Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement liveness property in dynamic logic #498

Merged
40 commits merged into from
Sep 28, 2022
Merged

Implement liveness property in dynamic logic #498

40 commits merged into from
Sep 28, 2022

Conversation

ghost
Copy link

@ghost ghost commented Sep 19, 2022
edited by ghost
Loading

Fix #467

This PR does a couple things to "solve" the issue:

  • Update the q-d library to a newer version
  • Adapt the Model to the new version which decouples the model from the perform and thus alleviates the need for complex constraints in the ModelState instance for Hydra
  • Express the conflict-free liveness property from the paper using Dynamic Logic formalism, hopefully leading to more understandable properties
  • Introduce a couple more actions needed to express that property
  • Make the property pass (this required a couple fixes in the Model as the assumptions for some functions have changed)

Before investing a lot more time into this, I think it would be worthwhile to "stop & think" from this simple example.

@github-actions
Copy link

github-actions bot commented Sep 19, 2022
edited
Loading

Transactions Costs

Sizes and execution budgets for Hydra protocol transactions. Note that unlisted parameters are currently using arbitrary values and results are not fully deterministic and comparable to previous runs.

Metadata
Generated at 2022-09-28 16:57:51.276793216 UTC
Max. memory units 14000000
Max. CPU units 10000000000
Max. tx size (kB) 16384

Cost of Init Transaction

Parties Tx size % max Mem % max CPU Min fee ₳
1 4833 9.69 3.83 0.47
2 5041 13.44 5.32 0.52
3 5243 13.30 5.21 0.53
5 5653 19.12 7.50 0.61
10 6677 30.19 11.80 0.77
46 14060 99.77 38.56 1.85

Cost of Commit Transaction

Currently only one UTxO per commit allowed (this is about to change soon)

UTxO Tx size % max Mem % max CPU Min fee ₳
1 5771 19.85 8.02 0.62

Cost of CollectCom Transaction

Parties Tx size % max Mem % max CPU Min fee ₳
1 13058 20.68 8.29 0.95
2 13380 36.46 14.76 1.14
3 13772 56.24 22.95 1.38
4 14164 78.97 32.40 1.65

Cost of Close Transaction

Parties Tx size % max Mem % max CPU Min fee ₳
1 9327 8.19 3.36 0.65
2 9528 9.55 4.04 0.68
3 9657 9.75 4.27 0.68
5 10051 12.19 5.51 0.73
10 10224 12.93 5.00 0.74
30 14212 32.26 17.02 1.16
60 15213 36.71 13.91 1.22

Cost of Contest Transaction

Parties Tx size % max Mem % max CPU Min fee ₳
1 9331 8.16 3.34 0.65
2 9528 9.38 3.96 0.67
3 9691 10.16 4.42 0.69
5 10024 11.72 5.32 0.72
10 10886 16.20 7.80 0.82
30 14218 32.23 17.00 1.16
43 16367 42.55 22.94 1.38

Cost of Abort Transaction

Some variation because of random mixture of still initial and already committed outputs.

Parties Tx size % max Mem % max CPU Min fee ₳
1 13499 22.50 9.35 0.99
2 13817 38.24 16.27 1.18
3 13928 52.72 22.50 1.35
4 13824 63.38 26.98 1.47
5 14434 97.45 42.55 1.88

Cost of FanOut Transaction

Involves spending head output and burning head tokens. Uses ada-only UTxO for better comparability.

UTxO Tx size % max Mem % max CPU Min fee ₳
1 13484 10.26 4.46 0.86
2 13585 12.16 5.49 0.89
3 13487 12.92 6.07 0.89
5 13629 16.34 7.98 0.94
10 13807 24.25 12.50 1.04
50 15248 85.18 47.72 1.85
59 15570 98.90 55.65 2.04

@ghost ghost force-pushed the ensemble/implement-liveness-in-DL branch from 54f1ca3 to 126a5da Compare September 28, 2022 09:39
ffakenz and others added 28 commits September 28, 2022 10:20
@ffakenz @abailly
update index-state and remove source repository for quickcheck-dynamic
f3f880d
@ch1bo @abailly
Update haskell.nix for recent hackage
d213757
@ch1bo @abailly
Use nixpkgs as built & cached by haskell.nix
0d51399 
Also update iohkNix to not get a deprecation warning from the crypto overlay.
@ch1bo @abailly
Use websocat instead ws as the latter has been dropped from nix
85d2ca0
@ch1bo @abailly
Revert this approach to instead just bump the source-repository-depen…
defd9f6 
…dency

Getting the package from hackage is not a problem, but our upstream
dependencies are not fit for latest hackage versions and we did not want
to bother chasing constraints at this point.
@ch1bo @abailly
Try update the source-repository-package directly
970c4f8
@abailly
Add subdir to q-d source dependency
109fb97
@ch1bo @abailly
Move out ActionMonad and perform from our StateModel
e37dc2b 
This is due to the new 1.0.0 interface of quickcheck-dynamic
@ch1bo @abailly
Make Worldstate non-parameterized and remove code ❤️
950dfed
@abailly
Replace generic Command action with specific actions
01e3d02 
This kind of duplicates ClientInput
@ch1bo @abailly
Make commit action return ActualCommitted
81e8ae8 
Unfortunately, this was requiring to ditch record syntax as GADTs seem
not to allow duplicate record fields with differing return types.
@ch1bo @abailly
Define a waitMatch function on behavior level similar to our integrat…
2f39fc8 
…ion tests
@ffakenz @abailly
Fix perform commit usage of waitMatch
c9a6443
@abailly
[wip] Add postcondition on commit action to check result
0141955
@ch1bo @abailly
Provide a counter example of the action when postcondition failed
4f60d37
@ch1bo @abailly
Refine postcondition monitor
17590a0
@ch1bo @abailly
Make Commit action return a UTxOType Payment
d1f9360 
This keeps the conversion back to simple utxos out of the model.
@abailly
Show result of action in monitoring
5659abc 
Instead of requiring a Show instance on monitoring function we can
pattern match as suggested by Max.
@abailly
Upgrade to q-d 1.1.0
b32c4e0 
This gives us a Show instance for monitoring failures
@ffakenz @abailly
Make performCommit compile
6a91334
@abailly
Lookup signing key from UTxO's address
f32eda6
@ffakenz @abailly
Minor formatting improvements over performCommit
674a978
@ffakenz @abailly
Remove redundant assertion as it is already being checked by postcond…
9f7cefb 
…ition in the model
@abailly
[wip] introduce DL
6cd257e
@ffakenz @abailly
Refactor runIOSimProp to use with DL formulas
887d312
@abailly
Express conflict-free liveness property
7765177 
This requires introduction of 2 new actions in the model:
* Wait to give the underlying runner time to process messages
* ObserveConfirmedTx to check what's been observed by each node
@abailly
Update sha256 following bump in version:
9ff545a
@abailly
Add missing instances and patterns
15a75cd
@abailly
Fix failing ModelSpec compilation
2a1eab6
@abailly
[wip] start implementing missing actions
d1f5eb4
@abailly
DL property compiles but fails to run
f2860bd
@abailly
Make Stop no-op
e6af82e 
We should probably remove it...
@abailly
Refine check for UTxO to be visible
80ae565 
It's used in 2 different situations, one when observing some tx to
appear, another one waiting for a spendable UTxO before submitting the tx
@abailly
Do not interleave more actinos before observing tx
ee17d0d 
Our ObserveConfirmedTx action is not (yet) powerful enough to check
the UTxO produced is there or has been consumed by another tx
@abailly
Use same String representation for Payment and its UTxOType
362f44d 
This simplifies troubleshooting errors/failures
@abailly
Handle the case of multiple UTxO for same key
5500615
@abailly
Fix imports following rebase
a2d952d
@ghost ghost force-pushed the ensemble/implement-liveness-in-DL branch from 126a5da to a2d952d Compare September 28, 2022 10:33
@ghost ghost marked this pull request as ready for review September 28, 2022 10:38
@ghost ghost requested review from ch1bo, KtorZ, ffakenz, pgrange and v0d1ch September 28, 2022 10:38
@abailly
Increase timeout for property
b540308
@abailly
Remove useless Stop action
653a3fd 
It was just a stopgap solution in order to limit the length of NewTx
sequences we generate but it's not useful
@github-actions
Copy link

github-actions bot commented Sep 28, 2022
edited
Loading

Unit Test Results

255 tests  +1   249 ✔️ +1   14m 57s ⏱️ - 3m 41s
  91 suites ±0       6 💤 ±0 
    5 files   ±0       0 ±0 

Results for commit cc45906. ± Comparison against base commit f3b881a.

♻️ This comment has been updated with latest results.

v0d1ch
v0d1ch approved these changes Sep 28, 2022
View reviewed changes
Copy link
Contributor

@v0d1ch v0d1ch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR goes a bit over my head as I never used DynamicLogic but I think it looks good at least to my noob eyes.

hydra-node/test/Hydra/Model.hs Outdated Show resolved Hide resolved
hydra-node/test/Hydra/ModelSpec.hs Outdated Show resolved Hide resolved
ffakenz
ffakenz approved these changes Sep 28, 2022
View reviewed changes
Copy link
Contributor

@ffakenz ffakenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧙‍♂️

@ghost ghost merged commit 2505515 into master Sep 28, 2022
@ghost ghost deleted the ensemble/implement-liveness-in-DL branch September 28, 2022 18:04
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ch1bo ch1bo Awaiting requested review from ch1bo

@KtorZ KtorZ Awaiting requested review from KtorZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Express conflict-free liveness property using Dynamic Logic
5 participants
@pgrange @v0d1ch @ffakenz @ch1bo @abailly