Skip to content

Commit

Permalink
Merge branch 'main' into f/6505-error-receipt-500-when-recovery
Browse files Browse the repository at this point in the history
  • Loading branch information
maxtropets authored Sep 28, 2024
2 parents f71a349 + 728a5bd commit 7821b0f
Show file tree
Hide file tree
Showing 11 changed files with 125 additions and 76 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/tlaplus.yml
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,12 @@ jobs:
cd tla/
./tlc.sh -workers auto consensus/MCccfraft.tla -dumpTrace tla MCccfraft.trace.tla -dumpTrace json MCccfraft.json
- name: MCccfraft2Nodes.cfg
run: |
set -x
cd tla/
./tlc.sh -workers auto -config consensus/MCccfraft2Nodes.cfg consensus/MCccfraft.tla -dumpTrace tla MCccfraft2Nodes.trace.tla -dumpTrace json MCccfraft2Nodes.json
- name: MCccfraftAtomicReconfig.cfg
run: |
set -x
Expand Down
Binary file removed doc/architecture/QUIC.png
Binary file not shown.
8 changes: 0 additions & 8 deletions doc/architecture/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -87,13 +87,6 @@ Architecture

---

:fa:`gears` :doc:`quic_internals`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Internal implementation of QUIC communication (in progress).

---

:fa:`dragon` :doc:`performance/index`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand All @@ -115,5 +108,4 @@ Architecture
receipts
tls_internals
tcp_internals
quic_internals
performance/index.rst
53 changes: 0 additions & 53 deletions doc/architecture/quic_internals.rst

This file was deleted.

4 changes: 3 additions & 1 deletion tla/consensus/MCabs.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,6 @@ INVARIANTS

PROPERTIES
AppendOnlyProp


SYMMETRY
Symmetry
5 changes: 4 additions & 1 deletion tla/consensus/MCabs.tla
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
---- MODULE MCabs ----

EXTENDS abs
EXTENDS abs, TLC

Symmetry ==
Permutations(Servers)

CONSTANTS NodeOne, NodeTwo, NodeThree

Expand Down
2 changes: 1 addition & 1 deletion tla/consensus/MCccfraft.cfg
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
SPECIFICATION mc_spec

CONSTANTS
Configurations <- 1Configuration
Configurations <- 1Configuration3Nodes
Servers <- ToServers

MaxTermLimit = 2
Expand Down
3 changes: 2 additions & 1 deletion tla/consensus/MCccfraft.tla
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ CONSTANTS
NodeOne, NodeTwo, NodeThree

\* No reconfiguration
1Configuration == <<{NodeOne, NodeTwo, NodeThree}>>
1Configuration2Nodes == <<{NodeOne, NodeTwo}>>
1Configuration3Nodes == <<{NodeOne, NodeTwo, NodeThree}>>
\* Atomic reconfiguration from NodeOne to NodeTwo
2Configurations == <<{NodeOne}, {NodeTwo}>>
\* Incremental reconfiguration from NodeOne to NodeOne and NodeTwo, and then to NodeTwo
Expand Down
93 changes: 93 additions & 0 deletions tla/consensus/MCccfraft2Nodes.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
SPECIFICATION mc_spec

CONSTANTS
Configurations <- 1Configuration2Nodes
Servers <- ToServers

MaxTermLimit = 4
RequestLimit = 3

StatsFilename = "MCccfraft_stats.json"
CoverageFilename = "MCccfraft_coverage.json"

Timeout <- MCTimeout
Send <- MCSend
ClientRequest <- MCClientRequest
SignCommittableMessages <- MCSignCommittableMessages
ChangeConfigurationInt <- MCChangeConfigurationInt

Nil = Nil

Follower = L_Follower
Candidate = L_Candidate
Leader = L_Leader
None = L_None

Active = R_Active
RetirementOrdered = R_RetirementOrdered
RetirementSigned = R_RetirementSigned
RetirementCompleted = R_RetirementCompleted
RetiredCommitted = R_RetiredCommitted

RequestVoteRequest = M_RequestVoteRequest
RequestVoteResponse = M_RequestVoteResponse
AppendEntriesRequest = M_AppendEntriesRequest
AppendEntriesResponse = M_AppendEntriesResponse
ProposeVoteRequest = M_ProposeVoteRequest

OrderedNoDup = N_OrderedNoDup
Ordered = N_Ordered
ReorderedNoDup = N_ReorderedNoDup
Reordered = N_Reordered
Guarantee = N_OrderedNoDup

TypeEntry = T_Entry
TypeSignature = T_Signature
TypeReconfiguration = T_Reconfiguration
TypeRetired = T_Retired

NodeOne = n1
NodeTwo = n2
NodeThree = n3

SYMMETRY Symmetry
VIEW View

CHECK_DEADLOCK
FALSE

POSTCONDITION
WriteStatsFile

PROPERTIES
CommittedLogAppendOnlyProp
MonotonicTermProp
MonotonicMatchIndexProp
PermittedLogChangesProp
StateTransitionsProp
MembershipStateTransitionsProp
PendingBecomesFollowerProp
NeverCommitEntryPrevTermsProp
\* Does not currently work because abs is Copy XOR Extend on state changes
\* RefinementToAbsProp

INVARIANTS
LogInv
MoreThanOneLeaderInv
CandidateTermNotInLogInv
ElectionSafetyInv
LogMatchingInv
QuorumLogInv
LeaderCompletenessInv
SignatureInv
TypeInv
MonoTermInv
MonoLogInv
NoLeaderBeforeInitialTerm
LogConfigurationConsistentInv
MembershipStateConsistentInv
CommitCommittableIndices
ReplicationInv
RetiredCommittedInv
RetirementCompletedNotInConfigsInv
RetirementCompletedAreRetirementCompletedInv
5 changes: 2 additions & 3 deletions tla/consensus/SIMccfraft.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,8 @@ INVARIANTS
CandidateTermNotInLogInv
ElectionSafetyInv
LogMatchingInv
\* Disabled until retirement is modeled correctly in the spec
\* QuorumLogInv
\* LeaderCompletenessInv
QuorumLogInv
LeaderCompletenessInv
SignatureInv

ReconfigurationVarsTypeInv
Expand Down
22 changes: 14 additions & 8 deletions tla/consensus/abs.tla
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,30 @@
\* Abstract specification for a distributed consensus algorithm.
\* Assumes that any node can atomically inspect the state of all other nodes.

EXTENDS Sequences, SequencesExt, Naturals, FiniteSets, FiniteSetsExt
EXTENDS Sequences, SequencesExt, Naturals, FiniteSets, FiniteSetsExt, Relation

CONSTANT Servers, Terms, MaxLogLength
CONSTANT Servers
ASSUME IsFiniteSet(Servers)

\* Terms is (strictly) totally ordered with a smallest element.
CONSTANT Terms
ASSUME /\ IsStrictlyTotallyOrderedUnder(<, Terms)
/\ \E min \in Terms : \A t \in Terms : t <= min

CONSTANT MaxLogLength
ASSUME MaxLogLength \in Nat

\* Commit logs from each node
\* Each log is append-only and the logs will never diverge.
VARIABLE cLogs

TypeOK ==
/\ cLogs \in [Servers ->
UNION {[1..l -> Terms] : l \in 0..MaxLogLength}]
cLogs \in [Servers -> Seq(Terms)]

StartTerm == Min(Terms)

InitialLogs == {
<<>>,
<<StartTerm, StartTerm>>,
<<StartTerm, StartTerm, StartTerm, StartTerm>>}
InitialLogs ==
UNION {[ 1..n -> {StartTerm} ] : n \in {0,2,4}}

Init ==
cLogs \in [Servers -> InitialLogs]
Expand Down

0 comments on commit 7821b0f

Please sign in to comment.