Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(ERTP,vats): AmountPatternShape #9410

Merged
merged 1 commit into from
Aug 8, 2024
Merged

Conversation

erights
Copy link
Member

@erights erights commented May 24, 2024

closes: XXX
refs: #9402 (comment) #9402 (comment) #9407

Description

#9407 explains that sometimes we used a .optional(AmountShape) guard to describe an optAmountShape argument.

#9402 (comment) #9402 (comment) discussed ways to fix this that were ultimately omitted from #9402 . This PR provides a form of the fix discussed in those comments. Three remaining controversies I'd like my reviewers to comment on:

  • Whether the name of the exported pattern should be AmountShapeShape or AmountPatternShape. See my doc-comment on AmountPatternShape for my weak reasoning about why I chose this name.
  • If we do go with AmountPatternShape for the stated reasons, should the corresponding parameter variables be changed from optAmountShape to optAmountPattern.
  • Whatever the name of the exported pattern, should it be defined as
    • M.pattern()
    • harden({ brand: M.pattern(), value: M.pattern() })
    • harden({ brand: BrandShape, value: M.pattern() })
    • something else

Security Considerations

For almost all of the choices of resolving the above controversies, this PR remains a pure bug fix. All correct code that used to work will continue working the same way, and some correct code that used to incorrectly fail due to this bug will now start working correctly.

The exception would be if we both accepting the renaming of some existing occurrences of M.pattern() to AmountPatternShape/AmountShapeShape, and define this name as a pattern narrower than M.pattern(). In that case, existing (hypothetical) code that, for example, used M.any() in such an argument position would start failing.

Scaling Considerations

None

Documentation Considerations

None

Testing Considerations

#9407 mentions how to reproduce the bug it reports. This PR should add that as a test, to verify that this PR fixes that bug.

Upgrade Considerations

#9402 (comment) and #9402 (comment) explain the upgrade concern that was likely the cause for omitting this fix from #9042

@erights erights self-assigned this May 24, 2024
@erights erights requested review from turadg and dckc May 24, 2024 23:19
@erights erights requested a review from michaelfig May 24, 2024 23:24
Copy link
Member

@dckc dckc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixes the bug, but until we have a plan to upgrade vat-bank, clients have to not depend on any fix. I don't know how to manage that if we merge to master at this time, so I defer to others to approve.

Copy link

cloudflare-workers-and-pages bot commented May 24, 2024

Deploying agoric-sdk with  Cloudflare Pages  Cloudflare Pages

Latest commit: 7f538c6
Status: ✅  Deploy successful!
Preview URL: https://a849a8ff.agoric-sdk.pages.dev
Branch Preview URL: https://markm-amount-shape-shape.agoric-sdk.pages.dev

View logs

@erights erights mentioned this pull request May 24, 2024
Copy link
Member

@turadg turadg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this fix #9407? I see only a refactor creating AmountPatternShape as an alias for M.pattern().

Please include a test showing the behavior that failed before this PR and passes after.

@erights erights requested a review from turadg July 1, 2024 19:08
Copy link
Member

@mhofman mhofman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upgrade Considerations

#9402 (comment) and #9402 (comment) explain the upgrade concern that was likely the cause for omitting this fix from #9042

The comment by @turadg states:

My remaining concern is that if we make this fix and don't ship it for a while then in the meantime people may right code that works in dev but will fail when they get to the production chain (or test in a3p)

I'm not sure in what vat the virtual-purse.js which contains this guard change ends up in, but as long as it is upgraded before any of its consumers that assume the new behavior, we should be ok. Same story for localchain. Landing this change in master affectively requires us to upgrade these vats in the next release. As such, the next upgrade handler should have code to upgrade these vats explicitly (since we do not yet have generic code to upgrade all vats). This PR should introduce that change. Also since this change is somewhat subtle, I'm wondering if we need a code comment for future reviewers of release changes stating the nature of this specific change.

@erights
Copy link
Member Author

erights commented Aug 7, 2024

Originally this PR was supposed to fix #9407 , by relaxing an incorrect rejection into a correct acceptance. But we are not yet ready to deploy such a fix on-chain, due to upgrade constraints, so fixing it in agoric-sdk master would be misleading. It might lead people to write other code that depends on this bug being fixed when tested against agoric-sdk master, only to have that code fail later on-chain when invoking the non-upgraded buggy code.

So we unfixed this PR to restore the buggy behavior, but with a better error message, and refactored to make fixing it again easier. #9863 is that fix. #9863 will remain draft until we are confident we can upgrade the relevant on-chain vat (the vbank) in a timely manner.

@erights erights requested a review from mhofman August 7, 2024 22:54
@erights
Copy link
Member Author

erights commented Aug 7, 2024

@mhofman @turadg see #9410 (comment) for an explanation of a recent change. PTAL.

Attn @JD-Lorax

@erights erights requested a review from Chris-Hibbert August 8, 2024 00:17
Copy link
Member

@mhofman mhofman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed purely on the upgradability aspect, and to match the approach we discussed. I didn't review if the choice of pattern itself is appropriate, nor the test itself.

Regarding the PR itself, from what I understanding this is now effectively a refactor and no longer a fix, right ?

packages/vats/src/virtual-purse.js Show resolved Hide resolved
packages/vats/src/virtual-purse.js Show resolved Hide resolved
packages/vats/test/vpurse.test.js Show resolved Hide resolved
@erights erights requested a review from mhofman August 8, 2024 17:18
@erights
Copy link
Member Author

erights commented Aug 8, 2024

@turadg , you requested changes at #9410 (review) writing:

How does this fix #9407? I see only a refactor creating AmountPatternShape as an alias for M.pattern().

Please include a test showing the behavior that failed before this PR and passes after.

That part is long done. If that remains your only concern and you're satisfied with the answer, could you please clear your requested changes so that I remain blocked only on @mhofman 's concerns? Thanks.

@erights erights changed the title fix(ERTP,vats): AmountPatternShape refactor(ERTP,vats): AmountPatternShape Aug 8, 2024
@erights
Copy link
Member Author

erights commented Aug 8, 2024

Regarding the PR itself, from what I understanding this is now effectively a refactor and no longer a fix, right ?

Good point. Done. PTAL.

@erights erights force-pushed the markm-amount-shape-shape branch from e22fd40 to 7f538c6 Compare August 8, 2024 21:40
@erights erights added the automerge:squash Automatically squash merge label Aug 8, 2024
@mergify mergify bot merged commit 9c9e5cf into master Aug 8, 2024
88 checks passed
@mergify mergify bot deleted the markm-amount-shape-shape branch August 8, 2024 22:12
kriskowal pushed a commit that referenced this pull request Aug 27, 2024
closes: XXX
refs: #9402 (comment) #9402 (comment)  #9407

## Description

#9407 explains that sometimes we used a `.optional(AmountShape)` guard to describe an `optAmountShape` argument.

#9402 (comment) #9402 (comment) discussed ways to fix this that were ultimately omitted from #9402 . This PR provides a form of the fix discussed in those comments. Three remaining controversies I'd like my reviewers to comment on:
- Whether the name of the exported pattern should be `AmountShapeShape` or `AmountPatternShape`. See my doc-comment on `AmountPatternShape` for my weak reasoning about why I chose this name.
- If we do go with `AmountPatternShape` for the stated reasons, should the corresponding parameter variables be changed from `optAmountShape` to `optAmountPattern`.
- Whatever the name of the exported pattern, should it be defined as 
   - `M.pattern()`
   - `harden({ brand: M.pattern(), value: M.pattern() })`
   - `harden({ brand: BrandShape, value: M.pattern() })`
   - something else

### Security Considerations

For almost all of the choices of resolving the above controversies, this PR remains a pure bug fix. All correct code that used to work will continue working the same way, and some correct code that used to incorrectly fail due to this bug will now start working correctly.

The exception would be if we both accepting the renaming of some existing occurrences of `M.pattern()` to `AmountPatternShape`/`AmountShapeShape`, and define this name as a pattern narrower than `M.pattern()`. In that case, existing (hypothetical) code that, for example, used `M.any()` in such an argument position would start failing.

### Scaling Considerations

None
### Documentation Considerations

None
### Testing Considerations

#9407 mentions how to reproduce the bug it reports. This PR should add that as a test, to verify that this PR fixes that bug.
### Upgrade Considerations

#9402 (comment) and #9402 (comment) explain the upgrade concern that was likely the cause for omitting this fix from #9042
mergify bot pushed a commit that referenced this pull request Nov 13, 2024
Staged on #9410 

closes: #9407 
refs: #9410 

## Description

Originally #9410 was supposed to fix #9407 , by relaxing an incorrect rejection into a correct acceptance. But we are not yet ready to deploy such a fix on-chain, due to upgrade constraints, so fixing it in agoric-sdk master would be misleading. It might lead people to write other code that depends on this bug being fixed when tested against agoric-sdk master, only to have that code fail later on-chain when invoking the non-upgraded buggy code.

So we unfixed #9410 to restore the buggy behavior, but with a better error message, and refactored to make fixing it again easier. This PR is that fix. It will remain draft until we are confident we can upgrade the relevant on-chain vat (the vbank) in a timely manner. Nevertheless, though we'll keep it in draft until then as a safety measure, this PR is reviewable. Reviewers, please review it.

### Security Considerations
Fixing a bug is generally good for security. Otherwise, none.

### Scaling Considerations
none

### Documentation Considerations
Would remove the need to document the #9407 buggy behavior

### Testing Considerations
Restores the `test.failing` from #9410 to a `test`.

### Upgrade Considerations
as above.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automerge:squash Automatically squash merge technical-debt
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants