Update workflow

Apply rustfmt according to workspace rules

Update `plonky2_evm` revs for integration tests and benchmarks

.cargo/katex-header.html

@@ -0,0 +1,30 @@
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.11.1/dist/katex.min.css"
+    integrity="sha384-zB1R0rpPzHqg7Kpt0Aljp8JPLqbXI3bhnPWROx27a9N0Ll6ZP/+DiW/UqRcLbRjq" crossorigin="anonymous">
+<script defer src="https://cdn.jsdelivr.net/npm/katex@0.11.1/dist/katex.min.js"
+    integrity="sha384-y23I5Q6l+B6vatafAwxRu/0oK/79VlbSz7Q9aiSZUvyWYIYsd+qj+o24G5ZU2zJz"
+    crossorigin="anonymous"></script>
+<script defer src="https://cdn.jsdelivr.net/npm/katex@0.11.1/dist/contrib/auto-render.min.js"
+    integrity="sha384-kWPLUVMOks5AQFrykwIup5lo0m3iMkkHrD0uJ4H5cjeGihAutqP0yW0J6dpFiVkI"
+    crossorigin="anonymous"></script>
+<script>
+    document.addEventListener("DOMContentLoaded", function () {
+        renderMathInElement(document.body, {
+            fleqn: false,
+            macros: {
+                "\\F": "\\mathbb{F}",
+                "\\G": "\\mathbb{G}",
+                "\\O": "\\mathcal{O}",
+                "\\(": "\\left(",
+                "\\)": "\\right)",
+                "\\norm": "\\left\\vert #1 \\right\\vert",
+                "\\set": "\\mathcal{ #1 }",
+            },
+            delimiters: [
+                { left: "$$", right: "$$", display: true },
+                { left: "\\(", right: "\\)", display: false },
+                { left: "$", right: "$", display: false },
+                { left: "\\[", right: "\\]", display: true }
+            ]
+        });
+    });
+</script>

.github/workflows/ci.yml

@@ -53,6 +53,14 @@ jobs:
           CARGO_INCREMENTAL: 1
           RUST_BACKTRACE: 1
 
+      - name: Check in evm_arithmetization subdirectory
+        run: cargo check --manifest-path evm_arithmetization/Cargo.toml
+        env:
+          RUSTFLAGS: -Copt-level=3 -Cdebug-assertions -Coverflow-checks=y -Cdebuginfo=0
+          RUST_LOG: 1
+          CARGO_INCREMENTAL: 1
+          RUST_BACKTRACE: 1
+
       - name: Run cargo test
         run: cargo test --workspace
         env:

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-members = ["mpt_trie", "proof_gen", "trace_decoder"]
+members = ["mpt_trie", "proof_gen", "trace_decoder", "evm_arithmetization"]
 resolver = "2"
 
 [workspace.dependencies]

evm_arithmetization/Cargo.toml

@@ -1,11 +1,11 @@
 [package]
-name = "plonky2_evm"
+name = "evm_arithmetization"
 description = "Implementation of STARKs for the Ethereum Virtual Machine"
-version = "0.1.1"
+version = "0.1.0"
 license = "MIT or Apache-2.0"
 authors = ["Daniel Lubarov <daniel@lubarov.com>", "William Borgeaud <williamborgeaud@gmail.com>"]
 readme = "README.md"
-repository = "https://github.com/0xPolygonZero/plonky2"
+repository = "https://github.com/0xPolygonZero/zk_evm"
 keywords = ["EVM", "STARK", "Ethereum"]
 categories = ["cryptography"]
 edition = "2021"
@@ -21,15 +21,15 @@ hex-literal = "0.4.1"
 itertools = "0.11.0"
 keccak-hash = "0.10.0"
 log = "0.4.14"
-plonky2_maybe_rayon = { path = "../maybe_rayon" }
+plonky2_maybe_rayon = { git = "https://github.com/0xPolygonZero/plonky2.git", rev = "710225c9e0ac5822b2965ce74951cf000bbb8a2c" }
 num = "0.4.0"
 num-bigint = "0.4.3"
 once_cell = "1.13.0"
 pest = "2.1.3"
 pest_derive = "2.1.0"
-plonky2 = { path = "../plonky2", features = ["timing"] }
-plonky2_util = { path = "../util" }
-starky = { path = "../starky" }
+plonky2 = { git = "https://github.com/0xPolygonZero/plonky2.git", rev = "710225c9e0ac5822b2965ce74951cf000bbb8a2c" }
+plonky2_util = { git = "https://github.com/0xPolygonZero/plonky2.git", rev = "710225c9e0ac5822b2965ce74951cf000bbb8a2c" }
+starky = { git = "https://github.com/0xPolygonZero/plonky2.git", rev = "710225c9e0ac5822b2965ce74951cf000bbb8a2c" }
 rand = "0.8.5"
 rand_chacha = "0.3.1"
 rlp = "0.5.1"

evm_arithmetization/benches/stack_manipulation.rs

@@ -1,5 +1,5 @@
 use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
-use plonky2_evm::cpu::kernel::assemble_to_bytes;
+use evm_arithmetization::cpu::kernel::assemble_to_bytes;
 
 fn criterion_benchmark(c: &mut Criterion) {
     rotl_group(c);

evm_arithmetization/src/all_stark.rs

@@ -38,7 +38,8 @@ pub struct AllStark<F: RichField + Extendable<D>, const D: usize> {
 }
 
 impl<F: RichField + Extendable<D>, const D: usize> Default for AllStark<F, D> {
-    /// Returns an `AllStark` containing all the STARKs initialized with default values.
+    /// Returns an `AllStark` containing all the STARKs initialized with default
+    /// values.
     fn default() -> Self {
         Self {
             arithmetic_stark: ArithmeticStark::default(),
@@ -122,15 +123,17 @@ pub(crate) fn all_cross_table_lookups<F: Field>() -> Vec<CrossTableLookup<F>> {
     ]
 }
 
-/// `CrossTableLookup` for `ArithmeticStark`, to connect it with the `Cpu` module.
+/// `CrossTableLookup` for `ArithmeticStark`, to connect it with the `Cpu`
+/// module.
 fn ctl_arithmetic<F: Field>() -> CrossTableLookup<F> {
     CrossTableLookup::new(
         vec![cpu_stark::ctl_arithmetic_base_rows()],
         arithmetic_stark::ctl_arithmetic_rows(),
     )
 }
 
-/// `CrossTableLookup` for `BytePackingStark`, to connect it with the `Cpu` module.
+/// `CrossTableLookup` for `BytePackingStark`, to connect it with the `Cpu`
+/// module.
 fn ctl_byte_packing<F: Field>() -> CrossTableLookup<F> {
     let cpu_packing_looking = TableWithColumns::new(
         *Table::Cpu,
@@ -168,9 +171,10 @@ fn ctl_byte_packing<F: Field>() -> CrossTableLookup<F> {
     )
 }
 
-/// `CrossTableLookup` for `KeccakStark` inputs, to connect it with the `KeccakSponge` module.
-/// `KeccakStarkSponge` looks into `KeccakStark` to give the inputs of the sponge.
-/// Its consistency with the 'output' CTL is ensured through a timestamp column on the `KeccakStark` side.
+/// `CrossTableLookup` for `KeccakStark` inputs, to connect it with the
+/// `KeccakSponge` module. `KeccakStarkSponge` looks into `KeccakStark` to give
+/// the inputs of the sponge. Its consistency with the 'output' CTL is ensured
+/// through a timestamp column on the `KeccakStark` side.
 fn ctl_keccak_inputs<F: Field>() -> CrossTableLookup<F> {
     let keccak_sponge_looking = TableWithColumns::new(
         *Table::KeccakSponge,
@@ -185,8 +189,9 @@ fn ctl_keccak_inputs<F: Field>() -> CrossTableLookup<F> {
     CrossTableLookup::new(vec![keccak_sponge_looking], keccak_looked)
 }
 
-/// `CrossTableLookup` for `KeccakStark` outputs, to connect it with the `KeccakSponge` module.
-/// `KeccakStarkSponge` looks into `KeccakStark` to give the outputs of the sponge.
+/// `CrossTableLookup` for `KeccakStark` outputs, to connect it with the
+/// `KeccakSponge` module. `KeccakStarkSponge` looks into `KeccakStark` to give
+/// the outputs of the sponge.
 fn ctl_keccak_outputs<F: Field>() -> CrossTableLookup<F> {
     let keccak_sponge_looking = TableWithColumns::new(
         *Table::KeccakSponge,
@@ -201,7 +206,8 @@ fn ctl_keccak_outputs<F: Field>() -> CrossTableLookup<F> {
     CrossTableLookup::new(vec![keccak_sponge_looking], keccak_looked)
 }
 
-/// `CrossTableLookup` for `KeccakSpongeStark` to connect it with the `Cpu` module.
+/// `CrossTableLookup` for `KeccakSpongeStark` to connect it with the `Cpu`
+/// module.
 fn ctl_keccak_sponge<F: Field>() -> CrossTableLookup<F> {
     let cpu_looking = TableWithColumns::new(
         *Table::Cpu,
@@ -216,7 +222,8 @@ fn ctl_keccak_sponge<F: Field>() -> CrossTableLookup<F> {
     CrossTableLookup::new(vec![cpu_looking], keccak_sponge_looked)
 }
 
-/// `CrossTableLookup` for `LogicStark` to connect it with the `Cpu` and `KeccakSponge` modules.
+/// `CrossTableLookup` for `LogicStark` to connect it with the `Cpu` and
+/// `KeccakSponge` modules.
 fn ctl_logic<F: Field>() -> CrossTableLookup<F> {
     let cpu_looking = TableWithColumns::new(
         *Table::Cpu,
@@ -237,7 +244,8 @@ fn ctl_logic<F: Field>() -> CrossTableLookup<F> {
     CrossTableLookup::new(all_lookers, logic_looked)
 }
 
-/// `CrossTableLookup` for `MemoryStark` to connect it with all the modules which need memory accesses.
+/// `CrossTableLookup` for `MemoryStark` to connect it with all the modules
+/// which need memory accesses.
 fn ctl_memory<F: Field>() -> CrossTableLookup<F> {
     let cpu_memory_code_read = TableWithColumns::new(
         *Table::Cpu,

evm_arithmetization/src/arithmetic/arithmetic_stark.rs

@@ -22,9 +22,10 @@ use crate::all_stark::{EvmStarkFrame, Table};
 use crate::arithmetic::columns::{NUM_SHARED_COLS, RANGE_COUNTER, RC_FREQUENCIES, SHARED_COLS};
 use crate::arithmetic::{addcy, byte, columns, divmod, modular, mul, Operation};
 
-/// Creates a vector of `Columns` to link the 16-bit columns of the arithmetic table,
-/// split into groups of N_LIMBS at a time in `regs`, with the corresponding 32-bit
-/// columns of the CPU table. Does this for all ops in `ops`.
+/// Creates a vector of `Columns` to link the 16-bit columns of the arithmetic
+/// table, split into groups of N_LIMBS at a time in `regs`, with the
+/// corresponding 32-bit columns of the CPU table. Does this for all ops in
+/// `ops`.
 ///
 /// This is done by taking pairs of columns (x, y) of the arithmetic
 /// table and combining them as x + y*2^16 to ensure they equal the
@@ -57,7 +58,8 @@ fn cpu_arith_data_link<F: Field>(
     res
 }
 
-/// Returns the `TableWithColumns` for `ArithmeticStark` rows where one of the arithmetic operations has been called.
+/// Returns the `TableWithColumns` for `ArithmeticStark` rows where one of the
+/// arithmetic operations has been called.
 pub(crate) fn ctl_arithmetic_rows<F: Field>() -> TableWithColumns<F> {
     // We scale each filter flag with the associated opcode value.
     // If an arithmetic operation is happening on the CPU side,
@@ -116,7 +118,8 @@ pub(crate) fn ctl_arithmetic_rows<F: Field>() -> TableWithColumns<F> {
     )
 }
 
-/// Structure representing the `Arithmetic` STARK, which carries out all the arithmetic operations.
+/// Structure representing the `Arithmetic` STARK, which carries out all the
+/// arithmetic operations.
 #[derive(Copy, Clone, Default)]
 pub(crate) struct ArithmeticStark<F, const D: usize> {
     pub f: PhantomData<F>,
@@ -240,7 +243,8 @@ impl<F: RichField + Extendable<D>, const D: usize> Stark<F, D> for ArithmeticSta
         addcy::eval_packed_generic(lv, yield_constr);
         // Evaluate constraints for DIV and MOD operations.
         divmod::eval_packed(lv, nv, yield_constr);
-        // Evaluate constraints for ADDMOD, SUBMOD, MULMOD and for FP254 modular operations.
+        // Evaluate constraints for ADDMOD, SUBMOD, MULMOD and for FP254 modular
+        // operations.
         modular::eval_packed(lv, nv, yield_constr);
         // Evaluate constraints for the BYTE operation.
         byte::eval_packed(lv, yield_constr);
@@ -301,7 +305,8 @@ impl<F: RichField + Extendable<D>, const D: usize> Stark<F, D> for ArithmeticSta
         addcy::eval_ext_circuit(builder, lv, yield_constr);
         // Evaluate constraints for DIV and MOD operations.
         divmod::eval_ext_circuit(builder, lv, nv, yield_constr);
-        // Evaluate constraints for ADDMOD, SUBMOD, MULMOD and for FP254 modular operations.
+        // Evaluate constraints for ADDMOD, SUBMOD, MULMOD and for FP254 modular
+        // operations.
         modular::eval_ext_circuit(builder, lv, nv, yield_constr);
         // Evaluate constraints for the BYTE operation.
         byte::eval_ext_circuit(builder, lv, yield_constr);

evm_arithmetization/src/arithmetic/byte.rs

@@ -50,14 +50,15 @@
 //!
 //! 1. The given L, w and y are range-checked to be less than 2^16.
 //! 2. y * 256 ∈ {0, 256, 512, ..., 2^24 - 512, 2^24 - 256}
-//! 3. w / 256 = L - y * 256 ∈ {-2^24 + 256, -2^24 + 257, ..., 2^16 - 2, 2^16 - 1}
-//! 4. By inspection, for w < 2^16, if w / 256 < 2^16 or
-//!    w / 256 >= P - 2^24 + 256 (i.e. if w / 256 falls in the range
-//!    of point 3 above), then w = 256 * m for some 0 <= m < 256.
+//! 3. w / 256 = L - y * 256 ∈ {-2^24 + 256, -2^24 + 257, ..., 2^16 - 2, 2^16 -
+//!    1}
+//! 4. By inspection, for w < 2^16, if w / 256 < 2^16 or w / 256 >= P - 2^24 +
+//!    256 (i.e. if w / 256 falls in the range of point 3 above), then w = 256 *
+//!    m for some 0 <= m < 256.
 //! 5. Hence w / 256 ∈ {0, 1, ..., 255}
 //! 6. Hence y * 256 = L - w / 256 ∈ {-255, -254, ..., 2^16 - 1}
-//! 7. Taking the intersection of ranges in 2. and 6. we see that
-//!    y * 256 ∈ {0, 256, 512, ..., 2^16 - 256}
+//! 7. Taking the intersection of ranges in 2. and 6. we see that y * 256 ∈ {0,
+//!    256, 512, ..., 2^16 - 256}
 //! 8. Hence y ∈ {0, 1, ..., 255}
 
 use core::ops::Range;

evm_arithmetization/src/arithmetic/columns.rs

@@ -107,7 +107,8 @@ pub(crate) const MODULAR_OUT_AUX_RED: Range<usize> = AUX_REGISTER_0;
 pub(crate) const MODULAR_MOD_IS_ZERO: usize = AUX_REGISTER_1.start;
 pub(crate) const MODULAR_AUX_INPUT_LO: Range<usize> = AUX_REGISTER_1.start + 1..AUX_REGISTER_1.end;
 pub(crate) const MODULAR_AUX_INPUT_HI: Range<usize> = AUX_REGISTER_2;
-// Must be set to MOD_IS_ZERO for DIV and SHR operations i.e. MOD_IS_ZERO * (lv[IS_DIV] + lv[IS_SHR]).
+// Must be set to MOD_IS_ZERO for DIV and SHR operations i.e. MOD_IS_ZERO *
+// (lv[IS_DIV] + lv[IS_SHR]).
 pub(crate) const MODULAR_DIV_DENOM_IS_ZERO: usize = AUX_REGISTER_2.end;
 
 /// The counter column (used for the range check) starts from 0 and increments.

evm_arithmetization/src/arithmetic/mod.rs

@@ -22,7 +22,8 @@ pub(crate) mod columns;
 
 /// An enum representing different binary operations.
 ///
-/// `Shl` and `Shr` are handled differently, by leveraging `Mul` and `Div` respectively.
+/// `Shl` and `Shr` are handled differently, by leveraging `Mul` and `Div`
+/// respectively.
 #[derive(Clone, Copy, Debug, Eq, PartialEq)]
 pub(crate) enum BinaryOperator {
     Add,
@@ -90,7 +91,8 @@ impl BinaryOperator {
         }
     }
 
-    /// Maps a binary arithmetic operation to its associated flag column in the trace.
+    /// Maps a binary arithmetic operation to its associated flag column in the
+    /// trace.
     pub(crate) const fn row_filter(&self) -> usize {
         match self {
             BinaryOperator::Add => columns::IS_ADD,
@@ -120,7 +122,8 @@ pub(crate) enum TernaryOperator {
 }
 
 impl TernaryOperator {
-    /// Computes the result of a ternary arithmetic operation given three inputs.
+    /// Computes the result of a ternary arithmetic operation given three
+    /// inputs.
     pub(crate) fn result(&self, input0: U256, input1: U256, input2: U256) -> U256 {
         match self {
             TernaryOperator::AddMod => addmod(input0, input1, input2),
@@ -129,7 +132,8 @@ impl TernaryOperator {
         }
     }
 
-    /// Maps a ternary arithmetic operation to its associated flag column in the trace.
+    /// Maps a ternary arithmetic operation to its associated flag column in the
+    /// trace.
     pub(crate) const fn row_filter(&self) -> usize {
         match self {
             TernaryOperator::AddMod => columns::IS_ADDMOD,
@@ -139,7 +143,8 @@ impl TernaryOperator {
     }
 }
 
-/// An enum representing arithmetic operations that can be either binary or ternary.
+/// An enum representing arithmetic operations that can be either binary or
+/// ternary.
 #[allow(clippy::enum_variant_names)]
 #[derive(Debug)]
 pub(crate) enum Operation {
@@ -242,7 +247,8 @@ impl Operation {
     ///
     /// The `is_simulated` bool indicates whether we use a native arithmetic
     /// operation or simulate one with another. This is used to distinguish
-    /// SHL and SHR operations that are simulated through MUL and DIV respectively.
+    /// SHL and SHR operations that are simulated through MUL and DIV
+    /// respectively.
     fn to_rows<F: PrimeField64>(&self) -> (Vec<F>, Option<Vec<F>>) {
         match *self {
             Operation::BinaryOperation {
@@ -269,7 +275,8 @@ impl Operation {
     }
 }
 
-/// Converts a ternary arithmetic operation to one or two rows of the `ArithmeticStark` table.
+/// Converts a ternary arithmetic operation to one or two rows of the
+/// `ArithmeticStark` table.
 fn ternary_op_to_rows<F: PrimeField64>(
     row_filter: usize,
     input0: U256,
@@ -287,7 +294,8 @@ fn ternary_op_to_rows<F: PrimeField64>(
     (row1, Some(row2))
 }
 
-/// Converts a binary arithmetic operation to one or two rows of the `ArithmeticStark` table.
+/// Converts a binary arithmetic operation to one or two rows of the
+/// `ArithmeticStark` table.
 fn binary_op_to_rows<F: PrimeField64>(
     op: BinaryOperator,
     input0: U256,

evm_arithmetization/src/arithmetic/modular.rs

@@ -81,8 +81,8 @@
 //!    - given modulus can be 0 or non-zero
 //!    - updated modulus is same as given
 //!    - if modulus is non-zero, correct output is obtained
-//!    - if modulus is 0, then the test output < modulus, checking that
-//!      the output is reduced, will fail, because output is non-negative.
+//!    - if modulus is 0, then the test output < modulus, checking that the
+//!      output is reduced, will fail, because output is non-negative.
 //!
 //! In the case of DIV, we do something similar, except that we "replace"
 //! the modulus with "2^256" to force the quotient to be zero.
@@ -95,18 +95,17 @@
 //! general modular code, they also take 144 columns. Possible
 //! improvements:
 //!
-//! - We could reduce the number of columns to 112 for ADDMOD, SUBMOD,
-//!   etc. if they were implemented separately, so they don't pay the
-//!   full cost of the general MULMOD.
+//! - We could reduce the number of columns to 112 for ADDMOD, SUBMOD, etc. if
+//!   they were implemented separately, so they don't pay the full cost of the
+//!   general MULMOD.
 //!
-//! - All these operations could have alternative forms where the
-//!   output was not guaranteed to be reduced, which is often sufficient
-//!   in practice, and which would save a further 16 columns.
+//! - All these operations could have alternative forms where the output was not
+//!   guaranteed to be reduced, which is often sufficient in practice, and which
+//!   would save a further 16 columns.
 //!
 //! - If the modulus is known in advance (such as for elliptic curve
-//!   arithmetic), specialised handling of MULMOD in that case would
-//!   only require 96 columns, or 80 if the output doesn't need to be
-//!   reduced.
+//!   arithmetic), specialised handling of MULMOD in that case would only
+//!   require 96 columns, or 80 if the output doesn't need to be reduced.
 
 use core::ops::Range;
 

evm_arithmetization/src/arithmetic/mul.rs

@@ -67,7 +67,8 @@ use starky::constraint_consumer::{ConstraintConsumer, RecursiveConstraintConsume
 use crate::arithmetic::columns::*;
 use crate::arithmetic::utils::*;
 
-/// Given the two limbs of `left_in` and `right_in`, computes `left_in * right_in`.
+/// Given the two limbs of `left_in` and `right_in`, computes `left_in *
+/// right_in`.
 pub(crate) fn generate_mul<F: PrimeField64>(lv: &mut [F], left_in: [i64; 16], right_in: [i64; 16]) {
     const MASK: i64 = (1i64 << LIMB_BITS) - 1i64;