-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(3738): AVM basic arithmetic operations for non ff types #3881
Merged
Merged
Changes from 28 commits
Commits
Show all changes
40 commits
Select commit
Hold shift + click to select a range
8ff7315
PIL relations for u8, u16, u32, u64, u128 additions
jeanmon 0258f34
PIL relations for subtraction of u8, u16, u32, u64, 128 types
jeanmon 8594bfc
3738 - explanations on arithmetic operations PIL relations
jeanmon d3f0a13
3738 - additions and subtractions re-visited with 16-bit registers
jeanmon 09a4490
Merge branch 'avm-main' into jm/3738-u32-arithmetic
jeanmon 2300f96
3738 - pil relations for multiplication types u8, u16, u32, u64
jeanmon 87b873b
3738 - pil relations for u128 multiplication
jeanmon f74ca13
Merge branch 'avm-main' into jm/3738-arithmetic-non-ff
jeanmon 55fab70
3738 - First version of Alu trace files
jeanmon 650eec3
3738 - witness generation for addition
jeanmon 31ff1a7
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 7a64651
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 115a40a
3738 - create common header file for tests
jeanmon b9d878f
3738 - rename arithmetic test suite specific for FF
jeanmon ee53436
3738 - move FF addition to alu chip and create a unit test for u8
jeanmon 95e9e9f
3738 - first unit tests for u8
jeanmon d365314
3738 - positive unit tests for addition
jeanmon a93c9b4
3738 - witness generation for subtraction and move ff pil relation to
jeanmon 74e8714
3738 - add unit tests for subtraction and swap u128 addition unit tests
jeanmon 8e4f299
3738 - add witness generation for multiplication with types u8, u16,
jeanmon 0a65b54
3738 - add positive unit tests for addition with type u8, u16, u32, u64
jeanmon fab58b9
3738 - witness generation for addition over u128
jeanmon 1536b28
3738: style improvement and comments
jeanmon 5d9bda5
3738 - bugfixing PIL relation for u128 multiplication and unit tests
jeanmon c13c702
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon ecacbbc
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 5e7570e
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 5ab8ffc
3738 - add basic negative unit tests for each operation and type
jeanmon 394d18c
3738 - rewrite addition and subtraction relations according to Zac's
jeanmon b2ed4f3
3738 - further PIL relation consolidation for add/sub
jeanmon 41391f6
3738 - consolidate multiplication relations for u8, u16, u32, u64
jeanmon 3feb72e
3738 - comparator for memory traces migrated as < operator overload
jeanmon 10eebde
3738 - adding some TODO in comments
jeanmon 7ce1cf6
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon ce60c4a
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 23e2dcd
3738 - Re-generate AVM related files with new namespace (after master
jeanmon 2fecc75
Merge branch 'master' into testing-merge-arith
jeanmon b0d262d
3738 - capitalize enum values
jeanmon 78457db
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon 14f794c
Merge branch 'master' into jm/3738-arithmetic-non-ff
jeanmon File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,229 @@ | ||
include "avm_mini.pil"; | ||
|
||
namespace aluChip(256); | ||
|
||
// ========= Table ALU-TR ================================================= | ||
|
||
// References to main trace table of sub-operations, clk, intermediate | ||
// registers, operation selectors. | ||
// TODO: Think on optimizations to decrease the number of such "copied" columns | ||
pol commit alu_clk; | ||
pol commit alu_ia; // Intermediate registers | ||
pol commit alu_ib; | ||
pol commit alu_ic; | ||
pol commit alu_op_add; // Operation selectors | ||
pol commit alu_op_sub; | ||
pol commit alu_op_mul; | ||
pol commit alu_op_div; | ||
|
||
// Flattened boolean instruction tags | ||
pol commit alu_ff_tag; | ||
pol commit alu_u8_tag; | ||
pol commit alu_u16_tag; | ||
pol commit alu_u32_tag; | ||
pol commit alu_u64_tag; | ||
pol commit alu_u128_tag; | ||
|
||
// 8-bit slice registers | ||
pol commit alu_u8_r0; | ||
pol commit alu_u8_r1; | ||
|
||
// 16-bit slice registers | ||
pol commit alu_u16_r0; | ||
pol commit alu_u16_r1; | ||
pol commit alu_u16_r2; | ||
pol commit alu_u16_r3; | ||
pol commit alu_u16_r4; | ||
pol commit alu_u16_r5; | ||
pol commit alu_u16_r6; | ||
pol commit alu_u16_r7; | ||
|
||
// 64-bit slice register | ||
pol commit alu_u64_r0; | ||
|
||
// Carry flag | ||
pol commit alu_cf; | ||
|
||
// ========= Type Constraints ============================================= | ||
// TODO: Range constraints for slice registers | ||
// intermediate registers ia and ib (inputs) depending on flag | ||
// Carry flag: We will have to constraint to ensure that the | ||
// arithmetic expressions are not overflowing finite field size | ||
// Remark: Operation selectors are constrained in the main trace. | ||
// TODO: Enforce the equivalence check for the selectors between both tables. | ||
|
||
// Boolean flattened instructions tags | ||
alu_ff_tag * (1 - alu_ff_tag) = 0; | ||
alu_u8_tag * (1 - alu_u8_tag) = 0; | ||
alu_u16_tag * (1 - alu_u16_tag) = 0; | ||
alu_u32_tag * (1 - alu_u32_tag) = 0; | ||
alu_u64_tag * (1 - alu_u64_tag) = 0; | ||
alu_u128_tag * (1 - alu_u128_tag) = 0; | ||
|
||
// Operation selectors are copied from main table and do not need to be constrained here. | ||
|
||
// ========= Inter-table Constraints ====================================== | ||
// TODO: Equivalence between intermediate registers, clk, type flag, operation | ||
// An ALU chiplet flag will be introduced in main trace to select relevant rows. | ||
|
||
|
||
// ========= EXPLANATIONS ================================================= | ||
// Main trick for arithmetic operations modulo 2^k is to perform the operation | ||
// over the integers and expressing the result as low + high * 2^k with low | ||
// smaller than 2^k. low is used as the output. This works as long this does | ||
// not overflow the underlying finite field order (u128 multiplication will be | ||
// handled differently). If we want to prove that c = OP(a,b) where OP denotes | ||
// an arithmetic operation modulo 2^k, we need two relations: | ||
// (1) low + high * 2^k - OP(a,b) = 0 | ||
// (2) low - c = 0 | ||
// | ||
// We support u8, u16, u32, u64, u128 types and decompose low into | ||
// smaller bit slices, e.g., 16. For instance, low = s_0 + s_1 * 2^16 + s_2 * 2^32 + ... | ||
// The slices have to be range constrained and there is a trade-off between the | ||
// number of registers and complexity of the range constraints. | ||
// TODO: Determine the best slice size allocation. Note that we might choose different | ||
// slice sizes for the different types. At this stage, it is still unknown how this | ||
// allocation affects the performance. | ||
// | ||
// Preliminary choice: We use one u8 register to support u8 operations and up to 8 u16 | ||
// registers for the other types. | ||
|
||
|
||
// ============= Helper polynomial terms ============================ | ||
// These are intermediate polynomial terms which are not commited but | ||
// serves to express commited polynomials in a more concise way. | ||
|
||
// 16-bit slice partial sums | ||
pol sum_16 = alu_u16_r0; | ||
pol sum_32 = sum_16 + alu_u16_r1 * 2**16; | ||
pol sum_64 = sum_32 + alu_u16_r2 * 2**32 + alu_u16_r3 * 2**48; | ||
pol sum_96 = sum_64 + alu_u16_r4 * 2**64 + alu_u16_r5 * 2**80; | ||
pol sum_128 = sum_96 + alu_u16_r6 * 2**96 + alu_u16_r7 * 2**112; | ||
|
||
// ========= ADDITION Operation Constraints =============================== | ||
|
||
// ff addition | ||
#[ALU_ADDITION_FF] | ||
alu_ff_tag * alu_op_add * (alu_ia + alu_ib - alu_ic) = 0; | ||
|
||
// u8 addition | ||
alu_u8_tag * alu_op_add * (alu_u8_r0 + alu_cf * 2**8 - alu_ia - alu_ib) = 0; | ||
#[ALU_ADDITION_OUT_U8] | ||
alu_u8_tag * alu_op_add * (alu_u8_r0 - alu_ic) = 0; | ||
|
||
// u16 addition | ||
alu_u16_tag * alu_op_add * (sum_16 + alu_cf * 2**16 - alu_ia - alu_ib) = 0; | ||
#[ALU_ADDITION_OUT_U16] | ||
alu_u16_tag * alu_op_add * (sum_16 - alu_ic) = 0; | ||
|
||
// u32 addition | ||
alu_u32_tag * alu_op_add * (sum_32 + alu_cf * 2**32 - alu_ia - alu_ib) = 0; | ||
#[ALU_ADDITION_OUT_U32] | ||
alu_u32_tag * alu_op_add * (sum_32 - alu_ic) = 0; | ||
|
||
// u64 addition | ||
alu_u64_tag * alu_op_add * (sum_64 + alu_cf * 2**64 - alu_ia - alu_ib) = 0; | ||
#[ALU_ADDITION_OUT_U64] | ||
alu_u64_tag * alu_op_add * (sum_64 - alu_ic) = 0; | ||
|
||
// u128 addition | ||
alu_u128_tag * alu_op_add * (sum_128 + alu_cf * 2**128 - alu_ia - alu_ib) = 0; | ||
#[ALU_ADDITION_OUT_U128] | ||
alu_u128_tag * alu_op_add * (sum_128 - alu_ic) = 0; | ||
|
||
// ========= SUBTRACTION Operation Constraints =============================== | ||
|
||
// a - b = c <==> c + b = a (mod 2^k) | ||
// Same constraints as for addition but we swap alu_ia with alu_ic | ||
|
||
// ff subtraction | ||
#[ALU_SUBTRACTION_FF] | ||
alu_ff_tag * alu_op_sub * (alu_ia - alu_ib - alu_ic) = 0; | ||
|
||
// u8 subtraction | ||
#[ALU_SUBTRACTION_OUT_U8] | ||
alu_u8_tag * alu_op_sub * (alu_u8_r0 + alu_cf * 2**8 - alu_ic - alu_ib) = 0; | ||
jeanmon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
alu_u8_tag * alu_op_sub * (alu_u8_r0 - alu_ia) = 0; | ||
|
||
// u16 subtraction | ||
#[ALU_SUBTRACTION_OUT_U16] | ||
alu_u16_tag * alu_op_sub * (sum_16 + alu_cf * 2**16 - alu_ic - alu_ib) = 0; | ||
alu_u16_tag * alu_op_sub * (sum_16 - alu_ia) = 0; | ||
|
||
// u32 subtraction | ||
#[ALU_SUBTRACTION_OUT_U32] | ||
alu_u32_tag * alu_op_sub * (sum_32 + alu_cf * 2**32 - alu_ic - alu_ib) = 0; | ||
alu_u32_tag * alu_op_sub * (sum_32 - alu_ia) = 0; | ||
|
||
// u64 subtraction | ||
#[ALU_SUBTRACTION_OUT_U64] | ||
alu_u64_tag * alu_op_sub * (sum_64 + alu_cf * 2**64 - alu_ic - alu_ib) = 0; | ||
alu_u64_tag * alu_op_sub * (sum_64 - alu_ia) = 0; | ||
|
||
// u128 subtraction | ||
jeanmon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
#[ALU_SUBTRACTION_OUT_U128] | ||
alu_u128_tag * alu_op_sub * (sum_128 + alu_cf * 2**128 - alu_ic - alu_ib) = 0; | ||
alu_u128_tag * alu_op_sub * (sum_128 - alu_ia) = 0; | ||
|
||
// ========= MULTIPLICATION Operation Constraints =============================== | ||
|
||
// ff multiplication | ||
#[ALU_MULTIPLICATION_FF] | ||
alu_ff_tag * alu_op_mul * (alu_ia * alu_ib - alu_ic) = 0; | ||
|
||
// We need 2k bits to express the product (a*b) over the integer, i.e., for type uk | ||
// we express the product as sum_k (u8 is an exception as we need 8-bit registers) | ||
|
||
// u8 multiplication | ||
alu_u8_tag * alu_op_mul * (alu_u8_r0 + alu_u8_r1 * 2**8 - alu_ia * alu_ib) = 0; | ||
#[ALU_MULTIPLICATION_OUT_U8] | ||
alu_u8_tag * alu_op_mul * (alu_u8_r0 - alu_ic) = 0; | ||
|
||
// u16 multiplication | ||
alu_u16_tag * alu_op_mul * (sum_32 - alu_ia * alu_ib) = 0; | ||
#[ALU_MULTIPLICATION_OUT_U16] | ||
alu_u16_tag * alu_op_mul * (sum_16 - alu_ic) = 0; | ||
|
||
// u32 multiplication | ||
alu_u32_tag * alu_op_mul * (sum_64 - alu_ia * alu_ib) = 0; | ||
#[ALU_MULTIPLICATION_OUT_U32] | ||
alu_u32_tag * alu_op_mul * (sum_32 - alu_ic) = 0; | ||
|
||
// u64 multiplication | ||
alu_u64_tag * alu_op_mul * (sum_128 - alu_ia * alu_ib) = 0; | ||
#[ALU_MULTIPLICATION_OUT_U64] | ||
alu_u64_tag * alu_op_mul * (sum_64 - alu_ic) = 0; | ||
|
||
// ========= u128 MULTIPLICATION Operation Constraints =============================== | ||
// | ||
// We express a, b in 64-bit slices: a = a_l + a_h * 2^64 | ||
// b = b_l + b_h * 2^64 | ||
// We show that c satisfies: a_l * b_l + (a_h * b_l + a_l * b_h) * 2^64 = R * 2^128 + c | ||
// for a R < 2^65. Equivalently: | ||
// a * b_l + a_l * b_h * 2^64 = (CF * 2^64 + R') * 2^128 + c | ||
// for a bit carry flag CF and R' range constrained to 64 bits. | ||
// We use two lines in the execution trace. First line represents a | ||
// as decomposed over 16-bit registers. Second line represents b. | ||
// Selector flag is only toggled in the first line and we access b through | ||
// shifted polynomials. | ||
// R' is stored in alu_u64_r0 | ||
|
||
// 64-bit higher limb | ||
pol sum_high_64 = alu_u16_r4 + alu_u16_r5 * 2**16 + alu_u16_r6 * 2**32 + alu_u16_r7 * 2**48; | ||
|
||
// 64-bit lower limb for next row | ||
pol sum_shifted_64 = alu_u16_r0' + alu_u16_r1' * 2**16 + alu_u16_r2' * 2**32 + alu_u16_r3' * 2**48; | ||
|
||
// 64-bit higher limb for next row | ||
pol sum_high_shifted_64 = alu_u16_r4' + alu_u16_r5' * 2**16 + alu_u16_r6' * 2**32 + alu_u16_r7' * 2**48; | ||
|
||
// Arithmetic relations | ||
alu_u128_tag * alu_op_mul * (sum_64 + sum_high_64 * 2**64 - alu_ia) = 0; | ||
alu_u128_tag * alu_op_mul * (sum_shifted_64 + sum_high_shifted_64 * 2**64 - alu_ib) = 0; | ||
jeanmon marked this conversation as resolved.
Show resolved
Hide resolved
|
||
#[ALU_MULTIPLICATION_OUT_U128] | ||
alu_u128_tag * alu_op_mul * ( | ||
alu_ia * sum_shifted_64 | ||
+ sum_64 * sum_high_shifted_64 * 2**64 | ||
- (alu_cf * 2**64 + alu_u64_r0) * 2**128 | ||
- alu_ic | ||
) = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ia and ib are constrained to be u8 elsewhere via load from a memory region, however, however i assume ic will be written to a memory region, how can we ensure that it is a u8?
Ic can be larger than a u8 without setting the carry?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
edit: i think this resolved - we mentioned it on the call
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
alu_u8_r0 will have to be constrained for being a 8-bit register.
The relation #[ALU_ADDITION_OUT_U8] ensures that if selectors alu_u8_tag and alu_op_add are enabled, it inplies that alu_ic = alu_u8_r0 modulo finite field size. Since this modulo is much larger than 8 bits, alu_ic will have 8-bit as well.