feat(SmtForest): Make the entries iterator fallible

This changes `LargeSmtForest::entries` to return an iterator over items
that are `Result<TreeEntry>` instead of bare `TreeEntry`, ensuring that
the potential failure of iteration in the backend is communicated
clearly to the caller performing the iteration.

We also add benchmarks to the iteration in order to confirm that the
changes incur no performance impact.

Author: iamrecursion

CHANGELOG.md

@@ -26,6 +26,7 @@
 - [BREAKING] Removed `RpoRandomCoin` and `RpxRandomCoin` and introduced a Poseidon2-based `RandomCoin` ([#871](https://github.com/0xMiden/crypto/pull/871)).
 - Harden MerkleStore deserialization and fuzz coverage ([#878](https://github.com/0xMiden/crypto/pull/878)).
 - [BREAKING] Upgraded Plonky3 from 0.4.2 to 0.5.0 and replaced `p3-miden-air`, `p3-miden-fri`, and `p3-miden-prover` with the unified `p3-miden-lifted-stark` crate. The `stark` module now re-exports the Lifted STARK proving system from [p3-miden](https://github.com/0xMiden/p3-miden).
+- [BREAKING] Changed the `LargeSmtForest::entries` iterator to be fallible by explicitly returning `Result<TreeEntry>` as the iterator item.
 
 ## 0.22.4 (2026-03-03)
 

miden-crypto/benches/large_smt_forest.rs

@@ -134,6 +134,56 @@ benchmark_with_setup_data! {
     },
 }
 
+// Measures iteration over the latest version of a tree (the WithoutHistory fast path).
+benchmark_with_setup_data! {
+    large_smt_forest_persistent_entries_current_tree,
+    DEFAULT_MEASUREMENT_TIME,
+    DEFAULT_SAMPLE_SIZE,
+    "large_smt_forest_persistent_entries_current_tree",
+    || {
+        let mut setup = ForestSetup::new_persistent();
+        let batch = generate_tree_update_batch(BATCH_SIZE);
+        let lineage = LineageId::new([0x42; 32]);
+        let version = 0;
+        setup.forest.add_lineage(lineage, version, batch).unwrap();
+        let tree = TreeId::new(lineage, version);
+        (setup, tree)
+    },
+    |b: &mut criterion::Bencher, (setup, tree): &(ForestSetup<_>, TreeId)| {
+        b.iter(|| {
+            hint::black_box(
+                setup.forest.entries(*tree).unwrap().map(|e| e.unwrap()).collect::<Vec<_>>()
+            );
+        })
+    }
+}
+
+// Measures iteration over a historical version of a tree (the WithHistory state machine path).
+benchmark_with_setup_data! {
+    large_smt_forest_persistent_entries_historical_tree,
+    DEFAULT_MEASUREMENT_TIME,
+    DEFAULT_SAMPLE_SIZE,
+    "large_smt_forest_persistent_entries_historical_tree",
+    || {
+        let mut setup = ForestSetup::new_persistent();
+        let initial_batch = generate_tree_update_batch(BATCH_SIZE);
+        let lineage = LineageId::new([0x42; 32]);
+        let version = 0;
+        setup.forest.add_lineage(lineage, version, initial_batch).unwrap();
+        let update_batch = generate_tree_update_batch(BATCH_SIZE);
+        setup.forest.update_tree(lineage, version + 1, update_batch).unwrap();
+        let tree = TreeId::new(lineage, version);
+        (setup, tree)
+    },
+    |b: &mut criterion::Bencher, (setup, tree): &(ForestSetup<_>, TreeId)| {
+        b.iter(|| {
+            hint::black_box(
+                setup.forest.entries(*tree).unwrap().map(|e| e.unwrap()).collect::<Vec<_>>()
+            );
+        })
+    },
+}
+
 // Roughly equivalent to large_smt::large_smt_insert_batch_to_empty_tree in functionality.
 benchmark_batch! {
     large_smt_forest_persistent_add_lineage,
@@ -220,6 +270,8 @@ criterion_group!(
     large_smt_forest_persistent_group,
     large_smt_forest_persistent_open_full_tree,
     large_smt_forest_persistent_open_historical_tree,
+    large_smt_forest_persistent_entries_current_tree,
+    large_smt_forest_persistent_entries_historical_tree,
     large_smt_forest_persistent_add_lineage,
     large_smt_forest_persistent_update_tree,
     large_smt_forest_persistent_update_forest,

miden-crypto/src/merkle/smt/large_forest/backend/memory/mod.rs

@@ -113,9 +113,9 @@ impl Backend for InMemoryBackend {
     ///
     /// - [`BackendError::UnknownLineage`] if the provided `lineage` is one not known by this
     ///   backend.
-    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = TreeEntry>> {
+    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = Result<TreeEntry>>> {
         let tree = self.trees.get(&lineage).ok_or(BackendError::UnknownLineage(lineage))?;
-        Ok(tree.tree.entries().map(|(k, v)| TreeEntry { key: *k, value: *v }))
+        Ok(tree.tree.entries().map(|(k, v)| Ok(TreeEntry { key: *k, value: *v })))
     }
 
     /// Adds the provided `lineage` to the forest.

miden-crypto/src/merkle/smt/large_forest/backend/memory/property_tests.rs

@@ -226,7 +226,10 @@ proptest! {
         let backend_entries = backend
             .entries(target_lineage)
             .map_err(to_fail)?
-            .map(|e| (e.key, e.value))
+            .map(|e| e.map(|e| (e.key, e.value)))
+            .collect::<Result<Vec<_>, _>>()
+            .map_err(to_fail)?
+            .into_iter()
             .sorted()
             .collect_vec();
         let tree_entries = tree.entries().copied().sorted().collect_vec();

miden-crypto/src/merkle/smt/large_forest/backend/memory/tests.rs

@@ -5,6 +5,8 @@
 //! existing [`Smt`] implementation, comparing the results of the in-memory backend against it
 //! wherever relevant.
 
+use alloc::vec::Vec;
+
 use assert_matches::assert_matches;
 use itertools::Itertools;
 
@@ -385,22 +387,11 @@ fn entries() -> Result<()> {
     backend.update_tree(lineage_1, version, operations)?;
 
     // Now, the iterator should yield the expected three items.
-    assert_eq!(backend.entries(lineage_1)?.count(), 3);
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_1, value: value_1_1 }),
-    );
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_2, value: value_1_2 }),
-    );
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_3, value: value_1_3 }),
-    );
+    let entries = backend.entries(lineage_1)?.collect::<Result<Vec<_>>>()?;
+    assert_eq!(entries.len(), 3);
+    assert!(entries.contains(&TreeEntry { key: key_1_1, value: value_1_1 }));
+    assert!(entries.contains(&TreeEntry { key: key_1_2, value: value_1_2 }));
+    assert!(entries.contains(&TreeEntry { key: key_1_3, value: value_1_3 }));
 
     Ok(())
 }

miden-crypto/src/merkle/smt/large_forest/backend/mod.rs

@@ -121,7 +121,17 @@ where
     ///
     /// The iterator may yield entries in any arbitrary order, but must not yield entries for which
     /// the value is the empty word.
-    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = TreeEntry>>;
+    ///
+    /// # Expected Behavior
+    ///
+    /// Implementations must guarantee the following behavior in addition to the global invariants:
+    ///
+    /// - If any kind of error occurs during iteration that should be signaled to the user, the
+    ///   iterator must return `Some(Err(...))`. The caller should stop iteration after receiving an
+    ///   error as the iterator state is no longer valid.
+    /// - `None` will be returned upon successful completion, or at any time after an error has been
+    ///   returned.
+    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = Result<TreeEntry>>>;
 
     // SINGLE-TREE MODIFIERS
     // ============================================================================================

miden-crypto/src/merkle/smt/large_forest/backend/persistent/iterator.rs

@@ -39,7 +39,7 @@ impl<'db> PersistentBackendEntriesIterator<'db> {
     /// Constructs a new such iterator in the starting state.
     ///
     /// The provided `iterator` must yield items where the key decodes to a `LeafKey` and the value
-    /// decodes to an `SmtLeaf`. If this is not the case, iteration will panic.
+    /// decodes to an `SmtLeaf`. If this is not the case, iteration will yield an error.
     ///
     /// For performance, this iterator should be passed a prefix iterator over the database with the
     /// correct prefix (corresponding to the provided `lineage`) set, but it will still function
@@ -61,26 +61,38 @@ enum PersistentBackendEntriesIteratorState {
         /// The iterator over the current leaf's entries.
         leaf_entries: Box<dyn Iterator<Item = (Word, Word)>>,
     },
+
+    /// The iterator has encountered an error and will yield no further items.
+    Faulted,
 }
 
 impl<'db> Iterator for PersistentBackendEntriesIterator<'db> {
-    type Item = TreeEntry;
+    type Item = super::Result<TreeEntry>;
 
     /// Advances the iterator and returns the next item if present.
-    ///
-    /// # Panics
-    ///
-    /// - If unable to read from the underlying database.
     fn next(&mut self) -> Option<Self::Item> {
         loop {
             match &mut self.state {
+                PersistentBackendEntriesIteratorState::Faulted => return None,
                 PersistentBackendEntriesIteratorState::NotInLeaf => {
                     // Here we are not in a leaf of the targeted tree, so we have to see if we _can_
                     // be.
                     if let Some(entry) = self.iterator.next() {
-                        let (key_bytes, value_bytes) = entry.expect("Able to read from the DB");
-                        let key = LeafKey::read_from_bytes(&key_bytes)
-                            .expect("Leaf key data read from disk is not corrupt");
+                        let (key_bytes, value_bytes) = match entry {
+                            Ok((key_bytes, value_bytes)) => (key_bytes, value_bytes),
+                            Err(e) => {
+                                self.state = PersistentBackendEntriesIteratorState::Faulted;
+                                return Some(Err(e.into()));
+                            },
+                        };
+
+                        let key = match LeafKey::read_from_bytes(&key_bytes) {
+                            Ok(key) => key,
+                            Err(e) => {
+                                self.state = PersistentBackendEntriesIteratorState::Faulted;
+                                return Some(Err(e.into()));
+                            },
+                        };
 
                         // If the key isn't for the correct lineage (which can happen even with the
                         // bloom filter), we need to advance by returning to the loop.
@@ -90,8 +102,13 @@ impl<'db> Iterator for PersistentBackendEntriesIterator<'db> {
 
                         // If the key is valid, we need to read out the leaf itself and then start
                         // iterating over that.
-                        let leaf = SmtLeaf::read_from_bytes(&value_bytes)
-                            .expect("Leaf data read from disk is not corrupt");
+                        let leaf = match SmtLeaf::read_from_bytes(&value_bytes) {
+                            Ok(leaf) => leaf,
+                            Err(e) => {
+                                self.state = PersistentBackendEntriesIteratorState::Faulted;
+                                return Some(Err(e.into()));
+                            },
+                        };
                         let mut leaf_entries = leaf.into_entries();
                         leaf_entries.sort_by_key(|(k, _)| *k);
 
@@ -106,7 +123,7 @@ impl<'db> Iterator for PersistentBackendEntriesIterator<'db> {
                 PersistentBackendEntriesIteratorState::InLeaf { leaf_entries } => {
                     if let Some((key, value)) = leaf_entries.next() {
                         // Here we have an entry in the leaf, so we simply need to return it.
-                        return Some(TreeEntry { key, value });
+                        return Some(Ok(TreeEntry { key, value }));
                     } else {
                         // If we've run out of entries in the leaf itself, we need to see if there
                         // is another valid leaf. We do this by changing state and looping to use

miden-crypto/src/merkle/smt/large_forest/backend/persistent/mod.rs

@@ -340,7 +340,7 @@ impl Backend for PersistentBackend {
     ///
     /// - [`BackendError::UnknownLineage`] if the provided `lineage` is not one known by this
     ///   backend.
-    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = TreeEntry>> {
+    fn entries(&self, lineage: LineageId) -> Result<impl Iterator<Item = Result<TreeEntry>>> {
         if !self.lineages.contains_key(&lineage) {
             return Err(BackendError::UnknownLineage(lineage));
         }

miden-crypto/src/merkle/smt/large_forest/backend/persistent/property_tests.rs

@@ -217,7 +217,9 @@ proptest! {
         // And we should have the same number of entries in each.
         let backend_entries = backend
             .entries(target_lineage)?
-            .map(|e| (e.key, e.value))
+            .map(|e| e.map(|e| (e.key, e.value)))
+            .collect::<std::result::Result<Vec<_>, _>>()?
+            .into_iter()
             .sorted()
             .collect_vec();
         let tree_entries = tree.entries().copied().sorted().collect_vec();

miden-crypto/src/merkle/smt/large_forest/backend/persistent/tests.rs

@@ -5,6 +5,8 @@
 //! existing [`Smt`] implementation, comparing the results of the persistent backend against it
 //! wherever relevant.
 
+use alloc::vec::Vec;
+
 use assert_matches::assert_matches;
 use itertools::Itertools;
 use tempfile::{TempDir, tempdir};
@@ -126,15 +128,25 @@ fn load_extant() -> Result<()> {
     assert_eq!(l2_value, Some(t2_value));
 
     // ...and entries.
-    let l1_entries = backend.entries(lineage_1)?.sorted().collect_vec();
+    let l1_entries = backend
+        .entries(lineage_1)?
+        .collect::<std::result::Result<Vec<_>, _>>()?
+        .into_iter()
+        .sorted()
+        .collect_vec();
     let t1_entries = tree_1
         .entries()
         .sorted()
         .map(|(k, v)| TreeEntry { key: *k, value: *v })
         .collect_vec();
     assert_eq!(l1_entries, t1_entries);
 
-    let l2_entries = backend.entries(lineage_2)?.sorted().collect_vec();
+    let l2_entries = backend
+        .entries(lineage_2)?
+        .collect::<std::result::Result<Vec<_>, _>>()?
+        .into_iter()
+        .sorted()
+        .collect_vec();
     let t2_entries = tree_2
         .entries()
         .sorted()
@@ -493,22 +505,11 @@ fn entries() -> Result<()> {
     backend.update_tree(lineage_1, version, operations)?;
 
     // Now, the iterator should yield the expected three items.
-    assert_eq!(backend.entries(lineage_1)?.count(), 3);
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_1, value: value_1_1 }),
-    );
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_2, value: value_1_2 }),
-    );
-    assert!(
-        backend
-            .entries(lineage_1)?
-            .contains(&TreeEntry { key: key_1_3, value: value_1_3 }),
-    );
+    let entries = backend.entries(lineage_1)?.collect::<Result<Vec<_>>>()?;
+    assert_eq!(entries.len(), 3);
+    assert!(entries.contains(&TreeEntry { key: key_1_1, value: value_1_1 }));
+    assert!(entries.contains(&TreeEntry { key: key_1_2, value: value_1_2 }));
+    assert!(entries.contains(&TreeEntry { key: key_1_3, value: value_1_3 }));
 
     Ok(())
 }