fuzz: add force-close support to chanmon_consistency#4381
Draft
joostjager wants to merge 22 commits intolightningdevkit:mainfrom
Draft
fuzz: add force-close support to chanmon_consistency#4381joostjager wants to merge 22 commits intolightningdevkit:mainfrom
joostjager wants to merge 22 commits intolightningdevkit:mainfrom
Conversation
|
👋 I see @wpaulino was un-assigned. |
joostjager
force-pushed
the
fuzz-force-close
branch
from
081de37 to
97e65bc
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4381 +/- ##
==========================================
- Coverage 87.10% 86.21% -0.90%
==========================================
Files 161 159 -2
Lines 109246 109121 -125
Branches 109246 109121 -125
==========================================
- Hits 95162 94081 -1081
- Misses 11600 12426 +826
- Partials 2484 2614 +130
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
wpaulino
reviewed
Feb 10, 2026
| }, | ||
| events::Event::SplicePending { .. } => {}, | ||
| events::Event::SpliceFailed { .. } => {}, | ||
| events::Event::ChannelClosed { .. } => {}, |
Contributor
There was a problem hiding this comment.
We should probably open a new channel to replace the force closed one?
|
|
||
| // Only check for no broadcasts if no force-closes happened. | ||
| if !fc_ab && !fc_bc { | ||
| assert!(broadcast.txn_broadcasted.borrow().is_empty()); |
Contributor
There was a problem hiding this comment.
I have some changes that will be going up soon that rework this, you may want to wait until then. Each node will have its own broadcaster, and there's also a concept of a "chain" now so we can mine transactions.
Contributor
Author
There was a problem hiding this comment.
Changes were very useful! The per-node broadcasters (broadcast_a/broadcast_b/broadcast_c) are used to selectively drain and confirm each node's force-close commitment txs, and the ChainState abstraction is used to confirm broadcast transactions and advance block height past HTLC timelocks during settlement.
joostjager
force-pushed
the
fuzz-force-close
branch
5 times, most recently
from
24da03b to
1f6b57a
Compare
Collaborator
|
Needs rebase. Is this stalled waiting on fixes that were discovered by the fuzzer? |
joostjager
force-pushed
the
fuzz-force-close
branch
from
1f6b57a to
633c959
Compare
Contributor
Author
|
I was working on my local branch only for a while. Just pushed what I have. But indeed, the mixed mode failure is also showing up in different ways with fc fuzzing. |
joostjager
force-pushed
the
fuzz-force-close
branch
2 times, most recently
from
a1b1367 to
ba6cbfa
Compare
joostjager
force-pushed
the
fuzz-force-close
branch
2 times, most recently
from
f3cbd42 to
88ee2b7
Compare
Contributor
Author
|
Rebased onto #4571, because compile times became unworkable with the many macros. |
joostjager
force-pushed
the
fuzz-force-close
branch
from
88ee2b7 to
67bcdec
Compare
Extract the repeated peer-connection and channel-funding setup into small helpers. This leaves the fuzz scenario setup behavior unchanged while making later harness refactors easier to review.
Introduce a small wrapper around each channel manager and its test resources. This keeps node-local state together before moving more operations onto the harness.
Move construction of loggers, keys, monitors, broadcasters, wallets, and fee estimators into node resource setup. This removes ad hoc local closures while preserving the deterministic test inputs used by the fuzzer.
Centralize creation of the three chanmon harness nodes. The fuzzer now initializes the node array through one path, which reduces duplicated setup before the event and payment helpers are split out.
Move persistence, reload, and chain sync state onto each harness node. Keeping serialized managers and heights with the node makes restarts and block updates easier to reason about.
Lift monitor update, splice, and chain sync actions into named helper functions. This keeps the byte-dispatch loop focused on choosing actions rather than spelling out each operation.
Move the action helpers onto `HarnessNode` methods. Node-local operations now live with the state they mutate, which reduces argument threading through the fuzz loop.
Replace the four directional message vectors with one queue owner. The fuzz loop now uses that owner at send, receive, drain, and reload sites while preserving the existing routing behavior.
Move per-node queue draining, middle-node routing, and disconnect cleanup into EventQueues. The fuzz loop now asks the queue owner to route remaining messages instead of mutating each directional vector directly.
Pull message-event delivery into standalone helpers. This keeps the fuzz dispatch loop smaller while preserving the same corruption and one-message processing modes.
Represent each channel pair as a peer link with its channel ids and disconnect state. Link methods now own peer reconnect, disconnect, and monitor-update operations for that channel group.
Move payment bookkeeping into a payment tracker. Sending, resolving, claiming, and stuck-payment assertions now share one state owner instead of borrowing several local maps.
Collect the node, link, queue, chain, and payment setup into a harness builder. This keeps the initial fuzz scenario construction together and leaves the action loop with a smaller state surface.
Wrap the chanmon consistency state in a `Harness` struct. The fuzz loop now accesses nodes, links, queues, payments, and chain state through one owner while keeping the existing byte actions intact.
Move the main fuzz flow onto the harness. This completes the structural refactor so `do_test` is responsible for constructing and running the harness rather than managing the full scenario directly.
joostjager
force-pushed
the
fuzz-force-close
branch
from
67bcdec to
ada75ea
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add force-close coverage to the
chanmon_consistencyfuzzer. Previously, the fuzzer only exercised cooperative channel flows. This PR enables the fuzzer to force-close channels and verify that on-chain resolution, HTLC timeouts, and payment preimage propagation all work correctly under channel monitor consistencyconstraints.