+#[test]
+fn test_monitor_and_persister_update_fail() {
+ // Test that if both updating the `ChannelMonitor` and persisting the updated
+ // `ChannelMonitor` fail, then the failure from updating the `ChannelMonitor`
+ // one that gets returned.
+ let chanmon_cfgs = create_chanmon_cfgs(2);
+ let node_cfgs = create_node_cfgs(2, &chanmon_cfgs);
+ let node_chanmgrs = create_node_chanmgrs(2, &node_cfgs, &[None, None]);
+ let mut nodes = create_network(2, &node_cfgs, &node_chanmgrs);
+
+ // Create some initial channel
+ let chan = create_announced_chan_between_nodes(&nodes, 0, 1, InitFeatures::known(), InitFeatures::known());
+ let outpoint = OutPoint { txid: chan.3.txid(), index: 0 };
+
+ // Rebalance the network to generate htlc in the two directions
+ send_payment(&nodes[0], &vec!(&nodes[1])[..], 10_000_000, 10_000_000);
+
+ // Route an HTLC from node 0 to node 1 (but don't settle)
+ let preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 9_000_000).0;
+
+ // Make a copy of the ChainMonitor so we can capture the error it returns on a
+ // bogus update. Note that if instead we updated the nodes[0]'s ChainMonitor
+ // directly, the node would fail to be `Drop`'d at the end because its
+ // ChannelManager and ChainMonitor would be out of sync.
+ let chain_source = test_utils::TestChainSource::new(Network::Testnet);
+ let logger = test_utils::TestLogger::with_id(format!("node {}", 0));
+ let persister = test_utils::TestPersister::new();
+ let chain_mon = {
+ let monitors = nodes[0].chain_monitor.chain_monitor.monitors.lock().unwrap();
+ let monitor = monitors.get(&outpoint).unwrap();
+ let mut w = test_utils::TestVecWriter(Vec::new());
+ monitor.serialize_for_disk(&mut w).unwrap();
+ let new_monitor = <(BlockHash, ChannelMonitor<EnforcingChannelKeys>)>::read(
+ &mut ::std::io::Cursor::new(&w.0)).unwrap().1;
+ assert!(new_monitor == *monitor);
+ let chain_mon = test_utils::TestChainMonitor::new(Some(&chain_source), &chanmon_cfgs[0].tx_broadcaster, &logger, &chanmon_cfgs[0].fee_estimator, &persister);
+ assert!(chain_mon.watch_channel(outpoint, new_monitor).is_ok());
+ chain_mon
+ };
+ let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+ chain_mon.chain_monitor.block_connected(&header, &[], 200);
+
+ // Set the persister's return value to be a TemporaryFailure.
+ persister.set_update_ret(Err(ChannelMonitorUpdateErr::TemporaryFailure));
+
+ // Try to update ChannelMonitor
+ assert!(nodes[1].node.claim_funds(preimage, &None, 9_000_000));
+ check_added_monitors!(nodes[1], 1);
+ let updates = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
+ assert_eq!(updates.update_fulfill_htlcs.len(), 1);
+ nodes[0].node.handle_update_fulfill_htlc(&nodes[1].node.get_our_node_id(), &updates.update_fulfill_htlcs[0]);
+ if let Some(ref mut channel) = nodes[0].node.channel_state.lock().unwrap().by_id.get_mut(&chan.2) {
+ if let Ok((_, _, _, update)) = channel.commitment_signed(&updates.commitment_signed, &node_cfgs[0].fee_estimator, &node_cfgs[0].logger) {
+ // Check that even though the persister is returning a TemporaryFailure,
+ // because the update is bogus, ultimately the error that's returned
+ // should be a PermanentFailure.
+ if let Err(ChannelMonitorUpdateErr::PermanentFailure) = chain_mon.chain_monitor.update_channel(outpoint, update.clone()) {} else { panic!("Expected monitor error to be permanent"); }
+ logger.assert_log_contains("lightning::chain::chainmonitor".to_string(), "Failed to persist channel monitor update: TemporaryFailure".to_string(), 1);
+ if let Ok(_) = nodes[0].chain_monitor.update_channel(outpoint, update) {} else { assert!(false); }
+ } else { assert!(false); }
+ } else { assert!(false); };
+
+ check_added_monitors!(nodes[0], 1);
+ let events = nodes[0].node.get_and_clear_pending_events();
+ assert_eq!(events.len(), 1);
+}
+
+#[test]
+fn test_simple_monitor_permanent_update_fail() {
+ do_test_simple_monitor_permanent_update_fail(false);
+
+ // Test behavior when the persister returns a PermanentFailure.
+ do_test_simple_monitor_permanent_update_fail(true);
+}
+
+// If persister_fail is true, we have the persister return a TemporaryFailure instead of the
+// higher-level ChainMonitor.
+fn do_test_simple_monitor_temporary_update_fail(disconnect: bool, persister_fail: bool) {