Merge branch 'master' into sync-noir

* master:
  feat: prepare circuit output for validation (#6678)
  chore: stop building/publishing `acvm_backend.wasm` (#6584)
  chore: add bench programs (#6566)
  chore: make public data update requests, note hashes, and unencrypted logs readonly in TS (#6658)
  git subrepo push --branch=master noir-projects/aztec-nr
  git_subrepo.sh: Fix parent in .gitrepo file. [skip ci]
  chore: replace relative paths to noir-protocol-circuits
  git subrepo push --branch=master barretenberg
  feat: update honk recursion constraint (#6545)
  feat: Add code-workspace and update build dirs (#6723)
  feat: Sync from noir (#6717)
  feat: folding acir programs (#6685)
  feat: sumcheck part of ECCVM recursive verifier instantiated as an UltraCircuit (#6413)

.github/workflows/publish-bb.yml

@@ -113,10 +113,6 @@ jobs:
         working-directory: barretenberg/cpp/build-wasm/bin
         run: tar -cvzf barretenberg.wasm.tar.gz barretenberg.wasm
 
-      - name: Tar and GZip acvm_backend.wasm
-        working-directory: barretenberg/cpp/build-wasm/bin
-        run: tar -cvzf acvm_backend.wasm.tar.gz acvm_backend.wasm
-
       # - name: Setup Node.js
       #   uses: actions/setup-node@v2
       #   with:
@@ -137,7 +133,6 @@ jobs:
           name: release-wasm
           path: |
             ./barretenberg/cpp/build-wasm/bin/barretenberg.wasm.tar.gz
-            ./barretenberg/cpp/build-wasm/bin/acvm_backend.wasm.tar.gz
 
   build-mac-intel:
     name: Build on Mac x86_64-apple-darwin
@@ -239,7 +234,6 @@ jobs:
           prerelease: true
           files: |
             barretenberg.wasm.tar.gz
-            acvm_backend.wasm.tar.gz
             barretenberg-x86_64-linux-gnu.tar.gz
             barretenberg-x86_64-apple-darwin.tar.gz
             barretenberg-aarch64-apple-darwin.tar.gz

avm-transpiler/src/transpile.rs

@@ -6,7 +6,7 @@ use acvm::acir::circuit::OpcodeLocation;
 use acvm::brillig_vm::brillig::{
     BinaryFieldOp, BinaryIntOp, BlackBoxOp, HeapArray, HeapVector, MemoryAddress, ValueOrArray,
 };
-use acvm::FieldElement;
+use acvm::{AcirField, FieldElement};
 use noirc_errors::debug_info::DebugInfo;
 use noirc_errors::Location;
 
@@ -19,7 +19,7 @@ use crate::utils::{dbg_print_avm_program, dbg_print_brillig_program};
 
 /// Transpile a Brillig program to AVM bytecode
 pub fn brillig_to_avm(
-    brillig_bytecode: &[BrilligOpcode],
+    brillig_bytecode: &[BrilligOpcode<FieldElement>],
     brillig_pcs_to_avm_pcs: &Vec<usize>,
 ) -> Vec<u8> {
     dbg_print_brillig_program(brillig_bytecode);
@@ -838,7 +838,7 @@ fn handle_const(
     } else {
         // We can't fit a field in an instruction. This should've been handled in Brillig.
         let field = value;
-        if !field.fits_in_u128() {
+        if field.num_bits() > 128 {
             panic!("SET: Field value doesn't fit in 128 bits, that's not supported!");
         }
         avm_instrs.extend([
@@ -1250,7 +1250,7 @@ pub fn patch_debug_info_pcs(
 ///     brillig: the Brillig program
 /// returns: an array where each index is a Brillig pc,
 ///     and each value is the corresponding AVM pc.
-pub fn map_brillig_pcs_to_avm_pcs(brillig_bytecode: &[BrilligOpcode]) -> Vec<usize> {
+pub fn map_brillig_pcs_to_avm_pcs(brillig_bytecode: &[BrilligOpcode<FieldElement>]) -> Vec<usize> {
     let mut pc_map = vec![0; brillig_bytecode.len()];
 
     pc_map[0] = 0; // first PC is always 0 as there are no instructions inserted by AVM at start

avm-transpiler/src/transpile_contract.rs

@@ -1,5 +1,6 @@
 use std::io::Read;
 
+use acvm::FieldElement;
 use base64::Engine;
 use log::info;
 use serde::{Deserialize, Serialize};
@@ -62,7 +63,7 @@ pub struct AcirContractFunctionArtifact {
         serialize_with = "Program::serialize_program_base64",
         deserialize_with = "Program::deserialize_program_base64"
     )]
-    pub bytecode: Program,
+    pub bytecode: Program<FieldElement>,
     #[serde(
         serialize_with = "ProgramDebugInfo::serialize_compressed_base64_json",
         deserialize_with = "ProgramDebugInfo::deserialize_compressed_base64_json"

avm-transpiler/src/utils.rs

@@ -1,3 +1,4 @@
+use acvm::FieldElement;
 use log::debug;
 
 use acvm::acir::brillig::Opcode as BrilligOpcode;
@@ -11,7 +12,7 @@ use crate::instructions::AvmInstruction;
 /// pointer opcode in ACIR that fetches those unconstrained functions from the main list.
 /// This function just extracts Brillig bytecode, with the assumption that the
 /// 0th unconstrained function in the full `Program` structure.
-pub fn extract_brillig_from_acir_program(program: &Program) -> &[BrilligOpcode] {
+pub fn extract_brillig_from_acir_program(program: &Program<FieldElement>) -> &[BrilligOpcode<FieldElement>] {
     assert_eq!(
         program.functions.len(),
         1,
@@ -37,7 +38,7 @@ pub fn extract_brillig_from_acir_program(program: &Program) -> &[BrilligOpcode]
 }
 
 /// Print inputs, outputs, and instructions in a Brillig program
-pub fn dbg_print_brillig_program(brillig_bytecode: &[BrilligOpcode]) {
+pub fn dbg_print_brillig_program(brillig_bytecode: &[BrilligOpcode<FieldElement>]) {
     debug!("Printing Brillig program...");
     for (i, instruction) in brillig_bytecode.iter().enumerate() {
         debug!("\tPC:{0} {1:?}", i, instruction);

barretenberg/.gitrepo

@@ -6,7 +6,7 @@
 [subrepo]
 	remote = https://github.com/AztecProtocol/barretenberg
 	branch = master
-	commit = d6a0cc1a4439cca765f5bfd334ab84e537669050
-	parent = 0ee6ef9abae584a5d137ba007c44bdfde0a01f8a
+	commit = 72efb12fe455b0e58de08592913026c20d568c6b
+	parent = 6f86352fafa7d22f9b0f64ec67199efe6346d82f
 	method = merge
 	cmdver = 0.4.6

barretenberg/Earthfile

@@ -38,6 +38,8 @@ barretenberg-acir-tests-bb:
     RUN FLOW=prove_and_verify_mega_honk ./run_acir_tests.sh 6_array
     # Construct and verify a UltraHonk proof for all ACIR programs using the new witness stack workflow
     RUN FLOW=prove_and_verify_ultra_honk_program ./run_acir_tests.sh
+    # Fold and verify an ACIR program stack using ClientIvc
+    RUN FLOW=fold_and_verify_program ./run_acir_tests.sh fold_basic
     # This is a "full" Goblin flow. It constructs and verifies four proofs: MegaHonk, ECCVM, Translator, and merge
     RUN FLOW=prove_and_verify_goblin ./run_acir_tests.sh 6_array
     # Run 1_mul through native bb build, all_cmds flow, to test all cli args.

barretenberg/acir_tests/Dockerfile.bb.js

@@ -21,10 +21,12 @@ RUN BIN=../ts/dest/node/main.js FLOW=prove_then_verify ./run_acir_tests.sh ecdsa
 RUN BIN=../ts/dest/node/main.js FLOW=prove_then_verify_ultra_honk ./run_acir_tests.sh nested_array_dynamic
 # Run a single arbitrary test not involving recursion through bb.js for Plonk
 RUN BIN=../ts/dest/node/main.js FLOW=prove_and_verify ./run_acir_tests.sh poseidon_bn254_hash
-# Run a single arbitrary test not involving recursion through bb.js for MegaHonk
+# Run a single arbitrary test not involving recursion through bb.js for UltraHonk
 RUN BIN=../ts/dest/node/main.js FLOW=prove_and_verify_ultra_honk ./run_acir_tests.sh closures_mut_ref
-# Run a single arbitrary test for separate prove and verify for UltraHonk
+# Run a single arbitrary test for separate prove and verify for MegaHonk
 RUN BIN=../ts/dest/node/main.js FLOW=prove_and_verify_mega_honk ./run_acir_tests.sh 6_array
+# Fold and verify an ACIR program stack
+RUN BIN=../ts/dest/node/main.js FLOW=fold_and_verify_program ./run_acir_tests.sh fold_basic
 # Run a single arbitrary test not involving recursion through bb.js for full Goblin
 RUN BIN=../ts/dest/node/main.js FLOW=prove_and_verify_goblin ./run_acir_tests.sh 6_array
 # Run 1_mul through bb.js build, all_cmds flow, to test all cli args.

barretenberg/acir_tests/bench_acir_tests.sh

@@ -1,7 +1,10 @@
 #!/usr/bin/env bash
+set -e
 
 cd "$(dirname "$0")"
 
+./clone_test_vectors.sh
+
 TEST_NAMES=("$@")
 THREADS=(1 4 16 32 64)
 BENCHMARKS=$LOG_FILE
@@ -11,7 +14,7 @@ if [[ -z "${LOG_FILE}" ]]; then
 fi
 
 if [ "${#TEST_NAMES[@]}" -eq 0 ]; then
-    TEST_NAMES=(sha256 ecdsa_secp256k1 ecdsa_secp256r1 schnorr double_verify_proof)
+    TEST_NAMES=$(find acir_tests/bench_* -maxdepth 0 -type d -printf '%f ')
 fi
 
 for TEST in ${TEST_NAMES[@]}; do
@@ -23,13 +26,13 @@ done
 # Build results into string with \n delimited rows and space delimited values.
 TABLE_DATA=""
 for TEST in ${TEST_NAMES[@]}; do
-    GATE_COUNT=$(jq -r --arg test "$TEST" 'select(.name == "gate_count" and .acir_test == $test) | .value' $BENCHMARKS | uniq)
-    SUBGROUP_SIZE=$(jq -r --arg test "$TEST" 'select(.name == "subgroup_size" and .acir_test == $test) | .value' $BENCHMARKS | uniq)
+    GATE_COUNT=$(jq -r --arg test "$TEST" 'select(.eventName == "gate_count" and .acir_test == $test) | .value' $BENCHMARKS | uniq)
+    SUBGROUP_SIZE=$(jq -r --arg test "$TEST" 'select(.eventName == "subgroup_size" and .acir_test == $test) | .value' $BENCHMARKS | uniq)
     # Name in col 1, gate count in col 2, subgroup size in col 3.
     TABLE_DATA+="$TEST $GATE_COUNT $SUBGROUP_SIZE"
     # Each thread timing in subsequent cols.
     for HC in "${THREADS[@]}"; do
-        RESULT=$(cat $BENCHMARKS | jq -r --arg test "$TEST" --argjson hc $HC 'select(.name == "proof_construction_time" and .acir_test == $test and .threads == $hc) | .value')
+        RESULT=$(cat $BENCHMARKS | jq -r --arg test "$TEST" --argjson hc $HC 'select(.eventName == "proof_construction_time" and .acir_test == $test and .threads == $hc) | .value')
         TABLE_DATA+=" $RESULT"
     done
     TABLE_DATA+=$'\n'

barretenberg/acir_tests/flows/fold_and_verify_program.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+
+VFLAG=${VERBOSE:+-v}
+
+$BIN fold_and_verify_program $VFLAG -c $CRS_PATH -b ./target/program.json

barretenberg/acir_tests/flows/prove_and_verify_mega_honk_program.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+
+VFLAG=${VERBOSE:+-v}
+
+$BIN prove_and_verify_mega_honk_program $VFLAG -c $CRS_PATH -b ./target/program.json

barretenberg/cpp/CMakePresets.json

@@ -71,7 +71,7 @@
       "displayName": "Debugging build with Clang-16",
       "description": "Build with globally installed Clang-16 in debug mode",
       "inherits": "clang16",
-      "binaryDir": "build",
+      "binaryDir": "build-debug",
       "environment": {
         "CMAKE_BUILD_TYPE": "Debug",
         "CFLAGS": "-gdwarf-4",
@@ -88,6 +88,7 @@
       "displayName": "Optimized debug build with Clang-16",
       "description": "Build with globally installed Clang-16 in optimized debug mode",
       "inherits": "clang16-dbg",
+      "binaryDir": "build-debug-fast",
       "environment": {
         "CMAKE_BUILD_TYPE": "Debug",
         "CFLAGS": "-O2 -gdwarf",
@@ -97,6 +98,7 @@
     },
     {
       "name": "clang16-assert",
+      "binaryDir": "build-assert",
       "displayName": "Build with Clang-16 using RelWithAssert",
       "description": "Build with globally installed Clang-16 in release with ASSERTs mode",
       "inherits": "clang16",
@@ -480,7 +482,6 @@
       "jobs": 0,
       "targets": [
         "barretenberg.wasm",
-        "acvm_backend.wasm",
         "barretenberg",
         "wasi",
         "env"

barretenberg/cpp/src/CMakeLists.txt

@@ -104,6 +104,7 @@ include(GNUInstallDirs)
 message(STATUS "Compiling all-in-one barretenberg archive")
 
 set(BARRETENBERG_TARGET_OBJECTS
+    $<TARGET_OBJECTS:client_ivc_objects>
     $<TARGET_OBJECTS:commitment_schemes_objects>
     $<TARGET_OBJECTS:common_objects>
     $<TARGET_OBJECTS:client_ivc_objects>
@@ -181,30 +182,10 @@ if(WASM)
         $<TARGET_OBJECTS:wasi_objects>
     )
 
-    add_executable(
-        acvm_backend.wasm
-        $<TARGET_OBJECTS:wasi_objects>
-        $<TARGET_OBJECTS:env_objects>
-        $<TARGET_OBJECTS:common_objects>
-        $<TARGET_OBJECTS:numeric_objects>
-        $<TARGET_OBJECTS:ecc_objects>
-        $<TARGET_OBJECTS:crypto_aes128_objects>
-        $<TARGET_OBJECTS:crypto_blake2s_objects>
-        $<TARGET_OBJECTS:crypto_keccak_objects>
-        $<TARGET_OBJECTS:crypto_schnorr_objects>
-        $<TARGET_OBJECTS:crypto_pedersen_hash_objects>
-        $<TARGET_OBJECTS:crypto_pedersen_commitment_objects>
-    )
-
     target_link_options(
         barretenberg.wasm
         PRIVATE
         -nostartfiles -Wl,--no-entry,--export-dynamic
     )
 
-    target_link_options(
-        acvm_backend.wasm
-        PRIVATE
-        -nostartfiles -Wl,--no-entry,--export-dynamic
-    )
 endif()

barretenberg/cpp/src/barretenberg/bb/main.cpp

@@ -1,4 +1,5 @@
 #include "barretenberg/bb/file_io.hpp"
+#include "barretenberg/client_ivc/client_ivc.hpp"
 #include "barretenberg/common/serialize.hpp"
 #include "barretenberg/dsl/acir_format/acir_format.hpp"
 #include "barretenberg/dsl/types.hpp"
@@ -219,6 +220,34 @@ bool proveAndVerifyHonkProgram(const std::string& bytecodePath, const std::strin
     return true;
 }
 
+bool foldAndVerifyProgram(const std::string& bytecodePath, const std::string& witnessPath)
+{
+    using Flavor = MegaFlavor; // This is the only option
+    using Builder = Flavor::CircuitBuilder;
+
+    init_bn254_crs(1 << 18);
+    init_grumpkin_crs(1 << 14);
+
+    ClientIVC ivc;
+    ivc.structured_flag = true;
+
+    auto program_stack = acir_format::get_acir_program_stack(bytecodePath, witnessPath);
+
+    // Accumulate the entire program stack into the IVC
+    while (!program_stack.empty()) {
+        auto stack_item = program_stack.back();
+
+        // Construct a bberg circuit from the acir representation
+        auto circuit = acir_format::create_circuit<Builder>(
+            stack_item.constraints, 0, stack_item.witness, false, ivc.goblin.op_queue);
+
+        ivc.accumulate(circuit);
+
+        program_stack.pop_back();
+    }
+    return ivc.prove_and_verify();
+}
+
 /**
  * @brief Proves and Verifies an ACIR circuit
  *
@@ -832,6 +861,12 @@ int main(int argc, char* argv[])
         if (command == "prove_and_verify_ultra_honk_program") {
             return proveAndVerifyHonkProgram<UltraFlavor>(bytecode_path, witness_path) ? 0 : 1;
         }
+        if (command == "prove_and_verify_mega_honk_program") {
+            return proveAndVerifyHonkProgram<MegaFlavor>(bytecode_path, witness_path) ? 0 : 1;
+        }
+        if (command == "fold_and_verify_program") {
+            return foldAndVerifyProgram(bytecode_path, witness_path) ? 0 : 1;
+        }
         if (command == "prove_and_verify_goblin") {
             return proveAndVerifyGoblin(bytecode_path, witness_path) ? 0 : 1;
         }

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp

@@ -117,4 +117,18 @@ std::vector<std::shared_ptr<ClientIVC::VerificationKey>> ClientIVC::precompute_f
     return vkeys;
 }
 
+/**
+ * @brief Construct and verify a proof for the IVC
+ * @note Use of this method only makes sense when the prover and verifier are the same entity, e.g. in
+ * development/testing.
+ *
+ */
+bool ClientIVC::prove_and_verify()
+{
+    auto proof = prove();
+
+    auto verifier_inst = std::make_shared<VerifierInstance>(this->instance_vk);
+    return verify(proof, { this->verifier_accumulator, verifier_inst });
+}
+
 } // namespace bb

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp

@@ -87,6 +87,8 @@ class ClientIVC {
 
     bool verify(Proof& proof, const std::vector<std::shared_ptr<VerifierInstance>>& verifier_instances);
 
+    bool prove_and_verify();
+
     HonkProof decider_prove() const;
 
     std::vector<std::shared_ptr<VerificationKey>> precompute_folding_verification_keys(std::vector<ClientCircuit>);

barretenberg/cpp/src/barretenberg/dsl/CMakeLists.txt

@@ -2,10 +2,13 @@ barretenberg_module(
     dsl
     plonk
     ultra_honk
+    client_ivc
     stdlib_sha256
     stdlib_aes128
     stdlib_keccak
     stdlib_poseidon2
     crypto_merkle_tree
     stdlib_schnorr
+    ultra_honk
+    stdlib_honk_recursion
 )