Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ICS3 connection versioning / model checking in TLA+ #211

Merged
merged 16 commits into from
Sep 1, 2020
Merged

ICS3 connection versioning / model checking in TLA+ #211

merged 16 commits into from
Sep 1, 2020

Conversation

adizere
Copy link
Member

@adizere adizere commented Aug 25, 2020
edited
Loading

Discussion ground for our work to close cosmos/ibc-rs#117.
Will also close cosmos/ibc-rs#116.

Description

For contributor use:

  • Unit tests written
  • Added test to CI if applicable
  • Updated CHANGELOG_PENDING.md
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Updated relevant documentation (docs/) and code comments
  • Re-reviewed Files changed in the Github PR explorer

@adizere adizere marked this pull request as ready for review August 27, 2020 14:06
@adizere adizere requested a review from milosevic August 27, 2020 14:06
@adizere adizere mentioned this pull request Aug 28, 2020
Closed
ancazamfir
ancazamfir reviewed Aug 31, 2020
View reviewed changes
Copy link
Collaborator

@ancazamfir ancazamfir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! A few comments on the disclosure-log.md
Will check TLA+ later today

docs/disclosure-log.md Outdated Show resolved Hide resolved
docs/disclosure-log.md Outdated Show resolved Hide resolved
docs/disclosure-log.md

__Context__.
The original issue triggering this discussion is here: [cosmos/ics/#459](https://github.com/cosmos/ics/issues/459).
Briefly, version negotiation in the ICS3 handshake can interfere in various ways, breaking either the safety or liveness of this protocol.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current liveness issues are expected as the two parties do not agree on a version. Not sure if and how these should be reported. If there would be liveness issue due to protocol bugs (e.g. the two parties do not agree even if there is one common version) the format here would be fine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When it comes to liveness, this can suffer in two cases:

  1. due to empty version intersection, case (a),
  2. due to mode onTryNonDet, case (c)

The current liveness issues are expected as the two parties do not agree on a version. Not sure if and how these should be reported.

So this concerns case (a). My initial thought was to classify this as a hidden assumption, which we disclose here. We thus provide a clear reason to make this assumption explicit in the ICS.

If there would be liveness issue due to protocol bugs (e.g. the two parties do not agree even if there is one common version) the format here would be fine.

I agree this is not a bug and rather it's a case of underspecification, but I would say the format here is good for this in fact.

docs/disclosure-log.md Show resolved Hide resolved
@adizere
Copy link
Member Author

adizere commented Sep 1, 2020

Latest version of disclosure log rendered here:

https://github.com/informalsystems/ibc-rs/blob/d5ffe412998b1c1b6590845d663b221a5ee95eac/docs/disclosure-log.md#3-ics3-problems-due-to-version-negotiation

ancazamfir
ancazamfir approved these changes Sep 1, 2020
View reviewed changes
Copy link
Collaborator

@ancazamfir ancazamfir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@adizere adizere merged commit 66274aa into master Sep 1, 2020
@adizere adizere deleted the ilina/ics3_versions branch September 1, 2020 14:34
@adizere adizere added this to the v0.0.4 milestone Sep 1, 2020
@adizere adizere removed this from the v0.0.4 milestone Sep 30, 2020
hu55a1n1 pushed a commit to hu55a1n1/hermes that referenced this pull request Sep 13, 2022
@adizere @istoilkovska
ICS3 connection versioning / model checking in TLA+ (informalsystems#211
a6e7d70 
)

* connection handshake with versions, non-deterministic choice of version

* added different version picking modes

* added comments explaining version picking

* connection spec fix

* bug in Environment.tla

* added overwrite mode

* overwrite mode fixes

* Update README.md

* cleanup in connection handshake spec

* fix in sending Ack message

* Typos; cleaner Concurrency; added Utils;

* Added a WIP marker for the disclosure log

* Traces; WIP for ACK cases

* Disclosure log ready for review

* Added summary table cf. Anca's suggestion.

Co-authored-by: istoilkovska <anili100@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ancazamfir ancazamfir ancazamfir approved these changes

@romac romac Awaiting requested review from romac

@milosevic milosevic Awaiting requested review from milosevic

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adizere @ancazamfir @istoilkovska