state: handle on-chain HTLCs.

When a unilateral close occurs, we have to watch on-chain ("live")
HTLCs.  If the other side spends their HTLC output, we need to grab
the rvalue.  If it times out, we need to spend it back to ourselves.
If we get an R value, we need to spend our own HTLC output back to
ourselves.

Because there are multiple HTLCs, this doesn't fit very neatly into a
state machine.  We divide into "have htlcs" and "don't have htlcs",
and use a INPUT_NO_MORE_HTLCS once all htlcs are resolved to transition.

Our test harness now tracks individual HTLCs, so we refined some
inputs (in particular, it won't try to complete/timeout an HTLC before
we have any).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

state_types.h

@@ -3,11 +3,12 @@
 /* FIXME: cdump is really dumb, so we put these in their own header. */
 #include "lightning.pb-c.h"
 
-#define STATE_CLOSE_STEAL_BIT 1
-#define STATE_CLOSE_SPENDTHEM_BIT 2
-#define STATE_CLOSE_CLOSE_BIT 4
-#define STATE_CLOSE_OURCOMMIT_BIT 8
-#define STATE_CLOSE_SPENDOURS_BIT 16
+#define STATE_CLOSE_HTLCS_BIT 1
+#define STATE_CLOSE_STEAL_BIT 2
+#define STATE_CLOSE_SPENDTHEM_BIT 4
+#define STATE_CLOSE_CLOSE_BIT 8
+#define STATE_CLOSE_OURCOMMIT_BIT 16
+#define STATE_CLOSE_SPENDOURS_BIT 32
 
 enum state {
 	STATE_INIT_NOANCHOR,
@@ -36,6 +37,9 @@ enum state {
 	STATE_WAIT_FOR_HTLC_ACCEPT_LOWPRIO,
 	STATE_WAIT_FOR_HTLC_ACCEPT_HIGHPRIO,
 
+	STATE_WAIT_FOR_UPDATE_ACCEPT_LOWPRIO,
+	STATE_WAIT_FOR_UPDATE_ACCEPT_HIGHPRIO,
+	
 	STATE_WAIT_FOR_UPDATE_COMPLETE_LOWPRIO,
 	STATE_WAIT_FOR_UPDATE_COMPLETE_HIGHPRIO,
 
@@ -50,6 +54,11 @@ enum state {
 	/* They told us to close, waiting for ack msg. */
 	STATE_WAIT_FOR_CLOSE_ACK,	
 
+	/* All closed. */
+	STATE_CLOSED,
+	/* Just waiting for HTLCs to resolve. */
+	STATE_CLOSE_WAIT_HTLCS,
+
 	/*
 	 * They can broadcast one or more revoked commit tx, or their latest
 	 * commit tx at any time.  We respond to revoked commit txs by stealing
@@ -88,35 +97,67 @@ enum state {
 	 * - steal + mutual_close + spend_ours
 	 * - spend_them + mutual_close + spend_ours
 	 * - steal + spend_them + mutual_close + spend_ours
+	 *
+	 * Each of these has with-HTLC and without-HTLC variants, except:
+	 *
+	 * 1) We never agree to close with HTLCs,
+	 * 2) We don't care about htlcs if we steal (we steal all outputs).
+	 *
+	 * Now, it is possible for us to CLOSE and them to have an HTLC,
+	 * because we could close partway through negotiation.  So, any
+	 * commit tx they publish could introduce HTLCs.
+	 *
+	 * Thus, HTLC variants are only possible with SPENDTHEM, OR
+	 * OURCOMMIT/SPENDOURS, and only no CLOSE (since CLOSE implies no HTLCs).
 	 */
 	STATE_CLOSE_WAIT_STEAL,
+	STATE_UNUSED_CLOSE_WAIT_STEAL_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM,
+	STATE_CLOSE_WAIT_SPENDTHEM_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_WITH_HTLCS,
 	STATE_CLOSE_WAIT_CLOSE,
+	STATE_UNUSED_CLOSE_WAIT_CLOSE_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_CLOSE,
+	STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE,
+	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_WITH_HTLCS,
 
 	STATE_CLOSE_WAIT_OURCOMMIT,
+	STATE_CLOSE_WAIT_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_OURCOMMIT,
+	STATE_CLOSE_WAIT_STEAL_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM_OURCOMMIT,
+	STATE_CLOSE_WAIT_SPENDTHEM_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_OURCOMMIT,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_CLOSE_OURCOMMIT,
+	STATE_UNUSED_CLOSE_WAIT_CLOSE_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_CLOSE_OURCOMMIT,
+	STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_OURCOMMIT,
+	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_OURCOMMIT_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_OURCOMMIT,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_OURCOMMIT_WITH_HTLCS,
 
 	STATE_CLOSE_WAIT_SPENDOURS,
+	STATE_CLOSE_WAIT_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDOURS,
+	STATE_CLOSE_WAIT_STEAL_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM_SPENDOURS,
+	STATE_CLOSE_WAIT_SPENDTHEM_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_SPENDOURS,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_CLOSE_SPENDOURS,
+	STATE_UNUSED_CLOSE_WAIT_CLOSE_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_CLOSE_SPENDOURS,
+	STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_SPENDOURS,
+	STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_SPENDOURS_WITH_HTLCS,
 	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_SPENDOURS,
-
-	/* All closed. */
-	STATE_CLOSED,
+	STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_SPENDOURS_WITH_HTLCS,
 
 	/*
 	 * Where angels fear to tread.
@@ -189,7 +230,13 @@ enum state_input {
 	BITCOIN_ANCHOR_THEIRSPEND,
 	/* Anchor was spent by another commit tx (eg. expired). */
 	BITCOIN_ANCHOR_OTHERSPEND,
-
+	/* They spent an HTLC to them (revealing R value). */
+	BITCOIN_HTLC_TOTHEM_SPENT,
+	/* HTLC to them timed out, we can get funds now. */
+	BITCOIN_HTLC_TOTHEM_TIMEOUT,
+	/* HTLC to us timed out. */
+	BITCOIN_HTLC_TOUS_TIMEOUT,
+	
 	/* Our spend of their commit tx is completely buried. */
 	BITCOIN_SPEND_THEIRS_DONE,
 	/* Our spend of our own tx is completely buried. */
@@ -198,6 +245,13 @@ enum state_input {
 	BITCOIN_STEAL_DONE,
 	/* Bitcoin close transaction considered completely buried. */
 	BITCOIN_CLOSE_DONE,
+	/* Our HTLC spend is completely buried. */
+	BITCOIN_HTLC_FULFILL_SPEND_DONE,
+	/* Our HTLC refund spend has is completely buried. */
+	BITCOIN_HTLC_RETURN_SPEND_DONE,
+
+	/* We are not watching any HTLCs any more. */
+	INPUT_NO_MORE_HTLCS,
 
 	/*
 	 * Timeouts.