Due to asynchronicity, Ford can receive responses from Clay to requests
that it has already attempted to cancel. This removes some overzealous
assertions that this wouldn't happen.
@ixv recently uncovered a bug (#2180) in Ford that caused certain
rebuilds to crash. @Fang- and I believe this change should fix the bug,
and we have confirmed that the reproduction that used to fail about two
thirds of the time now has not failed at all in the ten or so times
we've run it since then. @Fang- is still running more tests to confirm
the fix with more certainty.
It turned out the cause was that (depending on the rebuild order, which
is unspecified and should not need to be specified), Ford could enqueue
a provisional sub-build to be run but then, later in the same +gather
call, discover that the sub-build was in fact an orphan and delete it
from builds.state accordingly. Then when Ford tried to run the
sub-build, it would have already been deleted from the state, so Ford
would crash when trying to process its result in +reduce.
The fix was to make sure that when we discover a provisional sub-build
is orphaned, dequeue it from candidate-builds and next-builds to make
sure we don't try to run it. I'm about 95% sure this fix completely
solves the bug.
Uses Zuse's previously unused +harden helper function to streamline
+task unwrapping in vanes.
(Arguably, in landlocked vanes like Ford, we should crash if we get a
%soft task, since no events should be coming in directly from the
outside.)
There was a typo in the routing logic that was comparing equality
against a value where it should have been doing a pattern match. The
value compared against contained the literal * gate, which would never
match route.peer-state, so this condition was always true, meaning the
fix that had added this extra condition (5406f06) did not actually
change the behavior from what it been previously.
If we receive the naxplanation before the nack, the assertion in the gte
direction fails. The intent of the assertion is to make sure top of the
live queue never falls behind current.state, so it was simply in the
wrong direction.
Instead of providing a (unit path), allows for (list path), which better
supports the "update to path and subpath cases".
For example, if /things wants updates about everything, and
/things/specific wants updates about the specific thing, they'll both
need to receive a %fact when the specific thing changes.
Previously, these would have been two separate moves. Now, gall handles
the multi-targeting for you.
Previously, it would always produce ~, regardless of the path asked
about.
Now, it produces a loobean, based on whether or not a file exists at the
specified path.
This fixes +put:in so that it works without the correct jet. There's a
mismatch where the hoon code is wrong and the jet is correct, so that
when we try to run this on alternate interpreters which may not have the
+in jets, things won't work.
%leave over the network didn't work because we included the message type
in the wire from gall, so the duct for the initial %watch and the %leave
were different. We need to know the message type so we can route the
acknowledgment as %poke-ack, %watch-ack, or no-op.
This moves this piece of information to a piece of state, where we queue
up the message types per [duct wire]. Ames guarantees that
acknowledgments will come in order.
This also includes an easy state adapter. The more interesting part of
the upgrade is that we likely have outstanding subscriptions with the
old wire format. The disadvantage of storing information in wires is
that it can't be upgraded in +load. So, here we listen for updates on
the old wire format, and when we get them we kill the old subscription,
so that it will be recreated with the new wire format.
As an aside, this is a good example of what we mean when we say
subscriptions may be killed at any time, so apps must handle this case.
Finally, this fixes the "attributing" ship to ~zod for agent requests.
This information was ignored for agent requests, but including it causes
spurious duct mismatches.
This is why basically all packets are going through the galaxies right
now. Most of the time, the flow right now is:
* talking to ~dopzod but don't know where it is, so ask ~zod to forward,
which it does
* ~dopzod responds both directly (on the origin lane) and through ~zod
* (if NAT, the direct response doesn't get back, but the one through
~zod does. Then you respond directly to ~dopzod because their lane
piggybacked on the response. ~dopzod responds both directly and
through ~zod, and the story picks up the same as if you weren't behind a
NAT)
* now you have a direct lane to ~dopzod, so all is well.
* now the duplicate response from ~dopzod through ~zod comes in (takes a
little longer because it's bouncing off ~zod), resetting your lane to
"provisional"
* since your lane is provisional, you send your next packet both
directly and through ~zod
* GOTO 2
This change says "if I already have a direct lane, don't overwrite it
with a provisional one". This way, the only way the direct lane can be
overwritten is if they stop responding on it (cleared on "not
responding; still trying").
I also added |- to +send-blob to make |ames-verb %rot less confusing.
The old version of ping hung when your sponsor breached while you had an
outstanding poke. I believe it would do the same if your sponsor
changed and the old sponsor didn't respond to you.
This explicitly subscribes to Jael for updates to our sponsorship tree,
and kicks the pings of any ships that change rift and any changed
sponsors.
Compare +mute and +mule. Those pass through scry, which doesn't allow us to
catch crashes due to blocking scry. If you intercept scry, you can't preserve
the type polymorphically. By monomorphizing, we are able to do so safely.
Compare +mute and +mule. Those pass through scry, which doesn't allow us to
catch crashes due to blocking scry. If you intercept scry, you can't preserve
the type polymorphically. By monomorphizing, we are able to do so safely.
This broke when %kick was handled by resubscribing on your own ship
because it processed the %kick before the %leave. For example, `@t`404
at the dojo would put the dojo in an unworkable state.
You want the %leave to be processed first because you can't do a
"resubscribe" in response to that.
Immediately useful for implemeting json `@rd` parsing, which is basically
`++royl-rd` minus pfix sig. The increased separation also allows for running
stuff like `(rash '3.22e-47' royl-rn:so)` from the dojo.
Returns the target %zuse contract configuration to mainnet, and also
tweaks the 'arvo-ropsten' build to use %alef instead of %ames.
Also fixes a merge conflict artifact in nix/ops/default.nix.
For some reason Jael subscriptions aren't starting properly for many
people. Until we can get to the bottom of it, this sets everyone to
start listening directly to the chain.
This extends `gol` "backward-inference" typechecking to thread through
cores. Recall that `gol` is used exclusively for receiving more
specific error messages; these changes should have no effect on programs
which already compile successfully.
Before, this would type-fail on the second `|%`.
```
!:
^+ ^?
|%
++ foo *@ud
--
|%
++ foo
?: =(1 1)
2
%foo
--
```
With these changes, it gives a mint-nice at `%foo`. It will also give
you explicit errors if you have the wrong number/names of arms,
including which arms it expects.
This is becoming much more important with static gall, since it's the
first time we've used core subtyping so extensively and in userspace.
This extends `gol` "backward-inference" typechecking to thread through cores. Recall that `gol` is used exclusively for receiving more specific error messages; these changes should have no effect on programs which already compile successfully.
Before, this would type-fail on the second `|%`.
```
!:
^+ ^?
|%
++ foo *@ud
--
|%
++ foo
?: =(1 1)
2
%foo
--
```
With these changes, it gives a mint-nice at `%foo`. It will also give you explicit errors if you have the wrong number/names of arms, including which arms it expects.
This is becoming much more important with static gall, since it's the first time we've used core subtyping so extensively and in userspace.
We were updating our state and then using that when checking if the rift
had incremented. This would never be true, since we'd already set the
new state.
Fixes#1852 again
* eth-watcher-2: (21 commits)
eth: move existing chain requests into ethio
eth-watcher: refactor refresh rate to top of file
hook: add pool-group-hook for making invite groups
ethio: add +read-contract for chain state reading
zuse: add delegated-sending address
eth: move eth-watcher's request-rpc into ethio lib
gaze: make compile for latest eth-watcher
drum: start eth-watcher on boot
azimuth-tracker: remove deprecated generator
eth: implement azimuth-tracker using eth-watcher
eth-watcher: ensure logs always sent oldest-first
eth-watcher: allow peers to unconfigured watchdogs
eth-watcher: saner %watch behavior
eth-watcher: implement %clear poke
eth-watcher: store logs in state to implement peer
eth-watcher: move types into /sur file
eth-watcher: properly tag out-peer-data
eth-watcher: single update timer loop
eth-watcher: implement /block peek
eth: turn azimuth-tracker into eth-watcher
...
Signed-off-by: Jared Tobin <jared@tlon.io>
Until now, clients of Jael have had to store the first-seen rift if they
want to reliably detect breaches. Otherwise, they would get a false
positive if they heard an old message about a breach (eg if you kick
azimuth-tracker). Clay and Gall did this correctly, but Ames did not.
Jael already maintains this state, so I added a notification to the
existing subscription that happens whenever it notices a breach (a diff
or full where the new rift is greater than the old one).
Because this is an issue on the live network, I wrote state adapters
for Gall and Clay. The Gall one just removes the rift from our state,
but the Clay one is much more involved because we have to upgrade
instances of the clad monad that are possibly in progress.
Specifically, since more input is possible than before, we must wrap any
in-progress instances of the monad in a function that handles the
potential new input from Jael. This temporarily preservers a copy of
the old kernel, but only until the current commit/merge/update has
completed.
The real solution for Clay is to factor out those IO-heavy instances to
userspace tapp/async/imp/threads, and if an upgrade happens in the
middle, you should simply restart them.
Fixes#1852
fc7901d2 refactored much of +ap-peek, but introduced a bug in the
process. The relevant diff from that commit is as follows:
- =/ =path [ren tyl]
- =/ =vase !>((slag p.u.cug path))
- (ap-slam q.u.cug p.arm vase)
+ =/ index p.u.maybe-arm
+ =/ term q.u.maybe-arm
+ =/ =vase
+ =/ =path [term tyl]
+ =/ raw (slag index path)
+ !> raw
+ (ap-slam term p.arm vase)
Note that [ren tyl] was replaced with [term tyl], where 'term' and 'ren'
are not equal. This commit merely rights that wrong.
* algorithm-tests:
pills: update solid
tests: unit tests for +in (set)
tests: unit tests for +to (queue)
tests: unit tests for +by (map)
tests: unit tests for +differ (diff/merge)
hoon: fix for +uno/uni (#1779) set/map union
hoon: fix for +apt:to (#1778) queue correctness
Signed-off-by: Jared Tobin <jared@tlon.io>
The ivory pill had not been rolled after the last changes to zuse,
meaning that you could no longer boot a ship. Also fixes .gitignore
so as to not hide old build artifacts which could interfere with
picking up changes to the ivory pill.
%gall currently prints
[%gall-booting <app> p=<ship> q=<desk>]
whenever it receives a %conf (i.e., when it boots an app). This turns
up in many of the places the old, less-informative '%mo-not-running'
printf did, but it's of similarly little use, and mainly serves to
create redundant line noise. This commit just removes it.
* reclamation:
solid pill
arvo: wires up %trim memory-pressure event stubs
u3: wires up the %trim event in the daemon
u3: adds %trim memory-pressure notification "effect"
u3: tweaks |mass output (and fixes inadvertent truncation)
u3: refactors periodic memory reclamation
u3: factors out u3a_idle() to measure free-lists in a road
u3: adds and uses u3a_full/heap/temp road macros
u3: cleans up whitespace, removes dead code in allocator
* barbus:
hoon: removed unused parser type
hoon: remove extraneous cast
hoon: removed barhax. No hax!
hoon: replace barhax with barbus
hoon: changed barbus to match barhax
hoon: replaced barbus usage with barhax
hoon: add parsing for barhax
hoon: added barhax to replace barbus
hoon: update tall parsing for |$
hoon: replace +* name usage with ++ name |$
hoon: add parsing rules for |$
hoon: add ast for |$
Enables .^ in +mule (statically-typed virtualization), by specifying a
scry-handler function that punts the namespace read to a higher
virtualization layer via virtual-nock (mock) 12.
This check required the new type of +type to nest within the old type of
+type, which is wrong. Specifically, this disallowed adding new runes
without a staging procedure (which we didn't successfully complete).
* jt-gall-refactor: (76 commits)
gall: fix issue id in comment
pills: update solid
gall: handle foreign coup success
gall: only print peek bad result if bad
gall: add basic test harness
pills: update solid, brass, ivory
gall: fix obvious nest-failing tisdot
gall: change '-state' to '-core' for +mo and +ap
zuse, gall: deprecate 'club'
zuse, gall, eyre: deprecate 'cush'
zuse, gall, eyre, dojo: deprecate 'cuft'
gall: remove slam-related printfs
gall: remove deprecated 'mak' from 'agents'
gall: use less vertical spacing throughout
gall: add comment re: unpopulated wex
gall: use less vertical separation when wuthepping
gall: fix whitespace
gall: don't define 'move' as a pair
gall: don't give faces to tags
gall: gut some unused stuff
...