feat(bb): towards reduced polynomial memory usage

barretenberg/cpp/scripts/_benchmark_remote_lock.sh

@@ -1,6 +1,6 @@
 # NOTE: This script is NOT meant to be ran, only sourced.
 # This sets up all the necessary machinery to lock ~/BENCHMARK_IN_PROGRESS
-# 
+#
 
 # Function to clean up lock file
 function cleanup() {
@@ -9,6 +9,13 @@ function cleanup() {
 }
 
 # Check for existing lock file
+for i in {1..10} ; do
+    if ! ssh $BB_SSH_KEY $BB_SSH_INSTANCE "test -f ~/BENCHMARK_IN_PROGRESS"; then
+        break # we are able to benchmark
+    fi
+    echo "Benchmarking is already in progress. Waiting..."
+    sleep 10 # wait
+done
 if ssh $BB_SSH_KEY $BB_SSH_INSTANCE "test -f ~/BENCHMARK_IN_PROGRESS"; then
     echo "Benchmarking is already in progress. If htop on the remote machine is not active, ~/BENCHMARK_IN_PROGRESS may need to be deleted."
     # Important: Exits the script that called this!

barretenberg/cpp/src/barretenberg/benchmark/basics_bench/basics.bench.cpp

@@ -455,10 +455,10 @@ void pippenger(State& state)
         size_t num_cycles = 1 << static_cast<size_t>(state.range(0));
         Polynomial<Fr> pol(num_cycles);
         for (size_t i = 0; i < num_cycles; i++) {
-            *(uint256_t*)&pol[i] = engine.get_random_uint256();
-            pol[i].self_reduce_once();
-            pol[i].self_reduce_once();
-            pol[i].self_reduce_once();
+            *(uint256_t*)&pol.at(i) = engine.get_random_uint256();
+            pol.at(i).self_reduce_once();
+            pol.at(i).self_reduce_once();
+            pol.at(i).self_reduce_once();
         }
 
         auto ck = std::make_shared<CommitmentKey<curve::BN254>>(num_cycles);

barretenberg/cpp/src/barretenberg/benchmark/ipa_bench/ipa.bench.cpp

@@ -35,7 +35,7 @@ void ipa_open(State& state) noexcept
         // Construct the polynomial
         Polynomial poly(n);
         for (size_t i = 0; i < n; ++i) {
-            poly[i] = Fr::random_element(&engine);
+            poly.at(i) = Fr::random_element(&engine);
         }
         auto x = Fr::random_element(&engine);
         auto eval = poly.evaluate(x);

barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/mega_honk.bench.cpp

@@ -26,7 +26,21 @@ static void construct_proof_megahonk_power_of_2(State& state) noexcept
         state, &bb::mock_circuits::generate_basic_arithmetic_circuit<MegaCircuitBuilder>, log2_of_gates);
 }
 
+static void get_row_power_of_2(State& state) noexcept
+{
+    auto log2_of_gates = static_cast<size_t>(state.range(0));
+    size_t gates = 1 << log2_of_gates;
+    MegaFlavor::ProverPolynomials polynomials{ gates };
+    for (auto _ : state) {
+        for (size_t i = 0; i < gates; i++) {
+            benchmark::DoNotOptimize(polynomials.get_row(i));
+        }
+    }
+}
+
 // Define benchmarks
+
+// This exists due to an issue where get_row was blowing up in time
 BENCHMARK_CAPTURE(construct_proof_megahonk, sha256, &stdlib::generate_sha256_test_circuit<MegaCircuitBuilder>)
     ->Unit(kMillisecond);
 BENCHMARK_CAPTURE(construct_proof_megahonk, keccak, &stdlib::generate_keccak_test_circuit<MegaCircuitBuilder>)
@@ -40,6 +54,11 @@ BENCHMARK_CAPTURE(construct_proof_megahonk,
                   &stdlib::generate_merkle_membership_test_circuit<MegaCircuitBuilder>)
     ->Unit(kMillisecond);
 
+BENCHMARK(get_row_power_of_2)
+    // 2**15 gates to 2**20 gates
+    ->DenseRange(15, 20)
+    ->Unit(kMillisecond);
+
 BENCHMARK(construct_proof_megahonk_power_of_2)
     // 2**15 gates to 2**20 gates
     ->DenseRange(15, 20)

barretenberg/cpp/src/barretenberg/commitment_schemes/commit.bench.cpp

@@ -21,7 +21,7 @@ template <typename FF> Polynomial<FF> sparse_random_poly(const size_t size, cons
 
     for (size_t i = 0; i < num_nonzero; i++) {
         size_t idx = engine.get_random_uint32() % size;
-        polynomial[idx] = FF::random_element();
+        polynomial.at(idx) = FF::random_element();
     }
 
     return polynomial;
@@ -55,7 +55,7 @@ template <typename Curve> void bench_commit_sparse(::benchmark::State& state)
 
     auto polynomial = Polynomial<Fr>(num_points);
     for (size_t i = 0; i < num_nonzero; i++) {
-        polynomial[i] = 1;
+        polynomial.at(i) = 1;
     }
 
     for (auto _ : state) {
@@ -74,7 +74,7 @@ template <typename Curve> void bench_commit_sparse_preprocessed(::benchmark::Sta
 
     auto polynomial = Polynomial<Fr>(num_points);
     for (size_t i = 0; i < num_nonzero; i++) {
-        polynomial[i] = 1;
+        polynomial.at(i) = 1;
     }
 
     for (auto _ : state) {
@@ -121,10 +121,7 @@ template <typename Curve> void bench_commit_random(::benchmark::State& state)
     auto key = create_commitment_key<Curve>(MAX_NUM_POINTS);
 
     const size_t num_points = 1 << state.range(0);
-    auto polynomial = Polynomial<Fr>(num_points);
-    for (auto& coeff : polynomial) {
-        coeff = Fr::random_element();
-    }
+    Polynomial<Fr> polynomial = Polynomial<Fr>::random(num_points);
     for (auto _ : state) {
         key->commit(polynomial);
     }
@@ -137,15 +134,11 @@ template <typename Curve> void bench_commit_random_non_power_of_2(::benchmark::S
     auto key = create_commitment_key<Curve>(MAX_NUM_POINTS);
 
     const size_t num_points = 1 << state.range(0);
-    auto polynomial = Polynomial<Fr>(num_points - 1);
-    for (auto& coeff : polynomial) {
-        coeff = Fr::random_element();
-    }
+    Polynomial<Fr> polynomial = Polynomial<Fr>::random(num_points - 1);
     for (auto _ : state) {
         key->commit(polynomial);
     }
 }
-
 BENCHMARK(bench_commit_zero<curve::BN254>)
     ->DenseRange(MIN_LOG_NUM_POINTS, MAX_LOG_NUM_POINTS)
     ->Unit(benchmark::kMillisecond);

barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp

@@ -7,10 +7,12 @@
  * simplify the codebase.
  */
 
+#include "barretenberg/common/debug_log.hpp"
 #include "barretenberg/common/op_count.hpp"
 #include "barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp"
 #include "barretenberg/numeric/bitop/get_msb.hpp"
 #include "barretenberg/numeric/bitop/pow.hpp"
+#include "barretenberg/polynomials/polynomial.hpp"
 #include "barretenberg/polynomials/polynomial_arithmetic.hpp"
 #include "barretenberg/srs/factories/crs_factory.hpp"
 #include "barretenberg/srs/factories/file_crs_factory.hpp"
@@ -79,20 +81,30 @@ template <class Curve> class CommitmentKey {
      * @param polynomial a univariate polynomial p(X) = ∑ᵢ aᵢ⋅Xⁱ
      * @return Commitment computed as C = [p(x)] = ∑ᵢ aᵢ⋅Gᵢ
      */
-    Commitment commit(std::span<const Fr> polynomial)
+    Commitment commit(PolynomialSpan<const Fr> polynomial)
     {
         BB_OP_COUNT_TIME();
-        // See constructor, we must round up the number of used srs points to a power of 2.
-        const size_t consumed_srs = numeric::round_up_power_2(polynomial.size());
+        // WORKTODO(sparse) rework this - should we always inform how much SRS we need on-demand?
+        // We must have a power-of-2 SRS points *after* subtracting by start_index.
+        const size_t consumed_srs = numeric::round_up_power_2(polynomial.size()) + polynomial.start_index;
+        auto srs = crs_factory->get_prover_crs(consumed_srs);
+        // We only need the
         if (consumed_srs > srs->get_monomial_size()) {
-            info("Attempting to commit to a polynomial that needs ",
-                 consumed_srs,
-                 " points with an SRS of size ",
-                 srs->get_monomial_size());
-            ASSERT(false);
+            throw_or_abort(format("Attempting to commit to a polynomial that needs ",
+                                  consumed_srs,
+                                  " points with an SRS of size ",
+                                  srs->get_monomial_size()));
         }
-        return scalar_multiplication::pippenger_unsafe_optimized_for_non_dyadic_polys<Curve>(
-            polynomial, srs->get_monomial_points(), pippenger_runtime_state);
+
+        // Extract the precomputed point table (contains raw SRS points at even indices and the corresponding
+        // endomorphism point (\beta*x, -y) at odd indices). We offset by polynomial.start_index * 2 to align
+        // with our polynomial span.
+        std::span<G1> point_table = srs->get_monomial_points().subspan(polynomial.start_index * 2);
+        DEBUG_LOG_ALL(polynomial.span);
+        Commitment point = scalar_multiplication::pippenger_unsafe_optimized_for_non_dyadic_polys<Curve>(
+            polynomial.span, point_table, pippenger_runtime_state);
+        DEBUG_LOG(point);
+        return point;
     };
 
     /**
@@ -105,19 +117,20 @@ template <class Curve> class CommitmentKey {
      * @param polynomial
      * @return Commitment
      */
-    Commitment commit_sparse(std::span<const Fr> polynomial)
+    Commitment commit_sparse(PolynomialSpan<const Fr> polynomial)
     {
         BB_OP_COUNT_TIME();
-        const size_t degree = polynomial.size();
-        ASSERT(degree <= srs->get_monomial_size());
+        const size_t poly_size = polynomial.size();
+        ASSERT(polynomial.end_index() <= srs->get_monomial_size());
 
         // Extract the precomputed point table (contains raw SRS points at even indices and the corresponding
-        // endomorphism point (\beta*x, -y) at odd indices).
-        std::span<G1> point_table = srs->get_monomial_points();
+        // endomorphism point (\beta*x, -y) at odd indices). We offset by polynomial.start_index * 2 to align
+        // with our polynomial spann.
+        std::span<G1> point_table = srs->get_monomial_points().subspan(polynomial.start_index * 2);
 
         // Define structures needed to multithread the extraction of non-zero inputs
-        const size_t num_threads = degree >= get_num_cpus_pow2() ? get_num_cpus_pow2() : 1;
-        const size_t block_size = degree / num_threads;
+        const size_t num_threads = poly_size >= get_num_cpus_pow2() ? get_num_cpus_pow2() : 1;
+        const size_t block_size = poly_size / num_threads;
         std::vector<std::vector<Fr>> thread_scalars(num_threads);
         std::vector<std::vector<G1>> thread_points(num_threads);
 
@@ -128,7 +141,7 @@ template <class Curve> class CommitmentKey {
 
             for (size_t idx = start; idx < end; ++idx) {
 
-                const Fr& scalar = polynomial[idx];
+                const Fr& scalar = polynomial.span[idx];
 
                 if (!scalar.is_zero()) {
                     thread_scalars[thread_idx].emplace_back(scalar);

barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.test.hpp

@@ -72,15 +72,6 @@ template <typename Curve> class CommitmentTest : public ::testing::Test {
 
     Commitment commit(const Polynomial& polynomial) { return commitment_key->commit(polynomial); }
 
-    Polynomial random_polynomial(const size_t n)
-    {
-        Polynomial p(n);
-        for (size_t i = 0; i < n; ++i) {
-            p[i] = Fr::random_element(engine);
-        }
-        return p;
-    }
-
     Fr random_element() { return Fr::random_element(engine); }
 
     OpeningPair<Curve> random_eval(const Polynomial& polynomial)
@@ -92,7 +83,7 @@ template <typename Curve> class CommitmentTest : public ::testing::Test {
 
     std::pair<OpeningClaim<Curve>, Polynomial> random_claim(const size_t n)
     {
-        auto polynomial = random_polynomial(n);
+        auto polynomial = Polynomial::random(n);
         auto opening_pair = random_eval(polynomial);
         auto commitment = commit(polynomial);
         auto opening_claim = OpeningClaim<Curve>{ opening_pair, commitment };

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp

@@ -44,12 +44,13 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
         const size_t num_unshifted = multilinear_polynomials.size();
         const size_t num_shifted = multilinear_polynomials_to_be_shifted.size();
         for (size_t i = 0; i < num_unshifted; ++i) {
-            batched_unshifted.add_scaled(multilinear_polynomials[i], rhos[i]);
+            batched_unshifted.add_scaled({ /*start index*/ 0, multilinear_polynomials[i] }, rhos[i]);
             batched_commitment_unshifted += multilinear_commitments[i] * rhos[i];
         }
         for (size_t i = 0; i < num_shifted; ++i) {
             size_t rho_idx = num_unshifted + i;
-            batched_to_be_shifted.add_scaled(multilinear_polynomials_to_be_shifted[i], rhos[rho_idx]);
+            batched_to_be_shifted.add_scaled({ /*start index*/ 0, multilinear_polynomials_to_be_shifted[i] },
+                                             rhos[rho_idx]);
             batched_commitment_to_be_shifted += multilinear_commitments_to_be_shifted[i] * rhos[rho_idx];
         }
 
@@ -113,13 +114,13 @@ TYPED_TEST(GeminiTest, Single)
     const size_t log_n = 4;
 
     auto u = this->random_evaluation_point(log_n);
-    auto poly = this->random_polynomial(n);
+    auto poly = Polynomial<Fr>::random(n);
     auto commitment = this->commit(poly);
     auto eval = poly.evaluate_mle(u);
 
     // Collect multilinear polynomials evaluations, and commitments for input to prover/verifier
     std::vector<Fr> multilinear_evaluations = { eval };
-    std::vector<std::span<Fr>> multilinear_polynomials = { poly };
+    std::vector<std::span<Fr>> multilinear_polynomials = { poly.coeffs() };
     std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = {};
     std::vector<GroupElement> multilinear_commitments = { commitment };
     std::vector<GroupElement> multilinear_commitments_to_be_shifted = {};
@@ -144,16 +145,16 @@ TYPED_TEST(GeminiTest, SingleShift)
     auto u = this->random_evaluation_point(log_n);
 
     // shiftable polynomial must have 0 as last coefficient
-    auto poly = this->random_polynomial(n);
-    poly[0] = Fr::zero();
+    auto poly = Polynomial<Fr>::random(n);
+    poly.at(0) = Fr::zero();
 
     auto commitment = this->commit(poly);
     auto eval_shift = poly.evaluate_mle(u, true);
 
     // Collect multilinear polynomials evaluations, and commitments for input to prover/verifier
     std::vector<Fr> multilinear_evaluations = { eval_shift };
     std::vector<std::span<Fr>> multilinear_polynomials = {};
-    std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = { poly };
+    std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = { poly.coeffs() };
     std::vector<GroupElement> multilinear_commitments = {};
     std::vector<GroupElement> multilinear_commitments_to_be_shifted = { commitment };
 
@@ -176,8 +177,8 @@ TYPED_TEST(GeminiTest, Double)
 
     auto u = this->random_evaluation_point(log_n);
 
-    auto poly1 = this->random_polynomial(n);
-    auto poly2 = this->random_polynomial(n);
+    auto poly1 = Polynomial<Fr>::random(n);
+    auto poly2 = Polynomial<Fr>::random(n);
 
     auto commitment1 = this->commit(poly1);
     auto commitment2 = this->commit(poly2);
@@ -187,7 +188,7 @@ TYPED_TEST(GeminiTest, Double)
 
     // Collect multilinear polynomials evaluations, and commitments for input to prover/verifier
     std::vector<Fr> multilinear_evaluations = { eval1, eval2 };
-    std::vector<std::span<Fr>> multilinear_polynomials = { poly1, poly2 };
+    std::vector<std::span<Fr>> multilinear_polynomials = { poly1.coeffs(), poly2.coeffs() };
     std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = {};
     std::vector<GroupElement> multilinear_commitments = { commitment1, commitment2 };
     std::vector<GroupElement> multilinear_commitments_to_be_shifted = {};
@@ -204,16 +205,16 @@ TYPED_TEST(GeminiTest, Double)
 TYPED_TEST(GeminiTest, DoubleWithShift)
 {
     using Fr = typename TypeParam::ScalarField;
+    using Polynomial = typename bb::Polynomial<Fr>;
     using GroupElement = typename TypeParam::Element;
 
     const size_t n = 16;
     const size_t log_n = 4;
 
     auto u = this->random_evaluation_point(log_n);
 
-    auto poly1 = this->random_polynomial(n);
-    auto poly2 = this->random_polynomial(n);
-    poly2[0] = Fr::zero(); // necessary for polynomial to be 'shiftable'
+    auto poly1 = Polynomial::random(n);
+    auto poly2 = Polynomial::random(n, 1); // make 'shiftable'
 
     auto commitment1 = this->commit(poly1);
     auto commitment2 = this->commit(poly2);
@@ -224,8 +225,8 @@ TYPED_TEST(GeminiTest, DoubleWithShift)
 
     // Collect multilinear polynomials evaluations, and commitments for input to prover/verifier
     std::vector<Fr> multilinear_evaluations = { eval1, eval2, eval2_shift };
-    std::vector<std::span<Fr>> multilinear_polynomials = { poly1, poly2 };
-    std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = { poly2 };
+    std::vector<std::span<Fr>> multilinear_polynomials = { poly1.coeffs(), poly2.coeffs() };
+    std::vector<std::span<Fr>> multilinear_polynomials_to_be_shifted = { poly2.coeffs() };
     std::vector<GroupElement> multilinear_commitments = { commitment1, commitment2 };
     std::vector<GroupElement> multilinear_commitments_to_be_shifted = { commitment2 };
 

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp

@@ -163,7 +163,8 @@ template <typename Curve_> class IPA {
 
         // Step 4.
         // Set initial vector a to the polynomial monomial coefficients and load vector G
-        auto a_vec = polynomial;
+        // Ensure the polynomial copy is fully-formed
+        auto a_vec = polynomial.full();
         std::span<Commitment> srs_elements = ck->srs->get_monomial_points();
         std::vector<Commitment> G_vec_local(poly_length);
 
@@ -218,16 +219,16 @@ template <typename Curve_> class IPA {
                 }, thread_heuristics::FF_ADDITION_COST * 2 + thread_heuristics::FF_MULTIPLICATION_COST * 2);
             // Sum inner product contributions computed in parallel and unpack the std::pair
             auto [inner_prod_L, inner_prod_R] = sum_pairs(inner_prods);
-            // Step 6.a (using letters, because doxygen automaticall converts the sublist counters to letters :( )
+            // Step 6.a (using letters, because doxygen automatically converts the sublist counters to letters :( )
             // L_i = < a_vec_lo, G_vec_hi > + inner_prod_L * aux_generator
             L_i = bb::scalar_multiplication::pippenger_without_endomorphism_basis_points<Curve>(
-                {&a_vec[0], /*size*/ round_size}, {&G_vec_local[round_size], /*size*/ round_size}, ck->pippenger_runtime_state);
+                {&a_vec.at(0), /*size*/ round_size}, {&G_vec_local[round_size], /*size*/ round_size}, ck->pippenger_runtime_state);
             L_i += aux_generator * inner_prod_L;
 
             // Step 6.b
             // R_i = < a_vec_hi, G_vec_lo > + inner_prod_R * aux_generator
             R_i = bb::scalar_multiplication::pippenger_without_endomorphism_basis_points<Curve>(
-                {&a_vec[round_size], /*size*/ round_size}, {&G_vec_local[0], /*size*/ round_size}, ck->pippenger_runtime_state);
+                {&a_vec.at(round_size), /*size*/ round_size}, {&G_vec_local[0], /*size*/ round_size}, ck->pippenger_runtime_state);
             R_i += aux_generator * inner_prod_R;
 
             // Step 6.c
@@ -263,7 +264,7 @@ template <typename Curve_> class IPA {
             parallel_for_heuristic(
                 round_size,
                 [&](size_t j) {
-                    a_vec[j] += round_challenge * a_vec[round_size + j];
+                    a_vec.at(j) += round_challenge * a_vec[round_size + j];
                     b_vec[j] += round_challenge_inv * b_vec[round_size + j];
                 }, thread_heuristics::FF_ADDITION_COST * 2 + thread_heuristics::FF_MULTIPLICATION_COST * 2);
         }