Return-Path: <rusty@ozlabs.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0FD7C103E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jan 2018 11:24:02 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from ozlabs.org (ozlabs.org [103.22.144.67])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E3FC112E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jan 2018 11:23:59 +0000 (UTC)
Received: by ozlabs.org (Postfix, from userid 1011)
	id 3zG8sn6Z27z9sNr; Tue,  9 Jan 2018 22:23:57 +1100 (AEDT)
From: Rusty Russell <rusty@rustcorp.com.au>
To: "Bitcoin Protocol Discussion" <bitcoin-dev@lists.linuxfoundation.org>
Date: Tue, 09 Jan 2018 21:52:18 +1030
Message-ID: <87608btgyd.fsf@rustcorp.com.au>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Russell O'Connor <roconnor@blockstream.com>,
	Kalle Alm <kalle.alm@gmail.com>
Subject: [bitcoin-dev] BIP 117 Feedback
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 11:24:02 -0000

I've just re-read BIP 117, and I'm concerned about its flexibility.  It
seems to be doing too much.

The use of altstack is awkward, and makes me query this entire approach.
I understand that CLEANSTACK painted us into a corner here :(

The simplest implementation of tail recursion would be a single blob: if
a single element is left on the altstack, pop and execute it.  That
seems trivial to specify.  The treatment of concatenation seems like
trying to run before we can walk.

Note that if we restrict this for a specific tx version, we can gain
experience first and get fancier later.

BIP 117 also drops SIGOP and opcode limits.  This requires more
justification, in particular, measurements and bounds on execution
times.  If this analysis has been done, I'm not aware of it.

We could restore statically analyzability by rules like so:
1.  Only applied for tx version 3 segwit txs.
2.  For version 3, top element of stack is counted for limits (perhaps
    with discount).
3.  The blob popped off for tail recursion must be identical to that top
    element of the stack (ie. the one counted above).

Again, future tx versions could drop such restrictions.

Cheers,
Rusty.