Skip to content

fix(ACIR): check vector length is not zero before pop_front#11107

Merged
asterite merged 5 commits intomasterfrom
ab/acir-pop-front-from-empty-slice
Jan 8, 2026
Merged

fix(ACIR): check vector length is not zero before pop_front#11107
asterite merged 5 commits intomasterfrom
ab/acir-pop-front-from-empty-slice

Conversation

@asterite
Copy link
Copy Markdown
Collaborator

@asterite asterite commented Jan 6, 2026
edited
Loading

Description

Problem

Resolves https://github.com/noir-lang/noir/security/advisories/GHSA-h47v-w5hw-q4x3

Summary

Additional Context

User Documentation

Check one:

  • No user documentation needed.
  • Changes in docs/ included in this PR.
  • [For Experimental Features] Changes in docs/ to be submitted in a separate PR.

PR Checklist

  • I have tested the changes locally.
  • I have formatted the changes with Prettier and/or cargo fmt on default settings.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jan 6, 2026
edited
Loading

Changes to circuit sizes

Generated at commit: 26377a028302909774ceb6276e7a95d1d299b363, compared to commit: da063950925eade6172da1ed5910c2ef0a8127ff

🧾 Summary (10% most significant diffs)

Program ACIR opcodes (+/-) % Circuit size (+/-) %
vector_dynamic_index +3 ❌ +0.38% +2 ❌ +0.04%
regression_9593 +2 ❌ +11.11% +1 ❌ +0.04%
Full diff report 👇
Program ACIR opcodes (+/-) % Circuit size (+/-) %
vector_dynamic_index 801 (+3) +0.38% 5,158 (+2) +0.04%
regression_9593 20 (+2) +11.11% 2,836 (+1) +0.04%

github-actions[bot]
github-actions bot reviewed Jan 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Test Suite Duration'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: 3240f52 Previous: 1d4b60b Ratio
test_report_zkpassport_noir-ecdsa_ 2 s 1 s 2

This comment was automatically generated by workflow using github-action-benchmark.

CC: @TomAFrench

github-actions[bot]
github-actions bot reviewed Jan 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Execution Time'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: da67f30 Previous: 79e93d8 Ratio
rollup-block-root-single-tx 0.003 s 0.002 s 1.50
rollup-checkpoint-merge 0.004 s 0.003 s 1.33
rollup-root 0.005 s 0.004 s 1.25

This comment was automatically generated by workflow using github-action-benchmark.

CC: @TomAFrench

@asterite asterite closed this Jan 6, 2026
@asterite asterite deleted the ab/acir-pop-front-from-empty-slice branch January 6, 2026 17:40
@asterite asterite restored the ab/acir-pop-front-from-empty-slice branch January 6, 2026 19:26
@asterite asterite reopened this Jan 6, 2026
github-actions[bot]
github-actions bot reviewed Jan 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'ACVM Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: da67f30 Previous: 79e93d8 Ratio
perfectly_parallel_batch_inversion_opcodes 2791165 ns/iter (± 3117) 2262216 ns/iter (± 3305) 1.23

This comment was automatically generated by workflow using github-action-benchmark.

CC: @TomAFrench

@asterite asterite requested a review from a team January 6, 2026 20:01
@asterite
Copy link
Copy Markdown
Collaborator Author

asterite commented Jan 7, 2026

It seems moving the fix to ssagen leads to worse performance than just adding the check in ACIR.

@vezenovm
Copy link
Copy Markdown
Contributor

vezenovm commented Jan 7, 2026

It seems moving the fix to ssagen leads to worse performance than just adding the check in ACIR.

regression_10446 which has the largest ACIR opcodes regression only uses pop_back. We have this vector length check inside of ACIR gen for pop_back so it means we are now doing a redundant check.

jfecher
jfecher approved these changes Jan 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jfecher jfecher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm alright with fixing this first and worrying about optimizations later unless it'd be trivial to improve

@vezenovm
Copy link
Copy Markdown
Contributor

vezenovm commented Jan 7, 2026
edited
Loading

I'm alright with fixing this first and worrying about optimizations later unless it'd be trivial to improve

It should just be removal from ACIR gen.

@asterite I am realizing now though that someone could write a malicious SSA though that does not include these checks. We probably would need to move all these checks (for remove and insert as well) to an SSA pass similar to expand_signed_math for safety. For now, to get the fix in I guess we can just go back to the original assertion within ACIR. Apologies for the back and forth here.

In a follow-up, we could have these checks included by an SSA pass so that we do not have repeated logic for Brillig gen and ACIR gen.

@asterite
Revert "Move check to SSA"
3240f52 
This reverts commit b8f909f.
@asterite
Copy link
Copy Markdown
Collaborator Author

asterite commented Jan 7, 2026

@vezenovm All good! I had to leave for a while so I couldn't revert the last PR, otherwise I would have as soon as I saw those regressions :-)

@asterite asterite enabled auto-merge January 7, 2026 19:30
github-actions[bot]
github-actions bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Brillig Execution Time'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: 3240f52 Previous: 1d4b60b Ratio
rollup-block-root-single-tx 0.003 s 0.002 s 1.50

This comment was automatically generated by workflow using github-action-benchmark.

CC: @TomAFrench

vezenovm
vezenovm reviewed Jan 7, 2026
View reviewed changes
@asterite asterite added this pull request to the merge queue Jan 8, 2026
Merged via the queue into master with commit da65d90 Jan 8, 2026
135 checks passed
@asterite asterite deleted the ab/acir-pop-front-from-empty-slice branch January 8, 2026 13:18
@noirwhal noirwhal mentioned this pull request Jan 8, 2026
Merged
@aakoshh aakoshh mentioned this pull request Feb 25, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@vezenovm vezenovm vezenovm left review comments

@jfecher jfecher jfecher approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asterite @vezenovm @jfecher