Conversation
…in Meta::from_iter (#2870) Co-authored-by: crazywriter1 <crazywriter1@users.noreply.github.com> Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
chore(processor): remove `NodeEndFlags` from `NodeEndData`
…gelog duplication
Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
…ation in define_enum (#2887) * fix(assembly-syntax): validate C-like enums by removing early return in define_enum * chore: add changelog entry for C-like enum fix --------- Co-authored-by: crazywriter1 <crazywriter1@users.noreply.github.com> Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
…check fix(assembly): correct cycle detection in toposort_caller
… (#2908) The change in #2893 incorrectly used InvokeKind::ProcRef. The original InvokeKind::Exec was intentional: a procref instruction captures a procedure reference for later invocation, and we must pessimistically assume it will be invoked. Exec is the most general invocation kind and the linker needs this signal to correctly track dependencies. Added an explanatory comment so this does not get changed again. Reported by @bitwalker, confirmed by @bobbinth. Co-authored-by: amathxbt <amathxbt@users.noreply.github.com>
…ibility (#2865) * refactor: make processor and prover sync-first APIs * feat: add async compatibility wrappers for execute and prove * test: use portable StackInputs construction in async compat tests * chore: Changelog * fix: restore no-std build and update README API examples * docs: add two-step trace doctests and top-level exports * vm: restore async host execution path * api: revert rename-only churn * processor: factor sync and async flow helpers * docs: trim doctest noise and fix sync examples * chore: edit CHANGELOG * prover: add prove-from-trace sync API * processor: split shared host surface from sync IO * processor: remove redundant host adapter * Move fast execution code into execution_api.rs * Harden trace input bundling * Preserve trace API compatibility * Restore trace input constructor compatibility * Guard compatibility constructor * Record executed program info in traces * Protect trace build inputs * Reject unbound trace input adapters * Bind compatibility trace inputs to execution context * Bind trace input adapters to execution outputs * Bind trace input adapters to advice state * Make advice fingerprints stable across runs * Remove execute_sync_mut * Remove execute_for_trace wrappers * Return execution output from execute wrappers * answer review comments * Polish docs and mark advice fingerprint must-use
* fix(processor): op_u32assert2 no longer ignores the err_code parameter * fix(processor): use err_code in op_u32assert2 instead of discarding it Fixes #2844 Previously op_u32assert2 accepted _err_code but never used it, causing the user-supplied error message/code to be silently ignored when the assertion fails. This matches the behavior of op_assert which properly returns FailedAssertion{err_code, err_msg}. * fix(processor): pass program to op_u32assert2 for error message resolution Updates the call site to forward current_forest so that op_u32assert2 can resolve the human-readable error message from the err_code. * fix(processor): correct MastForest import path in op_u32assert2 Use `crate::mast::MastForest` (re-exported from miden_core) rather than the full external path `miden_core::mast::MastForest`. Also adds the import to the `use crate` block so the code compiles correctly. * fix: resolve rustfmt and clippy CI failures * fix: add missing MastForest argument in op_u32assert2 tests * fix: rustfmt formatting * fix: return NotU32Values for out-of-bounds, FailedAssertion for err_code * fix: err_code propagation in op_u32assert2 — only fail on invalid u32 The previous attempt incorrectly returned FailedAssertion whenever err_code != 0, even when both stack values were valid u32s. This broke every stdlib call-site that passes a non-zero err_code (e.g. SMT/sorted-array operations), causing unrelated test failures. Correct logic: only return FailedAssertion (with the err_code) when at least one value exceeds U32_MAX; succeed normally otherwise. Also adds two targeted regression tests: - err_code is propagated into FailedAssertion on invalid input - valid u32 inputs succeed even when err_code != 0 * fix(processor): return NotU32Values when err_code=0, FailedAssertion when err_code!=0 When op_u32assert2 receives invalid u32 values: - err_code == 0 -> NotU32Values { values } (historical default, used by u32assert / u32assertw / u32not which internally lower to U32assert2(ZERO)) - err_code != 0 -> FailedAssertion { err_code, err_msg } (propagate the caller-supplied error code so diagnostics can identify the assertion) The previous fix always returned FailedAssertion { err_code: 0 } which broke the four integration tests that call u32assert / u32assertw / u32not with out-of-range values and expect NotU32Values. Updated unit tests to verify both branches explicitly. * style: fix nightly rustfmt formatting in tests.rs * feat(processor): add U32AssertionFailed error variant with invalid value context Addresses bobbinth's review comment on PR #2894. Introduces a dedicated OperationError::U32AssertionFailed variant that carries both the custom err_code/err_msg AND the actual out-of-bounds Felt values that triggered the assertion failure in op_u32assert2. This gives callers richer diagnostic context compared to the existing FailedAssertion (which has no value info) or NotU32Values (which has no err_code). * refactor(processor): use U32AssertionFailed in op_u32assert2 for richer diagnostics When err_code != 0 and values are out of u32 range, return the new U32AssertionFailed variant (instead of FailedAssertion) so the caller receives both the custom error code/message AND the offending values. Zero err_code path is unchanged (NotU32Values) for backward compatibility. * test(processor): update u32assert2 tests for U32AssertionFailed + add assembled-program test Two changes addressing reviewer feedback on PR #2894: 1. Updated unit tests that previously checked OperationError::FailedAssertion to now check OperationError::U32AssertionFailed with the new field — confirms both err_code and offending value(s) are present. 2. Added (addresses huitseeker's review request): assembles a MASM program containing , runs it through FastProcessor::execute_sync, and asserts that the resolved error message from the MastForest appears in the resulting U32AssertionFailed error — verifying the end-to-end execute_op plumbing and message lookup. * style: fix rustfmt - collapse short assert! to single line in assembled test * test(processor): add wrapper-level assembled tests for u32assert.err and u32assertw.err Addresses huitseeker's review request (PR #2894, review 4022230272): "wrapper-level coverage for u32assert.err / u32assertw.err would still be worth adding." Added two new assembled-program integration tests that mirror the existing test_op_u32assert2_assembled_err_msg_lookup pattern: - test_u32assert_err_wrapper_assembled: Assembles 'push.4294967296 u32assert.err="value must fit in u32"', which lowers to [Pad, U32assert2(err_code), Drop]. Verifies that U32AssertionFailed is returned with err_msg resolved from the MastForest and at least one invalid_value. - test_u32assertw_err_wrapper_assembled: Assembles a word with one out-of-range element and 'u32assertw.err="word contains non-u32 element"', which lowers to two U32assert2(err_code) ops. Verifies the same end-to-end message lookup through execute_sync. * style: fix rustfmt - inline short assemble_program call in wrapper tests --------- Co-authored-by: amathxbt <amathxbt@users.noreply.github.com>
Checks each commit in a PR via the GitHub API for signature verification. Fails the check and posts a remediation comment when unsigned commits are found.
* fix: reject non-syscall references to exported kernel procedures Kernel procedures should only be accessible via syscall. The linker was accepting exec, call, and procref targeting kernel exports. Added a check in Linker::resolve_invoke_target to reject non-syscall invocations that resolve to a kernel procedure, while still allowing kernel-internal calls. Added regression test. Closes #2902 * fix: reject kernel proc digests on dynexec/dyncall path Added best-effort static check that detects when the last pushed word in a basic block matches a kernel procedure digest before dynexec/dyncall. Replaced single exec test with comprehensive test covering all five non-syscall routes (exec, call, procref, dynexec, dyncall). Addresses review feedback on #2903. * fix: use pub(crate) helper for kernel digest check, fix no-std and nightly fmt * refactor: drop dynexec/dyncall static kernel check per maintainer review Removes assembly-time heuristic for dynamic invokes; keeps Linker::resolve_invoke_target guard for exec/call/procref. Narrows regression test accordingly. Addresses review feedback on #2903. * fix(assembly): enforce syscall-only kernel exports in SymbolResolver - Move KernelProcNotSyscall guard to SymbolResolver; skip MastRoot/digest invokes; kernel_index + ModuleKind for target/caller - Thin Linker::resolve_invoke_target wrapper - processor: cfg_attr(test) allow needless_range_loop; drop stale clippy expects in trace tests --------- Co-authored-by: crazywriter1 <crazywriter1@users.noreply.github.com> Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
Add a note to the enum types section clarifying that enum variants are expanded into module-level constants, and therefore variant names must be unique across all enums and constants within the same module. Closes #2816 Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com>
* refactor: use RowMajorTraceWriter for core trace generation * refactor: remove core trace transpose and use hybrid MainTrace storage * refactor: use row-major MainTrace directly in aux trace builder * perf: optimize row-major trace accessors and conversions * perf: transpose chiplets to row-major and store them separately * perf: parallelize to_row_major * perf: use transposed storage for aux trace builder * perf: make Aux column building parallel * chore: update CHANGELOG * perf: make MainTrace::get safe without hidden bounds checks (#2938) Replace the flat Parts backing with typed row storage so MainTrace::get() stays fully safe while avoiding compiler-inserted bounds checks on the hot path. Preserve the existing debug layout with borrowing formatters and keep it pinned with a regression test. * perf: binary search on last row --------- Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
* revert: back out MainTrace typed row storage perf regression * fix: restore MainTrace bounds and shape validation Restore release-time validation in MainTrace::from_parts() and checked access in MainTrace::get() after the typed row storage revert. This keeps the performance fix while preserving normal panic semantics for malformed trace layouts and out-of-bounds access. * chore: Changelog * style: use range checker width constants in MainTrace
Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
GitHub did not report trusted authors in a stable way on pull requests. Some Miden team members showed up as CONTRIBUTORS, so role checks could not tell team PRs from outside PRs. That pushed the workflow to skip too much.\n\nThis change uses the author's repo permission instead. The workflow now skips only authors with admin, maintain, or write access.
…nel gh-pages push (#2916) The repo had two different ideas of how GitHub Pages was being published. The rustdoc job was updating a gh-pages branch, while the repo also had a Pages workflow that deployed a separate site artifact. That split makes /docs easy to populate in the branch while the live site continues serving something else entirely. This change makes docs.yml build the complete Pages payload itself: the root page redirects to docs.miden.xyz/miden-vm/ and the generated rustdoc is placed at /docs/. It also removes the older manual redirect-only workflow so there is a single authoritative publisher for the Pages site. Operationally, this only works as intended when the repository Pages source is configured to use GitHub Actions rather than Deploy from a branch. Once that setting is aligned, the workflow output and the public site should finally match.
…EAD procedures (#2835) (#2941) Add doc comments warning that source and destination memory ranges must not overlap for memcopy_words, memcopy_elements, encrypt, and decrypt. Add runtime overlap assertions to all four procedures that panic with a clear error message when ranges overlap. Add unhappy-path tests verifying the overlap guards reject overlapping ranges for all four procedures. Update auto-generated docs (mem.md, crypto/aead.md). Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
* Use precompile request digest in trace binding * Refactor trace inputs for prove-from-trace * Strengthen prove-from-trace integration coverage * Tighten trace proving helper APIs * chore: Changelog * Document trace build inputs test helpers * Follow trace replay review feedback * Add recursive precompile verifier coverage
…ations (#2939) Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
* perf: make get_divisors return a fixed size Vec * chore: update CHANGELOG.md --------- Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
Update MAST package structure for project assembly
processor: expose advice, memory and transcript
feat: implement project assembly
Keep runtime dependencies from preassembled packages in dependency resolution. Programs that declare a kernel now require the matching kernel package when they are rebuilt. The resolver prefers the stored kernel, falls back to a matching embedded kernel, and rejects bad or conflicting embedded kernel metadata.
This reverts commit b40e5e9.
Preassembled packages still need their runtime dependencies during resolution. Programs that need a kernel now fail when that kernel cannot be resolved, instead of silently falling back to embedded metadata during dependency selection.
Replace unsafe ptr::read with safe *err unbox in the downcast::<std::io::Error>() arm of catch_unwind panic recovery. The ptr::read performed a bitwise copy out of the Box while the Box was still dropped at end of scope, causing potential UB via double-drop. This patch removes the unsafe block entirely. Closes #2814 Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
Contributor
Author
|
I merged the #2950 (I did a merge commit rather than a squash commit), but it seems like we still have merge conflicts. cc @huitseeker |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a tracking PR for v0.23.0 release