refactor(stark): make Table.data private, route writes through set_main#698
Merged
Conversation
…set_main Table.data was a pub field, letting callers bypass the get/set accessors and poke the row-major buffer directly. That bypass is also a latent bug: under the disk-spill feature Table can be mmap-backed, and get/set handle that case while raw .data indexing does not -- keccak_rc's `main_table.data[..] = mu` would be wrong on a spilled table. Narrow Table.data to pub(crate) and route the one production write (keccak_rc multiplicity) through set_main, plus the handful of test reads through get_main. bitwise/decode already used the get/set API. Behavior-preserving: prover lib tests 416 pass (the 5 ecsm failures are pre-existing/environmental, identical on main), stark 128 pass; fmt + clippy clean. Supersedes #693 (2/2).
ColoCarletti
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Table.datawas apubfield. That let callers bypass theget/set/get_rowaccessors and index the row-major buffer directly — which is why several different trace-write styles had crept in.This narrows
Table.datatopub(crate)and routes the stragglers through the API:keccak_rc::update_multiplicities—trace.main_table.data[base + cols::MU] = mu→trace.set_main(round, cols::MU, mu)branch_bus_tests,keccak_rnd_tests,trace_builder_tests) →get_main(row, col)bitwiseanddecodealready usedset_main/get/get_row— unchanged.Why it's more than cleanup
The direct
.datawrite was a latent bug: under thedisk-spillfeature,Tablecan be backed by an mmap, andget/sethandle that case while raw.dataindexing does not.keccak_rc's poke would touch the wrong memory on a spilled table. Privatizing the field makes the bypass impossible to reintroduce.Correctness
Behavior-preserving.
cargo test -p lambda-vm-prover --lib: 416 passed (the 5*ecsm*failures are pre-existing/environmental, identical onmain).cargo test -p stark --lib: 128 passed.cargo fmt+cargo clippyclean. The byte-pinned keccak_rc/bitwise static-commitment tests pass, confirming theset_mainpath produces identical traces.Relationship to #693
Supersedes #693 — part 2 of 2 (part 1 is the
dword_wl/dword_hllimb-decomposition PR). Independent of part 1; can land in either order.