firedancer-io · ripatel-fd · Sep 15, 2024 · Aug 2, 2024
diff --git a/src/app/fddev/configure/genesis.c b/src/app/fddev/configure/genesis.c
@@ -30,7 +30,7 @@ default_enable_features( fd_features_t * features ) {
   features->incremental_snapshot_only_incremental_hash_calculation = 0UL;
   features->timely_vote_credits = 0UL;
   features->apply_cost_tracker_during_replay = 0UL;
-  features->reject_callx_r10 = 0UL;
+  features->reject_callx_r10 = 1UL;
   features->update_hashes_per_tick = 0UL;
   features->enable_partitioned_epoch_reward = 0UL;
   features->pico_inflation = 0UL;

diff --git a/src/flamenco/features/fd_features_generated.c b/src/flamenco/features/fd_features_generated.c
@@ -470,7 +470,8 @@ fd_feature_id_t const ids[] = {
   { .index      = offsetof(fd_features_t, reject_callx_r10)>>3,
     .id         = {"\x23\x2d\x66\x6d\x5c\x7d\x78\x7e\xf9\x05\x90\x7b\x5c\x5b\xfe\x99\xd2\x8a\x96\xc4\x37\xaa\x40\x2a\x06\x26\x72\x4e\xdd\x3c\x7a\x10"},
                   /* 3NKRSwpySNwD3TvP5pHnRmkAQRsdkXWRr1WaQh8p4PWX */
-    .name       = "reject_callx_r10" },
+    .name       = "reject_callx_r10",
+    .cleaned_up = 2010 },
 
   { .index      = offsetof(fd_features_t, drop_redundant_turbine_path)>>3,
     .id         = {"\x2f\xd4\x72\x78\xb4\x96\xc4\xff\x58\x4b\x74\x4b\xfc\xec\x33\x90\x63\xd1\x91\xe8\xd1\xa7\xad\x65\xd2\xe2\x5d\xb1\x03\x6f\xd7\x8f"},

diff --git a/src/flamenco/features/feature_map.json b/src/flamenco/features/feature_map.json
@@ -78,7 +78,7 @@
   {"name":"stake_split_uses_rent_sysvar","pubkey": "FQnc7U4koHqWgRvFaBJjZnV8VPg6L6wWK33yJeDp4yvV","cleaned_up":1180},
   {"name":"add_get_minimum_delegation_instruction_to_stake_program","pubkey": "St8k9dVXP97xT6faW24YmRSYConLbhsMJA4TJTBLmMT","cleaned_up":1180},
   {"name":"error_on_syscall_bpf_function_hash_collisions","pubkey": "8199Q2gMD2kwgfopK5qqVWuDbegLgpuFUFHCcUJQDN8b"},
-  {"name":"reject_callx_r10","pubkey": "3NKRSwpySNwD3TvP5pHnRmkAQRsdkXWRr1WaQh8p4PWX"},
+  {"name":"reject_callx_r10","pubkey": "3NKRSwpySNwD3TvP5pHnRmkAQRsdkXWRr1WaQh8p4PWX","cleaned_up":2010},
   {"name":"drop_redundant_turbine_path","pubkey": "4Di3y24QFLt5QEUPZtbnjyfQKfm6ZMTfa6Dw1psfoMKU","cleaned_up":1180},
   {"name":"executables_incur_cpi_data_cost","pubkey": "7GUcYgq4tVtaqNCKT3dho9r4665Qp5TxCZ27Qgjx3829","cleaned_up":1180},
   {"name":"fix_recent_blockhashes","pubkey": "6iyggb5MTcsvdcugX7bEKbHV8c6jdLbpHwkncrgLMhfo","cleaned_up":1180},

diff --git a/src/flamenco/runtime/tests/fd_exec_sol_compat.c b/src/flamenco/runtime/tests/fd_exec_sol_compat.c
@@ -67,7 +67,7 @@ sol_compat_wksp_init( void ) {
   for( const fd_feature_id_t * current_feature = fd_feature_iter_init(); !fd_feature_iter_done( current_feature ); current_feature = fd_feature_iter_next( current_feature ) ) {
     // Skip reverted features
     if( current_feature->reverted ) continue;
-  
+
     if( current_feature->cleaned_up ) {
       memcpy( &features.cleaned_up_features[features.cleaned_up_feature_cnt++], &current_feature->id, sizeof(ulong) );
     } else {
@@ -165,7 +165,7 @@ sol_compat_execute_wrapper( fd_exec_instr_test_runner_t * runner,
                             void * input,
                             void ** output,
                             exec_test_run_fn_t * exec_test_run_fn ) {
-  
+
   assert( fd_scratch_prepare_is_safe( 1UL ) );
   ulong out_bufsz = 100000000;  /* 100 MB */
   void * out0 = fd_scratch_prepare( 1UL );
@@ -320,7 +320,7 @@ sol_compat_cmp_txn( fd_exec_test_txn_result_t *  expected,
   if( !_diff_resulting_states( &expected->resulting_state, &actual->resulting_state ) ) {
     return 0;
   }
-  
+
   /* TxnResult -> rent */
   if( expected->rent != actual->rent ) {
     FD_LOG_WARNING(( "Rent mismatch: expected=%lu actual=%lu", expected->rent, actual->rent ));
@@ -554,7 +554,7 @@ sol_compat_vm_interp_fixture( fd_exec_instr_test_runner_t * runner,
   return ok;
 }
 
-int 
+int
 sol_compat_validate_vm_fixture( fd_exec_instr_test_runner_t * runner,
                                 uchar const *                 in,
                                 ulong                         in_sz ) {
@@ -780,7 +780,7 @@ sol_compat_vm_validate_v1(  uchar *       out,
   return ok;
 }
 
-/* We still need a separate entrypoint since other harnesses (namely sfuzz-agave) 
+/* We still need a separate entrypoint since other harnesses (namely sfuzz-agave)
    do something other than wrap their vm_syscall equivalent */
 int
 sol_compat_vm_cpi_syscall_v1( uchar *       out,

diff --git a/src/flamenco/runtime/tests/fd_vm_test.c b/src/flamenco/runtime/tests/fd_vm_test.c
@@ -13,11 +13,11 @@ fd_vm_syscall_noop( void * _vm,
                     ulong arg3,
                     ulong arg4,
                     ulong* _ret){
-  /* TODO: have input message determine CUs to deduct? 
+  /* TODO: have input message determine CUs to deduct?
   fd_vm_t * vm = (fd_vm_t *) _vm;
   vm->cu = vm->cu - 5;
   */
-  
+
   (void) _vm;
   (void) arg0;
   (void) arg1;
@@ -42,16 +42,7 @@ fd_exec_vm_validate_test_run( fd_exec_instr_test_runner_t * runner,
     return 0UL;
   }
 
-  int rej_callx_r10 = 0;
-  if( input->has_features ) {
-    for( ulong i=0UL; i < input->features.features_count; i++ ) {
-      if( input->features.features[i] == TEST_VM_REJECT_CALLX_R10_FEATURE_PREFIX ) {
-        rej_callx_r10 = 1;
-        break;
-      }
-    }
-  }
-  fd_exec_instr_ctx_t * ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), rej_callx_r10 );
+  fd_exec_instr_ctx_t * ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
 
   FD_TEST( output_bufsz >= sizeof(fd_exec_test_validate_vm_effects_t) );
 
@@ -75,7 +66,7 @@ fd_exec_vm_validate_test_run( fd_exec_instr_test_runner_t * runner,
       rodata_sz = vm_ctx->rodata->size;
     }
 
-    ulong * text = (ulong *) (rodata + vm_ctx->rodata_text_section_offset);    
+    ulong * text = (ulong *) (rodata + vm_ctx->rodata_text_section_offset);
     ulong text_cnt = vm_ctx->rodata_text_section_length / 8UL;
 
     fd_vm_t * vm = fd_vm_join( fd_vm_new( fd_valloc_malloc( valloc, fd_vm_align(), fd_vm_footprint() ) ) );
@@ -107,13 +98,13 @@ fd_exec_vm_validate_test_run( fd_exec_instr_test_runner_t * runner,
     fd_valloc_free( valloc, fd_vm_delete( fd_vm_leave( vm ) ) );
 
   } while(0);
-  
+
 
   /* Run vm validate and capture result */
-  
+
   effects->success = (effects->result == FD_VM_SUCCESS);
   *output = effects;
-  
+
   test_vm_exec_instr_ctx_delete( ctx );
   return sizeof (fd_exec_test_validate_vm_effects_t);
 }
@@ -224,7 +215,7 @@ do{
   FD_TEST( vm );
 
   /* Override some execution state values from the interp fuzzer input
-     This is so we can test if the interp (or vm setup) mutates any of 
+     This is so we can test if the interp (or vm setup) mutates any of
      these erroneously */
   vm->reg[0]  = input->vm_ctx.r0;
   vm->reg[1]  = input->vm_ctx.r1;
@@ -306,7 +297,7 @@ do{
 
   /* CU error is difficult to properly compare as there may have been
      valid writes to the memory regions prior to capturing the error. And
-     the pc might be well past (by an arbitrary amount) the instruction 
+     the pc might be well past (by an arbitrary amount) the instruction
      where the CU error occurred. */
   if( exec_res == FD_VM_ERR_SIGCOST ) break;
 
@@ -336,7 +327,7 @@ do{
                                                               (void *) tmp_end,
                                                               fd_ulong_sat_sub( output_end, tmp_end) );
   FD_SCRATCH_ALLOC_APPEND( l, 1UL, input_data_regions_size );
-  
+
 
 } while(0);
 

diff --git a/src/flamenco/vm/fd_vm.c b/src/flamenco/vm/fd_vm.c
@@ -239,12 +239,12 @@ fd_vm_validate( fd_vm_t const * vm ) {
 
   /* FIXME: These checks are not necessary assuming fd_vm_t is populated by metadata
      generated in fd_sbpf_elf_peek (which performs these checks). But there is no guarantee, and
-     this non-guarantee is (rightfully) exploited by the fuzz harnesses. 
+     this non-guarantee is (rightfully) exploited by the fuzz harnesses.
      Agave doesn't perform these checks explicitly due to Rust's guarantees  */
-  if( FD_UNLIKELY( vm->text_sz / 8UL != vm->text_cnt || 
+  if( FD_UNLIKELY( vm->text_sz / 8UL != vm->text_cnt ||
                    (const uchar *) vm->text < vm->rodata ||
                    (const uchar *) vm->text > (const uchar *) vm->text + vm->text_sz || /* Overflow chk */
-                   (const uchar *) vm->text  + vm->text_sz >  vm->rodata + vm->rodata_sz ) ) 
+                   (const uchar *) vm->text  + vm->text_sz >  vm->rodata + vm->rodata_sz ) )
     return FD_VM_ERR_BAD_TEXT;
 
   if( FD_UNLIKELY( !fd_ulong_is_aligned( vm->text_sz, 8UL ) ) ) /* https://github.com/solana-labs/rbpf/blob/v0.8.0/src/verifier.rs#L109 */
@@ -289,7 +289,7 @@ fd_vm_validate( fd_vm_t const * vm ) {
 
       /* FIXME: SET A BIT MAP HERE OF ADDL_IMM TO DENOTE * AS FORBIDDEN
          BRANCH TARGETS OF CALL_REG?? */
-      
+
       i++; /* Skip the addl imm */
       break;
     }
@@ -312,7 +312,7 @@ fd_vm_validate( fd_vm_t const * vm ) {
     case FD_CHECK_CALLX: {
       /* The register number to read is stored in the immediate.
          https://github.com/solana-labs/rbpf/blob/v0.8.1/src/verifier.rs#L218 */
-      if( FD_UNLIKELY( instr.imm > ( FD_FEATURE_ACTIVE( vm->instr_ctx->slot_ctx, reject_callx_r10 )  ? 9 : 10 ) ) ) {
+      if( FD_UNLIKELY( instr.imm > 9 ) ) {
         return FD_VM_ERR_INVALID_REG;
       }
       break;

diff --git a/src/flamenco/vm/instr_test/jump.instr b/src/flamenco/vm/instr_test/jump.instr
@@ -364,19 +364,9 @@ $ op=dd dst=a src=1 off=0000                                          : vfy
 $ op=dd dst=9 src=b off=0000                                          : vfy
 
 # call_reg reg[imm] (these should fail during exec by default)
-$ op=8d dst=9 src=9 imm=0          : err 
-$ op=8d dst=9 src=9 imm=1          : err
-$ op=8d dst=9 src=9 imm=9          : err
-$ op=8d dst=9 src=9 imm=b          : vfy
-$ op=8d dst=9 src=9 imm=ffffffff   : vfy
-$ op=8d dst=9 src=9 imm=a          : err
-
-$ reject_callx_r10=1
-  op=8d dst=9 src=9 imm=a          : vfy
 $ op=8d dst=9 src=9 imm=0          : err
 $ op=8d dst=9 src=9 imm=1          : err
 $ op=8d dst=9 src=9 imm=9          : err
 $ op=8d dst=9 src=9 imm=b          : vfy
-$ op=8d dst=9 src=9 imm=fffffffff  : vfy 
-
-$ reject_callx_r10=0 
+$ op=8d dst=9 src=9 imm=ffffffff   : vfy
+$ op=8d dst=9 src=9 imm=a          : vfy
diff --git a/src/flamenco/vm/syscall/test_vm_syscall_curve.c b/src/flamenco/vm/syscall/test_vm_syscall_curve.c
@@ -75,7 +75,7 @@ main( int     argc,
   uchar       rodata[ rodata_sz ];
   set_memory_region( rodata, rodata_sz );
 
-  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), false );
+  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
   fd_features_enable_all( &((fd_exec_epoch_ctx_t *)instr_ctx->epoch_ctx)->features );
 
   int vm_ok = !!fd_vm_init(

diff --git a/src/flamenco/vm/syscall/test_vm_syscalls.c b/src/flamenco/vm/syscall/test_vm_syscalls.c
@@ -3,7 +3,7 @@
 
 static inline void set_memory_region( uchar * mem, ulong sz ) { for( ulong i=0UL; i<sz; i++ ) mem[i] = (uchar)(i & 0xffUL); }
 
-static void 
+static void
 test_vm_syscall_toggle_direct_mapping( fd_exec_instr_ctx_t * instr_ctx, int enable ) {
   ulong slot = enable ? 0UL : FD_FEATURE_DISABLED;
   char const * one_offs[] = { "EenyoWx9UMXYKpR8mW5Jmfmy2fRjzUtM7NduYMY8bx33" };
@@ -212,7 +212,7 @@ main( int     argc,
   input_mem_regions[2] = (fd_vm_input_region_t){ .haddr = (ulong)input + 101UL, .region_sz = 400UL, .is_writable = 1, .vaddr_offset = 101UL };
   input_mem_regions[3] = (fd_vm_input_region_t){ .haddr = (ulong)input + 501UL, .region_sz = 499UL, .is_writable = 1, .vaddr_offset = 501UL };
 
-  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), false );
+  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
 
   int vm_ok = !!fd_vm_init(
       /* vm               */ vm,
@@ -299,15 +299,15 @@ main( int     argc,
                               1UL,
                               1000UL,
                               0UL, FD_VM_SUCCESS );
-  
+
   test_vm_syscall_sol_memset( "test_vm_syscall_sol_memset: memset across multiple input mem regions 2",
                               vm,
                               FD_VM_MEM_MAP_INPUT_REGION_START,
                               (ulong)&input + 50UL,
                               1UL,
                               800UL,
                               0UL, FD_VM_SUCCESS );
-    
+
   input_mem_regions[2].is_writable=0;
   test_vm_syscall_sol_memset( "test_vm_syscall_sol_memset: memset across multiple input mem regions invalid write",
                               vm,
@@ -449,7 +449,7 @@ main( int     argc,
                                 vm->input_mem_regions[0].haddr + 800UL,
                                 50UL,
                                 0UL, FD_VM_SUCCESS );
-                      
+
   test_vm_syscall_sol_memcpy( "test_vm_syscall_sol_memcpy: memcpy in input overlapping vaddr",
                                 vm,
                                 FD_VM_MEM_MAP_INPUT_REGION_START + 80UL,
@@ -475,7 +475,7 @@ main( int     argc,
                                 vm->input_mem_regions[0].haddr + 50UL,
                                 vm->input_mem_regions[0].haddr + 450UL,
                                 500UL,
-                                0UL, FD_VM_ERR_MEM_OVERLAP );              
+                                0UL, FD_VM_ERR_MEM_OVERLAP );
 
 
   test_vm_syscall_toggle_direct_mapping( instr_ctx, 0 ); /* disable direct mapping */
@@ -571,7 +571,7 @@ main( int     argc,
                               vm->input_mem_regions[0].haddr + 800UL,
                               50UL,
                               0UL, FD_VM_SUCCESS );
-                      
+
   test_vm_syscall_sol_memmove( "test_vm_syscall_sol_memmove: memmove in input overlapping vaddr",
                               vm,
                               FD_VM_MEM_MAP_INPUT_REGION_START + 80UL,
@@ -597,7 +597,7 @@ main( int     argc,
                                 vm->input_mem_regions[0].haddr + 50UL,
                                 vm->input_mem_regions[0].haddr + 450UL,
                                 500UL,
-                                0UL, FD_VM_SUCCESS );   
+                                0UL, FD_VM_SUCCESS );
 
   // test for memcmp at the heap region
   test_vm_syscall_sol_memcmp( "test_vm_syscall_sol_memcmp: memcmp at the heap region",
@@ -659,7 +659,6 @@ main( int     argc,
                               200UL,
                               0UL, FD_VM_SUCCESS );
 
-
   uchar expected_log[ FD_VM_LOG_MAX ];
   ulong expected_log_sz = 0UL;
 

diff --git a/src/flamenco/vm/test_vm_instr.c b/src/flamenco/vm/test_vm_instr.c
@@ -45,7 +45,6 @@ struct test_input {
   ushort        off;
   ulong         imm;
   ulong         reg[REG_CNT];
-  int           reject_callx_r10;
   uint          region_boundary[16]; /* This can be changed */
   uint          region_boundary_cnt;
 };
@@ -326,11 +325,6 @@ parse_token( test_parser_t *  p,
     ulong * out = p->state == PARSE_STATE_ASSERT ? p->effects.reg : p->input.reg;
     out[ reg ] = parse_hex_int( p );
 
-  } else if( 0==strncmp( word, "reject_callx_r10", word_len ) ) {
-
-    parse_assign_sep( p );
-    p->input.reject_callx_r10 = !!parse_hex_int( p );
-
   } else {
 
     FD_LOG_ERR(( "Unexpected token '%.*s' at %s(%lu)", (int)word_len, word, p->path, p->line ));
@@ -437,7 +431,7 @@ run_input( test_input_t const * input,
       fd_sbpf_syscalls_new(
       aligned_alloc( fd_sbpf_syscalls_align(), fd_sbpf_syscalls_footprint() ) ) );
 
-  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), input->reject_callx_r10 );
+  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
 
   int vm_ok = !!fd_vm_init(
       /* vm               */ vm,

diff --git a/src/flamenco/vm/test_vm_interp.c b/src/flamenco/vm/test_vm_interp.c
@@ -219,7 +219,7 @@ test_0cu_exit( void ) {
     fd_vm_instr( FD_SBPF_OP_EXIT,      0, 0, 0, 0 )
   };
   ulong text_cnt = 3UL;
-  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), false /* not tested here*/ );
+  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
 
   /* Ensure the VM exits with success if the CU count after the final
      exit instruction reaches zero. */
@@ -295,7 +295,7 @@ main( int     argc,
 
   fd_sbpf_syscalls_t * syscalls = fd_sbpf_syscalls_join( fd_sbpf_syscalls_new( _syscalls ) ); FD_TEST( syscalls );
 
-  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual(), false );
+  fd_exec_instr_ctx_t * instr_ctx = test_vm_minimal_exec_instr_ctx( fd_libc_alloc_virtual() );
 
   FD_TEST( fd_vm_syscall_register( syscalls, "accumulator", accumulator_syscall )==FD_VM_SUCCESS );
 

diff --git a/src/flamenco/vm/test_vm_util.c b/src/flamenco/vm/test_vm_util.c
@@ -7,8 +7,7 @@
    For now, we just need to setup feature flags. */
 fd_exec_instr_ctx_t *
 test_vm_minimal_exec_instr_ctx(
-    fd_valloc_t valloc,
-    int         reject_callx_r10 ) {
+    fd_valloc_t valloc ) {
 
   void * _ctx = fd_exec_instr_ctx_new( fd_valloc_malloc( valloc, FD_EXEC_INSTR_CTX_ALIGN, FD_EXEC_INSTR_CTX_FOOTPRINT ) );
 
@@ -44,9 +43,7 @@ test_vm_minimal_exec_instr_ctx(
 
   /* Setup feature flags */
   fd_features_disable_all( &epoch_ctx->features );
-  if ( reject_callx_r10 ) {
-    fd_features_set( &epoch_ctx->features, fd_feature_id_query(TEST_VM_REJECT_CALLX_R10_FEATURE_PREFIX), 0UL );
-  }
+  fd_features_set( &epoch_ctx->features, fd_feature_id_query(TEST_VM_REJECT_CALLX_R10_FEATURE_PREFIX), 0UL );
 
   return ctx;
 }

diff --git a/src/flamenco/vm/test_vm_util.h b/src/flamenco/vm/test_vm_util.h
@@ -9,8 +9,7 @@
 
 fd_exec_instr_ctx_t *
 test_vm_minimal_exec_instr_ctx(
-   fd_valloc_t valloc,
-   int reject_callx_r10
+   fd_valloc_t valloc
 );
 
 void