Emit SplicePending and SpliceFailed events

[jkczyz]

When a splice has been negotiated, it remains pending until the funding transaction has been confirmed and locked by both sides. Emit an Event::SplicePending when it reaches this state. At this point, the inputs used for the splice cannot be reused except for an RBF attempt. Once the splice is locked, an Event::DiscardFunding will be emitted for any unsuccessful candidates.

Similarly, a splice may fail before a splice has finished negotiation for various reasons. Emit an Event::SpliceFailed in these cases so the user may reuse the inputs.

[ldk-reviews-bot]

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[jkczyz]

Looking for high-level feedback on the approach and if all scenarios were covered. Specifically, is SpliceFailed sufficient to let a user know if an input can be reused? Seems for an RBF attempt they could have used an input that was used by a previous attempt that has had a SplicePending emitted. So it could be reused for another RBF attempt, IIUC, but not for splicing another channel, for instance.

[codecov]

Codecov Report

❌ Patch coverage is 77.72228% with 223 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.77%. Comparing base (eeb5b14) to head (957b742).

Files with missing lines	Patch %	Lines
lightning/src/ln/channelmanager.rs	66.76%	101 Missing and 15 partials ⚠️
lightning/src/ln/channel.rs	70.26%	78 Missing and 2 partials ⚠️
lightning/src/ln/interactivetxs.rs	72.72%	11 Missing and 1 partial ⚠️
lightning/src/ln/functional_test_utils.rs	78.78%	7 Missing ⚠️
lightning/src/events/mod.rs	90.00%	0 Missing and 4 partials ⚠️
lightning/src/ln/splicing_tests.rs	98.45%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4077      +/-   ##
==========================================
+ Coverage   88.73%   88.77%   +0.03%     
==========================================
  Files         180      180              
  Lines      135622   136350     +728     
  Branches   135622   136350     +728     
==========================================
+ Hits       120346   121045     +699     
+ Misses      12505    12502       -3     
- Partials     2771     2803      +32     

Flag	Coverage Δ
fuzzing	21.62% <9.70%> (-0.10%)	⬇️
tests	88.61% <77.72%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jkczyz]

This commit will likely need to be re-worked to have validate_splice_ack return Option<SpliceFundingFailed> as part of its error. But it seems we never clear pending_splice.funding_negotiation here.

@wpaulino Should we? I'd imagine if we ever emit Event::SpliceFailed then pending_splice.funding_negotiation should no longer be set.

[jkczyz]

Likewise here.

[jkczyz]

Might be able to get this from the StateMachine, but not if it transitioned to NegotiationAborted, it seems.

[jkczyz]

One issue with populating these is if we are in FundingNegotiation::AwaitingSignatures, then we'd need to get them from ChannelContext::interactive_tx_signing_session, which may not have been set yet in FundedChannel::funding_tx_constructed depending on the error.

[jkczyz]

Here, specifically, we may not have set ChannelContext::interactive_tx_signing_session for some errors.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[TheBlueMatt]

What's the status of this? IMO we should land it early so we can write tests and discover where we're missing coverage.

[TheBlueMatt]

Meh, just return the Event?

[jkczyz]

Hmmm... our pattern has been to only create events in ChannelManager. Though we can drop the first three fields and take them from the ChannelContext in ChannelManager as is done for other events.

[TheBlueMatt]

Lol, these comments are great, they're exactly what I expect from an intern, they say absolutely nothing but meet the not-even-a-requirement for things having docs.

[jkczyz]

Yeah... I'll take a pass and clean up Claude's work. Didn't really give it much prompting to be honest.

[TheBlueMatt]

Indeed, I believe we discussed on the call last week, but we should include information about other splices still pending.

[jkczyz]

Yeah, the idea was to only include inputs that can be unlocked. I need to update this still.

[jkczyz]

Given we won't have RBF in the initial release, this doesn't need to be included yet.

[jkczyz]

What's the status of this? IMO we should land it early so we can write tests and discover where we're missing coverage.

This depends on #4097 now.

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[graphite-app]

Bug: In tx_abort handling for funded channels, when a splice negotiation is aborted during the ConstructingTransaction state, the contributed inputs and outputs are not extracted from the interactive_tx_constructor before creating the SpliceFundingFailed event. The code sets contributed_inputs and contributed_outputs to empty vectors, but if the local node had already contributed inputs/outputs to the transaction construction, this information should be preserved so users know which UTXOs they can reuse. The interactive_tx_constructor contains inputs_to_contribute and outputs_to_contribute fields that should be extracted before the constructor is dropped.

Suggested change

	let splice_funding_failed = funding_negotiation_opt
	.filter(|funding_negotiation| funding_negotiation.is_initiator())
	.map(|funding_negotiation| {
	// Create SpliceFundingFailed for the aborted splice
	let (funding_txo, channel_type) = match &funding_negotiation {
	FundingNegotiation::ConstructingTransaction { funding, .. } => {
	(funding.get_funding_txo().map(|txo| txo.into_bitcoin_outpoint()), Some(funding.get_channel_type().clone()))
	},
	FundingNegotiation::AwaitingSignatures { funding, .. } => {
	(funding.get_funding_txo().map(|txo| txo.into_bitcoin_outpoint()), Some(funding.get_channel_type().clone()))
	},
	FundingNegotiation::AwaitingAck { .. } => {
	(None, None)
	},
	};
	SpliceFundingFailed {
	channel_id: funded_channel.context.channel_id,
	counterparty_node_id: funded_channel.context.counterparty_node_id,
	user_channel_id: funded_channel.context.user_id,
	funding_txo,
	channel_type,
	contributed_inputs: Vec::new(),
	contributed_outputs: Vec::new(),
	}
	});
	let splice_funding_failed = funding_negotiation_opt
	.filter(|funding_negotiation| funding_negotiation.is_initiator())
	.map(|funding_negotiation| {
	// Create SpliceFundingFailed for the aborted splice
	let (funding_txo, channel_type, contributed_inputs, contributed_outputs) = match &funding_negotiation {
	FundingNegotiation::ConstructingTransaction { funding, interactive_tx_constructor, .. } => {
	(funding.get_funding_txo().map(|txo| txo.into_bitcoin_outpoint()),
	Some(funding.get_channel_type().clone()),
	interactive_tx_constructor.inputs_to_contribute.clone(),
	interactive_tx_constructor.outputs_to_contribute.clone())
	},
	FundingNegotiation::AwaitingSignatures { funding, .. } => {
	(funding.get_funding_txo().map(|txo| txo.into_bitcoin_outpoint()),
	Some(funding.get_channel_type().clone()),
	Vec::new(),
	Vec::new())
	},
	FundingNegotiation::AwaitingAck { .. } => {
	(None, None, Vec::new(), Vec::new())
	},
	};
	SpliceFundingFailed {
	channel_id: funded_channel.context.channel_id,
	counterparty_node_id: funded_channel.context.counterparty_node_id,
	user_channel_id: funded_channel.context.user_id,
	funding_txo,
	channel_type,
	contributed_inputs,
	contributed_outputs,
	}
	});

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[jkczyz]

I pushed four new commits immediately after the SplicePending commits that allows us to extract inputs / outputs from interactivetx.rs structs for SpliceFailed events. There's now a NegotiationError, which wraps an AbortReason along with the inputs and outputs. There are still a few places where the inputs and outputs need to be populated in channel.rs, though.

[jkczyz]

Specifically, see the into_negotiation_error methods.

[jkczyz]

Opened #4123 based on some offline discussion, which this PR is now based on. It includes NegotiationError and related refactoring. However, it makes a more limited change to interactivetx.rs. Instead of adding complexity to the state transition code, it simply maintains the inputs and outputs from InteractiveTxConstructor -- instead of popping them -- so they can be used to form SpliceFailed events.

[jkczyz]

FYI, added a fixup to persist in this case.

[jkczyz]

Added some test coverage.

[jkczyz]

Here and below, not sure if there's a better way to test for this. Problem was having a SpliceFailed event show up with a ChannelClosed event.

[jkczyz]

I'm only doing some minimal checks here, so let me know if you want anything else covered.

[jkczyz]

FYI, I think the SpliceFailed tests may only be covering this case.

[jkczyz]

The linter doesn't seem to like this. Says I should use map instead of and_then, but that won't work for the catch-all arm. May need to use if let to get around it.

[jkczyz]

Replaced the and_then with a match on the taken Option<QuiescentAction>.

[TheBlueMatt]

Can we get a test of splice failure on disconnect/reload?

[wpaulino]

Can we get a test of splice failure on disconnect/reload?

Isn't that already covered by test_splice_state_reset_on_disconnect? It may be worth rebasing this on #4079 though.

[jkczyz]

Can we get a test of splice failure on disconnect/reload?

Isn't that already covered by test_splice_state_reset_on_disconnect? It may be worth rebasing this on #4079 though.

Yeah, though I realized that we aren't handling the reload case. Since we only persist FundingNegotiation::AwaitingSignatures, we'd need to generate a SpliceFailed event when persisting whenever the other variants are present. Is that preferable to persisting those variants (or at least the contributed inputs / outputs) and producing the event upon reload?

[jkczyz]

Can we get a test of splice failure on disconnect/reload?

Isn't that already covered by test_splice_state_reset_on_disconnect? It may be worth rebasing this on #4079 though.

Yeah, though I realized that we aren't handling the reload case. Since we only persist FundingNegotiation::AwaitingSignatures, we'd need to generate a SpliceFailed event when persisting whenever the other variants are present. Is that preferable to persisting those variants (or at least the contributed inputs / outputs) and producing the event upon reload?

As discussed offline, ended up persisting SpliceFailed events when not in FundingNegotiation::AwaitingSignatures. Need to allocate a Vec when this is ever the case because mutexes not playing well with iterators.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @TheBlueMatt @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[TheBlueMatt]

This looks wrong. We should persist as a result of generating the new event.

[jkczyz]

Here the event is emitted for the Ok case. Either:

(1) we already sent our own tx_abort because we had a ChannelError::Abort earlier and they are responding with a tx_abort as per the protocol, or
(2) they are sending the initial tx_abort, so we are responding in kind.

For (2) we could return ChannelError::Abort instead, I suppose. But it's not really an error. Doing so would be as a way to re-use that code path.

[TheBlueMatt]

Care to DRY this up with the copy in reset_pending_splice_state?

[jkczyz]

Hmm... FWIW, I think we'd need to use a macro. That one takes the FundingNegotiation and uses into_ methods (consuming self) while this one leaves the FundingNegotiation and uses to_ methods (making copies). I guess we could simply clone it and use the into_ methods. But most of the contained data doesn't implement Clone and isn't actually needed.

[jkczyz]

Pushed the macro approach since it turned out to be straightforward.

[TheBlueMatt]

Why push this? We already have a loop a few lines down that iterates over the pending events and writes them one at a time, just put this after that loop.

[jkczyz]

It's also written as a TLV later.

[TheBlueMatt]

Ugh, still so awkward. If we're gonna push it at least keep a single lock over pending_events the whole time so its not unlocked with the bogs event in between.

[jkczyz]

That's a lock-order violation. We could alloc a Vec and extend the existing one, but I assumed we wanted to avoid that.

[TheBlueMatt]

The peer_states Vec that is built a few lines down to hold all the per-peer locks can be moved up as well to address that, I think.

[jkczyz]

Ah, yeah. My earlier attempt was retaking the lock, which is why I had moved this code above it. But I can just use peer_states.iter() to avoid that. Pushed a new version that does this.

This also made me realize we can actually use Iterable since the mutex problem mentioned in #4077 (comment) doesn't exist when using peer_states.iter(). However, we'd need a second TLV because we can't chain and Iterator returning references with one returning values, IIUC.

I attempted this but ran into tests failing with ShortRead errors. Haven't quite debugged it, but I pushed to a separate branch in case it's worth considering the apporach: jkczyz@cfeae18. There's some extra copies made to do the count unfortunately.