Safe Haskell	Safe-Inferred
Language	Haskell2010

Test.Ouroboros.Consensus.ChainGenerator.Adversarial

Contents

Generating
Testing

Synopsis

data AdversarialRecipe base hon = AdversarialRecipe {
- arHonest ∷ !(ChainSchema base hon)
- arParams ∷ (Kcp, Scg, Delta)
- arPrefix ∷ !(Var hon ActiveSlotE)
}
data CheckedAdversarialRecipe base hon adv = UnsafeCheckedAdversarialRecipe {
- carHonest ∷ !(ChainSchema base hon)
- carParams ∷ (Kcp, Scg, Delta)
- carWin ∷ !(Contains SlotE hon adv)
}
data NoSuchAdversarialChainSchema
data SomeCheckedAdversarialRecipe base hon = ∀ adv. SomeCheckedAdversarialRecipe !(Proxy adv) !(CheckedAdversarialRecipe base hon adv)
checkAdversarialRecipe ∷ ∀ base hon. AdversarialRecipe base hon → Except NoSuchAdversarialChainSchema (SomeCheckedAdversarialRecipe base hon)
uniformAdversarialChain ∷ ∀ g base hon adv. RandomGen g ⇒ Maybe Asc → CheckedAdversarialRecipe base hon adv → g → ChainSchema base adv
data AdversarialViolation hon adv
- = BadAnchor !AnchorViolation
- | BadCount
- | BadRace !(RaceViolation hon adv)
- | BadDensity (SomeWindow RaceLbl adv SlotE) Int Int
data AnchorViolation = HonestActiveMustAnchorAdversarial
data ChainSchema base inner = ChainSchema !(Contains SlotE base inner) !(Vector inner SlotE S)
data RaceViolation hon adv = AdversaryWonRace {
- rvAdv ∷ !(Race adv)
- rvHon ∷ !(Race hon)
}
checkAdversarialChain ∷ ∀ base hon adv. AdversarialRecipe base hon → ChainSchema base adv → Except (AdversarialViolation hon adv) ()
genPrefixBlockCount ∷ RandomGen g ⇒ HonestRecipe → g → ChainSchema base hon → Var hon 'ActiveSlotE

Generating

data AdversarialRecipe base hon Source #

Named arguments for checkAdversarialRecipe

Constructors

AdversarialRecipe

Fields

arHonest ∷ !(ChainSchema base hon)
The honest chain to branch off of
arParams ∷ (Kcp, Scg, Delta)
protocol parameters
arPrefix ∷ !(Var hon ActiveSlotE)
Where to branch off of arHonest
It is the amount of blocks shared by the honest and the adversarial chain. In other words, the 0-based index of their intersection in blocks, such that
- 0 identifies the genesis block
- 1 identifies the first block in arHonest
- 2 identifies the second block in arHonest
- etc

Instances

Instances details

Read (AdversarialRecipe base hon) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS (AdversarialRecipe base hon) # readList ∷ ReadS [AdversarialRecipe base hon] # readPrec ∷ ReadPrec (AdversarialRecipe base hon) # readListPrec ∷ ReadPrec [AdversarialRecipe base hon] #
Show (AdversarialRecipe base hon) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → AdversarialRecipe base hon → ShowS # show ∷ AdversarialRecipe base hon → String # showList ∷ [AdversarialRecipe base hon] → ShowS #
Eq (AdversarialRecipe base hon) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ AdversarialRecipe base hon → AdversarialRecipe base hon → Bool # (/=) ∷ AdversarialRecipe base hon → AdversarialRecipe base hon → Bool #

data CheckedAdversarialRecipe base hon adv Source #

Image of checkAdversarialRecipe when it accepts the recipe

Constructors

UnsafeCheckedAdversarialRecipe

Fields

carHonest ∷ !(ChainSchema base hon)
The honest chain to branch off of
carParams ∷ (Kcp, Scg, Delta)
protocol parameters
carWin ∷ !(Contains SlotE hon adv)
The window starting at the first slot after the intersection and ending at the last slot of carHonest.
INVARIANT: there is at least one active honest slot in adv
In other words, the adversarial leader schedule does not extend the chain represented by carHonest, it competes with it.

Instances

Instances details

Read (CheckedAdversarialRecipe base hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS (CheckedAdversarialRecipe base hon adv) # readList ∷ ReadS [CheckedAdversarialRecipe base hon adv] # readPrec ∷ ReadPrec (CheckedAdversarialRecipe base hon adv) # readListPrec ∷ ReadPrec [CheckedAdversarialRecipe base hon adv] #
Show (CheckedAdversarialRecipe base hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → CheckedAdversarialRecipe base hon adv → ShowS # show ∷ CheckedAdversarialRecipe base hon adv → String # showList ∷ [CheckedAdversarialRecipe base hon adv] → ShowS #
Eq (CheckedAdversarialRecipe base hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ CheckedAdversarialRecipe base hon adv → CheckedAdversarialRecipe base hon adv → Bool # (/=) ∷ CheckedAdversarialRecipe base hon adv → CheckedAdversarialRecipe base hon adv → Bool #

data NoSuchAdversarialChainSchema Source #

Image of checkAdversarialRecipe when it rejects the recipe

Constructors

NoSuchAdversarialBlock

There is no slot the adversary can lead

Two possible reasons, where X is the slot of arPrefix and Y is the youngest slot of arHonest.

The interval [X, Y) is empty.
```
k=0
```

Suppose k=0 and slot x and slot y are two honest active slots with only honest empty slots between them.

Length of Competing Chains prohibits the adversary from leading in the interval (x,y].

In fact, by induction, the adversary can never lead: suppose the same y and a slot z are two honest active slots with only honest empty slots between them...

NoSuchCompetitor

not (arPrefix < C) where C is the number of active slots in arHonest

NoSuchIntersection

not (0 <= arPrefix <= C) where C is the number of active slots in arHonest

Instances

Instances details

Show NoSuchAdversarialChainSchema Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → NoSuchAdversarialChainSchema → ShowS # show ∷ NoSuchAdversarialChainSchema → String # showList ∷ [NoSuchAdversarialChainSchema] → ShowS #
Eq NoSuchAdversarialChainSchema Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ NoSuchAdversarialChainSchema → NoSuchAdversarialChainSchema → Bool # (/=) ∷ NoSuchAdversarialChainSchema → NoSuchAdversarialChainSchema → Bool #

data SomeCheckedAdversarialRecipe base hon Source #

See CheckedAdversarialRecipe

Constructors

∀ adv. SomeCheckedAdversarialRecipe !(Proxy adv) !(CheckedAdversarialRecipe base hon adv)

Instances

Instances details

Read (SomeCheckedAdversarialRecipe base hon) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS (SomeCheckedAdversarialRecipe base hon) # readList ∷ ReadS [SomeCheckedAdversarialRecipe base hon] # readPrec ∷ ReadPrec (SomeCheckedAdversarialRecipe base hon) # readListPrec ∷ ReadPrec [SomeCheckedAdversarialRecipe base hon] #
Show (SomeCheckedAdversarialRecipe base hon) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → SomeCheckedAdversarialRecipe base hon → ShowS # show ∷ SomeCheckedAdversarialRecipe base hon → String # showList ∷ [SomeCheckedAdversarialRecipe base hon] → ShowS #

checkAdversarialRecipe ∷ ∀ base hon. AdversarialRecipe base hon → Except NoSuchAdversarialChainSchema (SomeCheckedAdversarialRecipe base hon) Source #

Reject a bad AdversarialRecipe

uniformAdversarialChain Source #

Arguments

∷ ∀ g base hon adv. RandomGen g
⇒ Maybe Asc	`Nothing` means `1`
→ CheckedAdversarialRecipe base hon adv
→ g
→ ChainSchema base adv

Generate an adversarial ChainSchema that satifies checkExtendedRaceAssumption

The distribution this function samples from is not simple to describe. It begins by drawing a sample of length adv from the Bernoulli process induced by the active slot coefficient Asc. (IE adv many i.i.d. samples from Uniform(f)). Then it visits the Extended Praos Race Windows that overlap with the prefix of that leader schedule that ends one stability window after the first (remaining) active adversarial slot in it. In each such Window, it removes the youngest active slots from the adversarial leader schedule until it loses that Race.

Finally, it ensures that the density of the alternative schema is less than the density of the honest schema in the first stability window after the intersection.

Testing

data AdversarialViolation hon adv Source #

Constructors

BadAnchor !AnchorViolation
BadCount	The schema does not contain a positive number of active slots
BadRace !(RaceViolation hon adv)
BadDensity (SomeWindow RaceLbl adv SlotE) Int Int	The density of the adversarial schema is higher than the density of the honest schema in the first stability window after the intersection. In `BadDensity w h a`, `w` is a prefix of the first stability window after the intersection where the density is higher in the adversarial schema. `h` is the amount of active slots in `w` in the honest schema. `a` is the amount of active slots in `w` in the adversarial schema.

Instances

Instances details

Read (AdversarialViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS (AdversarialViolation hon adv) # readList ∷ ReadS [AdversarialViolation hon adv] # readPrec ∷ ReadPrec (AdversarialViolation hon adv) # readListPrec ∷ ReadPrec [AdversarialViolation hon adv] #
Show (AdversarialViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → AdversarialViolation hon adv → ShowS # show ∷ AdversarialViolation hon adv → String # showList ∷ [AdversarialViolation hon adv] → ShowS #
Eq (AdversarialViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ AdversarialViolation hon adv → AdversarialViolation hon adv → Bool # (/=) ∷ AdversarialViolation hon adv → AdversarialViolation hon adv → Bool #

data AnchorViolation Source #

Constructors

HonestActiveMustAnchorAdversarial

An honest active slot must immediately precede the adversarial interval

Instances

Instances details

Read AnchorViolation Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS AnchorViolation # readList ∷ ReadS [AnchorViolation] # readPrec ∷ ReadPrec AnchorViolation # readListPrec ∷ ReadPrec [AnchorViolation] #
Show AnchorViolation Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → AnchorViolation → ShowS # show ∷ AnchorViolation → String # showList ∷ [AnchorViolation] → ShowS #
Eq AnchorViolation Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ AnchorViolation → AnchorViolation → Bool # (/=) ∷ AnchorViolation → AnchorViolation → Bool #

data ChainSchema base inner Source #

The leader schedule of an honest chain

The represented chain grows by one block per active slot. A different data type would represent a leader schedule in which leaders do not necessarily extend the block from the previous active slot.

INVARIANT: at least one active slot

Constructors

ChainSchema !(Contains SlotE base inner) !(Vector inner SlotE S)

Instances

Instances details

Read (ChainSchema base inner) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Honest Methods readsPrec ∷ Int → ReadS (ChainSchema base inner) # readList ∷ ReadS [ChainSchema base inner] # readPrec ∷ ReadPrec (ChainSchema base inner) # readListPrec ∷ ReadPrec [ChainSchema base inner] #
Show (ChainSchema base inner) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Honest Methods showsPrec ∷ Int → ChainSchema base inner → ShowS # show ∷ ChainSchema base inner → String # showList ∷ [ChainSchema base inner] → ShowS #
Eq (ChainSchema base inner) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Honest Methods (==) ∷ ChainSchema base inner → ChainSchema base inner → Bool # (/=) ∷ ChainSchema base inner → ChainSchema base inner → Bool #

data RaceViolation hon adv Source #

A violation of Races Before Acceleration Assumption

INVARIANT: windowLast rvAdv < windowLast rvHon + Delta

INVARIANT: windowStart rvHon <= windowStart rvAdv

Constructors

AdversaryWonRace
Fields rvAdv ∷ !(Race adv) The adversarial race window rvHon ∷ !(Race hon) The honest race window

Instances

Instances details

Read (RaceViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods readsPrec ∷ Int → ReadS (RaceViolation hon adv) # readList ∷ ReadS [RaceViolation hon adv] # readPrec ∷ ReadPrec (RaceViolation hon adv) # readListPrec ∷ ReadPrec [RaceViolation hon adv] #
Show (RaceViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods showsPrec ∷ Int → RaceViolation hon adv → ShowS # show ∷ RaceViolation hon adv → String # showList ∷ [RaceViolation hon adv] → ShowS #
Eq (RaceViolation hon adv) Source #
Instance details Defined in Test.Ouroboros.Consensus.ChainGenerator.Adversarial Methods (==) ∷ RaceViolation hon adv → RaceViolation hon adv → Bool # (/=) ∷ RaceViolation hon adv → RaceViolation hon adv → Bool #

checkAdversarialChain ∷ ∀ base hon adv. AdversarialRecipe base hon → ChainSchema base adv → Except (AdversarialViolation hon adv) () Source #

Check the chain matches the given AdversarialRecipe.

It must intersect the honest chain at an active slot
It must satisfy the Races Before Acceleration Assumption (which implies the Length of Competing Chains Assumption)

Definition of a Praos Race Window of a chain. It is an interval of slots that contains at least k+1 blocks of the chain and exactly Delta slots after the k+1st block.

Definition of the Length of Competing Chains Assumption. We assume every adversarial chain contains at most k blocks in the Praos Race Window anchored at the the intersection.

Definition of Acceleration Lower Bound of an Adversarial Chain. It is the lowest slot at which an adversary could speed up its elections on a given adversarial chain. It is defined as the Scg-th slot after the first adversarial block or the Delta-th slot after the k+1st honest block after the intersection, whichever is greater.

Definition of the Races Before Acceleration Assumption. Every adversarial chain has at most k blocks in every Praos Race Window of the honest chain that starts after the intersection and ends before the acceleration lower bound.

Definition of the Genesis Implication Conjecture. We conjecture that assuming that the Genesis window length is no greater than the Stability Window and that every possible adversarial chain satisfies the Races in Stability Windows Assumption, then the honest chain strictly wins every possible density comparison from the Ouroboros Genesis paper. The key intuition is that a less dense chain would have to lose at least one Praos race within the Genesis window.

genPrefixBlockCount ∷ RandomGen g ⇒ HonestRecipe → g → ChainSchema base hon → Var hon 'ActiveSlotE Source #

Draw a random active slot count for the prefix of a fork.

The result is guaranteed to leave more than k active slots after the intersection in the honest and the adversarial chains. See Note [Minimum schema length] in Test.Ouroboros.Consensus.ChainGenerator.Honest for the rationale of the precondition.

PRECONDITION: schemaSize schedH >= s + d + k + 1