build(deps): bump cachix/cachix-action from 15 to 16

Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 15 to 16.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v15...v16)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/bench-primitives.yml

@@ -21,7 +21,7 @@ jobs:
       matrix:
         system: ["x86_64-linux", "i686-linux"]
 
-    runs-on: ubuntu-latest
+    runs-on: ubicloud-standard-2
     defaults:
       run:
         shell: bash
@@ -93,7 +93,7 @@ jobs:
   ciphers-primitives-bench-status:
     if: ${{ always() }}
     needs: [prim-benchmark]
-    runs-on: ubuntu-latest
+    runs-on: ubicloud-standard-2
     steps:
       - name: Successful
         if: ${{ !(contains(needs.*.result, 'failure')) }}

.github/workflows/bench-protocol.yml

@@ -21,7 +21,7 @@ jobs:
       matrix:
         system: ["x86_64-linux", "i686-linux"]
 
-    runs-on: ubuntu-latest
+    runs-on: ubicloud-standard-2
     defaults:
       run:
         shell: bash
@@ -80,7 +80,7 @@ jobs:
   ciphers-protocol-bench-status:
     if: ${{ always() }}
     needs: [proto-benchmark]
-    runs-on: ubuntu-latest
+    runs-on: ubicloud-standard-2
     steps:
       - name: Successful
         if: ${{ !(contains(needs.*.result, 'failure')) }}

.github/workflows/docker.yaml

@@ -255,7 +255,7 @@ jobs:
         target: [rp, rosenpass]
     steps:
       - name: Download digests
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           path: ${{ runner.temp }}/digests
           pattern: digests-${{ matrix.target }}-*

.github/workflows/nix-mac.yaml

@@ -23,7 +23,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -42,7 +42,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -58,7 +58,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -74,7 +74,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -91,7 +91,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -106,7 +106,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

.github/workflows/nix.yaml

@@ -23,7 +23,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -39,7 +39,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -56,7 +56,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -71,7 +71,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -88,7 +88,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -105,7 +105,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -121,7 +121,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -140,7 +140,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -164,7 +164,7 @@ jobs:
   #         nix_path: nixpkgs=channel:nixos-unstable
   #         extra_nix_config: |
   #           system = aarch64-linux
-  #     - uses: cachix/cachix-action@v15
+  #     - uses: cachix/cachix-action@v16
   #       with:
   #         name: rosenpass
   #         authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -180,7 +180,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -201,7 +201,7 @@ jobs:
           nix_path: nixpkgs=channel:nixos-unstable
           extra_nix_config: |
             system = aarch64-linux
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -222,7 +222,7 @@ jobs:
           nix_path: nixpkgs=channel:nixos-unstable
           extra_nix_config: |
             system = aarch64-linux
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -239,7 +239,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -261,7 +261,7 @@ jobs:
           nix_path: nixpkgs=channel:nixos-unstable
           extra_nix_config: |
             system = aarch64-linux
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -277,7 +277,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -293,7 +293,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -310,7 +310,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -326,7 +326,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -341,7 +341,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -356,7 +356,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

.github/workflows/qc.yaml

@@ -162,7 +162,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

.github/workflows/release.yaml

@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v30
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -32,7 +32,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v30
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -53,7 +53,7 @@ jobs:
       - uses: cachix/install-nix-action@v30
         with:
           nix_path: nixpkgs=channel:nixos-unstable
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
@@ -71,7 +71,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v30
-      - uses: cachix/cachix-action@v15
+      - uses: cachix/cachix-action@v16
         with:
           name: rosenpass
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

Cargo.lock

@@ -110,9 +110,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.96"
+version = "1.0.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b964d184e89d9b6b67dd2715bc8e74cf3107fb2b529990c90cf517326150bf4"
+checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"
 dependencies = [
  "backtrace",
 ]
@@ -1440,9 +1440,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.26"
+version = "0.4.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
+checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
 
 [[package]]
 name = "memchr"
@@ -2068,6 +2068,7 @@ dependencies = [
  "rosenpass-wireguard-broker",
  "rustix",
  "serde",
+ "serde_json",
  "serial_test",
  "signal-hook",
  "signal-hook-mio",
@@ -2376,9 +2377,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.139"
+version = "1.0.140"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44f86c3acccc9c65b153fe1b85a3be07fe5515274ec9f0653b4a0875731c72a6"
+checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
 dependencies = [
  "itoa",
  "memchr",

Cargo.toml

@@ -46,13 +46,13 @@ memsec = { git = "https://github.com/rosenpass/memsec.git", rev = "aceb9baee8aec
 ] }
 rand = "0.8.5"
 typenum = "1.17.0"
-log = { version = "0.4.22" }
+log = { version = "0.4.27" }
 clap = { version = "4.5.23", features = ["derive"] }
 clap_mangen = "0.2.29"
 clap_complete = "4.5.40"
 serde = { version = "1.0.217", features = ["derive"] }
 arbitrary = { version = "1.4.1", features = ["derive"] }
-anyhow = { version = "1.0.95", features = ["backtrace", "std"] }
+anyhow = { version = "1.0.98", features = ["backtrace", "std"] }
 mio = { version = "1.0.3", features = ["net", "os-poll"] }
 signal-hook-mio = { version = "0.2.4", features = ["support-v1_0"] }
 signal-hook = "0.3.17"
@@ -92,6 +92,7 @@ test_bin = "0.4.0"
 criterion = "0.5.1"
 allocator-api2-tests = "0.2.15"
 procspawn = { version = "1.0.1", features = ["test-support"] }
+serde_json = { version = "1.0.140" }
 
 #Broker dependencies (might need cleanup or changes)
 wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }

rosenpass/Cargo.toml

@@ -91,9 +91,9 @@ serial_test = { workspace = true }
 procspawn = { workspace = true }
 tempfile = { workspace = true }
 rustix = { workspace = true }
+serde_json = { workspace = true }
 
 [features]
-#default = ["experiment_libcrux_all"]
 experiment_cookie_dos_mitigation = []
 experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"]
 experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"]

rosenpass/benches/trace_handshake.rs

@@ -1,6 +1,9 @@
-use std::io::{self, Write};
-use std::time::{Duration, Instant};
-use std::{collections::HashMap, hint::black_box, ops::DerefMut};
+use std::{
+    collections::HashMap,
+    hint::black_box,
+    ops::DerefMut,
+    time::{Duration, Instant},
+};
 
 use anyhow::Result;
 
@@ -9,11 +12,12 @@ use libcrux_test_utils::tracing::{EventType, Trace as _};
 use rosenpass_cipher_traits::primitives::Kem;
 use rosenpass_ciphers::StaticKem;
 use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
-use rosenpass_util::trace_bench::RpEventType;
+use rosenpass_util::trace_bench::RpEvent;
 
 use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey};
 use rosenpass::protocol::osk_domain_separator::OskDomainSeparator;
 use rosenpass::protocol::{CryptoServer, HandleMsgResult, PeerPtr, ProtocolVersion};
+use serde::ser::SerializeStruct;
 
 const ITERATIONS: usize = 100;
 
@@ -124,15 +128,30 @@ fn main() {
         (v02, &v03_with_marker[1..])
     };
 
-    // Perform statistical analysis on both trace sections and write results as JSON
-    write_json_arrays(
-        &mut std::io::stdout(), // Write to standard output
-        vec![
-            ("V02", statistical_analysis(trace_v02.to_vec())),
-            ("V03", statistical_analysis(trace_v03.to_vec())),
-        ],
-    )
-    .expect("error writing json data");
+    // Perform statistical analysis on both trace sections
+    let analysis_v02 = statistical_analysis(trace_v02);
+    let analysis_v03 = statistical_analysis(trace_v03);
+
+    // Transform analysis results to JSON-encodable data type
+    let stats_v02 = analysis_v02
+        .iter()
+        .map(|(label, agg_stat)| JsonAggregateStat {
+            protocol_version: "V02",
+            label,
+            agg_stat,
+        });
+    let stats_v03 = analysis_v03
+        .iter()
+        .map(|(label, agg_stat)| JsonAggregateStat {
+            protocol_version: "V03",
+            label,
+            agg_stat: &agg_stat,
+        });
+
+    // Write results as JSON
+    let stats_all: Vec<_> = stats_v02.chain(stats_v03).collect();
+    let stats_json = serde_json::to_string_pretty(&stats_all).expect("error encoding to json");
+    println!("{stats_json}");
 }
 
 /// Performs a simple statistical analysis:
@@ -140,7 +159,7 @@ fn main() {
 /// - extracts durations of spamns
 /// - filters out empty bins
 /// - calculates aggregate statistics (mean, std dev)
-fn statistical_analysis(trace: Vec<RpEventType>) -> Vec<(&'static str, AggregateStat<Duration>)> {
+fn statistical_analysis(trace: &[RpEvent]) -> Vec<(&'static str, AggregateStat<Duration>)> {
     bin_events(trace)
         .into_iter()
         .map(|(label, spans)| (label, extract_span_durations(label, spans.as_slice())))
@@ -149,44 +168,6 @@ fn statistical_analysis(trace: Vec<RpEventType>) -> Vec<(&'static str, Aggregate
         .collect()
 }
 
-/// Takes an iterator of ("protocol_version", iterator_of_stats) pairs and writes them
-/// as a single flat JSON array to the provided writer.
-///
-/// # Arguments
-/// * `w` - The writer to output JSON to (e.g., stdout, file).
-/// * `item_groups` - An iterator producing tuples `(version, stats): (&'static str, II)`.
-///    Here `II` is itself an iterator producing `(label, agg_stat): (&'static str, AggregateStat<Duration>)`,
-///    where the label is the label of the span, e.g. "IHI2".
-///
-/// # Type Parameters
-/// * `W` - A type that implements `std::io::Write`.
-/// * `II` - An iterator type yielding (`&'static str`, `AggregateStat<Duration>`).
-fn write_json_arrays<W: Write, II: IntoIterator<Item = (&'static str, AggregateStat<Duration>)>>(
-    w: &mut W,
-    item_groups: impl IntoIterator<Item = (&'static str, II)>,
-) -> io::Result<()> {
-    // Flatten the groups into a single iterator of (protocol_version, label, stats)
-    let iter = item_groups.into_iter().flat_map(|(version, items)| {
-        items
-            .into_iter()
-            .map(move |(label, agg_stat)| (version, label, agg_stat))
-    });
-    let mut delim = ""; // Start with no delimiter
-
-    // Start the JSON array
-    write!(w, "[")?;
-
-    // Write the flattened statistics as JSON objects, separated by commas.
-    for (version, label, agg_stat) in iter {
-        write!(w, "{delim}")?; // Write delimiter (empty for first item, "," for subsequent)
-        agg_stat.write_json_ns(label, version, w)?; // Write the JSON object for the stat entry
-        delim = ","; // Set delimiter for the next iteration
-    }
-
-    // End the JSON array
-    write!(w, "]")
-}
-
 /// Used to group benchmark results in visualizations
 enum RunTimeGroup {
     /// For particularly long operations.
@@ -239,13 +220,13 @@ enum StatEntry {
 
 /// Takes a flat list of events and organizes them into a HashMap where keys
 /// are event labels and values are vectors of events with that label.
-fn bin_events(events: Vec<RpEventType>) -> HashMap<&'static str, Vec<RpEventType>> {
+fn bin_events(events: &[RpEvent]) -> HashMap<&'static str, Vec<RpEvent>> {
     let mut spans = HashMap::<_, Vec<_>>::new();
     for event in events {
         // Get the vector for the event's label, or create a new one
         let spans_for_label = spans.entry(event.label).or_default();
         // Add the event to the vector
-        spans_for_label.push(event);
+        spans_for_label.push(event.clone());
     }
     spans
 }
@@ -253,7 +234,7 @@ fn bin_events(events: Vec<RpEventType>) -> HashMap<&'static str, Vec<RpEventType
 /// Processes a list of events (assumed to be for the same label), matching
 /// `SpanOpen` and `SpanClose` events to calculate the duration of each span.
 /// It handles potentially interleaved spans correctly.
-fn extract_span_durations(label: &str, events: &[RpEventType]) -> Vec<Duration> {
+fn extract_span_durations(label: &str, events: &[RpEvent]) -> Vec<Duration> {
     let mut processing_list: Vec<StatEntry> = vec![]; // List to track open spans and final durations
 
     for entry in events {
@@ -313,6 +294,7 @@ fn extract_span_durations(label: &str, events: &[RpEventType]) -> Vec<Duration>
 /// Stores the mean, standard deviation, relative standard deviation (sd/mean),
 /// and the number of samples used for calculation.
 #[derive(Debug)]
+#[allow(dead_code)]
 struct AggregateStat<T> {
     /// Average duration.
     mean_duration: T,
@@ -362,32 +344,33 @@ impl AggregateStat<Duration> {
             sample_size,
         }
     }
+}
 
-    /// Writes the statistics as a JSON object to the provided writer.
-    /// Includes metadata like label, protocol_version, OS, architecture, and run time group.
-    ///
-    /// # Arguments
-    /// * `label` - The specific benchmark/span label.
-    /// * `protocol_version` - Version of the protocol that is benchmarked.
-    /// * `w` - The output writer (must implement `std::io::Write`).
-    fn write_json_ns(
-        &self,
-        label: &str,
-        protocol_version: &str,
-        w: &mut impl io::Write,
-    ) -> io::Result<()> {
-        // Format the JSON string using measured values and environment constants
-        writeln!(
-            w,
-            r#"{{"name":"{name}", "unit":"ns/iter", "value":"{value}", "range":"± {range}", "protocol version":"{protocol_version}", "sample size":"{sample_size}", "operating system":"{os}", "architecture":"{arch}", "run time":"{run_time}"}}"#,
-            name = label,                          // Benchmark name
-            value = self.mean_duration.as_nanos(), // Mean duration in nanoseconds
-            range = self.sd_duration.as_nanos(),   // Standard deviation in nanoseconds
-            sample_size = self.sample_size,        // Number of samples
-            os = std::env::consts::OS,             // Operating system
-            arch = std::env::consts::ARCH,         // CPU architecture
-            run_time = run_time_group(label),      // Run time group category (long, medium, etc.)
-            protocol_version = protocol_version // Overall protocol_version (e.g., protocol version)
-        )
+struct JsonAggregateStat<'a, T> {
+    agg_stat: &'a AggregateStat<T>,
+    label: &'a str,
+    protocol_version: &'a str,
+}
+
+impl<'a> serde::Serialize for JsonAggregateStat<'a, Duration> {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        let mut stat = serializer.serialize_struct("AggregateStat", 9)?;
+        stat.serialize_field("name", self.label)?;
+        stat.serialize_field("unit", "ns/iter")?;
+        stat.serialize_field("value", &self.agg_stat.mean_duration.as_nanos().to_string())?;
+        stat.serialize_field(
+            "range",
+            &format!("± {}", self.agg_stat.sd_duration.as_nanos()),
+        )?;
+        stat.serialize_field("protocol version", self.protocol_version)?;
+        stat.serialize_field("sample size", &self.agg_stat.sample_size)?;
+        stat.serialize_field("operating system", std::env::consts::OS)?;
+        stat.serialize_field("architecture", std::env::consts::ARCH)?;
+        stat.serialize_field("run time", &run_time_group(self.label).to_string())?;
+
+        stat.end()
     }
 }

supply-chain/config.toml

@@ -74,7 +74,7 @@ version = "3.0.7"
 criteria = "safe-to-deploy"
 
 [[exemptions.anyhow]]
-version = "1.0.96"
+version = "1.0.98"
 criteria = "safe-to-deploy"
 
 [[exemptions.atomic-polyfill]]
@@ -614,7 +614,7 @@ version = "3.0.7"
 criteria = "safe-to-run"
 
 [[exemptions.serde_json]]
-version = "1.0.139"
+version = "1.0.140"
 criteria = "safe-to-deploy"
 
 [[exemptions.serde_spanned]]

supply-chain/imports.lock

@@ -234,6 +234,12 @@ who = "Dan Gohman <dev@sunfishcode.online>"
 criteria = "safe-to-deploy"
 delta = "1.0.11 -> 1.0.14"
 
+[[audits.bytecode-alliance.audits.log]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+delta = "0.4.22 -> 0.4.27"
+notes = "Lots of minor updates to macros and such, nothing touching `unsafe`"
+
 [[audits.bytecode-alliance.audits.miniz_oxide]]
 who = "Alex Crichton <alex@alexcrichton.com>"
 criteria = "safe-to-deploy"
@@ -573,20 +579,6 @@ describe in the review doc.
 """
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
-[[audits.google.audits.log]]
-who = "Lukasz Anforowicz <lukasza@chromium.org>"
-criteria = "safe-to-deploy"
-delta = "0.4.22 -> 0.4.25"
-notes = "No impact on `unsafe` usage in `lib.rs`."
-aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
-
-[[audits.google.audits.log]]
-who = "Daniel Cheng <dcheng@chromium.org>"
-criteria = "safe-to-deploy"
-delta = "0.4.25 -> 0.4.26"
-notes = "Only trivial code and documentation changes."
-aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
-
 [[audits.google.audits.nom]]
 who = "danakj@chromium.org"
 criteria = "safe-to-deploy"

util/src/trace_bench.rs

@@ -10,7 +10,7 @@ static TRACE: OnceLock<RpTrace> = OnceLock::new();
 pub type RpTrace = tracing::MutexTrace<&'static str, Instant>;
 
 /// The trace event type used to trace Rosenpass for performance measurement.
-pub type RpEventType = tracing::TraceEvent<&'static str, Instant>;
+pub type RpEvent = tracing::TraceEvent<&'static str, Instant>;
 
 // Re-export to make functionality available and callers don't need to also directly depend on
 // [`libcrux_test_utils`].