Account compression: Init with root allowing trees with a canopy

[StanChe]

Initializing a tree with a root

This PR modifies the account-compression program allowing the creation of the trees that were prepared offline. It allows creating trees with or without a canopy.
Verification of the validity, events, any additional checks and fields (URLs, hashes, etc.), and any additional permissions for the created tree are left to the discretion of the calling program.

The workflow

sequenceDiagram
autonumber
actor TC as Tree creator program
participant AC as account-compression
activate TC
TC ->> AC: prepare_batch_merkle_tree(tree_account, max_depth, max_buffer_size)
AC -> AC: initializes the header, but not the tree
loop For a tree with a canopy
TC ->> AC: append_canopy_nodes(tree_account, start_index, canopy_nodes)
end
TC ->> AC: init_prepared_tree_with_root(tree_account, root, rightmost_leaf, rightmost_index, proof)
AC -> AC: verifies the canopy is valid
AC -> AC: initializes the tree

Loading

The separation of a single init_with_root is based on the fact that some trees to be created might require knowing the pubkey of the tree, like with the bubblegum, where asset ids are derived from the tree pubkey and the index in that tree. Thus the user should first create the tree account and assign all the required permissions and then may take time to prepare the tree itself.

If the tree has a canopy - all canopy leaves should be initialized, otherwise the finalization will fail.

This change is inspired by #6441

[ngundotra]

Will look at this in mid June when back from OOO. Is there context behind why this needs to get merged into SPL Account Compression, rather than being done in a separate fork of the program?

[StanChe]

Integrating this feature into the standard library will benefit existing projects already utilizing account compression by enabling them to extend their contracts with rollups and batch creation of trees. This will reduce the number of transactions needed for tree creation, thereby alleviating network congestion. The batch creation method ensures that the tree is in the same state as it would be with individual appends, maintaining consistency. The prepared but not finalized tree will be unusable by other existing methods until it's finalized. The responsibility of validating the tree remains with the calling program, while this change guarantees that the tree initialized with a root has a valid canopy. This modification provides a tool for the batch creation of compressed accounts without imposing specific requirements on the caller and leaving the indexing up to their logic.

[danenbm]

I suspect we should fix the stack overflow thing. Looks like this program was last deployed about 4 months ago, maybe it wasn't an issue then, but I worry it could cause runtime issues now, even if the tests pass not sure if failures would be predictable.

Recently we fixed a similar stack overflow issue that started causing test failures in mpl-core-candy-machine by simply heap-allocating a large stack variable: metaplex-foundation/mpl-core-candy-machine@9575c8b

[danenbm]

Nit: this block seems like it could be refactored into a helper given its done the same in append_canopy_nodes and similar in prepare_tree (except for initializing header).

But this is a style thing, maybe its nicer to just have the flat structure as-is. Feel free to evaluate this comment and do whatever you think is best.

[StanChe]

I've tried to support the existing code style as close to the original as possible. In a general case, most of the existing methods may be refactored to use that same helper method. In my opinion that may be done as a separate effort that doesn't modify the functionality and only refactores the code.

[danenbm]

Great tests!

[StanChe]

@danenbm thanks for the feedback. Decided to move the fix of the stack overflow into a separate PR #6827 in order to simplify this one and not to mix everything up.

[ngundotra]

This is really great PR overall. Great job extending existing design patterns (as bad as they are 😅).

High level requests:

• There should be an easy way to discriminate normal trees from batch-init'd trees. When we talked previously, I suggested adding a new header version & a flag in that header.

• What is the recourse for errors in batch-init'd trees? Which steps of the process are reversible or explicitly immutable? For the immutable steps, can we have some explicit documentation & also add helper methods to the SDK prevent immutable errors?

Pull request has been modified.

[ngundotra]

What happens if I init a batch tree with prepare_tree and then attempt to append to it?

I think that another byte of padding is needed to store is_initialized for batch init'd trees. Then the tree can be checked quickly before executing replace or append. I'm open to more efficient ways of doing this - just wanted to offer my suggestion.

Again, great job with this. Almost there

[ngundotra]

Can this method be renamed to init_batch_merkle_tree to match the other init method?

[ngundotra]

Also, what happens if this method is called on an already-existing tree?

[StanChe]

Can this method be renamed to init_batch_merkle_tree to match the other init method?

If we take a look at the account structure it may be represented as | header | tree body | canopy |. The existing init_empty_merkle_tree does the full initialization - first the header is initialized, then the tree body, and finally the canopy size is checked. This makes the tree usable by the append methods.
For a batch initialized tree the actual initialization takes several steps. First the prepare_tree initializes just the header and checks the canopy size leaving the rest of the account zero'd. Then the canopy is set using append_canopy_nodes. And finally the finalize_merkle_tree_with_root initializes the tree body.
Until the finalize_merkle_tree_with_root is called the tree remains unusable by any other method - the init_empty_merkle_tree will fail because the header is initialized and any modification will fail because the tree itself is not initialized (the self.is_initialized() check will fail). Only the newly added append_canopy_nodes and finalize_merkle_tree_with_root as well as the modified close_empty_tree can operate over a tree in such a state.
That was also the reason the method naming is different to init_ as it leaves the tree in a not fully initialized state, but with only the initialized header (thus prepared).
I'm considering to rename the finalize_merkle_tree_with_root into init_prepared_tree_with_root and prepare_tree into prepare_batch_merkle_tree. This will keep the naming concise in terms the tree is fully initialized after the init_xxx methods. Will also update the comments accordingly. Wdyt?

Also, what happens if this method is called on an already-existing tree?

Adding a test to showcase this.

[ngundotra]

Gotcha, thanks for explaining. This makes sense. Can you add a simplified version of this comment as a docstring to the function tree_bytes_uninitialized ?

Pull request has been modified.

[StanChe]

Also noticed the following stack overflow error occurring on build, fixed it as well

Error: Function _ZN23spl_account_compression23spl_account_compression22init_empty_merkle_tree17hbc30209ef0f8a270E Stack offset of 4928 exceeded max offset of 4096 by 832 bytes, please minimize large stack variables

[ngundotra]

Looks great. Almost ready to push to devnet for testing.

Two more comments:

1. Rebase on top of master
2. Address some small docs + typos

Once this is done, I'll add a PR that updates versions for & publishes the crates & js sdk.

[ngundotra]

nit: typo in uninitialized

[ngundotra]

Gotcha, thanks for explaining. This makes sense. Can you add a simplified version of this comment as a docstring to the function tree_bytes_uninitialized ?

Pull request has been modified.

[ngundotra]

If it wasn't for your extensive tests, I definitely would have thought this would be a footgun.

Converting node indexing to canopy indexing almost always throws me off

[StanChe]

FYI, had to bump up node to 20.5 for 2 js workflows that were failing on node 16. Looks like eslint became incompatible somehow. Used 20.5 as the latest used in some other flows, 18 should work as well.