Author: Matt Corallo 2021-04-24 04:20:44
Published on: 2021-04-24T04:20:44+00:00
Rusty Russell prefers alternation over reflection, as it is more optimal than reflection for optimized implementations and fits better with the existing implementations. In particular, a simple implementation never sends a commitment_signed until it receives "giving way" so it doesn't have to deal with orphaned commitments. A more complex implementation sends opportunistically and then has to remember that it's committed if it loses the race. Such an implementation is only slower than the current system if that race happens. The state machine here is really not that big - while simplifying it where possible is nice, ripping things out to replace them with fresh code (which would need similar testing) is probably not the most obvious decrease in complexity.The issues discussed in the thread are great for fuzzing, according to a previous meeting. A fuzzer which aggressively tests for precisely these types of message-non-delivery-and-resending production desync bugs has been in use for several years, but quickly exhausted the bug fruit after forcing several rewrites of parts of the state machine. The state machine here is not that big, although simplifying it where possible is desirable.Rusty Russell has been revisiting the issue because it makes things like splicing easier: the current draft requires stopping changes while splicing is being negotiated, which is not entirely trivial. With the simplified method, you don't have to wait at all. It is unclear how much more complicated this is than having an alternation to updates and pausing HTLC updates for a cycle or two while splicing is negotiated. However, a similar update-stopping process for shutdown already exists, though it doesn’t include restarting.
Updated on: 2023-05-23T14:42:15.045286+00:00