enhance(LargeSmtForest tests): expand LargeSmtForest property test coverage

[AlexWaker]

This PR expands the property-based test coverage for LargeSmtForest.

Previously, the forest-level property tests were mostly limited to entries(). This change adds a broader set of reference-model-driven property tests covering core query, mutation, metadata, constructor, and truncation behavior.

The new tests now exercise:

• query consistency for get(), entries(), and entry_count()
• selected open() consistency checks against a reference Smt
• metadata consistency for latest_version(), latest_root(), lineage_roots(), roots(), and root_info()
• mutation behavior for add_lineage(), update_tree(), and update_forest()
• failure semantics, including duplicate lineages, bad version transitions, and invalid forest batches
• constructor behavior when initializing a forest from a pre-populated backend
• retention and visibility semantics for with_config() and truncate()

In addition, the property test helpers and generators were refactored to make the coverage easier to extend and maintain.

Closes #879.

[huitseeker]

Could we also assert metadata is unchanged after this error path? Right now we re-check entries and queries, but a partial apply bug could still move latest_version or create a new root_info at version + 2 and this test would still pass.

[AlexWaker]

I understand. I'll fix it as soon as possible

[huitseeker]

Would it be safer to assert the error variant instead of exact to_string() text? Matching full message strings can make this test fail on wording-only changes.

[AlexWaker]

Resolved the merge conflict by aligning property_tests.rs with the upstream API changes, including the new fallible entries() usage.

Also addressed the two review comments:

• replaced string-based error assertions with matching on concrete error variants
• added post-error metadata checks to ensure failed updates do not change lineage/tree metadata or create new root_info entries

Finally, ran formatting checks and applied rustfmt fixes (cargo +nightly fmt --all and cargo +nightly fmt --all --check).

[AlexWaker]

Would this PR need a changelog entry?

My understanding is that it probably does not, since this change only expands internal test coverage and adapts the tests to upstream API changes, without introducing any user-facing behavior change or public API change. From the current CHANGELOG.md, it also seems like entries are generally reserved for externally visible features, fixes, and breaking changes.

That said, if you would still prefer one to be added, I can update the changelog right away.

[huitseeker]

This is shaping up nicely! See comments inline.

[huitseeker]

This helper skips open() on the historical tree by passing false here. Can we also property-test historical open() against the reference Smt? That feels like the trickiest query path in LargeSmtForest, and right now it still looks like it only has the hand-written unit test coverage in tests.rs.

[iamrecursion]

Yeah this should 100% test historical openings as well.

[huitseeker]

I don't see any behavioral fixes in this PR. We usually only keep regression seeds like this when they allowed us to identify an interesting failure, which required fixing. This seems like it was just a development artifact and so does not need keeping.

[iamrecursion]

Looks reasonable in general! I've left a few comments in-line.

One thing I would love to see for every single potential modification is that we assert complete correctness with regards to the state change. Some of these—like the one @huitseeker commented on—do not assert the complete soundness of all propertiess should a bug arise.

Perhaps this is out of scope for this PR, but I would also be interested in expanding the FallibleEntriesBackend to be a more general mechanism for testing state coherence in the face of a number of different kinds of failure. @huitseeker, thoughts?

[iamrecursion]

All of these helpers should be moved to large_forest::test_utils like the other strategies are. I would also expect them to have doc comments, as that is the first line of understanding for someone reading the property test after a failure.

[iamrecursion]

This should call batch.consume().into_iter() instead. That guarantees the correct deduplication behaviouor.

[iamrecursion]

Realistically, this and all subsequent cases that take a forest should be parametric in the backend. While we currently only do these with the in-memory backend, there is no reason that has to remain the case forever.

[iamrecursion]

What is the purpose of sorting them? Does the default derived Ord implementation order them correctly?

[iamrecursion]

In general, please reorder these property tests to match the method order in the large forest itself. It makes for easier code navigation.

[iamrecursion]

Yeah this should 100% test historical openings as well.