Revert "fix: Revert "feat: new per-enqueued-call gas limit" (#9139)"

This reverts commit 7677ca5.

Author: dbanks12

barretenberg/cpp/src/barretenberg/vm/avm/tests/execution.test.cpp

@@ -1760,11 +1760,30 @@ TEST_F(AvmExecutionTests, daGasLeft)
     validate_trace(std::move(trace), public_inputs);
 }
 
+TEST_F(AvmExecutionTests, ExecutorThrowsWithTooMuchGasAllocated)
+{
+    std::string bytecode_hex = to_hex(OpCode::GETENVVAR_16) + // opcode GETENVVAR_16(sender)
+                               "00"                           // Indirect flag
+                               + to_hex(static_cast<uint8_t>(EnvironmentVariable::SENDER)) + "0007"; // addr 7
+
+    std::vector<FF> calldata = {};
+    std::vector<FF> returndata = {};
+    std::vector<FF> public_inputs_vec(PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH, 0);
+    public_inputs_vec[L2_START_GAS_LEFT_PCPI_OFFSET] = MAX_L2_GAS_PER_ENQUEUED_CALL + 1;
+
+    auto bytecode = hex_to_bytes(bytecode_hex);
+    auto instructions = Deserialization::parse(bytecode);
+
+    EXPECT_THROW_WITH_MESSAGE(
+        Execution::gen_trace(instructions, returndata, calldata, public_inputs_vec),
+        "Cannot allocate more than MAX_L2_GAS_PER_ENQUEUED_CALL to the AVM for execution of an enqueued call");
+}
+
 // Should throw whenever the wrong number of public inputs are provided
 TEST_F(AvmExecutionTests, ExecutorThrowsWithIncorrectNumberOfPublicInputs)
 {
-    std::string bytecode_hex = to_hex(OpCode::GETENVVAR_16) +                                        // opcode SENDER
-                               "00"                                                                  // Indirect flag
+    std::string bytecode_hex = to_hex(OpCode::GETENVVAR_16) + // opcode GETENVVAR_16(sender)
+                               "00"                           // Indirect flag
                                + to_hex(static_cast<uint8_t>(EnvironmentVariable::SENDER)) + "0007"; // addr 7
 
     std::vector<FF> calldata = {};
@@ -1774,7 +1793,7 @@ TEST_F(AvmExecutionTests, ExecutorThrowsWithIncorrectNumberOfPublicInputs)
     auto bytecode = hex_to_bytes(bytecode_hex);
     auto instructions = Deserialization::parse(bytecode);
 
-    EXPECT_THROW_WITH_MESSAGE(Execution::gen_trace(instructions, calldata, returndata, public_inputs_vec),
+    EXPECT_THROW_WITH_MESSAGE(Execution::gen_trace(instructions, returndata, calldata, public_inputs_vec),
                               "Public inputs vector is not of PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH");
 }
 

barretenberg/cpp/src/barretenberg/vm/avm/trace/helper.hpp

@@ -37,6 +37,21 @@ template <typename FF_> VmPublicInputs<FF_> convert_public_inputs(std::vector<FF
         throw_or_abort("Public inputs vector is not of PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH");
     }
 
+    // WARNING: this must be constrained by the kernel!
+    // Here this is just a sanity check to prevent generation of proofs that
+    // will be thrown out by the kernel anyway.
+    if constexpr (IsAnyOf<FF_, bb::fr>) {
+        if (public_inputs_vec[L2_START_GAS_LEFT_PCPI_OFFSET] > MAX_L2_GAS_PER_ENQUEUED_CALL) {
+            throw_or_abort(
+                "Cannot allocate more than MAX_L2_GAS_PER_ENQUEUED_CALL to the AVM for execution of an enqueued call");
+        }
+    } else {
+        if (public_inputs_vec[L2_START_GAS_LEFT_PCPI_OFFSET].get_value() > MAX_L2_GAS_PER_ENQUEUED_CALL) {
+            throw_or_abort(
+                "Cannot allocate more than MAX_L2_GAS_PER_ENQUEUED_CALL to the AVM for execution of an enqueued call");
+        }
+    }
+
     std::array<FF_, KERNEL_INPUTS_LENGTH>& kernel_inputs = std::get<KERNEL_INPUTS>(public_inputs);
 
     // Copy items from PublicCircuitPublicInputs vector to public input columns

barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp

@@ -12,6 +12,7 @@
 #define MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL 16
 #define MAX_L1_TO_L2_MSG_READ_REQUESTS_PER_CALL 16
 #define MAX_UNENCRYPTED_LOGS_PER_CALL 4
+#define MAX_L2_GAS_PER_ENQUEUED_CALL 5000000
 #define AZTEC_ADDRESS_LENGTH 1
 #define GAS_FEES_LENGTH 2
 #define GAS_LENGTH 2

l1-contracts/src/core/libraries/ConstantsGen.sol

@@ -117,6 +117,7 @@ library Constants {
     14061769416655647708490531650437236735160113654556896985372298487345;
   uint256 internal constant DEFAULT_GAS_LIMIT = 1000000000;
   uint256 internal constant DEFAULT_TEARDOWN_GAS_LIMIT = 100000000;
+  uint256 internal constant MAX_L2_GAS_PER_ENQUEUED_CALL = 5000000;
   uint256 internal constant DEFAULT_MAX_FEE_PER_GAS = 10;
   uint256 internal constant DEFAULT_INCLUSION_FEE = 0;
   uint256 internal constant DA_BYTES_PER_FIELD = 32;

noir-projects/noir-protocol-circuits/crates/public-kernel-lib/src/components/enqueued_call_data_validator.nr

@@ -5,7 +5,7 @@ use dep::types::{
     kernel_circuit_public_inputs::PublicKernelCircuitPublicInputs, enqueued_call_data::EnqueuedCallData,
     public_call_request::PublicCallRequest, validation_requests::PublicValidationRequestArrayLengths
 },
-    utils::arrays::array_length
+    constants::MAX_L2_GAS_PER_ENQUEUED_CALL, utils::arrays::array_length
 };
 
 pub struct EnqueuedCallDataValidator {
@@ -89,17 +89,23 @@ impl EnqueuedCallDataValidator {
     // Validates that the start gas injected into the vm circuit matches the remaining gas.
     fn validate_start_gas(self, previous_kernel: PublicKernelCircuitPublicInputs) {
         let enqueued_call_start_gas = self.enqueued_call.data.start_gas_left;
+        // NOTE: the AVM circuit will fail to generate a proof if its "start gas" is > MAX_L2_GAS_PER_ENQUEUED_CALL,
+        // so the kernel never allocates more than that maximum to one enqueued call.
         if self.phase != PublicKernelPhase.TEARDOWN {
             // An enqueued call's start gas is the remaining gas left in the transaction after the previous kernel.
             let tx_gas_limits = previous_kernel.constants.tx_context.gas_settings.gas_limits;
-            let computed_start_gas = tx_gas_limits.sub(previous_kernel.end.gas_used).sub(previous_kernel.end_non_revertible.gas_used);
+            let mut computed_start_gas = tx_gas_limits.sub(previous_kernel.end.gas_used).sub(previous_kernel.end_non_revertible.gas_used);
+            // Keep L2 gas below max
+            computed_start_gas.l2_gas = std::cmp::min(computed_start_gas.l2_gas, MAX_L2_GAS_PER_ENQUEUED_CALL);
             assert_eq(
-                enqueued_call_start_gas, computed_start_gas, "Start gas for enqueued call does not match transaction gas left"
+                enqueued_call_start_gas, computed_start_gas, "Start gas for enqueued call does not match transaction gas left (with MAX_L2_GAS_PER_ENQUEUED_CALL applied)"
             );
         } else {
-            let teardown_gas_limit = previous_kernel.constants.tx_context.gas_settings.teardown_gas_limits;
+            let mut teardown_gas_limit = previous_kernel.constants.tx_context.gas_settings.teardown_gas_limits;
+            // Keep L2 gas below max
+            teardown_gas_limit.l2_gas = std::cmp::min(teardown_gas_limit.l2_gas, MAX_L2_GAS_PER_ENQUEUED_CALL);
             assert_eq(
-                enqueued_call_start_gas, teardown_gas_limit, "Start gas for enqueued call does not match teardown gas allocation"
+                enqueued_call_start_gas, teardown_gas_limit, "Start gas for enqueued call does not match teardown gas allocation (with MAX_L2_GAS_PER_ENQUEUED_CALL applied)"
             );
         }
     }

noir-projects/noir-protocol-circuits/crates/types/src/constants.nr

@@ -168,6 +168,7 @@ global DEPLOYER_CONTRACT_INSTANCE_DEPLOYED_MAGIC_VALUE = 0x85864497636cf755ae7bd
 // GAS DEFAULTS
 global DEFAULT_GAS_LIMIT: u32 = 1_000_000_000;
 global DEFAULT_TEARDOWN_GAS_LIMIT: u32 = 100_000_000;
+global MAX_L2_GAS_PER_ENQUEUED_CALL: u32 = 5_000_000;
 global DEFAULT_MAX_FEE_PER_GAS: Field = 10;
 global DEFAULT_INCLUSION_FEE: Field = 0;
 global DA_BYTES_PER_FIELD: u32 = 32;

yarn-project/circuits.js/src/constants.gen.ts

@@ -102,6 +102,7 @@ export const DEPLOYER_CONTRACT_INSTANCE_DEPLOYED_MAGIC_VALUE =
   14061769416655647708490531650437236735160113654556896985372298487345n;
 export const DEFAULT_GAS_LIMIT = 1000000000;
 export const DEFAULT_TEARDOWN_GAS_LIMIT = 100000000;
+export const MAX_L2_GAS_PER_ENQUEUED_CALL = 5000000;
 export const DEFAULT_MAX_FEE_PER_GAS = 10;
 export const DEFAULT_INCLUSION_FEE = 0;
 export const DA_BYTES_PER_FIELD = 32;

yarn-project/circuits.js/src/scripts/constants.in.ts

@@ -78,6 +78,7 @@ const CPP_CONSTANTS = [
   'MEM_TAG_U64',
   'MEM_TAG_U128',
   'MEM_TAG_FF',
+  'MAX_L2_GAS_PER_ENQUEUED_CALL',
 ];
 
 const CPP_GENERATORS: string[] = [];

yarn-project/circuits.js/src/structs/gas.ts

@@ -4,6 +4,7 @@ import { type FieldsOf } from '@aztec/foundation/types';
 
 import { inspect } from 'util';
 
+import { MAX_L2_GAS_PER_ENQUEUED_CALL } from '../constants.gen.js';
 import { type GasFees } from './gas_fees.js';
 import { type UInt32 } from './shared.js';
 
@@ -36,7 +37,7 @@ export class Gas {
 
   /** Returns large enough gas amounts for testing purposes. */
   static test() {
-    return new Gas(1e9, 1e9);
+    return new Gas(1e9, MAX_L2_GAS_PER_ENQUEUED_CALL);
   }
 
   isEmpty() {

yarn-project/simulator/src/avm/avm_simulator.ts

@@ -1,3 +1,4 @@
+import { MAX_L2_GAS_PER_ENQUEUED_CALL } from '@aztec/circuits.js';
 import { type DebugLogger, createDebugLogger } from '@aztec/foundation/log';
 
 import { strict as assert } from 'assert';
@@ -21,6 +22,10 @@ export class AvmSimulator {
   private bytecode: Buffer | undefined;
 
   constructor(private context: AvmContext) {
+    assert(
+      context.machineState.gasLeft.l2Gas <= MAX_L2_GAS_PER_ENQUEUED_CALL,
+      `Cannot allocate more than ${MAX_L2_GAS_PER_ENQUEUED_CALL} to the AVM for execution of an enqueued call`,
+    );
     this.log = createDebugLogger(`aztec:avm_simulator:core(f:${context.environment.functionSelector.toString()})`);
   }