Merge branch 'main' of github.com:mir-protocol/plonky2 into non-inv

2026-01-09 09:13:09 +00:00 · 2023-02-25 10:30:46 -08:00 · 2023-02-25 10:30:46 -08:00 · e3e5c67834
commit e3e5c67834
parent 2a9d4b1a9a 7781dd366f
19 changed files with 141 additions and 72 deletions
--- a/ecdsa/Cargo.toml
+++ b/ecdsa/Cargo.toml
@ -13,7 +13,7 @@ anyhow = { version = "1.0.40", default-features = false }
 itertools = { version = "0.10.0", default-features = false }
 plonky2_maybe_rayon = { version = "0.1.0", default-features = false }
 num = { version = "0.4.0", default-features = false }
-plonky2 = { version = "0.1.1", default-features = false }
+plonky2 = { version = "0.1.2", default-features = false }
 plonky2_u32 = { version = "0.1.0", default-features = false }
 serde = { version = "1.0", default-features = false, features = ["derive"] }

--- a/evm/Cargo.toml
+++ b/evm/Cargo.toml
@ -25,7 +25,7 @@ num = "0.4.0"
 once_cell = "1.13.0"
 pest = "2.1.3"
 pest_derive = "2.1.0"
-plonky2 = { version = "0.1.1", default-features = false, features = ["timing"] }
+plonky2 = { version = "0.1.2", default-features = false, features = ["timing"] }
 plonky2_util = { version = "0.1.0" }
 rand = "0.8.5"
 rand_chacha = "0.3.1"
--- a/evm/src/cpu/kernel/asm/core/create.asm
+++ b/evm/src/cpu/kernel/asm/core/create.asm
@ -1,9 +1,17 @@
+// The CREATE syscall.
+//
+// Pre stack: value, CODE_ADDR, code_len, retdest
+// Post stack: address
+global sys_create:
+    %address
+    %jump(create)
+
 // Create a new contract account with the traditional address scheme, i.e.
 //     address = KEC(RLP(sender, nonce))[12:]
 // This can be used both for the CREATE instruction and for contract-creation
 // transactions.
 //
-// Pre stack: CODE_ADDR, code_len, retdest
+// Pre stack: sender, endowment, CODE_ADDR, code_len, retdest
 // Post stack: address
 // Note: CODE_ADDR refers to a (context, segment, offset) tuple.
 global create:
@ -21,18 +29,11 @@ global create:
 // Pre stack: sender, endowment, salt, CODE_ADDR, code_len, retdest
 // Post stack: address
 // Note: CODE_ADDR refers to a (context, segment, offset) tuple.
-global create2:
+global sys_create2:
    // stack: sender, endowment, salt, CODE_ADDR, code_len, retdest
    // Call get_create2_address and have it return to create_inner.
-    %stack (sender, endowment, salt) -> (salt, sender, endowment)
-    // stack: salt, sender, endowment, CODE_ADDR, code_len, retdest
-    DUP7 DUP7 DUP7 DUP7 // CODE_ADDR and code_len
-    // stack: CODE_ADDR, code_len, salt, sender, endowment, CODE_ADDR, code_len, retdest
-    PUSH create_inner
-    // stack: create_inner, CODE_ADDR, code_len, salt, sender, endowment, CODE_ADDR, code_len, retdest
-    SWAP5 // create_inner <-> salt
-    // stack: salt, CODE_ADDR, code_len, create_inner, sender, endowment, CODE_ADDR, code_len, retdest
-    DUP7 // sender
+    %stack (sender, endowment, salt, CODE_ADDR: 3, code_len)
+        -> (sender, salt, CODE_ADDR, code_len, create_inner, sender, endowment, CODE_ADDR, code_len)
    // stack: sender, salt, CODE_ADDR, code_len, create_inner, sender, endowment, CODE_ADDR, code_len, retdest
    %jump(get_create2_address)

--- a/evm/src/cpu/kernel/asm/core/process_txn.asm
+++ b/evm/src/cpu/kernel/asm/core/process_txn.asm
@ -40,6 +40,7 @@ global buy_gas:
    // stack: sender_addr, gas_cost, retdest
    %deduct_eth
    // stack: deduct_eth_status, retdest
+global txn_failure_insufficient_balance:
    %jumpi(panic)
    // stack: retdest

@ -54,17 +55,26 @@ global process_based_on_type:

 global process_contract_creation_txn:
    // stack: retdest
-    // Push the code address & length onto the stack, then call `create`.
+    PUSH process_contract_creation_txn_after_create
+    // stack: process_contract_creation_txn_after_create, retdest
    %mload_txn_field(@TXN_FIELD_DATA_LEN)
-    // stack: code_len, retdest
+    // stack: code_len, process_contract_creation_txn_after_create, retdest
    PUSH 0
-    // stack: code_offset, code_len, retdest
+    // stack: code_offset, code_len, process_contract_creation_txn_after_create, retdest
    PUSH @SEGMENT_TXN_DATA
-    // stack: code_segment, code_offset, code_len, retdest
+    // stack: code_segment, code_offset, code_len, process_contract_creation_txn_after_create, retdest
    PUSH 0 // context
-    // stack: CODE_ADDR, code_len, retdest
+    // stack: CODE_ADDR, code_len, process_contract_creation_txn_after_create, retdest
+    %mload_txn_field(@TXN_FIELD_VALUE)
+    %mload_txn_field(@TXN_FIELD_ORIGIN)
+    // stack: sender, endowment, CODE_ADDR, code_len, process_contract_creation_txn_after_create, retdest
    %jump(create)

+global process_contract_creation_txn_after_create:
+    // stack: new_address, retdest
+    POP
+    JUMP
+
 global process_message_txn:
    // stack: retdest
    %mload_txn_field(@TXN_FIELD_VALUE)
@ -162,5 +172,5 @@ global process_message_txn_code_loaded:
 global process_message_txn_after_call:
    // stack: success, retdest
    // TODO: Return leftover gas? Or handled by termination instructions?
-    POP // Pop success for now. Will go into the reciept when we support that.
+    POP // Pop success for now. Will go into the receipt when we support that.
    JUMP
--- a/evm/src/cpu/kernel/asm/core/syscall_stubs.asm
+++ b/evm/src/cpu/kernel/asm/core/syscall_stubs.asm
@ -2,49 +2,86 @@
 // Each label should be removed from this file once it is implemented.

 global sys_sdiv:
+    PANIC
 global sys_smod:
+    PANIC
 global sys_signextend:
+    PANIC
 global sys_slt:
+    PANIC
 global sys_sgt:
+    PANIC
 global sys_sar:
+    PANIC
 global sys_address:
+    PANIC
 global sys_balance:
+    PANIC
 global sys_origin:
+    PANIC
 global sys_caller:
+    PANIC
 global sys_callvalue:
+    PANIC
 global sys_calldataload:
+    PANIC
 global sys_calldatasize:
+    PANIC
 global sys_calldatacopy:
+    PANIC
 global sys_codesize:
+    PANIC
 global sys_codecopy:
+    PANIC
 global sys_gasprice:
+    PANIC
 global sys_extcodesize:
+    PANIC
 global sys_extcodecopy:
+    PANIC
 global sys_returndatasize:
+    PANIC
 global sys_returndatacopy:
+    PANIC
 global sys_extcodehash:
+    PANIC
 global sys_blockhash:
+    PANIC
 global sys_coinbase:
+    PANIC
 global sys_timestamp:
+    PANIC
 global sys_number:
+    PANIC
 global sys_prevrandao:
+    PANIC
 global sys_gaslimit:
+    PANIC
 global sys_chainid:
+    PANIC
 global sys_selfbalance:
+    PANIC
 global sys_basefee:
-global sys_sload:
-global sys_sstore:
+    PANIC
 global sys_msize:
+    PANIC
 global sys_gas:
+    PANIC
 global sys_log0:
+    PANIC
 global sys_log1:
+    PANIC
 global sys_log2:
+    PANIC
 global sys_log3:
+    PANIC
 global sys_log4:
-global sys_create:
+    PANIC
 global sys_call:
+    PANIC
 global sys_callcode:
+    PANIC
 global sys_delegatecall:
-global sys_create2:
+    PANIC
 global sys_staticcall:
    PANIC
--- a/evm/src/cpu/kernel/asm/mpt/hash/hash_trie_specific.asm
+++ b/evm/src/cpu/kernel/asm/mpt/hash/hash_trie_specific.asm
@ -88,11 +88,15 @@ encode_account_after_hash_storage_trie:
    SWAP1
    JUMP

-encode_txn:
+global encode_txn:
    PANIC // TODO

-encode_receipt:
+global encode_receipt:
    PANIC // TODO

-encode_storage_value:
-    PANIC // TODO: RLP encode as variable-len scalar?
+global encode_storage_value:
+    // stack: rlp_pos, value_ptr, retdest
+    %encode_rlp_scalar
+    // stack: rlp_pos', retdest
+    SWAP1
+    JUMP
--- a/evm/src/cpu/kernel/asm/mpt/storage/storage_read.asm
+++ b/evm/src/cpu/kernel/asm/mpt/storage/storage_read.asm
@ -1,30 +1,32 @@
 // Read a word from the current account's storage trie.
 //
-// Pre stack: slot, retdest
+// Pre stack: kexit_info, slot
 // Post stack: value

-global storage_read:
-    // stack: slot, retdest
+global sys_sload:
+    // stack: kexit_info, slot
+    SWAP1
+    // stack: slot, kexit_info
    %stack (slot) -> (slot, after_storage_read)
    %slot_to_storage_key
-    // stack: storage_key, after_storage_read, retdest
+    // stack: storage_key, after_storage_read, kexit_info
    PUSH 64 // storage_key has 64 nibbles
    %current_storage_trie
-    // stack: storage_root_ptr, 64, storage_key, after_storage_read, retdest
+    // stack: storage_root_ptr, 64, storage_key, after_storage_read, kexit_info
    %jump(mpt_read)

 after_storage_read:
-    // stack: value_ptr, retdest
+    // stack: value_ptr, kexit_info
    DUP1 %jumpi(storage_key_exists)

    // Storage key not found. Return default value_ptr = 0,
    // which derefs to 0 since @SEGMENT_TRIE_DATA[0] = 0.
-    %stack (value_ptr, retdest) -> (retdest, 0)
-    JUMP
+    %stack (value_ptr, kexit_info) -> (kexit_info, 0)
+    EXIT_KERNEL

 storage_key_exists:
-    // stack: value_ptr, retdest
+    // stack: value_ptr, kexit_info
    %mload_trie_data
-    // stack: value, retdest
+    // stack: value, kexit_info
    SWAP1
-    JUMP
+    EXIT_KERNEL
--- a/evm/src/cpu/kernel/asm/mpt/storage/storage_write.asm
+++ b/evm/src/cpu/kernel/asm/mpt/storage/storage_write.asm
@ -1,44 +1,50 @@
 // Write a word to the current account's storage trie.
 //
-// Pre stack: slot, value, retdest
+// Pre stack: kexit_info, slot, value
 // Post stack: (empty)

-global storage_write:
+global sys_sstore:
+    %stack (kexit_info, slot, value) -> (slot, value, kexit_info)
    // TODO: If value = 0, delete the key instead of inserting 0.
-    // stack: slot, value, retdest
+    // stack: slot, value, kexit_info

    // First we write the value to MPT data, and get a pointer to it.
    %get_trie_data_size
-    // stack: value_ptr, slot, value, retdest
+    // stack: value_ptr, slot, value, kexit_info
    SWAP2
-    // stack: value, slot, value_ptr, retdest
+    // stack: value, slot, value_ptr, kexit_info
    %append_to_trie_data
-    // stack: slot, value_ptr, retdest
+    // stack: slot, value_ptr, kexit_info

    // Next, call mpt_insert on the current account's storage root.
    %stack (slot, value_ptr) -> (slot, value_ptr, after_storage_insert)
    %slot_to_storage_key
-    // stack: storage_key, value_ptr, after_storage_write, retdest
+    // stack: storage_key, value_ptr, after_storage_insert, kexit_info
    PUSH 64 // storage_key has 64 nibbles
    %current_storage_trie
-    // stack: storage_root_ptr, 64, storage_key, value_ptr, after_storage_insert, retdest
+    // stack: storage_root_ptr, 64, storage_key, value_ptr, after_storage_insert, kexit_info
    %jump(mpt_insert)

 after_storage_insert:
-    // stack: new_storage_root_ptr, retdest
+    // stack: new_storage_root_ptr, kexit_info
    %current_account_data
-    // stack: old_account_ptr, new_storage_root_ptr, retdest
+    // stack: old_account_ptr, new_storage_root_ptr, kexit_info
    %make_account_copy
-    // stack: new_account_ptr, new_storage_root_ptr, retdest
+    // stack: new_account_ptr, new_storage_root_ptr, kexit_info

    // Update the copied account with our new storage root pointer.
    %stack (new_account_ptr, new_storage_root_ptr) -> (new_account_ptr, new_storage_root_ptr, new_account_ptr)
    %add_const(2)
-    // stack: new_account_storage_root_ptr_ptr, new_storage_root_ptr, new_account_ptr, retdest
+    // stack: new_account_storage_root_ptr_ptr, new_storage_root_ptr, new_account_ptr, kexit_info
    %mstore_trie_data
-    // stack: new_account_ptr, retdest
+    // stack: new_account_ptr, kexit_info

    // Save this updated account to the state trie.
+    %stack (new_account_ptr) -> (new_account_ptr, after_state_insert)
    %address %addr_to_state_key
-    // stack: state_key, new_account_ptr, retdest
+    // stack: state_key, new_account_ptr, after_state_insert, kexit_info
    %jump(mpt_insert_state_trie)
+
+after_state_insert:
+    // stack: kexit_info
+    EXIT_KERNEL
--- a/evm/src/cpu/kernel/asm/rlp/encode_rlp_string.asm
+++ b/evm/src/cpu/kernel/asm/rlp/encode_rlp_string.asm
@ -44,6 +44,8 @@ global encode_rlp_string_small_single_byte:
    %mstore_rlp
    // stack: pos, retdest
    %increment
+    SWAP1
+    // stack: retdest, pos'
    JUMP

 global encode_rlp_string_large:
--- a/evm/src/fixed_recursive_verifier.rs
+++ b/evm/src/fixed_recursive_verifier.rs
@ -182,7 +182,7 @@ where

        let mut builder = CircuitBuilder::new(CircuitConfig::standard_recursion_config());
        let recursive_proofs =
-            core::array::from_fn(|i| builder.add_virtual_proof_with_pis::<C>(inner_common_data[i]));
+            core::array::from_fn(|i| builder.add_virtual_proof_with_pis(inner_common_data[i]));
        let pis: [_; NUM_TABLES] = core::array::from_fn(|i| {
            PublicInputs::from_vec(&recursive_proofs[i].public_inputs, stark_config)
        });
@ -303,8 +303,8 @@ where
        let common = &root.circuit.common;
        let root_vk = builder.constant_verifier_data(&root.circuit.verifier_only);
        let is_agg = builder.add_virtual_bool_target_safe();
-        let agg_proof = builder.add_virtual_proof_with_pis::<C>(common);
-        let evm_proof = builder.add_virtual_proof_with_pis::<C>(common);
+        let agg_proof = builder.add_virtual_proof_with_pis(common);
+        let evm_proof = builder.add_virtual_proof_with_pis(common);
        builder
            .conditionally_verify_cyclic_proof::<C>(
                is_agg, &agg_proof, &evm_proof, &root_vk, common,
@ -330,8 +330,8 @@ where

        let mut builder = CircuitBuilder::<F, D>::new(CircuitConfig::standard_recursion_config());
        let has_parent_block = builder.add_virtual_bool_target_safe();
-        let parent_block_proof = builder.add_virtual_proof_with_pis::<C>(&expected_common_data);
-        let agg_root_proof = builder.add_virtual_proof_with_pis::<C>(&agg.circuit.common);
+        let parent_block_proof = builder.add_virtual_proof_with_pis(&expected_common_data);
+        let agg_root_proof = builder.add_virtual_proof_with_pis(&agg.circuit.common);

        let cyclic_vk = builder.add_verifier_data_public_inputs();
        builder
@ -579,7 +579,7 @@ where
            }

            let mut builder = CircuitBuilder::new(shrinking_config());
-            let proof_with_pis_target = builder.add_virtual_proof_with_pis::<C>(&last.common);
+            let proof_with_pis_target = builder.add_virtual_proof_with_pis(&last.common);
            let last_vk = builder.constant_verifier_data(&last.verifier_only);
            builder.verify_proof::<C>(&proof_with_pis_target, &last_vk, &last.common);
            builder.register_public_inputs(&proof_with_pis_target.public_inputs); // carry PIs forward
--- a/evm/src/generation/prover_input.rs
+++ b/evm/src/generation/prover_input.rs
@ -102,7 +102,10 @@ impl<F: Field> GenerationState<F> {
                // Return length of code.
                // stack: codehash, ...
                let codehash = stack_peek(self, 0).expect("Empty stack");
-                self.inputs.contract_code[&H256::from_uint(&codehash)]
+                self.inputs
+                    .contract_code
+                    .get(&H256::from_uint(&codehash))
+                    .unwrap_or_else(|| panic!("No code found with hash {codehash}"))
                    .len()
                    .into()
            }
@ -111,7 +114,11 @@ impl<F: Field> GenerationState<F> {
                // stack: i, code_length, codehash, ...
                let i = stack_peek(self, 0).expect("Unexpected stack").as_usize();
                let codehash = stack_peek(self, 2).expect("Unexpected stack");
-                self.inputs.contract_code[&H256::from_uint(&codehash)][i].into()
+                self.inputs
+                    .contract_code
+                    .get(&H256::from_uint(&codehash))
+                    .unwrap_or_else(|| panic!("No code found with hash {codehash}"))[i]
+                    .into()
            }
            _ => panic!("Invalid prover input function."),
        }
--- a/evm/src/get_challenges.rs
+++ b/evm/src/get_challenges.rs
@ -199,7 +199,7 @@ impl<const D: usize> StarkProofTarget<D> {
            permutation_challenge_sets,
            stark_alphas,
            stark_zeta,
-            fri_challenges: challenger.fri_challenges::<C>(
+            fri_challenges: challenger.fri_challenges(
                builder,
                commit_phase_merkle_caps,
                final_poly,
--- a/insertion/Cargo.toml
+++ b/insertion/Cargo.toml
@ -6,8 +6,8 @@ edition = "2021"

 [dependencies]
 anyhow = { version = "1.0.40", default-features = false }
-plonky2 = { version = "0.1.1", default-features = false }
+plonky2 = { version = "0.1.2", default-features = false }

 [dev-dependencies]
-plonky2 = { version = "0.1.1" }
+plonky2 = { version = "0.1.2" }

--- a/plonky2/Cargo.toml
+++ b/plonky2/Cargo.toml
@ -1,7 +1,7 @@
 [package]
 name = "plonky2"
 description = "Recursive SNARKs based on PLONK and FRI"
-version = "0.1.1"
+version = "0.1.3"
 license = "MIT OR Apache-2.0"
 authors = ["Daniel Lubarov <daniel@lubarov.com>", "William Borgeaud <williamborgeaud@gmail.com>", "Nicholas Ward <npward@berkeley.edu>"]
 readme = "README.md"
--- a/plonky2/src/plonk/config.rs
+++ b/plonky2/src/plonk/config.rs
@ -53,7 +53,7 @@ pub trait Hasher<F: RichField>: Sized + Clone + Debug + Eq + PartialEq {
    /// Hash the slice if necessary to reduce its length to ~256 bits. If it already fits, this is a
    /// no-op.
    fn hash_or_noop(inputs: &[F]) -> Self::Hash {
-        if inputs.len() <= 4 {
+        if inputs.len() * 8 <= Self::HASH_SIZE {
            let mut inputs_bytes = vec![0u8; Self::HASH_SIZE];
            for i in 0..inputs.len() {
                inputs_bytes[i * 8..(i + 1) * 8]
--- a/starky/Cargo.toml
+++ b/starky/Cargo.toml
@ -1,7 +1,7 @@
 [package]
 name = "starky"
 description = "Implementation of STARKs"
-version = "0.1.0"
+version = "0.1.1"
 license = "MIT OR Apache-2.0"
 authors = ["Daniel Lubarov <daniel@lubarov.com>", "William Borgeaud <williamborgeaud@gmail.com>"]
 readme = "README.md"
@ -21,7 +21,7 @@ anyhow = { version = "1.0.40", default-features = false }
 itertools = { version = "0.10.0", default-features = false }
 log = { version = "0.4.14", default-features = false }
 plonky2_maybe_rayon = { version = "0.1.0", default-features = false }
-plonky2 = { version = "0.1.1", default-features = false }
+plonky2 = { version = "0.1.2", default-features = false }

 [dev-dependencies]
 env_logger = { version = "0.9.0", default-features = false }
--- a/starky/src/get_challenges.rs
+++ b/starky/src/get_challenges.rs
@ -175,7 +175,7 @@ where
        permutation_challenge_sets,
        stark_alphas,
        stark_zeta,
-        fri_challenges: challenger.fri_challenges::<C>(
+        fri_challenges: challenger.fri_challenges(
            builder,
            commit_phase_merkle_caps,
            final_poly,
--- a/system_zero/Cargo.toml
+++ b/system_zero/Cargo.toml
@ -8,11 +8,11 @@ edition = "2021"
 anyhow = "1.0.40"
 itertools = "0.10.0"
 log = "0.4.14"
-plonky2 = { version = "0.1.1" }
+plonky2 = { version = "0.1.2" }
 plonky2_util = { version = "0.1.0" }
 rand = "0.8.4"
 rand_chacha = "0.3.1"
-starky = { version = "0.1.0" }
+starky = { version = "0.1.1" }

 [dev-dependencies]
 criterion = "0.4.0"
--- a/u32/Cargo.toml
+++ b/u32/Cargo.toml
@ -10,8 +10,8 @@ edition = "2021"
 anyhow = { version = "1.0.40", default-features = false }
 itertools = { version = "0.10.0", default-features = false }
 num = { version = "0.4", default-features = false }
-plonky2 = { version = "0.1.1", default-features = false }
+plonky2 = { version = "0.1.2", default-features = false }

 [dev-dependencies]
-plonky2 = { version = "0.1.1", default-features = false, features = ["gate_testing"] }
+plonky2 = { version = "0.1.2", default-features = false, features = ["gate_testing"] }
 rand = { version = "0.8.4", default-features = false, features = ["getrandom"] }