microsoft / CCF

@achamayou correctly observes that we claim that trace validation only logs variable values that are constant in space. However, committable_indices, is not constant in space. While it is unlikely for committable_indices to grow prohibitively large outside of pathological behaviors, state.h should only log committable_indices' lower and upper bound.

CCF/src/consensus/aft/impl/state.h

Line 202 in 6f50f18

committable_indices);

Due to the way how Traceccfraft has been defined, this change should be isolated to state.h, i.e., the implementation, unless the json format changes substantially

CCF/tla/consensus/Traceccfraft.tla

Line 192 in 6f50f18

    
           /\ Range(logline.msg.state.committable_indices) \subseteq CommittableIndices(logline.msg.state.node_id)

Only log lower and upper bounds of `committable_indices` to correct claim that we only log variables values constant in space.