-
Notifications
You must be signed in to change notification settings - Fork 217
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding an abstract consensus spec (#6438)
Co-authored-by: Markus Alexander Kuppe <github.com@lemmster.de>
- Loading branch information
1 parent
50132aa
commit c66cbb8
Showing
6 changed files
with
112 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
SPECIFICATION AbsSpec | ||
|
||
CONSTANTS | ||
NodeOne = n1 | ||
NodeTwo = n2 | ||
NodeThree = n3 | ||
Servers <- MCServers | ||
Terms <- MCTerms | ||
MaxLogLength <- MCMaxLogLength | ||
|
||
INVARIANTS | ||
NoConflicts | ||
TypeOK | ||
|
||
PROPERTIES | ||
AppendOnlyProp | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
---- MODULE MCabs ---- | ||
|
||
EXTENDS abs | ||
|
||
CONSTANTS NodeOne, NodeTwo, NodeThree | ||
|
||
MCServers == {NodeOne, NodeTwo, NodeThree} | ||
MCTerms == 2..4 | ||
MCMaxLogLength == 7 | ||
|
||
==== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
---- MODULE abs ---- | ||
\* Abstract specification for a distributed consensus algorithm. | ||
\* Assumes that any node can atomically inspect the state of all other nodes. | ||
|
||
EXTENDS Sequences, SequencesExt, Naturals, FiniteSets, FiniteSetsExt | ||
|
||
CONSTANT Servers, Terms, MaxLogLength | ||
|
||
\* Commit logs from each node | ||
\* Each log is append-only and the logs will never diverge. | ||
VARIABLE cLogs | ||
|
||
TypeOK == | ||
/\ cLogs \in [Servers -> | ||
UNION {[1..l -> Terms] : l \in 0..MaxLogLength}] | ||
|
||
StartTerm == Min(Terms) | ||
|
||
InitialLogs == { | ||
<<>>, | ||
<<StartTerm, StartTerm>>, | ||
<<StartTerm, StartTerm, StartTerm, StartTerm>>} | ||
|
||
Init == | ||
cLogs \in [Servers -> InitialLogs] | ||
|
||
\* A node i can copy a ledger suffix from another node j. | ||
Copy(i) == | ||
\E j \in Servers : | ||
/\ Len(cLogs[j]) > Len(cLogs[i]) | ||
/\ \E l \in 1..(Len(cLogs[j]) - Len(cLogs[i])) : | ||
cLogs' = [cLogs EXCEPT ![i] = @ \o SubSeq(cLogs[j], Len(@) + 1, Len(@) + l)] | ||
|
||
\* A node i with the longest log can extend its log upto length k. | ||
Extend(i, k) == | ||
/\ \A j \in Servers : Len(cLogs[j]) \leq Len(cLogs[i]) | ||
/\ \E l \in 0..(k - Len(cLogs[i])) : | ||
\E s \in [1..l -> Terms] : | ||
cLogs' = [cLogs EXCEPT ![i] = @ \o s] | ||
|
||
ExtendToMax(i) == Extend(i, MaxLogLength) | ||
|
||
\* The only possible actions are to append log entries. | ||
\* By construction there cannot be any conflicting log entries | ||
\* Log entries are copied if the node's log is not the longest. | ||
Next == | ||
\E i \in Servers : | ||
\/ Copy(i) | ||
\/ ExtendToMax(i) | ||
|
||
AbsSpec == Init /\ [][Next]_cLogs | ||
|
||
AppendOnlyProp == | ||
[][\A i \in Servers : IsPrefix(cLogs[i], cLogs'[i])]_cLogs | ||
|
||
NoConflicts == | ||
\A i, j \in Servers : | ||
\/ IsPrefix(cLogs[i], cLogs[j]) | ||
\/ IsPrefix(cLogs[j], cLogs[i]) | ||
|
||
==== |