feat: update proof types to be generic over mutable or immutable collections (#1121)

In a future PR, there will be several cleanups that take advantage of
proof being able to switch back and forth from immutable and mutable
containers. Particularly in testing, but a few other cases as well. See
#1117 for a raw view.

The `EmptyProofCollection` is primarily for tests.

Author: demosdemon

firewood/src/db.rs

@@ -7,10 +7,8 @@
 )]
 
 use crate::merkle::Merkle;
-use crate::proof::{Proof, ProofNode};
-use crate::range_proof::RangeProof;
 use crate::stream::MerkleKeyValueStream;
-use crate::v2::api::{self, KeyType, ValueType};
+use crate::v2::api::{self, FrozenProof, FrozenRangeProof, KeyType, ValueType};
 pub use crate::v2::api::{Batch, BatchOp};
 
 use crate::manager::{RevisionManager, RevisionManagerConfig};
@@ -107,10 +105,7 @@ impl api::DbView for HistoricalRev {
         Ok(merkle.get_value(key.as_ref())?)
     }
 
-    async fn single_key_proof<K: api::KeyType>(
-        &self,
-        key: K,
-    ) -> Result<Proof<ProofNode>, api::Error> {
+    async fn single_key_proof<K: api::KeyType>(&self, key: K) -> Result<FrozenProof, api::Error> {
         let merkle = Merkle::from(self);
         merkle.prove(key.as_ref()).map_err(api::Error::from)
     }
@@ -120,7 +115,7 @@ impl api::DbView for HistoricalRev {
         _first_key: Option<K>,
         _last_key: Option<K>,
         _limit: Option<usize>,
-    ) -> Result<Option<RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>>, api::Error> {
+    ) -> Result<FrozenRangeProof, api::Error> {
         todo!()
     }
 
@@ -382,7 +377,7 @@ impl api::DbView for Proposal<'_> {
         merkle.get_value(key.as_ref()).map_err(api::Error::from)
     }
 
-    async fn single_key_proof<K: KeyType>(&self, key: K) -> Result<Proof<ProofNode>, api::Error> {
+    async fn single_key_proof<K: KeyType>(&self, key: K) -> Result<FrozenProof, api::Error> {
         let merkle = Merkle::from(self.nodestore.clone());
         merkle.prove(key.as_ref()).map_err(api::Error::from)
     }
@@ -392,7 +387,7 @@ impl api::DbView for Proposal<'_> {
         _first_key: Option<K>,
         _last_key: Option<K>,
         _limit: Option<usize>,
-    ) -> Result<Option<api::RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>>, api::Error> {
+    ) -> Result<FrozenRangeProof, api::Error> {
         todo!()
     }
 

firewood/src/merkle.rs

@@ -20,8 +20,9 @@ use crate::range_proof::RangeProof;
 #[cfg(test)]
 use crate::stream::MerkleKeyValueStream;
 use crate::stream::PathIterator;
+use crate::v2::api::FrozenProof;
 #[cfg(test)]
-use crate::v2::api;
+use crate::v2::api::{self, FrozenRangeProof};
 use firewood_storage::{
     BranchNode, Child, FileIoError, HashType, Hashable, HashedNodeReader, ImmutableProposal,
     IntoHashType, LeafNode, MaybePersistedNode, MutableProposal, NibblesIterator, Node, NodeStore,
@@ -178,7 +179,7 @@ impl<T: TrieReader> Merkle<T> {
 
     /// Returns a proof that the given key has a certain value,
     /// or that the key isn't in the trie.
-    pub fn prove(&self, key: &[u8]) -> Result<Proof<ProofNode>, ProofError> {
+    pub fn prove(&self, key: &[u8]) -> Result<FrozenProof, ProofError> {
         let Some(root) = self.root() else {
             return Err(ProofError::Empty);
         };
@@ -216,7 +217,7 @@ impl<T: TrieReader> Merkle<T> {
             });
         }
 
-        Ok(Proof(proof.into_boxed_slice()))
+        Ok(Proof::new(proof.into_boxed_slice()))
     }
 
     /// Verify a proof that a key has a certain value, or that the key isn't in the trie.
@@ -258,7 +259,7 @@ impl<T: TrieReader> Merkle<T> {
         start_key: Option<&[u8]>,
         end_key: Option<&[u8]>,
         limit: Option<NonZeroUsize>,
-    ) -> Result<RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>, api::Error> {
+    ) -> Result<FrozenRangeProof, api::Error> {
         if let (Some(k1), Some(k2)) = (&start_key, &end_key) {
             if k1 > k2 {
                 return Err(api::Error::InvalidRange {

firewood/src/proof.rs

@@ -146,10 +146,10 @@ impl From<PathIterItem> for ProofNode {
 }
 
 /// A proof that a given key-value pair either exists or does not exist in a trie.
-#[derive(Clone, Debug)]
-pub struct Proof<T: Hashable>(pub Box<[T]>);
+#[derive(Clone, Debug, PartialEq, Eq, Default)]
+pub struct Proof<T: ?Sized>(T);
 
-impl<T: Hashable> Proof<T> {
+impl<T: ProofCollection + ?Sized> Proof<T> {
     /// Verify a proof
     pub fn verify<K: AsRef<[u8]>, V: AsRef<[u8]>>(
         &self,
@@ -164,20 +164,20 @@ impl<T: Hashable> Proof<T> {
     /// with the given `root_hash`. If the key does not exist in the trie, returns `None`.
     /// Returns an error if the proof is invalid or doesn't prove the key for the
     /// given revision.
-    fn value_digest<K: AsRef<[u8]>>(
+    pub fn value_digest<K: AsRef<[u8]>>(
         &self,
         key: K,
         root_hash: &TrieHash,
     ) -> Result<Option<ValueDigest<&[u8]>>, ProofError> {
         let key: Box<[u8]> = NibblesIterator::new(key.as_ref()).collect();
 
-        let Some(last_node) = self.0.last() else {
+        let Some(last_node) = self.0.as_ref().last() else {
             return Err(ProofError::Empty);
         };
 
         let mut expected_hash = root_hash.clone().into_hash_type();
 
-        let mut iter = self.0.iter().peekable();
+        let mut iter = self.0.as_ref().iter().peekable();
         while let Some(node) = iter.next() {
             if node.to_hash() != expected_hash {
                 return Err(ProofError::UnexpectedHash);
@@ -224,6 +224,153 @@ impl<T: Hashable> Proof<T> {
         // This is an exclusion proof.
         Ok(None)
     }
+
+    /// Returns the length of the proof.
+    #[must_use]
+    pub fn len(&self) -> usize {
+        self.0.as_ref().len()
+    }
+
+    /// Returns true if the proof is empty.
+    #[must_use]
+    pub fn is_empty(&self) -> bool {
+        self.0.as_ref().is_empty()
+    }
+}
+
+impl<T: ProofCollection + ?Sized> std::ops::Deref for Proof<T> {
+    type Target = T;
+
+    #[inline]
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl<T: ProofCollection + ?Sized> std::ops::DerefMut for Proof<T> {
+    #[inline]
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        &mut self.0
+    }
+}
+
+impl<T: ProofCollection> Proof<T> {
+    /// Constructs a new proof from a collection of proof nodes.
+    #[inline]
+    #[must_use]
+    pub const fn new(proof: T) -> Self {
+        Self(proof)
+    }
+}
+
+impl Proof<EmptyProofCollection> {
+    /// Constructs a new empty proof.
+    #[inline]
+    #[must_use]
+    pub const fn empty() -> Self {
+        Self::new(EmptyProofCollection)
+    }
+
+    /// Converts an empty immutable proof into an empty mutable proof.
+    #[inline]
+    #[must_use]
+    pub const fn into_mutable<T: Hashable>(self) -> Proof<Vec<T>> {
+        Proof::new(Vec::new())
+    }
+}
+
+impl<T: Hashable> Proof<Box<[T]>> {
+    /// Converts an immutable proof into a mutable proof.
+    #[inline]
+    #[must_use]
+    pub fn into_mutable(self) -> Proof<Vec<T>> {
+        Proof::new(self.0.into_vec())
+    }
+}
+
+impl<T: Hashable> Proof<Vec<T>> {
+    /// Converts a mutable proof into an immutable proof.
+    #[inline]
+    #[must_use]
+    pub fn into_immutable(self) -> Proof<Box<[T]>> {
+        Proof::new(self.0.into_boxed_slice())
+    }
+}
+
+impl<T, V> Proof<V>
+where
+    T: Hashable,
+    V: ProofCollection<Node = T> + IntoIterator<Item = T> + FromIterator<T>,
+{
+    /// Joins two proofs into one.
+    #[inline]
+    #[must_use]
+    pub fn join<O: ProofCollection<Node = T> + IntoIterator<Item = T>>(
+        self,
+        other: Proof<O>,
+    ) -> Proof<V> {
+        self.into_iter().chain(other).collect()
+    }
+}
+
+impl<V: ProofCollection + FromIterator<V::Node>> FromIterator<V::Node> for Proof<V> {
+    #[inline]
+    fn from_iter<I: IntoIterator<Item = V::Node>>(iter: I) -> Self {
+        Proof(iter.into_iter().collect())
+    }
+}
+
+impl<V: ProofCollection + Extend<V::Node>> Extend<V::Node> for Proof<V> {
+    #[inline]
+    fn extend<I: IntoIterator<Item = V::Node>>(&mut self, iter: I) {
+        self.0.extend(iter);
+    }
+}
+
+impl<V: ProofCollection + IntoIterator<Item = V::Node>> IntoIterator for Proof<V> {
+    type Item = V::Node;
+    type IntoIter = V::IntoIter;
+
+    #[inline]
+    fn into_iter(self) -> Self::IntoIter {
+        self.0.into_iter()
+    }
+}
+
+/// A trait representing a collection of proof nodes.
+///
+/// This allows [`Proof`] to be generic over different types of collections such
+/// a `Box<[T]>` or `Vec<T>`, where `T` implements the `Hashable` trait.
+pub trait ProofCollection: AsRef<[Self::Node]> {
+    /// The type of nodes in the proof collection.
+    type Node: Hashable;
+}
+
+impl<T: Hashable> ProofCollection for [T] {
+    type Node = T;
+}
+
+impl<T: Hashable> ProofCollection for Box<[T]> {
+    type Node = T;
+}
+
+impl<T: Hashable> ProofCollection for Vec<T> {
+    type Node = T;
+}
+
+/// A zero-sized type to represent an empty proof collection.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Default)]
+pub struct EmptyProofCollection;
+
+impl AsRef<[ProofNode]> for EmptyProofCollection {
+    #[inline]
+    fn as_ref(&self) -> &[ProofNode] {
+        &[]
+    }
+}
+
+impl ProofCollection for EmptyProofCollection {
+    type Node = ProofNode;
 }
 
 /// Returns the next nibble in `c` after `b`.

firewood/src/range_proof.rs

@@ -1,14 +1,12 @@
 // Copyright (C) 2024, Ava Labs, Inc. All rights reserved.
 // See the file LICENSE.md for licensing terms.
 
-use firewood_storage::Hashable;
-
 use crate::proof::Proof;
 
 /// A range proof proves that a given set of key-value pairs
 /// are in the trie with a given root hash.
 #[derive(Debug)]
-pub struct RangeProof<K: AsRef<[u8]>, V: AsRef<[u8]>, H: Hashable> {
+pub struct RangeProof<K: AsRef<[u8]>, V: AsRef<[u8]>, H> {
     #[expect(dead_code)]
     pub(crate) start_proof: Option<Proof<H>>,
     #[expect(dead_code)]

firewood/src/v2/api.rs

@@ -44,6 +44,12 @@ impl<T> ValueType for T where T: AsRef<[u8]> + Send + Sync + Debug {}
 ///    proof
 pub type HashKey = firewood_storage::TrieHash;
 
+/// A frozen proof is a proof that is stored in immutable memory.
+pub type FrozenRangeProof = RangeProof<Box<[u8]>, Box<[u8]>, Box<[ProofNode]>>;
+
+/// A frozen proof uses an immutable collection of proof nodes.
+pub type FrozenProof = Proof<Box<[ProofNode]>>;
+
 /// A key/value pair operation. Only put (upsert) and delete are
 /// supported
 #[derive(Debug)]
@@ -244,7 +250,7 @@ pub trait DbView {
     async fn val<K: KeyType>(&self, key: K) -> Result<Option<Box<[u8]>>, Error>;
 
     /// Obtain a proof for a single key
-    async fn single_key_proof<K: KeyType>(&self, key: K) -> Result<Proof<ProofNode>, Error>;
+    async fn single_key_proof<K: KeyType>(&self, key: K) -> Result<FrozenProof, Error>;
 
     /// Obtain a range proof over a set of keys
     ///
@@ -259,7 +265,7 @@ pub trait DbView {
         first_key: Option<K>,
         last_key: Option<K>,
         limit: Option<usize>,
-    ) -> Result<Option<RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>>, Error>;
+    ) -> Result<FrozenRangeProof, Error>;
 
     /// Obtain a stream over the keys/values of this view, using an optional starting point
     ///

firewood/src/v2/emptydb.rs

@@ -1,11 +1,9 @@
 // Copyright (C) 2023, Ava Labs, Inc. All rights reserved.
 // See the file LICENSE.md for licensing terms.
 
-use crate::proof::{Proof, ProofNode};
-use crate::range_proof::RangeProof;
-
 use super::api::{Batch, Db, DbView, Error, HashKey, KeyType, ValueType};
 use super::propose::{Proposal, ProposalBase};
+use crate::v2::api::{FrozenProof, FrozenRangeProof};
 use async_trait::async_trait;
 use futures::Stream;
 use std::sync::Arc;
@@ -66,7 +64,7 @@ impl DbView for HistoricalImpl {
         Ok(None)
     }
 
-    async fn single_key_proof<K: KeyType>(&self, _key: K) -> Result<Proof<ProofNode>, Error> {
+    async fn single_key_proof<K: KeyType>(&self, _key: K) -> Result<FrozenProof, Error> {
         Err(Error::RangeProofOnEmptyTrie)
     }
 
@@ -75,8 +73,8 @@ impl DbView for HistoricalImpl {
         _first_key: Option<K>,
         _last_key: Option<K>,
         _limit: Option<usize>,
-    ) -> Result<Option<RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>>, Error> {
-        Ok(None)
+    ) -> Result<FrozenRangeProof, Error> {
+        Err(Error::RangeProofOnEmptyTrie)
     }
 
     fn iter_option<K: KeyType>(&self, _first_key: Option<K>) -> Result<EmptyStreamer, Error> {

firewood/src/v2/propose.rs

@@ -9,9 +9,7 @@ use async_trait::async_trait;
 use futures::stream::Empty;
 
 use super::api::{KeyType, ValueType};
-use crate::proof::{Proof, ProofNode};
-use crate::range_proof::RangeProof;
-use crate::v2::api;
+use crate::v2::api::{self, FrozenProof, FrozenRangeProof};
 
 #[derive(Clone, Debug)]
 pub(crate) enum KeyOp<V: ValueType> {
@@ -137,7 +135,7 @@ impl<T: api::DbView + Send + Sync> api::DbView for Proposal<T> {
         }
     }
 
-    async fn single_key_proof<K: KeyType>(&self, _key: K) -> Result<Proof<ProofNode>, api::Error> {
+    async fn single_key_proof<K: KeyType>(&self, _key: K) -> Result<FrozenProof, api::Error> {
         todo!();
     }
 
@@ -146,7 +144,7 @@ impl<T: api::DbView + Send + Sync> api::DbView for Proposal<T> {
         _first_key: Option<KT>,
         _last_key: Option<KT>,
         _limit: Option<usize>,
-    ) -> Result<Option<RangeProof<Box<[u8]>, Box<[u8]>, ProofNode>>, api::Error> {
+    ) -> Result<FrozenRangeProof, api::Error> {
         todo!();
     }