From a649118f6a14f9d735c6615a2df94cea8955f248 Mon Sep 17 00:00:00 2001
From: Alex Koshelev <akoshelev@users.noreply.github.com>
Date: Thu, 9 Jan 2025 12:13:46 -0800
Subject: [PATCH 1/4] Upgrade to Rust 1.84 (#1519)

---
 ipa-core/Cargo.toml                                    | 2 +-
 ipa-core/src/cli/clientconf.rs                         | 2 +-
 ipa-core/src/protocol/basics/mul/dzkp_malicious.rs     | 4 ++--
 ipa-core/src/protocol/ipa_prf/oprf_padding/insecure.rs | 4 ++--
 ipa-core/src/report/ipa.rs                             | 4 ++--
 ipa-core/src/test_fixture/world.rs                     | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ipa-core/Cargo.toml b/ipa-core/Cargo.toml
index 7d2216df6..71e98d623 100644
--- a/ipa-core/Cargo.toml
+++ b/ipa-core/Cargo.toml
@@ -6,7 +6,7 @@ version = "0.1.0"
 #    rust:slim-bullseye docker image is available.
 # 2. Update the rust version used for draft in
 #    https://github.com/private-attribution/draft/blob/main/sidecar/ansible/provision.yaml.
-rust-version = "1.82.0"
+rust-version = "1.84.0"
 edition = "2021"
 build = "build.rs"
 
diff --git a/ipa-core/src/cli/clientconf.rs b/ipa-core/src/cli/clientconf.rs
index 0b376dad0..8d50a6337 100644
--- a/ipa-core/src/cli/clientconf.rs
+++ b/ipa-core/src/cli/clientconf.rs
@@ -189,7 +189,7 @@ fn find_file_with_extension(path: &PathBuf, extension: &str) -> Option<String> {
         if path.is_file()
             && path
                 .extension()
-                .map_or(false, |ext| ext.to_str().unwrap() == extension)
+                .is_some_and(|ext| ext.to_str().unwrap() == extension)
         {
             return Some(path.file_stem().unwrap().to_str().unwrap().to_string());
         }
diff --git a/ipa-core/src/protocol/basics/mul/dzkp_malicious.rs b/ipa-core/src/protocol/basics/mul/dzkp_malicious.rs
index acccd670a..87e987920 100644
--- a/ipa-core/src/protocol/basics/mul/dzkp_malicious.rs
+++ b/ipa-core/src/protocol/basics/mul/dzkp_malicious.rs
@@ -28,8 +28,8 @@ use crate::{
 /// back via the error response
 /// ## Panics
 /// Panics if the mutex is found to be poisoned
-pub async fn zkp_multiply<'a, B, F, const N: usize>(
-    ctx: DZKPUpgradedMaliciousContext<'a, B>,
+pub async fn zkp_multiply<B, F, const N: usize>(
+    ctx: DZKPUpgradedMaliciousContext<'_, B>,
     record_id: RecordId,
     a: &Replicated<F, N>,
     b: &Replicated<F, N>,
diff --git a/ipa-core/src/protocol/ipa_prf/oprf_padding/insecure.rs b/ipa-core/src/protocol/ipa_prf/oprf_padding/insecure.rs
index d37edfecb..cddb3e720 100644
--- a/ipa-core/src/protocol/ipa_prf/oprf_padding/insecure.rs
+++ b/ipa-core/src/protocol/ipa_prf/oprf_padding/insecure.rs
@@ -385,7 +385,7 @@ mod test {
         const CHI2_INV_LB: f64 = 10_686.0;
 
         let mut rng = StdRng::seed_from_u64(seed);
-        let mut sample = [0_f64; N];
+        let mut sample = vec![0_f64; N];
         let dp = Dp::new(f64::from(epsilon), delta, f64::from(cap)).unwrap();
         #[allow(clippy::cast_precision_loss)]
         let n = N as f64;
@@ -433,7 +433,7 @@ mod test {
         #[allow(clippy::cast_precision_loss)]
         for epsilon in 1..11_u8 {
             let mut rng = thread_rng();
-            let mut sample = [0; N];
+            let mut sample = vec![0; N];
             let dp = DiscreteDp::new(f64::from(epsilon), delta, f64::from(cap)).unwrap();
             let n = N as f64;
             dp.apply(&mut sample, &mut rng);
diff --git a/ipa-core/src/report/ipa.rs b/ipa-core/src/report/ipa.rs
index cfaf4349f..7dfcabbb1 100644
--- a/ipa-core/src/report/ipa.rs
+++ b/ipa-core/src/report/ipa.rs
@@ -516,8 +516,8 @@ where
     /// # Panics
     /// If report length does not fit in `u16`.
     pub fn encrypted_len(&self) -> u16 {
-        let len = EncryptedOprfReport::<BK, TV, TS, &[u8]>::SITE_DOMAIN_OFFSET
-            + self.site_domain.as_bytes().len();
+        let len =
+            EncryptedOprfReport::<BK, TV, TS, &[u8]>::SITE_DOMAIN_OFFSET + self.site_domain.len();
         len.try_into().unwrap()
     }
 
diff --git a/ipa-core/src/test_fixture/world.rs b/ipa-core/src/test_fixture/world.rs
index 601eede12..f05fb7578 100644
--- a/ipa-core/src/test_fixture/world.rs
+++ b/ipa-core/src/test_fixture/world.rs
@@ -878,7 +878,7 @@ impl<S: ShardingScheme> ShardWorld<S> {
     }
 
     /// See `Runner` above.
-    async fn run_either<'a, C, A, O, H, R>(
+    async fn run_either<C, A, O, H, R>(
         contexts: [C; 3],
         span: Span,
         input_shares: [A; 3],

From fc741b0de538e2c953bd52f81bb64fdccb802e5b Mon Sep 17 00:00:00 2001
From: Andy Leiserson <aleiserson@mozilla.com>
Date: Mon, 13 Jan 2025 10:36:13 -0800
Subject: [PATCH 2/4] Update workflows

* Use the audit-check github action for cargo update. (It seems the
  ubuntu 24.04 runner image no longer includes cargo audit.)
* Include rust version in cache key.
---
 .github/workflows/audit.yml | 18 +++++++++++++++---
 .github/workflows/check.yml | 12 ++++++++----
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 1a2dc1b76..2b7720c45 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -24,6 +24,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: cargo audit
-        run: |
-          cargo audit
+      - uses: dtolnay/rust-toolchain@stable
+        id: rust-toolchain
+
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+          key: ${{ runner.os }}-${{ steps.rust-toolchain.outputs.cachekey }}-audit
+
+      - uses: rustsec/audit-check@v1.4.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 99ef7d09f..ef8d0a9dc 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -35,6 +35,7 @@ jobs:
       - uses: ./.github/actions/rm
 
       - uses: dtolnay/rust-toolchain@stable
+        id: rust-toolchain
         with:
           components: clippy,rustfmt
 
@@ -46,7 +47,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
+          key: ${{ runner.os }}-${{ steps.rust-toolchain.outputs.cachekey }}-cargo-${{ hashFiles('**/Cargo.toml') }}
 
       - name: Check formatting
         run: cargo fmt --all -- --check --config "imports_granularity=Crate,group_imports=StdExternalCrate"
@@ -86,6 +87,7 @@ jobs:
       - uses: ./.github/actions/rm
 
       - uses: dtolnay/rust-toolchain@stable
+        id: rust-toolchain
         with:
           components: clippy,rustfmt
 
@@ -97,7 +99,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
+          key: ${{ runner.os }}-${{ steps.rust-toolchain.outputs.cachekey }}-cargo-${{ hashFiles('**/Cargo.toml') }}
 
       - name: Release Build
         run: cargo build --release
@@ -120,6 +122,7 @@ jobs:
       - uses: ./.github/actions/rm
 
       - uses: dtolnay/rust-toolchain@stable
+        id: rust-toolchain
         with:
           components: clippy,rustfmt
 
@@ -131,7 +134,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
+          key: ${{ runner.os }}-${{ steps.rust-toolchain.outputs.cachekey }}-cargo-${{ hashFiles('**/Cargo.toml') }}
 
       - name: Build benchmarks
         run: cargo build --benches --no-default-features --features "enable-benches compact-gate"
@@ -162,6 +165,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/rm
       - uses: dtolnay/rust-toolchain@stable
+        id: rust-toolchain
       - uses: actions/cache@v4
         with:
           path: |
@@ -170,7 +174,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
+          key: ${{ runner.os }}-${{ steps.rust-toolchain.outputs.cachekey }}-cargo-${{ hashFiles('**/Cargo.toml') }}
 
       - name: Slow Unit Tests
         run: cargo test -p ipa-core --lib -- mpc_proptest semi_honest_with_dp_slow gen_binomial_noise_16_breakdowns

From 8c715f4a28d42e49b3a574c49f8a7f79b456fecd Mon Sep 17 00:00:00 2001
From: Andy Leiserson <aleiserson@mozilla.com>
Date: Mon, 13 Jan 2025 11:19:26 -0800
Subject: [PATCH 3/4] Downgrade ubuntu version for sanitizers

---
 .github/workflows/check.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index ef8d0a9dc..f07cbf279 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -191,9 +191,10 @@ jobs:
       - name: Integration Tests - IPA with Relaxed DP
         run: cargo test --release --test "ipa_with_relaxed_dp" --no-default-features --features "cli web-app real-world-infra test-fixture compact-gate relaxed-dp"
 
-  # sanitizers currently require nightly https://github.com/rust-lang/rust/issues/39699
+  # sanitizers currently require nightly https://github.com/rust-lang/rust/issues/39699,
+  # and are broken on ubuntu 24.04 https://github.com/rust-lang/rust/issues/111073#issuecomment-2561607617
   sanitize:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:

From 0ebdc45587bb80870a0b5751dd80d424df8c32de Mon Sep 17 00:00:00 2001
From: Andy Leiserson <aleiserson@mozilla.com>
Date: Mon, 13 Jan 2025 13:30:41 -0800
Subject: [PATCH 4/4] Increase timeout for breakdown_reveal_mpc_proptest

---
 ipa-core/src/protocol/hybrid/breakdown_reveal.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipa-core/src/protocol/hybrid/breakdown_reveal.rs b/ipa-core/src/protocol/hybrid/breakdown_reveal.rs
index 59082af96..8c1215f63 100644
--- a/ipa-core/src/protocol/hybrid/breakdown_reveal.rs
+++ b/ipa-core/src/protocol/hybrid/breakdown_reveal.rs
@@ -626,7 +626,7 @@ mod proptests {
                 } = input_struct;
                 let config = TestWorldConfig {
                     seed,
-                    timeout: Some(Duration::from_secs(30)),
+                    timeout: Some(Duration::from_secs(60)),
                     ..Default::default()
                 };
                 let result = TestWorld::<WithShards<PROP_SHARDS>>::with_config(&config)