solana-labs · 2501babe · Feb 1, 2024 · Feb 1, 2024 · Feb 1, 2024 · 2501babe
diff --git a/account-decoder/src/parse_vote.rs b/account-decoder/src/parse_vote.rs
@@ -8,7 +8,8 @@ use {
 };
 
 pub fn parse_vote(data: &[u8]) -> Result<VoteAccountType, ParseAccountError> {
-    let mut vote_state = VoteState::deserialize(data).map_err(ParseAccountError::from)?;
+    let mut vote_state =
+        VoteState::deserialize_with_bincode(data).map_err(ParseAccountError::from)?;
     let epoch_credits = vote_state
         .epoch_credits()
         .iter()

diff --git a/programs/vote/src/vote_state/mod.rs b/programs/vote/src/vote_state/mod.rs
@@ -133,7 +133,7 @@ impl From<VoteStateUpdate> for VoteTransaction {
 
 // utility function, used by Stakes, tests
 pub fn from<T: ReadableAccount>(account: &T) -> Option<VoteState> {
-    VoteState::deserialize(account.data()).ok()
+    VoteState::deserialize_with_bincode(account.data()).ok()
 }
 
 // utility function, used by Stakes, tests

diff --git a/runtime/src/bank.rs b/runtime/src/bank.rs
@@ -2680,7 +2680,7 @@ impl Bank {
             // vote_accounts_cache_miss_count is shown to be always zero.
             let account = self.get_account_with_fixed_root(vote_pubkey)?;
             if account.owner() == &solana_vote_program
-                && VoteState::deserialize(account.data()).is_ok()
+                && VoteState::deserialize_with_bincode(account.data()).is_ok()
             {
                 vote_accounts_cache_miss_count.fetch_add(1, Relaxed);
             }

diff --git a/sdk/program/src/vote/state/mod.rs b/sdk/program/src/vote/state/mod.rs
@@ -1,7 +1,5 @@
 //! Vote state
 
-#[cfg(not(target_os = "solana"))]
-use bincode::deserialize;
 #[cfg(test)]
 use {
     crate::epoch_schedule::MAX_LEADER_SCHEDULE_EPOCH_OFFSET,
@@ -18,7 +16,7 @@ use {
         sysvar::clock::Clock,
         vote::{authorized_voters::AuthorizedVoters, error::VoteError},
     },
-    bincode::{serialize_into, serialized_size, ErrorKind},
+    bincode::{serialize_into, ErrorKind},
     serde_derive::{Deserialize, Serialize},
     std::{collections::VecDeque, fmt::Debug, io::Cursor},
 };
@@ -374,50 +372,64 @@ impl VoteState {
         3762 // see test_vote_state_size_of.
     }
 
-    // we retain bincode deserialize for not(target_os = "solana")
-    // because the hand-written parser does not support V0_23_5
+    /// Deserializes the input buffer into a newly allocated `VoteState`
+    ///
+    /// This function is intended as a drop-in replacement for `bincode::deserialize()`.
+    /// V0_23_5 is not supported in a BPF context, but all versions are supported on non-BPF.
     pub fn deserialize(input: &[u8]) -> Result<Self, InstructionError> {
+        let mut vote_state = Self::default();
+        Self::deserialize_into(input, &mut vote_state)?;
+        Ok(vote_state)
+    }
+
+    // this only exists for the sake of the feature gated upgrade to the new parser; do not use it
+    #[doc(hidden)]
+    #[allow(clippy::used_underscore_binding)]
+    pub fn deserialize_with_bincode(_input: &[u8]) -> Result<Self, InstructionError> {
         #[cfg(not(target_os = "solana"))]
         {
-            deserialize::<VoteStateVersions>(input)
+            bincode::deserialize::<VoteStateVersions>(_input)
                 .map(|versioned| versioned.convert_to_current())
                 .map_err(|_| InstructionError::InvalidAccountData)
         }
         #[cfg(target_os = "solana")]
-        {
-            let mut vote_state = Self::default();
-            Self::deserialize_into(input, &mut vote_state)?;
-            Ok(vote_state)
-        }
+        unimplemented!()
     }
 
     /// Deserializes the input buffer into the provided `VoteState`
     ///
-    /// This function exists to deserialize `VoteState` in a BPF context without going above
-    /// the compute limit, and must be kept up to date with `bincode::deserialize`.
+    /// This function is exposed to allow deserialization in a BPF context directly into boxed memory.
     pub fn deserialize_into(
         input: &[u8],
         vote_state: &mut VoteState,
     ) -> Result<(), InstructionError> {
-        let minimum_size =
-            serialized_size(vote_state).map_err(|_| InstructionError::InvalidAccountData)?;
-        if (input.len() as u64) < minimum_size {
-            return Err(InstructionError::InvalidAccountData);
-        }
-
         let mut cursor = Cursor::new(input);
 
         let variant = read_u32(&mut cursor)?;
         match variant {
-            // V0_23_5. not supported; these should not exist on mainnet
-            0 => Err(InstructionError::InvalidAccountData),
+            // V0_23_5. not supported for bpf targets; these should not exist on mainnet
+            // supported for non-bpf targets for backwards compatibility
+            0 => {
+                #[cfg(not(target_os = "solana"))]
+                {
+                    *vote_state = bincode::deserialize::<VoteStateVersions>(input)
+                        .map(|versioned| versioned.convert_to_current())
+                        .map_err(|_| InstructionError::InvalidAccountData)?;
+
+                    Ok(())
+                }
+                #[cfg(target_os = "solana")]
+                Err(InstructionError::InvalidAccountData)
+            }
             // V1_14_11. substantially different layout and data from V0_23_5
             1 => deserialize_vote_state_into(&mut cursor, vote_state, false),
             // Current. the only difference from V1_14_11 is the addition of a slot-latency to each vote
             2 => deserialize_vote_state_into(&mut cursor, vote_state, true),
             _ => Err(InstructionError::InvalidAccountData),
         }?;
 
+        // if cursor overruns the input, it produces 0 values and continues to advance `position`
+        // this check ensures we do not accept such a malformed input erroneously
         if cursor.position() > input.len() as u64 {
             return Err(InstructionError::InvalidAccountData);
         }
@@ -865,7 +877,7 @@ pub mod serde_compact_vote_state_update {
 
 #[cfg(test)]
 mod tests {
-    use {super::*, itertools::Itertools, rand::Rng};
+    use {super::*, bincode::serialized_size, itertools::Itertools, rand::Rng};
 
     #[test]
     fn test_vote_serialize() {
@@ -885,14 +897,13 @@ mod tests {
     }
 
     #[test]
-    fn test_vote_deserialize_into() {
+    fn test_vote_deserialize() {
         // base case
         let target_vote_state = VoteState::default();
         let vote_state_buf =
             bincode::serialize(&VoteStateVersions::new_current(target_vote_state.clone())).unwrap();
 
-        let mut test_vote_state = VoteState::default();
-        VoteState::deserialize_into(&vote_state_buf, &mut test_vote_state).unwrap();
+        let test_vote_state = VoteState::deserialize(&vote_state_buf).unwrap();
 
         assert_eq!(target_vote_state, test_vote_state);
 
@@ -908,31 +919,28 @@ mod tests {
             let vote_state_buf = bincode::serialize(&target_vote_state_versions).unwrap();
             let target_vote_state = target_vote_state_versions.convert_to_current();
 
-            let mut test_vote_state = VoteState::default();
-            VoteState::deserialize_into(&vote_state_buf, &mut test_vote_state).unwrap();
+            let test_vote_state = VoteState::deserialize(&vote_state_buf).unwrap();
 
             assert_eq!(target_vote_state, test_vote_state);
         }
     }
 
     #[test]
-    fn test_vote_deserialize_into_nopanic() {
+    fn test_vote_deserialize_nopanic() {
         // base case
-        let mut test_vote_state = VoteState::default();
-        let e = VoteState::deserialize_into(&[], &mut test_vote_state).unwrap_err();
+        let e = VoteState::deserialize(&[]).unwrap_err();
         assert_eq!(e, InstructionError::InvalidAccountData);
 
         // variant
-        let serialized_len_x4 = serialized_size(&test_vote_state).unwrap() * 4;
+        let serialized_len_x4 = serialized_size(&VoteState::default()).unwrap() * 4;
         let mut rng = rand::thread_rng();
         for _ in 0..1000 {
             let raw_data_length = rng.gen_range(1..serialized_len_x4);
             let raw_data: Vec<u8> = (0..raw_data_length).map(|_| rng.gen::<u8>()).collect();
 
             // it is extremely improbable, though theoretically possible, for random bytes to be syntactically valid
             // so we only check that the deserialize function does not panic
-            let mut test_vote_state = VoteState::default();
-            let _ = VoteState::deserialize_into(&raw_data, &mut test_vote_state);
+            let _ = VoteState::deserialize(&raw_data);
         }
     }
 

diff --git a/sdk/program/src/vote/state/vote_state_0_23_5.rs b/sdk/program/src/vote/state/vote_state_0_23_5.rs
@@ -1,9 +1,12 @@
 #![allow(clippy::arithmetic_side_effects)]
 use super::*;
+#[cfg(test)]
+use arbitrary::{Arbitrary, Unstructured};
 
 const MAX_ITEMS: usize = 32;
 
 #[derive(Debug, Default, Serialize, Deserialize, PartialEq, Eq, Clone)]
+#[cfg_attr(test, derive(Arbitrary))]
 pub struct VoteState0_23_5 {
     /// the node that votes in this account
     pub node_pubkey: Pubkey,
@@ -59,3 +62,59 @@ impl<I> CircBuf<I> {
         self.buf[self.idx] = item;
     }
 }
+
+#[cfg(test)]
+impl<'a, I: Default + Copy> Arbitrary<'a> for CircBuf<I>
+where
+    I: Arbitrary<'a>,
+{
+    fn arbitrary(u: &mut Unstructured<'a>) -> arbitrary::Result<Self> {
+        let mut circbuf = Self::default();
+
+        let len = u.arbitrary_len::<I>()?;
+        for _ in 0..len {
+            circbuf.append(I::arbitrary(u)?);
+        }
+
+        Ok(circbuf)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_vote_deserialize_0_23_5() {
+        // base case
+        let target_vote_state = VoteState0_23_5::default();
+        let target_vote_state_versions = VoteStateVersions::V0_23_5(Box::new(target_vote_state));
+        let vote_state_buf = bincode::serialize(&target_vote_state_versions).unwrap();
+
+        let test_vote_state = VoteState::deserialize(&vote_state_buf).unwrap();
+
+        assert_eq!(
+            target_vote_state_versions.convert_to_current(),
+            test_vote_state
+        );
+
+        // variant
+        // provide 4x the minimum struct size in bytes to ensure we typically touch every field
+        let struct_bytes_x4 = std::mem::size_of::<VoteState0_23_5>() * 4;
+        for _ in 0..100 {
+            let raw_data: Vec<u8> = (0..struct_bytes_x4).map(|_| rand::random::<u8>()).collect();
+            let mut unstructured = Unstructured::new(&raw_data);
+
+            let arbitrary_vote_state = VoteState0_23_5::arbitrary(&mut unstructured).unwrap();
+            let target_vote_state_versions =
+                VoteStateVersions::V0_23_5(Box::new(arbitrary_vote_state));
+
+            let vote_state_buf = bincode::serialize(&target_vote_state_versions).unwrap();
+            let target_vote_state = target_vote_state_versions.convert_to_current();
+
+            let test_vote_state = VoteState::deserialize(&vote_state_buf).unwrap();
+
+            assert_eq!(target_vote_state, test_vote_state);
+        }
+    }
+}
diff --git a/sdk/program/src/vote/state/vote_state_deserialize.rs b/sdk/program/src/vote/state/vote_state_deserialize.rs
@@ -5,10 +5,13 @@ use {
         serialize_utils::cursor::*,
         vote::state::{BlockTimestamp, LandedVote, Lockout, VoteState, MAX_ITEMS},
     },
-    bincode::serialized_size,
     std::io::Cursor,
 };
 
+// hardcode this number to avoid calculating onchain; this is a fixed-size ringbuffer
+// `serialized_size()` must be used over `mem::size_of()` because of alignment
+const PRIOR_VOTERS_SERIALIZED_SIZE: u64 = 1545;
+
 pub(super) fn deserialize_vote_state_into(
     cursor: &mut Cursor<&[u8]>,
     vote_state: &mut VoteState,
@@ -70,10 +73,8 @@ fn read_prior_voters_into<T: AsRef<[u8]>>(
     // record our position at the start of the struct
     let prior_voters_position = cursor.position();
 
-    // `serialized_size()` must be used over `mem::size_of()` because of alignment
-    let is_empty_position = serialized_size(&vote_state.prior_voters)
-        .ok()
-        .and_then(|v| v.checked_add(prior_voters_position))
+    let is_empty_position = PRIOR_VOTERS_SERIALIZED_SIZE
+        .checked_add(prior_voters_position)
         .and_then(|v| v.checked_sub(1))
         .ok_or(InstructionError::InvalidAccountData)?;
 
@@ -140,3 +141,17 @@ fn read_last_timestamp_into<T: AsRef<[u8]>>(
 
     Ok(())
 }
+
+#[cfg(test)]
+mod tests {
+    use {super::*, bincode::serialized_size};
+
+    #[test]
+    fn test_prior_voters_serialized_size() {
+        let vote_state = VoteState::default();
+        assert_eq!(
+            serialized_size(&vote_state.prior_voters).unwrap(),
+            PRIOR_VOTERS_SERIALIZED_SIZE
+        );
+    }
+}
diff --git a/vote/src/vote_account.rs b/vote/src/vote_account.rs
@@ -65,11 +65,13 @@ impl VoteAccount {
     }
 
     pub fn vote_state(&self) -> Result<&VoteState, &Error> {
-        // VoteState::deserialize deserializes a VoteStateVersions and then
+        // VoteState::deserialize_with_bincode deserializes a VoteStateVersions and then
         // calls VoteStateVersions::convert_to_current.
         self.0
             .vote_state
-            .get_or_init(|| VoteState::deserialize(self.0.account.data()).map_err(Error::from))
+            .get_or_init(|| {
+                VoteState::deserialize_with_bincode(self.0.account.data()).map_err(Error::from)
+            })
             .as_ref()
     }