zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 Commits
183 Branches
291 MiB
Tree: c1ff62fe44
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c1ff62fe44'
${ noResults }
tendermint/ivy-proofs/domain_model.ivy

90 lines
2.9 KiB
Raw Normal View History

add Ivy proofs (#210) * add Ivy proofs * fix docker-compose command
4 years ago
 
  1. #lang ivy1.7
  2. # ---
  3. # layout: page
  4. # title: Proof of Classic Safety
  5. # ---
  6. 

  7. include order # this is a file from the standard library (`ivy/ivy/include/1.7/order.ivy`)
  8. 

  9. isolate round = {
  10.     type this
  11.     individual minus_one:this
  12.     relation succ(R1:round, R2:round)
  13.     action incr(i:this) returns (j:this)
  14.     specification {
  15. # to simplify verification, we treat rounds as an abstract totally ordered set with a successor relation.
  16.         instantiate totally_ordered(this)
  17.         property minus_one < 0
  18.         property succ(X,Z) -> (X < Z & ~(X < Y & Y < Z))
  19.         after incr {
  20.             ensure succ(i,j)
  21.         }
  22.     }
  23.     implementation {
  24. # here we prove that the abstraction is sound.
  25.         interpret this -> int # rounds are integers in the Tendermint specification.
  26.         definition minus_one = 0-1
  27.         definition succ(R1,R2) = R2 = R1 + 1
  28.         implement incr {
  29.             j := i+1;
  30.         }
  31.     }
  32. }
  33. 

  34. instance node : iterable # nodes are a set with an order, that can be iterated over (see order.ivy in the standard library)
  35. relation well_behaved(N:node) # whether a node is well-behaved or not. NOTE: Use only in the proof! Nodes do know know that.
  36. 

  37. isolate proposers = {
  38.     # each round has a unique proposer in Tendermint. In order to avoid a
  39.     # function from round to node (which makes verification more difficult), we
  40.     # abstract over this function using a relation.
  41.     relation is_proposer(N:node, R:round)
  42.     action get_proposer(r:round) returns (n:node)
  43.     specification {
  44.         property is_proposer(N1,R) & is_proposer(N2,R) -> N1 = N2
  45.         after get_proposer {
  46.             ensure is_proposer(n,r);
  47.         }
  48.     }
  49.     implementation {
  50.     # here we prove that the abstraction is sound
  51.         function f(R:round):node
  52.         definition is_proposer(N,R) = N = f(R)
  53.         implement get_proposer {
  54.             n := f(r);
  55.         }
  56.     }
  57. }
  58. 

  59. isolate value = { # the type of values
  60.     type this
  61.     relation valid(V:value)
  62.     individual nil:value
  63.     specification {
  64.         property ~valid(nil)
  65.     }
  66.     implementation {
  67.         definition valid(V) = V ~= nil
  68.     }
  69. }
  70. 

  71. object nset = { # the type of node sets
  72.     type this # a set of N=3f+i nodes for 0<i<=3
  73.     relation member(N:node, S:nset) # set-membership relation
  74.     relation is_quorum(S:nset) # intent: sets of cardinality at least 2f+i+1
  75.     relation is_blocking(S:nset) # intent: at least f+1 nodes
  76. }
  77. 

  78. object classic_bft = {
  79.     relation quorum_intersection
  80.     private {
  81.         definition [quorum_intersection_def] quorum_intersection = forall Q1,Q2. exists N. well_behaved(N) & nset.member(N, Q1) & nset.member(N, Q2) # every two quorums have a well-behaved node in common
  82.     }
  83. }
  84. 

  85. trusted isolate accountable_bft = {
  86.     # this is our baseline assumption about quorums:
  87.     private {
  88.         property [max_2f_byzantine] exists N . well_behaved(N) & nset.member(N,Q) # every quorum has a well-behaved member
  89.     }
  90. }# with nset