logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-10 01:33:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Dmitry Vagner 2023-03-21 19:23:54 -07:00
commit 13d2ed90d7
94 changed files with 5990 additions and 1908 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
evm/Cargo.toml
View File

@ -13,7 +13,7 @@ edition = "2021"
anyhow = "1.0.40"
blake2 = "0.10.5"
env_logger = "0.10.0"
eth_trie_utils = "0.4.0"
eth_trie_utils = "0.4.1"
ethereum-types = "0.14.0"
hex = { version = "0.4.3", optional = true }
hex-literal = "0.3.4"
@ -22,6 +22,7 @@ keccak-hash = "0.10.0"
log = "0.4.14"
plonky2_maybe_rayon = "0.1.0"
num = "0.4.0"
num-bigint = "0.4.3"
once_cell = "1.13.0"
pest = "2.1.3"
pest_derive = "2.1.0"

2
evm/src/arithmetic/mod.rs
View File

@ -1,7 +1,7 @@
use ethereum_types::U256;
use plonky2::field::types::PrimeField64;
use crate::bn254_arithmetic::BN_BASE;
use crate::extension_tower::BN_BASE;
use crate::util::{addmod, mulmod, submod};
mod addcy;

0
evm/src/bls381_pairing.rs
View File

876
evm/src/bn254_arithmetic.rs
View File

@ -1,876 +0,0 @@
use std::mem::transmute;
use std::ops::{Add, Div, Mul, Neg, Sub};
use ethereum_types::U256;
use rand::distributions::{Distribution, Standard};
use rand::Rng;
pub const BN_BASE: U256 = U256([
0x3c208c16d87cfd47,
0x97816a916871ca8d,
0xb85045b68181585d,
0x30644e72e131a029,
]);
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct Fp {
pub val: U256,
}
impl Fp {
pub fn new(val: usize) -> Fp {
Fp {
val: U256::from(val),
}
}
}
impl Distribution<Fp> for Standard {
fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> Fp {
let xs = rng.gen::<[u64; 4]>();
Fp {
val: U256(xs) % BN_BASE,
}
}
}
impl Add for Fp {
type Output = Self;
fn add(self, other: Self) -> Self {
Fp {
val: (self.val + other.val) % BN_BASE,
}
}
}
impl Neg for Fp {
type Output = Self;
fn neg(self) -> Self::Output {
Fp {
val: (BN_BASE - self.val) % BN_BASE,
}
}
}
impl Sub for Fp {
type Output = Self;
fn sub(self, other: Self) -> Self {
Fp {
val: (BN_BASE + self.val - other.val) % BN_BASE,
}
}
}
#[allow(clippy::suspicious_arithmetic_impl)]
impl Mul for Fp {
type Output = Self;
fn mul(self, other: Self) -> Self {
Fp {
val: U256::try_from((self.val).full_mul(other.val) % BN_BASE).unwrap(),
}
}
}
impl Fp {
pub fn inv(self) -> Fp {
exp_fp(self, BN_BASE - 2)
}
}
#[allow(clippy::suspicious_arithmetic_impl)]
impl Div for Fp {
type Output = Self;
fn div(self, rhs: Self) -> Self::Output {
self * rhs.inv()
}
}
pub const ZERO_FP: Fp = Fp { val: U256::zero() };
pub const UNIT_FP: Fp = Fp { val: U256::one() };
fn exp_fp(x: Fp, e: U256) -> Fp {
let mut current = x;
let mut product = Fp { val: U256::one() };
for j in 0..256 {
if e.bit(j) {
product = product * current;
}
current = current * current;
}
product
}
/// The degree 2 field extension Fp2 is given by adjoining i, the square root of -1, to Fp
/// The arithmetic in this extension is standard complex arithmetic
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct Fp2 {
pub re: Fp,
pub im: Fp,
}
pub const ZERO_FP2: Fp2 = Fp2 {
re: ZERO_FP,
im: ZERO_FP,
};
pub const UNIT_FP2: Fp2 = Fp2 {
re: UNIT_FP,
im: ZERO_FP,
};
impl Distribution<Fp2> for Standard {
fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> Fp2 {
let (re, im) = rng.gen::<(Fp, Fp)>();
Fp2 { re, im }
}
}
impl Add for Fp2 {
type Output = Self;
fn add(self, other: Self) -> Self {
Fp2 {
re: self.re + other.re,
im: self.im + other.im,
}
}
}
impl Neg for Fp2 {
type Output = Self;
fn neg(self) -> Self::Output {
Fp2 {
re: -self.re,
im: -self.im,
}
}
}
impl Sub for Fp2 {
type Output = Self;
fn sub(self, other: Self) -> Self {
Fp2 {
re: self.re - other.re,
im: self.im - other.im,
}
}
}
impl Mul for Fp2 {
type Output = Self;
fn mul(self, other: Self) -> Self {
Fp2 {
re: self.re * other.re - self.im * other.im,
im: self.re * other.im + self.im * other.re,
}
}
}
impl Fp2 {
// We preemptively define a helper function which multiplies an Fp2 element by 9 + i
fn i9(self) -> Fp2 {
let nine = Fp::new(9);
Fp2 {
re: nine * self.re - self.im,
im: self.re + nine * self.im,
}
}
// This function scalar multiplies an Fp2 by an Fp
pub fn scale(self, x: Fp) -> Fp2 {
Fp2 {
re: x * self.re,
im: x * self.im,
}
}
/// Return the complex conjugate z' of z: Fp2
/// This also happens to be the frobenius map
/// z -> z^p
/// since p == 3 mod 4 and hence
/// i^p = i^3 = -i
fn conj(self) -> Fp2 {
Fp2 {
re: self.re,
im: -self.im,
}
}
// Return the magnitude squared of a complex number
fn norm_sq(self) -> Fp {
self.re * self.re + self.im * self.im
}
/// The inverse of z is given by z'/||z||^2 since ||z||^2 = zz'
pub fn inv(self) -> Fp2 {
let norm_sq = self.norm_sq();
self.conj().scale(norm_sq.inv())
}
}
#[allow(clippy::suspicious_arithmetic_impl)]
impl Div for Fp2 {
type Output = Self;
fn div(self, rhs: Self) -> Self::Output {
self * rhs.inv()
}
}
/// The degree 3 field extension Fp6 over Fp2 is given by adjoining t, where t^3 = 9 + i
// Fp6 has basis 1, t, t^2 over Fp2
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct Fp6 {
pub t0: Fp2,
pub t1: Fp2,
pub t2: Fp2,
}
pub const ZERO_FP6: Fp6 = Fp6 {
t0: ZERO_FP2,
t1: ZERO_FP2,
t2: ZERO_FP2,
};
pub const UNIT_FP6: Fp6 = Fp6 {
t0: UNIT_FP2,
t1: ZERO_FP2,
t2: ZERO_FP2,
};
impl Distribution<Fp6> for Standard {
fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> Fp6 {
let (t0, t1, t2) = rng.gen::<(Fp2, Fp2, Fp2)>();
Fp6 { t0, t1, t2 }
}
}
impl Add for Fp6 {
type Output = Self;
fn add(self, other: Self) -> Self {
Fp6 {
t0: self.t0 + other.t0,
t1: self.t1 + other.t1,
t2: self.t2 + other.t2,
}
}
}
impl Neg for Fp6 {
type Output = Self;
fn neg(self) -> Self::Output {
Fp6 {
t0: -self.t0,
t1: -self.t1,
t2: -self.t2,
}
}
}
impl Sub for Fp6 {
type Output = Self;
fn sub(self, other: Self) -> Self {
Fp6 {
t0: self.t0 - other.t0,
t1: self.t1 - other.t1,
t2: self.t2 - other.t2,
}
}
}
impl Mul for Fp6 {
type Output = Self;
fn mul(self, other: Self) -> Self {
Fp6 {
t0: self.t0 * other.t0 + (self.t1 * other.t2 + self.t2 * other.t1).i9(),
t1: self.t0 * other.t1 + self.t1 * other.t0 + (self.t2 * other.t2).i9(),
t2: self.t0 * other.t2 + self.t1 * other.t1 + self.t2 * other.t0,
}
}
}
impl Fp6 {
// This function scalar multiplies an Fp6 by an Fp2
fn scale(self, x: Fp2) -> Fp6 {
Fp6 {
t0: x * self.t0,
t1: x * self.t1,
t2: x * self.t2,
}
}
/// This function multiplies an Fp6 element by t, and hence shifts the bases,
/// where the t^2 coefficient picks up a factor of 9+i as the 1 coefficient of the output
fn sh(self) -> Fp6 {
Fp6 {
t0: self.t2.i9(),
t1: self.t0,
t2: self.t1,
}
}
/// The nth frobenius endomorphism of a p^q field is given by mapping
/// x to x^(p^n)
/// which sends a + bt + ct^2: Fp6 to
/// a^(p^n) + b^(p^n) * t^(p^n) + c^(p^n) * t^(2p^n)
/// The Fp2 coefficients are determined by the comment in the conj method,
/// while the values of
/// t^(p^n) and t^(2p^n)
/// are precomputed in the constant arrays FROB_T1 and FROB_T2
pub fn frob(self, n: usize) -> Fp6 {
let n = n % 6;
let frob_t1 = FROB_T1[n];
let frob_t2 = FROB_T2[n];
if n % 2 != 0 {
Fp6 {
t0: self.t0.conj(),
t1: frob_t1 * self.t1.conj(),
t2: frob_t2 * self.t2.conj(),
}
} else {
Fp6 {
t0: self.t0,
t1: frob_t1 * self.t1,
t2: frob_t2 * self.t2,
}
}
}
/// Let x_n = x^(p^n) and note that
/// x_0 = x^(p^0) = x^1 = x
/// (x_n)_m = (x^(p^n))^(p^m) = x^(p^n * p^m) = x^(p^(n+m)) = x_{n+m}
/// By Galois Theory, given x: Fp6, the product
/// phi = x_0 * x_1 * x_2 * x_3 * x_4 * x_5
/// lands in Fp, and hence the inverse of x is given by
/// (x_1 * x_2 * x_3 * x_4 * x_5) / phi
/// We can save compute by rearranging the numerator:
/// (x_1 * x_3) * x_5 * (x_1 * x_3)_1
/// By Galois theory, the following are in Fp2 and are complex conjugates
/// x_1 * x_3 * x_5, x_0 * x_2 * x_4
/// and therefore
/// phi = ||x_1 * x_3 * x_5||^2
/// and hence the inverse is given by
/// ([x_1 * x_3] * x_5) * [x_1 * x_3]_1 / ||[x_1 * x_3] * x_5||^2
pub fn inv(self) -> Fp6 {
let prod_13 = self.frob(1) * self.frob(3);
let prod_135 = (prod_13 * self.frob(5)).t0;
let phi = prod_135.norm_sq();
let prod_odds_over_phi = prod_135.scale(phi.inv());
let prod_24 = prod_13.frob(1);
prod_24.scale(prod_odds_over_phi)
}
pub fn on_stack(self) -> Vec<U256> {
let f: [U256; 6] = unsafe { transmute(self) };
f.into_iter().collect()
}
}
#[allow(clippy::suspicious_arithmetic_impl)]
impl Div for Fp6 {
type Output = Self;
fn div(self, rhs: Self) -> Self::Output {
self * rhs.inv()
}
}
/// The degree 2 field extension Fp12 over Fp6 is given by adjoining z, where z^2 = t.
/// It thus has basis 1, z over Fp6
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct Fp12 {
pub z0: Fp6,
pub z1: Fp6,
}
pub const UNIT_FP12: Fp12 = Fp12 {
z0: UNIT_FP6,
z1: ZERO_FP6,
};
impl Distribution<Fp12> for Standard {
fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> Fp12 {
let (z0, z1) = rng.gen::<(Fp6, Fp6)>();
Fp12 { z0, z1 }
}
}
impl Mul for Fp12 {
type Output = Self;
fn mul(self, other: Self) -> Self {
let h0 = self.z0 * other.z0;
let h1 = self.z1 * other.z1;
let h01 = (self.z0 + self.z1) * (other.z0 + other.z1);
Fp12 {
z0: h0 + h1.sh(),
z1: h01 - (h0 + h1),
}
}
}
impl Fp12 {
// This function scalar multiplies an Fp12 by an Fp6
fn scale(self, x: Fp6) -> Fp12 {
Fp12 {
z0: x * self.z0,
z1: x * self.z1,
}
}
fn conj(self) -> Fp12 {
Fp12 {
z0: self.z0,
z1: -self.z1,
}
}
/// The nth frobenius endomorphism of a p^q field is given by mapping
/// x to x^(p^n)
/// which sends a + bz: Fp12 to
/// a^(p^n) + b^(p^n) * z^(p^n)
/// where the values of z^(p^n) are precomputed in the constant array FROB_Z
pub fn frob(self, n: usize) -> Fp12 {
let n = n % 12;
Fp12 {
z0: self.z0.frob(n),
z1: self.z1.frob(n).scale(FROB_Z[n]),
}
}
/// By Galois Theory, given x: Fp12, the product
/// phi = Prod_{i=0}^11 x_i
/// lands in Fp, and hence the inverse of x is given by
/// (Prod_{i=1}^11 x_i) / phi
/// The 6th Frob map is nontrivial but leaves Fp6 fixed and hence must be the conjugate:
/// x_6 = (a + bz)_6 = a - bz = x.conj()
/// Letting prod_17 = x_1 * x_7, the remaining factors in the numerator can be expresed as:
/// [(prod_17) * (prod_17)_2] * (prod_17)_4 * [(prod_17) * (prod_17)_2]_1
/// By Galois theory, both the following are in Fp2 and are complex conjugates
/// prod_odds, prod_evens
/// Thus phi = ||prod_odds||^2, and hence the inverse is given by
/// prod_odds * prod_evens_except_six * x.conj() / ||prod_odds||^2
pub fn inv(self) -> Fp12 {
let prod_17 = (self.frob(1) * self.frob(7)).z0;
let prod_1379 = prod_17 * prod_17.frob(2);
let prod_odds = (prod_1379 * prod_17.frob(4)).t0;
let phi = prod_odds.norm_sq();
let prod_odds_over_phi = prod_odds.scale(phi.inv());
let prod_evens_except_six = prod_1379.frob(1);
let prod_except_six = prod_evens_except_six.scale(prod_odds_over_phi);
self.conj().scale(prod_except_six)
}
pub fn on_stack(self) -> Vec<U256> {
let f: [U256; 12] = unsafe { transmute(self) };
f.into_iter().collect()
}
}
#[allow(clippy::suspicious_arithmetic_impl)]
impl Div for Fp12 {
type Output = Self;
fn div(self, rhs: Self) -> Self::Output {
self * rhs.inv()
}
}
const FROB_T1: [Fp2; 6] = [
Fp2 {
re: Fp { val: U256::one() },
im: Fp { val: U256::zero() },
},
Fp2 {
re: Fp {
val: U256([
0x99e39557176f553d,
0xb78cc310c2c3330c,
0x4c0bec3cf559b143,
0x2fb347984f7911f7,
]),
},
im: Fp {
val: U256([
0x1665d51c640fcba2,
0x32ae2a1d0b7c9dce,
0x4ba4cc8bd75a0794,
0x16c9e55061ebae20,
]),
},
},
Fp2 {
re: Fp {
val: U256([
0xe4bd44e5607cfd48,
0xc28f069fbb966e3d,
0x5e6dd9e7e0acccb0,
0x30644e72e131a029,
]),
},
im: Fp { val: U256::zero() },
},
Fp2 {
re: Fp {
val: U256([
0x7b746ee87bdcfb6d,
0x805ffd3d5d6942d3,
0xbaff1c77959f25ac,
0x0856e078b755ef0a,
]),
},
im: Fp {
val: U256([
0x380cab2baaa586de,
0x0fdf31bf98ff2631,
0xa9f30e6dec26094f,
0x04f1de41b3d1766f,
]),
},
},
Fp2 {
re: Fp {
val: U256([
0x5763473177fffffe,
0xd4f263f1acdb5c4f,
0x59e26bcea0d48bac,
0x0,
]),
},
im: Fp { val: U256::zero() },
},
Fp2 {
re: Fp {
val: U256([
0x62e913ee1dada9e4,
0xf71614d4b0b71f3a,
0x699582b87809d9ca,
0x28be74d4bb943f51,
]),
},
im: Fp {
val: U256([
0xedae0bcec9c7aac7,
0x54f40eb4c3f6068d,
0xc2b86abcbe01477a,
0x14a88ae0cb747b99,
]),
},
},
];
const FROB_T2: [Fp2; 6] = [
Fp2 {
re: Fp { val: U256::one() },
im: Fp { val: U256::zero() },
},
Fp2 {
re: {
Fp {
val: U256([
0x848a1f55921ea762,
0xd33365f7be94ec72,
0x80f3c0b75a181e84,
0x05b54f5e64eea801,
]),
}
},
im: {
Fp {
val: U256([
0xc13b4711cd2b8126,
0x3685d2ea1bdec763,
0x9f3a80b03b0b1c92,
0x2c145edbe7fd8aee,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0x5763473177fffffe,
0xd4f263f1acdb5c4f,
0x59e26bcea0d48bac,
0x0,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0x0e1a92bc3ccbf066,
0xe633094575b06bcb,
0x19bee0f7b5b2444e,
0xbc58c6611c08dab,
]),
}
},
im: {
Fp {
val: U256([
0x5fe3ed9d730c239f,
0xa44a9e08737f96e5,
0xfeb0f6ef0cd21d04,
0x23d5e999e1910a12,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0xe4bd44e5607cfd48,
0xc28f069fbb966e3d,
0x5e6dd9e7e0acccb0,
0x30644e72e131a029,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0xa97bda050992657f,
0xde1afb54342c724f,
0x1d9da40771b6f589,
0x1ee972ae6a826a7d,
]),
}
},
im: {
Fp {
val: U256([
0x5721e37e70c255c9,
0x54326430418536d1,
0xd2b513cdbb257724,
0x10de546ff8d4ab51,
]),
}
},
},
];
const FROB_Z: [Fp2; 12] = [
Fp2 {
re: { Fp { val: U256::one() } },
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0xd60b35dadcc9e470,
0x5c521e08292f2176,
0xe8b99fdd76e68b60,
0x1284b71c2865a7df,
]),
}
},
im: {
Fp {
val: U256([
0xca5cf05f80f362ac,
0x747992778eeec7e5,
0xa6327cfe12150b8e,
0x246996f3b4fae7e6,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0xe4bd44e5607cfd49,
0xc28f069fbb966e3d,
0x5e6dd9e7e0acccb0,
0x30644e72e131a029,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0xe86f7d391ed4a67f,
0x894cb38dbe55d24a,
0xefe9608cd0acaa90,
0x19dc81cfcc82e4bb,
]),
}
},
im: {
Fp {
val: U256([
0x7694aa2bf4c0c101,
0x7f03a5e397d439ec,
0x06cbeee33576139d,
0xabf8b60be77d73,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0xe4bd44e5607cfd48,
0xc28f069fbb966e3d,
0x5e6dd9e7e0acccb0,
0x30644e72e131a029,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0x1264475e420ac20f,
0x2cfa95859526b0d4,
0x072fc0af59c61f30,
0x757cab3a41d3cdc,
]),
}
},
im: {
Fp {
val: U256([
0xe85845e34c4a5b9c,
0xa20b7dfd71573c93,
0x18e9b79ba4e2606c,
0xca6b035381e35b6,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0x3c208c16d87cfd46,
0x97816a916871ca8d,
0xb85045b68181585d,
0x30644e72e131a029,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0x6615563bfbb318d7,
0x3b2f4c893f42a916,
0xcf96a5d90a9accfd,
0x1ddf9756b8cbf849,
]),
}
},
im: {
Fp {
val: U256([
0x71c39bb757899a9b,
0x2307d819d98302a7,
0x121dc8b86f6c4ccf,
0x0bfab77f2c36b843,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0x5763473177fffffe,
0xd4f263f1acdb5c4f,
0x59e26bcea0d48bac,
0x0,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0x53b10eddb9a856c8,
0x0e34b703aa1bf842,
0xc866e529b0d4adcd,
0x1687cca314aebb6d,
]),
}
},
im: {
Fp {
val: U256([
0xc58be1eae3bc3c46,
0x187dc4add09d90a0,
0xb18456d34c0b44c0,
0x2fb855bcd54a22b6,
]),
}
},
},
Fp2 {
re: {
Fp {
val: U256([
0x5763473177ffffff,
0xd4f263f1acdb5c4f,
0x59e26bcea0d48bac,
0x0,
]),
}
},
im: { Fp { val: U256::zero() } },
},
Fp2 {
re: {
Fp {
val: U256([
0x29bc44b896723b38,
0x6a86d50bd34b19b9,
0xb120850727bb392d,
0x290c83bf3d14634d,
]),
}
},
im: {
Fp {
val: U256([
0x53c846338c32a1ab,
0xf575ec93f71a8df9,
0x9f668e1adc9ef7f0,
0x23bd9e3da9136a73,
]),
}
},
},
];

62
evm/src/bn254_pairing.rs
View File

@ -2,13 +2,13 @@ use std::ops::Add;
use rand::Rng;
use crate::bn254_arithmetic::{Fp, Fp12, Fp2, Fp6, UNIT_FP12, ZERO_FP, ZERO_FP2};
use crate::extension_tower::{FieldExt, Fp12, Fp2, Fp6, BN254};
// The curve consists of pairs (x, y): (Fp, Fp) | y^2 = x^3 + 2
// The curve consists of pairs (x, y): (BN254, BN254) | y^2 = x^3 + 2
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct Curve {
pub x: Fp,
pub y: Fp,
pub x: BN254,
pub y: BN254,
}
/// Standard addition formula for elliptic curves, restricted to the cases
@ -19,7 +19,7 @@ impl Add for Curve {
fn add(self, other: Self) -> Self {
let m = if self == other {
Fp::new(3) * self.x * self.x / (Fp::new(2) * self.y)
BN254::new(3) * self.x * self.x / (BN254::new(2) * self.y)
} else {
(other.y - self.y) / (other.x - self.x)
};
@ -34,12 +34,12 @@ impl Add for Curve {
// The twisted curve consists of pairs (x, y): (Fp2, Fp2) | y^2 = x^3 + 3/(9 + i)
#[derive(Debug, Copy, Clone, PartialEq)]
pub struct TwistedCurve {
pub x: Fp2,
pub y: Fp2,
pub x: Fp2<BN254>,
pub y: Fp2<BN254>,
}
// The tate pairing takes a point each from the curve and its twist and outputs an Fp12 element
pub fn tate(p: Curve, q: TwistedCurve) -> Fp12 {
pub fn tate(p: Curve, q: TwistedCurve) -> Fp12<BN254> {
let miller_output = miller_loop(p, q);
invariant_exponent(miller_output)
}
@ -47,10 +47,10 @@ pub fn tate(p: Curve, q: TwistedCurve) -> Fp12 {
/// Standard code for miller loop, can be found on page 99 at this url:
/// https://static1.squarespace.com/static/5fdbb09f31d71c1227082339/t/5ff394720493bd28278889c6/1609798774687/PairingsForBeginners.pdf#page=107
/// where EXP is a hardcoding of the array of Booleans that the loop traverses
pub fn miller_loop(p: Curve, q: TwistedCurve) -> Fp12 {
pub fn miller_loop(p: Curve, q: TwistedCurve) -> Fp12<BN254> {
let mut r = p;
let mut acc = UNIT_FP12;
let mut line;
let mut acc: Fp12<BN254> = Fp12::<BN254>::UNIT;
let mut line: Fp12<BN254>;
for i in EXP {
line = tangent(r, q);
@ -66,14 +66,14 @@ pub fn miller_loop(p: Curve, q: TwistedCurve) -> Fp12 {
}
/// The sloped line function for doubling a point
pub fn tangent(p: Curve, q: TwistedCurve) -> Fp12 {
let cx = -Fp::new(3) * p.x * p.x;
let cy = Fp::new(2) * p.y;
sparse_embed(p.y * p.y - Fp::new(9), q.x.scale(cx), q.y.scale(cy))
pub fn tangent(p: Curve, q: TwistedCurve) -> Fp12<BN254> {
let cx = -BN254::new(3) * p.x * p.x;
let cy = BN254::new(2) * p.y;
sparse_embed(p.y * p.y - BN254::new(9), q.x.scale(cx), q.y.scale(cy))
}
/// The sloped line function for adding two points
pub fn cord(p1: Curve, p2: Curve, q: TwistedCurve) -> Fp12 {
pub fn cord(p1: Curve, p2: Curve, q: TwistedCurve) -> Fp12<BN254> {
let cx = p2.y - p1.y;
let cy = p1.x - p2.x;
sparse_embed(p1.y * p2.x - p2.y * p1.x, q.x.scale(cx), q.y.scale(cy))
@ -81,27 +81,31 @@ pub fn cord(p1: Curve, p2: Curve, q: TwistedCurve) -> Fp12 {
/// The tangent and cord functions output sparse Fp12 elements.
/// This map embeds the nonzero coefficients into an Fp12.
pub fn sparse_embed(g000: Fp, g01: Fp2, g11: Fp2) -> Fp12 {
pub fn sparse_embed(g000: BN254, g01: Fp2<BN254>, g11: Fp2<BN254>) -> Fp12<BN254> {
let g0 = Fp6 {
t0: Fp2 {
re: g000,
im: ZERO_FP,
im: BN254::ZERO,
},
t1: g01,
t2: ZERO_FP2,
t2: Fp2::<BN254>::ZERO,
};
let g1 = Fp6 {
t0: ZERO_FP2,
t0: Fp2::<BN254>::ZERO,
t1: g11,
t2: ZERO_FP2,
t2: Fp2::<BN254>::ZERO,
};
Fp12 { z0: g0, z1: g1 }
}
pub fn gen_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12 {
sparse_embed(rng.gen::<Fp>(), rng.gen::<Fp2>(), rng.gen::<Fp2>())
pub fn gen_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12<BN254> {
sparse_embed(
rng.gen::<BN254>(),
rng.gen::<Fp2<BN254>>(),
rng.gen::<Fp2<BN254>>(),
)
}
/// The output y of the miller loop is not an invariant,
@ -116,7 +120,7 @@ pub fn gen_fp12_sparse<R: Rng + ?Sized>(rng: &mut R) -> Fp12 {
/// (p^4 - p^2 + 1)/N = p^3 + (a2)p^2 - (a1)p - a0
/// where 0 < a0, a1, a2 < p. Then the final power is given by
/// y = y_3 * (y^a2)_2 * (y^-a1)_1 * (y^-a0)
pub fn invariant_exponent(f: Fp12) -> Fp12 {
pub fn invariant_exponent(f: Fp12<BN254>) -> Fp12<BN254> {
let mut y = f.frob(6) / f;
y = y.frob(2) * y;
let (y_a2, y_a1, y_a0) = get_custom_powers(y);
@ -134,11 +138,11 @@ pub fn invariant_exponent(f: Fp12) -> Fp12 {
/// EXPS4 = [(a4[i], a2[i], a0[i]) for i in 0..len(a4)]
/// EXPS2 = [ (a2[i], a0[i]) for i in len(a4)..len(a2)]
/// EXPS0 = [ a0[i] for i in len(a2)..len(a0)]
fn get_custom_powers(f: Fp12) -> (Fp12, Fp12, Fp12) {
let mut sq: Fp12 = f;
let mut y0: Fp12 = UNIT_FP12;
let mut y2: Fp12 = UNIT_FP12;
let mut y4: Fp12 = UNIT_FP12;
fn get_custom_powers(f: Fp12<BN254>) -> (Fp12<BN254>, Fp12<BN254>, Fp12<BN254>) {
let mut sq: Fp12<BN254> = f;
let mut y0: Fp12<BN254> = Fp12::<BN254>::UNIT;
let mut y2: Fp12<BN254> = Fp12::<BN254>::UNIT;
let mut y4: Fp12<BN254> = Fp12::<BN254>::UNIT;
// proceed via standard squaring algorithm for exponentiation

9
evm/src/cpu/kernel/aggregator.rs
View File

@ -13,10 +13,18 @@ pub(crate) fn combined_kernel() -> Kernel {
let files = vec![
"global jumped_to_0: PANIC",
"global jumped_to_1: PANIC",
include_str!("asm/bignum/add.asm"),
include_str!("asm/bignum/addmul.asm"),
include_str!("asm/bignum/cmp.asm"),
include_str!("asm/bignum/iszero.asm"),
include_str!("asm/bignum/mul.asm"),
include_str!("asm/bignum/shr.asm"),
include_str!("asm/bignum/util.asm"),
include_str!("asm/core/bootloader.asm"),
include_str!("asm/core/call.asm"),
include_str!("asm/core/create.asm"),
include_str!("asm/core/create_addresses.asm"),
include_str!("asm/core/gas.asm"),
include_str!("asm/core/intrinsic_gas.asm"),
include_str!("asm/core/invalid.asm"),
include_str!("asm/core/jumpdest_analysis.asm"),
@ -75,6 +83,7 @@ pub(crate) fn combined_kernel() -> Kernel {
include_str!("asm/main.asm"),
include_str!("asm/memory/core.asm"),
include_str!("asm/memory/memcpy.asm"),
include_str!("asm/memory/memset.asm"),
include_str!("asm/memory/metadata.asm"),
include_str!("asm/memory/packing.asm"),
include_str!("asm/memory/syscalls.asm"),

27
evm/src/cpu/kernel/asm/account_code.asm
View File

@ -1,6 +1,12 @@
retzero:
%stack (account_ptr, retdest) -> (retdest, 0)
JUMP
global sys_extcodehash:
// stack: kexit_info, address
// TODO: Charge gas.
SWAP1
// stack: address, kexit_info
%extcodehash
// stack: hash, kexit_info
SWAP1
EXIT_KERNEL
global extcodehash:
// stack: address, retdest
@ -12,6 +18,9 @@ global extcodehash:
%mload_trie_data
// stack: codehash, retdest
SWAP1 JUMP
retzero:
%stack (account_ptr, retdest) -> (retdest, 0)
JUMP
%macro extcodehash
%stack (address) -> (address, %%after)
@ -32,6 +41,7 @@ global extcodehash:
global sys_extcodesize:
// stack: kexit_info, address
// TODO: Charge gas.
SWAP1
// stack: address, kexit_info
%extcodesize
@ -53,7 +63,7 @@ global extcodesize:
%macro extcodecopy
// stack: address, dest_offset, offset, size
%stack (dest_offset, offset, size) -> (dest_offset, offset, size, %%after)
%stack (address, dest_offset, offset, size) -> (address, dest_offset, offset, size, %%after)
%jump(extcodecopy)
%%after:
%endmacro
@ -61,6 +71,8 @@ global extcodesize:
// Pre stack: kexit_info, address, dest_offset, offset, size
// Post stack: (empty)
global sys_extcodecopy:
// TODO: Call %update_mem_bytes to expand memory.
// TODO: Charge other gas.
%stack (kexit_info, address, dest_offset, offset, size)
-> (address, dest_offset, offset, size, kexit_info)
%extcodecopy
@ -104,7 +116,7 @@ extcodecopy_loop:
// stack: opcode, offset, code_size, dest_offset, i, size, retdest
DUP4
// stack: dest_offset, opcode, offset, code_size, dest_offset, i, size, retdest
%mstore_main
%mstore_current(@SEGMENT_MAIN_MEMORY)
// stack: offset, code_size, dest_offset, i, size, retdest
%increment
// stack: offset+1, code_size, dest_offset, i, size, retdest
@ -133,6 +145,7 @@ global load_code:
JUMP
load_code_ctd:
// stack: codehash, ctx, segment, retdest
DUP1 ISZERO %jumpi(load_code_non_existent_account)
PROVER_INPUT(account_code::length)
// stack: code_size, codehash, ctx, segment, retdest
PUSH 0
@ -165,3 +178,7 @@ load_code_check:
// stack: shouldbecodehash, codehash, retdest, code_size
%assert_eq
JUMP
load_code_non_existent_account:
%stack (codehash, ctx, segment, retdest) -> (retdest, 0)
JUMP

35
evm/src/cpu/kernel/asm/balance.asm
View File

@ -1,3 +1,20 @@
global sys_balance:
// stack: kexit_info, address
// TODO: assuming a cold account access for now.
%charge_gas_const(@GAS_COLDACCOUNTACCESS)
SWAP1
// stack: address, kexit_info
%balance
// stack: balance, kexit_info
SWAP1
EXIT_KERNEL
%macro balance
%stack (address) -> (address, %%after)
%jump(balance)
%%after:
%endmacro
global balance:
// stack: address, retdest
%mpt_read_state_trie
@ -13,11 +30,17 @@ retzero:
%stack (account_ptr, retdest) -> (retdest, 0)
JUMP
global sys_selfbalance:
// stack: kexit_info
%charge_gas_const(@GAS_LOW)
%selfbalance
// stack: balance, kexit_info
SWAP1
EXIT_KERNEL
global selfbalance:
// stack: retdest
%macro selfbalance
PUSH %%after
%address
PUSH balance
// stack: balance, address, retdest
JUMP
%jump(balance)
%%after:
%endmacro

67
evm/src/cpu/kernel/asm/bignum/add.asm Normal file
View File

@ -0,0 +1,67 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
// Adds two bignums of the same given length. Assumes that len > 0.
// Replaces a with a + b, leaving b unchanged, and returns the final carry.
global add_bignum:
// stack: len, a_start_loc, b_start_loc, retdest
DUP1
// stack: len, len, a_start_loc, b_start_loc, retdest
ISZERO
%jumpi(len_zero)
// stack: len, a_start_loc, b_start_loc, retdest
PUSH 0
// stack: carry=0, i=len, a_cur_loc=a_start_loc, b_cur_loc=b_start_loc, retdest
add_loop:
// stack: carry, i, a_cur_loc, b_cur_loc, retdest
DUP4
%mload_kernel_general
// stack: b[cur], carry, i, a_cur_loc, b_cur_loc, retdest
DUP4
%mload_kernel_general
// stack: a[cur], b[cur], carry, i, a_cur_loc, b_cur_loc, retdest
ADD
ADD
// stack: a[cur] + b[cur] + carry, i, a_cur_loc, b_cur_loc, retdest
DUP1
// stack: a[cur] + b[cur] + carry, a[cur] + b[cur] + carry, i, a_cur_loc, b_cur_loc, retdest
%shr_const(128)
// stack: (a[cur] + b[cur] + carry) // 2^128, a[cur] + b[cur] + carry, i, a_cur_loc, b_cur_loc, retdest
SWAP1
// stack: a[cur] + b[cur] + carry, (a[cur] + b[cur] + carry) // 2^128, i, a_cur_loc, b_cur_loc, retdest
%mod_const(0x100000000000000000000000000000000)
// stack: c[cur] = (a[cur] + b[cur] + carry) % 2^128, carry_new = (a[cur] + b[cur] + carry) // 2^128, i, a_cur_loc, b_cur_loc, retdest
DUP4
// stack: a_cur_loc, c[cur], carry_new, i, a_cur_loc, b_cur_loc, retdest
%mstore_kernel_general
// stack: carry_new, i, a_cur_loc, b_cur_loc, retdest
SWAP2
%increment
SWAP2
// stack: carry_new, i, a_cur_loc + 1, b_cur_loc, retdest
SWAP3
%increment
SWAP3
// stack: carry_new, i, a_cur_loc + 1, b_cur_loc + 1, retdest
SWAP1
%decrement
SWAP1
// stack: carry_new, i - 1, a_cur_loc + 1, b_cur_loc + 1, retdest
DUP2
// stack: i - 1, carry_new, i - 1, a_cur_loc + 1, b_cur_loc + 1, retdest
%jumpi(add_loop)
add_end:
// stack: carry_new, i - 1, a_cur_loc + 1, b_cur_loc + 1, retdest
%stack (c, i, a, b) -> (c)
// stack: carry_new, retdest
SWAP1
// stack: retdest, carry_new
JUMP
len_zero:
// stack: len, a_start_loc, b_start_loc, retdest
%pop3
// stack: retdest
PUSH 0
// stack: carry=0, retdest
SWAP1
JUMP

111
evm/src/cpu/kernel/asm/bignum/addmul.asm Normal file
View File

@ -0,0 +1,111 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
// Sets a[0:len] += b[0:len] * val, and returns the carry (a limb of up to 128 bits).
global addmul_bignum:
// stack: len, a_start_loc, b_start_loc, val, retdest
DUP1
// stack: len, len, a_start_loc, b_start_loc, val, retdest
ISZERO
%jumpi(len_zero)
PUSH 0
// stack: carry_limb=0, i=len, a_cur_loc=a_start_loc, b_cur_loc=b_start_loc, val, retdest
addmul_loop:
// stack: carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP4
// stack: b_cur_loc, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%mload_kernel_general
// stack: b[cur], carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP6
// stack: val, b[cur], carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
MUL
// stack: val * b[cur], carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP1
// stack: val * b[cur], val * b[cur], carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%shr_const(128)
// stack: (val * b[cur]) // 2^128, val * b[cur], carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP1
// stack: val * b[cur], (val * b[cur]) // 2^128, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%shl_const(128)
%shr_const(128)
// stack: prod_lo = val * b[cur] % 2^128, prod_hi = (val * b[cur]) // 2^128, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP5
// stack: a_cur_loc, prod_lo, prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%mload_kernel_general
// stack: a[cur], prod_lo, prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP1
// stack: a[cur], a[cur], prod_lo, prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP2
// stack: prod_lo, a[cur], a[cur], prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
ADD
%shl_const(128)
%shr_const(128)
// stack: prod_lo' = (prod_lo + a[cur]) % 2^128, a[cur], prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP1
// stack: prod_lo', prod_lo', a[cur], prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP2
// stack: a[cur], prod_lo', prod_lo', prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
GT
// stack: prod_lo_carry_limb = a[cur] > prod_lo', prod_lo', prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP1
// stack: prod_lo', prod_lo_carry_limb, prod_hi, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP2
// stack: prod_hi, prod_lo_carry_limb, prod_lo', carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
ADD
// stack: prod_hi' = prod_hi + prod_lo_carry_limb, prod_lo', carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP3
// stack: carry_limb, prod_hi', prod_lo', carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP3
// stack: prod_lo', carry_limb, prod_hi', prod_lo', carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
ADD
%shl_const(128)
%shr_const(128)
// stack: to_write = (prod_lo' + carry_limb) % 2^128, prod_hi', prod_lo', carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP2
// stack: prod_lo', prod_hi', to_write, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP3
// stack: to_write, prod_lo', prod_hi', to_write, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
LT
// stack: carry_limb_new = to_write < prod_lo', prod_hi', to_write, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%stack (vals: 3, c) -> (vals)
// stack: carry_limb_new, prod_hi', to_write, i, a_cur_loc, b_cur_loc, val, retdest
ADD
// stack: carry_limb = carry_limb_new' + prod_hi', to_write, i, a_cur_loc, b_cur_loc, val, retdest
SWAP1
// stack: to_write, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
DUP4
// stack: a_cur_loc, to_write, carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
%mstore_kernel_general
// stack: carry_limb, i, a_cur_loc, b_cur_loc, val, retdest
SWAP1
// stack: i, carry_limb, a_cur_loc, b_cur_loc, val, retdest
%decrement
// stack: i-1, carry_limb, a_cur_loc, b_cur_loc, val, retdest
SWAP2
// stack: a_cur_loc, carry_limb, i-1, b_cur_loc, val, retdest
%increment
// stack: a_cur_loc+1, carry_limb, i-1, b_cur_loc, val, retdest
SWAP3
// stack: b_cur_loc, carry_limb, i-1, a_cur_loc+1, val, retdest
%increment
// stack: b_cur_loc+1, carry_limb, i-1, a_cur_loc+1, val, retdest
%stack (b, c, i, a) -> (c, i, a, b)
// stack: carry_limb, i-1, a_cur_loc+1, b_cur_loc+1, val, retdest
DUP2
// stack: i-1, carry_limb, i-1, a_cur_loc+1, b_cur_loc+1, val, retdest
%jumpi(addmul_loop)
addmul_end:
// stack: carry_limb_new, i-1, a_cur_loc+1, b_cur_loc+1, val, retdest
%stack (c, i, a, b, v) -> (c)
// stack: carry_limb_new, retdest
SWAP1
// stack: retdest, carry_limb_new
JUMP
len_zero:
// stack: len, a_start_loc, b_start_loc, val, retdest
%pop4
// stack: retdest
PUSH 0
// stack: carry_limb=0, retdest
SWAP1
JUMP

86
evm/src/cpu/kernel/asm/bignum/cmp.asm Normal file
View File

@ -0,0 +1,86 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
// Compares two bignums of the same given length. Assumes that len > 0.
// Returns 1 if a > b, 0 if a == b, and -1 (that is, 2^256 - 1) if a < b.
global cmp_bignum:
// stack: len, a_start_loc, b_start_loc, retdest
DUP1
// stack: len, len, a_start_loc, b_start_loc, retdest
ISZERO
%jumpi(equal)
// stack: len, a_start_loc, b_start_loc, retdest
SWAP1
// stack: a_start_loc, len, b_start_loc, retdest
DUP2
// stack: len, a_start_loc, len, b_start_loc, retdest
ADD
%decrement
// stack: a_end_loc, len, b_start_loc, retdest
SWAP2
// stack: b_start_loc, len, a_end_loc, retdest
DUP2
// stack: len, b_start_loc, len, a_end_loc, retdest
ADD
%decrement
// stack: b_end_loc, len, a_end_loc, retdest
%stack (b, l, a) -> (l, a, b)
// stack: len, a_end_loc, b_end_loc, retdest
%decrement
ge_loop:
// stack: i, a_i_loc, b_i_loc, retdest
DUP3
DUP3
// stack: a_i_loc, b_i_loc, i, a_i_loc, b_i_loc, retdest
%mload_kernel_general
SWAP1
%mload_kernel_general
SWAP1
// stack: a[i], b[i], i, a_i_loc, b_i_loc, retdest
%stack (vals: 2) -> (vals, vals)
GT
%jumpi(greater)
// stack: a[i], b[i], i, a_i_loc, b_i_loc, retdest
LT
%jumpi(less)
// stack: i, a_i_loc, b_i_loc, retdest
DUP1
ISZERO
%jumpi(equal)
%decrement
// stack: i-1, a_i_loc, b_i_loc, retdest
SWAP1
// stack: a_i_loc, i-1, b_i_loc, retdest
%decrement
// stack: a_i_loc_new, i-1, b_i_loc, retdest
SWAP2
// stack: b_i_loc, i-1, a_i_loc_new, retdest
%decrement
// stack: b_i_loc_new, i-1, a_i_loc_new, retdest
%stack (b, i, a) -> (i, a, b)
// stack: i-1, a_i_loc_new, b_i_loc_new, retdest
%jump(ge_loop)
equal:
// stack: i, a_i_loc, b_i_loc, retdest
%pop3
// stack: retdest
PUSH 0
// stack: 0, retdest
SWAP1
JUMP
greater:
// stack: a[i], b[i], i, a_i_loc, b_i_loc, retdest
%pop5
// stack: retdest
PUSH 1
// stack: 1, retdest
SWAP1
JUMP
less:
// stack: i, a_i_loc, b_i_loc, retdest
%pop3
// stack: retdest
PUSH 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
// stack: -1, retdest
SWAP1
JUMP

40
evm/src/cpu/kernel/asm/bignum/iszero.asm Normal file
View File

@ -0,0 +1,40 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
global iszero_bignum:
// stack: len, start_loc, retdest
DUP1
// stack: len, len, start_loc, retdest
ISZERO
%jumpi(eqzero)
DUP2
// stack: start_loc, len, start_loc, retdest
ADD
// stack: end_loc, start_loc, retdest
SWAP1
// stack: cur_loc=start_loc, end_loc, retdest
iszero_loop:
// stack: cur_loc, end_loc, retdest
DUP1
// stack: cur_loc, cur_loc, end_loc, retdest
%mload_kernel_general
// stack: cur_val, cur_loc, end_loc, retdest
%jumpi(neqzero)
// stack: cur_loc, end_loc, retdest
%increment
// stack: cur_loc + 1, end_loc, retdest
%stack (vals: 2) -> (vals, vals)
// stack: cur_loc + 1, end_loc, cur_loc + 1, end_loc, retdest
EQ
%jumpi(eqzero)
%jump(iszero_loop)
neqzero:
// stack: cur_loc, end_loc, retdest
%stack (vals: 2, retdest) -> (retdest, 0)
// stack: retdest, 0
JUMP
eqzero:
// stack: cur_loc, end_loc, retdest
%stack (vals: 2, retdest) -> (retdest, 1)
// stack: retdest, 1
JUMP

64
evm/src/cpu/kernel/asm/bignum/mul.asm Normal file
View File

@ -0,0 +1,64 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
// Stores a * b in output_loc, leaving a and b unchanged.
// Both a and b have length len; a * b will have length 2 * len.
// output_loc must be initialized as 2 * len zeroes.
// TODO: possible optimization: allow output_loc to be uninitialized, and write over it with a[0:len] * b[0] (a multiplication
// with carry) in place of the first addmul.
global mul_bignum:
// stack: len, a_start_loc, b_start_loc, output_loc, retdest
DUP1
// stack: len, len, a_start_loc, b_start_loc, output_loc, retdest
ISZERO
%jumpi(len_zero)
DUP1
// stack: n=len, len, a_start_loc, bi=b_start_loc, output_cur=output_loc, retdest
mul_loop:
// stack: n, len, a_start_loc, bi, output_cur, retdest
PUSH mul_addmul_return
// stack: mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest
DUP5
// stack: bi, mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest
%mload_kernel_general
// stack: b[i], mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest, b
DUP5
// stack: a_start_loc, b[i], mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest, b
DUP8
// stack: output_loc, a_start_loc, b[i], mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest, b
DUP6
// stack: len, output_loc, a_start_loc, b[i], mul_addmul_return, n, len, a_start_loc, bi, output_cur, retdest, b
%jump(addmul_bignum)
mul_addmul_return:
// stack: carry_limb, n, len, a_start_loc, bi, output_cur, retdest
DUP6
// stack: output_cur, carry_limb, n, len, a_start_loc, bi, output_cur, retdest
DUP4
// stack: len, output_cur, carry_limb, n, len, a_start_loc, bi, output_cur, retdest
ADD
// stack: output_cur + len, carry_limb, n, len, a_start_loc, bi, output_cur, retdest
%mstore_kernel_general
// stack: n, len, a_start_loc, bi, output_cur, retdest
%decrement
// stack: n-1, len, a_start_loc, bi, output_cur, retdest
SWAP3
%increment
SWAP3
// stack: n-1, len, a_start_loc, bi+1, output_cur, retdest
SWAP4
%increment
SWAP4
// stack: n-1, len, a_start_loc, bi+1, output_cur+1, retdest
DUP1
// stack: n-1, n-1, len, a_start_loc, bi+1, output_cur+1, retdest
%jumpi(mul_loop)
mul_end:
// stack: n-1, len, a_start_loc, bi+1, output_cur+1, retdest
%pop5
// stack: retdest
JUMP
len_zero:
// stack: len, a_start_loc, b_start_loc, output_loc, retdest
%pop4
// stack: retdest
JUMP

67
evm/src/cpu/kernel/asm/bignum/shr.asm Normal file
View File

@ -0,0 +1,67 @@
// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.
// Shifts a given bignum right by one bit (in place).
// Assumes that len > 0.
global shr_bignum:
// stack: len, start_loc, retdest
DUP1
// stack: len, len, start_loc, retdest
ISZERO
%jumpi(len_zero)
// stack: len, start_loc, retdest
DUP2
// stack: start_loc, len, start_loc, retdest
ADD
// stack: start_loc + len, start_loc, retdest
%decrement
// stack: end_loc, start_loc, retdest
%stack (e) -> (e, 0)
// stack: i=end_loc, carry=0, start_loc, retdest
shr_loop:
// stack: i, carry, start_loc, retdest
DUP1
// stack: i, i, carry, start_loc, retdest
%mload_kernel_general
// stack: a[i], i, carry, start_loc, retdest
DUP1
// stack: a[i], a[i], i, carry, start_loc, retdest
%shr_const(1)
// stack: a[i] >> 1, a[i], i, carry, start_loc, retdest
SWAP1
// stack: a[i], a[i] >> 1, i, carry, start_loc, retdest
%mod_const(2)
// stack: new_carry = a[i] % 2, a[i] >> 1, i, carry, start_loc, retdest
SWAP3
// stack: carry, a[i] >> 1, i, new_carry, start_loc, retdest
%shl_const(127)
// stack: carry << 127, a[i] >> 1, i, new_carry, start_loc, retdest
ADD
// stack: carry << 127 | a[i] >> 1, i, new_carry, start_loc, retdest
DUP2
// stack: i, carry << 127 | a[i] >> 1, i, new_carry, start_loc, retdest
%mstore_kernel_general
// stack: i, new_carry, start_loc, retdest
DUP1
// stack: i, i, new_carry, start_loc, retdest
%decrement
// stack: i-1, i, new_carry, start_loc, retdest
SWAP1
// stack: i, i-1, new_carry, start_loc, retdest
DUP4
// stack: start_loc, i, i-1, new_carry, start_loc, retdest
EQ
// stack: i == start_loc, i-1, new_carry, start_loc, retdest
ISZERO
// stack: i != start_loc, i-1, new_carry, start_loc, retdest
%jumpi(shr_loop)
shr_end:
// stack: i, new_carry, start_loc, retdest
%pop3
// stack: retdest
JUMP
len_zero:
// stack: len, start_loc, retdest
%pop2
// stack: retdest
JUMP

13
evm/src/cpu/kernel/asm/bignum/util.asm Normal file
View File

@ -0,0 +1,13 @@
%macro memcpy_kernel_general
// stack: dst, src, len
%stack (dst, src, len) -> (0, @SEGMENT_KERNEL_GENERAL, dst, 0, @SEGMENT_KERNEL_GENERAL, src, len, %%after)
%jump(memcpy)
%%after:
%endmacro
%macro clear_kernel_general
// stack: dst, len
%stack (dst, len) -> (0, @SEGMENT_KERNEL_GENERAL, dst, 0, len, %%after)
%jump(memset)
%%after:
%endmacro

4
evm/src/cpu/kernel/asm/core/call.asm
View File

@ -3,6 +3,7 @@
// Creates a new sub context and executes the code of the given account.
global sys_call:
// stack: kexit_info, gas, address, value, args_offset, args_size, ret_offset, ret_size
// TODO: Charge gas.
%create_context
// stack: new_ctx, kexit_info, gas, address, value, args_offset, args_size, ret_offset, ret_size
@ -27,6 +28,7 @@ global sys_call:
// given account. In particular the storage remains the same.
global sys_callcode:
// stack: kexit_info, gas, address, value, args_offset, args_size, ret_offset, ret_size
// TODO: Charge gas.
%create_context
// stack: new_ctx, kexit_info, gas, address, value, args_offset, args_size, ret_offset, ret_size
@ -50,6 +52,7 @@ global sys_callcode:
// CALL if the value sent is not 0.
global sys_staticcall:
// stack: kexit_info, gas, address, args_offset, args_size, ret_offset, ret_size
// TODO: Charge gas.
%create_context
// stack: new_ctx, kexit_info, gas, address, args_offset, args_size, ret_offset, ret_size
@ -70,6 +73,7 @@ global sys_staticcall:
// value remain the same.
global sys_delegatecall:
// stack: kexit_info, gas, address, args_offset, args_size, ret_offset, ret_size
// TODO: Charge gas.
%create_context
// stack: new_ctx, kexit_info, gas, address, args_offset, args_size, ret_offset, ret_size

59
evm/src/cpu/kernel/asm/core/create.asm
View File

@ -1,22 +1,35 @@
// TODO: This file needs to be cleaned up.
// `create` is no longer being used for contract-creation txns,
// so it can be inlined. Also need to set metadata on new ctx.
// The CREATE syscall.
//
// Pre stack: value, CODE_ADDR, code_len, retdest
// Pre stack: kexit_info, value, code_offset, code_len
// Post stack: address
global sys_create:
// TODO: Charge gas.
%stack (kexit_info, value, code_offset, code_len)
-> (value, 0, @SEGMENT_MAIN_MEMORY, code_offset, code_len)
%address
// stack: sender, value, CODE_ADDR: 3, code_len, sys_create_finish, kexit_info
%jump(create)
sys_create_finish:
// stack: address, kexit_info
SWAP1
EXIT_KERNEL
// Create a new contract account with the traditional address scheme, i.e.
// address = KEC(RLP(sender, nonce))[12:]
// This can be used both for the CREATE instruction and for contract-creation
// transactions.
//
// Pre stack: sender, endowment, CODE_ADDR, code_len, retdest
// Pre stack: sender, endowment, CODE_ADDR: 3, code_len, retdest
// Post stack: address
// Note: CODE_ADDR refers to a (context, segment, offset) tuple.
global create:
// stack: sender, endowment, CODE_ADDR, code_len, retdest
DUP1 %get_nonce
DUP1 %nonce
// stack: nonce, sender, endowment, CODE_ADDR, code_len, retdest
// Call get_create_address and have it return to create_inner.
%stack (nonce, sender)
@ -26,30 +39,46 @@ global create:
// CREATE2; see EIP-1014. Address will be
// address = KEC(0xff || sender || salt || code_hash)[12:]
//
// Pre stack: sender, endowment, salt, CODE_ADDR: 3, code_len, retdest
// Pre stack: kexit_info, value, code_offset, code_len, salt
// Post stack: address
// Note: CODE_ADDR refers to a (context, segment, offset) tuple.
global sys_create2:
// stack: sender, endowment, salt, CODE_ADDR: 3, code_len, retdest
DUP7 DUP7 DUP7 DUP7 // CODE_ADDR: 3, code_len
// stack: kexit_info, value, code_offset, code_len, salt
// TODO: Charge gas.
SWAP4
%stack (salt) -> (salt, sys_create2_got_address)
// stack: salt, sys_create2_got_address, value, code_offset, code_len, kexit_info
DUP4 // code_len
DUP4 // code_offset
PUSH @SEGMENT_MAIN_MEMORY
PUSH 0 // context
KECCAK_GENERAL
// stack: code_hash, sender, endowment, salt, CODE_ADDR: 3, code_len, retdest
// Call get_create2_address and have it return to create_inner.
%stack (code_hash, sender, endowment, salt)
-> (sender, salt, code_hash, create_inner, sender, endowment)
// stack: sender, salt, CODE_ADDR, code_len, create_inner, sender, endowment, CODE_ADDR, code_len, retdest
// stack: hash, salt, sys_create2_got_address, value, code_offset, code_len, kexit_info
%address
// stack: sender, hash, salt, sys_create2_got_address, value, code_offset, code_len, kexit_info
%jump(get_create2_address)
sys_create2_got_address:
// stack: address, value, code_offset, code_len, kexit_info
%address
%stack (sender, address, value, code_offset, code_len, kexit_info)
-> (address, sender, value, 0, @SEGMENT_MAIN_MEMORY, code_offset, code_len,
sys_create2_finish, kexit_info)
%jump(create_inner)
sys_create2_finish:
// stack: address, kexit_info
SWAP1
EXIT_KERNEL
// Pre stack: address, sender, endowment, CODE_ADDR, code_len, retdest
// Post stack: address
// Note: CODE_ADDR refers to a (context, segment, offset) tuple.
create_inner:
global create_inner:
// stack: address, sender, endowment, CODE_ADDR, code_len, retdest
%stack (address, sender, endowment)
-> (sender, address, endowment, sender, address)
// TODO: Need to handle insufficient balance failure.
%transfer_eth
// stack: transfer_eth_status, sender, address, CODE_ADDR, code_len, retdest
%jumpi(fault_exception)
// stack: sender, address, CODE_ADDR, code_len, retdest
%increment_nonce

44
evm/src/cpu/kernel/asm/core/create_addresses.asm
View File

@ -5,12 +5,33 @@
// Post stack: address
global get_create_address:
// stack: sender, nonce, retdest
// TODO: Replace with actual implementation.
%pop2
PUSH 123
%alloc_rlp_block
// stack: rlp_start, sender, nonce, retdest
%stack (rlp_start, sender, nonce) -> (rlp_start, sender, nonce, rlp_start)
// stack: rlp_start, sender, nonce, rlp_start, retdest
%encode_rlp_160 // TODO: or encode_rlp_scalar?
// stack: rlp_pos, nonce, rlp_start, retdest
%encode_rlp_scalar
// stack: rlp_pos, rlp_start, retdest
%prepend_rlp_list_prefix
// stack: rlp_prefix_start, rlp_len, retdest
PUSH @SEGMENT_RLP_RAW
PUSH 0 // context
// stack: RLP_ADDR: 3, rlp_len, retdest
KECCAK_GENERAL
%mod_const(0x10000000000000000000000000000000000000000) // 2^160
// stack: address, retdest
%observe_new_address
SWAP1
JUMP
// Convenience macro to call get_create_address and return where we left off.
%macro get_create_address
%stack (sender, nonce) -> (sender, nonce, %%after)
%jump(get_create_address)
%%after:
%endmacro
// Computes the address for a contract based on the CREATE2 rule, i.e.
// address = KEC(0xff || sender || salt || code_hash)[12:]
//
@ -21,5 +42,22 @@ global get_create2_address:
// TODO: Replace with actual implementation.
%pop3
PUSH 123
// stack: address, retdest
%observe_new_address
SWAP1
JUMP
// This should be called whenever a new address is created. This is only for debugging. It does
// nothing, but just provides a single hook where code can react to newly created addresses.
global observe_new_address:
// stack: address, retdest
SWAP1
// stack: retdest, address
JUMP
// Convenience macro to call observe_new_address and return where we left off.
%macro observe_new_address
%stack (address) -> (address, %%after)
%jump(observe_new_address)
%%after:
%endmacro

58
evm/src/cpu/kernel/asm/core/gas.asm Normal file
View File

@ -0,0 +1,58 @@
global sys_gas:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
DUP1 %shr_const(192)
// stack: gas_used, kexit_info
%ctx_gas_limit
// stack: gas_limit, gas_used, kexit_info
SUB
// stack: gas_remaining, kexit_info
SWAP1
EXIT_KERNEL
%macro ctx_gas_limit
%mload_context_metadata(@CTX_METADATA_GAS_LIMIT)
%endmacro
// Charge gas. Faults if we exceed the limit for the current context.
%macro charge_gas
// stack: gas, kexit_info
%shl_const(192)
ADD
// stack: kexit_info'
%ctx_gas_limit
// stack: gas_limit, kexit_info'
DUP2 %shr_const(192)
// stack: gas_used, gas_limit, kexit_info'
GT
// stack: out_of_gas, kexit_info'
%jumpi(fault_exception)
// stack: kexit_info'
%endmacro
// Charge a constant amount of gas.
%macro charge_gas_const(gas)
// stack: kexit_info
PUSH $gas
// stack: gas, kexit_info
%charge_gas
// stack: kexit_info'
%endmacro
// Charge gas and exit kernel code.
%macro charge_gas_and_exit
// stack: gas, kexit_info
%charge_gas
// stack: kexit_info'
EXIT_KERNEL
%endmacro
global sys_gasprice:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%mload_txn_field(@TXN_FIELD_COMPUTED_FEE_PER_GAS)
// stack: gas_price, kexit_info
SWAP1
EXIT_KERNEL

26
evm/src/cpu/kernel/asm/core/nonce.asm
View File

@ -1,17 +1,21 @@
// Increment the nonce of the given account.
// Get the nonce of the given account.
// Pre stack: address, retdest
// Post stack: (empty)
global get_nonce:
global nonce:
// stack: address, retdest
// TODO: Replace with actual implementation.
POP
JUMP
%mpt_read_state_trie
// stack: account_ptr, retdest
// The nonce is the first account field, so we deref the account pointer itself.
// Note: We don't need to handle account_ptr=0, as trie_data[0] = 0,
// so the deref will give 0 (the default nonce) as desired.
%mload_trie_data
// stack: nonce, retdest
SWAP1 JUMP
// Convenience macro to call get_nonce and return where we left off.
%macro get_nonce
// Convenience macro to call nonce and return where we left off.
%macro nonce
%stack (address) -> (address, %%after)
%jump(get_nonce)
%jump(nonce)
%%after:
%endmacro
@ -20,7 +24,7 @@ global increment_nonce:
// stack: address, retdest
%mpt_read_state_trie
// stack: account_ptr, retdest
DUP1 ISZERO %jumpi(panic)
DUP1 ISZERO %jumpi(increment_nonce_no_such_account)
// stack: nonce_ptr, retdest
DUP1 %mload_trie_data
// stack: nonce, nonce_ptr, retdest
@ -30,6 +34,8 @@ global increment_nonce:
%mstore_trie_data
// stack: retdest
JUMP
global increment_nonce_no_such_account:
PANIC
// Convenience macro to call increment_nonce and return where we left off.
%macro increment_nonce

103
evm/src/cpu/kernel/asm/core/process_txn.asm
View File

@ -50,23 +50,76 @@ global process_based_on_type:
global process_contract_creation_txn:
// stack: retdest
PUSH process_contract_creation_txn_after_create
// stack: process_contract_creation_txn_after_create, retdest
%mload_txn_field(@TXN_FIELD_DATA_LEN)
// stack: code_len, process_contract_creation_txn_after_create, retdest
PUSH 0
// stack: code_offset, code_len, process_contract_creation_txn_after_create, retdest
PUSH @SEGMENT_TXN_DATA
// stack: code_segment, code_offset, code_len, process_contract_creation_txn_after_create, retdest
PUSH 0 // context
// stack: CODE_ADDR, code_len, process_contract_creation_txn_after_create, retdest
%mload_txn_field(@TXN_FIELD_ORIGIN)
// stack: origin, retdest
DUP1 %nonce
// stack: origin_nonce, origin, retdest
SWAP1
// stack: origin, origin_nonce, retdest
%get_create_address
// stack: address, retdest
// Deduct value from caller.
%mload_txn_field(@TXN_FIELD_VALUE)
%mload_txn_field(@TXN_FIELD_ORIGIN)
// stack: sender, endowment, CODE_ADDR, code_len, process_contract_creation_txn_after_create, retdest
%jump(create)
%deduct_eth
// stack: deduct_eth_status, address, retdest
%jumpi(panic)
// stack: address, retdest
global process_contract_creation_txn_after_create:
// stack: new_address, retdest
// Write the new account's data to MPT data, and get a pointer to it.
%get_trie_data_size
// stack: account_ptr, address, retdest
PUSH 1 %append_to_trie_data // nonce = 1
// stack: account_ptr, address, retdest
DUP2 %balance %mload_txn_field(@TXN_FIELD_VALUE) ADD %append_to_trie_data // balance = old_balance + txn_value
// stack: account_ptr, address, retdest
PUSH 0 %append_to_trie_data // storage_root = nil
// stack: account_ptr, address, retdest
PUSH @EMPTY_STRING_HASH %append_to_trie_data // code_hash = keccak('')
// stack: account_ptr, address, retdest
DUP2
// stack: address, account_ptr, address, retdest
%mpt_insert_state_trie
// stack: address, retdest
%create_context
// stack: new_ctx, address, retdest
// Copy the code from txdata to the new context's code segment.
PUSH process_contract_creation_txn_after_code_loaded
%mload_txn_field(@TXN_FIELD_DATA_LEN)
PUSH 0 // SRC.offset
PUSH @SEGMENT_TXN_DATA // SRC.segment
PUSH 0 // SRC.context
PUSH 0 // DST.offset
PUSH @SEGMENT_CODE // DST.segment
DUP7 // DST.context = new_ctx
%jump(memcpy)
process_contract_creation_txn_after_code_loaded:
// stack: new_ctx, address, retdest
// Each line in the block below does not change the stack.
DUP2 %set_new_ctx_addr
%mload_txn_field(@TXN_FIELD_ORIGIN) %set_new_ctx_caller
%mload_txn_field(@TXN_FIELD_VALUE) %set_new_ctx_value
%set_new_ctx_parent_ctx
%set_new_ctx_parent_pc(process_contract_creation_txn_after_constructor)
%non_intrinisic_gas %set_new_ctx_gas_limit
// stack: new_ctx, address, retdest
%enter_new_ctx
// (Old context) stack: new_ctx, address, retdest
global process_contract_creation_txn_after_constructor:
// stack: success, leftover_gas, new_ctx, address, retdest
POP // TODO: Success will go into the receipt when we support that.
// stack: leftover_gas, new_ctx, address, retdest
%pay_coinbase_and_refund_sender
// stack: new_ctx, address, retdest
POP
POP
JUMP
@ -105,9 +158,8 @@ global process_message_txn_insufficient_balance:
global process_message_txn_return:
// stack: retdest
%mload_txn_field(@TXN_FIELD_INTRINSIC_GAS)
%mload_txn_field(@TXN_FIELD_GAS_LIMIT)
SUB
// Since no code was executed, the leftover gas is the non-intrinsic gas.
%non_intrinisic_gas
// stack: leftover_gas, retdest
%pay_coinbase_and_refund_sender
// stack: retdest
@ -124,18 +176,13 @@ global process_message_txn_code_loaded:
%mload_txn_field(@TXN_FIELD_VALUE) %set_new_ctx_value
%set_new_ctx_parent_ctx
%set_new_ctx_parent_pc(process_message_txn_after_call)
// stack: new_ctx, retdest
// The gas provided to the callee is gas_limit - intrinsic_gas.
%mload_txn_field(@TXN_FIELD_INTRINSIC_GAS)
%mload_txn_field(@TXN_FIELD_GAS_LIMIT)
SUB
%set_new_ctx_gas_limit
%non_intrinisic_gas %set_new_ctx_gas_limit
// stack: new_ctx, retdest
// TODO: Copy TXN_DATA to CALLDATA
%enter_new_ctx
// (Old context) stack: new_ctx, retdest
global process_message_txn_after_call:
// stack: success, leftover_gas, new_ctx, retdest
@ -206,3 +253,11 @@ global process_message_txn_after_call:
%mstore_txn_field(@TXN_FIELD_COMPUTED_PRIORITY_FEE_PER_GAS)
// stack: (empty)
%endmacro
%macro non_intrinisic_gas
// stack: (empty)
%mload_txn_field(@TXN_FIELD_INTRINSIC_GAS)
%mload_txn_field(@TXN_FIELD_GAS_LIMIT)
SUB
// stack: gas_limit - intrinsic_gas
%endmacro

26
evm/src/cpu/kernel/asm/core/syscall_stubs.asm
View File

@ -13,30 +13,18 @@ global sys_sgt:
PANIC
global sys_sar:
PANIC
global sys_balance:
PANIC
global sys_origin:
PANIC
global sys_calldataload:
PANIC
global sys_calldatasize:
PANIC
global sys_calldatacopy:
PANIC
global sys_codecopy:
PANIC
global sys_gasprice:
// stack: kexit_info
%mload_txn_field(@TXN_FIELD_COMPUTED_FEE_PER_GAS)
// stack: gas_price, kexit_info
SWAP1
EXIT_KERNEL
global sys_returndatasize:
PANIC
global sys_returndatacopy:
PANIC
global sys_extcodehash:
PANIC
global sys_blockhash:
PANIC
global sys_coinbase:
@ -54,24 +42,14 @@ global sys_gaslimit:
global sys_chainid:
// TODO: Return the block's chain ID instead of the txn's, even though they should match.
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%mload_txn_field(@TXN_FIELD_CHAIN_ID)
// stack: chain_id, kexit_info
SWAP1
EXIT_KERNEL
global sys_selfbalance:
PANIC
global sys_basefee:
PANIC
global sys_gas:
// stack: kexit_info
DUP1 %shr_const(192)
// stack: gas_used, kexit_info
%mload_context_metadata(@CTX_METADATA_GAS_LIMIT)
// stack: gas_limit, gas_used, kexit_info
SUB
// stack: gas_remaining, kexit_info
SWAP1
EXIT_KERNEL
global sys_log0:
PANIC
global sys_log1:

14
evm/src/cpu/kernel/asm/core/terminate.asm
View File

@ -20,6 +20,7 @@ global sys_return:
global sys_selfdestruct:
// stack: kexit_info
// TODO: Charge gas.
%consume_gas_const(@GAS_SELFDESTRUCT)
%leftover_gas
// stack: leftover_gas
@ -37,7 +38,7 @@ global sys_revert:
PUSH 0 // success
%jump(terminate_common)
// The execution is in an exceptional halt-ing state if
// The execution is in an exceptional halting state if
// - there is insufficient gas
// - the instruction is invalid
// - there are insufficient stack items
@ -96,6 +97,15 @@ global terminate_common:
%shr_const(192)
// stack: gas_used
%mload_context_metadata(@CTX_METADATA_GAS_LIMIT)
// stack: gas_limit, gas_used
SWAP1
// stack: gas_used, gas_limit
DUP2 DUP2 LT
// stack: gas_used < gas_limit, gas_used, gas_limit
SWAP2
// stack: gas_limit, gas_used, gas_used < gas_limit
SUB
// stack: leftover_gas
// stack: gas_limit - gas_used, gas_used < gas_limit
MUL
// stack: leftover_gas = (gas_limit - gas_used) * (gas_used < gas_limit)
%endmacro

14
evm/src/cpu/kernel/asm/core/transfer.asm
View File

@ -23,21 +23,10 @@ global transfer_eth_failure:
%%after:
%endmacro
// Pre stack: should_transfer, from, to, amount
// Post stack: (empty)
%macro maybe_transfer_eth
%jumpi(%%transfer)
// We're skipping the transfer, so just pop the arguments and return.
%pop3
%jump(%%after)
%%transfer:
%transfer_eth
%%after:
%endmacro
// Returns 0 on success, or 1 if addr has insufficient balance. Panics if addr isn't found in the trie.
// Pre stack: addr, amount, retdest
// Post stack: status (0 indicates success)
// TODO: Should it be copy-on-write (with make_account_copy) instead of mutating the trie?
global deduct_eth:
// stack: addr, amount, retdest
%mpt_read_state_trie
@ -73,6 +62,7 @@ global deduct_eth_insufficient_balance:
// Pre stack: addr, amount, redest
// Post stack: (empty)
// TODO: Should it be copy-on-write (with make_account_copy) instead of mutating the trie?
global add_eth:
// stack: addr, amount, retdest
DUP1 %mpt_read_state_trie

28
evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm
View File

@ -106,19 +106,7 @@ ecdsa_after_precompute_loop_end:
// Take a public key (PKx, PKy) and return the associated address KECCAK256(PKx || PKy)[-20:].
pubkey_to_addr:
// stack: PKx, PKy, retdest
PUSH 0
// stack: 0, PKx, PKy, retdest
MSTORE // TODO: switch to kernel memory (like `%mstore_kernel(@SEGMENT_KERNEL_GENERAL)`).
// stack: PKy, retdest
PUSH 0x20
// stack: 0x20, PKy, retdest
MSTORE
// stack: retdest
PUSH 0x40
// stack: 0x40, retdest
PUSH 0
// stack: 0, 0x40, retdest
KECCAK256
%keccak256_u256_pair
// stack: hash, retdest
PUSH 0xffffffffffffffffffffffffffffffffffffffff
// stack: 2^160-1, hash, retdest
@ -134,17 +122,13 @@ pubkey_to_addr:
// stack: hash, v, r, s, retdest
DUP2
// stack: v, hash, v, r, s, retdest
PUSH 27
// stack: 27, v, hash, v, r, s, retdest
EQ
%eq_const(27)
// stack: v==27, hash, v, r, s, retdest
DUP3
// stack: v, v==27, hash, v, r, s, retdest
PUSH 28
// stack: 28, v, v==27, hash, v, r, s, retdest
EQ
%eq_const(28)
// stack: v==28, v==27, hash, v, r, s, retdest
OR
ADD // OR
// stack: (v==28 || v==27), hash, v, r, s, retdest
DUP5
// stack: s, (v==28 || v==27), hash, v, r, s, retdest
@ -154,7 +138,7 @@ pubkey_to_addr:
// stack: r, (s >= N || s==0), (v==28 || v==27), hash, v, r, s, retdest
%secp_is_out_of_bounds
// stack: (r >= N || r==0), (s >= N || s==0), (v==28 || v==27), hash, v, r, s, retdest
OR
ADD // OR
// stack: (r >= N || r==0 || s >= N || s==0), (v==28 || v==27), hash, v, r, s, retdest
ISZERO
// stack: (r < N & r!=0 & s < N & s!=0), (v==28 || v==27), hash, v, r, s, retdest
@ -178,7 +162,7 @@ pubkey_to_addr:
// stack: x < N, x==0
ISZERO
// stack: x >= N, x==0
OR
ADD // OR
// stack: x >= N || x==0
%endmacro

16
evm/src/cpu/kernel/asm/hash/blake2b/addresses.asm
View File

@ -1,19 +1,3 @@
// Load the initial hash value (the IV, but with params XOR'd into the first word).
%macro blake2b_initial_hash_value
%blake2b_iv_i(7)
%blake2b_iv_i(6)
%blake2b_iv_i(5)
%blake2b_iv_i(4)
%blake2b_iv_i(3)
%blake2b_iv_i(2)
%blake2b_iv_i(1)
// stack: IV_1, IV_2, IV_3, IV_4, IV_5, IV_6, IV_7
PUSH 0x01010040 // params: key = 00, digest_size = 64 = 0x40
%blake2b_iv_i(0)
XOR
// stack: IV_0 ^ params, IV_1, IV_2, IV_3, IV_4, IV_5, IV_6, IV_7
%endmacro
// Address where the working version of the hash value is stored.
%macro blake2b_hash_value_addr
PUSH 0

105
evm/src/cpu/kernel/asm/hash/blake2b/compression.asm
View File

@ -2,7 +2,9 @@ global blake2b_compression:
// stack: retdest
PUSH 0
// stack: cur_block = 0, retdest
%blake2b_initial_hash_value
PUSH compression_loop
// stack: compression_loop, cur_block, retdest
%jump(blake2b_initial_hash_value)
compression_loop:
// stack: h_0, ..., h_7, cur_block, retdest
@ -83,8 +85,7 @@ compression_loop:
// stack: cur_message_addr + 1, cur_block_byte + 8, ...
%endrep
// stack: end_message_addr, end_block_start_byte, t, cur_block, is_last_block, retdest
POP
POP
%pop2
// stack: t, cur_block, is_last_block, retdest
SWAP1
// stack: cur_block, t, is_last_block, retdest
@ -126,15 +127,14 @@ compression_loop:
// stack: 0, start + 8, invert_if_last_block, t, cur_block, retdest
%rep 4
// stack: i, loc, ...
DUP2
DUP2
// stack: i, loc, i, loc,...
DUP1
// stack: i, i, loc, ...
%blake2b_iv
// stack: IV_i, loc, i, loc,...
SWAP1
// stack: loc, IV_i, i, loc,...
// stack: IV_i, i, loc, ...
DUP3
// stack: loc, IV_i, i, loc, ...
%mstore_kernel_general
// stack: i, loc,...
// stack: i, loc, ...
%increment
SWAP1
%increment
@ -145,15 +145,11 @@ compression_loop:
%stack (i, loc, inv, last, t) -> (t, t, i, loc, inv, last)
// stack: t, t, 4, start + 12, invert_if_last_block, cur_block, retdest
%shr_const(64)
// stack: t >> 64, t, 4, start + 12, invert_if_last_block, cur_block, retdest
// stack: t_hi = t >> 64, t, 4, start + 12, invert_if_last_block, cur_block, retdest
SWAP1
// stack: t, t >> 64, 4, start + 12, invert_if_last_block, cur_block, retdest
PUSH 1
%shl_const(64)
// stack: 1 << 64, t, t >> 64, 4, start + 12, invert_if_last_block, cur_block, retdest
SWAP1
MOD
// stack: t_lo = t % (1 << 64), t_hi = t >> 64, 4, start + 12, invert_if_last_block, cur_block, retdest
// stack: t, t_hi, 4, start + 12, invert_if_last_block, cur_block, retdest
%mod_const(0x10000000000000000)
// stack: t_lo = t % (1 << 64), t_hi, 4, start + 12, invert_if_last_block, cur_block, retdest
%stack (t_lo, t_hi, i, loc, inv) -> (i, loc, t_lo, t_hi, inv, 0)
// stack: 4, start + 12, t_lo, t_hi, invert_if_last_block, 0, cur_block, retdest
@ -161,60 +157,46 @@ compression_loop:
// the values (t % 2**64, t >> 64, invert_if, 0).
%rep 4
// stack: i, loc, val, next_val,...
%stack (i, loc, val) -> (i, val, loc, i, loc)
// stack: i, val, loc, i, loc, next_val,...
DUP1
// stack: i, i, loc, val, next_val,...
%blake2b_iv
// stack: IV_i, val, loc, i, loc, next_val,...
// stack: IV_i, i, loc, val, next_val,...
DUP4
// stack: val, IV_i, i, loc, val, next_val,...
XOR
// stack: val ^ IV_i, loc, i, loc, next_val,...
SWAP1
// stack: loc, val ^ IV_i, i, loc, next_val,...
// stack: val ^ IV_i, i, loc, val, next_val,...
DUP3
// stack: loc, val ^ IV_i, i, loc, val, next_val,...
%mstore_kernel_general
// stack: i, loc, next_val,...
// stack: i, loc, val, next_val,...
%increment
SWAP1
// stack: i + 1, loc, val, next_val,...
SWAP2
// stack: val, loc, i + 1, next_val,...
POP
// stack: loc, i + 1, next_val,...
%increment
// stack: loc + 1, i + 1, next_val,...
SWAP1
// stack: i + 1, loc + 1, next_val,...
%endrep
// stack: 8, loc + 16, cur_block, retdest
POP
POP
%pop2
// stack: cur_block, retdest
%blake2b_internal_state_addr
// stack: start, cur_block, retdest
PUSH 0
// stack: round=0, start, cur_block, retdest
// Run 12 rounds of G functions.
%rep 12
// stack: round, start, cur_block, retdest
%call_blake2b_g_function(0, 4, 8, 12, 0, 1)
%call_blake2b_g_function(1, 5, 9, 13, 2, 3)
%call_blake2b_g_function(2, 6, 10, 14, 4, 5)
%call_blake2b_g_function(3, 7, 11, 15, 6, 7)
%call_blake2b_g_function(0, 5, 10, 15, 8, 9)
%call_blake2b_g_function(1, 6, 11, 12, 10, 11)
%call_blake2b_g_function(2, 7, 8, 13, 12, 13)
%call_blake2b_g_function(3, 4, 9, 14, 14, 15)
// stack: round, start, cur_block, retdest
%increment
// stack: round + 1, start, cur_block, retdest
%endrep
// stack: 12, start, cur_block, retdest
POP
POP
PUSH g_functions_return
// stack: g_functions_return, cur_block, retdest
%blake2b_internal_state_addr
// stack: start, g_functions_return, cur_block, retdest
%jump(run_12_rounds_g_function)
g_functions_return:
// Finalize hash value.
// stack: cur_block, retdest
%blake2b_generate_new_hash_value(7)
%blake2b_generate_new_hash_value(6)
%blake2b_generate_new_hash_value(5)
%blake2b_generate_new_hash_value(4)
%blake2b_generate_new_hash_value(3)
%blake2b_generate_new_hash_value(2)
%blake2b_generate_new_hash_value(1)
%blake2b_generate_new_hash_value(0)
PUSH hash_generate_return
// stack: hash_generate_return, cur_block, retdest
%jump(blake2b_generate_all_hash_values)
hash_generate_return:
// stack: h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block, retdest
DUP9
// stack: cur_block, h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block, retdest
@ -227,10 +209,9 @@ compression_loop:
PUSH 0
%mload_kernel_general
// stack: num_blocks, cur_block + 1, h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block + 1, retdest
EQ
// stack: last_block, h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block + 1, retdest
%jumpi(compression_end)
%jump(compression_loop)
GT
// stack: not_last_block, h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block + 1, retdest
%jumpi(compression_loop)
compression_end:
// stack: h_0', h_1', h_2', h_3', h_4', h_5', h_6', h_7', cur_block + 1, retdest

74
evm/src/cpu/kernel/asm/hash/blake2b/g_functions.asm
View File

@ -3,28 +3,38 @@
// are in the range 0..16) in the internal state.
// The internal state is stored in memory starting at the address start.
// stack: a, b, c, d, x, y, start
%stack (indices: 4) -> (indices, indices)
DUP4
DUP4
DUP4
DUP4
// stack: a, b, c, d, a, b, c, d, x, y, start
DUP11
// stack: start, a, b, c, d, a, b, c, d, x, y, start
%stack (start, a, b, c, d) -> (d, start, c, start, b, start, a, start)
// stack: d, start, c, start, b, start, a, start, a, b, c, d, x, y, start
ADD
%mload_kernel_general
// stack: v[d], c, start, b, start, a, start, a, b, c, d, x, y, start
%stack (vd, remaining: 6) -> (remaining, vd)
// stack: c, start, b, start, a, start, v[d], a, b, c, d, x, y, start
// stack: v[a], b, c, d, a, b, c, d, x, y, start
SWAP1
// stack: b, v[a], c, d, a, b, c, d, x, y, start
DUP11
// stack: start, b, v[a], c, d, a, b, c, d, x, y, start
ADD
%mload_kernel_general
%stack (vc, remaining: 4) -> (remaining, vc)
// stack: b, start, a, start, v[c], v[d], a, b, c, d, x, y, start
// stack: v[b], v[a], c, d, a, b, c, d, x, y, start
SWAP2
// stack: c, v[a], v[b], d, a, b, c, d, x, y, start
DUP11
// stack: start, c, v[a], v[b], d, a, b, c, d, x, y, start
ADD
%mload_kernel_general
// stack: v[b], a, start, v[c], v[d], a, b, c, d, x, y, start
%stack (vb, remaining: 2) -> (remaining, vb)
// stack: a, start, v[b], v[c], v[d], a, b, c, d, x, y, start
// stack: v[c], v[a], v[b], d, a, b, c, d, x, y, start
SWAP3
// stack: d, v[a], v[b], v[c], a, b, c, d, x, y, start
DUP11
// stack: start, d, v[a], v[b], v[c], a, b, c, d, x, y, start
ADD
%mload_kernel_general
// stack: v[d], v[a], v[b], v[c], a, b, c, d, x, y, start
%stack (vd, vs: 3) -> (vs, vd)
// stack: v[a], v[b], v[c], v[d], a, b, c, d, x, y, start
DUP2
// stack: v[b], v[a], v[b], v[c], v[d], a, b, c, d, x, y, start
@ -124,3 +134,45 @@
%blake2b_g_function
// stack: round, start
%endmacro
run_g_function_round:
// stack: round, start, retdest
%call_blake2b_g_function(0, 4, 8, 12, 0, 1)
%call_blake2b_g_function(1, 5, 9, 13, 2, 3)
%call_blake2b_g_function(2, 6, 10, 14, 4, 5)
%call_blake2b_g_function(3, 7, 11, 15, 6, 7)
%call_blake2b_g_function(0, 5, 10, 15, 8, 9)
%call_blake2b_g_function(1, 6, 11, 12, 10, 11)
%call_blake2b_g_function(2, 7, 8, 13, 12, 13)
%call_blake2b_g_function(3, 4, 9, 14, 14, 15)
%stack (r, s, ret) -> (ret, r, s)
// stack: retdest, round, start
JUMP
global run_12_rounds_g_function:
// stack: start, retdest
PUSH 0
// stack: round=0, start, retdest
run_next_round_g_function:
// stack: round, start, retdest
PUSH run_next_round_g_function_return
// stack: run_next_round_g_function_return, round, start, retdest
SWAP2
// stack: start, round, run_next_round_g_function_return, retdest
SWAP1
// stack: round, start, run_next_round_g_function_return, retdest
%jump(run_g_function_round)
run_next_round_g_function_return:
// stack: round, start, retdest
%increment
// stack: round+1, start, retdest
DUP1
// stack: round+1, round+1, start, retdest
%lt_const(12)
// stack: round+1 < 12, round+1, start, retdest
%jumpi(run_next_round_g_function)
// stack: round+1, start, retdest
%pop2
// stack: retdest
JUMP

54
evm/src/cpu/kernel/asm/hash/blake2b/hash.asm
View File

@ -1,18 +1,54 @@
%macro blake2b_generate_new_hash_value(i)
blake2b_generate_new_hash_value:
// stack: i, retdest
%blake2b_hash_value_addr
%add_const($i)
// stack: addr, i, retdest
DUP2
ADD
%mload_kernel_general
// stack: h_i, ...
// stack: h_i, i, retdest
%blake2b_internal_state_addr
%add_const($i)
// stack: addr, h_i, i, retdest
DUP3
ADD
%mload_kernel_general
// stack: v_i, h_i, ...
// stack: v_i, h_i, i, retdest
%blake2b_internal_state_addr
%add_const($i)
// stack: addr, v_i, h_i, i, retdest
SWAP1
// stack: v_i, addr, h_i, i, retdest
SWAP3
// stack: i, addr, h_i, v_i, retdest
ADD
%add_const(8)
%mload_kernel_general
// stack: v_(i+8), v_i, h_i, ...
// stack: v_(i+8), h_i, v_i, retdest
XOR
XOR
// stack: h_i' = v_(i+8) ^ v_i ^ h_i, ...
%endmacro
// stack: h_i' = v_(i+8) ^ v_i ^ h_i, retdest
SWAP1
JUMP
global blake2b_generate_all_hash_values:
// stack: retdest
PUSH 8
// stack: i=8, retdest
blake2b_generate_hash_loop:
// stack: i, h_i', ..., h_7', retdest
%decrement
// stack: i-1, h_i', ..., h_7', retdest
PUSH blake2b_generate_hash_return
// stack: blake2b_generate_hash_return, i-1, h_i', ..., h_7', retdest
DUP2
// stack: i-1, blake2b_generate_hash_return, i-1, h_i', ..., h_7', retdest
%jump(blake2b_generate_new_hash_value)
blake2b_generate_hash_return:
// stack: h_(i-1)', i-1, h_i', ..., h_7', retdest
SWAP1
// stack: i-1, h_(i-1)', h_i', ..., h_7', retdest
DUP1
// stack: i-1, i-1, h_(i-1)', ..., h_7', retdest
%jumpi(blake2b_generate_hash_loop)
// stack: i-1=0, h_0', ..., h_7', retdest
%stack (i, h: 8, ret) -> (ret, h)
// stack: retdest, h_0'...h_7'
JUMP

63
evm/src/cpu/kernel/asm/hash/blake2b/iv.asm
View File

@ -33,30 +33,63 @@ global blake2b_iv_const:
BYTES 91, 224, 205, 25
BYTES 19, 126, 33, 121
%macro blake2b_iv
// stack: i, ...
global blake2b_iv:
// stack: i, retdest
PUSH blake2b_iv_const
// stack: blake2b_iv_const, i, ...
// stack: blake2b_iv_const, i, retdest
SWAP1
// stack: i, blake2b_iv_const, ...
// stack: i, blake2b_iv_const, retdest
%mul_const(8)
ADD
// stack: blake2b_iv_const + 2 * i, ...
// stack: blake2b_iv_const + 2 * i, retdest
DUP1
// stack: blake2b_iv_const + 2 * i, blake2b_iv_const + 2 * i, ...
// stack: blake2b_iv_const + 2 * i, blake2b_iv_const + 2 * i, retdest
%add_const(4)
// stack: blake2b_iv_const + 2 * i + 1, blake2b_iv_const + 2 * i, ...
// stack: blake2b_iv_const + 2 * i + 1, blake2b_iv_const + 2 * i, retdest
%mload_kernel_code_u32
SWAP1
%mload_kernel_code_u32
// stack: IV_i[32:], IV_i[:32], ...
// stack: IV_i[32:], IV_i[:32], retdest
%shl_const(32)
// stack: IV_i[32:] << 32, IV_i[:32], ...
OR
// stack: IV_i, ...
// stack: IV_i[32:] << 32, IV_i[:32], retdest
ADD // OR
// stack: IV_i, retdest
SWAP1
JUMP
%macro blake2b_iv
%stack (i) -> (i, %%after)
%jump(blake2b_iv)
%%after:
%endmacro
%macro blake2b_iv_i(i)
PUSH $i
%blake2b_iv
%endmacro
// Load the initial hash value (the IV, but with params XOR'd into the first word).
global blake2b_initial_hash_value:
// stack: retdest
PUSH 8
// stack: i=8, retdest
blake2b_initial_hash_loop:
// stack: i, IV_i, ..., IV_7, retdest
%decrement
// stack: i-1, IV_i, ..., IV_7, retdest
PUSH blake2b_initial_hash_return
// stack: blake2b_initial_hash_return, i-1, IV_i, ..., IV_7, retdest
DUP2
// stack: i-1, blake2b_initial_hash_return, i-1, IV_i, ..., IV_7, retdest
%jump(blake2b_iv)
blake2b_initial_hash_return:
// stack: IV_(i-1), i-1, IV_i, ..., IV_7, retdest
SWAP1
// stack: i-1, IV_(i-1), IV_i, ..., IV_7, retdest
DUP1
// stack: i-1, i-1, IV_(i-1), ..., IV_7, retdest
%jumpi(blake2b_initial_hash_loop)
// stack: i-1=0, IV_0, ..., IV_7, retdest
POP
// stack: IV_0, ..., IV_7, retdest
PUSH 0x01010040 // params: key = 00, digest_size = 64 = 0x40
XOR
// stack: IV_0 ^ params, IV_1, IV_2, IV_3, IV_4, IV_5, IV_6, IV_7, retdest
%stack(iv: 8, ret) -> (ret, iv)
JUMP

25
evm/src/cpu/kernel/asm/hash/blake2b/permutations.asm
View File

@ -58,17 +58,28 @@ global permutation_9_constants:
BYTES 15, 11, 9, 14
BYTES 3, 12, 13, 0
%macro blake2b_permutation
// stack: round, i
global blake2b_permutation:
// stack: i, round, retdest
PUSH permutation_0_constants
// stack: permutation_0_constants, round, i
SWAP1
// stack: round, permutation_1_constants, i
// stack: permutation_0_constants, i, round, retdest
SWAP2
// stack: round, i, permutation_0_constants, retdest
%mod_const(10)
// stack: round % 10, permutation_1_constants, i
// stack: round % 10, i, permutation_0_constants, retdest
%mul_const(16)
ADD
// stack: permutation_(round)_constants, i
ADD
%mload_kernel_code
// stack: permutation_(round%10)_constants[i], retdest
SWAP1
JUMP
%macro blake2b_permutation
// stack: round, i
PUSH %%after
// stack: %%after, round, i
SWAP2
// stack: i, round, %%after
%jump(blake2b_permutation)
%%after:
%endmacro

2
evm/src/cpu/kernel/asm/hash/ripemd/functions.asm
View File

@ -18,7 +18,7 @@ global rol:
// stack: x << n, x >> (32-n), retdest
%as_u32
// stack: u32(x << n), x >> (32-n), retdest
OR
ADD // OR
// stack: u32(x << n) | (x >> (32-n)), retdest
SWAP1
JUMP

8
evm/src/cpu/kernel/asm/hash/ripemd/main.asm
View File

@ -81,21 +81,21 @@ process:
SWAP1
%reverse_bytes_u32
%shl_const(96)
OR
ADD // OR
// stack: b' a', c, d, e, VARS
SWAP1
%reverse_bytes_u32
%shl_const(64)
OR
ADD // OR
// stack: c' b' a', d, e, VARS
SWAP1
%reverse_bytes_u32
%shl_const(32)
OR
ADD // OR
// stack: d' c' b' a', e, VARS
SWAP1
%reverse_bytes_u32
OR
ADD // OR
// stack: e' d' c' b' a', VARS
%stack (result, VARS: 3, retdest) -> (retdest, result)
// stack: 0xdeadbeef, result

311
evm/src/cpu/kernel/asm/hash/sha2/compression.asm
View File

@ -8,22 +8,7 @@
global sha2_compression:
// stack: message_schedule_addr, retdest
PUSH 0
// stack: i=0, message_schedule_addr, retdest
SWAP1
// stack: message_schedule_addr, i=0, retdest
PUSH 0
// stack: 0, message_schedule_addr, i=0, retdest
%mload_kernel_general
// stack: num_blocks, message_schedule_addr, i=0, retdest
DUP1
// stack: num_blocks, num_blocks, message_schedule_addr, i=0, retdest
%scratch_space_addr_from_num_blocks
// stack: scratch_space_addr, num_blocks, message_schedule_addr, i=0, retdest
SWAP1
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
// Push the initial hash values; these constants are called H^(0) in the spec.
PUSH 0x5be0cd19 // H^(0)_7
PUSH 0x1f83d9ab // H^(0)_6
PUSH 0x9b05688c // H^(0)_5
PUSH 0x510e527f // H^(0)_4
@ -31,255 +16,145 @@ global sha2_compression:
PUSH 0x3c6ef372 // H^(0)_2
PUSH 0xbb67ae85 // H^(0)_1
PUSH 0x6a09e667 // H^(0)_0
// stack: a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
PUSH 0x5be0cd19 // H^(0)_7
// stack: h[0], a[0], b[0], c[0], d[0], e[0], f[0], g[0], message_schedule_addr, retdest
SWAP8
// stack: message_schedule_addr, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], retdest
PUSH 0
// stack: i=0, message_schedule_addr, a[0]..h[0], retdest
SWAP1
// stack: message_schedule_addr, i=0, a[0]..h[0], retdest
PUSH 0
// stack: 0, message_schedule_addr, i=0, a[0]..h[0], retdest
%mload_kernel_general
// stack: num_blocks, message_schedule_addr, i=0, a[0]..h[0], retdest
DUP1
// stack: num_blocks, num_blocks, message_schedule_addr, i=0, a[0]..h[0], retdest
%scratch_space_addr_from_num_blocks
// stack: scratch_space_addr, num_blocks, message_schedule_addr, i=0, a[0]..h[0], retdest
SWAP1
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i=0, a[0]..h[0], retdest
compression_start_block:
// Store the current values of the working variables, as the "initial values" to be added back in at the end of this block.
DUP10
// stack: scratch_space_addr, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP2
DUP2
// stack: scratch_space_addr, a[0], scratch_space_addr, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+4, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP3
DUP2
// stack: scratch_space_addr+4, b[0], scratch_space_addr+4, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+4, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP4
DUP2
// stack: scratch_space_addr+8, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+12, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP5
DUP2
// stack: scratch_space_addr+12, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+12, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+16, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP6
DUP2
// stack: scratch_space_addr+16, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+16, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+20, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP7
DUP2
// stack: scratch_space_addr+20, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+20, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+24, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP8
DUP2
// stack: scratch_space_addr+24, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+24, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%add_const(4)
// stack: scratch_space_addr+28, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
DUP9
DUP2
// stack: scratch_space_addr+28, c[0], scratch_space_addr+8, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
%mstore_kernel_general_u32
// stack: scratch_space_addr+28, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
POP
// stack: a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, retdest
// We keep the current values of the working variables saved at the end of the stack.
// These are the "initial values" to be added back in at the end of this block.
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i=0, a[0]..h[0], retdest
%rep 8
DUP12
%endrep
// stack: a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], num_blocks, scratch_space_addr, message_schedule_addr, i=0, a[0]..h[0], retdest
compression_loop:
// Update the eight working variables, using the next constant K[i] and the next message schedule chunk W[i].
// stack: a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP11
// stack: message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP13
// stack: i, message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i, message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%mul_const(4)
// stack: 4*i, message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: 4*i, message_schedule_addr, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
ADD
// stack: message_schedule_addr + 4*i, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: message_schedule_addr + 4*i, a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%mload_kernel_general_u32
// stack: W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
PUSH sha2_constants_k
// stack: sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP14
// stack: i, sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i, sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%mul_const(4)
// stack: 4*i, sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: 4*i, sha2_constants_k, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
ADD
// stack: sha2_constants_k + 4*i, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: sha2_constants_k + 4*i, W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%mload_kernel_code_u32
// stack: K[i], W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%stack (start: 6, e, f, g, h) -> (e, f, g, h, start, e, f, g, h)
// stack: e[i], f[i], g[i], h[i], K[i], W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: K[i], W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP10
DUP10
DUP10
DUP10
// stack: e[i], f[i], g[i], h[i], K[i], W[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%sha2_temp_word1
// stack: T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%stack (t, a, b, c) -> (a, b, c, t, a, b, c)
// stack: a[i], b[i], c[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP4
DUP4
DUP4
// stack: a[i], b[i], c[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%sha2_temp_word2
// stack: T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP6
// stack: d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP3
// stack: T1[i], d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: T1[i], d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%add_u32
// stack: e[i+1]=T1[i]+d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: e[i+1]=T1[i]+d[i], T2[i], T1[i], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
SWAP2
// stack: T2[i], T1[i], e[i+1], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: T2[i], T1[i], e[i+1], a[i], b[i], c[i], d[i], e[i], f[i], g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%add_u32
// stack: a[i+1]=T1[i]+T2[i], e[i+1], b[i+1]=a[i], c[i+1]=b[i], d[i+1]=c[i], d[i], f[i+1]=e[i], g[i+1]=f[i], h[i+1]=g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: a[i+1]=T1[i]+T2[i], e[i+1], b[i+1]=a[i], c[i+1]=b[i], d[i+1]=c[i], d[i], f[i+1]=e[i], g[i+1]=f[i], h[i+1]=g[i], h[i], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%stack (a, e, b, c, d, old_d, f, g, h, old_h) -> (a, b, c, d, e, f, g, h)
// stack: a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP12
// stack: i, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%increment
// stack: i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP1
// stack: i+1, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i+1, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
%eq_const(64)
// stack: i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP1
// stack: i+1==64, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: i+1==64, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
DUP12
// stack: num_blocks, i+1==64, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: num_blocks, i+1==64, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
SUB
// stack: num_blocks new, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
// stack: num_blocks new, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]..h[0], retdest
SWAP13
// stack: message_schedule_addr, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, retdest
// stack: message_schedule_addr, i+1==64, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, a[0]..h[0], retdest
SWAP1
// stack: i+1==64, message_schedule_addr, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, retdest
PUSH 256
MUL
// stack: (i+1==64)*256, message_schedule_addr, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, retdest
// stack: i+1==64, message_schedule_addr, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, a[0]..h[0], retdest
%mul_const(256)
// stack: (i+1==64)*256, message_schedule_addr, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, a[0]..h[0], retdest
ADD
// stack: message_schedule_addr new, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, retdest
// stack: message_schedule_addr new, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, num_blocks new, i, a[0]..h[0], retdest
SWAP12
// stack: num_blocks new, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr new, i, retdest
// stack: num_blocks new, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks, scratch_space_addr, message_schedule_addr new, i, a[0]..h[0], retdest
SWAP10
// stack: num_blocks, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_retdest
// stack: num_blocks, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_a[0]..h[0], retdest
POP
// stack: i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_retdest
// stack: i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_a[0]..h[0], retdest
%and_const(63)
// stack: (i+1)%64, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, retdest
// stack: (i+1)%64, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, a[0]..h[0], retdest
SWAP12
// stack: i, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, retdest
// stack: i, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, a[0]..h[0], retdest
POP
// stack: a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, retdest
// stack: a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, a[0]..h[0], retdest
DUP12
// stack: (i+1)%64, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, retdest
ISZERO
%jumpi(compression_end_block)
%jump(compression_loop)
// stack: (i+1)%64, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, a[0]..h[0], retdest
%jumpi(compression_loop)
compression_end_block:
// Add the initial values of the eight working variables (from the start of this block's compression) back into them.
// stack: a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
// stack: scratch_space_addr, a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%mload_kernel_general_u32
// stack: a[0], a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: a[0]+a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP1
// stack: b[64], a[0]+a[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(4)
%mload_kernel_general_u32
// stack: b[0], b[64], a[0]+a[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: b[0]+b[64], a[0]+a[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP2
// stack: c[64], a[0]+a[64], b[0]+b[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(8)
%mload_kernel_general_u32
// stack: c[0], c[64], a[0]+a[64], b[0]+b[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: c[0]+c[64], a[0]+a[64], b[0]+b[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP3
// stack: d[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(12)
%mload_kernel_general_u32
// stack: d[0], d[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: d[0]+d[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP4
// stack: e[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(16)
%mload_kernel_general_u32
// stack: e[0], e[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: e[0]+e[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP5
// stack: f[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(20)
%mload_kernel_general_u32
// stack: f[0], f[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: f[0]+f[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP6
// stack: g[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(24)
%mload_kernel_general_u32
// stack: g[0], g[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: g[0]+g[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP7
// stack: h[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
DUP10
%add_const(28)
%mload_kernel_general_u32
// stack: h[0], h[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
%add_u32
// stack: h[0]+h[64], a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], num_blocks, scratch_space_addr, message_schedule_addr, i, retdest
SWAP8
// stack: num_blocks, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], scratch_space_addr, message_schedule_addr, i, retdest
// stack: a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], retdest
PUSH 0
// stack: 0, a[64], b[64], c[64], d[64], e[64], f[64], g[64], h[64], num_blocks, scratch_space_addr, message_schedule_addr, i, a[0], b[0], c[0], d[0], e[0], f[0], g[0], h[0], retdest
%rep 8
SWAP13
%add_u32
SWAP12
%endrep
// stack: 0, num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
POP
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
DUP1
// stack: num_blocks, num_blocks, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], scratch_space_addr, message_schedule_addr, i, retdest
// stack: num_blocks, num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
ISZERO
// In this case, we've finished all the blocks.
%jumpi(compression_end)
// stack: num_blocks, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], scratch_space_addr, message_schedule_addr, i, retdest
%stack (num_blocks, working: 8) -> (working, num_blocks)
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
%jump(compression_start_block)
compression_end:
// stack: num_blocks, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], scratch_space_addr, message_schedule_addr, i, retdest
POP
// stack: a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], scratch_space_addr, message_schedule_addr, i, retdest
%shl_const(32)
OR
%shl_const(32)
OR
%shl_const(32)
OR
%shl_const(32)
OR
%shl_const(32)
OR
%shl_const(32)
OR
%shl_const(32)
OR
// stack: concat(a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64]), scratch_space_addr, message_schedule_addr, i, retdest
SWAP3
// stack: i, scratch_space_addr, message_schedule_addr, concat(a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64]), retdest
%pop3
// stack: num_blocks, scratch_space_addr, message_schedule_addr, i, a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
%pop4
// stack: a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64], retdest
%rep 7
%shl_const(32)
ADD // OR
%endrep
// stack: sha2_result = concat(a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64]), retdest
SWAP1
JUMP

10
evm/src/cpu/kernel/asm/hash/sha2/main.asm
View File

@ -19,9 +19,7 @@ global sha2_pad:
// STEP 1: append 1
// insert 128 (= 1 << 7) at x[num_bytes+1]
// stack: num_bytes, retdest
PUSH 1
PUSH 7
SHL
PUSH 0x80
// stack: 128, num_bytes, retdest
DUP2
// stack: num_bytes, 128, num_bytes, retdest
@ -40,14 +38,12 @@ global sha2_pad:
// STEP 3: calculate length := num_bytes*8
SWAP1
// stack: num_bytes, num_blocks, retdest
PUSH 8
MUL
%mul_const(8)
// stack: length = num_bytes*8, num_blocks, retdest
// STEP 4: write length to x[num_blocks*64-7..num_blocks*64]
DUP2
// stack: num_blocks, length, num_blocks, retdest
PUSH 64
MUL
%mul_const(64)
// stack: last_addr = num_blocks*64, length, num_blocks, retdest
%sha2_write_length
// stack: num_blocks, retdest

47
evm/src/cpu/kernel/asm/hash/sha2/message_schedule.asm
View File

@ -55,16 +55,13 @@ gen_message_schedule_from_block_0_loop:
// stack: counter, output_addr - 4, block[0] >> 32, block[1], retdest
%decrement
DUP1
ISZERO
%jumpi(gen_message_schedule_from_block_0_end)
%jump(gen_message_schedule_from_block_0_loop)
%jumpi(gen_message_schedule_from_block_0_loop)
gen_message_schedule_from_block_0_end:
// stack: old counter=0, output_addr, block[0], block[1], retdest
POP
PUSH 8
// stack: counter=8, output_addr, block[0], block[1], retdest
%stack (counter, out, b0, b1) -> (out, counter, b1, b0)
// stack: output_addr, counter, block[1], block[0], retdest
// stack: output_addr, block[0], block[1], retdest
%stack (out, b0, b1) -> (out, 8, b1, b0)
// stack: output_addr, counter=8, block[1], block[0], retdest
%add_const(64)
// stack: output_addr + 64, counter, block[1], block[0], retdest
SWAP1
@ -96,9 +93,7 @@ gen_message_schedule_from_block_1_loop:
// stack: counter, output_addr - 4, block[1] >> 32, block[0], retdest
%decrement
DUP1
ISZERO
%jumpi(gen_message_schedule_from_block_1_end)
%jump(gen_message_schedule_from_block_1_loop)
%jumpi(gen_message_schedule_from_block_1_loop)
gen_message_schedule_from_block_1_end:
// stack: old counter=0, output_addr, block[1], block[0], retdest
POP
@ -118,11 +113,7 @@ gen_message_schedule_remaining_loop:
// stack: output_addr, counter, block[0], block[1], retdest
DUP1
// stack: output_addr, output_addr, counter, block[0], block[1], retdest
PUSH 2
PUSH 4
MUL
SWAP1
SUB
%sub_const(8)
// stack: output_addr - 2*4, output_addr, counter, block[0], block[1], retdest
%mload_kernel_general_u32
// stack: x[output_addr - 2*4], output_addr, counter, block[0], block[1], retdest
@ -132,11 +123,7 @@ gen_message_schedule_remaining_loop:
// stack: output_addr, sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
DUP1
// stack: output_addr, output_addr, sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
PUSH 7
PUSH 4
MUL
SWAP1
SUB
%sub_const(28)
// stack: output_addr - 7*4, output_addr, sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
%mload_kernel_general_u32
// stack: x[output_addr - 7*4], output_addr, sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
@ -144,11 +131,7 @@ gen_message_schedule_remaining_loop:
// stack: output_addr, x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
DUP1
// stack: output_addr, output_addr, x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
PUSH 15
PUSH 4
MUL
SWAP1
SUB
%sub_const(60)
// stack: output_addr - 15*4, output_addr, x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
%mload_kernel_general_u32
// stack: x[output_addr - 15*4], output_addr, x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
@ -158,11 +141,7 @@ gen_message_schedule_remaining_loop:
// stack: output_addr, sigma_0(x[output_addr - 15*4]), x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
DUP1
// stack: output_addr, output_addr, sigma_0(x[output_addr - 15*4]), x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
PUSH 16
PUSH 4
MUL
SWAP1
SUB
%sub_const(64)
// stack: output_addr - 16*4, output_addr, sigma_0(x[output_addr - 15*4]), x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
%mload_kernel_general_u32
// stack: x[output_addr - 16*4], output_addr, sigma_0(x[output_addr - 15*4]), x[output_addr - 7*4], sigma_1(x[output_addr - 2*4]), counter, block[0], block[1], retdest
@ -185,9 +164,7 @@ gen_message_schedule_remaining_loop:
%decrement
// stack: counter - 1, output_addr + 4, block[0], block[1], retdest
DUP1
ISZERO
%jumpi(gen_message_schedule_remaining_end)
%jump(gen_message_schedule_remaining_loop)
%jumpi(gen_message_schedule_remaining_loop)
gen_message_schedule_remaining_end:
// stack: counter=0, output_addr, block[0], block[1], retdest
%pop4
@ -230,9 +207,7 @@ gen_all_message_schedules_loop_end:
// stack: cur_addr + 64, counter - 1, cur_output_addr + 256, output_addr, retdest
DUP2
// stack: counter - 1, cur_addr + 64, counter - 1, cur_output_addr + 256, output_addr, retdest
ISZERO
%jumpi(gen_all_message_schedules_end)
%jump(gen_all_message_schedules_loop)
%jumpi(gen_all_message_schedules_loop)
gen_all_message_schedules_end:
// stack: cur_addr + 64, counter - 1, cur_output_addr + 256, output_addr, retdest
%pop3

51
evm/src/cpu/kernel/asm/hash/sha2/ops.asm
View File

@ -26,14 +26,15 @@
// stack: x, x
%rotr(7)
// stack: rotr(x, 7), x
%stack (rotated, x) -> (x, x, rotated)
SWAP1
// stack: x, rotr(x, 7)
DUP1
// stack: x, x, rotr(x, 7)
%rotr(18)
// stack: rotr(x, 18), x, rotr(x, 7)
SWAP1
// stack: x, rotr(x, 18), rotr(x, 7)
PUSH 3
SHR
%div_const(8) // equivalent to %shr_const(3)
// stack: shr(x, 3), rotr(x, 18), rotr(x, 7)
XOR
XOR
@ -45,7 +46,9 @@
// stack: x, x
%rotr(17)
// stack: rotr(x, 17), x
%stack (rotated, x) -> (x, x, rotated)
SWAP1
// stack: x, rotr(x, 17)
DUP1
// stack: x, x, rotr(x, 17)
%rotr(19)
// stack: rotr(x, 19), x, rotr(x, 17)
@ -64,7 +67,9 @@
// stack: x, x
%rotr(2)
// stack: rotr(x, 2), x
%stack (rotated, x) -> (x, x, rotated)
SWAP1
// stack: x, rotr(x, 2)
DUP1
// stack: x, x, rotr(x, 2)
%rotr(13)
// stack: rotr(x, 13), x, rotr(x, 2)
@ -82,7 +87,9 @@
// stack: x, x
%rotr(6)
// stack: rotr(x, 6), x
%stack (rotated, x) -> (x, x, rotated)
SWAP1
// stack: x, rotr(x, 6)
DUP1
// stack: x, x, rotr(x, 6)
%rotr(11)
// stack: rotr(x, 11), x, rotr(x, 6)
@ -100,11 +107,13 @@
// stack: x, x, y, z
NOT
// stack: not x, x, y, z
%stack (notx, x, y, z) -> (notx, z, x, y)
// stack: not x, z, x, y
SWAP1
// stack: x, not x, y, z
SWAP3
// stack: z, not x, y, x
AND
// stack: (not x) and z, x, y
%stack (nxz, x, y) -> (x, y, nxz)
// stack: (not x) and z, y, x
SWAP2
// stack: x, y, (not x) and z
AND
// stack: x and y, (not x) and z
@ -113,18 +122,22 @@
%macro sha2_majority
// stack: x, y, z
%stack (xyz: 3) -> (xyz, xyz)
// stack: x, y, z, x, y, z
DUP1
// stack: x, x, y, z
DUP3
// stack: y, x, x, y, z
DUP5
// stack: z, y, x, x, y, z
AND
// stack: x and y, z, x, y, z
// stack: z and y, x, x, y, z
SWAP4
// stack: z, x, x, y, z and y
AND
// stack: z and x, x, y, z and y
SWAP2
// stack: x, z, x and y, y, z
// stack: y, x, z and x, z and y
AND
// stack: x and z, x and y, y, z
%stack (a: 2, b: 2) -> (b, a)
// stack: y, z, x and z, x and y
AND
// stack: y and z, x and z, x and y
// stack: y and x, z and x, z and y
OR
OR
%endmacro

120
evm/src/cpu/kernel/asm/hash/sha2/write_length.asm
View File

@ -10,110 +10,24 @@
// stack: last_addr, length % (1 << 8), length, last_addr
%mstore_kernel_general
// stack: length, last_addr
SWAP1
%decrement
SWAP1
// stack: length, last_addr - 1
%shr_const(8)
// stack: length >> 8, last_addr - 1
DUP1
// stack: length >> 8, length >> 8, last_addr - 1
%and_const(0xff)
// stack: (length >> 8) % (1 << 8), length >> 8, last_addr - 1
DUP3
// stack: last_addr - 1, (length >> 8) % (1 << 8), length >> 8, last_addr - 1
%mstore_kernel_general
// stack: length >> 8, last_addr - 1
SWAP1
%decrement
SWAP1
// stack: length >> 8, last_addr - 2
%shr_const(8)
// stack: length >> 16, last_addr - 2
DUP1
// stack: length >> 16, length >> 16, last_addr - 2
%and_const(0xff)
// stack: (length >> 16) % (1 << 8), length >> 16, last_addr - 2
DUP3
// stack: last_addr - 2, (length >> 16) % (1 << 8), length >> 16, last_addr - 2
%mstore_kernel_general
%rep 7
// For i = 0 to 6
// stack: length >> (8 * i), last_addr - i - 1
SWAP1
%decrement
SWAP1
// stack: length >> (8 * i), last_addr - i - 2
%div_const(256) // equivalent to %shr_const(8)
// stack: length >> (8 * (i + 1)), last_addr - i - 2
DUP1
// stack: length >> (8 * (i + 1)), length >> (8 * (i + 1)), last_addr - i - 2
%mod_const(256)
// stack: (length >> (8 * (i + 1))) % (1 << 8), length >> (8 * (i + 1)), last_addr - i - 2
DUP3
// stack: last_addr - i - 2, (length >> (8 * (i + 1))) % (1 << 8), length >> (8 * (i + 1)), last_addr - i - 2
%mstore_kernel_general
%endrep
// stack: length >> 16, last_addr - 2
SWAP1
%decrement
SWAP1
// stack: length >> 16, last_addr - 3
%shr_const(8)
// stack: length >> 24, last_addr - 3
DUP1
// stack: length >> 24, length >> 24, last_addr - 3
%and_const(0xff)
// stack: (length >> 24) % (1 << 8), length >> 24, last_addr - 3
DUP3
// stack: last_addr - 3, (length >> 24) % (1 << 8), length >> 24, last_addr - 3
%mstore_kernel_general
// stack: length >> 24, last_addr - 3
SWAP1
%decrement
SWAP1
// stack: length >> 24, last_addr - 4
%shr_const(8)
// stack: length >> 32, last_addr - 4
DUP1
// stack: length >> 32, length >> 32, last_addr - 4
%and_const(0xff)
// stack: (length >> 32) % (1 << 8), length >> 32, last_addr - 4
DUP3
// stack: last_addr - 4, (length >> 32) % (1 << 8), length >> 32, last_addr - 4
%mstore_kernel_general
// stack: length >> 32, last_addr - 4
SWAP1
%decrement
SWAP1
// stack: length >> 32, last_addr - 5
%shr_const(8)
// stack: length >> 40, last_addr - 5
DUP1
// stack: length >> 40, length >> 40, last_addr - 5
%and_const(0xff)
// stack: (length >> 40) % (1 << 8), length >> 40, last_addr - 5
DUP3
// stack: last_addr - 5, (length >> 40) % (1 << 8), length >> 40, last_addr - 5
%mstore_kernel_general
// stack: length >> 40, last_addr - 5
SWAP1
%decrement
SWAP1
// stack: length >> 40, last_addr - 6
%shr_const(8)
// stack: length >> 48, last_addr - 6
DUP1
// stack: length >> 48, length >> 48, last_addr - 6
%and_const(0xff)
// stack: (length >> 48) % (1 << 8), length >> 48, last_addr - 6
DUP3
// stack: last_addr - 6, (length >> 48) % (1 << 8), length >> 48, last_addr - 6
%mstore_kernel_general
// stack: length >> 48, last_addr - 6
SWAP1
%decrement
SWAP1
// stack: length >> 48, last_addr - 7
%shr_const(8)
// stack: length >> 56, last_addr - 7
DUP1
// stack: length >> 56, length >> 56, last_addr - 7
%and_const(0xff)
// stack: (length >> 56) % (1 << 8), length >> 56, last_addr - 7
DUP3
// stack: last_addr - 7, (length >> 56) % (1 << 8), length >> 56, last_addr - 7
%mstore_kernel_general
%pop2
// stack: (empty)
%endmacro

46
evm/src/cpu/kernel/asm/memory/core.asm
View File

@ -79,21 +79,21 @@
DUP2
%increment
%mload_kernel($segment)
OR
ADD // OR
// stack: (c_3 << 8) | c_2, offset
%shl_const(8)
// stack: ((c_3 << 8) | c_2) << 8, offset
DUP2
%add_const(2)
%mload_kernel($segment)
OR
ADD // OR
// stack: (((c_3 << 8) | c_2) << 8) | c_1, offset
%shl_const(8)
// stack: ((((c_3 << 8) | c_2) << 8) | c_1) << 8, offset
SWAP1
%add_const(3)
%mload_kernel($segment)
OR
ADD // OR
// stack: (((((c_3 << 8) | c_2) << 8) | c_1) << 8) | c_0
%endmacro
@ -107,19 +107,19 @@
%increment
%mload_kernel($segment)
%shl_const(8)
OR
ADD
// stack: c0 | (c1 << 8) , offset
DUP2
%add_const(2)
%mload_kernel($segment)
%shl_const(16)
OR
ADD
// stack: c0 | (c1 << 8) | (c2 << 16), offset
SWAP1
%add_const(3)
%mload_kernel($segment)
%shl_const(24)
OR
ADD // OR
// stack: c0 | (c1 << 8) | (c2 << 16) | (c3 << 24)
%endmacro
@ -137,7 +137,7 @@
// stack: hi, lo
%shl_const(32)
// stack: hi << 32, lo
OR
ADD // OR
// stack: (hi << 32) | lo
%endmacro
@ -152,49 +152,49 @@
DUP2
%add_const(4)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 32) | c_6, offset
%shl_const(32)
// stack: ((c_7 << 32) | c_6) << 32, offset
DUP2
%add_const(8)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 64) | (c_6 << 32) | c_5, offset
%shl_const(32)
// stack: ((c_7 << 64) | (c_6 << 32) | c_5) << 32, offset
DUP2
%add_const(12)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 96) | (c_6 << 64) | (c_5 << 32) | c_4, offset
%shl_const(32)
// stack: ((c_7 << 96) | (c_6 << 64) | (c_5 << 32) | c_4) << 32, offset
DUP2
%add_const(16)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 128) | (c_6 << 96) | (c_5 << 64) | (c_4 << 32) | c_3, offset
%shl_const(32)
// stack: ((c_7 << 128) | (c_6 << 96) | (c_5 << 64) | (c_4 << 32) | c_3) << 32, offset
DUP2
%add_const(20)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 160) | (c_6 << 128) | (c_5 << 96) | (c_4 << 64) | (c_3 << 32) | c_2, offset
%shl_const(32)
// stack: ((c_7 << 160) | (c_6 << 128) | (c_5 << 96) | (c_4 << 64) | (c_3 << 32) | c_2) << 32, offset
DUP2
%add_const(24)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 192) | (c_6 << 160) | (c_5 << 128) | (c_4 << 96) | (c_3 << 64) | (c_2 << 32) | c_1, offset
%shl_const(32)
// stack: ((c_7 << 192) | (c_6 << 160) | (c_5 << 128) | (c_4 << 96) | (c_3 << 64) | (c_2 << 32) | c_1) << 32, offset
DUP2
%add_const(28)
%mload_kernel_u32($segment)
OR
ADD // OR
// stack: (c_7 << 224) | (c_6 << 192) | (c_5 << 160) | (c_4 << 128) | (c_3 << 96) | (c_2 << 64) | (c_1 << 32) | c_0, offset
SWAP1
POP
@ -419,21 +419,3 @@
%mstore_kernel_general_2
// stack: (empty)
%endmacro
%macro mload_main
// stack: offset
DUP1
// stack: offset, offset
%update_msize
// stack: offset
%mload_current(@SEGMENT_MAIN_MEMORY)
%endmacro
%macro mstore_main
// stack: offset, value
DUP1
// stack: offset, offset, value
%update_msize
// stack: offset, value
%mstore_current(@SEGMENT_MAIN_MEMORY)
%endmacro

38
evm/src/cpu/kernel/asm/memory/memset.asm Normal file
View File

@ -0,0 +1,38 @@
// Sets `count` values to `value` at
// DST = (dst_ctx, dst_segment, dst_addr).
// This tuple definition is used for brevity in the stack comments below.
global memset:
// stack: DST, value, count, retdest
DUP5
// stack: count, DST, value, count, retdest
ISZERO
// stack: count == 0, DST, value, count, retdest
%jumpi(memset_finish)
// stack: DST, value, count, retdest
DUP4
// stack: value, DST, value, count, retdest
DUP4
DUP4
DUP4
// stack: DST, value, DST, value, count, retdest
MSTORE_GENERAL
// stack: DST, value, count, retdest
// Increment dst_addr.
SWAP2
%increment
SWAP2
// Decrement count.
SWAP4
%decrement
SWAP4
// Continue the loop.
%jump(memset)
memset_finish:
// stack: DST, value, count, retdest
%pop5
// stack: retdest
JUMP

95
evm/src/cpu/kernel/asm/memory/metadata.asm
View File

@ -39,6 +39,8 @@
%endmacro
global sys_address:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%address
// stack: address, kexit_info
@ -50,6 +52,8 @@ global sys_address:
%endmacro
global sys_caller:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%caller
// stack: caller, kexit_info
@ -65,6 +69,8 @@ global sys_caller:
%endmacro
global sys_codesize:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%codesize
// stack: codesize, kexit_info
@ -72,34 +78,95 @@ global sys_codesize:
EXIT_KERNEL
global sys_callvalue:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%callvalue
// stack: callvalue, kexit_info
SWAP1
EXIT_KERNEL
%macro mem_words
%mload_context_metadata(@CTX_METADATA_MEM_WORDS)
%endmacro
%macro msize
%mload_context_metadata(@CTX_METADATA_MSIZE)
%mem_words
%mul_const(32)
%endmacro
global sys_msize:
// stack: kexit_info
%charge_gas_const(@GAS_BASE)
// stack: kexit_info
%msize
// stack: msize, kexit_info
SWAP1
EXIT_KERNEL
%macro update_msize
// stack: offset
%add_const(32)
// stack: 32 + offset
%div_const(32)
// stack: (offset+32)/32 = ceil_div_usize(offset+1, 32)
%mul_const(32)
// stack: ceil_div_usize(offset+1, 32) * 32
%msize
// stack: current_msize, ceil_div_usize(offset+1, 32) * 32
%max
// stack: new_msize
%mstore_context_metadata(@CTX_METADATA_MSIZE)
%macro update_mem_words
// stack: num_words, kexit_info
%mem_words
// stack: old_num_words, num_words, kexit_info
DUP2 DUP2 GT
// stack: old_num_words > num_words, old_num_words, num_words, kexit_info
%jumpi(%%end)
// stack: old_num_words, num_words, kexit_info
%memory_cost
// stack: old_cost, num_words, kexit_info
SWAP1
// stack: num_words, old_cost, kexit_info
DUP1 %mstore_context_metadata(@CTX_METADATA_MEM_WORDS)
// stack: num_words, old_cost, kexit_info
%memory_cost
// stack: new_cost, old_cost, kexit_info
SUB
// stack: additional_cost, kexit_info
%charge_gas
%%end:
// stack: kexit_info
%endmacro
%macro update_mem_bytes
// stack: num_bytes, kexit_info
%num_bytes_to_num_words
// stack: num_words, kexit_info
%update_mem_words
// stack: kexit_info
%endmacro
%macro num_bytes_to_num_words
// stack: num_bytes
%add_const(31)
// stack: 31 + num_bytes
%div_const(32)
// stack: (num_bytes + 31) / 32
%endmacro
%macro memory_cost
// stack: num_words
DUP1
// stack: num_words, msize
%mul_const(@GAS_MEMORY)
// stack: num_words * GAS_MEMORY, msize
SWAP1
// stack: num_words, num_words * GAS_MEMORY
%square
%div_const(512)
// stack: num_words^2 / 512, num_words * GAS_MEMORY
ADD
// stack: cost = num_words^2 / 512 + num_words * GAS_MEMORY
%endmacro
// Faults if the given offset is "unreasonable", i.e. the associated memory expansion cost
// would exceed any reasonable block limit.
// We do this to avoid overflows in future gas-related calculations.
%macro ensure_reasonable_offset
// stack: offset
// The memory expansion cost, (50000000 / 32)^2 / 512, is around 2^32 gas,
// i.e. greater than any reasonable block limit.
%gt_const(50000000)
// stack: is_unreasonable
%jumpi(fault_exception)
// stack: (empty)
%endmacro

38
evm/src/cpu/kernel/asm/memory/syscalls.asm
View File

@ -1,4 +1,12 @@
global sys_mload:
// stack: kexit_info, offset
DUP2 %ensure_reasonable_offset
// stack: kexit_info, offset
%charge_gas_const(@GAS_VERYLOW)
// stack: kexit_info, offset
DUP2 %add_const(32)
// stack: expanded_num_bytes, kexit_info, offset
%update_mem_bytes
// stack: kexit_info, offset
PUSH 0 // acc = 0
// stack: acc, kexit_info, offset
@ -38,6 +46,14 @@ global sys_mload:
EXIT_KERNEL
global sys_mstore:
// stack: kexit_info, offset, value
DUP2 %ensure_reasonable_offset
// stack: kexit_info, offset, value
%charge_gas_const(@GAS_VERYLOW)
// stack: kexit_info, offset, value
DUP2 %add_const(32)
// stack: expanded_num_bytes, kexit_info, offset, value
%update_mem_bytes
// stack: kexit_info, offset, value
DUP3 PUSH 0 BYTE DUP3 %add_const( 0) %mstore_current(@SEGMENT_MAIN_MEMORY)
DUP3 PUSH 1 BYTE DUP3 %add_const( 1) %mstore_current(@SEGMENT_MAIN_MEMORY)
@ -75,8 +91,30 @@ global sys_mstore:
EXIT_KERNEL
global sys_mstore8:
// stack: kexit_info, offset, value
DUP2 %ensure_reasonable_offset
// stack: kexit_info, offset, value
%charge_gas_const(@GAS_VERYLOW)
// stack: kexit_info, offset, value
DUP2 %increment
// stack: expanded_num_bytes, kexit_info, offset, value
%update_mem_bytes
// stack: kexit_info, offset, value
%stack (kexit_info, offset, value) -> (offset, value, kexit_info)
%mstore_current(@SEGMENT_MAIN_MEMORY)
// stack: kexit_info
EXIT_KERNEL
global sys_calldataload:
// stack: kexit_info, i
%charge_gas_const(@GAS_VERYLOW)
// stack: kexit_info, i
%stack (kexit_info, i) -> (@SEGMENT_CALLDATA, i, 32, sys_calldataload_after_mload_packing, kexit_info)
GET_CONTEXT
// stack: ADDR: 3, 32, sys_calldataload_after_mload_packing, kexit_info
%jump(mload_packing)
sys_calldataload_after_mload_packing:
// stack: value, kexit_info
SWAP1
EXIT_KERNEL
PANIC

4
evm/src/cpu/kernel/asm/mpt/accounts.asm
View File

@ -38,8 +38,8 @@ global make_account_copy:
DUP2 %mload_trie_data %append_to_trie_data
DUP2 %add_const(1) %mload_trie_data %append_to_trie_data
DUP2 %add_const(3) %mload_trie_data %append_to_trie_data
SWAP1 %add_const(4) %mload_trie_data %append_to_trie_data
DUP2 %add_const(2) %mload_trie_data %append_to_trie_data
SWAP1 %add_const(3) %mload_trie_data %append_to_trie_data
// stack: new_account_ptr, retdest
SWAP1

136
evm/src/cpu/kernel/asm/mpt/hash/hash.asm
View File

@ -118,16 +118,19 @@ global encode_node_empty:
// stack: node_type, node_payload_ptr, encode_value, retdest
%pop3
// stack: retdest
// An empty node is encoded as a single byte, 0x80, which is the RLP
// encoding of the empty string. Write this byte to RLP[0] and return
// (0, 1).
// An empty node is encoded as a single byte, 0x80, which is the RLP encoding of the empty string.
// TODO: Write this byte just once to RLP memory, then we can always return (0, 1).
%alloc_rlp_block
// stack: rlp_pos, retdest
PUSH 0x80
PUSH 0
// stack: 0x80, rlp_pos, retdest
DUP2
// stack: rlp_pos, 0x80, rlp_pos, retdest
%mstore_rlp
%stack (retdest) -> (retdest, 0, 1)
%stack (rlp_pos, retdest) -> (retdest, rlp_pos, 1)
JUMP
encode_node_branch:
global encode_node_branch:
// stack: node_type, node_payload_ptr, encode_value, retdest
POP
// stack: node_payload_ptr, encode_value, retdest
@ -135,6 +138,7 @@ encode_node_branch:
// Get the next unused offset within the encoded child buffers.
// Then immediately increment the next unused offset by 16, so any
// recursive calls will use nonoverlapping offsets.
// TODO: Allocate a block of RLP memory instead?
%mload_global_metadata(@GLOBAL_METADATA_TRIE_ENCODED_CHILD_SIZE)
DUP1 %add_const(16)
%mstore_global_metadata(@GLOBAL_METADATA_TRIE_ENCODED_CHILD_SIZE)
@ -150,41 +154,41 @@ encode_node_branch:
// stack: base_offset, node_payload_ptr, encode_value, retdest
// Now, append each child to our RLP tape.
PUSH 9 // rlp_pos; we start at 9 to leave room to prepend a list prefix
%alloc_rlp_block DUP1
// stack: rlp_pos, rlp_start, base_offset, node_payload_ptr, encode_value, retdest
%append_child(0) %append_child(1) %append_child(2) %append_child(3)
%append_child(4) %append_child(5) %append_child(6) %append_child(7)
%append_child(8) %append_child(9) %append_child(10) %append_child(11)
%append_child(12) %append_child(13) %append_child(14) %append_child(15)
// stack: rlp_pos', base_offset, node_payload_ptr, encode_value, retdest
// stack: rlp_pos', rlp_start, base_offset, node_payload_ptr, encode_value, retdest
// We no longer need base_offset.
SWAP1
POP
// stack: rlp_pos', node_payload_ptr, encode_value, retdest
SWAP1
%stack (rlp_pos, rlp_start, base_offset, node_payload_ptr)
-> (node_payload_ptr, rlp_pos, rlp_start)
%add_const(16)
// stack: value_ptr_ptr, rlp_pos', encode_value, retdest
// stack: value_ptr_ptr, rlp_pos', rlp_start, encode_value, retdest
%mload_trie_data
// stack: value_ptr, rlp_pos', encode_value, retdest
// stack: value_ptr, rlp_pos', rlp_start, encode_value, retdest
DUP1 %jumpi(encode_node_branch_with_value)
// No value; append the empty string (0x80).
// stack: value_ptr, rlp_pos', encode_value, retdest
%stack (value_ptr, rlp_pos, encode_value) -> (rlp_pos, 0x80, rlp_pos)
// stack: value_ptr, rlp_pos', rlp_start, encode_value, retdest
%stack (value_ptr, rlp_pos, rlp_start, encode_value) -> (rlp_pos, 0x80, rlp_pos, rlp_start)
%mstore_rlp
// stack: rlp_pos', retdest
// stack: rlp_pos', rlp_start, retdest
%increment
// stack: rlp_pos'', retdest
// stack: rlp_pos'', rlp_start, retdest
%jump(encode_node_branch_prepend_prefix)
encode_node_branch_with_value:
// stack: value_ptr, rlp_pos', encode_value, retdest
%stack (value_ptr, rlp_pos, encode_value)
-> (encode_value, rlp_pos, value_ptr, encode_node_branch_prepend_prefix)
// stack: value_ptr, rlp_pos', rlp_start, encode_value, retdest
%stack (value_ptr, rlp_pos, rlp_start, encode_value)
-> (encode_value, rlp_pos, value_ptr, encode_node_branch_prepend_prefix, rlp_start)
JUMP // call encode_value
encode_node_branch_prepend_prefix:
// stack: rlp_pos'', retdest
// stack: rlp_pos'', rlp_start, retdest
%prepend_rlp_list_prefix
%stack (start_pos, rlp_len, retdest) -> (retdest, start_pos, rlp_len)
// stack: rlp_prefix_start, rlp_len, retdest
%stack (rlp_prefix_start, rlp_len, retdest)
-> (retdest, rlp_prefix_start, rlp_len)
JUMP
// Part of the encode_node_branch function. Encodes the i'th child.
@ -208,27 +212,28 @@ encode_node_branch_prepend_prefix:
// Part of the encode_node_branch function. Appends the i'th child's RLP.
%macro append_child(i)
// stack: rlp_pos, base_offset, node_payload_ptr, encode_value, retdest
DUP2 %add_const($i) %mload_kernel(@SEGMENT_TRIE_ENCODED_CHILD) // load result
DUP3 %add_const($i) %mload_kernel(@SEGMENT_TRIE_ENCODED_CHILD_LEN) // load result_len
// stack: result_len, result, rlp_pos, base_offset, node_payload_ptr, encode_value, retdest
// stack: rlp_pos, rlp_start, base_offset, node_payload_ptr, encode_value, retdest
DUP3 %add_const($i) %mload_kernel(@SEGMENT_TRIE_ENCODED_CHILD) // load result
DUP4 %add_const($i) %mload_kernel(@SEGMENT_TRIE_ENCODED_CHILD_LEN) // load result_len
// stack: result_len, result, rlp_pos, rlp_start, base_offset, node_payload_ptr, encode_value, retdest
// If result_len != 32, result is raw RLP, with an appropriate RLP prefix already.
DUP1 %sub_const(32) %jumpi(%%unpack)
// Otherwise, result is a hash, and we need to add the prefix 0x80 + 32 = 160.
// stack: result_len, result, rlp_pos, base_offset, node_payload_ptr, encode_value, retdest
// stack: result_len, result, rlp_pos, rlp_start, base_offset, node_payload_ptr, encode_value, retdest
PUSH 160
DUP4 // rlp_pos
%mstore_rlp
SWAP2 %increment SWAP2 // rlp_pos += 1
%%unpack:
%stack (result_len, result, rlp_pos, base_offset, node_payload_ptr, encode_value, retdest)
-> (rlp_pos, result, result_len, %%after_unpacking, base_offset, node_payload_ptr, encode_value, retdest)
%stack (result_len, result, rlp_pos, rlp_start, base_offset, node_payload_ptr, encode_value, retdest)
-> (rlp_pos, result, result_len, %%after_unpacking,
rlp_start, base_offset, node_payload_ptr, encode_value, retdest)
%jump(mstore_unpacking_rlp)
%%after_unpacking:
// stack: rlp_pos', base_offset, node_payload_ptr, encode_value, retdest
// stack: rlp_pos', rlp_start, base_offset, node_payload_ptr, encode_value, retdest
%endmacro
encode_node_extension:
global encode_node_extension:
// stack: node_type, node_payload_ptr, encode_value, retdest
%stack (node_type, node_payload_ptr, encode_value)
-> (node_payload_ptr, encode_value, encode_node_extension_after_encode_child, node_payload_ptr)
@ -237,61 +242,66 @@ encode_node_extension:
%jump(encode_or_hash_node)
encode_node_extension_after_encode_child:
// stack: result, result_len, node_payload_ptr, retdest
%alloc_rlp_block
// stack: rlp_start, result, result_len, node_payload_ptr, retdest
PUSH encode_node_extension_after_hex_prefix // retdest
PUSH 0 // terminated
// stack: terminated, encode_node_extension_after_hex_prefix, result, result_len, node_payload_ptr, retdest
DUP5 %increment %mload_trie_data // Load the packed_nibbles field, which is at index 1.
// stack: packed_nibbles, terminated, encode_node_extension_after_hex_prefix, result, result_len, node_payload_ptr, retdest
DUP6 %mload_trie_data // Load the num_nibbles field, which is at index 0.
// stack: num_nibbles, packed_nibbles, terminated, encode_node_extension_after_hex_prefix, result, result_len, node_payload_ptr, retdest
PUSH 9 // We start at 9 to leave room to prepend the largest possible RLP list header.
// stack: rlp_start, num_nibbles, packed_nibbles, terminated, encode_node_extension_after_hex_prefix, result, result_len, node_payload_ptr, retdest
// stack: terminated, encode_node_extension_after_hex_prefix, rlp_start, result, result_len, node_payload_ptr, retdest
DUP6 %increment %mload_trie_data // Load the packed_nibbles field, which is at index 1.
// stack: packed_nibbles, terminated, encode_node_extension_after_hex_prefix, rlp_start, result, result_len, node_payload_ptr, retdest
DUP7 %mload_trie_data // Load the num_nibbles field, which is at index 0.
// stack: num_nibbles, packed_nibbles, terminated, encode_node_extension_after_hex_prefix, rlp_start, result, result_len, node_payload_ptr, retdest
DUP5
// stack: rlp_start, num_nibbles, packed_nibbles, terminated, encode_node_extension_after_hex_prefix, rlp_start, result, result_len, node_payload_ptr, retdest
%jump(hex_prefix_rlp)
encode_node_extension_after_hex_prefix:
// stack: rlp_pos, result, result_len, node_payload_ptr, retdest
// stack: rlp_pos, rlp_start, result, result_len, node_payload_ptr, retdest
// If result_len != 32, result is raw RLP, with an appropriate RLP prefix already.
DUP3 %sub_const(32) %jumpi(encode_node_extension_unpack)
DUP4 %sub_const(32) %jumpi(encode_node_extension_unpack)
// Otherwise, result is a hash, and we need to add the prefix 0x80 + 32 = 160.
PUSH 160
DUP2 // rlp_pos
%mstore_rlp
%increment // rlp_pos += 1
encode_node_extension_unpack:
%stack (rlp_pos, result, result_len, node_payload_ptr)
-> (rlp_pos, result, result_len, encode_node_extension_after_unpacking)
%stack (rlp_pos, rlp_start, result, result_len, node_payload_ptr)
-> (rlp_pos, result, result_len, encode_node_extension_after_unpacking, rlp_start)
%jump(mstore_unpacking_rlp)
encode_node_extension_after_unpacking:
// stack: rlp_end_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%prepend_rlp_list_prefix
%stack (rlp_start_pos, rlp_len, retdest) -> (retdest, rlp_start_pos, rlp_len)
%stack (rlp_prefix_start_pos, rlp_len, retdest)
-> (retdest, rlp_prefix_start_pos, rlp_len)
JUMP
encode_node_leaf:
global encode_node_leaf:
// stack: node_type, node_payload_ptr, encode_value, retdest
POP
// stack: node_payload_ptr, encode_value, retdest
%alloc_rlp_block
PUSH encode_node_leaf_after_hex_prefix // retdest
PUSH 1 // terminated
// stack: terminated, encode_node_leaf_after_hex_prefix, node_payload_ptr, encode_value, retdest
DUP3 %increment %mload_trie_data // Load the packed_nibbles field, which is at index 1.
// stack: packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, node_payload_ptr, encode_value, retdest
DUP4 %mload_trie_data // Load the num_nibbles field, which is at index 0.
// stack: num_nibbles, packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, node_payload_ptr, encode_value, retdest
PUSH 9 // We start at 9 to leave room to prepend the largest possible RLP list header.
// stack: rlp_start, num_nibbles, packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, node_payload_ptr, encode_value, retdest
// stack: terminated, encode_node_leaf_after_hex_prefix, rlp_start, node_payload_ptr, encode_value, retdest
DUP4 %increment %mload_trie_data // Load the packed_nibbles field, which is at index 1.
// stack: packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, rlp_start, node_payload_ptr, encode_value, retdest
DUP5 %mload_trie_data // Load the num_nibbles field, which is at index 0.
// stack: num_nibbles, packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, rlp_start, node_payload_ptr, encode_value, retdest
DUP5
// stack: rlp_start, num_nibbles, packed_nibbles, terminated, encode_node_leaf_after_hex_prefix, rlp_start, node_payload_ptr, encode_value, retdest
%jump(hex_prefix_rlp)
encode_node_leaf_after_hex_prefix:
// stack: rlp_pos, node_payload_ptr, encode_value, retdest
SWAP1
// stack: rlp_pos, rlp_start, node_payload_ptr, encode_value, retdest
SWAP2
%add_const(2) // The value pointer starts at index 3, after num_nibbles and packed_nibbles.
// stack: value_ptr_ptr, rlp_pos, encode_value, retdest
// stack: value_ptr_ptr, rlp_start, rlp_pos, encode_value, retdest
%mload_trie_data
// stack: value_ptr, rlp_pos, encode_value, retdest
%stack (value_ptr, rlp_pos, encode_value, retdest)
-> (encode_value, rlp_pos, value_ptr, encode_node_leaf_after_encode_value, retdest)
// stack: value_ptr, rlp_start, rlp_pos, encode_value, retdest
%stack (value_ptr, rlp_start, rlp_pos, encode_value, retdest)
-> (encode_value, rlp_pos, value_ptr, encode_node_leaf_after_encode_value, rlp_start, retdest)
JUMP
encode_node_leaf_after_encode_value:
// stack: rlp_end_pos, retdest
// stack: rlp_end_pos, rlp_start, retdest
%prepend_rlp_list_prefix
%stack (rlp_start_pos, rlp_len, retdest) -> (retdest, rlp_start_pos, rlp_len)
%stack (rlp_prefix_start_pos, rlp_len, retdest)
-> (retdest, rlp_prefix_start_pos, rlp_len)
JUMP

17
evm/src/cpu/kernel/asm/mpt/hash/hash_trie_specific.asm
View File

@ -13,6 +13,17 @@ global mpt_hash_state_trie:
%%after:
%endmacro
global mpt_hash_storage_trie:
// stack: node_ptr, retdest
%stack (node_ptr) -> (node_ptr, encode_storage_value)
%jump(mpt_hash)
%macro mpt_hash_storage_trie
PUSH %%after
%jump(mpt_hash_storage_trie)
%%after:
%endmacro
global mpt_hash_txn_trie:
// stack: retdest
PUSH encode_txn
@ -96,6 +107,12 @@ global encode_receipt:
global encode_storage_value:
// stack: rlp_pos, value_ptr, retdest
SWAP1 %mload_trie_data SWAP1
// stack: rlp_pos, value, retdest
// The YP says storage trie is a map "... to the RLP-encoded 256-bit integer values"
// which seems to imply that this should be %encode_rlp_256. But %encode_rlp_scalar
// causes the tests to pass, so it seems storage values should be treated as variable-
// length after all.
%encode_rlp_scalar
// stack: rlp_pos', retdest
SWAP1

6
evm/src/cpu/kernel/asm/mpt/insert/insert_trie_specific.asm
View File

@ -15,3 +15,9 @@ mpt_insert_state_trie_save:
// stack: updated_node_ptr, retdest
%mstore_global_metadata(@GLOBAL_METADATA_STATE_TRIE_ROOT)
JUMP
%macro mpt_insert_state_trie
%stack (key, value_ptr) -> (key, value_ptr, %%after)
%jump(mpt_insert_state_trie)
%%after:
%endmacro

5
evm/src/cpu/kernel/asm/mpt/load/load_trie_specific.asm
View File

@ -37,4 +37,7 @@ global mpt_load_receipt_trie_value:
global mpt_load_storage_trie_value:
// stack: retdest
PANIC // TODO
PROVER_INPUT(mpt)
%append_to_trie_data
// stack: retdest
JUMP

13
evm/src/cpu/kernel/asm/mpt/read.asm
View File

@ -23,6 +23,7 @@ global mpt_read_state_trie:
// - the virtual address of the trie to search in
// - the number of nibbles in the key (should start at 64)
// - the key, as a U256
// - return destination
//
// This function returns a pointer to the value, or 0 if the key is not found.
global mpt_read:
@ -43,13 +44,13 @@ global mpt_read:
// it means the prover failed to provide necessary Merkle data, so panic.
PANIC
mpt_read_empty:
global mpt_read_empty:
// Return 0 to indicate that the value was not found.
%stack (node_type, node_payload_ptr, num_nibbles, key, retdest)
-> (retdest, 0)
JUMP
mpt_read_branch:
global mpt_read_branch:
// stack: node_type, node_payload_ptr, num_nibbles, key, retdest
POP
// stack: node_payload_ptr, num_nibbles, key, retdest
@ -71,7 +72,7 @@ mpt_read_branch:
// stack: child_ptr, num_nibbles, key, retdest
%jump(mpt_read) // recurse
mpt_read_branch_end_of_key:
global mpt_read_branch_end_of_key:
%stack (node_payload_ptr, num_nibbles, key, retdest) -> (node_payload_ptr, retdest)
// stack: node_payload_ptr, retdest
%add_const(16) // skip over the 16 child nodes
@ -81,7 +82,7 @@ mpt_read_branch_end_of_key:
SWAP1
JUMP
mpt_read_extension:
global mpt_read_extension:
// stack: node_type, node_payload_ptr, num_nibbles, key, retdest
%stack (node_type, node_payload_ptr, num_nibbles, key)
-> (num_nibbles, key, node_payload_ptr)
@ -100,8 +101,9 @@ mpt_read_extension:
// stack: node_key, key_part, key_part, future_nibbles, key, node_payload_ptr, retdest
EQ // does the first part of our key match the node's key?
%jumpi(mpt_read_extension_found)
global mpt_read_extension_not_found:
// Not found; return 0.
%stack (key_part, future_nibbles, node_payload_ptr, retdest) -> (retdest, 0)
%stack (key_part, future_nibbles, key, node_payload_ptr, retdest) -> (retdest, 0)
JUMP
mpt_read_extension_found:
// stack: key_part, future_nibbles, key, node_payload_ptr, retdest
@ -135,6 +137,7 @@ mpt_read_leaf:
AND
// stack: keys_match && num_nibbles_match, node_payload_ptr, retdest
%jumpi(mpt_read_leaf_found)
global mpt_read_leaf_not_found:
// Not found; return 0.
%stack (node_payload_ptr, retdest) -> (retdest, 0)
JUMP

1
evm/src/cpu/kernel/asm/mpt/storage/storage_read.asm
View File

@ -5,6 +5,7 @@
global sys_sload:
// stack: kexit_info, slot
// TODO: Charge gas.
SWAP1
// stack: slot, kexit_info
%stack (slot) -> (slot, after_storage_read)

17
evm/src/cpu/kernel/asm/mpt/util.asm
View File

@ -10,6 +10,23 @@
// stack: (empty)
%endmacro
%macro alloc_rlp_block
// stack: (empty)
%mload_global_metadata(@GLOBAL_METADATA_RLP_DATA_SIZE)
// stack: block_start
// In our model it's fine to use memory in a sparse way, as long as the gaps aren't larger than
// 2^16 or so. So instead of the caller specifying the size of the block they need, we'll just
// allocate 0x10000 = 2^16 bytes, much larger than any RLP blob the EVM could possibly create.
DUP1 %add_const(0x10000)
// stack: block_end, block_start
%mstore_global_metadata(@GLOBAL_METADATA_RLP_DATA_SIZE)
// stack: block_start
// We leave an extra 9 bytes, so that callers can later prepend a prefix before block_start.
// (9 is the length of the longest possible RLP list prefix.)
%add_const(9)
// stack: block_start
%endmacro
%macro get_trie_data_size
// stack: (empty)
%mload_global_metadata(@GLOBAL_METADATA_TRIE_DATA_SIZE)

73
evm/src/cpu/kernel/asm/rlp/encode.asm
View File

@ -196,66 +196,65 @@ encode_rlp_list_prefix_large_done_writing_len:
%%after:
%endmacro
// Given an RLP list payload which starts at position 9 and ends at the given
// position, prepend the appropriate RLP list prefix. Returns the updated start
// position, as well as the length of the RLP data (including the newly-added
// prefix).
// Given an RLP list payload which starts and ends at the given positions,
// prepend the appropriate RLP list prefix. Returns the updated start position,
// as well as the length of the RLP data (including the newly-added prefix).
//
// (We sometimes start list payloads at position 9 because 9 is the length of
// the longest possible RLP list prefix.)
//
// Pre stack: end_pos, retdest
// Post stack: start_pos, rlp_len
// Pre stack: end_pos, start_pos, retdest
// Post stack: prefix_start_pos, rlp_len
global prepend_rlp_list_prefix:
// stack: end_pos, retdest
// Since the list payload starts at position 9, payload_len = end_pos - 9.
PUSH 9 DUP2 SUB
// stack: payload_len, end_pos, retdest
// stack: end_pos, start_pos, retdest
DUP2 DUP2 SUB // end_pos - start_pos
// stack: payload_len, end_pos, start_pos, retdest
DUP1 %gt_const(55)
%jumpi(prepend_rlp_list_prefix_big)
// If we got here, we have a small list, so we prepend 0xc0 + len at position 8.
// stack: payload_len, end_pos, retdest
%add_const(0xc0)
// stack: prefix_byte, end_pos, retdest
PUSH 8 // offset
// stack: payload_len, end_pos, start_pos, retdest
DUP1 %add_const(0xc0)
// stack: prefix_byte, payload_len, end_pos, start_pos, retdest
DUP4 %decrement // offset of prefix
%mstore_rlp
// stack: end_pos, retdest
%sub_const(8)
// stack: rlp_len, retdest
PUSH 8 // start_pos
%stack (start_pos, rlp_len, retdest) -> (retdest, start_pos, rlp_len)
// stack: payload_len, end_pos, start_pos, retdest
%increment
// stack: rlp_len, end_pos, start_pos, retdest
SWAP2 %decrement
// stack: prefix_start_pos, end_pos, rlp_len, retdest
%stack (prefix_start_pos, end_pos, rlp_len, retdest) -> (retdest, prefix_start_pos, rlp_len)
JUMP
prepend_rlp_list_prefix_big:
// We have a large list, so we prepend 0xf7 + len_of_len at position
// 8 - len_of_len, followed by the length itself.
// stack: payload_len, end_pos, retdest
// prefix_start_pos = start_pos - 1 - len_of_len
// followed by the length itself.
// stack: payload_len, end_pos, start_pos, retdest
DUP1 %num_bytes
// stack: len_of_len, payload_len, end_pos, retdest
// stack: len_of_len, payload_len, end_pos, start_pos, retdest
DUP1
PUSH 8
DUP5 %decrement // start_pos - 1
SUB
// stack: start_pos, len_of_len, payload_len, end_pos, retdest
DUP2 %add_const(0xf7) DUP2 %mstore_rlp // rlp[start_pos] = 0xf7 + len_of_len
DUP1 %increment // start_len_pos = start_pos + 1
%stack (start_len_pos, start_pos, len_of_len, payload_len, end_pos, retdest)
// stack: prefix_start_pos, len_of_len, payload_len, end_pos, start_pos, retdest
DUP2 %add_const(0xf7) DUP2 %mstore_rlp // rlp[prefix_start_pos] = 0xf7 + len_of_len
// stack: prefix_start_pos, len_of_len, payload_len, end_pos, start_pos, retdest
DUP1 %increment // start_len_pos = prefix_start_pos + 1
%stack (start_len_pos, prefix_start_pos, len_of_len, payload_len, end_pos, start_pos, retdest)
-> (start_len_pos, payload_len, len_of_len,
prepend_rlp_list_prefix_big_done_writing_len,
start_pos, end_pos, retdest)
prefix_start_pos, end_pos, retdest)
%jump(mstore_unpacking_rlp)
prepend_rlp_list_prefix_big_done_writing_len:
// stack: 9, start_pos, end_pos, retdest
%stack (_9, start_pos, end_pos) -> (end_pos, start_pos, start_pos)
// stack: end_pos, start_pos, start_pos, retdest
// stack: start_pos, prefix_start_pos, end_pos, retdest
%stack (start_pos, prefix_start_pos, end_pos)
-> (end_pos, prefix_start_pos, prefix_start_pos)
// stack: end_pos, prefix_start_pos, prefix_start_pos, retdest
SUB
// stack: rlp_len, start_pos, retdest
%stack (rlp_len, start_pos, retdest) -> (retdest, start_pos, rlp_len)
// stack: rlp_len, prefix_start_pos, retdest
%stack (rlp_len, prefix_start_pos, retdest) -> (retdest, prefix_start_pos, rlp_len)
JUMP
// Convenience macro to call prepend_rlp_list_prefix and return where we left off.
%macro prepend_rlp_list_prefix
%stack (end_pos) -> (end_pos, %%after)
%stack (end_pos, start_pos) -> (end_pos, start_pos, %%after)
%jump(prepend_rlp_list_prefix)
%%after:
%endmacro

38
evm/src/cpu/kernel/asm/transactions/type_0.asm
View File

@ -84,62 +84,64 @@ type_0_compute_signed_data:
// otherwise, it is
// keccak256(rlp([nonce, gas_price, gas_limit, to, value, data]))
%alloc_rlp_block
// stack: rlp_start, retdest
%mload_txn_field(@TXN_FIELD_NONCE)
// stack: nonce, retdest
PUSH 9 // We start at 9 to leave room to prepend the largest possible RLP list header.
// stack: rlp_pos, nonce, retdest
// stack: nonce, rlp_start, retdest
DUP2
// stack: rlp_pos, nonce, rlp_start, retdest
%encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_MAX_FEE_PER_GAS)
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_GAS_LIMIT)
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_TO)
SWAP1 %encode_rlp_160
// stack: rlp_pos, retdest
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_VALUE)
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
// Encode txn data.
%mload_txn_field(@TXN_FIELD_DATA_LEN)
PUSH 0 // ADDR.virt
PUSH @SEGMENT_TXN_DATA
PUSH 0 // ADDR.context
// stack: ADDR: 3, len, rlp_pos, retdest
// stack: ADDR: 3, len, rlp_pos, rlp_start, retdest
PUSH after_serializing_txn_data
// stack: after_serializing_txn_data, ADDR: 3, len, rlp_pos, retdest
// stack: after_serializing_txn_data, ADDR: 3, len, rlp_pos, rlp_start, retdest
SWAP5
// stack: rlp_pos, ADDR: 3, len, after_serializing_txn_data, retdest
// stack: rlp_pos, ADDR: 3, len, after_serializing_txn_data, rlp_start, retdest
%jump(encode_rlp_string)
after_serializing_txn_data:
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_CHAIN_ID_PRESENT)
ISZERO %jumpi(finish_rlp_list)
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
%mload_txn_field(@TXN_FIELD_CHAIN_ID)
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
PUSH 0
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
PUSH 0
SWAP1 %encode_rlp_scalar
// stack: rlp_pos, retdest
// stack: rlp_pos, rlp_start, retdest
finish_rlp_list:
%prepend_rlp_list_prefix
// stack: start_pos, rlp_len, retdest
// stack: prefix_start_pos, rlp_len, retdest
PUSH @SEGMENT_RLP_RAW
PUSH 0 // context
// stack: ADDR: 3, rlp_len, retdest

31
evm/src/cpu/kernel/asm/util/basic_macros.asm
View File

@ -309,9 +309,9 @@
BYTE
%shl_const(24)
// stack: d000, b0, a, c00
OR
OR
OR
ADD // OR
ADD // OR
ADD // OR
// stack: dcba
%endmacro
@ -332,7 +332,7 @@
%reverse_bytes_u32
// stack: word_lo_inverted, word_hi_inverted
%shl_const(32)
OR
ADD // OR
// stack: word_inverted
%endmacro
@ -341,28 +341,7 @@
// stack: a, b, c, d
%rep 3
%shl_const(64)
OR
ADD // OR
%endrep
// stack: a || b || c || d
%endmacro
// Charge gas.
// Arguments:
// stack[0]: gas to be charged
// stack[1]: syscall info
// Returns:
// new syscall info
%macro charge_gas
%shl_const(192)
ADD
%endmacro
// Charge gas and exit kernel code.
// Arguments:
// stack[0]: gas to be charged
// stack[1]: syscall info
// Returns: nothing
%macro charge_gas_and_exit
%charge_gas
EXIT_KERNEL
%endmacro

19
evm/src/cpu/kernel/asm/util/keccak.asm
View File

@ -1,5 +1,6 @@
global sys_keccak256:
// stack: kexit_info, offset, len
// TODO: Charge gas.
%stack (kexit_info, offset, len) -> (offset, len, kexit_info)
PUSH @SEGMENT_MAIN_MEMORY
GET_CONTEXT
@ -23,3 +24,21 @@ global sys_keccak256:
%stack (offset) -> (0, @SEGMENT_KERNEL_GENERAL, 0, $num_bytes) // context, segment, offset, len
KECCAK_GENERAL
%endmacro
// Computes Keccak256(a || b). Clobbers @SEGMENT_KERNEL_GENERAL.
//
// Pre stack: a, b
// Post stack: hash
%macro keccak256_u256_pair
// Since KECCAK_GENERAL takes its input from memory, we will first write
// a's bytes to @SEGMENT_KERNEL_GENERAL[0..32], then b's bytes to
// @SEGMENT_KERNEL_GENERAL[32..64].
%stack (a) -> (0, @SEGMENT_KERNEL_GENERAL, 0, a, 32, %%after_mstore_a)
%jump(mstore_unpacking)
%%after_mstore_a:
%stack (offset, b) -> (0, @SEGMENT_KERNEL_GENERAL, 32, b, 32, %%after_mstore_b)
%jump(mstore_unpacking)
%%after_mstore_b:
%stack (offset) -> (0, @SEGMENT_KERNEL_GENERAL, 0, 64) // context, segment, offset, len
KECCAK_GENERAL
%endmacro

8
evm/src/cpu/kernel/constants/context_metadata.rs
View File

@ -23,8 +23,8 @@ pub(crate) enum ContextMetadata {
/// Pointer to the initial version of the state trie, at the creation of this context. Used when
/// we need to revert a context.
StateTrieCheckpointPointer = 9,
/// Size of the active main memory.
MSize = 10,
/// Size of the active main memory, in (32 byte) words.
MemWords = 10,
StackSize = 11,
/// The gas limit for this call (not the entire transaction).
GasLimit = 12,
@ -45,7 +45,7 @@ impl ContextMetadata {
Self::CallValue,
Self::Static,
Self::StateTrieCheckpointPointer,
Self::MSize,
Self::MemWords,
Self::StackSize,
Self::GasLimit,
]
@ -64,7 +64,7 @@ impl ContextMetadata {
ContextMetadata::CallValue => "CTX_METADATA_CALL_VALUE",
ContextMetadata::Static => "CTX_METADATA_STATIC",
ContextMetadata::StateTrieCheckpointPointer => "CTX_METADATA_STATE_TRIE_CHECKPOINT_PTR",
ContextMetadata::MSize => "CTX_METADATA_MSIZE",
ContextMetadata::MemWords => "CTX_METADATA_MEM_WORDS",
ContextMetadata::StackSize => "CTX_METADATA_STACK_SIZE",
ContextMetadata::GasLimit => "CTX_METADATA_GAS_LIMIT",
}

11
evm/src/cpu/kernel/constants/global_metadata.rs
View File

@ -6,10 +6,13 @@ pub(crate) enum GlobalMetadata {
/// give each new context a unique ID, so that its memory will be zero-initialized.
LargestContext = 0,
/// The size of active memory, in bytes.
MemorySize = 2,
MemorySize = 1,
/// The size of the `TrieData` segment, in bytes. In other words, the next address available for
/// appending additional trie data.
TrieDataSize = 3,
TrieDataSize = 2,
/// The size of the `TrieData` segment, in bytes. In other words, the next address available for
/// appending additional trie data.
RlpDataSize = 3,
/// A pointer to the root of the state trie within the `TrieData` buffer.
StateTrieRoot = 4,
/// A pointer to the root of the transaction trie within the `TrieData` buffer.
@ -45,13 +48,14 @@ pub(crate) enum GlobalMetadata {
}
impl GlobalMetadata {
pub(crate) const COUNT: usize = 21;
pub(crate) const COUNT: usize = 22;
pub(crate) fn all() -> [Self; Self::COUNT] {
[
Self::LargestContext,
Self::MemorySize,
Self::TrieDataSize,
Self::RlpDataSize,
Self::StateTrieRoot,
Self::TransactionTrieRoot,
Self::ReceiptTrieRoot,
@ -79,6 +83,7 @@ impl GlobalMetadata {
Self::LargestContext => "GLOBAL_METADATA_LARGEST_CONTEXT",
Self::MemorySize => "GLOBAL_METADATA_MEMORY_SIZE",
Self::TrieDataSize => "GLOBAL_METADATA_TRIE_DATA_SIZE",
Self::RlpDataSize => "GLOBAL_METADATA_RLP_DATA_SIZE",
Self::StateTrieRoot => "GLOBAL_METADATA_STATE_TRIE_ROOT",
Self::TransactionTrieRoot => "GLOBAL_METADATA_TXN_TRIE_ROOT",
Self::ReceiptTrieRoot => "GLOBAL_METADATA_RECEIPT_TRIE_ROOT",

14
evm/src/cpu/kernel/constants/mod.rs
View File

@ -19,7 +19,11 @@ pub(crate) mod txn_fields;
pub fn evm_constants() -> HashMap<String, U256> {
let mut c = HashMap::new();
let hex_constants = EC_CONSTANTS.iter().chain(HASH_CONSTANTS.iter()).cloned();
let hex_constants = MISC_CONSTANTS
.iter()
.chain(EC_CONSTANTS.iter())
.chain(HASH_CONSTANTS.iter())
.cloned();
for (name, value) in hex_constants {
c.insert(name.into(), U256::from_big_endian(&value));
}
@ -50,6 +54,14 @@ pub fn evm_constants() -> HashMap<String, U256> {
c
}
const MISC_CONSTANTS: [(&str, [u8; 32]); 1] = [
// Base for limbs used in bignum arithmetic.
(
"BIGNUM_LIMB_BASE",
hex!("0000000000000000000000000000000100000000000000000000000000000000"),
),
];
const HASH_CONSTANTS: [(&str, [u8; 32]); 2] = [
// Hash of an empty string: keccak(b'').hex()
(

2
evm/src/cpu/kernel/constants/trie_type.rs
View File

@ -1,6 +1,6 @@
use eth_trie_utils::partial_trie::PartialTrie;
#[derive(Copy, Clone)]
#[derive(Copy, Clone, Debug)]
pub(crate) enum PartialTrieType {
Empty = 0,
Hash = 1,

2
evm/src/cpu/kernel/evm_asm.pest
View File

@ -26,7 +26,7 @@ stack = { ^"%stack" ~ stack_placeholders ~ "->" ~ stack_replacements }
stack_placeholders = { "(" ~ (stack_placeholder ~ ("," ~ stack_placeholder)*)? ~ ")" }
stack_placeholder = { stack_block | identifier }
stack_block = { identifier ~ ":" ~ literal_decimal }
stack_replacements = { "(" ~ stack_replacement ~ ("," ~ stack_replacement)* ~ ")" }
stack_replacements = { "(" ~ (stack_replacement ~ ("," ~ stack_replacement)*)? ~ ")" }
stack_replacement = { literal | identifier | constant | macro_label | variable }
global_label_decl = ${ ^"GLOBAL " ~ identifier ~ ":" }

71
evm/src/cpu/kernel/interpreter.rs
View File

@ -8,8 +8,7 @@ use ethereum_types::{U256, U512};
use keccak_hash::keccak;
use plonky2::field::goldilocks_field::GoldilocksField;
use crate::bls381_arithmetic::{Fp381, BLS_BASE};
use crate::bn254_arithmetic::BN_BASE;
use crate::extension_tower::BN_BASE;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::cpu::kernel::constants::context_metadata::ContextMetadata;
use crate::cpu::kernel::constants::global_metadata::GlobalMetadata;
@ -189,6 +188,12 @@ impl<'a> Interpreter<'a> {
&mut self.generation_state.memory.contexts[0].segments[Segment::TrieData as usize].content
}
pub(crate) fn get_memory_segment(&self, segment: Segment) -> Vec<U256> {
self.generation_state.memory.contexts[0].segments[segment as usize]
.content
.clone()
}
pub(crate) fn get_memory_segment_bytes(&self, segment: Segment) -> Vec<u8> {
self.generation_state.memory.contexts[0].segments[segment as usize]
.content
@ -197,10 +202,22 @@ impl<'a> Interpreter<'a> {
.collect()
}
pub(crate) fn get_kernel_general_memory(&self) -> Vec<U256> {
self.get_memory_segment(Segment::KernelGeneral)
}
pub(crate) fn get_rlp_memory(&self) -> Vec<u8> {
self.get_memory_segment_bytes(Segment::RlpRaw)
}
pub(crate) fn set_memory_segment(&mut self, segment: Segment, memory: Vec<U256>) {
self.generation_state.memory.contexts[0].segments[segment as usize].content = memory;
}
pub(crate) fn set_kernel_general_memory(&mut self, memory: Vec<U256>) {
self.set_memory_segment(Segment::KernelGeneral, memory)
}
pub(crate) fn set_memory_segment_bytes(&mut self, segment: Segment, memory: Vec<u8>) {
self.generation_state.memory.contexts[0].segments[segment as usize].content =
memory.into_iter().map(U256::from).collect();
@ -280,6 +297,7 @@ impl<'a> Interpreter<'a> {
.byte(0);
self.opcode_count[opcode as usize] += 1;
self.incr(1);
match opcode {
0x00 => self.run_stop(), // "STOP",
0x01 => self.run_add(), // "ADD",
@ -357,7 +375,7 @@ impl<'a> Interpreter<'a> {
0xa2 => todo!(), // "LOG2",
0xa3 => todo!(), // "LOG3",
0xa4 => todo!(), // "LOG4",
0xa5 => bail!("Executed PANIC"), // "PANIC",
0xa5 => bail!("Executed PANIC, stack={:?}", self.stack()), // "PANIC",
0xf0 => todo!(), // "CREATE",
0xf1 => todo!(), // "CALL",
0xf2 => todo!(), // "CALLCODE",
@ -439,51 +457,6 @@ impl<'a> Interpreter<'a> {
self.push((x + (BN_BASE - y)) % BN_BASE);
}
#[allow(dead_code)]
fn run_addfp381(&mut self) {
let x1 = self.pop();
let x0 = self.pop();
let y1 = self.pop();
let y0 = self.pop();
let x = U512::from(x0) + (U512::from(x1) << 256);
let y = U512::from(y0) + (U512::from(y1) << 256);
let z = (x + y) % BLS_BASE;
self.push(U256(z.0[4..].try_into().unwrap()));
self.push(U256(z.0[..4].try_into().unwrap()));
}
#[allow(dead_code)]
fn run_mulfp381(&mut self) {
let x1 = self.pop();
let x0 = self.pop();
let y1 = self.pop();
let y0 = self.pop();
let x = U512::from(x0) + (U512::from(x1) << 256);
let y = U512::from(y0) + (U512::from(y1) << 256);
let z = (Fp381 { val: x } * Fp381 { val: y }).val;
self.push(U256(z.0[4..].try_into().unwrap()));
self.push(U256(z.0[..4].try_into().unwrap()));
}
#[allow(dead_code)]
fn run_subfp381(&mut self) {
let x1 = self.pop();
let x0 = self.pop();
let y1 = self.pop();
let y0 = self.pop();
let x = U512::from(x0) + (U512::from(x1) << 256);
let y = U512::from(y0) + (U512::from(y1) << 256);
let z = (BLS_BASE + x - y) % BLS_BASE;
self.push(U256(z.0[4..].try_into().unwrap()));
self.push(U256(z.0[..4].try_into().unwrap()));
}
fn run_div(&mut self) {
let x = self.pop();
let y = self.pop();
@ -754,7 +727,7 @@ impl<'a> Interpreter<'a> {
self.push(
self.generation_state.memory.contexts[self.context].segments
[Segment::ContextMetadata as usize]
.get(ContextMetadata::MSize as usize),
.get(ContextMetadata::MemWords as usize),
)
}

396
evm/src/cpu/kernel/tests/bignum/mod.rs Normal file
View File

@ -0,0 +1,396 @@
use std::cmp::Ordering;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::path::PathBuf;
use anyhow::Result;
use ethereum_types::U256;
use itertools::Itertools;
use num::{BigUint, One, Zero};
use num_bigint::RandBigInt;
use plonky2_util::ceil_div_usize;
use rand::Rng;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::cpu::kernel::interpreter::Interpreter;
use crate::util::{biguint_to_mem_vec, mem_vec_to_biguint};
const BIGNUM_LIMB_BITS: usize = 128;
const MINUS_ONE: U256 = U256::MAX;
const TEST_DATA_BIGNUM_INPUTS: &str = "bignum_inputs";
const TEST_DATA_U128_INPUTS: &str = "u128_inputs";
const TEST_DATA_SHR_OUTPUTS: &str = "shr_outputs";
const TEST_DATA_ISZERO_OUTPUTS: &str = "iszero_outputs";
const TEST_DATA_CMP_OUTPUTS: &str = "cmp_outputs";
const TEST_DATA_ADD_OUTPUTS: &str = "add_outputs";
const TEST_DATA_ADDMUL_OUTPUTS: &str = "addmul_outputs";
const TEST_DATA_MUL_OUTPUTS: &str = "mul_outputs";
const BIT_SIZES_TO_TEST: [usize; 15] = [
0, 1, 2, 127, 128, 129, 255, 256, 257, 512, 1000, 1023, 1024, 1025, 31415,
];
fn full_path(filename: &str) -> PathBuf {
let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
path.push("src/cpu/kernel/tests/bignum/test_data");
path.push(filename);
path
}
fn test_data_biguint(filename: &str) -> Vec<BigUint> {
let file = File::open(full_path(filename)).unwrap();
let lines = BufReader::new(file).lines();
lines
.map(|line| BigUint::parse_bytes(line.unwrap().as_bytes(), 10).unwrap())
.collect()
}
fn test_data_u128(filename: &str) -> Vec<u128> {
let file = File::open(full_path(filename)).unwrap();
let lines = BufReader::new(file).lines();
lines
.map(|line| line.unwrap().parse::<u128>().unwrap())
.collect()
}
fn test_data_u256(filename: &str) -> Vec<U256> {
let file = File::open(full_path(filename)).unwrap();
let lines = BufReader::new(file).lines();
lines
.map(|line| U256::from_dec_str(&line.unwrap()).unwrap())
.collect()
}
// Convert each biguint to a vector of bignum limbs, pad to the given length, and concatenate.
fn pad_bignums(biguints: &[BigUint], length: usize) -> Vec<U256> {
biguints
.iter()
.flat_map(|biguint| {
biguint_to_mem_vec(biguint.clone())
.into_iter()
.pad_using(length, |_| U256::zero())
})
.collect()
}
fn gen_bignum(bit_size: usize) -> BigUint {
let mut rng = rand::thread_rng();
rng.gen_biguint(bit_size as u64)
}
fn max_bignum(bit_size: usize) -> BigUint {
(BigUint::one() << bit_size) - BigUint::one()
}
fn bignum_len(a: &BigUint) -> usize {
ceil_div_usize(a.bits() as usize, BIGNUM_LIMB_BITS)
}
fn run_test(fn_label: &str, memory: Vec<U256>, stack: Vec<U256>) -> Result<(Vec<U256>, Vec<U256>)> {
let fn_label = KERNEL.global_labels[fn_label];
let retdest = 0xDEADBEEFu32.into();
let mut initial_stack: Vec<U256> = stack;
initial_stack.push(retdest);
initial_stack.reverse();
let mut interpreter = Interpreter::new_with_kernel(fn_label, initial_stack);
interpreter.set_kernel_general_memory(memory);
interpreter.run()?;
let new_memory = interpreter.get_kernel_general_memory();
Ok((new_memory, interpreter.stack().to_vec()))
}
fn test_shr_bignum(input: BigUint, expected_output: BigUint) -> Result<()> {
let len = bignum_len(&input);
let memory = biguint_to_mem_vec(input);
let input_start_loc = 0;
let (new_memory, _new_stack) = run_test(
"shr_bignum",
memory,
vec![len.into(), input_start_loc.into()],
)?;
let output = mem_vec_to_biguint(&new_memory[input_start_loc..input_start_loc + len]);
assert_eq!(output, expected_output);
Ok(())
}
fn test_iszero_bignum(input: BigUint, expected_output: U256) -> Result<()> {
let len = bignum_len(&input);
let memory = biguint_to_mem_vec(input);
let input_start_loc = 0;
let (_new_memory, new_stack) = run_test(
"iszero_bignum",
memory,
vec![len.into(), input_start_loc.into()],
)?;
let output = new_stack[0];
assert_eq!(output, expected_output);
Ok(())
}
fn test_cmp_bignum(a: BigUint, b: BigUint, expected_output: U256) -> Result<()> {
let len = bignum_len(&a).max(bignum_len(&b));
let memory = pad_bignums(&[a, b], len);
let a_start_loc = 0;
let b_start_loc = len;
let (_new_memory, new_stack) = run_test(
"cmp_bignum",
memory,
vec![len.into(), a_start_loc.into(), b_start_loc.into()],
)?;
let output = new_stack[0];
assert_eq!(output, expected_output);
Ok(())
}
fn test_add_bignum(a: BigUint, b: BigUint, expected_output: BigUint) -> Result<()> {
let len = bignum_len(&a).max(bignum_len(&b));
let memory = pad_bignums(&[a, b], len);
let a_start_loc = 0;
let b_start_loc = len;
let (mut new_memory, new_stack) = run_test(
"add_bignum",
memory,
vec![len.into(), a_start_loc.into(), b_start_loc.into()],
)?;
// Determine actual sum, appending the final carry if nonzero.
let carry_limb = new_stack[0];
if carry_limb > 0.into() {
new_memory[len] = carry_limb;
}
let expected_output = biguint_to_mem_vec(expected_output);
let output = &new_memory[a_start_loc..a_start_loc + expected_output.len()];
assert_eq!(output, expected_output);
Ok(())
}
fn test_addmul_bignum(a: BigUint, b: BigUint, c: u128, expected_output: BigUint) -> Result<()> {
let len = bignum_len(&a).max(bignum_len(&b));
let mut memory = pad_bignums(&[a, b], len);
memory.splice(len..len, vec![0.into(); 2].iter().cloned());
let a_start_loc = 0;
let b_start_loc = len + 2;
let (mut new_memory, new_stack) = run_test(
"addmul_bignum",
memory,
vec![len.into(), a_start_loc.into(), b_start_loc.into(), c.into()],
)?;
// Determine actual sum, appending the final carry if nonzero.
let carry_limb = new_stack[0];
if carry_limb > 0.into() {
new_memory[len] = carry_limb;
}
let expected_output = biguint_to_mem_vec(expected_output);
let output = &new_memory[a_start_loc..a_start_loc + expected_output.len()];
assert_eq!(output, expected_output);
Ok(())
}
fn test_mul_bignum(a: BigUint, b: BigUint, expected_output: BigUint) -> Result<()> {
let len = bignum_len(&a).max(bignum_len(&b));
let output_len = len * 2;
let memory = pad_bignums(&[a, b], len);
let a_start_loc = 0;
let b_start_loc = len;
let output_start_loc = 2 * len;
let (new_memory, _new_stack) = run_test(
"mul_bignum",
memory,
vec![
len.into(),
a_start_loc.into(),
b_start_loc.into(),
output_start_loc.into(),
],
)?;
let output = mem_vec_to_biguint(&new_memory[output_start_loc..output_start_loc + output_len]);
assert_eq!(output, expected_output);
Ok(())
}
#[test]
fn test_shr_bignum_all() -> Result<()> {
for bit_size in BIT_SIZES_TO_TEST {
let input = gen_bignum(bit_size);
let output = input.clone() >> 1;
test_shr_bignum(input, output)?;
let input = max_bignum(bit_size);
let output = input.clone() >> 1;
test_shr_bignum(input, output)?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let shr_outputs = test_data_biguint(TEST_DATA_SHR_OUTPUTS);
for (input, output) in inputs.iter().zip(shr_outputs.iter()) {
test_shr_bignum(input.clone(), output.clone())?;
}
Ok(())
}
#[test]
fn test_iszero_bignum_all() -> Result<()> {
for bit_size in BIT_SIZES_TO_TEST {
let input = gen_bignum(bit_size);
let output = input.is_zero() as u8;
test_iszero_bignum(input, output.into())?;
let input = max_bignum(bit_size);
let output = bit_size.is_zero() as u8;
test_iszero_bignum(input, output.into())?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let iszero_outputs = test_data_u256(TEST_DATA_ISZERO_OUTPUTS);
let mut iszero_outputs_iter = iszero_outputs.iter();
for input in inputs {
let output = iszero_outputs_iter.next().unwrap();
test_iszero_bignum(input.clone(), *output)?;
}
Ok(())
}
#[test]
fn test_cmp_bignum_all() -> Result<()> {
for bit_size in BIT_SIZES_TO_TEST {
let a = gen_bignum(bit_size);
let b = gen_bignum(bit_size);
let output = match a.cmp(&b) {
Ordering::Less => MINUS_ONE,
Ordering::Equal => 0.into(),
Ordering::Greater => 1.into(),
};
test_cmp_bignum(a, b, output)?;
let a = max_bignum(bit_size);
let b = max_bignum(bit_size);
let output = 0.into();
test_cmp_bignum(a, b, output)?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let cmp_outputs = test_data_u256(TEST_DATA_CMP_OUTPUTS);
let mut cmp_outputs_iter = cmp_outputs.iter();
for a in &inputs {
for b in &inputs {
let output = cmp_outputs_iter.next().unwrap();
test_cmp_bignum(a.clone(), b.clone(), *output)?;
}
}
Ok(())
}
#[test]
fn test_add_bignum_all() -> Result<()> {
for bit_size in BIT_SIZES_TO_TEST {
let a = gen_bignum(bit_size);
let b = gen_bignum(bit_size);
let output = a.clone() + b.clone();
test_add_bignum(a, b, output)?;
let a = max_bignum(bit_size);
let b = max_bignum(bit_size);
let output = a.clone() + b.clone();
test_add_bignum(a, b, output)?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let add_outputs = test_data_biguint(TEST_DATA_ADD_OUTPUTS);
let mut add_outputs_iter = add_outputs.iter();
for a in &inputs {
for b in &inputs {
let output = add_outputs_iter.next().unwrap();
test_add_bignum(a.clone(), b.clone(), output.clone())?;
}
}
Ok(())
}
#[test]
fn test_addmul_bignum_all() -> Result<()> {
let mut rng = rand::thread_rng();
for bit_size in BIT_SIZES_TO_TEST {
let a = gen_bignum(bit_size);
let b = gen_bignum(bit_size);
let c: u128 = rng.gen();
let output = a.clone() + b.clone() * c;
test_addmul_bignum(a, b, c, output)?;
let a = max_bignum(bit_size);
let b = max_bignum(bit_size);
let c: u128 = rng.gen();
let output = a.clone() + b.clone() * c;
test_addmul_bignum(a, b, c, output)?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let u128_inputs = test_data_u128(TEST_DATA_U128_INPUTS);
let addmul_outputs = test_data_biguint(TEST_DATA_ADDMUL_OUTPUTS);
let mut addmul_outputs_iter = addmul_outputs.iter();
for a in &inputs {
for b in &inputs {
for c in &u128_inputs {
let output = addmul_outputs_iter.next().unwrap();
test_addmul_bignum(a.clone(), b.clone(), *c, output.clone())?;
}
}
}
Ok(())
}
#[test]
fn test_mul_bignum_all() -> Result<()> {
for bit_size in BIT_SIZES_TO_TEST {
let a = gen_bignum(bit_size);
let b = gen_bignum(bit_size);
let output = a.clone() * b.clone();
test_mul_bignum(a, b, output)?;
let a = max_bignum(bit_size);
let b = max_bignum(bit_size);
let output = a.clone() * b.clone();
test_mul_bignum(a, b, output)?;
}
let inputs = test_data_biguint(TEST_DATA_BIGNUM_INPUTS);
let mul_outputs = test_data_biguint(TEST_DATA_MUL_OUTPUTS);
let mut mul_outputs_iter = mul_outputs.iter();
for a in &inputs {
for b in &inputs {
let output = mul_outputs_iter.next().unwrap();
test_mul_bignum(a.clone(), b.clone(), output.clone())?;
}
}
Ok(())
}

225
evm/src/cpu/kernel/tests/bignum/test_data/add_outputs Normal file
View File

@ -0,0 +1,225 @@
0
1
21
908
1267650597867046177654064545792
340282366920938463463374607431768211455
57896044618658097611351864738157061705262361561497619362091104892532012613632
115792089237105570840234253759177109864155645142784332660520492325483608801280
231583736816786089484927226016147767929578972263620494977377884571370600267775
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049792
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348287
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780159
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103232
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369216
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046271
1
2
22
909
1267650597867046177654064545793
340282366920938463463374607431768211456
57896044618658097611351864738157061705262361561497619362091104892532012613633
115792089237105570840234253759177109864155645142784332660520492325483608801281
231583736816786089484927226016147767929578972263620494977377884571370600267776
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049793
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348288
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780160
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103233
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369217
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046272
21
22
42
929
1267650597867046177654064545813
340282366920938463463374607431768211476
57896044618658097611351864738157061705262361561497619362091104892532012613653
115792089237105570840234253759177109864155645142784332660520492325483608801301
231583736816786089484927226016147767929578972263620494977377884571370600267796
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049813
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348308
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780180
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103253
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369237
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046292
908
909
929
1816
1267650597867046177654064546700
340282366920938463463374607431768212363
57896044618658097611351864738157061705262361561497619362091104892532012614540
115792089237105570840234253759177109864155645142784332660520492325483608802188
231583736816786089484927226016147767929578972263620494977377884571370600268683
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998050700
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486349195
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690781067
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387104140
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375370124
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957047179
1267650597867046177654064545792
1267650597867046177654064545793
1267650597867046177654064545813
1267650597867046177654064546700
2535301195734092355308129091584
340282368188589061330420785085832757247
57896044618658097611351864738157061705262361562765269959958151070186077159424
115792089237105570840234253759177109864155645144051983258387538503137673347072
231583736816786089484927226016147767929578972264888145575244930749024664813567
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725447442614227457227324739062595584
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851379715837692741036504647550894079
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756017613817472060411970538755325951
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459868939503685406252196573451649024
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059367521063656309566056683439915008
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571754105966758923615108084021592063
340282366920938463463374607431768211455
340282366920938463463374607431768211456
340282366920938463463374607431768211476
340282366920938463463374607431768212363
340282368188589061330420785085832757247
680564733841876926926749214863536422910
57896044618658097611351864738157061705602643928418557825554479499963780825087
115792089237105570840234253759177109864495927509705271123983866932915377012735
231583736816786089484927226016147767929919254630541433440841259178802368479230
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656433007813095902093053555754516766261247
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352969133745369125558337364934425254559742
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107569038383267105337656740400316458991614
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244438742234592791551002580626351155314687
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359572341733174351521905894486461143580671
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998595854119759254624519943537861725257726
57896044618658097611351864738157061705262361561497619362091104892532012613632
57896044618658097611351864738157061705262361561497619362091104892532012613633
57896044618658097611351864738157061705262361561497619362091104892532012613653
57896044618658097611351864738157061705262361561497619362091104892532012614540
57896044618658097611351864738157061705262361562765269959958151070186077159424
57896044618658097611351864738157061705602643928418557825554479499963780825087
115792089237316195222703729476314123410524723122995238724182209785064025227264
173688133855763668451586118497334171569418006704281952022611597218015621414912
289479781435444187096279090754304829634841333825118114339468989463902612881407
3273390607896141870013189696827599152216642046043064789482248405676250539586401155309462588318799202567027652361355087007672582991681286039617010663424
5027927973729236057982426364448826617555638513633071601633370220421967636306804394074875752581912318823441521134057891212939945806456965095219525498961919
13407807929942597099574024997867385471458758537929012740010782671329620832395892888572752773084019014537559577489812491117577843786236284470685416703393791
26815615859885194199148049995734770942917517075858043397979502765092926124329972428655111861232797616170839264946949360821429169472449630310911451399716864
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356940333001073316904952470628102164776064494420927751032420533624771561387982848
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463796730242309831072892700701204289449703517933314335935523147673822961969659903
115792089237105570840234253759177109864155645142784332660520492325483608801280
115792089237105570840234253759177109864155645142784332660520492325483608801281
115792089237105570840234253759177109864155645142784332660520492325483608801301
115792089237105570840234253759177109864155645142784332660520492325483608802188
115792089237105570840234253759177109864155645144051983258387538503137673347072
115792089237105570840234253759177109864495927509705271123983866932915377012735
173688133855763668451586118497334171569418006704281952022611597218015621414912
231584178474211141680468507518354219728311290285568665321040984650967217602560
347375826053891660325161479775324877793734617406404827637898376896854209069055
3273390607896141870013189696827599152216642046043064789482248405676250539644297199927910061547681591588047700520248370588959296290110673472568606851072
5027927973729236057982426364448826617555638513633071601633370220421967636306862290119494200055141201212462541182216784496521232519755394482652477095149567
13407807929942597099574024997867385471458758537929012740010782671329620832395950784617371220557247896926580597537971384401159130499534713858118368299581439
26815615859885194199148049995734770942917517075858043397979502765092926124330030324699730308706026498559860284995108254105010456185748059698344402995904512
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356998229045691764378181353017123184824223387704509037745718963012204512984170496
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463854626286928278546121583090225309497862411216895622648821577061255913565847551
231583736816786089484927226016147767929578972263620494977377884571370600267775
231583736816786089484927226016147767929578972263620494977377884571370600267776
231583736816786089484927226016147767929578972263620494977377884571370600267796
231583736816786089484927226016147767929578972263620494977377884571370600268683
231583736816786089484927226016147767929578972264888145575244930749024664813567
231583736816786089484927226016147767929919254630541433440841259178802368479230
289479781435444187096279090754304829634841333825118114339468989463902612881407
347375826053891660325161479775324877793734617406404827637898376896854209069055
463167473633572178969854452032295535859157944527240989954755769142741200535550
3273390607896141870013189696827599152216642046043064789482248405676250539760088847507590580192374563845018358585671697709795458606968065718455598317567
5027927973729236057982426364448826617555638513633071601633370220421967636306978081767073880573785894184719511840282207823642068682072251874898364086616062
13407807929942597099574024997867385471458758537929012740010782671329620832396066576264950901075892589898837568196036807728279966661851571250364255291047934
26815615859885194199148049995734770942917517075858043397979502765092926124330146116347309989224671191532117255653173677432131292348064917090590289987371007
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322357114020693271444896826045989380155482288811031629873908035820404450399975636991
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463970417934507959064766276062482280155927834544016458811138434453501800557314046
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049792
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049793
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049813
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998050700
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725447442614227457227324739062595584
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656433007813095902093053555754516766261247
3273390607896141870013189696827599152216642046043064789482248405676250539586401155309462588318799202567027652361355087007672582991681286039617010663424
3273390607896141870013189696827599152216642046043064789482248405676250539644297199927910061547681591588047700520248370588959296290110673472568606851072
3273390607896141870013189696827599152216642046043064789482248405676250539760088847507590580192374563845018358585671697709795458606968065718455598317567
6546781215792283740026379393655198304433284092086129578964496811352501079057010221381608981414894675657741181312185450892349927259180362294169996099584
5031201364337132199852439554145654216707855155679114666422852468827643886846275003140947898975008414296532234663008721576824623150724464171474078484398079
13411081320550493241444038187564213070610975179975055804800264919735297082935363497638824919477115110010650291018763321481462521130503783546939969688829951
26818889250493090341018063185431598542069733717904086462768985013498602374869443037721184007625893711643929978475900191185313846816717129387166004385153024
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094859873731529946340457125253265606438475403785866280608383688705623749572896410942067145463298048566101192878305015324784812428376688032701026114373419008
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988312365191525626829590504228669795829923743060941349315981180118158171906003267339308381977465988796174295002978654348297199013279790646750077514955096063
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348287
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348288
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348308
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486349195
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851379715837692741036504647550894079
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352969133745369125558337364934425254559742
5027927973729236057982426364448826617555638513633071601633370220421967636306804394074875752581912318823441521134057891212939945806456965095219525498961919
5027927973729236057982426364448826617555638513633071601633370220421967636306862290119494200055141201212462541182216784496521232519755394482652477095149567
5027927973729236057982426364448826617555638513633071601633370220421967636306978081767073880573785894184719511840282207823642068682072251874898364086616062
5031201364337132199852439554145654216707855155679114666422852468827643886846275003140947898975008414296532234663008721576824623150724464171474078484398079
10055855947458472115964852728897653235111277027266143203266740440843935272613492996060514188968601933917406728144705257702756896374189747980653986972696574
18435735903671833157556451362316212089014397051562084341644152891751588468702581490558391209470708629631524784500459857607394794353969067356119878177128446
31843543833614430257130476360183597560473155589491114999612872985514893760636661030640750297619487231264804471957596727311246120040182413196345912873451519
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604099884528314651286256569538428017605456878825657453309145227576677640040958663628934986711753291642085722067371786711860910744701600153316510206022861717503
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060993337019774646966745702917403421794848327164932528377852825068090174463291770485332227948267459582315795169496460350884423131286503255930559257423443394558
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780159
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780160
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780180
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690781067
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756017613817472060411970538755325951
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107569038383267105337656740400316458991614
13407807929942597099574024997867385471458758537929012740010782671329620832395892888572752773084019014537559577489812491117577843786236284470685416703393791
13407807929942597099574024997867385471458758537929012740010782671329620832395950784617371220557247896926580597537971384401159130499534713858118368299581439
13407807929942597099574024997867385471458758537929012740010782671329620832396066576264950901075892589898837568196036807728279966661851571250364255291047934
13411081320550493241444038187564213070610975179975055804800264919735297082935363497638824919477115110010650291018763321481462521130503783546939969688829951
18435735903671833157556451362316212089014397051562084341644152891751588468702581490558391209470708629631524784500459857607394794353969067356119878177128446
26815615859885194199148049995734770942917517075858025480021565342659241664791669985056268229972815325345642840856214457512032692333748386731585769381560318
40223423789827791298722074993602156414376275613787056137990285436422546956725749525138627318121593926978922528313351327215884018019961732571811804077883391
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604108264408270864647298161137061436164310781945681749250283604989128547694154752717429484588773793748781436185428142466460815382599579932635885671914066149375
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581061001716899730860327787294516036840353702230284956824318991202480541082116487859573826725825287961689011509287552816105484327769184483035249934723314647826430
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103232
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103233
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103253
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387104140
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459868939503685406252196573451649024
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244438742234592791551002580626351155314687
26815615859885194199148049995734770942917517075858043397979502765092926124329972428655111861232797616170839264946949360821429169472449630310911451399716864
26815615859885194199148049995734770942917517075858043397979502765092926124330030324699730308706026498559860284995108254105010456185748059698344402995904512
26815615859885194199148049995734770942917517075858043397979502765092926124330146116347309989224671191532117255653173677432131292348064917090590289987371007
26818889250493090341018063185431598542069733717904086462768985013498602374869443037721184007625893711643929978475900191185313846816717129387166004385153024
31843543833614430257130476360183597560473155589491114999612872985514893760636661030640750297619487231264804471957596727311246120040182413196345912873451519
40223423789827791298722074993602156414376275613787056137990285436422546956725749525138627318121593926978922528313351327215884018019961732571811804077883391
53631231719770388398296099991469541885835034151716086795959005530185852248659829065220986406270372528612202215770488196919735343706175078412037838774206464
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604121672216200807244397735162059303549782240704219678280941573709222310999446686796969566947861942527383069465115599603330519233925266145981725897948762472448
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581061015124707660802924886868541034707739173689043494753349649171200634845421779793653366808184376110467613142567240273242354031620510169248595774949349344149503
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369216
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369217
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369237
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375370124
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059367521063656309566056683439915008
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359572341733174351521905894486461143580671
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356940333001073316904952470628102164776064494420927751032420533624771561387982848
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356998229045691764378181353017123184824223387704509037745718963012204512984170496
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322357114020693271444896826045989380155482288811031629873908035820404450399975636991
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094859873731529946340457125253265606438475403785866280608383688705623749572896410942067145463298048566101192878305015324784812428376688032701026114373419008
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604099884528314651286256569538428017605456878825657453309145227576677640040958663628934986711753291642085722067371786711860910744701600153316510206022861717503
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604108264408270864647298161137061436164310781945681749250283604989128547694154752717429484588773793748781436185428142466460815382599579932635885671914066149375
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604121672216200807244397735162059303549782240704219678280941573709222310999446686796969566947861942527383069465115599603330519233925266145981725897948762472448
21430172143725344039741447416747135734328099194269775938858685112579378184657786065906763159178676625205218492566825428477050725853377832065983208189713200681844100397174224127137557678646374287640475087188412914436146644713764873912909317614682237526728015428718464118732506826116885039758058750738432
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824629198276151174244463087285660418287344529756165187857520911105123842660034918703411836307538943107430287596439419222071804002615797677806638572665083165692141839780886307603102541747070094713562715543794785904326970568977820621271154145831782622467599830140102357487631119091729219499088809459332415487
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046271
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046272
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046292
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957047179
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571754105966758923615108084021592063
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998595854119759254624519943537861725257726
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463796730242309831072892700701204289449703517933314335935523147673822961969659903
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463854626286928278546121583090225309497862411216895622648821577061255913565847551
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463970417934507959064766276062482280155927834544016458811138434453501800557314046
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988312365191525626829590504228669795829923743060941349315981180118158171906003267339308381977465988796174295002978654348297199013279790646750077514955096063
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060993337019774646966745702917403421794848327164932528377852825068090174463291770485332227948267459582315795169496460350884423131286503255930559257423443394558
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581061001716899730860327787294516036840353702230284956824318991202480541082116487859573826725825287961689011509287552816105484327769184483035249934723314647826430
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581061015124707660802924886868541034707739173689043494753349649171200634845421779793653366808184376110467613142567240273242354031620510169248595774949349344149503
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824629198276151174244463087285660418287344529756165187857520911105123842660034918703411836307538943107430287596439419222071804002615797677806638572665083165692141839780886307603102541747070094713562715543794785904326970568977820621271154145831782622467599830140102357487631119091729219499088809459332415487
70149324220868077495255175920561715987048031760661657648151596049581927701126644407314161773169938523306300574636470765864723972756401953860971729649236966380158623144886433123904089438954731413136105939102963525135105941885179620757765851918707538235369974386271618715130954505741977781211162121976618183601835461375440982077945936461543052837790612502383395739504991310927477668395382345950562697672932264775996511143505676632322113137860859914092542

1350
evm/src/cpu/kernel/tests/bignum/test_data/addmul_outputs Normal file
View File

File diff suppressed because it is too large Load Diff

15
evm/src/cpu/kernel/tests/bignum/test_data/bignum_inputs Normal file
View File

@ -0,0 +1,15 @@
0
1
21
908
1267650597867046177654064545792
340282366920938463463374607431768211455
57896044618658097611351864738157061705262361561497619362091104892532012613632
115792089237105570840234253759177109864155645142784332660520492325483608801280
231583736816786089484927226016147767929578972263620494977377884571370600267775
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049792
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348287
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780159
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103232
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369216
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046271

225
evm/src/cpu/kernel/tests/bignum/test_data/cmp_outputs Normal file
View File

@ -0,0 +1,225 @@
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
1
1
1
1
0
115792089237316195423570985008687907853269984665640564039457584007913129639935
1
1
1
1
1
1
1
1
1
1
1
1
1
1
0

15
evm/src/cpu/kernel/tests/bignum/test_data/iszero_outputs Normal file
View File

@ -0,0 +1,15 @@
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0

225
evm/src/cpu/kernel/tests/bignum/test_data/mul_outputs Normal file
View File

@ -0,0 +1,225 @@
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
21
908
1267650597867046177654064545792
340282366920938463463374607431768211455
57896044618658097611351864738157061705262361561497619362091104892532012613632
115792089237105570840234253759177109864155645142784332660520492325483608801280
231583736816786089484927226016147767929578972263620494977377884571370600267775
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049792
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348287
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780159
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103232
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369216
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046271
0
21
441
19068
26620662555207969730735355461632
7145929705339707732730866756067132440555
1215816936991820049838389159501298295810509592791450006603913202743172264886272
2431633873979216987644919328942719307147268547998470985870930338835155784826880
4863258473152507879183471746339103126521158417536030394524935575998782605623275
68741202765818979270276983633379582196549482966904360579127216519201261330098607324506894304856394094406282403777947234369674236221393804088784959045632
105586487448313957217630953653425358968668408786294503634300774628861320362441676458635398984170320306132770645519405205878947411928992353796866863213314027
281563966528794539091054524955215094900633929296509267540226436097922037480312534843090816414714560916129249828990251803876343269504358060681650578506383339
563127933057589078182109049910430189801267858593018911357569558066951448610928205184820357265838911550428123265590126067657221108914838323326397307129167872
225016807509116112417285197875844925210445041539832647358016193682083470938906753692021013171376104564654794171951666999009032621460467236692823685991988607159363054170329353334944355625786930020224988415478335601579539769494531176085547834954163494030644162001543873246691321674227292917459616882753536
736567904319114813700179347165898017864004333486947405305591758520610240861829766276798698618284354494716156033682943041579601713942220515540203161316988146991665543021307547800992939109024679837929112360581117013918612389794386017956541445146429151471384731055851996508875022310290766702717202280754490927819272344442130311818432332846202054796801431275025655264802408764738515518151514632480908325565788780147963367006809604639382187947539029097971691
0
908
19068
824464
1151026742863277929309890607579136
308976389164212124824744143548045536001140
52569608513741552631107493182246612028378224297839838380778723242419067453177856
105139217027291858322932702413332815756653325789648174055752607031539116791562240
210278033029641769252313921222662173280057706815367409439459119190804505043139700
2972238671969696817971976244719460030212710977807102828849881552354035489891882640507250477562362182748614496315732194705126866975667884481553178229211136
4565358600146146340648043138919534568740519770378829014283100160143146613766525820211473441791745277998502654577696186997051630953882145583216910085604244596
12174289600387878166413214698063586008084552752439543567929790665567295715815418173215545776407658157706921849748721363710462842319521767576139939299228384372
24348579200775756332826429396127172016169105504879103405365388510704376920891562395610327828446749127989939805959801641401559846042603485599065178803489734656
9729298153251306194042617127203199623384957034198478276241843041111037695834634873921670474267119187843169195625338744528581029537433535757956376518129793109557221580317097753720451186105453926588775689583539463154010576700049252756460830197065735837134519004638182709904558099057065808050158672835248128
31847793196274107182845849867935019058119806419340392572260824606510195176311496560920629445019152089581060460884957727702584683631406487052881165260753582736592014907778440638252456605285448061563792096352745440411338097615871547824025696771093222358857968371367314896669453345606857912669867603377384655355233299464450205863387455153540545988356938076082061665735266055161074861451503585061555464743511248208302416059151577191074239364588830400998014068
0
1267650597867046177654064545792
26620662555207969730735355461632
1151026742863277929309890607579136
1606938038272679619211255036084048932956190504430095264907264
431359145870941220571487096504865044588697904564591140391738786447360
73391955574979118963811141843059488536193514605218060347731553038824318137413435829926783487818828867436544
146783911149691239803259475393272332038744581223672095908357420057841712239442615794649035123910216788213760
293567262432083559770702660509494961636846893913475830448684457955877331972488384611363806317219648949452800
4149515561151917970063980879655710938513649460124350952720371065270297197065154634382680097543307069927884450339928718724097725668943949230978441358030208342019760039438410280075264
6373655901930312136397229380018411440828683949391920950832693445711366448193584697763678864931677968612065262908033170282412527802037703004824976134384286640214222530054133889372258304
16996415738478256005382065682640742151192912704409604594012987116129634408058546371285779101609491343355313613863898166638327059654603396304113335697353121717251389843622698066460540928
33992831476956512010764131365281484302385825408819231901736066162392911122587750794642859557837487570646738733764326406607430768230396539092082721200286809873288301231428402460695199744
13582985265193575509847153720290630277475301176695966793104558898916525902171099726111653252346386417687634059875171486934990855171785554727726817192028731914702681172768151028934363876033198780003232825417916826555570603003610443324900765322801514628836373961563717819815659178099324514051673737887522648522145975473923735339139072
44462416394276340862910922260389321581298853470913371563358965890746390942505208917810214508921403677924050484037361854923909199530783769557857398908416797467991642660044081596444758567725905941578862500220928052627591160031402858547990440510112144073496748573294083122100295594485512238065152913601534980743295758670057701269862152855527112109603873427804287879276629501582896265202691196110634325565999430887153483257613158570830305101308846059434951620873330091758706311542341632
0
340282366920938463463374607431768211455
7145929705339707732730866756067132440555
308976389164212124824744143548045536001140
431359145870941220571487096504865044588697904564591140391738786447360
115792089237316195423570985008687907852589419931798687112530834793049593217025
19701003098197239571963727475337245584161626291901231402719522479678259504890677218990119895590117915143388591554560
39402006196322807380529480735708200350692396090822410401547663254352517428719749608020233606624972587007562114662400
78803862104411649792976274791681038936454943300723566886694079153850261012036590002656572187311458765011955822362625
1113877103911668754551067286547922686738237475419584309931192581897577662915063323503306740447008536028968181678028580322422866333819711284625174374608617279642589745120484326564854874767360
1710915231608582551713494414139930175751260546116444122900349352360496966554854730076753484481830650675467827629295222707109502155201699203484369755223655341193278275893163301956243837193027585
4562440617622195218641171605585119131739514871918667547682857357314343535508689562160604455918497575074715174882382908134196095677901105600185199282794955018371204524886410100925712980030521345
9124881235244390437282343211170238263479029743837341192530852050551013988199468564099149809149237792502394782872367659707645708326849200364829008985690446628655225628506036591091211274089922560
3646154850295010964902624396817474390399390616036693719739415376725561063085178919082942505698777176089060633115597677023110409583667009527018497076154392047301826729011247840192495744913649306569979494349478121435366144715292958165239232610420731738086890347478323006048396719686780691510330825043607290550999833104265740262684222585569280
11935289041890653422458560211344367565999989567726224393815132782921219808519438180124970259072038417888105302535754774032670805811336900569676094726678661851388189281957447472598923409448779291182901295823514011338832830575108282476521982723289897702706625317681157972521881629518687524749107700488703863037130875637878556278141428758998783243913325146240393321801800775493463196094645471464263521615496507631433158100292031999009575957202146963989209941350094442798986370318517904347234305
0
57896044618658097611351864738157061705262361561497619362091104892532012613632
1215816936991820049838389159501298295810509592791450006603913202743172264886272
52569608513741552631107493182246612028378224297839838380778723242419067453177856
73391955574979118963811141843059488536193514605218060347731553038824318137413435829926783487818828867436544
19701003098197239571963727475337245584161626291901231402719522479678259504890677218990119895590117915143388591554560
3351951982485649263264086660821751293167574115217012473116062855570117177114956810549394311722122195190355926629690380263290286253266199596551551712231424
6703903964959104207882943247098074879292236184530784614687051259089361504778664925296585557644723899819989557097938820112754998714546796218504411307048960
13407782359700221432208153137018396716476230393601324554188676058418403973105159781474496977845448805812756231084668278028521746573850893544243696815308800
189516368689051383356419666365934487249694726206307462692478442160356412055175068191548410359233923189538270288357620597887942150501998384340803566981539803652861191767034299241276777771401726930027167539955532412991464793964544
291097142306427050053565423426590890568146840930776532405423684287884740444915857761347334012000265903675449121187612221625638517177392299309155307502337486020927127535947499456450345719682189031665783117734919052512795878316048384
776259046150354466227894953415272126532120228827236797123305565388337686400499060284004070246335310139188795312112703394374362640691719752700909206017051198060493495608220461125520225112836119459965070690227765389768580522718527488
1552518092300708932455789906830544253064240457654474631625503351024913201337446226079742769388732571127058525201398326436194714101150988019032351961389195980792206263906993685249030935631117974530339035198582125552984050009714458624
620361101309323186180458062143306311203234091808422651940994483172973212453462540277947848500764537416293185308049243121091077089522237714087216426627812178598932718744797175293795424927554129248204812001597295596246882084347634304130710520242400817201806901439842621734294451519310289297352148130231477204202016235965703658712648032709044435339313088432114418262153009154752512
2030684202530045702032438070068470600111523314891992114474287665026563901579442604747297208342924347358657516628421307413109601517971206668455722861607048951866317121347560401223028395731439655580245638497036905507303055096291514983167804903577061365248747133480848909746535730849828042674125732472216127172563383280944806187156793401092909358110607810689164992655422507992440651826516323860482006072417239646401793958680956430020069720523666773505207631846930990177373853120582291091033196123813538806140647566683428129469366272
0
115792089237105570840234253759177109864155645142784332660520492325483608801280
2431633873979216987644919328942719307147268547998470985870930338835155784826880
105139217027291858322932702413332815756653325789648174055752607031539116791562240
146783911149691239803259475393272332038744581223672095908357420057841712239442615794649035123910216788213760
39402006196322807380529480735708200350692396090822410401547663254352517428719749608020233606624972587007562114662400
6703903964959104207882943247098074879292236184530784614687051259089361504778664925296585557644723899819989557097938820112754998714546796218504411307048960
13407807929893819778475470707735784992488440665279129110225796518690280399801487040957178859490788616767266574533518552379422042573571257824675478529638400
26815564719351665682859297115793503881598601899157213443769731667066042177950468012051000327834243644827516674656869253925854969676662574929007714762752000
379032737377413310837469826127201516165849126556927185280268831441004642386080191344591587626743143491163530774059885949190517071683841202707214877193839283509836239507327810571115256102701286181423314856476535119531046873333760
582194284611795095882563124181957331911668652816390808061798178917116866814434754607160150716463467811845369643570012125338680346889780167007790616300675328647243232411818768880659637664081627824716845155217383295556538120651407360
1552518092297884921190276407777826343730130571016241164825192478707830380921635634356568453745503455149401263113730019700298099019902002012202155472213879518073654497303294521076488615535022163842239123103052036543841131161997803520
3105036184595769842380552815555652687460261142032484404408169394138177593232526559709091771925126394796328107261127062087481484183515508524562872429687439110406240134689348936276584863546005281248676694097265868804492346319133736960
1240722202616389513973922768685786106091078788555724681396110088894901580356174059693107801547999717844793849118253907517164294570375212313898259715085141105940658891307423763778538377665051892100124228941562467259128201610076266056373405707086736336167605239314782881108716366473706926696989024480092947548903006603393526774842227227605392632574744471346260936099413707173396480
4061368405052703825017540452826323628177065892919822203995680056457293914967717151139514347845670761968317643193023213196105279034485542899856942497055973489887306964055240783810529148217259878326321073593635104947630604439996612121186052320432514468047976270758130684476727539892394554268861392044474193564110067997362607705131765085400073399409683739317269432145800594368855385753859106179981112207797478255195155380669937444019554506527587107321605367039934467094788088851405871320736566808054693946822238648612224007804026880
0
231583736816786089484927226016147767929578972263620494977377884571370600267775
4863258473152507879183471746339103126521158417536030394524935575998782605623275
210278033029641769252313921222662173280057706815367409439459119190804505043139700
293567262432083559770702660509494961636846893913475830448684457955877331972488384611363806317219648949452800
78803862104411649792976274791681038936454943300723566886694079153850261012036590002656572187311458765011955822362625
13407782359700221432208153137018396716476230393601324554188676058418403973105159781474496977845448805812756231084668278028521746573850893544243696815308800
26815564719351665682859297115793503881598601899157213443769731667066042177950468012051000327834243644827516674656869253925854969676662574929007714762752000
53631027158026444898639041353951338860236953565976155186370673275827169990229796710610136585486710294744741538759339503142188427219888626557524901703450625
758064029037559548223859302619650075474792064511873124215265408149659395559453789942397036648834306197292055977388138161024258210175532633810972040915105374809744387652086706188503922572983286780452241329985943497170267983052800
1164386348601867966607659549490709240641434805493466720013626865708760416816760684474263347086593403580537140168446677038569831210140531685534851163995750025031331763664446019825967919583282914146489408839507982335431232969112551425
3105030262937843909524927703451704725658035213057063685463909781308268889930827638236818973565112070382840731126979240983820442568989111483626724942061970361307566813811606244576718762256490550467423465073089242630619613999057076225
6210060525875687819049855406903409451316070426114131520435474836896735901928651243521579858300210079569809751772692509393442960425269123499217289079803270033146012536744468900746753485654275750950451702497211174173610068660767948800
2481439672835455316435450222961490952467054688477443973252759241836914049418059193066289201770080478782010589768308256548437208615056252516149995383823877308087652590010038324508787501850632011084265376115191445269164718609708653219057772287156297315205415965661016801043979428655461218374679406517792258741473669803979329510535342890018189384338466515427440201885258439091814400
8122721319120455379930921158326117871838290539711891253924140849349950965031209192469013362813226005733220497444267273168824363782607514900842646678617218420603025285381689301022402706647780653422402593097268270904777394649862358017106423565800216445602438232961812733726274533361295534877361561034733716956723820342508274535124544488827440330912196294237990424996646092080259959888790753448676537815274083485701600749922454909872662388097681488248458568576219237116237159724865297204930388201921385039717285631411970780665217025
0
3273390607896141870013189696827599152216642046043064789482248405676250539528505110690804490707447337828870590656092725446174963629590181147084998049792
68741202765818979270276983633379582196549482966904360579127216519201261330098607324506894304856394094406282403777947234369674236221393804088784959045632
2972238671969696817971976244719460030212710977807102828849881552354035489891882640507250477562362182748614496315732194705126866975667884481553178229211136
4149515561151917970063980879655710938513649460124350952720371065270297197065154634382680097543307069927884450339928718724097725668943949230978441358030208342019760039438410280075264
1113877103911668754551067286547922686738237475419584309931192581897577662915063323503306740447008536028968181678028580322422866333819711284625174374608617279642589745120484326564854874767360
189516368689051383356419666365934487249694726206307462692478442160356412055175068191548410359233923189538270288357620597887942150501998384340803566981539803652861191767034299241276777771401726930027167539955532412991464793964544
379032737377413310837469826127201516165849126556927185280268831441004642386080191344591587626743143491163530774059885949190517071683841202707214877193839283509836239507327810571115256102701286181423314856476535119531046873333760
758064029037559548223859302619650075474792064511873124215265408149659395559453789942397036648834306197292055977388138161024258210175532633810972040915105374809744387652086706188503922572983286780452241329985943497170267983052800
10715086071862673209484250490600018105614048117055336074430675836924241540472703456698285220172692381666915465456597657220856438022326048260043738079097569861723477222864084024723456654120868104119493560585512807944190828392178187984719137393049169103254142087127248661337626132381236011316443311243264
16458372206383560850154727152772241309834362634645429482097685030171884111143709030259566480970840675586286057165552281949963074948236086284290260005656649082848245798566424861913543183906541851941660459520122404258933779435071795354694349641611033685309336221143617936715894403545863381859480370679906304
43888992550349509466047490008389760228034918444740354476264789433451422494435484145605446873947256471512988292597450618642207676514741311261882165968599848430310026415377131508214755446432997138431116604680521746555008944242629428478468183278110882114932777127534190355484669739785885245968619478007676928
87777985100699018932094980016779520456069836889480767605004803903623391638540464457280122746011077411993751425324753978750781979522477580196467009117071428016628499217023421730630965195213525748235513398478599337876370083082111993797578339643292113170849335330813036879783075982297998725326138636180127744
35074662110434034853557842365135370752418744845644232722536724705537763948482350096800897815346751615649214933728622564185847196492435060706089044924648133026630781093917108095545664072447733261889308217617387286462129653489067160073127037621299577013488448084508231783465815261392679840044175715075506479855049458960417568692240224459402814116944692003822183536118940032489278563958573604110859792014017609258239480765944544557609136035015279952003072
114813069527425452423283320117768198402231770208869520047727692128105340272556505252150160006414760200146251310083289009338166699942758143608103582817139261613860686884404865091240091700335916571366968398775231636972558602982410372368561085607640039695044427708003371630792169233277670446637805866344012196830083200549854376617192853167566486801110672010487276196765581360935421367998631422802129683085092788505721142860577202194007940588172852101767238437699363756153062785321947495141655278338111834268668260296874876439322420209270108736741859953710415066991479177424624334867465316525824363705925632
0
5027927973729236057982426364448826617555638513633071601633370220421967636306746498030257094484300966958703364072352628851378448187094873990326993486348287
105586487448313957217630953653425358968668408786294503634300774628861320362441676458635398984170320306132770645519405205878947411928992353796866863213314027
4565358600146146340648043138919534568740519770378829014283100160143146613766525820211473441791745277998502654577696186997051630953882145583216910085604244596
6373655901930312136397229380018411440828683949391920950832693445711366448193584697763678864931677968612065262908033170282412527802037703004824976134384286640214222530054133889372258304
1710915231608582551713494414139930175751260546116444122900349352360496966554854730076753484481830650675467827629295222707109502155201699203484369755223655341193278275893163301956243837193027585
291097142306427050053565423426590890568146840930776532405423684287884740444915857761347334012000265903675449121187612221625638517177392299309155307502337486020927127535947499456450345719682189031665783117734919052512795878316048384
582194284611795095882563124181957331911668652816390808061798178917116866814434754607160150716463467811845369643570012125338680346889780167007790616300675328647243232411818768880659637664081627824716845155217383295556538120651407360
1164386348601867966607659549490709240641434805493466720013626865708760416816760684474263347086593403580537140168446677038569831210140531685534851163995750025031331763664446019825967919583282914146489408839507982335431232969112551425
16458372206383560850154727152772241309834362634645429482097685030171884111143709030259566480970840675586286057165552281949963074948236086284290260005656649082848245798566424861913543183906541851941660459520122404258933779435071795354694349641611033685309336221143617936715894403545863381859480370679906304
25280059709008981479231968148711644861442111696433705443231567360117402528393306066518309787037990431336656280044426224316649696164180810324022564882675140987960579876942528723700768267175237032707899300231700312150169638715161500573218061631068318350665689512114702779435677385026007774824467356638267834369
67413492557347065242233762416053344604668789415978336070232719704519730695842285928289497175591340668357371303688672579355774019833840277487199698360245654983419254719431470785652320406511710713843764264258846732773932462012692405900266395961054012873582577495350462230973011642886763600990552681342023237633
134826985114694130484467524832106689209337578831956762230667385079098314604114856488714967534864721366751145206577896381937685648970101488283024945486839684466321300593943839555804243973666843820217508302523380061872683673515732869098988513858354359158586336115486301550288354364817320561524260650122775363584
53874681001634843991219960220676811838216618976411872431379454389487697453585414607630678378827390586054634875212617995067952662788488677051131226188233783645486119633174249397007355413950452332486425618874867205381482252662669001815967811090854730467120253594575199233845159152018106715728564966104973555959854476034899985603379172050429045260764066870120309159237337727562784303384359771520036909014223788365313020881488428759631128761329980986194132992
176352874794152226923041126648344020296255845787663270025002097998433518218912651792864315498223942025499431461820100039971032945845086214853910514425858431681855101933052310870599356102672426974402827054711569107570218750844042593899023102723914290002809698086928282996956938154665332804357164535720651529889760012561396833002255365927318549914998445177047355818945707770980966071916771923738923854573521041830764111506524804411686150461839884079980325493144566147614078318969489021758698999020279168507320287970878237811504779638217033120905407240942949803405092731964364881039731836747753076040480587777
0
13407807929942597099574024997867385471458758537929012740010782671329620832395834992528134114986407662672821420428107228756016346166874193365792884690780159
281563966528794539091054524955215094900633929296509267540226436097922037480312534843090816414714560916129249828990251803876343269504358060681650578506383339
12174289600387878166413214698063586008084552752439543567929790665567295715815418173215545776407658157706921849748721363710462842319521767576139939299228384372
16996415738478256005382065682640742151192912704409604594012987116129634408058546371285779101609491343355313613863898166638327059654603396304113335697353121717251389843622698066460540928
4562440617622195218641171605585119131739514871918667547682857357314343535508689562160604455918497575074715174882382908134196095677901105600185199282794955018371204524886410100925712980030521345
776259046150354466227894953415272126532120228827236797123305565388337686400499060284004070246335310139188795312112703394374362640691719752700909206017051198060493495608220461125520225112836119459965070690227765389768580522718527488
1552518092297884921190276407777826343730130571016241164825192478707830380921635634356568453745503455149401263113730019700298099019902002012202155472213879518073654497303294521076488615535022163842239123103052036543841131161997803520
3105030262937843909524927703451704725658035213057063685463909781308268889930827638236818973565112070382840731126979240983820442568989111483626724942061970361307566813811606244576718762256490550467423465073089242630619613999057076225
43888992550349509466047490008389760228034918444740354476264789433451422494435484145605446873947256471512988292597450618642207676514741311261882165968599848430310026415377131508214755446432997138431116604680521746555008944242629428478468183278110882114932777127534190355484669739785885245968619478007676928
67413492557347065242233762416053344604668789415978336070232719704519730695842285928289497175591340668357371303688672579355774019833840277487199698360245654983419254719431470785652320406511710713843764264258846732773932462012692405900266395961054012873582577495350462230973011642886763600990552681342023237633
179769313486231590772930519069826442426264354005082326596360185112449176958549873259557850386600277367825925997915804457268344327753240407083712876794615624877762257166854166161646934596377646965522119647578649647126703396773127858133295428017635762092566594653974618708449402594449637475763618354340068065281
359538626972463181545861038139652884852528708010164893433258891975305712994145996750811464699841724874842731010897931000393441458205293971046234853904111613343804779646728343027691647116232436982584254759296818415737834043273351893507362234301351226814369365796651940053069649153544102516262530232441150373888
143665816004337806760172922323967843540707266966555160070938769845933482343514311921981576218185379382379331497993348644831971734671586556667433058226409769129546130073493215528938527708576559133205415270644020134698724204081225254029881946465693095984137609224865240709292656860316268992459694963883823498044606777540574301742157684362334319609311262061951308672635789253885343679712825576151996358495453517343899352653487644349083554108658142161712185344
470274332784334653125768479190507147507942688099845821153656843754997301836979240962837606053917822376117946484914782536168160296609184534239096896145262203039351588043847354547077881392556187451052716096931348618124350989790368724551688012179157579351487604719105146798178247445433672967393357192101321816498019101823012168469706240238546733430563115610529101897377344839733586268940478469960836347004487048570855680122137578043206023975369775048480356517721340390187833972378623137126307547351741242129046523455257536374422351385724837117101473491922399552018441281779378146120832426011456202350251737089
0
26815615859885194199148049995734770942917517075858043397979502765092926124329914532610493203135186264306101107885244098459867671853087539206018919387103232
563127933057589078182109049910430189801267858593018911357569558066951448610928205184820357265838911550428123265590126067657221108914838323326397307129167872
24348579200775756332826429396127172016169105504879103405365388510704376920891562395610327828446749127989939805959801641401559846042603485599065178803489734656
33992831476956512010764131365281484302385825408819231901736066162392911122587750794642859557837487570646738733764326406607430768230396539092082721200286809873288301231428402460695199744
9124881235244390437282343211170238263479029743837341192530852050551013988199468564099149809149237792502394782872367659707645708326849200364829008985690446628655225628506036591091211274089922560
1552518092300708932455789906830544253064240457654474631625503351024913201337446226079742769388732571127058525201398326436194714101150988019032351961389195980792206263906993685249030935631117974530339035198582125552984050009714458624
3105036184595769842380552815555652687460261142032484404408169394138177593232526559709091771925126394796328107261127062087481484183515508524562872429687439110406240134689348936276584863546005281248676694097265868804492346319133736960
6210060525875687819049855406903409451316070426114131520435474836896735901928651243521579858300210079569809751772692509393442960425269123499217289079803270033146012536744468900746753485654275750950451702497211174173610068660767948800
87777985100699018932094980016779520456069836889480767605004803903623391638540464457280122746011077411993751425324753978750781979522477580196467009117071428016628499217023421730630965195213525748235513398478599337876370083082111993797578339643292113170849335330813036879783075982297998725326138636180127744
134826985114694130484467524832106689209337578831956762230667385079098314604114856488714967534864721366751145206577896381937685648970101488283024945486839684466321300593943839555804243973666843820217508302523380061872683673515732869098988513858354359158586336115486301550288354364817320561524260650122775363584
359538626972463181545861038139652884852528708010164893433258891975305712994145996750811464699841724874842731010897931000393441458205293971046234853904111613343804779646728343027691647116232436982584254759296818415737834043273351893507362234301351226814369365796651940053069649153544102516262530232441150373888
719077253944926363091722076279305769705057416020330267347594827451426144142384493965014457252965790028388273268575745766448202845714472108972056832957787126548989380860079998712572623109761917189596553766242330909605534894906264486337757228291297942005327959842043718998160370035708197081835945941328224845824
287331632008675613520345844647935687081414533933110512134339071188196745795513335307638657529820500030503638059893998544639282004826074078543526937501430385498822553680856810441605837007924382387640823649251663812111395581050675179334316291609265083908971530669507424781643811407050868800014638372550585796767486279157989351235817419037012278476998673070763482207177579797214780269850906321355704457864297379025560392407254253435440813631626425868706906112
940548665568669306251536958381014295015885376199692270773634051571468443177252576492255360423853770864325258737964248491672738005473375204458692172487804734089712687353813343670064744128701098573532877590228667667008286737596697852387981631862326481177071413971930746756905828624662822957794948866823607625220615269013165228239618537011536940291208905424160713389821033135818514340985521905976691408942139437741483410228329038000371498590009406379772049151623867582176028814687068466685902099735918960489164147117893952824903803155286426295341357243145288763878804327513759861599032840758403923281677647872
0
10715086071862672019870723708373567867164049597134887969429342556289689092328893032953381579589338312602609246283412714238525362926688916032991604094856600340922050198587112063568778839323187143820237543594206457218073322356882436956454658807341118763364007714359232059366253413058442519879029375369216
225016807509116112417285197875844925210445041539832647358016193682083470938906753692021013171376104564654794171951666999009032621460467236692823685991988607159363054170329353334944355625786930020224988415478335601579539769494531176085547834954163494030644162001543873246691321674227292917459616882753536
9729298153251306194042617127203199623384957034198478276241843041111037695834634873921670474267119187843169195625338744528581029537433535757956376518129793109557221580317097753720451186105453926588775689583539463154010576700049252756460830197065735837134519004638182709904558099057065808050158672835248128
13582985265193575509847153720290630277475301176695966793104558898916525902171099726111653252346386417687634059875171486934990855171785554727726817192028731914702681172768151028934363876033198780003232825417916826555570603003610443324900765322801514628836373961563717819815659178099324514051673737887522648522145975473923735339139072
3646154850295010964902624396817474390399390616036693719739415376725561063085178919082942505698777176089060633115597677023110409583667009527018497076154392047301826729011247840192495744913649306569979494349478121435366144715292958165239232610420731738086890347478323006048396719686780691510330825043607290550999833104265740262684222585569280
620361101309323186180458062143306311203234091808422651940994483172973212453462540277947848500764537416293185308049243121091077089522237714087216426627812178598932718744797175293795424927554129248204812001597295596246882084347634304130710520242400817201806901439842621734294451519310289297352148130231477204202016235965703658712648032709044435339313088432114418262153009154752512
1240722202616389513973922768685786106091078788555724681396110088894901580356174059693107801547999717844793849118253907517164294570375212313898259715085141105940658891307423763778538377665051892100124228941562467259128201610076266056373405707086736336167605239314782881108716366473706926696989024480092947548903006603393526774842227227605392632574744471346260936099413707173396480
2481439672835455316435450222961490952467054688477443973252759241836914049418059193066289201770080478782010589768308256548437208615056252516149995383823877308087652590010038324508787501850632011084265376115191445269164718609708653219057772287156297315205415965661016801043979428655461218374679406517792258741473669803979329510535342890018189384338466515427440201885258439091814400
35074662110434034853557842365135370752418744845644232722536724705537763948482350096800897815346751615649214933728622564185847196492435060706089044924648133026630781093917108095545664072447733261889308217617387286462129653489067160073127037621299577013488448084508231783465815261392679840044175715075506479855049458960417568692240224459402814116944692003822183536118940032489278563958573604110859792014017609258239480765944544557609136035015279952003072
53874681001634843991219960220676811838216618976411872431379454389487697453585414607630678378827390586054634875212617995067952662788488677051131226188233783645486119633174249397007355413950452332486425618874867205381482252662669001815967811090854730467120253594575199233845159152018106715728564966104973555959854476034899985603379172050429045260764066870120309159237337727562784303384359771520036909014223788365313020881488428759631128761329980986194132992
143665816004337806760172922323967843540707266966555160070938769845933482343514311921981576218185379382379331497993348644831971734671586556667433058226409769129546130073493215528938527708576559133205415270644020134698724204081225254029881946465693095984137609224865240709292656860316268992459694963883823498044606777540574301742157684362334319609311262061951308672635789253885343679712825576151996358495453517343899352653487644349083554108658142161712185344
287331632008675613520345844647935687081414533933110512134339071188196745795513335307638657529820500030503638059893998544639282004826074078543526937501430385498822553680856810441605837007924382387640823649251663812111395581050675179334316291609265083908971530669507424781643811407050868800014638372550585796767486279157989351235817419037012278476998673070763482207177579797214780269850906321355704457864297379025560392407254253435440813631626425868706906112
114813069527425426929660656670434000556791117993150086180221643697431093173028910532415727113435976215204539871783667883838967071195340228232917109351973450013767101034272479645738741907650504496198421145870980109769343781666731468018474148841379223523433938268079692841589810552977465445261846437407748635458762124821556936873529967035483590621122322119705006554547460062408802518269990075352861435909928146945580063563725505925881145977291236879775785378910221502159993605883245075109657690762294065063726665915384443183063224455834919138638489409150864878627937633765733984255718952202044576320454656
375828023454801161958069925084019843923978286415518836749560060086790811063826786575473978319828101315166509670501153778395493519601305062611233710167108096659872687219140685926605165995932330503576533938874126310080807833945025154398047371417183906188778761688181994841114264769649793185124682348180893134333861320517448227288705530984286877458322203246948912271425933606164725949285658013879720265044644617847420446340162585011712000860105735035610334678196167563897824599954042423669530327316471628496333180947012248953569457951187522058076800530227428892238847959130402967459985851634689104636645635632818315245484817355205865998912643567216769076790812429039605288671959330499956935814269560500882854907846825228822521982049802574527070231420993536
0
35074662110434038747627587960280857993524015880330828824075798024790963850563322203657080886584969261653150287318235382932361986378200976930485864824618483190079311572443216561952044719477365706568052969551481762567552970942589810378882925959353769117684987193135809357565477252870988890605581060988309091800917730687720491038972968230771526418895306251191697869752495655463738834197691172975281348836466132387998255571752838316161056568930429957046271
736567904319114813700179347165898017864004333486947405305591758520610240861829766276798698618284354494716156033682943041579601713942220515540203161316988146991665543021307547800992939109024679837929112360581117013918612389794386017956541445146429151471384731055851996508875022310290766702717202280754490927819272344442130311818432332846202054796801431275025655264802408764738515518151514632480908325565788780147963367006809604639382187947539029097971691
31847793196274107182845849867935019058119806419340392572260824606510195176311496560920629445019152089581060460884957727702584683631406487052881165260753582736592014907778440638252456605285448061563792096352745440411338097615871547824025696771093222358857968371367314896669453345606857912669867603377384655355233299464450205863387455153540545988356938076082061665735266055161074861451503585061555464743511248208302416059151577191074239364588830400998014068
44462416394276340862910922260389321581298853470913371563358965890746390942505208917810214508921403677924050484037361854923909199530783769557857398908416797467991642660044081596444758567725905941578862500220928052627591160031402858547990440510112144073496748573294083122100295594485512238065152913601534980743295758670057701269862152855527112109603873427804287879276629501582896265202691196110634325565999430887153483257613158570830305101308846059434951620873330091758706311542341632
11935289041890653422458560211344367565999989567726224393815132782921219808519438180124970259072038417888105302535754774032670805811336900569676094726678661851388189281957447472598923409448779291182901295823514011338832830575108282476521982723289897702706625317681157972521881629518687524749107700488703863037130875637878556278141428758998783243913325146240393321801800775493463196094645471464263521615496507631433158100292031999009575957202146963989209941350094442798986370318517904347234305
2030684202530045702032438070068470600111523314891992114474287665026563901579442604747297208342924347358657516628421307413109601517971206668455722861607048951866317121347560401223028395731439655580245638497036905507303055096291514983167804903577061365248747133480848909746535730849828042674125732472216127172563383280944806187156793401092909358110607810689164992655422507992440651826516323860482006072417239646401793958680956430020069720523666773505207631846930990177373853120582291091033196123813538806140647566683428129469366272
4061368405052703825017540452826323628177065892919822203995680056457293914967717151139514347845670761968317643193023213196105279034485542899856942497055973489887306964055240783810529148217259878326321073593635104947630604439996612121186052320432514468047976270758130684476727539892394554268861392044474193564110067997362607705131765085400073399409683739317269432145800594368855385753859106179981112207797478255195155380669937444019554506527587107321605367039934467094788088851405871320736566808054693946822238648612224007804026880
8122721319120455379930921158326117871838290539711891253924140849349950965031209192469013362813226005733220497444267273168824363782607514900842646678617218420603025285381689301022402706647780653422402593097268270904777394649862358017106423565800216445602438232961812733726274533361295534877361561034733716956723820342508274535124544488827440330912196294237990424996646092080259959888790753448676537815274083485701600749922454909872662388097681488248458568576219237116237159724865297204930388201921385039717285631411970780665217025
114813069527425452423283320117768198402231770208869520047727692128105340272556505252150160006414760200146251310083289009338166699942758143608103582817139261613860686884404865091240091700335916571366968398775231636972558602982410372368561085607640039695044427708003371630792169233277670446637805866344012196830083200549854376617192853167566486801110672010487276196765581360935421367998631422802129683085092788505721142860577202194007940588172852101767238437699363756153062785321947495141655278338111834268668260296874876439322420209270108736741859953710415066991479177424624334867465316525824363705925632
176352874794152226923041126648344020296255845787663270025002097998433518218912651792864315498223942025499431461820100039971032945845086214853910514425858431681855101933052310870599356102672426974402827054711569107570218750844042593899023102723914290002809698086928282996956938154665332804357164535720651529889760012561396833002255365927318549914998445177047355818945707770980966071916771923738923854573521041830764111506524804411686150461839884079980325493144566147614078318969489021758698999020279168507320287970878237811504779638217033120905407240942949803405092731964364881039731836747753076040480587777
470274332784334653125768479190507147507942688099845821153656843754997301836979240962837606053917822376117946484914782536168160296609184534239096896145262203039351588043847354547077881392556187451052716096931348618124350989790368724551688012179157579351487604719105146798178247445433672967393357192101321816498019101823012168469706240238546733430563115610529101897377344839733586268940478469960836347004487048570855680122137578043206023975369775048480356517721340390187833972378623137126307547351741242129046523455257536374422351385724837117101473491922399552018441281779378146120832426011456202350251737089
940548665568669306251536958381014295015885376199692270773634051571468443177252576492255360423853770864325258737964248491672738005473375204458692172487804734089712687353813343670064744128701098573532877590228667667008286737596697852387981631862326481177071413971930746756905828624662822957794948866823607625220615269013165228239618537011536940291208905424160713389821033135818514340985521905976691408942139437741483410228329038000371498590009406379772049151623867582176028814687068466685902099735918960489164147117893952824903803155286426295341357243145288763878804327513759861599032840758403923281677647872
375828023454801161958069925084019843923978286415518836749560060086790811063826786575473978319828101315166509670501153778395493519601305062611233710167108096659872687219140685926605165995932330503576533938874126310080807833945025154398047371417183906188778761688181994841114264769649793185124682348180893134333861320517448227288705530984286877458322203246948912271425933606164725949285658013879720265044644617847420446340162585011712000860105735035610334678196167563897824599954042423669530327316471628496333180947012248953569457951187522058076800530227428892238847959130402967459985851634689104636645635632818315245484817355205865998912643567216769076790812429039605288671959330499956935814269560500882854907846825228822521982049802574527070231420993536
1230231922161117176931558813276752514640713895736833715766118029160058800614672948775360067838593459582429640872806815375600524611787633664372109038831131496892713847574204213375769343685580784773753635629758429922695406379579200240048301333922009856375733053746023334939149959900017297080529761791881121040475796858581600002403295404329868081465157652227751491087455277833629681152969524186808613504119583496193428420962898057357571055319374451607243028930569896539578660288198289657864101794216603970753824498208473733314597712660353208543367490975176753797670373382265859509054611517991409426349053031299407068631581080918639237312826090371923206219034977458927000306459751555164292071452400788382130601457910261333218639691866553206384714007138038691594287732934081410852761487999922797074320518605005374647219205312884015226747835223983423030251792941745800299484458323597491553884981698082835005441

15
evm/src/cpu/kernel/tests/bignum/test_data/shr_outputs Normal file
View File

@ -0,0 +1,15 @@
0
0
10
454
633825298933523088827032272896
170141183460469231731687303715884105727
28948022309329048805675932369078530852631180780748809681045552446266006306816
57896044618552785420117126879588554932077822571392166330260246162741804400640
115791868408393044742463613008073883964789486131810247488688942285685300133887
1636695303948070935006594848413799576108321023021532394741124202838125269764252555345402245353723668914435295328046362723087481814795090573542499024896
2513963986864618028991213182224413308777819256816535800816685110210983818153373249015128547242150483479351682036176314425689224093547436995163496743174143
6703903964971298549787012498933692735729379268964506370005391335664810416197917496264067057493203831336410710214053614378008173083437096682896442345390079
13407807929942597099574024997867385471458758537929021698989751382546463062164957266305246601567593132153050553942622049229933835926543769603009459693551616
5357543035931336009935361854186783933582024798567443984714671278144844546164446516476690789794669156301304623141706357119262681463344458016495802047428300170461025099293556031784389419661593571910118771797103228609036661178441218478227329403670559381682003857179616029683126706529221259939514687684608
17537331055217019373813793980140428996762007940165414412037899012395481925281661101828540443292484630826575143659117691466180993189100488465242932412309241595039655786221608280976022359738682853284026484775740881283776485471294905189441462979676884558842493596567904678782738626435494445302790530494154545900458865343860245519486484115385763209447653125595848934876247827731869417098845586487640674418233066193999127785876419158080528284465214978523135

6
evm/src/cpu/kernel/tests/bignum/test_data/u128_inputs Normal file
View File

@ -0,0 +1,6 @@
0
1
21
908
1267650597867046177654064545792
340282366920938463463374607431768211455

46
evm/src/cpu/kernel/tests/bn254.rs
View File

@ -2,13 +2,13 @@ use anyhow::Result;
use ethereum_types::U256;
use rand::Rng;
use crate::bn254_arithmetic::{Fp, Fp12, Fp2, Fp6};
use crate::bn254_pairing::{
gen_fp12_sparse, invariant_exponent, miller_loop, tate, Curve, TwistedCurve,
};
use crate::cpu::kernel::interpreter::{
run_interpreter_with_memory, Interpreter, InterpreterMemoryInitialization,
};
use crate::extension_tower::{FieldExt, Fp12, Fp2, Fp6, Stack, BN254};
use crate::memory::segments::Segment::BnPairing;
fn extract_stack(interpreter: Interpreter<'static>) -> Vec<U256> {
@ -20,7 +20,11 @@ fn extract_stack(interpreter: Interpreter<'static>) -> Vec<U256> {
.collect::<Vec<U256>>()
}
fn setup_mul_fp6_test(f: Fp6, g: Fp6, label: &str) -> InterpreterMemoryInitialization {
fn setup_mul_fp6_test(
f: Fp6<BN254>,
g: Fp6<BN254>,
label: &str,
) -> InterpreterMemoryInitialization {
let mut stack = f.on_stack();
if label == "mul_fp254_6" {
stack.extend(g.on_stack());
@ -37,8 +41,8 @@ fn setup_mul_fp6_test(f: Fp6, g: Fp6, label: &str) -> InterpreterMemoryInitializ
#[test]
fn test_mul_fp6() -> Result<()> {
let mut rng = rand::thread_rng();
let f: Fp6 = rng.gen::<Fp6>();
let g: Fp6 = rng.gen::<Fp6>();
let f: Fp6<BN254> = rng.gen::<Fp6<BN254>>();
let g: Fp6<BN254> = rng.gen::<Fp6<BN254>>();
let setup_normal: InterpreterMemoryInitialization = setup_mul_fp6_test(f, g, "mul_fp254_6");
let setup_square: InterpreterMemoryInitialization = setup_mul_fp6_test(f, f, "square_fp254_6");
@ -60,8 +64,8 @@ fn test_mul_fp6() -> Result<()> {
fn setup_mul_fp12_test(
out: usize,
f: Fp12,
g: Fp12,
f: Fp12<BN254>,
g: Fp12<BN254>,
label: &str,
) -> InterpreterMemoryInitialization {
let in0: usize = 200;
@ -89,9 +93,9 @@ fn test_mul_fp12() -> Result<()> {
let out: usize = 224;
let mut rng = rand::thread_rng();
let f: Fp12 = rng.gen::<Fp12>();
let g: Fp12 = rng.gen::<Fp12>();
let h: Fp12 = gen_fp12_sparse(&mut rng);
let f: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
let g: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
let h: Fp12<BN254> = gen_fp12_sparse(&mut rng);
let setup_normal: InterpreterMemoryInitialization =
setup_mul_fp12_test(out, f, g, "mul_fp254_12");
@ -119,7 +123,7 @@ fn test_mul_fp12() -> Result<()> {
Ok(())
}
fn setup_frob_fp6_test(f: Fp6, n: usize) -> InterpreterMemoryInitialization {
fn setup_frob_fp6_test(f: Fp6<BN254>, n: usize) -> InterpreterMemoryInitialization {
InterpreterMemoryInitialization {
label: String::from("test_frob_fp254_6_") + &(n.to_string()),
stack: f.on_stack(),
@ -131,7 +135,7 @@ fn setup_frob_fp6_test(f: Fp6, n: usize) -> InterpreterMemoryInitialization {
#[test]
fn test_frob_fp6() -> Result<()> {
let mut rng = rand::thread_rng();
let f: Fp6 = rng.gen::<Fp6>();
let f: Fp6<BN254> = rng.gen::<Fp6<BN254>>();
for n in 1..4 {
let setup_frob = setup_frob_fp6_test(f, n);
let intrptr_frob: Interpreter = run_interpreter_with_memory(setup_frob).unwrap();
@ -142,7 +146,7 @@ fn test_frob_fp6() -> Result<()> {
Ok(())
}
fn setup_frob_fp12_test(ptr: usize, f: Fp12, n: usize) -> InterpreterMemoryInitialization {
fn setup_frob_fp12_test(ptr: usize, f: Fp12<BN254>, n: usize) -> InterpreterMemoryInitialization {
InterpreterMemoryInitialization {
label: String::from("test_frob_fp254_12_") + &(n.to_string()),
stack: vec![U256::from(ptr)],
@ -155,7 +159,7 @@ fn setup_frob_fp12_test(ptr: usize, f: Fp12, n: usize) -> InterpreterMemoryIniti
fn test_frob_fp12() -> Result<()> {
let ptr: usize = 200;
let mut rng = rand::thread_rng();
let f: Fp12 = rng.gen::<Fp12>();
let f: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
for n in [1, 2, 3, 6] {
let setup_frob = setup_frob_fp12_test(ptr, f, n);
let intrptr_frob: Interpreter = run_interpreter_with_memory(setup_frob).unwrap();
@ -171,7 +175,7 @@ fn test_inv_fp12() -> Result<()> {
let ptr: usize = 200;
let inv: usize = 212;
let mut rng = rand::thread_rng();
let f: Fp12 = rng.gen::<Fp12>();
let f: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
let setup = InterpreterMemoryInitialization {
label: "inv_fp254_12".to_string(),
@ -192,7 +196,7 @@ fn test_inv_fp12() -> Result<()> {
fn test_invariant_exponent() -> Result<()> {
let ptr: usize = 200;
let mut rng = rand::thread_rng();
let f: Fp12 = rng.gen::<Fp12>();
let f: Fp12<BN254> = rng.gen::<Fp12<BN254>>();
let setup = InterpreterMemoryInitialization {
label: "bn254_invariant_exponent".to_string(),
@ -213,8 +217,8 @@ fn test_invariant_exponent() -> Result<()> {
// The curve is cyclic with generator (1, 2)
pub const CURVE_GENERATOR: Curve = {
Curve {
x: Fp { val: U256::one() },
y: Fp {
x: BN254 { val: U256::one() },
y: BN254 {
val: U256([2, 0, 0, 0]),
},
}
@ -224,7 +228,7 @@ pub const CURVE_GENERATOR: Curve = {
pub const TWISTED_GENERATOR: TwistedCurve = {
TwistedCurve {
x: Fp2 {
re: Fp {
re: BN254 {
val: U256([
0x46debd5cd992f6ed,
0x674322d4f75edadd,
@ -232,7 +236,7 @@ pub const TWISTED_GENERATOR: TwistedCurve = {
0x1800deef121f1e76,
]),
},
im: Fp {
im: BN254 {
val: U256([
0x97e485b7aef312c2,
0xf1aa493335a9e712,
@ -242,7 +246,7 @@ pub const TWISTED_GENERATOR: TwistedCurve = {
},
},
y: Fp2 {
re: Fp {
re: BN254 {
val: U256([
0x4ce6cc0166fa7daa,
0xe3d1e7690c43d37b,
@ -250,7 +254,7 @@ pub const TWISTED_GENERATOR: TwistedCurve = {
0x12c85ea5db8c6deb,
]),
},
im: Fp {
im: BN254 {
val: U256([
0x55acdadcd122975b,
0xbc4b313370b38ef3,

10
evm/src/cpu/kernel/tests/core/create_addresses.rs
View File

@ -1,4 +1,6 @@
use anyhow::Result;
use ethereum_types::U256;
use hex_literal::hex;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::cpu::kernel::interpreter::Interpreter;
@ -7,11 +9,11 @@ use crate::cpu::kernel::interpreter::Interpreter;
fn test_get_create_address() -> Result<()> {
let get_create_address = KERNEL.global_labels["get_create_address"];
// TODO: Replace with real data once we have a real implementation.
// This is copied from OpenEthereum's `test_contract_address`.
let retaddr = 0xdeadbeefu32.into();
let nonce = 5.into();
let sender = 0.into();
let expected_addr = 123.into();
let nonce = 88.into();
let sender = U256::from_big_endian(&hex!("0f572e5295c57f15886f9b263e2f6d2d6c7b5ec6"));
let expected_addr = U256::from_big_endian(&hex!("3f09c73a5ed19289fb9bdc72f1742566df146f56"));
let initial_stack = vec![retaddr, nonce, sender];
let mut interpreter = Interpreter::new_with_kernel(get_create_address, initial_stack);

1
evm/src/cpu/kernel/tests/mod.rs
View File

@ -1,5 +1,6 @@
mod account_code;
mod balance;
mod bignum;
mod bn254;
mod core;
mod ecc;

12
evm/src/cpu/kernel/tests/packing.rs
View File

@ -7,7 +7,7 @@ use crate::memory::segments::Segment;
#[test]
fn test_mload_packing_1_byte() -> Result<()> {
let mstore_unpacking = KERNEL.global_labels["mload_packing"];
let mload_packing = KERNEL.global_labels["mload_packing"];
let retdest = 0xDEADBEEFu32.into();
let len = 1.into();
@ -16,7 +16,7 @@ fn test_mload_packing_1_byte() -> Result<()> {
let context = 0.into();
let initial_stack = vec![retdest, len, offset, segment, context];
let mut interpreter = Interpreter::new_with_kernel(mstore_unpacking, initial_stack);
let mut interpreter = Interpreter::new_with_kernel(mload_packing, initial_stack);
interpreter.set_rlp_memory(vec![0, 0, 0xAB]);
interpreter.run()?;
@ -27,7 +27,7 @@ fn test_mload_packing_1_byte() -> Result<()> {
#[test]
fn test_mload_packing_3_bytes() -> Result<()> {
let mstore_unpacking = KERNEL.global_labels["mload_packing"];
let mload_packing = KERNEL.global_labels["mload_packing"];
let retdest = 0xDEADBEEFu32.into();
let len = 3.into();
@ -36,7 +36,7 @@ fn test_mload_packing_3_bytes() -> Result<()> {
let context = 0.into();
let initial_stack = vec![retdest, len, offset, segment, context];
let mut interpreter = Interpreter::new_with_kernel(mstore_unpacking, initial_stack);
let mut interpreter = Interpreter::new_with_kernel(mload_packing, initial_stack);
interpreter.set_rlp_memory(vec![0, 0, 0xAB, 0xCD, 0xEF]);
interpreter.run()?;
@ -47,7 +47,7 @@ fn test_mload_packing_3_bytes() -> Result<()> {
#[test]
fn test_mload_packing_32_bytes() -> Result<()> {
let mstore_unpacking = KERNEL.global_labels["mload_packing"];
let mload_packing = KERNEL.global_labels["mload_packing"];
let retdest = 0xDEADBEEFu32.into();
let len = 32.into();
@ -56,7 +56,7 @@ fn test_mload_packing_32_bytes() -> Result<()> {
let context = 0.into();
let initial_stack = vec![retdest, len, offset, segment, context];
let mut interpreter = Interpreter::new_with_kernel(mstore_unpacking, initial_stack);
let mut interpreter = Interpreter::new_with_kernel(mload_packing, initial_stack);
interpreter.set_rlp_memory(vec![0xFF; 32]);
interpreter.run()?;

6
evm/src/cpu/kernel/tests/rlp/encode.rs
View File

@ -86,8 +86,9 @@ fn test_prepend_rlp_list_prefix_small() -> Result<()> {
let prepend_rlp_list_prefix = KERNEL.global_labels["prepend_rlp_list_prefix"];
let retdest = 0xDEADBEEFu32.into();
let start_pos = 9.into();
let end_pos = (9 + 5).into();
let initial_stack = vec![retdest, end_pos];
let initial_stack = vec![retdest, start_pos, end_pos];
let mut interpreter = Interpreter::new_with_kernel(prepend_rlp_list_prefix, initial_stack);
interpreter.set_rlp_memory(vec![
// Nine 0s to leave room for the longest possible RLP list prefix.
@ -114,8 +115,9 @@ fn test_prepend_rlp_list_prefix_large() -> Result<()> {
let prepend_rlp_list_prefix = KERNEL.global_labels["prepend_rlp_list_prefix"];
let retdest = 0xDEADBEEFu32.into();
let start_pos = 9.into();
let end_pos = (9 + 60).into();
let initial_stack = vec![retdest, end_pos];
let initial_stack = vec![retdest, start_pos, end_pos];
let mut interpreter = Interpreter::new_with_kernel(prepend_rlp_list_prefix, initial_stack);
#[rustfmt::skip]

1193
evm/src/extension_tower.rs Normal file
View File

File diff suppressed because it is too large Load Diff

47
evm/src/generation/mod.rs
View File

@ -18,25 +18,24 @@ use crate::config::StarkConfig;
use crate::cpu::bootstrap_kernel::generate_bootstrap_kernel;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::cpu::kernel::constants::global_metadata::GlobalMetadata;
use crate::cpu::kernel::constants::global_metadata::GlobalMetadata::StateTrieRoot;
use crate::generation::mpt::AccountRlp;
use crate::generation::outputs::{get_outputs, GenerationOutputs};
use crate::generation::state::GenerationState;
use crate::generation::trie_extractor::read_state_trie_value;
use crate::memory::segments::Segment;
use crate::proof::{BlockMetadata, PublicValues, TrieRoots};
use crate::witness::memory::{MemoryAddress, MemoryChannel};
use crate::witness::transition::transition;
pub mod mpt;
pub mod outputs;
pub(crate) mod prover_input;
pub(crate) mod rlp;
pub(crate) mod state;
mod trie_extractor;
use crate::generation::trie_extractor::read_trie;
use crate::witness::util::mem_write_log;
#[derive(Clone, Debug, Deserialize, Serialize, Default)]
/// Inputs needed for trace generation.
#[derive(Clone, Debug, Deserialize, Serialize, Default)]
pub struct GenerationInputs {
pub signed_txns: Vec<Vec<u8>>,
@ -47,6 +46,13 @@ pub struct GenerationInputs {
pub contract_code: HashMap<H256, Vec<u8>>,
pub block_metadata: BlockMetadata,
/// A list of known addresses in the input state trie (which itself doesn't hold addresses,
/// only state keys). This is only useful for debugging, so that we can return addresses in the
/// post-state rather than state keys. (See `GenerationOutputs`, and in particular
/// `AddressOrStateKey`.) If the caller is not interested in the post-state, this can be left
/// empty.
pub addresses: Vec<Address>,
}
#[derive(Clone, Debug, Deserialize, Serialize, Default)]
@ -104,7 +110,11 @@ pub(crate) fn generate_traces<F: RichField + Extendable<D>, const D: usize>(
inputs: GenerationInputs,
config: &StarkConfig,
timing: &mut TimingTree,
) -> anyhow::Result<([Vec<PolynomialValues<F>>; NUM_TABLES], PublicValues)> {
) -> anyhow::Result<(
[Vec<PolynomialValues<F>>; NUM_TABLES],
PublicValues,
GenerationOutputs,
)> {
let mut state = GenerationState::<F>::new(inputs.clone(), &KERNEL.code);
apply_metadata_memops(&mut state, &inputs.block_metadata);
@ -113,28 +123,19 @@ pub(crate) fn generate_traces<F: RichField + Extendable<D>, const D: usize>(
timed!(timing, "simulate CPU", simulate_cpu(&mut state)?);
assert!(
state.mpt_prover_inputs.is_empty(),
"All MPT data should have been consumed"
);
log::info!(
"Trace lengths (before padding): {:?}",
state.traces.checkpoint()
);
let read_metadata = |field| {
state.memory.get(MemoryAddress::new(
0,
Segment::GlobalMetadata,
field as usize,
))
};
log::debug!(
"Updated state trie:\n{:#?}",
read_trie::<F, AccountRlp, D>(
&state.memory,
read_metadata(StateTrieRoot).as_usize(),
read_state_trie_value
)
);
let outputs = get_outputs(&mut state);
let read_metadata = |field| state.memory.read_global_metadata(field);
let trie_roots_before = TrieRoots {
state_root: H256::from_uint(&read_metadata(StateTrieRootDigestBefore)),
transactions_root: H256::from_uint(&read_metadata(TransactionTrieRootDigestBefore)),
@ -157,7 +158,7 @@ pub(crate) fn generate_traces<F: RichField + Extendable<D>, const D: usize>(
"convert trace data to tables",
state.traces.into_tables(all_stark, config, timing)
);
Ok((tables, public_values))
Ok((tables, public_values, outputs))
}
fn simulate_cpu<F: RichField + Extendable<D>, const D: usize>(

104
evm/src/generation/outputs.rs Normal file
View File

@ -0,0 +1,104 @@
use std::collections::HashMap;
use ethereum_types::{Address, BigEndianHash, H256, U256};
use plonky2::field::types::Field;
use crate::cpu::kernel::constants::global_metadata::GlobalMetadata::StateTrieRoot;
use crate::generation::state::GenerationState;
use crate::generation::trie_extractor::{
read_state_trie_value, read_storage_trie_value, read_trie, AccountTrieRecord,
};
/// The post-state after trace generation; intended for debugging.
#[derive(Clone, Debug)]
pub struct GenerationOutputs {
pub accounts: HashMap<AddressOrStateKey, AccountOutput>,
}
#[derive(Clone, Eq, PartialEq, Hash, Debug)]
pub enum AddressOrStateKey {
Address(Address),
StateKey(H256),
}
#[derive(Clone, Debug)]
pub struct AccountOutput {
pub balance: U256,
pub nonce: u64,
pub code: Vec<u8>,
pub storage: HashMap<U256, U256>,
}
pub(crate) fn get_outputs<F: Field>(state: &mut GenerationState<F>) -> GenerationOutputs {
// First observe all addresses passed in the by caller.
for address in state.inputs.addresses.clone() {
state.observe_address(address);
}
let account_map = read_trie::<AccountTrieRecord>(
&state.memory,
state.memory.read_global_metadata(StateTrieRoot).as_usize(),
read_state_trie_value,
);
let accounts = account_map
.into_iter()
.map(|(state_key_nibbles, account)| {
assert_eq!(
state_key_nibbles.count, 64,
"Each state key should have 64 nibbles = 256 bits"
);
let state_key_h256 = H256::from_uint(&state_key_nibbles.packed);
let addr_or_state_key =
if let Some(address) = state.state_key_to_address.get(&state_key_h256) {
AddressOrStateKey::Address(*address)
} else {
AddressOrStateKey::StateKey(state_key_h256)
};
let account_output = account_trie_record_to_output(state, account);
(addr_or_state_key, account_output)
})
.collect();
GenerationOutputs { accounts }
}
fn account_trie_record_to_output<F: Field>(
state: &GenerationState<F>,
account: AccountTrieRecord,
) -> AccountOutput {
let storage = get_storage(state, account.storage_ptr);
// TODO: This won't work if the account was created during the txn.
// Need to track changes to code, similar to how we track addresses
// with observe_new_address.
let code = state
.inputs
.contract_code
.get(&account.code_hash)
.unwrap_or_else(|| panic!("Code not found: {:?}", account.code_hash))
.clone();
AccountOutput {
balance: account.balance,
nonce: account.nonce,
storage,
code,
}
}
/// Get an account's storage trie, given a pointer to its root.
fn get_storage<F: Field>(state: &GenerationState<F>, storage_ptr: usize) -> HashMap<U256, U256> {
read_trie::<U256>(&state.memory, storage_ptr, read_storage_trie_value)
.into_iter()
.map(|(storage_key_nibbles, value)| {
assert_eq!(
storage_key_nibbles.count, 64,
"Each storage key should have 64 nibbles = 256 bits"
);
(storage_key_nibbles.packed, value)
})
.collect()
}

4
evm/src/generation/prover_input.rs
View File

@ -5,7 +5,7 @@ use anyhow::{bail, Error};
use ethereum_types::{BigEndianHash, H256, U256};
use plonky2::field::types::Field;
use crate::bn254_arithmetic::Fp12;
use crate::extension_tower::{FieldExt, Fp12, BN254};
use crate::generation::prover_input::EvmField::{
Bn254Base, Bn254Scalar, Secp256k1Base, Secp256k1Scalar,
};
@ -207,7 +207,7 @@ impl EvmField {
}
fn field_extension_inverse(&self, n: usize, f: [U256; 12]) -> U256 {
let f: Fp12 = unsafe { transmute(f) };
let f: Fp12<BN254> = unsafe { transmute(f) };
let f_inv: [U256; 12] = unsafe { transmute(f.inv()) };
f_inv[n]
}

39
evm/src/generation/state.rs
View File

@ -1,12 +1,17 @@
use ethereum_types::U256;
use std::collections::HashMap;
use ethereum_types::{Address, BigEndianHash, H160, H256, U256};
use keccak_hash::keccak;
use plonky2::field::types::Field;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::generation::mpt::all_mpt_prover_inputs_reversed;
use crate::generation::rlp::all_rlp_prover_inputs_reversed;
use crate::generation::GenerationInputs;
use crate::witness::memory::MemoryState;
use crate::witness::state::RegistersState;
use crate::witness::traces::{TraceCheckpoint, Traces};
use crate::witness::util::stack_peek;
pub(crate) struct GenerationStateCheckpoint {
pub(crate) registers: RegistersState,
@ -29,6 +34,11 @@ pub(crate) struct GenerationState<F: Field> {
/// Prover inputs containing RLP data, in reverse order so that the next input can be obtained
/// via `pop()`.
pub(crate) rlp_prover_inputs: Vec<U256>,
/// The state trie only stores state keys, which are hashes of addresses, but sometimes it is
/// useful to see the actual addresses for debugging. Here we store the mapping for all known
/// addresses.
pub(crate) state_key_to_address: HashMap<H256, Address>,
}
impl<F: Field> GenerationState<F> {
@ -53,9 +63,29 @@ impl<F: Field> GenerationState<F> {
next_txn_index: 0,
mpt_prover_inputs,
rlp_prover_inputs,
state_key_to_address: HashMap::new(),
}
}
/// Updates `program_counter`, and potentially adds some extra handling if we're jumping to a
/// special location.
pub fn jump_to(&mut self, dst: usize) {
self.registers.program_counter = dst;
if dst == KERNEL.global_labels["observe_new_address"] {
let tip_u256 = stack_peek(self, 0).expect("Empty stack");
let tip_h256 = H256::from_uint(&tip_u256);
let tip_h160 = H160::from(tip_h256);
self.observe_address(tip_h160);
}
}
/// Observe the given address, so that we will be able to recognize the associated state key.
/// This is just for debugging purposes.
pub fn observe_address(&mut self, address: Address) {
let state_key = keccak(address.0);
self.state_key_to_address.insert(state_key, address);
}
pub fn checkpoint(&self) -> GenerationStateCheckpoint {
GenerationStateCheckpoint {
registers: self.registers,
@ -67,4 +97,11 @@ impl<F: Field> GenerationState<F> {
self.registers = checkpoint.registers;
self.traces.rollback(checkpoint.traces);
}
pub(crate) fn stack(&self) -> Vec<U256> {
const MAX_TO_SHOW: usize = 10;
(0..self.registers.stack_len.min(MAX_TO_SHOW))
.map(|i| stack_peek(self, i).unwrap())
.collect()
}
}

51
evm/src/generation/trie_extractor.rs
View File

@ -1,50 +1,57 @@
//! Code for extracting trie data after witness generation. This is intended only for debugging.
use std::collections::HashMap;
use eth_trie_utils::partial_trie::Nibbles;
use ethereum_types::{BigEndianHash, H256, U256};
use plonky2::field::extension::Extendable;
use plonky2::hash::hash_types::RichField;
use crate::cpu::kernel::constants::trie_type::PartialTrieType;
use crate::generation::mpt::AccountRlp;
use crate::memory::segments::Segment;
use crate::witness::memory::{MemoryAddress, MemoryState};
pub(crate) fn read_state_trie_value(slice: &[U256]) -> AccountRlp {
AccountRlp {
nonce: slice[0],
/// Account data as it's stored in the state trie, with a pointer to the storage trie.
#[derive(Debug)]
pub(crate) struct AccountTrieRecord {
pub(crate) nonce: u64,
pub(crate) balance: U256,
pub(crate) storage_ptr: usize,
pub(crate) code_hash: H256,
}
pub(crate) fn read_state_trie_value(slice: &[U256]) -> AccountTrieRecord {
AccountTrieRecord {
nonce: slice[0].as_u64(),
balance: slice[1],
storage_root: H256::from_uint(&slice[2]),
storage_ptr: slice[2].as_usize(),
code_hash: H256::from_uint(&slice[3]),
}
}
pub(crate) fn read_trie<F, V, const D: usize>(
pub(crate) fn read_storage_trie_value(slice: &[U256]) -> U256 {
slice[0]
}
pub(crate) fn read_trie<V>(
memory: &MemoryState,
ptr: usize,
read_value: fn(&[U256]) -> V,
) -> HashMap<Nibbles, V>
where
F: RichField + Extendable<D>,
{
) -> HashMap<Nibbles, V> {
let mut res = HashMap::new();
let empty_nibbles = Nibbles {
count: 0,
packed: U256::zero(),
};
read_trie_helper::<F, V, D>(memory, ptr, read_value, empty_nibbles, &mut res);
read_trie_helper::<V>(memory, ptr, read_value, empty_nibbles, &mut res);
res
}
pub(crate) fn read_trie_helper<F, V, const D: usize>(
pub(crate) fn read_trie_helper<V>(
memory: &MemoryState,
ptr: usize,
read_value: fn(&[U256]) -> V,
prefix: Nibbles,
res: &mut HashMap<Nibbles, V>,
) where
F: RichField + Extendable<D>,
{
) {
let load = |offset| memory.get(MemoryAddress::new(0, Segment::TrieData, offset));
let load_slice_from = |init_offset| {
&memory.contexts[0].segments[Segment::TrieData as usize].content[init_offset..]
@ -58,13 +65,7 @@ pub(crate) fn read_trie_helper<F, V, const D: usize>(
let ptr_payload = ptr + 1;
for i in 0u8..16 {
let child_ptr = load(ptr_payload + i as usize).as_usize();
read_trie_helper::<F, V, D>(
memory,
child_ptr,
read_value,
prefix.merge_nibble(i),
res,
);
read_trie_helper::<V>(memory, child_ptr, read_value, prefix.merge_nibble(i), res);
}
let value_ptr = load(ptr_payload + 16).as_usize();
if value_ptr != 0 {
@ -76,7 +77,7 @@ pub(crate) fn read_trie_helper<F, V, const D: usize>(
let packed = load(ptr + 2);
let nibbles = Nibbles { count, packed };
let child_ptr = load(ptr + 3).as_usize();
read_trie_helper::<F, V, D>(
read_trie_helper::<V>(
memory,
child_ptr,
read_value,

3
evm/src/lib.rs
View File

@ -8,13 +8,12 @@
pub mod all_stark;
pub mod arithmetic;
pub mod bls381_arithmetic;
pub mod bn254_arithmetic;
pub mod bn254_pairing;
pub mod config;
pub mod constraint_consumer;
pub mod cpu;
pub mod cross_table_lookup;
pub mod extension_tower;
pub mod fixed_recursive_verifier;
pub mod generation;
mod get_challenges;

28
evm/src/prover.rs
View File

@ -25,6 +25,7 @@ use crate::constraint_consumer::ConstraintConsumer;
use crate::cpu::cpu_stark::CpuStark;
use crate::cpu::kernel::aggregator::KERNEL;
use crate::cross_table_lookup::{cross_table_lookup_data, CtlCheckVars, CtlData};
use crate::generation::outputs::GenerationOutputs;
use crate::generation::{generate_traces, GenerationInputs};
use crate::keccak::keccak_stark::KeccakStark;
use crate::keccak_sponge::keccak_sponge_stark::KeccakSpongeStark;
@ -46,6 +47,28 @@ pub fn prove<F, C, const D: usize>(
inputs: GenerationInputs,
timing: &mut TimingTree,
) -> Result<AllProof<F, C, D>>
where
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
[(); C::Hasher::HASH_SIZE]:,
[(); CpuStark::<F, D>::COLUMNS]:,
[(); KeccakStark::<F, D>::COLUMNS]:,
[(); KeccakSpongeStark::<F, D>::COLUMNS]:,
[(); LogicStark::<F, D>::COLUMNS]:,
[(); MemoryStark::<F, D>::COLUMNS]:,
{
let (proof, _outputs) = prove_with_outputs(all_stark, config, inputs, timing)?;
Ok(proof)
}
/// Generate traces, then create all STARK proofs. Returns information about the post-state,
/// intended for debugging, in addition to the proof.
pub fn prove_with_outputs<F, C, const D: usize>(
all_stark: &AllStark<F, D>,
config: &StarkConfig,
inputs: GenerationInputs,
timing: &mut TimingTree,
) -> Result<(AllProof<F, C, D>, GenerationOutputs)>
where
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
@ -57,12 +80,13 @@ where
[(); MemoryStark::<F, D>::COLUMNS]:,
{
timed!(timing, "build kernel", Lazy::force(&KERNEL));
let (traces, public_values) = timed!(
let (traces, public_values, outputs) = timed!(
timing,
"generate all traces",
generate_traces(all_stark, inputs, config, timing)?
);
prove_with_traces(all_stark, config, traces, public_values, timing)
let proof = prove_with_traces(all_stark, config, traces, public_values, timing)?;
Ok((proof, outputs))
}
/// Compute all STARK proofs.

42
evm/src/util.rs
View File

@ -144,3 +144,45 @@ pub(crate) fn biguint_to_u256(x: BigUint) -> U256 {
let bytes = x.to_bytes_le();
U256::from_little_endian(&bytes)
}
#[cfg(test)]
pub(crate) fn le_limbs_to_biguint(x: &[u128]) -> BigUint {
BigUint::from_slice(
&x.iter()
.flat_map(|&a| {
[
(a % (1 << 32)) as u32,
((a >> 32) % (1 << 32)) as u32,
((a >> 64) % (1 << 32)) as u32,
((a >> 96) % (1 << 32)) as u32,
]
})
.collect::<Vec<u32>>(),
)
}
#[cfg(test)]
pub(crate) fn mem_vec_to_biguint(x: &[U256]) -> BigUint {
le_limbs_to_biguint(&x.iter().map(|&n| n.try_into().unwrap()).collect_vec())
}
#[cfg(test)]
pub(crate) fn biguint_to_le_limbs(x: BigUint) -> Vec<u128> {
let mut digits = x.to_u32_digits();
// Pad to a multiple of 4.
digits.resize((digits.len() + 3) / 4 * 4, 0);
digits
.chunks(4)
.map(|c| (c[3] as u128) << 96 | (c[2] as u128) << 64 | (c[1] as u128) << 32 | c[0] as u128)
.collect()
}
#[cfg(test)]
pub(crate) fn biguint_to_mem_vec(x: BigUint) -> Vec<U256> {
biguint_to_le_limbs(x)
.into_iter()
.map(|n| n.into())
.collect()
}

11
evm/src/witness/errors.rs
View File

@ -1,3 +1,5 @@
use ethereum_types::U256;
#[allow(dead_code)]
#[derive(Debug)]
pub enum ProgramError {
@ -8,4 +10,13 @@ pub enum ProgramError {
InvalidJumpiDestination,
StackOverflow,
KernelPanic,
MemoryError(MemoryError),
}
#[allow(clippy::enum_variant_names)]
#[derive(Debug)]
pub enum MemoryError {
ContextTooLarge { context: U256 },
SegmentTooLarge { segment: U256 },
VirtTooLarge { virt: U256 },
}

38
evm/src/witness/memory.rs
View File

@ -10,7 +10,11 @@ pub enum MemoryChannel {
use MemoryChannel::{Code, GeneralPurpose};
use crate::cpu::kernel::constants::global_metadata::GlobalMetadata;
use crate::memory::segments::Segment;
use crate::witness::errors::MemoryError::{ContextTooLarge, SegmentTooLarge, VirtTooLarge};
use crate::witness::errors::ProgramError;
use crate::witness::errors::ProgramError::MemoryError;
impl MemoryChannel {
pub fn index(&self) -> usize {
@ -40,19 +44,25 @@ impl MemoryAddress {
}
}
pub(crate) fn new_u256s(context: U256, segment: U256, virt: U256) -> Self {
assert!(context.bits() <= 32, "context too large: {}", context);
assert!(
segment < Segment::COUNT.into(),
"segment too large: {}",
segment
);
assert!(virt.bits() <= 32, "virt too large: {}", virt);
Self {
pub(crate) fn new_u256s(
context: U256,
segment: U256,
virt: U256,
) -> Result<Self, ProgramError> {
if context.bits() > 32 {
return Err(MemoryError(ContextTooLarge { context }));
}
if segment >= Segment::COUNT.into() {
return Err(MemoryError(SegmentTooLarge { segment }));
}
if virt.bits() > 32 {
return Err(MemoryError(VirtTooLarge { virt }));
}
Ok(Self {
context: context.as_usize(),
segment: segment.as_usize(),
virt: virt.as_usize(),
}
})
}
pub(crate) fn increment(&mut self) {
@ -173,6 +183,14 @@ impl MemoryState {
);
self.contexts[address.context].segments[address.segment].set(address.virt, val);
}
pub(crate) fn read_global_metadata(&self, field: GlobalMetadata) -> U256 {
self.get(MemoryAddress::new(
0,
Segment::GlobalMetadata,
field as usize,
))
}
}
impl Default for MemoryState {

10
evm/src/witness/operation.rs
View File

@ -111,7 +111,7 @@ pub(crate) fn generate_keccak_general<F: Field>(
stack_pop_with_log_and_fill::<4, _>(state, &mut row)?;
let len = len.as_usize();
let base_address = MemoryAddress::new_u256s(context, segment, base_virt);
let base_address = MemoryAddress::new_u256s(context, segment, base_virt)?;
let input = (0..len)
.map(|i| {
let address = MemoryAddress {
@ -200,7 +200,7 @@ pub(crate) fn generate_jump<F: Field>(
state.traces.push_memory(log_in0);
state.traces.push_cpu(row);
state.registers.program_counter = dst as usize;
state.jump_to(dst as usize);
Ok(())
}
@ -224,7 +224,7 @@ pub(crate) fn generate_jumpi<F: Field>(
let dst: u32 = dst
.try_into()
.map_err(|_| ProgramError::InvalidJumpiDestination)?;
state.registers.program_counter = dst as usize;
state.jump_to(dst as usize);
} else {
row.general.jumps_mut().should_jump = F::ZERO;
row.general.jumps_mut().cond_sum_pinv = F::ZERO;
@ -589,7 +589,7 @@ pub(crate) fn generate_exit_kernel<F: Field>(
state.registers.gas_used = gas_used_val;
log::debug!(
"Exiting to {}, is_kernel={}",
KERNEL.offset_name(program_counter),
program_counter,
is_kernel_mode
);
@ -608,7 +608,7 @@ pub(crate) fn generate_mload_general<F: Field>(
let (val, log_read) = mem_read_gp_with_log_and_fill(
3,
MemoryAddress::new_u256s(context, segment, virt),
MemoryAddress::new_u256s(context, segment, virt)?,
state,
&mut row,
);

17
evm/src/witness/transition.rs
View File

@ -1,5 +1,4 @@
use anyhow::bail;
use itertools::Itertools;
use log::log_enabled;
use plonky2::field::types::Field;
@ -12,7 +11,7 @@ use crate::witness::gas::gas_to_charge;
use crate::witness::memory::MemoryAddress;
use crate::witness::operation::*;
use crate::witness::state::RegistersState;
use crate::witness::util::{mem_read_code_with_log_and_fill, stack_peek};
use crate::witness::util::mem_read_code_with_log_and_fill;
use crate::{arithmetic, logic};
fn read_code_memory<F: Field>(state: &mut GenerationState<F>, row: &mut CpuColumnsView<F>) -> u8 {
@ -109,6 +108,7 @@ fn decode(registers: RegistersState, opcode: u8) -> Result<Operation, ProgramErr
(0x57, _) => Ok(Operation::Jumpi),
(0x58, _) => Ok(Operation::Pc),
(0x59, _) => Ok(Operation::Syscall(opcode)),
(0x5a, _) => Ok(Operation::Syscall(opcode)),
(0x5b, _) => Ok(Operation::Jumpdest),
(0x60..=0x7f, _) => Ok(Operation::Push(opcode & 0x1f)),
(0x80..=0x8f, _) => Ok(Operation::Dup(opcode & 0xf)),
@ -121,7 +121,7 @@ fn decode(registers: RegistersState, opcode: u8) -> Result<Operation, ProgramErr
(0xa5, _) => {
log::warn!(
"Kernel panic at {}",
KERNEL.offset_name(registers.program_counter)
KERNEL.offset_name(registers.program_counter),
);
Err(ProgramError::KernelPanic)
}
@ -284,9 +284,7 @@ fn log_kernel_instruction<F: Field>(state: &mut GenerationState<F>, op: Operatio
state.registers.context,
KERNEL.offset_name(pc),
op,
(0..state.registers.stack_len)
.map(|i| stack_peek(state, i).unwrap())
.collect_vec()
state.stack()
);
assert!(pc < KERNEL.code.len(), "Kernel PC is out of range: {}", pc);
@ -310,7 +308,12 @@ pub(crate) fn transition<F: Field>(state: &mut GenerationState<F>) -> anyhow::Re
Err(e) => {
if state.registers.is_kernel {
let offset_name = KERNEL.offset_name(state.registers.program_counter);
bail!("exception in kernel mode at {}: {:?}", offset_name, e);
bail!(
"{:?} in kernel at pc={}, stack={:?}",
e,
offset_name,
state.stack()
);
}
state.rollback(checkpoint);
handle_error(state)

139
evm/tests/add11_yml.rs Normal file
View File

@ -0,0 +1,139 @@
use std::collections::HashMap;
use std::time::Duration;
use env_logger::{try_init_from_env, Env, DEFAULT_FILTER_ENV};
use eth_trie_utils::partial_trie::{Nibbles, PartialTrie};
use ethereum_types::Address;
use hex_literal::hex;
use keccak_hash::keccak;
use plonky2::field::goldilocks_field::GoldilocksField;
use plonky2::plonk::config::PoseidonGoldilocksConfig;
use plonky2::util::timing::TimingTree;
use plonky2_evm::all_stark::AllStark;
use plonky2_evm::config::StarkConfig;
use plonky2_evm::generation::mpt::AccountRlp;
use plonky2_evm::generation::{GenerationInputs, TrieInputs};
use plonky2_evm::proof::BlockMetadata;
use plonky2_evm::prover::prove;
use plonky2_evm::verifier::verify_proof;
type F = GoldilocksField;
const D: usize = 2;
type C = PoseidonGoldilocksConfig;
/// Test a simple token transfer to a new address.
#[test]
fn add11_yml() -> anyhow::Result<()> {
init_logger();
let all_stark = AllStark::<F, D>::default();
let config = StarkConfig::standard_fast_config();
let beneficiary = hex!("2adc25665018aa1fe0e6bc666dac8fc2697ff9ba");
let sender = hex!("a94f5374fce5edbc8e2a8697c15331677e6ebf0b");
let to = hex!("095e7baea6a6c7c4c2dfeb977efac326af552d87");
let beneficiary_state_key = keccak(beneficiary);
let sender_state_key = keccak(sender);
let to_state_key = keccak(to);
let beneficiary_nibbles = Nibbles::from_bytes_be(beneficiary_state_key.as_bytes()).unwrap();
let sender_nibbles = Nibbles::from_bytes_be(sender_state_key.as_bytes()).unwrap();
let to_nibbles = Nibbles::from_bytes_be(to_state_key.as_bytes()).unwrap();
let code = [0x60, 0x01, 0x60, 0x01, 0x01, 0x60, 0x00, 0x55, 0x00];
let code_hash = keccak(code);
let beneficiary_account_before = AccountRlp {
nonce: 1.into(),
..AccountRlp::default()
};
let sender_account_before = AccountRlp {
balance: 0x0de0b6b3a7640000u64.into(),
..AccountRlp::default()
};
let to_account_before = AccountRlp {
balance: 0x0de0b6b3a7640000u64.into(),
code_hash,
..AccountRlp::default()
};
let mut state_trie_before = PartialTrie::Empty;
state_trie_before.insert(
beneficiary_nibbles,
rlp::encode(&beneficiary_account_before).to_vec(),
);
state_trie_before.insert(sender_nibbles, rlp::encode(&sender_account_before).to_vec());
state_trie_before.insert(to_nibbles, rlp::encode(&to_account_before).to_vec());
let tries_before = TrieInputs {
state_trie: state_trie_before,
transactions_trie: PartialTrie::Empty,
receipts_trie: PartialTrie::Empty,
storage_tries: vec![(Address::from_slice(&to), PartialTrie::Empty)],
};
let txn = hex!("f863800a83061a8094095e7baea6a6c7c4c2dfeb977efac326af552d87830186a0801ba0ffb600e63115a7362e7811894a91d8ba4330e526f22121c994c4692035dfdfd5a06198379fcac8de3dbfac48b165df4bf88e2088f294b61efb9a65fe2281c76e16");
let block_metadata = BlockMetadata {
block_beneficiary: Address::from(beneficiary),
block_base_fee: 0xa.into(),
..BlockMetadata::default()
};
let mut contract_code = HashMap::new();
contract_code.insert(keccak(vec![]), vec![]);
contract_code.insert(code_hash, code.to_vec());
let inputs = GenerationInputs {
signed_txns: vec![txn.to_vec()],
tries: tries_before,
contract_code,
block_metadata,
addresses: vec![],
};
let mut timing = TimingTree::new("prove", log::Level::Debug);
let proof = prove::<F, C, D>(&all_stark, &config, inputs, &mut timing)?;
timing.filter(Duration::from_millis(100)).print();
let beneficiary_account_after = AccountRlp {
nonce: 1.into(),
..AccountRlp::default()
};
let sender_account_after = AccountRlp {
balance: 0xde0b6b3a75be550u64.into(),
nonce: 1.into(),
..AccountRlp::default()
};
let to_account_after = AccountRlp {
balance: 0xde0b6b3a76586a0u64.into(),
code_hash,
// Storage map: { 0 => 2 }
storage_root: PartialTrie::Leaf {
nibbles: Nibbles::from_h256_be(keccak([0u8; 32])),
value: vec![2],
}
.calc_hash(),
..AccountRlp::default()
};
let mut expected_state_trie_after = PartialTrie::Empty;
expected_state_trie_after.insert(
beneficiary_nibbles,
rlp::encode(&beneficiary_account_after).to_vec(),
);
expected_state_trie_after.insert(sender_nibbles, rlp::encode(&sender_account_after).to_vec());
expected_state_trie_after.insert(to_nibbles, rlp::encode(&to_account_after).to_vec());
assert_eq!(
proof.public_values.trie_roots_after.state_root,
expected_state_trie_after.calc_hash()
);
verify_proof(&all_stark, proof, &config)
}
fn init_logger() {
let _ = try_init_from_env(Env::default().filter_or(DEFAULT_FILTER_ENV, "info"));
}

3
evm/tests/basic_smart_contract.rs
View File

@ -95,12 +95,15 @@ fn test_basic_smart_contract() -> anyhow::Result<()> {
};
let mut contract_code = HashMap::new();
contract_code.insert(keccak(vec![]), vec![]);
contract_code.insert(code_hash, code.to_vec());
let inputs = GenerationInputs {
signed_txns: vec![txn.to_vec()],
tries: tries_before,
contract_code,
block_metadata,
addresses: vec![],
};
let mut timing = TimingTree::new("prove", log::Level::Debug);

7
evm/tests/empty_txn_list.rs
View File

@ -3,6 +3,7 @@ use std::time::Duration;
use env_logger::{try_init_from_env, Env, DEFAULT_FILTER_ENV};
use eth_trie_utils::partial_trie::PartialTrie;
use keccak_hash::keccak;
use plonky2::field::goldilocks_field::GoldilocksField;
use plonky2::plonk::config::PoseidonGoldilocksConfig;
use plonky2::util::timing::TimingTree;
@ -38,6 +39,9 @@ fn test_empty_txn_list() -> anyhow::Result<()> {
let txns_trie_root = transactions_trie.calc_hash();
let receipts_trie_root = receipts_trie.calc_hash();
let mut contract_code = HashMap::new();
contract_code.insert(keccak(vec![]), vec![]);
let inputs = GenerationInputs {
signed_txns: vec![],
tries: TrieInputs {
@ -46,8 +50,9 @@ fn test_empty_txn_list() -> anyhow::Result<()> {
receipts_trie,
storage_tries,
},
contract_code: HashMap::new(),
contract_code,
block_metadata,
addresses: vec![],
};
let mut timing = TimingTree::new("prove", log::Level::Debug);

6
evm/tests/simple_transfer.rs
View File

@ -70,11 +70,15 @@ fn test_simple_transfer() -> anyhow::Result<()> {
..BlockMetadata::default()
};
let mut contract_code = HashMap::new();
contract_code.insert(keccak(vec![]), vec![]);
let inputs = GenerationInputs {
signed_txns: vec![txn.to_vec()],
tries: tries_before,
contract_code: HashMap::new(),
contract_code,
block_metadata,
addresses: vec![],
};
let mut timing = TimingTree::new("prove", log::Level::Debug);

15
field/src/field_testing.rs
View File

@ -10,9 +10,22 @@ macro_rules! test_field_arithmetic {
use num::bigint::BigUint;
use rand::rngs::OsRng;
use rand::Rng;
use rand::{Rng, RngCore};
use $crate::types::{Field, Sample};
#[test]
fn modular_reduction() {
let mut rng = OsRng;
for _ in 0..10 {
let x_lo = rng.next_u64();
let x_hi = rng.next_u32();
let x = (x_lo as u128) + ((x_hi as u128) << 64);
let a = <$field>::from_noncanonical_u128(x);
let b = <$field>::from_noncanonical_u96((x_lo, x_hi));
assert_eq!(a, b);
}
}
#[test]
fn batch_inversion() {
for n in 0..20 {

13
field/src/goldilocks_field.rs
View File

@ -110,6 +110,10 @@ impl Field for GoldilocksField {
Self(n)
}
fn from_noncanonical_u96((n_lo, n_hi): (u64, u32)) -> Self {
reduce96((n_lo, n_hi))
}
fn from_noncanonical_u128(n: u128) -> Self {
reduce128(n)
}
@ -337,6 +341,15 @@ unsafe fn add_no_canonicalize_trashing_input(x: u64, y: u64) -> u64 {
res_wrapped + EPSILON * (carry as u64)
}
/// Reduces to a 64-bit value. The result might not be in canonical form; it could be in between the
/// field order and `2^64`.
#[inline]
fn reduce96((x_lo, x_hi): (u64, u32)) -> GoldilocksField {
let t1 = x_hi as u64 * EPSILON;
let t2 = unsafe { add_no_canonicalize_trashing_input(x_lo, t1) };
GoldilocksField(t2)
}
/// Reduces to a 64-bit value. The result might not be in canonical form; it could be in between the
/// field order and `2^64`.
#[inline]

172
plonky2/src/hash/poseidon_goldilocks.rs
View File

@ -4,6 +4,9 @@
//! `poseidon_constants.sage` script in the `mir-protocol/hash-constants`
//! repository.
use plonky2_field::types::Field;
use unroll::unroll_for_loops;
use crate::field::goldilocks_field::GoldilocksField;
use crate::hash::poseidon::{Poseidon, N_PARTIAL_ROUNDS};
@ -211,6 +214,39 @@ impl Poseidon for GoldilocksField {
0xdcedab70f40718ba, 0xe796d293a47a64cb, 0x80772dc2645b280b, ],
];
#[cfg(target_arch="x86_64")]
#[inline(always)]
#[unroll_for_loops]
fn mds_layer(state: &[Self; 12]) -> [Self; 12] {
let mut result = [GoldilocksField::ZERO; 12];
// Using the linearity of the operations we can split the state into a low||high decomposition
// and operate on each with no overflow and then combine/reduce the result to a field element.
let mut state_l = [0u64; 12];
let mut state_h = [0u64; 12];
for r in 0..12 {
let s = state[r].0;
state_h[r] = s >> 32;
state_l[r] = (s as u32) as u64;
}
let state_h = mds_multiply_freq(state_h);
let state_l = mds_multiply_freq(state_l);
for r in 0..12 {
let s = state_l[r] as u128 + ((state_h[r] as u128) << 32);
result[r] = GoldilocksField::from_noncanonical_u96((s as u64, (s >> 64) as u32));
}
// Add first element with the only non-zero diagonal matrix coefficient.
let s = Self::MDS_MATRIX_DIAG[0] as u128 * (state[0].0 as u128);
result[0] += GoldilocksField::from_noncanonical_u96((s as u64, (s >> 64) as u32));
result
}
// #[cfg(all(target_arch="x86_64", target_feature="avx2", target_feature="bmi2"))]
// #[inline]
// fn poseidon(input: [Self; 12]) -> [Self; 12] {
@ -268,6 +304,142 @@ impl Poseidon for GoldilocksField {
}
}
// MDS layer helper methods
// The following code has been adapted from winterfell/crypto/src/hash/mds/mds_f64_12x12.rs
// located at https://github.com/facebook/winterfell.
const MDS_FREQ_BLOCK_ONE: [i64; 3] = [16, 32, 16];
const MDS_FREQ_BLOCK_TWO: [(i64, i64); 3] = [(2, -1), (-4, 1), (16, 1)];
const MDS_FREQ_BLOCK_THREE: [i64; 3] = [-1, -8, 2];
/// Split 3 x 4 FFT-based MDS vector-multiplication with the Poseidon circulant MDS matrix.
#[inline(always)]
fn mds_multiply_freq(state: [u64; 12]) -> [u64; 12] {
let [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11] = state;
let (u0, u1, u2) = fft4_real([s0, s3, s6, s9]);
let (u4, u5, u6) = fft4_real([s1, s4, s7, s10]);
let (u8, u9, u10) = fft4_real([s2, s5, s8, s11]);
// This where the multiplication in frequency domain is done. More precisely, and with
// the appropriate permuations in between, the sequence of
// 3-point FFTs --> multiplication by twiddle factors --> Hadamard multiplication -->
// 3 point iFFTs --> multiplication by (inverse) twiddle factors
// is "squashed" into one step composed of the functions "block1", "block2" and "block3".
// The expressions in the aforementioned functions are the result of explicit computations
// combined with the Karatsuba trick for the multiplication of complex numbers.
let [v0, v4, v8] = block1([u0, u4, u8], MDS_FREQ_BLOCK_ONE);
let [v1, v5, v9] = block2([u1, u5, u9], MDS_FREQ_BLOCK_TWO);
let [v2, v6, v10] = block3([u2, u6, u10], MDS_FREQ_BLOCK_THREE);
// The 4th block is not computed as it is similar to the 2nd one, up to complex conjugation.
let [s0, s3, s6, s9] = ifft4_real_unreduced((v0, v1, v2));
let [s1, s4, s7, s10] = ifft4_real_unreduced((v4, v5, v6));
let [s2, s5, s8, s11] = ifft4_real_unreduced((v8, v9, v10));
[s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11]
}
/// Real 2-FFT over u64 integers.
#[inline(always)]
fn fft2_real(x: [u64; 2]) -> [i64; 2] {
[(x[0] as i64 + x[1] as i64), (x[0] as i64 - x[1] as i64)]
}
/// Real 2-iFFT over u64 integers.
/// Division by two to complete the inverse FFT is not performed here.
#[inline(always)]
fn ifft2_real_unreduced(y: [i64; 2]) -> [u64; 2] {
[(y[0] + y[1]) as u64, (y[0] - y[1]) as u64]
}
/// Real 4-FFT over u64 integers.
#[inline(always)]
fn fft4_real(x: [u64; 4]) -> (i64, (i64, i64), i64) {
let [z0, z2] = fft2_real([x[0], x[2]]);
let [z1, z3] = fft2_real([x[1], x[3]]);
let y0 = z0 + z1;
let y1 = (z2, -z3);
let y2 = z0 - z1;
(y0, y1, y2)
}
/// Real 4-iFFT over u64 integers.
/// Division by four to complete the inverse FFT is not performed here.
#[inline(always)]
fn ifft4_real_unreduced(y: (i64, (i64, i64), i64)) -> [u64; 4] {
let z0 = y.0 + y.2;
let z1 = y.0 - y.2;
let z2 = y.1 .0;
let z3 = -y.1 .1;
let [x0, x2] = ifft2_real_unreduced([z0, z2]);
let [x1, x3] = ifft2_real_unreduced([z1, z3]);
[x0, x1, x2, x3]
}
#[inline(always)]
fn block1(x: [i64; 3], y: [i64; 3]) -> [i64; 3] {
let [x0, x1, x2] = x;
let [y0, y1, y2] = y;
let z0 = x0 * y0 + x1 * y2 + x2 * y1;
let z1 = x0 * y1 + x1 * y0 + x2 * y2;
let z2 = x0 * y2 + x1 * y1 + x2 * y0;
[z0, z1, z2]
}
#[inline(always)]
fn block2(x: [(i64, i64); 3], y: [(i64, i64); 3]) -> [(i64, i64); 3] {
let [(x0r, x0i), (x1r, x1i), (x2r, x2i)] = x;
let [(y0r, y0i), (y1r, y1i), (y2r, y2i)] = y;
let x0s = x0r + x0i;
let x1s = x1r + x1i;
let x2s = x2r + x2i;
let y0s = y0r + y0i;
let y1s = y1r + y1i;
let y2s = y2r + y2i;
// Compute x0y0 ix1y2 ix2y1 using Karatsuba for complex numbers multiplication
let m0 = (x0r * y0r, x0i * y0i);
let m1 = (x1r * y2r, x1i * y2i);
let m2 = (x2r * y1r, x2i * y1i);
let z0r = (m0.0 - m0.1) + (x1s * y2s - m1.0 - m1.1) + (x2s * y1s - m2.0 - m2.1);
let z0i = (x0s * y0s - m0.0 - m0.1) + (-m1.0 + m1.1) + (-m2.0 + m2.1);
let z0 = (z0r, z0i);
// Compute x0y1 + x1y0 ix2y2 using Karatsuba for complex numbers multiplication
let m0 = (x0r * y1r, x0i * y1i);
let m1 = (x1r * y0r, x1i * y0i);
let m2 = (x2r * y2r, x2i * y2i);
let z1r = (m0.0 - m0.1) + (m1.0 - m1.1) + (x2s * y2s - m2.0 - m2.1);
let z1i = (x0s * y1s - m0.0 - m0.1) + (x1s * y0s - m1.0 - m1.1) + (-m2.0 + m2.1);
let z1 = (z1r, z1i);
// Compute x0y2 + x1y1 + x2y0 using Karatsuba for complex numbers multiplication
let m0 = (x0r * y2r, x0i * y2i);
let m1 = (x1r * y1r, x1i * y1i);
let m2 = (x2r * y0r, x2i * y0i);
let z2r = (m0.0 - m0.1) + (m1.0 - m1.1) + (m2.0 - m2.1);
let z2i = (x0s * y2s - m0.0 - m0.1) + (x1s * y1s - m1.0 - m1.1) + (x2s * y0s - m2.0 - m2.1);
let z2 = (z2r, z2i);
[z0, z1, z2]
}
#[inline(always)]
fn block3(x: [i64; 3], y: [i64; 3]) -> [i64; 3] {
let [x0, x1, x2] = x;
let [y0, y1, y2] = y;
let z0 = x0 * y0 - x1 * y2 - x2 * y1;
let z1 = x0 * y1 + x1 * y0 - x2 * y2;
let z2 = x0 * y2 + x1 * y1 + x2 * y0;
[z0, z1, z2]
}
#[cfg(test)]
mod tests {
use crate::field::goldilocks_field::GoldilocksField as F;