Cleanup tpu/tvu runtime description in the runtime chapter. #2737
Conversation
aeyakovenko
changed the title
| The TVU runtime ensures that PoH verification occurs before the runtime | ||
| processes any transactions. | ||
|
|
||
| <img alt="Runtime pipeline" src="img/tvu-runtime.svg" class="center"/> | ||
|
|
||
| At the *execute* stage, the loaded pages have no data dependencies, so all the | ||
| programs can be executed in parallel. | ||
|
|
||
| The runtime enforces the following rules: | ||
|
|
||
| 1. Only the *owner* program may modify the contents of an account. This means |
There was a problem hiding this comment.
I'm not following this rule, what is it trying to accomplish?
There was a problem hiding this comment.
@jackcmay thats the current design, the account has a owner program id, only the owner program id can modify the account userdata byte array.
There was a problem hiding this comment.
that means that a program has a guarantee that the program code is the only thing that can transition state in the accounts that it owns.
There was a problem hiding this comment.
Yeah, I get that part but rule #1's second part is confusing and muddles up the first part. How about:
"1. Each account is owned and modifiable by only one program at a time."
For the second half are you saying that when an account is assigned it's user data is zero'd?
There was a problem hiding this comment.
@jackcmay yes! :), and cannot be reassigned.
book/src/runtime.md
Outdated
| * `Move` - moves tokens between accounts. | ||
|
|
||
| * `Spawn` - spawns a new program from an account. |
There was a problem hiding this comment.
Might want to expand on what this means. Aka, marks the account as executable, that its userdata contains the programs bits that are executed, and that it contains a reference to the loader that will execute it.
book/src/runtime.md
Outdated
| @@ -70,14 +81,19 @@ encodes. | |||
| instructions to create memory before passing it to another program. This | |||
| instruction can be composed into a single transaction with the call to the | |||
| program itself. | |||
|
|
|||
| 2. Runtime guarantees that when memory is assigned to the program it is zero | |||
There was a problem hiding this comment.
You are specifically referring to "CreateAccount"? Might want to make that explicit that there is no other time the memory is zero'd?
There was a problem hiding this comment.
what do you mean? Assign or CreateAccount will enforce that the userdata is zero.
There was a problem hiding this comment.
Seems strange to zero on assign. Could see use cases where an account is passed between programs and carrying state with it.
There was a problem hiding this comment.
@jackcmay you can pass state with a copy. The program code must accept the copy and actually do it. Otherwise you can trick the program into an unintended state transition since the program would have no way of distinguishing an "assigned' dirty state, from a state it natively generated.
There was a problem hiding this comment.
added notes on state security
book/src/runtime.md
Outdated
| 5. Runtime guarantees the balances belonging to accounts are balanced before | ||
| and after the transaction | ||
|
|
||
| 6. Runtime guarantees that multiple instructions all executed successfully when |
There was a problem hiding this comment.
"multiple"? Or "all" instructions are successfully executed in order for a transaction to be commited.
book/src/runtime.md
Outdated
| specifies a list of public keys and signatures for those keys and a sequential | ||
| list of instructions that will operate over the states associated with the | ||
| account keys. For the transaction to be committed all the instructions must | ||
| execute successfully; if any abort the whole transaction fails to commit. |
There was a problem hiding this comment.
"abort" sounds like something specific but there is no information about what that may be. Might use the word "fail" here instead.
aeyakovenko
force-pushed
the
runtime_cleanup
branch
from
37c4cdd to
996a3c4
Compare
* build(deps): bump serde_json from 1.0.125 to 1.0.127 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.125 to 1.0.127. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@1.0.125...1.0.127) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update all Cargo files --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump serde_json from 1.0.125 to 1.0.127 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.125 to 1.0.127. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@1.0.125...1.0.127) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update all Cargo files --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Problem
TPU and TVU have a slightly different runtime.
Summary of Changes
Cleanup the runtime and some of the wording in the doc.
Fixes #