openvm_rv32im_circuit/mulh/

core.rs

use std::{
    array,
    borrow::{Borrow, BorrowMut},
};

use openvm_circuit::{
    arch::*,
    system::memory::{online::TracingMemory, MemoryAuxColsFactory},
};
use openvm_circuit_primitives::{
    bitwise_op_lookup::{BitwiseOperationLookupBus, SharedBitwiseOperationLookupChip},
    range_tuple::{RangeTupleCheckerBus, SharedRangeTupleCheckerChip},
    AlignedBytesBorrow,
};
use openvm_circuit_primitives_derive::AlignedBorrow;
use openvm_instructions::{instruction::Instruction, program::DEFAULT_PC_STEP, LocalOpcode};
use openvm_rv32im_transpiler::MulHOpcode;
use openvm_stark_backend::{
    interaction::InteractionBuilder,
    p3_air::{AirBuilder, BaseAir},
    p3_field::{Field, FieldAlgebra, PrimeField32},
    rap::BaseAirWithPublicValues,
};
use strum::IntoEnumIterator;

#[repr(C)]
#[derive(AlignedBorrow)]
pub struct MulHCoreCols<T, const NUM_LIMBS: usize, const LIMB_BITS: usize> {
    pub a: [T; NUM_LIMBS],
    pub b: [T; NUM_LIMBS],
    pub c: [T; NUM_LIMBS],

    pub a_mul: [T; NUM_LIMBS],
    pub b_ext: T,
    pub c_ext: T,

    pub opcode_mulh_flag: T,
    pub opcode_mulhsu_flag: T,
    pub opcode_mulhu_flag: T,
}

#[derive(Copy, Clone, Debug, derive_new::new)]
pub struct MulHCoreAir<const NUM_LIMBS: usize, const LIMB_BITS: usize> {
    pub bitwise_lookup_bus: BitwiseOperationLookupBus,
    pub range_tuple_bus: RangeTupleCheckerBus<2>,
}

impl<F: Field, const NUM_LIMBS: usize, const LIMB_BITS: usize> BaseAir<F>
    for MulHCoreAir<NUM_LIMBS, LIMB_BITS>
{
    fn width(&self) -> usize {
        MulHCoreCols::<F, NUM_LIMBS, LIMB_BITS>::width()
    }
}
impl<F: Field, const NUM_LIMBS: usize, const LIMB_BITS: usize> BaseAirWithPublicValues<F>
    for MulHCoreAir<NUM_LIMBS, LIMB_BITS>
{
}

impl<AB, I, const NUM_LIMBS: usize, const LIMB_BITS: usize> VmCoreAir<AB, I>
    for MulHCoreAir<NUM_LIMBS, LIMB_BITS>
where
    AB: InteractionBuilder,
    I: VmAdapterInterface<AB::Expr>,
    I::Reads: From<[[AB::Expr; NUM_LIMBS]; 2]>,
    I::Writes: From<[[AB::Expr; NUM_LIMBS]; 1]>,
    I::ProcessedInstruction: From<MinimalInstruction<AB::Expr>>,
{
    fn eval(
        &self,
        builder: &mut AB,
        local_core: &[AB::Var],
        _from_pc: AB::Var,
    ) -> AdapterAirContext<AB::Expr, I> {
        let cols: &MulHCoreCols<_, NUM_LIMBS, LIMB_BITS> = local_core.borrow();
        let flags = [
            cols.opcode_mulh_flag,
            cols.opcode_mulhsu_flag,
            cols.opcode_mulhu_flag,
        ];

        let is_valid = flags.iter().fold(AB::Expr::ZERO, |acc, &flag| {
            builder.assert_bool(flag);
            acc + flag.into()
        });
        builder.assert_bool(is_valid.clone());

        let b = &cols.b;
        let c = &cols.c;
        let carry_divide = AB::F::from_canonical_u32(1 << LIMB_BITS).inverse();

        // Note b * c = a << LIMB_BITS + a_mul, in order to constrain that a is correct we
        // need to compute the carries generated by a_mul.
        let a_mul = &cols.a_mul;
        let mut carry_mul: [AB::Expr; NUM_LIMBS] = array::from_fn(|_| AB::Expr::ZERO);

        for i in 0..NUM_LIMBS {
            let expected_limb = if i == 0 {
                AB::Expr::ZERO
            } else {
                carry_mul[i - 1].clone()
            } + (0..=i).fold(AB::Expr::ZERO, |ac, k| ac + (b[k] * c[i - k]));
            carry_mul[i] = AB::Expr::from(carry_divide) * (expected_limb - a_mul[i]);
        }

        for (a_mul, carry_mul) in a_mul.iter().zip(carry_mul.iter()) {
            self.range_tuple_bus
                .send(vec![(*a_mul).into(), carry_mul.clone()])
                .eval(builder, is_valid.clone());
        }

        // We can now constrain that a is correct using carry_mul[NUM_LIMBS - 1]
        let a = &cols.a;
        let mut carry: [AB::Expr; NUM_LIMBS] = array::from_fn(|_| AB::Expr::ZERO);

        for j in 0..NUM_LIMBS {
            let expected_limb = if j == 0 {
                carry_mul[NUM_LIMBS - 1].clone()
            } else {
                carry[j - 1].clone()
            } + ((j + 1)..NUM_LIMBS)
                .fold(AB::Expr::ZERO, |acc, k| acc + (b[k] * c[NUM_LIMBS + j - k]))
                + (0..(j + 1)).fold(AB::Expr::ZERO, |acc, k| {
                    acc + (b[k] * cols.c_ext) + (c[k] * cols.b_ext)
                });
            carry[j] = AB::Expr::from(carry_divide) * (expected_limb - a[j]);
        }

        for (a, carry) in a.iter().zip(carry.iter()) {
            self.range_tuple_bus
                .send(vec![(*a).into(), carry.clone()])
                .eval(builder, is_valid.clone());
        }

        // Check that b_ext and c_ext are correct using bitwise lookup. We check
        // both b and c when the opcode is MULH, and only b when MULHSU.
        let sign_mask = AB::F::from_canonical_u32(1 << (LIMB_BITS - 1));
        let ext_inv = AB::F::from_canonical_u32((1 << LIMB_BITS) - 1).inverse();
        let b_sign = cols.b_ext * ext_inv;
        let c_sign = cols.c_ext * ext_inv;

        builder.assert_bool(b_sign.clone());
        builder.assert_bool(c_sign.clone());
        builder
            .when(cols.opcode_mulhu_flag)
            .assert_zero(b_sign.clone());
        builder
            .when(cols.opcode_mulhu_flag + cols.opcode_mulhsu_flag)
            .assert_zero(c_sign.clone());

        self.bitwise_lookup_bus
            .send_range(
                AB::Expr::from_canonical_u32(2) * (b[NUM_LIMBS - 1] - b_sign * sign_mask),
                (cols.opcode_mulh_flag + AB::Expr::ONE) * (c[NUM_LIMBS - 1] - c_sign * sign_mask),
            )
            .eval(builder, cols.opcode_mulh_flag + cols.opcode_mulhsu_flag);

        let expected_opcode = VmCoreAir::<AB, I>::expr_to_global_expr(
            self,
            flags.iter().zip(MulHOpcode::iter()).fold(
                AB::Expr::ZERO,
                |acc, (flag, local_opcode)| {
                    acc + (*flag).into() * AB::Expr::from_canonical_u8(local_opcode as u8)
                },
            ),
        );

        AdapterAirContext {
            to_pc: None,
            reads: [cols.b.map(Into::into), cols.c.map(Into::into)].into(),
            writes: [cols.a.map(Into::into)].into(),
            instruction: MinimalInstruction {
                is_valid,
                opcode: expected_opcode,
            }
            .into(),
        }
    }

    fn start_offset(&self) -> usize {
        MulHOpcode::CLASS_OFFSET
    }
}

#[repr(C)]
#[derive(AlignedBytesBorrow, Debug)]
pub struct MulHCoreRecord<const NUM_LIMBS: usize, const LIMB_BITS: usize> {
    pub b: [u8; NUM_LIMBS],
    pub c: [u8; NUM_LIMBS],
    pub local_opcode: u8,
}

#[derive(Clone, Copy, derive_new::new)]
pub struct MulHExecutor<A, const NUM_LIMBS: usize, const LIMB_BITS: usize> {
    adapter: A,
    pub offset: usize,
}

#[derive(Clone)]
pub struct MulHFiller<A, const NUM_LIMBS: usize, const LIMB_BITS: usize> {
    adapter: A,
    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<LIMB_BITS>,
    pub range_tuple_chip: SharedRangeTupleCheckerChip<2>,
}

impl<A, const NUM_LIMBS: usize, const LIMB_BITS: usize> MulHFiller<A, NUM_LIMBS, LIMB_BITS> {
    pub fn new(
        adapter: A,
        bitwise_lookup_chip: SharedBitwiseOperationLookupChip<LIMB_BITS>,
        range_tuple_chip: SharedRangeTupleCheckerChip<2>,
    ) -> Self {
        // The RangeTupleChecker is used to range check (a[i], carry[i]) pairs where 0 <= i
        // < 2 * NUM_LIMBS. a[i] must have LIMB_BITS bits and carry[i] is the sum of i + 1
        // bytes (with LIMB_BITS bits). BitwiseOperationLookup is used to sign check bytes.
        debug_assert!(
            range_tuple_chip.sizes()[0] == 1 << LIMB_BITS,
            "First element of RangeTupleChecker must have size {}",
            1 << LIMB_BITS
        );
        debug_assert!(
            range_tuple_chip.sizes()[1] >= (1 << LIMB_BITS) * 2 * NUM_LIMBS as u32,
            "Second element of RangeTupleChecker must have size of at least {}",
            (1 << LIMB_BITS) * 2 * NUM_LIMBS as u32
        );

        Self {
            adapter,
            bitwise_lookup_chip,
            range_tuple_chip,
        }
    }
}

impl<F, A, RA, const NUM_LIMBS: usize, const LIMB_BITS: usize> PreflightExecutor<F, RA>
    for MulHExecutor<A, NUM_LIMBS, LIMB_BITS>
where
    F: PrimeField32,
    A: 'static
        + AdapterTraceExecutor<
            F,
            ReadData: Into<[[u8; NUM_LIMBS]; 2]>,
            WriteData: From<[[u8; NUM_LIMBS]; 1]>,
        >,
    for<'buf> RA: RecordArena<
        'buf,
        EmptyAdapterCoreLayout<F, A>,
        (
            A::RecordMut<'buf>,
            &'buf mut MulHCoreRecord<NUM_LIMBS, LIMB_BITS>,
        ),
    >,
{
    fn get_opcode_name(&self, opcode: usize) -> String {
        format!(
            "{:?}",
            MulHOpcode::from_usize(opcode - MulHOpcode::CLASS_OFFSET)
        )
    }

    fn execute(
        &self,
        state: VmStateMut<F, TracingMemory, RA>,
        instruction: &Instruction<F>,
    ) -> Result<(), ExecutionError> {
        let Instruction { opcode, .. } = instruction;

        let (mut adapter_record, core_record) = state.ctx.alloc(EmptyAdapterCoreLayout::new());

        A::start(*state.pc, state.memory, &mut adapter_record);

        core_record.local_opcode = opcode.local_opcode_idx(MulHOpcode::CLASS_OFFSET) as u8;
        let mulh_opcode = MulHOpcode::from_usize(core_record.local_opcode as usize);

        [core_record.b, core_record.c] = self
            .adapter
            .read(state.memory, instruction, &mut adapter_record)
            .into();

        let (a, _, _, _, _) = run_mulh::<NUM_LIMBS, LIMB_BITS>(
            mulh_opcode,
            &core_record.b.map(u32::from),
            &core_record.c.map(u32::from),
        );

        let a = a.map(|x| x as u8);
        self.adapter
            .write(state.memory, instruction, [a].into(), &mut adapter_record);

        *state.pc = state.pc.wrapping_add(DEFAULT_PC_STEP);

        Ok(())
    }
}

impl<F, A, const NUM_LIMBS: usize, const LIMB_BITS: usize> TraceFiller<F>
    for MulHFiller<A, NUM_LIMBS, LIMB_BITS>
where
    F: PrimeField32,
    A: 'static + AdapterTraceFiller<F>,
{
    fn fill_trace_row(&self, mem_helper: &MemoryAuxColsFactory<F>, row_slice: &mut [F]) {
        // SAFETY: row_slice is guaranteed by the caller to have at least A::WIDTH +
        // MulHCoreCols::width() elements
        let (adapter_row, mut core_row) = unsafe { row_slice.split_at_mut_unchecked(A::WIDTH) };
        self.adapter.fill_trace_row(mem_helper, adapter_row);
        // SAFETY: core_row contains a valid MulHCoreRecord written by the executor
        // during trace generation
        let record: &MulHCoreRecord<NUM_LIMBS, LIMB_BITS> =
            unsafe { get_record_from_slice(&mut core_row, ()) };
        let core_row: &mut MulHCoreCols<F, NUM_LIMBS, LIMB_BITS> = core_row.borrow_mut();

        let opcode = MulHOpcode::from_usize(record.local_opcode as usize);
        let (a, a_mul, carry, b_ext, c_ext) = run_mulh::<NUM_LIMBS, LIMB_BITS>(
            opcode,
            &record.b.map(u32::from),
            &record.c.map(u32::from),
        );

        for i in 0..NUM_LIMBS {
            self.range_tuple_chip.add_count(&[a_mul[i], carry[i]]);
            self.range_tuple_chip
                .add_count(&[a[i], carry[NUM_LIMBS + i]]);
        }

        if opcode != MulHOpcode::MULHU {
            let b_sign_mask = if b_ext == 0 { 0 } else { 1 << (LIMB_BITS - 1) };
            let c_sign_mask = if c_ext == 0 { 0 } else { 1 << (LIMB_BITS - 1) };
            self.bitwise_lookup_chip.request_range(
                (record.b[NUM_LIMBS - 1] as u32 - b_sign_mask) << 1,
                (record.c[NUM_LIMBS - 1] as u32 - c_sign_mask)
                    << ((opcode == MulHOpcode::MULH) as u32),
            );
        }

        // Write in reverse order
        core_row.opcode_mulhu_flag = F::from_bool(opcode == MulHOpcode::MULHU);
        core_row.opcode_mulhsu_flag = F::from_bool(opcode == MulHOpcode::MULHSU);
        core_row.opcode_mulh_flag = F::from_bool(opcode == MulHOpcode::MULH);
        core_row.c_ext = F::from_canonical_u32(c_ext);
        core_row.b_ext = F::from_canonical_u32(b_ext);
        core_row.a_mul = a_mul.map(F::from_canonical_u32);
        core_row.c = record.c.map(F::from_canonical_u8);
        core_row.b = record.b.map(F::from_canonical_u8);
        core_row.a = a.map(F::from_canonical_u32);
    }
}

// returns mulh[[s]u], mul, carry, x_ext, y_ext
#[inline(always)]
pub(super) fn run_mulh<const NUM_LIMBS: usize, const LIMB_BITS: usize>(
    opcode: MulHOpcode,
    x: &[u32; NUM_LIMBS],
    y: &[u32; NUM_LIMBS],
) -> ([u32; NUM_LIMBS], [u32; NUM_LIMBS], Vec<u32>, u32, u32) {
    let mut mul = [0; NUM_LIMBS];
    let mut carry = vec![0; 2 * NUM_LIMBS];
    for i in 0..NUM_LIMBS {
        if i > 0 {
            mul[i] = carry[i - 1];
        }
        for j in 0..=i {
            mul[i] += x[j] * y[i - j];
        }
        carry[i] = mul[i] >> LIMB_BITS;
        mul[i] %= 1 << LIMB_BITS;
    }

    let x_ext = (x[NUM_LIMBS - 1] >> (LIMB_BITS - 1))
        * if opcode == MulHOpcode::MULHU {
            0
        } else {
            (1 << LIMB_BITS) - 1
        };
    let y_ext = (y[NUM_LIMBS - 1] >> (LIMB_BITS - 1))
        * if opcode == MulHOpcode::MULH {
            (1 << LIMB_BITS) - 1
        } else {
            0
        };

    let mut mulh = [0; NUM_LIMBS];
    let mut x_prefix = 0;
    let mut y_prefix = 0;

    for i in 0..NUM_LIMBS {
        x_prefix += x[i];
        y_prefix += y[i];
        mulh[i] = carry[NUM_LIMBS + i - 1] + x_prefix * y_ext + y_prefix * x_ext;
        for j in (i + 1)..NUM_LIMBS {
            mulh[i] += x[j] * y[NUM_LIMBS + i - j];
        }
        carry[NUM_LIMBS + i] = mulh[i] >> LIMB_BITS;
        mulh[i] %= 1 << LIMB_BITS;
    }

    (mulh, mul, carry, x_ext, y_ext)
}