diff --git a/EIPS/eip-7577.md b/EIPS/eip-7577.md new file mode 100644 index 00000000000000..8997b74a12babc --- /dev/null +++ b/EIPS/eip-7577.md @@ -0,0 +1,110 @@ +--- +eip: 7577 +title: Versioning Scheme for EIPs +description: Use a versioning scheme for EIPs based on changes made to their Specification section. +author: danceratopz (@danceratopz), Ahmad Bitar (@smartprogrammer93) +discussions-to: https://ethereum-magicians.org/t/add-eip-versioning-scheme-for-eips/17295 +status: Draft +type: Meta +created: 2023-12-13 +--- + +## Abstract + +This EIP introduces a versioning scheme for [Standards Track](./eip-1.md#eip-types) EIPs by applying [Semantic Versioning 2.0.0](../assets/eip-7577/semver.md) based on changes made to the EIP's Specification section once its status has changed from `Draft` to `Review`. + +## Motivation + +EIP specifications often receive increasing modifications as more people review them, which is generally the case as client teams start implementing the specifications and the community gains a better understanding of their interaction with the rest of the protocol. These changes can be difficult to track. In particular, as EVM reference tests are often not maintained (and generally not released) by client teams or the EIP's authors, it can be difficult to ascertain whether a release of reference tests is sufficient, or even valid, to test the latest version of an EIP's specifications or the specification as currently implemented by a client. + +This EIP proposes a semantic versioning scheme and an addition of a CHANGELOG section for EIPs that enables clearer communication within the community and allows the scope of a change to be ascertained at first glance. Furthermore, client implementation and testing toolchains can query EIP changes and automatically flag incompatibilities between the EIP's current specification and between client and test implementations. + +## Specification + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. + +Once an EIP has moved out of "Draft" status, it MUST use the EIP versioning scheme outlined below. It MAY already use the versioning scheme in "Draft" status, which could be useful if the specification is actively being implemented. If more than one team is implementing the specification, it is RECOMMENDED to change the EIP's status to "Review". + +The EIP versioning scheme MUST apply the following semantic versioning scheme of `MAJOR.MINOR.PATCH`, based on [Semantic Versioning 2.0.0](../assets/eip-7577/semver.md): + +1. `MAJOR`: A breaking change to the specifications that requires an implementation change and a change to the reference tests. +2. `MINOR`: An addition to the specifications that requires additional implementation and additional test coverage to be added to the reference tests. +3. `PATCH`: Any cosmetic change to, or a reformulation of, the EIP without specification change. + +Before the EIP has moved out of Draft status and is being versioned, the version number MUST initially have `MAJOR` version `0`. + +For every change made to an EIP via a pull request (PR) made to ethereum/EIPs, a new entry MUST be added to the CHANGELOG section of the EIP that outlines the changes made within the PR. This CHANGELOG entry MUST include the following: + +1. A new version number that follows the semantic versioning scheme outlined above. +2. The date when the changes where introduced. +3. The ethereum/EIPs PR number that implements the changes. +4. A line for each change made to the EIP's specifications that includes a short description of the change. + +Additionally, the new version MUST be added to the metadata header of the EIP's markdown file (to a new "version" field), so that it may be easily parsed. + +Tooling MUST be added to the ethereum/EIPs repository to help EIP authors apply the versioning scheme. This tooling SHOULD automatically: + +1. Update the EIP version in the metadata header of the EIP's markdown file. If the EIP's status is changed from "Draft" to "Review", the version MUST be updated to `1.0.0`. +2. Add a new CHANGELOG entry based on the EIP Version and the PR's title. + +To allow the tooling to make these changes, the EIP author MUST indicate the scope of change in one of the commit messages pushed to the PR's branch. The scope is indicated by starting a commit message with ("`[Mm]ajor:`", "`[Mm]inor:`", or "`[Pp]atch`"). Multiple commit messages may contain scopes; in this case, the most severe scope change will be applied. If no scope can be detected in any of the commit messages, merging of the PR is blocked until such a commit message is pushed to the PR. + +## Rationale + +Making the version available in the EIP's metadata header allows for programmatic parsing of the version number by tooling used in reference tests or by client teams. Currently, the execution-spec-tests repository, which contains consensus tests for Ethereum execution clients, implements a rudimentary EIP version checker: EIP spec tests are required to declare the EIP's markdown file digest SHA that the test implementation was based on. The current value of the digest SHA is then polled via the Github API to verify that no changes have occurred since the test implementation. While this provides a warning to test implementers that the EIP has changed, it is clearly of limited use. + +A richer versioning scheme, as defined by this EIP, can provide a lot of value to the testing toolchain. Client teams can provide an interface that reports the EIP version currently implemented and reference tests can specify the version they implement in generated tests as metadata. This allows a test runner to mark tests to xfail (expectedly fail) and issue a warning if the `MAJOR` or `MINOR` versions don't match. It would even be possible to automatically select the correct version of the reference tests to run against a client implementation, although given the pace of Ethereum development, it will likely be impractical to maintain and track multiple versions of tests. + +### Case Study + +This section explores how the versioning scheme would be applied to an existing EIPs recently under active development at the time of writing as an example. + +The history of [EIP-4788](./eip-4788.md) contains many changes to its specification. EIP-4788 was updated to status "Review" on 2023-11-28. This case study assumes, however, that the EIP moved to status "Review" as of 2023-04-11 and updated to version 1.0.0 due to the start of a client team implementation. + +#### Changelog + +- 9.0.1 - 2023-09-26: Update ring buffer size rationale for new ring buffer size, #7786. +- 9.0.0 - 2023-09-26: Post audit tweaks, #7672. + - Verify timestamp is non-zero. + - Make `HISTORY_BUFFER_LENGTH` prime (8191). + - Load calldata once. + - Update `BEACON_ROOTS_ADDRESS`. +- 8.0.1 - 2023-08-28: 4788 cleanups, #7532. +- 8.0.0 - 2023-08-24: Initial stab at v2, #7456. + - Require timestamp input to be exactly 32 bytes. + - Revert if timestamp input does not match stored value (instead of returning zeroed word). + - Remove precompile concept, use regular smart contract with provided bytecode. +- 7.0.3 - 2023-08-01: Mention genesis block with no existing beacon block root case, #7445. +- 7.0.2 - 2023-07-07: Explicitly specify header schema, #7297. +- 7.0.1 - 2023-07-07: Fix typo, #7293. +- 7.0.0 - 2023-07-05: Bound precompile storage, #7178. +- 6.0.1 - 2023-06-13: Clarify header and validity sections, #7179. +- 6.0.0 - 2023-06-12: Update precompile address, #7173. +- 5.0.0 - 2023-05-31: Key beacon roots by root, #7107. +- 4.0.0 - 2023-05-24: Favor stateful precompile over opcode, #7065. +- 3.0.0 - 2023-05-17: Send current slot from CL to avoid timestamp conversions, #7037. +- 2.0.1 - 2023-05-15: Fix typo, #7005. +- 2.0.0 - 2023-05-03: Update opcode to avoid clash, #6980. +- 1.0.1 - 2023-04-13: Minor nits, #6870. +- 1.0.0 - 2023-04-11: Use block roots; update to status "Draft", #6859. + - Update to "Draft" due to client implementation (NethermindEth/nethermind#5476). + - Use block roots instead of state roots. + - Roots are stored keyed by slot. + - Use of ring buffer in state. + - Use header timestamps to derive slot numbers, rather than consume additional header space. +- 0.2.1 - 2023-02-04: Update to status "Stagnant", #6432. +- 0.2.0 - 2022-06-29: Rename "beacon block root" to "beacon state root", #5090. +- 0.1.1 - 2022-05-06: Force usage of included LICENSE file, #5055. +- 0.1.0 - 2022-02-17: Add EIP-4788: Beacon state root in EVM, #4788. + +## Backwards Compatibility + +It is not necessary to retroactively add a CHANGELOG or versions for versions of the EIP prior to the introduction of this EIP. Upon the next change to the EIP's Specification section, the author MUST introduce a CHANGELOG section and a version number that follows the semantic versioning scheme outlined above. + +## Security Considerations + +None. + +## Copyright + +Copyright and related rights waived via [CC0](../LICENSE.md). diff --git a/assets/eip-7577/semver.md b/assets/eip-7577/semver.md new file mode 100644 index 00000000000000..95cf203cefaa20 --- /dev/null +++ b/assets/eip-7577/semver.md @@ -0,0 +1,373 @@ +Semantic Versioning 2.0.0 +============================== + +Summary +------- + +Given a version number MAJOR.MINOR.PATCH, increment the: + +1. MAJOR version when you make incompatible API changes, +1. MINOR version when you add functionality in a backwards compatible + manner, and +1. PATCH version when you make backwards compatible bug fixes. + +Additional labels for pre-release and build metadata are available as extensions +to the MAJOR.MINOR.PATCH format. + +Introduction +------------ + +In the world of software management there exists a dreaded place called +"dependency hell." The bigger your system grows and the more packages you +integrate into your software, the more likely you are to find yourself, one +day, in this pit of despair. + +In systems with many dependencies, releasing new package versions can quickly +become a nightmare. If the dependency specifications are too tight, you are in +danger of version lock (the inability to upgrade a package without having to +release new versions of every dependent package). If dependencies are +specified too loosely, you will inevitably be bitten by version promiscuity +(assuming compatibility with more future versions than is reasonable). +Dependency hell is where you are when version lock and/or version promiscuity +prevent you from easily and safely moving your project forward. + +As a solution to this problem, we propose a simple set of rules and +requirements that dictate how version numbers are assigned and incremented. +These rules are based on but not necessarily limited to pre-existing +widespread common practices in use in both closed and open-source software. +For this system to work, you first need to declare a public API. This may +consist of documentation or be enforced by the code itself. Regardless, it is +important that this API be clear and precise. Once you identify your public +API, you communicate changes to it with specific increments to your version +number. Consider a version format of X.Y.Z (Major.Minor.Patch). Bug fixes not +affecting the API increment the patch version, backwards compatible API +additions/changes increment the minor version, and backwards incompatible API +changes increment the major version. + +We call this system "Semantic Versioning." Under this scheme, version numbers +and the way they change convey meaning about the underlying code and what has +been modified from one version to the next. + +Semantic Versioning Specification (SemVer) +------------------------------------------ + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", +"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be +interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +1. Software using Semantic Versioning MUST declare a public API. This API +could be declared in the code itself or exist strictly in documentation. +However it is done, it SHOULD be precise and comprehensive. + +1. A normal version number MUST take the form X.Y.Z where X, Y, and Z are +non-negative integers, and MUST NOT contain leading zeroes. X is the +major version, Y is the minor version, and Z is the patch version. +Each element MUST increase numerically. For instance: 1.9.0 -> 1.10.0 -> 1.11.0. + +1. Once a versioned package has been released, the contents of that version +MUST NOT be modified. Any modifications MUST be released as a new version. + +1. Major version zero (0.y.z) is for initial development. Anything MAY change +at any time. The public API SHOULD NOT be considered stable. + +1. Version 1.0.0 defines the public API. The way in which the version number +is incremented after this release is dependent on this public API and how it +changes. + +1. Patch version Z (x.y.Z | x > 0) MUST be incremented if only backwards +compatible bug fixes are introduced. A bug fix is defined as an internal +change that fixes incorrect behavior. + +1. Minor version Y (x.Y.z | x > 0) MUST be incremented if new, backwards +compatible functionality is introduced to the public API. It MUST be +incremented if any public API functionality is marked as deprecated. It MAY be +incremented if substantial new functionality or improvements are introduced +within the private code. It MAY include patch level changes. Patch version +MUST be reset to 0 when minor version is incremented. + +1. Major version X (X.y.z | X > 0) MUST be incremented if any backwards +incompatible changes are introduced to the public API. It MAY also include minor +and patch level changes. Patch and minor versions MUST be reset to 0 when major +version is incremented. + +1. A pre-release version MAY be denoted by appending a hyphen and a +series of dot separated identifiers immediately following the patch +version. Identifiers MUST comprise only ASCII alphanumerics and hyphens +[0-9A-Za-z-]. Identifiers MUST NOT be empty. Numeric identifiers MUST +NOT include leading zeroes. Pre-release versions have a lower +precedence than the associated normal version. A pre-release version +indicates that the version is unstable and might not satisfy the +intended compatibility requirements as denoted by its associated +normal version. Examples: 1.0.0-alpha, 1.0.0-alpha.1, 1.0.0-0.3.7, +1.0.0-x.7.z.92, 1.0.0-x-y-z.--. + +1. Build metadata MAY be denoted by appending a plus sign and a series of dot +separated identifiers immediately following the patch or pre-release version. +Identifiers MUST comprise only ASCII alphanumerics and hyphens [0-9A-Za-z-]. +Identifiers MUST NOT be empty. Build metadata MUST be ignored when determining +version precedence. Thus two versions that differ only in the build metadata, +have the same precedence. Examples: 1.0.0-alpha+001, 1.0.0+20130313144700, +1.0.0-beta+exp.sha.5114f85, 1.0.0+21AF26D3----117B344092BD. + +1. Precedence refers to how versions are compared to each other when ordered. + + 1. Precedence MUST be calculated by separating the version into major, + minor, patch and pre-release identifiers in that order (Build metadata + does not figure into precedence). + + 1. Precedence is determined by the first difference when comparing each of + these identifiers from left to right as follows: Major, minor, and patch + versions are always compared numerically. + + Example: 1.0.0 < 2.0.0 < 2.1.0 < 2.1.1. + + 1. When major, minor, and patch are equal, a pre-release version has lower + precedence than a normal version: + + Example: 1.0.0-alpha < 1.0.0. + + 1. Precedence for two pre-release versions with the same major, minor, and + patch version MUST be determined by comparing each dot separated identifier + from left to right until a difference is found as follows: + + 1. Identifiers consisting of only digits are compared numerically. + + 1. Identifiers with letters or hyphens are compared lexically in ASCII + sort order. + + 1. Numeric identifiers always have lower precedence than non-numeric + identifiers. + + 1. A larger set of pre-release fields has a higher precedence than a + smaller set, if all of the preceding identifiers are equal. + + Example: 1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < + 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0. + +Backus–Naur Form Grammar for Valid SemVer Versions +-------------------------------------------------- +``` + ::= + | "-" + | "+" + | "-" "+" + + ::= "." "." + + ::= + + ::= + + ::= + + ::= + + ::= + | "." + + ::= + + ::= + | "." + + ::= + | + + ::= + | + + ::= + | + | + | + + ::= "0" + | + | + + ::= + | + + ::= + | + + ::= + | "-" + + ::= + | + + ::= "0" + | + + ::= "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" + + ::= "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "J" + | "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" | "S" | "T" + | "U" | "V" | "W" | "X" | "Y" | "Z" | "a" | "b" | "c" | "d" + | "e" | "f" | "g" | "h" | "i" | "j" | "k" | "l" | "m" | "n" + | "o" | "p" | "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" + | "y" | "z" +``` + +Why Use Semantic Versioning? +---------------------------- + +This is not a new or revolutionary idea. In fact, you probably do something +close to this already. The problem is that "close" isn't good enough. Without +compliance to some sort of formal specification, version numbers are +essentially useless for dependency management. By giving a name and clear +definition to the above ideas, it becomes easy to communicate your intentions +to the users of your software. Once these intentions are clear, flexible (but +not too flexible) dependency specifications can finally be made. + +A simple example will demonstrate how Semantic Versioning can make dependency +hell a thing of the past. Consider a library called "Firetruck." It requires a +Semantically Versioned package named "Ladder." At the time that Firetruck is +created, Ladder is at version 3.1.0. Since Firetruck uses some functionality +that was first introduced in 3.1.0, you can safely specify the Ladder +dependency as greater than or equal to 3.1.0 but less than 4.0.0. Now, when +Ladder version 3.1.1 and 3.2.0 become available, you can release them to your +package management system and know that they will be compatible with existing +dependent software. + +As a responsible developer you will, of course, want to verify that any +package upgrades function as advertised. The real world is a messy place; +there's nothing we can do about that but be vigilant. What you can do is let +Semantic Versioning provide you with a sane way to release and upgrade +packages without having to roll new versions of dependent packages, saving you +time and hassle. + +If all of this sounds desirable, all you need to do to start using Semantic +Versioning is to declare that you are doing so and then follow the rules. Link +to this website from your README so others know the rules and can benefit from +them. + +FAQ +--- + +### How should I deal with revisions in the 0.y.z initial development phase? + +The simplest thing to do is start your initial development release at 0.1.0 +and then increment the minor version for each subsequent release. + +### How do I know when to release 1.0.0? + +If your software is being used in production, it should probably already be +1.0.0. If you have a stable API on which users have come to depend, you should +be 1.0.0. If you're worrying a lot about backwards compatibility, you should +probably already be 1.0.0. + +### Doesn't this discourage rapid development and fast iteration? + +Major version zero is all about rapid development. If you're changing the API +every day you should either still be in version 0.y.z or on a separate +development branch working on the next major version. + +### If even the tiniest backwards incompatible changes to the public API require a major version bump, won't I end up at version 42.0.0 very rapidly? + +This is a question of responsible development and foresight. Incompatible +changes should not be introduced lightly to software that has a lot of +dependent code. The cost that must be incurred to upgrade can be significant. +Having to bump major versions to release incompatible changes means you'll +think through the impact of your changes, and evaluate the cost/benefit ratio +involved. + +### Documenting the entire public API is too much work! + +It is your responsibility as a professional developer to properly document +software that is intended for use by others. Managing software complexity is a +hugely important part of keeping a project efficient, and that's hard to do if +nobody knows how to use your software, or what methods are safe to call. In +the long run, Semantic Versioning, and the insistence on a well defined public +API can keep everyone and everything running smoothly. + +### What do I do if I accidentally release a backwards incompatible change as a minor version? + +As soon as you realize that you've broken the Semantic Versioning spec, fix +the problem and release a new minor version that corrects the problem and +restores backwards compatibility. Even under this circumstance, it is +unacceptable to modify versioned releases. If it's appropriate, +document the offending version and inform your users of the problem so that +they are aware of the offending version. + +### What should I do if I update my own dependencies without changing the public API? + +That would be considered compatible since it does not affect the public API. +Software that explicitly depends on the same dependencies as your package +should have their own dependency specifications and the author will notice any +conflicts. Determining whether the change is a patch level or minor level +modification depends on whether you updated your dependencies in order to fix +a bug or introduce new functionality. We would usually expect additional code +for the latter instance, in which case it's obviously a minor level increment. + +### What if I inadvertently alter the public API in a way that is not compliant with the version number change (i.e. the code incorrectly introduces a major breaking change in a patch release)? + +Use your best judgment. If you have a huge audience that will be drastically +impacted by changing the behavior back to what the public API intended, then +it may be best to perform a major version release, even though the fix could +strictly be considered a patch release. Remember, Semantic Versioning is all +about conveying meaning by how the version number changes. If these changes +are important to your users, use the version number to inform them. + +### How should I handle deprecating functionality? + +Deprecating existing functionality is a normal part of software development and +is often required to make forward progress. When you deprecate part of your +public API, you should do two things: (1) update your documentation to let +users know about the change, (2) issue a new minor release with the deprecation +in place. Before you completely remove the functionality in a new major release +there should be at least one minor release that contains the deprecation so +that users can smoothly transition to the new API. + +### Does SemVer have a size limit on the version string? + +No, but use good judgment. A 255 character version string is probably overkill, +for example. Also, specific systems may impose their own limits on the size of +the string. + +### Is "v1.2.3" a semantic version? + +No, "v1.2.3" is not a semantic version. However, prefixing a semantic version +with a "v" is a common way (in English) to indicate it is a version number. +Abbreviating "version" as "v" is often seen with version control. Example: +`git tag v1.2.3 -m "Release version 1.2.3"`, in which case "v1.2.3" is a tag +name and the semantic version is "1.2.3". + +### Is there a suggested regular expression (RegEx) to check a SemVer string? + +There are two. One with named groups for those systems that support them +(PCRE [Perl Compatible Regular Expressions, i.e. Perl, PHP and R], Python +and Go). + +See: + +``` +^(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)(?:-(?P(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ +``` + +And one with numbered capture groups instead (so cg1 = major, cg2 = minor, +cg3 = patch, cg4 = prerelease and cg5 = buildmetadata) that is compatible +with ECMA Script (JavaScript), PCRE (Perl Compatible Regular Expressions, +i.e. Perl, PHP and R), Python and Go. + +See: + +``` +^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ +``` + +About +----- + +The Semantic Versioning specification was originally authored by [Tom +Preston-Werner](https://tom.preston-werner.com), inventor of Gravatar and +cofounder of GitHub. + +If you'd like to leave feedback, please [open an issue on +GitHub](https://github.com/semver/semver/issues). + +License +------- + +[Creative Commons ― CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)