|
| 1 | +--- |
| 2 | +simd: 'XXXX' |
| 3 | +title: Loader V3: Set Program Data to ELF Length |
| 4 | +authors: |
| 5 | + - Joe Caulfield (Anza) |
| 6 | + - Dean Little (Blueshift) |
| 7 | +category: Standard |
| 8 | +type: Core |
| 9 | +status: Review |
| 10 | +created: 2025-12-14 |
| 11 | +feature: (fill in with feature key and github tracking issues once accepted) |
| 12 | +--- |
| 13 | + |
| 14 | +## Summary |
| 15 | + |
| 16 | +This SIMD proposes changing the default behavior of program upgrades to resize |
| 17 | +the program data account to the length of the ELF being deployed, refunding any |
| 18 | +surplus lamports to a spill account. |
| 19 | + |
| 20 | +## Motivation |
| 21 | + |
| 22 | +Currently, Loader v3 program data accounts may be extended but cannot be |
| 23 | +retracted. As program sizes decrease due to SDK improvements such as Pinocchio, |
| 24 | +this limitation results in program data accounts remaining larger than |
| 25 | +necessary, with no mechanism to reclaim the rent paid for unused bytes. This |
| 26 | +unnecessarily increases rent costs and program loading overhead. |
| 27 | + |
| 28 | +## New Terminology |
| 29 | + |
| 30 | +No new terminology is introduced by this proposal. |
| 31 | + |
| 32 | +## Detailed Design |
| 33 | + |
| 34 | +The `Upgrade` instruction will be updated to automatically resize the program |
| 35 | +data account to match the length of the ELF in the buffer being deployed. |
| 36 | + |
| 37 | +If the new ELF is larger than the current program data account, the upgrade will |
| 38 | +fail. The account must first be extended to the required size via the |
| 39 | +`ExtendProgram` instruction. |
| 40 | + |
| 41 | +If the new ELF is smaller than the current program data account, the account |
| 42 | +will be retracted and surplus lamports will be refunded to the spill account. |
| 43 | + |
| 44 | +This change will be a feature-gated behavioral change to the existing `Upgrade` |
| 45 | +instruction. |
| 46 | + |
| 47 | +## Alternatives Considered |
| 48 | + |
| 49 | +An alternative approach would be to add a new `WithdrawExcessLamports` |
| 50 | +instruction, similar to the instruction of the same name in the Token-2022 |
| 51 | +program. This would allow the program's upgrade authority to claim excess |
| 52 | +lamports after the auto-resizing from `Upgrade`. |
| 53 | + |
| 54 | +## Impact |
| 55 | + |
| 56 | +This proposal results in a lower program footprint in Accounts DB, incentivizes |
| 57 | +developers to upgrade to newer, more performant libraries and SDKs, and enables |
| 58 | +the recovery of surplus lamports, including those accidentally sent to the |
| 59 | +program data address. |
| 60 | + |
| 61 | +## Security Considerations |
| 62 | + |
| 63 | +N/A |
| 64 | + |
| 65 | +## Backwards Compatibility |
| 66 | + |
| 67 | +This change modifies an existing Loader v3 instruction and therefore requires a |
| 68 | +feature gate for consensus safety. From an API and tooling perspective, the |
| 69 | +change is backwards compatible. |
0 commit comments