[storage/mmr/verification.rs] remove Error being returned from proof verification functions #1164
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
a830850 to
ca8eef1
Compare
ca8eef1 to
2a6bff3
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR removes the now-unnecessary possibility of returning errors from proof verification functions by converting them to simple boolean results and refactoring related error types. Key changes include:
- Changing function signatures in proof verification from Result<bool, Error> to bool.
- Introducing a new ReconstructionError type and updating its usage across MMR proof reconstruction.
- Updating panic messages and format strings to use Rust’s new inline formatting syntax.
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| storage/src/mmr/verification.rs | Updates verification functions to return bool and use ReconstructionError |
| storage/src/mmr/mod.rs | Removes unused Error variants related to proof verification |
| storage/src/mmr/mem.rs, hasher.rs | Standardizes panic message formatting |
| storage/src/mmr/bitmap.rs | Adjusts verify_bit_inclusion and related tests to new bool return type |
| storage/src/adb/current.rs, any.rs | Refactors proof verification usage reflecting new return types |
| storage/src/mmr/benches/*.rs | Updates bench tests to work with simplified verification function outputs |
Comments suppressed due to low confidence (3)
storage/src/mmr/verification.rs:89
- Consider updating the documentation for verify_element_inclusion to explicitly note that error conditions are now handled internally and that the function returns false instead of a Result.
) -> bool
storage/src/mmr/verification.rs:142
- Please update the doc comment for reconstruct_root to clearly state that it now returns a ReconstructionError on invalid input rather than a generic Error.
) -> Result<D, ReconstructionError>
storage/src/adb/current.rs:477
- It would help to update the function's documentation here to clarify that verification now yields a boolean outcome instead of propagating detailed errors.
) -> bool {
|
I agree that it doesn't make sense to have both a boolean (in the Would it make more sense to change the signature to |
My expectation is the caller doesn't typically care about the reason -- an adversary sending you bogus data is sort of expected behavior and there's generally no need to treat the types of bogus data differently. If you do want the reason, you can always use the lower level reconstruction API. (I thought it would be useful exposing at that level for debugging code issues.) So I prefer the simple bool. |
storage/src/adb/current.rs
Outdated
| Err(ReconstructionError::MissingDigests) => { | ||
| debug!("Not enough digests in proof to reconstruct root"); | ||
| return Ok(false); | ||
| return false; | ||
| } | ||
| Err(ExtraDigests) => { | ||
| Err(ReconstructionError::ExtraDigests) => { | ||
| debug!("Not all digests in proof were used to reconstruct root"); | ||
| return Ok(false); | ||
| return false; |
There was a problem hiding this comment.
nit: we could do Err(e) and just print the error text instead of enumerating the cases
storage/src/adb/current.rs
Outdated
| Err(ReconstructionError::MissingDigests) => { | ||
| debug!("Not enough digests in proof to reconstruct root"); | ||
| return Ok(false); | ||
| return false; | ||
| } | ||
| Err(ExtraDigests) => { | ||
| Err(ReconstructionError::ExtraDigests) => { | ||
| debug!("Not all digests in proof were used to reconstruct root"); | ||
| return Ok(false); | ||
| return false; |
There was a problem hiding this comment.
Same comment as above about Err(e) vs enumerating all error cases
storage/src/mmr/bitmap.rs
Outdated
| Err(ReconstructionError::MissingDigests) => { | ||
| debug!("Not enough digests in proof to reconstruct root"); | ||
| return Ok(false); | ||
| return false; | ||
| } | ||
| Err(ExtraDigests) => { | ||
| Err(ReconstructionError::ExtraDigests) => { | ||
| debug!("Not all digests in proof were used to reconstruct root"); | ||
| return Ok(false); | ||
| return false; |
There was a problem hiding this comment.
Same comment as above about Err(e) vs enumerating all error cases
storage/src/mmr/verification.rs
Outdated
| Ok(reconstructed_root) => Ok(*root_digest == reconstructed_root), | ||
| Err(MissingDigests) => { | ||
| Ok(reconstructed_root) => *root_digest == reconstructed_root, | ||
| Err(ReconstructionError::MissingDigests) => { |
There was a problem hiding this comment.
Same comment as above about Err(e) vs enumerating all error cases
storage/src/mmr/verification.rs
Outdated
|
|
||
| /// Errors that can occur when reconstructing a digest from a proof due to invalid input. | ||
| #[derive(Error, Debug)] | ||
| pub enum ReconstructionError { |
There was a problem hiding this comment.
It doesn't seem like this will ever be exposed outside the crate. If that's the case:
| pub enum ReconstructionError { | |
| pub(crate) enum ReconstructionError { |
There was a problem hiding this comment.
it's used by Bitmap which uses the lower level API to implement its special verification rules.
There was a problem hiding this comment.
oh I guess crate is storage:: .. yeah makes sense. changed.
storage/src/mmr/verification.rs
Outdated
|
|
||
| /// Reconstructs the root digest of the MMR from the digests in the proof and the provided range | ||
| /// of elements. | ||
| /// of elements, or returns a `ReconstructionError` if the input data is invalid. |
There was a problem hiding this comment.
Nit:
| /// of elements, or returns a `ReconstructionError` if the input data is invalid. | |
| /// of elements, or returns a [ReconstructionError] if the input data is invalid. |
I realize there are many instances of using using \TypeName`instead of[TypeName]` across the codebase, but I think it makes sense to move in the direction of using links to type definitions.
There was a problem hiding this comment.
yup, changed (and fixed a few others as well).
Perhaps @patrick-ogrady has an opinion on this. I don't see this as much of a rusty/non-rusty thing but a "don't burden the user with an unnecessarily complex API" issue, but don't feel super strongly. |
ac730ba to
7ce93b4
Compare
7ce93b4 to
9c29aa0
Compare
Codecov ReportAttention: Patch coverage is
@@ Coverage Diff @@
## main #1164 +/- ##
==========================================
- Coverage 91.02% 91.02% -0.01%
==========================================
Files 215 215
Lines 57457 57409 -48
==========================================
- Hits 52300 52256 -44
+ Misses 5157 5153 -4
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
Went ahead and merged this so we can unblock Dan's PR. If Patrick likes the return value to be an Error maybe we can put that change in yours @danlaine ? |
Having these functions potentially return Error is a holdover from when we had them "async" due to how grafting was previously implemented. This is no longer necessary, errors would have never been returned, since the only possible errors (MissingDigest/ExtraDigests) get captured and converted to verification failures (false).