Error identifiers are not sufficiently unique for debugging a distributed system

[kriskowal]

What is the Problem Being Solved?

Following the addition of #2037, we have a means of correlating the causal graph of error locally, but the error identifiers are not robust against collisions across vats.

Description of the Design

We need to thread an identifier for vats to the error cause notes emitted by the marshal layer such that they are sufficiently unique that they can be correlated with reasonable confidence that they will not collide across a distributed system.

In relatively insular systems, it may be sufficient for the causal trace to use the memorable name of a vat for this unique identifier. For a distributed system, this will likely need to be an arbitrary human readable name like “Alice M. X-Ray” chosen consistently based on some number of parameters including the public key of a node or an endo, for example.

Security Considerations

Distributed debuggers stand in a position of extraordinary privilege, being privy to the stacks of every node on the system that elects to emit them. Such systems might elide platform frames from the stacks they emit.

Test Plan

To test this will require a scaffold that orchestrates multiple vats and collates the causal error graph.

[erights]

Turns out the problem with #2076 is that I never ported #2037 + #2044 from the hackathon branch back to master. I'm adding myself as an assignee to this bug as get some crude form of #2037 + #2044 working in order to address #2076 . As for this bug, I don't expect to solve it in this next effort.

[erights]

#2082 helped, but does not close this. Reopening.

[erights]

See #2479

[erights]

Closing in favor of #2780