LCOV - code coverage report
Current view: top level - flamenco/runtime/program - fd_bpf_loader_program.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 12 1806 0.7 %
Date: 2025-09-18 04:41:32 Functions: 1 13 7.7 %

          Line data    Source code
       1             : #include "fd_bpf_loader_program.h"
       2             : 
       3             : /* For additional context see https://solana.com/docs/programs/deploying#state-accounts */
       4             : 
       5             : #include "../fd_pubkey_utils.h"
       6             : #include "../../../ballet/sbpf/fd_sbpf_loader.h"
       7             : #include "../sysvar/fd_sysvar.h"
       8             : #include "../sysvar/fd_sysvar_rent.h"
       9             : #include "../../vm/syscall/fd_vm_syscall.h"
      10             : #include "../../vm/fd_vm.h"
      11             : #include "../fd_executor.h"
      12             : #include "fd_bpf_loader_serialization.h"
      13             : #include "fd_native_cpi.h"
      14             : #include "../fd_borrowed_account.h"
      15             : 
      16             : /* https://github.com/anza-xyz/agave/blob/ced98f1ebe73f7e9691308afa757323003ff744f/sdk/program/src/program_error.rs#L290-L335 */
      17             : static inline int
      18             : program_error_to_instr_error( ulong  err,
      19           0 :                               uint * custom_err ) {
      20           0 :   switch( err ) {
      21           0 :     case CUSTOM_ZERO:
      22           0 :       *custom_err = 0;
      23           0 :       return FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR;
      24           0 :     case INVALID_ARGUMENT:
      25           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
      26           0 :     case INVALID_INSTRUCTION_DATA:
      27           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
      28           0 :     case INVALID_ACCOUNT_DATA:
      29           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
      30           0 :     case ACCOUNT_DATA_TOO_SMALL:
      31           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
      32           0 :     case INSUFFICIENT_FUNDS:
      33           0 :       return FD_EXECUTOR_INSTR_ERR_INSUFFICIENT_FUNDS;
      34           0 :     case INCORRECT_PROGRAM_ID:
      35           0 :       return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
      36           0 :     case MISSING_REQUIRED_SIGNATURES:
      37           0 :       return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
      38           0 :     case ACCOUNT_ALREADY_INITIALIZED:
      39           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_ALREADY_INITIALIZED;
      40           0 :     case UNINITIALIZED_ACCOUNT:
      41           0 :       return FD_EXECUTOR_INSTR_ERR_UNINITIALIZED_ACCOUNT;
      42           0 :     case NOT_ENOUGH_ACCOUNT_KEYS:
      43           0 :       return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
      44           0 :     case ACCOUNT_BORROW_FAILED:
      45           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_BORROW_FAILED;
      46           0 :     case MAX_SEED_LENGTH_EXCEEDED:
      47           0 :       return FD_EXECUTOR_INSTR_ERR_MAX_SEED_LENGTH_EXCEEDED;
      48           0 :     case INVALID_SEEDS:
      49           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_SEEDS;
      50           0 :     case BORSH_IO_ERROR:
      51           0 :       return FD_EXECUTOR_INSTR_ERR_BORSH_IO_ERROR;
      52           0 :     case ACCOUNT_NOT_RENT_EXEMPT:
      53           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_NOT_RENT_EXEMPT;
      54           0 :     case UNSUPPORTED_SYSVAR:
      55           0 :       return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_SYSVAR;
      56           0 :     case ILLEGAL_OWNER:
      57           0 :       return FD_EXECUTOR_INSTR_ERR_ILLEGAL_OWNER;
      58           0 :     case MAX_ACCOUNTS_DATA_ALLOCATIONS_EXCEEDED:
      59           0 :       return FD_EXECUTOR_INSTR_ERR_MAX_ACCS_DATA_ALLOCS_EXCEEDED;
      60           0 :     case INVALID_ACCOUNT_DATA_REALLOC:
      61           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_REALLOC;
      62           0 :     case MAX_INSTRUCTION_TRACE_LENGTH_EXCEEDED:
      63           0 :       return FD_EXECUTOR_INSTR_ERR_MAX_INSN_TRACE_LENS_EXCEEDED;
      64           0 :     case BUILTIN_PROGRAMS_MUST_CONSUME_COMPUTE_UNITS:
      65           0 :       return FD_EXECUTOR_INSTR_ERR_BUILTINS_MUST_CONSUME_CUS;
      66           0 :     case INVALID_ACCOUNT_OWNER:
      67           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_OWNER;
      68           0 :     case ARITHMETIC_OVERFLOW:
      69           0 :       return FD_EXECUTOR_INSTR_ERR_ARITHMETIC_OVERFLOW;
      70           0 :     case IMMUTABLE:
      71           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
      72           0 :     case INCORRECT_AUTHORITY:
      73           0 :       return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
      74           0 :     default:
      75           0 :       if( err>>BUILTIN_BIT_SHIFT == 0 ) {
      76           0 :         *custom_err = (uint)err;
      77           0 :         return FD_EXECUTOR_INSTR_ERR_CUSTOM_ERR;
      78           0 :       }
      79           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ERR;
      80           0 :   }
      81           0 : }
      82             : 
      83             : /* https://github.com/anza-xyz/agave/blob/9b22f28104ec5fd606e4bb39442a7600b38bb671/programs/bpf_loader/src/lib.rs#L216-L229 */
      84             : static ulong
      85           0 : calculate_heap_cost( ulong heap_size, ulong heap_cost ) {
      86           0 :   #define KIBIBYTE_MUL_PAGES       (1024UL * 32UL)
      87           0 :   #define KIBIBYTE_MUL_PAGES_SUB_1 (KIBIBYTE_MUL_PAGES - 1UL)
      88             : 
      89           0 :   heap_size = fd_ulong_sat_add( heap_size, KIBIBYTE_MUL_PAGES_SUB_1 );
      90             : 
      91           0 :   heap_size = fd_ulong_sat_mul( fd_ulong_sat_sub( heap_size / KIBIBYTE_MUL_PAGES, 1UL ), heap_cost );
      92           0 :   return heap_size;
      93             : 
      94           0 :   #undef KIBIBYTE_MUL_PAGES
      95           0 :   #undef KIBIBYTE_MUL_PAGES_SUB_1
      96           0 : }
      97             : 
      98             : void
      99             : fd_bpf_get_sbpf_versions( uint *                sbpf_min_version,
     100             :                           uint *                sbpf_max_version,
     101             :                           ulong                 slot,
     102          42 :                           fd_features_t const * features ) {
     103          42 :   int disable_v0  = FD_FEATURE_ACTIVE( slot, features, disable_sbpf_v0_execution );
     104          42 :   int reenable_v0 = FD_FEATURE_ACTIVE( slot, features, reenable_sbpf_v0_execution );
     105          42 :   int enable_v0   = !disable_v0 || reenable_v0;
     106          42 :   int enable_v1   = FD_FEATURE_ACTIVE( slot, features, enable_sbpf_v1_deployment_and_execution );
     107          42 :   int enable_v2   = FD_FEATURE_ACTIVE( slot, features, enable_sbpf_v2_deployment_and_execution );
     108          42 :   int enable_v3   = FD_FEATURE_ACTIVE( slot, features, enable_sbpf_v3_deployment_and_execution );
     109             : 
     110          42 :   *sbpf_min_version = enable_v0 ? FD_SBPF_V0 : FD_SBPF_V3;
     111          42 :   if( enable_v3 ) {
     112          42 :     *sbpf_max_version = FD_SBPF_V3;
     113          42 :   } else if( enable_v2 ) {
     114           0 :     *sbpf_max_version = FD_SBPF_V2;
     115           0 :   } else if( enable_v1 ) {
     116           0 :     *sbpf_max_version = FD_SBPF_V1;
     117           0 :   } else {
     118           0 :     *sbpf_max_version = FD_SBPF_V0;
     119           0 :   }
     120          42 : }
     121             : 
     122             : /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L105-L171
     123             : 
     124             :    Our arguments to deploy_program are different from the Agave version because
     125             :    we handle the caching of deployed programs differently. In Firedancer we
     126             :    lack the concept of ProgramCacheEntryType entirely.
     127             :    https://github.com/anza-xyz/agave/blob/114d94a25e9631f9bf6349c4b833d7900ef1fb1c/program-runtime/src/loaded_programs.rs#L158
     128             : 
     129             :    In Agave there is a separate caching structure that is used to store the
     130             :    deployed programs. In Firedancer the deployed, validated program is stored as
     131             :   metadata for the account in the funk record.
     132             : 
     133             :    See https://github.com/firedancer-io/firedancer/blob/9c1df680b3f38bebb0597e089766ec58f3b41e85/src/flamenco/runtime/program/fd_bpf_loader_v3_program.c#L1640
     134             :    for how we handle the concept of 'LoadedProgramType::DelayVisibility' in Firedancer.
     135             : 
     136             :    As a concrete example, our version of deploy_program does not have the
     137             :    'account_size' argument because we do not update the funk record here.
     138             : 
     139             :    The spad used for allocations can be either scoped to the executor or the
     140             :    runtime depending on where it is called from. If a program is deployed from
     141             :    the v3 contract, then the executor spad should be used. */
     142             : int
     143             : fd_deploy_program( fd_exec_instr_ctx_t * instr_ctx,
     144             :                    fd_pubkey_t const *   program_key,
     145             :                    uchar const *         programdata,
     146             :                    ulong                 programdata_size,
     147           0 :                    fd_spad_t *           spad ) {
     148           0 :   int deploy_mode    = 1;
     149           0 :   int direct_mapping = FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, bpf_account_data_direct_mapping );
     150           0 :   fd_sbpf_syscalls_t * syscalls = fd_sbpf_syscalls_new( fd_spad_alloc( spad,
     151           0 :                                                                        fd_sbpf_syscalls_align(),
     152           0 :                                                                        fd_sbpf_syscalls_footprint() ) );
     153           0 :   if( FD_UNLIKELY( !syscalls ) ) {
     154             :     //TODO: full log including err
     155           0 :     fd_log_collector_msg_literal( instr_ctx, "Failed to register syscalls" );
     156           0 :     return FD_EXECUTOR_INSTR_ERR_PROGRAM_ENVIRONMENT_SETUP_FAILURE;
     157           0 :   }
     158             : 
     159           0 :   fd_vm_syscall_register_slot( syscalls,
     160           0 :                                instr_ctx->txn_ctx->slot,
     161           0 :                                &instr_ctx->txn_ctx->features,
     162           0 :                                1 );
     163             : 
     164             :   /* Load executable */
     165           0 :   fd_sbpf_elf_info_t elf_info[ 1UL ];
     166           0 :   uint min_sbpf_version, max_sbpf_version;
     167           0 :   fd_bpf_get_sbpf_versions( &min_sbpf_version,
     168           0 :                             &max_sbpf_version,
     169           0 :                             instr_ctx->txn_ctx->slot,
     170           0 :                             &instr_ctx->txn_ctx->features );
     171             : 
     172           0 :   fd_sbpf_loader_config_t config = { 0 };
     173           0 :   config.elf_deploy_checks = deploy_mode;
     174           0 :   config.sbpf_min_version = min_sbpf_version;
     175           0 :   config.sbpf_max_version = max_sbpf_version;
     176             : 
     177           0 :   if( FD_UNLIKELY( fd_sbpf_elf_peek( elf_info, programdata, programdata_size, &config )<0 ) ) {
     178             :     //TODO: actual log, this is a custom Firedancer msg
     179           0 :     fd_log_collector_msg_literal( instr_ctx, "Failed to load or verify Elf" );
     180           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     181           0 :   }
     182             : 
     183             :   /* Allocate rodata segment */
     184           0 :   void * rodata = fd_spad_alloc( spad, FD_SBPF_PROG_RODATA_ALIGN, elf_info->rodata_footprint );
     185           0 :   if( FD_UNLIKELY( !rodata ) ) {
     186           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     187           0 :   }
     188             : 
     189             :   /* Allocate program buffer */
     190           0 :   ulong  prog_align        = fd_sbpf_program_align();
     191           0 :   ulong  prog_footprint    = fd_sbpf_program_footprint( elf_info );
     192           0 :   fd_sbpf_program_t * prog = fd_sbpf_program_new( fd_spad_alloc( spad, prog_align, prog_footprint ), elf_info, rodata );
     193           0 :   if( FD_UNLIKELY( !prog ) ) {
     194           0 :     FD_LOG_ERR(( "fd_sbpf_program_new() failed: %s", fd_sbpf_strerror() ));
     195           0 :   }
     196             : 
     197             :   /* Load program */
     198           0 :   int err = fd_sbpf_program_load( prog, programdata, programdata_size, syscalls, &config );
     199           0 :   if( FD_UNLIKELY( err ) ) {
     200           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     201           0 :   }
     202             : 
     203             :   /* Validate the program */
     204           0 :   fd_vm_t _vm[ 1UL ];
     205           0 :   fd_vm_t * vm = fd_vm_join( fd_vm_new( _vm ) );
     206             : 
     207           0 :   vm = fd_vm_init(
     208           0 :     /* vm                 */ vm,
     209           0 :     /* instr_ctx          */ instr_ctx,
     210           0 :     /* heap_max           */ instr_ctx->txn_ctx->compute_budget_details.heap_size,
     211           0 :     /* entry_cu           */ instr_ctx->txn_ctx->compute_budget_details.compute_meter,
     212           0 :     /* rodata             */ prog->rodata,
     213           0 :     /* rodata_sz          */ prog->rodata_sz,
     214           0 :     /* text               */ prog->text,
     215           0 :     /* text_cnt           */ prog->text_cnt,
     216           0 :     /* text_off           */ prog->text_off, /* FIXME: What if text_off is not multiple of 8 */
     217           0 :     /* text_sz            */ prog->text_sz,
     218           0 :     /* entry_pc           */ prog->entry_pc,
     219           0 :     /* calldests          */ prog->calldests,
     220           0 :     /* sbpf_version       */ elf_info->sbpf_version,
     221           0 :     /* syscalls           */ syscalls,
     222           0 :     /* trace              */ NULL,
     223           0 :     /* sha                */ NULL,
     224           0 :     /* mem_regions        */ NULL,
     225           0 :     /* mem_regions_cnt    */ 0,
     226           0 :     /* mem_region_accs    */ NULL,
     227           0 :     /* is_deprecated      */ 0,
     228           0 :     /* direct mapping     */ direct_mapping,
     229           0 :     /* dump_syscall_to_pb */ 0 );
     230           0 :   if ( FD_UNLIKELY( vm == NULL ) ) {
     231           0 :     FD_LOG_WARNING(( "NULL vm" ));
     232           0 :     return FD_EXECUTOR_INSTR_ERR_PROGRAM_ENVIRONMENT_SETUP_FAILURE;
     233           0 :   }
     234             : 
     235           0 :   int validate_result = fd_vm_validate( vm );
     236           0 :   if( FD_UNLIKELY( validate_result!=FD_VM_SUCCESS ) ) {
     237           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     238           0 :   }
     239             : 
     240             :   /* Queue the program for reverification */
     241           0 :   instr_ctx->txn_ctx->programs_to_reverify[instr_ctx->txn_ctx->programs_to_reverify_cnt++] = *program_key;
     242             : 
     243           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
     244           0 : }
     245             : 
     246             : /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L195-L218 */
     247             : static int
     248             : write_program_data( fd_exec_instr_ctx_t *   instr_ctx,
     249             :                     ushort                  instr_acc_idx,
     250             :                     ulong                   program_data_offset,
     251             :                     uchar *                 bytes,
     252           0 :                     ulong                   bytes_len ) {
     253           0 :   int err;
     254             : 
     255             :   /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L202 */
     256           0 :   fd_guarded_borrowed_account_t program;
     257           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, instr_acc_idx, &program );
     258             : 
     259             :   /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L203 */
     260           0 :   uchar * data = NULL;
     261           0 :   ulong   dlen = 0UL;
     262           0 :   err = fd_borrowed_account_get_data_mut( &program, &data, &dlen );
     263           0 :   if( FD_UNLIKELY( err ) ) {
     264           0 :     return err;
     265           0 :   }
     266             : 
     267           0 :   ulong write_offset = fd_ulong_sat_add( program_data_offset, bytes_len );
     268           0 :   if( FD_UNLIKELY( fd_borrowed_account_get_data_len( &program )<write_offset ) ) {
     269             :     /* Max msg_sz: 24 - 6 + 2*20 = 58 < 127 => we can use printf */
     270           0 :     fd_log_collector_printf_dangerous_max_127( instr_ctx,
     271           0 :       "Write overflow %lu < %lu", fd_borrowed_account_get_data_len( &program ), write_offset );
     272           0 :     return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
     273           0 :   }
     274             : 
     275           0 :   if( FD_UNLIKELY( program_data_offset>dlen ) ) {
     276           0 :     return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
     277           0 :   }
     278             : 
     279           0 :   if( FD_LIKELY( bytes_len ) ) {
     280           0 :     fd_memcpy( data+program_data_offset, bytes, bytes_len );
     281           0 :   }
     282             : 
     283           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
     284           0 : }
     285             : 
     286             : fd_bpf_upgradeable_loader_state_t *
     287             : fd_bpf_loader_program_get_state( fd_txn_account_t const * acct,
     288             :                                  fd_spad_t *              spad,
     289           0 :                                  int *                    opt_err ) {
     290           0 :   int err;
     291           0 :   fd_bpf_upgradeable_loader_state_t * res = fd_bincode_decode_spad(
     292           0 :       bpf_upgradeable_loader_state,
     293           0 :       spad,
     294           0 :       fd_txn_account_get_data( acct ),
     295           0 :       fd_txn_account_get_data_len( acct ),
     296           0 :       &err );
     297             : 
     298           0 :   if( opt_err ) {
     299           0 :     *opt_err = FD_UNLIKELY( err ) ? FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA : FD_EXECUTOR_INSTR_SUCCESS;
     300           0 :   }
     301             : 
     302           0 :   return FD_UNLIKELY( err ) ? NULL : res;
     303           0 : }
     304             : 
     305             : /* Mirrors solana_sdk::transaction_context::BorrowedAccount::set_state()
     306             :    https://github.com/anza-xyz/agave/blob/v2.1.14/sdk/src/transaction_context.rs#L973 */
     307             : int
     308             : fd_bpf_loader_v3_program_set_state( fd_borrowed_account_t * borrowed_acct,
     309           0 :                                     fd_bpf_upgradeable_loader_state_t * state ) {
     310           0 :   ulong state_size = fd_bpf_upgradeable_loader_state_size( state );
     311             : 
     312           0 :   uchar * data = NULL;
     313           0 :   ulong   dlen = 0UL;
     314             : 
     315           0 :   int err = fd_borrowed_account_get_data_mut( borrowed_acct, &data, &dlen );
     316           0 :   if( FD_UNLIKELY( err ) ) {
     317           0 :     return err;
     318           0 :   }
     319             : 
     320           0 :   if( FD_UNLIKELY( state_size>dlen ) ) {
     321           0 :     return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
     322           0 :   }
     323             : 
     324           0 :   fd_bincode_encode_ctx_t ctx = {
     325           0 :     .data    = data,
     326           0 :     .dataend = data + state_size
     327           0 :   };
     328             : 
     329           0 :   err = fd_bpf_upgradeable_loader_state_encode( state, &ctx );
     330           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     331           0 :     return FD_EXECUTOR_INSTR_ERR_GENERIC_ERR;
     332           0 :   }
     333             : 
     334           0 :   return FD_BINCODE_SUCCESS;
     335           0 : }
     336             : 
     337             : /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1299-L1331 */
     338             : static int
     339             : common_close_account( fd_pubkey_t * authority_address,
     340             :                       fd_exec_instr_ctx_t * instr_ctx,
     341           0 :                       fd_bpf_upgradeable_loader_state_t * state ) {
     342           0 :   int err;
     343             : 
     344             :   /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L1307 */
     345           0 :   if( FD_UNLIKELY( !authority_address ) ) {
     346           0 :     return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
     347           0 :   }
     348             : 
     349             :   /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L1312-L1313 */
     350           0 :   fd_pubkey_t const * acc_key = NULL;
     351           0 :   err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 2UL, &acc_key );
     352           0 :   if( FD_UNLIKELY( err ) ) {
     353           0 :     return err;
     354           0 :   }
     355             : 
     356           0 :   if( FD_UNLIKELY( memcmp( authority_address, acc_key, sizeof(fd_pubkey_t) ) ) ) {
     357           0 :     return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
     358           0 :   }
     359             : 
     360             :   /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L1319-L1322 */
     361           0 :   if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 2UL ) ) ) {
     362           0 :     return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
     363           0 :   }
     364             : 
     365             :   /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1324 */
     366           0 :   fd_guarded_borrowed_account_t close_account;
     367           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &close_account );
     368             : 
     369             :   /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1326 */
     370           0 :   fd_guarded_borrowed_account_t recipient_account;
     371           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 1UL, &recipient_account );
     372             : 
     373           0 :   err = fd_borrowed_account_checked_add_lamports( &recipient_account,
     374           0 :                                                   fd_borrowed_account_get_lamports( &close_account ) );
     375           0 :   if( FD_UNLIKELY( err ) ) {
     376           0 :     return err;
     377           0 :   }
     378             : 
     379           0 :   err = fd_borrowed_account_set_lamports( &close_account, 0UL );
     380           0 :   if( FD_UNLIKELY( err ) ) {
     381           0 :     return err;
     382           0 :   }
     383             : 
     384           0 :   state->discriminant = fd_bpf_upgradeable_loader_state_enum_uninitialized;
     385           0 :   err = fd_bpf_loader_v3_program_set_state( &close_account, state );
     386           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     387           0 :     return err;
     388           0 :   }
     389             : 
     390           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
     391           0 : }
     392             : 
     393             : 
     394             : /* Every loader-owned BPF program goes through this function, which goes into the VM.
     395             : 
     396             :    https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1332-L1501 */
     397             : int
     398             : fd_bpf_execute( fd_exec_instr_ctx_t *            instr_ctx,
     399             :                 fd_program_cache_entry_t const * cache_entry,
     400           0 :                 uchar                            is_deprecated ) {
     401             : 
     402           0 :   int err                       = FD_EXECUTOR_INSTR_SUCCESS;
     403           0 :   fd_sbpf_syscalls_t * syscalls = fd_sbpf_syscalls_new( fd_spad_alloc( instr_ctx->txn_ctx->spad,
     404           0 :                                                                        fd_sbpf_syscalls_align(),
     405           0 :                                                                        fd_sbpf_syscalls_footprint() ) );
     406           0 :   if( FD_UNLIKELY( !syscalls ) ) {
     407           0 :     FD_LOG_CRIT(( "Unable to allocate syscalls" ));
     408           0 :   }
     409             : 
     410             :   /* TODO do we really need to re-do this on every instruction? */
     411           0 :   fd_vm_syscall_register_slot( syscalls,
     412           0 :                                instr_ctx->txn_ctx->slot,
     413           0 :                                &instr_ctx->txn_ctx->features,
     414           0 :                                0 );
     415             : 
     416             :   /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1362-L1368 */
     417           0 :   ulong                   input_sz                                = 0UL;
     418           0 :   ulong                   pre_lens[256]                           = {0};
     419           0 :   fd_vm_input_region_t    input_mem_regions[1000]                 = {0}; /* We can have a max of (3 * num accounts + 1) regions */
     420           0 :   fd_vm_acc_region_meta_t acc_region_metas[256]                   = {0}; /* instr acc idx to idx */
     421           0 :   uint                    input_mem_regions_cnt                   = 0U;
     422           0 :   int                     direct_mapping                          = FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, bpf_account_data_direct_mapping );
     423             : 
     424           0 :   uchar * input = NULL;
     425           0 :   err = fd_bpf_loader_input_serialize_parameters( instr_ctx, &input_sz, pre_lens,
     426           0 :                                                   input_mem_regions, &input_mem_regions_cnt,
     427           0 :                                                   acc_region_metas, direct_mapping,
     428           0 :                                                   is_deprecated, &input );
     429           0 :   if( FD_UNLIKELY( err ) ) {
     430           0 :     return err;
     431           0 :   }
     432             : 
     433           0 :   if( FD_UNLIKELY( input==NULL ) ) {
     434           0 :     return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
     435           0 :   }
     436             : 
     437           0 :   fd_sha256_t _sha[1];
     438           0 :   fd_sha256_t * sha = fd_sha256_join( fd_sha256_new( _sha ) );
     439             : 
     440           0 :   fd_vm_t _vm[1];
     441           0 :   fd_vm_t * vm = fd_vm_join( fd_vm_new( _vm ) );
     442             : 
     443           0 :   ulong pre_insn_cus = instr_ctx->txn_ctx->compute_budget_details.compute_meter;
     444           0 :   ulong heap_size    = instr_ctx->txn_ctx->compute_budget_details.heap_size;
     445             : 
     446             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L275-L278 */
     447           0 :   ulong heap_cost = calculate_heap_cost( heap_size, FD_VM_HEAP_COST );
     448           0 :   int heap_cost_result = fd_exec_consume_cus( instr_ctx->txn_ctx, heap_cost );
     449           0 :   if( FD_UNLIKELY( heap_cost_result ) ) {
     450           0 :     return FD_EXECUTOR_INSTR_ERR_PROGRAM_ENVIRONMENT_SETUP_FAILURE;
     451           0 :   }
     452             : 
     453             :   /* For dumping syscalls for seed corpora */
     454           0 :   int dump_syscall_to_pb = instr_ctx->txn_ctx->capture_ctx &&
     455           0 :                            instr_ctx->txn_ctx->slot >= instr_ctx->txn_ctx->capture_ctx->dump_proto_start_slot &&
     456           0 :                            instr_ctx->txn_ctx->capture_ctx->dump_syscall_to_pb;
     457             : 
     458             :   /* TODO: (topointon): correctly set check_size in vm setup */
     459           0 :   vm = fd_vm_init(
     460           0 :     /* vm                    */ vm,
     461           0 :     /* instr_ctx             */ instr_ctx,
     462           0 :     /* heap_max              */ heap_size,
     463           0 :     /* entry_cu              */ instr_ctx->txn_ctx->compute_budget_details.compute_meter,
     464           0 :     /* rodata                */ fd_program_cache_get_rodata( cache_entry ),
     465           0 :     /* rodata_sz             */ cache_entry->rodata_sz,
     466           0 :     /* text                  */ (ulong *)((ulong)fd_program_cache_get_rodata( cache_entry ) + (ulong)cache_entry->text_off), /* Note: text_off is byte offset */
     467           0 :     /* text_cnt              */ cache_entry->text_cnt,
     468           0 :     /* text_off              */ cache_entry->text_off,
     469           0 :     /* text_sz               */ cache_entry->text_sz,
     470           0 :     /* entry_pc              */ cache_entry->entry_pc,
     471           0 :     /* calldests             */ fd_program_cache_get_calldests( cache_entry ),
     472           0 :     /* sbpf_version          */ cache_entry->sbpf_version,
     473           0 :     /* syscalls              */ syscalls,
     474           0 :     /* trace                 */ NULL,
     475           0 :     /* sha                   */ sha,
     476           0 :     /* input_mem_regions     */ input_mem_regions,
     477           0 :     /* input_mem_regions_cnt */ input_mem_regions_cnt,
     478           0 :     /* acc_region_metas      */ acc_region_metas,
     479           0 :     /* is_deprecated         */ is_deprecated,
     480           0 :     /* direct_mapping        */ direct_mapping,
     481           0 :     /* dump_syscall_to_pb    */ dump_syscall_to_pb );
     482           0 :   if( FD_UNLIKELY( !vm ) ) {
     483             :     /* We throw an error here because it could be the case that the given heap_size > HEAP_MAX.
     484             :        In this case, Agave fails the transaction but does not error out.
     485             : 
     486             :        https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1396 */
     487           0 :     FD_LOG_WARNING(( "null vm" ));
     488           0 :     return FD_EXECUTOR_INSTR_ERR_PROGRAM_ENVIRONMENT_SETUP_FAILURE;
     489           0 :   }
     490             : 
     491           0 :   if( FD_UNLIKELY( instr_ctx->txn_ctx->fuzz_config.enable_vm_tracing ) ) {
     492           0 :     ulong event_max      = FD_RUNTIME_VM_TRACE_EVENT_MAX;
     493           0 :     ulong event_data_max = FD_RUNTIME_VM_TRACE_EVENT_DATA_MAX;
     494           0 :     vm->trace = fd_vm_trace_join( fd_vm_trace_new( fd_spad_alloc(
     495           0 :     instr_ctx->txn_ctx->spad, fd_vm_trace_align(), fd_vm_trace_footprint( event_max, event_data_max ) ), event_max, event_data_max ) );
     496           0 :     if( FD_UNLIKELY( !vm->trace ) ) FD_LOG_ERR(( "unable to create trace; make sure you've compiled with sufficient spad size " ));
     497           0 :   }
     498             : 
     499           0 :   int exec_err = fd_vm_exec( vm );
     500           0 :   instr_ctx->txn_ctx->compute_budget_details.compute_meter = vm->cu;
     501             : 
     502           0 :   if( FD_UNLIKELY( vm->trace ) ) {
     503           0 :     err = fd_vm_trace_printf( vm->trace, vm->syscalls );
     504           0 :     if( FD_UNLIKELY( err ) ) {
     505           0 :       FD_LOG_WARNING(( "fd_vm_trace_printf failed (%i-%s)", err, fd_vm_strerror( err ) ));
     506           0 :     }
     507           0 :   }
     508             : 
     509             :   /* Log consumed compute units and return data.
     510             :      https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/lib.rs#L1418-L1429 */
     511           0 :   fd_log_collector_program_consumed( instr_ctx, pre_insn_cus-vm->cu, pre_insn_cus );
     512           0 :   if( FD_UNLIKELY( instr_ctx->txn_ctx->return_data.len ) ) {
     513           0 :     fd_log_collector_program_return( instr_ctx );
     514           0 :   }
     515             : 
     516             :   /* We have a big error-matching arm here
     517             :      https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1674-L1744 */
     518             : 
     519             :   /* Handle non-zero return status with successful VM execution. This is
     520             :      the Ok(status) case, hence exec_err must be 0 for this case to be hit.
     521             :      https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1675-L1678 */
     522           0 :   if( FD_LIKELY( !exec_err ) ) {
     523           0 :     ulong status = vm->reg[0];
     524           0 :     if( FD_UNLIKELY( status ) ) {
     525           0 :       err = program_error_to_instr_error( status, &instr_ctx->txn_ctx->custom_err );
     526           0 :       FD_VM_PREPARE_ERR_OVERWRITE( vm );
     527           0 :       FD_VM_ERR_FOR_LOG_INSTR( vm, err );
     528           0 :       return err;
     529           0 :     }
     530           0 :   } else {
     531             :     /* https://github.com/anza-xyz/agave/blob/v2.1.13/programs/bpf_loader/src/lib.rs#L1434-L1439 */
     532             :     /* (SIMD-182) Consume ALL requested CUs on non-Syscall errors */
     533           0 :     if( FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, deplete_cu_meter_on_vm_failure ) &&
     534           0 :         exec_err!=FD_VM_ERR_EBPF_SYSCALL_ERROR ) {
     535           0 :       instr_ctx->txn_ctx->compute_budget_details.compute_meter = 0UL;
     536           0 :     }
     537             : 
     538             :     /* Direct mapping access violation case
     539             :        Edge case with error codes: if direct mapping is enabled, the EBPF error is an access violation,
     540             :        and the access type was a store, a different error code is returned to give developers more insight
     541             :        as to what caused the error.
     542             :        https://github.com/anza-xyz/agave/blob/v2.0.9/programs/bpf_loader/src/lib.rs#L1436-L1470 */
     543           0 :     if( FD_UNLIKELY( direct_mapping && exec_err==FD_VM_ERR_EBPF_ACCESS_VIOLATION &&
     544           0 :                      vm->segv_vaddr!=ULONG_MAX &&
     545           0 :                      vm->segv_access_type==FD_VM_ACCESS_TYPE_ST ) ) {
     546             :       /* vaddrs start at 0xFFFFFFFF + 1, so anything below it would not correspond to any account metadata. */
     547           0 :       if( FD_UNLIKELY( vm->segv_vaddr>>32UL==0UL ) ) {
     548           0 :         return FD_EXECUTOR_INSTR_ERR_PROGRAM_FAILED_TO_COMPLETE;
     549           0 :       }
     550             : 
     551             :       /* Find the account meta corresponding to the vaddr */
     552           0 :       ulong vaddr_offset = vm->segv_vaddr & FD_VM_OFFSET_MASK;
     553           0 :       ulong acc_region_addl_off = is_deprecated ? 0UL : MAX_PERMITTED_DATA_INCREASE;
     554             : 
     555             :       /* If the vaddr doesn't live in the input region, then we don't need to
     556             :          bother trying to iterate through all of the borrowed accounts. */
     557           0 :       if( FD_VADDR_TO_REGION( vm->segv_vaddr )!=FD_VM_INPUT_REGION ) {
     558           0 :         return FD_EXECUTOR_INSTR_ERR_PROGRAM_FAILED_TO_COMPLETE;
     559           0 :       }
     560             : 
     561             :       /* If the vaddr of the access violation falls within the bounds of a
     562             :          serialized account vaddr range, then try to retrieve a more specific
     563             :          vm error based on the account's accesss permissions. */
     564           0 :       for( ushort i=0UL; i<instr_ctx->instr->acct_cnt; i++ ) {
     565             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1455 */
     566           0 :         fd_guarded_borrowed_account_t instr_acc;
     567           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, i, &instr_acc );
     568             : 
     569           0 :         ulong idx = acc_region_metas[i].region_idx;
     570           0 :         if( input_mem_regions[idx].vaddr_offset<=vaddr_offset && vaddr_offset<input_mem_regions[idx].vaddr_offset+pre_lens[i]+acc_region_addl_off ) {
     571             : 
     572             :           /* Found an input mem region!
     573             :              https://github.com/anza-xyz/agave/blob/89872fdb074e6658646b2b57a299984f0059cc84/programs/bpf_loader/src/lib.rs#L1515-L1528 */
     574           0 :           if( !FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) &&
     575           0 :               fd_borrowed_account_is_executable( &instr_acc ) ) {
     576           0 :             err = FD_EXECUTOR_INSTR_ERR_EXECUTABLE_DATA_MODIFIED;
     577           0 :           } else if( fd_borrowed_account_is_writable( &instr_acc ) ) {
     578           0 :             err = FD_EXECUTOR_INSTR_ERR_EXTERNAL_DATA_MODIFIED;
     579           0 :           } else {
     580           0 :             err = FD_EXECUTOR_INSTR_ERR_READONLY_DATA_MODIFIED;
     581           0 :           }
     582           0 :           return err;
     583           0 :         }
     584           0 :       }
     585           0 :     }
     586             : 
     587             :     /* The error kind should have been set in the VM. Match it and set
     588             :        the error code accordingly. There are no direct permalinks here -
     589             :        this is all a result of Agave's complex nested error-code handling
     590             :        and our design decisions for making our error codes match. */
     591             : 
     592             :     /* Instr error case. Set the error kind and return the instruction error */
     593           0 :     if( instr_ctx->txn_ctx->exec_err_kind==FD_EXECUTOR_ERR_KIND_INSTR ) {
     594           0 :       err = instr_ctx->txn_ctx->exec_err;
     595           0 :       FD_VM_PREPARE_ERR_OVERWRITE( vm );
     596           0 :       FD_VM_ERR_FOR_LOG_INSTR( vm, err );
     597           0 :       return err;
     598           0 :     }
     599             : 
     600             :     /* Syscall error case. The VM would have also set the syscall error
     601             :        code in the txn_ctx exec_err. */
     602           0 :     if( instr_ctx->txn_ctx->exec_err_kind==FD_EXECUTOR_ERR_KIND_SYSCALL ) {
     603           0 :       err = instr_ctx->txn_ctx->exec_err;
     604           0 :       FD_VM_PREPARE_ERR_OVERWRITE( vm );
     605           0 :       FD_VM_ERR_FOR_LOG_SYSCALL( vm, err );
     606           0 :       return FD_EXECUTOR_INSTR_ERR_PROGRAM_FAILED_TO_COMPLETE;
     607           0 :     }
     608             : 
     609             :     /* An access violation that takes place inside a syscall will
     610             :        cause `exec_res` to be set to EbpfError::SyscallError,
     611             :        but the `txn_ctx->exec_err_kind` will be set to EBPF and
     612             :        `txn_ctx->exec_err` will be set to the EBPF error. In this
     613             :        specific case, there is nothing to do since the error and error
     614             :        kind area already set correctly. Otherwise, we need to log the
     615             :        EBPF error. */
     616           0 :     if( exec_err!=FD_VM_ERR_EBPF_SYSCALL_ERROR ) {
     617           0 :       FD_VM_PREPARE_ERR_OVERWRITE( vm );
     618           0 :       FD_VM_ERR_FOR_LOG_EBPF( vm, exec_err );
     619           0 :     }
     620             : 
     621           0 :     return FD_EXECUTOR_INSTR_ERR_PROGRAM_FAILED_TO_COMPLETE;
     622           0 :   }
     623             : 
     624           0 :   err = fd_bpf_loader_input_deserialize_parameters( instr_ctx, pre_lens, input, input_sz, direct_mapping, is_deprecated );
     625           0 :   if( FD_UNLIKELY( err ) ) {
     626           0 :     return err;
     627           0 :   }
     628             : 
     629           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
     630           0 : }
     631             : 
     632             : /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1358-L1539 */
     633             : static int
     634             : common_extend_program( fd_exec_instr_ctx_t * instr_ctx,
     635             :                        uint                  additional_bytes,
     636           0 :                        uchar                 check_authority ) {
     637           0 :   int err;
     638             : 
     639             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1366 */
     640           0 :   fd_pubkey_t const * program_id = NULL;
     641           0 :   err = fd_exec_instr_ctx_get_last_program_key( instr_ctx, &program_id );
     642           0 :   if( FD_UNLIKELY( err ) ) {
     643           0 :     return err;
     644           0 :   }
     645             : 
     646             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1368-L1370 */
     647           0 :   #define PROGRAM_DATA_ACCOUNT_INDEX (0)
     648           0 :   #define PROGRAM_ACCOUNT_INDEX      (1)
     649           0 :   #define AUTHORITY_ACCOUNT_INDEX    (2)
     650             : 
     651             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1371-L1372 */
     652           0 :   uchar optional_payer_account_index = check_authority ? 4 : 3;
     653             : 
     654             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1374-L1377 */
     655           0 :   if( FD_UNLIKELY( additional_bytes==0U ) ) {
     656           0 :     fd_log_collector_msg_literal( instr_ctx, "Additional bytes must be greater than 0" );
     657           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
     658           0 :   }
     659             : 
     660             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1379-L1381 */
     661           0 :   fd_guarded_borrowed_account_t programdata_account;
     662           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, PROGRAM_DATA_ACCOUNT_INDEX, &programdata_account );
     663           0 :   fd_pubkey_t * programdata_key = programdata_account.acct->pubkey;
     664             : 
     665             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1383-L1386 */
     666           0 :   if( FD_UNLIKELY( memcmp( program_id, fd_borrowed_account_get_owner( &programdata_account ), sizeof(fd_pubkey_t) ) ) ) {
     667           0 :     fd_log_collector_msg_literal( instr_ctx, "ProgramData owner is invalid" );
     668           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_OWNER;
     669           0 :   }
     670             : 
     671             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1387-L1390 */
     672           0 :   if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &programdata_account ) ) ) {
     673           0 :     fd_log_collector_msg_literal( instr_ctx, "ProgramData is not writable" );
     674           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
     675           0 :   }
     676             : 
     677             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1392-L1393 */
     678           0 :   fd_guarded_borrowed_account_t program_account;
     679           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, PROGRAM_ACCOUNT_INDEX, &program_account );
     680             : 
     681             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1394-L1397 */
     682           0 :   if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &program_account ) ) ) {
     683           0 :     fd_log_collector_msg_literal( instr_ctx, "Program account is not writable" );
     684           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
     685           0 :   }
     686             : 
     687             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1398-L1401 */
     688           0 :   if( FD_UNLIKELY( memcmp( program_id, fd_borrowed_account_get_owner( &program_account ), sizeof(fd_pubkey_t) ) ) ) {
     689           0 :     fd_log_collector_msg_literal( instr_ctx, "Program account not owned by loader" );
     690           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_OWNER;
     691           0 :   }
     692             : 
     693             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1403-L1419 */
     694           0 :   fd_bpf_upgradeable_loader_state_t * program_state = fd_bpf_loader_program_get_state( program_account.acct, instr_ctx->txn_ctx->spad, &err );
     695           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     696           0 :     return err;
     697           0 :   }
     698           0 :   if( fd_bpf_upgradeable_loader_state_is_program( program_state ) ) {
     699           0 :     if( FD_UNLIKELY( memcmp( &program_state->inner.program.programdata_address, programdata_key, sizeof(fd_pubkey_t) ) ) ) {
     700           0 :       fd_log_collector_msg_literal( instr_ctx, "Program account does not match ProgramData account" );
     701           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
     702           0 :     }
     703           0 :   } else {
     704           0 :     fd_log_collector_msg_literal( instr_ctx, "Invalid Program account" );
     705           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     706           0 :   }
     707             : 
     708             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1420 */
     709           0 :   fd_borrowed_account_drop( &program_account );
     710             : 
     711             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1422-L1432 */
     712           0 :   ulong old_len = fd_borrowed_account_get_data_len( &programdata_account );
     713           0 :   ulong new_len = fd_ulong_sat_add( old_len, additional_bytes );
     714           0 :   if( FD_UNLIKELY( new_len>MAX_PERMITTED_DATA_LENGTH ) ) {
     715             :     /* Max msg_sz: 85 - 6 + 2*20 = 119 < 127 => we can use printf */
     716           0 :     fd_log_collector_printf_dangerous_max_127( instr_ctx,
     717           0 :       "Extended ProgramData length of %lu bytes exceeds max account data length of %lu bytes", new_len, MAX_PERMITTED_DATA_LENGTH );
     718           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_REALLOC;
     719           0 :   }
     720             : 
     721             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1434-L1437 */
     722           0 :   fd_sol_sysvar_clock_t clock[1];
     723           0 :   if( FD_UNLIKELY( !fd_sysvar_cache_clock_read( instr_ctx->sysvar_cache, clock ) ) ) {
     724           0 :     return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_SYSVAR;
     725           0 :   }
     726           0 :   ulong clock_slot = clock->slot;
     727             : 
     728             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1439-L1478 */
     729           0 :   fd_pubkey_t * upgrade_authority_address = NULL;
     730           0 :   fd_bpf_upgradeable_loader_state_t * programdata_state = fd_bpf_loader_program_get_state( programdata_account.acct, instr_ctx->txn_ctx->spad, &err );
     731           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     732           0 :     return err;
     733           0 :   }
     734           0 :   if( fd_bpf_upgradeable_loader_state_is_program_data( programdata_state ) ) {
     735             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1444-L1447 */
     736           0 :     if( FD_UNLIKELY( clock_slot==programdata_state->inner.program_data.slot ) ) {
     737           0 :       fd_log_collector_msg_literal( instr_ctx, "Program was extended in this block already" );
     738           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
     739           0 :     }
     740             : 
     741             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1449-L1455 */
     742           0 :     if( FD_UNLIKELY( !programdata_state->inner.program_data.has_upgrade_authority_address ) ) {
     743           0 :       fd_log_collector_msg_literal( instr_ctx, "Cannot extend ProgramData accounts that are not upgradeable" );
     744           0 :       return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
     745           0 :     }
     746             : 
     747             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1457-L1472 */
     748           0 :     if( check_authority ) {
     749             :       /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1458-L1463 */
     750           0 :       fd_pubkey_t const * authority_key = NULL;
     751           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, AUTHORITY_ACCOUNT_INDEX, &authority_key );
     752           0 :       if( FD_UNLIKELY( err ) ) {
     753           0 :         return err;
     754           0 :       }
     755             : 
     756             :       /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1464-L1467 */
     757           0 :       if( FD_UNLIKELY( !fd_pubkey_eq( &programdata_state->inner.program_data.upgrade_authority_address, authority_key ) ) ) {
     758           0 :         fd_log_collector_msg_literal( instr_ctx, "Incorrect upgrade authority provided" );
     759           0 :         return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
     760           0 :       }
     761             : 
     762             :       /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1468-L1471 */
     763           0 :       if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, AUTHORITY_ACCOUNT_INDEX ) ) ) {
     764           0 :         fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
     765           0 :         return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
     766           0 :       }
     767           0 :     }
     768             : 
     769             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1474 */
     770           0 :     fd_bpf_upgradeable_loader_state_program_data_t * pd = &programdata_state->inner.program_data;
     771           0 :     upgrade_authority_address = pd->has_upgrade_authority_address ? &pd->upgrade_authority_address : NULL;
     772           0 :   } else {
     773             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1476-L1477 */
     774           0 :     fd_log_collector_msg_literal( instr_ctx, "ProgramData state is invalid" );
     775           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
     776           0 :   }
     777             : 
     778             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1480-L1485 */
     779           0 :   fd_rent_t const * rent             = fd_bank_rent_query( instr_ctx->txn_ctx->bank );
     780           0 :   ulong             balance          = fd_borrowed_account_get_lamports( &programdata_account );
     781           0 :   ulong             min_balance      = fd_ulong_max( fd_rent_exempt_minimum_balance( rent, new_len ), 1UL );
     782           0 :   ulong             required_payment = fd_ulong_sat_sub( min_balance, balance );
     783             : 
     784             :   /* Borrowed accounts need to be dropped before native invocations. Note:
     785             :      the programdata account is manually released and acquired within the
     786             :      extend instruction to preserve the local variable scoping to maintain
     787             :      readability. The scoped macro still successfully handles the case of
     788             :      freeing a write lock in case of an early termination. */
     789             : 
     790             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1488 */
     791           0 :   fd_borrowed_account_drop( &programdata_account );
     792             : 
     793             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1492-L1502 */
     794           0 :   if( FD_UNLIKELY( required_payment>0UL ) ) {
     795             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1493-L1496 */
     796           0 :     fd_pubkey_t const * payer_key = NULL;
     797           0 :     err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, optional_payer_account_index, &payer_key );
     798           0 :     if( FD_UNLIKELY( err ) ) {
     799           0 :       return err;
     800           0 :     }
     801             : 
     802             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1498-L1501 */
     803           0 :     uchar instr_data[FD_TXN_MTU];
     804           0 :     fd_system_program_instruction_t instr = {
     805           0 :       .discriminant = fd_system_program_instruction_enum_transfer,
     806           0 :       .inner = {
     807           0 :         .transfer = required_payment
     808           0 :       }
     809           0 :     };
     810             : 
     811           0 :     fd_bincode_encode_ctx_t encode_ctx = {
     812           0 :       .data    = instr_data,
     813           0 :       .dataend = instr_data + FD_TXN_MTU
     814           0 :     };
     815             : 
     816             :     // This should never fail.
     817           0 :     int err = fd_system_program_instruction_encode( &instr, &encode_ctx );
     818           0 :     if( FD_UNLIKELY( err ) ) {
     819           0 :       return FD_EXECUTOR_INSTR_ERR_FATAL;
     820           0 :     }
     821             : 
     822           0 :     fd_vm_rust_account_meta_t * acct_metas = (fd_vm_rust_account_meta_t *)
     823           0 :                                               fd_spad_alloc( instr_ctx->txn_ctx->spad,
     824           0 :                                                              FD_VM_RUST_ACCOUNT_META_ALIGN,
     825           0 :                                                              2UL * sizeof(fd_vm_rust_account_meta_t) );
     826           0 :     fd_native_cpi_create_account_meta( payer_key,       1UL, 1UL, &acct_metas[ 0UL ] );
     827           0 :     fd_native_cpi_create_account_meta( programdata_key, 0UL, 1UL, &acct_metas[ 1UL ] );
     828             : 
     829           0 :     err = fd_native_cpi_native_invoke( instr_ctx,
     830           0 :                                         &fd_solana_system_program_id,
     831           0 :                                         instr_data,
     832           0 :                                         FD_TXN_MTU,
     833           0 :                                         acct_metas,
     834           0 :                                         2UL,
     835           0 :                                         NULL,
     836           0 :                                         0UL );
     837           0 :     if( FD_UNLIKELY( err ) ) {
     838           0 :       return err;
     839           0 :     }
     840           0 :   }
     841             : 
     842             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1506-L1507 */
     843           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, PROGRAM_DATA_ACCOUNT_INDEX, &programdata_account );
     844             : 
     845             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1508 */
     846           0 :   err = fd_borrowed_account_set_data_length( &programdata_account, new_len );
     847           0 :   if( FD_UNLIKELY( err ) ) {
     848           0 :     return err;
     849           0 :   }
     850             : 
     851             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1510 */
     852           0 :   ulong programdata_data_offset = PROGRAMDATA_METADATA_SIZE;
     853             : 
     854             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1517-L1520 */
     855           0 :   if( FD_UNLIKELY( programdata_data_offset>fd_borrowed_account_get_data_len( &programdata_account ) ) ) {
     856           0 :     return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
     857           0 :   }
     858           0 :   uchar const * programdata_data = fd_borrowed_account_get_data( &programdata_account ) + programdata_data_offset;
     859           0 :   ulong         programdata_size = new_len - PROGRAMDATA_METADATA_SIZE;
     860             : 
     861             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1512-L1522 */
     862           0 :   err = fd_deploy_program( instr_ctx, program_account.acct->pubkey, programdata_data, programdata_size, instr_ctx->txn_ctx->spad );
     863           0 :   if( FD_UNLIKELY( err ) ) {
     864           0 :     return err;
     865           0 :   }
     866             : 
     867             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1523 */
     868           0 :   fd_borrowed_account_drop( &programdata_account );
     869             : 
     870             :   /* Setting the discriminant and upgrade authority address here can likely
     871             :      be a no-op because these values shouldn't change. These can probably be
     872             :      removed, but can help to mirror against Agave client's implementation.
     873             :      The set_state function also contains an ownership check. */
     874             : 
     875             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1525-L1526 */
     876           0 :   FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &programdata_account );
     877             : 
     878             :   /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1527-L1530 */
     879           0 :   programdata_state->discriminant            = fd_bpf_upgradeable_loader_state_enum_program_data;
     880           0 :   programdata_state->inner.program_data.slot = clock_slot;
     881           0 :   programdata_state->inner.program_data.has_upgrade_authority_address = !!upgrade_authority_address;
     882           0 :   if( upgrade_authority_address ) programdata_state->inner.program_data.upgrade_authority_address = *upgrade_authority_address;
     883             : 
     884           0 :   err = fd_bpf_loader_v3_program_set_state( &programdata_account, programdata_state );
     885           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     886           0 :     return err;
     887           0 :   }
     888             : 
     889             :   /* Max msg_sz: 41 - 2 + 20 = 57 < 127 => we can use printf
     890             :      https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1532-L1536 */
     891           0 :   fd_log_collector_printf_dangerous_max_127( instr_ctx,
     892           0 :     "Extended ProgramData account by %u bytes", additional_bytes );
     893             : 
     894             :   /* programdata account is dropped when it goes out of scope */
     895             : 
     896           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
     897             : 
     898           0 :   #undef PROGRAM_DATA_ACCOUNT_INDEX
     899           0 :   #undef PROGRAM_ACCOUNT_INDEX
     900           0 :   #undef AUTHORITY_ACCOUNT_INDEX
     901           0 : }
     902             : 
     903             : /* https://github.com/anza-xyz/agave/blob/77daab497df191ef485a7ad36ed291c1874596e5/programs/bpf_loader/src/lib.rs#L566-L1444 */
     904             : static int
     905           0 : process_loader_upgradeable_instruction( fd_exec_instr_ctx_t * instr_ctx ) {
     906           0 :   uchar const * data = instr_ctx->instr->data;
     907           0 :   fd_spad_t *   spad = instr_ctx->txn_ctx->spad;
     908             : 
     909           0 :   int err;
     910           0 :   fd_bpf_upgradeable_loader_program_instruction_t * instruction =
     911           0 :     fd_bincode_decode_spad(
     912           0 :       bpf_upgradeable_loader_program_instruction, spad,
     913           0 :       data,
     914           0 :       instr_ctx->instr->data_sz>FD_TXN_MTU ? FD_TXN_MTU: instr_ctx->instr->data_sz,
     915           0 :       &err );
     916           0 :   if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     917           0 :     return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
     918           0 :   }
     919             : 
     920             :   /* https://github.com/anza-xyz/agave/blob/v2.2.0/programs/bpf_loader/src/lib.rs#L510 */
     921           0 :   fd_pubkey_t const * program_id = NULL;
     922           0 :   err = fd_exec_instr_ctx_get_last_program_key( instr_ctx, &program_id );
     923           0 :   if( FD_UNLIKELY( err ) ) {
     924           0 :     return err;
     925           0 :   }
     926             : 
     927           0 :   switch( instruction->discriminant ) {
     928             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L476-L493 */
     929           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_initialize_buffer: {
     930           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 2U ) ) ) {
     931           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
     932           0 :       }
     933             : 
     934             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L479 */
     935           0 :       fd_guarded_borrowed_account_t buffer;
     936           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &buffer );
     937           0 :       fd_bpf_upgradeable_loader_state_t * buffer_state = fd_bpf_loader_program_get_state( buffer.acct,
     938           0 :                                                                                           spad,
     939           0 :                                                                                           &err );
     940           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     941           0 :         return err;
     942           0 :       }
     943             : 
     944           0 :       if( FD_UNLIKELY( !fd_bpf_upgradeable_loader_state_is_uninitialized( buffer_state ) ) ) {
     945           0 :         fd_log_collector_msg_literal( instr_ctx, "Buffer account is already initialized" );
     946           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_ALREADY_INITIALIZED;
     947           0 :       }
     948             : 
     949             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L487-L489 */
     950           0 :       fd_pubkey_t const * authority_key = NULL;
     951           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &authority_key );
     952           0 :       if( FD_UNLIKELY( err ) ) {
     953           0 :         return err;
     954           0 :       }
     955             : 
     956           0 :       buffer_state->discriminant                       = fd_bpf_upgradeable_loader_state_enum_buffer;
     957           0 :       buffer_state->inner.buffer.has_authority_address = 1;
     958           0 :       buffer_state->inner.buffer.authority_address     = *authority_key;
     959             : 
     960           0 :       err = fd_bpf_loader_v3_program_set_state( &buffer, buffer_state );
     961           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     962           0 :         return err;
     963           0 :       }
     964             : 
     965             :       /* implicit drop of buffer account */
     966             : 
     967           0 :       break;
     968           0 :     }
     969             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L494-L525 */
     970           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_write: {
     971           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 2U ) ) ) {
     972           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
     973           0 :       }
     974             : 
     975             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L497 */
     976           0 :       fd_guarded_borrowed_account_t buffer;
     977           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &buffer );
     978             : 
     979           0 :        fd_bpf_upgradeable_loader_state_t * loader_state = fd_bpf_loader_program_get_state( buffer.acct,
     980           0 :                                                                                            spad,
     981           0 :                                                                                            &err );
     982           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
     983           0 :         return err;
     984           0 :       }
     985             : 
     986           0 :       if( fd_bpf_upgradeable_loader_state_is_buffer( loader_state ) ) {
     987           0 :         if( FD_UNLIKELY( !loader_state->inner.buffer.has_authority_address ) ) {
     988           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer is immutable" );
     989           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
     990           0 :         }
     991             : 
     992             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L505-L507 */
     993           0 :         fd_pubkey_t const * authority_key = NULL;
     994           0 :         err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &authority_key );
     995           0 :         if( FD_UNLIKELY( err ) ) {
     996           0 :           return err;
     997           0 :         }
     998             : 
     999           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &loader_state->inner.buffer.authority_address, authority_key ) ) ) {
    1000           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect buffer authority provided" );
    1001           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1002           0 :         }
    1003           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 1UL ) ) ) {
    1004           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer authority did not sign" );
    1005           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1006           0 :         }
    1007           0 :       } else {
    1008           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid Buffer account" );
    1009           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    1010           0 :       }
    1011             : 
    1012             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L520 */
    1013           0 :       fd_borrowed_account_drop( &buffer );
    1014             : 
    1015           0 :       ulong program_data_offset = fd_ulong_sat_add( BUFFER_METADATA_SIZE, instruction->inner.write.offset );
    1016           0 :       err = write_program_data( instr_ctx,
    1017           0 :                                 0UL,
    1018           0 :                                 program_data_offset,
    1019           0 :                                 instruction->inner.write.bytes,
    1020           0 :                                 instruction->inner.write.bytes_len );
    1021           0 :       if( FD_UNLIKELY( err ) ) {
    1022           0 :         return err;
    1023           0 :       }
    1024             : 
    1025           0 :       break;
    1026           0 :     }
    1027             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L526-L702 */
    1028           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_deploy_with_max_data_len: {
    1029             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L527-L541 */
    1030           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 4U ) ) ) {
    1031           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1032           0 :       }
    1033             : 
    1034             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L529-L534 */
    1035           0 :       fd_pubkey_t const * payer_key       = NULL;
    1036           0 :       fd_pubkey_t const * programdata_key = NULL;
    1037             : 
    1038           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 0UL, &payer_key );
    1039           0 :       if( FD_UNLIKELY( err ) ) {
    1040           0 :         return err;
    1041           0 :       }
    1042             : 
    1043           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &programdata_key );
    1044           0 :       if( FD_UNLIKELY( err ) ) {
    1045           0 :         return err;
    1046           0 :       }
    1047             : 
    1048             :       /* rent is accessed directly from the epoch bank and the clock from the
    1049             :         slot context. However, a check must be done to make sure that the
    1050             :         sysvars are correctly included in the set of transaction accounts. */
    1051           0 :       err = fd_sysvar_instr_acct_check( instr_ctx, 4UL, &fd_sysvar_rent_id );
    1052           0 :       if( FD_UNLIKELY( err ) ) {
    1053           0 :         return err;
    1054           0 :       }
    1055           0 :       err = fd_sysvar_instr_acct_check( instr_ctx, 5UL, &fd_sysvar_clock_id );
    1056           0 :       if( FD_UNLIKELY( err ) ) {
    1057           0 :         return err;
    1058           0 :       }
    1059             : 
    1060           0 :       fd_sol_sysvar_clock_t clock_;
    1061           0 :       fd_sol_sysvar_clock_t const * clock = fd_sysvar_cache_clock_read( instr_ctx->sysvar_cache, &clock_ );
    1062           0 :       if( FD_UNLIKELY( !clock ) ) {
    1063           0 :         return FD_EXECUTOR_INSTR_ERR_GENERIC_ERR;
    1064           0 :       }
    1065             : 
    1066             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L538 */
    1067           0 :       if( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 8U ) ) {
    1068           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1069           0 :       }
    1070             : 
    1071             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L539-L541 */
    1072           0 :       fd_pubkey_t const * authority_key = NULL;
    1073           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 7UL, &authority_key );
    1074           0 :       if( FD_UNLIKELY( err ) ) return err;
    1075             : 
    1076             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L542-L560 */
    1077             :       /* Verify Program account */
    1078             : 
    1079           0 :       fd_bpf_upgradeable_loader_state_t * loader_state   = NULL;
    1080           0 :       fd_pubkey_t *                       new_program_id = NULL;
    1081           0 :       fd_rent_t const *                   rent           = fd_bank_rent_query( instr_ctx->txn_ctx->bank );
    1082             : 
    1083             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L545 */
    1084           0 :       fd_guarded_borrowed_account_t program;
    1085           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &program );
    1086             : 
    1087           0 :       loader_state = fd_bpf_loader_program_get_state( program.acct,
    1088           0 :                                                       spad,
    1089           0 :                                                       &err );
    1090             : 
    1091           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1092           0 :         return err;
    1093           0 :       }
    1094           0 :       if( FD_UNLIKELY( !fd_bpf_upgradeable_loader_state_is_uninitialized( loader_state ) ) ) {
    1095           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account already initialized" );
    1096           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_ALREADY_INITIALIZED;
    1097           0 :       }
    1098           0 :       if( FD_UNLIKELY( fd_borrowed_account_get_data_len( &program )<SIZE_OF_PROGRAM ) ) {
    1099           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account too small" );
    1100           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1101           0 :       }
    1102           0 :       if( FD_UNLIKELY( fd_borrowed_account_get_lamports( &program )<
    1103           0 :                        fd_rent_exempt_minimum_balance( rent, fd_borrowed_account_get_data_len( &program ) ) ) ) {
    1104           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not rent-exempt" );
    1105           0 :         return FD_EXECUTOR_INSTR_ERR_EXECUTABLE_ACCOUNT_NOT_RENT_EXEMPT;
    1106           0 :       }
    1107           0 :       new_program_id = program.acct->pubkey;
    1108             : 
    1109             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L560 */
    1110           0 :       fd_borrowed_account_drop( &program );
    1111             : 
    1112             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L561-L600 */
    1113             :       /* Verify Buffer account */
    1114             : 
    1115           0 :       fd_pubkey_t * buffer_key       = NULL;
    1116           0 :       ulong buffer_data_offset       = 0UL;
    1117           0 :       ulong buffer_data_len          = 0UL;
    1118           0 :       ulong programdata_len          = 0UL;
    1119             : 
    1120             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L564-L565 */
    1121           0 :       fd_guarded_borrowed_account_t buffer;
    1122           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 3UL, &buffer );
    1123             : 
    1124           0 :       fd_bpf_upgradeable_loader_state_t * buffer_state = fd_bpf_loader_program_get_state( buffer.acct, spad, &err );
    1125           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1126           0 :         return err;
    1127           0 :       }
    1128             : 
    1129           0 :       if( fd_bpf_upgradeable_loader_state_is_buffer( buffer_state ) ) {
    1130           0 :         if( FD_UNLIKELY( (authority_key==NULL) != (!buffer_state->inner.buffer.has_authority_address) ||
    1131           0 :             (authority_key!=NULL && !fd_pubkey_eq( &buffer_state->inner.buffer.authority_address, authority_key ) ) ) ) {
    1132           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer and upgrade authority don't match" );
    1133           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1134           0 :         }
    1135           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 7UL ) ) ) {
    1136           0 :           fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
    1137           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1138           0 :         }
    1139           0 :       } else {
    1140           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid Buffer account" );
    1141           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1142           0 :       }
    1143           0 :       buffer_key         = buffer.acct->pubkey;
    1144           0 :       buffer_data_offset = BUFFER_METADATA_SIZE;
    1145           0 :       buffer_data_len    = fd_ulong_sat_sub( fd_borrowed_account_get_data_len( &buffer ), buffer_data_offset );
    1146             :       /* UpgradeableLoaderState::size_of_program_data( max_data_len ) */
    1147           0 :       programdata_len    = fd_ulong_sat_add( PROGRAMDATA_METADATA_SIZE,
    1148           0 :                                              instruction->inner.deploy_with_max_data_len.max_data_len );
    1149             : 
    1150           0 :       if( FD_UNLIKELY( fd_borrowed_account_get_data_len( &buffer )<BUFFER_METADATA_SIZE || buffer_data_len==0UL ) ) {
    1151           0 :         fd_log_collector_msg_literal( instr_ctx, "Buffer account too small" );
    1152           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    1153           0 :       }
    1154             : 
    1155           0 :       if( FD_UNLIKELY( instruction->inner.deploy_with_max_data_len.max_data_len<buffer_data_len ) ) {
    1156           0 :         fd_log_collector_msg_literal( instr_ctx, "Max data length is too small to hold Buffer data" );
    1157           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1158           0 :       }
    1159             : 
    1160           0 :       if( FD_UNLIKELY( programdata_len>MAX_PERMITTED_DATA_LENGTH ) ) {
    1161           0 :         fd_log_collector_msg_literal( instr_ctx, "Max data length is too large" );
    1162           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1163           0 :       }
    1164             : 
    1165             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L590 */
    1166           0 :       fd_borrowed_account_drop( &buffer );
    1167             : 
    1168             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L602-L608 */
    1169             :       /* Create ProgramData account */
    1170             : 
    1171           0 :       fd_pubkey_t derived_address[ 1UL ];
    1172           0 :       uchar const * seeds[ 1UL ];
    1173           0 :       seeds[ 0UL ]    = (uchar const *)new_program_id;
    1174           0 :       ulong seed_sz   = sizeof(fd_pubkey_t);
    1175           0 :       uchar bump_seed = 0;
    1176           0 :       err = fd_pubkey_find_program_address( program_id, 1UL, seeds, &seed_sz, derived_address,
    1177           0 :                                             &bump_seed, &instr_ctx->txn_ctx->custom_err );
    1178           0 :       if( FD_UNLIKELY( err ) ) {
    1179             :         /* TODO: We should handle these errors more gracefully instead of just killing the client (e.g. excluding the transaction
    1180             :            from the block). */
    1181           0 :         FD_LOG_ERR(( "Unable to find a viable program address bump seed" )); // Solana panics, error code is undefined
    1182           0 :         return err;
    1183           0 :       }
    1184           0 :       if( FD_UNLIKELY( memcmp( derived_address, programdata_key, sizeof(fd_pubkey_t) ) ) ) {
    1185           0 :         fd_log_collector_msg_literal( instr_ctx, "ProgramData address is not derived" );
    1186           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1187           0 :       }
    1188             : 
    1189             :       /* Drain the Buffer account to payer before paying for programdata account in a local scope
    1190             :          https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L612-L628 */
    1191             : 
    1192           0 :       do {
    1193             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L615 */
    1194           0 :         fd_guarded_borrowed_account_t payer;
    1195           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &payer );
    1196             : 
    1197             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L613 */
    1198           0 :         fd_guarded_borrowed_account_t buffer;
    1199           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 3UL, &buffer );
    1200             : 
    1201           0 :         err = fd_borrowed_account_checked_add_lamports( &payer, fd_borrowed_account_get_lamports( &buffer ) );
    1202           0 :         if( FD_UNLIKELY( err ) ) {
    1203           0 :           return err;
    1204           0 :         }
    1205           0 :         err = fd_borrowed_account_set_lamports( &buffer, 0UL );
    1206           0 :         if( FD_UNLIKELY( err ) ) {
    1207           0 :           return err;
    1208           0 :         }
    1209           0 :       } while (0);
    1210             : 
    1211             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L628-L642 */
    1212             :       /* Pass an extra account to avoid the overly strict unbalanced instruction error */
    1213             :       /* Invoke the system program to create the new account */
    1214           0 :       uchar instr_data[FD_TXN_MTU];
    1215           0 :       fd_system_program_instruction_create_account_t create_acct = {
    1216           0 :         .lamports = fd_rent_exempt_minimum_balance( rent, programdata_len ),
    1217           0 :         .space    = programdata_len,
    1218           0 :         .owner    = *program_id,
    1219           0 :       };
    1220           0 :       if( !create_acct.lamports ) {
    1221           0 :         create_acct.lamports = 1UL;
    1222           0 :       }
    1223             : 
    1224           0 :       fd_system_program_instruction_t instr = {
    1225           0 :         .discriminant = fd_system_program_instruction_enum_create_account,
    1226           0 :         .inner = {
    1227           0 :           .create_account = create_acct,
    1228           0 :         }
    1229           0 :       };
    1230             : 
    1231           0 :       fd_bincode_encode_ctx_t encode_ctx = {
    1232           0 :         .data    = instr_data,
    1233           0 :         .dataend = instr_data + FD_TXN_MTU
    1234           0 :       };
    1235             : 
    1236             :       // This should never fail.
    1237           0 :       int err = fd_system_program_instruction_encode( &instr, &encode_ctx );
    1238           0 :       if( FD_UNLIKELY( err ) ) {
    1239           0 :         return FD_EXECUTOR_INSTR_ERR_FATAL;
    1240           0 :       }
    1241             : 
    1242           0 :       fd_vm_rust_account_meta_t * acct_metas = (fd_vm_rust_account_meta_t*)
    1243           0 :                                                 fd_spad_alloc( instr_ctx->txn_ctx->spad,
    1244           0 :                                                                FD_VM_RUST_ACCOUNT_META_ALIGN,
    1245           0 :                                                                3UL * sizeof(fd_vm_rust_account_meta_t) );
    1246           0 :       fd_native_cpi_create_account_meta( payer_key,       1U, 1U, &acct_metas[ 0UL ] );
    1247           0 :       fd_native_cpi_create_account_meta( programdata_key, 1U, 1U, &acct_metas[ 1UL ] );
    1248           0 :       fd_native_cpi_create_account_meta( buffer_key,      0U, 1U, &acct_metas[ 2UL ] );
    1249             : 
    1250             :       /* caller_program_id == program_id */
    1251           0 :       fd_pubkey_t signers[ 1UL ];
    1252           0 :       err = fd_pubkey_derive_pda( program_id, 1UL, seeds, &seed_sz, &bump_seed, signers, &instr_ctx->txn_ctx->custom_err );
    1253           0 :       if( FD_UNLIKELY( err ) ) {
    1254           0 :         return err;
    1255           0 :       }
    1256           0 :       err = fd_native_cpi_native_invoke( instr_ctx,
    1257           0 :                                          &fd_solana_system_program_id,
    1258           0 :                                          instr_data,
    1259           0 :                                          FD_TXN_MTU,
    1260           0 :                                          acct_metas,
    1261           0 :                                          3UL,
    1262           0 :                                          signers,
    1263           0 :                                          1UL );
    1264           0 :       if( FD_UNLIKELY( err ) ) {
    1265           0 :         return err;
    1266           0 :       }
    1267             : 
    1268             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L644-L665 */
    1269             :       /* Load and verify the program bits */
    1270             : 
    1271             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L648-L649 */
    1272           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 3UL, &buffer );
    1273             : 
    1274           0 :       if( FD_UNLIKELY( buffer_data_offset>fd_borrowed_account_get_data_len( &buffer ) ) ) {
    1275           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1276           0 :       }
    1277             : 
    1278           0 :       const uchar * buffer_data = fd_borrowed_account_get_data( &buffer ) + buffer_data_offset;
    1279             : 
    1280           0 :       err = fd_deploy_program( instr_ctx, program.acct->pubkey, buffer_data, buffer_data_len, instr_ctx->txn_ctx->spad );
    1281           0 :       if( FD_UNLIKELY( err ) ) {
    1282           0 :         return err;
    1283           0 :       }
    1284             : 
    1285             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L657 */
    1286           0 :       fd_borrowed_account_drop( &buffer );
    1287             : 
    1288             :       /* Update the ProgramData account and record the program bits in a local scope
    1289             :          https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L669-L691 */
    1290           0 :       do {
    1291             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L670-L671 */
    1292           0 :         fd_guarded_borrowed_account_t programdata;
    1293           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 1UL, &programdata );
    1294             : 
    1295           0 :         fd_bpf_upgradeable_loader_state_t programdata_loader_state = {
    1296           0 :           .discriminant = fd_bpf_upgradeable_loader_state_enum_program_data,
    1297           0 :           .inner.program_data = {
    1298           0 :             .slot                          = clock->slot,
    1299           0 :             .has_upgrade_authority_address = !!authority_key,
    1300           0 :             .upgrade_authority_address     = authority_key ? *authority_key : (fd_pubkey_t){{0}},
    1301           0 :           },
    1302           0 :         };
    1303           0 :         err = fd_bpf_loader_v3_program_set_state( &programdata, &programdata_loader_state );
    1304           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1305           0 :           return err;
    1306           0 :         }
    1307             : 
    1308             :         /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L675-L689 */
    1309           0 :         if( FD_UNLIKELY( PROGRAMDATA_METADATA_SIZE+buffer_data_len>fd_borrowed_account_get_data_len( &programdata ) ) ) {
    1310           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1311           0 :         }
    1312           0 :         if( FD_UNLIKELY( buffer_data_offset>fd_borrowed_account_get_data_len( &buffer ) ) ) {
    1313           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1314           0 :         }
    1315             : 
    1316           0 :         uchar * programdata_data = NULL;
    1317           0 :         ulong   programdata_dlen = 0UL;
    1318           0 :         err = fd_borrowed_account_get_data_mut( &programdata, &programdata_data, &programdata_dlen );
    1319           0 :         if( FD_UNLIKELY( err ) ) {
    1320           0 :           return err;
    1321           0 :         }
    1322             : 
    1323           0 :         uchar *   dst_slice = programdata_data + PROGRAMDATA_METADATA_SIZE;
    1324           0 :         ulong dst_slice_len = buffer_data_len;
    1325             : 
    1326             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L683-L684 */
    1327           0 :         fd_guarded_borrowed_account_t buffer;
    1328           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 3UL, &buffer );
    1329             : 
    1330           0 :         if( FD_UNLIKELY( buffer_data_offset>fd_borrowed_account_get_data_len( &buffer ) ) ) {
    1331           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1332           0 :         }
    1333           0 :         const uchar * src_slice = fd_borrowed_account_get_data( &buffer ) + buffer_data_offset;
    1334           0 :         fd_memcpy( dst_slice, src_slice, dst_slice_len );
    1335             :         /* Update buffer data length.
    1336             :           BUFFER_METADATA_SIZE == UpgradeableLoaderState::size_of_buffer(0) */
    1337           0 :         err = fd_borrowed_account_set_data_length( &buffer, BUFFER_METADATA_SIZE );
    1338           0 :         if( FD_UNLIKELY( err ) ) {
    1339           0 :           return err;
    1340           0 :         }
    1341           0 :       } while(0);
    1342             : 
    1343             :       /* Max msg_sz: 19 - 2 + 45 = 62 < 127 => we can use printf */
    1344           0 :       fd_log_collector_printf_dangerous_max_127( instr_ctx, "Deployed program %s", FD_BASE58_ENC_32_ALLOCA( program_id ) );
    1345             : 
    1346             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L692-L699 */
    1347             : 
    1348             :       /* Update the Program account
    1349             :          https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L694-L695 */
    1350           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &program );
    1351             : 
    1352           0 :       loader_state->discriminant = fd_bpf_upgradeable_loader_state_enum_program;
    1353           0 :       loader_state->inner.program.programdata_address =  *programdata_key;
    1354           0 :       err = fd_bpf_loader_v3_program_set_state( &program, loader_state );
    1355           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1356           0 :         return err;
    1357           0 :       }
    1358           0 :       err = fd_borrowed_account_set_executable( &program, 1 );
    1359           0 :       if( FD_UNLIKELY( err ) ) {
    1360           0 :         return err;
    1361           0 :       }
    1362             : 
    1363           0 :       FD_LOG_INFO(( "Program deployed %s", FD_BASE58_ENC_32_ALLOCA( program.acct->pubkey ) ));
    1364             : 
    1365             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L700 */
    1366           0 :       fd_borrowed_account_drop( &program );
    1367             : 
    1368           0 :       break;
    1369           0 :     }
    1370             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L703-L891 */
    1371           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_upgrade: {
    1372             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L704-L714 */
    1373           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 3U ) ) ) {
    1374           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1375           0 :       }
    1376             : 
    1377             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L706-L708 */
    1378           0 :       fd_pubkey_t const * programdata_key = NULL;
    1379           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 0UL, &programdata_key );
    1380           0 :       if( FD_UNLIKELY( err ) ) {
    1381           0 :         return err;
    1382           0 :       }
    1383             : 
    1384             :       /* rent is accessed directly from the epoch bank and the clock from the
    1385             :         slot context. However, a check must be done to make sure that the
    1386             :         sysvars are correctly included in the set of transaction accounts. */
    1387           0 :       err = fd_sysvar_instr_acct_check( instr_ctx, 4UL, &fd_sysvar_rent_id );
    1388           0 :       if( FD_UNLIKELY( err ) ) {
    1389           0 :         return err;
    1390           0 :       }
    1391           0 :       err = fd_sysvar_instr_acct_check( instr_ctx, 5UL, &fd_sysvar_clock_id );
    1392           0 :       if( FD_UNLIKELY( err ) ) {
    1393           0 :         return err;
    1394           0 :       }
    1395             : 
    1396           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 7U ) ) ) {
    1397           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1398           0 :       }
    1399             : 
    1400             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L713-L715 */
    1401           0 :       fd_pubkey_t const * authority_key = NULL;
    1402           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 6UL, &authority_key );
    1403           0 :       if( FD_UNLIKELY( err ) ) return err;
    1404             : 
    1405             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L716-L745 */
    1406             :       /* Verify Program account */
    1407             : 
    1408             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L719-L720 */
    1409           0 :       fd_guarded_borrowed_account_t program;
    1410           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 1UL, &program );
    1411             : 
    1412             :       /* https://github.com/anza-xyz/agave/blob/89872fdb074e6658646b2b57a299984f0059cc84/programs/bpf_loader/src/lib.rs#L758-L765 */
    1413           0 :       if( FD_UNLIKELY( !FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) &&
    1414           0 :                        !fd_borrowed_account_is_executable( &program ) ) ) {
    1415           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not executable" );
    1416           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_NOT_EXECUTABLE;
    1417           0 :       }
    1418           0 :       if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &program ) ) ) {
    1419           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not writeable" );
    1420           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1421           0 :       }
    1422           0 :       if( FD_UNLIKELY( memcmp( fd_borrowed_account_get_owner( &program ), program_id, sizeof(fd_pubkey_t) ) ) ) {
    1423           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not owned by loader" );
    1424           0 :         return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
    1425           0 :       }
    1426           0 :       fd_bpf_upgradeable_loader_state_t * program_state = fd_bpf_loader_program_get_state( program.acct, spad, &err );
    1427           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1428           0 :         return err;
    1429           0 :       }
    1430           0 :       if( FD_UNLIKELY( fd_bpf_upgradeable_loader_state_is_program( program_state ) ) ) {
    1431           0 :         if( FD_UNLIKELY( memcmp( &program_state->inner.program.programdata_address, programdata_key, sizeof(fd_pubkey_t) ) ) ) {
    1432           0 :           fd_log_collector_msg_literal( instr_ctx, "Program and ProgramData account mismatch" );
    1433           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1434           0 :         }
    1435           0 :       } else {
    1436           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid Program account" );
    1437           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    1438           0 :       }
    1439             : 
    1440             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L746 */
    1441           0 :       fd_borrowed_account_drop( &program );
    1442             : 
    1443             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L747-L773 */
    1444             :       /* Verify Buffer account */
    1445             : 
    1446           0 :       ulong buffer_lamports    = 0UL;
    1447           0 :       ulong buffer_data_offset = 0UL;
    1448           0 :       ulong buffer_data_len    = 0UL;
    1449             : 
    1450             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L750-L751 */
    1451           0 :       fd_guarded_borrowed_account_t buffer;
    1452           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &buffer );
    1453             : 
    1454           0 :       fd_bpf_upgradeable_loader_state_t * buffer_state = fd_bpf_loader_program_get_state( buffer.acct, spad, &err );
    1455           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1456           0 :         return err;
    1457           0 :       }
    1458           0 :       if( fd_bpf_upgradeable_loader_state_is_buffer( buffer_state ) ) {
    1459           0 :         if( FD_UNLIKELY( (authority_key==NULL) != (!buffer_state->inner.buffer.has_authority_address) ||
    1460           0 :             (authority_key!=NULL && !fd_pubkey_eq( &buffer_state->inner.buffer.authority_address, authority_key ) ) ) ) {
    1461           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer and upgrade authority don't match" );
    1462           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1463           0 :         }
    1464           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 6UL ) ) ) {
    1465           0 :           fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
    1466           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1467           0 :         }
    1468           0 :       } else {
    1469           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid Buffer account" );
    1470           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1471           0 :       }
    1472           0 :       buffer_lamports    = fd_borrowed_account_get_lamports( &buffer );
    1473           0 :       buffer_data_offset = BUFFER_METADATA_SIZE;
    1474           0 :       buffer_data_len    = fd_ulong_sat_sub( fd_borrowed_account_get_data_len( &buffer ), buffer_data_offset );
    1475           0 :       if( FD_UNLIKELY( fd_borrowed_account_get_data_len( &buffer )<BUFFER_METADATA_SIZE || buffer_data_len==0UL ) ) {
    1476           0 :         fd_log_collector_msg_literal( instr_ctx, "Buffer account too small" );
    1477           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    1478           0 :       }
    1479             : 
    1480             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L774 */
    1481           0 :       fd_borrowed_account_drop( &buffer );
    1482             : 
    1483             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L775-L823 */
    1484             :       /* Verify ProgramData account */
    1485             : 
    1486           0 :       ulong                               programdata_data_offset      = PROGRAMDATA_METADATA_SIZE;
    1487           0 :       fd_bpf_upgradeable_loader_state_t * programdata_state            = NULL;
    1488           0 :       ulong                               programdata_balance_required = 0UL;
    1489             : 
    1490             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L778-L779 */
    1491           0 :       fd_guarded_borrowed_account_t programdata;
    1492           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &programdata );
    1493             : 
    1494           0 :       fd_rent_t const * rent = fd_bank_rent_query( instr_ctx->txn_ctx->bank );
    1495             : 
    1496           0 :       programdata_balance_required = fd_ulong_max( 1UL, fd_rent_exempt_minimum_balance( rent, fd_borrowed_account_get_data_len( &programdata ) ) );
    1497             : 
    1498           0 :       if( FD_UNLIKELY( fd_borrowed_account_get_data_len( &programdata )<fd_ulong_sat_add( PROGRAMDATA_METADATA_SIZE, buffer_data_len ) ) ) {
    1499           0 :         fd_log_collector_msg_literal( instr_ctx, "ProgramData account not large enough" );
    1500           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1501           0 :       }
    1502           0 :       if( FD_UNLIKELY( fd_ulong_sat_add( fd_borrowed_account_get_lamports( &programdata ), buffer_lamports )<programdata_balance_required ) ) {
    1503           0 :         fd_log_collector_msg_literal( instr_ctx, "Buffer account balance too low to fund upgrade" );
    1504           0 :         return FD_EXECUTOR_INSTR_ERR_INSUFFICIENT_FUNDS;
    1505           0 :       }
    1506           0 :       programdata_state = fd_bpf_loader_program_get_state( programdata.acct, spad, &err );
    1507           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1508           0 :         return err;
    1509           0 :       }
    1510             : 
    1511           0 :       fd_sol_sysvar_clock_t clock_;
    1512           0 :       fd_sol_sysvar_clock_t const * clock = fd_sysvar_cache_clock_read( instr_ctx->sysvar_cache, &clock_ );
    1513           0 :       if( FD_UNLIKELY( !clock ) ) {
    1514           0 :         return FD_EXECUTOR_INSTR_ERR_GENERIC_ERR;
    1515           0 :       }
    1516             : 
    1517           0 :       if( fd_bpf_upgradeable_loader_state_is_program_data( programdata_state ) ) {
    1518           0 :         if( FD_UNLIKELY( clock->slot==programdata_state->inner.program_data.slot ) ) {
    1519           0 :           fd_log_collector_msg_literal( instr_ctx, "Program was deployed in this block already" );
    1520           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1521           0 :         }
    1522           0 :         if( FD_UNLIKELY( !programdata_state->inner.program_data.has_upgrade_authority_address ) ) {
    1523           0 :           fd_log_collector_msg_literal( instr_ctx, "Prrogram not upgradeable" );
    1524           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
    1525           0 :         }
    1526           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &programdata_state->inner.program_data.upgrade_authority_address, authority_key ) ) ) {
    1527           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect upgrade authority provided" );
    1528           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1529           0 :         }
    1530           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 6UL ) ) ) {
    1531           0 :           fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
    1532           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1533           0 :         }
    1534           0 :       } else {
    1535           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid ProgramData account" );
    1536           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    1537           0 :       }
    1538             : 
    1539             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L824 */
    1540           0 :       fd_borrowed_account_drop( &programdata );
    1541             : 
    1542             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L825-L845 */
    1543             :       /* Load and verify the program bits */
    1544             : 
    1545             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L827-L828 */
    1546           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &buffer );
    1547             : 
    1548           0 :       if( FD_UNLIKELY( buffer_data_offset>fd_borrowed_account_get_data_len( &buffer ) ) ) {
    1549           0 :         return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1550           0 :       }
    1551             : 
    1552           0 :       const uchar * buffer_data = fd_borrowed_account_get_data( &buffer ) + buffer_data_offset;
    1553           0 :       err = fd_deploy_program( instr_ctx, program.acct->pubkey, buffer_data, buffer_data_len, instr_ctx->txn_ctx->spad );
    1554           0 :       if( FD_UNLIKELY( err ) ) {
    1555           0 :         return err;
    1556           0 :       }
    1557             : 
    1558             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L836 */
    1559           0 :       fd_borrowed_account_drop( &buffer );
    1560             : 
    1561             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L849-L850 */
    1562           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &programdata );
    1563             : 
    1564             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L846-L874 */
    1565             :       /* Update the ProgramData account, record the upgraded data, and zero the rest in a local scope */
    1566           0 :       do {
    1567           0 :         programdata_state->discriminant                                     = fd_bpf_upgradeable_loader_state_enum_program_data;
    1568           0 :         programdata_state->inner.program_data.slot                          = clock->slot;
    1569           0 :         programdata_state->inner.program_data.has_upgrade_authority_address = 1;
    1570           0 :         programdata_state->inner.program_data.upgrade_authority_address     = *authority_key;
    1571           0 :         err = fd_bpf_loader_v3_program_set_state( &programdata, programdata_state );
    1572           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1573           0 :           return err;
    1574           0 :         }
    1575             : 
    1576             :         /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L846-L875 */
    1577             :         /* We want to copy over the data and zero out the rest */
    1578           0 :         if( FD_UNLIKELY( programdata_data_offset+buffer_data_len>fd_borrowed_account_get_data_len( &programdata ) ) ) {
    1579           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1580           0 :         }
    1581             : 
    1582           0 :         uchar * programdata_data = NULL;
    1583           0 :         ulong   programdata_dlen = 0UL;
    1584           0 :         err = fd_borrowed_account_get_data_mut( &programdata, &programdata_data, &programdata_dlen );
    1585           0 :         if( FD_UNLIKELY( err ) ) {
    1586           0 :           return err;
    1587           0 :         }
    1588           0 :         uchar * dst_slice     = programdata_data + programdata_data_offset;
    1589           0 :         ulong   dst_slice_len = buffer_data_len;
    1590             : 
    1591             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L863-L864 */
    1592           0 :         fd_guarded_borrowed_account_t buffer;
    1593           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &buffer );
    1594             : 
    1595           0 :         if( FD_UNLIKELY( buffer_data_offset>fd_borrowed_account_get_data_len( &buffer ) ) ){
    1596           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_DATA_TOO_SMALL;
    1597           0 :         }
    1598             : 
    1599           0 :         const uchar * src_slice = fd_borrowed_account_get_data( &buffer ) + buffer_data_offset;
    1600           0 :         fd_memcpy( dst_slice, src_slice, dst_slice_len );
    1601           0 :         fd_memset( dst_slice + dst_slice_len, 0, fd_borrowed_account_get_data_len( &programdata ) - programdata_data_offset - dst_slice_len );
    1602             : 
    1603             :         /* implicit drop of buffer */
    1604           0 :       } while (0);
    1605             : 
    1606             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L876-L891 */
    1607             :       /* Fund ProgramData to rent-exemption, spill the rest */
    1608             : 
    1609             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L878-L879 */
    1610           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 2UL, &buffer );
    1611             : 
    1612             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L880-L881 */
    1613           0 :       fd_guarded_borrowed_account_t spill;
    1614           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 3UL, &spill );
    1615             : 
    1616           0 :       ulong spill_addend = fd_ulong_sat_sub( fd_ulong_sat_add( fd_borrowed_account_get_lamports( &programdata ), buffer_lamports ),
    1617           0 :                                             programdata_balance_required );
    1618           0 :       err = fd_borrowed_account_checked_add_lamports( &spill, spill_addend );
    1619           0 :       if( FD_UNLIKELY( err ) ) {
    1620           0 :         return err;
    1621           0 :       }
    1622           0 :       err = fd_borrowed_account_set_lamports( &buffer, 0UL );
    1623           0 :       if( FD_UNLIKELY( err ) ) {
    1624           0 :         return err;
    1625           0 :       }
    1626           0 :       err = fd_borrowed_account_set_lamports( &programdata, programdata_balance_required );
    1627           0 :       if( FD_UNLIKELY( err ) ) {
    1628           0 :         return err;
    1629           0 :       }
    1630             : 
    1631             :       /* Buffer account set_data_length */
    1632           0 :       err = fd_borrowed_account_set_data_length( &buffer, BUFFER_METADATA_SIZE );
    1633           0 :       if( FD_UNLIKELY( err ) ) {
    1634           0 :         return err;
    1635           0 :       }
    1636             : 
    1637             :       /* buffer is dropped when it goes out of scope */
    1638             :       /* spill is dropped when it goes out of scope */
    1639             :       /* programdata is dropped when it goes out of scope */
    1640             : 
    1641             :       /* Max msg_sz: 19 - 2 + 45 = 62 < 127 => we can use printf */
    1642             :       //TODO: this is likely the incorrect program_id, do we have new_program_id?
    1643           0 :       fd_log_collector_printf_dangerous_max_127( instr_ctx, "Upgraded program %s", FD_BASE58_ENC_32_ALLOCA( program_id ) );
    1644             : 
    1645           0 :       break;
    1646           0 :     }
    1647             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L893-L957 */
    1648           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_set_authority: {
    1649           0 :       int err;
    1650           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 2U ) ) ) {
    1651           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1652           0 :       }
    1653             : 
    1654             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L896-L897 */
    1655           0 :       fd_guarded_borrowed_account_t account;
    1656           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &account );
    1657             : 
    1658             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L898-L900 */
    1659           0 :       fd_pubkey_t const * present_authority_key = NULL;
    1660           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &present_authority_key );
    1661           0 :       if( FD_UNLIKELY( err ) ) {
    1662           0 :         return err;
    1663           0 :       }
    1664             : 
    1665             :       /* Don't check the error here because the new_authority key is allowed to be NULL until further checks.
    1666             :          https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L901-L906 */
    1667           0 :       fd_pubkey_t const * new_authority = NULL;
    1668           0 :       fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 2UL, &new_authority );
    1669             : 
    1670           0 :       fd_bpf_upgradeable_loader_state_t * account_state = fd_bpf_loader_program_get_state( account.acct,
    1671           0 :                                                                                            spad,
    1672           0 :                                                                                            &err );
    1673           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1674           0 :         return err;
    1675           0 :       }
    1676             : 
    1677           0 :       if( fd_bpf_upgradeable_loader_state_is_buffer( account_state ) ) {
    1678           0 :         if( FD_UNLIKELY( !new_authority ) ) {
    1679           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer authority is not optional" );
    1680           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1681           0 :         }
    1682           0 :         if( FD_UNLIKELY( !account_state->inner.buffer.has_authority_address ) ) {
    1683           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer is immutable" );
    1684           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
    1685           0 :         }
    1686           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &account_state->inner.buffer.authority_address, present_authority_key ) ) ) {
    1687           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect buffer authority provided" );
    1688           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1689           0 :         }
    1690           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 1UL ) ) ) {
    1691           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer authority did not sign" );
    1692           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1693           0 :         }
    1694             : 
    1695             :         /* copy in the authority public key into the authority address.
    1696             :            https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L926-L928 */
    1697           0 :         account_state->inner.buffer.has_authority_address = !!new_authority;
    1698           0 :         if( new_authority ) {
    1699           0 :           account_state->inner.buffer.authority_address = *new_authority;
    1700           0 :         }
    1701             : 
    1702           0 :         err = fd_bpf_loader_v3_program_set_state( &account, account_state );
    1703           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1704           0 :           return err;
    1705           0 :         }
    1706           0 :       } else if( fd_bpf_upgradeable_loader_state_is_program_data( account_state ) ) {
    1707           0 :         if( FD_UNLIKELY( !account_state->inner.program_data.has_upgrade_authority_address ) ) {
    1708           0 :           fd_log_collector_msg_literal( instr_ctx, "Program not upgradeable" );
    1709           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
    1710           0 :         }
    1711           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &account_state->inner.program_data.upgrade_authority_address, present_authority_key ) ) ) {
    1712           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect upgrade authority provided" );
    1713           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1714           0 :         }
    1715           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 1UL ) ) ) {
    1716           0 :           fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
    1717           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1718           0 :         }
    1719             : 
    1720             :         /* copy in the authority public key into the upgrade authority address.
    1721             :            https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L946-L949 */
    1722           0 :         account_state->inner.program_data.has_upgrade_authority_address = !!new_authority;
    1723           0 :         if( new_authority ) {
    1724           0 :           account_state->inner.program_data.upgrade_authority_address = *new_authority;
    1725           0 :         }
    1726             : 
    1727           0 :         err = fd_bpf_loader_v3_program_set_state( &account, account_state );
    1728           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1729           0 :           return err;
    1730           0 :         }
    1731           0 :       } else {
    1732           0 :         fd_log_collector_msg_literal( instr_ctx, "Account does not support authorities" );
    1733           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1734           0 :       }
    1735             : 
    1736             :       /* Max msg_sz: 16 - 2 + 45 = 59 < 127 => we can use printf */
    1737           0 :       if( new_authority ) {
    1738           0 :         fd_log_collector_printf_dangerous_max_127( instr_ctx, "New authority Some(%s)", FD_BASE58_ENC_32_ALLOCA( new_authority ) );
    1739           0 :       } else {
    1740           0 :         fd_log_collector_printf_dangerous_max_127( instr_ctx, "New authority None" );
    1741           0 :       }
    1742             : 
    1743             :       /* implicit drop of account */
    1744             : 
    1745           0 :       break;
    1746           0 :     }
    1747             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L958-L1030 */
    1748           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_set_authority_checked: {
    1749           0 :       int err;
    1750           0 :       if( !FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, enable_bpf_loader_set_authority_checked_ix ) ) {
    1751           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
    1752           0 :       }
    1753             : 
    1754           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 3U ) ) ) {
    1755           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1756           0 :       }
    1757             : 
    1758             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L968-L969 */
    1759           0 :       fd_guarded_borrowed_account_t account;
    1760           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &account );
    1761             : 
    1762             :       /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L970-L975 */
    1763           0 :       fd_pubkey_t const * present_authority_key = NULL;
    1764           0 :       fd_pubkey_t const * new_authority_key     = NULL;
    1765             : 
    1766           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &present_authority_key );
    1767           0 :       if( FD_UNLIKELY( err ) ) return err;
    1768             : 
    1769           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 2UL, &new_authority_key );
    1770           0 :       if( FD_UNLIKELY( err ) ) return err;
    1771             : 
    1772           0 :       fd_bpf_upgradeable_loader_state_t * account_state = fd_bpf_loader_program_get_state( account.acct, spad, &err );
    1773           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1774           0 :         return err;
    1775           0 :       }
    1776             : 
    1777           0 :       if( fd_bpf_upgradeable_loader_state_is_buffer( account_state ) ) {
    1778           0 :         if( FD_UNLIKELY( !account_state->inner.buffer.has_authority_address ) ) {
    1779           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer is immutable" );
    1780           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
    1781           0 :         }
    1782           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &account_state->inner.buffer.authority_address, present_authority_key ) ) ) {
    1783           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect buffer authority provided" );
    1784           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1785           0 :         }
    1786           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 1UL ) ) ) {
    1787           0 :           fd_log_collector_msg_literal( instr_ctx, "Buffer authority did not sign" );
    1788           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1789           0 :         }
    1790           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 2UL ) ) ) {
    1791           0 :           fd_log_collector_msg_literal( instr_ctx, "New authority did not sign" );
    1792           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1793           0 :         }
    1794           0 :         account_state->inner.buffer.has_authority_address = 1;
    1795           0 :         account_state->inner.buffer.authority_address     = *new_authority_key;
    1796           0 :         err = fd_bpf_loader_v3_program_set_state( &account, account_state );
    1797           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1798           0 :           return err;
    1799           0 :         }
    1800           0 :       } else if( fd_bpf_upgradeable_loader_state_is_program_data( account_state ) ) {
    1801           0 :         if( FD_UNLIKELY( !account_state->inner.program_data.has_upgrade_authority_address ) ) {
    1802           0 :           fd_log_collector_msg_literal( instr_ctx, "Program not upgradeable" );
    1803           0 :           return FD_EXECUTOR_INSTR_ERR_ACC_IMMUTABLE;
    1804           0 :         }
    1805           0 :         if( FD_UNLIKELY( !fd_pubkey_eq( &account_state->inner.program_data.upgrade_authority_address, present_authority_key ) ) ) {
    1806           0 :           fd_log_collector_msg_literal( instr_ctx, "Incorrect upgrade authority provided" );
    1807           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    1808           0 :         }
    1809           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 1UL ) ) ) {
    1810           0 :           fd_log_collector_msg_literal( instr_ctx, "Upgrade authority did not sign" );
    1811           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1812           0 :         }
    1813           0 :         if( FD_UNLIKELY( !fd_instr_acc_is_signer_idx( instr_ctx->instr, 2UL ) ) ) {
    1814           0 :           fd_log_collector_msg_literal( instr_ctx, "New authority did not sign" );
    1815           0 :           return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    1816           0 :         }
    1817           0 :         account_state->inner.program_data.has_upgrade_authority_address = 1;
    1818           0 :         account_state->inner.program_data.upgrade_authority_address     = *new_authority_key;
    1819           0 :         err = fd_bpf_loader_v3_program_set_state( &account, account_state );
    1820           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1821           0 :           return err;
    1822           0 :         }
    1823           0 :       } else {
    1824           0 :         fd_log_collector_msg_literal( instr_ctx, "Account does not support authorities" );
    1825           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1826           0 :       }
    1827             : 
    1828             :       /* Max msg_sz: 16 - 2 + 45 = 59 < 127 => we can use printf */
    1829           0 :       fd_log_collector_printf_dangerous_max_127( instr_ctx, "New authority %s", FD_BASE58_ENC_32_ALLOCA( new_authority_key ) );
    1830             : 
    1831             :       /* implicit drop of account */
    1832             : 
    1833           0 :       break;
    1834           0 :     }
    1835             :     /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1031-L1134 */
    1836           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_close: {
    1837           0 :       int err;
    1838             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1032-L1046 */
    1839           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 2U ) ) ) {
    1840           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1841           0 :       }
    1842             : 
    1843             :       /* It's safe to directly access the instruction accounts because we already checked for two
    1844             :          instruction accounts previously.
    1845             :          https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L1034-L1035 */
    1846           0 :       if( FD_UNLIKELY( instr_ctx->instr->accounts[ 0UL ].index_in_transaction ==
    1847           0 :                        instr_ctx->instr->accounts[ 1UL ].index_in_transaction ) ) {
    1848           0 :         fd_log_collector_msg_literal( instr_ctx, "Recipient is the same as the account being closed" );
    1849           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1850           0 :       }
    1851             : 
    1852             :       /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1043-L1044 */
    1853           0 :       fd_guarded_borrowed_account_t close_account;
    1854           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &close_account );
    1855             : 
    1856           0 :       fd_pubkey_t * close_key = close_account.acct->pubkey;
    1857           0 :       fd_bpf_upgradeable_loader_state_t * close_account_state = fd_bpf_loader_program_get_state( close_account.acct, spad, &err );
    1858           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1859           0 :         return err;
    1860           0 :       }
    1861             :       /* Close account set data length */
    1862           0 :       err = fd_borrowed_account_set_data_length( &close_account, SIZE_OF_UNINITIALIZED );
    1863           0 :       if( FD_UNLIKELY( err ) ) {
    1864           0 :         return err;
    1865           0 :       }
    1866             : 
    1867             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1049-L1056 */
    1868           0 :       if( fd_bpf_upgradeable_loader_state_is_uninitialized( close_account_state ) ) {
    1869             : 
    1870             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1050-L1051 */
    1871           0 :         fd_guarded_borrowed_account_t recipient_account;
    1872           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 1UL, &recipient_account );
    1873             : 
    1874           0 :         err = fd_borrowed_account_checked_add_lamports( &recipient_account, fd_borrowed_account_get_lamports( &close_account ) );
    1875           0 :         if( FD_UNLIKELY( err ) ) {
    1876           0 :           return err;
    1877           0 :         }
    1878           0 :         err = fd_borrowed_account_set_lamports( &close_account, 0UL );
    1879           0 :         if( FD_UNLIKELY( err ) ) {
    1880           0 :           return err;
    1881           0 :         }
    1882             :         /* Max msg_sz: 23 - 2 + 45 = 66 < 127 => we can use printf */
    1883           0 :         fd_log_collector_printf_dangerous_max_127( instr_ctx,
    1884           0 :           "Closed Uninitialized %s", FD_BASE58_ENC_32_ALLOCA( close_key ) );
    1885             : 
    1886             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1057-L1068 */
    1887           0 :       } else if( fd_bpf_upgradeable_loader_state_is_buffer( close_account_state ) ) {
    1888             : 
    1889             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1059 */
    1890           0 :         fd_borrowed_account_drop( &close_account );
    1891             : 
    1892           0 :         if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 3U ) ) ) {
    1893           0 :           return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1894           0 :         }
    1895             : 
    1896           0 :         fd_bpf_upgradeable_loader_state_buffer_t * state_buf = &close_account_state->inner.buffer;
    1897           0 :         err = common_close_account(
    1898           0 :             state_buf->has_authority_address ? &state_buf->authority_address : NULL,
    1899           0 :             instr_ctx,
    1900           0 :             close_account_state );
    1901           0 :         if( FD_UNLIKELY( err ) ) return err;
    1902             : 
    1903             :         /* Max msg_sz: 16 - 2 + 45 = 63 < 127 => we can use printf */
    1904           0 :         fd_log_collector_printf_dangerous_max_127( instr_ctx,
    1905           0 :           "Closed Buffer %s", FD_BASE58_ENC_32_ALLOCA( close_key ) );
    1906             : 
    1907             :       /* https://github.com/anza-xyz/agave/blob/574bae8fefc0ed256b55340b9d87b7689bcdf222/programs/bpf_loader/src/lib.rs#L1069-L1129 */
    1908           0 :       } else if( fd_bpf_upgradeable_loader_state_is_program_data( close_account_state ) ) {
    1909           0 :         int err;
    1910           0 :         if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 4U ) ) ) {
    1911           0 :           return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    1912           0 :         }
    1913             : 
    1914             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1074 */
    1915           0 :         fd_borrowed_account_drop( &close_account );
    1916             : 
    1917             :         /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1075-L1076 */
    1918           0 :         fd_guarded_borrowed_account_t program_account;
    1919           0 :         FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK(instr_ctx, 3UL, &program_account );
    1920             : 
    1921           0 :         if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &program_account ) ) ) {
    1922           0 :           fd_log_collector_msg_literal( instr_ctx, "Program account is not writable" );
    1923           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1924           0 :         }
    1925           0 :         if( FD_UNLIKELY( memcmp( fd_borrowed_account_get_owner( &program_account ), program_id, sizeof(fd_pubkey_t) ) ) ) {
    1926           0 :           fd_log_collector_msg_literal( instr_ctx, "Program account not owned by loader" );
    1927           0 :           return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
    1928           0 :         }
    1929           0 :         fd_sol_sysvar_clock_t clock_;
    1930           0 :         fd_sol_sysvar_clock_t const * clock = fd_sysvar_cache_clock_read( instr_ctx->sysvar_cache, &clock_ );
    1931           0 :         if( FD_UNLIKELY( !clock ) ) {
    1932           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_SYSVAR;
    1933           0 :         }
    1934           0 :         if( FD_UNLIKELY( clock->slot==close_account_state->inner.program_data.slot ) ) {
    1935           0 :           fd_log_collector_msg_literal( instr_ctx,"Program was deployed in this block already" );
    1936           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1937           0 :         }
    1938             : 
    1939           0 :         fd_bpf_upgradeable_loader_state_t * program_state = fd_bpf_loader_program_get_state( program_account.acct, spad, &err );
    1940           0 :         if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    1941           0 :           return err;
    1942           0 :         }
    1943           0 :         if( fd_bpf_upgradeable_loader_state_is_program( program_state ) ) {
    1944           0 :           if( FD_UNLIKELY( memcmp( &program_state->inner.program.programdata_address, close_key, sizeof(fd_pubkey_t) ) ) ) {
    1945           0 :             fd_log_collector_msg_literal( instr_ctx,"Program account does not match ProgramData account" );
    1946           0 :             return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1947           0 :           }
    1948             : 
    1949             :           /* https://github.com/anza-xyz/agave/blob/v2.1.4/programs/bpf_loader/src/lib.rs#L1105 */
    1950           0 :           fd_borrowed_account_drop( &program_account );
    1951             : 
    1952           0 :           fd_bpf_upgradeable_loader_state_program_data_t * pd = &close_account_state->inner.program_data;
    1953           0 :           err = common_close_account(
    1954           0 :               pd->has_upgrade_authority_address ? &pd->upgrade_authority_address : NULL,
    1955           0 :               instr_ctx,
    1956           0 :               close_account_state );
    1957           0 :           if( FD_UNLIKELY( err ) ) return err;
    1958             : 
    1959             :           /* The Agave client updates the account state upon closing an account
    1960             :              in their loaded program cache. Checking for a program can be
    1961             :              checked by checking to see if the programdata account's loader state
    1962             :              is unitialized. The firedancer implementation also removes closed
    1963             :              accounts from the loaded program cache at the end of a slot. Closed
    1964             :              accounts are not checked from the cache, instead the account state
    1965             :              is looked up. */
    1966             : 
    1967           0 :         } else {
    1968           0 :           fd_log_collector_msg_literal( instr_ctx, "Invalid program account" );
    1969           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1970           0 :         }
    1971             : 
    1972             :         /* Max msg_sz: 17 - 2 + 45 = 60 < 127 => we can use printf */
    1973           0 :         fd_log_collector_printf_dangerous_max_127( instr_ctx,
    1974           0 :           "Closed Program %s", FD_BASE58_ENC_32_ALLOCA( close_key ) );
    1975             : 
    1976             :         /* program account is dropped when it goes out of scope */
    1977           0 :       } else {
    1978           0 :         fd_log_collector_msg_literal( instr_ctx, "Account does not support closing" );
    1979           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    1980           0 :       }
    1981             : 
    1982             :       /* implicit drop of close account */
    1983           0 :       break;
    1984           0 :     }
    1985             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1158-L1170 */
    1986           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_extend_program: {
    1987           0 :       if( FD_UNLIKELY( FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, enable_extend_program_checked ) ) ) {
    1988           0 :         fd_log_collector_msg_literal( instr_ctx, "ExtendProgram was superseded by ExtendProgramChecked" );
    1989           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
    1990           0 :       }
    1991           0 :       err = common_extend_program( instr_ctx, instruction->inner.extend_program.additional_bytes, 0 );
    1992           0 :       if( FD_UNLIKELY( err ) ) {
    1993           0 :         return err;
    1994           0 :       }
    1995             : 
    1996           0 :       break;
    1997           0 :     }
    1998             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1171-L1179 */
    1999           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_extend_program_checked: {
    2000           0 :       if( FD_UNLIKELY( !FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, enable_extend_program_checked ) ) ) {
    2001           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
    2002           0 :       }
    2003           0 :       err = common_extend_program( instr_ctx, instruction->inner.extend_program_checked.additional_bytes, 1 );
    2004           0 :       if( FD_UNLIKELY( err ) ) {
    2005           0 :         return err;
    2006           0 :       }
    2007             : 
    2008           0 :       break;
    2009           0 :     }
    2010             :     /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1338-L1508 */
    2011           0 :     case fd_bpf_upgradeable_loader_program_instruction_enum_migrate: {
    2012             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1339-L1344 */
    2013           0 :       if( FD_UNLIKELY( !FD_FEATURE_ACTIVE_BANK( instr_ctx->txn_ctx->bank, enable_loader_v4 ) ) ) {
    2014           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_INSTR_DATA;
    2015           0 :       }
    2016             : 
    2017             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1346 */
    2018           0 :       if( FD_UNLIKELY( fd_exec_instr_ctx_check_num_insn_accounts( instr_ctx, 3U ) ) ) {
    2019           0 :         return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
    2020           0 :       }
    2021             : 
    2022             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1347-L1349 */
    2023           0 :       fd_pubkey_t const * programdata_address = NULL;
    2024           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 0UL, &programdata_address );
    2025           0 :       if( FD_UNLIKELY( err ) ) {
    2026           0 :         return err;
    2027           0 :       }
    2028             : 
    2029             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1350-L1352 */
    2030           0 :       fd_pubkey_t const * program_address = NULL;
    2031           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 1UL, &program_address );
    2032           0 :       if( FD_UNLIKELY( err ) ) {
    2033           0 :         return err;
    2034           0 :       }
    2035             : 
    2036             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1353-L1355 */
    2037           0 :       fd_pubkey_t const * provided_authority_address = NULL;
    2038           0 :       err = fd_exec_instr_ctx_get_key_of_account_at_index( instr_ctx, 2UL, &provided_authority_address );
    2039           0 :       if( FD_UNLIKELY( err ) ) {
    2040           0 :         return err;
    2041           0 :       }
    2042             : 
    2043             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1356-L1359 */
    2044           0 :       fd_sol_sysvar_clock_t clock_;
    2045           0 :       fd_sol_sysvar_clock_t const * clock = fd_sysvar_cache_clock_read( instr_ctx->sysvar_cache, &clock_ );
    2046           0 :       if( FD_UNLIKELY( !clock ) ) {
    2047           0 :         return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_SYSVAR;
    2048           0 :       }
    2049           0 :       ulong clock_slot = clock->slot;
    2050             : 
    2051             :       /* Verify ProgramData account
    2052             :          https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1362-L1363 */
    2053           0 :       fd_guarded_borrowed_account_t programdata;
    2054           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 0UL, &programdata );
    2055             : 
    2056             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1364-L1367 */
    2057           0 :       if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &programdata ) ) ) {
    2058           0 :         fd_log_collector_msg_literal( instr_ctx, "ProgramData account not writeable" );
    2059           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    2060           0 :       }
    2061             : 
    2062             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1368-L1387 */
    2063           0 :       ulong         program_len               = 0UL;
    2064           0 :       fd_pubkey_t * upgrade_authority_address = NULL;
    2065           0 :       fd_bpf_upgradeable_loader_state_t * programdata_state = fd_bpf_loader_program_get_state( programdata.acct, spad, &err );
    2066           0 :       if( FD_LIKELY( err==FD_BINCODE_SUCCESS && fd_bpf_upgradeable_loader_state_is_program_data( programdata_state ) ) ) {
    2067             : 
    2068             :         /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1374-L1377 */
    2069           0 :         if( FD_UNLIKELY( clock_slot==programdata_state->inner.program_data.slot ) ) {
    2070           0 :           fd_log_collector_msg_literal( instr_ctx, "Program was deployed in this block already" );
    2071           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    2072           0 :         }
    2073             : 
    2074             :         /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1378-L1384 */
    2075           0 :         program_len = fd_ulong_sat_sub( fd_borrowed_account_get_data_len( &programdata ), PROGRAMDATA_METADATA_SIZE );
    2076           0 :         fd_bpf_upgradeable_loader_state_program_data_t * pd = &programdata_state->inner.program_data;
    2077           0 :         upgrade_authority_address = pd->has_upgrade_authority_address ? &programdata_state->inner.program_data.upgrade_authority_address : NULL;
    2078           0 :       }
    2079             : 
    2080             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1388 */
    2081           0 :       ulong programdata_funds = fd_borrowed_account_get_lamports( &programdata );
    2082             : 
    2083             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1389 */
    2084           0 :       fd_borrowed_account_drop( &programdata );
    2085             : 
    2086             :       /* Verify authority signature
    2087             :          https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1391-L1398 */
    2088           0 :       fd_pubkey_t const * authority_key_to_compare = upgrade_authority_address ? upgrade_authority_address : program_address;
    2089           0 :       if( FD_UNLIKELY( memcmp( fd_solana_migration_authority.key, provided_authority_address->key, sizeof(fd_pubkey_t) ) &&
    2090           0 :                        memcmp( authority_key_to_compare->key, provided_authority_address->key, sizeof(fd_pubkey_t) ) ) ) {
    2091           0 :         fd_log_collector_msg_literal( instr_ctx, "Incorrect migration authority provided" );
    2092           0 :         return FD_EXECUTOR_INSTR_ERR_INCORRECT_AUTHORITY;
    2093           0 :       }
    2094             : 
    2095             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1399-L1402 */
    2096           0 :       if( FD_UNLIKELY( !instr_ctx->instr->accounts[ 2UL ].is_signer ) ) {
    2097           0 :         fd_log_collector_msg_literal( instr_ctx, "Migration authority did not sign" );
    2098           0 :         return FD_EXECUTOR_INSTR_ERR_MISSING_REQUIRED_SIGNATURE;
    2099           0 :       }
    2100             : 
    2101             :       /* Verify Program account
    2102             :          https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1404-L1406 */
    2103           0 :       fd_guarded_borrowed_account_t program;
    2104           0 :       FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, 1UL, &program );
    2105             : 
    2106             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1407-L1410 */
    2107           0 :       if( FD_UNLIKELY( !fd_borrowed_account_is_writable( &program ) ) ) {
    2108           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not writeable" );
    2109           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    2110           0 :       }
    2111             : 
    2112             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1411-L1414 */
    2113           0 :       if( FD_UNLIKELY( memcmp( fd_borrowed_account_get_owner( &program ), program_id, sizeof(fd_pubkey_t) ) ) ) {
    2114           0 :         fd_log_collector_msg_literal( instr_ctx, "Program account not owned by loader" );
    2115           0 :         return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
    2116           0 :       }
    2117             : 
    2118             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1415-L1426 */
    2119           0 :       fd_bpf_upgradeable_loader_state_t * program_state = fd_bpf_loader_program_get_state( program.acct, spad, &err );
    2120           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    2121           0 :         return err;
    2122           0 :       }
    2123             : 
    2124           0 :       if( FD_LIKELY( fd_bpf_upgradeable_loader_state_is_program( program_state ) ) ) {
    2125           0 :         if( FD_UNLIKELY( memcmp( programdata_address->key, program_state->inner.program.programdata_address.key, sizeof(fd_pubkey_t) ) ) ) {
    2126           0 :           fd_log_collector_msg_literal( instr_ctx, "Program and ProgramData account mismatch" );
    2127           0 :           return FD_EXECUTOR_INSTR_ERR_INVALID_ARG;
    2128           0 :         }
    2129           0 :       } else {
    2130           0 :         fd_log_collector_msg_literal( instr_ctx, "Invalid Program account" );
    2131           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2132           0 :       }
    2133             : 
    2134             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1427 */
    2135           0 :       err = fd_borrowed_account_set_data_from_slice( &program, NULL, 0UL );
    2136           0 :       if( FD_UNLIKELY( err ) ) {
    2137           0 :         return err;
    2138           0 :       }
    2139             : 
    2140             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1428 */
    2141           0 :       err = fd_borrowed_account_checked_add_lamports( &program , programdata_funds );
    2142           0 :       if( FD_UNLIKELY( err ) ) {
    2143           0 :         return err;
    2144           0 :       }
    2145             : 
    2146             :       /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/lib.rs#L1268 */
    2147           0 :       err = fd_borrowed_account_set_owner( &program, &fd_solana_bpf_loader_v4_program_id );
    2148           0 :       if( FD_UNLIKELY( err ) ) {
    2149           0 :         return err;
    2150           0 :       }
    2151             : 
    2152             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1434 */
    2153           0 :       fd_borrowed_account_drop( &program );
    2154             : 
    2155             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1436-L1437 */
    2156           0 :       err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx , 0U, &programdata );
    2157           0 :       if( FD_UNLIKELY( err ) ) {
    2158           0 :         return err;
    2159           0 :       }
    2160             : 
    2161             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1438 */
    2162           0 :       err = fd_borrowed_account_set_lamports( &programdata, 0UL );
    2163           0 :       if( FD_UNLIKELY( err ) ) {
    2164           0 :         return err;
    2165           0 :       }
    2166             : 
    2167             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1439 */
    2168           0 :       fd_borrowed_account_drop( &programdata );
    2169             : 
    2170           0 :       FD_SPAD_FRAME_BEGIN( instr_ctx->txn_ctx->spad ) {
    2171           0 :         uchar                              instr_data[FD_TXN_MTU];
    2172           0 :         fd_loader_v4_program_instruction_t instr      = {0};
    2173           0 :         fd_bincode_encode_ctx_t            encode_ctx = {0};
    2174           0 :         fd_vm_rust_account_meta_t *        acct_metas = fd_spad_alloc( instr_ctx->txn_ctx->spad,
    2175           0 :                                                                        FD_VM_RUST_ACCOUNT_META_ALIGN,
    2176           0 :                                                                        3UL * sizeof(fd_vm_rust_account_meta_t) );
    2177             : 
    2178             :         /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1441-L1484 */
    2179           0 :         if( FD_LIKELY( program_len>0UL ) ) {
    2180             : 
    2181             :           /* Set program length
    2182             :              https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1442-L1451 */
    2183           0 :           fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[0] );
    2184           0 :           fd_native_cpi_create_account_meta( provided_authority_address, 1, 0, &acct_metas[1] );
    2185           0 :           fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[2] );
    2186             : 
    2187           0 :           instr = (fd_loader_v4_program_instruction_t) {
    2188           0 :             .discriminant = fd_loader_v4_program_instruction_enum_set_program_length,
    2189           0 :             .inner = {
    2190           0 :               .set_program_length = {
    2191           0 :                 .new_size = (uint)program_len
    2192           0 :               }
    2193           0 :             }
    2194           0 :           };
    2195             : 
    2196           0 :           encode_ctx = (fd_bincode_encode_ctx_t) {
    2197           0 :             .data    = instr_data,
    2198           0 :             .dataend = instr_data + FD_TXN_MTU
    2199           0 :           };
    2200             : 
    2201             :           // This should never fail.
    2202           0 :           err = fd_loader_v4_program_instruction_encode( &instr, &encode_ctx );
    2203           0 :           if( FD_UNLIKELY( err ) ) {
    2204           0 :             return FD_EXECUTOR_INSTR_ERR_FATAL;
    2205           0 :           }
    2206             : 
    2207           0 :           err = fd_native_cpi_native_invoke( instr_ctx,
    2208           0 :                                              &fd_solana_bpf_loader_v4_program_id,
    2209           0 :                                              instr_data,
    2210           0 :                                              FD_TXN_MTU,
    2211           0 :                                              acct_metas,
    2212           0 :                                              3UL,
    2213           0 :                                              NULL,
    2214           0 :                                              0UL );
    2215           0 :           if( FD_UNLIKELY( err ) ) {
    2216           0 :             return err;
    2217           0 :           }
    2218             : 
    2219             :           /* Copy
    2220             :              https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1453-L1464 */
    2221           0 :           fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[0] );
    2222           0 :           fd_native_cpi_create_account_meta( provided_authority_address, 1, 0, &acct_metas[1] );
    2223           0 :           fd_native_cpi_create_account_meta( programdata_address,        0, 0, &acct_metas[2] );
    2224             : 
    2225           0 :           instr = (fd_loader_v4_program_instruction_t) {
    2226           0 :             .discriminant = fd_loader_v4_program_instruction_enum_copy,
    2227           0 :             .inner = {
    2228           0 :               .copy = {
    2229           0 :                 .destination_offset = 0U,
    2230           0 :                 .source_offset      = 0U,
    2231           0 :                 .length             = (uint)program_len
    2232           0 :               }
    2233           0 :             }
    2234           0 :           };
    2235             : 
    2236           0 :           encode_ctx = (fd_bincode_encode_ctx_t) {
    2237           0 :             .data    = instr_data,
    2238           0 :             .dataend = instr_data + FD_TXN_MTU
    2239           0 :           };
    2240             : 
    2241             :           // This should never fail.
    2242           0 :           err = fd_loader_v4_program_instruction_encode( &instr, &encode_ctx );
    2243           0 :           if( FD_UNLIKELY( err ) ) {
    2244           0 :             return FD_EXECUTOR_INSTR_ERR_FATAL;
    2245           0 :           }
    2246             : 
    2247           0 :           err = fd_native_cpi_native_invoke( instr_ctx,
    2248           0 :                                              &fd_solana_bpf_loader_v4_program_id,
    2249           0 :                                              instr_data,
    2250           0 :                                              FD_TXN_MTU,
    2251           0 :                                              acct_metas,
    2252           0 :                                              3UL,
    2253           0 :                                              NULL,
    2254           0 :                                              0UL );
    2255           0 :           if( FD_UNLIKELY( err ) ) {
    2256           0 :             return err;
    2257           0 :           }
    2258             : 
    2259             :           /* Deploy
    2260             :              https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1466-L1473 */
    2261           0 :           fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[0] );
    2262           0 :           fd_native_cpi_create_account_meta( provided_authority_address, 1, 0, &acct_metas[1] );
    2263             : 
    2264           0 :           instr = (fd_loader_v4_program_instruction_t) {
    2265           0 :             .discriminant = fd_loader_v4_program_instruction_enum_deploy,
    2266           0 :           };
    2267             : 
    2268           0 :           encode_ctx = (fd_bincode_encode_ctx_t) {
    2269           0 :             .data    = instr_data,
    2270           0 :             .dataend = instr_data + FD_TXN_MTU
    2271           0 :           };
    2272             : 
    2273             :           // This should never fail.
    2274           0 :           err = fd_loader_v4_program_instruction_encode( &instr, &encode_ctx );
    2275           0 :           if( FD_UNLIKELY( err ) ) {
    2276           0 :             return FD_EXECUTOR_INSTR_ERR_FATAL;
    2277           0 :           }
    2278             : 
    2279           0 :           err = fd_native_cpi_native_invoke( instr_ctx,
    2280           0 :                                             &fd_solana_bpf_loader_v4_program_id,
    2281           0 :                                             instr_data,
    2282           0 :                                             FD_TXN_MTU,
    2283           0 :                                             acct_metas,
    2284           0 :                                             2UL,
    2285           0 :                                             NULL,
    2286           0 :                                             0UL );
    2287           0 :           if( FD_UNLIKELY( err ) ) {
    2288           0 :             return err;
    2289           0 :           }
    2290             : 
    2291             :           /* Finalize (if no upgrade authority address provided)
    2292             :              https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1475-L1484 */
    2293           0 :           if( upgrade_authority_address==NULL ) {
    2294           0 :             fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[0] );
    2295           0 :             fd_native_cpi_create_account_meta( provided_authority_address, 1, 0, &acct_metas[1] );
    2296           0 :             fd_native_cpi_create_account_meta( program_address,            0, 0, &acct_metas[2] );
    2297             : 
    2298           0 :             instr = (fd_loader_v4_program_instruction_t) {
    2299           0 :               .discriminant = fd_loader_v4_program_instruction_enum_finalize,
    2300           0 :             };
    2301             : 
    2302           0 :             encode_ctx = (fd_bincode_encode_ctx_t) {
    2303           0 :               .data    = instr_data,
    2304           0 :               .dataend = instr_data + FD_TXN_MTU
    2305           0 :             };
    2306             : 
    2307             :             // This should never fail.
    2308           0 :             err = fd_loader_v4_program_instruction_encode( &instr, &encode_ctx );
    2309           0 :             if( FD_UNLIKELY( err ) ) {
    2310           0 :               return FD_EXECUTOR_INSTR_ERR_FATAL;
    2311           0 :             }
    2312             : 
    2313           0 :             err = fd_native_cpi_native_invoke( instr_ctx,
    2314           0 :                                               &fd_solana_bpf_loader_v4_program_id,
    2315           0 :                                               instr_data,
    2316           0 :                                               FD_TXN_MTU,
    2317           0 :                                               acct_metas,
    2318           0 :                                               3UL,
    2319           0 :                                               NULL,
    2320           0 :                                               0UL );
    2321           0 :             if( FD_UNLIKELY( err ) ) {
    2322           0 :               return err;
    2323           0 :             }
    2324           0 :           } else if( !memcmp( fd_solana_migration_authority.key, provided_authority_address->key, sizeof(fd_pubkey_t) ) ) {
    2325             : 
    2326             :             /* Transfer authority
    2327             :                https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1486-L1494 */
    2328           0 :             fd_native_cpi_create_account_meta( program_address,            0, 1, &acct_metas[0] );
    2329           0 :             fd_native_cpi_create_account_meta( provided_authority_address, 1, 0, &acct_metas[1] );
    2330           0 :             fd_native_cpi_create_account_meta( upgrade_authority_address,  1, 0, &acct_metas[2] );
    2331             : 
    2332           0 :             instr = (fd_loader_v4_program_instruction_t) {
    2333           0 :               .discriminant = fd_loader_v4_program_instruction_enum_transfer_authority,
    2334           0 :             };
    2335             : 
    2336           0 :             encode_ctx = (fd_bincode_encode_ctx_t) {
    2337           0 :               .data    = instr_data,
    2338           0 :               .dataend = instr_data + FD_TXN_MTU
    2339           0 :             };
    2340             : 
    2341             :             // This should never fail.
    2342           0 :             err = fd_loader_v4_program_instruction_encode( &instr, &encode_ctx );
    2343           0 :             if( FD_UNLIKELY( err ) ) {
    2344           0 :               return FD_EXECUTOR_INSTR_ERR_FATAL;
    2345           0 :             }
    2346             : 
    2347           0 :             err = fd_native_cpi_native_invoke( instr_ctx,
    2348           0 :                                               &fd_solana_bpf_loader_v4_program_id,
    2349           0 :                                               instr_data,
    2350           0 :                                               FD_TXN_MTU,
    2351           0 :                                               acct_metas,
    2352           0 :                                               3UL,
    2353           0 :                                               NULL,
    2354           0 :                                               0UL );
    2355           0 :             if( FD_UNLIKELY( err ) ) {
    2356           0 :               return err;
    2357           0 :             }
    2358           0 :           }
    2359           0 :         }
    2360           0 :       } FD_SPAD_FRAME_END;
    2361             : 
    2362             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1500-L1501 */
    2363           0 :       err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx , 0U, &programdata );
    2364           0 :       if( FD_UNLIKELY( err ) ) {
    2365           0 :         return err;
    2366           0 :       }
    2367             : 
    2368             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1502 */
    2369           0 :       err = fd_borrowed_account_set_data_from_slice( &programdata, NULL, 0UL );
    2370           0 :       if( FD_UNLIKELY( err ) ) {
    2371           0 :         return err;
    2372           0 :       }
    2373             : 
    2374             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1504 */
    2375           0 :       fd_borrowed_account_drop( &programdata );
    2376             : 
    2377             :       /* https://github.com/anza-xyz/agave/blob/v2.2.6/programs/bpf_loader/src/lib.rs#L1506 */
    2378           0 :       fd_log_collector_printf_dangerous_max_127( instr_ctx, "Migrated program %s", FD_BASE58_ENC_32_ALLOCA( program_address ) );
    2379             : 
    2380           0 :       break;
    2381           0 :     }
    2382           0 :     default: {
    2383           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2384           0 :     }
    2385           0 :   }
    2386           0 :   return FD_EXECUTOR_INSTR_SUCCESS;
    2387           0 : }
    2388             : 
    2389             : /* process_instruction_inner() */
    2390             : /* https://github.com/anza-xyz/agave/blob/77daab497df191ef485a7ad36ed291c1874596e5/programs/bpf_loader/src/lib.rs#L394-L564 */
    2391             : int
    2392           0 : fd_bpf_loader_program_execute( fd_exec_instr_ctx_t * ctx ) {
    2393           0 :   FD_SPAD_FRAME_BEGIN( ctx->txn_ctx->spad ) {
    2394             :     /* https://github.com/anza-xyz/agave/blob/77daab497df191ef485a7ad36ed291c1874596e5/programs/bpf_loader/src/lib.rs#L491-L529 */
    2395             : 
    2396             :     /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L403-L404 */
    2397           0 :     fd_guarded_borrowed_account_t program_account;
    2398           0 :     int err = fd_exec_instr_ctx_try_borrow_last_program_account( ctx, &program_account );
    2399           0 :     if( FD_UNLIKELY( err ) ) {
    2400           0 :       return err;
    2401           0 :     }
    2402             : 
    2403             :     /* https://github.com/anza-xyz/agave/blob/v2.2.0/programs/bpf_loader/src/lib.rs#L409 */
    2404           0 :     fd_pubkey_t const * program_id = NULL;
    2405           0 :     err = fd_exec_instr_ctx_get_last_program_key( ctx, &program_id );
    2406           0 :     if( FD_UNLIKELY( err ) ) {
    2407           0 :       return err;
    2408           0 :     }
    2409             : 
    2410             :     /* Program management instruction */
    2411           0 :     if( FD_UNLIKELY( !memcmp( &fd_solana_native_loader_id, fd_borrowed_account_get_owner( &program_account ), sizeof(fd_pubkey_t) ) ) ) {
    2412             :       /* https://github.com/anza-xyz/agave/blob/v2.2.3/programs/bpf_loader/src/lib.rs#L416 */
    2413           0 :       fd_borrowed_account_drop( &program_account );
    2414             : 
    2415           0 :       if( FD_UNLIKELY( !memcmp( &fd_solana_bpf_loader_upgradeable_program_id, program_id, sizeof(fd_pubkey_t) ) ) ) {
    2416           0 :         FD_EXEC_CU_UPDATE( ctx, UPGRADEABLE_LOADER_COMPUTE_UNITS );
    2417           0 :         return process_loader_upgradeable_instruction( ctx );
    2418           0 :       } else if( FD_UNLIKELY( !memcmp( &fd_solana_bpf_loader_program_id, program_id, sizeof(fd_pubkey_t) ) ) ) {
    2419           0 :         FD_EXEC_CU_UPDATE( ctx, DEFAULT_LOADER_COMPUTE_UNITS );
    2420           0 :         fd_log_collector_msg_literal( ctx, "BPF loader management instructions are no longer supported" );
    2421           0 :         return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2422           0 :       } else if( FD_UNLIKELY( !memcmp( &fd_solana_bpf_loader_deprecated_program_id, program_id, sizeof(fd_pubkey_t) ) ) ) {
    2423           0 :         FD_EXEC_CU_UPDATE( ctx, DEPRECATED_LOADER_COMPUTE_UNITS );
    2424           0 :         fd_log_collector_msg_literal( ctx, "Deprecated loader is no longer supported" );
    2425           0 :         return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2426           0 :       } else {
    2427           0 :         fd_log_collector_msg_literal( ctx, "Invalid BPF loader id" );
    2428             :         /* https://github.com/anza-xyz/agave/blob/89872fdb074e6658646b2b57a299984f0059cc84/programs/bpf_loader/src/lib.rs#L429-L436 */
    2429           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2430           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2431           0 :         }
    2432           0 :         return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
    2433           0 :       }
    2434           0 :     }
    2435             : 
    2436             :     /* https://github.com/anza-xyz/agave/blob/89872fdb074e6658646b2b57a299984f0059cc84/programs/bpf_loader/src/lib.rs#L445-L452 */
    2437             :     /* Program invocation. Any invalid programs will be caught here or at the program load. */
    2438           0 :     if( FD_UNLIKELY( !FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) &&
    2439           0 :                      !fd_borrowed_account_is_executable( &program_account ) ) ) {
    2440           0 :       fd_log_collector_msg_literal( ctx, "Program is not executable" );
    2441           0 :       return FD_EXECUTOR_INSTR_ERR_INCORRECT_PROGRAM_ID;
    2442           0 :     }
    2443             : 
    2444             :     /* https://github.com/anza-xyz/agave/blob/77daab497df191ef485a7ad36ed291c1874596e5/programs/bpf_loader/src/lib.rs#L551-L563 */
    2445             :     /* The Agave client stores a loaded program type state in its implementation
    2446             :       of the loaded program cache. It checks to see if an account is able to be
    2447             :       executed. It is possible for a program to be in the DelayVisibility state or
    2448             :       Closed state but it won't be reflected in the Firedancer cache. Program
    2449             :       accounts that are in this state should exit with an invalid account data
    2450             :       error. For programs that are recently deployed or upgraded, they should not
    2451             :       be allowed to be executed for the remainder of the slot. For closed
    2452             :       accounts, they're uninitialized and shouldn't be executed as well.
    2453             : 
    2454             :       For the former case the slot that the
    2455             :       program was last updated in is in the program data account.
    2456             :       This means that if the slot in the program data account is greater than or
    2457             :       equal to the current execution slot, then the account is in a
    2458             :       'LoadedProgramType::DelayVisiblity' state.
    2459             : 
    2460             :       The latter case as described above is a tombstone account which is in a Closed
    2461             :       state. This occurs when a program data account is closed. However, our cache
    2462             :       does not track this. Instead, this can be checked for by seeing if the program
    2463             :       account's respective program data account is uninitialized. This should only
    2464             :       happen when the account is closed.
    2465             : 
    2466             :       Every error that comes out of this block is mapped to an InvalidAccountData instruction error in Agave. */
    2467             : 
    2468           0 :     fd_account_meta_t const * metadata = fd_borrowed_account_get_acc_meta( &program_account );
    2469           0 :     uchar is_deprecated = !memcmp( metadata->owner, &fd_solana_bpf_loader_deprecated_program_id, sizeof(fd_pubkey_t) );
    2470             : 
    2471           0 :     if( !memcmp( metadata->owner, &fd_solana_bpf_loader_upgradeable_program_id, sizeof(fd_pubkey_t) ) ) {
    2472           0 :       fd_bpf_upgradeable_loader_state_t * program_account_state = fd_bpf_loader_program_get_state( program_account.acct, ctx->txn_ctx->spad, &err );
    2473           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    2474           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2475           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2476           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2477           0 :         }
    2478           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2479           0 :       }
    2480             : 
    2481             :       /* https://github.com/anza-xyz/agave/blob/v2.0.9/svm/src/program_loader.rs#L96-L98
    2482             :          Program account and program data account discriminants get checked when loading in program accounts
    2483             :          into the program cache. If the discriminants are incorrect, the program is marked as closed. */
    2484           0 :       if( FD_UNLIKELY( !fd_bpf_upgradeable_loader_state_is_program( program_account_state ) ) ) {
    2485           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2486           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2487           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2488           0 :         }
    2489           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2490           0 :       }
    2491             : 
    2492           0 :       fd_txn_account_t * program_data_account = NULL;
    2493           0 :       fd_pubkey_t *      programdata_pubkey   = (fd_pubkey_t *)&program_account_state->inner.program.programdata_address;
    2494           0 :       err = fd_exec_txn_ctx_get_executable_account( ctx->txn_ctx,
    2495           0 :                                                     programdata_pubkey,
    2496           0 :                                                     &program_data_account,
    2497           0 :                                                     fd_txn_account_check_exists );
    2498           0 :       if( FD_UNLIKELY( err!=FD_ACC_MGR_SUCCESS ) ) {
    2499           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2500           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2501           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2502           0 :         }
    2503           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2504           0 :       }
    2505             : 
    2506           0 :       if( FD_UNLIKELY( fd_txn_account_get_data_len( program_data_account )<PROGRAMDATA_METADATA_SIZE ) ) {
    2507           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2508           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2509           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2510           0 :         }
    2511           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2512           0 :       }
    2513             : 
    2514           0 :       fd_bpf_upgradeable_loader_state_t * program_data_account_state = fd_bpf_loader_program_get_state( program_data_account,
    2515           0 :                                                                                                         ctx->txn_ctx->spad,
    2516           0 :                                                                                                         &err );
    2517           0 :       if( FD_UNLIKELY( err!=FD_BINCODE_SUCCESS ) ) {
    2518           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2519           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2520           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2521           0 :         }
    2522           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2523           0 :       }
    2524             : 
    2525             :       /* https://github.com/anza-xyz/agave/blob/v2.0.9/svm/src/program_loader.rs#L100-L104
    2526             :          Same as above comment. Program data discriminant must be set correctly. */
    2527           0 :       if( FD_UNLIKELY( !fd_bpf_upgradeable_loader_state_is_program_data( program_data_account_state ) ) ) {
    2528             :         /* The account is closed. */
    2529           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2530           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2531           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2532           0 :         }
    2533           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2534           0 :       }
    2535             : 
    2536           0 :       ulong program_data_slot = program_data_account_state->inner.program_data.slot;
    2537           0 :       if( FD_UNLIKELY( program_data_slot>=ctx->txn_ctx->slot ) ) {
    2538             :         /* The account was likely just deployed or upgraded. Corresponds to
    2539             :           'LoadedProgramType::DelayVisibility' */
    2540           0 :         fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2541           0 :         if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2542           0 :           return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2543           0 :         }
    2544           0 :         return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2545           0 :       }
    2546           0 :     }
    2547             : 
    2548             :     /* Sadly, we have to tie the cache in with consensus. We tried our
    2549             :        best to avoid this, but Agave's program loading logic is too
    2550             :        complex to solely rely on checks without significant redundancy.
    2551             : 
    2552             :        For example, devnet and testnet have older programs that were
    2553             :        deployed before stricter ELF / VM validation checks were put in
    2554             :        place, causing these older programs to fail newer validation
    2555             :        checks and be unexecutable. At the instruction level, we have no
    2556             :        way of checking if this validation passed or not here without
    2557             :        querying our program cache, otherwise we would have to copy-paste
    2558             :        all of our validation checks here.
    2559             : 
    2560             :        Any failures here would indicate an attempt to interact with a
    2561             :        deployed programs that either failed to load or failed bytecode
    2562             :        verification. This applies for v1, v2, and v3 programs. This
    2563             :        could also theoretically cause some currently-deployed programs
    2564             :        to fail in the future if ELF / VM checks are eventually made
    2565             :        stricter. */
    2566           0 :     fd_program_cache_entry_t const * cache_entry = NULL;
    2567           0 :     if( FD_UNLIKELY( fd_program_cache_load_entry( ctx->txn_ctx->funk,
    2568           0 :                                                   ctx->txn_ctx->funk_txn,
    2569           0 :                                                   program_id,
    2570           0 :                                                   &cache_entry )!=0 ) ) {
    2571           0 :       fd_log_collector_msg_literal( ctx, "Program is not cached" );
    2572             : 
    2573             :       /* https://github.com/anza-xyz/agave/blob/89872fdb074e6658646b2b57a299984f0059cc84/programs/bpf_loader/src/lib.rs#L460-L467 */
    2574           0 :       if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2575           0 :         return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2576           0 :       }
    2577           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2578           0 :     }
    2579             : 
    2580             :     /* The program may be in the cache but could have failed verification in the current epoch. */
    2581           0 :     if( FD_UNLIKELY( cache_entry->failed_verification ) ) {
    2582           0 :       fd_log_collector_msg_literal( ctx, "Program is not deployed" );
    2583           0 :       if( FD_FEATURE_ACTIVE_BANK( ctx->txn_ctx->bank, remove_accounts_executable_flag_checks ) ) {
    2584           0 :         return FD_EXECUTOR_INSTR_ERR_UNSUPPORTED_PROGRAM_ID;
    2585           0 :       }
    2586           0 :       return FD_EXECUTOR_INSTR_ERR_INVALID_ACC_DATA;
    2587           0 :     }
    2588             : 
    2589             :     /* https://github.com/anza-xyz/agave/blob/v2.1.14/programs/bpf_loader/src/lib.rs#L446 */
    2590           0 :     fd_borrowed_account_drop( &program_account );
    2591             : 
    2592           0 :     return fd_bpf_execute( ctx, cache_entry, is_deprecated );
    2593           0 :   } FD_SPAD_FRAME_END;
    2594           0 : }
    2595             : 
    2596             : 
    2597             : /* Public APIs */
    2598             : 
    2599             : int
    2600             : fd_directly_invoke_loader_v3_deploy( fd_exec_slot_ctx_t * slot_ctx,
    2601             :                                      fd_pubkey_t const *  program_key,
    2602             :                                      uchar const *        elf,
    2603             :                                      ulong                elf_sz,
    2604           0 :                                      fd_spad_t *          runtime_spad ) {
    2605             :   /* Set up a dummy instr and txn context */
    2606           0 :   fd_exec_txn_ctx_t * txn_ctx        = fd_exec_txn_ctx_join( fd_exec_txn_ctx_new( fd_spad_alloc( runtime_spad, FD_EXEC_TXN_CTX_ALIGN, FD_EXEC_TXN_CTX_FOOTPRINT ) ), runtime_spad, fd_wksp_containing( runtime_spad ) );
    2607           0 :   fd_funk_t *         funk           = slot_ctx->funk;
    2608           0 :   fd_wksp_t *         funk_wksp      = fd_funk_wksp( funk );
    2609           0 :   ulong               funk_txn_gaddr = fd_wksp_gaddr( funk_wksp, slot_ctx->funk_txn );
    2610           0 :   ulong               funk_gaddr     = fd_wksp_gaddr( funk_wksp, funk->shmem );
    2611             : 
    2612           0 :   fd_exec_txn_ctx_from_exec_slot_ctx( slot_ctx,
    2613           0 :                                       txn_ctx,
    2614           0 :                                       funk_wksp,
    2615           0 :                                       funk_txn_gaddr,
    2616           0 :                                       funk_gaddr,
    2617           0 :                                       NULL );
    2618             : 
    2619           0 :   fd_exec_txn_ctx_setup_basic( txn_ctx );
    2620           0 :   txn_ctx->instr_stack_sz = 1;
    2621           0 :   fd_exec_instr_ctx_t * instr_ctx = &txn_ctx->instr_stack[0];
    2622           0 :   *instr_ctx = (fd_exec_instr_ctx_t) {
    2623           0 :     .instr     = NULL,
    2624           0 :     .txn_ctx   = txn_ctx,
    2625           0 :   };
    2626             : 
    2627             :   /* Important note: this function is called at the epoch boundary and
    2628             :      does not do anything with the `programs_to_reverify` field in the
    2629             :      transaction context. This is fine though because when this function
    2630             :      is called, the program will not exist in the cache yet (because it
    2631             :      does not exist on-chain as a BPF program yet). There is no queueing
    2632             :      needed because the next time the program is invoked, the program
    2633             :      cache updating logic will see that the cache entry is missing and
    2634             :      will insert it then. */
    2635           0 :   return fd_deploy_program( instr_ctx, program_key, elf, elf_sz, runtime_spad );
    2636           0 : }

Generated by: LCOV version 1.14