Integrate finalize_constants in the main flow.

Author: leo-starkware

crates/cairo_verifier/src/statement_test.rs

@@ -2,6 +2,7 @@ use crate::statement::{
     CasmState, PubMemoryM31Value, PublicData, PublicMemory, SegmentRange, public_logup_sum,
 };
 use circuits::context::{TraceContext, Var};
+use circuits::finalize_constants::finalize_constants;
 use circuits::ivalue::qm31_from_u32s;
 use circuits::wrappers::M31Wrapper;
 
@@ -261,6 +262,7 @@ fn test_public_logup_sum() {
     assert_eq!(result_value, expected);
 
     // Validate the circuit
+    finalize_constants(&mut context);
     context.check_vars_used();
     context.finalize_guessed_vars();
     context.circuit.check_yields();

crates/cairo_verifier/src/test.rs

@@ -9,6 +9,7 @@ use cairo_air::utils::{binary_deserialize_from_file, binary_serialize_to_file};
 use cairo_air::verifier::INTERACTION_POW_BITS;
 use cairo_vm::types::layout_name::LayoutName;
 use circuits::context::Context;
+use circuits::finalize_constants::finalize_constants;
 use circuits::ivalue::NoValue;
 use circuits::ops::Guess;
 use circuits_stark_verifier::constraint_eval::CircuitEval;
@@ -146,6 +147,7 @@ fn test_verify() {
 
     let proof_vars = empty_proof.guess(&mut novalue_context);
     verify(&mut novalue_context, &proof_vars, &config, &statement);
+    finalize_constants(&mut novalue_context);
     novalue_context.finalize_guessed_vars();
     novalue_context.check_vars_used();
     novalue_context.circuit.check_yields();

crates/cairo_verifier/src/verify.rs

@@ -7,6 +7,7 @@ use cairo_air::air::PublicData;
 use cairo_air::flat_claims::FlatClaim;
 use circuits::blake::HashValue;
 use circuits::context::{Context, TraceContext};
+use circuits::finalize_constants::finalize_constants;
 use circuits::ivalue::{IValue, NoValue};
 use circuits::ops::Guess;
 use circuits_stark_verifier::constraint_eval::CircuitEval;
@@ -124,6 +125,7 @@ pub fn build_fixed_cairo_circuit(
 
     let proof_vars = proof.guess(&mut context);
     verify(&mut context, &proof_vars, config, &statement);
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
 
     context
@@ -155,6 +157,7 @@ pub fn build_cairo_verifier_circuit(verifier_config: &CairoVerifierConfig) -> Co
 
     let proof_vars = empty_proof(config).guess(&mut context);
     verify(&mut context, &proof_vars, config, &statement);
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
     context
 }

crates/circuit_common/src/finalize.rs

@@ -1,9 +1,9 @@
 use crate::N_LANES;
-use circuits::blake::{HashValue, blake, blake_g_gate};
-use circuits::context::{Context, Var};
+use circuits::blake::blake_g_gate;
+use circuits::context::Context;
 use circuits::eval;
 use circuits::ivalue::{IValue, qm31_from_u32s};
-use circuits::ops::{eq, output};
+use circuits::ops::eq;
 use rand_chacha::rand_core::{RngCore, SeedableRng};
 
 fn pad_qm31_ops(context: &mut Context<impl IValue>) {
@@ -80,25 +80,12 @@ fn pad_blake_g_gate(context: &mut Context<impl IValue>) {
     }
 }
 
-fn hash_constants(context: &mut Context<impl IValue>) -> HashValue<Var> {
-    let constants: Vec<_> = context.constants().values().copied().collect();
-    let n_bytes = constants.len() * 16;
-    blake(context, &constants, n_bytes)
-}
-
-/// Finalizes the context by appending gates to the context for:
-/// - Hashing the constants.
-/// - Hashing the outputs.
-/// - Padding the components to a power of two.
+/// Pad the components to a power of two.
+/// Appends gates to the context so that the resulting AIR components have length equal to a power
+/// of two.
 // TODO(Gali): Have it under a trait.
 // TODO(Ilya): Make it pub(crate).
 pub fn finalize_context(context: &mut Context<impl IValue>) {
-    let HashValue(hash0, hash1) = hash_constants(context);
-    // Add the hash of the constants to the outputs.
-    // TODO(Leo): consider storing these values at a fixed address.
-    output(context, hash0);
-    output(context, hash1);
-
     // Padding the components to a power of two.
     pad_eq(context);
     pad_qm31_ops(context);

crates/circuit_prover/src/prover_test.rs

@@ -10,6 +10,7 @@ use circuit_verifier::verify::{CircuitConfig, verify_circuit};
 use circuits::blake::{blake, blake_g_gate, m31_to_u32, triple_xor};
 use circuits::context::Var;
 use circuits::eval;
+use circuits::finalize_constants::finalize_constants;
 use circuits::ivalue::{IValue, qm31_from_u32s};
 use circuits::ops::{output, permute};
 use circuits::{context::Context, ops::guess};
@@ -21,6 +22,7 @@ use stwo::core::channel::Blake2sM31Channel;
 use stwo::core::channel::Channel;
 use stwo::core::fields::qm31::QM31;
 use stwo::core::pcs::{CommitmentSchemeVerifier, PcsConfig};
+use stwo::core::vcs::blake2_hash::Blake2sHash;
 use stwo::core::vcs_lifted::blake2_merkle::Blake2sM31MerkleChannel;
 use stwo::core::vcs_lifted::blake2_merkle::Blake2sM31MerkleHasher;
 // Not a power of 2 so that we can test component padding.
@@ -247,6 +249,7 @@ fn stwo_verify(
 #[test]
 fn test_prove_and_stark_verify_blake_gate_context() {
     let mut blake_gate_context = build_blake_gate_context();
+    finalize_constants(&mut blake_gate_context);
     blake_gate_context.finalize_guessed_vars();
     blake_gate_context.validate_circuit();
 
@@ -264,6 +267,7 @@ fn test_prove_and_stark_verify_blake_gate_context() {
 #[test]
 fn test_prove_and_stark_verify_permutation_context() {
     let mut permutation_context = build_permutation_context();
+    finalize_constants(&mut permutation_context);
     permutation_context.finalize_guessed_vars();
     permutation_context.validate_circuit();
 
@@ -281,6 +285,7 @@ fn test_prove_and_stark_verify_permutation_context() {
 #[test]
 fn test_prove_and_stark_verify_fibonacci_context() {
     let mut fibonacci_context = build_fibonacci_context();
+    finalize_constants(&mut fibonacci_context);
     fibonacci_context.finalize_guessed_vars();
     fibonacci_context.validate_circuit();
 
@@ -298,6 +303,7 @@ fn test_prove_and_stark_verify_fibonacci_context() {
 #[test]
 fn test_prove_and_stark_verify_triple_xor_context() {
     let mut triple_xor_context = build_triple_xor_context();
+    finalize_constants(&mut triple_xor_context);
     triple_xor_context.finalize_guessed_vars();
     triple_xor_context.validate_circuit();
 
@@ -315,6 +321,7 @@ fn test_prove_and_stark_verify_triple_xor_context() {
 #[test]
 fn test_prove_and_stark_verify_m31_to_u32_context() {
     let mut m31_to_u32_context = build_m31_to_u32_context();
+    finalize_constants(&mut m31_to_u32_context);
     m31_to_u32_context.finalize_guessed_vars();
     m31_to_u32_context.validate_circuit();
 
@@ -332,6 +339,7 @@ fn test_prove_and_stark_verify_m31_to_u32_context() {
 #[test]
 fn test_prove_and_stark_verify_blake_g_gate_context() {
     let mut blake_g_gate_context = build_blake_g_gate_context();
+    finalize_constants(&mut blake_g_gate_context);
     blake_g_gate_context.finalize_guessed_vars();
     blake_g_gate_context.validate_circuit();
 
@@ -374,12 +382,10 @@ fn circuit_verify(
     verify_circuit(circuit_config, proof, public_data).unwrap();
 }
 
-const TRIPLE_XOR_CIRCUIT_PREPROCESSED_ROOT: [u32; 8] =
-    [383878560, 777803796, 83194896, 1011084203, 160550306, 637440927, 339198671, 1031359971];
-
 #[test]
 fn test_prove_and_circuit_verify_triple_xor_context() {
     let mut triple_xor_context = build_triple_xor_context();
+    finalize_constants(&mut triple_xor_context);
     triple_xor_context.finalize_guessed_vars();
     triple_xor_context.validate_circuit();
 
@@ -391,15 +397,23 @@ fn test_prove_and_circuit_verify_triple_xor_context() {
         PcsConfig::default(),
     )
     .unwrap();
-    circuit_verify(circuit_proof, &preprocessed_circuit, TRIPLE_XOR_CIRCUIT_PREPROCESSED_ROOT);
+    let preprocessed_root = preprocessed_root_from_proof(&circuit_proof);
+    expect!["[1171063850, 1111600624, 1633001715, 1807620201, 319861310, 456396523, 1450019685, 1107101120]"]
+    .assert_eq(&format!("{preprocessed_root:?}"));
+    circuit_verify(circuit_proof, &preprocessed_circuit, preprocessed_root);
 }
 
-const FIBONACCI_CIRCUIT_PREPROCESSED_ROOT: [u32; 8] =
-    [938280935, 1980664971, 866203874, 1147299749, 1683668505, 390015812, 137596665, 365486364];
+/// Extract the preprocessed-trace Merkle root (`commitments[0]`) from a `CircuitProof` as
+/// `[u32; 8]`, matching the layout `HashValue<QM31>` consumes via `From<[u32; 8]>`.
+fn preprocessed_root_from_proof(circuit_proof: &CircuitProof<Blake2sM31MerkleHasher>) -> [u32; 8] {
+    let hash: Blake2sHash = circuit_proof.stark_proof.proof.commitments[0];
+    std::array::from_fn(|i| u32::from_le_bytes(hash.0[i * 4..(i + 1) * 4].try_into().unwrap()))
+}
 
 #[test]
 fn test_prove_and_circuit_verify_fibonacci_context() {
     let mut fibonacci_context = build_fibonacci_context();
+    finalize_constants(&mut fibonacci_context);
     fibonacci_context.finalize_guessed_vars();
     fibonacci_context.validate_circuit();
 
@@ -411,15 +425,16 @@ fn test_prove_and_circuit_verify_fibonacci_context() {
         PcsConfig::default(),
     )
     .unwrap();
-    circuit_verify(circuit_proof, &preprocessed_circuit, FIBONACCI_CIRCUIT_PREPROCESSED_ROOT);
+    let preprocessed_root = preprocessed_root_from_proof(&circuit_proof);
+    expect!["[1652958260, 1473705547, 1322148911, 426200657, 1375192488, 2052166177, 2061891994, 1346989032]"]
+    .assert_eq(&format!("{preprocessed_root:?}"));
+    circuit_verify(circuit_proof, &preprocessed_circuit, preprocessed_root);
 }
 
-const M31_TO_U32_CIRCUIT_PREPROCESSED_ROOT: [u32; 8] =
-    [119960690, 584326386, 331600676, 1678406228, 411117252, 2142234173, 1676458105, 924266087];
-
 #[test]
 fn test_prove_and_circuit_verify_m31_to_u32_context() {
     let mut m31_to_u32_context = build_m31_to_u32_context();
+    finalize_constants(&mut m31_to_u32_context);
     m31_to_u32_context.finalize_guessed_vars();
     m31_to_u32_context.validate_circuit();
 
@@ -431,15 +446,18 @@ fn test_prove_and_circuit_verify_m31_to_u32_context() {
         PcsConfig::default(),
     )
     .unwrap();
-    circuit_verify(circuit_proof, &preprocessed_circuit, M31_TO_U32_CIRCUIT_PREPROCESSED_ROOT);
+    let preprocessed_root = preprocessed_root_from_proof(&circuit_proof);
+    expect![
+        "[938872239, 1375737105, 1191518666, 1663828004, 7943535, 657469305, 191549109, 752041387]"
+    ]
+    .assert_eq(&format!("{preprocessed_root:?}"));
+    circuit_verify(circuit_proof, &preprocessed_circuit, preprocessed_root);
 }
 
-const BLAKE_G_GATE_CIRCUIT_PREPROCESSED_ROOT: [u32; 8] =
-    [1547637094, 1628188007, 1109367239, 1655363258, 1038162931, 368611637, 1915980358, 1225437881];
-
 #[test]
 fn test_prove_and_circuit_verify_blake_g_gate_context() {
     let mut blake_g_gate_context = build_blake_g_gate_context();
+    finalize_constants(&mut blake_g_gate_context);
     blake_g_gate_context.finalize_guessed_vars();
     blake_g_gate_context.validate_circuit();
 
@@ -451,7 +469,10 @@ fn test_prove_and_circuit_verify_blake_g_gate_context() {
         PcsConfig::default(),
     )
     .unwrap();
-    circuit_verify(circuit_proof, &preprocessed_circuit, BLAKE_G_GATE_CIRCUIT_PREPROCESSED_ROOT);
+    let preprocessed_root = preprocessed_root_from_proof(&circuit_proof);
+    expect!["[1600972583, 323912908, 1627322779, 821304140, 535689503, 707220338, 1484882728, 1361575593]"]
+    .assert_eq(&format!("{preprocessed_root:?}"));
+    circuit_verify(circuit_proof, &preprocessed_circuit, preprocessed_root);
 }
 
 #[test]

crates/circuit_verifier/src/verify.rs

@@ -1,5 +1,8 @@
 use circuit_common::order_hash_map::OrderedHashMap;
-use circuits::{blake::HashValue, context::Context, ivalue::IValue, ops::Guess};
+use circuits::{
+    blake::HashValue, context::Context, finalize_constants::finalize_constants, ivalue::IValue,
+    ops::Guess,
+};
 use circuits_stark_verifier::{
     proof::{Proof, ProofConfig},
     statement::Statement,
@@ -48,6 +51,7 @@ pub fn build_verification_circuit<Value: IValue>(
     let proof_vars = proof.guess(&mut context);
 
     verify(&mut context, &proof_vars, &proof_config, &statement);
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
     #[cfg(test)]
     context.circuit.check_yields();

crates/circuits/src/blake_test.rs

@@ -4,6 +4,7 @@ use stwo::core::vcs::blake2_hash::reduce_to_m31;
 
 use crate::blake::{blake, blake_from_gates, blake_qm31, qm31_from_bytes};
 use crate::context::TraceContext;
+use crate::finalize_constants::finalize_constants;
 use crate::ivalue::qm31_from_u32s;
 use crate::ops::{Guess, eq, guess};
 use crate::stats::Stats;
@@ -40,10 +41,10 @@ fn test_blake(#[case] wrong_output: bool) {
     eq(&mut context, output.0, out0);
     eq(&mut context, output.1, out1);
 
-    assert_eq!(context.stats, Stats { blake_updates: 2, guess: 9, equals: 2, ..Stats::default() });
+    assert_eq!(context.stats, Stats { blake_updates: 2, guess: 7, equals: 2, ..Stats::default() });
 
+    crate::finalize_constants::finalize_constants(&mut context);
     context.finalize_guessed_vars();
-    assert_eq!(context.circuit.compute_multiplicities().0, vec![13, 1, 2, 2, 2, 2, 2, 1, 1, 2, 2]);
     context.circuit.check_yields();
 
     assert_eq!(context.is_circuit_valid(), !wrong_output);
@@ -69,6 +70,7 @@ fn test_blake_from_gates_equal_old_blake() {
     eq(&mut context, out_mono.0, out_decomposed.0);
     eq(&mut context, out_mono.1, out_decomposed.1);
 
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
     context.circuit.check_yields();
     assert!(context.is_circuit_valid());
@@ -102,6 +104,7 @@ fn test_blake_from_gates_independent() {
     eq(&mut context, output.0, out0);
     eq(&mut context, output.1, out1);
 
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
     context.circuit.check_yields();
     assert!(context.is_circuit_valid());

crates/circuits/src/context.rs

@@ -4,8 +4,7 @@ use num_traits::{One, Zero};
 use stwo::core::fields::qm31::QM31;
 
 use crate::circuit::{Add, Circuit};
-use crate::ivalue::IValue;
-use crate::ops::guess;
+use crate::ivalue::{IValue, qm31_from_u32s};
 use crate::stats::Stats;
 
 #[cfg(test)]
@@ -50,7 +49,7 @@ pub struct Context<Value: IValue> {
     ///
     /// `None` if the set of guessed variables has already been finalized.
     ///
-    /// See [guess].
+    /// See [crate::ops::guess].
     pub guessed_vars: Option<Vec<usize>>,
     /// Debug only. If true, equality is asserted when adding the `eq` gate; if false, no
     /// assertion is made during construction and equality can be checked later at validation.
@@ -94,7 +93,7 @@ impl<Value: IValue> Context<Value> {
         if let Some(var) = self.constants.get(&value) {
             *var
         } else {
-            let var = guess(self, Value::from_qm31(value));
+            let var = self.new_var(Value::from_qm31(value));
             self.constants.insert(value, var);
             var
         }
@@ -161,9 +160,11 @@ impl<Value: IValue> Default for Context<Value> {
             guessed_vars: Some(vec![]),
             assert_eq_on_eval: false,
         };
-        // Register zero and one as the first constants.
+        // Register zero, one, and u as the first constants.
         res.constant(QM31::zero());
         res.constant(QM31::one());
+        res.constant(qm31_from_u32s(0, 0, 1, 0)); // u at idx 2
+
         res
     }
 }

crates/circuits/src/context_test.rs

@@ -1,4 +1,5 @@
 use crate::context::{Context, TraceContext};
+use crate::finalize_constants::finalize_constants;
 use crate::ivalue::qm31_from_u32s;
 
 #[test]
@@ -11,14 +12,11 @@ fn test_constants() {
     let c = context.constant(x);
     assert_eq!(a.idx, c.idx);
 
-    assert_eq!(context.values(), &vec![0.into(), 1.into(), x, x + x]);
+    let u = qm31_from_u32s(0, 0, 1, 0);
+    assert_eq!(context.values(), &vec![0.into(), 1.into(), u, x, x + x]);
 
+    finalize_constants(&mut context);
     context.finalize_guessed_vars();
-    assert_eq!(
-        format!("{:?}", context.circuit),
-        "[0] = [0] + [0]\n[1] = [1] + [0]\n[2] = [2] + [0]\n[3] = [3] + [0]\n"
-    );
-
     context.validate_circuit();
 }