I would be grateful for any tips on how to define the ancestor relation, or how to avoid the bug.
Extend(A) == A \cup { <<b,c>> \in Blocks \X Blocks: <<b,prev[c]>> \in A }
A0 == { <<b,c>> \in Blocks \X Blocks: b=c }
ancestors[i \in Nat] == IF i=0 THEN A0
ELSE Extend(ancestors[i-1])
Ancestor(b,c) == /\ height[b] <= height[c]
/\ height[c] - height[b] \in Nat
/\ <<b,c>> \in ancestors[height[c] - height[b]]
My complete tree specification can be found here:
https://github.com/leandernikolaus/hotstuff-ivy/blob/master/Tree.tlaThanks,
Leander