Async background persistence

[joostjager]

Stripped down version of #3778. It allows background persistence to be async, but channel monitor persistence remains sync. This means that for the time being, users wanting async background persistence would be required to implement both the sync and the async KVStore trait. This model is available through process_events_full_async.

process_events_async still takes a synchronous kv store to remain backwards compatible.

Usage in ldk-node: lightningdevkit/ldk-node@main...joostjager:ldk-node:upgrade-to-async-kvstore

[ldk-reviews-bot]

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[graphite-app]

The encoded variable is captured by reference in the returned future, but it's a local variable that will be dropped when the function returns. This creates a potential use-after-free issue. Consider moving ownership of encoded into the future instead:

fn persist_state<'a>(
    &self, sweeper_state: &SweeperState,
) -> Pin<Box<dyn Future<Output = Result<(), io::Error>> + 'a + Send>> {
    let encoded = sweeper_state.encode();

    self.kv_store.write(
        OUTPUT_SWEEPER_PERSISTENCE_PRIMARY_NAMESPACE,
        OUTPUT_SWEEPER_PERSISTENCE_SECONDARY_NAMESPACE,
        OUTPUT_SWEEPER_PERSISTENCE_KEY,
        &encoded,
    )
}

This ensures the data remains valid for the lifetime of the future.

Suggested change

	fn persist_state<'a>(
	&self, sweeper_state: &SweeperState,
	) -> Pin<Box<dyn Future<Output = Result<(), io::Error>> + 'a + Send>> {
	let encoded = &sweeper_state.encode();
	self.kv_store.write(
	OUTPUT_SWEEPER_PERSISTENCE_PRIMARY_NAMESPACE,
	OUTPUT_SWEEPER_PERSISTENCE_SECONDARY_NAMESPACE,
	OUTPUT_SWEEPER_PERSISTENCE_KEY,
	encoded,
	)
	fn persist_state<'a>(
	&self, sweeper_state: &SweeperState,
	) -> Pin<Box<dyn Future<Output = Result<(), io::Error>> + 'a + Send>> {
	let encoded = sweeper_state.encode();
	self.kv_store.write(
	OUTPUT_SWEEPER_PERSISTENCE_PRIMARY_NAMESPACE,
	OUTPUT_SWEEPER_PERSISTENCE_SECONDARY_NAMESPACE,
	OUTPUT_SWEEPER_PERSISTENCE_KEY,
	&encoded,
	)

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

[joostjager]

Is this real?

[tnull]

I don't think so as the compiler would likely optimize that away, given that encoded will be an owned value (Vec returned by encode()). Still, the change that it suggests looks cleaner.

In general it will be super confusing that we encode at the time of creating the future, but would only actually persist once we dropped the lock. Starting from now we'll need to be super cautious about the side-effects of interleaving persist calls.

[joostjager]

The idea is that an async kv store store encodes the data and stores the write action in a queue at the moment the future is created. Things should still happen in the original order.

Can you show a specific scenario where we have to be super cautious even if we have that queue?

[joostjager]

Moved &

[tnull]

The idea is that an async kv store store encodes the data and stores the write action in a queue at the moment the future is created. Things should still happen in the original order.

If that is the idea that we start assuming in this PR, we should probably also start documenting these assumptions in this PR on KVStore already.

[joostjager]

Added this requirement to the async KVStore trait doc

[tnull]

Did a first pass. Changes look mostly good, although I'm not the biggest fan of the process_events_full_async variant as well as the SyncOutputSweeperSyncKVStoreSync in the last commit. I hope we can avoid them?

For the former, it would be useful to wait for #3688 (given it's close), and then the user could use the builder pattern to either configure an async or sync KVStore.

[tnull]

I dislike to solve this by just doubling the API surface here. IMO, we should finally move forward with #3688 first, and then utilize the builder pattern to allow the user to plugin a sync or async KVStore variant.

[joostjager]

I don't think we should do #3688 in the form that it currently has. My opinion is that it is too much code for what it gets us.

[tnull]

Okay, we may need to conclude on that debate soon then.

Note that a) we had already decided to go this way on #3612 b) have a contributor that already did the work and c) this PR is a pretty good example why we'd want the builder pattern over just adding more constructors or optional fields on them.

But probably best to discuss elsewhere.

[joostjager]

This is also temporary, because we want to move over to full async eventually.

[joostjager]

I'd say that to solve #3612 we can also use the dummy implementations and don't necessarily need a builder. But indeed best to move that discussion to #3688.

[tnull]

I'd say that to solve #3612 we can also use the dummy implementations and don't necessarily need a builder. But indeed best to move that discussion to #3688.

I still think forcing the user to supply all the dummy implementation doesn't significantly improve the API situation for the user. But yeah, lets move the discussion elsewhere.

[tnull]

As discussed yesterday, we'll also need access to this type in LDK Node as it will be part of the OutputSweeper type signature. Not sure if it then would preferable to have the user implement this wrapper. If we leave it here, it might make sense to split out all these wrappers into a separate util.rs or helpers.rs file, so they don't clutter up the codebase.

[tnull]

No, I think we should really unset the dirty flag once we're sure we persisted, not before. I.e., rather than unsetting and re-setting it, just set it to false in the success case.

[joostjager]

If we do it after persisting, another thread may also persist because it thinks the data is still dirty? What I've implemented is the outcome of a chat with @TheBlueMatt about it. I agree it isn't pretty, so open to other suggestions.

[tnull]

If we do it after persisting, another thread may also persist because it thinks the data is still dirty?

Hmm, but this way we have the same issue around interleaving threads, just the other way around? I.e., we could have another thread come in acquiring the lock, making changes, persisting, at which point the failed persistence task would be blocked on re-acquiring the mutex, then would set dirty = true, even though the state was just re-persisted in the meantime, also resulting in another unnecessary persist?

[joostjager]

That is true, but I think the way the PR is currently written optimizes for the happy flow where the persist doesn't fail. So that in the happy flow, there are no unnecessary persists.

[tnull]

Do we really need yet another wrapper type for this? Do we then also need an OutputSweeperSyncKVStoreSync to complete the matrix?

I think this is really messy. If this is only added to avoid exposing KVStoreSyncWrapper, I'd much rather go this way or implement the wrapper in LDK Node.

[joostjager]

OutputSweeperSyncKVStoreSync is what OutputSweeperSync is, so that is already present.

Don't like this either, but we wanted to guarantee that users can't misuse the wrappers, and this is the result of that. If we have consensus on another approach, I am fine with that too.

[TheBlueMatt]

I'm also not clear on why this needs a separate wrapper. We can have a second constructor on OutputSweeper that does the KVStore sync wrapping before returning a fully-async OutputSweeper, the only difference between this and that is that track_spendable_outputs would go from async to sync, but in this case its a user who already has support for calling most things async, so not sure why we really care.

[joostjager]

I first had the second constructor, but that required exporting the wrapper type too which we wanted to keep private.

[joostjager]

Discussed offline. As long as we don't poll the future and expect it to be ready immediately, there is no risk in exposing the wrapper. Added secondary constructor and secondary read method and removed OutputSweeperSyncKVStoreSync

[tnull]

Can't you implement deref to solve this?

[tnull]

I don't think so as the compiler would likely optimize that away, given that encoded will be an owned value (Vec returned by encode()). Still, the change that it suggests looks cleaner.

In general it will be super confusing that we encode at the time of creating the future, but would only actually persist once we dropped the lock. Starting from now we'll need to be super cautious about the side-effects of interleaving persist calls.

[ldk-reviews-bot]

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

[joostjager]

@tnull changes made diff and replied to open threads.

[tnull]

As mentioned above, changes basically look good to me, although I'd prefer to avoid process_events_full_async by using the builder introduced in #3688.

But, generally this should be good for a second reviewer, so pinging @TheBlueMatt.

[TheBlueMatt]

Given Persister is only used in lightning-background-processor and we've been migrating to just using KVStore everywhere (eg its now required to use Sweeper), maybe we just kill off Persister entirely? We had Persister before we had KVStore as a way to persist the objects that the BP wanted to persist. To simplify the interface, we added the KVStore as a pseudo-wrapper around Persister. But since Sweeper now requires a KVStore explicitly, users can no longer only implement Persister, making it basically useless.

The only reason to keep it would be to avoid building the encoded Vec<u8> of the network graph and scorer for users who are avoiding persisting those objects, but I'm not entirely sure avoiding the ~50MiB memory spike during write is worth it.

[joostjager]

Added first commit that removes Persister. Rebased the rest. Lots of simplication.

[TheBlueMatt]

I'm also not clear on why this needs a separate wrapper. We can have a second constructor on OutputSweeper that does the KVStore sync wrapping before returning a fully-async OutputSweeper, the only difference between this and that is that track_spendable_outputs would go from async to sync, but in this case its a user who already has support for calling most things async, so not sure why we really care.

[TheBlueMatt]

Almost LGTM, just one real comment and a doc nit.

[TheBlueMatt]

nit: It may be useful to clarify what this means with an example or a suggested approach to working around it.

[TheBlueMatt]

Hmm, it used to be the case that we'd first persist, wait for that to finish, then broadcast. I don't think its critical, but it does seem like we should retain that behavior.