Closed carlhammann closed 1 year ago
This is now ready for a first round of comments. My stopping criterion was that the direct, Contract
and Staged
monads compile with the new TxSkel
type. The two main design goals that led to its current form are as follows:
Eq
instance should define a congruence on the Monoid
of TxSkel
s.toLedgerConstraint
should be injective.Both of these assertions are tested with QuickCheck in Cooked.Tx.Constraints.TypeSpec
, but the test of the second property has a stack overflow that I don't yet understand. If anyone can help me diagnose it, that would be much appreciated.
I would mostly like feedback on conceptual content of the module Coocked.Tx.Constraints.Type
, since that's where the meat is. If you have remarks on the other changes, they're welcome as well.
Here are some unordered thoughts for next steps:
toLedgerConstraint :: TxSkel -> LedgerConstraint Void
is injective is good, but testing that runMockChain . generateTx' :: TxSkel -> Either MockChainError (([Pl.PaymentPubKeyHash], Pl.Tx), UtxoState)
returns different transactions for different TxSkel
s would be even better. The problem with this approach is that the generators I have written so far generate TxSkel
s that pass the latter function (in the sense that it does not return a MockChainError
) with a very low probability, so that QuickCheck just gives up after discarding almost all tests (more than 99% of them, on most runs).
TxSkel
s with certain properties, both to write tests for cooked and to write "fuzz" tests for contracts. That could also be an interesting source of Tweak
s.TxSkel
s is very different, so it's not surprising that the corresponding LedgerConstraint
s are different. We should test a few examples of only slightly different TxSkel
s.Eq
and Ord
instances for TxSkel
and friends along the lines of
instance Ord TxSkel where
compare = someSuitableCompare `on` toLedgerConstraint @_ @Void
thus making toLedgerConstraint
injective by definition?
TxSkel
s? Almost certainly, we won't be able to generate all transactions in the sense of ==
, since the representations used by plutus-apps have lists in places where sets are the actual meaning, but how do we test that we can hit one member of each "equivalence class for transaction validation"? (How to even make this notion precise?)TxSkel
? This would be truer to the idea that transaction skeletons are "transactions with holes", and that the holes are filled at transaction generation time. The role of the _txSkelOpts
should in my opinion be to control transaction generation, and it seems strange to me that the collateral "hole" should be part of them._txSkelRequiredSigners
are translated into MustBeSignedBy
constraints by the toLedgerConstraint
translation. Additional signers derived from the MockChainEnv
are added later in the transaction generation process. I'm not yet sure I've understood all of the subtleties involved, and consequently I'm not sure what information is needed on the TxSkel
.
This is a draft for now; a real solution should at least close #173, #168, #165, #164, and #129.