Merge main into shrink-cpu-byte-alu (resolve #652 conflicts)#665
Conversation
* register missing in-chip soundness constraints * add underconstrained-chip soundness guard * add underconstrained-chip soundness regression tests * harden in_chip_constraint_count against unsigned-subtraction underflow * Revert beyond-spec SHIFT/DVRM constraints * Update stale comments and capacity estimate * Fix stale bus-interaction comments left by soundness fixes The IS_HALF/IS_HALFWORD senders added in this PR made several doc comments and one capacity hint inaccurate; update them to match. - dvrm.rs: module doc IS_HALF count ×16 -> ×20 (matches the function doc, which already said ×20 after n/d were added) - mul.rs: module + bus_interactions docs IS_HALF ×8 -> ×16 and note the lhs/rhs input range checks, not just lo/hi outputs - shift.rs: module doc "11 total" -> "15 total", add IS_HALFWORD (×4) to the sender list, and bump Vec::with_capacity(11) -> 15 - test_utils.rs: create_lt_air / create_mul_air now wire transition constraints, so their doc comments say "constraints and bus interactions" (matching create_shift_air / create_dvrm_air) --------- Co-authored-by: Diego K <[email protected]> Co-authored-by: MauroFab <[email protected]>
main advanced by PR #652 (soundness: underconstrained chips), which added IS_HALFWORD range-checks and wired LT/MUL transition constraints on the same chips this branch reworks. Conflicts resolved: - test_utils.rs: union of imports (store + BusId). - tables/shift.rs collect_bitwise_from_shift: keep BOTH #644's shift-amount range-checks AND #652's input-half (VM-3) checks. The merged bus_interactions carries both sender sets, so both lookup sets are required for the IsHalfword bus to balance. - tests/mul_tests.rs: bus-interaction count 24 (#652) with the ALU receiver label (#644); wiring-test constraint count 6 -> 8, because this branch adds the two SignedIsBit(LHS/RHS) constraints that #652's count predated. Verified: cargo build; mul/shift/dvrm/lt unit + bus-count + wiring + busless soundness tests pass; end-to-end prove+verify passes for shift_8, sllw, srli_one_zero, mul_8.
Codex Code ReviewNo issues found in the PR diff. I could not complete a local test run: |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| /// Used to assert input/operand half-limbs are range-checked. Scope: only | ||
| /// single-column `Packed` senders (which is how every current IS_HALFWORD sender is | ||
| /// declared); it does not inspect `Linear` senders or sender multiplicities. | ||
| pub fn is_halfword_sender_columns(interactions: &[BusInteraction]) -> Vec<usize> { |
There was a problem hiding this comment.
Low — silent false confidence if Linear senders are ever used for IS_HALFWORD
This helper silently drops BusValue::Linear senders (the None arm on line 195). Any future IS_HALFWORD sender written as a Linear value will be invisible here, causing presence-check tests to pass while the range check is actually absent.
The doc comment acknowledges this limitation, but the function name doesn't surface it at call sites — callers read is_halfword_sender_columns(…).contains(&c) as "is this column IS_HALF range-checked" without noticing the Packed-only scope. Consider renaming to is_halfword_packed_sender_columns so the restriction is visible everywhere it's called.
Code ReviewOverall: This PR correctly closes the VM-3 soundness gap (non-canonical half-decomposition attacks) across MUL, DVRM, and SHIFT, and fixes the silent dead-constraint issue in Medium — VM-4:
|
2 participants
What
Merges latest
mainintofeat/shrink-cpu-byte-aluto clear the merge conflicts on #644.Since this branch diverged,
mainadvanced only by #652 (soundness: underconstrained chips). #652 addedIS_HALFWORDrange-checks and wiredLT/MULtransition constraints on the same chips this branch reworks — hence the conflicts.Conflicts resolved (3)
test_utils.rsstorefrom this branch +BusIdfrom #652, used byis_halfword_sender_columns).tables/shift.rs(collect_bitwise_from_shift)bus_interactionscarries both sender sets, so both lookup sets are required for theIsHalfwordbus to balance. Taking only one side would break bus balance and silently drop a soundness check.tests/mul_tests.rsSignedIsBit(LHS/RHS)constraints that #652's count predated.Auto-merge handled the rest correctly: #652's MUL input-half senders + trace lookups (→ 24 interactions) and DVRM n/d senders + lookups (→ 20
IS_HALF) both survived intact alongside the ALU-bus rework.Note: this branch already adds
SignedIsBit(LHS_SIGNED/RHS_SIGNED)to MUL — the exact gap an earlier review of #652 had flagged as missing.Verification
cargo build(prover test binary) ✓mul/shift/dvrm/ltunit + bus-count + wiring + busless-soundness tests ✓test_shift_8,sllw,srli_one_zero,mul_8✓ — confirms theIsHalfwordbus balances with the union resolution.🤖 Generated with Claude Code