chore(merge-train/spartan): merge next to resolve conflicts on #22980#23188
Merged
Conversation
…g SIGABRT (#23019) ## Summary Unblocks the `Nightly Debug Build` workflow, which has been failing again on `next` after #22937 landed. With the `gemini_masking_poly` fix in #22937 the dsl_tests abort site is gone; the next abort site is in `BatchMergeProver`, hit by `BatchMergeTests/{2,3}.TooManySubtablesFails`. Most recent failing run: https://github.com/AztecProtocol/aztec-packages/actions/runs/25478845904 (b30fe8f, exit 134, 7m46s). ## Root cause `TooManySubtablesFails` deliberately calls `BB_DISABLE_ASSERTS()` so it can drive the verifier with `N = max_subtables + 1` subtables. With BB asserts demoted to warnings, control flow falls past the `BB_ASSERT_LTE(N, M, ...)` guard at the top of `BatchMergeProver::construct_proof` and reaches `compute_degree_check_polynomial`, which iterates over `flattened_columns.size()` (sized for `N`) but indexes `degree_check_challenges` (sized for `(M+1) * NUM_WIRES`). In release the over-read returns garbage that the verifier rejects — exactly what the test wants. In debug, libstdc++'s `_GLIBCXX_DEBUG` (set by the `debug` preset's `CXXFLAGS`) makes `std::vector::operator[]` bounds-checked and the OOB at `idx == 40` traps: ``` Error: attempt to subscript container with out-of-bounds index 40, but container only holds 40 elements. timeout: the monitored command dumped core ``` `BB_DISABLE_ASSERTS()` can't suppress this — the bounds check is libstdc++'s, not bb's. ## Fix Clamp the loop to `min(flattened_columns.size(), degree_check_challenges.size())`. Normal paths are unaffected because both sizes equal `(M+1) * NUM_WIRES` whenever `N <= M` (the assert holds). The misuse path now produces a partial degree-check polynomial that the verifier still rejects in both Debug and Release — same observable behaviour, no UB. ## Verification Reproduced inside the ClaudeBox container on `b30fe8f401` with the same flags as the nightly: ```bash cd barretenberg/cpp rm -rf build-debug CXXFLAGS="-gdwarf-4 -D_GLIBCXX_DEBUG" CC=clang-20 CXX=clang++-20 \ cmake -S . -B build-debug -G Ninja \ -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DDISABLE_ASM=OFF -DENABLE_STACKTRACES=ON cd build-debug && ninja goblin_tests ./bin/goblin_tests --gtest_filter='*TooManySubtablesFails*' ``` - Pre-fix: aborts on `BatchMergeTests/2.TooManySubtablesFails` with the OOB shown above (exit 134). - Post-fix: 2 passed, 2 skipped (the native-curve cases self-skip). Full `goblin_tests`: 68 passed / 7 skipped / 0 failed. ## Relationship to other PRs - #22937 (merged) fixed the prior abort site (`gemini_masking_poly` virtual size). Without it the build never reached `BatchMergeProver`; with it, this is the next abort site. - #22976 is a draft from an earlier ClaudeBox session carrying the same one-file change against an older base. This PR re-opens the fix on top of current `next` (`b30fe8f401`) and is ready for review so it doesn't sit silently in draft. Once this merges, #22976 can be closed. - #22811 (BB_DISABLE_ASSERTS workaround for `HonkRecursionConstraintTestWithoutPredicate.GenerateVKFromConstraints`) is obsoleted by #22937 and intentionally not included. Detailed analysis: https://gist.github.com/AztecBot/3ea741b9545337f7a3adcfb60b088378 ClaudeBox log: https://claudebox.work/s/6f2f86264b1de77e?run=1 ClaudeBox log: https://claudebox.work/s/6f2f86264b1de77e?run=1 --------- Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com>
Extend the databus columns to support return data for up to three apps. --------- Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com>
Initial exploration of multi-app init/inner kernels. Currently just adds some basic lib utils and tests demonstrating feasibility of naively extending the current hard-coded single app pattern. --------- Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com>
Remove the chonk_bench as the risk of using it to make decisions is greater than the utility it provides.
We correctly .gitignore prebuilt sqlite artifacts since we fetch and verify them on build, however, this is inconvenient for users of our packages, since it leaves the burden of re-vendoring up to them. This PR introduces an .npmignore file to the sqlite npm package, which by convention overshadows the .gitignore file when npm produces the package tarball. It also includes a verification script to make sure there's no loose ends in the process
`sendMessagesAs` was not added to Zod schemas, which caused the param to be dropped when serialized to cross process boundaries (needed for extension wallet work)
…g SIGABRT (#23077) Fix BatchMergeTests/*.TooManySubtablesFails by making the code use the TweakableBatchMergeProver. ## Summary Unblocks the [Nightly Debug Build](https://github.com/AztecProtocol/aztec-packages/actions/runs/25539203050) on `next`. With `_GLIBCXX_DEBUG` enabled, `BatchMergeTests/2.TooManySubtablesFails` aborts (exit 134) with: ``` Error: attempt to subscript container with out-of-bounds index 40, but container only holds 40 elements. ``` ## Root cause `TooManySubtablesFails` uses `BB_DISABLE_ASSERTS()` so it can drive the verifier with `N = max_subtables + 1` subtables. With BB asserts demoted to warnings, control flow falls past the `BB_ASSERT_LTE(N, M, ...)` guard at the top of `BatchMergeProver::construct_proof` and reaches `compute_degree_check_polynomial`, which iterates over `flattened_columns.size()` (sized for `N`) but indexes `degree_check_challenges` (sized for `(M+1) * NUM_WIRES`). In Release the over-read returns garbage that the verifier rejects — exactly what the test wants. In Debug, libstdc++'s `_GLIBCXX_DEBUG` (set by the `debug` preset's `CXXFLAGS`) bounds-checks `std::vector::operator[]` and traps. `BB_DISABLE_ASSERTS()` cannot suppress this — the bounds check is libstdc++'s, not bb's. ## Why the previously-merged fix didn't fix anything PR #23019 (already merged into `merge-train/barretenberg` via the open #23025) was *titled* the same as this PR but only modified `TweakableBatchMergeProver::construct_proof`. The actual `TooManySubtablesFails` test path uses `prove_and_verify` with the default `fault_mode = FaultMode::NONE`, which routes through `BatchMergeProver` (the base class), not `TweakableBatchMergeProver`. I confirmed this in this container by building `goblin_tests` against `origin/merge-train/barretenberg` HEAD with the debug preset — the same OOB still aborts. The merge train cannot deliver this fix without a real prover-side change. ## Fix Clamp the loop to `min(flattened_columns.size(), degree_check_challenges.size())` inside `BatchMergeProver::compute_degree_check_polynomial`. Normal paths are unaffected because both sizes equal `(M+1) * NUM_WIRES` whenever `N <= M` (the assert holds). The misuse path now produces a partial degree-check polynomial that the verifier still rejects in both Debug and Release — same observable behaviour, no UB. This is the same one-file change as the open draft #22976; opening this fresh PR against current `next` so it doesn't sit silently in draft. ## Verification Reproduced inside the ClaudeBox container on `f23aa82c52` (current `next` HEAD) with the same flags as the nightly: ```bash cd barretenberg/cpp HOME=/tmp cmake --preset debug -DAVM_TRANSPILER_LIB= cd build-debug && ninja goblin_tests ./bin/goblin_tests --gtest_filter='*TooManySubtablesFails*' ``` - Pre-fix: aborts on `BatchMergeTests/2.TooManySubtablesFails` with the OOB shown above (exit 134). Confirmed identical abort on `origin/merge-train/barretenberg` HEAD. - Post-fix: 2 passed, 2 skipped (the native-curve cases self-skip). Full `goblin_tests` post-fix: **68 passed / 7 skipped / 0 failed** (342s). ## Related PRs - #22937 (merged) — fixed the prior abort site (`gemini_masking_poly` virtual size). - #23019 (merged into merge-train/barretenberg via open #23025) — same title, but the diff only modified `TweakableBatchMergeProver`, which is unused on this test path; it is a no-op for the nightly. - #22976 (open draft) — same one-file prover clamp as this PR, against an older base. Detailed analysis: https://gist.github.com/AztecBot/7be72c96a1d3d18458dce92a828116a2 ClaudeBox log: https://claudebox.work/s/8ad866e315acbe92?run=1 ClaudeBox log: https://claudebox.work/s/8ad866e315acbe92?run=1 --------- Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com>
…verrides (#23054) flesh out account stubs so that syncing actually works for them, and then remove their exclusion
## Summary
Splits `DeployMethod` into an abstract umbrella type plus three concrete
flavors that encode the deployer-lock state at the type level instead of
branching on a nullable field.
- `DeployMethod<T>` — abstract base, the type consumers use generically
(`let d: DeployMethod<MyContract> = ...`).
- `BoundDeployMethod` — locked to a concrete `deployer`.
- `UniversalDeployMethod` — locked to `AztecAddress.ZERO` (any sender).
- `PendingDeployMethod` — promotes into a `Bound`/`Universal` sibling on
the first `send` / `simulate` / `profile` call.
The three flavor-specific decisions (`getDeployerAddress`,
`lockOrAssertDeployer`, `cloneInstantiation`) are now abstract methods
rather than `if (this.deployer === undefined / equals(ZERO) / else)`
branches in the base.
## Compile-time guarantees
Each subclass takes a narrowed instantiation type:
- `BoundInstantiationOptions` — `deployer` required, `universalDeploy:
never`.
- `UniversalInstantiationOptions` — `universalDeploy: true` required,
`deployer: never`.
- `PendingInstantiationOptions` — both `never`.
`new BoundDeployMethod(..., { universalDeploy: true })` is now a
TypeScript error. The runtime mutual-exclusion checks in subclass
constructors are gone; the only runtime guard left is
`BoundDeployMethod` rejecting `AztecAddress.ZERO` (a value-level
invariant the type system can't model).
## Constructor shape
Subclass constructors take named bundles instead of 9 positionals:
```ts
new BoundDeployMethod(wallet, contract, instantiation, payload?)
// ^ ^ ^
// { artifact, postDeployCtor, args, constructorNameOrArtifact }
// { salt, publicKeys, deployer }
// { authWitnesses, capsules, extraHashedArgs }
```
`DeployMethod.create` follows the same shape. `Contract.deploy(wallet,
artifact, args, constructorName, instantiation)` and
`MyContract.deploy(wallet, ...args, instantiation?)` (codegen) are
**unchanged** — the bundle reshape stops at the `create` boundary.
## Other changes
- `DeployAccountMethod` now extends `UniversalDeployMethod` (account
contracts are always universal).
…ates (#22905) Adds `fastForwardContractUpdate` to aztec.js — a high-level cheatcode that returns a `SimulationOverrides` blob simulating a deployed instance as if it had already been upgraded to a new contract class. The blob covers both pieces required for a coherent upgrade simulation: - `overrides.publicStorage` rewrites the `ContractInstanceRegistry`'s delayed-public-mutable storage so the AVM's `UpdateCheck` resolves to the new class id. - `overrides.contracts` swaps the deployed instance for one whose `currentContractClassId` is bumped to the new class. Drives both AVM-side public dispatch and PXE-side ACIR private dispatch. Both pieces are required: a storage-only override would not redirect the AVM's class dispatch (which reads `currentContractClassId` from the contract DB); an instance-only override would cause the witgen `UpdateCheck` to throw on inconsistency. The new class must already be registered on chain. ```typescript import { fastForwardContractUpdate } from '@aztec/aztec.js'; const overrides = await fastForwardContractUpdate({ instanceAddress, newClassId, node }); const result = await contract.methods.upgraded_method().simulate({ overrides }); ``` ## Test plan - Unit tests in `fastforward_contract_update.test.ts` cover validation and override shape. - E2E coverage in `e2e_contract_updates` for both public and private dispatch under override (private dispatch needs `wallet.registerContractClass` from upstack and the sync-skip narrowing from upstack). - `migration_notes.md` and `how_to_test.md` updated.
## Summary Addresses comment #22957 (comment) The same artifact-lookup loop was duplicated three times. Puts two helper fns in `stdlib/abi`: - `findFunctionArtifactBySelector(artifact, selector)` — searches `artifact.functions`, returns `FunctionArtifact | undefined`. - `findFunctionAbiBySelector(artifact, selector)` — searches `artifact.functions ∪ nonDispatchPublicFunctions` via `getAllFunctionAbis`, returns `FunctionAbi | undefined`. Both `ContractStore` and `ProxiedContractStoreFactory` now call the same stdlib primitive. The existing throwing `getFunctionArtifact` helper also reuses `findFunctionArtifactBySelector`. ## Test plan - [x] `yarn workspace @aztec/pxe test src/storage/contract_store/contract_store.test.ts` - [x] `yarn workspace @aztec/stdlib test src/abi/abi.test.ts` - [x] `yarn lint pxe`, `yarn lint stdlib`
…rgo expand (#23061) Resolves [F-607](https://linear.app/aztec-labs/issue/F-607/adopt-cargo-insta-for-noir-contract-snapshot-testing) Don't be scared by the diff size, the majority of the diff is new snapshots. - Deleted `noir-projects/noir-contracts-comp-failures/` crate. We now have `noir-projects/contract-snapshots/` - `nargo expand` tests cover Token, AMM, StorageProofTest, AvmTest, AvmGadgetsTest to match the CI benchmarks - `compile_failure` snapshots are now full stderr (not just `error: ` headlines) Asserting the full stderr and `expand` output provide us a strong test invariant on the current compiler behavior. Some of the expanded snapshots are quite large, and that is why I ultimately chose to only have snapshots for the benchmark contracts. For compilation failures, I felt it would be better to have the full snapshot in all cases. We then assert against the actual compiler behavior rather than some stripped version of the stderr. A great example of how these snapshots are useful can be seen in the child PR #23062.
Deprecates mocha as a test runner for kv-store (we currently half part in mocha part in vitest). The seemingly off-topic change in stdlib stems from L2TipsStore tests being generated from there but consumed from kv-store. It's a bit of a strange pattern that maybe we should reconsider. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
More efficient Poseidon2 thanks to quad compression trick --------- Co-authored-by: ledwards2225 <l.edwards.d@gmail.com> Co-authored-by: notnotraju <raju@aztec.foundation>
BEGIN_COMMIT_OVERRIDE fix(bb): clamp BatchMergeProver degree-check loop to fix nightly debug SIGABRT (#23019) feat: extend databus with 2 more cols (#23010) feat: n1 apps (#22974) chore: remove chonk bench once and for all (#23067) fix(bb): clamp BatchMergeProver degree-check loop to fix nightly debug SIGABRT (#23077) feat!: optimized Poseidon2 (#22652) END_COMMIT_OVERRIDE
As title. Unused outside of windows build.
…yte code size blow up (#23062) Resolves [F-637](https://linear.app/aztec-labs/issue/F-637/aztec-nr-macros-contain-self-construction-to-a-function-to-prevent) Stacks on #23061 - New `generate_public_self_creator` emits a per-contract `__aztec_nr_internals__create_public_self<let N: u32>()` helper - `generate_public_external` now emits a single call to it instead of inlining the preamble. This can be seen in the snapshots. - Helper is emitted from `process_functions` and gated on `public_functions.len() > 0` ~~Improvements tested locally:~~ I need to test further. Either way this is cleaner macro code.
Automated update of Noir submodule to latest nightly. **Current**: unknown **New**: nightly-2026-05-11 [View changes in noir-lang/noir](noir-lang/noir@d52888d...nightly-2026-05-11) Co-authored-by: Tom French <15848336+TomAFrench@users.noreply.github.com>
Automated update of Noir submodule to latest nightly. **Current**: unknown **New**: nightly-2026-05-11 [View changes in noir-lang/noir](noir-lang/noir@d52888d...nightly-2026-05-11)
BEGIN_COMMIT_OVERRIDE refactor(pxe): use findLeavesIndexes for read request verification (#23123) refactor(pxe): skip storage reads for never-updated contracts (#23131) fix(pxe): skip registerContractFunctionSignatures when no public fns (#23134) refactor(pxe): prefetch updated class id hints per unique contract (#23130) chore(aztec-nr): Public self constructor function to prevent static byte code size blow up (#23062) refactor(pxe): avoid expensive toTx() call when computing tx hash (#23136) END_COMMIT_OVERRIDE
## Summary Companion to #23146 (merge-train/barretenberg), recreated against `next`. `barretenberg/sol/bootstrap.sh::build_sol` runs `forge fmt` before `forge build`. PR #22659 (now in `next` via merge-train/fairies) trimmed unused imports from `test/utils/Debug.sol`; once trimmed, the multi-line import block was short enough that `forge fmt` collapses it to a single line. That rewrites the file mid-CI and trips `ci3/cache_content_hash` with `ERROR: Noticed changes to rebuild patterns during CI run`, disabling cache hits for every downstream `*-tests` target — as seen in http://ci.aztec-labs.com/1778494208886637. This PR puts `Debug.sol` directly into the forge-fmt-stable form (single-line import). After rebase, this is the only diff against `next`. ## Verification ```bash cd barretenberg/sol forge fmt --check # clean forge fmt # no changes ``` Full analysis: https://gist.github.com/AztecBot/86bb7e59c1a9998f77dd1bc51dd9319d
## Summary `ci-network-scenario` raced `ci-release-publish` on nightly tag runs: the scenarios pulled `aztecprotocol/aztec:<tag>` from Docker Hub before that image had been pushed, so the latest nightly failed. Example: [run 25710972450](https://github.com/AztecProtocol/aztec-packages/actions/runs/25710972450) (`v5.0.0-nightly.20260512`) — scenarios started at 03:17 and failed by 03:35, while `ci-release-publish` only finished at 03:44. The proposed workflow change lives at `.github-new/workflows/ci3.yml` because this session was not started with `ci-allow`. To land, copy it over `.github/workflows/ci3.yml` in a follow-up commit (or re-run with `ci-allow`). ## Fix Add `ci-release-publish` to `ci-network-scenario`'s `needs`, and gate on its result being `success` or `skipped`: - Nightly tag → `ci-release-publish` runs and must succeed before scenarios start. - PR with `ci-network-scenario` label → `ci-release-publish` is skipped (its `if:` requires a tag), and the scenario job builds + pushes to `aztecdev` itself, so the `skipped` branch keeps the gate happy. - If `ci-release-publish` fails on a nightly, scenarios are now skipped rather than failing with a Docker pull error. No cycle: `ci-network-scenario → ci-release-publish → [ci, ci-compat-e2e] → ci`. Details: https://gist.github.com/AztecBot/040284e4d65a4f5161d430eecbc9ac1a ## Test plan - [ ] Promote `.github-new/workflows/ci3.yml` to `.github/workflows/ci3.yml`. - [ ] Next nightly tag triggers `ci-release-publish` first; `ci-network-scenario` starts only after the image is on Docker Hub. - [ ] A PR with the `ci-network-scenario` label still runs scenarios as before (label-driven path: `ci-release-publish` is skipped). ClaudeBox log: https://claudebox.work/s/af8eefbd781c1674?run=1
Adds a multi-producer, single-consumer shared-memory IPC transport. Internally this is **N SPSC rings (one per producer) + a shared doorbell futex** — there is no shared producer ring. Each client writes only to its own SPSC ring; producers ring the doorbell to wake the consumer, which then checks which ring has data and reads from it. Each client also has its own SPSC response ring. This is the same pattern that existed in earlier IPC iterations and is what \`aztec-wsdb\` will could use when serving both the TS layer and a C++ AVM worker pool from the same world state if we need the performance. Right now though we'll use UDS. This is just if needed in future.
…23040) Adds a multi-producer, single-consumer shared-memory IPC transport. Internally this is **N SPSC rings (one per producer) + a shared doorbell futex** — there is no shared producer ring. Each client writes only to its own SPSC ring; producers ring the doorbell to wake the consumer, which then checks which ring has data and reads from it. Each client also has its own SPSC response ring. This is the same pattern that existed in earlier IPC iterations and is what \`aztec-wsdb\` will could use when serving both the TS layer and a C++ AVM worker pool from the same world state if we need the performance. Right now though we'll use UDS. This is just if needed in future.
Automated update of Noir submodule to latest nightly. **Current**: unknown **New**: nightly-2026-05-12 [View changes in noir-lang/noir](noir-lang/noir@1d9727a...nightly-2026-05-12)
# Conflicts: # .test_patterns.yml # playground/vite.config.ts # yarn-project/bb-prover/src/bb/bb_js_backend.ts # yarn-project/txe/src/oracle/txe_oracle_top_level_context.ts
AztecBot
added
ci-draft
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Caution Review the following alerts detected in dependencies. According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merges latest
nextintomerge-train/spartanto resolve conflicts on #22980.Conflicts resolved
.test_patterns.yml— dropped the obsoletebb-micro-bench/wasm/chonkentry (chonk bench was removed in chore: remove chonk bench once and for all #23067 onnext); kept thetx_stats_benchflake entry added on spartan in test: mark tx_stats_bench 10 TPS as flake-retryable on merge-train/spartan #23083.playground/vite.config.ts— both branches bumped the bundle limit from 1750 → 1800; kept both bump-log comments side-by-side.yarn-project/bb-prover/src/bb/bb_js_backend.ts— kept spartan's pooled-verifier methods (makeOwned/makeBorrowedfrom fix(bb-prover): pool long-lived bb verifier processes instead of spawning per-call #23093) and dropped the obsoletesplitChonkProofToStructuredTS splitter (replaced server-side by the newChonkVerifyFromFieldsbbapi in fix(bb-prover): pool long-lived bb verifier processes instead of spawning per-call #23093). Removed the now-unusedChonkProof/CHONK_*imports.yarn-project/txe/src/oracle/txe_oracle_top_level_context.ts— combined both changes:l2TipsStore: this.stateMachine.l2TipsProvider(rename from refactor(node-rpc)!: remove deprecated AztecNode methods and L2BlockSource tip helpers #22934) and the newhooks: composeHooks({ authorizeUtilityCall: ... })block (from feat(txe): allow authorizing cross-contract utility calls in nr tests #23064).Notes
This PR cannot be pushed directly to #22980 because that PR was not created via ClaudeBox (no
claudeboxlabel, soupdate_pris blocked). Merging this PR via "Create a merge commit" will push the merge commit ontomerge-train/spartan, which resolves the conflicts on #22980.If preferred, an admin can instead add the
claudeboxlabel to #22980 and re-trigger this task — ClaudeBox would then push the merge commit directly tomerge-train/spartan.ClaudeBox log: https://claudebox.work/s/048e8ae8a6e3d170?run=1