addressed comments

2026-01-24 00:23:07 +00:00 · 2022-09-19 10:31:55 -07:00 · 2022-09-19 10:31:55 -07:00 · 65b8993b6f
commit 65b8993b6f
parent c11c526462
5 changed files with 137 additions and 193 deletions
--- a/evm/src/cpu/kernel/asm/sha2/compression.asm
+++ b/evm/src/cpu/kernel/asm/sha2/compression.asm
@ -185,9 +185,7 @@ sha2_compression_loop:
    // stack: num_blocks, i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_retdest
    POP
    // stack: i+1, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, new_retdest
-    PUSH 64
-    SWAP1
-    MOD
+    %and_const(63)
    // stack: (i+1)%64, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, i, retdest
    SWAP12
    // stack: i, a[i+1], b[i+1], c[i+1], d[i+1], e[i+1], f[i+1], g[i+1], h[i+1], num_blocks new, scratch_space_addr, message_schedule_addr new, (i+1)%64, retdest
@ -296,4 +294,5 @@ sha2_compression_end:
    // stack: i, scratch_space_addr, message_schedule_addr, concat(a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64]), retdest
    %pop3
    // stack: sha2_result = concat(a[0]+a[64], b[0]+b[64], c[0]+c[64], d[0]+d[64], e[0]+e[64], f[0]+f[64], g[0]+g[64], h[0]+h[64]), retdest
-    STOP
+    SWAP1
+    JUMP
--- a/evm/src/cpu/kernel/asm/sha2/memory.asm
+++ b/evm/src/cpu/kernel/asm/sha2/memory.asm
@ -115,43 +115,31 @@
    // stack: offset, value
    SWAP1
    // stack: value, offset
-    PUSH 1
-    PUSH 8
-    SHL
-    // stack: 1 << 8, value, offset
-    %stack (shift, val, offset) -> (val, shift, val, shift, offset)
-    // stack: value, 1 << 8, value, 1 << 8, offset
-    MOD
-    // stack: c_0 = value % (1 << 8), value, 1 << 8, offset
-    SWAP2
+    DUP1
+    // stack: value, value, offset
+    %and_const(0xff)
+    // stack: c_0 = value % (1 << 8), value, offset
    SWAP1
-    // stack: value, 1 << 8, c_0, offset
-    PUSH 8
-    SHR
-    // stack: value >> 8, 1 << 8, c_0, offset
-    DUP2
-    DUP2
-    // stack: value >> 8, 1 << 8, value >> 8, 1 << 8, c_0, offset
-    MOD
-    // stack: c_1 = (value >> 8) % (1 << 8), value >> 8, 1 << 8, c_0, offset
-    SWAP2
+    // stack: value, c_0, offset
+    %shr_const(8)
+    // stack: value >> 8, c_0, offset
+    DUP1
+    // stack: value >> 8, value >> 8, c_0, offset
+    %and_const(0xff)
+    // stack: c_1 = (value >> 8) % (1 << 8), value >> 8, c_0, offset
    SWAP1
-    // stack: value >> 8, 1 << 8, c_1, c_0, offset
-    PUSH 8
-    SHR
-    // stack: value >> 16, 1 << 8, c_1, c_0, offset
-    DUP2
-    DUP2
-    // stack: value >> 16, 1 << 8, value >> 16, 1 << 8, c_1, c_0, offset
-    MOD
-    // stack: c_2 = (value >> 16) % (1 << 8), value >> 16, 1 << 8, c_1, c_0, offset
-    SWAP2
+    // stack: value >> 8, c_1, c_0, offset
+    %shr_const(8)
+    // stack: value >> 16, c_1, c_0, offset
+    DUP1
+    // stack: value >> 16, value >> 16, c_1, c_0, offset
+    %and_const(0xff)
+    // stack: c_2 = (value >> 16) % (1 << 8), value >> 16, c_1, c_0, offset
    SWAP1
-    // stack: value >> 16, 1 << 8, c_2, c_1, c_0, offset
-    PUSH 8
-    SHR
-    // stack: value >> 24, 1 << 8, c_2, c_1, c_0, offset
-    MOD
+    // stack: value >> 16, c_2, c_1, c_0, offset
+    %shr_const(8)
+    // stack: value >> 24, c_2, c_1, c_0, offset
+    %and_const(0xff)
    // stack: c_3 = (value >> 24) % (1 << 8), c_2, c_1, c_0, offset
    DUP5
    // stack: offset, c_3, c_2, c_1, c_0, offset
--- a/evm/src/cpu/kernel/asm/sha2/message_schedule.asm
+++ b/evm/src/cpu/kernel/asm/sha2/message_schedule.asm
@ -26,22 +26,13 @@ sha2_gen_message_schedule_from_block_0_loop:
    // stack: counter, output_addr, block[0], block[1], retdest
    SWAP2
    // stack: block[0], output_addr, counter, block[1], retdest
-    PUSH 1
-    PUSH 32
-    SHL
-    // stack: 1 << 32, block[0], output_addr, counter, block[1], retdest
-    DUP2
-    DUP2
-    // stack: 1 << 32, block[0], 1 << 32, block[0], output_addr, counter, block[1], retdest
-    SWAP1
-    // stack: block[0], 1 << 32, 1 << 32, block[0], output_addr, counter, block[1], retdest
-    MOD
-    // stack: block[0] % (1 << 32), 1 << 32, block[0], output_addr, counter, block[1], retdest
-    SWAP2
-    // stack: block[0], 1 << 32, block[0] % (1 << 32), output_addr, counter, block[1], retdest
-    DIV
-    // stack: block[0] >> 32, block[0] % (1 << 32), output_addr, counter, block[1], retdest
+    DUP1
+    // stack: block[0], block[0], output_addr, counter, block[1], retdest
+    %shr_const(32)
+    // stack: block[0] >> 32, block[0], output_addr, counter, block[1], retdest
    SWAP1
+    // stack: block[0], block[0] >> 32, output_addr, counter, block[1], retdest
+    %truncate_to_u32
    // stack: block[0] % (1 << 32), block[0] >> 32, output_addr, counter, block[1], retdest
    DUP3
    // stack: output_addr, block[0] % (1 << 32), block[0] >> 32, output_addr, counter, block[1], retdest
@ -76,22 +67,13 @@ sha2_gen_message_schedule_from_block_1_loop:
    // stack: counter, output_addr, block[1], block[0], retdest
    SWAP2
    // stack: block[1], output_addr, counter, block[0], retdest
-    PUSH 1
-    PUSH 32
-    SHL
-    // stack: 1 << 32, block[1], output_addr, counter, block[0], retdest
-    DUP2
-    DUP2
-    // stack: 1 << 32, block[1], 1 << 32, block[1], output_addr, counter, block[0], retdest
-    SWAP1
-    // stack: block[1], 1 << 32, 1 << 32, block[1], output_addr, counter, block[0], retdest
-    MOD
-    // stack: block[1] % (1 << 32), 1 << 32, block[1], output_addr, counter, block[0], retdest
-    SWAP2
-    // stack: block[1], 1 << 32, block[1] % (1 << 32), output_addr, counter, block[0], retdest
-    DIV
-    // stack: block[1] >> 32, block[1] % (1 << 32), output_addr, counter, block[0], retdest
+    DUP1
+    // stack: block[1], block[1], output_addr, counter, block[0], retdest
+    %shr_const(32)
+    // stack: block[1] >> 32, block[1], output_addr, counter, block[0], retdest
    SWAP1
+    // stack: block[1], block[1] >> 32, output_addr, counter, block[0], retdest
+    %truncate_to_u32
    // stack: block[1] % (1 << 32), block[1] >> 32, output_addr, counter, block[0], retdest
    DUP3
    // stack: output_addr, block[1] % (1 << 32), block[1] >> 32, output_addr, counter, block[0], retdest
--- a/evm/src/cpu/kernel/asm/sha2/write_length.asm
+++ b/evm/src/cpu/kernel/asm/sha2/write_length.asm
@ -2,146 +2,118 @@
    // stack: last_addr, length
    SWAP1
    // stack: length, last_addr
-    PUSH 1
-    PUSH 8
-    SHL
-
-    // stack: 1 << 8, length, last_addr
    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
+    // stack: length, length, last_addr
+    %and_const(0xff)
+    // stack: length % (1 << 8), length, last_addr
    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: length % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, length % (1 << 8), 1 << 8, length, last_addr
+    // stack: last_addr, length % (1 << 8), length, last_addr
    %mstore_kernel_general
    
-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 8
-    SHR
-    // stack: length >> 8, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 8) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 8) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 1
+    // stack: length, last_addr
    SWAP1
-    SUB
-    // stack: last_addr - 1, (length >> 8) % (1 << 8), 1 << 8, length, last_addr
+    %decrement
+    SWAP1
+    // stack: length, last_addr - 1
+    %shr_const(8)
+    // stack: length >> 8, last_addr - 1
+    DUP1
+    // stack: length >> 8, length >> 8, last_addr - 1
+    %and_const(0xff)
+    // stack: (length >> 8) % (1 << 8), length >> 8, last_addr - 1
+    DUP3
+    // stack: last_addr - 1, (length >> 8) % (1 << 8), length >> 8, last_addr - 1
+    %mstore_kernel_general
+    
+    // stack: length >> 8, last_addr - 1
+    SWAP1
+    %decrement
+    SWAP1
+    // stack: length >> 8, last_addr - 2
+    %shr_const(8)
+    // stack: length >> 16, last_addr - 2
+    DUP1
+    // stack: length >> 16, length >> 16, last_addr - 2
+    %and_const(0xff)
+    // stack: (length >> 16) % (1 << 8), length >> 16, last_addr - 2
+    DUP3
+    // stack: last_addr - 2, (length >> 16) % (1 << 8), length >> 16, last_addr - 2
    %mstore_kernel_general

-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 16
-    SHR
-    // stack: length >> 16, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 16) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 16) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 2
+    // stack: length >> 16, last_addr - 2
    SWAP1
-    SUB
-    // stack: last_addr - 2, (length >> 16) % (1 << 8), 1 << 8, length, last_addr
+    %decrement
+    SWAP1
+    // stack: length >> 16, last_addr - 3
+    %shr_const(8)
+    // stack: length >> 24, last_addr - 3
+    DUP1
+    // stack: length >> 24, length >> 24, last_addr - 3
+    %and_const(0xff)
+    // stack: (length >> 24) % (1 << 8), length >> 24, last_addr - 3
+    DUP3
+    // stack: last_addr - 3, (length >> 24) % (1 << 8), length >> 24, last_addr - 3
    %mstore_kernel_general

-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 24
-    SHR
-    // stack: length >> 24, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 24) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 24) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 3
+    // stack: length >> 24, last_addr - 3
    SWAP1
-    SUB
-    // stack: last_addr - 3, (length >> 24) % (1 << 8), 1 << 8, length, last_addr
+    %decrement
+    SWAP1
+    // stack: length >> 24, last_addr - 4
+    %shr_const(8)
+    // stack: length >> 32, last_addr - 4
+    DUP1
+    // stack: length >> 32, length >> 32, last_addr - 4
+    %and_const(0xff)
+    // stack: (length >> 32) % (1 << 8), length >> 32, last_addr - 4
+    DUP3
+    // stack: last_addr - 4, (length >> 32) % (1 << 8), length >> 32, last_addr - 4
    %mstore_kernel_general

-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 32
-    SHR
-    // stack: length >> 32, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 32) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 32) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 4
+    // stack: length >> 32, last_addr - 4
    SWAP1
-    SUB
-    // stack: last_addr - 4, (length >> 32) % (1 << 8), 1 << 8, length, last_addr
+    %decrement
+    SWAP1
+    // stack: length >> 32, last_addr - 5
+    %shr_const(8)
+    // stack: length >> 40, last_addr - 5
+    DUP1
+    // stack: length >> 40, length >> 40, last_addr - 5
+    %and_const(0xff)
+    // stack: (length >> 40) % (1 << 8), length >> 40, last_addr - 5
+    DUP3
+    // stack: last_addr - 5, (length >> 40) % (1 << 8), length >> 40, last_addr - 5
    %mstore_kernel_general

-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 40
-    SHR
-    // stack: length >> 40, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 40) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 40) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 5
+    // stack: length >> 40, last_addr - 5
    SWAP1
-    SUB
-    // stack: last_addr - 5, (length >> 40) % (1 << 8), 1 << 8, length, last_addr
+    %decrement
+    SWAP1
+    // stack: length >> 40, last_addr - 6
+    %shr_const(8)
+    // stack: length >> 48, last_addr - 6
+    DUP1
+    // stack: length >> 48, length >> 48, last_addr - 6
+    %and_const(0xff)
+    // stack: (length >> 48) % (1 << 8), length >> 48, last_addr - 6
+    DUP3
+    // stack: last_addr - 6, (length >> 48) % (1 << 8), length >> 48, last_addr - 6
    %mstore_kernel_general

-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 48
-    SHR
-    // stack: length >> 48, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 48) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 48) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 6
+    // stack: length >> 48, last_addr - 6
    SWAP1
-    SUB
-    // stack: last_addr - 6, (length >> 48) % (1 << 8), 1 << 8, length, last_addr
-    %mstore_kernel_general
-
-    // stack: 1 << 8, length, last_addr
-    DUP1
-    // stack: 1 << 8, 1 << 8, length, last_addr
-    DUP3
-    // stack: length, 1 << 8, 1 << 8, length, last_addr
-    PUSH 56
-    SHR
-    // stack: length >> 56, 1 << 8, 1 << 8, length, last_addr
-    MOD
-    // stack: (length >> 56) % (1 << 8), 1 << 8, length, last_addr
-    DUP4
-    // stack: last_addr, (length >> 56) % (1 << 8), 1 << 8, length, last_addr
-    PUSH 7
+    %decrement
    SWAP1
-    SUB
-    // stack: last_addr - 7, (length >> 56) % (1 << 8), 1 << 8, length, last_addr
+    // stack: length >> 48, last_addr - 7
+    %shr_const(8)
+    // stack: length >> 56, last_addr - 7
+    DUP1
+    // stack: length >> 56, length >> 56, last_addr - 7
+    %and_const(0xff)
+    // stack: (length >> 56) % (1 << 8), length >> 56, last_addr - 7
+    DUP3
+    // stack: last_addr - 7, (length >> 56) % (1 << 8), length >> 56, last_addr - 7
    %mstore_kernel_general
-    %pop3
+    %pop2
    // stack: (empty)
 %endmacro
--- a/evm/src/cpu/kernel/tests/sha2.rs
+++ b/evm/src/cpu/kernel/tests/sha2.rs
@ -15,25 +15,28 @@ fn test_sha2() -> Result<()> {

    let mut rng = thread_rng();

+    // Generate a random message, between 0 and 9999 bytes.
    let num_bytes = rng.gen_range(0..10000);
    let message: Vec<u8> = (0..num_bytes).map(|_| rng.gen()).collect();

+    // Hash the message using a standard Sha256 implementation.
    let mut hasher = Sha256::new();
    hasher.update(message.clone());
    let expected = format!("{:X}", hasher.finalize());

-    let bytes: Vec<U256> = message.iter().map(|&x| U256::from(x as u32)).collect();
-
+    // Load the message onto the stack.
    let mut initial_stack = vec![U256::from(num_bytes)];
+    let bytes: Vec<U256> = message.iter().map(|&x| U256::from(x as u32)).collect();
    initial_stack.extend(bytes);
    initial_stack.push(U256::from_str("0xdeadbeef").unwrap());
    initial_stack.reverse();

-    let after_sha2 = run(&kernel.code, sha2, initial_stack, &kernel.prover_inputs)?;
-    let stack_after_sha2 = after_sha2.stack();
-    let result = stack_after_sha2[1];
-    let actual = format!("{:X}", result);
+    // Run the sha2 kernel code.
+    let result = run(&kernel.code, sha2, initial_stack, &kernel.prover_inputs)?;
+    let result_hash = result.stack()[0];
+    let actual = format!("{:X}", result_hash);

+    // Check that the result is correct.
    assert_eq!(expected, actual);

    Ok(())