Reconstruct ChannelManager forwarded HTLCs maps from Channels

[valentinewallace]

We have an overarching goal of (mostly) getting rid of ChannelManager persistence and rebuilding the ChannelManager's state from existing ChannelMonitors, due to issues when the two structs are out-of-sync on restart. The main issue that can arise is channel force closure.

Here we start this process by rebuilding ChannelManager::decode_update_add_htlcs, forward_htlcs, and pending_intercepted_htlcs from the Channels, which will soon be included in the ChannelMonitors as part of #4218.

• test upgrading from a manager containing pending HTLC forwards that was serialized on <= LDK 0.2, i.e. where Channels will not contain committed update_add_htlcs
• currently, no tests fail when we force using the new rebuilt decode_update_add_htlcs map and ignoring the legacy maps. This may indicate missing test coverage, since in theory we need to re-forward these HTLCs sometimes so they go back in the forward_htlcs map for processing
• only use the old legacy maps if the manager and its channels were last serialized on <= 0.2. Currently this is not guaranteed

[ldk-reviews-bot]

👋 Hi! I see this is a draft PR.
I'll wait to assign reviewers until you mark it as ready for review.
Just convert it out of draft status when you're ready for review!

[codecov]

Codecov Report

❌ Patch coverage is 94.81865% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.36%. Comparing base (6d9c676) to head (1e86521).

Files with missing lines	Patch %	Lines
lightning/src/ln/channel.rs	86.66%	5 Missing and 1 partial ⚠️
lightning/src/ln/channelmanager.rs	96.59%	1 Missing and 2 partials ⚠️
lightning/src/ln/reload_tests.rs	98.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4227      +/-   ##
==========================================
+ Coverage   89.32%   89.36%   +0.03%     
==========================================
  Files         180      180              
  Lines      138641   138796     +155     
  Branches   138641   138796     +155     
==========================================
+ Hits       123844   124031     +187     
+ Misses      12174    12142      -32     
  Partials     2623     2623              

Flag	Coverage Δ
fuzzing	35.97% <36.36%> (+<0.01%)	⬆️
tests	88.72% <94.81%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[valentinewallace]

TODO comment here

[valentinewallace]

@joostjager helped me realize this may be way overcomplicated, essentially all tests pass on main when we simply read-and-discard the pending forwards maps. It's a bit suspicious though that all tests pass so it seems like additional test coverage could be useful.

Nvm, our test coverage for reload of these maps is just pretty incomplete.

[valentinewallace]

Updated with new testing and a few tweaks: diff

Will rebase next

[joostjager]

Did an initial review pass. Even though the change is pretty contained, I still found it difficult to fully follow what's happening.

Overall I think comments are very much on the light side in LDK, and the code areas touched in this PR are no exception in my opinion. Maybe, now that you've invested the time to build understanding, you can liberally sprinkle comments on your changes and nearby code?

[joostjager]

Now that you touch this, maybe add some comments on the Committed state and the update_add_htlc_opt field.

[joostjager]

I think this can be left out completely because we already swapping this state into the htlc?

[joostjager]

Why is it unreachable?

[joostjager]

Could add a comment here explaining why we store the messages?

[joostjager]

Is it ok to never populate update_add_htlc_opt in the tests in this commit, if that isn't supposed to happen in prod?

[joostjager]

Can't this be a vec of refs? Probably using it and want to avoid the clone later?

[joostjager]

Can the rename be extracted in a commit?

[joostjager]

I understand why you put this code here, but it feels like a heavy side effect of determining whether the chan is closed. Also the comment above this loop is mentioning actions required for closed channels.

[joostjager]

Or maybe all the legacy renames together can go in one preparatory commit

[joostjager]

Seems safer to be explicit

[valentinewallace]

I think being explicit may not work either because IIUC we need to handle the case where some of the deserialized Channels have the new update_add_htlc_opt field set and some don't. I think this can happen if we restart with a channel_a with Committed { update_add: None } HTLCs, then add some Committed { update_add: Some(..) } HTLCs to channel_b, then shut down before processing the Committed { update_add: None } HTLCs on channel_a.

[joostjager]

I see what you mean. But maybe it can be explicit on the channel level?

[joostjager]

What would happen again without the changes in this PR? I assume the htlc wouldn't be forwarded here, but would it be failed back instead?

[valentinewallace]

You mean if we did the 3-line fix discussed offline? I don't think so, because the manager will only fail HTLCs that it knows about. I think we just wouldn't handle the HTLC and the channel would FC.

[joostjager]

Yes indeed, if we just discard the forward htlcs. I thought there was still some inbound htlc timer somewhere, but I guess not then?