Add uint256 mul elf program. Pass test.

Author: dreamATD

.github/workflows/integration.yml

@@ -110,6 +110,11 @@ jobs:
           RUSTFLAGS: "-C opt-level=3"
         run: cargo run --release --package ceno_zkvm --bin e2e -- --platform=ceno examples/target/riscv32im-ceno-zkvm-elf/release/examples/bn254_curve_syscalls
 
+      - name: Run uint256_mul_syscall (release)
+        env:
+          RUSTFLAGS: "-C opt-level=3"
+        run: cargo run --release --package ceno_zkvm --bin e2e -- --platform=ceno examples/target/riscv32im-ceno-zkvm-elf/release/examples/uint256_mul_syscall
+
       - name: Install cargo make
         run: |
           cargo make --version || cargo install cargo-make

Cargo.lock

@@ -23,16 +23,27 @@ repository = "https://github.com/scroll-tech/ceno"
 version = "0.1.0"
 
 [workspace.dependencies]
-ff_ext = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "ff_ext", rev = "v1.0.0-alpha.9" }
-mpcs = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "mpcs", rev = "v1.0.0-alpha.9" }
-multilinear_extensions = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "multilinear_extensions", rev = "v1.0.0-alpha.9" }
-p3 = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "p3", rev = "v1.0.0-alpha.9" }
-poseidon = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "poseidon", rev = "v1.0.0-alpha.9" }
-sp1-curves = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "sp1-curves", rev = "v1.0.0-alpha.9" }
-sumcheck = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "sumcheck", rev = "v1.0.0-alpha.9" }
-transcript = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "transcript", rev = "v1.0.0-alpha.9" }
-whir = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "whir", rev = "v1.0.0-alpha.9" }
-witness = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "witness", rev = "v1.0.0-alpha.9" }
+# ff_ext = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "ff_ext", rev = "v1.0.0-alpha.9" }
+# mpcs = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "mpcs", rev = "v1.0.0-alpha.9" }
+# multilinear_extensions = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "multilinear_extensions", rev = "v1.0.0-alpha.9" }
+# p3 = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "p3", rev = "v1.0.0-alpha.9" }
+# poseidon = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "poseidon", rev = "v1.0.0-alpha.9" }
+# sp1-curves = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "sp1-curves", rev = "v1.0.0-alpha.9" }
+# sumcheck = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "sumcheck", rev = "v1.0.0-alpha.9" }
+# transcript = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "transcript", rev = "v1.0.0-alpha.9" }
+# whir = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "whir", rev = "v1.0.0-alpha.9" }
+# witness = { git = "https://github.com/scroll-tech/gkr-backend.git", package = "witness", rev = "v1.0.0-alpha.9" }
+
+ff_ext = { path = "../gkr-backend/crates/ff_ext", package = "ff_ext" }
+mpcs = { path = "../gkr-backend/crates/mpcs", package = "mpcs" }
+multilinear_extensions = { path = "../gkr-backend/crates/multilinear_extensions", package = "multilinear_extensions" }
+p3 = { path = "../gkr-backend/crates/p3", package = "p3" }
+poseidon = { path = "../gkr-backend/crates/poseidon", package = "poseidon" }
+sp1-curves = { path = "../gkr-backend/crates/curves", package = "sp1-curves" }
+sumcheck = { path = "../gkr-backend/crates/sumcheck", package = "sumcheck" }
+transcript = { path = "../gkr-backend/crates/transcript", package = "transcript" }
+whir = { path = "../gkr-backend/crates/whir", package = "whir" }
+witness = { path = "../gkr-backend/crates/witness", package = "witness" }
 
 alloy-primitives = "1.3"
 anyhow = { version = "1.0", default-features = false }
@@ -91,13 +102,14 @@ lto = "thin"
 #[patch."ssh://[email protected]/scroll-tech/ceno-gpu.git"]
 #ceno_gpu = { path = "../ceno-gpu/cuda_hal", package = "cuda_hal" }
 
-#[patch."https://github.com/scroll-tech/gkr-backend"]
-#ff_ext = { path = "../gkr-backend/crates/ff_ext", package = "ff_ext" }
-#mpcs = { path = "../gkr-backend/crates/mpcs", package = "mpcs" }
-#multilinear_extensions = { path = "../gkr-backend/crates/multilinear_extensions", package = "multilinear_extensions" }
-#p3 = { path = "../gkr-backend/crates/p3", package = "p3" }
-#poseidon = { path = "../gkr-backend/crates/poseidon", package = "poseidon" }
-#sumcheck = { path = "../gkr-backend/crates/sumcheck", package = "sumcheck" }
-#transcript = { path = "../gkr-backend/crates/transcript", package = "transcript" }
-#whir = { path = "../gkr-backend/crates/whir", package = "whir" }
-#witness = { path = "../gkr-backend/crates/witness", package = "witness" }
+# [patch."https://github.com/scroll-tech/gkr-backend"]
+# ff_ext = { path = "../gkr-backend/crates/ff_ext", package = "ff_ext" }
+# mpcs = { path = "../gkr-backend/crates/mpcs", package = "mpcs" }
+# multilinear_extensions = { path = "../gkr-backend/crates/multilinear_extensions", package = "multilinear_extensions" }
+# p3 = { path = "../gkr-backend/crates/p3", package = "p3" }
+# poseidon = { path = "../gkr-backend/crates/poseidon", package = "poseidon" }
+# sp1-curves = { path = "../gkr-backend/crates/p3", package = "sp1-curves" }
+# sumcheck = { path = "../gkr-backend/crates/sumcheck", package = "sumcheck" }
+# transcript = { path = "../gkr-backend/crates/transcript", package = "transcript" }
+# whir = { path = "../gkr-backend/crates/whir", package = "whir" }
+# witness = { path = "../gkr-backend/crates/witness", package = "witness" }

Cargo.toml

@@ -27,7 +27,7 @@ pub use syscalls::{
     BLS12381_ADD, BLS12381_DECOMPRESS, BLS12381_DOUBLE, BN254_ADD, BN254_DOUBLE, BN254_FP_ADD,
     BN254_FP_MUL, BN254_FP2_ADD, BN254_FP2_MUL, KECCAK_PERMUTE, SECP256K1_ADD,
     SECP256K1_DECOMPRESS, SECP256K1_DOUBLE, SECP256R1_ADD, SECP256R1_DECOMPRESS, SECP256R1_DOUBLE,
-    SHA_EXTEND, SyscallSpec,
+    SHA_EXTEND, SyscallSpec, UINT256_MUL,
     bn254::{
         BN254_FP_WORDS, BN254_FP2_WORDS, BN254_POINT_WORDS, Bn254AddSpec, Bn254DoubleSpec,
         Bn254Fp2AddSpec, Bn254Fp2MulSpec, Bn254FpAddSpec, Bn254FpMulSpec,
@@ -38,7 +38,7 @@ pub use syscalls::{
         Secp256k1DecompressSpec, Secp256k1DoubleSpec,
     },
     sha256::{SHA_EXTEND_WORDS, Sha256ExtendSpec},
-    uint256::UINT256_WORDS_FIELD_ELEMENT,
+    uint256::{UINT256_WORDS_FIELD_ELEMENT, Uint256MulSpec},
 };
 
 pub mod utils;

ceno_emul/src/lib.rs

@@ -1,33 +1,34 @@
 use crate::{
-    Change, EmuContext, Platform, SyscallSpec, VMState, Word, WriteOp,
+    Change, EmuContext, Platform, SyscallSpec, VMState, WriteOp,
     syscalls::{SyscallEffects, SyscallWitness},
     utils::MemoryView,
 };
 
-use super::UINT256_MUL;
 use itertools::Itertools;
 use num::{BigUint, One, Zero};
-use sp1_curves::{params::NumWords, uint256::U256Field};
+use sp1_curves::{
+    params::NumWords,
+    uint256::U256Field,
+    utils::{biguint_from_words, biguint_to_words},
+};
 use typenum::marker_traits::Unsigned;
 
 type WordsFieldElement = <U256Field as NumWords>::WordsFieldElement;
 pub const UINT256_WORDS_FIELD_ELEMENT: usize = WordsFieldElement::USIZE;
-const WORD_SIZE: usize = 4;
 
-pub(crate) struct Uint256MulSpec;
+pub struct Uint256MulSpec;
 
 impl SyscallSpec for Uint256MulSpec {
     const NAME: &'static str = "UINT256_MUL";
 
     const REG_OPS_COUNT: usize = 2;
     const MEM_OPS_COUNT: usize = 3 * UINT256_WORDS_FIELD_ELEMENT; // x, y, modulus
-    const CODE: u32 = ceno_rt::syscalls::UINT256_MUL;
+    const CODE: u32 = ceno_syscall::UINT256_MUL;
 }
 
 pub fn uint256_mul(vm: &VMState) -> SyscallEffects {
     let x_ptr = vm.peek_register(Platform::reg_arg0());
     let y_ptr = vm.peek_register(Platform::reg_arg1());
-    let mod_ptr = y_ptr + UINT256_WORDS_FIELD_ELEMENT as u32 * WORD_SIZE as u32;
 
     // Read the argument pointers
     let reg_ops = vec![
@@ -44,19 +45,13 @@ pub fn uint256_mul(vm: &VMState) -> SyscallEffects {
     ];
 
     // Memory segments of x, y, and modulus
-    let [mut x_view, y_view, mod_view] =
-        [x_ptr, y_ptr, mod_ptr].map(|start| MemoryView::<UINT256_WORDS_FIELD_ELEMENT>::new(vm, start));
+    let mut x_view = MemoryView::<UINT256_WORDS_FIELD_ELEMENT>::new(vm, x_ptr);
+    let y_and_modulus_view = MemoryView::<{ UINT256_WORDS_FIELD_ELEMENT * 2 }>::new(vm, y_ptr);
 
-    // Read x and y from words via wrapper type
-    let [x, y, modulus] = [&x_view, &y_view, &mod_view].map(|view| {
-        BigUint::from_bytes_le(
-            &view
-                .words()
-                .into_iter()
-                .flat_map(|w| w.to_le_bytes())
-                .collect_vec(),
-        )
-    });
+    // Read x, y, and modulus from words via wrapper type
+    let x = biguint_from_words(&x_view.words());
+    let y = biguint_from_words(&y_and_modulus_view.words()[..UINT256_WORDS_FIELD_ELEMENT]);
+    let modulus = biguint_from_words(&y_and_modulus_view.words()[UINT256_WORDS_FIELD_ELEMENT..]);
 
     // Perform the multiplication and take the result modulo the modulus.
     let result: BigUint = if modulus.is_zero() {
@@ -65,23 +60,17 @@ pub fn uint256_mul(vm: &VMState) -> SyscallEffects {
     } else {
         (x * y) % modulus
     };
-    let mut result_bytes = result.to_bytes_le();
-    result_bytes.resize(32, 0u8); // Pad the result to 32 bytes.
 
     // Convert the result to little endian u32 words.
-    let result: [u32; 8] = {
-        let mut iter = result_bytes
-            .chunks_exact(4)
-            .map(|chunk| u32::from_le_bytes(chunk.try_into().unwrap()));
-        core::array::from_fn(|_| iter.next().unwrap())
-    };
-    x_view.write(result);
+    let result_words = biguint_to_words(&result, UINT256_WORDS_FIELD_ELEMENT)
+        .try_into()
+        .unwrap();
+    x_view.write(result_words);
 
     let mem_ops = x_view
         .mem_ops()
         .into_iter()
-        .chain(y_view.mem_ops())
-        .chain(mod_view.mem_ops())
+        .chain(y_and_modulus_view.mem_ops())
         .collect_vec();
 
     SyscallEffects {

ceno_emul/src/syscalls/uint256.rs

@@ -626,7 +626,9 @@ fn test_bn254_precompile() -> Result<()> {
     Ok(())
 }
 
+#[test]
 fn test_uint256_mul() -> Result<()> {
+    let program_elf = ceno_examples::uint256_mul_syscall;
     let mut state = VMState::new_from_elf(unsafe_platform(), program_elf)?;
 
     let steps = run(&mut state)?;
@@ -647,16 +649,13 @@ fn test_uint256_mul() -> Result<()> {
     assert_eq!(b_address, witness.reg_ops[1].value.before);
     let b_address: WordAddr = b_address.into();
 
-    const A_MUL_B: [u8; 65] = [
-        4, 188, 11, 115, 232, 35, 63, 79, 186, 163, 11, 207, 165, 64, 247, 109, 81, 125, 56, 83,
-        131, 221, 140, 154, 19, 186, 109, 173, 9, 127, 142, 169, 219, 108, 17, 216, 218, 125, 37,
-        30, 87, 86, 194, 151, 20, 122, 64, 118, 123, 210, 29, 60, 209, 138, 131, 11, 247, 157, 212,
-        209, 123, 162, 111, 197, 70,
+    let expect: [u32; 8] = [
+        0xF0D2F44F, 0xF0DC2116, 0x253AB7CD, 0x3089E8F6, 0x803BED8F, 0x969E7A64, 0x610CBFFF,
+        0x80012A20,
     ];
-    let expect = bytes_to_words(A_MUL_B);
 
     assert_eq!(witness.mem_ops.len(), 3 * UINT256_WORDS_FIELD_ELEMENT);
-    // Expect first half to consist of read/writes on P
+    // Expect first half to consist of read/writes on x
     for (i, write_op) in witness
         .mem_ops
         .iter()
@@ -667,12 +666,12 @@ fn test_uint256_mul() -> Result<()> {
         assert_eq!(write_op.value.after, expect[i]);
     }
 
-    // Expect second half to consist of reads on Q
+    // Expect second half to consist of reads on y and modulus
     for (i, write_op) in witness
         .mem_ops
         .iter()
         .skip(UINT256_WORDS_FIELD_ELEMENT)
-        .take(UINT256_WORDS_FIELD_ELEMENT * UINT256_WORDS_FIELD_ELEMENT)
+        .take(UINT256_WORDS_FIELD_ELEMENT * 2)
         .enumerate()
     {
         assert_eq!(write_op.addr, b_address + i);

ceno_host/tests/test_elf.rs

@@ -300,3 +300,27 @@ pub extern "C" fn syscall_bn254_fp2_mulmod(x: &mut [u32; 16], y: &[u32; 16]) {
     #[cfg(not(target_os = "zkvm"))]
     unreachable!()
 }
+
+/// Uint256 multiplication operation.
+///
+/// The result is written over the first input.
+#[allow(unused_variables)]
+#[unsafe(no_mangle)]
+pub extern "C" fn syscall_uint256_mul(x: &mut [u32; 8], y_and_modulus: &[u32; 16]) {
+    #[cfg(target_os = "zkvm")]
+    {
+        let x = x.as_mut_ptr();
+        let y = y_and_modulus.as_ptr();
+        unsafe {
+            asm!(
+            "ecall",
+            in("t0") UINT256_MUL,
+            in("a0") x,
+            in("a1") y,
+            );
+        }
+    }
+
+    #[cfg(not(target_os = "zkvm"))]
+    unreachable!()
+}

ceno_syscall/src/lib.rs

@@ -1,15 +1,15 @@
 mod halt;
 mod keccak;
+mod uint256;
 mod weierstrass_add;
 mod weierstrass_decompress;
 mod weierstrass_double;
-mod uint256;
 
 pub use keccak::KeccakInstruction;
+pub use uint256::Uint256MulInstruction;
 pub use weierstrass_add::WeierstrassAddAssignInstruction;
 pub use weierstrass_decompress::WeierstrassDecompressInstruction;
 pub use weierstrass_double::WeierstrassDoubleAssignInstruction;
-pub use uint256::U256MulInstruction;
 
 use ceno_emul::InsnKind;
 pub use halt::HaltInstruction;