Skip to content

fix: map databus after unrolling a loop iteration #11399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asterite wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: map databus after unrolling a loop iteration #11399

asterite wants to merge 1 commit into from
+4 −0

Conversation

@asterite
Copy link
Collaborator

@asterite asterite commented Jan 30, 2026

Description

Problem

Resolves https://github.com/noir-lang/noir/security/advisories/GHSA-4462-q25g-3fmc

Summary

Additional Context

User Documentation

Check one:

  • No user documentation needed.
  • Changes in docs/ included in this PR.
  • [For Experimental Features] Changes in docs/ to be submitted in a separate PR.

PR Checklist

  • I have tested the changes locally.
  • I have formatted the changes with Prettier and/or cargo fmt on default settings.

github-actions[bot]
github-actions bot reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Execution Time'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: 4dedee8 Previous: c695737 Ratio
rollup-block-root-single-tx 0.003 s 0.002 s 1.50
sha512-100-bytes 0.085 s 0.056 s 1.52

This comment was automatically generated by workflow using github-action-benchmark.

CC: @TomAFrench

@asterite asterite requested a review from a team January 30, 2026 12:22
aakoshh
aakoshh reviewed Jan 30, 2026
View reviewed changes
compiler/noirc_evaluator/src/ssa/opt/unrolling.rs

// Since `self`, and its `inserter`, are moved into this method,
// it's the last chance we have to update the data bus values.
self.inserter.map_data_bus_in_place();
Copy link
Contributor

@aakoshh aakoshh Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not entirely clear to me when we call map_data_bus_in_place in general. Sometimes it is at the end of an entire pass, other times it's seemingly more granular, like in flatten_single_conditional.

In any case, maybe we could add some protection against this being forgotten by adding a flag to the FunctionInserter which is (re)set to false in map_values and set to true in map_data_bus_in_place, and then implement Drop for FunctionInserter where we can panic if we haven't called it when it goes out of scope, or just all it there if need be.

Copy link
Contributor

@aakoshh aakoshh Jan 30, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On a different note, for values in the databus, which are either call arguments or return values, wouldn't it be surprising if any of them changed during the unrolling of a single loop iteration? I thought we don't return from the middle of loops, so for example the return value would refer to something in the last block, which must get the data through a reference or a block parameter.

I could be wrong, but it would be nice to see an example where this is a problem. OTOH we now clone the entire databus in each loop iteration.

Copy link
Collaborator Author

@asterite asterite Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right... I worked on this mainly because it was a security advisory, but there was no actual bug linked to this. Maybe we can close this until we find a bug.

Copy link
Contributor

@aakoshh aakoshh Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another thing that seems intuitive to me since that if we have to call map_terminator_in_place then we should call map_data_bus_in_place as well, and vice versa.

Copy link
Contributor

@aakoshh aakoshh Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah no, that's not right, only if the terminator is a return one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aakoshh aakoshh aakoshh left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asterite @aakoshh