Avoid reusing just-failed channels in the router, making the impossibility penalty configurable

[TheBlueMatt]

Some users want to keep a very long scorer data half-life to maintain knowledge for a longer period of time. Its somewhat unclear if that's optimal, but it is clear that it can cause the scorer to refuse to build a route when the only available channel failed most recently within the halflife. This is rather unexpected behavior, and the fact that the scorer must behave this way to avoid #1241 is very annoying in that it prevents fixing this.

Here we move the avoidance of just-failed channels into the router itself, allowing us to make the impossibility penalty configurable, which we do as well.

Closes #1241, superseding #1252.

[codecov-commenter]

Codecov Report

Merging #1600 (a863778) into main (4e5f74a) will increase coverage by 0.14%.
The diff coverage is 87.50%.

❗ Current head a863778 differs from pull request most recent head 5bff5f9. Consider uploading reports for the commit 5bff5f9 to get more accurate results

@@            Coverage Diff             @@
##             main    #1600      +/-   ##
==========================================
+ Coverage   90.86%   91.00%   +0.14%     
==========================================
  Files          80       80              
  Lines       44437    45502    +1065     
  Branches    44437    45502    +1065     
==========================================
+ Hits        40377    41409    +1032     
- Misses       4060     4093      +33     

Impacted Files	Coverage Δ
lightning/src/routing/router.rs	92.45% <77.77%> (+0.06%)	⬆️
lightning/src/routing/scoring.rs	97.57% <95.00%> (+1.50%)	⬆️
lightning/src/ln/channelmanager.rs	84.90% <100.00%> (+0.02%)	⬆️
lightning/src/ln/functional_test_utils.rs	95.24% <100.00%> (+<0.01%)	⬆️
lightning/src/chain/onchaintx.rs	93.98% <0.00%> (-0.93%)	⬇️
lightning/src/util/events.rs	39.25% <0.00%> (-0.29%)	⬇️
lightning/src/ln/functional_tests.rs	96.95% <0.00%> (-0.17%)	⬇️
lightning/src/ln/channel.rs	88.77% <0.00%> (+0.02%)	⬆️
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4e5f74a...5bff5f9. Read the comment docs.

[tnull]

Thanks, generally looks good, just some comments.

[TheBlueMatt]

Rebased and addressed feedback.

[tnull]

LGTM

[jkczyz]

Instead of checking payment_failed_on_this_channel twice, consider having a leading if expression.

if payment_failed_on_this_channel {
} else if /* ... */ {

[TheBlueMatt]

Oh, good idea, I moved all the existing if conditions to that!

[jkczyz]

This comment needs to be updated now since it's not only when equal to the effective capacity. Seems like the earlier change that added this now removed logic is what caused calculates_log10_without_overflowing_u64_max_value to not exercise the correct code path as mentioned earlier on that test (i.e., it doesn't hit the negative_log10_times_2048 case below.

[TheBlueMatt]

I read the comment differently - I read the comment to say "the calculation we're doing here is equivalent to..." which is still true, no?

[jkczyz]

Ah, yeah, you're right!

[jkczyz]

Largely looks good but one comment.

[jkczyz]

Ah, yeah, you're right!

[jkczyz]

Would it make sense to do the max of these two rather than adding? Is the idea that we want this to be >= anything given in the else clause?

[TheBlueMatt]

Yea, that's the idea. I suppose we could do a max. Originally I had it not adding the combined_penalty call at all but that seemed to brittle to deal with so switched to adding. I don't honestly have a strong opinion between adding and max, either way the docs can tell users what's going on, but for max i kinda worry users will acidentally set it too low and get no penalty here, which seems strange?

[jkczyz]

They would also need to set the other params lower, though, since max would select the combined penalty over the considered_impossible_penalty_msat if the latter were too low. So it's all kinda relative. Don't feel too strongly either though note that max may make debugging a little easier as otherwise you may need to mentally subtract some combined penalty if it is not obvious.

[TheBlueMatt]

Right, sure, I just meant it'd be easy for a user to look at the field and think "okay, let me pick something a bit higher than the liquidity offset, forget to multiply by 2 or whatever, and end up with a penalty equal to the liquidity penalty, which seems wrong? I dunno, I'm happy to mentally convert when we're debugging. Unless you feel strongly I'd suggest we leave it.

[jkczyz]

Right, sure, I just meant it'd be easy for a user to look at the field and think "okay, let me pick something a bit higher than the liquidity offset, forget to multiply by 2 or whatever, and end up with a penalty equal to the liquidity penalty, which seems wrong?

Plus base and amount penalty, FWIW.

I dunno, I'm happy to mentally convert when we're debugging. Unless you feel strongly I'd suggest we leave it.

Sure we can leave it. Though one thing I just realized is that either way now the penalty will be variable across channels depending on the amount. Maybe less so when using max but maybe that's an argument in favor of adding. That way if left to choose only channels exceeding the maximum liquidity, we'd prefer ones that would otherwise be penalized less.

[TheBlueMatt]

Squashed without further changes.

[TheBlueMatt]

Squashed yet again. Change since yesterday was:

diff --git a/lightning/src/routing/scoring.rs b/lightning/src/routing/scoring.rs
index 6aa19abaa..9fa62d83f 100644
--- a/lightning/src/routing/scoring.rs
+++ b/lightning/src/routing/scoring.rs
@@ -397,7 +397,8 @@ pub struct ProbabilisticScoringParameters {
 	/// current estimate of the channel's available liquidity.
 	///
-	/// Note that in this case the [`liquidity_penalty_multiplier_msat`] and
-	/// [`amount_penalty_multiplier_msat`]-based penalties are still included in the overall
-	/// penalty.
+	/// Note that in this case all other penalties, including the
+	/// [`liquidity_penalty_multiplier_msat`] and [`amount_penalty_multiplier_msat`]-based
+	/// penalties, as well as the [`base_penalty_msat`] and the [`anti_probing_penalty_msat`], if
+	/// applicable, are still included in the overall penalty.
 	///
 	/// If you wish to avoid creating paths with such channels entirely, setting this to a value of
@@ -408,4 +409,6 @@ pub struct ProbabilisticScoringParameters {
 	/// [`liquidity_penalty_multiplier_msat`]: Self::liquidity_penalty_multiplier_msat
 	/// [`amount_penalty_multiplier_msat`]: Self::amount_penalty_multiplier_msat
+	/// [`base_penalty_msat`]: Self::base_penalty_msat
+	/// [`anti_probing_penalty_msat`]: Self::anti_probing_penalty_msat
 	pub considered_impossible_penalty_msat: u64,
 }

[jkczyz]

66ca68a mentions failures on a payment-level, but isn't it really on a path-level? i.e., if two parts of an MPP fail on different channels, retrying one part could retry over the channel failed on the other part?

[TheBlueMatt]

Oops, right, sorry, rewrote that commit message without changes to the diff, added a note that it this does have the drawback of potentially retrying different parts along the same path, but hopefully the scorer doesn't let that happen unless the payment is gonna fail anyway.

[jkczyz]

Oops, right, sorry, rewrote that commit message without changes to the diff, added a note that it this does have the drawback of potentially retrying different parts along the same path, but hopefully the scorer doesn't let that happen unless the payment is gonna fail anyway.

Yeah, same across payments, but as you said hopefully the scorer will learn quickly enough.

[TheBlueMatt]

Rebased to address merge conflict.