moved a check from CERTS to LEDGER

Author: Soupstraw

default.nix

@@ -74,7 +74,6 @@ let
 
 in rec
 {
-
   agdaWithDeps = agdaWithPkgs deps;
 
   latex = texlive.combine {

src/Ledger/Certs.lagda

@@ -466,7 +466,6 @@ data _⊢_⇀⦇_,CERTBASE⦈_ where
         validVoteDelegs  = voteDelegs ∣^ (  mapˢ (credVoter DRep) (dom dReps)
                                         ∪ fromList (noConfidenceRep ∷ abstainRep ∷ []) )
     in
-    ∙ filter isKeyHash wdrlCreds ⊆ dom voteDelegs
     ∙ mapˢ (map₁ stake) (wdrls ˢ) ⊆ rewards ˢ
       ────────────────────────────────
       ⟦ e , pp , vs , wdrls , cc ⟧ ⊢

src/Ledger/Certs/Properties.agda

@@ -148,15 +148,13 @@ instance
         open GState (gState cs); open DState (dState cs)
         refresh = mapPartial getDRepVote (fromList votes)
         refreshedDReps  = mapValueRestricted (const (CertEnv.epoch ce + drepActivity)) dreps refresh
-    in case ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom wdrls)) ⊆ dom voteDelegs
-              × mapˢ (map₁ RwdAddr.stake) (wdrls ˢ) ⊆ rewards ˢ ¿ of λ where
-      (yes p) → success (-, CERT-base p)
+    in case ¿ mapˢ (map₁ RwdAddr.stake) (wdrls ˢ) ⊆ rewards ˢ ¿ of λ where
+      (yes p) → success (-, CERT-base (p {_}))
       (no ¬p) → failure (genErrors ¬p)
-  Computational-CERTBASE .completeness ce st _ st' (CERT-base p)
-    rewrite let dState = CertState.dState st; open DState dState in
-      dec-yes ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom (CertEnv.wdrls ce))) ⊆ dom voteDelegs
-                × mapˢ (map₁ RwdAddr.stake) (CertEnv.wdrls ce ˢ) ⊆ rewards ˢ ¿
-        p .proj₂ = refl
+  Computational-CERTBASE .completeness ce st _ st' (CERT-base p) with 
+    ¿ mapˢ (map₁ RwdAddr.stake) (CertEnv.wdrls ce ˢ) ⊆ (st .CertState.dState .DState.rewards) ˢ ¿
+  ... | yes _ = refl
+  ... | no ¬q = ⊥-elim (¬q p)
 
 Computational-CERTS : Computational _⊢_⇀⦇_,CERTS⦈_ String
 Computational-CERTS = it
@@ -256,7 +254,7 @@ module _  {Γ : CertEnv}
 
     CERTBASE-pov  {s  = cs}
                   {s' = cs'}
-                  (CERT-base {pp}{vs}{e}{dreps}{wdrls} (_ , wdrlsCC⊆rwds)) =
+                  (CERT-base {pp}{vs}{e}{dreps}{wdrls} wdrlsCC⊆rwds) =
       let
         open DState (dState cs )
         open DState (dState cs') renaming (rewards to rewards')

src/Ledger/Conway/Conformance/Certs.agda

@@ -205,7 +205,6 @@ data _⊢_⇀⦇_,CERTBASE⦈_ : CertEnv → CertState → ⊤ → CertState →
         wdrlCreds       = mapˢ stake (dom wdrls)
         validVoteDelegs  = voteDelegs ∣^ (mapˢ (credVoter DRep) (dom dReps) ∪ fromList (noConfidenceRep ∷ abstainRep ∷ []))
     in
-    ∙ filterˢ isKeyHash wdrlCreds ⊆ dom voteDelegs
     ∙ mapˢ (map₁ stake) (wdrls ˢ) ⊆ rewards ˢ
       ────────────────────────────────
       ⟦ e , pp , vs , wdrls , cc ⟧ ⊢

src/Ledger/Conway/Conformance/Certs/Properties.agda

@@ -194,15 +194,13 @@ instance
 
     goal : ComputationResult String
            (∃-syntax (_⊢_⇀⦇_,CERTBASE⦈_ ⟦ CertEnv.epoch ce , pp , votes , wdrls , _ ⟧ st sig))
-    goal = case ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom wdrls)) ⊆ dom voteDelegs
-              × mapˢ (map₁ RwdAddr.stake) (wdrls ˢ) ⊆ rewards ˢ ¿ of λ where
-      (yes p) → success (-, CERT-base p)
-      (no ¬p) → failure (genErr ¬p)
-  Computational-CERTBASE .completeness ce st _ st' (CERT-base p)
-    rewrite let dState = CertState.dState st; open DState dState; open CertEnv ce in
-      dec-yes ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom wdrls)) ⊆ dom voteDelegs
-                × mapˢ (map₁ RwdAddr.stake) (wdrls ˢ) ⊆ rewards ˢ ¿
-        p .proj₂ = refl
+    goal = case ¿ mapˢ (map₁ RwdAddr.stake) (wdrls ˢ) ⊆ rewards ˢ ¿ of λ where
+      (yes p) → success (-, CERT-base (p {_}))
+      (no ¬p) → failure (genErrors ¬p)
+  Computational-CERTBASE .completeness ce st _ st' (CERT-base p) with
+    ¿ mapˢ (map₁ RwdAddr.stake) (CertEnv.wdrls ce ˢ) ⊆ (st .CertState.dState .DState.rewards) ˢ ¿
+  ... | yes _ = refl
+  ... | no ¬q = ⊥-elim (¬q p)
 
 Computational-CERTS : Computational _⊢_⇀⦇_,CERTS⦈_ String
 Computational-CERTS = it

src/Ledger/Conway/Conformance/Equivalence.agda

@@ -104,7 +104,7 @@ lem-cert-deposits-valid : ∀ {Γ s tx s'} (open L.LEnv Γ using (pparams))
                         → isValid tx ≡ true
                         → Γ L.⊢ s ⇀⦇ tx ,LEDGER⦈ s'
                         → updateLedgerDeps pparams tx (certDeposits s) ≡ᵈ certDeposits s'
-lem-cert-deposits-valid {Γ} {s} {tx} {s'} refl (L.LEDGER-V⋯ refl utxow certs gov) rewrite sym (lemUpdateDeposits refl utxow) =
+lem-cert-deposits-valid {Γ} {s} {tx} {s'} refl (L.LEDGER-V⋯ refl utxow certs u gov) rewrite sym (lemUpdateDeposits refl utxow) =
   lem-upd-ddeps pparams deps tx ,
   lem-upd-gdeps pparams deps tx
   where
@@ -137,7 +137,7 @@ instance
                     certDeposits-s' ≡ᵈ certDeposits s'
                   × Γ C.⊢ (certDeposits s ⊢conv s) ⇀⦇ tx ,LEDGER⦈ (certDeposits-s' ⊢conv s')
   -- LEDGERToConf {Γ} {s} {tx} {s'} .convⁱ (cdeps , eq-cdeps) r@(L.LEDGER-V⋯ refl utxow certs gov) =
-  LEDGERToConf {Γ} {s} {tx} {s'} .convⁱ _ r@(L.LEDGER-V⋯ refl utxow certs gov) =
+  LEDGERToConf {Γ} {s} {tx} {s'} .convⁱ _ r@(L.LEDGER-V⋯ refl utxow certs u gov) =
     updateLedgerDeps pparams tx (certDeposits s)
     , lem-cert-deposits-valid refl r
     , subst₂ (λ • ◆ → Γ C.⊢ getCertDeps* cdeposits ⊢conv s ⇀⦇ tx ,LEDGER⦈ ⟦ • , _ , ◆ ⟧)
@@ -157,7 +157,7 @@ instance
       certs' : _ C.⊢ (getCertDeps* cdeposits ⊢conv certState) ⇀⦇ txcerts ,CERTS⦈ certStateC'
       certs' = cdeposits ⊢conv certs
       ledger' : Γ C.⊢ (getCertDeps* cdeposits ⊢conv s) ⇀⦇ tx ,LEDGER⦈ C.⟦ utxoStC' , govSt' , certStateC' ⟧ˡ
-      ledger' = C.LEDGER-V⋯ refl utxow' certs' gov
+      ledger' = C.LEDGER-V⋯ refl utxow' certs' u gov
       utxoEq  : utxoStC' ≡ utxoSt'
       utxoEq  = cong (λ • → ⟦ _ , _ , • , _ ⟧)
                      (lemUpdateDeposits refl utxow)
@@ -228,7 +228,7 @@ instance
                                     ⭆ Γ L.⊢ conv s ⇀⦇ tx ,LEDGER⦈ conv s'
   LEDGERFromConf .convⁱ _ (C.LEDGER-I⋯ invalid utxow) with inj₁ invalid ⊢conv utxow
   ... | utxow' rewrite lemInvalidDepositsC invalid utxow = L.LEDGER-I⋯ invalid utxow'
-  LEDGERFromConf {Γ} {s} {tx} {s'} .convⁱ wf (C.LEDGER-V⋯ refl utxow certs gov) =
+  LEDGERFromConf {Γ} {s} {tx} {s'} .convⁱ wf (C.LEDGER-V⋯ refl utxow certs u gov) =
     subst (λ • → Γ L.⊢ conv s ⇀⦇ tx ,LEDGER⦈ ⟦ • , govSt' , conv certSt' ⟧) eqUtxo ledger'
     where
       open C.LEnv Γ
@@ -251,7 +251,7 @@ instance
       ledger' : Γ L.⊢ conv s ⇀⦇ tx ,LEDGER⦈ L.⟦ setDeposits (utxowDeposits utxow) utxoSt'
                                               , govSt'
                                               , conv certSt' ⟧ˡ
-      ledger' = L.LEDGER-V⋯ refl utxow' (conv certs) gov
+      ledger' = L.LEDGER-V⋯ refl utxow' (conv certs) u gov
 
 open IsEquivalence ≡ᵈ-isEquivalence renaming (refl to ≡ᵈ-refl; sym to ≡ᵈ-sym; trans to ≡ᵈ-trans)
 
@@ -269,7 +269,7 @@ lemCERTS'DepositsC (BS-ind (C.CERT-vdel (C.GOVCERT-deregdrep _)) rs) = lemCERTS'
 lemCERTS'DepositsC (BS-ind (C.CERT-vdel (C.GOVCERT-ccreghot  _)) rs) = lemCERTS'DepositsC rs
 
 lemWellformed : ∀ {Γ s tx s'} → WellformedLState s → Γ C.⊢ s ⇀⦇ tx ,LEDGER⦈ s' → WellformedLState s'
-lemWellformed {Γ} {s = ls} {tx} {s' = ls'} wf (C.LEDGER-V⋯ refl utxo certs gov) = goal
+lemWellformed {Γ} {s = ls} {tx} {s' = ls'} wf (C.LEDGER-V⋯ refl utxo certs u gov) = goal
   where
     open C.LState ls  renaming (certState to certSt)
     open C.LState ls' renaming (utxoSt to utxoSt'; certState to certSt')
@@ -377,9 +377,9 @@ opaque
             → deps₁ ≡ᵈ deps₂
             → Γ C.⊢ deps₁ ⊢conv s ⇀⦇ tx ,LEDGER⦈ (deps₁' ⊢conv s')
             → ∃[ deps₂' ] deps₁' ≡ᵈ deps₂' × Γ C.⊢ deps₂ ⊢conv s ⇀⦇ tx ,LEDGER⦈ (deps₂' ⊢conv s')
-  castLEDGER {Γ} {tx} {s} {s'} deps₁ deps₂ deps₁' eqd (C.LEDGER-V⋯ refl utxo certs gov) =
+  castLEDGER {Γ} {tx} {s} {s'} deps₁ deps₂ deps₁' eqd (C.LEDGER-V⋯ refl utxo certs u gov) =
     let deps₂' , eqd' , certs' = castCERTS' deps₁ deps₂ deps₁' eqd certs
-    in  deps₂' , eqd' , C.LEDGER-V⋯ refl utxo certs' gov
+    in  deps₂' , eqd' , C.LEDGER-V⋯ refl utxo certs' u gov
   castLEDGER deps₁ deps₂ deps₁' eqd (C.LEDGER-I⋯ refl utxo) = _ , eqd , C.LEDGER-I⋯ refl utxo
 
 ---------------------------------------------------------------------------

src/Ledger/Conway/Conformance/Ledger.agda

@@ -54,10 +54,12 @@ data
     let open LState s; txb = tx .body; open TxBody txb; open LEnv Γ
         open CertState certState; open DState dState
         utxoSt'' = record utxoSt' { deposits = updateDeposits pparams txb (deposits utxoSt') }
+        wdrlCreds   = mapˢ RwdAddr.stake (dom txwdrls)
      in
     ∙  isValid tx ≡ true
     ∙  record { LEnv Γ } ⊢ utxoSt ⇀⦇ tx ,UTXOW⦈ utxoSt'
     ∙  ⟦ epoch slot , pparams , txvote , txwdrls , allColdCreds govSt enactState ⟧ ⊢ certState ⇀⦇ txcerts ,CERTS⦈ certState'
+    ∙  filterˢ isKeyHash wdrlCreds ⊆ dom voteDelegs
     ∙  ⟦ txid , epoch slot , pparams , ppolicy , enactState ,  certState' , dom
     rewards ⟧ ⊢ govSt ⇀⦇ txgov txb ,GOVS⦈ govSt'
        ────────────────────────────────
@@ -70,8 +72,8 @@ data
        ────────────────────────────────
        Γ ⊢ s ⇀⦇ tx ,LEDGER⦈ ⟦ utxoSt' , govSt , certState ⟧
 
-pattern LEDGER-V⋯ w x y z = LEDGER-V (w , x , y , z)
-pattern LEDGER-I⋯ y z     = LEDGER-I (y , z)
+pattern LEDGER-V⋯ w x y z t = LEDGER-V (w , x , y , z , t)
+pattern LEDGER-I⋯ y z       = LEDGER-I (y , z)
 
 _⊢_⇀⦇_,LEDGERS⦈_ : LEnv → LState → List Tx → LState → Type
 _⊢_⇀⦇_,LEDGERS⦈_ = ReflexiveTransitiveClosure {sts = _⊢_⇀⦇_,LEDGER⦈_}

src/Ledger/Conway/Conformance/Ledger/Properties.agda

@@ -36,6 +36,8 @@ open import Data.Nat.Properties using (+-0-monoid; +-identityʳ; +-suc; +-comm)
 open import Relation.Binary using (IsEquivalence)
 open import Relation.Unary using (Decidable)
 
+open import Tactic.GenError using (genErrors)
+
 open import Ledger.Conway.Conformance.Equivalence.Certs txs abs
 open import Ledger.Conway.Conformance.Equivalence.Convert
 
@@ -75,23 +77,29 @@ instance
         (yes p) → do
           (utxoSt' , utxoStep) ← computeUtxow utxoΓ utxoSt tx
           (certSt' , certStep) ← computeCerts certΓ certState txcerts
+          let wdrlCreds = mapˢ RwdAddr.stake (dom txwdrls)
+          wdrlsCheck ← case ¿ filterˢ isKeyHash wdrlCreds ⊆ dom (certState .CertState.dState .DState.voteDelegs) ¿ of λ where
+            (yes q) → success q
+            (no ¬q) → failure (genErrors ¬q)
           (govSt'  , govStep)  ← computeGov (govΓ certSt') (rmOrphanDRepVotes (conv certSt') govSt) (txgov txb)
-          success (_ , LEDGER-V⋯ p utxoStep certStep govStep)
+          success (_ , LEDGER-V⋯ p utxoStep certStep wdrlsCheck govStep)
         (no ¬p) → do
           (utxoSt' , utxoStep) ← computeUtxow utxoΓ utxoSt tx
           success (_ , LEDGER-I⋯ (¬-not ¬p) utxoStep)
 
       completeness : ∀ s' → Γ ⊢ s ⇀⦇ tx ,LEDGER⦈ s' → (proj₁ <$> computeProof) ≡ success s'
-      completeness  ls' (LEDGER-V⋯ v utxoStep certStep govStep)
+      completeness  ls' (LEDGER-V⋯ v utxoStep certStep u govStep)
         with isValid ≟ true
       ... | no ¬v = contradiction v ¬v
       ... | yes refl
         with computeUtxow utxoΓ utxoSt tx | complete _ _ _ _ utxoStep
       ... | success (utxoSt' , _) | refl
         with computeCerts certΓ certState txcerts | complete _ _ _ _ certStep
       ... | success (certSt' , _) | refl
-        with computeGov (govΓ certSt') (rmOrphanDRepVotes (conv certSt') govSt) (txgov txb) | complete {STS = _⊢_⇀⦇_,GOVS⦈_} (govΓ certSt') _ _ _ govStep
-      ... | success (govSt' , _) | refl = refl
+        with dec-yes ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom txwdrls)) ⊆ dom (certState .CertState.dState .DState.voteDelegs) ¿ (λ { x → u x })
+      ... | (_ , p)
+        with computeGov (govΓ certSt') (rmOrphanDRepVotes (conv certSt') govSt ) (txgov txb) | complete {STS = _⊢_⇀⦇_,GOVS⦈_} (govΓ certSt') _ _ _ govStep
+      ... | success (govSt' , _) | refl rewrite p = refl
       completeness ls' (LEDGER-I⋯ i utxoStep)
         with isValid ≟ true
       ... | yes refl = case i of λ ()

src/Ledger/Ledger.lagda

@@ -116,10 +116,12 @@ data _⊢_⇀⦇_,LEDGER⦈_ : LEnv → LState → Tx → LState → Type where
 \end{code}
 \begin{code}
          rewards     = certState .dState .rewards
+         wdrlCreds   = mapˢ RwdAddr.stake (dom txwdrls)
     in
     ∙ isValid tx ≡ true
     ∙ ⟦ slot , pp , treasury ⟧  ⊢ utxoSt ⇀⦇ tx ,UTXOW⦈ utxoSt'
     ∙ ⟦ epoch slot , pp , txvote , txwdrls , allColdCreds govSt enactState ⟧ ⊢ certState ⇀⦇ txcerts ,CERTS⦈ certState'
+    ∙ filterˢ isKeyHash wdrlCreds ⊆ dom (certState .dState .voteDelegs)
     ∙ ⟦ txid , epoch slot , pp , ppolicy , enactState , certState' , dom rewards ⟧ ⊢ rmOrphanDRepVotes certState' govSt ⇀⦇ txgov txb ,GOVS⦈ govSt'
       ────────────────────────────────
       ⟦ slot , ppolicy , pp , enactState , treasury ⟧ ⊢ ⟦ utxoSt , govSt , certState ⟧ ⇀⦇ tx ,LEDGER⦈ ⟦ utxoSt' , govSt' , certState' ⟧
@@ -134,7 +136,7 @@ data _⊢_⇀⦇_,LEDGER⦈_ : LEnv → LState → Tx → LState → Type where
 \caption{LEDGER transition system}
 \end{figure*}
 \begin{code}[hide]
-pattern LEDGER-V⋯ w x y z = LEDGER-V (w , x , y , z)
+pattern LEDGER-V⋯ w x y z a = LEDGER-V (w , x , y , z , a)
 pattern LEDGER-I⋯ y z     = LEDGER-I (y , z)
 \end{code}
 

src/Ledger/Ledger/Properties.agda

@@ -37,6 +37,8 @@ open import Data.Nat.Properties using (+-0-monoid; +-identityʳ; +-suc; +-comm;
 open import Relation.Binary using (IsEquivalence)
 open import Relation.Unary using (Decidable)
 
+open import Tactic.GenError using (genErrors)
+
 import Function.Related.Propositional as R
 
 import Relation.Binary.Reasoning.Setoid as SetoidReasoning
@@ -73,23 +75,29 @@ instance
         (yes p) → do
           (utxoSt' , utxoStep) ← computeUtxow utxoΓ utxoSt tx
           (certSt' , certStep) ← computeCerts certΓ certState txcerts
+          let wdrlCreds = mapˢ RwdAddr.stake (dom txwdrls)
+          wdrlsCheck ← case ¿ filterˢ isKeyHash wdrlCreds ⊆ dom (certSt' .CertState.dState .DState.voteDelegs) ¿ of λ where
+            (yes q) → success q
+            (no ¬q) → failure (genErrors ¬q)
           (govSt'  , govStep)  ← computeGov (govΓ certSt') (rmOrphanDRepVotes certSt' govSt) (txgov txb)
-          success (_ , LEDGER-V⋯ p utxoStep certStep govStep)
+          success (_ , LEDGER-V⋯ p utxoStep certStep wdrlsCheck govStep)
         (no ¬p) → do
           (utxoSt' , utxoStep) ← computeUtxow utxoΓ utxoSt tx
           success (_ , LEDGER-I⋯ (¬-not ¬p) utxoStep)
 
       completeness : ∀ s' → Γ ⊢ s ⇀⦇ tx ,LEDGER⦈ s' → (proj₁ <$> computeProof) ≡ success s'
-      completeness ledgerSt (LEDGER-V⋯ v utxoStep certStep govStep)
+      completeness ledgerSt (LEDGER-V⋯ v utxoStep certStep u govStep)
         with isValid ≟ true
       ... | no ¬v = contradiction v ¬v
       ... | yes refl
         with computeUtxow utxoΓ utxoSt tx | complete _ _ _ _ utxoStep
       ... | success (utxoSt' , _) | refl
         with computeCerts certΓ certState txcerts | complete _ _ _ _ certStep
       ... | success (certSt' , _) | refl
+        with dec-yes ¿ filterˢ isKeyHash (mapˢ RwdAddr.stake (dom txwdrls)) ⊆ dom (certSt' .CertState.dState .DState.voteDelegs) ¿ (λ { x → u x })
+      ... | (_ , p)
         with computeGov (govΓ certSt') (rmOrphanDRepVotes certSt' govSt ) (txgov txb) | complete {STS = _⊢_⇀⦇_,GOVS⦈_} (govΓ certSt') _ _ _ govStep
-      ... | success (govSt' , _) | refl = refl
+      ... | success (govSt' , _) | refl rewrite p = refl
       completeness ledgerSt (LEDGER-I⋯ i utxoStep)
         with isValid ≟ true
       ... | yes refl = case i of λ ()
@@ -251,7 +259,7 @@ module LEDGER-PROPS (tx : Tx) (Γ : LEnv) (s : LState) where
   STS→GovSt≡ : ∀ {s' : LState} → Γ ⊢ s ⇀⦇ tx ,LEDGER⦈ s'
                → isValid ≡ true → LState.govSt s' ≡ updateGovStates (txgov txb) 0 (rmOrphanDRepVotes (LState.certState s') (LState.govSt s))
   -- STS→GovSt≡ (LEDGER-V ( _ , _ , _ , x )) refl = STS→updateGovSt≡ (txgov txb) 0 x
-  STS→GovSt≡ (LEDGER-V x) refl = STS→updateGovSt≡ (txgov txb) 0 (proj₂ (proj₂ (proj₂ x)))
+  STS→GovSt≡ (LEDGER-V (_ , _ , _ , _ , x)) refl = STS→updateGovSt≡ (txgov txb) 0 x
     where
     STS→updateGovSt≡ : (vps : List (GovVote ⊎ GovProposal)) (k : ℕ) {certSt : CertState} {govSt govSt' : GovState}
       → (_⊢_⇀⟦_⟧ᵢ*'_ {_⊢_⇀⟦_⟧ᵇ_ = IdSTS}{_⊢_⇀⦇_,GOV⦈_} (⟦ txid , epoch slot , pp , ppolicy , enactState , certSt , dom rewards ⟧ , k) govSt vps govSt')
@@ -536,7 +544,7 @@ module SetoidProperties (tx : Tx) (Γ : LEnv) (s : LState) where
   LEDGER-govDepsMatch (LEDGER-I⋯ refl (UTXOW-UTXOS (Scripts-No _))) aprioriMatch = aprioriMatch
 
   LEDGER-govDepsMatch {s' = s'}
-    utxosts@(LEDGER-V⋯ tx-valid (UTXOW-UTXOS (Scripts-Yes x)) _ GOV-sts) aprioriMatch =
+    utxosts@(LEDGER-V⋯ tx-valid (UTXOW-UTXOS (Scripts-Yes x)) _ _ GOV-sts) aprioriMatch =
     let open LState s' renaming (govSt to govSt'; certState to certState') in
     begin
       filterˢ isGADeposit (dom (updateDeposits pp txb utxoDeps))