erikinkinen/AES
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Activity Actions

Phase 1: Strategy equivalence and sanity checks #74

Merged
erikinkinen merged 3 commits from 1-strategy-equivalence-and-sanity-checks into main 2026-03-06 10:35:07 +01:00
Conversation 0 Commits 3 Files changed 3 +673
erikinkinen commented 2026-03-06 10:32:56 +01:00
Owner
Copy link

Closes #34

Summary

This PR adds Phase 1 strategy equivalence and sanity checks to ensure strategy differences are intentional and stable, without changing runtime behavior.

It introduces a dedicated test suite and documentation updates for:

  • eager vs lineage target-set differences on canonical simple graphs,
  • lazy (lazy_invalidate) vs epoch (epoch_indirection) shared direct-target behavior equivalence,
  • explicit intentional descendant divergence between lazy and epoch strategies,
  • strategy-local over-revocation soundness checks via the post-revocation oracle.

Scope

Included

  • New test executable: aes_strategy_equivalence_tests
  • New test file: tests/strategy_equivalence_tests.cpp
  • Test coverage for:
    • canonical eager/lineage vector comparisons,
    • selector normalization determinism,
    • lazy/epoch shared direct-target equivalence,
    • lazy/epoch repeat determinism,
    • intentional lazy vs epoch descendant divergence,
    • eager strategy oracle soundness (over_removed_edges == []),
    • lazy/epoch no-delete revoke sanity (removed_edges=[], edges_removed=0)
  • docs/phase1.md updates for #34 equivalence/sanity rules

Explicitly excluded

  • No production API changes
  • No runtime logic changes
  • No event-log version/schema changes

Design intent

The purpose is to lock behavior expectations so strategy differences are treated as deliberate semantics, not regressions.

  • Eager vs lineage differences are asserted with explicit ordered vectors.
  • Lazy and epoch are required to match on shared direct-target externally visible behavior.
  • Lazy vs epoch descendant behavior is pinned as intentionally different.
  • Over-revocation is guarded with strategy-local oracle soundness checks for eager-delete strategies.

Verification

  • cmake --build _build --target aes_strategy_equivalence_tests aes_revocation_strategy_tests aes_engine_tests aes_revocation_oracle_tests aes_event_log_replay_tests aes_invalid_event_determinism_tests
  • ctest --test-dir _build --output-on-failure -R "aes_strategy_equivalence_tests|aes_revocation_strategy_tests|aes_engine_tests|aes_revocation_oracle_tests|aes_event_log_replay_tests|aes_invalid_event_determinism_tests"

All listed tests passed.

Notes for review

  • Validate canonical expected vectors and order-sensitivity in strategy_equivalence_tests.
  • Validate strategy-local oracle usage for over-revocation checks.
  • Validate lazy/epoch shared direct-target parity assertions and explicit descendant divergence assertion.
Closes #34 --- ## Summary This PR adds Phase 1 strategy equivalence and sanity checks to ensure strategy differences are intentional and stable, without changing runtime behavior. It introduces a dedicated test suite and documentation updates for: - eager vs lineage target-set differences on canonical simple graphs, - lazy (`lazy_invalidate`) vs epoch (`epoch_indirection`) shared direct-target behavior equivalence, - explicit intentional descendant divergence between lazy and epoch strategies, - strategy-local over-revocation soundness checks via the post-revocation oracle. --- ## Scope ### Included - New test executable: `aes_strategy_equivalence_tests` - New test file: `tests/strategy_equivalence_tests.cpp` - Test coverage for: - canonical eager/lineage vector comparisons, - selector normalization determinism, - lazy/epoch shared direct-target equivalence, - lazy/epoch repeat determinism, - intentional lazy vs epoch descendant divergence, - eager strategy oracle soundness (`over_removed_edges == []`), - lazy/epoch no-delete revoke sanity (`removed_edges=[]`, `edges_removed=0`) - `docs/phase1.md` updates for #34 equivalence/sanity rules ### Explicitly excluded - No production API changes - No runtime logic changes - No event-log version/schema changes --- ## Design intent The purpose is to lock behavior expectations so strategy differences are treated as deliberate semantics, not regressions. - Eager vs lineage differences are asserted with explicit ordered vectors. - Lazy and epoch are required to match on shared direct-target externally visible behavior. - Lazy vs epoch descendant behavior is pinned as intentionally different. - Over-revocation is guarded with strategy-local oracle soundness checks for eager-delete strategies. --- ## Verification - [x] `cmake --build _build --target aes_strategy_equivalence_tests aes_revocation_strategy_tests aes_engine_tests aes_revocation_oracle_tests aes_event_log_replay_tests aes_invalid_event_determinism_tests` - [x] `ctest --test-dir _build --output-on-failure -R "aes_strategy_equivalence_tests|aes_revocation_strategy_tests|aes_engine_tests|aes_revocation_oracle_tests|aes_event_log_replay_tests|aes_invalid_event_determinism_tests"` All listed tests passed. --- ## Notes for review - Validate canonical expected vectors and order-sensitivity in `strategy_equivalence_tests`. - Validate strategy-local oracle usage for over-revocation checks. - Validate lazy/epoch shared direct-target parity assertions and explicit descendant divergence assertion.
erikinkinen added this to the Phase 1 milestone 2026-03-06 10:32:56 +01:00
Phase 1: Assert no over-revocation occurs (#74)
All checks were successful
ci / smoke (push) Successful in 19s
Details
clang-format / check-format (push) Successful in 9s
Details
markdownlint / markdown-lint (push) Successful in 9s
Details
ci / smoke (pull_request) Successful in 19s
Details
clang-format / check-format (pull_request) Successful in 9s
Details
markdownlint / markdown-lint (pull_request) Successful in 10s
Details
10044ff4e3
erikinkinen force-pushed 1-strategy-equivalence-and-sanity-checks from 10044ff4e3
All checks were successful
ci / smoke (push) Successful in 19s
Details
clang-format / check-format (push) Successful in 9s
Details
markdownlint / markdown-lint (push) Successful in 9s
Details
ci / smoke (pull_request) Successful in 19s
Details
clang-format / check-format (pull_request) Successful in 9s
Details
markdownlint / markdown-lint (pull_request) Successful in 10s
Details
to f29c5221e8
All checks were successful
ci / smoke (push) Successful in 19s
Details
clang-format / check-format (push) Successful in 10s
Details
markdownlint / markdown-lint (push) Successful in 9s
Details
ci / smoke (pull_request) Successful in 19s
Details
clang-format / check-format (pull_request) Successful in 9s
Details
markdownlint / markdown-lint (pull_request) Successful in 9s
Details
2026-03-06 10:33:40 +01:00 Compare
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

   
cli

   
core

   
docs

   
event

   
experiment

   
figure

   
invariant

   
metrics

   
oracle

   
phase-0

   
phase-1

   
phase-2

   
phase-3

   
phase-4

   
phase-5

   
phase-6

   
provenance

   
revocation

   
tests

   
workload
No labels
bug
cli
core
docs
event
experiment
figure
invariant
metrics
oracle
phase-0
phase-1
phase-2
phase-3
phase-4
phase-5
phase-6
provenance
revocation
tests
workload
Milestone
Clear milestone
No items
No milestone
Phase 1
Projects
Clear projects
No items
No project
AES — Active Workboard
Assignees
Clear assignees
No assignees
erikinkinen
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
erikinkinen/AES!74
No description provided.