fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode#8996
Merged
fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode#8996
Conversation
asterite
reviewed
Jun 23, 2025
asterite
approved these changes
Jun 23, 2025
github-merge-queue bot
pushed a commit
to AztecProtocol/aztec-packages
that referenced
this pull request
Jul 1, 2025
Automated pull of nightly from the [noir](https://github.com/noir-lang/noir) programming language, a dependency of Aztec. BEGIN_COMMIT_OVERRIDE fix: check both coordinates for point doubling (noir-lang/noir#9039) fix: codegen generic type arguments (noir-lang/noir#9044) chore: remove accidentally committed files (noir-lang/noir#9048) fix(fuzz): enable print in comptime_vs_brillig_direct (noir-lang/noir#9045) chore: move a couple of test_utils functions into a module (noir-lang/noir#9052) chore: bump external pinned commits (noir-lang/noir#9046) fix: put constraint failure after binary operations that overflow (noir-lang/noir#9023) fix(ssa): Remove array from cache in constant folding if it's an argument to a `Call` (noir-lang/noir#9040) feat: some `nargo expand` fixes related to function and method calls (noir-lang/noir#9038) feat(ssa_fuzzer): custom mutations (noir-lang/noir#8988) feat: implicit coercion of str and fmtstr into CtString (noir-lang/noir#9032) chore: add idempotency check to `remove_unreachable_functions` (noir-lang/noir#9017) chore: add logging for signature failure cases which break barretenberg (noir-lang/noir#9030) feat(ssa): Handle `println` in the SSA interpreter (noir-lang/noir#9028) chore: don't compute used globals during DIE (noir-lang/noir#9029) fix(ssa_fuzzer): nested conditions in loops (noir-lang/noir#8997) fix(fuzz): Consider `==` turning into `!=` equivalent (noir-lang/noir#9025) fix(fuzz): Avoid overflow in `gen_unary` (noir-lang/noir#9024) fix(ssa): Perform `mem2reg` before DIE (noir-lang/noir#9018) fix: Strange use of predicates in euclidian division (noir-lang/noir#8934) fix: compute the dominance frontier of the reverse cfg using the extended cfg (noir-lang/noir#9019) fix(fuzz): Handle overflow errors from the elaborator (noir-lang/noir#9014) feat: show why an assertion will always fail if it's a static string (noir-lang/noir#9013) chore(ssa): Add `SsaPass:and_then` (noir-lang/noir#9016) fix: Add a remove_unreachable_instructions SSA pass (with unreachable terminator) (noir-lang/noir#9008) feat: `nargo expand` for LSP (noir-lang/noir#9012) fix(mem2reg): Add the value in `ArraySet` to `aliased_references` (noir-lang/noir#8976) feat(debug): Print ssa locations along with ssa (noir-lang/noir#9001) chore: move `nargo expand` code to its own crate (noir-lang/noir#9011) chore: redo typo PR by donatik27 (noir-lang/noir#9004) fix: recover generics when defining trait impl function (noir-lang/noir#9009) fix: replace public key with curve generators in inactive branches (noir-lang/noir#8993) fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode (noir-lang/noir#8996) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com> Co-authored-by: Ary Borenszweig <asterite@gmail.com>
github-merge-queue bot
pushed a commit
to AztecProtocol/aztec-packages
that referenced
this pull request
Jul 2, 2025
Automated pull of nightly from the [noir](https://github.com/noir-lang/noir) programming language, a dependency of Aztec. BEGIN_COMMIT_OVERRIDE chore(docs): Brillig VM docs (noir-lang/noir#9078) fix(expand): missing struct member visibility, and use "crate" instead of "super" when possible (noir-lang/noir#9081) fix: revert #9044 (noir-lang/noir#9080) chore: error on infinite recursion (noir-lang/noir#9063) fix(fuzz): Assign to an index variable to sequence side effects (noir-lang/noir#9056) chore: bump cargo deny (noir-lang/noir#9077) chore: Refactor `ConstrainEqFailed` to have `Option<String>` for `msg` (noir-lang/noir#9065) chore(debug): Toggle SSA locations when printing SSA (noir-lang/noir#9066) chore(acir_gen): Improve error message for radix decomposition (noir-lang/noir#9068) chore(ci): fix upload of benchmark results on master (noir-lang/noir#9069) fix: check both coordinates for point doubling (noir-lang/noir#9039) fix: codegen generic type arguments (noir-lang/noir#9044) chore: remove accidentally committed files (noir-lang/noir#9048) fix(fuzz): enable print in comptime_vs_brillig_direct (noir-lang/noir#9045) chore: move a couple of test_utils functions into a module (noir-lang/noir#9052) chore: bump external pinned commits (noir-lang/noir#9046) fix: put constraint failure after binary operations that overflow (noir-lang/noir#9023) fix(ssa): Remove array from cache in constant folding if it's an argument to a `Call` (noir-lang/noir#9040) feat: some `nargo expand` fixes related to function and method calls (noir-lang/noir#9038) feat(ssa_fuzzer): custom mutations (noir-lang/noir#8988) feat: implicit coercion of str and fmtstr into CtString (noir-lang/noir#9032) chore: add idempotency check to `remove_unreachable_functions` (noir-lang/noir#9017) chore: add logging for signature failure cases which break barretenberg (noir-lang/noir#9030) feat(ssa): Handle `println` in the SSA interpreter (noir-lang/noir#9028) chore: don't compute used globals during DIE (noir-lang/noir#9029) fix(ssa_fuzzer): nested conditions in loops (noir-lang/noir#8997) fix(fuzz): Consider `==` turning into `!=` equivalent (noir-lang/noir#9025) fix(fuzz): Avoid overflow in `gen_unary` (noir-lang/noir#9024) fix(ssa): Perform `mem2reg` before DIE (noir-lang/noir#9018) fix: Strange use of predicates in euclidian division (noir-lang/noir#8934) fix: compute the dominance frontier of the reverse cfg using the extended cfg (noir-lang/noir#9019) fix(fuzz): Handle overflow errors from the elaborator (noir-lang/noir#9014) feat: show why an assertion will always fail if it's a static string (noir-lang/noir#9013) chore(ssa): Add `SsaPass:and_then` (noir-lang/noir#9016) fix: Add a remove_unreachable_instructions SSA pass (with unreachable terminator) (noir-lang/noir#9008) feat: `nargo expand` for LSP (noir-lang/noir#9012) fix(mem2reg): Add the value in `ArraySet` to `aliased_references` (noir-lang/noir#8976) feat(debug): Print ssa locations along with ssa (noir-lang/noir#9001) chore: move `nargo expand` code to its own crate (noir-lang/noir#9011) chore: redo typo PR by donatik27 (noir-lang/noir#9004) fix: recover generics when defining trait impl function (noir-lang/noir#9009) fix: replace public key with curve generators in inactive branches (noir-lang/noir#8993) fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode (noir-lang/noir#8996) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com> Co-authored-by: Ary Borenszweig <asterite@gmail.com>
github-merge-queue bot
pushed a commit
to AztecProtocol/aztec-packages
that referenced
this pull request
Jul 2, 2025
Automated pull of nightly from the [noir](https://github.com/noir-lang/noir) programming language, a dependency of Aztec. BEGIN_COMMIT_OVERRIDE chore(docs): Brillig VM docs (noir-lang/noir#9078) fix(expand): missing struct member visibility, and use "crate" instead of "super" when possible (noir-lang/noir#9081) fix: revert #9044 (noir-lang/noir#9080) chore: error on infinite recursion (noir-lang/noir#9063) fix(fuzz): Assign to an index variable to sequence side effects (noir-lang/noir#9056) chore: bump cargo deny (noir-lang/noir#9077) chore: Refactor `ConstrainEqFailed` to have `Option<String>` for `msg` (noir-lang/noir#9065) chore(debug): Toggle SSA locations when printing SSA (noir-lang/noir#9066) chore(acir_gen): Improve error message for radix decomposition (noir-lang/noir#9068) chore(ci): fix upload of benchmark results on master (noir-lang/noir#9069) fix: check both coordinates for point doubling (noir-lang/noir#9039) fix: codegen generic type arguments (noir-lang/noir#9044) chore: remove accidentally committed files (noir-lang/noir#9048) fix(fuzz): enable print in comptime_vs_brillig_direct (noir-lang/noir#9045) chore: move a couple of test_utils functions into a module (noir-lang/noir#9052) chore: bump external pinned commits (noir-lang/noir#9046) fix: put constraint failure after binary operations that overflow (noir-lang/noir#9023) fix(ssa): Remove array from cache in constant folding if it's an argument to a `Call` (noir-lang/noir#9040) feat: some `nargo expand` fixes related to function and method calls (noir-lang/noir#9038) feat(ssa_fuzzer): custom mutations (noir-lang/noir#8988) feat: implicit coercion of str and fmtstr into CtString (noir-lang/noir#9032) chore: add idempotency check to `remove_unreachable_functions` (noir-lang/noir#9017) chore: add logging for signature failure cases which break barretenberg (noir-lang/noir#9030) feat(ssa): Handle `println` in the SSA interpreter (noir-lang/noir#9028) chore: don't compute used globals during DIE (noir-lang/noir#9029) fix(ssa_fuzzer): nested conditions in loops (noir-lang/noir#8997) fix(fuzz): Consider `==` turning into `!=` equivalent (noir-lang/noir#9025) fix(fuzz): Avoid overflow in `gen_unary` (noir-lang/noir#9024) fix(ssa): Perform `mem2reg` before DIE (noir-lang/noir#9018) fix: Strange use of predicates in euclidian division (noir-lang/noir#8934) fix: compute the dominance frontier of the reverse cfg using the extended cfg (noir-lang/noir#9019) fix(fuzz): Handle overflow errors from the elaborator (noir-lang/noir#9014) feat: show why an assertion will always fail if it's a static string (noir-lang/noir#9013) chore(ssa): Add `SsaPass:and_then` (noir-lang/noir#9016) fix: Add a remove_unreachable_instructions SSA pass (with unreachable terminator) (noir-lang/noir#9008) feat: `nargo expand` for LSP (noir-lang/noir#9012) fix(mem2reg): Add the value in `ArraySet` to `aliased_references` (noir-lang/noir#8976) feat(debug): Print ssa locations along with ssa (noir-lang/noir#9001) chore: move `nargo expand` code to its own crate (noir-lang/noir#9011) chore: redo typo PR by donatik27 (noir-lang/noir#9004) fix: recover generics when defining trait impl function (noir-lang/noir#9009) fix: replace public key with curve generators in inactive branches (noir-lang/noir#8993) fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode (noir-lang/noir#8996) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com> Co-authored-by: Ary Borenszweig <asterite@gmail.com>
danielntmd
pushed a commit
to danielntmd/aztec-packages
that referenced
this pull request
Jul 16, 2025
Automated pull of nightly from the [noir](https://github.com/noir-lang/noir) programming language, a dependency of Aztec. BEGIN_COMMIT_OVERRIDE chore(docs): Brillig VM docs (noir-lang/noir#9078) fix(expand): missing struct member visibility, and use "crate" instead of "super" when possible (noir-lang/noir#9081) fix: revert AztecProtocol#9044 (noir-lang/noir#9080) chore: error on infinite recursion (noir-lang/noir#9063) fix(fuzz): Assign to an index variable to sequence side effects (noir-lang/noir#9056) chore: bump cargo deny (noir-lang/noir#9077) chore: Refactor `ConstrainEqFailed` to have `Option<String>` for `msg` (noir-lang/noir#9065) chore(debug): Toggle SSA locations when printing SSA (noir-lang/noir#9066) chore(acir_gen): Improve error message for radix decomposition (noir-lang/noir#9068) chore(ci): fix upload of benchmark results on master (noir-lang/noir#9069) fix: check both coordinates for point doubling (noir-lang/noir#9039) fix: codegen generic type arguments (noir-lang/noir#9044) chore: remove accidentally committed files (noir-lang/noir#9048) fix(fuzz): enable print in comptime_vs_brillig_direct (noir-lang/noir#9045) chore: move a couple of test_utils functions into a module (noir-lang/noir#9052) chore: bump external pinned commits (noir-lang/noir#9046) fix: put constraint failure after binary operations that overflow (noir-lang/noir#9023) fix(ssa): Remove array from cache in constant folding if it's an argument to a `Call` (noir-lang/noir#9040) feat: some `nargo expand` fixes related to function and method calls (noir-lang/noir#9038) feat(ssa_fuzzer): custom mutations (noir-lang/noir#8988) feat: implicit coercion of str and fmtstr into CtString (noir-lang/noir#9032) chore: add idempotency check to `remove_unreachable_functions` (noir-lang/noir#9017) chore: add logging for signature failure cases which break barretenberg (noir-lang/noir#9030) feat(ssa): Handle `println` in the SSA interpreter (noir-lang/noir#9028) chore: don't compute used globals during DIE (noir-lang/noir#9029) fix(ssa_fuzzer): nested conditions in loops (noir-lang/noir#8997) fix(fuzz): Consider `==` turning into `!=` equivalent (noir-lang/noir#9025) fix(fuzz): Avoid overflow in `gen_unary` (noir-lang/noir#9024) fix(ssa): Perform `mem2reg` before DIE (noir-lang/noir#9018) fix: Strange use of predicates in euclidian division (noir-lang/noir#8934) fix: compute the dominance frontier of the reverse cfg using the extended cfg (noir-lang/noir#9019) fix(fuzz): Handle overflow errors from the elaborator (noir-lang/noir#9014) feat: show why an assertion will always fail if it's a static string (noir-lang/noir#9013) chore(ssa): Add `SsaPass:and_then` (noir-lang/noir#9016) fix: Add a remove_unreachable_instructions SSA pass (with unreachable terminator) (noir-lang/noir#9008) feat: `nargo expand` for LSP (noir-lang/noir#9012) fix(mem2reg): Add the value in `ArraySet` to `aliased_references` (noir-lang/noir#8976) feat(debug): Print ssa locations along with ssa (noir-lang/noir#9001) chore: move `nargo expand` code to its own crate (noir-lang/noir#9011) chore: redo typo PR by donatik27 (noir-lang/noir#9004) fix: recover generics when defining trait impl function (noir-lang/noir#9009) fix: replace public key with curve generators in inactive branches (noir-lang/noir#8993) fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode (noir-lang/noir#8996) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com> Co-authored-by: Ary Borenszweig <asterite@gmail.com>
AztecBot
added a commit
to AztecProtocol/barretenberg
that referenced
this pull request
Dec 3, 2025
Automated pull of nightly from the [noir](https://github.com/noir-lang/noir) programming language, a dependency of Aztec. BEGIN_COMMIT_OVERRIDE chore(docs): Brillig VM docs (noir-lang/noir#9078) fix(expand): missing struct member visibility, and use "crate" instead of "super" when possible (noir-lang/noir#9081) fix: revert #9044 (noir-lang/noir#9080) chore: error on infinite recursion (noir-lang/noir#9063) fix(fuzz): Assign to an index variable to sequence side effects (noir-lang/noir#9056) chore: bump cargo deny (noir-lang/noir#9077) chore: Refactor `ConstrainEqFailed` to have `Option<String>` for `msg` (noir-lang/noir#9065) chore(debug): Toggle SSA locations when printing SSA (noir-lang/noir#9066) chore(acir_gen): Improve error message for radix decomposition (noir-lang/noir#9068) chore(ci): fix upload of benchmark results on master (noir-lang/noir#9069) fix: check both coordinates for point doubling (noir-lang/noir#9039) fix: codegen generic type arguments (noir-lang/noir#9044) chore: remove accidentally committed files (noir-lang/noir#9048) fix(fuzz): enable print in comptime_vs_brillig_direct (noir-lang/noir#9045) chore: move a couple of test_utils functions into a module (noir-lang/noir#9052) chore: bump external pinned commits (noir-lang/noir#9046) fix: put constraint failure after binary operations that overflow (noir-lang/noir#9023) fix(ssa): Remove array from cache in constant folding if it's an argument to a `Call` (noir-lang/noir#9040) feat: some `nargo expand` fixes related to function and method calls (noir-lang/noir#9038) feat(ssa_fuzzer): custom mutations (noir-lang/noir#8988) feat: implicit coercion of str and fmtstr into CtString (noir-lang/noir#9032) chore: add idempotency check to `remove_unreachable_functions` (noir-lang/noir#9017) chore: add logging for signature failure cases which break barretenberg (noir-lang/noir#9030) feat(ssa): Handle `println` in the SSA interpreter (noir-lang/noir#9028) chore: don't compute used globals during DIE (noir-lang/noir#9029) fix(ssa_fuzzer): nested conditions in loops (noir-lang/noir#8997) fix(fuzz): Consider `==` turning into `!=` equivalent (noir-lang/noir#9025) fix(fuzz): Avoid overflow in `gen_unary` (noir-lang/noir#9024) fix(ssa): Perform `mem2reg` before DIE (noir-lang/noir#9018) fix: Strange use of predicates in euclidian division (noir-lang/noir#8934) fix: compute the dominance frontier of the reverse cfg using the extended cfg (noir-lang/noir#9019) fix(fuzz): Handle overflow errors from the elaborator (noir-lang/noir#9014) feat: show why an assertion will always fail if it's a static string (noir-lang/noir#9013) chore(ssa): Add `SsaPass:and_then` (noir-lang/noir#9016) fix: Add a remove_unreachable_instructions SSA pass (with unreachable terminator) (noir-lang/noir#9008) feat: `nargo expand` for LSP (noir-lang/noir#9012) fix(mem2reg): Add the value in `ArraySet` to `aliased_references` (noir-lang/noir#8976) feat(debug): Print ssa locations along with ssa (noir-lang/noir#9001) chore: move `nargo expand` code to its own crate (noir-lang/noir#9011) chore: redo typo PR by donatik27 (noir-lang/noir#9004) fix: recover generics when defining trait impl function (noir-lang/noir#9009) fix: replace public key with curve generators in inactive branches (noir-lang/noir#8993) fix(fuzz): Avoid overflowing binary ops in "no dynamic" mode (noir-lang/noir#8996) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com> Co-authored-by: Ary Borenszweig <asterite@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Problem*
Workaround for #8995
Summary*
When the AST code generator is in "no dynamic" mode, avoid binary operations that can fail, otherwise we will get a compilation error saying that we are trying to index an array with a non-constant expression, which is true from the compiler perspective, but fell outside the mechanism implemented to prevent this kind of indexing, which only tracked whether variables came from either program inputs or unconstrained environment.
Additional Context
To replicate the error in the ticket:
NOIR_AST_FUZZER_SHOW_AST=1 NOIR_AST_FUZZER_SEED=0xcfb2f7da00100000 cargo test -p noir_ast_fuzzer_fuzz min_vs_fullDocumentation*
Check one:
PR Checklist*
cargo fmton default settings.