Skip to content

Store and check channel data in channel monitors #4218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Store and check channel data in channel monitors #4218

wants to merge 2 commits into from
+315 −13

Conversation

@joostjager
Copy link
Contributor

@joostjager joostjager commented Nov 11, 2025
edited
Loading

Add a new safe_channels feature flag that gates in-development work toward persisting channel monitors and channels atomically, preventing them from desynchronizing and causing force closures.

This commit begins that transition by storing both pieces together and adding consistency checks during writes. These checks mirror what the channel manager currently validates only on reload, but performing them earlier increases coverage and surfaces inconsistencies sooner.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Nov 11, 2025
edited
Loading

👋 I see @valentinewallace was un-assigned.
If you'd like another reviewer assignment, please click here.

@joostjager joostjager force-pushed the chan-monitor-consistency-check branch 3 times, most recently from dda4c5c to b00ff03 Compare November 14, 2025 10:56
@joostjager joostjager changed the title add channel <-> channel monitor consistency check Channel <-> channel monitor consistency check Nov 14, 2025
@joostjager joostjager force-pushed the chan-monitor-consistency-check branch 2 times, most recently from c3771b6 to f387f90 Compare November 14, 2025 11:01
@codecov
Copy link

codecov bot commented Nov 14, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 89.39394% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.32%. Comparing base (21110c8) to head (d4d0879).
⚠️ Report is 10 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/ln/channelmanager.rs 75.00% 6 Missing ⚠️
lightning/src/chain/channelmonitor.rs 92.30% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4218      +/-   ##
==========================================
- Coverage   89.33%   89.32%   -0.01%     
==========================================
  Files         180      180              
  Lines      138353   138522     +169     
  Branches   138353   138522     +169     
==========================================
+ Hits       123598   123736     +138     
- Misses      12132    12164      +32     
+ Partials     2623     2622       -1
Flag Coverage Δ
fuzzing 35.98% <50.00%> (+0.07%) ⬆️
tests 88.69% <89.39%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joostjager joostjager force-pushed the chan-monitor-consistency-check branch 3 times, most recently from 00a95f1 to a82719b Compare November 14, 2025 19:36
@joostjager joostjager changed the title Channel <-> channel monitor consistency check Store and check channel data in channel monitors Add a new safe_channels feature flag that gates in-development work toward persisting channel monitors and channels atomically, preventing them from desynchronizing and causing force closures. This commit begins that transition by storing both pieces together and adding consistency checks during writes. These checks mirror what the channel manager currently validates only on reload, but performing them earlier increases coverage and surfaces inconsistencies sooner. Nov 14, 2025
@joostjager joostjager changed the title Store and check channel data in channel monitors Add a new safe_channels feature flag that gates in-development work toward persisting channel monitors and channels atomically, preventing them from desynchronizing and causing force closures. This commit begins that transition by storing both pieces together and adding consistency checks during writes. These checks mirror what the channel manager currently validates only on reload, but performing them earlier increases coverage and surfaces inconsistencies sooner. Store and check channel data in channel monitors Nov 14, 2025
@valentinewallace valentinewallace mentioned this pull request Nov 17, 2025
Draft
3 tasks
@joostjager
Channel logging improvements
377ca5f 
Additional trace logs to help with debugging.
@joostjager
Store and check channel data in channel monitors
d4d0879 
Add a new `safe_channels` feature flag that gates in-development work
toward persisting channel monitors and channels atomically, preventing
them from desynchronizing and causing force closures.

This commit begins that transition by storing both pieces together and
adding consistency checks during writes. These checks mirror what the
channel manager currently validates only on reload, but performing them
earlier increases coverage and surfaces inconsistencies sooner.
@joostjager joostjager force-pushed the chan-monitor-consistency-check branch from a82719b to d4d0879 Compare November 18, 2025 14:13
@joostjager joostjager mentioned this pull request Nov 19, 2025
Draft
@joostjager joostjager removed the request for review from valentinewallace November 19, 2025 14:50
joostjager
joostjager commented Nov 20, 2025
View reviewed changes
lightning/src/chain/channelmonitor.rs

/// The encoded channel data associated with this ChannelMonitor, if any.
#[cfg(feature = "safe_channels")]
pub encoded_channel: Option<Vec<u8>>,
Copy link
Contributor Author

@joostjager joostjager Nov 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Continuing discussion here @valentinewallace #4151 (comment)

Did you explore encoding the FundedChannel itself rather than a bag of bytes? I guess it would require propagating the signer trait parameter, which is kind of annoying?

I think it is possible, but with a few workarounds. The advantage would be that we have a clear target struct to strip all the data off that is redundant for channel monitor.

https://github.com/joostjager/rust-lightning/compare/chan-monitor-unencoded-chan%7E1...joostjager:rust-lightning:chan-monitor-unencoded-chan?expand=1 (wip)

We do need to allow cloning of the channel to get a copy to store inside the monitor and monitor update. Also equality needs to be implemented. And it is the case that a channel contains a list of blocked monitor updates, that can again contain a channel copy. Not sure if we getting into something undesirable with that form of nesting.

The pending_splice field also turned out to be difficult to clone. For now, I just took the serialized version of it.

@joostjager joostjager self-assigned this Nov 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@joostjager joostjager

Labels

None yet

Projects

Weekly Goals
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joostjager @ldk-reviews-bot