đź“… Original date posted:2021-04-27
đź“ť Original message:
Matt Corallo <lf-lists at mattcorallo.com> writes:
>> On Apr 24, 2021, at 01:56, Rusty Russell <rusty at rustcorp.com.au> wrote:
>>
>> Matt Corallo <lf-lists at mattcorallo.com> writes:
>>> Somehow I missed this thread, but I did note in a previous meeting - these issues are great fodder for fuzzing. We’ve had a fuzzer which aggressively tests for precisely these types of message-non-delivery-and-resending production desync bugs for several years. When it initially landed it forced several rewrites of parts of the state machine, but quickly exhausted the bug fruit (though catches other classes of bugs occasionally as well). The state machine here is really not that big - while I agree simplifying it where possible is nice, ripping things out to replace them with fresh code (which would need similar testing) is probably not the most obvious decrease in complexity.
>>
>> It's historically had more bugs than anything else in the protocol. We
>> literally found another one in feerate negotiation since the last
>> c-lightning release :(
>>
>> I'd rather not have bugs than try to catch them all.
>
> I promise it’s much less work than it sounds like, and avoids having to debug these things based on logs, which is a huge pain :). Definitely less work than a new state machine:).
But the entire point of this proposal is that it's a subset of the
existing state machine?
>> You could propose a splice (or update to anchors, or whatever) any time
>> when it's your turn, as long as you haven't proposed any other updates.
>> That's simple!
>
> I presume you’d need to take it a few steps further - if the last
> message received required a response CS/RAA, you must still wait until
> things have settled down. I guess it also depends on the exact
> semantics of a “turn based” message protocol - if you received some
> updates and a signature, are you allowed to add more updates after you
> send your CS/RAA (then you have a good chunk of today’s complexity),
> or do you have to wait until they send you back their last RAA (in
> which case presumably they aren’t allowed to include anything else as
> then they’d be able to monopolize update windows). In the first case
> you still have the same issues of today, in the second less so, but
> you’re doing a similar “ok, just pause updates and wait for things to
> settle “, I think.
Yes, as the original proposal stated: you propose changes, send
commitment_signed, receive revoke_and_ack and commitment_signed, then
send revoke_and_ack. Then both sides are in sync, and the other side
has a turn.
The only "twist" is that if it's your turn and you receive an update,
you can either reply with a "yield" message, or ignore it.
>> Instead, *both* sides have to send a splice message to synchronize, and
>> they can only do so once all in-flight changes have cleared. You have
>> to resolve simultaneous splice attempts (we use "highest feerate"
>> tiebreak by node_id), and keep track of this stage while you clear
>> in-flight changes.
>
> Isn’t that pretty similar? Discard one splice proposal deterministically (ok that’s new) and the loser has to store their proposal in a holding cell for later (which they have to do in turn-based anyway). Logic to check if there’s unsettled things in RAA handling is pretty similar to turn-based, and logic to reject other messages is the same as shutdown handling today.
Nope, with the simplified protocol you can `update_splice` at any time
instead of your normal update, since both sides are already in sync.
>> Here's the subset of requirements from the draft which relate to this:
>>
>> The sender:
>> - MUST NOT send another splice message while a splice is being negotiated.
>> - MUST NOT send a splice message after sending uncommitted changes.
>> - MUST NOT send other channel updates until splice negotiation has completed.
>>
>> The receiver:
>> - MUST respond with a `splice` message of its own if it has not already.
>> - MUST NOT reply with `splice` until all commitment updates are resolved by both peers.
>
> Probably use “committed” not “resolved”. “Resolved” sounds like “no pending HTLCs left”.
Yes, and in fact this protocol was flawed and had to be revised, as it
did not actually mean both sides were committed in the case of
simultaneous splice proposals :(
>> - MUST use the higher of the two `funding_feerate_perkw` as the feerate for
>> the splice.
>
> If we like turn based, why not just deterministic throw out one slice? :)
Because while I am going to implement turn-based, I'm not sure if anyone
else is. I guess we'll see?
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 13:02:19
in reply to nevent1q…ljaj
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 13:02:19Event JSON
{
"id": "780d31e3defbf3d4fff665798bcc8b12c7fed56e81d346fbf2d7c64a45c05ffb",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315739,
"kind": 1,
"tags": [
[
"e",
"5553893599fc04c98be25342f54aa462a3c042c383d72c4c91ba0e2e16004f4c",
"",
"root"
],
[
"e",
"5170580b4681071cf1ef029aa87c29ca1fb9328ef1617232de95974ee4d8796e",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2021-04-27\n📝 Original message:\nMatt Corallo \u003clf-lists at mattcorallo.com\u003e writes:\n\u003e\u003e On Apr 24, 2021, at 01:56, Rusty Russell \u003crusty at rustcorp.com.au\u003e wrote:\n\u003e\u003e \n\u003e\u003e Matt Corallo \u003clf-lists at mattcorallo.com\u003e writes:\n\u003e\u003e\u003e Somehow I missed this thread, but I did note in a previous meeting - these issues are great fodder for fuzzing. We’ve had a fuzzer which aggressively tests for precisely these types of message-non-delivery-and-resending production desync bugs for several years. When it initially landed it forced several rewrites of parts of the state machine, but quickly exhausted the bug fruit (though catches other classes of bugs occasionally as well). The state machine here is really not that big - while I agree simplifying it where possible is nice, ripping things out to replace them with fresh code (which would need similar testing) is probably not the most obvious decrease in complexity.\n\u003e\u003e \n\u003e\u003e It's historically had more bugs than anything else in the protocol. We\n\u003e\u003e literally found another one in feerate negotiation since the last\n\u003e\u003e c-lightning release :(\n\u003e\u003e \n\u003e\u003e I'd rather not have bugs than try to catch them all.\n\u003e\n\u003e I promise it’s much less work than it sounds like, and avoids having to debug these things based on logs, which is a huge pain :). Definitely less work than a new state machine:).\n\nBut the entire point of this proposal is that it's a subset of the\nexisting state machine?\n\n\u003e\u003e You could propose a splice (or update to anchors, or whatever) any time\n\u003e\u003e when it's your turn, as long as you haven't proposed any other updates.\n\u003e\u003e That's simple!\n\u003e\n\u003e I presume you’d need to take it a few steps further - if the last\n\u003e message received required a response CS/RAA, you must still wait until\n\u003e things have settled down. I guess it also depends on the exact\n\u003e semantics of a “turn based” message protocol - if you received some\n\u003e updates and a signature, are you allowed to add more updates after you\n\u003e send your CS/RAA (then you have a good chunk of today’s complexity),\n\u003e or do you have to wait until they send you back their last RAA (in\n\u003e which case presumably they aren’t allowed to include anything else as\n\u003e then they’d be able to monopolize update windows). In the first case\n\u003e you still have the same issues of today, in the second less so, but\n\u003e you’re doing a similar “ok, just pause updates and wait for things to\n\u003e settle “, I think.\n\nYes, as the original proposal stated: you propose changes, send\ncommitment_signed, receive revoke_and_ack and commitment_signed, then\nsend revoke_and_ack. Then both sides are in sync, and the other side\nhas a turn.\n\nThe only \"twist\" is that if it's your turn and you receive an update,\nyou can either reply with a \"yield\" message, or ignore it.\n\n\u003e\u003e Instead, *both* sides have to send a splice message to synchronize, and\n\u003e\u003e they can only do so once all in-flight changes have cleared. You have\n\u003e\u003e to resolve simultaneous splice attempts (we use \"highest feerate\"\n\u003e\u003e tiebreak by node_id), and keep track of this stage while you clear\n\u003e\u003e in-flight changes.\n\u003e\n\u003e Isn’t that pretty similar? Discard one splice proposal deterministically (ok that’s new) and the loser has to store their proposal in a holding cell for later (which they have to do in turn-based anyway). Logic to check if there’s unsettled things in RAA handling is pretty similar to turn-based, and logic to reject other messages is the same as shutdown handling today.\n\nNope, with the simplified protocol you can `update_splice` at any time\ninstead of your normal update, since both sides are already in sync.\n\n\u003e\u003e Here's the subset of requirements from the draft which relate to this:\n\u003e\u003e \n\u003e\u003e The sender:\n\u003e\u003e - MUST NOT send another splice message while a splice is being negotiated.\n\u003e\u003e - MUST NOT send a splice message after sending uncommitted changes.\n\u003e\u003e - MUST NOT send other channel updates until splice negotiation has completed.\n\u003e\u003e \n\u003e\u003e The receiver:\n\u003e\u003e - MUST respond with a `splice` message of its own if it has not already.\n\u003e\u003e - MUST NOT reply with `splice` until all commitment updates are resolved by both peers.\n\u003e\n\u003e Probably use “committed” not “resolved”. “Resolved” sounds like “no pending HTLCs left”.\n\nYes, and in fact this protocol was flawed and had to be revised, as it\ndid not actually mean both sides were committed in the case of\nsimultaneous splice proposals :(\n\n\u003e\u003e - MUST use the higher of the two `funding_feerate_perkw` as the feerate for\n\u003e\u003e the splice.\n\u003e\n\u003e If we like turn based, why not just deterministic throw out one slice? :)\n\nBecause while I am going to implement turn-based, I'm not sure if anyone\nelse is. I guess we'll see?\n\nCheers,\nRusty.",
"sig": "1a409203dbff12b5dc1177f13659a0b5a7ff9f6b72e6d3e6bc57e0b6bb78ba5ad67179337beaa18cc193424ca673860463ca2aa6b30f9fb50fcde9d419ce0655"
}