github anza-xyz/pinocchio pinocchio@v0.11.0
on GitHub

latest releases: pinocchio-memo@v0.4.0, pinocchio-system@v0.6.0, pinocchio-token-2022@v0.3.0...
12 hours ago

Important

This release includes two important breaking changes.

Mutable AccountView references

In previous versions, the Rust borrow checker could not provide much help when working with accounts because the API only required &self references, even though many methods mutated account data. 

let [from, to, _system_program] = accounts else {
    return Err(ProgramError::NotEnoughAccountKeys);
};

// SAFETY: No other borrow of the account data exist.
let data = unsafe { to.borrow_unchecked_mut() };

CreateAccount {
    from,
    to,
    lamports: 1_000_000_000,
    space: 10,
    owner: program_id,
}
.invoke()?;

// UB: The reference is not valid anymore since the CPI mutates
// the account data.
data[0] = 10;

The borrow checker can provide stronger guarantees if programs work with mutable AccountView references directly. To support this, the new version of solana-account-view now requires mutable AccountView references in APIs that mutate account state. For example, assign, close and try_borrow_mut now require &mut AccountView.

As a result, the signature of process_instruction must also change so that programs receive a mutable slice of AccountView values:

This change requires a modification on the signature of the process_instruction definition to specify that programs receive a mutable slice of AccountView values: 

pub fn process_instruction(
  program_id: &Address,
  accounts: &mut [AccountView], // changed from `&[AccountView]`
  instruction_data: &[u8],
) -> ProgramResult {
  ...
}

Although the Rust borrow checker now catches more cases than before, some exceptions remain because accounts can still be duplicated. As a result, unchecked borrows must still be used with care.

Account resize

Previously, account resizing was implemented in AccountView by tracking the cumulative length difference across calls to resize. This approach breaks down if an account is resized through CPI before the program itself calls resize.

Because resize handling is closely tied to how the entrypoint parses program input, the latest release of solana-account-view removed the resizing functionality from AccountView.

Pinocchio now provides two traits for resizing accounts: Resize and UnsafeResize. These are enabled through the account-resize and unsafe-account-resize crate features, respectively.

When "account-resize" is enabled, the entrypoint consumes an additional 2 CUs per account because it must store the initial data length while parsing accounts. This is necessary to support safe resizing, even if the account has already been resized through CPI.

For programs that can guarantee this does not happen, the "unsafe-account-resize" feature may be used instead. This enables the UnsafeResize trait without the additional ebtrypoint overhead.

What's new

  • Publish pinocchio v0.11.0
  • Use correct MAX_SIZE (#393) by @febo
  • Add alignment check to Clock::from_bytes (#394) by @febo
  • Make pointer private in IntrospectedInstruction (#395) by @febo
  • Fix entrypoint logic (#392) by @febo
  • Add unsafe block in lazy program entrypoint (#388) by @febo
  • Add Batch instruction (#377) by @febo
  • Remove old rent exemption threshold (#379) by @BretasArthur1
  • Update crate documentation (#375) by @febo
  • Update nightly toolchain version (#374) by @febo
  • Add resize feature (#347) by @febo
  • More &mut accounts updates (#364) by @febo
  • Bump dependencies (#363) by @febo
  • Remove unnecessary allow deprecated (#362) by @febo
  • Improve SlotHashes entry count validation (#360) by @febo
  • Fix Rent threshold validation (#359) by @febo
Check out latest releases or
releases around anza-xyz/pinocchio pinocchio@v0.11.0

Don't miss a new pinocchio release

NewReleases is sending notifications on new releases.

Get notifications