Check if a
(commit-possiblep val systate) → yes/no
The
The validator must be a correct one. We only model round advancement in correct validators. Faulty validators have no internal state in our model.
The validator must be at an odd round that is not 1. Thus, there is a preceding even round, which is the round with possibly the anchor to be committed (possibly along with other previous anchors).
The commit (i.e. even) round must be ahead of the last committed round, otherwise it means that we have already committed the anchor there. Note that the last committed round may be 0, in case no anchor has been committed yet.
The anchor must be present in the commit round, i.e. there must be a certificate authored by the leader. To calculate the leader, we need the active committee at the even round. The committee must be non-empty in order to calculate the leader.
The current odd round must have sufficient stake of
voters with edges to the anchor.
Note that we need to use the committee for the current odd round
to calculate
The committees at both the odd and even round must be known; they may differ or not, as always. Since the odd round is ahead, if the committee is known there, it is also known for the even round, which is smaller. In order for the committee (at odd, and therefore also even, round) to be known, the validator's round must not have advanced further than the lookback amount from the latest block, otherwise the validator is effectively in a deadlocked state, ever unable to extend the blockchain. The latter aspect of AleoBFT may need some further study and analysis, in particular to establish a quantifiably adequate lookback amount.
If all of the above conditions are met, the anchor can be committed, along with possibly some prceding ones, down to, but not including, the one at the last committed round, or all of them is the last committed round is 0.
It is an invariant, proved elsewhere, that the authors of the voter certificates are always committee members. But here we do not have that invariant available, so we include an explicit check for that.
Function:
(defun commit-possiblep (val systate) (declare (xargs :guard (and (addressp val) (system-statep systate)))) (let ((__function__ 'commit-possiblep)) (declare (ignorable __function__)) (b* (((unless (in (address-fix val) (correct-addresses systate))) nil) ((validator-state vstate) (get-validator-state val systate)) ((when (evenp vstate.round)) nil) ((when (equal vstate.round 1)) nil) (commtt (active-committee-at-round vstate.round vstate.blockchain)) ((unless commtt) nil) (commit-round (1- vstate.round)) ((unless (> commit-round vstate.last)) nil) (prev-commtt (active-committee-at-round commit-round vstate.blockchain)) ((unless (committee-nonemptyp prev-commtt)) nil) (leader (leader-at-round commit-round prev-commtt)) (anchor? (cert-with-author+round leader commit-round vstate.dag)) ((unless anchor?) nil) (voters (certs-with-round vstate.round vstate.dag)) ((unless (subset (certificate-set->author-set voters) (committee-members commtt))) nil) ((mv yes-stake &) (tally-leader-stake-votes leader voters commtt)) ((unless (> yes-stake (committee-max-faulty-stake commtt))) nil)) t)))
Theorem:
(defthm booleanp-of-commit-possiblep (b* ((yes/no (commit-possiblep val systate))) (booleanp yes/no)) :rule-classes :rewrite)
Theorem:
(defthm commit-possiblep-of-address-fix-val (equal (commit-possiblep (address-fix val) systate) (commit-possiblep val systate)))
Theorem:
(defthm commit-possiblep-address-equiv-congruence-on-val (implies (address-equiv val val-equiv) (equal (commit-possiblep val systate) (commit-possiblep val-equiv systate))) :rule-classes :congruence)
Theorem:
(defthm commit-possiblep-of-system-state-fix-systate (equal (commit-possiblep val (system-state-fix systate)) (commit-possiblep val systate)))
Theorem:
(defthm commit-possiblep-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (commit-possiblep val systate) (commit-possiblep val systate-equiv))) :rule-classes :congruence)