feat: simplify constant calls to poseidon2_permutation, schnorr_verify and embedded_curve_add

Cargo.toml

@@ -111,7 +111,7 @@ criterion = "0.5.0"
 # https://github.com/tikv/pprof-rs/pull/172
 pprof = { version = "0.13", features = ["flamegraph", "criterion"] }
 
-
+cfg-if = "1.0.0"
 dirs = "4"
 serde = { version = "1.0.136", features = ["derive"] }
 serde_json = "1.0"

compiler/noirc_driver/Cargo.toml

@@ -27,3 +27,7 @@ tracing.workspace = true
 thiserror.workspace = true
 
 aztec_macros = { path = "../../aztec_macros" }
+
+[features]
+bn254 = ["noirc_frontend/bn254", "noirc_evaluator/bn254"]
+bls12_381 = ["noirc_frontend/bls12_381", "noirc_evaluator/bls12_381"]

compiler/noirc_evaluator/Cargo.toml

@@ -12,6 +12,7 @@ license.workspace = true
 noirc_frontend.workspace = true
 noirc_errors.workspace = true
 acvm.workspace = true
+bn254_blackbox_solver = { workspace = true, optional = true }
 fxhash.workspace = true
 iter-extended.workspace = true
 thiserror.workspace = true
@@ -20,3 +21,8 @@ im.workspace = true
 serde.workspace = true
 tracing.workspace = true
 chrono = "0.4.37"
+cfg-if.workspace = true
+
+[features]
+bn254 = ["dep:bn254_blackbox_solver", "noirc_frontend/bn254"]
+bls12_381= []

compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs

@@ -10,7 +10,6 @@ use crate::ssa::ir::{instruction::Endian, types::NumericType};
 use acvm::acir::circuit::brillig::{BrilligInputs, BrilligOutputs};
 use acvm::acir::circuit::opcodes::{BlockId, BlockType, MemOp};
 use acvm::acir::circuit::{AssertionPayload, ExpressionOrMemory, Opcode};
-use acvm::blackbox_solver;
 use acvm::brillig_vm::{MemoryValue, VMStatus, VM};
 use acvm::{
     acir::AcirField,
@@ -1994,7 +1993,14 @@ fn execute_brillig(
     }
 
     // Instantiate a Brillig VM given the solved input registers and memory, along with the Brillig bytecode.
-    let mut vm = VM::new(calldata, code, Vec::new(), &blackbox_solver::StubbedBlackBoxSolver);
+    cfg_if::cfg_if! {
+        if #[cfg(feature = "bn254")] {
+            let solver = bn254_blackbox_solver::Bn254BlackBoxSolver;
+        } else {
+            let solver = acvm::blackbox_solver::StubbedBlackBoxSolver;
+        }
+    };
+    let mut vm = VM::new(calldata, code, Vec::new(), &solver);
 
     // Run the Brillig VM on these inputs, bytecode, etc!
     let vm_status = vm.process_opcodes();

compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs

@@ -1,7 +1,10 @@
 use fxhash::FxHashMap as HashMap;
 use std::{collections::VecDeque, rc::Rc};
 
-use acvm::{acir::AcirField, acir::BlackBoxFunc, BlackBoxResolutionError, FieldElement};
+use acvm::{
+    acir::{AcirField, BlackBoxFunc},
+    BlackBoxFunctionSolver, BlackBoxResolutionError, FieldElement,
+};
 use iter_extended::vecmap;
 use num_bigint::BigUint;
 
@@ -434,6 +437,13 @@ fn simplify_black_box_func(
     arguments: &[ValueId],
     dfg: &mut DataFlowGraph,
 ) -> SimplifyResult {
+    cfg_if::cfg_if! {
+        if #[cfg(feature = "bn254")] {
+            let solver = bn254_blackbox_solver::Bn254BlackBoxSolver;
+        } else {
+            let solver = acvm::blackbox_solver::StubbedBlackBoxSolver;
+        }
+    };
     match bb_func {
         BlackBoxFunc::SHA256 => simplify_hash(dfg, arguments, acvm::blackbox_solver::sha256),
         BlackBoxFunc::Blake2s => simplify_hash(dfg, arguments, acvm::blackbox_solver::blake2s),
@@ -466,10 +476,11 @@ fn simplify_black_box_func(
             simplify_signature(dfg, arguments, acvm::blackbox_solver::ecdsa_secp256r1_verify)
         }
 
+        BlackBoxFunc::PedersenCommitment => simplify_pedersen_commitment(dfg, solver, arguments),
+        BlackBoxFunc::PedersenHash => simplify_pedersen_hash(dfg, solver, arguments),
+
         BlackBoxFunc::MultiScalarMul
         | BlackBoxFunc::SchnorrVerify
-        | BlackBoxFunc::PedersenCommitment
-        | BlackBoxFunc::PedersenHash
         | BlackBoxFunc::EmbeddedCurveAdd => {
             // Currently unsolvable here as we rely on an implementation in the backend.
             SimplifyResult::None
@@ -558,6 +569,63 @@ fn array_is_constant(dfg: &DataFlowGraph, values: &im::Vector<Id<Value>>) -> boo
     values.iter().all(|value| dfg.get_numeric_constant(*value).is_some())
 }
 
+fn simplify_pedersen_commitment(
+    dfg: &mut DataFlowGraph,
+    solver: impl BlackBoxFunctionSolver<FieldElement>,
+    arguments: &[ValueId],
+) -> SimplifyResult {
+    match (dfg.get_array_constant(arguments[0]), dfg.get_numeric_constant(arguments[1])) {
+        (Some((inputs, _)), Some(domain_separator)) if array_is_constant(dfg, &inputs) => {
+            let input_fields: Vec<_> = inputs
+                .iter()
+                .map(|id| {
+                    dfg.get_numeric_constant(*id)
+                        .expect("value id from array should point at constant")
+                })
+                .collect();
+
+            let (result_x, result_y) = solver
+                .pedersen_commitment(&input_fields, domain_separator.to_u128() as u32)
+                .expect("Rust solvable black box function should not fail");
+
+            let result_x = dfg.make_constant(result_x, Type::field());
+            let result_y = dfg.make_constant(result_y, Type::field());
+
+            let typ = Type::Array(Rc::new(vec![Type::field()]), 2);
+            let result_array = dfg.make_array(im::vector![result_x, result_y], typ);
+
+            SimplifyResult::SimplifiedTo(result_array)
+        }
+        _ => SimplifyResult::None,
+    }
+}
+
+fn simplify_pedersen_hash(
+    dfg: &mut DataFlowGraph,
+    solver: impl BlackBoxFunctionSolver<FieldElement>,
+    arguments: &[ValueId],
+) -> SimplifyResult {
+    match (dfg.get_array_constant(arguments[0]), dfg.get_numeric_constant(arguments[1])) {
+        (Some((inputs, _)), Some(domain_separator)) if array_is_constant(dfg, &inputs) => {
+            let input_fields: Vec<_> = inputs
+                .iter()
+                .map(|id| {
+                    dfg.get_numeric_constant(*id)
+                        .expect("value id from array should point at constant")
+                })
+                .collect();
+
+            let hash = solver
+                .pedersen_hash(&input_fields, domain_separator.to_u128() as u32)
+                .expect("Rust solvable black box function should not fail");
+
+            let hash_value = dfg.make_constant(hash, Type::field());
+            SimplifyResult::SimplifiedTo(hash_value)
+        }
+        _ => SimplifyResult::None,
+    }
+}
+
 fn simplify_hash(
     dfg: &mut DataFlowGraph,
     arguments: &[ValueId],

compiler/noirc_evaluator/src/ssa/opt/flatten_cfg.rs

@@ -799,7 +799,7 @@ mod test {
         ir::{
             dfg::DataFlowGraph,
             function::Function,
-            instruction::{BinaryOp, Instruction, Intrinsic, TerminatorInstruction},
+            instruction::{BinaryOp, Instruction, TerminatorInstruction},
             map::Id,
             types::Type,
             value::{Value, ValueId},
@@ -1360,8 +1360,7 @@ mod test {
         // Regression test for #1792
         // Tests that it does not simplify a true constraint an always-false constraint
         // fn main f1 {
-        //   b0():
-        //     v4 = call pedersen([Field 0], u32 0)
+        //   b0(v4: [Field; 2]):
         //     v5 = array_get v4, index Field 0
         //     v6 = cast v5 as u32
         //     v8 = mod v6, u32 2
@@ -1393,15 +1392,7 @@ mod test {
         let array_type = Type::Array(element_type.clone(), 1);
 
         let zero = builder.field_constant(0_u128);
-        let zero_array = builder.array_constant(im::Vector::unit(zero), array_type);
-        let i_zero = builder.numeric_constant(0_u128, Type::unsigned(32));
-        let pedersen = builder
-            .import_intrinsic_id(Intrinsic::BlackBox(acvm::acir::BlackBoxFunc::PedersenCommitment));
-        let v4 = builder.insert_call(
-            pedersen,
-            vec![zero_array, i_zero],
-            vec![Type::Array(element_type, 2)],
-        )[0];
+        let v4 = builder.add_parameter(array_type);
         let v5 = builder.insert_array_get(v4, zero, Type::field());
         let v6 = builder.insert_cast(v5, Type::unsigned(32));
         let i_two = builder.numeric_constant(2_u128, Type::unsigned(32));

compiler/noirc_frontend/Cargo.toml

@@ -26,7 +26,7 @@ num-traits.workspace = true
 rustc-hash = "1.1.0"
 small-ord-set = "0.1.3"
 regex = "1.9.1"
-cfg-if = "1.0.0"
+cfg-if.workspace = true
 tracing.workspace = true
 petgraph = "0.6"
 lalrpop-util = { version = "0.20.2", features = ["lexer"] }

test_programs/compile_success_empty/pedersen_commitment/Nargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "pedersen_commitment"
+type = "bin"
+authors = [""]
+
+[dependencies]

test_programs/compile_success_empty/pedersen_commitment/src/main.nr

@@ -0,0 +1,8 @@
+use dep::std;
+
+fn main() {
+    let commitment = std::hash::pedersen_commitment([0, 1]);
+    assert_eq(commitment.x, 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402);
+    assert_eq(commitment.y, 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126);
+}
+

test_programs/compile_success_empty/pedersen_hash/Nargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "pedersen_hash"
+type = "bin"
+authors = [""]
+
+[dependencies]

test_programs/compile_success_empty/pedersen_hash/src/main.nr

@@ -0,0 +1,7 @@
+use dep::std;
+
+fn main() {
+    let hash = std::hash::pedersen_hash([0, 1]);
+    assert_eq(hash, 0x0d98561fb02ca04d00801dfdc118b2a24cea0351963587712a28d368041370e1);
+}
+

tooling/nargo_cli/Cargo.toml

@@ -28,7 +28,7 @@ nargo_fmt.workspace = true
 nargo_toml.workspace = true
 noir_lsp.workspace = true
 noir_debugger.workspace = true
-noirc_driver.workspace = true
+noirc_driver = { workspace = true, features = ["bn254"] }
 noirc_frontend = { workspace = true, features = ["bn254"] }
 noirc_abi.workspace = true
 noirc_errors.workspace = true