Merge branch 'main' into fix/p256-verify

Author: OlivierBBB

_notes/MODEXP-Osaka tests.md

@@ -0,0 +1,110 @@
+# `MODEXP` test vectors for Osaka
+
+## MODEXP pricing + the 500 boundary testing
+
+With MODEXP pricing we have several interesting questions
+- the new pricing of the log of the exponent
+- the comparison to 500
+
+The cost of MODEXP is now
+
+   cost ≡ 500 ∨ ζ
+   ζ ≡ (l + 16 ∙ x) ∙ 2 ∙ words^2
+
+with l ≡ lead_log, x ≡ (ebs - 32) ∨ 0, words ≡ ⌈max(mbs, bbs)/8⌉.
+
+Testing will explore these variables somewhat extensively. We should test like so
+```
+bbs / mbs pairs
+===============
+
+(bbs, mbs) ∈ { (0,0), (0, 3), (21, 37), (56, 55) }
+
+|------------|-----|-------|---------|
+| (bbs, mbs) | max | words | words^2 |
+|------------|-----|-------|---------|
+| (0, 0)     | 0   | 0     | 0       |
+| (0, 3)     | 3   | 1     | 1       |
+| (21, 23)   | 23  | 3     | 9       |
+| (56, 55)   | 56  | 7     | 49      |
+|------------|-----|-------|---------|
+
+NOTE: The (0,3) case gives us the most fine grained exploration of the 500 vs ζ boundary
+
+⇒ there are 4 options
+
+cds options:
+============
+
+cds ≡ 96 + bbs + extra, extra ∈ { ebs / 2, ebs, ebs + mbs }
+
+⇒ there are 3 options
+
+ebs options:
+============
+
+ebs ≡ 0, 1, 16, 27, 32, 39, 173 where the first (ebs ∧ 32) bytes are, in base two,
+
+   0b 00 .. 00 11 .. 11
+
+with z ∈ {0, 1, ..., 8 ∙ (ebs ∧ 32) } one's (and lead_log ≡ 0, 1, ..., 8 ∙ (ebs ∧ 32))
+
+⇒ there are (0 + 1 + 16 + 27 + 32 + 32 + 32) ∙ 8 + 7 ≡ 1127 options
+
+Total options:
+==============
+
+   4 ∙ 3 ∙ 1127 ≡ 13524 variants
+```
+
+Dimensions of testing
+- xbs'
+```
+valid ranges:
+0x0000
+0x0001
+0x0020
+0x0100
+0x0200
+0x02?? // only for cds = 32 - 1, 64 - 1, 96 - 1
+0x  00  .. 00   ??    ..   ?? // and cds = 32 - l
+    <k bytes>  <32 - k bytes>
+
+invalid ranges:
+0x201
+0x <leading> <trailing>
+   <--16B--> <--16B-->
+
+<leading> = 0x 00 .. 00
+          | 0x 00 .. 01
+          | 0x <random>
+          | 0x ff .. ff
+
+<trailing> ≡ <valid>
+           | 0x <random>
+           | 0x ff .. ff
+```
+
+families of tests
+
+- call_data_only_covers_parts_of_bbs: 00 < cds ≤ 32
+- call_data_only_covers_parts_of_ebs: 32 < cds ≤ 64
+- call_data_only_covers_parts_of_mbs: 64 < cds ≤ 96
+
+Those tests we can do the (k,l) testing
+
+```
+invalid_bbs_call_data   ≡   0x 00 .. 02 ff | ff .. ff ff | ff .. ff ff
+                               <---bbs---> | <---ebs---> | <---mbs--->
+
+invalid_ebs_call_data   ≡   0x 00 .. 01 00 | 00 .. 02 ff | ff .. ff ff
+                               <---bbs---> | <---ebs---> | <---mbs--->
+
+invalid_mbs_call_data   ≡   0x 00 .. 01 00 | 00 .. 01 80 | 00 .. 02 ff
+                               <---bbs---> | <---ebs---> | <---mbs--->
+
+we apply a mask
+
+bbs_mask(k) ≡ 0x 00 .. 00 03 ff .. ff | 'ff'.repeat(32) | 'ff'.repeat(32)
+bbs_cds(k)  ≡ 
+```

hub/instruction_handling/call/precompiles/modexp/_local.tex

@@ -30,8 +30,9 @@
 
 \def\locAllByteSizesAreInBounds             {\loc{all\_byte\_sizes\_are\_in\_bounds}}
 
-\def\locCallExpForModexpToAnalyzeLeadingWord     {\loc{call\_EXP\_to\_analyze\_leading\_word}}
-\def\locCallMmuForModexpToExtractLeadingWord     {\loc{call\_MMU\_to\_extract\_leading\_word}}
+\def\locCallOobForModexpForLeadWordExtractionAnalysis   {\loc{call\_OOB\_to\_analyze\_leading\_word}}
+\def\locCallExpForModexpToAnalyzeLeadingWord            {\loc{call\_EXP\_to\_analyze\_leading\_word}}
+\def\locCallMmuForModexpToExtractLeadingWord            {\loc{call\_MMU\_to\_extract\_leading\_word}}
 
 \def\locCallOobForModexpPricing             {\loc{call\_OOB\_for\_pricing}}
 

hub/instruction_handling/call/precompiles/modexp/common.tex

@@ -377,7 +377,7 @@
 							\miscExpFlag _{i + \prcModexpLeadRowOffset} & = & \locExtractLeadingWord \quad \undefinedStar \\
 							\miscMmuFlag _{i + \prcModexpLeadRowOffset} & = & \locExtractLeadingWord \quad \undefinedStar \\
 							\miscMxpFlag _{i + \prcModexpLeadRowOffset} & = & \rZero                                   \\
-							\miscOobFlag _{i + \prcModexpLeadRowOffset} & = & \rOne                                    \\
+							\miscOobFlag _{i + \prcModexpLeadRowOffset} & = & \locAllByteSizesAreInBounds              \\
 							\miscStpFlag _{i + \prcModexpLeadRowOffset} & = & \gZero                                   \\
 						\end{array} \right.
 					\]
@@ -390,7 +390,7 @@
 						\left\{ \begin{array}{lclr}
 							\miscExpFlag _{i + \prcModexpLeadRowOffset} & = & \locExtractLeadingWord \quad \undefinedStar \\
 							\miscMmuFlag _{i + \prcModexpLeadRowOffset} & = & \locExtractLeadingWord \quad \undefinedStar \\
-							\miscOobFlag _{i + \prcModexpLeadRowOffset} & = & \rOne                                    \\
+							\miscOobFlag _{i + \prcModexpLeadRowOffset} & = & \locAllByteSizesAreInBounds              \\
 							\multicolumn{3}{l}{
 								\left[ \begin{array}{cl}
 									+ \!\!\! & \miscMxpFlag _{i + \prcModexpLeadRowOffset} \\
@@ -403,11 +403,16 @@
 					We define the following shorthands
 					\[
 						\left\{ \begin{array}{lcl}
-							\locCallExpForModexpToAnalyzeLeadingWord & \define & \miscExpFlag _{i + \prcModexpLeadRowOffset} \\
-							\locCallMmuForModexpToExtractLeadingWord & \define & \miscMmuFlag _{i + \prcModexpLeadRowOffset} \\
+							\locCallOobForModexpForLeadWordExtractionAnalysis & \define & \miscOobFlag _{i + \prcModexpLeadRowOffset} \\
+							\locCallExpForModexpToAnalyzeLeadingWord          & \define & \miscExpFlag _{i + \prcModexpLeadRowOffset} \\
+							\locCallMmuForModexpToExtractLeadingWord          & \define & \miscMmuFlag _{i + \prcModexpLeadRowOffset} \\
 						\end{array} \right.
 					\]
+					\saNote{}
+					\locCallOobForModexpForLeadWordExtractionAnalysis{} is logically equivalent to
+					\locAllByteSizesAreInBounds{}.
 				\item[\underline{Setting \oobMod{} values:}]
+					\If $\locCallOobForModexpForLeadWordExtractionAnalysis = 1$ \Then
 					we impose
 					\[
 						\setOobInstructionModexpLead {
@@ -496,19 +501,27 @@
 								relOffset = \prcModexpPricingRowOffset ,
 							}
 							=
-							\miscOobWeight
+							\miscOobWeight \cdot \locAllByteSizesAreInBounds
 						\]
 						in other words
 						\[
 							\left\{ \begin{array}{lclr}
-								\miscExpFlag _{i + \prcModexpPricingRowOffset} & = & \gZero & (\sanityCheck) \\
-								\miscMmuFlag _{i + \prcModexpPricingRowOffset} & = & \rZero & (\sanityCheck) \\
-								\miscMxpFlag _{i + \prcModexpPricingRowOffset} & = & \rZero & (\sanityCheck) \\
-								\miscOobFlag _{i + \prcModexpPricingRowOffset} & = & \rOne  & (\sanityCheck) \\
-								\miscStpFlag _{i + \prcModexpPricingRowOffset} & = & \gZero & (\sanityCheck) \\
+								\miscExpFlag _{i + \prcModexpPricingRowOffset} & = & \gZero                      & (\sanityCheck) \\
+								\miscMmuFlag _{i + \prcModexpPricingRowOffset} & = & \rZero                      & (\sanityCheck) \\
+								\miscMxpFlag _{i + \prcModexpPricingRowOffset} & = & \rZero                      & (\sanityCheck) \\
+								\miscOobFlag _{i + \prcModexpPricingRowOffset} & = & \locAllByteSizesAreInBounds & (\sanityCheck) \\
+								\miscStpFlag _{i + \prcModexpPricingRowOffset} & = & \gZero                      & (\sanityCheck) \\
 							\end{array} \right.
 						\]
+						and we set
+						\[
+							\locCallOobForModexpPricing \define \miscOobFlag _{i + \prcModexpPricingRowOffset} \\
+						\]
+						\saNote{}
+						\locCallOobForModexpPricing{} is logically equivalent to
+						\locAllByteSizesAreInBounds{}.
 					\item[\underline{Setting \oobMod{} values:}]
+						\If $\locCallOobForModexpPricing = 1$ \Then
 						we impose
 						\[
 							\setOobInstructionModexpPricing {
@@ -538,6 +551,12 @@
 						\locPrcReturnGas _{i} & = & \locReturnGas  & \cdot & \locAllByteSizesAreInBounds \\
 					\end{array} \right.
 				\]
+				\saNote{}
+				Given the automatic vanishing constraints from
+				section~(\ref{hub: misc: automatic vanishing: vanishing})
+				there really is no need to condition the above shorthands
+				by \locAllByteSizesAreInBounds{}.
+				We do it regardless for clarity.
 		\end{description}
 		\saNote{} The above equation involving \scenPrcFailure{} and \locPrcReturnGas{} is how we justify the presence/absence of failure due to insufficient gas and the amount of returned gas.
 

oob/_local.tex

@@ -164,7 +164,7 @@
 \def\locBeyondBaseByLessThanAnEvmWord     {\loc{by\_less\_than\_an\_EVM\_word}}
 \def\locNDataBytes                        {\loc{up\_to\_32\_call\_data\_bytes}}
 \def\locExtractLeadingWord                {\loc{extract\_leading\_word}}
-\def\locCallDataContainsExponentBytes     {\loc{call\_data\_contains\_exponent\_bytes}}
+\def\locCallDataExtendsBeyondBase         {\loc{call\_data\_extends\_beyond\_base}}
 \def\locCallDataExtendsBeyondExponent     {\loc{call\_data\_extends\_beyond\_exponent}}
 % MODEXP: pricing
 \def\locWordCostDominates                 {\loc{word\_cost\_dominates}}

oob/precompiles/modexp/_local.tex

@@ -14,3 +14,5 @@
 \def\roffXbsModexpXbsVsEipMaxByteSize           {\roffConstYellow{0}}
 \def\roffXbsModexpXbsVsYbs                      {\roffConstYellow{1}}
 \def\roffXbsModexpXbsIszeroCheck                {\roffConstYellow{2}}
+
+\def\locCumulativeLengthOfByteSizes             {\numConst{96}}

oob/precompiles/modexp/lead.tex

@@ -4,8 +4,8 @@
 	\boxed{\text{All constraints in this subsection further assume } \oobInstIsModexpLead_{i} = 1}
 \]
 What the present system of constraints aims to verify the following predictions made in the \hubMod{} module: 
-\green{(\emph{a})} compute the small integer $32\wedge \big[ \locCds - (96 + \locBbs) \big]^+$
-\green{(\emph{b})} compute the bit $[ \locCds > (96 + \locBbs) ] \wedge [ \locEbs \neq 0 ]$.
+\green{(\emph{a})} compute the small integer $\evmWordSize \wedge \big[ \locCds - (\locCumulativeLengthOfByteSizes + \locBbs) \big]^+$
+\green{(\emph{b})} compute the bit $[ \locCds > (\locCumulativeLengthOfByteSizes + \locBbs) ] \wedge [ \locEbs \neq 0 ]$.
 
 \noindent We use the shorthands defined below:
 \[
@@ -34,43 +34,60 @@
 					argOneLo  = \locEbs ,
 				}
 				\vspace{2mm} \\
-				\wcpCallToLt {
-					anchorRow = i       ,
-					relOffset = 1       ,
-					argOneHi  = 0       ,
-					argOneLo  = \locEbs ,
-					argTwoHi  = 0       ,
-					argTwoLo  = 32      ,
-				}
-				\vspace{2mm} \\
 				\wcpCallToLt {
 					anchorRow = i            ,
-					relOffset = 2            ,
+					relOffset = 1            ,
 					argOneHi  = 0            ,
-					argOneLo  = 96 + \locBbs ,
+					argOneLo  = \locEbs      ,
 					argTwoHi  = 0            ,
-					argTwoLo  = \locCds      ,
+					argTwoLo  = \evmWordSize ,
+				}
+				\vspace{2mm} \\
+				\wcpCallToLt {
+					anchorRow = i                                         ,
+					relOffset = 2                                         ,
+					argOneHi  = 0                                         ,
+					argOneLo  = \locCumulativeLengthOfByteSizes + \locBbs ,
+					argTwoHi  = 0                                         ,
+					argTwoLo  = \locCds                                   ,
 				}
 			\end{array} \right.
 		\]
-		and define the following shorthands
+		and we define the following shorthands
 		\[
 			\left\{ \begin{array}{lcl}
-				\locEbsIsZero                         & \define & \outgoingResLo_{i    } \\ 
-				\locEbsLtThirtyTwo                    & \define & \outgoingResLo_{i + 1} \\ 
-				\locCallDataContainsExponentBytes     & \define & \outgoingResLo_{i + 2} \\ 
+				\locEbsIsZero                 & \define & \outgoingResLo_{i    } \\
+				\locEbsLtThirtyTwo            & \define & \outgoingResLo_{i + 1} \\
+				\locCallDataExtendsBeyondBase & \define & \outgoingResLo_{i + 2} \\
+			\end{array} \right.
+		\]
+		\saNote{}
+		The number $\locCumulativeLengthOfByteSizes = 3 \cdot \evmWordSize$ is the ``cumulative length of byte sizes''.
+		It accounts for the first three \evm{} words in the (right zero-padded) call data holding the
+		\textbf{base byte size},
+		\textbf{exponent byte size} and
+		\textbf{modulus byte size}
+		respectively.
+
+		\saNote{}
+		Thus, by definition
+		\[
+			\left\{ \begin{array}{rcl}
+				\locEbsIsZero                 ~ \equiv ~ \true & \iff & \big[ \locEbs \equiv 0            \big] \vspace{1mm}                 \\
+				\locEbsLtThirtyTwo            ~ \equiv ~ \true & \iff & \big[ \locEbs <      \evmWordSize \big] \vspace{1mm}                 \\
+				\locCallDataExtendsBeyondBase ~ \equiv ~ \true & \iff & \big[ \locCds >      \locCumulativeLengthOfByteSizes + \locBbs \big] \\
 			\end{array} \right.
 		\]
 	\item[\underline{Row $n^\circ(i + 3)$:}]
-		\If $\locCallDataContainsExponentBytes = 1$ \Then
+		\If $\locCallDataExtendsBeyondBase = 1$ \Then
 		\[
 			\wcpCallToLt {
-				anchorRow = i                                  ,
-				relOffset = 3                                  ,
-				argOneHi  = 0                                  ,
-				argOneLo  = \locCds - \big( 96 + \locBbs \big) ,
-				argTwoHi  = 0                                  ,
-				argTwoLo  = 32                                 ,
+				anchorRow = i                                                               ,
+				relOffset = 3                                                               ,
+				argOneHi  = 0                                                               ,
+				argOneLo  = \locCds - \big( \locCumulativeLengthOfByteSizes + \locBbs \big) ,
+				argTwoHi  = 0                                                               ,
+				argTwoLo  = \evmWordSize                                                    ,
 			}
 		\]
 		we define the following shorthand
@@ -83,34 +100,34 @@
 				\[
 					\locExtractLeadingWord
 					=
-					\locCallDataContainsExponentBytes \cdot (1 - \locEbsIsZero)
+					\locCallDataExtendsBeyondBase \cdot (1 - \locEbsIsZero)
 				\]
 			\item[Constraining \locCdsCutoff{}:] we impose that
 				\begin{enumerate}
-					\item \If $\locCallDataContainsExponentBytes = 0$ \Then $\locCdsCutoff = 0$
-					\item \If $\locCallDataContainsExponentBytes = 1$ \Then
+					\item \If $\locCallDataExtendsBeyondBase = 0$ \Then $\locCdsCutoff = 0$
+					\item \If $\locCallDataExtendsBeyondBase = 1$ \Then
 						\begin{enumerate}
-							\item \If $\locResultOfComparison = 0$ \Then $\locCdsCutoff = 32$
-							\item \If $\locResultOfComparison = 1$ \Then $\locCdsCutoff = \locCds - \big( 96 + \locBbs \big)$
+							\item \If $\locResultOfComparison = 0$ \Then $\locCdsCutoff = \evmWordSize$
+							\item \If $\locResultOfComparison = 1$ \Then $\locCdsCutoff = \locCds - \big( \locCumulativeLengthOfByteSizes + \locBbs \big)$
 						\end{enumerate}
 				\end{enumerate}
 			\item[Constraining \locEbsCutoff       {}:] we impose that
 				\begin{enumerate}
-					\item \If $\locEbsLtThirtyTwo = 0$ \Then $\locEbsCutoff = 32$ 
+					\item \If $\locEbsLtThirtyTwo = 0$ \Then $\locEbsCutoff = \evmWordSize$ 
 					\item \If $\locEbsLtThirtyTwo = 1$ \Then $\locEbsCutoff = \locEbs$ 
 				\end{enumerate}
 			\item[Constraining \locEbsSubThirtyTwo {}:] we impose that
 				\begin{enumerate}
-					\item \If $\locEbsLtThirtyTwo = 0$ \Then $\locEbsSubThirtyTwo = \locEbs - 32$ 
+					\item \If $\locEbsLtThirtyTwo = 0$ \Then $\locEbsSubThirtyTwo = \locEbs - \evmWordSize$ 
 					\item \If $\locEbsLtThirtyTwo = 1$ \Then $\locEbsSubThirtyTwo = 0$ 
 				\end{enumerate}
 		\end{description}
 \end{description}
 \saNote{} The above thus computes respectively
 \[
 	\left\{ \begin{array}{lcl}
-		\locCdsCutoff           & \equiv & \Big[ \locCds - \big( 96 + \locBbs \big) \Big] ^ + \wedge \, 32 \\
-		\locEbsCutoff           & \equiv & \locEbs \wedge 32                                               \\
-		\locEbsSubThirtyTwo     & \equiv & \Big[ \locEbs - 32 \Big] ^ +                                    \\
+		\locCdsCutoff       & \equiv & \Big[ \locCds - \big( \locCumulativeLengthOfByteSizes + \locBbs \big) \Big] ^ + \wedge \, \evmWordSize \\
+		\locEbsCutoff       & \equiv & \locEbs \wedge \evmWordSize                                                                            \\
+		\locEbsSubThirtyTwo & \equiv & \Big[ \locEbs - \evmWordSize \Big] ^ +                                                                 \\
 	\end{array} \right.
 \]

txn_data/_local.tex

@@ -219,7 +219,7 @@
 \def\nRowsTypeThree      {\roffConstYellow{17}} \def\maxCtForTypeThree      {(\nRowsTypeThree      - 1)}
 \def\nRowsTypeFour       {\roffConstYellow{17}} \def\maxCtForTypeFour       {(\nRowsTypeFour       - 1)}
 
-\def\nRowsSysfNoop       {\roffConstYellow{2}} \def\maxCtForSysfNoop       {(\nRowsSysfNoop       - 1)}
+\def\nRowsSysfNoop       {\roffConstYellow{2}}  \def\maxCtForSysfNoop       {(\nRowsSysfNoop       - 1)}
 
 \def\locRlpTxnRcptPhaseSum {\loc{RLP\_TXN\_RCPT\_phase\_sum}}
 \def\locRlpTxnRcptOutgoing {\loc{RLP\_TXN\_RCPT\_outgoing}}