Explicily expose IC specific error codes to canisters

icme · December 17, 2022, 1:04am

Proposal

The errors thrown by canisters on the IC should include the specific error code dictating why the error was thrown in addition to the reject code.

Many of us wanting to build robust systems know there are different reasons why an inter-canister call might fail, and some of our workflows (integrations between canisters) might expect these errors. However, there are some types of errors that canister may expect, and others that canisters will never expect, which should be caught and alerted to the developing team ASAP.

The IC reject codes are too broad and categorical (only 1-6) for canisters to know exactly why a message or process failed, and needing to programmatically parse through the reject text of an error to figure out what happened is not only burdensome, it’s a fragile solution - any updates to the text error message could be considered a breaking change.

Background

On the IC, when canisters make inter-canister calls there’s a chance of these calls failing for one of many reasons.

These reasons, or ErrorCodes can be found here

github.com

dfinity/ic/blob/7919a756d3b2925a9bc5068f1cf50256c57bfbf9/rs/types/error_types/src/lib.rs#L115


      
              }
          }
          
          
/// User-facing error codes.
          ///
          /// The error codes are currently assigned using an HTTP-like
          /// convention: the most significant digit is the corresponding reject
          /// code and the rest is just a sequentially assigned two-digit
          /// number.
          #[derive(Clone, Copy, Debug, PartialEq, EnumIter, Eq, Hash, Serialize, Deserialize)]
          pub enum ErrorCode {
              SubnetOversubscribed = 101,
              MaxNumberOfCanistersReached = 102,
              CanisterOutputQueueFull = 201,
              IngressMessageTimeout = 202,
              CanisterQueueNotEmpty = 203,
              CanisterNotFound = 301,
              CanisterMethodNotFound = 302,
              CanisterAlreadyInstalled = 303,
              CanisterWasmModuleNotFound = 304,
              InsufficientMemoryAllocation = 402,

When an inter-canister call throws an error on the IC, canisters are currently only explicitly exposed to reject codes

github.com

dfinity/ic/blob/7919a756d3b2925a9bc5068f1cf50256c57bfbf9/rs/types/error_types/src/lib.rs#L19


      
              ValueOutOfRange(u64),
          }
          
          
/// Reject codes are integers that canisters should pass to msg.reject
          /// system API calls. These errors are designed for programmatic error
          /// handling, not for end-users. They are also used for classification
          /// of user-facing errors.
          ///
          /// See https://sdk.dfinity.org/docs/interface-spec/index.html#reject-codes
          #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
          pub enum RejectCode {
              SysFatal = 1,
              SysTransient = 2,
              DestinationInvalid = 3,
              CanisterReject = 4,
              CanisterError = 5,
          }
          
          
impl ToString for RejectCode {
              fn to_string(&self) -> String {
                  self.to_str().to_owned()

You also receive different error messages if calling a canister from outside the IC vs. from a canister (on the IC). For example, let’s take the following case calling a canister from outside the IC.

These come with accompanying “reject text” error messages that one has to parse through in order to extract the error code. For example, in the case below parsing the reject text you’ll find a 501.

Error: Call was rejected:
Request ID: 6c6d2f761b741…9866dcd61e900cb
Reject code: 4
Reject text: IC0501: Canister jjmme-aqaaa-aaaai-ab5ya-cai is out of cycles: requested 893853709998 cycles but the available balance is 893857809998 cycles and the freezing threshold 2057103111 cycles

However, if I’m communicating from a canister in Motoko and I catch an Error object, I can call Error.code to get the reject code or call Error.message(error) to get the reject text. That reject text for the same error looks like this:

Canister jjmme-aqaaa-aaaai-ab5ya-cai is out of cycles: requested 893853709998 cycles but the available balance is 893857809998 cycles and the freezing threshold 2057103111 cycles

Another example of the error messages not providing an error code with the reject text. For example, in the case what should be a 512 (CanisterInvalidController) a canister parsing the Error with Error.message(error) will get

Only the controllers of the canister r7inp-6aaaa-aaaaa-aaabq-cai can control it.
Canister's controllers: rwlgt-iiaaa-aaaaa-aaaaa-cai 7ynmh-argba-5k6vi-75frw-kfqpa-3xtca-nmzk3-hrmvb-fydxk-w4a4k-2ae
Sender's ID: rkp4c-7iaaa-aaaaa-aaaca-cai

icme · January 6, 2023, 5:47pm

Tagging @derlerd-dfinity1 @roman-kashitsyn for visibility

roman-kashitsyn · January 7, 2023, 5:43am

Thanks for the proposal, @icme!

I added error codes to the certified tree some time ago (that’s why dfx calls can display them). We also discussed giving canisters access to these codes with @bjoern at the time, but didn’t get to implementing this feature.

My idea was to add new system API that returns the error code as a string if you access it from a reject callback. Something like that:

ic0.msg_reject_error_code_size : () -> i32;
ic0.msg_reject_error_code_copy : (dst: i32) -> ();

In fact, my idea was a bit bolder: I would allow canisters attaching custom error codes to reject responses:

ic0.msg_reject_error_code : (src : i32, len : i32) -> ();

The receiver can distinguish canister error codes from system error codes by looking at the reject code: if it’s CANISTER_REJECT, then the error code can be custom. Otherwise, it’s a system error code.

icme · January 16, 2023, 3:21am

Awesome, just to clarify - in this case I’m assuming that src represents the RejectCode and len represents the ErrorCode - is that correct? As you said, this would then allow the developer to differentiate error codes thrown by CanisterReject vs. CanisterError.

I personally haven’t seen any of reject codes 1-3 yet, so I can’t speak on the error codes that may accompany those classifications of errors.

    SysFatal = 1,
    SysTransient = 2,
    DestinationInvalid = 3,

Roping in @claudio to coordinate this work and the API so that it can easily extend the existing Motoko Error API to include these error codes.

roman-kashitsyn · January 17, 2023, 8:40pm

src represents the memory address from which the replica should copy your error code, and len is the length of this error code. The idea is that a canister should be able to set custom error codes in rejects. For example, the Governance canister could send you “GOV123” and the reject code would still be CanisterReject.

Topic		Replies	Views
Changing some error codes Developers	15	642	March 18, 2024
Call failed. Reject code: "undefined" Developers	7	218	March 19, 2025
How to trigger a CANISTER_REJECT code using ic_cdk::api::call::reject Rust	4	779	June 28, 2022
IC0406 CanisterReject Error on Update Calls When Using inspect_message Rust	2	35	March 4, 2025
Getting Failure on mainnet deployment Rust	5	89	March 18, 2025

Explicily expose IC specific error codes to canisters

Proposal

Background

Related topics