Skip to content

[storage/fuzz] fix mmr_journaled fuzz test #2746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
roberto-bayardo merged 1 commit into from
Jan 8, 2026
Merged

[storage/fuzz] fix mmr_journaled fuzz test #2746

roberto-bayardo merged 1 commit into from
Jan 8, 2026

Conversation

@roberto-bayardo
Copy link
Collaborator

@roberto-bayardo roberto-bayardo commented Jan 8, 2026

No description provided.

@roberto-bayardo roberto-bayardo marked this pull request as ready for review January 8, 2026 15:16
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 8, 2026

Deploying monorepo with  Cloudflare Pages  Cloudflare Pages

Latest commit: 650ceb4
Status: ✅  Deploy successful!
Preview URL: https://ca8863de.monorepo-eu0.pages.dev
Branch Preview URL: https://fuzz-work.monorepo-eu0.pages.dev

View logs

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 8, 2026

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 commonware-mcp 650ceb4 Jan 08 2026, 03:16 PM

@dnkolegov-ar dnkolegov-ar mentioned this pull request Jan 8, 2026
Closed
cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
storage/fuzz/fuzz_targets/mmr_journaled.rs
// Truncate tracking variables to match recovered state
let recovered_leaves = new_mmr.leaves().as_u64() as usize;
leaves.truncate(recovered_leaves);
historical_sizes.truncate(recovered_leaves);
Copy link

@cursor cursor bot Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong tracking data after pop-add-reinit sequence

Low Severity

The truncation logic assumes leaves[0..recovered_leaves] matches the recovered MMR's leaves. This breaks after a Pop-Add sequence without sync. For example: sync with [A,B], pop one leaf giving [A], add C giving [A,C], then Reinit recovers 2 leaves. leaves.truncate(2) keeps [A,C] but the recovered MMR has [A,B]. Subsequent Proof operations use wrong element data (C instead of B), causing spurious verification failures that misleadingly suggest bugs in the MMR implementation.

🔬 Verification Test

Why verification test was not possible: This is a fuzz test infrastructure issue in a Rust project that requires the full commonware-storage crate and its dependencies to compile and run. The bug manifests as spurious assertion failures during fuzz testing when a specific operation sequence (sync → pop → add → reinit) occurs, which cannot be easily unit tested in isolation without the full fuzzing framework.

Fix in Cursor Fix in Web

Copy link
Collaborator Author

@roberto-bayardo roberto-bayardo Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pop does a sync, so this should be fine.

@dnkolegov-ar
Copy link
Collaborator

dnkolegov-ar commented Jan 8, 2026

The crash is not reproduced anymore

@roberto-bayardo roberto-bayardo added this pull request to the merge queue Jan 8, 2026
Merged via the queue into main with commit ecd5e3c Jan 8, 2026
130 checks passed
@roberto-bayardo roberto-bayardo deleted the fuzz-work branch January 8, 2026 17:11
@codecov
Copy link

codecov bot commented Jan 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.20%. Comparing base (5ca1fb0) to head (650ceb4).
⚠️ Report is 1 commits behind head on main.

@@           Coverage Diff           @@
##             main    #2746   +/-   ##
=======================================
  Coverage   93.20%   93.20%           
=======================================
  Files         372      372           
  Lines      113359   113359           
=======================================
  Hits       105655   105655           
  Misses       7704     7704

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5ca1fb0...650ceb4. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@dnkolegov-ar dnkolegov-ar dnkolegov-ar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@roberto-bayardo @dnkolegov-ar