Skip to main content

👥 Delegate_activation_storage.v

Proofs

See code, Gitlab , OCaml

The function [is_inactive] is valid.
The function [last_cycle_before_deactivation] is valid.
The function [set_inactive] is valid.
The function [set_active] is valid.
Lemma set_active_is_valid ctxt delegate
  (H_ctxt : Raw_context.Valid.t ctxt) :
  letP? '(ctxt, _) :=
    Delegate_activation_storage.set_active ctxt delegate in
  Raw_context.Valid.t ctxt.
Proof.
Admitted.

(* @TODO *)
(* set_active is not that simple, here is the comment from the code*)
(* We allow a number of cycles before a delegate is deactivated as follows:
   - if the delegate is active, we give it at least `1 + preserved_cycles`
     after the current cycle before to be deactivated.
   - if the delegate is new or inactive, we give it additionally
     `preserved_cycles` because the delegate needs this number of cycles to
     receive rights, so `1 + 2 * preserved_cycles` in total. *)

Axiom set_active_implies_is_inactive_eq_true : {ctxt} {pkh},
  match Delegate_activation_storage.set_active ctxt pkh with
  | Pervasives.Ok (ctxt', is_active)
    if is_active
    then Delegate_activation_storage.is_inactive ctxt' pkh = return? false
    else True
  | Pervasives.Error _True
  end.