : and that this must come after schedule_next_microblock are the only
745 : ordering constraints. */
746 : void fd_pack_rebate_cus( fd_pack_t * pack, fd_pack_rebate_t const * rebate );
747 :
748 : /* fd_pack_microblock_complete signals that the bank_tile with index
749 : bank_tile has completed its previously scheduled microblock. This
750 : permits the scheduling of transactions that conflict with the
751 : previously scheduled microblock. It is safe to call this multiple
752 : times after a microblock or even if bank_tile does not have a
753 : previously scheduled; in this case, the function will return 0 and
754 : act as a no-op. Returns 1 if the bank_tile had an outstanding,
755 : previously scheduled microblock to mark as completed. */
756 : int fd_pack_microblock_complete( fd_pack_t * pack, ulong bank_tile );
757 :
758 : /* fd_pack_expire_before deletes all available transactions with
759 : expires_at values strictly less than expire_before. pack must be a
760 : local join of a pack object. Returns the number of transactions
761 : deleted. Subsequent calls to fd_pack_expire_before with the same or
762 : a smaller value are no-ops. */
763 : ulong fd_pack_expire_before( fd_pack_t * pack, ulong expire_before );
764 :
765 : /* fd_pack_delete_txn removes a transaction (identified by its first
766 : signature) from the pool of available transactions. Returns a
767 : nonzero count of the number of transactions deleted, if the
768 : transaction was found (and then removed) and 0 if not. The count
769 : might be >1 if a bundle was caused to be deleted. */
770 : ulong fd_pack_delete_transaction( fd_pack_t * pack, fd_ed25519_sig_t const * sig0 );
771 :
772 : /* fd_pack_end_block resets some state to prepare for the next block.
773 : Specifically, the per-block limits are cleared and transactions in
774 : the microblocks scheduled after the call to this function are allowed
775 : to conflict with transactions in microblocks scheduled before the
776 : call to this function, even within gap microblocks. */
777 : void fd_pack_end_block( fd_pack_t * pack );
778 :
779 :
780 : /* fd_pack_clear_all resets the state associated with this pack object.
781 : All pending transactions are removed from the pool of available
782 : transactions and all limits are reset. */
783 : void fd_pack_clear_all( fd_pack_t * pack );
784 :
785 :
786 : /* fd_pack_metrics_write writes period metric values to the metrics
787 : system. pack must be a valid local join. */
788 : void
789 : fd_pack_metrics_write( fd_pack_t const * pack );
790 :
791 : /* fd_pack_get_sched_metrics: copies the current
792 : FD_METRICS_ENUM_PACK_TXN_SCHEDULE_CNT counters to metrics */
793 : void
794 : fd_pack_get_sched_metrics( fd_pack_t const * pack, ulong * metrics );
795 :
796 : /* fd_pack_leave leaves a local join of a pack object. Returns pack. */
797 : void * fd_pack_leave( fd_pack_t * pack );
798 : /* fd_pack_delete unformats a memory region used to store a pack object
799 : and returns ownership of the memory to the caller. Returns mem. */
800 : void * fd_pack_delete( void * mem );
801 :
802 : /* fd_pack_verify (for debugging use primarily) checks to ensure several
803 : invariants are satisfied. scratch must point to the first byte of a
804 : piece of memory meeting the same alignment and footprint constraints
805 : as pack. Returns 0 on success and a negative value on failure
806 : (logging a warning with details). */
807 : int fd_pack_verify( fd_pack_t * pack, void * scratch );
808 :
809 : FD_PROTOTYPES_END
810 :
811 : #endif /* HEADER_fd_src_disco_pack_fd_pack_h */
|
