Move short_to_chan_info into standalone lock

[ViktorTigerstrom]

Based on #1638 and a prerequisite for #1507.

As the channel_state (ChannelHolder) struct will be removed, this commit moves the short_to_chan_info map from that lock into a separate lock, and cleans up a few macros that can be cleaned up due to moving it into a separate lock.

[ViktorTigerstrom]

Would have preferred to place this cleanup in the final commit, but keeping them in the first commit messed up the macro. I hope that's ok.

[ViktorTigerstrom]

Realized I need to go through this closer another time, as the current consistency guarantees ensures that the channel is guaranteed to exist in the by_id map if also existing in the short_to_chan_info map while the channel_state lock is taken. Just need to ensure that we aren't unwrapping the result from getting the channel in the by_id map when using an id from the short_to_chan_info map, if the channel_state map isn't taken while the id is retrieved from short_to_chan_info map.

While open the pull request when I've checked this further.

[ViktorTigerstrom]

Added a fixup commit that ensures that the consistency guarantees that any channel_id in the short_to_chan_info map is guaranteed exist as a key in the channel_state::by_id map.

Also rebased this on main, now that the blocking PR has been merged.

[TheBlueMatt]

Sure, but there's also no reason to hold both locks at the same time here - just do self.id_to_peer.lock().unwrap().remove(&$channel.channel_id()); all in one statement at the top and then you don't have to worry about it :).

[ViktorTigerstrom]

Fixed with 1891450

[TheBlueMatt]

Hmm, I mean while this patch may be fine, I'd kinda prefer if we just not have guarantees to begin with - is there a reason we need to have these guarantees, or can we just not guarantee anything and handle the None case in the by_id lookups when we fetch from this?

[ViktorTigerstrom]

Ok sure I'll change to that instead :)! I did it this way mostly just to make this PR not change the current consistency guarantees, but if we're ok with changing that, I see no reason why we can't do what you suggest.

[TheBlueMatt]

Yea, I mean the nice thing about this PR is its relatively small-ish, and aside from argument changes, is quite reviewable, so its totally find to slip in a change like that here, as it can also make future things easier to review. Plus it seems like a more robust design anyway.

[ViktorTigerstrom]

Fixed with 919ec65

[ViktorTigerstrom]

Thanks for the review @TheBlueMatt! I've addressed your feedback with the latest pushed commits. Unfortunately I had to rebase to drop the patch I made before, but I rebased on the same HEAD as before.

[ViktorTigerstrom]

Not super happy about this macro, and would prefer to break it out into a separate function due to the added complexity. But I figured process_pending_htlc_forwards was probably kept large with macros for efficacy reasons, so opted for the new macro instead. Let me know if my assumptions are wrong, and you'd prefer to break this out :)

[dunxen]

I'm not sure here, I just know that nested macros are not fun to debug 🙈

[ViktorTigerstrom]

Yeah definitely agree 😬...

[TheBlueMatt]

You need to check that the channel is available now, too. And while we're at it, let's check that the channel isn't shutting down.

[ViktorTigerstrom]

Oh yeah good catch! Fixed with 1f01103

[TheBlueMatt]

Suggested change

	Some((_cp_id, _chan_id)) => continue,
	Some(_) => continue,

[TheBlueMatt]

lol let's not take a lock just for the capacity here, just use the by_id map instead, its close enough.

[ViktorTigerstrom]

Thanks! Addressed the latest feedback with 1f01103 :)

[TheBlueMatt]

Basically there, I think.

[TheBlueMatt]

Given there's no consistency requirements anymore, you can move the channel_state lock down below the short_to_chan_info lock.

[ViktorTigerstrom]

Fixed with 41d275d

[codecov-commenter]

Codecov Report

Base: 90.79% // Head: 90.83% // Increases project coverage by +0.04% 🎉

Coverage data is based on head (9e341c8) compared to base (8f525c4).
Patch coverage: 73.79% of modified lines in pull request are covered.

❗ Current head 9e341c8 differs from pull request most recent head 07664c2. Consider uploading reports for the commit 07664c2 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1639      +/-   ##
==========================================
+ Coverage   90.79%   90.83%   +0.04%     
==========================================
  Files          87       86       -1     
  Lines       47604    46422    -1182     
  Branches    47604    46422    -1182     
==========================================
- Hits        43221    42168    -1053     
+ Misses       4383     4254     -129     

Impacted Files	Coverage Δ
lightning/src/ln/channelmanager.rs	84.93% <73.36%> (-0.48%)	⬇️
lightning/src/ln/reorg_tests.rs	100.00% <100.00%> (ø)
lightning/src/util/wakers.rs	86.70% <0.00%> (-4.86%)	⬇️
lightning/src/onion_message/packet.rs	72.52% <0.00%> (-3.51%)	⬇️
lightning/src/util/errors.rs	70.37% <0.00%> (-1.86%)	⬇️
lightning/src/chain/onchaintx.rs	93.79% <0.00%> (-1.22%)	⬇️
lightning/src/routing/gossip.rs	91.43% <0.00%> (-1.08%)	⬇️
lightning/src/onion_message/messenger.rs	89.50% <0.00%> (-1.03%)	⬇️
lightning/src/routing/scoring.rs	96.14% <0.00%> (-0.76%)	⬇️
... and 49 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[dunxen]

Generally looks good to me. I'll try to give it another pass today, but not 100% confident with pending forwards yet :)

[dunxen]

I'm not sure here, I just know that nested macros are not fun to debug 🙈

[valentinewallace]

Looks like we should move this above the let payment_entry = ... line above, otherwise short_to_chan_info lock order also depends on pending_outbound_payments

[ViktorTigerstrom]

Oh yes, good catch! Thanks :)

Fixed with 569f172

[valentinewallace]

I think we should change this to just get the block height within a scope for use below. Otherwise a dependency between best_block and short_to_chan_info is introduced

[ViktorTigerstrom]

Thanks :)

Fixed with 82b2138

[valentinewallace]

Think you can get rid of the macro with something like:

Suggested change

	macro_rules! fail_pending_forwards {
	() => {
	let forward_chan_id_opt = match self.short_to_chan_info.read().unwrap().get(&short_chan_id)
	.map(|(_cp_id, chan_id)| chan_id.clone());
	if forward_chan_id_opt.is_none() || !channel_state.by_id.contains_key(forward_chan_id_opt.unwrap()) {

but I haven't actually completed this patch myself

[ViktorTigerstrom]

Oh, thanks for the suggestion :)!

That change would indeed work when only taking this PR into account. Sadly though, that change would not help when taking #1507 into consideration as well, which I'd like this PR to prepare for. 1507 is quite huge, so I'd like to do as many changes as possible within this PR, to make 1507 as reviewable as possible.

In 1507, we will lock the new channel lock in this scope by using the info retrieved from short_to_chan_info (The counterparty_node_id and the channel_id). Therefore we wouldn't be able to check that both short_to_chan_info contained a value for the scid and check that the new channel lock contains the channel for the unwrapped short_to_chan_info info in the same if clause, unless we'd take the new channel lock temporarily just for the contains check. Though by taking the channel lock temporarily, we would still need the Vaccant check below for the channel lock , hence requiring the second call site for the code in fail_pending_forwards :/

[valentinewallace]

Ah okay, worth a shot!

[valentinewallace]

I think the fixups may be out of order? Correct me if I'm wrong, but it helps me when a fixup is next to the commit it's fixing up

[ViktorTigerstrom]

Thank you for the reviews @valentinewallace and @dunxen :)!

Sorry for taking so long to address the feedback, I've been traveling.

I think the fixups may be out of order? Correct me if I'm wrong, but it helps me when a fixup is next to the commit it's fixing up

Oh yes, you are correct. Thanks for informing me about that it helps in the review process to move up the fixup commits to the correct order. I was incorrectly under the impression that it was less confusing to not move them, but now I know better :). I'll move them up from now on.

[TheBlueMatt]

Looks like this needs rebase now :/

[ViktorTigerstrom]

Rebased on upstream without changes except fixing minor merge conflicts.

[TheBlueMatt]

nit: why not keep the line as-is previously vs assigning the mutexguard? Then you can drop the scope (as temporaries are drop'd automatically at the ;).

[ViktorTigerstrom]

Good question 😅
Fixed with: e47fc06

[valentinewallace]

Good question 😅 Fixed with: e47fc06

Hmm did this fix end up getting dropped?

[ViktorTigerstrom]

Yeah I moved this change to the follow-up PR #1795. It's getting a bit unnecessary with a separate PR for the follow-ups now that I'm already doing some small fixes in this PR hah, so I will close that PR and bring the fixups into this PR.

[valentinewallace]

Understood, since this is basically mergeable I support keeping this fix in followup! But up to you

[ViktorTigerstrom]

Sorry missed this until I had already pushed the followups with this PR yesterday. Hope that's ok :)

[TheBlueMatt]

This should be above the channel_state lock, no?

[ViktorTigerstrom]

Yeah sure :)! Sadly we're already holding the channel_state when taking the short_to_chan_info lock in multiple other places, but might as well fix that here.

e2a0fc8

[TheBlueMatt]

Same here?

[ViktorTigerstrom]

e2a0fc8

[ariard]

Should short_to_chan_info comment be updated in consequence "Locked after channel_state" ?

[ViktorTigerstrom]

Unfortunately we can't remove the lock order requirement for short_to_chan_info to be locked after the channel_state lock with this PR, as it's still required in multiple other places in the code, but with #1507 we'll be able to remove that lock order however :).
I think that this order change here and above mainly a preparation for that PR, and is ok here since we only take the short_to_chan_info lock temporarily and drop it before taking the channel_state lock.

I agree though that this is a bit confusing, and if you'd like, I could remove this temporary order change.

[TheBlueMatt]

Even with the order, if this hunk were moved above the channel_lock it would be fine - because we take the read lock and then copy out of it the read lock is dropped at the semicolon after the match, which means no lock order would be implied. Not a big deal, though, its fine to leave it for now, just nice to avoid holding both locks at the same time if we can avoid it.

[ViktorTigerstrom]

Yes, agree. Once #1772 is merged as well, I'll look into if it makes sense to already change the lock order so that short_to_chan_info and id_to_peer is before the channel_state, as it would be nice to make #1507 less complicated.

[ViktorTigerstrom]

Addressed the latest feedback, and restricted the access for the short_to_chain_info field!

[ariard]

Looks good, first parse

[ariard]

Should short_to_chan_info comment be updated in consequence "Locked after channel_state" ?

[ariard]

Note, error message could be "No channel found with first-hop", historically ChannelUnavailable has been used to flag a channel !is.live(), e.g when the monitor is not ready. I think it's more accurate to indicate non-availability in a way different than non-presence.

[ViktorTigerstrom]

Ah ok, I didn't know this, so thanks for informing me! Is it mainly the error message that we'd like to change, or would we like to create a new APIError variant as well?

[ariard]

Could recall the lack of consistency between short_to_chan_info and by_id, what we hit afaiu. Or move this indication as a general comment of short_to_chan_info.

[ViktorTigerstrom]

Hmm I'm not sure if you mean that we'd like to change the error message here to indicate to the user the lack between the short_to_chan_info and the by_id maps, or if you mean that we should just add a code comment here to indicate it. I don't think we should change the message to surface the reason for the problem to the user, as neither the short_to_chan_info nor the by_id map are public to the user, and it would therefore make no sense to refer to them in the message.

I'll add a code comment here to note why this was triggered :). See: a8b9fd0

[ariard]

Note, I think of the phantom invoices handling logic is actually in this branch (L3168-3193), so I'm not sure about qualifying it as "fail_pending_forwards" as in some case we might fetch the phantom payment.

Not necessarily in that PR, but I think it could be interesting to break up process_pending_htlc_forwards in few smaller helpers, especially as here we're starting to reuse some code paths.

[ViktorTigerstrom]

Ah good point! Perhaps we'd like to name the macro to something else than fail_pending_forwards then? I'll rename it to forwarding_channel_not_found temporarily, but if you have a better suggestion let me know :).

I also agree that process_pending_htlc_forwards is starting to get very long and complicated, and would be nice to brake up if possible. Adding this macro also makes everything more complicated and harder to debug.

Name changed with: c95961e

[ariard]

Still confused here by the what is the correct lock order between short_to_chan_info and channel_state one L5895

[ViktorTigerstrom]

See #1639 (comment)

[TheBlueMatt]

This LGTM. Please squash and lets land it!

[TheBlueMatt]

nit: Can we scope this lock (or the macro, by adding extra {}s in the macro)? I'm not sure its required but I also don't really understand the rules for drop when leaving a macro.

[ViktorTigerstrom]

Fixed with the latest push. I didn't push in a separate fixup commit, hope that's ok!

[TheBlueMatt]

Even with the order, if this hunk were moved above the channel_lock it would be fine - because we take the read lock and then copy out of it the read lock is dropped at the semicolon after the match, which means no lock order would be implied. Not a big deal, though, its fine to leave it for now, just nice to avoid holding both locks at the same time if we can avoid it.

[ViktorTigerstrom]

Squashed and addressed latest feedback :)!

[valentinewallace]

LGTM, feel free to take or leave nits

[valentinewallace]

Good question 😅 Fixed with: e47fc06

Hmm did this fix end up getting dropped?

[ViktorTigerstrom]

Thanks @dunxen & @valentinewallace.
Will address the nits and move the follow-ups from #1795 into this PR

[ViktorTigerstrom]

Addressed the latest feedback, and also brought in the followups from #1795 into this PR (ie. scope fix for update_maps_on_chan_removal, as well as locking short_to_chan_info temporarily before locking channel_state in 2 occasions as a preparation for moving the lock_order for short_to_chain_info to before the channel_state lock).

I fixed up these changes into the corresponding commit already as they were minor. I hope that's ok :)

[valentinewallace]

LGTM after rebase

[ViktorTigerstrom]

Rebased on main. The only changes were merge conflict fixes 🚀!

[TheBlueMatt]

Grrrrr, I'm sorry, this was dumb #1639 (comment) . We should not be checking is_usable on a channel before claiming, especially not if its shutting down - a channel shutting down is still able to clear HTLCs, and in fact we want to clear the HTLCs on it by claiming, that way it can actually progress to mutual shutdown from simply being "in shutdown". Feel free to just remove that and squash and push. I'm ready to ack after that, I believe.

I think what i was thinking is we should check if the peer is online before claiming, which, like, maybe, but its not critical, and we'd need to check specifically only for if they're connected.

[ViktorTigerstrom]

Removed the is_usable check and squashed

[ViktorTigerstrom]

Sorry, reverted once more to just remove the is_usable check and not the existence check 😅