Skip to content

fix(avm): constraint when unwinding empty call stack #19485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
IlyasRidhuan merged 1 commit into from
Jan 12, 2026
Merged

fix(avm): constraint when unwinding empty call stack #19485

IlyasRidhuan merged 1 commit into from
Jan 12, 2026

Conversation

@IlyasRidhuan
Copy link
Contributor

@IlyasRidhuan IlyasRidhuan commented Jan 10, 2026
edited
Loading

internal_call_return forces internal_call_id' = return_id. However, during an error (when the call stack is empty) return_id = 0 which forces internal_call_id' = 0. When there is another enqueued call after an error row (specifically this only happens when there is a teardown), there are constraints that enforce internal_call_id' = 1.

These are contradictory constraints and the solution is to only enforce internal_call_id' = return_id if there are no errors.

This didnt get detected via other fuzzers or tests because in the single enqueued call variant, the next row is defaulted to zero which enables the buggy relation to pass.

@IlyasRidhuan Graphite App
Copy link
Contributor Author

IlyasRidhuan commented Jan 10, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@IlyasRidhuan IlyasRidhuan marked this pull request as ready for review January 12, 2026 08:25
@IlyasRidhuan IlyasRidhuan requested review from sirasistant and removed request for Maddiaa0, fcarreiro and jeanmon January 12, 2026 08:26
@AztecBot
Copy link
Collaborator

AztecBot commented Jan 12, 2026

Flakey Tests

🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/06fb76f864a82f2d�06fb76f864a82f2d8;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/multiple_validators_sentinel.parallel.test.ts "collects attestations for validators in proposer node when block is not published" (104s) (code: 1) group:e2e-p2p-epoch-flakes (\033IlyasRidhuan\033: fix(avm): constraint when unwinding empty call stack)

@IlyasRidhuan IlyasRidhuan merged commit 940f12c into merge-train/avm Jan 12, 2026
15 of 16 checks passed
@IlyasRidhuan IlyasRidhuan deleted the ir/01-10-fix_avm_constraint_when_unwinding_empty_call_stack branch January 12, 2026 13:49
@AztecBot AztecBot mentioned this pull request Jan 12, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 12, 2026
@fcarreiro
feat: merge-train/avm (#19496)
b7c8acf 
BEGIN_COMMIT_OVERRIDE
feat(avm security): add static check for isolated/unused columns
(#19489)
feat(avm): use noop calldata hasher in fast sim (#19495)
chore(avm): rename indirect -> addressing mode (#19491)
chore(avm): small cursor optimizations
chore(avm):! rename indirect -> addressing mode (PIL) (#19493)
fix(avm): constraint when unwinding empty call stack (#19485)
feat(avm): Fuzz debug log and refactor env getter (#19494)
fix!: ecc add predicate completeness bug (#19471)
chore(avm): callstackmetadatacollector clarifications (#19490)
chore: sanity assert in execution for bytecode id (#19486)
fix!: sstore allowed injection of malicious write rows (#19470)
fix!: defensive ghost row constraints in bc_hashing pil (#19481)
fix(avm): fix execution::mov for mac? (#19507)
chore(avm)!: resolve execution TODOs (#19501)
fix!: multiple traces had ghost row injection vulnerabilities (#19480)
fix(avm): defensively copy MemoryValues (#19512)
feat: align TS and BB log levels (#19518)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sirasistant sirasistant sirasistant approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@IlyasRidhuan @AztecBot @sirasistant