Skip to content

Fix spec and add spec for supra governance #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 45 commits into
base: dev
Choose a base branch
from
Open

Fix spec and add spec for supra governance #63

wants to merge 45 commits into from

Conversation

axiongsupra
Copy link

No description provided.

@axiongsupra axiongsupra marked this pull request as ready for review September 11, 2024 03:29
@axiongsupra axiongsupra mentioned this pull request Oct 8, 2024
Merged
sjoshisupra
sjoshisupra reviewed Oct 28, 2024
View reviewed changes
aptos-move/framework/supra-framework/sources/multisig_voting.spec.move
aborts_if !table::spec_contains(voting_forum.proposals, proposal_id);
aborts_if is_voting_period_over(proposal);
aborts_if proposal.is_resolved;
aborts_if !exists<timestamp::CurrentTimeMicroseconds>(@supra_framework);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@axiongsupra not sure why this aborts_if is required and what purpose does it serve.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for checking the whether time already started. This is required if we have call to timestamp::now_seconds()

sjoshisupra
sjoshisupra reviewed Oct 28, 2024
View reviewed changes
aptos-move/framework/supra-framework/sources/multisig_voting.spec.move
// };
let timestamp_secs_bytes = std::bcs::serialize(timestamp::spec_now_seconds());
let key = std::string::spec_utf8(RESOLVABLE_TIME_METADATA_KEY);
ensures simple_map::spec_get(post_proposal.metadata, key) == timestamp_secs_bytes;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This property only ensures that time is recorded. Other properties we should aim at adding are

  • vote by the voter is recorded (if not already voted)
  • vote by the voter is recorded (if vote is flipped)
  • total yes/no votes should tally (increase/decrease appropriately)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added in e65045b

sjoshisupra
sjoshisupra reviewed Oct 28, 2024
View reviewed changes
aptos-move/framework/supra-framework/sources/multisig_voting.spec.move Outdated
Comment on lines 143 to 144
aborts_if has_multi_step_key && !from_bcs::deserializable<bool>(simple_map::spec_get(proposal.metadata, multi_step_key));
aborts_if has_multi_step_key && from_bcs::deserialize<bool>(simple_map::spec_get(proposal.metadata, multi_step_key));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I understand the role of these. @axiongsupra

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks strange to me. I will take a look and submit a patch.

sjoshisupra
sjoshisupra reviewed Oct 28, 2024
View reviewed changes
aptos-move/framework/supra-framework/sources/multisig_voting.spec.move

let post post_voting_forum = global<VotingForum<ProposalType>>(voting_forum_address);
let post post_proposal = table::spec_get(post_voting_forum.proposals, proposal_id);
aborts_if !exists<timestamp::CurrentTimeMicroseconds>(@supra_framework);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the role of this?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for checking the whether time already started. This is required if we have call to timestamp::now_seconds()

axiongsupra and others added 20 commits October 28, 2024 17:47
@axiongsupra
Merge branch 'dev' into fix-spec
a042dfb
@axiongsupra
Merge branch 'dev' into fix-spec
98898d0
@axiongsupra
Renaming for AbortsIfNotSupraFramework
5ae1f73
@axiongsupra
Prover works now
4829c55
@axiongsupra
Rename AbortsIfNotAptosFramework to AbortsIfNotSupraFramework
3ec69d5
@axiongsupra
Fix function signature mismatch
65e77e5
@axiongsupra
Enable post condition for is_voting_closed
1c5eacc
@axiongsupra
Enable post condition for get_proposal_state
93c26ef
@axiongsupra
Enable verification for vest_transfer and remove_shareholder
dacd39b
@axiongsupra
Remove unused specs
6b88e9c
@axiongsupra
A few proof for coins and supra_account
565c1a3
@axiongsupra
Revert comment outted pre condition
dc3c47e
@axiongsupra
Remove a few debug trace
f32cb3d
@axiongsupra
Finish aborts condition for emit_genesis_reconfiguration_event
6d8398f
@axiongsupra
One more abort condition for set_genesis_end
494d7c0
@axiongsupra
More aborts condition
ece65d8
@axiongsupra
Correct abort for IsProposalResolvableAbortsIf
8aa2279
@axiongsupra
Correct abort for resolve
6153b4a
@axiongsupra
More proofs
e65045b
@axiongsupra
Merge branch 'dev' into fix-spec
13e1b18
@axiongsupra
Copy link
Author

The proofs are still valid.

@axiongsupra
Copy link
Author

The spec are still valid

[INFO] 2.222s build, 2.298s trafo, 0.493s gen, 165.846s verify, total 170.858s
{
  "Result": "Success"
}

@axiongsupra
Copy link
Author

axiongsupra commented May 21, 2025
edited
Loading

Resolved conflict.

Aptos move prover verify this successfully.

[INFO] 686 verification conditions
[INFO] running solver
[INFO] 109.49s build, 2.64s trafo, 0.62s gen, 285.81s verify, total 398.56s
{
  "Result": "Success"
}

However, supra move prover end with the following error:

Error: General: {
  "Error": "Move Prover failed: [internal] boogie exited with compilation errors:\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,288): Error: cannot refer to a global variable in this context: #0_info\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,300): Error: cannot refer to a global variable in this context: #0_info\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,312): Error: cannot refer to a global variable in this context: #0_info\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,462): Error: cannot refer to a global variable in this context: #0_info\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,474): Error: cannot refer to a global variable in this context: #0_info\n/Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl(103321,486): Error: cannot refer to a global variable in this context: #0_info\n6 name resolution errors detected in /Users/supra/aptos-core/aptos-move/framework/supra-framework/boogie.bpl\n"
}

@axiongsupra axiongsupra requested a review from sjoshisupra May 22, 2025 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjoshisupra sjoshisupra Awaiting requested review from sjoshisupra

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@axiongsupra @sjoshisupra