test(mbt): MBT for round state machine #120
Conversation
Specs/Quint/consensus.qnt
Outdated
| state.toSkipRoundOutput(state.round + 1) | ||
| state | ||
| // CHECK: setting the step to NewRound was added to match the code behavior | ||
| .with("step", NewRoundStep) |
There was a problem hiding this comment.
@josef-widder Please check if this makes sense, together with the new conditions in NewRoundProposerCInput and NewRoundCInput.
There was a problem hiding this comment.
@josef-widder I am wondering if we can remove the NoStep step and merge it with NewRoundStep? (now called UnstartedStep)
There was a problem hiding this comment.
NoStep actually is used to record that the last consensus action did not change the step variable. See
pure def recordStepChange(old: DriverState, new: DriverState) : DriverState =
if (old.cs.step == new.cs.step)
{ ...new, pendingStepChange: NoStep }
else
{ ...new, pendingStepChange: new.cs.step}
So we shouldn't merge it. But perhaps it eventually makes sense to rename it to NoStepChange.
But perhaps inside the consensus state, it makes sense to initialize to NewRoundStep. I just realized that the step variable seems not to be initialized properly in the arXiv paper, so we should think about it before we change anything.
There was a problem hiding this comment.
@josef-widder Please check if this makes sense, together with the new conditions in
NewRoundProposerCInputandNewRoundCInput.
It think it is OK, as there is also a new condition in RoundSkipCInput(r)
There was a problem hiding this comment.
I tried removing NoStep and using a sum type for pendingStepChange:
type StepChange =
| NoStepChange
| SomeStepChange(Step)
// ...
pendingStepChange: StepChange
// ...
pure def recordStepChange(old: DriverState, new: DriverState) : DriverState =
if (old.cs.step == new.cs.step)
{ ...new, pendingStepChange: NoStepChange }
else
{ ...new, pendingStepChange: SomeStepChange(new.cs.step) }which works fine but then I could not get the MBT tests to work properly, and I don't want to mess too much with them right now.
So let's leave it like that for now.
| // TODO: We need to manually feed `ProposeValue` to the round state | ||
| // machine here, and then check the emitted proposal. |
There was a problem hiding this comment.
Here the issue is that the spec does two steps at once here, whereas the round state machine needs whoever is driving it to feed it back a value to propose.
I am a bit surprised that the whole test even goes through given that we never do so in the test runner, need to dig in further.
@hvanz Do you have an idea for why that is?
There was a problem hiding this comment.
I'm not sure why. I think it's related to my comment above about the proposal value not used https://github.com/informalsystems/malachite/pull/120/files#r1428373893
Closes #45