-
Notifications
You must be signed in to change notification settings - Fork 0
/
MC_ffg_b3_ffg5_v12.tla
66 lines (57 loc) · 1.71 KB
/
MC_ffg_b3_ffg5_v12.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
------------------------- MODULE MC_ffg_b3_ffg5_v12 ----------------------------
EXTENDS FiniteSets
\* @type: Int;
MAX_BLOCK_SLOT == 5
\* @type: Int;
MAX_BLOCK_BODY == 3
\* @type: Set(Str);
VALIDATORS == {"V1", "V2", "V3", "V4"}
N == 4
T == 1
VARIABLES
\* the set of all_blocks
\* @type: Set($block);
all_blocks,
\* the set of blocks on chain 1
\* @type: Set($block);
chain1,
\* the latest block on chain 1
\* @type: $block;
chain1_tip,
\* the set of blocks on chain 2
\* @type: Set($block);
chain2,
\* the latest block on chain 2
\* @type: $block;
chain2_tip,
\* If chain2_fork_block_number is not equal to 0,
\* then chain2 is a fork of chain1 starting at chain2_fork_block_number
\* @type: Int;
chain2_fork_block_number,
\* @type: Set($ffgVote);
ffg_votes,
\* @type: Set($vote);
votes,
\* The set of the checkpoints that were announced so far.
\* @type: Set($checkpoint);
checkpoints,
\* @type: Set($checkpoint);
justified_checkpoints
INSTANCE ffg_inductive
IndInit ==
\* We choose two different bounds for creating chain1 and chain2 with Gen.
\* See Apalache issue #2973.
/\ all_blocks = Gen(6)
/\ chain1 = Gen(3)
/\ chain1_tip \in chain1
/\ chain2 = Gen(4)
/\ chain2_tip \in chain2
/\ ffg_votes = Gen(5) \* must be >= 4 to observe disagreement
/\ votes = Gen(12) \* must be >= 12 to observe disagreement
/\ \E fork_number \in Int:
/\ fork_number \in -MAX_BLOCK_BODY..0
/\ chain2_fork_block_number = fork_number
/\ checkpoints = Gen(5)
/\ justified_checkpoints = Gen(5)
/\ IndInv
=============================================================================