Change the way SPO votes are counted

[williamdemeo]

Description

This closes issue #578.

Checklist

• Commit sequence broadly makes sense and commits have useful messages
• Any semantic changes to the specifications are documented in CHANGELOG.md
• Code is formatted according to CONTRIBUTING.md
• Self-reviewed the diff

[WhatisRT]

Sorry, what actually needs to be done here is a bit more complicated. DState.voteDelegs needs to be available to actualSPOVotes. Then, if you have a credVoter SPO c, you need to lookup c in voteDelegs and the result of that lookup is the default vote.

[williamdemeo]

@WhatisRT @Lucsanszky I've revised the SPO default vote function. I think it's correct now, but let me know if you notice anything wrong with it. Thanks!

[Lucsanszky]

@WhatisRT @williamdemeo conformance is still failing for me. I had a better look at the ledger implementation (here's my PR which updates the SPO vote counting: IntersectMBO/cardano-ledger#4659) and the spec. To me it seems like that they indeed don't really match. In the implementation, we check if the SPO's reward address is delegated to an AlwaysAbstain or an AlwaysNoConfidence DRep. See: https://github.com/IntersectMBO/cardano-ledger/pull/4659/files#diff-d479e8ce99ea392464360b8cea0bb7c42e04863929fd3f4ae4c92dd5742e535cR222-R223
That is, on top of DState.voteDelegs, PState.pools needs to be available to actualSPOVotes as well, so we can first lookup the pool parameters of the given pool in pools, grab the reward address and look that up in voteDelegs. Unless:

1. My implementation is wrong.
2. I misunderstand something here as I'm not too familiar with Agda and the spec and somehow the c in credVoter SPO c is the reward address of the given pool.

[williamdemeo]

@Lucsanszky Your description seems reasonable to me. I'll go ahead and try to change the Agda code to match your understanding of how the policy should be implemented. I'll let you know when the changes are done.

[williamdemeo]

@Lucsanszky I believe Ratify.lagda now agrees with the implementation as you describe it above. Thanks for the feedback. Let me know how the conformance tests go.

[Lucsanszky]

At a first glance, this looks good! Unfortunately, conformance is still failing but that could be because of something else (and I have an idea why). Anyways, I'll wait for @WhatisRT's approval. Thanks!

[Lucsanszky]

At a first glance, this looks good! Unfortunately, conformance is still failing but that could be because of something else (and I have an idea why). Anyways, I'll wait for @WhatisRT's approval. Thanks!

Okay, conformance passes. :) I opened a PR which also adds your changes to the conformance files, feel free to cherry pick the commits. Also, I took the liberty to slightly change your specification and opted not to pass in the complete CertState to RatifyEnv. I think it's better to be more specific with what we need and also helps with the conformance tests on the cardano-ledger side.

[williamdemeo]

Looks good. Thanks @Lucsanszky! I've merged your mods into this PR, so you can close your PR.

Andre's changes were addressed last week and he has been indisposed and busy with other things since then.

[Lucsanszky]

LGTM, thanks! 👍

[WhatisRT]

This lookup is incorrect, you just need to lookup c in pools (if it is a KeyHash).

[williamdemeo]

That's good to know, thanks. If there is a particular place in a prior version of the spec or a CIP that would have helped me understand this better so that I wouldn't have made this mistake, please advise.

[WhatisRT]

Not really. It's just that lookupᵐ? pools c is the PoolParams associated to c and contains c's RewardAddr, which is what you want. As the code is written here, it gives you the PoolParams of the pool that c is delegating to which could be any random pool.

[williamdemeo]

I see. Thanks for the explanation. Very helpful. 👍🏼

[WhatisRT]

Why did you un-hide the λ where? It just makes the PDF more confusing to people who don't know Agda.

[williamdemeo]

For some reason, the only way I could get the TeX to compile without the "missing parameter l" error was to expose the λ where here and above. I tried many permutations of exposing and hiding various parts of the code, and the one I ended up with was the closest to what we want while still getting the pdf to compile without error.

[WhatisRT]

It's probably just this bug again: agda/agda#7290

You probably just need to indent the clauses of the λ where a bit more.

[williamdemeo]

Yes, it's exactly that bug. I tried indenting all sorts of ways, but I'll try again to get it to compile while hiding all the λ wheres and I'll also fix the bug in getPoolParams, of course.

[WhatisRT]

Those λ wheres should be hidden as well

[WhatisRT]

Sorry, this is incorrect, and the implementation is probably too (if this is what makes conformance tests pass). Also, looking at this it would make much more sense to just use the credential of the stake pool itself instead of the reward account. Why should voting & setting the default for the vote require 2 different credentials?

[lehins]

looking at this it would make much more sense to just use the credential of the stake pool itself instead of the reward account.

It is too late to change implementation. cardano-node-10.x has already been released, which means at this point any discrepancies will have to be changed in the spec, instead of implementation.

Why should voting & setting the default for the vote require 2 different credentials?

Why would Stake Pool private key be used for both managing a pool and registering a stake credential?