feat: Add INCR privileged instructions
#734
Conversation
Nashtare
requested review from
wborgeaud,
muursh and
LindaGuiga
as code owners
github-actions
bot
added
crate: evm_arithmetization
| cat $TEST_OUT_PATH | ||
| echo "Failed to create proof witnesses. See $TEST_OUT_PATH for more details." |
There was a problem hiding this comment.
unrelated, but mentioned on slack
| # Circuit sizes only matter in non test_only mode. | ||
| if ! [[ $8 == "test_only" ]]; then | ||
| export ARITHMETIC_CIRCUIT_SIZE="16..21" | ||
| export BYTE_PACKING_CIRCUIT_SIZE="8..21" | ||
| export CPU_CIRCUIT_SIZE="8..21" | ||
| export KECCAK_CIRCUIT_SIZE="4..20" | ||
| export KECCAK_SPONGE_CIRCUIT_SIZE="8..17" | ||
| export LOGIC_CIRCUIT_SIZE="4..21" | ||
| export MEMORY_CIRCUIT_SIZE="17..24" | ||
| export MEMORY_BEFORE_CIRCUIT_SIZE="16..23" | ||
| export MEMORY_AFTER_CIRCUIT_SIZE="7..23" | ||
| fi |
There was a problem hiding this comment.
these match the default ones in .env
| use super::dup_swap::{constrain_channel_ext_circuit, constrain_channel_packed}; | ||
| use crate::cpu::columns::CpuColumnsView; | ||
|
|
||
| /// Evaluates the constraints for the DUP and SWAP opcodes. |
|
|
||
| let n = lv.opcode_bits[0] | ||
| + lv.opcode_bits[1] * P::Scalar::from_canonical_u64(2) | ||
| + lv.opcode_bits[2] * P::Scalar::from_canonical_u64(4); |
There was a problem hiding this comment.
I thought n was only two bits?
| @@ -156,13 +156,12 @@ modmul_check_loop: | |||
| SWAP1 | |||
| %decrement | |||
| // stack: n-1, base_addr, i, j, retdest | |||
There was a problem hiding this comment.
Probably faster to do:
INCR3 INCR4
// stack: n-1, base_addr, i+1, j+1, retdest
%stack (n, addr) -> (n, addr, n)
| BYTES 3 // 0xe2, INCR3 | ||
| BYTES 4 // 0xe3, INCR4 | ||
|
|
||
| %rep 12 // 0xe5-0xef, invalid |
There was a problem hiding this comment.
| %rep 12 // 0xe5-0xef, invalid | |
| %rep 12 // 0xe4-0xef, invalid |
| @@ -119,9 +119,9 @@ buffer_update: | |||
| // stack: get, set, get , set , times , retdest | |||
| %mupdate_current_general | |||
| // stack: get , set , times , retdest | |||
| %increment | |||
| INCR1 | |||
| INCR2 | |||
| SWAP1 | |||
There was a problem hiding this comment.
Remove the two extra SWAP1.
| @@ -597,6 +599,39 @@ pub(crate) fn generate_swap<F: RichField, T: Transition<F>>( | |||
| Ok(()) | |||
| } | |||
|
|
|||
| pub(crate) fn generate_incr<F: RichField, T: Transition<F>>( | |||
There was a problem hiding this comment.
I'm actually not sure why it's working. For INCR2-4, there's no problem, but for INCR1 we are reading the stack (and writing) at address stack_len - 1. There is no guarantee that the current top of the stack has been written in memory, so I'm surprised the reads don't return a wrong value sometimes.
There was a problem hiding this comment.
Some constraints seem to be missing, and some seem to be unneeded.
The current set of constraints work as intended for INCR2-4, but for INCR1 we are not checking that the output channel is equal to the next top of the stack.
Moreover, the value read in the input channel is not constrained to match the current top of the stack (tests pass so it seems to be the case, but it sounds like coincidence to me).
I think the clean way to do it is to filter all of the current constraints with lv.opcode_bits[0] (with a new one making sure that the top of the stack doesn't change), and handle INCR1 separately with filter 1 - lv.opcode_bits[0] (you can even disable the memory channels to save some memory rows).
| use super::dup_swap::{constrain_channel_ext_circuit, constrain_channel_packed}; | ||
| use crate::cpu::columns::CpuColumnsView; | ||
|
|
||
| /// Evaluates the constraints for the DUP and SWAP opcodes. |
There was a problem hiding this comment.
| /// Evaluates the constraints for the DUP and SWAP opcodes. | |
| /// Evaluates the constraints for the INCR opcode. |
|
|
||
| let n = lv.opcode_bits[0] | ||
| + lv.opcode_bits[1] * P::Scalar::from_canonical_u64(2) | ||
| + lv.opcode_bits[2] * P::Scalar::from_canonical_u64(4); |
There was a problem hiding this comment.
The opcodes go from e0 to e3, so I don't think you need + lv.opcode_bits[2] * P::Scalar::from_canonical_u64(4);
Add a series of 4
INCRprivileged instructions (INCR1,INCR2,INCR3andINCR4) to increment by 1 the Nth element of the stack in place (i.e. noPUSH/POP).Particularly helpful for accumulators increment previously requiring
SWAPN PUSH 1 ADD SWAPNnow only requiringINCRN.Though having an overall lesser impact, we could see how interesting a DECR variant would be (we could add it at no cost by combining it with the INCR CPU column).
Removes 4% to 5% of CPU cycles on mainnet blocks.
Total CPU columns for vanilla type1: 86
MemBeforenew initial size:63199type2:62691