Incorrect ACIR: `pop_front` fails when should not execute

[aakoshh]

Aim

The fuzzer found a case where ACIR fails with "Index out of bounds" while Brillig fails with "division by zero". The two turned out to be unrelated errors. Here's a minimised program:

global G_A: [u32] = &[];
fn main(b: bool) -> pub u32 {
    if b {
        G_A.pop_front().0
    } else {
        1
    }
}

Prover.toml:

b = false

Expected Behavior

It should return 1.

Bug

❯ cargo run -q -p nargo_cli -- execute --force --silence-warnings 
error: Index out of bounds, array has size 0, but index was 0
  ┌─ src/main.nr:4:9
  │
4 │         G_A.pop_front().0
  │         -------------
  │
  = Call stack:
    1. src/main.nr:4:9

Failed to solve program: 'Index out of bounds, array has size 0, but index was 0'

In brillig it works:

❯ cargo run -q -p nargo_cli -- execute --force --silence-warnings --force-brillig
[fuzz_testing] Circuit witness successfully solved
[fuzz_testing] Witness saved to target/fuzz_testing.gz
[fuzz_testing] Circuit output: 1

To Reproduce

NOIR_AST_FUZZER_SEED=0xc52a931f00100000 cargo test -q -p noir_ast_fuzzer_fuzz acir_vs_brillig

Workaround

None

Workaround Description

No response

Additional Context

No response

Project Impact

None

Blocker Context

No response

Nargo Version

nargo version = 1.0.0-beta.10 noirc version = 1.0.0-beta.10+501988e746da0240d7af5d8026e5dd17a68e166b (git version hash: b7273d7, is dirty: true)

NoirJS Version

No response

Proving Backend Tooling & Version

No response

Would you like to submit a PR for this Issue?

Yes

Support Needs

No response

[aakoshh]

It looks like call slice_pop_front does not interact with the side effect system:

After Simplify conditionals for unconstrained (1) (step 25):
g0 = u32 0
g1 = make_array [] : [u32]

acir(inline) predicate_pure fn main f0 {
  b0(v2: u1):
    enable_side_effects v2
    v3 = make_array [] : [u32]
    v5, v6, v7 = call slice_pop_front(u32 0, v3) -> (u32, u32, [u32])	// src/main.nr:4:9
    v8 = not v2
    enable_side_effects u1 1
    v10 = cast v2 as u32                          	// src/main.nr:4:9
    v11 = cast v8 as u32                          	// src/main.nr:4:9
    v12 = unchecked_mul v10, v5                   	// src/main.nr:4:9
    v13 = unchecked_add v12, v11                  	// src/main.nr:4:9
    return v13
}

After EnableSideEffectsIf removal (1) (step 26):
g0 = u32 0
g1 = make_array [] : [u32]

acir(inline) predicate_pure fn main f0 {
  b0(v2: u1):
    v3 = make_array [] : [u32]
    v5, v6, v7 = call slice_pop_front(u32 0, v3) -> (u32, u32, [u32])	// src/main.nr:4:9
    v8 = not v2
    enable_side_effects u1 1
    v10 = cast v2 as u32                          	// src/main.nr:4:9
    v11 = cast v8 as u32                          	// src/main.nr:4:9
    v12 = unchecked_mul v10, v5                   	// src/main.nr:4:9
    v13 = unchecked_add v12, v11                  	// src/main.nr:4:9
    return v13
}

After the second pass there is nothing to tell that it should not be executed.