Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: avoid overflows in integer division #2180

Merged
merged 8 commits into from
Sep 11, 2023
Merged

fix: avoid overflows in integer division #2180

merged 8 commits into from
Sep 11, 2023

Conversation

guipublic
Copy link
Contributor

@guipublic guipublic commented Aug 4, 2023

Description

Ensure that no overflow occurs in euclidian division.

Unfortunately the added check is not compatible with our truncation so I had to re-work it.
This could be avoided if we disallow truncation for field elements. In doing so this would:

  • break modulo operation for fields
  • break casting of field elements into sized integers

The first point is fine IMHO, since we already forbid field comparison because it is not consistent across field elements (0<3 but 3<p for instance).
Indeed, modulo is also inconsistent across field elements (0%2=0 but p%2=1 for instance)

For the second point, we could change the semantic of casting and make x as u32 becomes simply a 32 bits range check.

Problem*

Euclidian division was not checking for overflow. This is a big issue since it means noir is producing under-constrained code. For instance, the prime order of the noir native field is odd, so p=2k+1, which means that p%2=1. But we can also have p=0*2+0, which means that p%2=0. The latter does not overflow.

Related to #1604

Summary*

We add a check in euclidian division to ensure that the result 'qb+r' does not overflow.
But this also means that euclidian division cannot be performed on unbounded integers anymore, which has impact on the truncation operation.
This is resolved by reducing the input to a bit size less than the field modulus (with some margin).
As discussed in the description, this can be avoided if we change the semantic of the casting in noir.

Documentation

  • This PR requires documentation updates when merged.

    • I will submit a noir-lang/docs PR.
    • I will request for and support Dev Rel's help in documenting this PR.

Additional Context

PR Checklist*

  • I have tested the changes locally.
  • I have formatted the changes with Prettier and/or cargo fmt on default settings.

@guipublic guipublic added this pull request to the merge queue Sep 11, 2023
Merged via the queue into master with commit 6665210 Sep 11, 2023
@guipublic guipublic deleted the gd/issue_1604 branch September 11, 2023 16:49
TomAFrench added a commit that referenced this pull request Sep 11, 2023
* master:
  chore(ci): reenable CI for `noir_wasm` (#2636)
  fix: avoid overflows in integer division (#2180)
  chore(ci): Nightly Integration testing  (#2596)
  feat(parser): allow multiple attributes (#2537)
  feat(nargo): Allow installing custom backends from the CLI (#2632)
TomAFrench added a commit that referenced this pull request Sep 11, 2023
* master:
  chore: Move tooling related items into their own directory (#2644)
  chore: add `CompilationResult` helper type (#2639)
  fix: initialise arrays returned by brillig (#2048)
  chore: clippy fix (#2631)
  fix(wasm): Remove stacker from dependencies (#2637)
  chore(ci): reenable CI for `noir_wasm` (#2636)
  fix: avoid overflows in integer division (#2180)
  chore(ci): Nightly Integration testing  (#2596)
  feat(parser): allow multiple attributes (#2537)
  feat(nargo): Allow installing custom backends from the CLI (#2632)
  chore(ci): enforce clippy and `cargo fmt` in CI (#2628)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants