Skip to content

Commit 4e3d554

Browse files
committed
[Dijkstra] CIP-159-11a: Prove Certs preservation of value (#1185)
1 parent 3ad7b77 commit 4e3d554

8 files changed

Lines changed: 616 additions & 45 deletions

File tree

src/Ledger/Conway/Specification/Certs/Properties/PoVLemmas.lagda.md

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -40,35 +40,12 @@ private variable
4040
instance
4141
_ = +-0-monoid
4242
43-
getCoin-singleton : ⦃ _ : DecEq A ⦄ {(a , c) : A × Coin} → indexedSumᵛ' id ❴ (a , c) ❵ ≡ c
44-
getCoin-singleton = indexedSum-singleton' {M = Coin} (finiteness _)
45-
46-
∪ˡsingleton∈dom : ⦃ _ : DecEq A ⦄ (m : A ⇀ Coin) {(a , c) : A × Coin}
47-
→ a ∈ dom m → getCoin (m ∪ˡ ❴ (a , c) ❵ᵐ) ≡ getCoin m
48-
∪ˡsingleton∈dom m {(a , c)} a∈dom = ≡ᵉ-getCoin (m ∪ˡ ❴ (a , c) ❵) m (singleton-∈-∪ˡ {m = m} a∈dom)
49-
5043
module _ ( indexedSumᵛ'-∪ : {A : Type} ⦃ _ : DecEq A ⦄ (m m' : A ⇀ Coin)
5144
→ disjoint (dom m) (dom m')
5245
→ getCoin (m ∪ˡ m') ≡ getCoin m + getCoin m' )
5346
where
5447
open ≡-Reasoning
5548
open Equivalence
56-
57-
∪ˡsingleton∉dom : ⦃ _ : DecEq A ⦄ (m : A ⇀ Coin) {(a , c) : A × Coin}
58-
→ a ∉ dom m → getCoin (m ∪ˡ ❴ (a , c) ❵ᵐ) ≡ getCoin m + c
59-
∪ˡsingleton∉dom m {(a , c)} a∉dom = begin
60-
getCoin (m ∪ˡ ❴ a , c ❵ᵐ)
61-
≡⟨ indexedSumᵛ'-∪ m ❴ a , c ❵ᵐ
62-
( λ x y → a∉dom (subst (_∈ dom m) (from ∈-dom-singleton-pair y) x) ) ⟩
63-
getCoin m + getCoin ❴ a , c ❵ᵐ
64-
≡⟨ cong (getCoin m +_) getCoin-singleton ⟩
65-
getCoin m + c
66-
67-
68-
∪ˡsingleton0≡ : ⦃ _ : DecEq A ⦄ → (m : A ⇀ Coin) {a : A} → getCoin (m ∪ˡ ❴ (a , 0) ❵ᵐ) ≡ getCoin m
69-
∪ˡsingleton0≡ m {a} with a ∈? dom m
70-
... | yes a∈dom = ∪ˡsingleton∈dom m a∈dom
71-
... | no a∉dom = trans (∪ˡsingleton∉dom m a∉dom) (+-identityʳ (getCoin m))
7249
```
7350
-->
7451

src/Ledger/Conway/Specification/Utxo/Properties/GenMinSpend.lagda.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,6 @@ coin∅ = begin
5151
0 ∎
5252
where open Prelude.≡-Reasoning
5353
54-
getCoin-singleton : ((dp , c) : DepositPurpose × Coin) → indexedSumᵛ' id ❴ (dp , c) ❵ ≡ c
55-
getCoin-singleton _ = indexedSum-singleton' {A = DepositPurpose × Coin} {f = proj₂} (finiteness _)
56-
5754
module _ -- ASSUMPTION --
5855
(gc-hom : (d₁ d₂ : Deposits) → getCoin (d₁ ∪⁺ d₂) ≡ getCoin d₁ + getCoin d₂)
5956
where
@@ -63,7 +60,7 @@ module _ -- ASSUMPTION --
6360
getCoin (deps ∪⁺ ❴ (dp , c) ❵)
6461
≡⟨ gc-hom deps ❴ (dp , c) ❵ ⟩
6562
getCoin deps + getCoin{A = Deposits} ❴ (dp , c) ❵
66-
≡⟨ cong (getCoin deps +_) (getCoin-singleton (dp , c))
63+
≡⟨ cong (getCoin deps +_) getCoin-singleton ⟩
6764
getCoin deps + c
6865
6966
where open Prelude.≡-Reasoning

src/Ledger/Dijkstra/Specification/Certs.lagda.md

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -104,14 +104,14 @@ record PState : Type where
104104
field
105105
pools : Pools
106106
fPools : Pools
107-
retiring : KeyHash ⇀ Epoch
107+
retiring : Retiring
108108
deposits : KeyHash ⇀ Coin
109109
110110
record GState : Type where
111111
constructor ⟦_,_,_⟧ᵛ
112112
field
113113
dreps : DReps
114-
ccHotKeys : Credential ⇀ Maybe Credential
114+
ccHotKeys : CCHotKeys
115115
deposits : Credential ⇀ Coin
116116
117117
record CertState : Type where
@@ -297,22 +297,23 @@ credit each transaction's direct deposits to its account balances after certific
297297
processing. See *Direct Deposit Application (CIP-159)* below for details.
298298

299299
```agda
300+
-- For each withdrawal entry `(addr, amt)`, look up `stake addr` in the acc,
301+
-- compute `bal ∸ amt`, create a singleton map with the new balance, and
302+
-- merge it with the rest (complement-restricted, to remove the old entry).
303+
applyOne : Rewards → RewardAddress × Coin → Rewards
304+
applyOne acc (addr , amt) =
305+
case lookupᵐ? acc (stake addr) of λ where
306+
(just bal) → ❴ stake addr , bal ∸ amt ❵ ∪ˡ (acc ∣ ❴ stake addr ❵ ᶜ)
307+
nothing → acc
308+
-- `nothing` case is defensive; the PRE-CERT precondition guarantees the
309+
-- credential is registered, but handling it makes the function total.
310+
300311
applyWithdrawals : Withdrawals → Rewards → Rewards
301-
applyWithdrawals wdrls rwds =
302-
foldl applyOne rwds (setToList (wdrls ˢ))
303-
where
304-
-- For each withdrawal entry `(addr, amt)`, look up `stake addr` in the acc,
305-
-- compute `bal ∸ amt`, create a singleton map with the new balance, and
306-
-- merge it with the rest (complement-restricted, to remove the old entry).
307-
applyOne : Rewards → RewardAddress × Coin → Rewards
308-
applyOne acc (addr , amt) =
309-
case lookupᵐ? acc (stake addr) of λ where
310-
(just bal) → ❴ stake addr , bal ∸ amt ❵ ∪ˡ (acc ∣ ❴ stake addr ❵ ᶜ)
311-
nothing → acc
312-
-- `nothing` case is defensive; the PRE-CERT precondition guarantees the
313-
-- credential is registered, but handling it makes the function total.
312+
applyWithdrawals wdrls rwds = foldl applyOne rwds (setToList (wdrls ˢ))
314313
```
315314

315+
316+
316317
In the Dijkstra era, CIP-159 allows **partial withdrawals**: a transaction may
317318
withdraw any amount up to the current account balance.
318319
`applyWithdrawals`{.AgdaFunction} subtracts each withdrawal amount from the

src/Ledger/Dijkstra/Specification/Certs/Properties.lagda.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,8 @@ module Ledger.Dijkstra.Specification.Certs.Properties where
1313
-->
1414

1515
```agda
16+
open import Ledger.Dijkstra.Specification.Certs.Properties.ApplyWithdrawalsPoV
1617
open import Ledger.Dijkstra.Specification.Certs.Properties.Computational
18+
open import Ledger.Dijkstra.Specification.Certs.Properties.PoV
19+
open import Ledger.Dijkstra.Specification.Certs.Properties.PoVLemmas
1720
```

0 commit comments

Comments
 (0)