Ultraplonk check_circuit

cpp/CMakeLists.txt

@@ -38,6 +38,7 @@ endif()
 if(ENABLE_ASAN)
     add_compile_options(-fsanitize=address)
     add_link_options(-fsanitize=address)
+    set(DISABLE_ASM ON)
 endif()
 
 if(SERIALIZE_CANARY)

cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp

@@ -37,7 +37,7 @@ void UltraHonkComposerHelper<CircuitConstructor>::compute_witness(CircuitConstru
     const size_t filled_gates = circuit_constructor.num_gates + circuit_constructor.public_inputs.size();
     const size_t total_num_gates = std::max(filled_gates, tables_size + lookups_size);
 
-    const size_t subgroup_size = circuit_constructor.get_circuit_subgroup_size(total_num_gates + NUM_RESERVED_GATES);
+    const size_t subgroup_size = circuit_constructor.get_circuit_subgroup_size(total_num_gates + NUM_RANDOMIZED_GATES);
 
     // Pad the wires (pointers to `witness_indices` of the `variables` vector).
     // Note: the remaining NUM_RESERVED_GATES indices are padded with zeros within `compute_witness_base` (called

cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp

@@ -1,5 +1,5 @@
 #pragma once
-#include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp"
+#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
 #include "barretenberg/honk/proof_system/ultra_prover.hpp"
 #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp"
 #include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp"
@@ -289,7 +289,7 @@ class UltraHonkComposer {
     std::vector<uint32_t> decompose_into_default_range(
         const uint32_t variable_index,
         const uint64_t num_bits,
-        const uint64_t target_range_bitnum = DEFAULT_PLOOKUP_RANGE_BITNUM,
+        const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM,
         std::string const& msg = "decompose_into_default_range")
     {
         return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg);
@@ -348,17 +348,19 @@ class UltraHonkComposer {
     // /**
     //  * Non Native Field Arithmetic
     //  **/
-    void range_constrain_two_limbs(const uint32_t lo_idx,
-                                   const uint32_t hi_idx,
-                                   const size_t lo_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
-                                   const size_t hi_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
+    void range_constrain_two_limbs(
+        const uint32_t lo_idx,
+        const uint32_t hi_idx,
+        const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
+        const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
     {
         circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits);
     };
     // std::array<uint32_t, 2> decompose_non_native_field_double_width_limb(
     //     const uint32_t limb_idx, const size_t num_limb_bits = (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS));
     std::array<uint32_t, 2> queue_non_native_field_multiplication(
-        const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder = true)
+        const UltraCircuitConstructor::non_native_field_witnesses& input,
+        const bool range_constrain_quotient_and_remainder = true)
     {
         return circuit_constructor.queue_non_native_field_multiplication(input, range_constrain_quotient_and_remainder);
     };

cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp

@@ -748,7 +748,7 @@ TEST(UltraHonkComposer, non_native_field_multiplication)
         const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q)));
         const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r)));
 
-        proof_system::non_native_field_witnesses inputs{
+        proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{
             a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)),
         };
         const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs);

cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp

@@ -50,7 +50,7 @@ void UltraPlonkComposerHelper<CircuitConstructor>::compute_witness(CircuitConstr
 
     // TODO(luke): subgroup size was already computed above but compute_witness_base computes it again. If we pass in
     // NUM_RANDOMIZED_GATES (as in the other split composers) the resulting sizes can differ. Reconcile this.
-    auto wire_polynomial_evaluations = compute_witness_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES);
+    auto wire_polynomial_evaluations = compute_witness_base(circuit_constructor, total_num_gates, NUM_RESERVED_GATES);
 
     for (size_t j = 0; j < program_width; ++j) {
         std::string index = std::to_string(j + 1);
@@ -225,7 +225,7 @@ std::shared_ptr<proving_key> UltraPlonkComposerHelper<CircuitConstructor>::compu
     }
 
     const size_t minimum_circuit_size = tables_size + lookups_size;
-    const size_t num_randomized_gates = NUM_RANDOMIZED_GATES;
+    const size_t num_randomized_gates = NUM_RESERVED_GATES;
     // Initialize circuit_proving_key
     // TODO(#229)(Kesha): replace composer types.
     circuit_proving_key = initialize_proving_key(
@@ -359,7 +359,7 @@ std::shared_ptr<plonk::verification_key> UltraPlonkComposerHelper<CircuitConstru
     }
     circuit_verification_key = compute_verification_key_common(circuit_proving_key, crs_factory_->get_verifier_crs());
 
-    circuit_verification_key->composer_type = type; // Invariably plookup for this class.
+    circuit_verification_key->composer_type = ComposerType::PLOOKUP; // Invariably plookup for this class.
 
     // See `add_recusrive_proof()` for how this recursive data is assigned.
     circuit_verification_key->recursive_proof_public_input_indices =

cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp

@@ -20,7 +20,7 @@ template <typename CircuitConstructor> class UltraPlonkComposerHelper {
     // NUM_RESERVED_GATES). Therefore for consistency within this composer itself, and consistency with the original
     // Ultra Composer, this value must match that of NUM_RESERVED_GATES. This issue needs to be reconciled
     // simultaneously here and in the other split composers.
-    static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked
+    static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of multilinear evaluations leaked
     static constexpr size_t program_width = CircuitConstructor::program_width;
     std::shared_ptr<plonk::proving_key> circuit_proving_key;
     std::shared_ptr<plonk::verification_key> circuit_verification_key;

cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp

@@ -1,6 +1,6 @@
 #pragma once
 #include "barretenberg/plonk/composer/composer_base.hpp"
-#include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp"
+#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
 #include "barretenberg/plonk/proof_system/prover/prover.hpp"
 #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp"
 #include "barretenberg/proof_system/types/merkle_hash_type.hpp"
@@ -311,7 +311,7 @@ class UltraPlonkComposer {
     std::vector<uint32_t> decompose_into_default_range(
         const uint32_t variable_index,
         const uint64_t num_bits,
-        const uint64_t target_range_bitnum = DEFAULT_PLOOKUP_RANGE_BITNUM,
+        const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM,
         std::string const& msg = "decompose_into_default_range")
     {
         return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg);
@@ -370,17 +370,19 @@ class UltraPlonkComposer {
     // /**
     //  * Non Native Field Arithmetic
     //  **/
-    void range_constrain_two_limbs(const uint32_t lo_idx,
-                                   const uint32_t hi_idx,
-                                   const size_t lo_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
-                                   const size_t hi_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
+    void range_constrain_two_limbs(
+        const uint32_t lo_idx,
+        const uint32_t hi_idx,
+        const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
+        const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
     {
         circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits);
     };
     // std::array<uint32_t, 2> decompose_non_native_field_double_width_limb(
     //     const uint32_t limb_idx, const size_t num_limb_bits = (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS));
     std::array<uint32_t, 2> queue_non_native_field_multiplication(
-        const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder = true)
+        const UltraCircuitConstructor::non_native_field_witnesses& input,
+        const bool range_constrain_quotient_and_remainder = true)
     {
         return circuit_constructor.queue_non_native_field_multiplication(input, range_constrain_quotient_and_remainder);
     };

cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp

@@ -780,7 +780,7 @@ TEST(ultra_plonk_composer_splitting_tmp, non_native_field_multiplication)
     const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q)));
     const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r)));
 
-    non_native_field_witnesses inputs{
+    UltraCircuitConstructor::non_native_field_witnesses inputs{
         a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)),
     };
     const auto [lo_1_idx, hi_1_idx] = composer.queue_non_native_field_multiplication(inputs);

cpp/src/barretenberg/plonk/composer/ultra_composer.cpp

@@ -14,10 +14,10 @@
 #include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp"
 #include "barretenberg/srs/reference_string/file_reference_string.hpp"
 
-#include "plookup_tables/types.hpp"
-#include "plookup_tables/plookup_tables.hpp"
-#include "plookup_tables/aes128.hpp"
-#include "plookup_tables/sha256.hpp"
+#include "barretenberg/proof_system/plookup_tables/types.hpp"
+#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
+#include "barretenberg/proof_system/plookup_tables/aes128.hpp"
+#include "barretenberg/proof_system/plookup_tables/sha256.hpp"
 
 #ifndef NO_TBB
 #include <tbb/atomic.h>
@@ -1845,6 +1845,7 @@ std::array<uint32_t, 2> UltraComposer::decompose_non_native_field_double_width_l
     const uint256_t value = get_variable(limb_idx);
     const uint256_t low = value & LIMB_MASK;
     const uint256_t hi = value >> DEFAULT_NON_NATIVE_FIELD_LIMB_BITS;
+    // WTF(kesha): What is this supposed to do? Unless uint256_t has failed, this should always work
     ASSERT(low + (hi << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) == value);
 
     const uint32_t low_idx = add_variable(low);

cpp/src/barretenberg/plonk/composer/ultra_composer.hpp

@@ -2,7 +2,7 @@
 #include "composer_base.hpp"
 #include "barretenberg/proof_system/types/merkle_hash_type.hpp"
 #include "barretenberg/proof_system/types/pedersen_commitment_type.hpp"
-#include "plookup_tables/plookup_tables.hpp"
+#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
 #include <optional>
 
 namespace proof_system::plonk {

cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp

@@ -5,7 +5,7 @@
 #include "barretenberg/numeric/bitop/get_msb.hpp"
 #include "barretenberg/numeric/uintx/uintx.hpp"
 #include "../proof_system/widgets/random_widgets/plookup_widget.hpp"
-#include "./plookup_tables/sha256.hpp"
+#include "barretenberg/proof_system/plookup_tables/sha256.hpp"
 
 using namespace barretenberg;
 using namespace proof_system;

cpp/src/barretenberg/proof_system/CMakeLists.txt

@@ -1 +1 @@
-barretenberg_module(proof_system polynomials crypto_generators)
+barretenberg_module(proof_system polynomials crypto_generators crypto_pedersen_hash)