refactor: improved debugging messages for durability#5401
Merged
mergify[bot] merged 5 commits intomasterfrom May 21, 2022
Merged
refactor: improved debugging messages for durability#5401mergify[bot] merged 5 commits intomasterfrom
mergify[bot] merged 5 commits intomasterfrom
Conversation
erights
approved these changes
May 20, 2022
Member
erights
left a comment
There was a problem hiding this comment.
The code LGTM, thanks!
The PR comment reads like the embedded snippet may be the replacement code rather than the code being replaced.
erights
requested changes
May 20, 2022
Member
erights
left a comment
There was a problem hiding this comment.
Doing a request changes to block submission until I make a suggestion. Coming soon...
2 tasks
erights
added a commit
to endojs/endo
that referenced
this pull request
May 15, 2025
Closes: #XXXX Refs: Agoric/agoric-sdk#5401 ## Description We often need to see the deep contents of a Passable. Indeed, this was kicked off by a slack thread about wanting to quote ```js M.splitRecord( harden({ assetKind: M.or('nat', 'set', 'copySet', 'copyBag'), decimalPlaces: M.and(M.gte(-100), M.lte(100)), }), ) ``` This PR provides a `qp` function meaning "quote passable". You can use it where you'd use `q`. It produces a quasi-quoted Justin expression of the form in which the passable would be passed. For example, the `qp` of the above pattern is ```js `makeTagged("match:splitRecord", [ { assetKind: makeTagged("match:or", [ "nat", "set", "copySet", "copyBag", ]), decimalPlaces: makeTagged("match:and", [ makeTagged("match:gte", -100), makeTagged("match:lte", 100), ]), }, ])` ``` ### Security Considerations Unlike `q`, `qp` does not lazily postpone rendering the expression into Justin. `q` can do this easily because it is inside the `'ses'` assert.js module and can use the rights amplification available only there. `qp` depends on `'@endo/marshal'` which is several levels up from `'ses'`. Rather than expose these rights amplification powers (or several other kludges that failed), I just made `qp` non-lazy. Thus there are no security implications. ### Scaling Considerations Because `qp` is not lazy, simply constructing an error with `Fail` or `makeError(X...)` will pay all the cost of rendering to Justin, whether or not that error is ever used. ### Documentation Considerations Because Justin is a subset of HardenedJS, the Justin expressions produced by `qp` can be used in documentation if needed. Though see Compatibility Considerations below. ### Testing Considerations - [ ] Only minimal tests written for `qp`. We should also write a test that loops through all the `jsonJustinPairs`, just as other Justin tests do. ### Compatibility Considerations Using Justin with symbols exposes in the rendered string how Justin currently represents passable symbols. That changes in #2793. Whichever of these gets merged first, the other will have to reconcile merge conflicts. And any saved Justin strings containing that old Justin representation will need to be updated or marked stale. ### Upgrade Considerations Other than the Compatibility Considerations above, none. - [x] Update `NEWS.md` for user-facing changes.
boneskull
pushed a commit
to endojs/endo
that referenced
this pull request
Jun 4, 2025
Closes: #XXXX Refs: Agoric/agoric-sdk#5401 ## Description We often need to see the deep contents of a Passable. Indeed, this was kicked off by a slack thread about wanting to quote ```js M.splitRecord( harden({ assetKind: M.or('nat', 'set', 'copySet', 'copyBag'), decimalPlaces: M.and(M.gte(-100), M.lte(100)), }), ) ``` This PR provides a `qp` function meaning "quote passable". You can use it where you'd use `q`. It produces a quasi-quoted Justin expression of the form in which the passable would be passed. For example, the `qp` of the above pattern is ```js `makeTagged("match:splitRecord", [ { assetKind: makeTagged("match:or", [ "nat", "set", "copySet", "copyBag", ]), decimalPlaces: makeTagged("match:and", [ makeTagged("match:gte", -100), makeTagged("match:lte", 100), ]), }, ])` ``` ### Security Considerations Unlike `q`, `qp` does not lazily postpone rendering the expression into Justin. `q` can do this easily because it is inside the `'ses'` assert.js module and can use the rights amplification available only there. `qp` depends on `'@endo/marshal'` which is several levels up from `'ses'`. Rather than expose these rights amplification powers (or several other kludges that failed), I just made `qp` non-lazy. Thus there are no security implications. ### Scaling Considerations Because `qp` is not lazy, simply constructing an error with `Fail` or `makeError(X...)` will pay all the cost of rendering to Justin, whether or not that error is ever used. ### Documentation Considerations Because Justin is a subset of HardenedJS, the Justin expressions produced by `qp` can be used in documentation if needed. Though see Compatibility Considerations below. ### Testing Considerations - [ ] Only minimal tests written for `qp`. We should also write a test that loops through all the `jsonJustinPairs`, just as other Justin tests do. ### Compatibility Considerations Using Justin with symbols exposes in the rendered string how Justin currently represents passable symbols. That changes in #2793. Whichever of these gets merged first, the other will have to reconcile merge conflicts. And any saved Justin strings containing that old Justin representation will need to be updated or marked stale. ### Upgrade Considerations Other than the Compatibility Considerations above, none. - [x] Update `NEWS.md` for user-facing changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
While working on durability (#5283), we (@erights and I) improved some error message so they explicitly told us where our problem was.
Our first version threw undefined must be a string from inside
decodeToJustin, even when there was not problem in the serialization. We eventually traced that todecodeToJustinnot understanding the current representation ofibids. This version sidesteps that issue when there's no durability problem.Security Considerations
Reveals some internal information, but should only appear when debugging.
Documentation Considerations
No user-serviceable parts inside.
Testing Considerations
This is useful during tests.