Computational
{-# OPTIONS --safe #-} open import Ledger.Conway.Specification.Gov.Base open import Ledger.Conway.Specification.Transaction using (TransactionStructure) module Ledger.Conway.Specification.Gov.Properties.Computational (txs : _) (open TransactionStructure txs using (govStructure)) (open GovStructure govStructure hiding (epoch)) where open import Ledger.Prelude hiding (Any; any?) open import Axiom.Set.Properties open import Ledger.Conway.Specification.Enact govStructure open import Ledger.Conway.Specification.Gov txs open import Ledger.Conway.Specification.Gov.Actions govStructure hiding (yes; no) open import Ledger.Conway.Specification.Ratify txs import Data.List.Membership.Propositional as P open import Data.List.Membership.Propositional.Properties open import Data.List.Relation.Unary.All using (all?; All) open import Data.List.Relation.Unary.Any hiding (map) open import Data.List.Relation.Unary.Unique.Propositional open import Data.Maybe.Properties open import Relation.Binary using (IsEquivalence) open import Tactic.Defaults open import stdlib-meta.Tactic.GenError open Equivalence open GovActionState open Inverse lookupActionId : (pparams : PParams) (role : GovRole) (aid : GovActionID) (epoch : Epoch) (s : GovState) → Dec (Any (λ (aid' , ast) → aid ≡ aid' × canVote pparams (action ast) role × ¬ (expired epoch ast)) s) lookupActionId pparams role aid epoch = let instance _ = λ {e ga} → ⁇ (expired? e ga) in any? λ _ → ¿ _ ¿ private isUpdateCommittee : (a : GovAction) → Dec (∃[ new ] ∃[ rem ] ∃[ q ] a ≡ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2484}{\htmlId{1689}{\htmlClass{InductiveConstructor}{\text{UpdateCommittee}}}}\, \\ \,\htmlId{1707}{\htmlClass{Symbol}{\text{(}}}\,\,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1661}{\htmlId{1708}{\htmlClass{Bound}{\text{new}}}}\, , \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1670}{\htmlId{1714}{\htmlClass{Bound}{\text{rem}}}}\, , \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1679}{\htmlId{1720}{\htmlClass{Bound}{\text{q}}}}\,\,\htmlId{1721}{\htmlClass{Symbol}{\text{)}}}\, \end{pmatrix}$) isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2446}{\htmlId{1750}{\htmlClass{InductiveConstructor}{\text{NoConfidence}}}}\, \\ \,\htmlId{1771}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2484}{\htmlId{1823}{\htmlClass{InductiveConstructor}{\text{UpdateCommittee}}}}\, \\ \,\htmlId{1844}{\htmlClass{Symbol}{\text{(}}}\,\,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1845}{\htmlId{1845}{\htmlClass{Bound}{\text{new}}}}\, , \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1851}{\htmlId{1851}{\htmlClass{Bound}{\text{rem}}}}\, , \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#1857}{\htmlId{1857}{\htmlClass{Bound}{\text{q}}}}\,\,\htmlId{1858}{\htmlClass{Symbol}{\text{)}}}\, \end{pmatrix}$ = yes (new , rem , q , refl) isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2522}{\htmlId{1916}{\htmlClass{InductiveConstructor}{\text{NewConstitution}}}}\, \\ \,\htmlId{1937}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2560}{\htmlId{1989}{\htmlClass{InductiveConstructor}{\text{TriggerHardFork}}}}\, \\ \,\htmlId{2010}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2598}{\htmlId{2062}{\htmlClass{InductiveConstructor}{\text{ChangePParams}}}}\, \\ \,\htmlId{2083}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2636}{\htmlId{2135}{\htmlClass{InductiveConstructor}{\text{TreasuryWithdrawal}}}}\, \\ \,\htmlId{2156}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() isUpdateCommittee $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2674}{\htmlId{2208}{\htmlClass{InductiveConstructor}{\text{Info}}}}\, \\ \,\htmlId{2229}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = no λ() hasPrev : ∀ x v → Dec (∃[ v' ] x .action ≡ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2560}{\htmlId{2307}{\htmlClass{InductiveConstructor}{\text{TriggerHardFork}}}}\, \\ \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#2288}{\htmlId{2325}{\htmlClass{Bound}{\text{v'}}}}\, \end{pmatrix}$ × pvCanFollow v' v) hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2446}{\htmlId{2382}{\htmlClass{InductiveConstructor}{\text{NoConfidence}}}}\, \\ \,\htmlId{2404}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2484}{\htmlId{2455}{\htmlClass{InductiveConstructor}{\text{UpdateCommittee}}}}\, \\ \,\htmlId{2477}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2522}{\htmlId{2528}{\htmlClass{InductiveConstructor}{\text{NewConstitution}}}}\, \\ \,\htmlId{2550}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2560}{\htmlId{2601}{\htmlClass{InductiveConstructor}{\text{TriggerHardFork}}}}\, \\ \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#2623}{\htmlId{2623}{\htmlClass{Bound}{\text{v'}}}}\, \end{pmatrix}$} v = case pvCanFollow? {v'} {v} of λ where (yes p) → yes (-, refl , p) (no ¬p) → no (λ where (_ , refl , h) → ¬p h) hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2598}{\htmlId{2786}{\htmlClass{InductiveConstructor}{\text{ChangePParams}}}}\, \\ \,\htmlId{2808}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2636}{\htmlId{2859}{\htmlClass{InductiveConstructor}{\text{TreasuryWithdrawal}}}}\, \\ \,\htmlId{2881}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () hasPrev record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2674}{\htmlId{2932}{\htmlClass{InductiveConstructor}{\text{Info}}}}\, \\ \,\htmlId{2954}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$} v = no λ () opaque unfolding validHFAction isRegistered instance validHFAction? : ∀ {p s e} → validHFAction p s e ⁇ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2446}{\htmlId{3129}{\htmlClass{InductiveConstructor}{\text{NoConfidence}}}}\, \\ \,\htmlId{3151}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2484}{\htmlId{3207}{\htmlClass{InductiveConstructor}{\text{UpdateCommittee}}}}\, \\ \,\htmlId{3229}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2522}{\htmlId{3285}{\htmlClass{InductiveConstructor}{\text{NewConstitution}}}}\, \\ \,\htmlId{3307}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2560}{\htmlId{3363}{\htmlClass{InductiveConstructor}{\text{TriggerHardFork}}}}\, \\ \,\href{Ledger.Conway.Specification.Gov.Properties.Computational.html#3385}{\htmlId{3385}{\htmlClass{Bound}{\text{v}}}}\, \end{pmatrix}$ ; prevAction = prev }} {s} {record { pv = (v' , aid') }} with aid' ≟ prev ×-dec pvCanFollow? {v'} {v} | any? (λ (aid , x) → aid ≟ prev ×-dec hasPrev x v) s ... | yes p | _ = ⁇ yes (inj₁ p) ... | no _ | yes p with ((aid , x) , x∈xs , (refl , v , h)) ← P.find p = ⁇ yes (inj₂ (x , v , to ∈-fromList x∈xs , h)) ... | no ¬p₁ | no ¬p₂ = ⁇ no λ { (inj₁ x) → ¬p₁ x ; (inj₂ (s , v , (h₁ , h₂ , h₃))) → ¬p₂ $ ∃∈-Any ((prev , s) , (from ∈-fromList h₁ , refl , (v , h₂ , h₃))) } validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2598}{\htmlId{3943}{\htmlClass{InductiveConstructor}{\text{ChangePParams}}}}\, \\ \,\htmlId{3965}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2636}{\htmlId{4021}{\htmlClass{InductiveConstructor}{\text{TreasuryWithdrawal}}}}\, \\ \,\htmlId{4043}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ validHFAction? {record { action = $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#2674}{\htmlId{4099}{\htmlClass{InductiveConstructor}{\text{Info}}}}\, \\ \,\htmlId{4121}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$}} = Dec-⊤ isRegistered? : ∀ Γ v → Dec (isRegistered Γ v) isRegistered? _ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#970}{\htmlId{4207}{\htmlClass{InductiveConstructor}{\text{CC}}}}\, \\ \,\htmlId{4214}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = ¿ _ ∈ _ ¿ isRegistered? _ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#973}{\htmlId{4252}{\htmlClass{InductiveConstructor}{\text{DRep}}}}\, \\ \,\htmlId{4259}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = ¿ _ ∈ _ ¿ isRegistered? _ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Gov.Actions.html#978}{\htmlId{4297}{\htmlClass{InductiveConstructor}{\text{SPO}}}}\, \\ \,\htmlId{4304}{\htmlClass{Symbol}{\text{\_}}}\, \end{pmatrix}$ = ¿ _ ∈ _ ¿ open GovVoter instance Computational-GOV : Computational _⊢_⇀⦇_,GOV⦈_ String Computational-GOV = record {Go} where module Go Γ s where open GovEnv (proj₁ Γ) k = proj₂ Γ module GoVote sig where open GovVote sig computeProof = case lookupActionId pparams (gvRole voter) gid epoch s ,′ isRegistered? (proj₁ Γ) voter of λ where (yes p , yes p') → case Any↔ .from p of λ where (_ , mem , refl , cV , ¬exp) → success (_ , GOV-Vote (∈-fromList .to mem , cV , p' , ¬exp)) (yes _ , no ¬p) → failure (genErrors ¬p) (no ¬p , _ ) → failure (genErrors ¬p) completeness : ∀ s' → Γ ⊢ s ⇀⦇ inj₁ sig ,GOV⦈ s' → map proj₁ computeProof ≡ success s' completeness s' (GOV-Vote {ast = ast} (mem , cV , reg , ¬expired)) with lookupActionId pparams (gvRole voter) gid epoch s | isRegistered? (proj₁ Γ) voter ... | no ¬p | _ = ⊥-elim (¬p (Any↔ .to (_ , ∈-fromList .from mem , refl , cV , ¬expired))) ... | yes _ | no ¬p = ⊥-elim $ ¬p reg ... | yes p | yes q with Any↔ .from p ... | ((_ , ast') , mem , refl , cV) = refl module GoProp prop where open GovProposal prop renaming (action to a; deposit to d; policy to p; returnAddr to addr; prevAction to prev) open PParams pparams hiding (a) instance Dec-actionWellFormed = actionWellFormed? Dec-actionValid = actionValid? {-# INCOHERENT Dec-actionWellFormed #-} {-# INCOHERENT Dec-actionValid #-} H = ¿ actionWellFormed a × actionValid rewardCreds p ppolicy epoch a × d ≡ govActionDeposit × validHFAction prop s enactState × hasParent' enactState s (a .gaType) prev × NetworkIdOf addr ≡ NetworkId × CredentialOf addr ∈ rewardCreds ¿ ,′ isUpdateCommittee a computeProof = case H of λ where (yes (wf , av , dep , vHFA , HasParent' en , goodAddr , regReturn) , yes (new , rem , q , refl)) → case ¿ ∀[ e ∈ range new ] epoch < e × dom new ∩ rem ≡ᵉ ∅ ¿ of λ where (yes newOk) → success (-, GOV-Propose {_} {_} {_} {_} {_} {_} {_} {_} {_} {(new , rem , q)} (wf , av , dep , vHFA , en , goodAddr , regReturn)) (no ¬p) → failure (genErrors ¬p) (yes (wf , av , dep , vHFA , HasParent' en , goodAddr , returnReg) , no notNewComm) → success (-, GOV-Propose {_} {_} {_} {_} {_} {_} {_} {_} {_} {a .gaData} (wf , av , dep , vHFA , en , goodAddr , returnReg)) (no ¬p , _) → failure (genErrors ¬p) completeness : ∀ s' → Γ ⊢ s ⇀⦇ inj₂ prop ,GOV⦈ s' → map proj₁ computeProof ≡ success s' completeness s' (GOV-Propose (wf , av , dep , vHFA , en , goodAddr)) with H ... | (no ¬p , _) = ⊥-elim (¬p (wf , av , dep , vHFA , HasParent' en , goodAddr)) ... | (yes (_ , _ , _ , _ , HasParent' _ , _) , no notNewComm) = refl ... | (yes (_ , (_ , (av₁ , av₂)) , _ , _ , HasParent' _ , _) , yes (new , rem , q , refl)) rewrite dec-yes ¿ ∀[ e ∈ range new ] epoch < e × dom new ∩ rem ≡ᵉ ∅ ¿ (λ { x → av₁ x , av₂ }) .proj₂ = refl computeProof : (sig : GovVote ⊎ GovProposal) → _ computeProof (inj₁ s) = GoVote.computeProof s computeProof (inj₂ s) = GoProp.computeProof s completeness : ∀ sig s' → Γ ⊢ s ⇀⦇ sig ,GOV⦈ s' → _ completeness (inj₁ s) = GoVote.completeness s completeness (inj₂ s) = GoProp.completeness s Computational-GOVS : Computational _⊢_⇀⦇_,GOVS⦈_ String Computational-GOVS = it allEnactable-singleton : ∀ {aid s es} → getHash (s .prevAction) ≡ getHashES es (GovActionTypeOf s) → allEnactable es [ (aid , s) ] allEnactable-singleton {aid} {s} {es} eq = helper All.∷ All.[] where module ≡ᵉ = IsEquivalence (≡ᵉ-isEquivalence th) helper : enactable es (getAidPairsList [ (aid , s) ]) (aid , s) helper with getHashES es (GovActionTypeOf s) | getHash (s .prevAction) ... | just x | just x' with refl <- just-injective eq = [ (aid , x) ] , proj₁ ≡ᵉ.refl , All.[] ∷ [] , inj₁ (refl , refl) ... | just x | nothing = case eq of λ () ... | nothing | _ = _