AztecProtocol · maramihali · Apr 30, 2024 · Jul 25, 2023 · Jul 26, 2023 · Jul 26, 2023
diff --git a/barretenberg/README.md b/barretenberg/README.md
@@ -85,7 +85,7 @@ Or install from a package manager, on Ubuntu:
 sudo apt-get install libomp-dev
 ```
 
-> Note: on a fresh Ubuntu Kinetic installation, installing OpenMP from source yields a `Could NOT find OpenMP_C (missing: OpenMP_omp_LIBRARY) (found version "5.0")` error when trying to build Barretenberg. Installing from apt worked fine.
+> Note: on a fresh Ubuntu lunar installation, installing OpenMP from source yields a `Could NOT find OpenMP_C (missing: OpenMP_omp_LIBRARY) (found version "5.0")` error when trying to build Barretenberg. Installing from apt worked fine.
 
 ### Getting started
 

diff --git a/barretenberg/cpp/src/barretenberg/benchmark/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/benchmark/CMakeLists.txt
@@ -5,6 +5,7 @@ add_subdirectory(ipa_bench)
 add_subdirectory(client_ivc_bench)
 add_subdirectory(pippenger_bench)
 add_subdirectory(plonk_bench)
+add_subdirectory(simulator_bench)
 add_subdirectory(protogalaxy_bench)
 add_subdirectory(protogalaxy_rounds_bench)
 add_subdirectory(relations_bench)

diff --git a/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/CMakeLists.txt
@@ -0,0 +1 @@
+ barretenberg_module(simulator_bench stdlib_honk_recursion stdlib_sha256 crypto_merkle_tree) 
diff --git a/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp
@@ -0,0 +1,126 @@
+#include "barretenberg/goblin/goblin.hpp"
+#include "barretenberg/goblin/mock_circuits.hpp"
+#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
+#include <benchmark/benchmark.h>
+
+using namespace benchmark;
+using namespace bb;
+
+namespace {
+template <typename RecursiveFlavor> class SimulatorFixture : public benchmark::Fixture {
+
+  public:
+    using Flavor = typename RecursiveFlavor::NativeFlavor;
+    using ProverInstance = ProverInstance_<Flavor>;
+    using Builder = typename Flavor::CircuitBuilder;
+    using VerificationKey = typename Flavor::VerificationKey;
+    using CircuitSimulator = typename RecursiveFlavor::CircuitBuilder;
+    using SimulatingVerifier = stdlib::recursion::honk::UltraRecursiveVerifier_<RecursiveFlavor>;
+    SimulatorFixture() = default;
+
+    struct VerifierInput {
+        HonkProof proof;
+        std::shared_ptr<typename Flavor::VerificationKey> verification_key;
+    };
+
+    void SetUp([[maybe_unused]] const ::benchmark::State& state) override
+    {
+        bb::srs::init_crs_factory("../srs_db/ignition");
+        bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");
+    }
+
+    static VerifierInput create_proof_goblin_builder(bool large = false)
+    {
+
+        auto builder = construct_mock_function_circuit(large);
+        auto instance = std::make_shared<ProverInstance>(builder);
+        UltraProver_<Flavor> prover(instance);
+        auto ultra_proof = prover.construct_proof();
+        auto verification_key = std::make_shared<VerificationKey>(instance->proving_key);
+        return { ultra_proof, verification_key };
+    }
+
+    static Builder construct_mock_function_circuit(bool large = false)
+    {
+        using InnerCurve = bb::stdlib::bn254<Builder>;
+
+        using fr_ct = InnerCurve::ScalarField;
+        using point_ct = InnerCurve::AffineElement;
+        using fr = typename InnerCurve::ScalarFieldNative;
+        using point = typename InnerCurve::GroupNative::affine_element;
+        Builder builder;
+
+        // Add some arbitrary goblin-style ECC op gates via a batch mul
+        size_t num_points = 5;
+        std::vector<point_ct> circuit_points;
+        std::vector<fr_ct> circuit_scalars;
+        for (size_t i = 0; i < num_points; ++i) {
+            circuit_points.push_back(point_ct::from_witness(&builder, point::random_element()));
+            circuit_scalars.push_back(fr_ct::from_witness(&builder, fr::random_element()));
+        }
+        point_ct::batch_mul(circuit_points, circuit_scalars);
+
+        // Determine number of times to execute the below operations that constitute the mock circuit logic. Note
+        // that the circuit size does not scale linearly with number of iterations due to e.g. amortization of lookup
+
+        const size_t NUM_ITERATIONS_LARGE = 12; // results in circuit size 2^19 (502238 gates)
+        const size_t NUM_ITERATIONS_MEDIUM = 3; // results in circuit size 2^17 (124843 gates)
+        const size_t NUM_ITERATIONS = large ? NUM_ITERATIONS_LARGE : NUM_ITERATIONS_MEDIUM;
+
+        stdlib::generate_sha256_test_circuit(builder, NUM_ITERATIONS);             // min gates: ~39k
+        stdlib::generate_ecdsa_verification_test_circuit(builder, NUM_ITERATIONS); // min gates: ~41k
+        stdlib::generate_merkle_membership_test_circuit(builder, NUM_ITERATIONS);  // min gates: ~29k
+
+        return builder;
+    }
+};
+
+BENCHMARK_TEMPLATE_F(SimulatorFixture, GoblinNative, bb::GoblinUltraRecursiveFlavor_<bb::CircuitSimulatorBN254>)
+(benchmark::State& state)
+{
+    auto verifier_input = SimulatorFixture::create_proof_goblin_builder();
+    for (auto _ : state) {
+        UltraVerifier_<typename SimulatorFixture::Flavor> ultra_verifier{ verifier_input.verification_key };
+        ultra_verifier.verify_proof((verifier_input.proof));
+    }
+}
+
+BENCHMARK_TEMPLATE_F(SimulatorFixture, GoblinSimulated, bb::GoblinUltraRecursiveFlavor_<bb::CircuitSimulatorBN254>)
+(benchmark::State& state)
+{
+    auto verifier_input = SimulatorFixture::create_proof_goblin_builder();
+    for (auto _ : state) {
+        typename SimulatorFixture::CircuitSimulator simulator;
+        typename SimulatorFixture::SimulatingVerifier ultra_verifier{ &simulator, verifier_input.verification_key };
+        ultra_verifier.verify_proof((verifier_input.proof));
+    }
+}
+
+BENCHMARK_TEMPLATE_F(SimulatorFixture, UltraNative, bb::UltraRecursiveFlavor_<bb::CircuitSimulatorBN254>)
+(benchmark::State& state)
+{
+    auto verifier_input = SimulatorFixture::create_proof_goblin_builder();
+    for (auto _ : state) {
+        UltraVerifier_<typename SimulatorFixture::Flavor> ultra_verifier{ verifier_input.verification_key };
+        ultra_verifier.verify_proof((verifier_input.proof));
+    }
+}
+
+BENCHMARK_TEMPLATE_F(SimulatorFixture, UltraSimulated, bb::UltraRecursiveFlavor_<bb::CircuitSimulatorBN254>)
+(benchmark::State& state)
+{
+    auto verifier_input = SimulatorFixture::create_proof_goblin_builder();
+    for (auto _ : state) {
+        typename SimulatorFixture::CircuitSimulator simulator;
+        typename SimulatorFixture::SimulatingVerifier ultra_verifier{ &simulator, verifier_input.verification_key };
+        ultra_verifier.verify_proof((verifier_input.proof));
+    }
+}
+
+BENCHMARK_REGISTER_F(SimulatorFixture, GoblinSimulated)->Unit(benchmark::kMillisecond);
+BENCHMARK_REGISTER_F(SimulatorFixture, UltraSimulated)->Unit(benchmark::kMillisecond);
+BENCHMARK_REGISTER_F(SimulatorFixture, GoblinNative)->Unit(benchmark::kMillisecond);
+BENCHMARK_REGISTER_F(SimulatorFixture, UltraNative)->Unit(benchmark::kMillisecond);
+
+} // namespace
+BENCHMARK_MAIN();
diff --git a/barretenberg/cpp/src/barretenberg/circuit_checker/circuit_checker.hpp b/barretenberg/cpp/src/barretenberg/circuit_checker/circuit_checker.hpp
@@ -12,7 +12,8 @@ concept IsCheckable = bb::IsAnyOf<T,
                                   StandardCircuitBuilder_<bb::fr>,
                                   StandardCircuitBuilder_<bb::fq>,
                                   UltraCircuitBuilder,
-                                  GoblinUltraCircuitBuilder>;
+                                  GoblinUltraCircuitBuilder,
+                                  CircuitSimulatorBN254>;
 
 /**
  * @brief The unified interface for check circuit functionality implemented in the specialized CircuitChecker classes
@@ -28,6 +29,8 @@ class CircuitChecker {
             return UltraCircuitChecker::check(builder);
         } else if constexpr (IsStandardBuilder<Builder>) {
             return StandardCircuitChecker::check(builder);
+        } else if constexpr (IsSimulator<Builder>) {
+            return SimulatorCircuitChecker::check(builder);
         } else {
             return false;
         }

diff --git a/barretenberg/cpp/src/barretenberg/crypto/ecdsa/ecdsa.hpp b/barretenberg/cpp/src/barretenberg/crypto/ecdsa/ecdsa.hpp
@@ -30,6 +30,7 @@ ecdsa_signature ecdsa_construct_signature(const std::string& message, const ecds
 template <typename Hash, typename Fq, typename Fr, typename G1>
 typename G1::affine_element ecdsa_recover_public_key(const std::string& message, const ecdsa_signature& sig);
 
+// TODO(https://github.com/AztecProtocol/barretenberg/issues/659)
 template <typename Hash, typename Fq, typename Fr, typename G1>
 bool ecdsa_verify_signature(const std::string& message,
                             const typename G1::affine_element& public_key,

diff --git a/barretenberg/cpp/src/barretenberg/crypto/merkle_tree/membership.hpp b/barretenberg/cpp/src/barretenberg/crypto/merkle_tree/membership.hpp
@@ -101,6 +101,7 @@ void assert_check_subtree_membership(field_t<Builder> const& root,
                                      std::string const& msg = "assert_check_subtree_membership")
 {
     auto exists = check_subtree_membership(root, hashes, value, index, at_height, is_updating_tree);
+    exists.context = root.context;
     exists.assert_equal(true, msg);
 }
 

diff --git a/barretenberg/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc b/barretenberg/cpp/src/barretenberg/crypto/schnorr/schnorr.tcc
@@ -23,6 +23,7 @@ namespace bb::crypto {
  *
  * @tparam Hash the hash-function used as random-oracle
  * @tparam G1 Group over which the signature is produced
+ * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/659)
  * @param message what are we signing over?
  * @param pubkey the pubkey of the signer
  * @param R the nonce

diff --git a/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp b/barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.cpp
@@ -220,7 +220,11 @@ void compute_wnaf_states(uint64_t* point_schedule,
     }
 
     parallel_for(num_threads, [&](size_t i) {
-        Fr T0;
+        // NOTE: to appease GCC array-bounds checks, we need an extra Fr at the end of 'T0'
+        // This is why it is an Fr[2]. Otherwise, GCC really doesn't like us type-punning in endo_scalar_upper_limbs as
+        // it encompasses undefined memory (even though it doesn't use it).
+        Fr T0_buffer[2];
+        Fr& T0 = T0_buffer[0];
         uint64_t* wnaf_table = &point_schedule[(2 * i) * num_initial_points_per_thread];
         const Fr* thread_scalars = &scalars[i * num_initial_points_per_thread];
         bool* skew_table = &input_skew_table[(2 * i) * num_initial_points_per_thread];

diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp
@@ -343,22 +343,26 @@ concept IsUltraFlavor = IsAnyOf<T, UltraFlavor, GoblinUltraFlavor>;
 template <typename T> 
 concept IsGoblinFlavor = IsAnyOf<T, GoblinUltraFlavor,
                                     GoblinUltraRecursiveFlavor_<UltraCircuitBuilder>,
-                                    GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>>;
+                                    GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, GoblinUltraRecursiveFlavor_<CircuitSimulatorBN254>>;
 
 template <typename T> 
 concept IsRecursiveFlavor = IsAnyOf<T, UltraRecursiveFlavor_<UltraCircuitBuilder>, 
                                        UltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, 
+                                       UltraRecursiveFlavor_<CircuitSimulatorBN254>,
                                        GoblinUltraRecursiveFlavor_<UltraCircuitBuilder>,
-                                       GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>>;
+                                       GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>
+,GoblinUltraRecursiveFlavor_<CircuitSimulatorBN254>>;
 
-template <typename T> concept IsGrumpkinFlavor = IsAnyOf<T, ECCVMFlavor>;
+
+template <typename T> concept IπsGrumpkinFlavor = IsAnyOf<T, ECCVMFlavor>;
 
 template <typename T> concept IsFoldingFlavor = IsAnyOf<T, UltraFlavor, 
                                                            GoblinUltraFlavor, 
                                                            UltraRecursiveFlavor_<UltraCircuitBuilder>, 
                                                            UltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, 
+                                                           UltraRecursiveFlavor_<CircuitSimulatorBN254>,
                                                            GoblinUltraRecursiveFlavor_<UltraCircuitBuilder>, 
-                                                           GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>>;
+                                                           GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, GoblinUltraRecursiveFlavor_<CircuitSimulatorBN254>>;
 
 template <typename Container, typename Element>
 inline std::string flavor_get_label(Container&& container, const Element& element) {

diff --git a/barretenberg/cpp/src/barretenberg/flavor/plonk_flavors.hpp b/barretenberg/cpp/src/barretenberg/flavor/plonk_flavors.hpp
@@ -2,6 +2,7 @@
 #include "barretenberg/flavor/flavor.hpp"
 #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp"
 #include "barretenberg/plonk/transcript/transcript.hpp"
+#include "barretenberg/stdlib_circuit_builders/circuit_simulator.hpp"
 #include "barretenberg/stdlib_circuit_builders/standard_circuit_builder.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
 
@@ -151,4 +152,15 @@ class Ultra {
         return output;
     }
 };
-} // namespace bb::plonk::flavor
+
+// TODO(https://github.com/AztecProtocol/barretenberg/issues/672)
+class SimulatorBN254 {
+  public:
+    using CircuitBuilder = bb::CircuitSimulatorBN254;
+    static transcript::Manifest create_manifest(const size_t num_public_inputs)
+    {
+        return Ultra::create_manifest(num_public_inputs);
+    }
+};
+
+} // namespace bb::plonk::flavor
diff --git a/barretenberg/cpp/src/barretenberg/numeric/bitop/count_leading_zeros.hpp b/barretenberg/cpp/src/barretenberg/numeric/bitop/count_leading_zeros.hpp
@@ -10,19 +10,17 @@ namespace bb::numeric {
  * Implemented in terms of intrinsics which will use instructions such as `bsr` or `lzcnt` for best performance.
  * Undefined behavior when input is 0.
  */
-template <typename T> constexpr inline size_t count_leading_zeros(T const& u);
-
-template <> constexpr inline size_t count_leading_zeros<uint32_t>(uint32_t const& u)
+constexpr inline size_t count_leading_zeros(uint32_t const& u)
 {
     return static_cast<size_t>(__builtin_clz(u));
 }
 
-template <> constexpr inline size_t count_leading_zeros<uint64_t>(uint64_t const& u)
+constexpr inline size_t count_leading_zeros(uint64_t const& u)
 {
     return static_cast<size_t>(__builtin_clzll(u));
 }
 
-template <> constexpr inline size_t count_leading_zeros<uint128_t>(uint128_t const& u)
+constexpr inline size_t count_leading_zeros(uint128_t const& u)
 {
     auto hi = static_cast<uint64_t>(u >> 64);
     if (hi != 0U) {
@@ -32,7 +30,7 @@ template <> constexpr inline size_t count_leading_zeros<uint128_t>(uint128_t con
     return static_cast<size_t>(__builtin_clzll(lo)) + 64;
 }
 
-template <> constexpr inline size_t count_leading_zeros<uint256_t>(uint256_t const& u)
+constexpr inline size_t count_leading_zeros(uint256_t const& u)
 {
     if (u.data[3] != 0U) {
         return count_leading_zeros(u.data[3]);

diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/merkle_hash_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/merkle_hash_type.hpp
@@ -1,6 +1,6 @@
 #pragma once
 
 namespace bb::merkle {
-// TODO(Cody) Get rid of this?
-enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN };
-} // namespace bb::merkle
+// TODO(https://github.com/AztecProtocol/barretenberg/issues/426)
+enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, NONE };
+} // namespace bb::merkle
diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/pedersen_commitment_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/pedersen_commitment_type.hpp
@@ -1,6 +1,6 @@
 #pragma once
 
 namespace bb::pedersen {
-// TODO(Cody) Get rid of this?
-enum CommitmentType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN };
-} // namespace bb::pedersen
+// TODO(https://github.com/AztecProtocol/barretenberg/issues/426)
+enum CommitmentType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, NONE };
+} // namespace bb::pedersen
diff --git a/barretenberg/cpp/src/barretenberg/polynomials/barycentric.hpp b/barretenberg/cpp/src/barretenberg/polynomials/barycentric.hpp
@@ -14,7 +14,6 @@
    2) Precomputing for all possible size pairs is probably feasible and might be a better solution than instantiating
    many instances separately. Then perhaps we could infer input type to `extend`.
 
-   3) There should be more thorough testing of this class in isolation.
  */
 namespace bb {
 

diff --git a/barretenberg/cpp/src/barretenberg/smt_verification/smt_polynomials.test.cpp b/barretenberg/cpp/src/barretenberg/smt_verification/smt_polynomials.test.cpp
@@ -109,4 +109,4 @@ TEST(polynomial_evaluation, private)
     ASSERT_FALSE(res);
     info("Gates: ", circuit.get_num_gates());
     info("Result: ", s.getResult());
-}
+}
diff --git a/barretenberg/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp b/barretenberg/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp
@@ -567,20 +567,22 @@ TYPED_TEST(ScalarMultiplicationTests, EndomorphismSplit)
     using Fr = typename Curve::ScalarField;
     using Fq = typename Curve::BaseField;
 
-    Fr scalar = Fr::random_element();
+    // NOTE: to appease GCC array-bounds checks, we need an extra Fr at the end of 'scalar'
+    // This is why it is an Fr[2]. Otherwise, GCC really doesn't like us type-punning in k2_t as it
+    // encompasses undefined memory (even though it doesn't use it).
+    Fr scalar[2];
+    scalar[0] = Fr::random_element();
 
-    Element expected = Group::one * scalar;
+    Element expected = Group::one * scalar[0];
 
     // we want to test that we can split a scalar into two half-length components, using the same location in memory.
-    Fr* k1_t = &scalar;
-    Fr* k2_t = (Fr*)&scalar.data[2];
+    Fr* k1_t = &scalar[0];
+    Fr* k2_t = (Fr*)&scalar[0].data[2];
 
-    Fr::split_into_endomorphism_scalars(scalar, *k1_t, *k2_t);
+    Fr::split_into_endomorphism_scalars(scalar[0], *k1_t, *k2_t);
     Fr k1{ (*k1_t).data[0], (*k1_t).data[1], 0, 0 };
     Fr k2{ (*k2_t).data[0], (*k2_t).data[1], 0, 0 };
-#if !defined(__clang__) && defined(__GNUC__)
-#pragma GCC diagnostic pop
-#endif
+
     Element result;
     Element t1 = Group::affine_one * k1;
     AffineElement generator = Group::affine_one;

diff --git a/barretenberg/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp
@@ -89,8 +89,9 @@ TYPED_TEST(StdlibPedersen, Small)
 {
     TestFixture::test_pedersen();
 };
-
 TYPED_TEST(StdlibPedersen, HashConstants)
 {
     TestFixture::test_hash_constants();
 };
+
+// PROBLEM POSSIBLY