[Dijkstra] resolve ambiguity: visibility of reference inputs #1014
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
80b3f68 to
e43b258
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR resolves the ambiguity in the Dijkstra specification (issue #1005) regarding the visibility of reference inputs in batch transactions. It establishes a clear distinction between spending inputs (which must exist in the initial UTxO snapshot) and reference inputs (which may additionally point to outputs from preceding sub-transactions in the batch).
Key changes:
- Introduce two UTxO views:
utxoSpend₀(initial snapshot) andutxoRefView(evolving view for reference lookups) - Update transaction body structure to replace
txRequiredGuardswithtxGuardsand addreqSignerHashesfield - Extend
TxInfowithtxInfoSubTxsfield and introduce purpose-specifictxInfoForPurposefunction - Add minimal UTXO and UTXOW skeleton transition systems for Dijkstra phase-1 checks
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
src/Ledger/Dijkstra/Specification/Utxow.lagda.md |
New skeleton wrapper around UTXO transition for witnessing layer |
src/Ledger/Dijkstra/Specification/Utxo.lagda.md |
New skeleton UTXO transition with phase-1 guard satisfaction check |
src/Ledger/Dijkstra/Specification/Transaction.lagda.md |
Major updates: dual UTxO views, renamed guard fields, updated function signatures, comprehensive validity documentation |
src/Ledger/Dijkstra/Specification/Script/Validation.lagda.md |
Updated ScriptPurpose, TxInfo structure with guards/subTxs, dual UTxO parameters for script lookups |
src/Ledger/Dijkstra/Specification/Abstract.lagda.md |
Updated indexOfGuard signature to use Credential and List Credential |
src/Ledger/Dijkstra/Specification.lagda.md |
Added module imports for new Utxo and Utxow specifications |
src/Ledger/Conway/Specification/Utxow.lagda.md |
Fixed source_path metadata from .lagda to .lagda.md |
src/Ledger/Conway/Specification/Utxo.lagda.md |
Added missing metadata header |
CHANGELOG.md |
Documented all semantic changes to transaction structure and validation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
4 tasks
1 task
williamdemeo
changed the base branch from
master
to
1004-dijkstra-implement-txinfo-rules-for-guards
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
db4a1bc to
7ccd947
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
d2e681c to
0e6ef2c
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
7ccd947 to
8063211
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
0e6ef2c to
20498dc
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
8063211 to
72b806c
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
20498dc to
0eb3c68
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
72b806c to
c0dc0cf
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
0eb3c68 to
58fc737
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
c0dc0cf to
46039b7
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
58fc737 to
d9fd7b5
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
36b6346 to
56f60be
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
d9fd7b5 to
f2f9003
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
2 times, most recently
from
26c20b0 to
c070f60
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
c070f60 to
ce58826
Compare
williamdemeo
force-pushed
the
1004-dijkstra-implement-txinfo-rules-for-guards
branch
from
38786dc to
3990eed
Compare
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
ce58826 to
8418eed
Compare
Base automatically changed from
1004-dijkstra-implement-txinfo-rules-for-guards
to
master
January 12, 2026 16:09
+ Remove contradiction between "ref inputs may refer to earlier tx outputs in the batch" vs "all inputs must exist before applying any tx in the batch." The new text punts the exact constraint to the UTxO rules (where it belongs). + Fix Plutus bullet (old "nor earlier versions" reads like "no Plutus at all"). + Align fees with current Agda (`txFee : InTopLevel …`), but leave room for later CIP-driven updates.
Also highlight that `getDatum` gets the datum of the spent output (look up `txin` in the UTxO; if the output stores a datum hash, look it up in `DataOf tx`). It's a spending-input datum lookup (not a reference-input datum lookup).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
williamdemeo
force-pushed
the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
from
a636905 to
9b4798b
Compare
williamdemeo
deleted the
1005-dijkstra-cip-0118-ambiguity-visibility-of-reference-inputs
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Stacked PR. The branch for this PR should be rebased on
masteronce PR #1012 is merged.This PR closes issue #1005 by adopting the following interpretation and approach in the Dijkstra spec, resolving the apparent ambiguity in the CIP and matches the "preceding Tx outputs" intent:
Spending inputs (i.e., the ones that are actually consumed) must be present in the initial UTxO snapshot for the batch (the "mempool safety" constraint).
Reference inputs are allowed to refer to:
Reference lookup uses an evolving (tentative) UTxO view, computed by applying prior subtransaction effects for lookup only (still no commitment to change state until the batch succeeds).
This makes the two CIP statements mentioned in Issue #1005 simultaneously true by reading "inputs" as "spending inputs," while still enabling the specific "ref scripts from preceding outputs" behavior the CIP explicitly mentions.
Moreover, we change type signatures where necessary to allow for the two UTxO views:
utxoSpend₀, the initial (static) UTxO;utxoRefView, the evolving UTxO.Checklist
CHANGELOG.md