lightning: don't require Unpin futures for OnionMessenger process events
#3722
Conversation
|
I've assigned @joostjager as a reviewer! |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3722 +/- ##
==========================================
- Coverage 89.10% 89.07% -0.03%
==========================================
Files 156 156
Lines 123431 123451 +20
Branches 123431 123451 +20
==========================================
- Hits 109985 109970 -15
- Misses 10760 10788 +28
- Partials 2686 2693 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| #![cfg_attr(not(any(test, fuzzing, feature = "_test_utils")), deny(missing_docs))] | ||
| #![cfg_attr(not(any(test, feature = "_test_utils")), forbid(unsafe_code))] | ||
| #![cfg_attr(not(any(test, feature = "_test_utils")), deny(unsafe_code))] |
There was a problem hiding this comment.
I'm really not convinced we want to go down this path. Could you expand on why boxing the event handler futures is that painful to you that it warrants these rewrites using unsafe code that introduces additional complexity and assumptions?
There was a problem hiding this comment.
- It would fix an irritating API inconsistency, where some
process_events_asyncrequireUnpinand some don't. - The
unsafecode is relatively low risk and self-contained. I've been using thefuturescrate (which this impl is taken from) for years and never had an issue. It has 13M+ dl's on crates.io, etc.
There was a problem hiding this comment.
- It would fix an irritating API inconsistency, where some
process_events_asyncrequireUnpinand some don't.
Hmm, okay, so this is just about an API inconsistency? What is the impact it has on your code in practice?
- The
unsafecode is relatively low risk and self-contained. I've been using thefuturescrate (which this impl is taken from) for years and never had an issue. It has 13M+ dl's on crates.io, etc.
Well, there are good reasons why avoid/forbade unsafe code. IIRC, you historically used to complain about the existence about some unsafe code in lightning-net-tokio, so what changed your opinion on the topic?
There was a problem hiding this comment.
Well, there are good reasons why avoid/forbade unsafe code. IIRC, you historically used to complain about the existence about some unsafe code in lightning-net-tokio, so what changed your opinion on the topic?
100% and definitely a fair callout 😅. I guess I just trust the futures-rs impl that's run for however many billion CPU hours w/o issue to be functionally safe at this point.
Hmm, okay, so this is just about an API inconsistency? What is the impact it has on your code in practice?
Well it would have required me to box some of the handler futures but not others, which was mildly annoying and probably a very minor perf hit.
Anyway, I found a much simpler approach that doesn't require handling the OnionMessenger events async, so I don't actually need this anymore. I'll close the PR -- and thanks again for the review!
3 participants
Hit this today while impl'ing onion message forwarding to offline peers in our LSP.
Both
ChannelManagerandChainMonitoronly require the handler passed toprocess_pending_events_asyncto return aFuture. However,OnionMessengerrequires aFuture + Unpin, which means I have to individually box each handler future :(This PR enables
OnionMessengerto accept anyFutureby enablingMultiResultFuturePollerto accept anyFuture.Sadly
Pinergonomics are awful in stable Rust, so this requires a fewunsafeinvocations to do standard pin-projection. The impl is effectively the same as the one in the standardfuturescrate (see:futures::future::join_all) which doesn't appear to have had any safety issues over the last few years.