simln-lib/refactor: fully deterministic produce events

[f3r10]

Description

The goal of this PR is to achieve fully deterministic runs to get reproducible simulations

Changes

• nodes: HashMap<PublicKey, Arc<Mutex<dyn LightningNode>>> Update HashMap for a BTreeMap. A HashMap does not maintain an order, which has an impact when the simulation is running, making the results unpredictable. Using a BTreeMap, the order of the nodes is always the same.
• dispatch_producers acts as a master task, generating all the payments of the nodes, getting the random destination, and only then spawning a threat for producing the events (produce_events)

Addresses #243

[f3r10]

Opening in draft still need to fix some issues.
But I think it is ready for a first review pass @carlaKC

[carlaKC]

btw don't worry about fixups until this is out of draft - when review hasn't properly started it's okay to just squash em!

[carlaKC]

Direction looking good here! Main comment is that I think we need to have a step where we replenish our heap by calling generate_payments again?

• If payment_count().is_none() we return a single payment from generate_payments
• For RandomPaymentActivity, this means we'll do one payment per node and then shut down?

Related to this is that we possibly don't want to queue up tons of events for when payment_count is defined (say, we want a million payments, we'll queue up a million items which is a bit of a memory waste). This probably isn't much of a big deal, because I'd imagine this use case is primarily for smaller numbers but something to keep in mind as we address the above requirement.

Also would be good to rebase this early on to get to a more current base 🙏

[f3r10]

Direction looking good here! Main comment is that I think we need to have a step where we replenish our heap by calling generate_payments again?

The idea would be to generate all the payments at once, so the master task would dispatch the events.

If payment_count().is_none() we return a single payment from generate_payments

Yes, in this case, only one payment is generated

For RandomPaymentActivity, this means we'll do one payment per node and then shut down?

Yes, right now it is working in this mode 🤔

Related to this is that we possibly don't want to queue up tons of events for when payment_count is defined (say, we want a million payments, we'll queue up a million items which is a bit of a memory waste). This probably isn't much of a big deal, because I'd imagine this use case is primarily for smaller numbers but something to keep in mind as we address the above requirement.

Yes, you are right, maybe it would be better to create some batches of payments. I am going to try to come up with an alternative to reduce the memory waste. 🤔

[f3r10]

Hi @carlaKC , I've developed a new approach for the event generation system. The core idea is to centralize the random number generation to ensure deterministic outcomes for our simulations.

Here's a breakdown of the design:

1. Central Manager Task: A dedicated thread runs a central manager. This manager is the sole source for generating both random wait times and random destinations. By centralizing this, we ensure that the sequence of random numbers generated for these critical values is entirely reproducible, given a fixed seed.

2. Executor Event Listeners: For each executor, a separate thread is spawned. These threads act as listeners for payment events, forwarding them to the designated consumers once received.

3. Payment Event Generators: Concurrently, for each executor, another thread is spawned. These threads are responsible for generating payment events in a continuous loop (e.g., for RandomActivity). Each generator thread communicates with the central manager via a dedicated channel to request a wait time. After awaiting the specified duration, it sends another event to the manager to trigger the calculation of a random destination. Once the destination is determined, the manager dispatches a final event to the respective event listener thread (as described in the previous point).

This design ensures that the wait times and final destinations are entirely deterministic across simulation runs. However, there is a new challenge with the non-deterministic order of thread execution.

The Determinism Challenge

While the values generated (wait times, destinations) are fixed if the random number generator is seeded, the order in which the executor threads request these values is not guaranteed. For example, if we have ex1 and ex2 executors:

Execution 1:
    ex1 gets wait_time 0 → destination node_3
    ex2 gets wait_time 1 → destination node_4

Execution 2 (possible non-deterministic order):
    ex2 gets wait_time 0 → destination node_3
    ex1 gets wait_time 1 → destination node_4

This means that even though the sequence of random numbers from the central manager is the same, which executor consumes which number from that sequence is left to the operating system's scheduler, leading to variations in the overall simulation flow.

Proposed Solution for Execution Order

To achieve full simulation determinism, including the order of execution, I'm considering adding a tiny, randomized initial sleep time before each executor thread begins its main loop. While seemingly counter-intuitive, this jitter can effectively "break ties" in thread scheduling in a controlled, reproducible way when combined with a seeded random number generator. This would allow us to deterministically influence which thread acquires the next available random number from the central manager.

WDYT?

[carlaKC]

Deleted previous comment - it had some misunderstandings.

Why can't we keep the current approach of generating a queue of events and then replenish the queue when we run out of events? By generating all of our payment data in one place, we don't need to worry about thread execution order.

I think that this can be as simple as pushing a new event to the queue every time we pop one? We might need to track some state for payment count (because we'll need to remember how many we've had), but for random activity it should be reasonable.

[carlaKC]

Rough sketch of what I was picturing:

Queue up initial set of events:

• for each executor
  • Get wait time and destination
  • Push wait time, destination and ExecutorKit onto head

Read from heap:

• Pop event off heap
• Sleep until wait time is reached
• Send SimulationEvent::SendPayment into the channel for the executor
• Generate a new wait time and destination from the ExecutorKit
• Read from heap until shutdown

Instinct about this is:

• Always generating payment destination in one places fixes our determinism issue
• Re-queueing on pop + sorting by time means we'll never run out of events for each executor
• The nasty thing will be payment counts, we're probably going to have to store those in the heap and know when we don't need to queue anything else

[f3r10]

hi @carlaKC I think that now it is working as expected 💪

[carlaKC]

Some relative timestamp issues that we need to address - didn't occur to me earlier in design phase.

I noticed this when testing out against a toy network, would be good to have some unit tests to assert that we get the payment sequence that we're expecting (should be reasonable to do with defined activities with set wait times / counts).

[carlaKC]

Shouldn't we continue here? If one activity hits its payment_count, it doesn't mean that we're finished with all other payments?

[carlaKC]

We're going to have to use an absolute time here - my bad, should have realized that earlier in the design process.

Since we process and sleep all in one queue, a relative value doesn't work because we're always starting from zero when we pop an item off.

For example: say we have two activities, one executes every 5 seconds, the other every 10.

• We push two items to the heap, one in 5 seconds one in 10 seconds
• We sleep 5 seconds, then pop the 5 second event and fire it
• We re-generate another event which should sleep 5 seconds
• We'll push that onto the heap, and it's the next soonest event
• We then sleep another 5 seconds, then pop the next 5 second event

We'll continue like this forever, never hitting the 10 second event. If we have absolute times, that won't happen because the 10 second event will eventually bubble up.

[f3r10]

Oh!! right good catch

[carlaKC]

Looking at the latest version - isn't relative time still an issue here?

[f3r10]

No, really. In the latest version, absolute_time is used for heap ordering, whereas wait_time is only for sleeping.

I added two unit tests, one for the defined activities with a defined payment count and the other for testing the random Rng, and the behaviour is as expected 🤔

[carlaKC]

No, really. In the latest version, absolute_time is used for heap ordering, whereas wait_time is only for sleeping.

Seems like unnecessary complexity to duplicate these values when we could just track absolute_time and sleep for abs time - now?

[carlaKC]

in each tick of the loop, the now time changes, and the difference between the abs time and now is not the same as the expected wait_time 🤔

Don't we want this? The amount of time that we want to wait for each payment is the time between payments for that node - not the amount of time since we popped it off our heap?

Eg: starting at t0, with the following payments in the heap
abs_time = t5
abs_time = t7

• We start at t0
• Pop t5 off the heap
• Now = t0
• Wait = t5 - t0 = 5 seconds
• Dispatch payment after 5 seconds, now = t5
• Pop t7 off the heap
• Wait = t7 - t5 = 2 seconds
• Dispatch payment after 2 seconds

Here, we've waited a total of 7 seconds to dispatch the payment that was set to go off at absolute time t7. If we tracked the time that we added it to calculate the total wait time, then we would have waited for 7 seconds plus the sum of all the payment waits before it?

[f3r10]

you are right @carlaKC I think I found the problem. Right now, the next payment is generated before the sleep; therefore, the difference between abs time and now is, on some occasions, negative. If the next payment is generated after the sleep part, the difference is always positive.

Using the new approach, there are still problems with negative times, but in the order of -847.822µs, which should be zero.

.. quite difficult dealing with time 😅

[carlaKC]

.. quite difficult dealing with time 😅

indeed 💀

[carlaKC]

Using the new approach, there are still problems with negative times, but in the order of -847.822µs, which should be zero.

We might want to just add some sort of quality check in here that this isn't drifting too far? It we're lagging too far behind then the expected number of payments we simulate will be off. We can just pick a magic number and error out if it's too big.

Happy to leave this for a follow up!

[f3r10]

This is the part that is dealing with it https://github.com/bitcoin-dev-project/sim-ln/pull/277/files#diff-887dd37ec76113778ea02ac50b44aa1ee99a96b73e917f2fa1d3e42358792f43R1104
For now, if the times are negative, it will always return 0s.

I also found another issue related to how time measurements are done in Rust. For example, instead of getting 4s, the result will be 3.99324, and at the end, summing up those differences would result in breaking the deterministic aspect that we want to achieve.

[carlaKC]

nit: don't need the else branch if we're continuing

[carlaKC]

nit: generate_payment? we're only adding one

[carlaKC]

Looking at this again - I think we can actually just store the payment event in the heap and keep a hashmap of executors / payment counts. When we pop an event off, we just look up the stuff we need in the hashmap and increment the count there, rather than clagging up the hashmap with large structs.

[f3r10]

Still thinking about how to add tests to assert that we get the payment sequence that we're expecting 🤔
Right now, there is only one test checking the number of payments and the expected elapsed time

[carlaKC]

nit: just to be aware of, cargo fmt breaks in selects for some ungodly reason, so it's worth trying to do a little manual formatting

[carlaKC]

I'm finding the design decisions in this PR quite difficult to follow. To me the obvious approach is to queue cheap-to-copy payment events and track node stats/executors in one big hashmap. Happy to hear arguments for this way, but currently not convinced.

[carlaKC]

let payment_amount = executor
    .payment_generator
    .payment_amount(payload.capacity)
    .map_err(SimulationError::PaymentGenerationError)?;

generate_payment(&mut heap, executor, payload.current_count + 1, payment_event_payloads.clone()).await?;

if payment_amount == 0 {
    log::debug!(
        "Skipping zero amount payment for {source} -> {}.", 
        payload.destination,
    );
    continue;
}

[f3r10]

Somehow with this change, rust is not able to infer the Err type and force me to add return Ok::<(), SimulationError>(()) 🤔

[carlaKC]

No, really. In the latest version, absolute_time is used for heap ordering, whereas wait_time is only for sleeping.

Seems like unnecessary complexity to duplicate these values when we could just track absolute_time and sleep for abs time - now?

[f3r10]

I'm finding the design decisions in this PR quite difficult to follow. To me the obvious approach is to queue cheap-to-copy payment events and track node stats/executors in one big hashmap. Happy to hear arguments for this way, but currently not convinced.

Thanks for the feedback, using one big hashmap for the executors is a much better design.

[carlaKC]

Haven't reviewed the tests yet, but looking semantically correct now 👍

No real need for fixups here since this is one commit - feel free to squash what you have and just force push changes, there isn't a commit structure to preserve in this case.

[carlaKC]

nit: pubkey -> source?

[carlaKC]

This isn't every intuitively named.

[carlaKC]

unnecessary clone

[carlaKC]

nit: Comments should start with capital and end with .

[carlaKC]

Here the caller somewhat assumes understanding of the implementation of the network generator.

I think that we should move this sort into NetworkGraphView and then add a note on the trait that implementations should be deterministic if called with the same seed.

[carlaKC]

Thoughts on making this an Option? Since we don't need it for payments that aren't count-bounded.

[f3r10]

I think it is not necessary. It will make the code unnecessarily more verbose. Right now, the counter is only used here.

if let Some(c) = payment_tracker.executor.payment_generator.payment_count() {
    if c == payment_tracker.payments_completed {
        log::info!( "Payment count has been met for {}: {c} payments. Stopping the activity.", payment_tracker.executor.source_info);
        continue
    }
}

And also in get_payment_delay, which does not accept an option

[carlaKC]

Let's add a log here - can see it being useful in debugging

[carlaKC]

None of the ? errors will be caught now, because we're spawning this in a task? I believe the loop will exit but we won't see the error.

I think that we should pull this out into a function and then the spawn callsite is responsible for checking whether it exists with an error and triggering shutdown appropriately if it does (like the tasks spawned in internal_run).

[f3r10]

The generate_payment is not part of the task.spawn; it is located just before.
As I understand, the select! macro does not spawn tasks 🤔

[carlaKC]

I mean that we spawn all of this code in a task on line 1088. Any ? that we use in the block of code that is spawned in the task is just swallowed, so we can silently fail rather than printing out the error.

To try this yourself, add a return(Err()) anywhere in this select - the program shuts down but we can't see the error.

[f3r10]

Oh right, I see it now 😅

[carlaKC]

Motivation for using seconds here?

[f3r10]

it is also available as_millis_f64() but is not stable yet

    #[unstable(feature = "duration_millis_float", issue = "122451")]
    #[must_use]
    #[inline]
    #[rustc_const_unstable(feature = "duration_consts_float", issue = "72440")]
    pub const fn as_millis_f64(&self) -> f64 {
    ...

[carlaKC]

No need then!

[carlaKC]

Why not generate this along with the rest of the details we push onto the heap?

Doesn't necessarily have to change, just interested in motivation.

[f3r10]

🤔 not motivation. I am going to move it along with the other details so is more concise.