Incremental tally #745
Incremental tally #745
Conversation
|
|
||
| assert_eq!( | ||
| vote_plan_manager | ||
| .start_private_tally(token_distribution, block_date, committee_id) |
There was a problem hiding this comment.
I removed this test since start_private_tally is not there anymore... And I don't see this testing anything else, but it's weird to delete a test, so I would appreciate a second pair of eyes at this.
Contrasting feeling for this. On one side, we usually put starting conditions in block0 besides basic account creation, but on the other hand block0 is just a block like all others, and ordering is an important property of blocks.
I updated it for the update proposal changes, but not sure it reflects everything. I would like it to be maintained, it's an easy way to look at chain formats without having to dig through the code.
This only works because token transfers are not implemented, but they are not guaranteed to remain so forever (actually there are good reasons to implement that). Please add a big disclaimer in the code for this. |
I mean, I think the order should matter... It's just that in this case it's a bit strange, currently the
I'm not sure a disclaimer about what? The issue is that I actually don't know what do we want even if we allowed transfers. My point was that currently both solutions are the same, so there is no much reason to choose one over the other right now. Like, I think one option could be to take a 'snapshot' at the moment the voting starts, and even if you transfer after that, we would use the initial voting power. In this case I would actually change the current code. But another option could be to use the voting power at the moment of the vote, and lock them (or lock them before, it's the same) after that. If we allow minting during the voting period then we would also have to wait for the end of the voting period to know the total stake... In this case I think the current way is closest, and I don't feel like a disclaimer adds too much information, in this where should we even put it? in the vote cast handler? |
Probably something like freezing when voting starts? There was this idea of forbidding transfers when a voteplan is in the voting stage
Just a disclaimer that when we want to implement token transfers we should think of a solution for this. I was thinking to put that in the relevant part of tokens implementation |
|
I think we can also remove |
|
Ran benchmarks on my laptop, no significant impact on vote casting performance. |
ecioppettini
force-pushed
the
incremental-tally
branch
from
a7bbd89 to
fb8e159
Compare
since the Tally is always present, we don't need Option anymore
since it simplifies the ProposalManager constructor and it can be obtained easily at the end
because the tally is incremental, we need to know the stake
since the tally is done incrementally, each vote tests that
I think in the future we may want to move it inside again, but for the time being this simplifies the ledger initialization, since otherwise the order of MintToken and VotePlan fragments would matter, which is OK but IMHO a bit fragile.
by using normal borrows, at the expense of making the tests slightly more verbose
a remnant from the moment I deleted the EncryptedVoteTally cert
Previously this was done only on the `EncryptedVoteTally` certificate. So currently the committee end/finish date are not used for private voteplans. This reintroduces those checks, but moves them to the moment of decrypting the tally. This is not exactly the same behaviour as before, since previously we were only verifying that the decrypted shares were submitted after the committee start date (because otherwise the tally was None, so there is nothing to decrypt). Also, add tests for these cases, since we were only testing the public case.
since the vote/tally date validations should account for it
it's not possible anymore to cast a vote with 0 voting power, and there is already a test for that, so asserting that it is an error here wouldn't add that much information, so for now, just test with an empty tally.
ecioppettini
force-pushed
the
incremental-tally
branch
from
fb8e159 to
18d10ad
Compare
ecioppettini
force-pushed
the
incremental-tally
branch
from
18d10ad to
288ba0d
Compare
| result | ||
| .add_vote(Choice::new(u8::try_from(choice).unwrap()), weight) | ||
| .map_err(|error| match error { | ||
| VoteError::InvalidChoice { options, choice } => { |
There was a problem hiding this comment.
How can this actually happen? We build the tally with the correct number of options ourselves
There was a problem hiding this comment.
Well, I think it can't, Tally::verify should take care of validating that, I think?
Change the tally to be done incrementally (with each vote)
Some comments on a few things, briefly paraphrasing the original story. The git history is a bit messy, but I guess we'll squash anyway.
VoteCast certificate
With the current implementation the voting power is taken at the moment of the vote, initially I wanted to keep the immutable snapshot of the
TokenDistributioninside theVotePlanManagerfrom the start, but then the order ofMintTokenfragments andVotePlanfragments in the block0 would matter, and I think it's a bit fragile. In any case, the behavior is the same since the voting power won't change.There were a few tests that used the stored payloads for validation, I rewrote those so the assertions are based on the tally result instead.
EncryptedTally certificate
Questions here
I kept the binary tag number unused, mostly because it may lead to a better error if we use a new version of the library to read and old fragment for some reason, but maybe it's better to compact things (there is a TODO for this in the code).
Also, are we updating the
abnffile? I think we are not, so I didn't bother.Getting the state of vote tallying as an API user
This needs to be done in jormungandr too, of course, but I removed the
Optionfrom theVoteProposalStatus.There is only one thing that I'd like to clarify here, the
total_stakein the private tally is now taken at the moment thestatusesare requested. I didn't want to store it from the beginning for the same thing I mentioned above, if there areMintTokencertificates processed after theVotePlanthen we won't consider them, unless we add some extra code to handle that case inLedger::new.I don't expect this to be a performance concern at the moment, since we likely won't have that many tokens, but it depends on how often the statuses are requested too. Although, to be honest, I'm not quite convinced the
total_stakeshould be part of the tally state, but I guess it's coupled for pragmatic reasons.