Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLA+: Forking cases for tendermint #496

Merged
merged 6 commits into from
Sep 24, 2020
Merged

TLA+: Forking cases for tendermint #496

merged 6 commits into from
Sep 24, 2020

Conversation

konnov
Copy link
Contributor

@konnov konnov commented Jul 30, 2020
edited
Loading

This is the PR moved from the verification repository.

It contains a TLA+ specification of Tendermint consensus that is tuned to safety and fork scenarios.

@konnov konnov mentioned this pull request Jul 30, 2020
Closed
istoilkovska
istoilkovska reviewed Aug 4, 2020
View reviewed changes
Copy link
Contributor

@istoilkovska istoilkovska left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec looks very nice! The only thing that is not clear to me is what is expected as a result from model checking. I see a lot of files with counterexample in their name, and assume that we expect to see counterexamples. It would be nice if it this is explained in the README, as well as when submitting the pull request.

docs/spec/tendermint-fork-cases/TendermintAcc3.tla Show resolved Hide resolved
docs/spec/tendermint-fork-cases/TendermintAcc3.tla Outdated Show resolved Hide resolved
docs/spec/tendermint-fork-cases/TendermintAcc3.tla
\* the type of message records
MT == [type |-> STRING, src |-> STRING, round |-> Int,
proposal |-> STRING, validRound |-> Int, id |-> STRING]

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments on what the message record fields encode would be useful. For example, it is not clear that src is a process ID or that proposal is one of "PROPOSAL", "PREVOTE", "PRECOMMIT". Not sure if this is the appropriate place, maybe they can go in the file where the invariants are defined.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. This will change with the new type checker anyways.

docs/spec/tendermint-fork-cases/TendermintAcc3.tla Outdated Show resolved Hide resolved
docs/spec/tendermint-fork-cases/TendermintAcc3.tla Outdated Show resolved Hide resolved
docs/spec/tendermint-fork-cases/MC_n10_f3.tla Show resolved Hide resolved
docs/spec/tendermint-fork-cases/README.md Show resolved Hide resolved
@josef-widder josef-widder changed the title Forking cases for tendermint TLA+: Forking cases for tendermint Aug 7, 2020
@ebuchman ebuchman mentioned this pull request Aug 28, 2020
Closed
josef-widder
josef-widder approved these changes Sep 24, 2020
View reviewed changes
Copy link
Member

@josef-widder josef-widder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Perhaps we will revisit an polish in the future.

@konnov konnov merged commit 840e804 into master Sep 24, 2020
@konnov konnov deleted the igor/tendermint-fork branch September 24, 2020 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@istoilkovska istoilkovska istoilkovska left review comments

@josef-widder josef-widder josef-widder approved these changes

@milosevic milosevic Awaiting requested review from milosevic

@ebuchman ebuchman Awaiting requested review from ebuchman

Assignees
No one assigned
Labels
tla+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@konnov @istoilkovska @josef-widder