jordan/tidaldb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a0a33f4d9a
tidaldb/docs/planning/milestone-8/phase-3/task-06-reconciliation-property-tests.md
jordan f4cfd6c81f feat: complete M8 replication primitives + forage enhancements + docs 
Milestone 8 (phases 1-4):
- Shard-aware WAL segment naming, BatchHeader v2, ShardRouter
- Transport trait, InProcessTransport, WalShipper, FollowerDb
- HLC, PNCounter, LWWRegister, CrdtSignalState, ReconciliationEngine
- Session replication bridge with SeqNo/HWM, idempotency store

Forage application:
- Multi-source discovery engine with MAB exploration
- Embedding-based label system, server handlers, UI refresh

Other:
- QUICKSTART.md, README.md, milestone-8 planning docs
- Hard negative union semantics, RLHF export enhancements
- Recovery benchmark and visibility test expansions
- Split 8 oversized source files per CODING_GUIDELINES §9

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 13:17:19 -07:00

125 lines
4.4 KiB
Markdown
Raw Blame History

# Task 06: Reconciliation Property Tests
## Delivers
Property tests in `tidal/tests/m8p3_crdt.rs` verifying: no double-counting after merge, hard negatives never leak, merge is commutative/associative/idempotent across 5 simulated nodes and 100K random operations.
## Complexity: M
## Dependencies
- Tasks 01-05 complete
## Technical Design
```rust
// tidal/tests/m8p3_crdt.rs
use proptest::prelude::*;
use tidaldb::replication::crdt::{PNCounter, LWWRegister, HlcTimestamp};
proptest! {
/// PNCounter merge commutativity.
#[test]
fn pn_counter_commutative(
ops_a in vec((0u16..5, 0u64..1000, bool::arbitrary()), 0..100),
ops_b in vec((0u16..5, 0u64..1000, bool::arbitrary()), 0..100),
) {
let mut a = PNCounter::new();
let mut b = PNCounter::new();
apply_ops(&mut a, &ops_a);
apply_ops(&mut b, &ops_b);
let mut merge_ab = a.clone(); merge_ab.merge(&b);
let mut merge_ba = b.clone(); merge_ba.merge(&a);
prop_assert_eq!(merge_ab.value(), merge_ba.value());
}
/// PNCounter merge idempotency.
#[test]
fn pn_counter_idempotent(
ops in vec((0u16..5, 0u64..1000, bool::arbitrary()), 0..100),
) {
let mut counter = PNCounter::new();
apply_ops(&mut counter, &ops);
let original_value = counter.value();
counter.merge(&counter.clone());
prop_assert_eq!(counter.value(), original_value);
}
/// No double-counting: two nodes with disjoint operations.
#[test]
fn pn_counter_no_double_count(
ops_a in vec((0u64..1000u64), 0..50),
ops_b in vec((0u64..1000u64), 0..50),
) {
let mut a = PNCounter::new();
let mut b = PNCounter::new();
let node_a = ShardId(0);
let node_b = ShardId(1);
let expected: u64 = ops_a.iter().sum::<u64>() + ops_b.iter().sum::<u64>();
for &v in &ops_a { a.increment(node_a, v); }
for &v in &ops_b { b.increment(node_b, v); }
a.merge(&b);
prop_assert_eq!(a.value(), expected);
}
/// LWW register commutativity.
#[test]
fn lww_register_commutative(
val_a in 0u8..=1u8,
wall_a in 0u64..1000,
logical_a in 0u32..100,
node_a in 0u16..5,
val_b in 0u8..=1u8,
wall_b in 0u64..1000,
logical_b in 0u32..100,
node_b in 0u16..5,
) {
let ts_a = HlcTimestamp { wall_ns: wall_a, logical: logical_a, node_id: node_a };
let ts_b = HlcTimestamp { wall_ns: wall_b, logical: logical_b, node_id: node_b };
let mut reg_a: LWWRegister<u8> = LWWRegister::empty();
let mut reg_b: LWWRegister<u8> = LWWRegister::empty();
reg_a.write(val_a, ts_a);
reg_b.write(val_b, ts_b);
let mut merge_ab = reg_a.clone(); merge_ab.merge(&reg_b);
let mut merge_ba = reg_b.clone(); merge_ba.merge(&reg_a);
prop_assert_eq!(merge_ab.get(), merge_ba.get());
}
/// Hard negatives never leak: hide always wins over unhide when hide has higher HLC.
#[test]
fn hard_neg_hide_wins_with_higher_hlc(
hide_wall in 100u64..1000,
unhide_wall in 0u64..100,
) {
let ts_hide = HlcTimestamp { wall_ns: hide_wall, logical: 0, node_id: 0 };
let ts_unhide = HlcTimestamp { wall_ns: unhide_wall, logical: 0, node_id: 1 };
let mut reg: LWWRegister<HardNegAction> = LWWRegister::empty();
reg.write(HardNegAction::Hide, ts_hide);
let mut remote: LWWRegister<HardNegAction> = LWWRegister::empty();
remote.write(HardNegAction::Unhide, ts_unhide);
reg.merge(&remote);
prop_assert_eq!(reg.get(), Some(&HardNegAction::Hide));
}
}
```
## Acceptance Criteria
- [ ] `pn_counter_commutative`: 10K proptest cases pass
- [ ] `pn_counter_idempotent`: 10K proptest cases pass
- [ ] `pn_counter_no_double_count`: 10K proptest cases pass (sum of distinct increments == merged value)
- [ ] `lww_register_commutative`: 10K proptest cases pass
- [ ] `hard_neg_hide_wins_with_higher_hlc`: 10K proptest cases pass (hide with higher HLC always wins)
- [ ] Integration test: two `TidalDb` instances process 500 overlapping signals during simulated partition; after `ReconciliationEngine::plan()` + `apply()`, decay scores match ground truth (single-node replay of all events) to 6 decimal places
- [ ] `cargo test --test m8p3_crdt` passes in < 30 seconds
- [ ] `cargo clippy -D warnings` and `cargo fmt` pass
Reference in New Issue View Git Blame Copy Permalink