Skip to content

proptest_state_machine over PeerMessage #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 33 commits into
base: master
Choose a base branch
from
Draft

proptest_state_machine over PeerMessage #512

wants to merge 33 commits into from

Conversation

skaunov
Copy link
Contributor

@skaunov skaunov commented Mar 18, 2025

It's rough yet, and I'd appreciate review of the main approaches in it while I'm dealing with TODO and groom the whole contribution.

I understood @aszepieniec that the interactions are subject to change, so currently it's only outlined how an interaction outcome actually asserted (messages the peer-loop sends to the main, and checking standing). I can only repeat current behavior there, and if there's ideas to tune/amend that I guess it would be right place and time for that.

Another decision pending is weighting PeerMessage variants. I guess it's important to add random "bad" once a while, but uniform distribution washes away valid interactions to the margin. I can only roughly guess the distribution you might see fit, so it's the other open question.

@aszepieniec
Copy link
Contributor

I can only repeat current behavior there, and if there's ideas to tune/amend that I guess it would be right place and time for that.

I wonder if the state machine can be factored out such that:

  • the actual peer message handlers are a thin wrapper for dealing with network transmissions, but on the inside invoke the state machine;
  • the state machine can be tested in isolation of network effects (no-io).

If that's where this is headed, please point me to the location in the code where I can read it.

Another decision pending is weighting PeerMessage variants. I guess it's important to add random "bad" once a while, but uniform distribution washes away valid interactions to the margin. I can only roughly guess the distribution you might see fit, so it's the other open question.

I don't know off the top of my head what the right weights are. Consider writing a patch for master that will record and report relative frequencies of PeerMessage types. I'll be happy to run that to find out what the frequencies are in practice.

@skaunov
Copy link
Contributor Author

skaunov commented Apr 1, 2025
edited
Loading

@aszepieniec ,

I can only repeat current behavior there, and if there's ideas to tune/amend that I guess it would be right place and time for that.

I wonder if the state machine can be factored out such that:

* the actual peer message handlers are a thin wrapper for dealing with network transmissions, but on the inside invoke the state machine;

* the state machine can be tested in isolation of network effects (no-io).

If that's where this is headed, please point me to the location in the code where I can read it.

The state machine you're talking about should then be an implementation under testing, not the reference one. I'd be happy to convert something to this approach, but PeerMessage has quite a variability. Do you have a smaller one object to start with on your mind?

Current implementation indeed heading the way you described. It process the PeerMessage at https://github.com/skaunov/neptune-core/blob/fa768a9db2f891b4531a7973c8982cf100a3171a/src/models/peer/tests/automaton.rs#L166 and then checks the main loop channel and standing. (But is checking for nothing yet: I draft where and how it should be done, and am asking for what to actually check.)

What do you think about not creating proptest-state-machine for PeerMessage at all and instead implement Strategy for [Mock]

neptune-core/src/tests/shared.rs

Line 365 in 73ec193

pub struct Mock<Item> {
and some #[test] inside a proptest!? That feels more elegant since state machine brings benefits when there are actual state changes and we're checking it can't find itself in a wrong one. And as with PeerMessage it's by design looping in the single state that makes inevitable proptest-state-machine managing code just a boilerplate. =(

Another decision pending is weighting PeerMessage variants. I guess it's important to add random "bad" once a while, but uniform distribution washes away valid interactions to the margin. I can only roughly guess the distribution you might see fit, so it's the other open question.

I don't know off the top of my head what the right weights are. Consider writing a patch for master that will record and report relative frequencies of PeerMessage types. I'll be happy to run that to find out what the frequencies are in practice.

I don't see the point repeating the real freqs in Strategy<PeerMessage> since the whole idea is to give attention to those rare cases which aren't happen there. I would propose then just depress the bad messages to happen once in a 100(?) messages on average. And those bad messages are complete gibberish so I guess those are not very useful, but to have few of those is good for testing.

skaunov and others added 27 commits April 3, 2025 07:08
@skaunov
initial approach
f5f4b66
@skaunov
return the <.gitignore> change
0388929
@skaunov
Revert "initial approach"
c4fdca7 
This reverts commit f5f4b66.
@skaunov
the second approach
f614e25
@skaunov
impacting a cached/deterministic/derandomized test
4375b7e
@skaunov
align with the review comments
1a7a411
@skaunov
replace TestRunner with some proper invocations
539e5c5
@skaunov
replacing more TestRunner
3c7d6b4
@skaunov
couple of strategies on ChunkDictionary
f35d490
@skaunov
TransactionKernel strategies
85f6e1b
@skaunov
prop_compose! Utxo
216fc5d
@skaunov
add Seed and ditch rng invocations from block faking helpers
b0bce01
@skaunov
it isn't meaningful to fuzz randomness
2c41c9e
@skaunov
tests::shared doesn't generate it's own randomness anymore
3dc433b
@skaunov
last place of randomness in tests::shared ditched
fe4d1e1
@skaunov
semantically finished
111379f
@skaunov
ready for review
748bff0
@skaunov
ditch #proofs_presaved_compat
c0622fe
@skaunov @aszepieniec
Update src/models/state/wallet/secret_key_material.rs
e29816d 
Co-authored-by: aszepieniec <[email protected]>
@skaunov
the comment on the prop_assume for seeds
63b4a20
@skaunov
an import unmerge
5e78a90
@skaunov
ditch a temp binding
5d046ec
@skaunov
propose solution for Hash-based collections in proptest
5b8c907
@skaunov
expand the proposal to the place where the discussion is
0a79442
@skaunov
changes are moved into Neptune-Crypto#554
00e9a78
@skaunov
finilize catch_inconsistent_shares
0371276
@skaunov
remove few commented out lines
1a7eb27
@skaunov skaunov force-pushed the peer_tests_automaton branch from fa768a9 to 0f2e21f Compare April 18, 2025 04:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-ferdinand jan-ferdinand jan-ferdinand left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@skaunov @aszepieniec @jan-ferdinand