-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Governance: TLA Codelink for refresh_neuron #3547
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this pull request affects the behavior of any canister owned by
the Governance team, remember to update the corresponding
unreleased_changes.md file(s).
To acknowldge this reminder (and unblock the PR), dismiss this
code review by going to the bottom of the pull request page, and
supply one of the following reasons:
-
Done.
-
No canister behavior changes.
No canister behavior changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, I think there are a couple of simplifications that can be made though (see comments)
@@ -6325,6 +6327,7 @@ impl Governance { | |||
)?; | |||
|
|||
// Get the balance of the neuron from the ledger canister. | |||
tla_log_locals! { account: tla::account_to_tla(account), neuron_id: nid.id }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need the account here (and in the model)? AFAICT you can derive it from the global state (neuron
in the model).
OP_ACCOUNT_BALANCE == "account_balance" | ||
ACCOUNT_BALANCE_FAIL == "Err" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These seem unused? And if you get rid of the account
local variable I think you can also get rid of DUMMY_ACCOUNT
.
if(answer.response /= Variant("Fail", UNIT)) { | ||
with (b = VariantGetOrElse("BalanceQueryOk", answer.response, 0)) { | ||
if(b >= MIN_STAKE) { | ||
neuron := [neuron EXCEPT ![neuron_id] = [@ EXCEPT !.cached_stake = b] ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently you can also write
neuron := [neuron EXCEPT ![neuron_id] = [@ EXCEPT !.cached_stake = b] ] | |
neuron := [neuron EXCEPT ![neuron_id].cached_stake = b ] |
(I wasn't aware of this syntax before).
Also, I'm thinking that we may want to have an invariant that the cached stake of a neuron subaccount doesn't go below min stake... Though I'm not sure if this always holds or we'd need some side conditions on it (for example, if the user deposits less than MIN_STAKE
and tries to create a neuron, maybe it's temporarily violated)
Instrument refresh_neuron and its tests for TLA Code Link, add TLA model for refresh neuron.