0xMiden
diff --git a/‎.github/workflows/fuzz.yml‎
Lines changed: 9 additions & 0 deletions b/‎.github/workflows/fuzz.yml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 11 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 10 additions & 0 deletions b/‎Makefile‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎core/src/mast/merger/tests.rs‎
Lines changed: 33 additions & 1 deletion b/‎core/src/mast/merger/tests.rs‎
Lines changed: 33 additions & 1 deletion
diff --git a/‎core/src/mast/node/basic_block_node/mod.rs‎
Lines changed: 0 additions & 25 deletions b/‎core/src/mast/node/basic_block_node/mod.rs‎
Lines changed: 0 additions & 25 deletions
diff --git a/‎core/src/mast/node/call_node.rs‎
Lines changed: 3 additions & 2 deletions b/‎core/src/mast/node/call_node.rs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎core/src/mast/node/dyn_node.rs‎
Lines changed: 3 additions & 2 deletions b/‎core/src/mast/node/dyn_node.rs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎core/src/mast/node/join_node.rs‎
Lines changed: 3 additions & 2 deletions b/‎core/src/mast/node/join_node.rs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎core/src/mast/node/loop_node.rs‎
Lines changed: 4 additions & 5 deletions b/‎core/src/mast/node/loop_node.rs‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎core/src/mast/node/split_node.rs‎
Lines changed: 3 additions & 2 deletions b/‎core/src/mast/node/split_node.rs‎
Lines changed: 3 additions & 2 deletions
@@ -30,6 +30,15 @@ jobs:
           - mast_node_info
           - basic_block_data
           - debug_info
+          - program_deserialize
+          - kernel_deserialize
+          - stack_io_deserialize
+          - advice_inputs_deserialize
+          - operation_deserialize
+          - execution_proof_deserialize
+          - precompile_request_deserialize
+          - library_deserialize
+          - package_deserialize
     timeout-minutes: 15
     steps:
       - uses: actions/checkout@v4
 
@@ -13,13 +13,24 @@
 - Added optional tagging instrumentation for AIR constraints (test-only; enables stable ID tracking and OOD parity checks) ([#2713](https://github.com/0xMiden/miden-vm/pull/2713)).
 - Fix a possible panic in decorator serialization ([#2742](https://github.com/0xMiden/miden-vm/pull/2742)).
 - Added `math::u128` comparison (`lt`, `lte`, `gt`, `gte`), bitwise (`and`, `or`, `xor`, `not`), and shift (`shl`, `shr`, `rotl`, `rotr`) operations ([#2624](https://github.com/0xMiden/miden-vm/pull/2624)).
+- Added recursion guards for assembly inputs and tests ([#2792](https://github.com/0xMiden/miden-vm/pull/2792)).
 - [BREAKING] `Operation` enum now only encodes basic block operations ([#2771](https://github.com/0xMiden/miden-vm/pull/2771)).
 - Added `math::u128` division operations ([#2776](https://github.com/0xMiden/miden-vm/pull/2776)).
 - Introduced `build_trace_with_max_len()` which stops building the trace after a given max, and `build_trace()` no longer allocates more than 2^29 rows ([#2809](https://github.com/0xMiden/miden-vm/pull/2809)).
 
 #### Fixes
 
 - Fixed `Constant::PartialEq` to include `visibility` field in equality comparison, making it consistent with other exportable items (`Procedure`, `TypeAlias`, `EnumType`).
+- Cryptostream operation now correctly sends chiplets bus memory requests ([#2686](https://github.com/0xMiden/miden-vm/pull/2686)).
+- Hardened untrusted deserialization by enforcing budgets and depth limits, plus expanded fuzzing coverage ([#2777](https://github.com/0xMiden/miden-vm/pull/2777)).
+- Hardened AEAD decrypt size calculations ([#2789](https://github.com/0xMiden/miden-vm/pull/2789)).
+- `SystemEvent::HpermToMap` handler now computes the correct permutation ([#2801](https://github.com/0xMiden/miden-vm/pull/2801)).
+- Fixes an possible u64 overflow issue in `op_eval_circuit()` [#2799](https://github.com/0xMiden/miden-vm/pull/2799)
+- Preserved dynexec/dyncall distinction (and digests) when remapping or merging MAST forests ([#2784](https://github.com/0xMiden/miden-vm/pull/2784)).
+- Hardened MASM parsing and constants handling (lexer invalid-token spans, repeat count bounds, constant range checks, field division folding, and `push.WORD[...]` index validation) ([#2803](https://github.com/0xMiden/miden-vm/pull/2803)).
+- Introduced `FastProcessor` safe stack method accesses for event handlers ([#2797](https://github.com/0xMiden/miden-vm/pull/2797)).
+- Hardened syscall target validation to avoid panic paths and reject invalid digests at assembly time ([#2804](https://github.com/0xMiden/miden-vm/pull/2804)).
+- Add bounds to attacker-controlled allocation sizes in advice map and keccak256/sha512 precompiles ([#2805](https://github.com/0xMiden/miden-vm/pull/2805)).
 - `build_trace()` no longer panics when no core trace contexts are provided ([#2809](https://github.com/0xMiden/miden-vm/pull/2809)).
 
 ## 0.21.2 (2026-03-04)
 
@@ -258,6 +258,15 @@ fuzz-mast-validate: ## Run fuzzing for UntrustedMastForest validation
 fuzz-all: ## Run all fuzz targets (in sequence)
 	-@cargo +nightly fuzz run mast_forest_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 	-@cargo +nightly fuzz run mast_forest_validate --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run program_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run kernel_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run stack_io_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run advice_inputs_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run operation_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run execution_proof_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run precompile_request_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run library_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
+	-@cargo +nightly fuzz run package_deserialize --release --fuzz-dir miden-core-fuzz -- -max_total_time=300
 
 .PHONY: fuzz-list
 fuzz-list: ## List available fuzz targets
@@ -271,3 +280,4 @@ fuzz-coverage: ## Generate coverage report for fuzz targets
 .PHONY: fuzz-seeds
 fuzz-seeds: ## Generate seed corpus files for fuzzing
 	cargo test -p miden-core generate_fuzz_seeds -- --ignored --nocapture
+	cargo test -p miden-mast-package generate_fuzz_seeds -- --ignored --nocapture
@@ -2,7 +2,8 @@ use super::*;
 use crate::{
     Felt, ONE, Word,
     mast::{
-        BasicBlockNodeBuilder, CallNodeBuilder, DecoratorId, ExternalNodeBuilder, LoopNodeBuilder,
+        BasicBlockNodeBuilder, CallNodeBuilder, DecoratorId, DynNodeBuilder, ExternalNodeBuilder,
+        LoopNodeBuilder,
         node::{MastForestContributor, MastNodeExt},
     },
     operations::{DebugOptions, Decorator, Operation},
@@ -104,6 +105,37 @@ fn assert_child_id_lt_parent_id(forest: &MastForest) -> Result<(), &str> {
     Ok(())
 }
 
+#[test]
+fn mast_forest_merge_preserves_dyn_callness_and_digest() {
+    let mut forest = MastForest::new();
+
+    let dynexec_id = DynNodeBuilder::new_dyn().add_to_forest(&mut forest).unwrap();
+    let dyncall_id = DynNodeBuilder::new_dyncall().add_to_forest(&mut forest).unwrap();
+    forest.make_root(dynexec_id);
+    forest.make_root(dyncall_id);
+
+    let dynexec_digest = forest[dynexec_id].digest();
+    let dyncall_digest = forest[dyncall_id].digest();
+
+    let (merged, root_maps) = MastForest::merge([&forest]).unwrap();
+
+    let merged_dynexec_id = root_maps.map_root(0, &dynexec_id).unwrap();
+    let merged_dyncall_id = root_maps.map_root(0, &dyncall_id).unwrap();
+
+    assert_ne!(
+        merged_dynexec_id, merged_dyncall_id,
+        "dynexec and dyncall nodes should not be deduplicated"
+    );
+
+    let merged_dynexec = merged[merged_dynexec_id].unwrap_dyn();
+    let merged_dyncall = merged[merged_dyncall_id].unwrap_dyn();
+
+    assert!(!merged_dynexec.is_dyncall(), "dynexec node should remain dynexec after merge");
+    assert!(merged_dyncall.is_dyncall(), "dyncall node should remain dyncall after merge");
+    assert_eq!(merged_dynexec.digest(), dynexec_digest, "dynexec digest should be preserved");
+    assert_eq!(merged_dyncall.digest(), dyncall_digest, "dyncall digest should be preserved");
+}
+
 /// Tests that Call(bar) still correctly calls the remapped bar block.
 ///
 /// [Block(foo), Call(foo)]
 
@@ -545,20 +545,6 @@ impl BasicBlockNode {
             let indptr = batch.indptr();
             let ops = batch.ops();
 
-            // indptr should be monotonic non-decreasing in valid prefix
-            for i in 0..batch.num_groups() {
-                if indptr[i] > indptr[i + 1] {
-                    return Err(format!(
-                        "Batch {}: indptr[{}] {} > indptr[{}] {} - array is not monotonic",
-                        batch_idx,
-                        i,
-                        indptr[i],
-                        i + 1,
-                        indptr[i + 1]
-                    ));
-                }
-            }
-
             // Full array must be monotonic for serialization (delta encoding)
             for i in 0..indptr.len() - 1 {
                 if indptr[i] > indptr[i + 1] {
@@ -573,10 +559,7 @@ impl BasicBlockNode {
                 }
             }
 
-            // All indptr values should be within ops bounds
             let ops_len = ops.len();
-
-            // Final indptr value must equal ops.len()
             if indptr[indptr.len() - 1] != ops_len {
                 return Err(format!(
                     "Batch {}: final indptr value {} doesn't match ops.len() {}",
@@ -585,14 +568,6 @@ impl BasicBlockNode {
                     ops_len
                 ));
             }
-            for (i, &indptr_val) in indptr.iter().enumerate().take(batch.num_groups() + 1) {
-                if indptr_val > ops_len {
-                    return Err(format!(
-                        "Batch {}: indptr[{}] {} exceeds ops length {}",
-                        batch_idx, i, indptr_val, ops_len
-                    ));
-                }
-            }
 
             // Check that each group has at most GROUP_SIZE operations
             for group_idx in 0..batch.num_groups() {
 
@@ -9,12 +9,13 @@ use miden_formatting::{
 use serde::{Deserialize, Serialize};
 
 use super::{MastForestContributor, MastNodeExt};
+#[cfg(debug_assertions)]
+use crate::mast::MastNode;
 use crate::{
     Felt, Word,
     chiplets::hasher,
     mast::{
-        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNode, MastNodeFingerprint,
-        MastNodeId,
+        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNodeFingerprint, MastNodeId,
     },
     operations::opcodes,
     utils::{Idx, LookupByIdx},
 
@@ -5,11 +5,12 @@ use core::fmt;
 use serde::{Deserialize, Serialize};
 
 use super::{MastForestContributor, MastNodeExt};
+#[cfg(debug_assertions)]
+use crate::mast::MastNode;
 use crate::{
     Felt, Word,
     mast::{
-        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNode, MastNodeFingerprint,
-        MastNodeId,
+        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNodeFingerprint, MastNodeId,
     },
     operations::opcodes,
     prettier::{Document, PrettyPrint, const_text, nl},
 
@@ -5,12 +5,13 @@ use core::fmt;
 use serde::{Deserialize, Serialize};
 
 use super::{MastForestContributor, MastNodeExt};
+#[cfg(debug_assertions)]
+use crate::mast::MastNode;
 use crate::{
     Felt, Word,
     chiplets::hasher,
     mast::{
-        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNode, MastNodeFingerprint,
-        MastNodeId,
+        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNodeFingerprint, MastNodeId,
     },
     operations::opcodes,
     prettier::PrettyPrint,
 
@@ -5,12 +5,13 @@ use core::fmt;
 use serde::{Deserialize, Serialize};
 
 use super::{MastForestContributor, MastNodeExt};
+#[cfg(debug_assertions)]
+use crate::mast::MastNode;
 use crate::{
     Felt, Word,
     chiplets::hasher,
     mast::{
-        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNode, MastNodeFingerprint,
-        MastNodeId,
+        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNodeFingerprint, MastNodeId,
     },
     operations::opcodes,
     prettier::PrettyPrint,
@@ -315,9 +316,7 @@ impl MastForestContributor for LoopNodeBuilder {
         let future_node_id = MastNodeId::new_unchecked(forest.nodes.len() as u32);
 
         // Store node-level decorators in the centralized NodeToDecoratorIds for efficient access
-        forest
-            .debug_info
-            .register_node_decorators(future_node_id, &before_enter, &after_exit);
+        forest.register_node_decorators(future_node_id, &before_enter, &after_exit);
 
         // Create the node in the forest with Linked variant from the start
         // Move the data directly without intermediate cloning
 
@@ -5,12 +5,13 @@ use core::fmt;
 use serde::{Deserialize, Serialize};
 
 use super::{MastForestContributor, MastNodeExt};
+#[cfg(debug_assertions)]
+use crate::mast::MastNode;
 use crate::{
     Felt, Word,
     chiplets::hasher,
     mast::{
-        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNode, MastNodeFingerprint,
-        MastNodeId,
+        DecoratorId, DecoratorStore, MastForest, MastForestError, MastNodeFingerprint, MastNodeId,
     },
     operations::opcodes,
     prettier::PrettyPrint,