Ensure a 1:1 mapping of value sendable to send success in fuzzing

Now that the value available to send is expected to match the
success or failure of sending exactly, we should assert this in the
`chanmon_consistency` fuzzer.

In the next commit we'll actually rip the checks out of `send_htlc`
which will make this a somewhat less useful test, however fuzzing
on this specific commit can help to reveal bugs.

diff --git a/fuzz/src/chanmon_consistency.rs b/fuzz/src/chanmon_consistency.rs
index f8c6c08a2baca464273858365e770e35145655e4..bb4066700639680485e0c6fea1957cf020992ee4 100644 (file)
--- a/fuzz/src/chanmon_consistency.rs
+++ b/fuzz/src/chanmon_consistency.rs
@@ -285,7 +285,7 @@ impl KeyProvider {
 }
 
 #[inline]
-fn check_api_err(api_err: APIError) {
+fn check_api_err(api_err: APIError, sendable_bounds_violated: bool) {
        match api_err {
                APIError::APIMisuseError { .. } => panic!("We can't misuse the API"),
                APIError::FeeRateTooHigh { .. } => panic!("We can't send too much fee?"),
@@ -305,6 +305,7 @@ fn check_api_err(api_err: APIError) {
                                _ if err.starts_with("Cannot send value that would put our exposure to dust HTLCs at") => {},
                                _ => panic!("{}", err),
                        }
+                       assert!(sendable_bounds_violated);
                },
                APIError::MonitorUpdateInProgress => {
                        // We can (obviously) temp-fail a monitor update
@@ -313,17 +314,17 @@ fn check_api_err(api_err: APIError) {
        }
 }
 #[inline]
-fn check_payment_err(send_err: PaymentSendFailure) {
+fn check_payment_err(send_err: PaymentSendFailure, sendable_bounds_violated: bool) {
        match send_err {
-               PaymentSendFailure::ParameterError(api_err) => check_api_err(api_err),
+               PaymentSendFailure::ParameterError(api_err) => check_api_err(api_err, sendable_bounds_violated),
                PaymentSendFailure::PathParameterError(per_path_results) => {
-                       for res in per_path_results { if let Err(api_err) = res { check_api_err(api_err); } }
+                       for res in per_path_results { if let Err(api_err) = res { check_api_err(api_err, sendable_bounds_violated); } }
                },
                PaymentSendFailure::AllFailedResendSafe(per_path_results) => {
-                       for api_err in per_path_results { check_api_err(api_err); }
+                       for api_err in per_path_results { check_api_err(api_err, sendable_bounds_violated); }
                },
                PaymentSendFailure::PartialFailure { results, .. } => {
-                       for res in results { if let Err(api_err) = res { check_api_err(api_err); } }
+                       for res in results { if let Err(api_err) = res { check_api_err(api_err, sendable_bounds_violated); } }
                },
                PaymentSendFailure::DuplicatePayment => panic!(),
        }
@@ -351,6 +352,11 @@ fn send_payment(source: &ChanMan, dest: &ChanMan, dest_chan_id: u64, amt: u64, p
        let mut payment_id = [0; 32];
        payment_id[0..8].copy_from_slice(&payment_idx.to_ne_bytes());
        *payment_idx += 1;
+       let (min_value_sendable, max_value_sendable) = source.list_usable_channels()
+               .iter().find(|chan| chan.short_channel_id == Some(dest_chan_id))
+               .map(|chan|
+                       (chan.next_outbound_htlc_minimum_msat, chan.next_outbound_htlc_limit_msat))
+               .unwrap_or((0, 0));
        if let Err(err) = source.send_payment_with_route(&Route {
                paths: vec![Path { hops: vec![RouteHop {
                        pubkey: dest.get_our_node_id(),
@@ -362,9 +368,15 @@ fn send_payment(source: &ChanMan, dest: &ChanMan, dest_chan_id: u64, amt: u64, p
                }], blinded_tail: None }],
                payment_params: None,
        }, payment_hash, RecipientOnionFields::secret_only(payment_secret), PaymentId(payment_id)) {
-               check_payment_err(err);
+               check_payment_err(err, amt > max_value_sendable || amt < min_value_sendable);
                false
-       } else { true }
+       } else {
+               // Note that while the max is a strict upper-bound, we can occasionally send substantially
+               // below the minimum, with some gap which is unusable immediately below the minimum. Thus,
+               // we don't check against min_value_sendable here.
+               assert!(amt <= max_value_sendable);
+               true
+       }
 }
 #[inline]
 fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, dest: &ChanMan, dest_chan_id: u64, amt: u64, payment_id: &mut u8, payment_idx: &mut u64) -> bool {
@@ -373,13 +385,19 @@ fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, des
        let mut payment_id = [0; 32];
        payment_id[0..8].copy_from_slice(&payment_idx.to_ne_bytes());
        *payment_idx += 1;
+       let (min_value_sendable, max_value_sendable) = source.list_usable_channels()
+               .iter().find(|chan| chan.short_channel_id == Some(middle_chan_id))
+               .map(|chan|
+                       (chan.next_outbound_htlc_minimum_msat, chan.next_outbound_htlc_limit_msat))
+               .unwrap_or((0, 0));
+       let first_hop_fee = 50_000;
        if let Err(err) = source.send_payment_with_route(&Route {
                paths: vec![Path { hops: vec![RouteHop {
                        pubkey: middle.get_our_node_id(),
                        node_features: middle.node_features(),
                        short_channel_id: middle_chan_id,
                        channel_features: middle.channel_features(),
-                       fee_msat: 50000,
+                       fee_msat: first_hop_fee,
                        cltv_expiry_delta: 100,
                },RouteHop {
                        pubkey: dest.get_our_node_id(),
@@ -391,9 +409,16 @@ fn send_hop_payment(source: &ChanMan, middle: &ChanMan, middle_chan_id: u64, des
                }], blinded_tail: None }],
                payment_params: None,
        }, payment_hash, RecipientOnionFields::secret_only(payment_secret), PaymentId(payment_id)) {
-               check_payment_err(err);
+               let sent_amt = amt + first_hop_fee;
+               check_payment_err(err, sent_amt < min_value_sendable || sent_amt > max_value_sendable);
                false
-       } else { true }
+       } else {
+               // Note that while the max is a strict upper-bound, we can occasionally send substantially
+               // below the minimum, with some gap which is unusable immediately below the minimum. Thus,
+               // we don't check against min_value_sendable here.
+               assert!(amt + first_hop_fee <= max_value_sendable);
+               true
+       }
 }
 
 #[inline]

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index c404b46f11d7e3e2c1ab0cc675c3fa56ecb89f06..2ea2ebd58c4d319572e71bd4e91be3c7286714a7 100644 (file)
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -6029,6 +6029,8 @@ impl<Signer: WriteableEcdsaChannelSigner> Channel<Signer> {
                        return Err(ChannelError::Ignore(format!("Cannot send value that would put our balance under counterparty-announced channel reserve value ({})", chan_reserve_msat)));
                }
 
+               debug_assert!(amount_msat <= self.get_available_balances().next_outbound_htlc_limit_msat);
+
                let need_holding_cell = (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateInProgress as u32)) != 0;
                log_debug!(logger, "Pushing new outbound HTLC for {} msat {}", amount_msat,
                        if force_holding_cell { "into holding cell" }