Skip to main content

UntrustedMastForest

miden_processor::mast

Struct UntrustedMastForest 

Source 
pub struct UntrustedMastForest { /* private fields */ }
Expand description

A MastForest deserialized from untrusted input that has not yet been validated.

This type wraps a serialized-backed, decoded MAST representation that has not had its node hashes verified. Before using the forest, callers must call validate() to materialize and verify structural integrity and node hashes.

§Usage

// Deserialize from untrusted bytes
let untrusted = UntrustedMastForest::read_from_bytes(&bytes)?;

// Validate structure and hashes
let forest = untrusted.validate()?;

// Now safe to use
let root = forest.procedure_roots()[0];

§Security

This type exists to provide type-level safety for untrusted deserialization. The validation performed by validate() includes:

  1. Structural validation: Checks that basic block batch invariants are satisfied and procedure names reference valid roots.
  2. Topological ordering: Verifies that all node references point to nodes that appear earlier in the forest (no forward references).
  3. Hash recomputation: Recomputes the digest for every node and verifies it matches the stored digest.

Implementations§

Source§

impl UntrustedMastForest

Source

pub fn validate(self) -> Result<MastForest, MastForestError>

Validates the forest by checking structural invariants and recomputing all node hashes.

This method performs a complete validation of the deserialized forest:

  1. If wire node hashes are present, recomputes all non-external node hashes and requires them to match the serialized digests.
  2. If the payload is hashless, uses the digests rebuilt during materialization.
  3. Validates structural invariants, topological ordering, and procedure-name roots.
§Returns
  • Ok(MastForest) if validation succeeds
  • Err(MastForestError) with details about the first validation failure
§Errors

Returns an error if:

Security convention:

  • Hashless payloads rebuild non-external digests from structure during materialization.
  • If wire node hashes are present, validation recomputes them and requires them to match.
  • External node digests are marshaled as opaque values and are not semantically resolved here.
Source

pub fn read_from_bytes( bytes: &[u8], ) -> Result<UntrustedMastForest, DeserializationError>

Deserializes an UntrustedMastForest from bytes.

This method uses a BudgetedReader plus a bounded validation-allocation budget derived from the input size to protect against denial-of-service attacks from malicious input. The default validation budget includes room for the retained serialized copy used by the deferred-validation path, in addition to stripped/hashless helper allocations. Concretely, the default is bytes.len() for parsing and bytes.len() * 7 for validation allocations. That * 7 factor is a coarse convenience bound, not an exact peak-memory formula.

For explicit parsing and validation limits, use read_from_bytes_with_budgets.

§Example
// Read from untrusted source
let untrusted = UntrustedMastForest::read_from_bytes(&bytes)?;

// Validate before use
let forest = untrusted.validate()?;
Source

pub fn read_from_bytes_with_flags( bytes: &[u8], ) -> Result<(UntrustedMastForest, u8), DeserializationError>

Deserializes an UntrustedMastForest from bytes and returns the raw wire flags.

This enables callers to inspect serializer intent flags (e.g., HASHLESS) without affecting the untrusted deserialization path.

Source

pub fn read_from_bytes_with_budget( bytes: &[u8], budget: usize, ) -> Result<UntrustedMastForest, DeserializationError>

Deserializes an UntrustedMastForest from bytes with a byte budget.

This method uses a BudgetedReader to limit memory consumption during deserialization, protecting against denial-of-service attacks from malicious input that claims to contain an excessive number of elements.

§Arguments
  • bytes - The serialized forest bytes
  • budget - Maximum bytes to consume while parsing the wire payload and pre-sizing wire-driven collections via BudgetedReader
§Example
// Read from untrusted source with an explicit parsing budget
let untrusted = UntrustedMastForest::read_from_bytes_with_budget(&bytes, bytes.len())?;

// Validate before use
let forest = untrusted.validate()?;
§Security

The budget limits:

  • Pre-allocation sizes when deserializing collections (via max_alloc)
  • Total bytes consumed during deserialization

This prevents attacks where malicious input claims an unrealistic number of elements (e.g., len = 2^60), causing excessive memory allocation before any data is read.

To also cap stripped/hashless validation helper allocations, use read_from_bytes_with_budgets.

Source

pub fn read_from_bytes_with_budget_and_flags( bytes: &[u8], budget: usize, ) -> Result<(UntrustedMastForest, u8), DeserializationError>

Deserializes an UntrustedMastForest from bytes with a byte budget and returns flags.

Source

pub fn read_from_bytes_with_budgets( bytes: &[u8], parsing_budget: usize, validation_budget: usize, ) -> Result<UntrustedMastForest, DeserializationError>

Deserializes an UntrustedMastForest from bytes with separate parsing and validation budgets.

parsing_budget limits wire-driven parsing and collection pre-sizing. validation_budget additionally caps tracked stripped/hashless helper allocations such as digest slot tables, empty debug-info scaffolding, and rebuilt digest tables.

Source

pub fn read_from_bytes_with_budgets_and_flags( bytes: &[u8], parsing_budget: usize, validation_budget: usize, ) -> Result<(UntrustedMastForest, u8), DeserializationError>

Deserializes an UntrustedMastForest from bytes with separate parsing and validation budgets and returns flags.

Trait Implementations§

Source§

impl Clone for UntrustedMastForest

Source§

fn clone(&self) -> UntrustedMastForest

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for UntrustedMastForest

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Deserializable for UntrustedMastForest

Source§

fn read_from<R>( source: &mut R, ) -> Result<UntrustedMastForest, DeserializationError>
where R: ByteReader,

Deserializes an super::UntrustedMastForest from a byte reader.

Note: This method does not apply budgeting. For untrusted input, prefer using read_from_bytes which applies budgeted deserialization.

After deserialization, callers should use super::UntrustedMastForest::validate() to verify structural integrity and recompute all node hashes before using the forest.

Source§

fn read_from_bytes( bytes: &[u8], ) -> Result<UntrustedMastForest, DeserializationError>

Deserializes an super::UntrustedMastForest from bytes using budgeted deserialization.

This method uses the default untrusted wire/validation budget from super::UntrustedMastForest::read_from_bytes.

After deserialization, callers should use super::UntrustedMastForest::validate() to verify structural integrity and recompute all node hashes before using the forest.

Source§

fn min_serialized_size() -> usize

Returns the minimum serialized size for one instance of this type. Read more
Source§

fn read_from_bytes_with_budget( bytes: &[u8], budget: usize, ) -> Result<Self, DeserializationError>

Deserializes Self from bytes with a byte budget limit. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<D> OwoColorize for D

Source§

fn fg<C>(&self) -> FgColorDisplay<'_, C, Self>
where C: Color,

Set the foreground color generically Read more
Source§

fn bg<C>(&self) -> BgColorDisplay<'_, C, Self>
where C: Color,

Set the background color generically. Read more
Source§

fn black(&self) -> FgColorDisplay<'_, Black, Self>

Change the foreground color to black
Source§

fn on_black(&self) -> BgColorDisplay<'_, Black, Self>

Change the background color to black
Source§

fn red(&self) -> FgColorDisplay<'_, Red, Self>

Change the foreground color to red
Source§

fn on_red(&self) -> BgColorDisplay<'_, Red, Self>

Change the background color to red
Source§

fn green(&self) -> FgColorDisplay<'_, Green, Self>

Change the foreground color to green
Source§

fn on_green(&self) -> BgColorDisplay<'_, Green, Self>

Change the background color to green
Source§

fn yellow(&self) -> FgColorDisplay<'_, Yellow, Self>

Change the foreground color to yellow
Source§

fn on_yellow(&self) -> BgColorDisplay<'_, Yellow, Self>

Change the background color to yellow
Source§

fn blue(&self) -> FgColorDisplay<'_, Blue, Self>

Change the foreground color to blue
Source§

fn on_blue(&self) -> BgColorDisplay<'_, Blue, Self>

Change the background color to blue
Source§

fn magenta(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to magenta
Source§

fn on_magenta(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to magenta
Source§

fn purple(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to purple
Source§

fn on_purple(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to purple
Source§

fn cyan(&self) -> FgColorDisplay<'_, Cyan, Self>

Change the foreground color to cyan
Source§

fn on_cyan(&self) -> BgColorDisplay<'_, Cyan, Self>

Change the background color to cyan
Source§

fn white(&self) -> FgColorDisplay<'_, White, Self>

Change the foreground color to white
Source§

fn on_white(&self) -> BgColorDisplay<'_, White, Self>

Change the background color to white
Source§

fn default_color(&self) -> FgColorDisplay<'_, Default, Self>

Change the foreground color to the terminal default
Source§

fn on_default_color(&self) -> BgColorDisplay<'_, Default, Self>

Change the background color to the terminal default
Source§

fn bright_black(&self) -> FgColorDisplay<'_, BrightBlack, Self>

Change the foreground color to bright black
Source§

fn on_bright_black(&self) -> BgColorDisplay<'_, BrightBlack, Self>

Change the background color to bright black
Source§

fn bright_red(&self) -> FgColorDisplay<'_, BrightRed, Self>

Change the foreground color to bright red
Source§

fn on_bright_red(&self) -> BgColorDisplay<'_, BrightRed, Self>

Change the background color to bright red
Source§

fn bright_green(&self) -> FgColorDisplay<'_, BrightGreen, Self>

Change the foreground color to bright green
Source§

fn on_bright_green(&self) -> BgColorDisplay<'_, BrightGreen, Self>

Change the background color to bright green
Source§

fn bright_yellow(&self) -> FgColorDisplay<'_, BrightYellow, Self>

Change the foreground color to bright yellow
Source§

fn on_bright_yellow(&self) -> BgColorDisplay<'_, BrightYellow, Self>

Change the background color to bright yellow
Source§

fn bright_blue(&self) -> FgColorDisplay<'_, BrightBlue, Self>

Change the foreground color to bright blue
Source§

fn on_bright_blue(&self) -> BgColorDisplay<'_, BrightBlue, Self>

Change the background color to bright blue
Source§

fn bright_magenta(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright magenta
Source§

fn on_bright_magenta(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright magenta
Source§

fn bright_purple(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright purple
Source§

fn on_bright_purple(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright purple
Source§

fn bright_cyan(&self) -> FgColorDisplay<'_, BrightCyan, Self>

Change the foreground color to bright cyan
Source§

fn on_bright_cyan(&self) -> BgColorDisplay<'_, BrightCyan, Self>

Change the background color to bright cyan
Source§

fn bright_white(&self) -> FgColorDisplay<'_, BrightWhite, Self>

Change the foreground color to bright white
Source§

fn on_bright_white(&self) -> BgColorDisplay<'_, BrightWhite, Self>

Change the background color to bright white
Source§

fn bold(&self) -> BoldDisplay<'_, Self>

Make the text bold
Source§

fn dimmed(&self) -> DimDisplay<'_, Self>

Make the text dim
Source§

fn italic(&self) -> ItalicDisplay<'_, Self>

Make the text italicized
Source§

fn underline(&self) -> UnderlineDisplay<'_, Self>

Make the text underlined
Make the text blink
Make the text blink (but fast!)
Source§

fn reversed(&self) -> ReversedDisplay<'_, Self>

Swap the foreground and background colors
Source§

fn hidden(&self) -> HiddenDisplay<'_, Self>

Hide the text
Source§

fn strikethrough(&self) -> StrikeThroughDisplay<'_, Self>

Cross out the text
Source§

fn color<Color>(&self, color: Color) -> FgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the foreground color at runtime. Only use if you do not know which color will be used at compile-time. If the color is constant, use either OwoColorize::fg or a color-specific method, such as OwoColorize::green, Read more
Source§

fn on_color<Color>(&self, color: Color) -> BgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the background color at runtime. Only use if you do not know what color to use at compile-time. If the color is constant, use either OwoColorize::bg or a color-specific method, such as OwoColorize::on_yellow, Read more
Source§

fn fg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> FgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the foreground color to a specific RGB value.
Source§

fn bg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> BgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the background color to a specific RGB value.
Source§

fn truecolor(&self, r: u8, g: u8, b: u8) -> FgDynColorDisplay<'_, Rgb, Self>

Sets the foreground color to an RGB value.
Source§

fn on_truecolor(&self, r: u8, g: u8, b: u8) -> BgDynColorDisplay<'_, Rgb, Self>

Sets the background color to an RGB value.
Source§

fn style(&self, style: Style) -> Styled<&Self>

Apply a runtime-determined style
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more