You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, eventual actor panics raise a Wasm trap which is caught by the invocation container (find description of logic here) and converted to an aborto with exit code SysErrActorPanic at the FVM level.
Proposal
Having the SDK set a panic handler would allow us to pipe extra information to the client, presumably for logging purposes. The panic handler could then abort with SysErrActorPanic and record the backtrace in the log file for later inspection. The node would only actually handle the backtrace if debug mode is enabled (which we would do when, e.g. getting execution traces). This is to avoid actor-driven spamming of log files.
Something to consider is whether we want to charge for the message being sent through. Probably not because the actor would've already incurred memory expansion cost to create that message. And enabling debug is an explicit opt-in user action that should come with big warning labels.
Obviously, there is no guarantee that user-deployed actor will use the SDK, so this issue doesn't imply the removal of panic handling logic at the FVM level.
The text was updated successfully, but these errors were encountered:
We currently catch panics inside the bultin-actors, and turn them into USR_ASSERTION_FAILED exit codes (sending the panic message to the kernel via the abort call). But this functionality lives in the builtin-actors runtime, not the sdk.
Context
Right now, eventual actor panics raise a Wasm trap which is caught by the invocation container (find description of logic here) and converted to an aborto with exit code
SysErrActorPanic
at the FVM level.Proposal
Having the SDK set a panic handler would allow us to pipe extra information to the client, presumably for logging purposes. The panic handler could then abort with
SysErrActorPanic
and record the backtrace in the log file for later inspection. The node would only actually handle the backtrace if debug mode is enabled (which we would do when, e.g. getting execution traces). This is to avoid actor-driven spamming of log files.Something to consider is whether we want to charge for the message being sent through. Probably not because the actor would've already incurred memory expansion cost to create that message. And enabling debug is an explicit opt-in user action that should come with big warning labels.
Obviously, there is no guarantee that user-deployed actor will use the SDK, so this issue doesn't imply the removal of panic handling logic at the FVM level.
The text was updated successfully, but these errors were encountered: