Fraud proof naming, test & comment cleanups #3369
Conversation
teor2345
requested review from
NingLin-P,
vedhavyas and
nazar-pc
as code owners
| pub is_true_invalid_fraud_proof: bool, | ||
| /// If `true`, the fraud proof must prove the local bundle is invalid. | ||
| /// If `false`, the fraud proof must prove the remote's claimed invalid bundle is wrong. | ||
| pub prove_local_is_invalid_fraud_proof: bool, |
There was a problem hiding this comment.
local does not signify what you mean here.
What this actually means is whether we are proving if a bundle is actually invalid or prove if the invallid marked bundle is actually valid
There was a problem hiding this comment.
Yeah, both TrueInvalid and FalseInvalid are attested against a (remote) ER, TrueInvalid means the fraud proof needs to prove something the ER claimed is valid is actually invalid, FalseInvalid means the fraud proof needs to prove something the ER claimed is invalid is actually valid.
Local/remote is a bit more confusing to me, because the meaning changed in different places (e.g. in the domain node when generating FP vs in the consensus node when verifying FP).
There was a problem hiding this comment.
I changed it to:
- use_bundle_is_invalid_fraud_proof
- InvalidProofIsWrong
- InvalidProofIsCorrect
- ValidBundleContents
There was a problem hiding this comment.
Still, I prefer the original TrueInvalid/FalseInvalid, because the BundleMismatchType is about the mismatch of the BundleValidity in the ER, while use_bundle_is_invalid_fraud_proof seems to claim a bundle is valid or not and InvalidProofIsWrong/InvalidProofIsCorrect seems to claim "there is a proof of invalidity and it is correct/wrong"
There was a problem hiding this comment.
Ok, I see your point. But I'm still not quite understanding the code from the type names, the existing comments, and your explanations. So maybe we could make some improvements here?
Here's what I find confusing:
TrueInvalidis confusing English grammar, which makes it harder for me to understand what it meansis_true_invalid_fraud_proof: boolis both confusing grammar, and an unusual use of types, so it's hard for me to work out what the double negativeis_true_invalid_fraud_proof: falsemeansBundleMismatchTypeis a negative, which makesBundleMismatchType::FalseInvalida confusing double-negative
Would you be happy with these name changes?
- is_true_invalid_fraud_proof -> is_{good,correct,accurate,(nothing)}_invalid_fraud_proof
- TrueInvalid -> {Good,Correct,Accurate,(nothing)}Invalid
- FalseInvalid -> {Bad,Wrong,Faulty}Invalid
- Valid -> ValidBundleContents
There was a problem hiding this comment.
So maybe we could make some improvements here?
Definitely! The above suggestion looks good to me as they reflect "the mismatch of the BundleValidity", feel free to choose one you think is the best, and thanks for being patient!
| pub is_true_invalid_fraud_proof: bool, | ||
| /// If `true`, the fraud proof must prove the local bundle is invalid. | ||
| /// If `false`, the fraud proof must prove the remote's claimed invalid bundle is wrong. | ||
| pub prove_local_is_invalid_fraud_proof: bool, |
There was a problem hiding this comment.
Yeah, both TrueInvalid and FalseInvalid are attested against a (remote) ER, TrueInvalid means the fraud proof needs to prove something the ER claimed is valid is actually invalid, FalseInvalid means the fraud proof needs to prove something the ER claimed is invalid is actually valid.
Local/remote is a bit more confusing to me, because the meaning changed in different places (e.g. in the domain node when generating FP vs in the consensus node when verifying FP).
teor2345
force-pushed
the
invalid-fp-test-tweaks
branch
from
de3dd60 to
786d5fc
Compare
teor2345
force-pushed
the
invalid-fp-test-tweaks
branch
from
332eef9 to
13df0e2
Compare
| pub is_true_invalid_fraud_proof: bool, | ||
| /// If `true`, the fraud proof must prove the local bundle is invalid. | ||
| /// If `false`, the fraud proof must prove the remote's claimed invalid bundle is wrong. | ||
| pub prove_local_is_invalid_fraud_proof: bool, |
There was a problem hiding this comment.
Ok, I see your point. But I'm still not quite understanding the code from the type names, the existing comments, and your explanations. So maybe we could make some improvements here?
Here's what I find confusing:
TrueInvalidis confusing English grammar, which makes it harder for me to understand what it meansis_true_invalid_fraud_proof: boolis both confusing grammar, and an unusual use of types, so it's hard for me to work out what the double negativeis_true_invalid_fraud_proof: falsemeansBundleMismatchTypeis a negative, which makesBundleMismatchType::FalseInvalida confusing double-negative
Would you be happy with these name changes?
- is_true_invalid_fraud_proof -> is_{good,correct,accurate,(nothing)}_invalid_fraud_proof
- TrueInvalid -> {Good,Correct,Accurate,(nothing)}Invalid
- FalseInvalid -> {Bad,Wrong,Faulty}Invalid
- Valid -> ValidBundleContents
teor2345
force-pushed
the
invalid-fp-test-tweaks
branch
from
13df0e2 to
2966cb0
Compare
| /// Proof data of the invalid bundle | ||
| /// If `true`, the fraud proof must prove the bundle was correctly marked invalid. | ||
| /// If `false`, it must prove the bundle was marked invalid, but is actually valid. | ||
| pub is_good_invalid_fraud_proof: bool, |
There was a problem hiding this comment.
Honestly, I would prefer the previous naming itself.
Here is my thought process
is_true_invalid_fraud_proofsignifies whether fraud proof is targetting a truly invalid bundle or if false signifies if targetting a proof to show incorrectly marked invalid bundle.
When it comes to is_good_invalid_fraud_proof, I'm not sure, without context, understand what good signifies here unlike TrueInvalid which brings more context self contained.
It could be that my grammer maybe off here.
I do not want to block this PR on this name change but in the past there was a similar dicussion and final result ended up being going with True Prefix since the variants in it are just 2 and easily understood
There was a problem hiding this comment.
Oops, looks like this already merged.
Yep, naming things is hard, particularly when we have multiple layers of negatives: “fraud”, “invalid”, and then the bool possibly being false.
It might be there is no perfect solution here, happy to have it changed back to “truly” (which is different enough from a true bool to make it a bit easier).
How to review this PR
The real diff starts at aa63e5d, the other commits are from the
mainbranch. (They'll disappear once #3368 merges.)What it does
This PR refactors some fraud proof code so it's easier to use and understand:
HashingForrather than complex trait type paths (some added in Fix inconsistency of bundle digest generation and add invalid fraud proof integration test #3368)IsFalseInvalidbecause double negatives are confusing, and make comments clearerignore_invalid_proofargument in production builds (added in Fix inconsistency of bundle digest generation and add invalid fraud proof integration test #3368)Code contributor checklist: