Update bitwise chiplet constraints #180
Conversation
|
@Overcastan I think there are a few more things we can do here. For e.g. since now we have list comprehension, we could redefine the shape of the trace in terms of groups, i.e., And then we could use list comprehension and list folding to redefine It would be interesting to explore if there are other ways to make the constraints cleaner using other syntax we have planned for v0.3 as well. |
|
Ah, indeed! I remembered that we have list comprehension, but I forgot that we also have list folding. Thank you! |
Fumuran
force-pushed
the
andrew-bitwise-constraints
branch
from
26e933f to
694b0ea
Compare
air-script/tests/bitwise/bitwise.air
Outdated
| @@ -22,26 +22,28 @@ integrity_constraints: | |||
| enf k1 * (s' - s) = 0 | |||
|
|
|||
| # Enforce that input is decomposed into valid bits | |||
air-script/tests/bitwise/bitwise.air
Outdated
| enf b_limb[0]^2 - b_limb[0] = 0 | ||
| enf b_limb[1]^2 - b_limb[1] = 0 | ||
| enf b_limb[2]^2 - b_limb[2] = 0 | ||
| enf b_limb[3]^2 - b_limb[3] = 0 | ||
|
|
||
| # Enforce that the values in the column a in the first row should be the aggregation of the |
There was a problem hiding this comment.
nit: in the first row of column a.
I think it should be the first row of the current 8 row cycle, but I think this is probably too verbose.
air-script/tests/bitwise/bitwise.air
Outdated
|
|
||
| # Enforce that the values in the column a in the first row should be the aggregation of the | ||
| # decomposed bit columns a0..a3. | ||
| enf k0 * (a - (2^0 * a0 + 2^1 * a1 + 2^2 * a2 + 2^3 * a3)) = 0 | ||
| let a_aggr = sum([2^i * a for (i, a) in (0..4, a_limb)]) | ||
| enf k0 * (a - a_aggr) = 0 | ||
| # Enforce that the values in the column b in the first row should be the aggregation of the |
There was a problem hiding this comment.
Similar comment to the one on a
air-script/tests/bitwise/bitwise.air
Outdated
|
|
||
| # Enforce that the values in the column a in the first row should be the aggregation of the | ||
| # decomposed bit columns a0..a3. | ||
| enf k0 * (a - (2^0 * a0 + 2^1 * a1 + 2^2 * a2 + 2^3 * a3)) = 0 | ||
| let a_aggr = sum([2^i * a for (i, a) in (0..4, a_limb)]) | ||
| enf k0 * (a - a_aggr) = 0 | ||
| # Enforce that the values in the column b in the first row should be the aggregation of the | ||
| # decomposed bit columns b0..b3. |
There was a problem hiding this comment.
nit: maybe " columns b" instead of "b0..b3"?
air-script/tests/bitwise/bitwise.air
Outdated
| enf a_limb[0]^2 - a_limb[0] = 0 | ||
| enf a_limb[1]^2 - a_limb[1] = 0 | ||
| enf a_limb[2]^2 - a_limb[2] = 0 | ||
| enf a_limb[3]^2 - a_limb[3] = 0 |
There was a problem hiding this comment.
Do we not yet support something like this?:
enf a = a^2 for a in a_limb
enf b = b^2 for b in b_limb
There was a problem hiding this comment.
@bobbinth We don't. I forgot to open an issue for it. We were supposed to add support for this after list comprehension. Do you have a name suggestion for statements like these (maybe something along the lines of list comprehension)?
There was a problem hiding this comment.
Could be "ConstraintComprehension" - but looks rather long.
There was a problem hiding this comment.
I couldn't think of any better name than ConstraintComprehension either so went with it in the issue description (#187) tentatively.
There was a problem hiding this comment.
Thanks @Overcastan this looks good! I left one minor nit inline.
Also, I think we should keep the old bitwise constraints file for testing purposes. Let's start collecting the vm constraints somewhere new.
Can you please make new top-level directories constraints/miden-vm and put this new bitwise.air file in there? We can collect all Miden VM constraints there for now. That way we can define the VM constraints using all of the syntax that will be implemented in v0.3 instead of being restricted to only what's implemented right now.
air-script/tests/bitwise/bitwise.air
Outdated
| # the aggregation of the decomposed bit columns `a_limb`. | ||
| let a_aggr = sum([2^i * a for (i, a) in (0..4, a_limb)]) | ||
| enf k0 * (a - a_aggr) = 0 | ||
| # Enforce that the value in the first row of column `b` of the current 8-row cycle should be |
There was a problem hiding this comment.
nit: let's put a blank line above this comment so it's easier to read
Fumuran
force-pushed
the
andrew-bitwise-constraints
branch
2 times, most recently
from
636fdc9 to
4aa1e2b
Compare
constraints/miden-vm/bitwise.air
Outdated
| # indices. | ||
| let a_and_b = sum([2^i * a * b for (i, a, b) in (0..4, a_limb, b_limb)]) | ||
| let a_xor_b = sum([2^i * (a + b - 2 * a * b) for (i, a, b) in (0..4, a_limb, b_limb)]) | ||
| enf (1 - s) * (z - (zp * 16 + a_and_b)) + s * (z - (zp * 16 + a_xor_b)) = 0 |
There was a problem hiding this comment.
Based on @bobbinth's suggestion in another PR, we could rewrite this as:
match enf:
z = zp * 16 + a_and_b when !s
z = zp * 16 + a_xor_b when s
Does this seem correct or did I make some mistake here?
There was a problem hiding this comment.
Looks correct to me too. I'll update it right away, thank you!
There was a problem hiding this comment.
The only thing I'd maybe change here is the order to be more like:
match enf:
z = zp * 16 + a_xor_b when s
z = zp * 16 + a_and_b when !s
c860d93 to
cf22093
Compare
constraints/miden-vm/bitwise.air
Outdated
| # Returns value aggregated from limbs | ||
| fn aggregate(limb: vector[4]) -> scalar: | ||
| let result = sum([2^i * a for (i, a) in (0..4, limb)]) | ||
| result |
There was a problem hiding this comment.
nit: Return statements would require return keyword. And maybe we can remove the result variable as well.
constraints/miden-vm/bitwise.air
Outdated
| enf check_binary([a_limb[i]]) for i in 0..4 | ||
| enf check_binary([b_limb[i]]) for i in 0..4 |
There was a problem hiding this comment.
nit: Maybe we can rewrite this as:
enf check_binary([a]) for a in a_limb
enf check_binary([b]) for b in b_limb
constraints/miden-vm/bitwise.air
Outdated
| let a_aggr = aggregate([a_limb]) | ||
| enf a = a_aggr when k0 |
There was a problem hiding this comment.
nit: Maybe we can remove a_aggr variable. aggregate([a_limb]) looks concise enough to me. Not a strong opinion though.
constraints/miden-vm/bitwise.air
Outdated
| let b_aggr = aggregate([b_limb]) | ||
| enf b = b_aggr when k0 |
There was a problem hiding this comment.
nit: Maybe we can remove b_aggr variable. aggregate([b_limb]) looks concise enough to me. Not a strong opinion though.
Fumuran
force-pushed
the
andrew-bitwise-constraints
branch
from
cf22093 to
be073ac
Compare
There was a problem hiding this comment.
Thanks @Overcastan! I left one very minor nit inline, but I think things look good now with the use of evaluators and selectors.
One comment - we will probably want to rework this a bit according to the comments in #122 for supporting modularity, but I think we should do that separately in a future PR.
| # Enforce that for each row except the last, the aggregated output value must equal the | ||
| # previous aggregated output value in the next row. | ||
| enf z = zp' when k1 |
There was a problem hiding this comment.
very minor nit: since constraints on z are written below and this constraint is really about the zp column, I would reverse this to enf zp' = z when k1
|
|
||
| # Enforce that the value in the first row of column `a` of the current 8-row cycle should be | ||
| # the aggregation of the decomposed bit columns `a_limb`. | ||
| enf a = aggregate([a_limb]) when k0 |
There was a problem hiding this comment.
minor nit: I think it should be aggregate(a_limb) for functions. Sorry, I missed this last time.
|
|
||
| # Enforce that the value in the first row of column `b` of the current 8-row cycle should be | ||
| # the aggregation of the decomposed bit columns `b_limb`. | ||
| enf b = aggregate([b_limb]) when k0 |
There was a problem hiding this comment.
minor nit: I think it should be aggregate(b_limb) for functions. Sorry, I missed this last time.
Bitwise chiplet constraints have been updated, now they use variables.
Currently this is the only improvement that the syntax allows to make with these constraints.