Clarify ordering of KVStore remove(lazy=true) before write

[TheBlueMatt]

This is used by the new logic in lightning-persister so its best to clarify it. Its already implemented in our filesystem-backed store.

[ldk-reviews-bot]

👋 Thanks for assigning @joostjager as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.69%. Comparing base (f707245) to head (f03a651).
⚠️ Report is 58 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4113      +/-   ##
==========================================
- Coverage   88.72%   88.69%   -0.04%     
==========================================
  Files         177      177              
  Lines      133286   133286              
  Branches   133286   133286              
==========================================
- Hits       118253   118212      -41     
- Misses      12326    12361      +35     
- Partials     2707     2713       +6     

Flag	Coverage Δ
fuzzing	21.74% <ø> (ø)
tests	88.53% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joostjager]

Its already implemented in our filesystem-backed store.

Looking at the code again, is this actually the case? If remove is lazy, according to docs, there is no guarantee that the file is immediately deleted. So what happens if a write comes before the file is actually deleted?

Or is this correct because fs::remove_file does have an immediate effect that ensures that a subsequent write will always create a new file?

[tnull]

Looking at the code again, is this actually the case? If remove is lazy, according to docs, there is no guarantee that the file is immediately deleted. So what happens if a write comes before the file is actually deleted?

AFAIU we can't lean on that, especially since as with everything filesystem-related, the behavior might vary from OS to OS.

[TheBlueMatt]

Or is this correct because fs::remove_file does have an immediate effect that ensures that a subsequent write will always create a new file?

Yes, removing the file itself has immediate effect, it just may not be written to disk immediately, so on a crash the file may reappear.

[TheBlueMatt]

The "no guarantee that the file is immediately deleted" reference in the remove_file docs is made somewhat clearer by the parenthetical - the storage space on disk my still be held if there are open file descriptors, but that doesn't mean the file still exists at the provided path. The Unix unlink terminology makes this somewhat clearer.

[joostjager]

Yes, e.g., depending on platform, other open file descriptors may prevent immediate removal. "E.g.", not sure if we can work with that.

Yes, removing the file itself has immediate effect, it just may not be written to disk immediately, so on a crash the file may reappear.

But it is guaranteed that if we, before crashing, create a new file, that will be the one in existence after coming back up?

[TheBlueMatt]

But it is guaranteed that if we, before crashing, create a new file, that will be the one in existence after coming back up?

Yes, because when we write we fsync the written file. Basically a reasonable mental model for the FS here is that all writes/removes/etc are just queueing an operation in memory and fsync says "take everything queued and just write the latest state, blocking until its on disk".

[ldk-reviews-bot]

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

[tnull]

Re-reading the additional assumptions, I'm really questioning the benefit of the lazy flag at all. Its utility was always not entirely clear mod some cloud environments where you actually could save an explicit call in some scenarios. However, I doubt we could make use of this given the additional constraints.

TLDR: can we just drop the lazy flag?

[tnull]

Re-reading the additional assumptions, I'm really questioning the benefit of the lazy flag at all. Its utility was always not entirely clear mod some cloud environments where you actually could save an explicit call in some scenarios. However, I doubt we could make use of this given the additional constraints.

TLDR: can we just drop the lazy flag?

Now opened #4116 as an alternative to this PR.

[TheBlueMatt]

We did #4116 instead.