fix: regression end to end test (#1965)

* update to acvm 0.19.1 * add 9_conditional * use a smaller circuit * add predicate for division * reduce lhs and rhs constraints * pass predicate to inv_var * [DO NOT MERGE] Test removing unconditional assert * fix clippy * remove Option<Expression> * add `assert_eq` and `maybe_eq_predicate` * sort now takes a predicate * add back full 9_conditional * add regression example * [DO NOT MERGE] make predicate None * predicate the final equation instead of relying on predicate = None * Update crates/noirc_evaluator/src/ssa_refactor/acir_gen/acir_ir/generated_acir.rs Co-authored-by: Tom French <[email protected]> * change unwrap to expect * make mul_with_witness crate visible remove bad merge * move test into main --------- Co-authored-by: Tom French <[email protected]> Co-authored-by: TomAFrench <[email protected]>
noir-lang · Jul 21, 2023 · 59f92e3 · 59f92e3
1 parent c15f9aa
commit 59f92e3
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 3 deletions.
diff --git a/crates/nargo_cli/tests/test_data_ssa_refactor/regression/Nargo.toml b/crates/nargo_cli/tests/test_data_ssa_refactor/regression/Nargo.toml
@@ -0,0 +1,5 @@
+[package]
+authors = [""]
+compiler_version = "0.1"
+
+[dependencies]
diff --git a/crates/nargo_cli/tests/test_data_ssa_refactor/regression/Prover.toml b/crates/nargo_cli/tests/test_data_ssa_refactor/regression/Prover.toml
@@ -0,0 +1,2 @@
+x = [0x3f, 0x1c, 0xb8, 0x99, 0xab]
+z = 3
diff --git a/crates/nargo_cli/tests/test_data_ssa_refactor/regression/src/main.nr b/crates/nargo_cli/tests/test_data_ssa_refactor/regression/src/main.nr
@@ -0,0 +1,90 @@
+global NIBBLE_LENGTH: comptime Field = 16;
+
+fn compact_decode<N>(input: [u8; N], length: Field) -> ([u4; NIBBLE_LENGTH], Field)
+{
+    assert(2*input.len() as u64 <= NIBBLE_LENGTH as u64);
+    assert(length as u64 <= input.len() as u64);
+
+    let mut nibble = [0 as u4; NIBBLE_LENGTH];
+
+    let first_nibble = (input[0] >> 4) as u4;
+    let parity = first_nibble as u1;
+
+    if parity == 1
+    {
+	    nibble[0] = (input[0] & 0x0f) as u4;
+	    for i in 1..input.len()
+	    {
+ 	        if i as u64 < length as u64
+ 	        {
+	         	let x = input[i];
+ 	         	nibble[2*i - 1] = (x >> 4) as u4;
+	         	nibble[2*i] = (x & 0x0f) as u4;
+ 	        }
+	    }
+    }
+    else
+    {
+	    for i in 0..2
+	    {
+ 	        if (i as u64) < length as u64 - 1
+ 	        {
+		        let x = input[i + 1];
+ 		        nibble[2*i] = (x >> 4) as u4;
+		        nibble[2*i + 1] = (x & 0x0f) as u4;
+ 	        }
+	    }
+    }
+
+    let out = (nibble, 2*length + (parity as Field) - 2);
+
+    out
+}
+
+fn enc<N>(value: [u8; N], value_length: Field) -> ([u8; 32], Field)
+{
+    assert(value.len() as u8 >= value_length as u8);
+    let mut out_value = [0; 32];
+    if value_length == 0
+    {
+    	let out = (out_value, value_length);
+		out
+    }
+    else { if value_length as u8 < 31
+    {
+	out_value[0] = 0x80 + value_length as u8;
+
+		for i in 1..value.len()
+		{
+			out_value[i] = value[i-1];
+		}
+
+		let out = (out_value, value_length + 1);
+
+	out
+    }
+    else
+    {
+		let out = (out_value, 32);
+		out
+    }
+	}
+}
+
+fn main(x: [u8; 5], z: Field)
+{
+    //Issue 1144
+	let (nib, len) = compact_decode(x,z);
+	assert(len == 5);
+	assert([nib[0], nib[1], nib[2], nib[3], nib[4]] == [15, 1, 12, 11, 8]);
+
+	// Issue 1169
+	let val1 = [0xb8,0x8f,0x61,0xe6,0xfb,0xda,0x83,0xfb,0xff,0xfa,0xbe,0x36,0x41,0x12,0x13,0x74,0x80,0x39,0x80,0x18,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00];
+    let val1_length = 20;
+
+    let enc_val1 = enc(val1,val1_length);
+
+    assert(enc_val1.0 == [0x94,0xb8,0x8f,0x61,0xe6,0xfb,0xda,0x83,0xfb,0xff,0xfa,0xbe,0x36,0x41,0x12,0x13,0x74,0x80,0x39,0x80,0x18,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]);
+    assert(enc_val1.1 == 21);
+
+}
diff --git a/crates/noirc_evaluator/src/ssa_refactor/acir_gen/acir_ir/generated_acir.rs b/crates/noirc_evaluator/src/ssa_refactor/acir_gen/acir_ir/generated_acir.rs
@@ -748,7 +748,7 @@ impl GeneratedAcir {
         let (q_witness, r_witness) = self.quotient_directive(
             comparison_evaluation.clone(),
             two_max_bits.into(),
-            Some(predicate),
+            Some(predicate.clone()),
             q_max_bits,
             r_max_bits,
         )?;
@@ -773,10 +773,17 @@ impl GeneratedAcir {
         // - 2^{max_bits} - k == q * 2^{max_bits} + r
         // - This is only the case when q == 0 and r == 2^{max_bits} - k
         //
+        // case: predicate is zero
+        // The values for q and r will be zero for a honest prover and
+        // can be garbage for a dishonest prover. The below constraint will
+        // will be switched off.
         let mut expr = Expression::default();
         expr.push_addition_term(two_max_bits, q_witness);
         expr.push_addition_term(FieldElement::one(), r_witness);
-        self.push_opcode(AcirOpcode::Arithmetic(&comparison_evaluation - &expr));
+
+        let equation = &comparison_evaluation - &expr;
+        let predicated_equation = self.mul_with_witness(&equation, &predicate);
+        self.push_opcode(AcirOpcode::Arithmetic(predicated_equation));
 
         Ok(q_witness)
     }

diff --git a/crates/noirc_evaluator/src/ssa_refactor/acir_gen/acir_ir/sort.rs b/crates/noirc_evaluator/src/ssa_refactor/acir_gen/acir_ir/sort.rs
@@ -75,7 +75,7 @@ impl GeneratedAcir {
     /// Returns an expression which represents a*b
     /// If one has multiplicative term and the other is of degree one or more,
     /// the function creates intermediate variables accordindly
-    fn mul_with_witness(&mut self, a: &Expression, b: &Expression) -> Expression {
+    pub(crate) fn mul_with_witness(&mut self, a: &Expression, b: &Expression) -> Expression {
         let a_arith;
         let a_arith = if !a.mul_terms.is_empty() && !b.is_const() {
             let a_witness = self.get_or_create_witness(a);