diff options
author | Pieter Wuille <pieter.wuille@gmail.com> | 2016-03-02 05:37:51 +0100 |
---|---|---|
committer | Pieter Wuille <pieter.wuille@gmail.com> | 2016-03-02 05:38:06 +0100 |
commit | a4493063735f2e221f7a2c8d032bb172c8498147 (patch) | |
tree | 75455da2c2b904681c956d6bd6a94fca630076a2 /bip-0009.mediawiki | |
parent | c8d5aea72b0bd9b39646b0f376a0ca0e2ca4ea11 (diff) |
Remove ABANDONED and fix ambiguity
Diffstat (limited to 'bip-0009.mediawiki')
-rw-r--r-- | bip-0009.mediawiki | 33 |
1 files changed, 16 insertions, 17 deletions
diff --git a/bip-0009.mediawiki b/bip-0009.mediawiki index 856db7a..e6be63a 100644 --- a/bip-0009.mediawiki +++ b/bip-0009.mediawiki @@ -29,11 +29,11 @@ Each soft fork deployment is specified by the following per-chain parameters (fu # The '''starttime''' specifies a minimum median time past of a block at which the bit gains its meaning. # The '''timeout''' specifies a time at which the deployment is considered failed. If the median time past of a block >= timeout and the soft fork has not yet locked in (including this block's bit state), the deployment is considered failed on all descendants of the block. -No two deployments may use the same bit if they have overlapping starttime-timeout periods. - The starttime should be set to some date in the future, coordinates with software release date. This is to prevent triggers as a result of parties running pre-release software. The timeout should be set a reasonable time after the -starttime. Setting it to 3 years after the starttime would allow around 9 deployments to be initiated every year. +starttime. A later deployment using the same bit is possible as long as its starttime is after the previous one's +timeout. This means that by setting it to 3 years after the starttime would allow around 9 deployments to be initiated +every year. ====States==== @@ -44,7 +44,6 @@ With each block and soft fork, we associate a deployment state. The possible sta # '''LOCKED_IN''' for one retarget period after the first retarget period with STARTED blocks of which at least threshold have the associated bit set in nVersion. # '''ACTIVE''' for all blocks after the LOCKED_IN retarget period. # '''FAILED''' for one retarget period past the timeout time, if LOCKED_IN was not reached. -# '''ABANDONED''' for all blocks after the FAILED retarget period. ====Bit flags==== @@ -84,7 +83,7 @@ Otherwise, the next state depends on the previous state: switch (GetStateForBlock(GetAncestorAtHeight(block, block.height - 2016))) { We remain in the initial state until either we pass the start time or the timeout. GetMedianTimePast in the code below -refers to the median nTime of the 11 blocks preceeding a given block. +refers to the median nTime of the 11 blocks preceeding a given block (referred to as MTP in the diagram above). case DEFINED: if (GetMedianTimePast(block) >= timeout) { @@ -95,10 +94,16 @@ refers to the median nTime of the 11 blocks preceeding a given block. } return DEFINED; -When in STARTED state, we tally the bits set, and can transition to LOCKED_IN if we pass the threshold. Alternatively, -the timeout can trigger. Note that a block's state never depends on its own nVersion; only on that of its ancestors. +After a period in the STARTED state, if we're past the timeout, we switch to FAILED. If not, we tally the bits set, +and transition to LOCKED_IN if we pass the threshold. The transaction to FAILED takes precendence, as otherwise there +could be two non-overlapping deployments on the same bit, where the first one transitions to LOCKED_IN and the other +to STARTED, which would mean both would demand setting the bit. Note that a block's state never depends on its own +nVersion; only on that of its ancestors. case STARTED: { + if (GetMedianTimePast(block) >= timeout) { + return FAILED; + } int count = 0; walk = block; for (i = 0; i < 2016; i++) { @@ -110,26 +115,20 @@ the timeout can trigger. Note that a block's state never depends on its own nVer if (count >= threshold) { return LOCKED_IN; } - if (GetMedianTimePast(block) >= timeout) { - return FAILED; - } } -After a retarget period of LOCKED_IN or FAILED, we automatically transition to ACTIVE and ABANDONED, respectively. +After a retarget period of LOCKED_IN, we automatically transition to ACTIVE. case LOCKED_IN: return ACTIVE; - case FAILED: - return ABANDONED; - -And ACTIVE and ABANDONED are terminal states, which a deployment stays in once they're reached. +And ACTIVE and FAILED are terminal states, which a deployment stays in once they're reached. case ACTIVE: return ACTIVE; - case ABANDONED: - return ABANDONED; + case FAILED: + return FAILED; } } |