update TODO.md and fix test_packed_pcs

TomWambsgans · TomWambsgans · commit 7a851726fb1a · 2025-10-30T10:28:32.000+04:00
diff --git a/TODO.md b/TODO.md
@@ -4,33 +4,27 @@
 
 - WHIR univariate skip?
 - Opti recursion bytecode
-- inverse folding ordering in WHIR to enable Packing during sumcheck (more generally, TODO packing everywhere)
+- packing (SIMD) everywhere
 - one can "move out" the variable of the eq(.) polynomials out of the sumcheck computation in WHIR (as done in the PIOP)
 - Structured AIR: often no all the columns use both up/down -> only handle the used ones to speed up the PIOP zerocheck
-- avoid transpositions (poseidon trace generation)
 - Use Univariate Skip to commit to tables with k.2^n rows (k small)
-- avoid field embedding in the initial sumcheck of logup*, when table / values are in base field
 - opti logup* GKR when the indexes are not a power of 2 (which is the case in the execution table)
 - incremental merkle paths in whir-p3
-- Experiment to increase degree, and reduce commitments, in Poseidon arithmetization. 
-  Result: degree 9 is better than 3. TODO: degree 5, or 6 ? Also, the current degre 9 implem may not be perfectly optimal?
 - Avoid embedding overhead on the flag, len, and index columns in the AIR table for dot products
-- Batched logup*: when computing the eq() factor we can opti if the points contain boolean factor
 - Lev's trick to skip some low-level modular reduction
-- Sumcheck, case z = 0, no need to fold, only keep first half of the values (done in PR 33 by Lambda) (and also in WHIR?)
+- Sumcheck, case z = 0, no need to fold, only keep first half of the values (done in PR 33 by Lambda)
 - Custom AVX2 / AVX512 / Neon implem in Plonky3 for all of the finite field operations (done for degree 4 extension, but not degree 5)
 - Many times, we evaluate different multilinear polynomials (different columns of the same table etc) at a common point. OPTI = compute the eq(.) once, and then dot_product with everything
 - To commit to multiple AIR table using 1 single pcs, the most general form our "packed pcs" api should accept is:
  a list of n (n not a power of 2) columns, each ending with m repeated values (in this manner we can reduce proof size when they are a lot of columns (poseidons ...))
 - in the runner of leanISA program, if we call 2 times the same function with the same arguments, we can reuse the same memory frame
 - the interpreter of leanISA (+ witness generation) can be partially parallelized when there are some independent loops
-- (1 - x).r1 + x.r2 = x.(r2 - r1) + r1 TODO this opti is not everywhere currently + TODO generalize this with the univaraite skip
+- (1 - x).r1 + x.r2 = x.(r2 - r1) + r1 TODO this opti is not everywhere currently + TODO generalize this with the univariate skip
 - opti compute_eval_eq when scalar = ONE
 - Dmitry's range check, bonus: we can spare 2 memory cells if the value being range check is small (using the zeros present by conventio on the public memory)
 - Make everything "padding aware" (including WHIR, logup*, AIR, etc)
 - Opti WHIR: in sumcheck we know more than f(0) + f(1), we know f(0) and f(1)
 - Opti WHIR https://github.com/tcoratger/whir-p3/issues/303 and https://github.com/tcoratger/whir-p3/issues/306
-- Avoid committing to extra columns / adding some constraints in poseidon16 AIR, for "compression", and use instead sumcheck
 - Avoid committing to the 3 index columns, and replace it by a sumcheck? Using this idea, we would only commit to PC and FP for the execution table. Idea by Georg (Powdr). Do we even need to commit to FP then?
 
 About "the packed pcs" (similar to SP1 Jagged PCS, slightly less efficient, but simpler (no sumchecks)):
@@ -93,11 +87,7 @@ But we reduce proof size a lot using instead (TODO):
 
 # Random ideas
 
-- About range checks, that can currently be done in 3 cycles (see 2.5.3 of the zkVM pdf), in the instruction encoding of DEREF, if we replaced (1 - AUX) by a dedicated column,
-  we could allow DEREFS that 'does not do anything with the resulting value', which is exactly what we want for range check: we only want to ensure that m[m[fp + x]] (resp m[(t-1) - m[fp + x]])
-  is a valid memory access (i.e. the index is < M the memory size), but currently the DEREF instruction forces us to 'store' the result, in m[fp + i] (resp m[fp + k]).
-  TLDR: adding a new encoding field for DEREF would save 2 memory cells / range check. If this can also increase perf in alternative scenario (other instructions for instance),
-  potentially we should consider it.
+- About range checks, that can currently be done in 3 cycles (see 2.5.3 of the zkVM pdf) + 3 memory cells used. For small ranges we can save 2 memory cells.
 
 ## Known leanISA compiler bugs:
 
diff --git a/crates/packed_pcs/src/lib.rs b/crates/packed_pcs/src/lib.rs
@@ -555,144 +555,144 @@ fn compute_multilinear_value_from_chunks<F: Field, EF: ExtensionField<F>>(
     eval
 }
 
-// #[cfg(test)]
-// mod tests {
-//     use p3_field::{PrimeCharacteristicRing};
-//     use p3_koala_bear::{KoalaBear, QuinticExtensionFieldKB};
-//     use p3_util::log2_strict_usize;
-//     use rand::{Rng, SeedableRng, rngs::StdRng};
-//     use utils::{build_prover_state, build_verifier_state};
-
-//     use super::*;
-
-//     type F = KoalaBear;
-//     type EF = QuinticExtensionFieldKB;
-
-//     #[test]
-//     fn test_packed_pcs() {
-//         let whir_config_builder = WhirConfigBuilder {
-//             folding_factor: FoldingFactor::new(4, 4),
-//             soundness_type: SecurityAssumption::CapacityBound,
-//             pow_bits: 13,
-//             max_num_variables_to_send_coeffs: 6,
-//             rs_domain_initial_reduction_factor: 1,
-//             security_level: 75,
-//             starting_log_inv_rate: 1,
-//         };
-
-//         let mut rng = StdRng::seed_from_u64(0);
-//         let log_smallest_decomposition_chunk = 3;
-//         let committed_length_lengths_and_default_value_and_log_public_data: [(
-//             usize,
-//             F,
-//             Option<usize>,
-//         ); _] = [
-//             (16, F::from_usize(8), Some(4)),
-//             (854, F::from_usize(0), Some(7)),
-//             (854, F::from_usize(1), Some(5)),
-//             (16, F::from_usize(0), Some(3)),
-//             (17, F::from_usize(0), Some(4)),
-//             (95, F::from_usize(3), Some(4)),
-//             (17, F::from_usize(0), None),
-//             (95, F::from_usize(3), None),
-//             (256, F::from_usize(8), None),
-//             (1088, F::from_usize(9), None),
-//             (512, F::from_usize(0), None),
-//             (256, F::from_usize(8), Some(3)),
-//             (1088, F::from_usize(9), Some(4)),
-//             (512, F::from_usize(0), Some(5)),
-//             (754, F::from_usize(4), Some(4)),
-//             (1023, F::from_usize(7), Some(4)),
-//             (2025, F::from_usize(11), Some(8)),
-//             (16, F::from_usize(8), None),
-//             (854, F::from_usize(0), None),
-//             (854, F::from_usize(1), None),
-//             (16, F::from_usize(0), None),
-//             (754, F::from_usize(4), None),
-//             (1023, F::from_usize(7), None),
-//             (2025, F::from_usize(15), None),
-//         ];
-//         let mut public_data = BTreeMap::new();
-//         let mut polynomials = Vec::new();
-//         let mut dims = Vec::new();
-//         let mut statements_per_polynomial = Vec::new();
-//         for (pol_index, &(committed_length, default_value, log_public_data)) in
-//             committed_length_lengths_and_default_value_and_log_public_data
-//                 .iter()
-//                 .enumerate()
-//         {
-//             let mut poly = (0..committed_length + log_public_data.map_or(0, |l| 1 << l))
-//                 .map(|_| rng.random())
-//                 .collect::<Vec<F>>();
-//             poly.resize(poly.len().next_power_of_two(), default_value);
-//             if let Some(log_public) = log_public_data {
-//                 public_data.insert(pol_index, poly[..1 << log_public].to_vec());
-//             }
-//             let n_vars = log2_strict_usize(poly.len());
-//             let n_points = rng.random_range(1..5);
-//             let mut statements = Vec::new();
-//             for _ in 0..n_points {
-//                 let point =
-//                     MultilinearPoint((0..n_vars).map(|_| rng.random()).collect::<Vec<EF>>());
-//                 let value = poly.evaluate(&point);
-//                 statements.push(Evaluation { point, value });
-//             }
-//             polynomials.push(poly);
-//             dims.push(ColDims {
-//                 n_vars,
-//                 log_public_data_size: log_public_data,
-//                 committed_size: committed_length,
-//                 default_value,
-//             });
-//             statements_per_polynomial.push(statements);
-//         }
-
-//         let mut prover_state = build_prover_state();
-//         precompute_dft_twiddles::<F>(1 << 24);
-
-//         let polynomials_ref = polynomials.iter().map(|p| p.as_slice()).collect::<Vec<_>>();
-//         let witness = packed_pcs_commit(
-//             &whir_config_builder,
-//             &polynomials_ref,
-//             &dims,
-//             &mut prover_state,
-//             log_smallest_decomposition_chunk,
-//         );
-
-//         let packed_statements = packed_pcs_global_statements_for_prover(
-//             &polynomials_ref,
-//             &dims,
-//             log_smallest_decomposition_chunk,
-//             &statements_per_polynomial,
-//             &mut prover_state,
-//         );
-//         let num_variables = witness.packed_polynomial.by_ref().n_vars();
-//         WhirConfig::new(whir_config_builder.clone(), num_variables).prove(
-//             &mut prover_state,
-//             packed_statements,
-//             witness.inner_witness,
-//             &witness.packed_polynomial.by_ref(),
-//         );
-
-//         let mut verifier_state = build_verifier_state(&prover_state);
-
-//         let parsed_commitment = packed_pcs_parse_commitment(
-//             &whir_config_builder,
-//             &mut verifier_state,
-//             &dims,
-//             log_smallest_decomposition_chunk,
-//         )
-//         .unwrap();
-//         let packed_statements = packed_pcs_global_statements_for_verifier(
-//             &dims,
-//             log_smallest_decomposition_chunk,
-//             &statements_per_polynomial,
-//             &mut verifier_state,
-//             &public_data,
-//         )
-//         .unwrap();
-//         WhirConfig::new(whir_config_builder, num_variables)
-//             .verify(&mut verifier_state, &parsed_commitment, packed_statements)
-//             .unwrap();
-//     }
-// }
+#[cfg(test)]
+mod tests {
+    use p3_field::PrimeCharacteristicRing;
+    use p3_koala_bear::{KoalaBear, QuinticExtensionFieldKB};
+    use p3_util::log2_strict_usize;
+    use rand::{Rng, SeedableRng, rngs::StdRng};
+    use utils::{build_prover_state, build_verifier_state};
+
+    use super::*;
+
+    type F = KoalaBear;
+    type EF = QuinticExtensionFieldKB;
+
+    #[test]
+    fn test_packed_pcs() {
+        let whir_config_builder = WhirConfigBuilder {
+            folding_factor: FoldingFactor::new(4, 4),
+            soundness_type: SecurityAssumption::CapacityBound,
+            pow_bits: 13,
+            max_num_variables_to_send_coeffs: 6,
+            rs_domain_initial_reduction_factor: 1,
+            security_level: 75,
+            starting_log_inv_rate: 1,
+        };
+
+        let mut rng = StdRng::seed_from_u64(0);
+        let log_smallest_decomposition_chunk = 4;
+        let committed_length_lengths_and_default_value_and_log_public_data: [(
+            usize,
+            F,
+            Option<usize>,
+        ); _] = [
+            (916, F::from_usize(8), Some(5)),
+            (854, F::from_usize(0), Some(7)),
+            (854, F::from_usize(1), Some(5)),
+            (16, F::from_usize(0), Some(5)),
+            (1127, F::from_usize(0), Some(6)),
+            (595, F::from_usize(3), Some(6)),
+            (17, F::from_usize(0), None),
+            (95, F::from_usize(3), None),
+            (256, F::from_usize(8), None),
+            (1088, F::from_usize(9), None),
+            (512, F::from_usize(0), None),
+            (256, F::from_usize(8), Some(6)),
+            (1088, F::from_usize(9), Some(5)),
+            (512, F::from_usize(0), Some(5)),
+            (754, F::from_usize(4), Some(5)),
+            (1023, F::from_usize(7), Some(5)),
+            (2025, F::from_usize(11), Some(8)),
+            (16, F::from_usize(8), None),
+            (854, F::from_usize(0), None),
+            (854, F::from_usize(1), None),
+            (16, F::from_usize(0), None),
+            (754, F::from_usize(4), None),
+            (1023, F::from_usize(7), None),
+            (2025, F::from_usize(15), None),
+        ];
+        let mut public_data = BTreeMap::new();
+        let mut polynomials = Vec::new();
+        let mut dims = Vec::new();
+        let mut statements_per_polynomial = Vec::new();
+        for (pol_index, &(committed_length, default_value, log_public_data)) in
+            committed_length_lengths_and_default_value_and_log_public_data
+                .iter()
+                .enumerate()
+        {
+            let mut poly = (0..committed_length + log_public_data.map_or(0, |l| 1 << l))
+                .map(|_| rng.random())
+                .collect::<Vec<F>>();
+            poly.resize(poly.len().next_power_of_two(), default_value);
+            if let Some(log_public) = log_public_data {
+                public_data.insert(pol_index, poly[..1 << log_public].to_vec());
+            }
+            let n_vars = log2_strict_usize(poly.len());
+            let n_points = rng.random_range(1..5);
+            let mut statements = Vec::new();
+            for _ in 0..n_points {
+                let point =
+                    MultilinearPoint((0..n_vars).map(|_| rng.random()).collect::<Vec<EF>>());
+                let value = poly.evaluate(&point);
+                statements.push(Evaluation { point, value });
+            }
+            polynomials.push(poly);
+            dims.push(ColDims {
+                n_vars,
+                log_public_data_size: log_public_data,
+                committed_size: committed_length,
+                default_value,
+            });
+            statements_per_polynomial.push(statements);
+        }
+
+        let mut prover_state = build_prover_state();
+        precompute_dft_twiddles::<F>(1 << 24);
+
+        let polynomials_ref = polynomials.iter().map(|p| p.as_slice()).collect::<Vec<_>>();
+        let witness = packed_pcs_commit(
+            &whir_config_builder,
+            &polynomials_ref,
+            &dims,
+            &mut prover_state,
+            log_smallest_decomposition_chunk,
+        );
+
+        let packed_statements = packed_pcs_global_statements_for_prover(
+            &polynomials_ref,
+            &dims,
+            log_smallest_decomposition_chunk,
+            &statements_per_polynomial,
+            &mut prover_state,
+        );
+        let num_variables = witness.packed_polynomial.by_ref().n_vars();
+        WhirConfig::new(whir_config_builder.clone(), num_variables).prove(
+            &mut prover_state,
+            packed_statements,
+            witness.inner_witness,
+            &witness.packed_polynomial.by_ref(),
+        );
+
+        let mut verifier_state = build_verifier_state(&prover_state);
+
+        let parsed_commitment = packed_pcs_parse_commitment(
+            &whir_config_builder,
+            &mut verifier_state,
+            &dims,
+            log_smallest_decomposition_chunk,
+        )
+        .unwrap();
+        let packed_statements = packed_pcs_global_statements_for_verifier(
+            &dims,
+            log_smallest_decomposition_chunk,
+            &statements_per_polynomial,
+            &mut verifier_state,
+            &public_data,
+        )
+        .unwrap();
+        WhirConfig::new(whir_config_builder, num_variables)
+            .verify(&mut verifier_state, &parsed_commitment, packed_statements)
+            .unwrap();
+    }
+}
