Skip to content

Commit

Permalink
fix spec
Browse files Browse the repository at this point in the history
  • Loading branch information
rahxephon89 authored and runtian-zhou committed Oct 15, 2024
1 parent 429ff6f commit e036793
Show file tree
Hide file tree
Showing 8 changed files with 243 additions and 70 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2153,6 +2153,7 @@ Limit addition overflow.

<pre><code><b>let</b> addr = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(aptos_framework);
<b>let</b> register_account = <b>global</b>&lt;<a href="account.md#0x1_account_Account">account::Account</a>&gt;(addr);
<b>aborts_if</b> <a href="permissioned_signer.md#0x1_permissioned_signer_spec_is_permissioned_signer">permissioned_signer::spec_is_permissioned_signer</a>(aptos_framework);
<b>aborts_if</b> <b>exists</b>&lt;<a href="voting.md#0x1_voting_VotingForum">voting::VotingForum</a>&lt;GovernanceProposal&gt;&gt;(addr);
<b>aborts_if</b> !<b>exists</b>&lt;<a href="account.md#0x1_account_Account">account::Account</a>&gt;(addr);
<b>aborts_if</b> register_account.guid_creation_num + 7 &gt; <a href="aptos_governance.md#0x1_aptos_governance_MAX_U64">MAX_U64</a>;
Expand Down
161 changes: 102 additions & 59 deletions aptos-move/framework/aptos-framework/doc/stake.md
Original file line number Diff line number Diff line change
Expand Up @@ -4750,59 +4750,6 @@ Returns validator's next epoch voting power, including pending_active, active, a




<a id="0x1_stake_spec_get_reward_rate_1"></a>


<pre><code><b>fun</b> <a href="stake.md#0x1_stake_spec_get_reward_rate_1">spec_get_reward_rate_1</a>(config: StakingConfig): num {
<b>if</b> (<a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features_spec_periodical_reward_rate_decrease_enabled">features::spec_periodical_reward_rate_decrease_enabled</a>()) {
<b>let</b> epoch_rewards_rate = <b>global</b>&lt;<a href="staking_config.md#0x1_staking_config_StakingRewardsConfig">staking_config::StakingRewardsConfig</a>&gt;(@aptos_framework).rewards_rate;
<b>if</b> (epoch_rewards_rate.value == 0) {
0
} <b>else</b> {
<b>let</b> denominator_0 = aptos_std::fixed_point64::spec_divide_u128(<a href="staking_config.md#0x1_staking_config_MAX_REWARDS_RATE">staking_config::MAX_REWARDS_RATE</a>, epoch_rewards_rate);
<b>let</b> denominator = <b>if</b> (denominator_0 &gt; <a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>) {
<a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>
} <b>else</b> {
denominator_0
};
<b>let</b> nominator = aptos_std::fixed_point64::spec_multiply_u128(denominator, epoch_rewards_rate);
nominator
}
} <b>else</b> {
config.rewards_rate
}
}
</code></pre>




<a id="0x1_stake_spec_get_reward_rate_2"></a>


<pre><code><b>fun</b> <a href="stake.md#0x1_stake_spec_get_reward_rate_2">spec_get_reward_rate_2</a>(config: StakingConfig): num {
<b>if</b> (<a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features_spec_periodical_reward_rate_decrease_enabled">features::spec_periodical_reward_rate_decrease_enabled</a>()) {
<b>let</b> epoch_rewards_rate = <b>global</b>&lt;<a href="staking_config.md#0x1_staking_config_StakingRewardsConfig">staking_config::StakingRewardsConfig</a>&gt;(@aptos_framework).rewards_rate;
<b>if</b> (epoch_rewards_rate.value == 0) {
1
} <b>else</b> {
<b>let</b> denominator_0 = aptos_std::fixed_point64::spec_divide_u128(<a href="staking_config.md#0x1_staking_config_MAX_REWARDS_RATE">staking_config::MAX_REWARDS_RATE</a>, epoch_rewards_rate);
<b>let</b> denominator = <b>if</b> (denominator_0 &gt; <a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>) {
<a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>
} <b>else</b> {
denominator_0
};
denominator
}
} <b>else</b> {
config.rewards_rate_denominator
}
}
</code></pre>



<a id="@Specification_1_ValidatorSet"></a>

### Resource `ValidatorSet`
Expand Down Expand Up @@ -5075,6 +5022,11 @@ Returns validator's next epoch voting power, including pending_active, active, a


<pre><code><b>pragma</b> verify_duration_estimate = 120;
<b>pragma</b> verify = <b>false</b>;
<b>pragma</b> aborts_if_is_partial;
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: owner
};
<b>include</b> <a href="stake.md#0x1_stake_ResourceRequirement">ResourceRequirement</a>;
<b>let</b> addr = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(owner);
<b>ensures</b> <b>global</b>&lt;<a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a>&gt;(addr) == <a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a> {
Expand Down Expand Up @@ -5106,7 +5058,10 @@ Returns validator's next epoch voting power, including pending_active, active, a



<pre><code><b>let</b> pubkey_from_pop = <a href="../../aptos-stdlib/doc/bls12381.md#0x1_bls12381_spec_public_key_from_bytes_with_pop">bls12381::spec_public_key_from_bytes_with_pop</a>(
<pre><code><b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: <a href="account.md#0x1_account">account</a>
};
<b>let</b> pubkey_from_pop = <a href="../../aptos-stdlib/doc/bls12381.md#0x1_bls12381_spec_public_key_from_bytes_with_pop">bls12381::spec_public_key_from_bytes_with_pop</a>(
consensus_pubkey,
proof_of_possession_from_bytes(proof_of_possession)
);
Expand Down Expand Up @@ -5145,6 +5100,9 @@ Returns validator's next epoch voting power, including pending_active, active, a


<pre><code><b>pragma</b> verify_duration_estimate = 300;
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: owner
};
<b>let</b> owner_address = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(owner);
<b>aborts_if</b> !<b>exists</b>&lt;<a href="stake.md#0x1_stake_OwnerCapability">OwnerCapability</a>&gt;(owner_address);
<b>ensures</b> !<b>exists</b>&lt;<a href="stake.md#0x1_stake_OwnerCapability">OwnerCapability</a>&gt;(owner_address);
Expand All @@ -5163,7 +5121,9 @@ Returns validator's next epoch voting power, including pending_active, active, a



<pre><code><b>aborts_if</b> <a href="permissioned_signer.md#0x1_permissioned_signer_spec_is_permissioned_signer">permissioned_signer::spec_is_permissioned_signer</a>(owner);
<pre><code><b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: owner
};
<b>let</b> owner_address = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(owner);
<b>aborts_if</b> <b>exists</b>&lt;<a href="stake.md#0x1_stake_OwnerCapability">OwnerCapability</a>&gt;(owner_address);
<b>ensures</b> <b>exists</b>&lt;<a href="stake.md#0x1_stake_OwnerCapability">OwnerCapability</a>&gt;(owner_address);
Expand Down Expand Up @@ -5224,8 +5184,11 @@ Returns validator's next epoch voting power, including pending_active, active, a



<pre><code><b>pragma</b> verify_duration_estimate = 120;
<pre><code><b>pragma</b> verify = <b>false</b>;
<b>pragma</b> aborts_if_is_partial;
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: owner
};
<b>aborts_if</b> <a href="reconfiguration_state.md#0x1_reconfiguration_state_spec_is_in_progress">reconfiguration_state::spec_is_in_progress</a>();
<b>include</b> <a href="stake.md#0x1_stake_ResourceRequirement">ResourceRequirement</a>;
<b>include</b> <a href="stake.md#0x1_stake_AddStakeAbortsIfAndEnsures">AddStakeAbortsIfAndEnsures</a>;
Expand All @@ -5245,7 +5208,7 @@ Returns validator's next epoch voting power, including pending_active, active, a


<pre><code><b>pragma</b> disable_invariants_in_body;
<b>pragma</b> verify_duration_estimate = 300;
<b>pragma</b> verify = <b>false</b>;
<b>include</b> <a href="stake.md#0x1_stake_ResourceRequirement">ResourceRequirement</a>;
<b>let</b> amount = coins.value;
<b>aborts_if</b> <a href="reconfiguration_state.md#0x1_reconfiguration_state_spec_is_in_progress">reconfiguration_state::spec_is_in_progress</a>();
Expand Down Expand Up @@ -5290,7 +5253,9 @@ Returns validator's next epoch voting power, including pending_active, active, a



<pre><code><b>aborts_if</b> <a href="permissioned_signer.md#0x1_permissioned_signer_spec_is_permissioned_signer">permissioned_signer::spec_is_permissioned_signer</a>(operator);
<pre><code><b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: operator
};
<b>let</b> pre_stake_pool = <b>global</b>&lt;<a href="stake.md#0x1_stake_StakePool">StakePool</a>&gt;(pool_address);
<b>let</b> <b>post</b> validator_info = <b>global</b>&lt;<a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a>&gt;(pool_address);
<b>aborts_if</b> <a href="reconfiguration_state.md#0x1_reconfiguration_state_spec_is_in_progress">reconfiguration_state::spec_is_in_progress</a>();
Expand Down Expand Up @@ -5320,7 +5285,9 @@ Returns validator's next epoch voting power, including pending_active, active, a



<pre><code><b>aborts_if</b> <a href="permissioned_signer.md#0x1_permissioned_signer_spec_is_permissioned_signer">permissioned_signer::spec_is_permissioned_signer</a>(operator);
<pre><code><b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: operator
};
<b>let</b> pre_stake_pool = <b>global</b>&lt;<a href="stake.md#0x1_stake_StakePool">StakePool</a>&gt;(pool_address);
<b>let</b> <b>post</b> validator_info = <b>global</b>&lt;<a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a>&gt;(pool_address);
<b>modifies</b> <b>global</b>&lt;<a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a>&gt;(pool_address);
Expand Down Expand Up @@ -5376,6 +5343,9 @@ Returns validator's next epoch voting power, including pending_active, active, a


<pre><code><b>pragma</b> disable_invariants_in_body;
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: operator
};
<b>aborts_if</b> !<a href="staking_config.md#0x1_staking_config_get_allow_validator_set_change">staking_config::get_allow_validator_set_change</a>(<a href="staking_config.md#0x1_staking_config_get">staking_config::get</a>());
<b>aborts_if</b> !<b>exists</b>&lt;<a href="stake.md#0x1_stake_StakePool">StakePool</a>&gt;(pool_address);
<b>aborts_if</b> !<b>exists</b>&lt;<a href="stake.md#0x1_stake_ValidatorConfig">ValidatorConfig</a>&gt;(pool_address);
Expand Down Expand Up @@ -5453,6 +5423,9 @@ Returns validator's next epoch voting power, including pending_active, active, a


<pre><code><b>pragma</b> verify = <b>false</b>;
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: owner
};
<b>aborts_if</b> <a href="reconfiguration_state.md#0x1_reconfiguration_state_spec_is_in_progress">reconfiguration_state::spec_is_in_progress</a>();
<b>let</b> addr = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(owner);
<b>let</b> ownership_cap = <b>global</b>&lt;<a href="stake.md#0x1_stake_OwnerCapability">OwnerCapability</a>&gt;(addr);
Expand Down Expand Up @@ -5499,6 +5472,9 @@ Returns validator's next epoch voting power, including pending_active, active, a

<pre><code><b>pragma</b> disable_invariants_in_body;
<b>requires</b> <a href="chain_status.md#0x1_chain_status_is_operating">chain_status::is_operating</a>();
<b>include</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: operator
};
<b>aborts_if</b> <a href="reconfiguration_state.md#0x1_reconfiguration_state_spec_is_in_progress">reconfiguration_state::spec_is_in_progress</a>();
<b>let</b> config = <a href="staking_config.md#0x1_staking_config_get">staking_config::get</a>();
<b>aborts_if</b> !<a href="staking_config.md#0x1_staking_config_get_allow_validator_set_change">staking_config::get_allow_validator_set_change</a>(config);
Expand Down Expand Up @@ -5877,6 +5853,59 @@ Returns validator's next epoch voting power, including pending_active, active, a




<a id="0x1_stake_spec_get_reward_rate_1"></a>


<pre><code><b>fun</b> <a href="stake.md#0x1_stake_spec_get_reward_rate_1">spec_get_reward_rate_1</a>(config: StakingConfig): num {
<b>if</b> (<a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features_spec_periodical_reward_rate_decrease_enabled">features::spec_periodical_reward_rate_decrease_enabled</a>()) {
<b>let</b> epoch_rewards_rate = <b>global</b>&lt;<a href="staking_config.md#0x1_staking_config_StakingRewardsConfig">staking_config::StakingRewardsConfig</a>&gt;(@aptos_framework).rewards_rate;
<b>if</b> (epoch_rewards_rate.value == 0) {
0
} <b>else</b> {
<b>let</b> denominator_0 = aptos_std::fixed_point64::spec_divide_u128(<a href="staking_config.md#0x1_staking_config_MAX_REWARDS_RATE">staking_config::MAX_REWARDS_RATE</a>, epoch_rewards_rate);
<b>let</b> denominator = <b>if</b> (denominator_0 &gt; <a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>) {
<a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>
} <b>else</b> {
denominator_0
};
<b>let</b> nominator = aptos_std::fixed_point64::spec_multiply_u128(denominator, epoch_rewards_rate);
nominator
}
} <b>else</b> {
config.rewards_rate
}
}
</code></pre>




<a id="0x1_stake_spec_get_reward_rate_2"></a>


<pre><code><b>fun</b> <a href="stake.md#0x1_stake_spec_get_reward_rate_2">spec_get_reward_rate_2</a>(config: StakingConfig): num {
<b>if</b> (<a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features_spec_periodical_reward_rate_decrease_enabled">features::spec_periodical_reward_rate_decrease_enabled</a>()) {
<b>let</b> epoch_rewards_rate = <b>global</b>&lt;<a href="staking_config.md#0x1_staking_config_StakingRewardsConfig">staking_config::StakingRewardsConfig</a>&gt;(@aptos_framework).rewards_rate;
<b>if</b> (epoch_rewards_rate.value == 0) {
1
} <b>else</b> {
<b>let</b> denominator_0 = aptos_std::fixed_point64::spec_divide_u128(<a href="staking_config.md#0x1_staking_config_MAX_REWARDS_RATE">staking_config::MAX_REWARDS_RATE</a>, epoch_rewards_rate);
<b>let</b> denominator = <b>if</b> (denominator_0 &gt; <a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>) {
<a href="stake.md#0x1_stake_MAX_U64">MAX_U64</a>
} <b>else</b> {
denominator_0
};
denominator
}
} <b>else</b> {
config.rewards_rate_denominator
}
}
</code></pre>



<a id="@Specification_1_update_stake_pool"></a>

### Function `update_stake_pool`
Expand Down Expand Up @@ -5934,6 +5963,19 @@ Returns validator's next epoch voting power, including pending_active, active, a



<a id="0x1_stake_AbortsIfSignerPermissionStake"></a>


<pre><code><b>schema</b> <a href="stake.md#0x1_stake_AbortsIfSignerPermissionStake">AbortsIfSignerPermissionStake</a> {
s: <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>;
<b>let</b> perm = <a href="stake.md#0x1_stake_StakePermission">StakePermission</a> {};
<b>aborts_if</b> !<a href="permissioned_signer.md#0x1_permissioned_signer_spec_check_permission_exists">permissioned_signer::spec_check_permission_exists</a>(s, perm);
}
</code></pre>




<a id="0x1_stake_UpdateStakePoolAbortsIf"></a>


Expand Down Expand Up @@ -6009,6 +6051,7 @@ Returns validator's next epoch voting power, including pending_active, active, a

<pre><code><b>pragma</b> opaque;
<b>pragma</b> verify_duration_estimate = 300;
<b>pragma</b> verify = <b>false</b>;
<b>requires</b> rewards_rate &lt;= <a href="stake.md#0x1_stake_MAX_REWARDS_RATE">MAX_REWARDS_RATE</a>;
<b>requires</b> rewards_rate_denominator &gt; 0;
<b>requires</b> rewards_rate &lt;= rewards_rate_denominator;
Expand Down
Loading

0 comments on commit e036793

Please sign in to comment.