[stake] settle expired pending_inactive on rejoin and reconfig (#13)

* test(stake): add failing tests for expired pending_inactive on rejoin

- assert that an inactive pool rejoining the validator set with expired
  pending_inactive has that bucket settled to inactive by end of the
  rejoining epoch
- assert that the framework's published voting power matches DKG's
  recomputed view at the reconfig boundary, captured via
  cur_validator_consensus_infos and next_validator_consensus_infos
- both fail on m1 today; will pass once the sweep is applied at validator
  rejoin / next-epoch transition

* test(stake): add failing tests for rejoin gate and reconfig start-time helper

- assert join_validator_set rejects rejoin when post-settlement active stake (99) falls below minimum_stake despite expired pending_inactive padding the pre-sweep total
- assert get_reconfig_start_time_secs returns now_seconds() outside an active reconfiguration, instead of aborting via the inactive State variant

* fix(stake): settle expired pending_inactive on validator-set entry

- rename get_next_epoch_voting_power → get_voting_power; it is now a pure
  bucket sum (pending_active + active + pending_inactive) and callers must
  settle expired pending_inactive first
- add settle_expired_pending_inactive helper and invoke it on each
  pending_active pool during on_new_epoch (using the reconfig start time
  as the comparison clock) and on the joining pool in
  join_validator_set_internal, so framework voting power agrees with DKG's
  post-sweep view
- fix get_reconfig_start_time_secs to gate on is_in_progress() instead of
  is_initialized() (permanently true after genesis), which would otherwise
  return a stale start time outside an active reconfig and abort
  start_time_secs()
- update stake.spec.move to use the renamed helper

* test(stake): update test_inactivate_no_excess_stake for post-fix rejoin timing

- prior commit settles expired pending_inactive into inactive at join_validator_set time, so the rejoining stake pool now has inactive=30000000003 and pending_inactive=0
- subsequent synchronize_delegation_pool advances the OLC, making the delegator's prior-cycle withdrawal inactive/withdrawable and eliminating the trailing pending_inactive in later assertions

Author: apenzk

aptos-move/framework/aptos-framework/sources/delegation_pool.move

@@ -3367,29 +3367,39 @@ module aptos_framework::delegation_pool {
         end_aptos_epoch();
 
         assert!(stake::get_validator_state(pool_address) == VALIDATOR_STATUS_ACTIVE, 0);
-        // no rewards have been produced yet and no stake inactivated as lockup has been refreshed
-        stake::assert_stake_pool(pool_address, 103030100001, 20000000001, 0, 10000000002);
+        // No rewards have been produced yet. The expired pending_inactive (10000000002) is
+        // settled into inactive at join time, so the rejoining stake pool now has
+        // inactive = 20000000001 + 10000000002 = 30000000003 and pending_inactive = 0.
+        stake::assert_stake_pool(pool_address, 103030100001, 30000000003, 0, 0);
 
         synchronize_delegation_pool(pool_address);
+        // The settled-on-rejoin stake (10000000002 from pending_inactive → inactive) shows up
+        // here as new inactive stake on the stake pool, so synchronize_delegation_pool advances
+        // the OLC and the delegator's prior-cycle withdrawal is now inactive (withdrawable).
         assert_pending_withdrawal(validator_address, pool_address, true, 0, true, 20000000001);
-        assert_pending_withdrawal(delegator_address, pool_address, true, 1, false, 10000000002);
-        assert!(observed_lockup_cycle(pool_address) == observed_lockup_cycle, 0);
+        assert_pending_withdrawal(delegator_address, pool_address, true, 1, true, 10000000002);
+        assert!(observed_lockup_cycle(pool_address) == observed_lockup_cycle + 1, 0);
 
-        // cannot withdraw pending_inactive stake anymore
+        // delegator's pending withdrawal is already inactive — it's now withdrawable.
         withdraw(delegator, pool_address, 10000000002);
-        assert_pending_withdrawal(delegator_address, pool_address, true, 1, false, 10000000002);
+        assert_pending_withdrawal(delegator_address, pool_address, false, 0, false, 0);
 
         // earning rewards is resumed from this epoch on
         end_aptos_epoch();
-        stake::assert_stake_pool(pool_address, 104060401001, 20000000001, 0, 10100000002);
+        stake::assert_stake_pool(pool_address, 104060401001, 20000000001, 0, 0);
 
-        // new pending_inactive stake earns rewards but so does the old one
+        // Validator unlocks its full active stake. The delegator no longer has any
+        // pending_inactive stake (their prior cycle was withdrawn above), so the new
+        // pending_inactive lives in the freshly-started OLC and is owned entirely by the
+        // validator. Validator's own prior-cycle inactive (OLC 0, 20000000001) gets executed
+        // and withdrawn as part of `buy_in_pending_inactive_shares`.
         unlock(validator, pool_address, 104060401001);
-        assert_pending_withdrawal(validator_address, pool_address, true, 1, false, 104060401000);
-        assert_pending_withdrawal(delegator_address, pool_address, true, 1, false, 10100000002);
+        assert_pending_withdrawal(validator_address, pool_address, true, observed_lockup_cycle + 1, false, 104060401001);
+        assert_pending_withdrawal(delegator_address, pool_address, false, 0, false, 0);
         end_aptos_epoch();
-        assert_pending_withdrawal(validator_address, pool_address, true, 1, false, 105101005010);
-        assert_pending_withdrawal(delegator_address, pool_address, true, 1, false, 10201000002);
+        // Only the validator's pending_inactive earns rewards here (delegator has none).
+        assert_pending_withdrawal(validator_address, pool_address, true, observed_lockup_cycle + 1, false, 105101005011);
+        assert_pending_withdrawal(delegator_address, pool_address, false, 0, false, 0);
     }
 
     #[test(aptos_framework = @aptos_framework, validator = @0x123)]