State Recovery Swapd Implementation

[TheCharlatan]

This adds swapd state serialization, checkpointing and recovery.

The current workflow for restoration is only for cases where farcasterd is restarted. Peer reconnection is also not handled.

I left out of scope for now checking if we are overwriting a later state on recovery. For the current workflow it does not add much value and I don't want this pull request to have an even larger scope.

[codecov-commenter]

Codecov Report

Merging #485 (18a9d92) into main (a2f8071) will decrease coverage by 0.8%.
The diff coverage is 0.5%.

@@           Coverage Diff           @@
##            main    #485     +/-   ##
=======================================
- Coverage   12.3%   11.5%   -0.8%     
=======================================
  Files         34      34             
  Lines       9033    9631    +598     
=======================================
+ Hits        1111    1112      +1     
- Misses      7922    8519    +597     

Impacted Files	Coverage Δ
src/farcasterd/runtime.rs	0.0% <0.0%> (ø)
src/rpc/request.rs	15.2% <0.0%> (-0.1%)	⬇️
src/swapd/runtime.rs	0.0% <0.0%> (ø)
src/swapd/swap_state.rs	0.0% <0.0%> (ø)
src/swapd/syncer_client.rs	0.0% <0.0%> (ø)
src/swapd/temporal_safety.rs	0.0% <0.0%> (ø)
src/walletd/runtime.rs	0.0% <0.0%> (ø)
src/databased/runtime.rs	26.9% <3.7%> (-3.4%)	⬇️
src/rpc/mod.rs	22.2% <100.0%> (-2.8%)	⬇️
... and 9 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a2f8071...18a9d92. Read the comment docs.

[TheCharlatan]

I had a successful state restoration with the latest commit. I made and took an offer, funded it, terminated farcasterd, started farcasterd, restored the checkpoint and eventually got the amount refunded again. I'm going to keep on polishing and testing and on this pull request while I wait for review and merge of the others.

[zkao]

Since there are proper tests written already testing the added functionality, I would like to explore and test more on a fork of this branch

I guess I understood enough of the overall architecture, and the most of the intends on the code

[zkao]

I'm not convinced reusing Request::Hello is better than creating a new Request::NewVariant, that inherits no further semantics

[zkao]

farcasterd being the broker will send (or only receive?) this Hello request on the background as well

[TheCharlatan]

I guess we can add a ConnectionTest?

[zkao]

sure

[zkao]

I'm not sure if the way we launch swapd is appropriate on the context of state recovery

passing public_offer and trade_role made sense previously, but should probably go

[TheCharlatan]

It's nice to have these, so you can retrieve them when you do GetInfo on the swap.

[zkao]

my point is not about not having them. It's about not passing them as command line args, passing them through the Ctl bus instead

[zkao]

unconvinced weather public_offer and trade_role should be command line args here

[zkao]

why is this being removed? related to recovering state? and not yet knowing that you published buy? alice must checkpoint before publishing buy and after, so if a_buy_published() returns false after recovery, there is a bug

[zkao]

I think I get it. Checkpoint is not updated after checkpoint, but please confirm!

Not sure that is a bug. I was trying to be super strict on state transitions, but for state recovery it may justify it.

[zkao]

If that is the case, I find it more correct to set buy_published to true before checkpointing

[TheCharlatan]

I think I get it. Checkpoint is not updated after checkpoint, but please confirm!

Yeah, that is it.

I need to understand what we are protecting against by checking a_buy_published? How can this case be hit in the first place without it being published?

[zkao]

it does not look like a_buy_published is safety critical

It especially prevents us from publishing buy. the a_buy_published() == false protects us from not doing stuff out of order

How can this case be hit in the first place without it being published?

For me if it happens that we find Buy tx and are in a state that a_buy_published == false, we have a bug that must be addressed, because the protocol state and swapd are out of sync. This is why I enjoy swapd being very strict on its state evolution. But I agree this one specifically can go.

[TheCharlatan]

Thank you for the great review zkao. I will attempt to address your comments first in writing and will follow-up with some code later.

[zkao]

LGTM, continue deving in other PRs

[zkao]

it does not look like a_buy_published is safety critical

It especially prevents us from publishing buy. the a_buy_published() == false protects us from not doing stuff out of order

How can this case be hit in the first place without it being published?

For me if it happens that we find Buy tx and are in a state that a_buy_published == false, we have a bug that must be addressed, because the protocol state and swapd are out of sync. This is why I enjoy swapd being very strict on its state evolution. But I agree this one specifically can go.

[zkao]

It was my understanding that we are not be doing the (high level) data structure encoding manually, just encode the low level types, and derive the high level ones using the derive macros

[zkao]

high level here being HashMap and the low level the keys and values

[zkao]

i guess the data type of interest is List<T> from request.rs that is just a wrapper over vectors

[TheCharlatan]

I did not find a derive for HashMap, so I rolled this myself. I guess we can create a wrapper type for a HashMap, implement the strict encoding for it and then use it here.