diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 16d586232..91c825c3c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,4 +37,4 @@ jobs: - name: Document run: python3 driver.py --doc - name: Build, then Test - run: python3 driver.py --test + run: python3 driver.py --test --ci diff --git a/Cargo.lock b/Cargo.lock index d68ed59bc..ca04c24ad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -337,7 +337,7 @@ dependencies = [ "group", "ieee754", "im", - "itertools", + "itertools 0.10.5", "lang-c", "lazy_static", "log", @@ -365,8 +365,10 @@ dependencies = [ "spartan", "thiserror", "typed-arena", - "zokrates_parser", - "zokrates_pest_ast", + "zokrates_parser 0.2.4", + "zokrates_parser 0.3.5", + "zokrates_pest_ast 0.2.3", + "zokrates_pest_ast 0.3.3", ] [[package]] @@ -437,8 +439,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0862016ff20d69b84ef8247369fabf5c008a7417002411897d40ee1f4532b873" dependencies = [ "heck", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -590,8 +592,8 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613e4ee15899913285b7612004bbd490abd605be7b11d35afada5902fb6b91d5" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -679,6 +681,28 @@ dependencies = [ "version_check", ] +[[package]] +name = "failure" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" +dependencies = [ + "backtrace", + "failure_derive", +] + +[[package]] +name = "failure_derive" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" +dependencies = [ + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", + "synstructure", +] + [[package]] name = "fastrand" version = "2.0.0" @@ -705,8 +729,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e715451ab983be06481e927a275ec12372103ad426c7cb82cebfe14698ed4cf4" dependencies = [ "num-traits", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -721,8 +745,8 @@ dependencies = [ "num-bigint", "num-integer", "num-traits", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -761,11 +785,10 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "from-pest" -version = "0.3.2" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3380d8b4f459e3bb35904036044393332e71d5316be9061d9b545c44b6064db" +checksum = "aba9389cedcba1fb3a2aa2ed00f584f2606bce8e0106614a17327a24513bc60f" dependencies = [ - "log", "pest", "void", ] @@ -942,6 +965,15 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "itertools" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" +dependencies = [ + "either", +] + [[package]] name = "itertools" version = "0.10.5" @@ -1013,8 +1045,8 @@ checksum = "a1d849148dbaf9661a6151d1ca82b13bb4c4c128146a88d05253b38d4e2f496c" dependencies = [ "beef", "fnv", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "regex-syntax 0.6.29", "syn 1.0.109", ] @@ -1161,32 +1193,32 @@ checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" [[package]] name = "pest" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33" +checksum = "a528564cc62c19a7acac4d81e01f39e53e25e17b934878f4c6d25cc2836e62f8" dependencies = [ - "memchr", "thiserror", "ucd-trie", ] [[package]] name = "pest-ast" -version = "0.3.4" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40b5ac58ac48a503d1efdcf0ff044b442c07ac4645d179c62d4af79db89f9cda" +checksum = "3fbf404899169771dd6a32c84248b83cd67a26cc7cc957aac87661490e1227e4" dependencies = [ - "itertools", - "proc-macro2", - "quote", - "syn 2.0.37", + "itertools 0.7.11", + "proc-macro2 0.4.30", + "quote 0.6.13", + "single", + "syn 0.15.44", ] [[package]] name = "pest_derive" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a" +checksum = "d5fd9bc6500181952d34bd0b2b0163a54d794227b498be0b7afa7698d0a7b18f" dependencies = [ "pest", "pest_generator", @@ -1194,26 +1226,26 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141" +checksum = "d2610d5ac5156217b4ff8e46ddcef7cdf44b273da2ac5bca2ecbfa86a330e7c4" dependencies = [ "pest", "pest_meta", - "proc-macro2", - "quote", - "syn 2.0.37", + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", ] [[package]] name = "pest_meta" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" +checksum = "824749bf7e21dd66b36fbe26b3f45c713879cccd4a009a917ab8e045ca8246fe" dependencies = [ "once_cell", "pest", - "sha2", + "sha1", ] [[package]] @@ -1238,6 +1270,15 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "proc-macro2" +version = "0.4.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" +dependencies = [ + "unicode-xid 0.1.0", +] + [[package]] name = "proc-macro2" version = "1.0.67" @@ -1264,18 +1305,27 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b22a693222d716a9587786f37ac3f6b4faedb5b80c23914e7303ff5a1d8016e9" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] +[[package]] +name = "quote" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" +dependencies = [ + "proc-macro2 0.4.30", +] + [[package]] name = "quote" version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ - "proc-macro2", + "proc-macro2 1.0.67", ] [[package]] @@ -1528,8 +1578,8 @@ version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1545,10 +1595,10 @@ dependencies = [ ] [[package]] -name = "sha2" -version = "0.10.7" +name = "sha1" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", @@ -1568,6 +1618,15 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "single" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9db45bb685b486eec37e0271dcc0dac76eae5e893125f8a4f0511d0a1d29543b" +dependencies = [ + "failure", +] + [[package]] name = "sized-chunks" version = "0.6.5" @@ -1590,7 +1649,7 @@ dependencies = [ "curve25519-dalek", "digest 0.8.1", "flate2", - "itertools", + "itertools 0.10.5", "merlin", "rand 0.7.3", "rand_core 0.5.1", @@ -1613,14 +1672,25 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "0.15.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" +dependencies = [ + "proc-macro2 0.4.30", + "quote 0.6.13", + "unicode-xid 0.1.0", +] + [[package]] name = "syn" version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "unicode-ident", ] @@ -1630,11 +1700,23 @@ version = "2.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "unicode-ident", ] +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", + "unicode-xid 0.2.6", +] + [[package]] name = "tap" version = "1.0.1" @@ -1678,8 +1760,8 @@ version = "1.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1707,6 +1789,18 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-xid" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + [[package]] name = "utf8parse" version = "0.2.1" @@ -1864,8 +1958,8 @@ version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1884,8 +1978,8 @@ version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1897,6 +1991,14 @@ dependencies = [ "pest_derive", ] +[[package]] +name = "zokrates_parser" +version = "0.3.5" +dependencies = [ + "pest", + "pest_derive", +] + [[package]] name = "zokrates_pest_ast" version = "0.2.3" @@ -1905,5 +2007,16 @@ dependencies = [ "lazy_static", "pest", "pest-ast", - "zokrates_parser", + "zokrates_parser 0.2.4", +] + +[[package]] +name = "zokrates_pest_ast" +version = "0.3.3" +dependencies = [ + "from-pest", + "lazy_static", + "pest", + "pest-ast", + "zokrates_parser 0.3.5", ] diff --git a/Cargo.toml b/Cargo.toml index ef196a92d..6d5113a4c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,8 @@ rsmt2 = { version = "0.14", optional = true } ieee754 = { version = "0.2", optional = true} zokrates_parser = { path = "third_party/ZoKrates/zokrates_parser", optional = true } zokrates_pest_ast = { path = "third_party/ZoKrates/zokrates_pest_ast", optional = true } +zokrates_curly_parser = { package = "zokrates_parser", path = "third_party/ZoKratesCurly/zokrates_parser", optional = true } +zokrates_curly_pest_ast = { package = "zokrates_pest_ast", path = "third_party/ZoKratesCurly/zokrates_pest_ast", optional = true } typed-arena = { version = "2.0", optional = true } log = "0.4" thiserror = "1.0" @@ -65,6 +67,7 @@ default = [] # frontends c = ["lang-c"] zok = ["smt", "zokrates_parser", "zokrates_pest_ast", "typed-arena", "petgraph"] +zokc = ["smt", "zokrates_curly_parser", "zokrates_curly_pest_ast", "typed-arena", "petgraph"] datalog = ["pest", "pest-ast", "pest_derive", "from-pest", "lazy_static"] # backends smt = ["rsmt2", "ieee754"] @@ -90,6 +93,10 @@ required-features = ["bellman", "poly"] name = "zxi" required-features = ["smt", "zok"] +[[example]] +name = "zcxi" +required-features = ["smt", "zokc"] + [[example]] name = "zxc" required-features = ["smt", "zok"] diff --git a/README.md b/README.md index a98b9226a..caa5edbb5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ CirC is a *compiler infrastructure* which supports compilation from high-level (stateful, uniform) languages to (state-free, non-uniform, existentially quantified) circuits. -It's been used to compile {C, ZoKrates, Circom} to {SMT, ILP, R1CS, +It's been used to compile {C, ZoKrates} to {SMT, ILP, R1CS, MPC}, but it probably also applies to any statically type high-level language and constant-time/FHE. @@ -12,6 +12,9 @@ If you want to learn more about CirC, see our [paper](https://circ.zk.fyi) or [slides](https://cs.stanford.edu/~aozdemir/docs/circ.pdf). +This is the second implementation of CirC. +The first was done in Haskell and can be found [here](https://github.com/circify/compiler). + ## Requirements Developing CirC requires the CVC4 SMT solver, which is used in some tests. Its diff --git a/driver.py b/driver.py index 3140de458..d618391be 100755 --- a/driver.py +++ b/driver.py @@ -16,6 +16,7 @@ "r1cs", "smt", "zok", + "zokc", "datalog", "bellman", "spartan", @@ -165,7 +166,7 @@ def build(features): log_run_check(["./scripts/build_mpc_zokrates_test.zsh"]) -def test(features, extra_args): +def test(features, ci: bool, extra_args): """ Run cargo tests and any test cases in the feature list @@ -176,6 +177,9 @@ def test(features, extra_args): extra_args: list of str extra arguments to pass to cargo + + ci: bool + whether to disable some tests b/c of CI limitations """ build(features) @@ -197,7 +201,7 @@ def test(features, extra_args): log_run_check(["./scripts/test_datalog.zsh"]) if "zok" in features and "smt" in features: - if "aby" in features: + if "aby" in features and not ci: log_run_check(["python3", "./scripts/aby_tests/zokrates_test_aby.py"]) if "lp" in features: log_run_check(["./scripts/test_zok_to_ilp.zsh"]) @@ -213,7 +217,7 @@ def test(features, extra_args): log_run_check(["./scripts/test_zok_to_ilp_pf.zsh"]) if "c" in features: - if "aby" in features: + if "aby" in features and not ci: log_run_check(["python3", "./scripts/aby_tests/c_test_aby.py"]) if "smt" in features: log_run_check(["./scripts/test_c_smt.zsh"]) @@ -362,6 +366,11 @@ def format_sub_process_cmd(r: subprocess.CalledProcessError) -> str: parser.add_argument( "-l", "--lint", action="store_true", help="run `cargo clippy`" ) + parser.add_argument( + "--ci", + action="store_true", + help="customize commands for CI, where some things are hard to run", + ) parser.add_argument( "--flamegraph", action="store_true", help="run `cargo flamegraph`" ) @@ -402,7 +411,9 @@ def verify_single_action(args: argparse.Namespace): actions = [ k for k, v in vars(args).items() - if (type(v) is bool or k in ["features", "mode"]) and bool(v) + if (type(v) is bool or k in ["features", "mode"]) + and bool(v) + and k not in ["ci"] ] if len(actions) != 1: parser.error( @@ -443,7 +454,7 @@ def verify_extra_implies_flamegraph_or_test(args: argparse.Namespace): build(features) if args.test: - test(features, args.extra) + test(features, args.ci, args.extra) if args.benchmark: benchmark(features) diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok b/examples/ZoKrates/pf/arr_str_arr_str2.zok new file mode 100644 index 000000000..f6866d14f --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok @@ -0,0 +1,10 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private Pts[1] pts) -> Pt: + return Pt {x: pts[0].pts[0].x * pts[0].pts[1].x, y: pts[0].pts[0].y * pts[0].pts[1].y} diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin b/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin new file mode 100644 index 000000000..2a76b6e22 --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin @@ -0,0 +1,12 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (pts.0.pts.0.x #f2) + (pts.0.pts.0.y #f4) + (pts.0.pts.1.x #f2) + (pts.0.pts.1.y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin b/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin new file mode 100644 index 000000000..233b7b9e2 --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return.x #f4) + (return.y #f16) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok new file mode 100644 index 000000000..986ba5584 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a < b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok new file mode 100644 index 000000000..ace7c4877 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok @@ -0,0 +1,11 @@ +struct Pt { + u32 x; + u32 y; +} + +def main(private u32 a, private u32 b) -> u32 { + Pt c = Pt {x: 0, y: 1}; + c.x = a; + c.y = b; + return c.y + c.x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok new file mode 100644 index 000000000..4c9aedf6c --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a + b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok new file mode 100644 index 000000000..e1ca76ec4 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a == b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok new file mode 100644 index 000000000..01f7baddd --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a >= b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok new file mode 100644 index 000000000..78de39dd2 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a > b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok new file mode 100644 index 000000000..c90b0c169 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a <= b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok new file mode 100644 index 000000000..986ba5584 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> bool { + return a < b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok new file mode 100644 index 000000000..90413295a --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a * b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok new file mode 100644 index 000000000..dede9fb5f --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b, u32 v) -> u32 { + return a * b + v; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok new file mode 100644 index 000000000..7d8c63c55 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a - b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok new file mode 100644 index 000000000..95a619b67 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32[2] { + return [a, b]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok new file mode 100644 index 000000000..61613a787 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok @@ -0,0 +1,4 @@ +def main(private u32 a, private u32 b) -> u32 { + u32[2] c = [a, b]; + return c[0] + c[1]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok new file mode 100644 index 000000000..990073f42 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a & b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok new file mode 100644 index 000000000..70ed44746 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a | b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok new file mode 100644 index 000000000..ce2c07e5f --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b) -> u32 { + return a ^ b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok new file mode 100644 index 000000000..56058e439 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok @@ -0,0 +1,3 @@ +def main(private bool a, private bool b) -> bool { + return a && b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok new file mode 100644 index 000000000..093bbcba1 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok @@ -0,0 +1,3 @@ +def main(private bool a, private bool b) -> bool { + return a == b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok new file mode 100644 index 000000000..094e6bf43 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok @@ -0,0 +1,3 @@ +def main(private bool a, private bool b) -> bool { + return a || b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok new file mode 100644 index 000000000..2f38beb4e --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok @@ -0,0 +1,4 @@ +def main(private u32 a, private u32 b) -> u32 { + u32 c = 1; + return a + b + c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok new file mode 100644 index 000000000..9af43fe1c --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok @@ -0,0 +1,4 @@ +def main(private bool a, private bool b) -> bool { + bool c = true; + return a == c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok new file mode 100644 index 000000000..907f0df80 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok @@ -0,0 +1,7 @@ +def add(u32 a, u32 b) -> u32 { + return a + b; +} + +def main(private u32 a, private u32 b) -> u32 { + return add(a, b) + add(a, b); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok new file mode 100644 index 000000000..f54a025aa --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok @@ -0,0 +1,7 @@ +def sub(u32 b, u32 a) -> u32 { + return a - b; +} + +def main(private u32 a, private u32 b) -> u32 { + return sub(b, a); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok new file mode 100644 index 000000000..2c0710a6d --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b, public bool sel) -> u32 { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok new file mode 100644 index 000000000..66a386709 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok @@ -0,0 +1,3 @@ +def main(private bool a, private bool b, public bool sel) -> bool { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok new file mode 100644 index 000000000..2c0710a6d --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b, public bool sel) -> u32 { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok new file mode 100644 index 000000000..5ec3361fe --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok @@ -0,0 +1,6 @@ +def main(private u32 a, private u32 b) -> u32 { + for u32 i in 0..4 { + a = a + b; + } + return a; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok new file mode 100644 index 000000000..ff7a7af83 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok @@ -0,0 +1,7 @@ +def main(private u32 a, private u32 b) -> u32 { + u32 mut res = 0x00000000; + for u32 i in 0..5 { + res = res + i; + } + return res; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok new file mode 100644 index 000000000..4c8e983f1 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok @@ -0,0 +1,3 @@ +def main(private u32 a, private u32 b, private u32 c) -> u32 { + return a + b + c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok new file mode 100644 index 000000000..d47a254f5 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok @@ -0,0 +1,3 @@ +def main(private bool a, private bool b, private bool c) -> bool { + return a && b && c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok new file mode 100644 index 000000000..e64555830 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok @@ -0,0 +1,4 @@ +def main(private u32 a, private u32 b) -> u32 { + u32 c = 0x00000001; + return a << c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok new file mode 100644 index 000000000..5d2782561 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok @@ -0,0 +1,4 @@ +def main(private u32 a, private u32 b) -> u32 { + u32 c = 0x00000001; + return a >> c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/3_plus_opt.zok b/examples/ZoKratesCurly/opt/3_plus_opt.zok new file mode 100644 index 000000000..3530ba897 --- /dev/null +++ b/examples/ZoKratesCurly/opt/3_plus_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return x + x + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/id_opt.zok b/examples/ZoKratesCurly/opt/id_opt.zok new file mode 100644 index 000000000..f8cc93ead --- /dev/null +++ b/examples/ZoKratesCurly/opt/id_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/log.zok b/examples/ZoKratesCurly/opt/log.zok new file mode 100644 index 000000000..121fcc809 --- /dev/null +++ b/examples/ZoKratesCurly/opt/log.zok @@ -0,0 +1,12 @@ +def u8log2(u8 x) -> u8 { + u8 mut acc = 0x00; + for field i in 0..8 { + acc = acc + if x != 0x00 { 0x01 } else { 0x00 }; + x = x >> 1; + } + return acc; +} + +def main(private u8 x) -> u8 { + return x + u8log2(x); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/log16.zok b/examples/ZoKratesCurly/opt/log16.zok new file mode 100644 index 000000000..7896ddc09 --- /dev/null +++ b/examples/ZoKratesCurly/opt/log16.zok @@ -0,0 +1,12 @@ +def u16log2(x: u16) -> u16 { + u16 mut acc = 0x0000; + for field i in 0..16 { + acc = acc + if x != 0x0000 { 0x0001 } else { 0x0000 }; + x = x >> 1; + } + return acc; +} + +def main(private x: u16) -> u16 { + return x + u16log2(x); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/mult_opt.zok b/examples/ZoKratesCurly/opt/mult_opt.zok new file mode 100644 index 000000000..2ae2cfebf --- /dev/null +++ b/examples/ZoKratesCurly/opt/mult_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x, private u8 y) -> u8 { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/plus_3_opt.zok b/examples/ZoKratesCurly/opt/plus_3_opt.zok new file mode 100644 index 000000000..a0950589a --- /dev/null +++ b/examples/ZoKratesCurly/opt/plus_3_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return 0x03 + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_2_opt.zok b/examples/ZoKratesCurly/opt/times_2_opt.zok new file mode 100644 index 000000000..97707cd1d --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_2_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return 0x02 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_2_u32_opt.zok b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok new file mode 100644 index 000000000..b234a12d3 --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok @@ -0,0 +1,3 @@ +def main(private u32 x) -> u32 { + return 0x00000002 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_3_opt.zok b/examples/ZoKratesCurly/opt/times_3_opt.zok new file mode 100644 index 000000000..c89e9da7b --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_3_opt.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return 0x03 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin new file mode 100644 index 000000000..5942913ff --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin new file mode 100644 index 000000000..ddf853314 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin new file mode 100644 index 000000000..6669752de --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok new file mode 100644 index 000000000..749c8fd5a --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok @@ -0,0 +1,23 @@ +struct BigNat_init_quotient { + field[Qm1][Lp1] limbs; + field last_limb; +} + +struct BigNat_init { + field[N][Lp1] limbs; +} +struct BigNatModMult_init { + BigNat_init_quotient quotient_init; + BigNat_init carry_init; +} + +const u32 Qm1 = 7; +const u32 Lp1 = 4; +const u32 ZG = 2; +const u32 CL = 5; + +def main(private BigNatModMult_init[1] intermediate_mod) -> bool { + BigNat_init carry = intermediate_mod[0].carry_init; + assert(carry.limbs[0][0] == 1); + return true; +} diff --git a/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok new file mode 100644 index 000000000..34a1569bd --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok @@ -0,0 +1,19 @@ +def unsafe_baz(field input) -> field[M] { + return [input; M]; +} + +def foo(field input) -> field[M] { + unsafe witness field[M] inputs = unsafe_baz::(input); + assert(inputs[0] == input); + return inputs; +} + +def bar(field[N][M] input) -> field[M] { + return foo::(input[0][0]); +} + +def main(field[8] a) -> bool { + field[8] x = bar::<2, 8>([a, a]); + field[8] y = bar::<2, 8>([x, a]); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/3_plus.zok b/examples/ZoKratesCurly/pf/3_plus.zok new file mode 100644 index 000000000..3530ba897 --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok @@ -0,0 +1,3 @@ +def main(private u8 x) -> u8 { + return x + x + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/3_plus.zok.pin b/examples/ZoKratesCurly/pf/3_plus.zok.pin new file mode 100644 index 000000000..a49c5187e --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok.pin @@ -0,0 +1,5 @@ +(let ( + (x #x04) +) + false +) diff --git a/examples/ZoKratesCurly/pf/3_plus.zok.vin b/examples/ZoKratesCurly/pf/3_plus.zok.vin new file mode 100644 index 000000000..f3d9f5038 --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok.vin @@ -0,0 +1,6 @@ +(let ( + (return #x0c) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok new file mode 100644 index 000000000..e308e358b --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok @@ -0,0 +1,15 @@ +struct Pt { + field x; + field y; +} + +struct Pts { + Pt[2] pts; +} + +def main(private field y) -> field { + Pt p1 = Pt {x: 2, y: y}; + Pt p2 = Pt {x: y, y: 2}; + Pts[1] pts = [Pts { pts: [p1, p2] }]; + return pts[0].pts[0].y * pts[0].pts[1].x; +} diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin new file mode 100644 index 000000000..27529a48b --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin new file mode 100644 index 000000000..aaecb5092 --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f16) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok b/examples/ZoKratesCurly/pf/assembly_constraint.zok new file mode 100644 index 000000000..b01c0148d --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok @@ -0,0 +1,10 @@ +def main(private field a, private field b, private field c) -> field{ + field d = a * b; + field e = 7; + asm { + e <-- a * c; + 20 === a * c; + } + assert(d == e); + return 1; +} diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin b/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin new file mode 100644 index 000000000..91f0a3ee9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f4) + (b #f5) + (c #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin b/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin new file mode 100644 index 000000000..aa937ae38 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok new file mode 100644 index 000000000..58a62f8d8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok @@ -0,0 +1,9 @@ +from "EMBED" import field_to_bool_unsafe; + +def main(private field x) -> bool { + asm { + x * (x - 1) === 0; + } + bool out = field_to_bool_unsafe(x); + return out; +} diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin new file mode 100644 index 000000000..25a4029da --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f1) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin new file mode 100644 index 000000000..04e3a61d5 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (return true) + +) true; ignored + +)) diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok new file mode 100644 index 000000000..1dd7f835f --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok @@ -0,0 +1,10 @@ +// Here we miss the constraint so we can give different values than 5 to b and c +def main(private field a, private field b, private field c) -> field{ + field d = a * b; + field e = 7; + asm { + e <-- a * c; + } + assert(d == e); + return 1; +} diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin new file mode 100644 index 000000000..31c7ced8d --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f4) + (b #f4) + (c #f4) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin new file mode 100644 index 000000000..aa937ae38 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assert.zok b/examples/ZoKratesCurly/pf/assert.zok new file mode 100644 index 000000000..c71904225 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok @@ -0,0 +1,4 @@ +def main(private field A, private field B) -> field { + assert(A != B); + return A * B; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/assert.zok.pin b/examples/ZoKratesCurly/pf/assert.zok.pin new file mode 100644 index 000000000..87b36cee4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (A #f4) + (B #f5) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assert.zok.vin b/examples/ZoKratesCurly/pf/assert.zok.vin new file mode 100644 index 000000000..d3cac2995 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f20) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assert2.zok b/examples/ZoKratesCurly/pf/assert2.zok new file mode 100644 index 000000000..5985eb71d --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok @@ -0,0 +1,4 @@ +def main(private field A, private field B) -> bool { + assert(A + B == 123); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/assert2.zok.pin b/examples/ZoKratesCurly/pf/assert2.zok.pin new file mode 100644 index 000000000..cbb92e0a4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (A #f4) + (B #f-4) + +) true ;ignored + +)) diff --git a/examples/ZoKratesCurly/pf/assert2.zok.vin b/examples/ZoKratesCurly/pf/assert2.zok.vin new file mode 100644 index 000000000..04e3a61d5 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (return true) + +) true; ignored + +)) diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok b/examples/ZoKratesCurly/pf/chall/poly_mult.zok new file mode 100644 index 000000000..f9efb4d26 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok @@ -0,0 +1,19 @@ +def main(private field[4] f, private field[4] g, private field[7] h) -> field { + field x = sample_challenge([...f, ...g, ...h]); + field[7] xpows = [1; 7]; + for field i in 0..6 { + xpows[i+1] = xpows[i] * x; + } + field fx = 0; + field gx = 0; + field hx = 0; + for field i in 0..3 { + fx = fx + xpows[i] * f[i]; + gx = gx + xpows[i] * g[i]; + } + for field i in 0..6 { + hx = hx + xpows[i] * h[i]; + } + assert(fx * gx == hx); + return f[0]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin new file mode 100644 index 000000000..bd07e8e21 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin @@ -0,0 +1,20 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (f.0 #f1) + (f.1 #f1) + (f.2 #f1) + (f.3 #f1) + (g.0 #f1) + (g.1 #f1) + (g.2 #f1) + (g.3 #f1) + (h.0 #f1) + (h.1 #f2) + (h.2 #f3) + (h.3 #f4) + (h.4 #f3) + (h.5 #f2) + (h.6 #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin new file mode 100644 index 000000000..b7322ee66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok b/examples/ZoKratesCurly/pf/chall/simple.zok new file mode 100644 index 000000000..4fbab8245 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok @@ -0,0 +1,5 @@ +def main(private field x, private field y) -> field { + field a = sample_challenge([x, y]); + assert(a * x == a * y); + return x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok.pin b/examples/ZoKratesCurly/pf/chall/simple.zok.pin new file mode 100644 index 000000000..10483ef68 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f7) + (y #f7) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok.vin b/examples/ZoKratesCurly/pf/chall/simple.zok.vin new file mode 100644 index 000000000..9998618ad --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f7) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/const_linear_lookup.zok b/examples/ZoKratesCurly/pf/const_linear_lookup.zok new file mode 100644 index 000000000..70058896a --- /dev/null +++ b/examples/ZoKratesCurly/pf/const_linear_lookup.zok @@ -0,0 +1,24 @@ +struct T { + field v; + field w; + field x; + field y; + field z; +} + +const T[9] TABLE = [ + T { v: 1, w: 12, x: 13, y: 14, z: 15 }, + T { v: 2, w: 22, x: 23, y: 24, z: 25 }, + T { v: 3, w: 32, x: 33, y: 34, z: 35 }, + T { v: 4, w: 42, x: 43, y: 44, z: 45 }, + T { v: 5, w: 52, x: 53, y: 54, z: 55 }, + T { v: 6, w: 62, x: 63, y: 64, z: 65 }, + T { v: 7, w: 72, x: 73, y: 74, z: 75 }, + T { v: 8, w: 82, x: 83, y: 84, z: 85 }, + T { v: 9, w: 92, x: 93, y: 94, z: 95 } +]; + +def main(field i) -> field { + T t = TABLE[i]; + return t.v + t.w + t.x + t.y + t.z; +} diff --git a/examples/ZoKratesCurly/pf/field_max.zok b/examples/ZoKratesCurly/pf/field_max.zok new file mode 100644 index 000000000..2734e34ea --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok @@ -0,0 +1,3 @@ +def main(private field x, private field y) -> field { + return if x > y { x } else { y }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/field_max.zok.pin b/examples/ZoKratesCurly/pf/field_max.zok.pin new file mode 100644 index 000000000..6583e3220 --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f-1) + (y #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/field_max.zok.vin b/examples/ZoKratesCurly/pf/field_max.zok.vin new file mode 100644 index 000000000..2c9e18356 --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f-1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md b/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md new file mode 100644 index 000000000..21341baee --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md @@ -0,0 +1 @@ +This directory contains a SHA256 implementation by Anna Woo. diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok new file mode 100644 index 000000000..d20b4179b --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok @@ -0,0 +1,3 @@ +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool { + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok new file mode 100644 index 000000000..b9de7cf25 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok @@ -0,0 +1,133 @@ +def split_for_shift(field[N] input, u32[N] LIMBWIDTH) -> field[2] { + u32 CUR_WIDTH = 0; + u32 SPLIT_IDX = 0; + u32 RED_R = R; + for u32 i in 0..N { + SPLIT_IDX = if CUR_WIDTH < R then i else SPLIT_IDX; + RED_R = if CUR_WIDTH < R then R-CUR_WIDTH else RED_R; + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + u32 TOTAL_WIDTH = CUR_WIDTH; + u32 LOW_BITS = RED_R * 2; + u32 HIGH_BITS = 2*LIMBWIDTH[SPLIT_IDX] - 1 - LOW_BITS; + unsafe witness field[2] split = unsafe_split::(input[SPLIT_IDX]); + field[2] safe_split = [0, split[1]]; + safe_split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS); + u32 RED_L = LIMBWIDTH[SPLIT_IDX] - RED_R; + assert(fits_in_bits_sparse::(safe_split[1])); + assert(fits_in_bits_sparse::(safe_split[0])); + + CUR_WIDTH = 0; + field right = 0; + for u32 i in 0..SPLIT_IDX { + right = right + input[i] * (2 ** (2 * CUR_WIDTH)); + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + right = right + safe_split[0] * (2 ** (2 * CUR_WIDTH)); + + CUR_WIDTH = RED_L; + field left = safe_split[1]; + for u32 i in (SPLIT_IDX+1)..N { + left = left + input[i] * (2 ** (2 * CUR_WIDTH)); + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + return [right, left]; +} + +def rotr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field { + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI); + u32 TOTAL_WIDTH = 0; + for u32 i in 0..N { + TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH_ORI[i]; + } + assert(TOTAL_WIDTH == 32); + field output_val = overall_split[0] * (2 ** (2 * (TOTAL_WIDTH - R))) + overall_split[1]; + return output_val; +} + +def shr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field { + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI); + field output_val = overall_split[1]; + return output_val; +} + +def xor_10(field[N] input) -> field { + assert(N == 2 || N == 3); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + Dual dual = split_even_dual_10(sum); + return dual.d; +} + +def xor_11(field[N] input) -> field { + assert(N == 2 || N == 3); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + Dual dual = split_even_dual_11(sum); + return dual.d; +} + +def xor_for_all_limbs(field[3] input, u32[3] LIMBWIDTH) -> field[3] { + field int = 0; + for u32 i in 0..3 { + int = int + input[i]; + } + return split_even_dual_for_all_limbs(int, LIMBWIDTH); +} + +def and_10(field[2] input) -> Dual { + return split_odd_dual_10(input[0] + input[1]); +} + +def and_11(field[2] input) -> Dual { + return split_odd_dual_11(input[0] + input[1]); +} + +def and(field[3] x, field[3] y) -> Dual[3] { + Dual[3] output = [Dual {d: 0, s: 0} ; 3]; + output[0] = and_11([x[0], y[0]]); + output[1] = and_11([x[1], y[1]]); + output[2] = and_10([x[2], y[2]]); + return output; +} + +def and_s2d(field[3] x, field[3] y) -> field[3] { + Dual[3] output = and(x, y); + return dual_limbs_to_dense_limbs(output); +} + +def not_10(field input) -> field { + return S_ONES_10 - input; +} + +def not_11(field input) -> field { + return S_ONES_11 - input; +} + +def not(field[3] input) -> field[3] { + field[3] output = [0; 3]; + output[0] = not_11(input[0]); + output[1] = not_11(input[1]); + output[2] = not_10(input[2]); + return output; +} + +def sum(field[N] input, u32[M] LIMBWIDTH) -> Dual[M] { + assert((1 << C) >= N); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + u32 MP1 = M + 1; + u32[MP1] SPLITWIDTH = [...LIMBWIDTH, C]; + unsafe witness field[MP1] split = unsafe_split_dyn::(sum, SPLITWIDTH); + field[MP1] safe_split = [0, ...split[1..MP1]]; + safe_split[0] = sum - combine_limbs::(safe_split[1..MP1], SPLITWIDTH[1..MP1]) * (2 ** (LIMBWIDTH[0])); + assert(fits_in_bits::(safe_split[M])); + field res_sum = combine_limbs::(safe_split[0..MP1], LIMBWIDTH); + return dense_limb_to_dual_limb::(safe_split[0..M], LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok new file mode 100644 index 000000000..a6d0b77a6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok @@ -0,0 +1,105 @@ +struct BigNatParams { + field max_words; +} + +struct BigNatb { + bool[N][W] limbs; +} + +struct BigNatb_v2 { + bool[Nm1][W] limbs; + bool[W2] limb; +} + +struct BigNat { + field[N] limbs; +} + +struct GpBigNats { + BigNat left; + BigNat right; +} + +struct BigNatModMult { + BigNat z; + BigNat v; + BigNatb quotientb; + bool[ZG][CW] carry; + BigNatb res; +} + +struct BigNatModMult_v4 { + BigNat z; + BigNat v; + BigNatb quotientb; + bool[CW] carry; + BigNatb res; +} + +struct BigNatModMult_v5 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[CW] carry; + BigNatb res; +} + +struct BigNatModMult_v6 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + field[ZG] carry; + BigNatb res; +} + +struct BigNatModMultwores_v5 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[CW] carry; +} + +struct BigNatModMult_v2 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[ZG][CW] carry; + BigNatb_v2 res; +} + +struct BigNatMod { + BigNat v; + BigNatb quotientb; + bool[ZG][CW] carry; + BigNatb res; +} + +struct BigNatMont { + BigNatb[3] res; + BigNatModMult[3] mm; + bool greaterthanp; + bool[ZG][CW] carry; +} + +struct BigNatAdd { + BigNat v; + BigNatb quotientb; + bool[ZG][ZGW] carry; +} + +struct ModuloConst{ + u8[ZG] CW_list; + field[NG] gp_maxword; + field[AC] aux_const; +} + +struct ModuloHelperConst{ + ModuloConst moduloconst; + field shift; +} + +const BigNat<34> r = {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10141204801825835211973625643008]}; + +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool { + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok new file mode 100644 index 000000000..21ad9487f --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok @@ -0,0 +1,5 @@ +def main() { + const field[64] K_DD = [1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298]; + const Dual[8][3] IV_S = [[Dual {d: 1639, s: 1315861}, Dual {d: 316, s: 66896}, Dual {d: 424, s: 83008}], [Dual {d: 1669, s: 1327121}, Dual {d: 1269, s: 1070353}, Dual {d: 749, s: 283729}], [Dual {d: 882, s: 333060}, Dual {d: 1502, s: 1134932}, Dual {d: 241, s: 21761}], [Dual {d: 1338, s: 1115460}, Dual {d: 510, s: 87380}, Dual {d: 661, s: 278801}], [Dual {d: 639, s: 267605}, Dual {d: 458, s: 86084}, Dual {d: 324, s: 69648}], [Dual {d: 140, s: 16464}, Dual {d: 173, s: 17489}, Dual {d: 620, s: 267344}], [Dual {d: 427, s: 83013}, Dual {d: 123, s: 5445}, Dual {d: 126, s: 5460}], [Dual {d: 1305, s: 1114433}, Dual {d: 1049, s: 1048897}, Dual {d: 367, s: 70741}]]; + return; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok new file mode 100644 index 000000000..9ad2104aa --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok @@ -0,0 +1,10 @@ +const transcript field[2] D_1 = [0, 1]; +const transcript field[4] D_2 = [0, 1, 2, 3]; +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7]; +const transcript field[16] D_4 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; +const transcript field[32] D_5 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]; +const transcript field[64] D_6 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63]; +const transcript field[128] D_7 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127]; +const transcript field[256] D_8 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255]; +const transcript field[512] D_9 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511]; +const transcript field[1024] D_10 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309 \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok new file mode 100644 index 000000000..68d7d0c59 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok @@ -0,0 +1,69 @@ +// Importing external functions +from "basic_op" import xor_11, xor_10, xor_for_all_limbs, rotr, shr, and_s2s, and_s2d, not; +from "utils" import combine_limbs, combine_sparse_limbs, split_odd_dual_11, split_odd_dual_10, Dual, dual_limbs_to_dense_limbs; + +def ssig0(field[N] input, u32[N] LIMBWIDTH) -> field { + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH); + return combine_limbs::(output_limbs, LIMBWIDTH); +} + +def ssig1(field[N] input, u32[N] LIMBWIDTH) -> field { + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH); + return combine_limbs::(output_limbs, LIMBWIDTH); +} + +def bsig0(field[N] input) -> field { + u32[N] LIMBWIDTH_ORI = [11, 11, 10]; + u32[N] LIMBWIDTH_NEW = [10, 11, 11]; + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[1] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[2] = combine_sparse_limbs::([input[2], input[0], input[1]], LIMBWIDTH_NEW); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI); + return combine_limbs::(output_limbs, LIMBWIDTH_ORI); +} + +def bsig1(field[N] input) -> field { + u32[N] LIMBWIDTH_ORI = [11, 11, 10]; + u32[N] LIMBWIDTH_NEW = [11, 10, 11]; + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[1] = combine_sparse_limbs::([input[1], input[2], input[0]], LIMBWIDTH_NEW); + int[2] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI); + return combine_limbs::(output_limbs, LIMBWIDTH_ORI); +} + +def maj(field[3][N] input) -> field { + field[N] intermediate = [0; N]; + for u32 i in 0..N { + intermediate[i] = input[0][i] + input[1][i] + input[2][i]; + } + Dual[N] output_dual = [Dual{d: 0, s: 0}; N]; + output_dual[0] = split_odd_dual_11(intermediate[0]); + output_dual[1] = split_odd_dual_11(intermediate[1]); + output_dual[2] = split_odd_dual_10(intermediate[2]); + u32[N] LIMBWIDTH = [11, 11, 10]; + field[N] output_limbs = dual_limbs_to_dense_limbs::(output_dual); + return combine_limbs::(output_limbs, LIMBWIDTH); +} + +def ch(field[3][N] input) -> field { + field[2][N] int = [[0; N]; 2]; + int[0] = and_s2d(input[0], input[1]); + int[1] = and_s2d(not(input[0]), input[2]); + field[N] output_limbs = [0; N]; + for u32 i in 0..N { + output_limbs[i] = int[0][i] + int[1][i]; + } + u32[N] LIMBWIDTH = [11, 11, 10]; + return combine_limbs::(output_limbs, LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok new file mode 100644 index 000000000..e9d87bf52 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok @@ -0,0 +1,13 @@ +def main(field[N][16][NL] message) -> field[8] { + u32[NL] LIMBWIDTH = [11, 11, 10]; + Dual[8][NL] current = IV_S; + for u32 i in 0..N { + Dual[16][NL] cur_msg = dense_limbs_to_dual_limbs::<16, NL>(message[i], LIMBWIDTH); + current = shaRound::(cur_msg, current, LIMBWIDTH); + } + field[8] output = [0; 8]; + for u32 i in 0..8 { + output[i] = combine_limbs(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH); + } + return output; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok new file mode 100644 index 000000000..33b7493d2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok @@ -0,0 +1,71 @@ +from "logic_func" import ssig0, ssig1, bsig0, bsig1, ch, maj +from "utils" import Dual, combine_limbs, dual_limbs_to_sparse_limbs, dual_limbs_to_dense_limbs +from "basic_op" import sum +from "const" import K_DD // K_S + +def one_extend(w_input: Dual[4][N], LIMBWIDTH: u32[N]) -> Dual[N] { + let addend: field[4] = [0; 4]; + addend[0] = ssig1::(dual_limbs_to_sparse_limbs(w_input[0]), LIMBWIDTH); + addend[1] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[1]), LIMBWIDTH); + addend[2] = ssig0::(dual_limbs_to_sparse_limbs(w_input[2]), LIMBWIDTH); + addend[3] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[3]), LIMBWIDTH); + return sum::<4, N, 2, CM>(addend, LIMBWIDTH); +} + +def whole_extend(message: Dual[16][N], LIMBWIDTH: u32[N]) -> Dual[64][N] { + let mut w: Dual[64][N] = [...message, ...[[Dual{s: 0, d: 0}; N]; 48]]; + for i: u32 in 16..64 { + w[i] = one_extend::([w[i-2], w[i-7], w[i-15], w[i-16]], LIMBWIDTH); + } + return w; +} + +def one_main(input: Dual[8][N], k: field, w: Dual[N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let t1: field[5] = [0; 5]; + t1[0] = combine_limbs::(dual_limbs_to_dense_limbs(input[7]), LIMBWIDTH); + t1[1] = bsig1::(dual_limbs_to_sparse_limbs(input[4])); + let input_to_ch: field[3][N] = [dual_limbs_to_sparse_limbs(input[4]), dual_limbs_to_sparse_limbs(input[5]), dual_limbs_to_sparse_limbs(input[6])]; + t1[2] = ch::(input_to_ch); + t1[3] = k; + t1[4] = combine_limbs::(dual_limbs_to_dense_limbs(w), LIMBWIDTH); + + let t2: field[2] = [0; 2]; + t2[0] = bsig0::(dual_limbs_to_sparse_limbs(input[0])); + let input_to_maj: field[3][N] = [dual_limbs_to_sparse_limbs(input[0]), dual_limbs_to_sparse_limbs(input[1]), dual_limbs_to_sparse_limbs(input[2])]; + t2[1] = maj::(input_to_maj); + + let mut output: Dual[8][N] = [[Dual{s: 0, d: 0}; N]; 8]; + for i: u32 in 0..8 { + let j: u32 = (i + 7) % 8; + output[i] = input[j]; + } + output[0] = sum::<7, N, 3, CM>([...t1, ...t2], LIMBWIDTH); + let d_val: field = combine_limbs::(dual_limbs_to_dense_limbs(input[3]), LIMBWIDTH); + output[4] = sum::<6, N, 3, CM>([d_val, ...t1], LIMBWIDTH); + return output; +} + +def whole_main(current: Dual[8][N], w: Dual[64][N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let mut interm: Dual[8][N] = current; + for i: u32 in 0..64 { + interm = one_main::(interm, K_DD[i], w[i], LIMBWIDTH); + } + return interm; +} + +def compute_final_output(interm: Dual[8][N], current: Dual[8][N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let mut output: Dual[8][N] = [[Dual{s: 0, d: 0}; N]; 8]; + for i: u32 in 0..8 { + let cur_val: field = combine_limbs::(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH); + let interm_val: field = combine_limbs::(dual_limbs_to_dense_limbs(interm[i]), LIMBWIDTH); + output[i] = sum::<2, N, 1, CM>([cur_val, interm_val], LIMBWIDTH); + } + return output; +} + +def main(input: Dual[16][N], current: Dual[8][N], LIMBWIDTH: u32[3]) -> Dual[8][N] { + let CM: u32 = 3; + let w: Dual[64][N] = whole_extend::(input, LIMBWIDTH); + let interm: Dual[8][N] = whole_main::(current, w, LIMBWIDTH); + return compute_final_output::(interm, current, LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok new file mode 100644 index 000000000..3af4bdb48 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok @@ -0,0 +1,5 @@ +def test_sha256(field[8] expected_hash, field[N][16][NL] padded_message) -> bool { + field[8] actual_hash = sha256::(padded_message); + assert(expected_hash == actual_hash); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok new file mode 100644 index 000000000..ffe39ed56 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok @@ -0,0 +1,3 @@ +def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool { + return test_sha256::(expected_hash, padded_message); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok new file mode 100644 index 000000000..252d31cad --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok @@ -0,0 +1,3 @@ +def main(field[8] expected_hash, private field[8][16][3] padded_message) -> bool { + return test_sha256::<8, 3>(expected_hash, padded_message); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin new file mode 100644 index 000000000..39d171d9c --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin @@ -0,0 +1,396 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (padded_message.3.0.2 #f12) + (padded_message.0.1.0 #f513) + (padded_message.1.0.0 #f531) + (padded_message.5.0.1 #f6) + (padded_message.4.15.1 #f2016) + (padded_message.0.0.1 #f65) + (padded_message.0.2.1 #f66) + (padded_message.1.3.1 #f1614) + (padded_message.1.12.2 #f197) + (padded_message.1.15.0 #f49) + (padded_message.3.10.0 #f1503) + (padded_message.3.13.2 #f751) + (padded_message.4.14.2 #f340) + (padded_message.5.15.2 #f83) + (padded_message.3.6.1 #f961) + (padded_message.6.3.1 #f32) + (padded_message.3.14.2 #f621) + (padded_message.2.0.2 #f216) + (padded_message.2.7.0 #f1036) + (padded_message.7.6.2 #f0) + (expected_hash.1 #f1327195860) + (padded_message.5.14.0 #f582) + (padded_message.3.0.0 #f1795) + (padded_message.5.9.2 #f13) + (padded_message.1.13.1 #f737) + (padded_message.3.10.2 #f163) + (padded_message.6.0.1 #f1254) + (padded_message.2.6.1 #f192) + (padded_message.4.7.2 #f8) + (padded_message.7.4.2 #f0) + (padded_message.0.9.2 #f988) + (padded_message.1.8.2 #f192) + (padded_message.7.11.1 #f0) + (padded_message.2.2.0 #f304) + (padded_message.2.4.0 #f560) + (padded_message.3.3.1 #f71) + (padded_message.7.15.1 #f1) + (padded_message.4.11.1 #f192) + (expected_hash.7 #f1529670075) + (padded_message.5.12.1 #f1520) + (padded_message.5.4.2 #f315) + (padded_message.3.13.1 #f228) + (padded_message.4.14.1 #f930) + (padded_message.5.15.1 #f1646) + (padded_message.7.13.1 #f0) + (padded_message.7.3.2 #f0) + (padded_message.2.5.1 #f1570) + (padded_message.4.2.2 #f520) + (padded_message.4.9.0 #f1036) + (padded_message.0.4.2 #f900) + (padded_message.0.6.2 #f502) + (padded_message.5.2.2 #f56) + (padded_message.0.11.1 #f1569) + (padded_message.5.9.0 #f1315) + (padded_message.6.7.2 #f192) + (padded_message.4.13.1 #f384) + (padded_message.6.9.2 #f232) + (padded_message.7.6.0 #f0) + (padded_message.7.8.0 #f0) + (padded_message.1.5.2 #f457) + (padded_message.1.8.0 #f1539) + (padded_message.7.9.1 #f0) + (padded_message.2.1.0 #f563) + (padded_message.4.8.1 #f192) + (padded_message.3.10.1 #f273) + (expected_hash.5 #f2797358084) + (padded_message.0.15.2 #f192) + (padded_message.5.1.2 #f24) + (padded_message.5.4.0 #f1892) + (padded_message.5.6.0 #f605) + (padded_message.3.14.1 #f560) + (padded_message.6.4.2 #f193) + (padded_message.7.3.0 #f0) + (padded_message.0.12.0 #f853) + (padded_message.4.2.0 #f1328) + (padded_message.7.5.0 #f0) + (padded_message.0.1.2 #f640) + (padded_message.0.3.2 #f623) + (padded_message.0.6.0 #f501) + (padded_message.1.0.2 #f340) + (padded_message.1.2.2 #f413) + (padded_message.1.9.0 #f787) + (padded_message.4.7.1 #f240) + (padded_message.4.11.2 #f172) + (padded_message.5.12.2 #f510) + (padded_message.3.7.2 #f728) + (padded_message.4.10.1 #f320) + (padded_message.5.7.1 #f512) + (padded_message.5.11.1 #f657) + (padded_message.4.15.0 #f1026) + (padded_message.5.14.1 #f540) + (padded_message.6.8.1 #f1678) + (padded_message.7.4.1 #f0) + (expected_hash.0 #f2856353870) + (padded_message.0.7.1 #f416) + (padded_message.0.9.1 #f416) + (padded_message.1.6.1 #f1636) + (padded_message.4.13.2 #f192) + (padded_message.7.0.0 #f1285) + (padded_message.1.14.2 #f204) + (padded_message.0.12.2 #f36) + (padded_message.2.9.2 #f445) + (padded_message.4.3.0 #f304) + (padded_message.5.1.0 #f1309) + (padded_message.4.12.1 #f224) + (padded_message.5.3.0 #f961) + (padded_message.5.13.1 #f697) + (padded_message.6.1.2 #f24) + (padded_message.6.4.0 #f39) + (padded_message.3.2.2 #f272) + (padded_message.3.9.0 #f2022) + (padded_message.0.3.0 #f865) + (padded_message.1.2.0 #f1312) + (padded_message.5.2.1 #f130) + (padded_message.5.4.1 #f225) + (padded_message.6.11.2 #f449) + (padded_message.4.0.1 #f23) + (padded_message.7.1.1 #f0) + (padded_message.0.4.1 #f920) + (padded_message.0.11.0 #f816) + (padded_message.1.5.1 #f1741) + (padded_message.1.7.1 #f102) + (padded_message.6.5.1 #f261) + (padded_message.6.7.1 #f48) + (padded_message.1.10.2 #f41) + (padded_message.3.8.1 #f766) + (padded_message.2.12.2 #f24) + (padded_message.6.13.2 #f189) + (padded_message.2.2.2 #f192) + (padded_message.1.14.0 #f1073) + (padded_message.2.9.0 #f1125) + (padded_message.6.15.1 #f193) + (padded_message.0.13.1 #f194) + (padded_message.1.1.0 #f1903) + (padded_message.7.8.2 #f0) + (padded_message.6.1.0 #f774) + (padded_message.2.13.1 #f455) + (padded_message.3.2.0 #f1342) + (padded_message.5.1.1 #f106) + (padded_message.6.2.1 #f160) + (padded_message.0.14.0 #f290) + (padded_message.4.9.2 #f116) + (padded_message.2.8.1 #f1484) + (padded_message.3.11.1 #f1138) + (padded_message.0.1.1 #f96) + (padded_message.1.0.1 #f129) + (padded_message.2.10.1 #f1133) + (padded_message.6.14.2 #f197) + (padded_message.2.1.2 #f92) + (padded_message.2.3.2 #f192) + (padded_message.2.6.0 #f853) + (padded_message.2.15.2 #f537) + (padded_message.3.5.1 #f1629) + (padded_message.3.15.1 #f280) + (padded_message.2.12.0 #f646) + (padded_message.2.14.1 #f193) + (padded_message.3.1.0 #f1109) + (padded_message.3.3.0 #f1951) + (padded_message.5.6.2 #f983) + (padded_message.5.8.2 #f668) + (padded_message.7.5.2 #f0) + (padded_message.2.7.1 #f97) + (padded_message.4.4.2 #f56) + (padded_message.7.7.2 #f0) + (padded_message.0.8.2 #f170) + (padded_message.4.12.0 #f769) + (padded_message.6.10.2 #f397) + (padded_message.2.11.2 #f193) + (padded_message.7.12.2 #f0) + (padded_message.3.0.1 #f32) + (padded_message.6.11.1 #f1389) + (padded_message.1.7.2 #f305) + (padded_message.1.9.2 #f340) + (expected_hash.2 #f3085693120) + (padded_message.2.3.0 #f310) + (padded_message.2.15.0 #f1597) + (padded_message.1.15.1 #f1543) + (padded_message.1.12.1 #f102) + (padded_message.5.3.2 #f80) + (padded_message.5.5.2 #f961) + (padded_message.5.8.0 #f1798) + (padded_message.3.12.0 #f81) + (padded_message.6.6.2 #f4) + (padded_message.6.10.0 #f46) + (padded_message.2.0.1 #f1638) + (padded_message.4.1.2 #f567) + (padded_message.4.3.2 #f520) + (padded_message.0.5.2 #f67) + (padded_message.0.8.0 #f134) + (padded_message.1.4.2 #f464) + (padded_message.2.14.2 #f4) + (padded_message.4.4.0 #f853) + (padded_message.4.6.0 #f1027) + (padded_message.4.9.1 #f1184) + (padded_message.6.13.1 #f1262) + (padded_message.7.0.2 #f24) + (padded_message.3.9.2 #f290) + (padded_message.5.9.1 #f675) + (padded_message.7.6.1 #f0) + (padded_message.7.7.0 #f0) + (padded_message.7.8.1 #f0) + (padded_message.7.10.1 #f0) + (padded_message.7.12.0 #f0) + (padded_message.7.14.1 #f0) + (padded_message.7.15.2 #f0) + (padded_message.1.8.1 #f544) + (padded_message.7.2.0 #f0) + (padded_message.2.1.1 #f422) + (padded_message.4.5.0 #f257) + (padded_message.3.15.0 #f504) + (padded_message.0.0.2 #f194) + (padded_message.0.7.0 #f1545) + (padded_message.0.15.0 #f1539) + (padded_message.5.5.0 #f466) + (padded_message.7.11.2 #f0) + (padded_message.6.3.2 #f4) + (padded_message.3.12.2 #f889) + (padded_message.6.6.0 #f1287) + (padded_message.3.4.2 #f640) + (padded_message.5.6.1 #f1734) + (padded_message.0.5.0 #f902) + (padded_message.1.1.2 #f101) + (padded_message.1.4.0 #f869) + (padded_message.7.15.0 #f1568) + (padded_message.4.11.0 #f261) + (padded_message.4.2.1 #f387) + (padded_message.4.4.1 #f192) + (padded_message.5.12.0 #f1485) + (padded_message.0.6.1 #f932) + (padded_message.1.9.1 #f128) + (padded_message.7.3.1 #f0) + (padded_message.7.5.1 #f0) + (padded_message.7.13.2 #f0) + (padded_message.0.14.2 #f341) + (padded_message.4.15.2 #f7) + (padded_message.6.9.1 #f1509) + (expected_hash.6 #f186422342) + (padded_message.3.11.0 #f359) + (padded_message.5.0.0 #f29) + (padded_message.2.10.0 #f1901) + (padded_message.6.5.0 #f774) + (padded_message.6.7.0 #f1563) + (padded_message.4.13.0 #f1539) + (padded_message.2.4.2 #f204) + (padded_message.7.11.0 #f0) + (padded_message.4.10.2 #f192) + (padded_message.0.0.0 #f1316) + (padded_message.1.3.0 #f1395) + (padded_message.5.11.2 #f512) + (padded_message.7.14.2 #f0) + (padded_message.7.0.1 #f32) + (padded_message.1.11.1 #f104) + (padded_message.6.3.0 #f1118) + (padded_message.6.12.1 #f1517) + (padded_message.5.10.1 #f774) + (padded_message.3.1.2 #f264) + (padded_message.3.4.0 #f822) + (padded_message.3.6.0 #f1501) + (padded_message.3.13.0 #f1021) + (padded_message.4.14.0 #f769) + (padded_message.5.3.1 #f2039) + (padded_message.5.15.0 #f309) + (padded_message.4.1.1 #f98) + (padded_message.6.4.1 #f902) + (padded_message.4.12.2 #f20) + (padded_message.0.3.1 #f221) + (padded_message.1.2.1 #f1420) + (padded_message.0.11.2 #f280) + (padded_message.5.13.2 #f954) + (padded_message.7.10.2 #f0) + (padded_message.2.5.2 #f92) + (padded_message.2.8.0 #f1903) + (padded_message.7.12.1 #f0) + (padded_message.1.10.0 #f1107) + (padded_message.3.7.1 #f906) + (padded_message.7.13.0 #f0) + (padded_message.7.14.0 #f0) + (expected_hash.4 #f537200913) + (padded_message.6.0.0 #f106) + (expected_hash.3 #f203566965) + (padded_message.3.5.0 #f1593) + (padded_message.4.10.0 #f1544) + (padded_message.5.11.0 #f628) + (padded_message.7.9.2 #f0) + (padded_message.0.10.0 #f48) + (padded_message.2.9.1 #f1261) + (padded_message.4.6.2 #f1020) + (padded_message.0.15.1 #f1024) + (padded_message.1.1.1 #f237) + (padded_message.4.8.2 #f76) + (padded_message.6.1.1 #f261) + (padded_message.0.12.1 #f192) + (padded_message.7.10.0 #f0) + (padded_message.3.2.1 #f1291) + (padded_message.3.4.1 #f628) + (padded_message.5.13.0 #f1341) + (padded_message.6.14.0 #f816) + (padded_message.2.5.0 #f1328) + (padded_message.5.10.2 #f16) + (padded_message.5.7.2 #f567) + (padded_message.6.8.2 #f417) + (padded_message.7.2.2 #f0) + (padded_message.2.2.1 #f1766) + (padded_message.0.10.2 #f44) + (padded_message.2.4.1 #f1579) + (padded_message.0.7.2 #f192) + (padded_message.1.6.2 #f405) + (padded_message.4.5.2 #f116) + (padded_message.1.11.0 #f288) + (padded_message.4.8.0 #f853) + (padded_message.2.0.0 #f602) + (padded_message.5.10.0 #f22) + (padded_message.6.12.0 #f1895) + (padded_message.2.11.0 #f19) + (padded_message.3.1.1 #f0) + (padded_message.6.15.2 #f196) + (padded_message.7.9.0 #f0) + (padded_message.5.14.2 #f627) + (padded_message.2.13.0 #f1282) + (padded_message.1.13.0 #f1330) + (padded_message.0.14.1 #f614) + (padded_message.4.7.0 #f48) + (padded_message.1.10.1 #f234) + (padded_message.2.3.1 #f1798) + (padded_message.0.2.2 #f8) + (padded_message.0.9.0 #f257) + (padded_message.4.0.2 #f534) + (padded_message.2.10.2 #f185) + (padded_message.5.0.2 #f192) + (padded_message.5.7.0 #f72) + (padded_message.6.5.2 #f24) + (padded_message.6.8.0 #f1136) + (padded_message.1.14.1 #f1542) + (padded_message.3.6.2 #f201) + (padded_message.3.8.2 #f759) + (padded_message.0.13.0 #f770) + (padded_message.1.3.2 #f337) + (padded_message.1.6.0 #f76) + (padded_message.2.12.1 #f229) + (padded_message.1.11.2 #f129) + (padded_message.4.6.1 #f128) + (padded_message.2.14.0 #f42) + (padded_message.5.8.1 #f1539) + (padded_message.0.8.1 #f201) + (padded_message.2.13.2 #f291) + (padded_message.6.12.2 #f413) + (padded_message.6.15.0 #f43) + (padded_message.7.1.2 #f512) + (padded_message.7.4.0 #f0) + (padded_message.7.7.1 #f0) + (padded_message.5.2.0 #f1540) + (padded_message.6.0.2 #f116) + (padded_message.6.2.2 #f4) + (padded_message.1.13.2 #f120) + (padded_message.2.6.2 #f76) + (padded_message.2.8.2 #f168) + (padded_message.4.0.0 #f887) + (padded_message.0.2.0 #f256) + (padded_message.0.4.0 #f776) + (padded_message.1.5.0 #f355) + (padded_message.1.7.0 #f275) + (padded_message.3.15.2 #f691) + (padded_message.4.5.1 #f480) + (padded_message.6.9.0 #f1903) + (padded_message.6.11.0 #f302) + (padded_message.7.1.0 #f0) + (padded_message.3.3.2 #f209) + (padded_message.3.5.2 #f859) + (padded_message.1.15.2 #f220) + (padded_message.0.13.2 #f16) + (padded_message.3.8.0 #f1905) + (padded_message.5.5.1 #f1696) + (padded_message.0.10.1 #f160) + (padded_message.4.3.1 #f387) + (padded_message.6.6.1 #f160) + (padded_message.1.12.0 #f816) + (padded_message.0.5.1 #f1977) + (padded_message.1.4.1 #f1034) + (padded_message.6.13.0 #f1139) + (padded_message.3.12.1 #f1173) + (padded_message.3.14.0 #f1764) + (padded_message.2.7.2 #f16) + (padded_message.2.11.1 #f806) + (padded_message.4.1.0 #f1443) + (padded_message.6.10.1 #f1646) + (padded_message.3.9.1 #f1443) + (padded_message.3.11.2 #f198) + (padded_message.7.2.1 #f0) + (padded_message.6.2.0 #f1287) + (padded_message.6.14.1 #f1126) + (padded_message.2.15.1 #f281) + (padded_message.3.7.0 #f1559) +) true;ignored +)) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok new file mode 100644 index 000000000..3c4174d8d --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok @@ -0,0 +1,131 @@ +```rust +use "assert_well_formed"::fits_in_bits_sparse; +use "EMBED"::{unpack, reverse_lookup}; +use "const_range_check"::{D_TO_S_10, D_TO_S_11}; + +struct Dual { + s: field, + d: field, +} + +fn ceildiv(x: u32, y: u32) -> u32 { + (x + y - 1) / y +} + +fn reverse_limbs(input: [field; N]) -> [field; N] { + let mut output = [0; N]; + for i in 0..N { + output[i] = input[N - 1 - i]; + } + output +} + +fn combine_limbs(input: [field; N], limbw: [u32; N]) -> field { + let mut output = 0; + let mut cur_width = 0; + for (limb, &width) in input.iter().zip(limbw.iter()) { + output += limb * (2 ** cur_width); + cur_width += width; + } + output +} + +fn combine_sparse_limbs(input: [field; N], limbw: [u32; N]) -> field { + let sparse_limbw: [u32; N] = array::from_fn(|i| 2 * limbw[i]); + combine_limbs(input, sparse_limbw) +} + +fn unsafe_split(x: field) -> [field; 2] { + let total_bits = LOW_BITS + HIGH_BITS; + let bits = unpack(x); + let (mut low, mut high) = (0, 0); + for i in 0..LOW_BITS { + low += (2 ** i) * bits[total_bits - 1 - i] as field; + } + for i in LOW_BITS..total_bits { + high += (2 ** (i - LOW_BITS)) * bits[total_bits - 1 - i] as field; + } + [low, high] +} + +fn unsafe_split_dyn(x: field, limbw: [u32; N]) -> [field; N] { + let total_width = limbw.iter().sum::(); + let bits = unpack(x); + let mut output = [0; N]; + let mut idx = total_width - 1; + for (out_limb, &width) in output.iter_mut().zip(limbw.iter()) { + for j in 0..width { + *out_limb += 2 ** j * bits[idx] as field; + idx -= 1; + } + } + output +} + +fn unsafe_split_dyn_sparse(x: field, limbw: [u32; N]) -> [field; N] { + let sparse_limbw: [u32; N] = array::from_fn(|i| 2 * limbw[i]); + unsafe_split_dyn(x, sparse_limbw) +} + +fn unsafe_separate_sparse(x: field) -> [field; 2] { + let bits = unpack(x); + let (mut even, mut odd) = (0, 0); + for i in 0..N { + even += 4 ** i * bits[2 * N - 1 - 2 * i] as field; + odd += 4 ** i * bits[2 * N - 2 * i] as field; + } + [even, odd] +} + +fn split_limbs_in_sparse(input: field, limbw: [u32; N]) -> [field; N] { + let output_limbs = unsafe_split_dyn_sparse(input, limbw); + let mut safe_output_limbs = [0; N]; + + safe_output_limbs[0..].copy_from_slice(&output_limbs[1..]); + let nm1 = N - 1; + safe_output_limbs[0] = input - combine_sparse_limbs(safe_output_limbs[1..].try_into().unwrap(), limbw[1..].try_into().unwrap()) * (2 ** (2 * limbw[0])); + + for (limb, &width) in output_limbs.iter().zip(limbw.iter()) { + assert!(fits_in_bits_sparse(*limb, width)); + } + output_limbs +} + +fn split_even_dual_10(x: field) -> Dual { + let split = split_both_sparse_inner::<10>(x); + let (even, even_d) = (split[0], reverse_lookup(D_TO_S_10, split[0])); + assert!(fits_in_bits_sparse(split[1], 10)); + Dual { s: even, d: even_d } +} + +fn split_odd_dual_10(x: field) -> Dual { + let split = split_both_sparse_inner::<10>(x); + let (odd, odd_d) = (split[1], reverse_lookup(D_TO_S_10, split[1])); + assert!(fits_in_bits_sparse(split[0], 10)); + Dual { s: odd, d: odd_d } +} + +fn split_even_dual_11(x: field) -> Dual { + let split = split_both_sparse_inner::<11>(x); + let (even, even_d) = (split[0], reverse_lookup(D_TO_S_11, split[0])); + assert!(fits_in_bits_sparse(split[1], 11)); + Dual { s: even, d: even_d } +} + +fn dense_to_dual(x: field) -> Dual { + let s = match W { + 10 => reverse_lookup(D_TO_S_10, x), + 11 => reverse_lookup(D_TO_S_11, x), + _ => panic!(), + }; + Dual { s, d: x } +} + +fn dense_limbs_to_dual_limbs(input: [[field; NL]; N], limbw: [u32; NL]) -> [[Dual; NL]; N] { + let mut output = array::from_fn(|_| array::from_fn(|_| Dual { s: 0, d: 0 })); + for (i, each) in input.iter().enumerate() { + output[i] = dense_limb_to_dual_limb(each, limbw); + } + output +} +``` \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok b/examples/ZoKratesCurly/pf/isolate_assert.zok new file mode 100644 index 000000000..e5140996b --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok @@ -0,0 +1,8 @@ +def mult(field x, field y) -> field { + assert(x != y); + return x * y; +} + +def main(private field x, private field y) -> field { + return if x == y { x * x } else { mult(x, y) }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok.pin b/examples/ZoKratesCurly/pf/isolate_assert.zok.pin new file mode 100644 index 000000000..8b29f7913 --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f4) + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok.vin b/examples/ZoKratesCurly/pf/isolate_assert.zok.vin new file mode 100644 index 000000000..201a3d383 --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f16) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/maj.zok b/examples/ZoKratesCurly/pf/maj.zok new file mode 100644 index 000000000..fbe8e5626 --- /dev/null +++ b/examples/ZoKratesCurly/pf/maj.zok @@ -0,0 +1,3 @@ +def main(u8 a, u8 b, u8 c) -> u8 { + return (a & b) ^ (a & c) ^ (b & c); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/maj.zok.pin b/examples/ZoKratesCurly/pf/maj.zok.pin new file mode 100644 index 000000000..8286edeb9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/maj.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #xFD) + (b #xC9) + (c #xD0) +) + false +) diff --git a/examples/ZoKratesCurly/pf/many_pub.zok b/examples/ZoKratesCurly/pf/many_pub.zok new file mode 100644 index 000000000..68bc48d33 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok @@ -0,0 +1,3 @@ +def main(public u16 a, public u16 b, public u16 c, public u16 d) -> u16 { + return a ^ b ^ c ^ d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/many_pub.zok.pin b/examples/ZoKratesCurly/pf/many_pub.zok.pin new file mode 100644 index 000000000..ca1820632 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #x0001) + (b #x0002) + (c #x0003) + (d #x0004) +) false ; ignored +) diff --git a/examples/ZoKratesCurly/pf/many_pub.zok.vin b/examples/ZoKratesCurly/pf/many_pub.zok.vin new file mode 100644 index 000000000..6230501b4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok.vin @@ -0,0 +1,8 @@ +(let ( + (a #x0001) + (b #x0002) + (c #x0003) + (d #x0004) + (return #x0004) +) false ; ignored +) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok new file mode 100644 index 000000000..b4b50817f --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok @@ -0,0 +1,8 @@ +def main(field x) -> field { + field[25] mut A = [0; 25]; + for field counter in 0..30 { + bool inbound = counter < x; + cond_store(A, if inbound { counter } else { 0 }, x, inbound); + } + return A[x]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin new file mode 100644 index 000000000..5942913ff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok new file mode 100644 index 000000000..c7d63125b --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok @@ -0,0 +1,7 @@ +def main(field x) -> field { + field[25] A = [0; 25]; + for field counter in 0..5 { + cond_store(A, counter - 1, x, counter > 1); + } + return A[x]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin new file mode 100644 index 000000000..ddf853314 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok new file mode 100644 index 000000000..e607ed129 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok @@ -0,0 +1,11 @@ +const u32 N = 100; +const u32 A = 100; +const field[N] TABLE = [4, ...[5; N-1]]; + +def main(field[A] is) -> field { + field sum = 0; + for u32 i in 0..A { + sum = sum + TABLE[is[i]]; + } + return sum; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok new file mode 100644 index 000000000..f500a4385 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok @@ -0,0 +1,8 @@ +def main(private field[ACCESSES][2] idx) -> field { + field sum = 0; + for u32 i in 0..ACCESSES { + field[2] access = idx[i]; + sum = sum + array[access[1]][access[0]].x[0]; + } + return sum; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok new file mode 100644 index 000000000..5427d4273 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok @@ -0,0 +1,19 @@ +const u32 LEN = 6; +const u32 ACCESSES = 3; + +struct Pt { + field x; + field y; + field z; +} +const Pt[LEN] array = [Pt{x: 4, y: 5, z: 6}, ...[Pt{x: 0, y: 1, z: 2}; LEN - 1]]; + +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + prod = prod * pt.x * pt.y * pt.z; + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin new file mode 100644 index 000000000..b49ce4781 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (idx.0 #f0) + (idx.1 #f1) + (idx.2 #f2) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin new file mode 100644 index 000000000..b98ac1cff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok new file mode 100644 index 000000000..063f8eb1a --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok @@ -0,0 +1,22 @@ +const u32 LEN = 4; +const u32 INNER_LEN = 2; +const u32 ACCESSES = 2; + +struct Pt { + field[INNER_LEN] x; + field[INNER_LEN] y; +} + +const transcript Pt[LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]]; + +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + for u32 j in 0..INNER_LEN { + prod = prod * pt.x[j] * pt.y[j]; + } + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin new file mode 100644 index 000000000..018f4efef --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (idx.0 #f0) + (idx.1 #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin new file mode 100644 index 000000000..492e70107 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py b/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py new file mode 100755 index 000000000..53b984759 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python3 + +import argparse +import subprocess as sub +import shutil as sh +import os +import textwrap + +script_dir = os.path.dirname(os.path.realpath(__file__)) +for A in [10, 50]: + for logN in [5, 10]: + N = 2**logN + output = f"{script_dir}/../persistent_{A}accs_size{N}.zok" + sub.run( + f'cat {script_dir}/persistent_template.zok | sed "s/7777/{N}/g" | sed "s/99/{A}/g" > {output}', + shell=True, + check=True, + ) diff --git a/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok new file mode 100644 index 000000000..f9ec0cff2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok @@ -0,0 +1,8 @@ +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC - 1) { + cond_store(array, x + i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok b/examples/ZoKratesCurly/pf/mem/in_array.zok new file mode 100644 index 000000000..72f724f4f --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok @@ -0,0 +1,6 @@ +def main(private field y) -> field { + assert(value_in_array(y, SQUARES)); + assert(value_in_array(y * y, SQUARES)); + assert(value_in_array(y * 4, SQUARES)); + return y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok.pin b/examples/ZoKratesCurly/pf/mem/in_array.zok.pin new file mode 100644 index 000000000..c9bc6da4c --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f4) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok.vin b/examples/ZoKratesCurly/pf/mem/in_array.zok.vin new file mode 100644 index 000000000..f0f52fb23 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f4) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok new file mode 100644 index 000000000..9a60b7bde --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok @@ -0,0 +1,22 @@ +const u32 LEN = 256; +const u32 INNER_LEN = 8; +const u32 ACCESSES = 10; + +struct Pt { + field[INNER_LEN] x; + field[INNER_LEN] y; +} + +const Pt[LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]]; + +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + for u32 j in 0..INNER_LEN { + prod = prod * pt.x[j] * pt.y[j]; + } + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok new file mode 100644 index 000000000..7f3a92049 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok @@ -0,0 +1,8 @@ +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok new file mode 100644 index 000000000..7f3a92049 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok @@ -0,0 +1,8 @@ +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok new file mode 100644 index 000000000..7f3a92049 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok @@ -0,0 +1,8 @@ +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok new file mode 100644 index 000000000..9dafd47d6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok @@ -0,0 +1,11 @@ +const u32 LEN = 32; +const field ACC = 50; + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok new file mode 100644 index 000000000..b861a3c90 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok @@ -0,0 +1,5 @@ +def main(private field y, private field z) -> field { + field dy = reverse_lookup(ROTATION, y); + field dz = reverse_lookup(ROTATION, z); + return dz * dy; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin new file mode 100644 index 000000000..1120386fa --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f0) + (z #f2) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin new file mode 100644 index 000000000..297c505a7 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f3) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/mem/rom.zok b/examples/ZoKratesCurly/pf/mem/rom.zok new file mode 100644 index 000000000..7f07f55de --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/rom.zok @@ -0,0 +1,20 @@ +const u32 VAL_LEN = 3; +const u32 RAM_LEN = 20; +const u32 ACCESSES = 400; + +struct Val { + field x; + field y; +} + +const Val[RAM_LEN] array = [Val{x: 0, y: 0}, ...[Val{x: 10, y: 10}; RAM_LEN - 1]]; + +def main(private field[ACCESSES] y) -> field { + field result = 0; + + for u32 i in 0..ACCESSES { + Val v = array[y[i]]; + result = result + v.x + v.y; + } + return result; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok b/examples/ZoKratesCurly/pf/mem/small_sparse.zok new file mode 100644 index 000000000..3a015cdf8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok @@ -0,0 +1,26 @@ +const transcript field[4] DENSE_TO_SPARSE = [0f, 1f, 4f, 5f]; + +from "EMBED" import unpack, value_in_array, reverse_lookup; + +def split_sparse_bits(field x) -> field[2] { + bool[2*N] bits = unpack(x); + field even = 0; + field odd = 0; + for u32 i in 0..N { + even = even + 4 ** i * (if bits[2*N-1-(2*i)] { 1 } else { 0 }); + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] { 1 } else { 0 }); + } + return [even, odd]; +} + +def main(private field x, private field y) -> field { + field sy = DENSE_TO_SPARSE[y]; + field sx = DENSE_TO_SPARSE[x]; + unsafe witness field[2] split = split_sparse_bits::<2>(sx + sy); + field even = split[0]; + field odd = split[1]; + assert(value_in_array(even, DENSE_TO_SPARSE)); + field odd_dense = reverse_lookup(DENSE_TO_SPARSE, odd); + assert(sx + sy == 2 * odd + even); + return odd_dense; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin new file mode 100644 index 000000000..5e45507b1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f3) + (y #f3) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin new file mode 100644 index 000000000..84ff313b3 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f3) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok b/examples/ZoKratesCurly/pf/mem/sparse.zok new file mode 100644 index 000000000..39fe09835 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok @@ -0,0 +1,11 @@ +def main(private field dense_x, private field dense_y) -> field { + Dual z = dense_to_dual_8(0); + Dual x = dense_to_dual_8(dense_x); // 10001000 (136) + Dual y = dense_to_dual_8(dense_y); // 10000001 (129) + Dual a = and_8(x, y); // 10000000 + Dual b = or_8(x, y); // 10001001 + Dual c = xor_8(x, y, z); // 00001001 + Dual d = maj_8(x, y, c); // 10001001 + Dual s = normalize_sum_8(d.d + c.d + b.d + a.d); // 10011011 (128+27=155) + return s.d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok.pin b/examples/ZoKratesCurly/pf/mem/sparse.zok.pin new file mode 100644 index 000000000..84fa2845e --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (dense_x #f136) + (dense_y #f129) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok.vin b/examples/ZoKratesCurly/pf/mem/sparse.zok.vin new file mode 100644 index 000000000..7bbcf3494 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f155) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse4.zok b/examples/ZoKratesCurly/pf/mem/sparse4.zok new file mode 100644 index 000000000..60a0c0918 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse4.zok @@ -0,0 +1,128 @@ +// Examples of different SHA-esque operations being performed using sparse form +// and lookup arguments + +// python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const transcript field[{2**b}] D_TO_S_{b} = [', ', '.join(str(dtos(i)) for i in range(2**b)), ']', sep='')" +const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85]; + +const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21]; + +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7]; + +// python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const field S_ONES_{b} = {dtos(2**b-1)}');print(f'const field D_ONES_{b} = {2**b-1}')" +const field S_ONES_4 = 85; +const field D_ONES_4 = 15; + +from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits; + +// split a number into (unchecked) high and low bits +def unsafe_split(field x) -> field[2] { + bool bits[LOW_BITS+HIGH_BITS] = unpack(x); + field low = 0; + field high = 0; + for u32 i in 0..LOW_BITS { + low = low + (2 ** i) * (if bits[LOW_BITS+HIGH_BITS-1-i] { 1 } else { 0 }); + } + for u32 i in LOW_BITS..HIGH_BITS { + high = high + (2 ** i) * (if bits[LOW_BITS+HIGH_BITS-1-i] { 1 } else { 0 }); + } + return [low, high]; +} + +// split a 2N-bit number into (unchecked) even and odd bits (in sparse form) +def unsafe_separate_sparse(field x) -> field[2] { + bool bits[2*N] = unpack(x); + field even = 0; + field odd = 0; + for u32 i in 0..N { + even = even + (4 ** i) * (if bits[2*N-1-(2*i)] { 1 } else { 0 }); + odd = odd + (4 ** i) * (if bits[2*N-1-(2*i+1)] { 1 } else { 0 }); + } + return [even, odd]; +} + +struct Dual { + field s; + field d; +} + +// convert a dense 8-bit value to dual form; ensures the value fits in 8 bits. +def dense_to_dual_4(field x) -> Dual { + field s = D_TO_S_4[x]; + return Dual {s: s, d: x}; +} + +// get the even bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_even_dual_4(field x) -> Dual { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field even = split[0]; + field odd = split[1]; + assert(x == 2*odd + even); + field even_d = reverse_lookup(D_TO_S_4, even); + assert(value_in_array(odd, D_TO_S_4)); + return Dual {s: even, d: even_d}; +} + +// get the odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_odd_dual_4(field x) -> Dual { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field odd = split[1]; + field even = x - 2*odd; + field odd_d = reverse_lookup(D_TO_S_4, odd); + assert(value_in_array(even, D_TO_S_4)); + return Dual {s: odd, d: odd_d}; +} + +// get the even and odd bits of a 16-bit value in dual form; split_both_dual_4 ensures the value fits in 16 bits. +def split_both_dual_4(field x) -> Dual[2] { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field even = split[0]; + field odd = split[1]; + field odd_d = reverse_lookup(D_TO_S_4, odd); + field even_d = reverse_lookup(D_TO_S_4, even); + return [Dual {s: even, d: even_d}, Dual {s: odd, d: odd_d}]; +} + +// expected cost: 3 observed: 5 +def and_4(Dual x, Dual y) -> Dual { + return split_odd_dual_4(x.s + y.s); +} + +def maj_4(Dual x, Dual y, Dual z) -> Dual { + return split_odd_dual_4(x.s + y.s + z.s); +} + +def xor_4(Dual x, Dual y, Dual z) -> Dual { + return split_even_dual_4(x.s + y.s + z.s); +} + +def not_4(Dual x) -> Dual { + return Dual {s: S_ONES_4 - x.s, d: D_ONES_4 - x.d}; +} + +def or_4(Dual x, Dual y) -> Dual { + return not_4(and_4(not_4(x), not_4(y))); +} + +// split s into 8 low bits and 3 high bits, and return the low bits in dual form. +def normalize_sum_4(field s) -> Dual { + unsafe field[2] split = unsafe_split::<8, 3>(s); + field low = split[0]; + field high = split[1]; + assert(value_in_array(high, D_3)); + return dense_to_dual_4(low); +} + +// table costs: +// 16 + 16 + 8 = 40 +// do a bitwise AND. +def main(private field dense_x, private field dense_y) -> field { + Dual z = dense_to_dual_4(0); + Dual x = dense_to_dual_4(dense_x); // 10001000 (136) + Dual y = dense_to_dual_4(dense_y); // 10000001 (129) + Dual a = and_4(x, y); // 10000000 + Dual b = or_4(x, y); // 10001001 + Dual c = xor_4(x, y, z); // 00001001 + Dual d = maj_4(x, y, c); // 10001001 + Dual s = normalize_sum_4(d.d + c.d + b.d + a.d); // 10011011 (128+27=155) + return s.d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok b/examples/ZoKratesCurly/pf/mem/tiny.zok new file mode 100644 index 000000000..069dbf982 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok @@ -0,0 +1,5 @@ +def main(committed field[4] array, private field x) -> field { + field y = array[x]; + cond_store(array, x, 0, true); + return y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin new file mode 100644 index 000000000..08fb03c30 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f0 #f6 #f7 #f8))) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init new file mode 100644 index 000000000..f64ca2d9b --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f5 #f6 #f7 #f8))) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.pin b/examples/ZoKratesCurly/pf/mem/tiny.zok.pin new file mode 100644 index 000000000..db235b469 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f5 #f6 #f7 #f8))) + (x #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.vin b/examples/ZoKratesCurly/pf/mem/tiny.zok.vin new file mode 100644 index 000000000..d99a2a4b2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f5) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok new file mode 100644 index 000000000..272f6b823 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok @@ -0,0 +1,12 @@ +const u32 LEN = 4; +const u32 ACCESSES = 2; + +const transcript field[LEN] array = [0, ...[100; LEN-1]]; + +def main(private field[ACCESSES] y) -> field { + field result = 0; + for u32 i in 0..ACCESSES { + assert(array[y[i]] == 0); + } + return result; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin new file mode 100644 index 000000000..a610f4f51 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y.0 #f0) + (y.1 #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin new file mode 100644 index 000000000..b98ac1cff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok b/examples/ZoKratesCurly/pf/mem/volatile.zok new file mode 100644 index 000000000..4d391d8a8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok @@ -0,0 +1,7 @@ +def main(private field x, private field y, private bool b) -> field { + field[LEN] mut array = [0; LEN]; + for field i in 0..ACC { + cond_store(array, x + i, 1, b); + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok.pin b/examples/ZoKratesCurly/pf/mem/volatile.zok.pin new file mode 100644 index 000000000..70077f9e6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f0) + (y #f9) + (b true) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok.vin b/examples/ZoKratesCurly/pf/mem/volatile.zok.vin new file mode 100644 index 000000000..b7322ee66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok new file mode 100644 index 000000000..7f7bd8556 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok @@ -0,0 +1,15 @@ +const u32 LEN = 8196; +const field ACCESSES = 30; + +struct Pt { + field x; + field y; +} + +def main(private field x, private field y, private bool b) -> field { + Pt[LEN] mut array = [Pt {x: 0, y: 0}; LEN]; + for field i in 0..ACCESSES { + array[x + i] = if b { Pt {x: 1, y: i} } else { array[x + i] }; + } + return array[y].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin new file mode 100644 index 000000000..70077f9e6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f0) + (y #f9) + (b true) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin new file mode 100644 index 000000000..96cfe953f --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mm.zok b/examples/ZoKratesCurly/pf/mm.zok new file mode 100644 index 000000000..e4df391b1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok @@ -0,0 +1,11 @@ +def main(private field[2][2] A, private field[2][2] B) -> field[2][2] { + field[2][2] AB = [[0; 2]; 2]; + for field i in 0..2 { + for field j in 0..2 { + for field k in 0..2 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm.zok.pin b/examples/ZoKratesCurly/pf/mm.zok.pin new file mode 100644 index 000000000..bba3a6100 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok.pin @@ -0,0 +1,13 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( +(A.0.0 #f1) +(A.0.1 #f0) +(A.1.0 #f0) +(A.1.1 #f1) +(B.0.0 #f1) +(B.0.1 #f0) +(B.1.0 #f0) +(B.1.1 #f1) + +) true; ignored +)) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm.zok.vin b/examples/ZoKratesCurly/pf/mm.zok.vin new file mode 100644 index 000000000..362bb5ebb --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( +(return.0.0 #f1) +(return.0.1 #f0) +(return.1.0 #f0) +(return.1.1 #f1) +) true; ignored +)) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm3.zok b/examples/ZoKratesCurly/pf/mm3.zok new file mode 100644 index 000000000..376b71db2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm3.zok @@ -0,0 +1,11 @@ +def main(private field[3][3] A, private field[3][3] B) -> field[3][3] { + field[3][3] AB = [[0; 3]; 3]; + for field i in 0..3 { + for field j in 0..3 { + for field k in 0..3 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm4.zok b/examples/ZoKratesCurly/pf/mm4.zok new file mode 100644 index 000000000..4567d934f --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm4.zok @@ -0,0 +1,11 @@ +def main(private field[4][4] A, private field[4][4] B) -> field[4][4] { + field[4][4] AB = [[0; 4]; 4]; + for field i in 0..4 { + for field j in 0..4 { + for field k in 0..4 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm4_cond.zok b/examples/ZoKratesCurly/pf/mm4_cond.zok new file mode 100644 index 000000000..1e2ce743a --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm4_cond.zok @@ -0,0 +1,19 @@ +def matmult(field[16] a, field[16] b) -> field[16] { + field[16] c = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for field i in 0..4 { + for field j in 0..4 { + field s = 0; + for field k in 0..4 { + s = s + a[i * 4 + k] * b[k * 4 + j]; + } + c[i * 4 + j] = s; + } + } + return c; +} + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool { + field[16] s = [1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1]; + s = if doc == 0 { matmult(s, a) } else { matmult(s, b) }; + return if s[init * 4 + final] == 1 { true } else { false }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm5.zok b/examples/ZoKratesCurly/pf/mm5.zok new file mode 100644 index 000000000..1abb8135b --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm5.zok @@ -0,0 +1,11 @@ +def main(private field[5][5] A, private field[5][5] B) -> field[5][5] { + field[5][5] AB = [[0; 5]; 5]; + for field i in 0..5 { + for field j in 0..5 { + for field k in 0..5 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mul.zok b/examples/ZoKratesCurly/pf/mul.zok new file mode 100644 index 000000000..e39f0cd99 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok @@ -0,0 +1,3 @@ +def main(private field x, private field y) -> field { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mul.zok.pin b/examples/ZoKratesCurly/pf/mul.zok.pin new file mode 100644 index 000000000..43bfffae7 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f4) + (y #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/mul.zok.vin b/examples/ZoKratesCurly/pf/mul.zok.vin new file mode 100644 index 000000000..09603da0c --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f20) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/sha_rot.zok b/examples/ZoKratesCurly/pf/sha_rot.zok new file mode 100644 index 000000000..8bd342486 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_rot.zok @@ -0,0 +1,5 @@ +from "hashes/sha256/shaRound" import rotr32; + +def main(u32 x) -> u32 { + return rotr32::<2>(x); +} diff --git a/examples/ZoKratesCurly/pf/sha_rot.zok.pin b/examples/ZoKratesCurly/pf/sha_rot.zok.pin new file mode 100644 index 000000000..bd7d2c681 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_rot.zok.pin @@ -0,0 +1,6 @@ +(let ( + (x #xFDE77DBB) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/sha_temp1.zok b/examples/ZoKratesCurly/pf/sha_temp1.zok new file mode 100644 index 000000000..1a4d6714c --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp1.zok @@ -0,0 +1,5 @@ +from "hashes/sha256/shaRound" import temp1; + +def main(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32 { + return temp1(e, f, g, h, k, w); +} diff --git a/examples/ZoKratesCurly/pf/sha_temp1.zok.pin b/examples/ZoKratesCurly/pf/sha_temp1.zok.pin new file mode 100644 index 000000000..34f72a163 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp1.zok.pin @@ -0,0 +1,10 @@ +(let ( + (e #xFDE77DBB) + (f #xC902D1E1) + (g #xD0025545) + (h #xFE4A9A6B) + (k #xDA2B4E1D) + (w #xD9D48E49) +) + false +) diff --git a/examples/ZoKratesCurly/pf/sha_temp2.zok b/examples/ZoKratesCurly/pf/sha_temp2.zok new file mode 100644 index 000000000..e579bfb86 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp2.zok @@ -0,0 +1,5 @@ +from "hashes/sha256/shaRound" import temp2; + +def main(u32 a, u32 b, u32 c) -> u32 { + return temp2(a, b, c); +} diff --git a/examples/ZoKratesCurly/pf/sha_temp2.zok.pin b/examples/ZoKratesCurly/pf/sha_temp2.zok.pin new file mode 100644 index 000000000..bf97eb89f --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp2.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #xFDE77DBB) + (b #xC902D1E1) + (c #xD0025545) +) + false +) diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok b/examples/ZoKratesCurly/pf/str_arr_str.zok new file mode 100644 index 000000000..970649327 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok @@ -0,0 +1,14 @@ +struct Pt { + field x; + field y; +} + +struct Pts { + Pt[2] pts; +} + +def main(field y) -> field { + Pt p = Pt {x: 2, y: y}; + Pts pts = Pts {pts: [p, p]}; + return pts.pts[0].y + pts.pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/str_arr_str.zok.pin new file mode 100644 index 000000000..2d92238fb --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/str_arr_str.zok.vin new file mode 100644 index 000000000..ae7e4e820 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) + (return #f8) +) true ;ignored +) +) + + diff --git a/examples/ZoKratesCurly/pf/str_str.zok b/examples/ZoKratesCurly/pf/str_str.zok new file mode 100644 index 000000000..992f0e57c --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok @@ -0,0 +1,13 @@ +struct Pt { + field x; + field y; +} + +struct PtWr { + Pt p; +} + +def main(field x, field y) -> field { + PtWr p = PtWr { p: Pt { x: x, y: y } }; + return p.p.x * p.p.y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/str_str.zok.pin b/examples/ZoKratesCurly/pf/str_str.zok.pin new file mode 100644 index 000000000..804eff821 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f5) + (y #f6) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/str_str.zok.vin b/examples/ZoKratesCurly/pf/str_str.zok.vin new file mode 100644 index 000000000..f2271363a --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f5) + (y #f6) + (return #f30) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/test_sha256.zok b/examples/ZoKratesCurly/pf/test_sha256.zok new file mode 100644 index 000000000..d5394d611 --- /dev/null +++ b/examples/ZoKratesCurly/pf/test_sha256.zok @@ -0,0 +1,4 @@ +def main(private u32[1][16] padded_message) -> u32[8] { + u32[8] hash = sha256(padded_message); + return hash; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/test_sha256.zok.pin b/examples/ZoKratesCurly/pf/test_sha256.zok.pin new file mode 100644 index 000000000..5aa627b45 --- /dev/null +++ b/examples/ZoKratesCurly/pf/test_sha256.zok.pin @@ -0,0 +1,40 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + +(padded_message.0.0 #x01020304) + +(padded_message.0.1 #x80000000) + +(padded_message.0.2 #x00000000) + +(padded_message.0.3 #x00000000) + +(padded_message.0.4 #x00000000) + +(padded_message.0.5 #x00000000) + +(padded_message.0.6 #x00000000) + +(padded_message.0.7 #x00000000) + +(padded_message.0.8 #x00000000) + +(padded_message.0.9 #x00000000) + +(padded_message.0.10 #x00000000) + +(padded_message.0.11 #x00000000) + +(padded_message.0.12 #x00000000) + +(padded_message.0.13 #x00000000) + +(padded_message.0.14 #x00000000) + +(padded_message.0.15 #x00000020) + + +) true; ignored + +)) diff --git a/examples/ZoKratesCurly/pf/tuple.zok b/examples/ZoKratesCurly/pf/tuple.zok new file mode 100644 index 000000000..ce9e7958e --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok @@ -0,0 +1,5 @@ +def main(private field[2] arr, private bool b) -> (field[2], bool) { + (field[2], bool) mut v = (arr, b); + v.0[0] = v.0[0] * 2; + return v; +} diff --git a/examples/ZoKratesCurly/pf/tuple.zok.pin b/examples/ZoKratesCurly/pf/tuple.zok.pin new file mode 100644 index 000000000..a30d9cf1c --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (arr.0 #f3) + (arr.1 #f4) + (b true) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/tuple.zok.vin b/examples/ZoKratesCurly/pf/tuple.zok.vin new file mode 100644 index 000000000..b07183531 --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return.0.0 #f6) + (return.0.1 #f4) + (return.1 true) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/unused_var.zok b/examples/ZoKratesCurly/pf/unused_var.zok new file mode 100644 index 000000000..45bc4419f --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok @@ -0,0 +1,3 @@ +def main(u64 x0, u64 x1, u64 x2) -> u64 { + return x0 * x1; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/unused_var.zok.pin b/examples/ZoKratesCurly/pf/unused_var.zok.pin new file mode 100644 index 000000000..424549842 --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok.pin @@ -0,0 +1,7 @@ +(let ( + (x0 #x0000000000000004) + (x1 #x0000000000000004) + (x2 #x0000000000000000) +) + false +) diff --git a/examples/ZoKratesCurly/pf/unused_var.zok.vin b/examples/ZoKratesCurly/pf/unused_var.zok.vin new file mode 100644 index 000000000..a30320f72 --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok.vin @@ -0,0 +1,9 @@ +(let ( + (x0 #x0000000000000004) + (x1 #x0000000000000004) + (x2 #x0000000000000000) + (return #x0000000000000010) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok new file mode 100644 index 000000000..995a17b9f --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok @@ -0,0 +1,13 @@ +struct Pt { + field x; + field y; +} +struct Pts { + Pt[2] pts; +} + +def main(private field y, private field i, private field j, private field k) -> field { + Pt p = Pt {x: y, y: y}; + Pts[1] pts = [Pts {pts: [p, p]}]; + return pts[i].pts[j].y * pts[i].pts[j].x; +} diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin new file mode 100644 index 000000000..05d916525 --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) + (i #f0) + (j #f0) + (k #f1) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin new file mode 100644 index 000000000..c18bbe4a5 --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f36) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/xor.zok b/examples/ZoKratesCurly/pf/xor.zok new file mode 100644 index 000000000..b29d76dd8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok @@ -0,0 +1,3 @@ +def main(private u16 a, public u16 b, private u16 c, public u16 d) -> u16 { + return a ^ b ^ c ^ d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/xor.zok.pin b/examples/ZoKratesCurly/pf/xor.zok.pin new file mode 100644 index 000000000..10bad7564 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #x0001) + (b #x0004) + (c #x0001) + (d #x0000) +) false ; ignored +) diff --git a/examples/ZoKratesCurly/pf/xor.zok.vin b/examples/ZoKratesCurly/pf/xor.zok.vin new file mode 100644 index 000000000..5c0386a66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok.vin @@ -0,0 +1,6 @@ +(let ( + (b #x0004) + (d #x0000) + (return #x0004) +) false ; ignored +) \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok new file mode 100644 index 000000000..44382a04c --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok @@ -0,0 +1,14 @@ +struct Pt { + field x; + field y; +} +struct Pts { + Pt[2] pts; +} + +def main(private field y) -> field { + Pt p1 = Pt {x: 2, y: y}; + Pt p2 = Pt {x: y, y: 2}; + Pts[1] pts = [Pts {pts: [p1, p2]}]; + return pts[0].pts[0].y * pts[0].pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin new file mode 100644 index 000000000..be8ee1e44 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin new file mode 100644 index 000000000..04b1245be --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f16) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/assert.zok b/examples/ZoKratesCurly/spartan/assert.zok new file mode 100644 index 000000000..c71904225 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok @@ -0,0 +1,4 @@ +def main(private field A, private field B) -> field { + assert(A != B); + return A * B; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/assert.zok.pin b/examples/ZoKratesCurly/spartan/assert.zok.pin new file mode 100644 index 000000000..8e30446f1 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (A #f4) + (B #f5) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/assert.zok.vin b/examples/ZoKratesCurly/spartan/assert.zok.vin new file mode 100644 index 000000000..934d51d7f --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f20) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok b/examples/ZoKratesCurly/spartan/isolate_assert.zok new file mode 100644 index 000000000..e5140996b --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok @@ -0,0 +1,8 @@ +def mult(field x, field y) -> field { + assert(x != y); + return x * y; +} + +def main(private field x, private field y) -> field { + return if x == y { x * x } else { mult(x, y) }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin b/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin new file mode 100644 index 000000000..5562fa805 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f4) + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin b/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin new file mode 100644 index 000000000..fefec411d --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f16) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/mm.zok b/examples/ZoKratesCurly/spartan/mm.zok new file mode 100644 index 000000000..e4df391b1 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok @@ -0,0 +1,11 @@ +def main(private field[2][2] A, private field[2][2] B) -> field[2][2] { + field[2][2] AB = [[0; 2]; 2]; + for field i in 0..2 { + for field j in 0..2 { + for field k in 0..2 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mm.zok.pin b/examples/ZoKratesCurly/spartan/mm.zok.pin new file mode 100644 index 000000000..6f61cf63e --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok.pin @@ -0,0 +1,13 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( +(A.0.0 #f1) +(A.0.1 #f0) +(A.1.0 #f0) +(A.1.1 #f1) +(B.0.0 #f1) +(B.0.1 #f0) +(B.1.0 #f0) +(B.1.1 #f1) + +) true; ignored +)) diff --git a/examples/ZoKratesCurly/spartan/mm.zok.vin b/examples/ZoKratesCurly/spartan/mm.zok.vin new file mode 100644 index 000000000..bcfcc5332 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( +(return.0.0 #f1) +(return.0.1 #f0) +(return.1.0 #f0) +(return.1.1 #f1) +) true; ignored +)) diff --git a/examples/ZoKratesCurly/spartan/mm4_cond.zok b/examples/ZoKratesCurly/spartan/mm4_cond.zok new file mode 100644 index 000000000..118456d99 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm4_cond.zok @@ -0,0 +1,19 @@ +def matmult(field[16] a, field[16] b) -> field[16] { + field[16] c = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for field i in 0..4 { + for field j in 0..4 { + field s = 0; + for field k in 0..4 { + s = s + a[i * 4 + k] * b[k * 4 + j]; + } + c[i * 4 + j] = s; + } + } + return c; +} + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool { + field[16] s = [1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1]; + s = if (doc == 0) { matmult(s, a) } else { matmult(s, b) }; + return if s[init * 4 + final] == 1 { true } else { false }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mul.zok b/examples/ZoKratesCurly/spartan/mul.zok new file mode 100644 index 000000000..e39f0cd99 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok @@ -0,0 +1,3 @@ +def main(private field x, private field y) -> field { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mul.zok.pin b/examples/ZoKratesCurly/spartan/mul.zok.pin new file mode 100644 index 000000000..45d536bdd --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f4) + (y #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/mul.zok.vin b/examples/ZoKratesCurly/spartan/mul.zok.vin new file mode 100644 index 000000000..efae4c109 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f20) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok b/examples/ZoKratesCurly/spartan/str_arr_str.zok new file mode 100644 index 000000000..e63057790 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok @@ -0,0 +1,5 @@ +def main(field y) -> field { + Pt p = Pt { x: 2, y: y }; + Pts pts = Pts { pts: [p, p] }; + return pts.pts[0].y + pts.pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin new file mode 100644 index 000000000..6c23fa925 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin new file mode 100644 index 000000000..bd3960c15 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) + (return #f8) +) true ;ignored +) +) + + diff --git a/examples/ZoKratesCurly/spartan/str_str.zok b/examples/ZoKratesCurly/spartan/str_str.zok new file mode 100644 index 000000000..6a94fe341 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok @@ -0,0 +1,11 @@ +def main(field x, field y) -> field { + struct Pt { + field x; + field y; + } + struct PtWr { + Pt p; + } + PtWr p = PtWr { p: Pt { x: x, y: y } }; + return p.p.x * p.p.y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/str_str.zok.pin b/examples/ZoKratesCurly/spartan/str_str.zok.pin new file mode 100644 index 000000000..408de6dfc --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f5) + (y #f6) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/str_str.zok.vin b/examples/ZoKratesCurly/spartan/str_str.zok.vin new file mode 100644 index 000000000..3550f86ec --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f5) + (y #f6) + (return #f30) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok new file mode 100644 index 000000000..48446e8f7 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok @@ -0,0 +1,5 @@ +def main(private field y, private field i, private field j, private field k) -> field { + Pt p = Pt {x: y, y: y}; + Pts[1] pts = [Pts { pts: [p, p] }]; + return pts[i].pts[j].y * pts[i].pts[j].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin new file mode 100644 index 000000000..b4a77a7f3 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) + (i #f0) + (j #f0) + (k #f1) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin new file mode 100644 index 000000000..cb2a3819d --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f36) +) true ;ignored +) +) + diff --git a/examples/circ.rs b/examples/circ.rs index 3d57037b0..27a9dcb0c 100644 --- a/examples/circ.rs +++ b/examples/circ.rs @@ -22,6 +22,8 @@ use circ::front::c::{self, C}; use circ::front::datalog::{self, Datalog}; #[cfg(all(feature = "smt", feature = "zok"))] use circ::front::zsharp::{self, ZSharpFE}; +#[cfg(all(feature = "smt", feature = "zokc"))] +use circ::front::zsharpcurly::{self, ZSharpCurlyFE}; use circ::front::{FrontEnd, Mode}; use circ::ir::term::{Node, Op, BV_LSHR, BV_SHL}; use circ::ir::{ @@ -118,6 +120,7 @@ enum Backend { #[derive(PartialEq, Eq, Debug, Clone, ValueEnum)] enum Language { Zsharp, + ZsharpCurly, Datalog, C, CircIr, @@ -127,6 +130,7 @@ enum Language { #[derive(PartialEq, Eq, Debug)] pub enum DeterminedLanguage { Zsharp, + ZsharpCurly, Datalog, CircIr, C, @@ -156,10 +160,12 @@ fn determine_language(l: &Language, input_path: &Path) -> DeterminedLanguage { match *l { Language::Datalog => DeterminedLanguage::Datalog, Language::Zsharp => DeterminedLanguage::Zsharp, + Language::ZsharpCurly => DeterminedLanguage::ZsharpCurly, Language::CircIr => DeterminedLanguage::CircIr, Language::C => DeterminedLanguage::C, Language::Auto => { let p = input_path.to_str().unwrap(); + // xxx(unimpl) check if the are semicolons to switch to ZsharpCurly if p.ends_with(".zok") { DeterminedLanguage::Zsharp } else if p.ends_with(".pl") { @@ -205,11 +211,23 @@ fn main() { }; ZSharpFE::gen(inputs) } + #[cfg(all(feature = "smt", feature = "zokc"))] + DeterminedLanguage::ZsharpCurly => { + let inputs = zsharpcurly::Inputs { + file: options.path, + mode, + }; + ZSharpCurlyFE::gen(inputs) + } DeterminedLanguage::CircIr => parse_computations(&std::fs::read(&options.path).unwrap()), #[cfg(not(all(feature = "smt", feature = "zok")))] DeterminedLanguage::Zsharp => { panic!("Missing feature: smt,zok"); } + #[cfg(not(all(feature = "smt", feature = "zokc")))] + DeterminedLanguage::ZsharpCurly => { + panic!("Missing feature: smt,zokc"); + } #[cfg(all(feature = "smt", feature = "datalog"))] DeterminedLanguage::Datalog => { let inputs = datalog::Inputs { file: options.path }; @@ -401,6 +419,7 @@ fn main() { let lang_str = match language { DeterminedLanguage::C => "c".to_string(), DeterminedLanguage::Zsharp => "zok".to_string(), + DeterminedLanguage::ZsharpCurly => "zok".to_string(), _ => panic!("Language isn't supported by MPC backend: {:#?}", language), }; println!("Cost model: {cost_model}"); diff --git a/examples/zcxi.rs b/examples/zcxi.rs new file mode 100644 index 000000000..7d34a1901 --- /dev/null +++ b/examples/zcxi.rs @@ -0,0 +1,47 @@ +use circ::front::zsharpcurly::{Inputs, ZSharpCurlyFE}; +use circ::ir::term::text::parse_value_map; + +use circ::cfg::{ + clap::{self, Parser}, + CircOpt, +}; +use circ::front::Mode; +use std::path::PathBuf; + +#[derive(Debug, Parser)] +#[command(name = "zcxi", about = "The Z# curly interpreter")] +struct Options { + /// Input file + #[arg()] + zsharp_path: PathBuf, + + /// Scalar input values + #[arg()] + inputs_path: Option, + + #[command(flatten)] + /// CirC options + circ: CircOpt, +} + +fn main() { + env_logger::Builder::from_default_env() + .format_level(false) + .format_timestamp(None) + .init(); + let mut options = Options::parse(); + options.circ.ir.field_to_bv = circ_opt::FieldToBv::Panic; + circ::cfg::set(&options.circ); + let inputs = Inputs { + file: options.zsharp_path, + mode: Mode::Proof, + }; + let scalar_input_values = match options.inputs_path.as_ref() { + Some(p) => parse_value_map(&std::fs::read(p).unwrap()), + None => Default::default(), + }; + let cs = ZSharpCurlyFE::interpret(inputs, scalar_input_values); + cs.pretty(&mut std::io::stdout().lock()) + .expect("error pretty-printing value"); + println!(); +} diff --git a/scripts/zcx_tests/array_eq.zx b/scripts/zcx_tests/array_eq.zx new file mode 100644 index 000000000..ad15d47e1 --- /dev/null +++ b/scripts/zcx_tests/array_eq.zx @@ -0,0 +1,5 @@ +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 4u32]; + bool b = [4u32; 4u32] != [5u32; 4u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_eq.zxf b/scripts/zcx_tests/array_eq.zxf new file mode 100644 index 000000000..026164863 --- /dev/null +++ b/scripts/zcx_tests/array_eq.zxf @@ -0,0 +1,5 @@ +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 5u32]; + bool b = [4u32; 4u32] != [5u32; 4u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_eq_2.zxf b/scripts/zcx_tests/array_eq_2.zxf new file mode 100644 index 000000000..9118aa216 --- /dev/null +++ b/scripts/zcx_tests/array_eq_2.zxf @@ -0,0 +1,5 @@ +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 4u32]; + bool b = [4u32; 4u32] != [5u32; 5u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_oob_read.zxf b/scripts/zcx_tests/array_oob_read.zxf new file mode 100644 index 000000000..2a3b2df93 --- /dev/null +++ b/scripts/zcx_tests/array_oob_read.zxf @@ -0,0 +1,4 @@ +def main() -> u32 { + u32[3] a = [1, 2, 3]; + return a[3]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_oob_write.zxf b/scripts/zcx_tests/array_oob_write.zxf new file mode 100644 index 000000000..6f9afb7b5 --- /dev/null +++ b/scripts/zcx_tests/array_oob_write.zxf @@ -0,0 +1,5 @@ +def main() -> u32 { + u32[3] a = [1, 2, 3]; + a[3] = 4; + return a[0]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_read_write.zx b/scripts/zcx_tests/array_read_write.zx new file mode 100644 index 000000000..cc6112731 --- /dev/null +++ b/scripts/zcx_tests/array_read_write.zx @@ -0,0 +1,6 @@ +def main() -> u32 { + u32[4] a = [1, 2, 3, 4]; + a[2] = 5; + assert(a[2] == 5); + return a[2]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/bit_order.zx b/scripts/zcx_tests/bit_order.zx new file mode 100644 index 000000000..43c8be7de --- /dev/null +++ b/scripts/zcx_tests/bit_order.zx @@ -0,0 +1,104 @@ +import "utils/casts/u8_to_bits"; +import "utils/casts/u8_from_bits"; +import "utils/casts/u8_to_field"; +import "utils/casts/field_to_u8"; + +import "utils/casts/u16_to_bits"; +import "utils/casts/u16_from_bits"; +import "utils/casts/u16_to_field"; +import "utils/casts/field_to_u16"; + +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; +import "utils/casts/u32_to_field"; +import "utils/casts/field_to_u32"; + +import "utils/casts/u64_to_bits"; +import "utils/casts/u64_from_bits"; +import "utils/casts/u64_to_field"; +import "utils/casts/field_to_u64"; + +import "utils/pack/bool/unpack"; +import "utils/pack/bool/pack"; + +def main() -> bool { + // check for msb0 bit order + u8 i1 = 128; + bool[8] o1 = u8_to_bits(i1); + assert(o1[0]); + assert(!o1[7]); + + u16 i2 = 32768; + bool[16] o2 = u16_to_bits(i2); + assert(o2[0]); + assert(!o2[15]); + + u32 i3 = 2147483648; + bool[32] o3 = u32_to_bits(i3); + assert(o3[0]); + assert(!o3[31]); + + u64 i4 = 9223372036854775808; + bool[64] o4 = u64_to_bits(i4); + assert(o4[0]); + assert(!o4[63]); + + // u8 -> field -> bits -> u8 + u8 t1_0 = 42; + field t1_1 = u8_to_field(t1_0); + bool[8] t1_2 = unpack(t1_1); + u8 t1_3 = u8_from_bits(t1_2); + assert(t1_0 == t1_3); + + // XXX(TODO) pack builtin + // u8 -> bits -> field -> u8 + u8 t2_0 = 77; + bool[8] t2_1 = u8_to_bits(t2_0); + field t2_2 = pack(t2_1); + u8 t2_3 = field_to_u8(t2_2); + assert(t2_0 == t2_3); + + // u16 -> field -> bits -> u16 + u16 t3_0 = 46971; + field t3_1 = u16_to_field(t3_0); + bool[16] t3_2 = unpack(t3_1); + u16 t3_3 = u16_from_bits(t3_2); + assert(t3_0 == t3_3); + + // u16 -> bits -> field -> u16 + u16 t4_0 = 63336; + bool[16] t4_1 = u16_to_bits(t4_0); + field t4_2 = pack(t4_1); + u16 t4_3 = field_to_u16(t4_2); + assert(t4_0 == t4_3); + + // u32 -> field -> bits -> u32 + u32 t5_0 = 2652390681; + field t5_1 = u32_to_field(t5_0); + bool[32] t5_2 = unpack(t5_1); + u32 t5_3 = u32_from_bits(t5_2); + assert(t5_0 == t5_3); + + // u32 -> bits -> field -> u32 + u32 t6_0 = 1173684415; + bool[32] t6_1 = u32_to_bits(t6_0); + field t6_2 = pack(t6_1); + u32 t6_3 = field_to_u32(t6_2); + assert(t6_0 == t6_3); + + // u64 -> field -> bits -> u64 + u64 t7_0 = 18312416462297086083; + field t7_1 = u64_to_field(t7_0); + bool[64] t7_2 = unpack(t7_1); + u64 t7_3 = u64_from_bits(t7_2); + assert(t7_0 == t7_3); + + // u64 -> bits -> field -> u64 + u64 t8_0 = 4047977501435466453; + bool[64] t8_1 = u64_to_bits(t8_0); + field t8_2 = pack(t8_1); + u64 t8_3 = field_to_u64(t8_2); + assert(t8_0 == t8_3); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/bool_to_bv.zx b/scripts/zcx_tests/bool_to_bv.zx new file mode 100644 index 000000000..9ca159e10 --- /dev/null +++ b/scripts/zcx_tests/bool_to_bv.zx @@ -0,0 +1,53 @@ +import "utils/casts/bool_array_to_u32_array"; + +def main() -> u32 { + bool[2] ones = [true, true]; + bool[6] zeros = [false, false, false, false, false, false]; + + bool[8] byte0 = [...ones, ...zeros]; // 0xc0 + bool[8] byte1 = [...zeros, ...ones]; // 0x03 + + bool[16] word0 = [...byte0, ...byte0]; // 0xc0c0 + bool[16] word1 = [...byte0, ...byte1]; // 0xc003 + bool[16] word2 = [...byte1, ...byte0]; // 0x03c0 + bool[16] word3 = [...byte1, ...byte1]; // 0x0303 + + bool[32] dwrd0 = [...word0, ...word0]; + bool[32] dwrd1 = [...word0, ...word1]; + bool[32] dwrd2 = [...word0, ...word2]; + bool[32] dwrd3 = [...word0, ...word3]; + bool[32] dwrd4 = [...word1, ...word0]; + bool[32] dwrd5 = [...word1, ...word1]; + bool[32] dwrd6 = [...word1, ...word2]; + bool[32] dwrd7 = [...word1, ...word3]; + bool[32] dwrd8 = [...word2, ...word0]; + bool[32] dwrd9 = [...word2, ...word1]; + bool[32] dwrdA = [...word2, ...word2]; + bool[32] dwrdB = [...word2, ...word3]; + bool[32] dwrdC = [...word3, ...word0]; + bool[32] dwrdD = [...word3, ...word1]; + bool[32] dwrdE = [...word3, ...word2]; + bool[32] dwrdF = [...word3, ...word3]; + + bool[16 * 32] foo = [...dwrd0, ...dwrd1, ...dwrd2, ...dwrd3, ...dwrd4, ...dwrd5, ...dwrd6, ...dwrd7, ...dwrd8, ...dwrd9, ...dwrdA, ...dwrdB, ...dwrdC, ...dwrdD, ...dwrdE, ...dwrdF]; + u32[16] a = bool_array_to_u32_array(foo); + + assert(a[0] == 0xc0c0c0c0); + assert(a[1] == 0xc0c0c003); + assert(a[2] == 0xc0c003c0); + assert(a[3] == 0xc0c00303); + assert(a[4] == 0xc003c0c0); + assert(a[5] == 0xc003c003); + assert(a[6] == 0xc00303c0); + assert(a[7] == 0xc0030303); + assert(a[8] == 0x03c0c0c0); + assert(a[9] == 0x03c0c003); + assert(a[10] == 0x03c003c0); + assert(a[11] == 0x03c00303); + assert(a[12] == 0x0303c0c0); + assert(a[13] == 0x0303c003); + assert(a[14] == 0x030303c0); + assert(a[15] == 0x03030303); + + return a[0]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_field.zx b/scripts/zcx_tests/casts_to_field.zx new file mode 100644 index 000000000..282dc635a --- /dev/null +++ b/scripts/zcx_tests/casts_to_field.zx @@ -0,0 +1,72 @@ +import "utils/casts/u8_to_field"; +import "utils/casts/u16_to_field"; +import "utils/casts/u32_to_field"; +import "utils/casts/u64_to_field"; + +def main() -> bool { + u8 u8_1 = 170; + field f8_1 = u8_to_field(u8_1); + assert(f8_1 == 170); + + u8 u8_2 = 193; + field f8_2 = u8_to_field(u8_2); + assert(f8_2 == 193); + + u8 u8_3 = 131; + field f8_3 = u8_to_field(u8_3); + assert(f8_3 == 131); + + u8 u8_4 = 85; + field f8_4 = u8_to_field(u8_4); + assert(f8_4 == 85); + + u16 u16_1 = 49470; + field f16_1 = u16_to_field(u16_1); + assert(f16_1 == 49470); + + u16 u16_2 = 33621; + field f16_2 = u16_to_field(u16_2); + assert(f16_2 == 33621); + + u16 u16_3 = 43724; + field f16_3 = u16_to_field(u16_3); + assert(f16_3 == 43724); + + u16 u16_4 = 58601; + field f16_4 = u16_to_field(u16_4); + assert(f16_4 == 58601); + + u32 u32_1 = 2495768655; + field f32_1 = u32_to_field(u32_1); + assert(f32_1 == 2495768655); + + u32 u32_2 = 1964762788; + field f32_2 = u32_to_field(u32_2); + assert(f32_2 == 1964762788); + + u32 u32_3 = 4069444903; + field f32_3 = u32_to_field(u32_3); + assert(f32_3 == 4069444903); + + u32 u32_4 = 23477624; + field f32_4 = u32_to_field(u32_4); + assert(f32_4 == 23477624); + + u64 u64_1 = 4942755304703002651; + field f64_1 = u64_to_field(u64_1); + assert(f64_1 == 4942755304703002651); + + u64 u64_2 = 9575867038914511502; + field f64_2 = u64_to_field(u64_2); + assert(f64_2 == 9575867038914511502); + + u64 u64_3 = 17818881111009702690; + field f64_3 = u64_to_field(u64_3); + assert(f64_3 == 17818881111009702690); + + u64 u64_4 = 10370833667498611482; + field f64_4 = u64_to_field(u64_4); + assert(f64_4 == 10370833667498611482); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u16.zx b/scripts/zcx_tests/casts_to_u16.zx new file mode 100644 index 000000000..75b2ca1b8 --- /dev/null +++ b/scripts/zcx_tests/casts_to_u16.zx @@ -0,0 +1,21 @@ +import "utils/casts/u8_to_u16"; + +def main() -> bool { + u8 u8_1 = 170; + u16 f8_1 = u8_to_u16(u8_1); + assert(f8_1 == 170); + + u8 u8_2 = 193; + u16 f8_2 = u8_to_u16(u8_2); + assert(f8_2 == 193); + + u8 u8_3 = 131; + u16 f8_3 = u8_to_u16(u8_3); + assert(f8_3 == 131); + + u8 u8_4 = 85; + u16 f8_4 = u8_to_u16(u8_4); + assert(f8_4 == 85); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u32.zx b/scripts/zcx_tests/casts_to_u32.zx new file mode 100644 index 000000000..f2a35603d --- /dev/null +++ b/scripts/zcx_tests/casts_to_u32.zx @@ -0,0 +1,38 @@ +import "utils/casts/u8_to_u32"; +import "utils/casts/u16_to_u32"; + +def main() -> bool { + u8 u8_1 = 170; + u32 f8_1 = u8_to_u32(u8_1); + assert(f8_1 == 170); + + u8 u8_2 = 193; + u32 f8_2 = u8_to_u32(u8_2); + assert(f8_2 == 193); + + u8 u8_3 = 131; + u32 f8_3 = u8_to_u32(u8_3); + assert(f8_3 == 131); + + u8 u8_4 = 85; + u32 f8_4 = u8_to_u32(u8_4); + assert(f8_4 == 85); + + u16 u16_1 = 49470; + u32 f16_1 = u16_to_u32(u16_1); + assert(f16_1 == 49470); + + u16 u16_2 = 33621; + u32 f16_2 = u16_to_u32(u16_2); + assert(f16_2 == 33621); + + u16 u16_3 = 43724; + u32 f16_3 = u16_to_u32(u16_3); + assert(f16_3 == 43724); + + u16 u16_4 = 58601; + u32 f16_4 = u16_to_u32(u16_4); + assert(f16_4 == 58601); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u64.zx b/scripts/zcx_tests/casts_to_u64.zx new file mode 100644 index 000000000..7641052b1 --- /dev/null +++ b/scripts/zcx_tests/casts_to_u64.zx @@ -0,0 +1,55 @@ +import "utils/casts/u8_to_u64"; +import "utils/casts/u16_to_u64"; +import "utils/casts/u32_to_u64"; + +def main() -> bool { + u8 u8_1 = 170; + u64 f8_1 = u8_to_u64(u8_1); + assert(f8_1 == 170); + + u8 u8_2 = 193; + u64 f8_2 = u8_to_u64(u8_2); + assert(f8_2 == 193); + + u8 u8_3 = 131; + u64 f8_3 = u8_to_u64(u8_3); + assert(f8_3 == 131); + + u8 u8_4 = 85; + u64 f8_4 = u8_to_u64(u8_4); + assert(f8_4 == 85); + + u16 u16_1 = 49470; + u64 f16_1 = u16_to_u64(u16_1); + assert(f16_1 == 49470); + + u16 u16_2 = 33621; + u64 f16_2 = u16_to_u64(u16_2); + assert(f16_2 == 33621); + + u16 u16_3 = 43724; + u64 f16_3 = u16_to_u64(u16_3); + assert(f16_3 == 43724); + + u16 u16_4 = 58601; + u64 f16_4 = u16_to_u64(u16_4); + assert(f16_4 == 58601); + + u32 u32_1 = 2495768655; + u64 f32_1 = u32_to_u64(u32_1); + assert(f32_1 == 2495768655); + + u32 u32_2 = 1964762788; + u64 f32_2 = u32_to_u64(u32_2); + assert(f32_2 == 1964762788); + + u32 u32_3 = 4069444903; + u64 f32_3 = u32_to_u64(u32_3); + assert(f32_3 == 4069444903); + + u32 u32_4 = 23477624; + u64 f32_4 = u32_to_u64(u32_4); + assert(f32_4 == 23477624); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/double_generic.zx b/scripts/zcx_tests/double_generic.zx new file mode 100644 index 000000000..f9b369273 --- /dev/null +++ b/scripts/zcx_tests/double_generic.zx @@ -0,0 +1,13 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def last(u32[N] a) -> u32 { + return a[N - 1]; +} + +def foo(u32[N] a) -> u32 { + return last([...a, ...a]); +} + +def main() -> u32 { + return foo([1, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/double_generic_const.zx b/scripts/zcx_tests/double_generic_const.zx new file mode 100644 index 000000000..0395f1c12 --- /dev/null +++ b/scripts/zcx_tests/double_generic_const.zx @@ -0,0 +1,13 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def last(u32[N] a) -> u32 { + return a[N - 1]; +} + +def foo(u32[N] a) -> u32 { + return last([...a, ...a]); +} + +def main() -> u32 { + return foo(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_cmp.zx b/scripts/zcx_tests/field_cmp.zx new file mode 100644 index 000000000..a6dbce512 --- /dev/null +++ b/scripts/zcx_tests/field_cmp.zx @@ -0,0 +1,19 @@ +def main() -> bool { + field a = 0; + field b = -1; + field c = 2; + field d = 2; + assert(b > a); + assert(b >= a); + assert(a < b); + assert(a <= b); + assert(c > a); + assert(c >= a); + assert(c < b); + assert(c <= b); + assert(d >= c); + assert(c <= d); + assert(c != b); + assert(c == d); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_mod.zx b/scripts/zcx_tests/field_mod.zx new file mode 100644 index 000000000..523ea0cc1 --- /dev/null +++ b/scripts/zcx_tests/field_mod.zx @@ -0,0 +1,6 @@ +def main() -> bool { + field a = 12824923210; + field b = 18423229; + assert(a % b == 2355826); + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_size.zx b/scripts/zcx_tests/field_size.zx new file mode 100644 index 000000000..91ecb42e3 --- /dev/null +++ b/scripts/zcx_tests/field_size.zx @@ -0,0 +1,5 @@ +from "EMBED" import FIELD_SIZE_IN_BITS; + +def main() -> u32 { + return FIELD_SIZE_IN_BITS; +} \ No newline at end of file diff --git a/scripts/zcx_tests/id.zx b/scripts/zcx_tests/id.zx new file mode 100644 index 000000000..73a3f9c24 --- /dev/null +++ b/scripts/zcx_tests/id.zx @@ -0,0 +1,3 @@ +def main(field x) -> field { + return x; +} \ No newline at end of file diff --git a/scripts/zcx_tests/id.zx.in b/scripts/zcx_tests/id.zx.in new file mode 100644 index 000000000..804f38a82 --- /dev/null +++ b/scripts/zcx_tests/id.zx.in @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/id.zx.out b/scripts/zcx_tests/id.zx.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/id.zx.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/inconsistent_array.zxf b/scripts/zcx_tests/inconsistent_array.zxf new file mode 100644 index 000000000..543cdd659 --- /dev/null +++ b/scripts/zcx_tests/inconsistent_array.zxf @@ -0,0 +1,4 @@ +def main() -> u32 { + u32[3][2] foo = [[1, 2], [3, 4], [5, 6, 7]]; + return foo[0][0]; +} diff --git a/scripts/zcx_tests/inline_array_const.zx b/scripts/zcx_tests/inline_array_const.zx new file mode 100644 index 000000000..6d0905dca --- /dev/null +++ b/scripts/zcx_tests/inline_array_const.zx @@ -0,0 +1,7 @@ +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; + +def main() -> u32[1][2][3] { + return C; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_array_const_access.zx b/scripts/zcx_tests/inline_array_const_access.zx new file mode 100644 index 000000000..ea497f60d --- /dev/null +++ b/scripts/zcx_tests/inline_array_const_access.zx @@ -0,0 +1,11 @@ +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; + +def get_C() -> u32[1][2][3] { + return C; +} + +def main() -> u32[3] { + return get_C()[0][1]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_array_const_access.zxf b/scripts/zcx_tests/inline_array_const_access.zxf new file mode 100644 index 000000000..0ba623284 --- /dev/null +++ b/scripts/zcx_tests/inline_array_const_access.zxf @@ -0,0 +1,11 @@ +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; + +def get_C() -> u32[1][2][3] { + return C; +} + +def main() -> u32[3] { + return get_C()[1][1]; +} diff --git a/scripts/zcx_tests/inline_expression_len.zx b/scripts/zcx_tests/inline_expression_len.zx new file mode 100644 index 000000000..d7d42ff98 --- /dev/null +++ b/scripts/zcx_tests/inline_expression_len.zx @@ -0,0 +1,6 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def main() -> u32[4] { + u32[5] qwer = [1, 2, 3, 4, 5]; + return [...asdf[1..3], 4, qwer[2]]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_expression_len.zxf b/scripts/zcx_tests/inline_expression_len.zxf new file mode 100644 index 000000000..51235736a --- /dev/null +++ b/scripts/zcx_tests/inline_expression_len.zxf @@ -0,0 +1,6 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def main() -> u32[5] { + u32[5] qwer = [1, 2, 3, 4, 5]; + return [...asdf[1..3], 4, qwer[2]]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic.zx b/scripts/zcx_tests/inline_struct_generic.zx new file mode 100644 index 000000000..2e761523d --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic.zx @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x; + field y; +} + +def main() -> InlineTest<4> { + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic.zxf b/scripts/zcx_tests/inline_struct_generic.zxf new file mode 100644 index 000000000..eaaea1260 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic.zxf @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x; + field y; +} + +def main() -> InlineTest<4> { + InlineTest<5> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_2.zxf b/scripts/zcx_tests/inline_struct_generic_2.zxf new file mode 100644 index 000000000..bafd7957f --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_2.zxf @@ -0,0 +1,10 @@ +struct InlineTest { + u32[N] x; + field y; +} + +const InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; + +def main() -> InlineTest<4> { + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_3.zxf b/scripts/zcx_tests/inline_struct_generic_3.zxf new file mode 100644 index 000000000..91803d627 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_3.zxf @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x; + field y; +} + +def main() -> InlineTest<4> { + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_4.zxf b/scripts/zcx_tests/inline_struct_generic_4.zxf new file mode 100644 index 000000000..6dbbcc91f --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_4.zxf @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x; + field y; +} + +def main() -> InlineTest<4> { + InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 }; + return foo; +} diff --git a/scripts/zcx_tests/inline_struct_generic_5.zxf b/scripts/zcx_tests/inline_struct_generic_5.zxf new file mode 100644 index 000000000..d35475d22 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_5.zxf @@ -0,0 +1,10 @@ +struct InlineTest { + u32[N] x; + field y; +} + +const InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 }; + +def main() -> InlineTest<4> { + return foo; +} diff --git a/scripts/zcx_tests/inner_struct_generic.zx b/scripts/zcx_tests/inner_struct_generic.zx new file mode 100644 index 000000000..bc01fc7d7 --- /dev/null +++ b/scripts/zcx_tests/inner_struct_generic.zx @@ -0,0 +1,18 @@ +struct Foo { + u32[N] a; + u64 b; +} + +struct Bar { + Foo a; + u64 b; +} + +const Bar<4> baz = Bar { + a: Foo { a: [1, 2, 3, 4], b: 0 }, + b: 0 +}; + +def main() -> Bar<4> { + return baz; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inner_struct_generic.zxf b/scripts/zcx_tests/inner_struct_generic.zxf new file mode 100644 index 000000000..554fc88b9 --- /dev/null +++ b/scripts/zcx_tests/inner_struct_generic.zxf @@ -0,0 +1,18 @@ +struct Foo { + u32[N] a; + u64 b; +} + +struct Bar { + Foo a; + u64 b; +} + +const Bar<4> baz = Bar { + a: Foo { a: [1, 2, 3], b: 0 }, + b: 0 +}; + +def main() -> Bar<4> { + return baz; +} \ No newline at end of file diff --git a/scripts/zcx_tests/literals.zx b/scripts/zcx_tests/literals.zx new file mode 100644 index 000000000..5d26cbbb1 --- /dev/null +++ b/scripts/zcx_tests/literals.zx @@ -0,0 +1,7 @@ +def main() -> bool { + assert(0xfa == 250); + assert(0xbeef == 48879); + assert(0xdeadbeef == 3735928559); + assert(0xc0ffee1111111111 == 13907095931411566865); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg.zxf b/scripts/zcx_tests/missing_arg.zxf new file mode 100644 index 000000000..202d10042 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf @@ -0,0 +1,3 @@ +def main(field a, field b) -> field { + return a + b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg.zxf.in b/scripts/zcx_tests/missing_arg.zxf.in new file mode 100644 index 000000000..dcfef7296 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf.in @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg.zxf.out b/scripts/zcx_tests/missing_arg.zxf.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/missing_arg_field.zxf b/scripts/zcx_tests/missing_arg_field.zxf new file mode 100644 index 000000000..3c205854d --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf @@ -0,0 +1,8 @@ +struct P { + field x; + field y; +} + +def main(field a, P b) -> field { + return a + b.x + b.y; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg_field.zxf.in b/scripts/zcx_tests/missing_arg_field.zxf.in new file mode 100644 index 000000000..4b5a1440e --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) + (b.x #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg_field.zxf.out b/scripts/zcx_tests/missing_arg_field.zxf.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/missing_arg_idx.zxf b/scripts/zcx_tests/missing_arg_idx.zxf new file mode 100644 index 000000000..ddbba6d30 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf @@ -0,0 +1,3 @@ +def main(field[2] a, field b) -> field { + return a[0] + a[1] + b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg_idx.zxf.in b/scripts/zcx_tests/missing_arg_idx.zxf.in new file mode 100644 index 000000000..2d8f8249a --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a.0 #f1) + (b #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg_idx.zxf.out b/scripts/zcx_tests/missing_arg_idx.zxf.out new file mode 100644 index 000000000..758d0ede2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf.out @@ -0,0 +1 @@ +3f diff --git a/scripts/zcx_tests/redef_const.zxf b/scripts/zcx_tests/redef_const.zxf new file mode 100644 index 000000000..4730f2d63 --- /dev/null +++ b/scripts/zcx_tests/redef_const.zxf @@ -0,0 +1,6 @@ +const u32 A = 1; +const u32 A = 2; + +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_const_2.zxf b/scripts/zcx_tests/redef_const_2.zxf new file mode 100644 index 000000000..1b03e6ae5 --- /dev/null +++ b/scripts/zcx_tests/redef_const_2.zxf @@ -0,0 +1,7 @@ +from "EMBED" import FIELD_SIZE_IN_BITS as A; + +const u32 A = 2; + +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_fn.zxf b/scripts/zcx_tests/redef_fn.zxf new file mode 100644 index 000000000..dcd7511c4 --- /dev/null +++ b/scripts/zcx_tests/redef_fn.zxf @@ -0,0 +1,11 @@ +def foo() -> u32 { + return 1; +} + +def foo() -> u32 { + return 2; +} + +def main() -> u32 { + return foo(); +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_import.zxf b/scripts/zcx_tests/redef_import.zxf new file mode 100644 index 000000000..acbd68f0f --- /dev/null +++ b/scripts/zcx_tests/redef_import.zxf @@ -0,0 +1,8 @@ +import "EMBED" { + FIELD_SIZE_IN_BITS as A; + u16_to_bits as A; +} + +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_import_2.zxf b/scripts/zcx_tests/redef_import_2.zxf new file mode 100644 index 000000000..7d4f903bf --- /dev/null +++ b/scripts/zcx_tests/redef_import_2.zxf @@ -0,0 +1,6 @@ +import "EMBED"; +import "EMBED"; + +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_struct.zxf b/scripts/zcx_tests/redef_struct.zxf new file mode 100644 index 000000000..28db17d6a --- /dev/null +++ b/scripts/zcx_tests/redef_struct.zxf @@ -0,0 +1,11 @@ +struct Foo { + u32 a; +} + +struct Foo { + u32 b; +} + +def main() -> bool { + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/run_tests.sh b/scripts/zcx_tests/run_tests.sh new file mode 100755 index 000000000..20fea64c6 --- /dev/null +++ b/scripts/zcx_tests/run_tests.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +TESTDIR=$(dirname -- "$0") +ZXI=${TESTDIR}/../../target/release/examples/zcxi +error=0 + +echo Running zx should-pass tests: +for i in ${TESTDIR}/*.zx; do + infile="${i}.in" + if [[ -a $infile ]] + then + output=$(${ZXI} "$i" "$infile") + if [ "$?" != "0" ]; then + echo "[failure: should-pass] $i" + echo "non-zero exit" + error=1 + else + outfile="${i}.out" + if [ "$(cat "$outfile")" != "$output" ]; then + echo "[failure: should-pass] $i" + echo "expected output: " + cat $outfile + echo "got output: " + echo "$output" + error=1 + fi + fi + else + ${ZXI} "$i" &>/dev/null + if [ "$?" != "0" ]; then + echo "[failure: should-pass] $i" + error=1 + fi + fi +done +echo Done. +echo + +echo Running zx should-fail tests: +for i in ${TESTDIR}/*.zxf; do + localerror=0 + infile="${i}.in" + if [[ -a $infile ]] + then + output=$(${ZXI} "$i" "$infile") + if [ "$?" != "0" ]; then + localerror=1 + else + outfile="${i}.out" + if [ $(cat $outfile) != "$output" ]; then + localerror=1 + fi + fi + if [ "$localerror" == "0" ]; then + echo "[failure: should-fail] $i" + error=1 + fi + else + ${ZXI} "$i" &>/dev/null + if [ "$?" == "0" ]; then + echo "[failure: should-fail] $i" + error=1 + fi + fi +done +echo Done. + +exit $error diff --git a/scripts/zcx_tests/signed_remainder.zx b/scripts/zcx_tests/signed_remainder.zx new file mode 100644 index 000000000..4a365a4d6 --- /dev/null +++ b/scripts/zcx_tests/signed_remainder.zx @@ -0,0 +1,22 @@ +from "field" import s_divisible, s_remainder; + +def main() -> bool { + field q = 4; + + field a = -2048; + assert((a % q) != 0); + assert(s_divisible(a, q)); + assert(s_remainder(a, q) == 0); + + field b = 2048; + assert((b % q) == 0); + assert(s_divisible(b, q)); + assert(s_remainder(b, q) == 0); + + field c = -2049; + assert((c % 2) == 0); + assert(!s_divisible(c, q)); + assert(s_remainder(c, q) == 3); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/simple_loop.zx b/scripts/zcx_tests/simple_loop.zx new file mode 100644 index 000000000..c3115df52 --- /dev/null +++ b/scripts/zcx_tests/simple_loop.zx @@ -0,0 +1,8 @@ +def main() -> bool { + u32 total = 0; + for u32 j in 0..7 { + total = total + j; + } + assert(total == 21); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic.zx b/scripts/zcx_tests/single_generic.zx new file mode 100644 index 000000000..74aba3659 --- /dev/null +++ b/scripts/zcx_tests/single_generic.zx @@ -0,0 +1,7 @@ +def last(u32[N] a) -> u32 { + return a[N-1]; +} + +def main() -> u32 { + return last([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_2.zx b/scripts/zcx_tests/single_generic_2.zx new file mode 100644 index 000000000..f73712eb4 --- /dev/null +++ b/scripts/zcx_tests/single_generic_2.zx @@ -0,0 +1,7 @@ +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} + +def main() -> u32[6] { + return dbl([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_2.zxf b/scripts/zcx_tests/single_generic_2.zxf new file mode 100644 index 000000000..168f5a180 --- /dev/null +++ b/scripts/zcx_tests/single_generic_2.zxf @@ -0,0 +1,7 @@ +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} + +def main() -> u32[5] { + return dbl([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_3.zx b/scripts/zcx_tests/single_generic_3.zx new file mode 100644 index 000000000..a0d3ff6b8 --- /dev/null +++ b/scripts/zcx_tests/single_generic_3.zx @@ -0,0 +1,7 @@ +def last(u32[N] a) -> u32 { + return a[N-1]; +} + +def main() -> u32 { + return last([1u32, 2, ...[3u32, 4, 5]]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const.zx b/scripts/zcx_tests/single_generic_const.zx new file mode 100644 index 000000000..e8396ef20 --- /dev/null +++ b/scripts/zcx_tests/single_generic_const.zx @@ -0,0 +1,9 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def last(u32[N] a) -> u32 { + return a[N-1]; +} + +def main() -> u32 { + return last(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const_2.zx b/scripts/zcx_tests/single_generic_const_2.zx new file mode 100644 index 000000000..8677d289c --- /dev/null +++ b/scripts/zcx_tests/single_generic_const_2.zx @@ -0,0 +1,9 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} + +def main() -> u32[10] { + return dbl::<_, _>(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const_2.zxf b/scripts/zcx_tests/single_generic_const_2.zxf new file mode 100644 index 000000000..67d5c4d55 --- /dev/null +++ b/scripts/zcx_tests/single_generic_const_2.zxf @@ -0,0 +1,9 @@ +const u32[5] asdf = [1, 2, 3, 4, 5]; + +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} + +def main() -> u32[6] { + return dbl::<_, _>(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/slice_assign.zx b/scripts/zcx_tests/slice_assign.zx new file mode 100644 index 000000000..24e165e2d --- /dev/null +++ b/scripts/zcx_tests/slice_assign.zx @@ -0,0 +1,6 @@ +def main() -> u32[4] { + u32[7] foo = [1, 2, 3, 4, 5, 6, 7]; + u32[4] bar = [0; 4]; + bar = foo[2..6]; + return bar; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_eq.zx b/scripts/zcx_tests/struct_eq.zx new file mode 100644 index 000000000..a2fb2fb07 --- /dev/null +++ b/scripts/zcx_tests/struct_eq.zx @@ -0,0 +1,23 @@ +struct Bar { + u8 d; + u16 e; +} + +struct Foo { + u32[7] a; + field b; + u64 c; + Bar d; +} + +def main() -> Foo { + Bar w = Bar { d: 0, e: 0 }; + assert(w == w); + + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w }; + Foo y = Foo { a: [8; 7], b: 0, c: 1, d: w }; + + assert(x != y); + assert(!(x == y)); + return x; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_eq.zxf b/scripts/zcx_tests/struct_eq.zxf new file mode 100644 index 000000000..cbf64e309 --- /dev/null +++ b/scripts/zcx_tests/struct_eq.zxf @@ -0,0 +1,19 @@ +struct Bar { + u8 d; + u16 e; +} + +struct Foo { + u32[7] a; + field b; + u64 c; + Bar d; +} + +def main() -> bool { + Bar w = Bar { d: 0, e: 0 }; + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w }; + assert(x != w); + assert(!(x == y)); + return x == y || x != y; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_generic.zx b/scripts/zcx_tests/struct_generic.zx new file mode 100644 index 000000000..478754061 --- /dev/null +++ b/scripts/zcx_tests/struct_generic.zx @@ -0,0 +1,16 @@ +struct Bar { + field[N] c; + bool d; +} + +struct Foo

{ + Bar

a; + bool b; +} + +def main() -> Foo<2> { + Bar<2> var_b = Bar{ c: [0, 0], d: false }; + Foo<2> f = Foo { a: var_b, b: true }; + f.a.c = [42, 43]; + return f; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_read_write.zx b/scripts/zcx_tests/struct_read_write.zx new file mode 100644 index 000000000..01e17b480 --- /dev/null +++ b/scripts/zcx_tests/struct_read_write.zx @@ -0,0 +1,13 @@ +struct Foo { + u32 a; + u8 b; +} + +def main() -> u8 { + Foo bar = Foo { a: 1, b: 2 }; + assert(bar.a == 1); + assert(bar.b == 2); + bar.a = 2; + assert(bar.a == 2); + return bar.b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/sum.zx b/scripts/zcx_tests/sum.zx new file mode 100644 index 000000000..6fd7d02af --- /dev/null +++ b/scripts/zcx_tests/sum.zx @@ -0,0 +1,8 @@ +struct P { + field x; + field[2] y; +} + +def main(field[2] a, field b, P c) -> field { + return a[0] + a[1] + b + c.x + c.y[0] + c.y[1]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/sum.zx.in b/scripts/zcx_tests/sum.zx.in new file mode 100644 index 000000000..3c175a03b --- /dev/null +++ b/scripts/zcx_tests/sum.zx.in @@ -0,0 +1,11 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a.0 #f1) + (a.1 #f2) + (b #f3) + (c.x #f4) + (c.y.0 #f5) + (c.y.1 #f6) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/sum.zx.out b/scripts/zcx_tests/sum.zx.out new file mode 100644 index 000000000..7406afbb1 --- /dev/null +++ b/scripts/zcx_tests/sum.zx.out @@ -0,0 +1 @@ +21f diff --git a/scripts/zcx_tests/tuple_eq.zx b/scripts/zcx_tests/tuple_eq.zx new file mode 100644 index 000000000..8ebf81096 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx @@ -0,0 +1,20 @@ +struct Point { + field x; + field y; +} + +def create_input_values(private Point p, private (field, field) t) -> (Point, (field, field)) { + return (p, t); +} + +def main(private Point p, private (field, field) t) -> (Point, (field, field)) { + (Point, (field, field)) w = create_input_values(p, t); + assert(w == w); + + (Point, (field, field)) x = w; + (Point, (field, field)) y = (Point { x: 5, y: 6 }, (7, 8)); + + assert(x != y); + assert(!(x == y)); + return x; +} diff --git a/scripts/zcx_tests/tuple_eq.zx.in b/scripts/zcx_tests/tuple_eq.zx.in new file mode 100644 index 000000000..3f0a8a4d8 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx.in @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (p.x #f1) + (p.y #f1) + (t.0 #f3) + (t.1 #f4) +) false ; ignored +)) + + diff --git a/scripts/zcx_tests/tuple_eq.zx.out b/scripts/zcx_tests/tuple_eq.zx.out new file mode 100644 index 000000000..3be18a570 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx.out @@ -0,0 +1 @@ +(Point { x: 1f, y: 1f, }, (3f, 4f, ), ) diff --git a/scripts/zcx_tests/tuple_eq.zxf b/scripts/zcx_tests/tuple_eq.zxf new file mode 100644 index 000000000..ddcb58864 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zxf @@ -0,0 +1,15 @@ +def create_values() -> ((u32[7], field, u64, (u8, u16)), (u8, u16)) { + (u8, u16) w = (0, 0); + (u32[7], field, u64, (u8, u16)) x = ([7; 7], 1, 0, w); + return (x, w); +} + +def main() -> bool { + ((u32[7], field, u64, (u8, u16)), (u8, u16)) vals = create_values(); + + // Try to access vals.2 which doesn't exist (tuple only has elements 0 and 1) + assert(vals.2 != vals.0); + assert(!(vals.0 == vals.1)); + + return vals.0 == vals.1 || vals.0 != vals.1; +} diff --git a/scripts/zcx_tests/typedef_1.zx b/scripts/zcx_tests/typedef_1.zx new file mode 100644 index 000000000..3d3e72465 --- /dev/null +++ b/scripts/zcx_tests/typedef_1.zx @@ -0,0 +1,5 @@ +type Foo = u8; + +def main() -> Foo { + return 0; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_2.zx b/scripts/zcx_tests/typedef_2.zx new file mode 100644 index 000000000..e3d83e0d9 --- /dev/null +++ b/scripts/zcx_tests/typedef_2.zx @@ -0,0 +1,12 @@ +struct Foo { + field[N] n; + field[M] m; +} + +type Bar = Foo; + +def main() -> bool { + Foo<5, 5> q = Foo { n: [0; 5], m: [0; 5] }; + Bar<5> u = Bar { n: [0; 5], m: [0; 5] }; + return q == u; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_3.zx b/scripts/zcx_tests/typedef_3.zx new file mode 100644 index 000000000..1c8aa5a06 --- /dev/null +++ b/scripts/zcx_tests/typedef_3.zx @@ -0,0 +1,22 @@ +struct Foo { + field[N] n; +} + +type Bar = Foo<5>; + +struct Baz { + Bar b; + Foo q; +} + +type Quux = Baz<7>; + +const u32 SEVEN = 7; + +type Bazinga = field[SEVEN]; + +def main() -> bool { + Quux q = Quux { b: Bar { n: [0; 5] }, q: Foo { n: [1; 7] } }; + Baz<5> r = Baz { b: Bar { n: [q.b.n[0]; 5] }, q: Foo { n: [2; 5] } }; + return r.b.n[4] == q.b.n[4]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_4.zx b/scripts/zcx_tests/typedef_4.zx new file mode 100644 index 000000000..3e5ef9ac5 --- /dev/null +++ b/scripts/zcx_tests/typedef_4.zx @@ -0,0 +1,6 @@ +from "./typedef_3" import Bazinga; + +def main() -> bool { + Bazinga foo = [0; 7]; + return foo[0] == 1; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_5.zxf b/scripts/zcx_tests/typedef_5.zxf new file mode 100644 index 000000000..d2bd5114a --- /dev/null +++ b/scripts/zcx_tests/typedef_5.zxf @@ -0,0 +1,8 @@ +import "./typedef_3" { + Bar +} + +def main() -> bool { + Bar q = Bar { n: [0; 5] }; + return q.n[0] == 0; +} \ No newline at end of file diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf b/scripts/zcx_tests/wrong_output_with_args.zxf new file mode 100644 index 000000000..202d10042 --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf @@ -0,0 +1,3 @@ +def main(field a, field b) -> field { + return a + b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf.in b/scripts/zcx_tests/wrong_output_with_args.zxf.in new file mode 100644 index 000000000..e948f0f8c --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) + (b #f2) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf.out b/scripts/zcx_tests/wrong_output_with_args.zxf.out new file mode 100644 index 000000000..31198a989 --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf.out @@ -0,0 +1 @@ +4f diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh new file mode 100755 index 000000000..e1f64fadc --- /dev/null +++ b/scripts/zokrates_curly_test.zsh @@ -0,0 +1,116 @@ +#!/usr/bin/env zsh + +set -ex + +disable -r time + +# cargo build --release --features r1cs,smt,zok,zokc --example circ +# cargo build --example circ + +MODE=release # debug or release +BIN=./target/$MODE/examples/circ +ZK_BIN=./target/$MODE/examples/zk + +case "$OSTYPE" in + darwin*) + alias measure_time="gtime --format='%e seconds %M kB'" + ;; + linux*) + alias measure_time="time --format='%e seconds %M kB'" + ;; +esac + +function r1cs_test { + zpath=$1 + measure_time $BIN $zpath --language zsharp-curly r1cs --action count +} + +function r1cs_test_count { + zpath=$1 + threshold=$2 + o=$($BIN $zpath --language zsharp-curly r1cs --action count) + n_constraints=$(echo $o | grep -E 'Final r1cs: [0-9]+' -o | grep -Eo '\b[0-9]+\b') + [[ $n_constraints -lt $threshold ]] || (echo "Got $n_constraints, expected < $threshold" && exit 1) +} + +# Test prove workflow, given an example name +function pf_test { + for proof_impl in groth16 mirage + do + ex_name=$1 + # compile the circuit to R1CS and then perform zkSNARK Setup, storing pk and vk in files P and V respectively + $BIN examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + # create a proof using the prover input (x,w) stored in the .pin file + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + # verify a proof using the verifier input (x) stored in the .vin file + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.vin --action verify --proof-impl $proof_impl + # clean up + rm -rf P V pi + done +} + +# Test setup + prove, given an example name (does not test verification) +function pf_test_only_pf { + for proof_impl in mirage + do + ex_name=$1 + $BIN examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + rm -rf P V pi + done +} + +# Test prove workflow with --zsharp-isolate-asserts, given an example name +function pf_test_isolate { + for proof_impl in groth16 mirage + do + ex_name=$1 + $BIN --zsharp-isolate-asserts true examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.vin --action verify --proof-impl $proof_impl + rm -rf P V pi + done +} + +r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 +r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok + +pf_test_only_pf sha_temp1 +pf_test_only_pf sha_rot +pf_test_only_pf maj +pf_test_only_pf sha_temp2 +#pf_test_only_pf test_sha256 + +pf_test assert +pf_test assert2 +pf_test_isolate isolate_assert +pf_test 3_plus +pf_test xor +pf_test mul +pf_test many_pub +pf_test str_str +pf_test str_arr_str +pf_test arr_str_arr_str +pf_test var_idx_arr_str_arr_str +pf_test mm +pf_test unused_var +pf_test tuple +pf_test assembly_constraint +pf_test assembly_unconstraint +pf_test assembly_field_to_bool_unsafe + +scripts/zcx_tests/run_tests.sh diff --git a/src/front/c/ast_utils.rs b/src/front/c/ast_utils.rs index c9840a9a3..56dc3ba6b 100644 --- a/src/front/c/ast_utils.rs +++ b/src/front/c/ast_utils.rs @@ -61,7 +61,7 @@ pub fn name_from_decl(decl: &Declarator) -> String { pub fn compress_type(ts: Vec>) -> Option { if ts.len() == 1 { - return ts.first().unwrap().clone(); + ts.first().unwrap().clone() } else { let mut signed: bool = true; let mut _void: bool = false; diff --git a/src/front/c/mod.rs b/src/front/c/mod.rs index 8f4bb485b..ed7778902 100644 --- a/src/front/c/mod.rs +++ b/src/front/c/mod.rs @@ -183,7 +183,7 @@ impl CGen { /// TODO: Refactor with s_type_ / d_type_ fn type_(&mut self, t: &TypeSpecifier) -> Option { - return match t { + match t { TypeSpecifier::Void => None, TypeSpecifier::Int => Some(Ty::Int(true, 32)), TypeSpecifier::Unsigned => Some(Ty::Int(false, 32)), @@ -244,7 +244,7 @@ impl CGen { } } _ => unimplemented!("Type {:#?} not implemented yet.", t), - }; + } } fn get_inner_derived_type(&mut self, base_ty: &Ty, d: &DerivedDeclarator) -> Ty { @@ -1134,12 +1134,11 @@ impl CGen { } }; } - Statement::Expression(expr) => match expr { - Some(e) => { + Statement::Expression(expr) => { + if let Some(e) = expr { self.gen_expr(&e.node); } - None => {} - }, + } Statement::For(for_stmt) => { // TODO: Add enter_breakable self.circ_enter_scope(); diff --git a/src/front/datalog/error.rs b/src/front/datalog/error.rs index a9b423a10..3e8023fc0 100644 --- a/src/front/datalog/error.rs +++ b/src/front/datalog/error.rs @@ -34,7 +34,7 @@ pub struct Error<'ast> { pub span: Option>, } -impl<'ast> Display for Error<'ast> { +impl Display for Error<'_> { fn fmt(&self, f: &mut Formatter) -> fmt::Result { writeln!(f, "Error: {}", self.kind)?; if let Some(s) = &self.span { @@ -47,7 +47,7 @@ impl<'ast> Display for Error<'ast> { } } -impl<'ast> From for Error<'ast> { +impl From for Error<'_> { fn from(error_kind: ErrorKind) -> Self { Error { kind: error_kind, @@ -56,7 +56,7 @@ impl<'ast> From for Error<'ast> { } } -impl<'ast> From for Error<'ast> { +impl From for Error<'_> { fn from(circ: crate::circify::CircError) -> Self { Error { kind: ErrorKind::Circify(circ), diff --git a/src/front/mod.rs b/src/front/mod.rs index 195fa9b2f..f803dd293 100644 --- a/src/front/mod.rs +++ b/src/front/mod.rs @@ -6,6 +6,8 @@ pub mod c; pub mod datalog; #[cfg(all(feature = "smt", feature = "zok"))] pub mod zsharp; +#[cfg(all(feature = "smt", feature = "zokc"))] +pub mod zsharpcurly; use crate::ir::proof; use crate::ir::term::{Computations, PartyId}; diff --git a/src/front/zsharp/mod.rs b/src/front/zsharp/mod.rs index 124039d69..516e4c75a 100644 --- a/src/front/zsharp/mod.rs +++ b/src/front/zsharp/mod.rs @@ -133,7 +133,7 @@ struct ZGen<'ast> { #[derive(Debug, Clone, PartialEq, Hash, Eq)] struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); -impl<'ast> Drop for ZGen<'ast> { +impl Drop for ZGen<'_> { fn drop(&mut self) { use std::mem::take; diff --git a/src/front/zsharp/term.rs b/src/front/zsharp/term.rs index 2e6810fde..9cbcdcc12 100644 --- a/src/front/zsharp/term.rs +++ b/src/front/zsharp/term.rs @@ -169,6 +169,43 @@ impl T { s => Err(format!("Not an array: {s}")), } } + fn unwrap_struct_ir(self) -> Result, String> { + match &self.ty { + Ty::Struct(_, map) => Ok(FieldList::new( + map.fields() + .map(|(field, _)| { + let (idx, _) = map + .search(field) + .unwrap_or_else(|| panic!("{}", "No field '{field}'")); + (field.clone(), term![Op::Field(idx); self.term.clone()]) + }) + .collect(), + )), + s => Err(format!("{s} is not a struct")), + } + } + pub fn unwrap_struct(self) -> Result, String> { + match &self.ty { + Ty::Struct(_, fields) => { + let fields = (*fields).clone(); + Ok(FieldList::new( + self.unwrap_struct_ir()? + .fields() + .map(|(field, t)| { + let f_ty = fields + .search(field) + .unwrap_or_else(|| panic!("{}", "No field '{field}'")) + .1 + .clone(); + + (field.clone(), T::new(f_ty, t.clone())) + }) + .collect(), + )) + } + s => Err(format!("Not a struct: {s}")), + } + } pub fn new_array(v: Vec) -> Result { array(v) } @@ -1209,30 +1246,37 @@ impl Embeddable for ZSharp { None => std::iter::repeat(None).take(*n).collect(), }; debug_assert_eq!(*n, ps.len()); - array( - ps.into_iter().enumerate().map(|(i, p)| { - self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) - }), - ) + array(ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) + })) .unwrap() } - Ty::Struct(n, fs) => T::new_struct( - n.clone(), - fs.fields() - .map(|(f_name, f_ty)| { - ( - f_name.clone(), - self.declare_input( - ctx, - f_ty, - field_name(&name, f_name), - visibility, - precompute.as_ref().map(|_| unimplemented!("precomputations for declared inputs that are Z# structures")), - ), - ) - }) - .collect(), - ), + + Ty::Struct(n, fs) => { + let ps = match precompute.map(|p| p.unwrap_struct()) { + Some(Ok(fl)) => fl, + Some(Err(e)) => panic!("{}", e), + None => FieldList::new(vec![]), + }; + + Self::T::new_struct( + n.clone(), + fs.fields() + .map(|(f_name, f_ty)| { + ( + f_name.clone(), + self.declare_input( + ctx, + f_ty, + field_name(&name, f_name), + visibility, + ps.search(f_name).map(|(_, p)| p.clone()), + ), + ) + }) + .collect(), + ) + } } } fn ite(&self, _ctx: &mut CirCtx, cond: Term, t: Self::T, f: Self::T) -> Self::T { diff --git a/src/front/zsharp/zvisit/zstmtwalker/mod.rs b/src/front/zsharp/zvisit/zstmtwalker/mod.rs index 3b33a49bf..9e6dc89ac 100644 --- a/src/front/zsharp/zvisit/zstmtwalker/mod.rs +++ b/src/front/zsharp/zvisit/zstmtwalker/mod.rs @@ -729,7 +729,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { } } -impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { +impl<'ast> ZVisitorMut<'ast> for ZStatementWalker<'ast, '_> { fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { if self.rets.len() != ret.expressions.len() { return Err(ZVisitorError( diff --git a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs index fef808b85..202dca99c 100644 --- a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs @@ -59,7 +59,7 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { } } -impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> { +impl<'ast> ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { use ast::Expression::*; if self.ty.is_some() { diff --git a/src/front/zsharpcurly/TODO b/src/front/zsharpcurly/TODO new file mode 100644 index 000000000..4d75e3a20 --- /dev/null +++ b/src/front/zsharpcurly/TODO @@ -0,0 +1,82 @@ +- error messages: (String, &Span) instead of String to avoid recursively + expanding Spans on error? + +- talk to AO about bit-split + - generalized bit-split, i.e., into vector-of-bitvectors? + goes nicely with lookup table--based range checks... + +- add explicit-generic-expr to parser, e,g., foo::<(N+1)>(5) + - maybe not necessary: can just say `u32 Np1 = N + 1 ; foo::(5)` + +- POW width - allow full-width rhs? (const only? in that case, easy) + +- correctness: bit width for field comparisons, etc + - when lowering to r1cs, enforce MSB=0? + +- correctness: when lowering IR arrays, enforce bounds checks! + +- optimization: for a < b, only expand a to b's bit width; + a < b is (a_expansion == a) && (a_expansion < b_expansion) + +-- +wants + +--> fix field up-front? + +- cc-snarks/examples/sha3/keccakf-zxc.zok + +-- + +== done == + +[x] generic inf: monomorphize at call time + [x] make sure we got a UNIQUE solution! find_unique_model() fn + +- stdlib rename to avoid confusion with parallel ZoK checkouts + [x] and/or: check ZSHARP_STDLIB_PATH envvar + +[WONTFIX] remove ret requirement for fns + - typecheck with bool if no type? (and test function_call() for compatibility) + - add () or nil type? + +[x] unify_inline_array revisit + +[x] field `%` + [x] unsigned + - divrem? (is this necessary for efficiency? can just do r=a%b, c=(a-r)/b + - signed? + +[x] const / non-const cleanup + +[x] tuples: Box<[_]> rather than Vec<_> + +[x] tuple typecheck on update + +[x] multi-returns? + - no. if we need tuples, we'll add them to the type system properly + +[x] oob array read fix + +[x] solver-related optimizations + [x] duh, don't call the solver if not needed + [x] cache generic inf results + +[x] array construction optimization + +[x] lints + +[x] pretty-printing T + +[x] improve speed (atomics?) + - shake is fast in zxi but slow in zxc (linearity reduction) + +[x] casts + - widening casts are free! + - check narrowing cast correctness! + - look at unpack functions again + - look at pack: advantage to builtin? + + u8: | u16 u32 u64 field + u16: u8 | u32 u64 field + u32: u8 u16 | u64 field + u64: u8 u16 u32 | field diff --git a/src/front/zsharpcurly/interp.rs b/src/front/zsharpcurly/interp.rs new file mode 100644 index 000000000..7c2011bfa --- /dev/null +++ b/src/front/zsharpcurly/interp.rs @@ -0,0 +1,55 @@ +//! Utilities for interpretting zsharp + +use super::term::{Ty, T}; +use crate::ir::term::*; +use fxhash::FxHashMap as HashMap; + +/// Given +/// * a variable name, +/// * a variable type, and +/// * a map from delimited names (e.g., "x", "x.0", "x.field_name") to values +/// +/// computes a [T] (of the given type) that contains only constants. These constants are extracted +/// from the map +pub fn extract( + name: &str, + ty: &Ty, + scalar_input_values: &mut HashMap, +) -> Result { + match ty { + Ty::Bool | Ty::Field | Ty::Uint(..) | Ty::Integer => { + let ir_val = scalar_input_values + .remove(name) + .ok_or_else(|| format!("Could not find scalar variable {name} in the input map"))?; + Ok(T::new(ty.clone(), const_(ir_val))) + } + Ty::Array(elem_count, elem_ty) => T::new_array( + (0..*elem_count) + .map(|i| extract(&format!("{name}.{i}"), elem_ty, scalar_input_values)) + .collect::, _>>()?, + ), + Ty::MutArray(elem_count) => T::new_array( + (0..*elem_count) + .map(|i| extract(&format!("{name}.{i}"), &Ty::Field, scalar_input_values)) + .collect::, _>>()?, + ), + Ty::Struct(s_name, fields) => Ok(T::new_struct( + s_name.clone(), + fields + .fields() + .map(|(f_name, f_ty)| -> Result<(String, T), String> { + Ok(( + f_name.clone(), + extract(&format!("{name}.{f_name}"), f_ty, scalar_input_values)?, + )) + }) + .collect::, _>>()?, + )), + Ty::Tuple(tys) => Ok(T::new_tuple( + tys.iter() + .enumerate() + .map(|(i, t_ty)| extract(&format!("{name}.{i}"), t_ty, scalar_input_values)) + .collect::, _>>()?, + )), + } +} diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs new file mode 100644 index 000000000..3476b51d4 --- /dev/null +++ b/src/front/zsharpcurly/mod.rs @@ -0,0 +1,2430 @@ +//! The ZoKrates/Z# curly front-end + +mod interp; +mod parser; +mod term; +pub mod zvisit; + +use super::{FrontEnd, Mode}; +use crate::cfg::cfg; +use crate::circify::{CircError, Circify, Loc, Val}; +use crate::front::proof::PROVER_ID; +use crate::ir::proof::ConstraintMetadata; +use crate::ir::term::*; + +use fxhash::FxHashMap; +use log::{debug, info, trace}; +use rug::Integer; +use std::cell::{Cell, RefCell}; +use std::collections::HashMap; +use std::fmt::Display; +use std::path::PathBuf; +use std::str::FromStr; +use std::time; +use zokrates_curly_pest_ast as ast; + +use term::*; +use zvisit::{ZConstLiteralRewriter, ZGenericInf, ZStatementWalker, ZVisitorMut}; + +// garbage collection increment for adaptive GC threshold +const GC_INC: usize = 32; + +/// Inputs to the Z# compiler +pub struct Inputs { + /// The file to look for `main` in. + pub file: PathBuf, + /// The mode to generate for (MPC or proof). Effects visibility. + pub mode: Mode, +} + +#[allow(dead_code)] +fn const_value_simple(term: &Term) -> Option { + match term.op() { + Op::Const(v) => Some((**v).clone()), + _ => None, + } +} + +#[allow(dead_code)] +fn const_bool_simple(t: T) -> Option { + match const_value_simple(&t.term) { + Some(Value::Bool(b)) => Some(b), + _ => None, + } +} + +#[allow(dead_code)] +fn const_val_simple(a: T) -> Result { + match const_value_simple(&a.term) { + Some(v) => Ok(T::new(a.ty, leaf_term(Op::new_const(v)))), + _ => Err(format!("{} is not a constant value", &a)), + } +} + +/// The Z# curcly brackets dialect front-end. Implements [FrontEnd]. +pub struct ZSharpCurlyFE; + +impl FrontEnd for ZSharpCurlyFE { + type Inputs = Inputs; + fn gen(i: Inputs) -> Computations { + debug!( + "Starting Z# front-end, field: {}", + Sort::Field(cfg().field().clone()) + ); + let loader = parser::ZLoad::new(); + let asts = loader.load(&i.file); + let mut g = ZGen::new(asts, i.mode, loader.stdlib(), cfg().zsharp.isolate_asserts); + g.visit_files(); + g.file_stack_push(i.file); + g.generics_stack_push(HashMap::new()); + g.entry_fn("main"); + g.generics_stack_pop(); + g.file_stack_pop(); + + let mut cs = Computations::new(); + let main_comp = std::rc::Rc::try_unwrap(g.into_circify().consume()) + .unwrap_or_else(|rc| (*rc).clone()) + .into_inner(); + cs.comps.insert("main".to_string(), main_comp); + cs + } +} + +impl ZSharpCurlyFE { + /// Execute the Z# front-end interpreter on the supplied file with the supplied inputs + pub fn interpret(i: Inputs, input_scalar_values: FxHashMap) -> T { + let loader = parser::ZLoad::new(); + let asts = loader.load(&i.file); + let mut g = ZGen::new(asts, i.mode, loader.stdlib(), cfg().zsharp.isolate_asserts); + g.visit_files(); + g.file_stack_push(i.file); + g.generics_stack_push(HashMap::new()); + g.const_entry_fn("main", input_scalar_values) + } +} + +struct ZGen<'ast> { + circ: RefCell>, + stdlib: &'ast parser::ZStdLib, + asts: HashMap>, + file_stack: RefCell>, + generics_stack: RefCell>>, + functions: HashMap>>, + // We use a single map for both type definitions and structures. + structs_and_tys: HashMap< + PathBuf, + HashMap, ast::TypeDefinition<'ast>>>, + >, + constants: HashMap, T)>>, + import_map: HashMap>, + mode: Mode, + cvars_stack: RefCell>>>, + crets_stack: RefCell>, + lhs_ty: RefCell>, + ret_ty_stack: RefCell>, + gc_depth_estimate: Cell, + assertions: RefCell>, + challenge_count: Cell, + isolate_asserts: bool, + in_witness_gen: Cell, + fn_call_memoization: RefCell>, +} + +#[derive(Debug, Clone, PartialEq, Hash, Eq)] +struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); + +impl Drop for ZGen<'_> { + fn drop(&mut self) { + use std::mem::take; + + // drop all fields that contain T or Ty + drop(self.generics_stack.take()); + drop(take(&mut self.constants)); + drop(self.cvars_stack.take()); + drop(self.crets_stack.take()); + drop(self.lhs_ty.take()); + drop(self.ret_ty_stack.take()); + drop(self.fn_call_memoization.take()); + + // force garbage collection + garbage_collect(); + } +} + +enum ZAccess { + Member(String), + Idx(T), +} + +fn loc_store(struct_tuple_: T, loc: &[ZAccess], val: T) -> Result { + match loc.first() { + None => Ok(val), + Some(ZAccess::Member(field)) => { + let inner = field_select(&struct_tuple_, field)?; + let new_inner = loc_store(inner, &loc[1..], val)?; + field_store(struct_tuple_, field, new_inner) + } + Some(ZAccess::Idx(idx)) => { + let old_inner = array_select(struct_tuple_.clone(), idx.clone())?; + let new_inner = loc_store(old_inner, &loc[1..], val)?; + array_store(struct_tuple_, idx.clone(), new_inner) + } + } +} + +enum ZVis { + Public, + Private(u8), +} + +impl<'ast> ZGen<'ast> { + fn new( + asts: HashMap>, + mode: Mode, + stdlib: &'ast parser::ZStdLib, + isolate_asserts: bool, + ) -> Self { + let this = Self { + circ: RefCell::new(Circify::new(ZSharp::new())), + asts, + stdlib, + file_stack: Default::default(), + generics_stack: Default::default(), + functions: HashMap::new(), + structs_and_tys: HashMap::new(), + constants: HashMap::new(), + import_map: HashMap::new(), + mode, + cvars_stack: Default::default(), + crets_stack: Default::default(), + lhs_ty: Default::default(), + ret_ty_stack: Default::default(), + gc_depth_estimate: Cell::new(2 * GC_INC), + assertions: Default::default(), + challenge_count: Cell::new(0), + isolate_asserts, + in_witness_gen: Cell::new(false), + fn_call_memoization: Default::default(), + }; + this.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .metadata + .add_prover_and_verifier(); + this + } + + fn into_circify(self) -> Circify { + self.circ.replace(Circify::new(ZSharp::new())) + } + + /// Unwrap a result with a span-dependent error + fn err(&self, e: E, s: &ast::Span) -> ! { + println!("Error: {e}"); + println!("In: {}", self.cur_path().canonicalize().unwrap().display()); + s.lines().for_each(|l| print!(" {l}")); + std::process::exit(1) + } + + fn unwrap(&self, r: Result, s: &ast::Span) -> T { + r.unwrap_or_else(|e| self.err(e, s)) + } + + fn builtin_call( + &self, + f_name: &str, + mut args: Vec, + mut generics: Vec, + ) -> Result { + debug!("Builtin Call: {}", f_name); + match f_name { + "u8_to_bits" | "u16_to_bits" | "u32_to_bits" | "u64_to_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_to_bits(args.pop().unwrap()) + } + } + + "integer_to_field" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + integer_to_field(args.pop().unwrap()) + } + } + "field_to_integer" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + field_to_integer(args.pop().unwrap()) + } + } + "int_to_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/{}, expected 1", + generics.len(), + f_name + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert unpack's N to usize".to_string() + })?; + int_to_bits(args.pop().unwrap(), nbits) + } + } + "int_size" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + int_size(args.pop().unwrap()) + } + } + + "int_modinv" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/{}, expected 2", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + let modulus = args.pop().unwrap(); + let value = args.pop().unwrap(); + int_modinv(value, modulus) + } + } + "u8_from_bits" | "u16_from_bits" | "u32_from_bits" | "u64_from_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_from_bits(args.pop().unwrap()) + } + } + "u8_to_field" | "u16_to_field" | "u32_to_field" | "u64_to_field" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_to_field(args.pop().unwrap()) + } + } + "u8_to_u64" | "u16_to_u64" | "u32_to_u64" | "u8_to_u32" | "u16_to_u32" + | "u8_to_u16" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + let len = f_name.len(); + match &f_name[len - 2..] { + "64" => uint_to_uint(args.pop().unwrap(), 64), + "32" => uint_to_uint(args.pop().unwrap(), 32), + "16" => uint_to_uint(args.pop().unwrap(), 16), + _ => unreachable!(), + } + } + } + "unpack" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/unpack, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/unpack, expected 1", + generics.len() + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert unpack's N to usize".to_string() + })?; + field_to_bits(args.pop().unwrap(), nbits) + } + } + "bit_array_le" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/bit_array_le, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/bit_array_le, expected 1", + generics.len() + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert bit_array_le's N to usize" + .to_string() + })?; + + let second_arg = args.pop().unwrap(); + let first_arg = args.pop().unwrap(); + bit_array_le(first_arg, second_arg, nbits) + } + } + "get_field_size" => { + if !args.is_empty() { + Err(format!( + "Got {} args to EMBED/get_field_size, expected 0", + args.len() + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/get_field_size, expected 0", + generics.len() + )) + } else { + Ok(uint_lit(cfg().field().modulus().significant_bits(), 32)) + } + } + "get_field_modulus" => { + if !args.is_empty() { + Err(format!( + "Got {} args to EMBED/get_field_size, expected 0", + args.len() + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/get_field_size, expected 0", + generics.len() + )) + } else { + Ok(T::new_integer(cfg().field().modulus())) + } + } + "sample_challenge" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/sample_challenge, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/sample_challenge, expected 1", + generics.len() + )) + } else { + let n = self.challenge_count.get(); + let t = sample_challenge(args.pop().unwrap(), n)?; + self.challenge_count.set(n + 1); + Ok(t) + } + } + "value_in_array" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/value_in_array, expected 2", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/value_in_array, expected 1", + generics.len() + )) + } else { + let array = args.pop().unwrap(); + let value = args.pop().unwrap(); + let map = term![Op::ExtOp(ExtOp::ArrayToMap); array.term]; + let flip = term![Op::ExtOp(ExtOp::MapFlip); map]; + let contains = term![Op::ExtOp(ExtOp::MapContainsKey); flip, value.term]; + Ok(T::new(Ty::Bool, contains)) + } + } + "reverse_lookup" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/reverse_lookup, expected 2", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/reverse_lookup, expected 1", + generics.len() + )) + } else { + let value = args.pop().unwrap(); + let array = args.pop().unwrap(); + let map = term![Op::ExtOp(ExtOp::ArrayToMap); array.term.clone()]; + let flip = term![Op::ExtOp(ExtOp::MapFlip); map]; + let key = term![Op::ExtOp(ExtOp::MapSelect); flip.clone(), value.term.clone()]; + let key_witness = term![Op::new_witness("rlook".into()); key]; + if !self.in_witness_gen.get() { + let eq_lookup = term![EQ; value.term, term![Op::Select; array.term, key_witness.clone()]]; + self.assert(eq_lookup)?; + } + Ok(T::new(Ty::Field, key_witness)) + } + } + "field_to_bool_unsafe" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/field_to_bool_unsafe, expected 1", + args.len() + )) + } else { + field_to_bool_unsafe(args.pop().unwrap()) + } + } + _ => Err(format!("Unknown or unimplemented builtin '{f_name}'")), + } + } + + fn assign_impl_( + &self, + name: &str, + accs: &[ast::AssigneeAccess<'ast>], + val: T, + strict: bool, + ) -> Result<(), String> { + let zaccs = self.zaccs_impl_::(accs)?; + let old = if IS_CNST { + self.cvar_lookup(name) + .ok_or_else(|| format!("Assignment failed: no const variable {name}"))? + } else { + self.circ_get_value(Loc::local(name.to_string())) + .map_err(|e| format!("{e}"))? + .unwrap_term() + }; + let new = loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; + debug!("Assign: {}", name); + if IS_CNST { + self.cvar_assign(name, new) + } else { + self.circ_assign(Loc::local(name.to_string()), Val::Term(new)) + .map_err(|e| format!("{e}")) + .map(|_| ()) + } + } + + fn assembly_assign_impl_( + &self, + assign: &ast::AssemblyAssignment<'ast>, + ) -> Result<(), String> { + let name = &assign.assignee.id.value; + let accs = &assign.assignee.accesses; + + // Will it ever go in the constant case? + if IS_CNST { + let zaccs = self.zaccs_impl_::(accs)?; + let old = self + .cvar_lookup(name) + .ok_or_else(|| format!("Assembly assignment failed: no const variable {name}"))?; + let val = self.expr_impl_::(&assign.expression)?; + let new = loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(const_val_simple)?; + + debug!("Assembly Const Assign: {}", name); + self.cvar_assign(name, new) + } else { + if self.in_witness_gen.get() { + return Err("already in witness generation".into()); + } + + // Get current value and location info + let zaccs = self.zaccs_impl_::(accs)?; + let old = self + .circ_get_value(Loc::local(name.to_string())) + .map_err(|e| format!("{e}"))? + .unwrap_term(); + + // Compute the value + let val = self.expr_impl_::(&assign.expression)?; + + // Create a witness term with the computed value + let mut new_val = val; + new_val.term = term![Op::new_witness("assembly".into()); new_val.term]; + + // Store at the correct location + let new = loc_store(old, &zaccs[..], new_val).map(const_fold)?; + + debug!("Assembly Witness Assign: {}", name); + self.circ_assign(Loc::local(name.to_string()), Val::Term(new)) + .map_err(|e| format!("{e}")) + .map(|_| ()) + } + } + + fn assembly_constraint_( + &self, + c: &ast::AssemblyConstraint, + ) -> Result<(), String> { + // Get expressions for both sides + let lhs = self.expr_impl_::(&c.lhs)?; + let rhs = self.expr_impl_::(&c.rhs)?; + + // Create equality comparison + let eq_expr = term![EQ; lhs.term, rhs.term]; + + // Similar to assertion logic, check if it's a constant expression + match const_bool_simple(T::new(Ty::Bool, eq_expr.clone())) { + Some(true) => Ok(()), + Some(false) => Err(format!( + "Const assembly constraint failed: {} == {} at\n{}", + c.lhs.span().as_str(), + c.rhs.span().as_str(), + span_to_string(&c.span), + )), + None if IS_CNST => Err(format!( + "Const assembly constraint eval failed at\n{}", + span_to_string(&c.span), + )), + _ => { + // Convert to bool term and assert + let b = bool(T::new(Ty::Bool, eq_expr))?; + self.assert(b)?; + Ok(()) + } + } + } + + fn zaccs_impl_( + &self, + accs: &[ast::AssigneeAccess<'ast>], + ) -> Result, String> { + accs.iter() + .map(|acc| match acc { + ast::AssigneeAccess::Dot(m) => match &m.inner { + ast::IdentifierOrDecimal::Identifier(i) => Ok(ZAccess::Member(i.value.clone())), + ast::IdentifierOrDecimal::Decimal(d) => { + // Here we handle tuple access by position + let index = d.span.as_str().trim(); + Ok(ZAccess::Member(index.to_string())) + } + }, + ast::AssigneeAccess::Select(m) => match &m.expression { + ast::RangeOrExpression::Expression(e) => { + self.expr_impl_::(e).map(ZAccess::Idx) + } + _ => Err(format!( + "Cannot assign to slice: {}", + span_to_string(&m.span) + )), + }, + }) + .collect() + } + + fn literal_(&self, e: &ast::LiteralExpression<'ast>) -> Result { + match e { + ast::LiteralExpression::DecimalLiteral(d) => { + let vstr = &d.value.span.as_str(); + match &d.suffix { + Some(ast::DecimalSuffix::U8(_)) => Ok(uint_lit(vstr.parse::().unwrap(), 8)), + Some(ast::DecimalSuffix::U16(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 16)) + } + Some(ast::DecimalSuffix::U32(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 32)) + } + Some(ast::DecimalSuffix::U64(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 64)) + } + Some(ast::DecimalSuffix::Field(_)) => { + Ok(field_lit(Integer::from_str_radix(vstr, 10).unwrap())) + } + _ => { + // xxx(unimpl): For some reason when we process assembly assignment, the suffix is None + // but when we process a normal assignment, the suffix is Some(_) + // For now, we just process any unmatched as a field element + // in case the Integer::from_str_radix does not fail + // otherwise we should return an error + match Integer::from_str_radix(vstr, 10) { + Ok(val) => Ok(field_lit(val)), + Err(_) => { + Err("Could not infer literal type. Annotation needed.".to_string()) + } + } + } + } + } + ast::LiteralExpression::BooleanLiteral(b) => { + Ok(z_bool_lit(bool::from_str(&b.value).unwrap())) + } + ast::LiteralExpression::HexLiteral(h) => match &h.value { + ast::HexNumberExpression::U8(h) => { + Ok(uint_lit(u8::from_str_radix(&h.value, 16).unwrap(), 8)) + } + ast::HexNumberExpression::U16(h) => { + Ok(uint_lit(u16::from_str_radix(&h.value, 16).unwrap(), 16)) + } + ast::HexNumberExpression::U32(h) => { + Ok(uint_lit(u32::from_str_radix(&h.value, 16).unwrap(), 32)) + } + ast::HexNumberExpression::U64(h) => { + Ok(uint_lit(u64::from_str_radix(&h.value, 16).unwrap(), 64)) + } + }, + } + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) + } + + fn unary_op(&self, o: &ast::UnaryOperator) -> fn(T) -> Result { + match o { + ast::UnaryOperator::Pos(_) => Ok, + ast::UnaryOperator::Neg(_) => neg, + ast::UnaryOperator::Not(_) => not, + } + } + + fn bin_op(&self, o: &ast::BinaryOperator) -> fn(T, T) -> Result { + match o { + ast::BinaryOperator::BitXor => bitxor, + ast::BinaryOperator::BitAnd => bitand, + ast::BinaryOperator::BitOr => bitor, + ast::BinaryOperator::RightShift => shr, + ast::BinaryOperator::LeftShift => shl, + ast::BinaryOperator::Or => or, + ast::BinaryOperator::And => and, + ast::BinaryOperator::Add => add, + ast::BinaryOperator::Sub => sub, + ast::BinaryOperator::Mul => mul, + ast::BinaryOperator::Div => div, + ast::BinaryOperator::Rem => rem, + ast::BinaryOperator::Eq => eq, + ast::BinaryOperator::NotEq => neq, + ast::BinaryOperator::Lt => ult, + ast::BinaryOperator::Gt => ugt, + ast::BinaryOperator::Lte => ule, + ast::BinaryOperator::Gte => uge, + ast::BinaryOperator::Pow => pow, + } + } + + fn file_stack_push(&self, path: PathBuf) { + self.file_stack.borrow_mut().push(path); + } + + fn file_stack_pop(&self) -> Option { + self.file_stack.borrow_mut().pop() + } + + fn file_stack_depth(&self) -> usize { + self.file_stack.borrow().len() + } + + fn generics_stack_push(&self, generics: HashMap) { + self.generics_stack.borrow_mut().push(generics) + } + + fn generics_stack_pop(&self) { + self.generics_stack.borrow_mut().pop(); + } + + fn egvs_impl_( + &self, + egv: &[ast::ConstantGenericValue<'ast>], + gens: Vec>, + ) -> Result, String> { + egv.iter() + .map(|cgv| match cgv { + ast::ConstantGenericValue::Value(l) => self.literal_(l), + ast::ConstantGenericValue::Identifier(i) => self + .identifier_impl_::(i) + .and_then(const_val_simple), + ast::ConstantGenericValue::Underscore(_) => Err( + "explicit_generic_values got non-monomorphized generic argument".to_string(), + ), + }) + .zip(gens) + .map(|(g, n)| Ok((n.value, g?))) + .collect() + } + + fn function_call_impl_( + &self, + args: Vec, + egv: &[ast::ConstantGenericValue<'ast>], + exp_ty: Option, + f_path: PathBuf, + f_name: String, + ) -> Result { + if IS_CNST { + debug!("Const function call: {} {:?}", f_name, f_path); + } else { + debug!("Function call: {} {:?}", f_name, f_path); + } + let f = self + .functions + .get(&f_path) + .ok_or_else(|| format!("No file '{:?}' attempting fn call", &f_path))? + .get(&f_name) + .ok_or_else(|| format!("No function '{}' attempting fn call", &f_name))?; + let arg_tys = args.iter().map(|arg| arg.type_().clone()); + let generics = ZGenericInf::::new(self, f, &f_path, &f_name) + .unify_generic(egv, exp_ty, arg_tys)?; + + let mut generic_vec = generics.clone().into_iter().collect::>(); + generic_vec.sort_by(|(a, _), (b, _)| a.cmp(b)); + let before = time::Instant::now(); + + let input = FnCallImplInput( + IS_CNST, + args.clone(), + generic_vec.clone(), + f_path.clone(), + f_name.clone(), + ); + let cached_value = self.fn_call_memoization.borrow().get(&input).cloned(); + + let ret = if let Some(value) = cached_value { + Ok(value) + } else { + debug!("successfully memoized {} {:?}", f_name, f_path); + self.function_call_impl_inner_::( + f, + args, + generics, + f_path.clone(), + f_name.clone(), + ) + .inspect(|v| { + self.fn_call_memoization + .borrow_mut() + .insert(input, v.clone()); + }) + }; + let dur = (time::Instant::now() - before).as_millis(); + if dur > 50 { + info!("{} ms to process {} {:?}", dur, &f_name, &f_path); + } + ret + } + + fn function_call_impl_inner_( + &self, + f: &ast::FunctionDefinition<'ast>, + args: Vec, + generics: HashMap, + f_path: PathBuf, + f_name: String, + ) -> Result { + if self.stdlib.is_embed(&f_path) { + let mut generics = generics; + let generics = f + .generics + .iter() + .map(|gid| { + generics.remove(&gid.value).ok_or_else(|| { + format!( + "Failed to find generic argument {} for builtin call {}", + &gid.value, &f_name, + ) + }) + }) + .collect::, _>>()?; + self.builtin_call(&f_name, args, generics) + } else { + if f.generics.len() != generics.len() { + return Err(format!( + "Wrong number of generic params calling {} (got {}, expected {})", + &f.id.value, + generics.len(), + f.generics.len() + )); + } + if f.parameters.len() != args.len() { + return Err(format!( + "Wrong nimber of arguments calling {} (got {}, expected {})", + &f.id.value, + args.len(), + f.parameters.len() + )); + } + + let f = f.clone(); + self.file_stack_push(f_path); + self.generics_stack_push(generics); + self.ret_ty_stack_push::(&f)?; + + // XXX(unimpl) multi-return unimplemented + let ret_ty = f + .return_type + .map(|r| self.type_impl_::(&r)) + .transpose()?; + let ret_ty = if IS_CNST { + self.cvar_enter_function(); + ret_ty + } else { + self.circ_enter_fn(f_name, ret_ty); + None + }; + + for (p, a) in f.parameters.into_iter().zip(args) { + let ty = self.type_impl_::(&p.ty)?; + if IS_CNST { + self.cvar_declare_init(p.id.value, &ty, a)?; + } else { + self.circ_declare_init(p.id.value, ty, Val::Term(a)) + .map_err(|e| format!("{e}"))?; + } + } + + for s in &f.statements { + self.stmt_impl_::(s)?; + } + + let ret = if IS_CNST { + self.cvar_exit_function(); + self.crets_pop() + } else { + self.circ_exit_fn() + .map(|a| a.unwrap_term()) + .unwrap_or_else(|| z_bool_lit(false)) + }; + + self.ret_ty_stack_pop(); + self.generics_stack_pop(); + self.file_stack_pop(); + + if IS_CNST { + let ret_ty = ret_ty.unwrap_or(Ty::Bool); + if ret.type_() != &ret_ty { + return Err(format!( + "Return type mismatch: expected {}, got {}", + ret_ty, + ret.type_() + )); + } + } + + Ok(ret) + } + } + + #[allow(dead_code)] + fn maybe_garbage_collect(&self) { + let est = self.gc_depth_estimate.get(); + let cur = self.file_stack_depth(); + if GC_INC * cur < est { + if maybe_garbage_collect() { + // we ran the GC and it did something; increase depth at which we run gc by 1 call + self.gc_depth_estimate.set(est + GC_INC); + } else { + // otherwise, decrease depth at which we run gc by one call + self.gc_depth_estimate.set(est.saturating_sub(GC_INC)); + } + } else { + // we didn't try to run the GC; just gradually increase the depth at which we'll run the gc + let est_inc = (GC_INC * cur - est) / GC_INC; + self.gc_depth_estimate.set(est + 1 + est_inc); + } + } + + fn const_entry_fn(&self, n: &str, mut input_scalar_values: FxHashMap) -> T { + debug!("Const entry: {}", n); + let (f_file, f_name) = self.deref_import(n); + if let Some(f) = self.functions.get(&f_file).and_then(|m| m.get(&f_name)) { + if !f.generics.is_empty() { + panic!("const_entry_fn cannot be called on a generic function") + } + + let mut args = Vec::new(); + for p in &f.parameters { + let name = &p.id.value; + let ty = self.type_(&p.ty); + let value = interp::extract(name, &ty, &mut input_scalar_values) + .unwrap_or_else(|e| self.err(format!("Error: {e}"), &p.span)); + args.push(value); + } + + if !input_scalar_values.is_empty() { + let unused_input_list = input_scalar_values + .keys() + .map(|s| s.as_str()) + .collect::>() + .as_slice() + .join(", "); + self.err(format!("Ununused inputs {unused_input_list}"), &f.span); + } + + self.function_call_impl_::(args, &[][..], None, f_file, f_name) + .unwrap_or_else(|e| panic!("const_entry_fn failed: {}", e)) + } else { + panic!( + "No function '{:?}//{}' attempting const_entry_fn", + &f_file, &f_name + ) + } + } + + fn entry_fn(&self, n: &str) { + debug!("Entry: {}", n); + // find the entry function + let (f_file, f_name) = self.deref_import(n); + let f = self + .functions + .get(&f_file) + .unwrap_or_else(|| panic!("No file '{:?}'", &f_file)) + .get(&f_name) + .unwrap_or_else(|| panic!("No function '{}'", &f_name)) + .clone(); + // XXX(unimpl) tuple returns not supported + if !f.generics.is_empty() { + self.err("Entry function cannot be generic. Try adding a wrapper function that supplies an explicit generic argument.", &f.span); + } + // get return type + let ret_ty = f.return_type.map(|r| self.type_(&r)); + // set up stack frame for entry function + self.circ_enter_fn(n.to_owned(), ret_ty.clone()); + let persistent_arrays: Vec = Vec::new(); + for p in f.parameters.iter() { + let ty = self.type_(&p.ty); + debug!("Entry param: {}: {}", p.id.value, ty); + // XXX(unimpl) array metadata + let vis = self.interpret_visibility(&p.visibility); + let r = self.circ_declare_input(p.id.value.clone(), &ty, vis, None, false); + self.unwrap(r, &p.span); + } + for s in &f.statements { + self.unwrap(self.stmt_impl_::(s), s.span()); + } + for a in persistent_arrays { + let term = self + .circ_get_value(Loc::local(a.clone())) + .unwrap() + .unwrap_term() + .term; + trace!("End persistent_array {a}, {}", term); + self.circ.borrow_mut().end_persistent_array(&a, term); + } + if let Some(r) = self.circ_exit_fn() { + match self.mode { + Mode::Mpc(_) => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + self.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .outputs + .extend(ret_terms); + } + Mode::Proof => { + let ty = ret_ty.as_ref().unwrap(); + let name = "return".to_owned(); + let ret_val = r.unwrap_term(); + let ret_var_val = self + .circ_declare_input(name, ty, ZVis::Public, Some(ret_val.clone()), false) + .expect("circ_declare return"); + let ret_eq = eq(ret_val, ret_var_val).unwrap().term; + let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); + let to_assert = if assertions.is_empty() { + ret_eq + } else { + assertions.push(ret_eq); + term(AND, assertions) + }; + debug!("Assertion: {}", to_assert); + self.circ.borrow_mut().assert(to_assert); + } + Mode::Opt => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + assert!( + ret_terms.len() == 1, + "When compiling to optimize, there can only be one output" + ); + let t = ret_terms.into_iter().next().unwrap(); + let t_sort = check(&t); + if !matches!(t_sort, Sort::BitVector(_)) { + panic!("Cannot maximize output of type {}", t_sort); + } + self.circ.borrow().cir_ctx().cs.borrow_mut().outputs.push(t); + } + Mode::ProofOfHighValue(v) => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + assert!( + ret_terms.len() == 1, + "When compiling to optimize, there can only be one output" + ); + let t = ret_terms.into_iter().next().unwrap(); + let cmp = match check(&t) { + Sort::BitVector(w) => term![BV_UGE; t, bv_lit(v, w)], + s => panic!("Cannot maximize output of type {}", s), + }; + self.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .outputs + .push(cmp); + } + } + } else if let Mode::Proof = self.mode { + // set ret_eq to true + let ret_eq = term![Op::Const(Box::new(Value::Bool(true)))]; + let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); + let to_assert = if assertions.is_empty() { + ret_eq + } else { + assertions.push(ret_eq); + term(AND, assertions) + }; + debug!("Assertion: {}", to_assert); + self.circ.borrow_mut().assert(to_assert); + } + } + + fn interpret_visibility(&self, visibility: &Option) -> ZVis { + match visibility { + None | Some(ast::Visibility::Public(_)) => ZVis::Public, + Some(ast::Visibility::Private(_)) => match self.mode { + Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => ZVis::Private(PROVER_ID), + Mode::Mpc(_n_parties) => { + // XXX(unimpl) party number + panic!("Mpc mode is not implemented in ZSharpCurly (ZoKrates newer syntax)"); + } + }, + } + } + + fn cur_path(&self) -> PathBuf { + self.file_stack.borrow().last().unwrap().to_path_buf() + } + + fn cur_dir(&self) -> PathBuf { + let mut p = self.cur_path(); + p.pop(); + p + } + + fn cur_import_map(&self) -> Option<&HashMap> { + self.import_map + .get(self.file_stack.borrow().last().unwrap()) + } + + fn deref_import(&self, s: &str) -> (PathBuf, String) { + // import map is flattened, so we only need to chase through at most one indirection + self.cur_import_map() + .and_then(|m| m.get(s)) + .cloned() + .unwrap_or_else(|| (self.cur_path(), s.to_string())) + } + + fn generic_lookup_(&self, i: &str) -> Option { + self.generics_stack + .borrow() + .last() + .and_then(|m| m.get(i)) + .cloned() + } + + fn const_ty_lookup_(&self, i: &str) -> Option<&ast::Type<'ast>> { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .and_then(|m| m.get(&f_name)) + .map(|(t, _)| t) + } + + fn const_lookup_(&self, i: &str) -> Option<&T> { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .and_then(|m| m.get(&f_name)) + .map(|(_, v)| v) + } + + fn const_defined(&self, i: &str) -> bool { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .map(|m| m.contains_key(&f_name)) + .unwrap_or(false) + } + + fn identifier_impl_( + &self, + i: &ast::IdentifierExpression<'ast>, + ) -> Result { + match self + .generic_lookup_(&i.value) + .or_else(|| self.const_lookup_(&i.value).cloned()) + { + Some(v) => Ok(v), + None if IS_CNST => self.cvar_lookup(&i.value).ok_or_else(|| { + format!( + "Undefined const identifier {} in {}", + &i.value, + self.cur_path().to_string_lossy() + ) + }), + _ => match self + .circ_get_value(Loc::local(i.value.clone())) + .map_err(|e| format!("{e}"))? + { + Val::Term(t) => Ok(t), + _ => Err(format!("Non-Term identifier {}", &i.value)), + }, + } + } + + fn const_isize_impl_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + const_int(self.expr_impl_::(e)?)? + .to_isize() + .ok_or_else(|| "Constant integer outside isize range".to_string()) + } + + fn const_usize_impl_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + const_int(self.expr_impl_::(e)?)? + .to_usize() + .ok_or_else(|| "Constant integer outside usize range".to_string()) + } + + fn const_usize_(&self, e: &ast::Expression<'ast>) -> Result { + self.const_usize_impl_::(e) + } + + fn array_access_impl_( + &self, + acc: &ast::ArrayAccess<'ast>, + val: T, + ) -> Result { + match &acc.expression { + ast::RangeOrExpression::Expression(e) => { + array_select(val, self.expr_impl_::(e)?) + } + ast::RangeOrExpression::Range(r) => { + // XXX(unimpl) Range expressions must be constant! + let s = r + .from + .as_ref() + .map(|s| self.const_usize_impl_::(&s.0)) + .transpose()?; + let e = + r.to.as_ref() + .map(|s| self.const_usize_impl_::(&s.0)) + .transpose()?; + slice(val, s, e) + } + } + } + + fn expr_impl_(&self, e: &ast::Expression<'ast>) -> Result { + self.expr_impl_inner_::(e) + .map(const_fold) + .and_then(|v| if IS_CNST { const_val_simple(v) } else { Ok(v) }) + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) + } + + // XXX(rsw) make Result to give more precise error messages? + fn expr_impl_inner_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + if IS_CNST { + debug!("Const expr: {}", e.span().as_str()); + } else { + debug!("Expr: {}", e.span().as_str()); + } + + match e { + ast::Expression::Ternary(u) => { + match self + .expr_impl_::(&u.condition) + .ok() + .and_then(const_bool_simple) + { + Some(true) => self.expr_impl_::(&u.consequence), + Some(false) => self.expr_impl_::(&u.alternative), + None if IS_CNST => Err("ternary condition not const bool".to_string()), + _ => { + let c = self.expr_impl_::(&u.condition)?; + let cbool = bool(c.clone())?; + self.circ_enter_condition(cbool.clone()); + let a = self.expr_impl_::(&u.consequence)?; + self.circ_exit_condition(); + self.circ_enter_condition(term![NOT; cbool]); + let b = self.expr_impl_::(&u.alternative)?; + self.circ_exit_condition(); + cond(c, a, b) + } + } + } + ast::Expression::Binary(b) => { + let left = self.expr_impl_::(&b.left)?; + let right = self.expr_impl_::(&b.right)?; + let op = self.bin_op(&b.op); + op(left, right) + } + ast::Expression::Unary(u) => { + let arg = self.expr_impl_::(&u.expression)?; + let op = self.unary_op(&u.op); + op(arg) + } + ast::Expression::Identifier(i) => self.identifier_impl_::(i), + ast::Expression::Literal(l) => self.literal_(l), + ast::Expression::InlineArray(ia) => { + let mut avals = Vec::with_capacity(ia.expressions.len()); + ia.expressions + .iter() + .try_for_each::<_, Result<_, String>>(|ee| match ee { + ast::SpreadOrExpression::Expression(eee) => { + avals.push(self.expr_impl_::(eee)?); + Ok(()) + } + ast::SpreadOrExpression::Spread(s) => { + avals.append( + &mut self.expr_impl_::(&s.expression)?.unwrap_array()?, + ); + Ok(()) + } + })?; + T::new_array(avals) + } + ast::Expression::ArrayInitializer(ai) => { + let val = self.expr_impl_::(&ai.value)?; + let num = self.const_usize_impl_::(&ai.count)?; + fill_array(val, num) + } + ast::Expression::Postfix(p) => { + // assume no functions in arrays, etc. + assert!(!p.accesses.is_empty()); + let (val, accs) = if let Some(ast::Access::Call(c)) = p.accesses.first() { + let (f_path, f_name) = match &*p.base { + ast::Expression::Identifier(id) => self.deref_import(&id.value), + _ => panic!("Expected identifier in postfix expression base"), + }; + let exp_ty = self.lhs_ty_take().and_then(|ty| { + if p.accesses.len() > 1 { + None + } else { + Some(ty) + } + }); + let args = c + .arguments + .expressions + .iter() + .map(|e| self.expr_impl_::(e)) + .collect::, _>>()?; + let egv = c + .explicit_generics + .as_ref() + .map(|eg| &eg.values[..]) + .unwrap_or(&[][..]); + let res = + self.function_call_impl_::(args, egv, exp_ty, f_path, f_name)?; + (res, &p.accesses[1..]) + } else { + match &*p.base { + ast::Expression::Identifier(id) => { + (self.identifier_impl_::(id)?, &p.accesses[..]) + } + _ => panic!("Expected identifier in postfix expression base"), + } + }; + accs.iter().try_fold(val, |v, acc| match acc { + ast::Access::Call(_) => { + Err("Function call in non-first-access position in expr".to_string()) + } + ast::Access::Dot(a) => { + // only support identifier + match &a.inner { + ast::IdentifierOrDecimal::Identifier(id) => field_select(&v, &id.value), + ast::IdentifierOrDecimal::Decimal(idx) => { + if let Ty::Tuple(tys) = &v.ty { + let idx_val = idx + .span + .as_str() + .parse::() + .map_err(|_| "Invalid tuple index".to_string())?; + if idx_val < tys.len() { + Ok(T::new( + tys[idx_val].clone(), + term![Op::Field(idx_val); v.term.clone()], + )) + } else { + Err(format!( + "Tuple index {} out of bounds (tuple has {} elements)", + idx_val, + tys.len() + )) + } + } else { + Err(format!( + "Cannot use decimal index on non-tuple type: {:?}", + v.ty + )) + } + } + } + } + ast::Access::Select(s) => self.array_access_impl_::(s, v), + }) + } + ast::Expression::InlineStruct(u) => u + .members + .iter() + .map(|m| { + self.expr_impl_::(&m.expression) + .map(|m_expr| (m.id.value.clone(), m_expr)) + }) + .collect::, String>>() + .and_then(|members| Ok(T::new_struct(self.canon_struct(&u.ty.value)?, members))), + ast::Expression::InlineTuple(ite) => Ok(T::new_tuple( + ite.elements + .iter() + .map(|e| self.expr_impl_::(e)) + .collect::, _>>()?, + )), + ast::Expression::IfElse(u) => { + match self + .expr_impl_::(&u.condition) + .ok() + .and_then(const_bool_simple) + { + Some(true) => self.expr_impl_::(&u.consequence), + Some(false) => self.expr_impl_::(&u.alternative), + None if IS_CNST => Err("IfElse condition not const bool".to_string()), + _ => { + let c = self.expr_impl_::(&u.condition)?; + let cbool = bool(c.clone())?; + self.circ_enter_condition(cbool.clone()); + let a = self.expr_impl_::(&u.consequence)?; + self.circ_exit_condition(); + self.circ_enter_condition(term![NOT; cbool]); + let b = self.expr_impl_::(&u.alternative)?; + self.circ_exit_condition(); + cond(c, a, b) + } + } + } + } + } + + fn canon_struct(&self, id: &str) -> Result { + match self + .get_struct_or_type(id) + .ok_or_else(|| format!("No such struct or type {id} canonicalizing InlineStruct"))? + .0 + { + Ok(_) => Ok(id.to_string()), + Err(t) => match &t.ty { + ast::Type::Struct(s) => self.canon_struct(&s.id.value), + _ => Err(format!("Found non-Struct canonicalizing struct {id}")), + }, + } + } + + fn ret_impl_(&self, ret: Option) -> Result<(), CircError> { + if IS_CNST { + self.crets_push(ret.unwrap_or_else(|| z_bool_lit(false))); + Ok(()) + } else { + self.circ_return_(ret) + } + } + + fn decl_impl_(&self, name: String, ty: &Ty) -> Result<(), String> { + if IS_CNST { + self.cvar_declare(name, ty) + } else { + self.circ + .borrow_mut() + .declare_uninit(name, ty) + .map_err(|e| format!("{e}")) + } + } + + fn declare_init_impl_( + &self, + name: String, + ty: Ty, + val: T, + ) -> Result<(), String> { + if IS_CNST { + self.cvar_declare_init(name, &ty, val) + } else { + self.circ_declare_init(name, ty, Val::Term(val)) + .map(|_| ()) + .map_err(|e| format!("{e}")) + } + } + + fn stmt_impl_(&self, s: &ast::Statement<'ast>) -> Result<(), String> { + if IS_CNST { + debug!("Const stmt: {}", s.span().as_str()); + } else { + debug!("Stmt: {}", s.span().as_str()); + } + + // XXX(unimpl) condstore, and witness from old zokrates + // XXX(unimpl) log from new zokrates + match s { + ast::Statement::Return(r) => if let Some(e) = r.expression.as_ref() { + self.set_lhs_ty_ret(r); + let ret = self.expr_impl_::(e)?; + self.ret_impl_::(Some(ret)) + } else { + self.ret_impl_::(None) + } + .map_err(|e| format!("{e}")), + ast::Statement::Assertion(e) => { + let expr = self.expr_impl_::(&e.expression)?; + match const_bool_simple(expr.clone()) { + Some(true) => Ok(()), + Some(false) => Err(format!( + "Const assert failed: {} at\n{}", + e.message + .as_ref() + .map(|m| m.raw.value.as_ref()) + .unwrap_or("(no error message given)"), + span_to_string(e.expression.span()), + )), + None if IS_CNST => Err(format!( + "Const assert failed (non-const expression) at\n{}", + span_to_string(e.expression.span()), + )), + _ => { + let b = bool(expr)?; + self.assert(b)?; + Ok(()) + } + } + } + ast::Statement::Iteration(i) => { + let ty = self.type_impl_::(&i.index.ty)?; + let ival_cons = match ty { + Ty::Field => T::new_field, + Ty::Uint(8) => T::new_u8, + Ty::Uint(16) => T::new_u16, + Ty::Uint(32) => T::new_u32, + Ty::Uint(64) => T::new_u64, + Ty::Integer => T::new_integer, + _ => { + return Err(format!( + "Iteration variable must be Field or Uint, got {ty}" + )); + } + }; + // XXX(rsw) CHECK does this work if the range includes negative numbers? + let s = self.const_isize_impl_::(&i.from)?; + let e = self.const_isize_impl_::(&i.to)?; + let v_name = i.index.identifier.value.clone(); + self.enter_scope_impl_::(); + self.decl_impl_::(v_name, &ty)?; + for j in s..e { + self.enter_scope_impl_::(); + self.assign_impl_::( + &i.index.identifier.value, + &[][..], + ival_cons(j), + false, + )?; + for s in &i.statements { + self.stmt_impl_::(s)?; + } + self.exit_scope_impl_::(); + } + self.exit_scope_impl_::(); + Ok(()) + } + ast::Statement::Definition(d) => { + self.set_lhs_ty_defn::(d)?; + let e = self.expr_impl_::(&d.expression)?; + + match &d.lhs { + ast::TypedIdentifierOrAssignee::Assignee(l) => { + self.assign_impl_::(&l.id.value, &l.accesses[..], e, false) + } + ast::TypedIdentifierOrAssignee::TypedIdentifier(l) => { + let decl_ty = self.type_impl_::(&l.ty)?; + let ty = e.type_(); + if &decl_ty != ty { + return Err(format!( + "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", + )); + } + self.declare_init_impl_::(l.identifier.value.clone(), decl_ty, e)?; + Ok(()) + } + } + } + ast::Statement::Assembly(a) => { + for inner in &a.inner { + match inner { + ast::AssemblyStatementInner::Assignment(l) => { + self.assembly_assign_impl_::(l)?; + if matches!(l.operator, ast::AssignmentOperator::AssignConstrain(_)) { + // we need to first create an AST assembly constraint + let lhs = self.assignee_to_expression(&l.assignee); + let rhs = l.expression.clone(); + let c = ast::AssemblyConstraint { + lhs, + rhs, + span: l.span, + }; + self.assembly_constraint_::(&c)?; + } + } + ast::AssemblyStatementInner::Constraint(l) => { + self.assembly_constraint_::(l)?; + } + } + } + Ok(()) + } + ast::Statement::Log(_) => Err("Log statement is not implemented".to_string()), + } + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(s.span()))) + } + + fn assignee_to_expression(&self, assignee: &ast::Assignee<'ast>) -> ast::Expression<'ast> { + let base = Box::new(ast::Expression::Identifier(assignee.id.clone())); + + let accesses: Vec = assignee + .accesses + .iter() + .map(|access| match access { + ast::AssigneeAccess::Dot(dot_access) => ast::Access::Dot(ast::DotAccess { + inner: dot_access.inner.clone(), + span: dot_access.span, + }), + ast::AssigneeAccess::Select(array_access) => { + ast::Access::Select(ast::ArrayAccess { + expression: array_access.expression.clone(), + span: array_access.span, + }) + } + }) + .collect(); + + if accesses.is_empty() { + *base + } else { + ast::Expression::Postfix(ast::PostfixExpression { + base, + accesses, + span: assignee.span, + }) + } + } + + fn set_lhs_ty_defn( + &self, + d: &ast::DefinitionStatement<'ast>, + ) -> Result<(), String> { + assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... + if let ast::Expression::Postfix(pfe) = &d.expression { + if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { + let ty = self.lhs_type::(&d.lhs)?; // Apply the function directly + self.lhs_ty_put(Some(ty)); + } + } + Ok(()) + } + + fn set_lhs_ty_ret(&self, r: &ast::ReturnStatement<'ast>) { + assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... + if let Some(ast::Expression::Postfix(pfe)) = &r.expression { + if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { + let ty = self.ret_ty_stack_last(); + self.lhs_ty_put(ty); + } + } + } + + fn lhs_type( + &self, + tya: &ast::TypedIdentifierOrAssignee<'ast>, + ) -> Result { + use ast::TypedIdentifierOrAssignee::*; + match tya { + Assignee(a) => { + let t = self.identifier_impl_::(&a.id)?; + a.accesses.iter().try_fold(t.ty, |ty, acc| match acc { + ast::AssigneeAccess::Select(aa) => match ty { + Ty::Array(sz, ity) => match &aa.expression { + ast::RangeOrExpression::Expression(_) => Ok(*ity), + ast::RangeOrExpression::Range(_) => Ok(Ty::Array(sz, ity)), + }, + ty => Err(format!("Attempted array access on non-Array type {ty}")), + }, + ast::AssigneeAccess::Dot(sa) => { + let id_value = match &sa.inner { + ast::IdentifierOrDecimal::Identifier(id) => &id.value, + _ => panic!( + "Expected an Identifier, but got a non-Identifier value in sa" + ), + }; + match ty { + Ty::Struct(nm, map) => { + map.search(id_value).map(|r| r.1.clone()).ok_or_else(|| { + format!("No such member {} of struct {nm}", id_value) + }) + } + ty => Err(format!("Attempted member access on non-Struct type {ty}")), + } + } + }) + } + TypedIdentifier(t) => self.type_impl_::(&t.ty), + } + } + + fn lhs_ty_put(&self, lhs_ty: Option) { + self.lhs_ty.replace(lhs_ty); + } + + fn lhs_ty_take(&self) -> Option { + self.lhs_ty.borrow_mut().take() + } + + fn enter_scope_impl_(&self) { + if IS_CNST { + self.cvar_enter_scope() + } else { + self.circ_enter_scope() + } + } + + fn cvar_enter_scope(&self) { + assert!(!self.cvars_stack.borrow().is_empty()); + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .push(HashMap::new()); + } + + fn exit_scope_impl_(&self) { + if IS_CNST { + self.cvar_exit_scope() + } else { + self.circ_exit_scope() + } + } + + fn cvar_exit_scope(&self) { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + self.cvars_stack.borrow_mut().last_mut().unwrap().pop(); + } + + fn cvar_enter_function(&self) { + self.cvars_stack.borrow_mut().push(Vec::new()); + self.cvar_enter_scope(); + } + + fn cvar_exit_function(&self) { + self.cvars_stack.borrow_mut().pop(); + } + + fn cvar_assign(&self, name: &str, val: T) -> Result<(), String> { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .iter_mut() + .rev() + .find_map(|v| v.get_mut(name)) + .map(|old_val| { + *old_val = val; + }) + .ok_or_else(|| format!("Const assign failed: no variable {name} in scope")) + } + + fn cvar_declare_init(&self, name: String, ty: &Ty, val: T) -> Result<(), String> { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + if val.type_() != ty { + return Err(format!( + "Const decl_init: {} type mismatch: expected {}, got {}", + name, + ty, + val.type_() + )); + } + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .last_mut() + .unwrap() + .insert(name, val); + Ok(()) + } + + fn cvar_declare(&self, name: String, ty: &Ty) -> Result<(), String> { + self.cvar_declare_init(name, ty, ty.default()) + } + + fn cvar_lookup(&self, name: &str) -> Option { + if let Some(st) = self.cvars_stack.borrow().last() { + st.iter().rev().find_map(|v| v.get(name).cloned()) + } else { + None + } + } + + fn ret_ty_stack_push( + &self, + fn_def: &ast::FunctionDefinition<'ast>, + ) -> Result<(), String> { + let ty = fn_def + .return_type + .clone() + .map(|ty| self.type_impl_::(&ty)) + .transpose()? + .unwrap_or(Ty::Bool); + self.ret_ty_stack.borrow_mut().push(ty); + Ok(()) + } + + fn ret_ty_stack_pop(&self) { + self.ret_ty_stack.borrow_mut().pop(); + } + + fn ret_ty_stack_last(&self) -> Option { + self.ret_ty_stack.borrow().last().cloned() + } + + fn crets_push(&self, ret: T) { + self.crets_stack.borrow_mut().push(ret) + } + + fn crets_pop(&self) -> T { + assert!(!self.crets_stack.borrow().is_empty()); + self.crets_stack.borrow_mut().pop().unwrap() + } + + fn const_decl_(&mut self, c: &mut ast::ConstantDefinition<'ast>) { + // make sure that this wasn't already an important const name + if self + .cur_import_map() + .map(|m| m.contains_key(&c.id.identifier.value)) + .unwrap_or(false) + { + self.err( + format!( + "Constant {} clashes with import of same name", + &c.id.identifier.value + ), + &c.span, + ); + } + + // rewrite literals in the const type decl + let mut v = ZConstLiteralRewriter::new(None); + v.visit_type(&mut c.id.ty) + .unwrap_or_else(|e| self.err(e.0, &c.span)); + let ctype = self.unwrap(self.type_impl_::(&c.id.ty), type_span(&c.id.ty)); + // handle literal type inference using declared type + v.replace(Some(ctype)); + v.visit_expression(&mut c.expression) + .unwrap_or_else(|e| self.err(e.0, &c.span)); + + // evaluate the expression and check the resulting type + let value = self + .expr_impl_::(&c.expression) + .unwrap_or_else(|e| self.err(e, c.expression.span())); + let ctype = v.replace(None).unwrap(); + if &ctype != value.type_() { + self.err( + format!( + "Type mismatch in constant definition: expected {:?}, got {:?}", + ctype, + value.type_() + ), + &c.span, + ); + } + + // insert into constant map + if self + .constants + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(c.id.identifier.value.clone(), (c.id.ty.clone(), value)) + .is_some() + { + self.err( + format!("Constant {} redefined", &c.id.identifier.value), + &c.span, + ); + } + } + + fn type_(&self, t: &ast::Type<'ast>) -> Ty { + self.unwrap(self.type_impl_::(t), type_span(t)) + } + + fn type_impl_(&self, t: &ast::Type<'ast>) -> Result { + if IS_CNST { + debug!("Const type: {:?}", t); + } else { + debug!("Type: {:?}", t); + } + fn lift<'ast>(t: &ast::BasicOrStructOrTupleType<'ast>) -> ast::Type<'ast> { + match t { + ast::BasicOrStructOrTupleType::Basic(b) => ast::Type::Basic(b.clone()), + ast::BasicOrStructOrTupleType::Struct(b) => ast::Type::Struct(b.clone()), + ast::BasicOrStructOrTupleType::Tuple(b) => ast::Type::Tuple(b.clone()), + } + } + match t { + ast::Type::Basic(ast::BasicType::U8(_)) => Ok(Ty::Uint(8)), + ast::Type::Basic(ast::BasicType::U16(_)) => Ok(Ty::Uint(16)), + ast::Type::Basic(ast::BasicType::U32(_)) => Ok(Ty::Uint(32)), + ast::Type::Basic(ast::BasicType::U64(_)) => Ok(Ty::Uint(64)), + ast::Type::Basic(ast::BasicType::Boolean(_)) => Ok(Ty::Bool), + ast::Type::Basic(ast::BasicType::Field(_)) => Ok(Ty::Field), + ast::Type::Array(a) => { + let b = self.type_impl_::(&lift(&a.ty)); + a.dimensions + .iter() + .rev() + .map(|d| self.const_usize_impl_::(d)) + .fold(b, |b, d| Ok(Ty::Array(d?, Box::new(b?)))) + } + ast::Type::Struct(s) => { + let (def, path) = self.get_struct_or_type(&s.id.value).ok_or_else(|| { + format!( + "No such struct {} (did you bring it into scope?)", + &s.id.value + ) + })?; + let generics = match def { + Ok(sdef) => &sdef.generics, + Err(tdef) => &tdef.generics, + }; + let g_len = generics.len(); + let egv = s + .explicit_generics + .as_ref() + .map(|eg| eg.values.as_ref()) + .unwrap_or(&[][..]); + let generics = self.egvs_impl_::(egv, generics.clone())?; + if generics.len() != g_len { + return Err(format!( + "Struct {} is not monomorphized or wrong number of generic parameters", + &s.id.value + )); + } + self.file_stack_push(path); + self.generics_stack_push(generics); + let ty = match def { + Ok(sdef) => Ty::new_struct( + sdef.id.value.clone(), + sdef.fields + .iter() + .map::, _>(|f| { + Ok(( + f.id.identifier.value.clone(), + self.type_impl_::(&f.id.ty)?, + )) + }) + .collect::, _>>()?, + ), + Err(tdef) => self.type_impl_::(&tdef.ty)?, + }; + self.generics_stack_pop(); + self.file_stack_pop(); + Ok(ty) + } + ast::Type::Tuple(t) => t + .elements + .iter() + .map(|element_type| self.type_impl_::(element_type)) + .collect::, _>>() + .map(Ty::Tuple), + } + } + + fn visit_files(&mut self) { + // 1. go through includes and return a toposorted visit order for remaining processing + let files = self.visit_imports(); + + // 2. visit constant, struct, and function defs ; infer types and generics + self.visit_declarations(files); + } + + fn visit_imports(&mut self) -> Vec { + use petgraph::algo::toposort; + use petgraph::graph::{DefaultIx, DiGraph, NodeIndex}; + let asts = std::mem::take(&mut self.asts); + + // we use the graph to toposort the includes and the map to go from PathBuf to NodeIdx + let mut ig = DiGraph::::with_capacity(asts.len(), asts.len()); + let mut gn = HashMap::>::with_capacity(asts.len()); + + for (p, f) in asts.iter() { + self.file_stack_push(p.to_owned()); + let mut imap = HashMap::new(); + + if !gn.contains_key(p) { + gn.insert(p.to_owned(), ig.add_node(p.to_owned())); + } + + for d in f.declarations.iter() { + // XXX(opt) retain() declarations instead? if we don't need them, saves allocs + if let ast::SymbolDeclaration::Import(i) = d { + let (src_path, src_names, dst_names, i_span) = + match i { + ast::ImportDirective::Main(m) => ( + m.source.raw.value.clone(), + vec!["main".to_owned()], + vec![m.alias.as_ref().map(|a| a.value.clone()).unwrap_or_else( + || { + PathBuf::from(m.source.raw.value.clone()) + .file_stem() + .unwrap_or_else(|| { + panic!("Bad import: {}", m.source.raw.value) + }) + .to_string_lossy() + .to_string() + }, + )], + &m.span, + ), + ast::ImportDirective::From(m) => ( + m.source.raw.value.clone(), + m.symbols.iter().map(|s| s.id.value.clone()).collect(), + m.symbols + .iter() + .map(|s| { + s.alias + .as_ref() + .map(|a| a.value.clone()) + .unwrap_or_else(|| s.id.value.clone()) + }) + .collect(), + &m.span, + ), + }; + assert!(!src_names.is_empty()); + let abs_src_path = self.stdlib.canonicalize(&self.cur_dir(), src_path.as_str()); + debug!( + "Import of {:?} from {} as {:?}", + src_names, + abs_src_path.display(), + dst_names + ); + src_names.into_iter().zip(dst_names).for_each(|(sn, dn)| { + if imap.contains_key(&dn) { + self.err(format!("Import {dn} redeclared"), i_span); + } + assert!(imap.insert(dn, (abs_src_path.clone(), sn)).is_none()); + }); + + // add included -> includer edge for later toposort + if !gn.contains_key(&abs_src_path) { + gn.insert(abs_src_path.clone(), ig.add_node(abs_src_path.clone())); + } + ig.add_edge(*gn.get(&abs_src_path).unwrap(), *gn.get(p).unwrap(), ()); + } + } + + let p = self.file_stack_pop().unwrap(); + self.import_map.insert(p, imap); + } + self.asts = asts; + + // flatten the import map, i.e., a -> b -> c becomes a -> c + self.flatten_import_map(); + + toposort(&ig, None) + .unwrap_or_else(|e| { + use petgraph::dot::{Config, Dot}; + panic!( + "Import graph is cyclic!: {:?}\n{:?}\n", + e, + Dot::with_config(&ig, &[Config::EdgeNoLabel]) + ) + }) + .iter() + .map(|idx| std::mem::take(ig.node_weight_mut(*idx).unwrap())) + .filter(|p| self.asts.contains_key(p)) + .collect() + } + + fn flatten_import_map(&mut self) { + // create a new map + let mut new_map = HashMap::with_capacity(self.import_map.len()); + self.import_map.keys().for_each(|k| { + new_map.insert(k.clone(), HashMap::new()); + }); + + let mut visited = Vec::new(); + for (fname, map) in &self.import_map { + for (iname, (nv, iv)) in map.iter() { + // unwrap is safe because of new_map's initialization above + if new_map.get(fname).unwrap().contains_key(iname) { + // visited this value already as part of a prior pointer chase + continue; + } + + // chase the pointer, writing down every visited key along the way + visited.clear(); + visited.push((fname, iname)); + let mut n = nv; + let mut i = iv; + while let Some((nn, ii)) = self.import_map.get(n).and_then(|m| m.get(i)) { + visited.push((n, i)); + n = nn; + i = ii; + } + + // map every visited key to the final value in the ptr chase + visited.iter().for_each(|&(nn, ii)| { + new_map + .get_mut(nn) + .unwrap() + .insert(ii.clone(), (n.clone(), i.clone())); + }); + } + } + + self.import_map = new_map; + } + + fn visit_declarations(&mut self, files: Vec) { + let mut t = std::mem::take(&mut self.asts); + let mut clr = ZConstLiteralRewriter::new(None); + for p in files { + self.constants.insert(p.clone(), HashMap::new()); + self.structs_and_tys.insert(p.clone(), HashMap::new()); + self.functions.insert(p.clone(), HashMap::new()); + self.file_stack_push(p.clone()); + for d in t.get_mut(&p).unwrap().declarations.iter_mut() { + match d { + ast::SymbolDeclaration::Constant(c) => { + debug!( + "processing decl: const {} in {}", + c.id.identifier.value, + p.display() + ); + self.const_decl_(c); + } + ast::SymbolDeclaration::Struct(s) => { + debug!("processing decl: struct {} in {}", s.id.value, p.display()); + let mut s_ast = s.clone(); + + // rewrite literals in ArrayTypes + clr.visit_struct_definition(&mut s_ast) + .unwrap_or_else(|e| self.err(e.0, &s.span)); + + if self + .structs_and_tys + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(s.id.value.clone(), Ok(s_ast)) + .is_some() + { + self.err( + format!("Struct {} defined over existing name", &s.id.value), + &s.span, + ); + } + } + ast::SymbolDeclaration::Type(t) => { + debug!( + "processing decl: type definition {} in {}", + t.id.value, + p.display() + ); + let mut t_ast = t.clone(); + + // rewrite literals in ArrayTypes + clr.visit_type_definition(&mut t_ast) + .unwrap_or_else(|e| self.err(e.0, &t.span)); + + if self + .structs_and_tys + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(t.id.value.clone(), Err(t_ast)) + .is_some() + { + self.err( + format!("Type {} defined over existing name", &t.id.value), + &t.span, + ); + } + } + ast::SymbolDeclaration::Function(f) => { + debug!("processing decl: fn {} in {}", f.id.value, p.display()); + let mut f_ast = f.clone(); + // rewrite literals in params and returns + let mut v = ZConstLiteralRewriter::new(None); + f_ast + .parameters + .iter_mut() + .try_for_each(|p| v.visit_parameter(p)) + .unwrap_or_else(|e| self.err(e.0, &f.span)); + f_ast + .return_type + .as_mut() // Convert `Option` to `Option<&mut Type>` so that we can modify it + .map(|r| v.visit_type(r)) // Apply the `visit_type` function if `Some` + .transpose() + .unwrap_or_else(|e| self.err(e.0, &f_ast.span)); + // go through stmts typechecking and rewriting literals + let mut sw = ZStatementWalker::new( + f_ast.parameters.as_ref(), + f_ast + .return_type + .as_ref() + .map_or(&[], |ty| std::slice::from_ref(ty)), + f_ast.generics.as_ref(), + self, + ); + f_ast + .statements + .iter_mut() + .try_for_each(|s| sw.visit_statement(s)) + .unwrap_or_else(|e| { + eprintln!("Error in field selection: {}", e.0); + self.err(e.0, &f.span) + }); + + if self + .functions + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(f.id.value.clone(), f_ast) + .is_some() + { + self.err(format!("Function {} redefined", &f.id.value), &f.span); + } + } + ast::SymbolDeclaration::Import(_) => (), // already handled in visit_imports + } + } + self.file_stack_pop(); + } + self.asts = t; + } + + fn get_function(&self, fn_id: &str) -> Option<&ast::FunctionDefinition<'ast>> { + let (f_path, f_name) = self.deref_import(fn_id); + self.functions.get(&f_path).and_then(|m| m.get(&f_name)) + } + + fn get_struct_or_type( + &self, + struct_id: &str, + ) -> Option<( + Result<&ast::StructDefinition<'ast>, &ast::TypeDefinition<'ast>>, + PathBuf, + )> { + let (s_path, s_name) = self.deref_import(struct_id); + self.structs_and_tys + .get(&s_path) + .and_then(|m| m.get(&s_name)) + .map(|m| (m.as_ref(), s_path)) + } + + fn assert(&self, asrt: Term) -> Result<(), String> { + debug_assert!(matches!(check(&asrt), Sort::Bool)); + if self.in_witness_gen.get() { + return Err("cannot assert in witness generation".into()); + } + if self.isolate_asserts { + let path = self.circ_condition(); + self.assertions + .borrow_mut() + .push(term![IMPLIES; path, asrt]); + } else { + self.assertions.borrow_mut().push(asrt); + } + Ok(()) + } + + /*** circify wrapper functions (hides RefCell) ***/ + + fn circ_enter_condition(&self, cond: Term) { + if self.isolate_asserts { + self.circ.borrow_mut().enter_condition(cond).unwrap(); + } + } + + fn circ_exit_condition(&self) { + if self.isolate_asserts { + self.circ.borrow_mut().exit_condition() + } + } + + fn circ_condition(&self) -> Term { + self.circ.borrow().condition() + } + + fn circ_return_(&self, ret: Option) -> Result<(), CircError> { + self.circ.borrow_mut().return_(ret) + } + + fn circ_enter_fn(&self, f_name: String, ret_ty: Option) { + self.circ.borrow_mut().enter_fn(f_name, ret_ty) + } + + fn circ_exit_fn(&self) -> Option> { + self.circ.borrow_mut().exit_fn() + } + + fn circ_enter_scope(&self) { + self.circ.borrow_mut().enter_scope() + } + + fn circ_exit_scope(&self) { + self.circ.borrow_mut().exit_scope() + } + + fn circ_declare_input( + &self, + name: String, + ty: &Ty, + vis: ZVis, + precomputed_value: Option, + mangle_name: bool, + ) -> Result { + self.circ.borrow_mut().declare_input( + name, + ty, + match vis { + ZVis::Public => None, + ZVis::Private(i) => Some(i), + }, + precomputed_value, + mangle_name, + ) + } + + fn circ_declare_init(&self, name: String, ty: Ty, val: Val) -> Result, CircError> { + self.circ.borrow_mut().declare_init(name, ty, val) + } + + fn circ_get_value(&self, loc: Loc) -> Result, CircError> { + self.circ.borrow().get_value(loc) + } + + fn circ_assign(&self, loc: Loc, val: Val) -> Result, CircError> { + self.circ.borrow_mut().assign(loc, val) + } +} + +fn span_to_string(span: &ast::Span) -> String { + span.lines().collect::() +} + +fn type_span<'ast, 'a>(ty: &'a ast::Type<'ast>) -> &'a ast::Span<'ast> { + use ast::BasicType::*; + use ast::Type::*; + match ty { + Array(a) => &a.span, + Struct(s) => &s.span, + Tuple(t) => &t.span, + Basic(b) => match b { + Field(f) => &f.span, + Boolean(b) => &b.span, + U8(u) => &u.span, + U16(u) => &u.span, + U32(u) => &u.span, + U64(u) => &u.span, + }, + } +} diff --git a/src/front/zsharpcurly/parser.rs b/src/front/zsharpcurly/parser.rs new file mode 100644 index 000000000..8265025c8 --- /dev/null +++ b/src/front/zsharpcurly/parser.rs @@ -0,0 +1,152 @@ +//! Parsing and recursively loading Z#. +//! +//! Based on the original ZoKrates parser, with extra machinery for recursive loading and locating +//! the standard library. + +use zokrates_curly_pest_ast as ast; + +use log::debug; +use std::collections::HashMap; +use std::env::var_os; + +use crate::circify::includer::Loader; +use std::fs::File; +use std::io::Read; +use std::path::{Path, PathBuf}; +use typed_arena::Arena; + +/// A representation of the standard libary's location. +#[derive(Default)] +pub struct ZStdLib { + path: PathBuf, +} + +impl ZStdLib { + /// Looks for a "ZoKrates/zokrates_stdlib/stdlib" path in some ancestor of the current + /// directory. + pub fn new() -> Self { + if let Some(p) = var_os("ZSHARP_STDLIB_PATH") { + let p = PathBuf::from(p); + if p.exists() { + return Self { path: p }; + } else { + panic!( + "ZStdLib: ZSHARP_STDLIB_PATH {:?} does not appear to exist", + p + ); + } + } + + let p = std::env::current_dir().unwrap().canonicalize().unwrap(); + assert!(p.is_absolute()); + let stdlib_subdirs = vec![ + "ZoKrates/zokrates_stdlib/stdlib", + "third_party/ZoKratesCurly/zokrates_stdlib/stdlib", + ]; + for a in p.ancestors() { + for subdir in &stdlib_subdirs { + let mut q = a.to_path_buf(); + q.push(subdir); + if q.exists() { + return Self { path: q }; + } + } + } + panic!("Could not find ZoKrates/Z# stdlib from {}", p.display()) + } + /// Turn `child`, relative to `parent` (or to the standard libary!), into an absolute path. + pub fn canonicalize(&self, parent: &Path, child: &str) -> PathBuf { + debug!("Looking for {} from {}", child, parent.display()); + let paths = [parent.to_path_buf(), self.path.clone()]; + for mut p in paths { + p.push(child); + debug!("Checking {}", p.display()); + if p.exists() { + return p; + } + if p.extension().is_some() { + continue; + } + for ext in ["zok", "zx"] { + p.set_extension(ext); + debug!("Checking {}", p.display()); + if p.exists() { + return p; + } + } + } + panic!("Could not find {} from {}", child, parent.display()) + } + /// check if this path is the EMBED prototypes path + pub fn is_embed>(&self, p: P) -> bool { + p.as_ref().starts_with(&self.path) + && p.as_ref().file_stem().and_then(|s| s.to_str()) == Some("EMBED") + } +} + +/// A recrusive Z# loader +#[derive(Default)] +pub struct ZLoad { + sources: Arena, + stdlib: ZStdLib, +} + +impl ZLoad { + /// Make a new Z# loader, looking for the standard library somewhere above the current + /// dirdirectory. See [ZStdLib::new]. + pub fn new() -> Self { + Self { + sources: Arena::new(), + stdlib: ZStdLib::new(), + } + } + + /// Recursively load a Z# file. + /// + /// ## Returns + /// + /// Returns a map from file paths to parsed files. + pub fn load>(&self, p: &P) -> HashMap { + self.recursive_load(p).unwrap() + } + + /// Get ref to contained ZStdLib + pub fn stdlib(&self) -> &ZStdLib { + &self.stdlib + } +} + +impl<'a> Loader for &'a ZLoad { + type ParseError = (); + type AST = zokrates_curly_pest_ast::File<'a>; + + fn parse>(&self, p: &P) -> Result { + let mut s = String::new(); + File::open(p).unwrap().read_to_string(&mut s).unwrap(); + debug!("Parsing: {}", p.as_ref().display()); + let s = self.sources.alloc(s); + let ast = ast::generate_ast(s); + if ast.is_err() { + panic!("{}", ast.unwrap_err()); + } + Ok(ast.unwrap()) + } + fn includes>(&self, ast: &Self::AST, p: &P) -> Vec { + let mut c = p.as_ref().to_path_buf(); + c.pop(); + ast.declarations + .iter() + .filter_map(|d| { + if let ast::SymbolDeclaration::Import(i) = d { + let ext = match i { + ast::ImportDirective::Main(m) => &m.source.raw.value, + ast::ImportDirective::From(m) => &m.source.raw.value, + }; + Some(self.stdlib.canonicalize(&c, ext)) + } else { + None + } + }) + .collect() + } +} diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs new file mode 100644 index 000000000..af5ed6470 --- /dev/null +++ b/src/front/zsharpcurly/term.rs @@ -0,0 +1,1347 @@ +//! Symbolic Z# terms +use std::collections::BTreeMap; +use std::fmt::{self, Display, Formatter}; + +use rug::Integer; + +use crate::cfg::cfg; +use crate::circify::{CirCtx, Embeddable, Typed}; +use crate::front::field_list::FieldList; +use crate::ir::opt::cfold::fold as constant_fold; +use crate::ir::term::*; + +#[derive(Clone, PartialEq, Eq, Hash)] +pub enum Ty { + Integer, + Uint(usize), + Bool, + Field, + Struct(String, FieldList), + Array(usize, Box), + Tuple(Vec), + MutArray(usize), +} + +impl Display for Ty { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + match self { + Ty::Bool => write!(f, "bool"), + Ty::Uint(w) => write!(f, "u{w}"), + Ty::Field => write!(f, "field"), + Ty::Struct(n, fields) => { + let mut o = f.debug_struct(n); + for (f_name, f_ty) in fields.fields() { + o.field(f_name, f_ty); + } + o.finish() + } + Ty::Array(n, b) => { + let mut dims = vec![n]; + let mut bb = b.as_ref(); + while let Ty::Array(n, b) = bb { + bb = b.as_ref(); + dims.push(n); + } + write!(f, "{bb}")?; + dims.iter().try_for_each(|d| write!(f, "[{d}]")) + } + Ty::MutArray(n) => write!(f, "MutArray({n})"), + Ty::Integer => write!(f, "integer"), + Ty::Tuple(tys) => { + write!(f, "(")?; + for (i, ty) in tys.iter().enumerate() { + if i > 0 { + write!(f, ", ")?; + } + write!(f, "{}", ty)?; + } + write!(f, ")") + } + } + } +} + +impl fmt::Debug for Ty { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + write!(f, "{self}") + } +} + +pub fn default_field() -> circ_fields::FieldT { + cfg().field().clone() +} + +fn default_field_sort() -> Sort { + Sort::Field(default_field()) +} + +impl Ty { + fn sort(&self) -> Sort { + match self { + Self::Bool => Sort::Bool, + Self::Uint(w) => Sort::BitVector(*w), + Self::Field => default_field_sort(), + Self::Array(n, b) => Sort::new_array(default_field_sort(), b.sort(), *n), + Self::MutArray(n) => Sort::new_array(default_field_sort(), default_field_sort(), *n), + Self::Struct(_name, fs) => { + Sort::Tuple(fs.fields().map(|(_f_name, f_ty)| f_ty.sort()).collect()) + } + Self::Integer => Sort::Int, + Self::Tuple(tys) => Sort::Tuple(tys.iter().map(|ty| ty.sort()).collect()), + } + } + fn default_ir_term(&self) -> Term { + self.sort().default_term() + } + pub fn default(&self) -> T { + T { + ty: self.clone(), + term: self.default_ir_term(), + } + } + /// Creates a new structure type, sorting the keys. + pub fn new_struct>(name: String, fields: I) -> Self { + Self::Struct(name, FieldList::new(fields.into_iter().collect())) + } + /// Array value type + pub fn array_val_ty(&self) -> &Self { + match self { + Self::Array(_, b) => b, + // TODO: MutArray? + _ => panic!("Not an array type: {:?}", self), + } + } + /// Is this an array? + pub fn is_array(&self) -> bool { + matches!(self, Self::Array(_, _) | Self::MutArray(_)) + } +} + +#[derive(Clone, Debug, Eq, PartialEq, Hash)] +pub struct T { + pub ty: Ty, + pub term: Term, +} + +impl T { + pub fn new(ty: Ty, term: Term) -> Self { + Self { ty, term } + } + pub fn type_(&self) -> &Ty { + &self.ty + } + /// Get all IR terms inside this value, as a list. + pub fn terms(&self) -> Vec { + let mut output: Vec = Vec::new(); + fn terms_tail(term: &Term, output: &mut Vec) { + match check(term) { + Sort::Bool | Sort::BitVector(_) | Sort::Field(_) => output.push(term.clone()), + Sort::Array(a) => { + for i in 0..a.size { + terms_tail(&term![Op::Select; term.clone(), pf_lit_ir(i)], output) + } + } + Sort::Tuple(sorts) => { + for i in 0..sorts.len() { + terms_tail(&term![Op::Field(i); term.clone()], output) + } + } + s => unreachable!("Unreachable IR sort {} in ZoK", s), + } + } + terms_tail(&self.term, &mut output); + output + } + fn unwrap_array_ir(self) -> Result, String> { + match &self.ty { + Ty::Array(size, _sort) => Ok((0..*size) + .map(|i| term![Op::Select; self.term.clone(), pf_lit_ir(i)]) + .collect()), + Ty::MutArray(size) => Ok((0..*size) + .map(|i| term![Op::Select; self.term.clone(), pf_lit_ir(i)]) + .collect()), + s => Err(format!("Not an array: {s}")), + } + } + pub fn unwrap_array(self) -> Result, String> { + match &self.ty { + Ty::Array(_size, sort) => { + let sort = (**sort).clone(); + Ok(self + .unwrap_array_ir()? + .into_iter() + .map(|t| T::new(sort.clone(), t)) + .collect()) + } + Ty::MutArray(_size) => Ok(self + .unwrap_array_ir()? + .into_iter() + .map(|t| T::new(Ty::Field, t)) + .collect()), + s => Err(format!("Not an array: {s}")), + } + } + pub fn new_array(v: Vec) -> Result { + array(v) + } + + pub fn new_struct(name: String, fields: Vec<(String, T)>) -> T { + let (field_tys, ir_terms): (Vec<_>, Vec<_>) = fields + .into_iter() + .map(|(name, t)| ((name.clone(), t.ty), (name, t.term))) + .unzip(); + let field_ty_list = FieldList::new(field_tys); + let ir_term = term(Op::Tuple, { + let with_indices: BTreeMap = ir_terms + .into_iter() + .map(|(name, t)| (field_ty_list.search(&name).unwrap().0, t)) + .collect(); + with_indices.into_values().collect() + }); + T::new(Ty::Struct(name, field_ty_list), ir_term) + } + + pub fn new_tuple(v: Vec) -> T { + T::new( + Ty::Tuple(v.iter().map(|t| t.ty.clone()).collect()), + term(Op::Tuple, v.into_iter().map(|t| t.term).collect()), + ) + } + + // XXX(rsw) hrm is there a nicer way to do this? + pub fn new_field(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Field, pf_lit_ir(v)) + } + + pub fn new_u8(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(8), bv_lit(v, 8)) + } + + pub fn new_u16(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(16), bv_lit(v, 16)) + } + + pub fn new_u32(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(32), bv_lit(v, 32)) + } + + pub fn new_u64(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(64), bv_lit(v, 64)) + } + + pub fn new_integer(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Integer, int_lit(v)) + } + + pub fn pretty(&self, f: &mut W) -> Result<(), std::io::Error> { + use std::io::{Error, ErrorKind}; + let val = match &self.term.op() { + Op::Const(v) => Ok(v), + _ => Err(Error::new(ErrorKind::Other, "not a const val")), + }?; + match &**val { + Value::Bool(b) => write!(f, "{b}"), + Value::Field(fe) => write!(f, "{}f", fe.i()), + Value::BitVector(bv) => match bv.width() { + 8 => write!(f, "0x{:02x}", bv.uint()), + 16 => write!(f, "0x{:04x}", bv.uint()), + 32 => write!(f, "0x{:08x}", bv.uint()), + 64 => write!(f, "0x{:016x}", bv.uint()), + _ => unreachable!(), + }, + Value::Tuple(vs) => match &self.ty { + Ty::Struct(n, fl) => { + write!(f, "{n} {{ ")?; + fl.fields().zip(vs.iter()).try_for_each(|((n, ty), v)| { + write!(f, "{n}: ")?; + T::new(ty.clone(), const_(v.clone())).pretty(f)?; + write!(f, ", ") + })?; + write!(f, "}}") + } + Ty::Tuple(tys) => { + write!(f, "(")?; + tys.iter().zip(vs.iter()).try_for_each(|(ty, v)| { + T::new(ty.clone(), const_(v.clone())).pretty(f)?; + write!(f, ", ") + })?; + write!(f, ")") + } + _ => Err(Error::new( + ErrorKind::Other, + "expected struct or tuple, got something else", + )), + }, + Value::Array(arr) => { + let inner_ty = if let Ty::Array(_, ty) = &self.ty { + Ok(ty) + } else { + Err(Error::new( + ErrorKind::Other, + "expected array, got something else", + )) + }?; + write!(f, "[")?; + arr.key_sort + .elems_iter() + .take(arr.size) + .try_for_each(|idx| { + T::new( + *inner_ty.clone(), + const_(arr.select(idx.as_value_opt().unwrap())), + ) + .pretty(f)?; + write!(f, ", ") + })?; + write!(f, "]") + } + _ => unreachable!(), + } + } +} + +impl Display for T { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + write!(f, "{}", self.term) + } +} + +fn wrap_bin_op( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fun: Option Term>, + a: T, + b: T, +) -> Result { + match (&a.ty, &b.ty, fu, ff, fb, fun) { + (Ty::Uint(na), Ty::Uint(nb), Some(fu), _, _, _) if na == nb => { + Ok(T::new(Ty::Uint(*na), fu(a.term.clone(), b.term.clone()))) + } + (Ty::Bool, Ty::Bool, _, _, Some(fb), _) => { + Ok(T::new(Ty::Bool, fb(a.term.clone(), b.term.clone()))) + } + (Ty::Field, Ty::Field, _, Some(ff), _, _) => { + Ok(T::new(Ty::Field, ff(a.term.clone(), b.term.clone()))) + } + (Ty::Integer, Ty::Integer, _, _, _, Some(fun)) => { + Ok(T::new(Ty::Integer, fun(a.term.clone(), b.term.clone()))) + } + (x, y, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x} and {y}")), + } +} + +fn wrap_bin_pred( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fi: Option Term>, + a: T, + b: T, +) -> Result { + match (&a.ty, &b.ty, fu, ff, fb, fi) { + (Ty::Uint(na), Ty::Uint(nb), Some(fu), _, _, _) if na == nb => { + Ok(T::new(Ty::Bool, fu(a.term.clone(), b.term.clone()))) + } + (Ty::Bool, Ty::Bool, _, _, Some(fb), _) => { + Ok(T::new(Ty::Bool, fb(a.term.clone(), b.term.clone()))) + } + (Ty::Field, Ty::Field, _, Some(ff), _, _) => { + Ok(T::new(Ty::Bool, ff(a.term.clone(), b.term.clone()))) + } + (Ty::Integer, Ty::Integer, _, _, _, Some(fi)) => { + Ok(T::new(Ty::Bool, fi(a.term.clone(), b.term.clone()))) + } + (x, y, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x} and {y}")), + } +} + +fn add_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Add); a, b] +} + +fn add_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Add); a, b] +} + +fn add_integer(a: Term, b: Term) -> Term { + term![Op::IntNaryOp(IntNaryOp::Add); a, b] +} + +pub fn add(a: T, b: T) -> Result { + wrap_bin_op( + "+", + Some(add_uint), + Some(add_field), + None, + Some(add_integer), + a, + b, + ) +} + +fn sub_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Sub); a, b] +} + +fn sub_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Add); a, term![Op::PfUnOp(PfUnOp::Neg); b]] +} + +fn sub_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Sub); a, b] +} + +pub fn sub(a: T, b: T) -> Result { + wrap_bin_op( + "-", + Some(sub_uint), + Some(sub_field), + None, + Some(sub_integer), + a, + b, + ) +} + +fn mul_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Mul); a, b] +} + +fn mul_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Mul); a, b] +} + +fn mul_integer(a: Term, b: Term) -> Term { + term![Op::IntNaryOp(IntNaryOp::Mul); a, b] +} + +pub fn mul(a: T, b: T) -> Result { + wrap_bin_op( + "*", + Some(mul_uint), + Some(mul_field), + None, + Some(mul_integer), + a, + b, + ) +} + +fn div_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Udiv); a, b] +} + +fn div_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Mul); a, term![Op::PfUnOp(PfUnOp::Recip); b]] +} + +fn div_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Div); a, b] +} + +pub fn div(a: T, b: T) -> Result { + wrap_bin_op( + "/", + Some(div_uint), + Some(div_field), + None, + Some(div_integer), + a, + b, + ) +} + +fn to_dflt_f(t: Term) -> Term { + term![Op::new_ubv_to_pf(default_field()); t] +} + +fn rem_field(a: Term, b: Term) -> Term { + let len = cfg().field().modulus().significant_bits() as usize; + let a_bv = term![Op::PfToBv(len); a]; + let b_bv = term![Op::PfToBv(len); b]; + to_dflt_f(term![Op::BvBinOp(BvBinOp::Urem); a_bv, b_bv]) +} + +fn rem_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Urem); a, b] +} + +fn rem_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Rem); a, b] +} + +pub fn rem(a: T, b: T) -> Result { + wrap_bin_op( + "%", + Some(rem_uint), + Some(rem_field), + None, + Some(rem_integer), + a, + b, + ) +} + +fn bitand_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::And); a, b] +} + +pub fn bitand(a: T, b: T) -> Result { + wrap_bin_op("&", Some(bitand_uint), None, None, None, a, b) +} + +fn bitor_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Or); a, b] +} + +pub fn bitor(a: T, b: T) -> Result { + wrap_bin_op("|", Some(bitor_uint), None, None, None, a, b) +} + +fn bitxor_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Xor); a, b] +} + +pub fn bitxor(a: T, b: T) -> Result { + wrap_bin_op("^", Some(bitxor_uint), None, None, None, a, b) +} + +fn or_bool(a: Term, b: Term) -> Term { + term![Op::BoolNaryOp(BoolNaryOp::Or); a, b] +} + +pub fn or(a: T, b: T) -> Result { + wrap_bin_op("||", None, None, Some(or_bool), None, a, b) +} + +fn and_bool(a: Term, b: Term) -> Term { + term![Op::BoolNaryOp(BoolNaryOp::And); a, b] +} + +pub fn and(a: T, b: T) -> Result { + wrap_bin_op("&&", None, None, Some(and_bool), None, a, b) +} + +fn eq_base(a: T, b: T) -> Result { + if a.ty != b.ty { + Err(format!( + "Cannot '==' dissimilar types {} and {}", + a.type_(), + b.type_() + )) + } else { + Ok(term![Op::Eq; a.term, b.term]) + } +} + +pub fn eq(a: T, b: T) -> Result { + Ok(T::new(Ty::Bool, eq_base(a, b)?)) +} + +pub fn neq(a: T, b: T) -> Result { + Ok(T::new(Ty::Bool, not_bool(eq_base(a, b)?))) +} + +fn ult_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ult); a, b] +} + +// XXX(constr_opt) see TODO file - only need to expand to MIN of two bit-lengths if done right +// XXX(constr_opt) do this using subtraction instead? +fn field_comp(a: Term, b: Term, op: BvBinPred) -> Term { + let len = cfg().field().modulus().significant_bits() as usize; + let a_bv = term![Op::PfToBv(len); a]; + let b_bv = term![Op::PfToBv(len); b]; + term![Op::BvBinPred(op); a_bv, b_bv] +} + +fn ult_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ult) +} + +fn ult_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Lt); a,b] +} + +pub fn ult(a: T, b: T) -> Result { + wrap_bin_pred( + "<", + Some(ult_uint), + Some(ult_field), + None, + Some(ult_integer), + a, + b, + ) +} + +fn ule_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ule); a, b] +} + +fn ule_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ule) +} + +fn ule_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Le); a, b] +} + +pub fn ule(a: T, b: T) -> Result { + wrap_bin_pred( + "<=", + Some(ule_uint), + Some(ule_field), + None, + Some(ule_integer), + a, + b, + ) +} + +fn ugt_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ugt); a, b] +} + +fn ugt_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ugt) +} + +fn ugt_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Gt); a, b] +} + +pub fn ugt(a: T, b: T) -> Result { + wrap_bin_pred( + ">", + Some(ugt_uint), + Some(ugt_field), + None, + Some(ugt_integer), + a, + b, + ) +} + +fn uge_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Uge); a, b] +} + +fn uge_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Uge) +} + +fn uge_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Ge); a, b] +} + +pub fn uge(a: T, b: T) -> Result { + wrap_bin_pred( + ">=", + Some(uge_uint), + Some(uge_field), + None, + Some(uge_integer), + a, + b, + ) +} + +pub fn pow(a: T, b: T) -> Result { + if (a.ty != Ty::Field && a.ty != Ty::Integer) || b.ty != Ty::Uint(32) { + return Err(format!( + "Cannot compute {a} ** {b} : must be Field/Integer ** U32" + )); + } + + let b = const_int(b)?; + if b == 0 { + return Ok((if a.ty == Ty::Field { + T::new_field + } else { + T::new_integer + })(1)); + } + + Ok((0..b.significant_bits() - 1) + .rev() + .fold(a.clone(), |acc, ix| { + let acc = mul(acc.clone(), acc).unwrap(); + if b.get_bit(ix) { + mul(acc, a.clone()).unwrap() + } else { + acc + } + })) +} + +fn wrap_un_op( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fun: Option Term>, + a: T, +) -> Result { + match (&a.ty, fu, ff, fb, fun) { + (Ty::Uint(_), Some(fu), _, _, _) => Ok(T::new(a.ty.clone(), fu(a.term.clone()))), + (Ty::Bool, _, _, Some(fb), _) => Ok(T::new(Ty::Bool, fb(a.term.clone()))), + (Ty::Field, _, Some(ff), _, _) => Ok(T::new(Ty::Field, ff(a.term.clone()))), + (Ty::Integer, _, _, _, Some(fun)) => Ok(T::new(Ty::Integer, fun(a.term.clone()))), + (x, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x}")), + } +} + +fn neg_field(a: Term) -> Term { + term![Op::PfUnOp(PfUnOp::Neg); a] +} + +fn neg_uint(a: Term) -> Term { + term![Op::BvUnOp(BvUnOp::Neg); a] +} + +fn neg_integer(a: Term) -> Term { + term![Op::IntUnOp(IntUnOp::Neg); a] +} + +// Missing from ZoKrates. +pub fn neg(a: T) -> Result { + wrap_un_op( + "unary-", + Some(neg_uint), + Some(neg_field), + None, + Some(neg_integer), + a, + ) +} + +fn not_bool(a: Term) -> Term { + term![Op::Not; a] +} + +fn not_uint(a: Term) -> Term { + term![Op::BvUnOp(BvUnOp::Not); a] +} + +pub fn not(a: T) -> Result { + wrap_un_op("!", Some(not_uint), None, Some(not_bool), None, a) +} + +pub fn const_int(a: T) -> Result { + match const_value(&a.term) { + Some(Value::Field(f)) => Ok(f.i()), + Some(Value::BitVector(f)) => Ok(f.uint().clone()), + _ => Err(format!("{a} is not a constant integer")), + } +} + +#[allow(dead_code)] +pub fn const_bool(a: T) -> Option { + match const_value(&a.term) { + Some(Value::Bool(b)) => Some(b), + _ => None, + } +} + +pub fn const_fold(t: T) -> T { + let folded = constant_fold(&t.term, &[]); + T::new(t.ty, folded) +} + +pub fn const_val(a: T) -> Result { + match const_value(&a.term) { + Some(v) => Ok(T::new(a.ty, const_(v))), + _ => Err(format!("{} is not a constant value", &a)), + } +} + +fn const_value(t: &Term) -> Option { + let folded = constant_fold(t, &[]); + match &folded.op() { + Op::Const(v) => Some((**v).clone()), + _ => None, + } +} + +pub fn bool(a: T) -> Result { + match &a.ty { + Ty::Bool => Ok(a.term), + a => Err(format!("{a} is not a boolean")), + } +} + +fn wrap_shift(name: &str, op: BvBinOp, a: T, b: T) -> Result { + let bc = const_int(b)?; + match &a.ty { + &Ty::Uint(na) => Ok(T::new(a.ty, term![Op::BvBinOp(op); a.term, bv_lit(bc, na)])), + x => Err(format!("Cannot perform op '{name}' on {x} and {bc}")), + } +} + +pub fn shl(a: T, b: T) -> Result { + wrap_shift("<<", BvBinOp::Shl, a, b) +} + +pub fn shr(a: T, b: T) -> Result { + wrap_shift(">>", BvBinOp::Lshr, a, b) +} + +fn ite(c: Term, a: T, b: T) -> Result { + if a.ty != b.ty { + Err(format!("Cannot perform ITE on {a} and {b}")) + } else { + Ok(T::new(a.ty.clone(), term![Op::Ite; c, a.term, b.term])) + } +} + +pub fn cond(c: T, a: T, b: T) -> Result { + ite(bool(c)?, a, b) +} + +pub fn pf_lit_ir(i: I) -> Term +where + Integer: From, +{ + const_(pf_val(i)) +} + +fn pf_val(i: I) -> Value +where + Integer: From, +{ + Value::Field(cfg().field().new_v(i)) +} + +pub fn field_lit(i: I) -> T +where + Integer: From, +{ + T::new(Ty::Field, pf_lit_ir(i)) +} + +pub fn z_bool_lit(v: bool) -> T { + T::new(Ty::Bool, bool_lit(v)) +} + +pub fn uint_lit(v: I, bits: usize) -> T +where + Integer: From, +{ + T::new(Ty::Uint(bits), bv_lit(v, bits)) +} + +pub fn slice(arr: T, start: Option, end: Option) -> Result { + match &arr.ty { + Ty::Array(size, _) => { + let start = start.unwrap_or(0); + let end = end.unwrap_or(*size); + array(arr.unwrap_array()?.drain(start..end)) + } + Ty::MutArray(size) => { + let start = start.unwrap_or(0); + let end = end.unwrap_or(*size); + array(arr.unwrap_array()?.drain(start..end)) + } + a => Err(format!("Cannot slice {a}")), + } +} + +pub fn field_select(struct_tuple_: &T, field: &str) -> Result { + match &struct_tuple_.ty { + Ty::Struct(_, map) => { + if let Some((idx, ty)) = map.search(field) { + Ok(T::new( + ty.clone(), + term![Op::Field(idx); struct_tuple_.term.clone()], + )) + } else { + Err(format!("No field '{field}'")) + } + } + + Ty::Tuple(tys) => { + let idx = field + .parse::() + .map_err(|_| format!("Invalid tuple index: {field}"))?; + if idx < tys.len() { + Ok(T::new( + tys[idx].clone(), + term![Op::Field(idx); struct_tuple_.term.clone()], + )) + } else { + Err(format!("Tuple index out of bounds: {idx}")) + } + } + a => Err(format!("{a} is not a struct or tuple")), + } +} + +pub fn field_store(struct_tuple_: T, field: &str, val: T) -> Result { + match &struct_tuple_.ty { + Ty::Struct(_, map) => { + if let Some((idx, ty)) = map.search(field) { + if ty == &val.ty { + Ok(T::new( + struct_tuple_.ty.clone(), + term![Op::Update(idx); struct_tuple_.term.clone(), val.term], + )) + } else { + Err(format!( + "term {val} assigned to field {field} of type {}", + map.get(idx).1 + )) + } + } else { + Err(format!("No field '{field}'")) + } + } + Ty::Tuple(tys) => { + // Parse the field as a numeric index + let idx = field + .parse::() + .map_err(|_| format!("Invalid tuple index: {field}"))?; + if idx >= tys.len() { + Err(format!("Tuple index out of bounds: {idx}")) + } else if tys[idx] != val.ty { + Err(format!( + "Type mismatch: cannot assign {} to tuple element {} of type {}", + val.ty, idx, tys[idx] + )) + } else { + Ok(T::new( + struct_tuple_.ty.clone(), + term![Op::Update(idx); struct_tuple_.term.clone(), val.term], + )) + } + } + a => Err(format!("{a} is not a struct or tuple")), + } +} + +fn coerce_to_field(i: T) -> Result { + match &i.ty { + Ty::Uint(_) => Ok(to_dflt_f(i.term)), + Ty::Field => Ok(i.term), + _ => Err(format!("Cannot coerce {} to a field element", &i)), + } +} + +pub fn array_select(array: T, idx: T) -> Result { + match array.ty { + Ty::Array(_, elem_ty) if matches!(idx.ty, Ty::Uint(_) | Ty::Field) => { + let iterm = coerce_to_field(idx).unwrap(); + Ok(T::new(*elem_ty, term![Op::Select; array.term, iterm])) + } + Ty::MutArray(_) if matches!(idx.ty, Ty::Uint(_) | Ty::Field) => { + let iterm = coerce_to_field(idx).unwrap(); + Ok(T::new(Ty::Field, term![Op::Select; array.term, iterm])) + } + _ => Err(format!("Cannot index {} using {}", &array.ty, &idx.ty)), + } +} + +pub fn array_store(array: T, idx: T, val: T) -> Result { + if matches!(&array.ty, Ty::Array(_, _)) && matches!(&idx.ty, Ty::Uint(_) | Ty::Field) { + // XXX(q) typecheck here? + let iterm = if matches!(idx.ty, Ty::Uint(_)) { + to_dflt_f(idx.term) + } else { + idx.term + }; + Ok(T::new( + array.ty, + term![Op::Store; array.term, iterm, val.term], + )) + } else { + Err(format!("Cannot index {} using {}", &array.ty, &idx.ty)) + } +} + +fn ir_array>(value_sort: Sort, elems: I) -> Term { + let key_sort = Sort::Field(cfg().field().clone()); + term( + Op::Array(Box::new(ArrayOp { + key: key_sort, + val: value_sort, + })), + elems.into_iter().collect(), + ) +} + +pub fn fill_array(value: T, size: usize) -> Result { + Ok(T::new( + Ty::Array(size, Box::new(value.ty)), + term![Op::new_fill(default_field_sort(), size); value.term], + )) +} +pub fn array>(elems: I) -> Result { + let v: Vec = elems.into_iter().collect(); + if let Some(e) = v.first() { + let ty = e.type_(); + if v.iter().skip(1).any(|a| a.type_() != ty) { + Err("Inconsistent types in array".to_string()) + } else { + let sort = check(&e.term); + Ok(T::new( + Ty::Array(v.len(), Box::new(ty.clone())), + ir_array(sort, v.into_iter().map(|t| t.term)), + )) + } + } else { + Err("Empty array".to_string()) + } +} + +pub fn uint_to_field(u: T) -> Result { + match &u.ty { + Ty::Uint(_) => Ok(T::new(Ty::Field, to_dflt_f(u.term))), + u => Err(format!("Cannot do uint-to-field on {u}")), + } +} + +pub fn integer_to_field(u: T) -> Result { + match &u.ty { + Ty::Integer => Ok(T::new( + Ty::Field, + term![Op::IntToPf(default_field()); u.term], + )), + u => Err(format!("Cannot do int-to-field on {u}")), + } +} + +pub fn field_to_integer(u: T) -> Result { + match &u.ty { + Ty::Field => Ok(T::new(Ty::Integer, term![Op::PfToInt; u.term])), + u => Err(format!("Cannot do int-to-field on {u}")), + } +} + +pub fn int_to_bits(i: T, n: usize) -> Result { + match &i.ty { + Ty::Integer => uint_to_bits(T::new(Ty::Uint(n), term![Op::IntToBv(n); i.term])), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +pub fn int_size(i: T) -> Result { + match &i.ty { + Ty::Integer => Ok(T::new(Ty::Uint(32), term![Op::IntSize; i.term])), + u => Err(format!("Cannot do sizeof on {u}")), + } +} + +pub fn int_modinv(i: T, m: T) -> Result { + match (&i.ty, &m.ty) { + (Ty::Integer, Ty::Integer) => Ok(T::new( + Ty::Integer, + term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term], + )), + u => Err(format!("Cannot do modinv on {:?}", u)), + } +} + +pub fn uint_to_uint(u: T, w: usize) -> Result { + match &u.ty { + Ty::Uint(n) if *n <= w => Ok(T::new(Ty::Uint(w), term![Op::BvUext(w - n); u.term])), + Ty::Uint(n) => Err(format!("Tried narrowing uint{n}-to-uint{w} attempted")), + u => Err(format!("Cannot do uint-to-uint on {u}")), + } +} + +pub fn uint_to_bits(u: T) -> Result { + match &u.ty { + Ty::Uint(n) => Ok(T::new( + Ty::Array(*n, Box::new(Ty::Bool)), + ir_array( + Sort::Bool, + (0..*n).rev().map(|i| term![Op::BvBit(i); u.term.clone()]), + ), + )), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +// XXX(rsw) is it correct to enforce length here, vs. in (say) builtin_call in mod.rs? +pub fn uint_from_bits(u: T) -> Result { + match &u.ty { + Ty::Array(bits, elem_ty) if **elem_ty == Ty::Bool => match bits { + 8 | 16 | 32 | 64 => Ok(T::new( + Ty::Uint(*bits), + term( + Op::BvConcat, + u.unwrap_array_ir()? + .into_iter() + .map(|z: Term| -> Term { term![Op::BoolToBv; z] }) + .collect(), + ), + )), + l => Err(format!("Cannot do uint-from-bits on len {l} array")), + }, + u => Err(format!("Cannot do uint-from-bits on {u}")), + } +} + +pub fn field_to_bits(f: T, n: usize) -> Result { + match &f.ty { + Ty::Field => uint_to_bits(T::new(Ty::Uint(n), term![Op::PfToBv(n); f.term])), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +pub fn field_to_bool_unsafe(f: T) -> Result { + match &f.ty { + Ty::Field => Ok(T::new(Ty::Bool, term![Op::PfToBoolTrusted; f.term])), + u => Err(format!("Cannot do field-to-bool on {u}")), + } +} + +fn bv_from_bits(barr: Term, size: usize) -> Term { + term( + Op::BvConcat, + (0..size) + .map(|i| term![Op::BoolToBv; term![Op::Select; barr.clone(), pf_lit_ir(i)]]) + .collect(), + ) +} + +pub fn bit_array_le(a: T, b: T, n: usize) -> Result { + match (&a.ty, &b.ty) { + (Ty::Array(la, ta), Ty::Array(lb, tb)) => { + if **ta != Ty::Bool || **tb != Ty::Bool { + Err("bit-array-le must be called on arrays of Bools".to_string()) + } else if la != lb { + Err(format!( + "bit-array-le called on arrays with lengths {la} != {lb}" + )) + } else if *la != n { + Err(format!( + "bit-array-le::<{n}> called on arrays with length {la}" + )) + } else { + Ok(()) + } + } + _ => Err(format!("Cannot do bit-array-le on ({}, {})", &a.ty, &b.ty)), + }?; + + let at = bv_from_bits(a.term, n); + let bt = bv_from_bits(b.term, n); + Ok(T::new( + Ty::Bool, + term![Op::BvBinPred(BvBinPred::Ule); at, bt], + )) +} + +pub fn sample_challenge(a: T, number: usize) -> Result { + if let Ty::Array(_, ta) = &a.ty { + if let Ty::Field = &**ta { + Ok(T::new( + Ty::Field, + term( + Op::new_chall(format!("zx_chall_{number}"), default_field()), + a.unwrap_array_ir()?, + ), + )) + } else { + Err(format!("sample_challenge called on non-field array {a}")) + } + } else { + Err(format!("sample_challenge called on non-array {a}")) + } +} + +pub struct ZSharp {} + +fn field_name(struct_name: &str, field_name: &str) -> String { + format!("{struct_name}.{field_name}") +} + +fn idx_name(struct_name: &str, idx: usize) -> String { + format!("{struct_name}.{idx}") +} + +impl ZSharp { + pub fn new() -> Self { + Self {} + } +} + +impl Typed for T { + fn type_(&self) -> Ty { + self.ty.clone() + } +} + +impl Embeddable for ZSharp { + type T = T; + type Ty = Ty; + fn declare_input( + &self, + ctx: &mut CirCtx, + ty: &Self::Ty, + name: String, + visibility: Option, + precompute: Option, + ) -> Self::T { + match ty { + Ty::Bool => T::new( + Ty::Bool, + ctx.cs.borrow_mut().new_var( + &name, + Sort::Bool, + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Field => T::new( + Ty::Field, + ctx.cs.borrow_mut().new_var( + &name, + default_field_sort(), + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Uint(w) => T::new( + Ty::Uint(*w), + ctx.cs.borrow_mut().new_var( + &name, + Sort::BitVector(*w), + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Integer => T::new( + Ty::Integer, + ctx.cs.borrow_mut().new_var( + &name, + Sort::Int, + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Array(n, ty) => { + let ps: Vec> = match precompute.map(|p| p.unwrap_array()) { + Some(Ok(v)) => v.into_iter().map(Some).collect(), + Some(Err(e)) => panic!("{}", e), + None => std::iter::repeat(None).take(*n).collect(), + }; + debug_assert_eq!(*n, ps.len()); + array( + ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, ty, idx_name(&name, i), visibility, p) + }), + ) + .unwrap() + } + Ty::MutArray(n) => { + let ps: Vec> = match precompute.map(|p| p.unwrap_array()) { + Some(Ok(v)) => v.into_iter().map(Some).collect(), + Some(Err(e)) => panic!("{}", e), + None => std::iter::repeat(None).take(*n).collect(), + }; + debug_assert_eq!(*n, ps.len()); + array( + ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) + }), + ) + .unwrap() + } + Ty::Struct(n, fs) => T::new_struct( + n.clone(), + fs.fields() + .map(|(f_name, f_ty)| { + ( + f_name.clone(), + self.declare_input( + ctx, + f_ty, + field_name(&name, f_name), + visibility, + precompute.as_ref().map(|_| unimplemented!("precomputations for declared inputs that are Z# structures")), + ), + ) + }) + .collect(), + ), + Ty::Tuple(tys) => { + let ps: Vec> = match precompute { + Some(p) => { + if let Ty::Tuple(ptys) = p.clone().ty { + if ptys.len() != tys.len() { + panic!("Precomputed tuple length doesn't match expected tuple length"); + } + (0..tys.len()) + .map(|i| Some(T::new( + tys[i].clone(), + term![Op::Field(i); p.term.clone()], + ))) + .collect() + } else { + panic!("Precompute type doesn't match expected tuple type"); + } + }, + None => std::iter::repeat(None).take(tys.len()).collect(), + }; + debug_assert_eq!(tys.len(), ps.len()); + T::new( + Ty::Tuple(tys.clone()), + term( + Op::Tuple, + tys.iter() + .zip(ps) + .enumerate() + .map(|(i, (ty, p))| { + self.declare_input( + ctx, + ty, + idx_name(&name, i), + visibility, + p, + ).term + }) + .collect(), + ), + ) + } + } + } + fn ite(&self, _ctx: &mut CirCtx, cond: Term, t: Self::T, f: Self::T) -> Self::T { + ite(cond, t, f).unwrap() + } + fn create_uninit(&self, _ctx: &mut CirCtx, ty: &Self::Ty) -> Self::T { + ty.default() + } + + fn initialize_return(&self, ty: &Self::Ty, _ssa_name: &String) -> Self::T { + ty.default() + } + + fn wrap_persistent_array(&self, t: Term) -> Self::T { + let size = check(&t).as_array().2; + T::new(Ty::MutArray(size), t) + } +} diff --git a/src/front/zsharpcurly/uglinesses b/src/front/zsharpcurly/uglinesses new file mode 100644 index 000000000..ffeb8cdbb --- /dev/null +++ b/src/front/zsharpcurly/uglinesses @@ -0,0 +1,41 @@ +overloading: + Functions are imported by name. If many functions have the same name + but different signatures, all of them get imported, and which one to + use in a particular call is inferred. (ZoK manual section 3.8) + ==> we disallow explicitly + +inferred types for decimal literals (ZoK manual section 3.2) + inside expressions + in assignments if LHS + add "untypedInteger" and unify as we go? + ==> handled + +multi-assignment + ==> not implemented (WONTFIX?) + +generics + ==> handled, but with edge cases + +add array-membership operator +add arithmetic-progression literal (to use with array-membership op) +should we make range checks explicit in IR? + we have power-of-2 right now + add non-power-of-2 range check? + +=== +// Following is totally broken right now (may work in ref compiler because +// they seem to monomorphize on-the-fly --- consider doing this?) + +def last(u32[N] a) -> u32: + return a[N-1] + +def foo(u32[N] a) -> u32: + // can't compute 2*N and pass to last because it has to be a const value! + // (and cannot declare const values inside functions) + return last([...a, ...a]) + +def main() -> u32: + return foo([1,2,3]) + +// XXX do we want to add const decls *inside* functions? +// not possible right now, but could help for cases like this diff --git a/src/front/zsharpcurly/zvisit/eqtype.rs b/src/front/zsharpcurly/zvisit/eqtype.rs new file mode 100644 index 000000000..efb550282 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/eqtype.rs @@ -0,0 +1,142 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::ZGen; +use super::{ZResult, ZVisitorError, ZVisitorResult}; + +use zokrates_curly_pest_ast as ast; + +pub(super) fn eq_type<'ast>( + ty: &ast::Type<'ast>, + ty2: &ast::Type<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + use ast::Type::*; + match (ty, ty2) { + (Basic(bty), Basic(bty2)) => eq_basic_type(bty, bty2), + (Array(aty), Array(aty2)) => eq_array_type(aty, aty2, zgen), + (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), + (Tuple(t1), Tuple(t2)) => eq_tuple_type(t1, t2, zgen), + _ => { + let resolve_type_alias = |ty: &ast::Type<'ast>| -> ZResult<(ast::Type<'ast>, bool)> { + match ty { + Struct(s) => { + let resolved_ty = canon_type(s, zgen)?; + Ok((resolved_ty, true)) + } + _ => Ok((ty.clone(), false)), + } + }; + + let (ty, type_alias) = resolve_type_alias(ty)?; + let (ty2, type_alias2) = resolve_type_alias(ty2)?; + + if type_alias || type_alias2 { + eq_type(&ty, &ty2, zgen) + } else { + Err(ZVisitorError(format!( + "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" + ))) + } + } + } +} + +fn eq_basic_type<'ast>(ty: &ast::BasicType<'ast>, ty2: &ast::BasicType<'ast>) -> ZVisitorResult { + use ast::BasicType::*; + match (ty, ty2) { + (Field(_), Field(_)) => Ok(()), + (Boolean(_), Boolean(_)) => Ok(()), + (U8(_), U8(_)) => Ok(()), + (U16(_), U16(_)) => Ok(()), + (U32(_), U32(_)) => Ok(()), + (U64(_), U64(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "basic type mismatch: \n\texpected {ty:?}, \n\tfound {ty2:?}" + ))), + } +} + +fn eq_array_type<'ast>( + ty: &ast::ArrayType<'ast>, + ty2: &ast::ArrayType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + use ast::BasicOrStructOrTupleType::*; + if ty.dimensions.len() != ty2.dimensions.len() { + return Err(ZVisitorError(format!( + "array type mismatch: \n\texpected {}-dimensional array, \n\tfound {}-dimensional array", + ty.dimensions.len(), + ty2.dimensions.len(), + ))); + } + match (&ty.ty, &ty2.ty) { + (Basic(bty), Basic(bty2)) => eq_basic_type(bty, bty2), + (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), + _ => Err(ZVisitorError(format!( + "array type mismatch: \n\texpected elms of type {:?}, \n\tfound {:?}", + &ty.ty, &ty2.ty, + ))), + } +} + +fn eq_struct_type<'ast>( + ty: &ast::StructType<'ast>, + ty2: &ast::StructType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + if ty.id.value == ty2.id.value { + Ok(()) + } else if is_struct(&ty.id.value, zgen) && is_struct(&ty2.id.value, zgen) { + // neither ty nor ty2 is a type alias, so they are really different + Err(ZVisitorError(format!( + "struct type mismatch: \n\texpected {:?}, \n\tfound {:?}", + &ty.id.value, &ty2.id.value, + ))) + } else { + eq_type(&canon_type(ty, zgen)?, &canon_type(ty2, zgen)?, zgen) + } +} + +fn eq_tuple_type<'ast>( + ty: &ast::TupleType<'ast>, + ty2: &ast::TupleType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + if ty.elements.len() != ty2.elements.len() { + return Err(ZVisitorError(format!( + "tuple type mismatch: \n\texpected tuple with {} elements, \n\tfound tuple with {} elements", + ty.elements.len(), + ty2.elements.len(), + ))); + } + + for (elem1, elem2) in ty.elements.iter().zip(ty2.elements.iter()) { + eq_type(elem1, elem2, zgen)?; + } + + Ok(()) +} + +fn is_struct(id: &str, zgen: &ZGen<'_>) -> bool { + zgen.get_struct_or_type(id) + .map(|(s, _)| s.is_ok()) + .unwrap_or(false) +} + +fn canon_type<'ast>(ty: &ast::StructType<'ast>, zgen: &ZGen<'ast>) -> ZResult> { + zgen.get_struct_or_type(&ty.id.value) + .map(|(s, _)| match s { + Ok(sd) => ast::Type::Struct(ast::StructType { + id: sd.id.clone(), + explicit_generics: None, + span: sd.span, + }), + Err(t) => t.ty.clone(), + }) + .ok_or_else(|| { + ZVisitorError(format!( + "eqtype: unknown struct or type alias {}", + &ty.id.value + )) + }) +} diff --git a/src/front/zsharpcurly/zvisit/mod.rs b/src/front/zsharpcurly/zvisit/mod.rs new file mode 100644 index 000000000..8a05f8e80 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/mod.rs @@ -0,0 +1,35 @@ +//! AST Walker for zokrates_curly_pest_ast +#![allow(missing_docs)] + +mod eqtype; +mod walkfns; +mod zconstlitrw; +mod zgenericinf; +mod zstmtwalker; +mod zvmut; + +pub(super) use zconstlitrw::ZConstLiteralRewriter; +pub(super) use zgenericinf::ZGenericInf; +pub(super) use zstmtwalker::ZStatementWalker; +pub use zvmut::ZVisitorMut; + +use zokrates_curly_pest_ast as ast; + +pub struct ZVisitorError(pub String); +pub type ZResult = Result; +pub type ZVisitorResult = ZResult<()>; + +impl From for ZVisitorError { + fn from(f: String) -> Self { + Self(f) + } +} + +fn bos_to_type(bos: ast::BasicOrStructOrTupleType) -> ast::Type { + use ast::{BasicOrStructOrTupleType::*, Type}; + match bos { + Struct(st) => Type::Struct(st), + Basic(bt) => Type::Basic(bt), + Tuple(tt) => Type::Tuple(tt), + } +} diff --git a/src/front/zsharpcurly/zvisit/walkfns.rs b/src/front/zsharpcurly/zvisit/walkfns.rs new file mode 100644 index 000000000..2ecc8becb --- /dev/null +++ b/src/front/zsharpcurly/zvisit/walkfns.rs @@ -0,0 +1,875 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::{ZVisitorMut, ZVisitorResult}; +use zokrates_curly_pest_ast as ast; + +pub fn walk_file<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + file: &mut ast::File<'ast>, +) -> ZVisitorResult { + if let Some(p) = &mut file.pragma { + visitor.visit_pragma(p)?; + } + file.declarations + .iter_mut() + .try_for_each(|d| visitor.visit_symbol_declaration(d))?; + visitor.visit_eoi(&mut file.eoi)?; + visitor.visit_span(&mut file.span) +} + +pub fn walk_pragma<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + pragma: &mut ast::Pragma<'ast>, +) -> ZVisitorResult { + visitor.visit_curve(&mut pragma.curve)?; + visitor.visit_span(&mut pragma.span) +} + +pub fn walk_curve<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + curve: &mut ast::Curve<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut curve.span) +} + +pub fn walk_symbol_declaration<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + sd: &mut ast::SymbolDeclaration<'ast>, +) -> ZVisitorResult { + use ast::SymbolDeclaration::*; + match sd { + Import(i) => visitor.visit_import_directive(i), + Constant(c) => visitor.visit_constant_definition(c), + Struct(s) => visitor.visit_struct_definition(s), + Type(t) => visitor.visit_type_definition(t), + Function(f) => visitor.visit_function_definition(f), + } +} + +pub fn walk_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + import: &mut ast::ImportDirective<'ast>, +) -> ZVisitorResult { + use ast::ImportDirective::*; + match import { + Main(m) => visitor.visit_main_import_directive(m), + From(f) => visitor.visit_from_import_directive(f), + } +} + +pub fn walk_main_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + mimport: &mut ast::MainImportDirective<'ast>, +) -> ZVisitorResult { + visitor.visit_raw_string(&mut mimport.source.raw)?; + if let Some(ie) = &mut mimport.alias { + visitor.visit_identifier_expression(ie)?; + } + visitor.visit_span(&mut mimport.span) +} + +pub fn walk_from_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fimport: &mut ast::FromImportDirective<'ast>, +) -> ZVisitorResult { + visitor.visit_raw_string(&mut fimport.source.raw)?; + fimport + .symbols + .iter_mut() + .try_for_each(|s| visitor.visit_import_symbol(s))?; + visitor.visit_span(&mut fimport.span) +} + +pub fn walk_raw_string<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + is: &mut ast::RawString<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut is.span) +} + +pub fn walk_identifier_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ie: &mut ast::IdentifierExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut ie.span) +} + +pub fn walk_import_symbol<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + is: &mut ast::ImportSymbol<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut is.id)?; + if let Some(ie) = &mut is.alias { + visitor.visit_identifier_expression(ie)?; + } + visitor.visit_span(&mut is.span) +} + +pub fn walk_constant_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + cnstdef: &mut ast::ConstantDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut cnstdef.id.ty)?; + visitor.visit_identifier_expression(&mut cnstdef.id.identifier)?; + visitor.visit_expression(&mut cnstdef.expression)?; + visitor.visit_span(&mut cnstdef.span) +} + +pub fn walk_struct_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structdef: &mut ast::StructDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut structdef.id)?; + structdef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + structdef + .fields + .iter_mut() + .try_for_each(|f| visitor.visit_struct_field(f))?; + visitor.visit_span(&mut structdef.span) +} + +pub fn walk_type_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structdef: &mut ast::TypeDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut structdef.id)?; + structdef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + visitor.visit_type(&mut structdef.ty)?; + visitor.visit_span(&mut structdef.span) +} + +pub fn walk_struct_field<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structfield: &mut ast::StructField<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut structfield.id.ty)?; + visitor.visit_identifier_expression(&mut structfield.id.identifier)?; + visitor.visit_span(&mut structfield.span) +} + +pub fn walk_function_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fundef: &mut ast::FunctionDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut fundef.id)?; + fundef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + fundef + .parameters + .iter_mut() + .try_for_each(|p| visitor.visit_parameter(p))?; + if let Some(r) = fundef.return_type.as_mut() { + visitor.visit_type(r)?; + } + fundef + .statements + .iter_mut() + .try_for_each(|s| visitor.visit_statement(s))?; + visitor.visit_span(&mut fundef.span) +} + +pub fn walk_parameter<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + param: &mut ast::Parameter<'ast>, +) -> ZVisitorResult { + if let Some(v) = &mut param.visibility { + visitor.visit_visibility(v)?; + } + visitor.visit_type(&mut param.ty)?; + visitor.visit_identifier_expression(&mut param.id)?; + visitor.visit_span(&mut param.span) +} + +pub fn walk_visibility<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + vis: &mut ast::Visibility, +) -> ZVisitorResult { + use ast::Visibility::*; + match vis { + Public(pu) => visitor.visit_public_visibility(pu), + Private(pr) => visitor.visit_private_visibility(pr), + } +} + +pub fn walk_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ty: &mut ast::Type<'ast>, +) -> ZVisitorResult { + use ast::Type::*; + match ty { + Basic(b) => visitor.visit_basic_type(b), + Array(a) => visitor.visit_array_type(a), + Struct(s) => visitor.visit_struct_type(s), + Tuple(t) => visitor.visit_tuple_type(t), + } +} + +pub fn walk_basic_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bty: &mut ast::BasicType<'ast>, +) -> ZVisitorResult { + use ast::BasicType::*; + match bty { + Field(f) => visitor.visit_field_type(f), + Boolean(b) => visitor.visit_boolean_type(b), + U8(u) => visitor.visit_u8_type(u), + U16(u) => visitor.visit_u16_type(u), + U32(u) => visitor.visit_u32_type(u), + U64(u) => visitor.visit_u64_type(u), + // Integer(u) => visitor.visit_integer_type(u), + } +} + +pub fn walk_field_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fty: &mut ast::FieldType<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut fty.span) +} + +pub fn walk_boolean_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bty: &mut ast::BooleanType<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut bty.span) +} + +pub fn walk_u8_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8ty: &mut ast::U8Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8ty.span) +} + +pub fn walk_u16_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16ty: &mut ast::U16Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16ty.span) +} + +pub fn walk_u32_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32ty: &mut ast::U32Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32ty.span) +} + +pub fn walk_u64_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64ty: &mut ast::U64Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64ty.span) +} + +pub fn walk_array_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aty: &mut ast::ArrayType<'ast>, +) -> ZVisitorResult { + visitor.visit_basic_or_struct_type(&mut aty.ty)?; + aty.dimensions + .iter_mut() + .try_for_each(|d| visitor.visit_expression(d))?; + visitor.visit_span(&mut aty.span) +} + +pub fn walk_basic_or_struct_or_tuple_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bsty: &mut ast::BasicOrStructOrTupleType<'ast>, +) -> ZVisitorResult { + use ast::BasicOrStructOrTupleType::*; + match bsty { + Struct(s) => visitor.visit_struct_type(s), + Basic(b) => visitor.visit_basic_type(b), + Tuple(t) => visitor.visit_tuple_type(t), + } +} + +pub fn walk_struct_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + sty: &mut ast::StructType<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut sty.id)?; + if let Some(eg) = &mut sty.explicit_generics { + visitor.visit_explicit_generics(eg)?; + } + visitor.visit_span(&mut sty.span) +} + +pub fn walk_tuple_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + t: &mut ast::TupleType<'ast>, +) -> ZVisitorResult { + t.elements + .iter_mut() + .try_for_each(|e| visitor.visit_type(e))?; + visitor.visit_span(&mut t.span) +} + +pub fn walk_explicit_generics<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + eg: &mut ast::ExplicitGenerics<'ast>, +) -> ZVisitorResult { + eg.values + .iter_mut() + .try_for_each(|v| visitor.visit_constant_generic_value(v))?; + visitor.visit_span(&mut eg.span) +} + +pub fn walk_constant_generic_value<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + cgv: &mut ast::ConstantGenericValue<'ast>, +) -> ZVisitorResult { + use ast::ConstantGenericValue::*; + match cgv { + Value(l) => visitor.visit_literal_expression(l), + Identifier(i) => visitor.visit_identifier_expression(i), + Underscore(u) => visitor.visit_underscore(u), + } +} + +pub fn walk_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + lexpr: &mut ast::LiteralExpression<'ast>, +) -> ZVisitorResult { + use ast::LiteralExpression::*; + match lexpr { + DecimalLiteral(d) => visitor.visit_decimal_literal_expression(d), + BooleanLiteral(b) => visitor.visit_boolean_literal_expression(b), + HexLiteral(h) => visitor.visit_hex_literal_expression(h), + } +} + +pub fn walk_decimal_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + dle: &mut ast::DecimalLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_decimal_number(&mut dle.value)?; + if let Some(s) = &mut dle.suffix { + visitor.visit_decimal_suffix(s)?; + } + visitor.visit_span(&mut dle.span) +} + +pub fn walk_decimal_number<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + dn: &mut ast::DecimalNumber<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut dn.span) +} + +pub fn walk_decimal_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ds: &mut ast::DecimalSuffix<'ast>, +) -> ZVisitorResult { + use ast::DecimalSuffix::*; + match ds { + U8(u8s) => visitor.visit_u8_suffix(u8s), + U16(u16s) => visitor.visit_u16_suffix(u16s), + U32(u32s) => visitor.visit_u32_suffix(u32s), + U64(u64s) => visitor.visit_u64_suffix(u64s), + Field(fs) => visitor.visit_field_suffix(fs), + } +} + +pub fn walk_u8_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8s: &mut ast::U8Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8s.span) +} + +pub fn walk_u16_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16s: &mut ast::U16Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16s.span) +} + +pub fn walk_u32_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32s: &mut ast::U32Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32s.span) +} + +pub fn walk_u64_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64s: &mut ast::U64Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64s.span) +} + +pub fn walk_field_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fs: &mut ast::FieldSuffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut fs.span) +} + +pub fn walk_boolean_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ble: &mut ast::BooleanLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut ble.span) +} + +pub fn walk_hex_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + hle: &mut ast::HexLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_hex_number_expression(&mut hle.value)?; + visitor.visit_span(&mut hle.span) +} + +pub fn walk_hex_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + hne: &mut ast::HexNumberExpression<'ast>, +) -> ZVisitorResult { + use ast::HexNumberExpression::*; + match hne { + U8(u8e) => visitor.visit_u8_number_expression(u8e), + U16(u16e) => visitor.visit_u16_number_expression(u16e), + U32(u32e) => visitor.visit_u32_number_expression(u32e), + U64(u64e) => visitor.visit_u64_number_expression(u64e), + } +} + +pub fn walk_u8_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8e: &mut ast::U8NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8e.span) +} + +pub fn walk_u16_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16e: &mut ast::U16NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16e.span) +} + +pub fn walk_u32_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32e: &mut ast::U32NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32e.span) +} + +pub fn walk_u64_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64e: &mut ast::U64NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64e.span) +} + +pub fn walk_underscore<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u: &mut ast::Underscore<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u.span) +} + +pub fn walk_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + expr: &mut ast::Expression<'ast>, +) -> ZVisitorResult { + use ast::Expression::*; + match expr { + Ternary(te) => visitor.visit_ternary_expression(te), + Binary(be) => visitor.visit_binary_expression(be), + Unary(ue) => visitor.visit_unary_expression(ue), + Postfix(pe) => visitor.visit_postfix_expression(pe), + Identifier(ie) => visitor.visit_identifier_expression(ie), + Literal(le) => visitor.visit_literal_expression(le), + InlineArray(iae) => visitor.visit_inline_array_expression(iae), + InlineStruct(ise) => visitor.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => visitor.visit_array_initializer_expression(aie), + InlineTuple(ite) => visitor.visit_inline_tuple_expression(ite), + IfElse(ie) => visitor.visit_if_else_expression(ie), + } +} + +pub fn walk_ternary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + te: &mut ast::TernaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut te.condition)?; + visitor.visit_expression(&mut te.consequence)?; + visitor.visit_expression(&mut te.alternative)?; + visitor.visit_span(&mut te.span) +} + +pub fn walk_if_else_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ie: &mut ast::IfElseExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut ie.condition)?; + visitor.visit_expression(&mut ie.consequence)?; + visitor.visit_expression(&mut ie.alternative)?; + visitor.visit_span(&mut ie.span) +} +pub fn walk_binary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + be: &mut ast::BinaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_binary_operator(&mut be.op)?; + visitor.visit_expression(&mut be.left)?; + visitor.visit_expression(&mut be.right)?; + visitor.visit_span(&mut be.span) +} + +pub fn walk_unary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ue: &mut ast::UnaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_unary_operator(&mut ue.op)?; + visitor.visit_expression(&mut ue.expression)?; + visitor.visit_span(&mut ue.span) +} + +pub fn walk_unary_operator<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + uo: &mut ast::UnaryOperator, +) -> ZVisitorResult { + use ast::UnaryOperator::*; + match uo { + Pos(po) => visitor.visit_pos_operator(po), + Neg(ne) => visitor.visit_neg_operator(ne), + Not(no) => visitor.visit_not_operator(no), + } +} + +pub fn walk_postfix_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + pe: &mut ast::PostfixExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut pe.base)?; + pe.accesses + .iter_mut() + .try_for_each(|a| visitor.visit_access(a))?; + visitor.visit_span(&mut pe.span) +} + +pub fn walk_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + acc: &mut ast::Access<'ast>, +) -> ZVisitorResult { + use ast::Access::*; + match acc { + Call(ca) => visitor.visit_call_access(ca), + Select(aa) => visitor.visit_array_access(aa), + Dot(ma) => visitor.visit_dot_access(ma), + } +} + +pub fn walk_call_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ca: &mut ast::CallAccess<'ast>, +) -> ZVisitorResult { + if let Some(eg) = &mut ca.explicit_generics { + visitor.visit_explicit_generics(eg)?; + } + visitor.visit_arguments(&mut ca.arguments)?; + visitor.visit_span(&mut ca.span) +} + +pub fn walk_arguments<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + args: &mut ast::Arguments<'ast>, +) -> ZVisitorResult { + args.expressions + .iter_mut() + .try_for_each(|e| visitor.visit_expression(e))?; + visitor.visit_span(&mut args.span) +} + +pub fn walk_array_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aa: &mut ast::ArrayAccess<'ast>, +) -> ZVisitorResult { + visitor.visit_range_or_expression(&mut aa.expression)?; + visitor.visit_span(&mut aa.span) +} + +pub fn walk_range_or_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + roe: &mut ast::RangeOrExpression<'ast>, +) -> ZVisitorResult { + use ast::RangeOrExpression::*; + match roe { + Range(r) => visitor.visit_range(r), + Expression(e) => visitor.visit_expression(e), + } +} + +pub fn walk_range<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + rng: &mut ast::Range<'ast>, +) -> ZVisitorResult { + if let Some(f) = &mut rng.from { + visitor.visit_from_expression(f)?; + } + if let Some(t) = &mut rng.to { + visitor.visit_to_expression(t)?; + } + visitor.visit_span(&mut rng.span) +} + +pub fn walk_from_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + from: &mut ast::FromExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut from.0) +} + +pub fn walk_to_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + to: &mut ast::ToExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut to.0) +} + +pub fn walk_dot_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ma: &mut ast::DotAccess<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_or_decimal(&mut ma.inner)?; + visitor.visit_span(&mut ma.span) +} + +pub fn walk_identifier_or_decimal<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ido: &mut ast::IdentifierOrDecimal<'ast>, +) -> ZVisitorResult { + use ast::IdentifierOrDecimal::*; + match ido { + Identifier(ie) => visitor.visit_identifier_expression(ie), + Decimal(de) => visitor.visit_decimal_number(de), + } +} +pub fn walk_inline_array_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + iae: &mut ast::InlineArrayExpression<'ast>, +) -> ZVisitorResult { + iae.expressions + .iter_mut() + .try_for_each(|e| visitor.visit_spread_or_expression(e))?; + visitor.visit_span(&mut iae.span) +} + +pub fn walk_spread_or_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + soe: &mut ast::SpreadOrExpression<'ast>, +) -> ZVisitorResult { + use ast::SpreadOrExpression::*; + match soe { + Spread(s) => visitor.visit_spread(s), + Expression(e) => visitor.visit_expression(e), + } +} + +pub fn walk_spread<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + spread: &mut ast::Spread<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut spread.expression)?; + visitor.visit_span(&mut spread.span) +} + +pub fn walk_inline_struct_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ise: &mut ast::InlineStructExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut ise.ty)?; + ise.members + .iter_mut() + .try_for_each(|m| visitor.visit_inline_struct_member(m))?; + visitor.visit_span(&mut ise.span) +} + +pub fn walk_inline_struct_member<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ism: &mut ast::InlineStructMember<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut ism.id)?; + visitor.visit_expression(&mut ism.expression)?; + visitor.visit_span(&mut ism.span) +} + +pub fn walk_inline_tuple_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ite: &mut ast::InlineTupleExpression<'ast>, +) -> ZVisitorResult { + ite.elements + .iter_mut() + .try_for_each(|e| visitor.visit_expression(e))?; + visitor.visit_span(&mut ite.span) +} + +pub fn walk_array_initializer_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aie: &mut ast::ArrayInitializerExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut aie.value)?; + visitor.visit_expression(&mut aie.count)?; + visitor.visit_span(&mut aie.span) +} + +pub fn walk_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + stmt: &mut ast::Statement<'ast>, +) -> ZVisitorResult { + use ast::Statement::*; + match stmt { + Return(r) => visitor.visit_return_statement(r), + Definition(d) => visitor.visit_definition_statement(d), + Assertion(a) => visitor.visit_assertion_statement(a), + Iteration(i) => visitor.visit_iteration_statement(i), + Log(_) => todo!("Log is not implemented!"), + Assembly(a) => visitor.visit_assembly_statement(a), + } +} + +pub fn walk_return_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ret: &mut ast::ReturnStatement<'ast>, +) -> ZVisitorResult { + if let Some(e) = &mut ret.expression { + visitor.visit_expression(e)?; + } + visitor.visit_span(&mut ret.span) +} + +pub fn walk_definition_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + def: &mut ast::DefinitionStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_typed_identifier_or_assignee(&mut def.lhs)?; + visitor.visit_expression(&mut def.expression)?; + visitor.visit_span(&mut def.span) +} + +pub fn walk_assembly_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + asm: &mut ast::AssemblyStatement<'ast>, +) -> ZVisitorResult { + for inner in &mut asm.inner { + visitor.visit_assembly_statement_inner(inner)?; + } + visitor.visit_span(&mut asm.span) +} + +pub fn walk_assembly_statement_inner<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + inner: &mut ast::AssemblyStatementInner<'ast>, +) -> ZVisitorResult { + match inner { + ast::AssemblyStatementInner::Assignment(a) => visitor.visit_assembly_assignment(a), + ast::AssemblyStatementInner::Constraint(c) => visitor.visit_assembly_constraint(c), + } +} + +pub fn walk_assembly_assignment<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + a: &mut ast::AssemblyAssignment<'ast>, +) -> ZVisitorResult { + visitor.visit_assignee(&mut a.assignee)?; + visitor.visit_assignment_operator(&mut a.operator)?; + visitor.visit_expression(&mut a.expression)?; + visitor.visit_span(&mut a.span) +} + +pub fn walk_assembly_constraint<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + c: &mut ast::AssemblyConstraint<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut c.lhs)?; + visitor.visit_expression(&mut c.rhs)?; + visitor.visit_span(&mut c.span) +} + +pub fn walk_typed_identifier_or_assignee<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + tioa: &mut ast::TypedIdentifierOrAssignee<'ast>, +) -> ZVisitorResult { + use ast::TypedIdentifierOrAssignee::*; + match tioa { + Assignee(a) => visitor.visit_assignee(a), + TypedIdentifier(ti) => visitor.visit_typed_identifier(ti), + } +} + +pub fn walk_typed_identifier<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + tid: &mut ast::TypedIdentifier<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut tid.ty)?; + visitor.visit_identifier_expression(&mut tid.identifier)?; + visitor.visit_span(&mut tid.span) +} + +pub fn walk_assignee<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + asgn: &mut ast::Assignee<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut asgn.id)?; + asgn.accesses + .iter_mut() + .try_for_each(|a| visitor.visit_assignee_access(a))?; + visitor.visit_span(&mut asgn.span) +} + +pub fn walk_assignment_operator<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ao: &mut ast::AssignmentOperator, +) -> ZVisitorResult { + use ast::AssignmentOperator::*; + match ao { + Assign(a) => visitor.visit_assign_operator(a), + AssignConstrain(ac) => visitor.visit_assign_constrain_operator(ac), + } +} + +pub fn walk_assignee_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + acc: &mut ast::AssigneeAccess<'ast>, +) -> ZVisitorResult { + use ast::AssigneeAccess::*; + match acc { + Select(aa) => visitor.visit_array_access(aa), + Dot(ma) => visitor.visit_dot_access(ma), + } +} + +pub fn walk_assertion_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + asrt: &mut ast::AssertionStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut asrt.expression)?; + if let Some(s) = &mut asrt.message { + visitor.visit_raw_string(&mut s.raw)?; + } + visitor.visit_span(&mut asrt.span) +} + +pub fn walk_iteration_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + iter: &mut ast::IterationStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_typed_identifier(&mut iter.index)?; + visitor.visit_expression(&mut iter.from)?; + visitor.visit_expression(&mut iter.to)?; + iter.statements + .iter_mut() + .try_for_each(|s| visitor.visit_statement(s))?; + visitor.visit_span(&mut iter.span) +} diff --git a/src/front/zsharpcurly/zvisit/zconstlitrw.rs b/src/front/zsharpcurly/zvisit/zconstlitrw.rs new file mode 100644 index 000000000..01e4012cf --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zconstlitrw.rs @@ -0,0 +1,378 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::term::Ty; +use super::walkfns::*; +use super::{ZVisitorError, ZVisitorMut, ZVisitorResult}; + +use zokrates_curly_pest_ast as ast; + +pub(in super::super) struct ZConstLiteralRewriter { + to_ty: Option, + found: bool, +} + +impl ZConstLiteralRewriter { + pub fn new(to_ty: Option) -> Self { + Self { + to_ty, + found: false, + } + } + + #[allow(dead_code)] + pub fn found(&self) -> bool { + self.found + } + + pub fn replace(&mut self, to_ty: Option) -> Option { + std::mem::replace(&mut self.to_ty, to_ty) + } +} + +impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { + /* + Expressions can be any of: + + Binary(BinaryExpression<'ast>), + -> depends on operator. e.g., == outputs Bool but takes in arbitrary l and r + + Ternary(TernaryExpression<'ast>) + -> first expr is Bool, other two are expected type + + Unary(UnaryExpression<'ast>), + -> no change to expected type: each sub-expr should have the expected type + + Postfix(PostfixExpression<'ast>), + -> cannot type Access results, but descend into sub-exprs to type array indices + + Identifier(IdentifierExpression<'ast>), + -> nothing to do (terminal) + + Literal(LiteralExpression<'ast>), + -> literal should have same type as expression + + InlineArray(InlineArrayExpression<'ast>), + -> descend into SpreadOrExpression, looking for either array or element type + + InlineStruct(InlineStructExpression<'ast>), + -> check that struct types are equal + + ArrayInitializer(ArrayInitializerExpression<'ast>), + -> value should have type of value inside Array + -> count should have type Field + */ + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + // first expression in a ternary should have type bool + let to_ty = self.replace(Some(Ty::Bool)); + self.visit_expression(&mut te.condition)?; + self.replace(to_ty); + self.visit_expression(&mut te.consequence)?; + self.visit_expression(&mut te.alternative)?; + self.visit_span(&mut te.span) + } + + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { + // first expression in a ternary should have type bool + let to_ty = self.replace(Some(Ty::Bool)); + self.visit_expression(&mut ie.condition)?; + self.replace(to_ty); + self.visit_expression(&mut ie.consequence)?; + self.visit_expression(&mut ie.alternative)?; + self.visit_span(&mut ie.span) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + let (ty_l, ty_r) = { + match be.op { + ast::BinaryOperator::Pow + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), + ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => (None, None), + _ => (self.to_ty.clone(), self.to_ty.clone()), + } + }; + self.visit_binary_operator(&mut be.op)?; + let to_ty = self.replace(ty_l); + self.visit_expression(&mut be.left)?; + self.replace(ty_r); + self.visit_expression(&mut be.right)?; + self.replace(to_ty); + self.visit_span(&mut be.span) + } + + fn visit_decimal_literal_expression( + &mut self, + dle: &mut ast::DecimalLiteralExpression<'ast>, + ) -> ZVisitorResult { + if dle.suffix.is_none() && self.to_ty.is_some() { + self.found = true; + dle.suffix.replace(match self.to_ty.as_ref().unwrap() { + Ty::Uint(8) => Ok(ast::DecimalSuffix::U8(ast::U8Suffix { + span: dle.span, + })), + Ty::Uint(16) => Ok(ast::DecimalSuffix::U16(ast::U16Suffix { + span: dle.span, + })), + Ty::Uint(32) => Ok(ast::DecimalSuffix::U32(ast::U32Suffix { + span: dle.span, + })), + Ty::Uint(64) => Ok(ast::DecimalSuffix::U64(ast::U64Suffix { + span: dle.span, + })), + Ty::Uint(_) => Err( + "ZConstLiteralRewriter: Uint size must be divisible by 8".to_string(), + ), + Ty::Field => Ok(ast::DecimalSuffix::Field(ast::FieldSuffix { + span: dle.span, + })), + _ => Err( + "ZConstLiteralRewriter: rewriting DecimalLiteralExpression to incompatible type" + .to_string(), + ), + }?); + } + walk_decimal_literal_expression(self, dle) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + if self.to_ty.is_some() { + if let Ty::Array(_, arr_ty) = self.to_ty.clone().unwrap() { + // ArrayInitializerExpression::value should match arr_ty + let to_ty = self.replace(Some(*arr_ty)); + self.visit_expression(&mut aie.value)?; + self.to_ty = to_ty; + } else { + return Err( + "ZConstLiteralRewriter: rewriting ArrayInitializerExpression to non-Array type" + .to_string() + .into(), + ); + } + } + + // always rewrite ArrayInitializerExpression::count literals to type U32 + let to_ty = self.replace(Some(Ty::Uint(32))); + self.visit_expression(&mut aie.count)?; + self.to_ty = to_ty; + + self.visit_span(&mut aie.span) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + self.visit_identifier_expression(&mut ise.ty)?; + + let to_ty = self.replace(None); + let ty_map = if let Some(t) = to_ty.as_ref() { + if let Ty::Struct(name, ty_map) = t { + if name != &ise.ty.value { + Err(format!("ZConstLiteralRewriter: got struct {}, expected {} visiting inline struct expression", &ise.ty.value, name)) + } else { + Ok(Some(ty_map.clone())) + } + } else { + Err( + "ZConstLiteralRewriter: rewriting InlineStructExpression to non-Struct type" + .to_string(), + ) + } + } else { + Ok(None) + }?; + + if let Some(ty_map) = ty_map { + let mut ty_map = ty_map.into_map(); + let (mem, str_name) = (&mut ise.members, &ise.ty.value); + mem.iter_mut() + .try_for_each(|m| ty_map + .remove(&m.id.value) + .ok_or_else(|| ZVisitorError(format!( + "ZConstLiteralRewriter: no member {} in struct {}, or duplicate member in inline expression", + &m.id.value, + str_name, + ))) + .and_then(|ty| { + self.to_ty = Some(ty); + self.visit_inline_struct_member(m) + }) + )?; + + if !ty_map.is_empty() { + return Err(format!( + "ZConstLiteralRewriter: inline expression for struct {} has extra fields: {:?}", + &ise.ty.value, + ty_map.keys().collect::>(), + ) + .into()); + } + } else { + ise.members + .iter_mut() + .try_for_each(|m| self.visit_inline_struct_member(m))?; + } + self.to_ty = to_ty; + + self.visit_span(&mut ise.span) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + let mut inner_ty = if let Some(t) = self.to_ty.as_ref() { + if let Ty::Array(_, arr_ty) = t.clone() { + Ok(Some(*arr_ty)) + } else { + Err( + "ZConstLiteralRewriter: rewriting InlineArrayExpression to non-Array type" + .to_string(), + ) + } + } else { + Ok(None) + }?; + + for e in iae.expressions.iter_mut() { + use ast::SpreadOrExpression::*; + match e { + Spread(s) => { + // a spread expression is an array; array type should match (we ignore number) + self.visit_spread(s)?; + } + Expression(e) => { + // an expression here is an individual array element, inner type should match + inner_ty = self.replace(inner_ty); + self.visit_expression(e)?; + inner_ty = self.replace(inner_ty); + } + } + } + + self.visit_span(&mut iae.span) + } + + fn visit_postfix_expression( + &mut self, + pe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + use ast::Expression; + match *pe.base { + Expression::Identifier(ref mut id) => self.visit_identifier_expression(id)?, + _ => panic!("Expected identifier in postfix expression base"), + } + //self.visit_identifier_expression(&mut pe.base.id)?; + + // descend into accesses. we do not know expected type for these expressions + // (but we may end up descending into an ArrayAccess, which would get typed) + let to_ty = self.replace(None); + pe.accesses + .iter_mut() + .try_for_each(|a| self.visit_access(a))?; + self.to_ty = to_ty; + + self.visit_span(&mut pe.span) + } + + fn visit_array_type(&mut self, aty: &mut ast::ArrayType<'ast>) -> ZVisitorResult { + // ArrayType.ty should match arr_ty + let to_ty = self.replace( + self.to_ty + .as_ref() + .map(|to_ty| { + if let Ty::Array(_, arr_ty) = to_ty { + Ok(*arr_ty.clone()) + } else { + Err( + "ZConstLiteralRewriter: rewriting ArrayType to non-Array type" + .to_string(), + ) + } + }) + .transpose()?, + ); + self.visit_basic_or_struct_type(&mut aty.ty)?; + + // always rewrite ArrayType::dimensions literals to type U32 + self.replace(Some(Ty::Uint(32))); + aty.dimensions + .iter_mut() + .try_for_each(|d| self.visit_expression(d))?; + self.to_ty = to_ty; + + self.visit_span(&mut aty.span) + } + + fn visit_explicit_generics(&mut self, eg: &mut ast::ExplicitGenerics<'ast>) -> ZVisitorResult { + // always rewrite ConstantGenericValue literals to type U32 + let to_ty = self.replace(Some(Ty::Uint(32))); + walk_explicit_generics(self, eg)?; + self.to_ty = to_ty; + Ok(()) + } + + fn visit_field_type(&mut self, fty: &mut ast::FieldType<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Field)) { + return Err("ZConstLiteralRewriter: Field type mismatch" + .to_string() + .into()); + } + walk_field_type(self, fty) + } + + fn visit_boolean_type(&mut self, bty: &mut ast::BooleanType<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Bool)) { + return Err("ZConstLiteralRewriter: Bool type mismatch" + .to_string() + .into()); + } + walk_boolean_type(self, bty) + } + + fn visit_u8_type(&mut self, u8ty: &mut ast::U8Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(8))) { + return Err("ZConstLiteralRewriter: u8 type mismatch".to_string().into()); + } + walk_u8_type(self, u8ty) + } + + fn visit_u16_type(&mut self, u16ty: &mut ast::U16Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(16))) { + return Err("ZConstLiteralRewriter: u16 type mismatch" + .to_string() + .into()); + } + walk_u16_type(self, u16ty) + } + + fn visit_u32_type(&mut self, u32ty: &mut ast::U32Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(32))) { + return Err("ZConstLiteralRewriter: u32 type mismatch" + .to_string() + .into()); + } + walk_u32_type(self, u32ty) + } + + fn visit_u64_type(&mut self, u64ty: &mut ast::U64Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(64))) { + return Err("ZConstLiteralRewriter: u64 type mismatch" + .to_string() + .into()); + } + walk_u64_type(self, u64ty) + } +} diff --git a/src/front/zsharpcurly/zvisit/zgenericinf.rs b/src/front/zsharpcurly/zvisit/zgenericinf.rs new file mode 100644 index 000000000..d5c83a44c --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zgenericinf.rs @@ -0,0 +1,477 @@ +//! Generic parameter inference + +use super::super::term::{cond, const_val, Ty, T}; +use super::super::{span_to_string, ZGen}; +use crate::ir::term::{bv_lit, const_, term, var, BoolNaryOp, Op, Sort, Term, Value}; +#[cfg(feature = "smt")] +use crate::target::smt::find_unique_model; + +use log::debug; +use std::cell::RefCell; +use std::collections::HashMap; +use std::path::Path; +use zokrates_curly_pest_ast as ast; + +thread_local! { + static CACHE: RefCell>> = RefCell::new(HashMap::new()); +} + +pub(in super::super) struct ZGenericInf<'ast, 'gen, const IS_CNST: bool> { + zgen: &'gen ZGen<'ast>, + fdef: &'gen ast::FunctionDefinition<'ast>, + gens: &'gen [ast::IdentifierExpression<'ast>], + path: &'gen Path, + sfx: String, + constr: Option, +} + +impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { + pub fn new( + zgen: &'gen ZGen<'ast>, + fdef: &'gen ast::FunctionDefinition<'ast>, + path: &'gen Path, + name: &str, + ) -> Self { + let gens = fdef.generics.as_ref(); + let mut path_str = "___".to_string(); + path_str.push_str(&path.to_string_lossy()); + path_str.push_str("___"); + path_str.push_str(name); + path_str.push_str("___"); + path_str.push_str(&fdef.id.value); + let sfx = make_sfx(path_str, &fdef.id.value); + Self { + zgen, + fdef, + gens, + path, + sfx, + constr: None, + } + } + + fn is_generic_var(&self, var: &str) -> bool { + self.gens.iter().any(|id| id.value == var) + } + + fn add_constraint(&mut self, lhs: Term, rhs: Term) { + let new_term = term![Op::Eq; lhs, rhs]; + let new_term = if let Some(old_term) = self.constr.take() { + term![Op::BoolNaryOp(BoolNaryOp::And); old_term, new_term] + } else { + new_term + }; + self.constr = Some(new_term); + } + + fn const_id_(&self, id: &ast::IdentifierExpression<'ast>) -> Result { + self.zgen + .identifier_impl_::(id) + .and_then(const_val) + } + + pub fn unify_generic>( + &mut self, + egv: &[ast::ConstantGenericValue<'ast>], + rty: Option, + arg_tys: ATIter, + ) -> Result, String> { + debug!("ZGenericInf::unify_generic"); + use ast::ConstantGenericValue as CGV; + self.constr = None; + self.gens = &self.fdef.generics[..]; + + // early returns: monomorphized or not generic + if self.gens.is_empty() { + debug!("done (no generics)"); + return Ok(HashMap::new()); + } + if egv.len() == self.gens.len() && !egv.iter().any(|cgv| matches!(cgv, CGV::Underscore(_))) + { + match self + .zgen + .egvs_impl_::(egv, self.fdef.generics.clone()) + { + Ok(gens) if gens.len() == self.gens.len() => { + debug!("done (explicit generics)"); + return Ok(gens); + } + _ => (), + }; + } + + // self.fdef is in the context of self.path + self.zgen.file_stack_push(self.path.to_path_buf()); + + // 1. build up the already-known generics + for (cgv, id) in egv.iter().zip(self.fdef.generics.iter()) { + if let Some(v) = match cgv { + CGV::Underscore(_) => None, + CGV::Value(v) => Some(self.zgen.literal_(v)?), + CGV::Identifier(i) => Some(self.const_id_(i)?), + } { + let var = make_varname(&id.value, &self.sfx); + let val = match v.ty { + Ty::Uint(32) => Ok(v.term), + ty => Err(format!( + "ZGenericInf: ConstantGenericValue for {} had type {}, expected u32", + &id.value, ty + )), + }?; + self.add_constraint(var, val); + } + } + + // 2. for each argument, update the const generic values + for (pty, arg_ty) in self.fdef.parameters.iter().map(|p| &p.ty).zip(arg_tys) { + self.fdef_gen_ty(arg_ty, pty)?; + // bracketing invariant + assert!(self.gens == &self.fdef.generics[..]); + assert!(self.sfx.ends_with(&self.fdef.id.value)); + } + + // 3. unify the return type + match (rty, self.fdef.return_type.as_ref()) { + (Some(rty), Some(ret)) => self.fdef_gen_ty(rty, ret), + (Some(rty), None) if rty != Ty::Bool => Err(format!( + "Function {} expected implicit Bool ret, but got {}", + &self.fdef.id.value, rty + )), + (Some(_), None) => Ok(()), + (None, _) => Ok(()), + }?; + // bracketing invariant + assert!(self.gens == &self.fdef.generics[..]); + assert!(self.sfx.ends_with(&self.fdef.id.value)); + + // back to calling context + self.zgen.file_stack_pop(); + + // 4. run the solver on the term stack, if it's not already cached + if let Some(res) = self + .constr + .as_ref() + .and_then(|t| CACHE.with(|c| c.borrow().get(t).cloned())) + { + assert!(self.gens.len() == res.len()); + assert!(self.gens.iter().all(|g| res.contains_key(&g.value))); + debug!("done (cached result for {})", &self.sfx); + return Ok(res); + } + let g_names = self + .gens + .iter() + .map(|gid| make_varname_str(&gid.value, &self.sfx)) + .collect::>(); + let mut solved = self + .constr + .as_ref() + .and_then(|t| find_unique_model(t, g_names.clone())) + .unwrap_or_default(); + + // 5. extract the assignments from the solver result + let mut res = HashMap::with_capacity(g_names.len()); + assert_eq!(g_names.len(), self.gens.len()); + g_names + .into_iter() + .enumerate() + .for_each(|(idx, mut g_name)| { + if let Some(g_val) = solved.remove(&g_name) { + match &g_val { + Value::BitVector(bv) => assert!(bv.width() == 32), + _ => unreachable!(), + } + g_name.truncate(self.gens[idx].value.len()); + g_name.shrink_to_fit(); + assert!(res + .insert(g_name, T::new(Ty::Uint(32), const_(g_val))) + .is_none()); + } + }); + if self.constr.is_some() { + CACHE.with(|c| { + c.borrow_mut() + .insert(self.constr.take().unwrap(), res.clone()) + }); + } + debug!("done (finished inference)"); + Ok(res) + } + + fn fdef_gen_ty(&mut self, arg_ty: Ty, def_ty: &ast::Type<'ast>) -> Result<(), String> { + use ast::Type as TT; + match def_ty { + TT::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), + TT::Array(dty_a) => self.fdef_gen_ty_array(arg_ty, dty_a), + TT::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), + TT::Tuple(_) => todo!("Tuple type is not handled!"), + } + } + + fn fdef_gen_ty_basic(&self, arg_ty: Ty, bas_ty: &ast::BasicType<'ast>) -> Result<(), String> { + // XXX(q) dispatch to const_ or not? does not seem necessary because arg is Type::Basic + if arg_ty + != self + .zgen + .type_impl_::(&ast::Type::Basic(bas_ty.clone()))? + { + Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was {bas_ty:?}" + )) + } else { + Ok(()) + } + } + + fn fdef_gen_ty_array( + &mut self, + mut arg_ty: Ty, + def_ty: &ast::ArrayType<'ast>, + ) -> Result<(), String> { + if !matches!(arg_ty, Ty::Array(_, _)) { + return Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was Array", + )); + } + + // iterate through array dimensions, unifying each with fn decl + let mut dim_off = 0; + loop { + match arg_ty { + Ty::Array(arg_dim, nty) => { + // make sure that we expect at least one more array dim + if dim_off >= def_ty.dimensions.len() { + return Err(format!( + "Type mismatch: got >={}-dim array, decl was {} dims", + dim_off, + def_ty.dimensions.len(), + )); + } + + // unify actual dimension with dim expression + self.fdef_gen_ty_expr(arg_dim, &def_ty.dimensions[dim_off])?; + + // iterate + dim_off += 1; + arg_ty = *nty; + } + nty => { + // make sure we didn't expect any more array dims! + if dim_off != def_ty.dimensions.len() { + return Err(format!( + "Type mismatch: got {}-dim array, decl had {} dims", + dim_off, + def_ty.dimensions.len(), + )); + } + + arg_ty = nty; + break; + } + }; + } + + use ast::BasicOrStructOrTupleType as BoST; + match &def_ty.ty { + BoST::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), + BoST::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), + BoST::Tuple(_) => todo!("Tuple type is not handled"), + } + } + + fn fdef_gen_ty_struct_or_type( + &mut self, + arg_ty: Ty, + def_ty: &ast::StructType<'ast>, + ) -> Result<(), String> { + let (stdef, stpath) = self + .zgen + .get_struct_or_type(&def_ty.id.value) + .ok_or_else(|| format!("ZGenericInf: no struct struct or type {}", &def_ty.id.value))?; + let generics = match &stdef { + Ok(strdef) => &strdef.generics[..], + Err(tydef) => &tydef.generics[..], + }; + + // short-circuit if there are no generics in this struct + if generics.is_empty() { + return if def_ty.explicit_generics.is_some() { + Err(format!( + "Unifying generics: got explicit generics for non-generic struct type {}:\n{}", + &def_ty.id.value, + span_to_string(&def_ty.span), + )) + } else { + Ok(()) + }; + } + + // struct type in fn defn must provide explicit generics + use ast::ConstantGenericValue as CGV; + if def_ty + .explicit_generics + .as_ref() + .map(|eg| eg.values.iter().any(|eg| matches!(eg, CGV::Underscore(_)))) + .unwrap_or(true) + { + return Err(format!( + "Cannot infer generic values for struct {} arg to function {}\nGeneric structs in fn defns must have explicit generics (in terms of fn generic vars)", + &def_ty.id.value, + &self.fdef.id.value, + )); + } + + // 1. set up mapping from outer explicit generics to inner explicit generics + let new_sfx = make_sfx(self.sfx.clone(), &def_ty.id.value); + def_ty + .explicit_generics + .as_ref() + .unwrap() + .values + .iter() + .zip(generics.iter()) + .try_for_each::<_, Result<(), String>>(|(cgv, id)| { + let sgid = make_varname(&id.value, &new_sfx); + let val = match cgv { + CGV::Underscore(_) => unreachable!(), + CGV::Value(le) => u32_term(self.zgen.literal_(le)?)?, + CGV::Identifier(id) => { + if self.is_generic_var(&id.value) { + make_varname(&id.value, &self.sfx) + } else { + u32_term(self.const_id_(id)?)? + } + } + }; + self.add_constraint(sgid, val); + Ok(()) + })?; + + // 2. walk through struct def to generate constraints on inner explicit generics + let old_sfx = std::mem::replace(&mut self.sfx, new_sfx); + let old_gens = std::mem::replace(&mut self.gens, generics); + self.zgen.file_stack_push(stpath); + match stdef { + Ok(strdef) => { + // check type and struct name + let mut aty_map = match arg_ty { + Ty::Struct(aty_n, aty_map) if aty_n == def_ty.id.value => { + Ok(aty_map.into_map()) + } + Ty::Struct(aty_n, _) => Err(format!( + "Type mismatch: got struct {aty_n}, decl was struct {}", + &def_ty.id.value + )), + arg_ty => Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was Struct", + )), + }?; + for ast::StructField { id, .. } in strdef.fields.iter() { + if let Some(t) = aty_map.remove(&id.identifier.value) { + self.fdef_gen_ty(t, &id.ty)?; + } else { + return Err(format!( + "ZGenericInf: missing member {} in struct {} value", + &id.identifier.value, &def_ty.id.value, + )); + } + } + if !aty_map.is_empty() { + return Err(format!( + "ZGenericInf: struct {} value had extra members: {:?}", + &def_ty.id.value, + aty_map.keys().collect::>(), + )); + } + } + Err(tydef) => { + self.fdef_gen_ty(arg_ty, &tydef.ty)?; + } + } + + // 3. pop stack and continue + self.zgen.file_stack_pop(); + self.gens = old_gens; + self.sfx = old_sfx; + Ok(()) + } + + // turn an expr into a set of terms and assert equality + fn fdef_gen_ty_expr( + &mut self, + arg_dim: usize, + def_exp: &ast::Expression<'ast>, + ) -> Result<(), String> { + let t = u32_term(self.expr(def_exp)?)?; + self.add_constraint(bv_lit(arg_dim, 32), t); + Ok(()) + } + + fn expr(&self, expr: &ast::Expression<'ast>) -> Result { + use ast::Expression::*; + match expr { + Ternary(te) => { + let cnd = self.expr(&te.condition)?; + let csq = self.expr(&te.consequence)?; + let alt = self.expr(&te.alternative)?; + cond(cnd, csq, alt) + } + Binary(be) => { + let lhs = self.expr(&be.left)?; + let rhs = self.expr(&be.right)?; + let op = self.zgen.bin_op(&be.op); + op(lhs, rhs) + } + Unary(ue) => { + let exp = self.expr(&ue.expression)?; + let op = self.zgen.unary_op(&ue.op); + op(exp) + } + Identifier(id) => { + if self.is_generic_var(&id.value) { + Ok(T::new(Ty::Uint(32), make_varname(&id.value, &self.sfx))) + } else { + self.const_id_(id) + } + } + Literal(le) => self.zgen.literal_(le), + Postfix(_) => Err("ZGenericInf: got Postfix in array dim expr (unimpl)".into()), + InlineArray(_) => Err("ZGenericInf: got InlineArray in array dim expr (unimpl)".into()), + InlineStruct(_) => { + Err("ZGenericInf: got InlineStruct in array dim expr (unimpl)".into()) + } + ArrayInitializer(_) => { + Err("ZGenericInf: got ArrayInitializer in array dim expr (unimpl)".into()) + } + IfElse(_) => Err("ZGenericInf: got IfElse in array dim expr (unimpl)".into()), + InlineTuple(_) => Err("ZGenericInf: got InlineTuple in array dim expr (unimpl)".into()), + } + } +} + +fn u32_term(t: T) -> Result { + match t.ty { + Ty::Uint(32) => Ok(t.term), + ty => Err(format!( + "ZGenericInf: got {ty} for expr, expected T::Uint(32)" + )), + } +} + +fn make_sfx(mut base: String, sfx: &str) -> String { + base.push('_'); + base.push_str(sfx); + base +} + +fn make_varname_str(id: &str, sfx: &str) -> String { + let mut tmp = String::from(id); + tmp.push('_'); + tmp.push_str(sfx); + tmp +} + +fn make_varname(id: &str, sfx: &str) -> Term { + let tmp = make_varname_str(id, sfx); + var(tmp, Sort::BitVector(32)) +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs new file mode 100644 index 000000000..92e0591ad --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs @@ -0,0 +1,1013 @@ +//! AST Walker for zokrates_curly_pest_ast + +mod zexprtyper; + +use super::super::term::Ty; +use super::super::{span_to_string, ZGen}; +use super::eqtype::*; +use super::walkfns::*; +use super::{ + bos_to_type, ZConstLiteralRewriter, ZResult, ZVisitorError, ZVisitorMut, ZVisitorResult, +}; +use zexprtyper::ZExpressionTyper; + +use std::collections::HashMap; +use zokrates_curly_pest_ast as ast; + +pub(in super::super) struct ZStatementWalker<'ast, 'ret> { + rets: &'ret [ast::Type<'ast>], + gens: &'ret [ast::IdentifierExpression<'ast>], + zgen: &'ret ZGen<'ast>, + vars: Vec>>, +} + +impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { + pub(in super::super) fn new( + prms: &'ret [ast::Parameter<'ast>], + rets: &'ret [ast::Type<'ast>], + gens: &'ret [ast::IdentifierExpression<'ast>], + zgen: &'ret ZGen<'ast>, + ) -> Self { + let vars = vec![prms + .iter() + .map(|p| (p.id.value.clone(), p.ty.clone())) + .collect()]; + Self { + rets, + gens, + zgen, + vars, + } + } + + fn eq_type(&self, ty: &ast::Type<'ast>, ty2: &ast::Type<'ast>) -> ZVisitorResult { + eq_type(ty, ty2, self.zgen) + } + + fn type_expression<'wlk>( + &self, + expr: &mut ast::Expression<'ast>, + zty: &mut ZExpressionTyper<'ast, 'ret, 'wlk>, + ) -> ZResult>> { + zty.visit_expression(expr)?; + zty.take()? + .map(|to_ty| self.unify_expression(to_ty.clone(), expr).map(|()| to_ty)) + .transpose() + } + + // XXX(opt) take ref to Type instead of owned? + fn unify( + &self, + ty: Option>, + expr: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + // start with the simple constant literal rewrites + let mut rewriter = ZConstLiteralRewriter::new(None); + rewriter.visit_expression(expr)?; + ty.map(|ty| self.unify_expression(ty, expr)) + .unwrap_or(Ok(())) + } + + fn unify_expression( + &self, + ty: ast::Type<'ast>, + expr: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + use ast::Expression::*; + let ty = self.canon_type(ty)?; + match expr { + Ternary(te) => self.unify_ternary(ty, te), + Binary(be) => self.unify_binary(ty, be), + Unary(ue) => self.unify_unary(ty, ue), + Postfix(pe) => self.unify_postfix(ty, pe), + Identifier(ie) => self.unify_identifier(ty, ie), + Literal(le) => self.unify_literal(ty, le), + InlineArray(ia) => self.unify_inline_array(ty, ia), + InlineStruct(is) => self.unify_inline_struct(ty, is), + ArrayInitializer(ai) => self.unify_array_initializer(ty, ai), + IfElse(ie) => self.unify_if_else(ty, ie), + InlineTuple(ite) => self.unify_inline_tuple(ty, ite), + } + } + + fn get_call_ty( + &self, + fdef: &ast::FunctionDefinition<'ast>, + call: &mut ast::CallAccess<'ast>, + rty: Option<&ast::Type<'ast>>, + ) -> ZResult> { + // basic consistency checks on Call access + if call.arguments.expressions.len() != fdef.parameters.len() { + return Err(format!( + "ZStatementWalker: wrong number of arguments to fn {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + if fdef.generics.is_empty() && call.explicit_generics.is_some() { + return Err(format!( + "ZStatementWalker: got explicit generics for non-generic fn call {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + if call + .explicit_generics + .as_ref() + .map(|eg| eg.values.len() != fdef.generics.len()) + .unwrap_or(false) + { + return Err(format!( + "ZStatementWalker: wrong number of generic args to fn {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + + // unify args + fdef.parameters + .iter() + .map(|pty| pty.ty.clone()) + .zip(call.arguments.expressions.iter_mut()) + .try_for_each(|(pty, arg)| self.unify_expression(pty, arg))?; + + let ret_ty = fdef.return_type.as_ref().cloned().unwrap_or({ + ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { + span: call.span, + })) + }); + if let Some(ty) = rty { + self.eq_type(ty, &ret_ty)?; + } + Ok(ret_ty) + } + + fn get_postfix_ty( + &self, + pf: &mut ast::PostfixExpression<'ast>, + rty: Option<&ast::Type<'ast>>, + ) -> ZResult> { + use ast::Access::*; + assert!(!pf.accesses.is_empty()); + + // XXX(assume) no functions in arrays or structs + // handle first access, which is special because only this one could be a Call() + let acc = &mut pf.accesses; + let id = match *pf.base { + ast::Expression::Identifier(ref identifier) => identifier, + _ => { + panic!("Expected an Expression::Identifier, but found a different expression type") + } + }; + let alen = acc.len(); + let (pf_id_ty, acc_offset) = if let Call(ca) = acc.first_mut().unwrap() { + // look up function type + self.get_function(&id.value).and_then(|fdef| { + match &fdef.return_type { + None => { + // Function without a return type is not supported + Err(ZVisitorError(format!( + "ZStatementWalker: fn {} has no return type", + &id.value, + ))) + } + Some(_) => { + // Assuming `alen` is the count of arguments and `rty` is defined elsewhere + let rty = if alen == 1 { rty } else { None }; + Ok((self.get_call_ty(fdef, ca, rty)?, 1)) + } + } + })? + } else { + // just look up variable type + (self.lookup_type(id)?, 0) + }; + + // typecheck the remaining accesses + self.walk_accesses(pf_id_ty, &pf.accesses[acc_offset..], acc_to_msacc) + } + + fn unify_postfix( + &self, + ty: ast::Type<'ast>, + pf: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + let acc_ty = self.get_postfix_ty(pf, Some(&ty))?; + self.eq_type(&ty, &acc_ty) + } + + fn unify_array_initializer( + &self, + ty: ast::Type<'ast>, + ai: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let mut at = if let Array(at) = ty { + at + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: array initializer expression wanted type {:?}:\n{}", + &ty, + span_to_string(&ai.span), + ))); + }; + assert!(!at.dimensions.is_empty()); + + // XXX(unimpl) does not check array lengths, just unifies ai.count with U32! + let u32_ty = Basic(ast::BasicType::U32(ast::U32Type { span: ai.span })); + self.unify_expression(u32_ty, &mut ai.count)?; + + let arr_ty = if at.dimensions.len() > 1 { + at.dimensions.remove(0); // perf? + Array(at) + } else { + bos_to_type(at.ty) + }; + self.unify_expression(arr_ty, &mut ai.value) + } + + fn unify_inline_struct( + &self, + ty: ast::Type<'ast>, + is: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let st = if let Struct(st) = ty { + st + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline struct wanted type {:?}:\n{}", + &ty, + span_to_string(&is.span), + ))); + }; + + let mut sm_types = self + .get_struct_or_type(&st.id.value)? + .expect("type aliases should have been flattened already") + .fields + .iter() + .map(|sf| (sf.id.identifier.value.clone(), sf.id.ty.clone())) + .collect::>>(); + + // unify each InlineStructExpression member with field def from struct def'n + is.members.iter_mut().try_for_each(|ism| { + sm_types + .remove(ism.id.value.as_str()) + .ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: struct {} has no member {}, or duplicate member in expression", + &st.id.value, &ism.id.value, + )) + }) + .and_then(|sm_ty| self.unify_expression(sm_ty, &mut ism.expression)) + })?; + + // make sure InlineStructExpression declared all members + if !sm_types.is_empty() { + Err(ZVisitorError(format!( + "ZStatementWalker: struct {} inline decl missing members {:?}\n", + &st.id.value, + sm_types.keys().collect::>() + ))) + } else { + Ok(()) + } + } + + fn unify_inline_array( + &self, + ty: ast::Type<'ast>, + ia: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + use ast::{SpreadOrExpression::*, Type::*}; + let at = if let Array(at) = ty { + at + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline array wanted type {:?}:\n{}", + &ty, + span_to_string(&ia.span), + ))); + }; + + // XXX(unimpl) does not check array lengths, just checks contained types! + let exp_ty = if at.dimensions.len() == 1 { + bos_to_type(at.ty.clone()) + } else { + ast::Type::Array(ast::ArrayType { + ty: at.ty.clone(), + dimensions: Vec::from(&at.dimensions[1..]), + span: at.span, + }) + }; + ia.expressions.iter_mut().try_for_each(|soe| match soe { + Spread(s) => self.unify_expression(Array(at.clone()), &mut s.expression), + Expression(e) => self.unify_expression(exp_ty.clone(), e), + }) + } + + fn unify_inline_tuple( + &self, + ty: ast::Type<'ast>, + it: &mut ast::InlineTupleExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let tt = if let Tuple(tt) = ty { + tt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline tuple wanted type {:?}:\n{}", + &ty, + span_to_string(&it.span), + ))); + }; + + // Check if the number of elements in the inline tuple matches the expected tuple type + if tt.elements.len() != it.elements.len() { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline tuple has {} elements, but expected {} elements:\n{}", + it.elements.len(), + tt.elements.len(), + span_to_string(&it.span), + ))); + } + + // Unify each element of the inline tuple with the corresponding type in the tuple type + tt.elements + .iter() + .zip(it.elements.iter_mut()) + .try_for_each(|(expected_ty, element)| { + self.unify_expression(expected_ty.clone(), element) + }) + } + + fn unify_identifier( + &self, + ty: ast::Type<'ast>, + ie: &ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + self.lookup_type(ie).and_then(|ity| self.eq_type(&ty, &ity)) + } + + fn unify_ternary( + &self, + ty: ast::Type<'ast>, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + // first expr must have type Bool, others the expected output type + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: te.span })); + self.unify_expression(bool_ty, &mut te.condition)?; + self.unify_expression(ty.clone(), &mut te.consequence)?; + self.unify_expression(ty, &mut te.alternative) + } + + fn unify_if_else( + &self, + ty: ast::Type<'ast>, + ie: &mut ast::IfElseExpression<'ast>, + ) -> ZVisitorResult { + // first expression in a ternary should have type bool + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: ie.span })); + self.unify_expression(bool_ty, &mut ie.condition)?; + self.unify_expression(ty.clone(), &mut ie.consequence)?; + self.unify_expression(ty, &mut ie.alternative) + } + + fn unify_binary( + &self, + ty: ast::Type<'ast>, + be: &mut ast::BinaryExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, Type::*}; + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: binary operators require Basic operands:\n{}", + span_to_string(&be.span), + ))); + }; + + let (lt, rt) = match &be.op { + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr => match &bt { + U8(_) | U16(_) | U32(_) | U64(_) => Ok((Basic(bt.clone()), Basic(bt))), + _ => Err(ZVisitorError( + "ZStatementWalker: Bit/Rem operators require U* operands".to_owned(), + )), + }, + ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift => match &bt { + U8(_) | U16(_) | U32(_) | U64(_) => { + Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))) + } + _ => Err(ZVisitorError( + "ZStatementWalker: << and >> operators require U* left operand".to_owned(), + )), + }, + ast::BinaryOperator::Or | ast::BinaryOperator::And => match &bt { + Boolean(_) => Ok((Basic(bt.clone()), Basic(bt))), + _ => Err(ZVisitorError( + "ZStatementWalker: Logical-And/Or operators require Bool operands".to_owned(), + )), + }, + ast::BinaryOperator::Add + | ast::BinaryOperator::Sub + | ast::BinaryOperator::Mul + | ast::BinaryOperator::Div + | ast::BinaryOperator::Rem => match &bt { + Boolean(_) => Err(ZVisitorError( + "ZStatementWalker: +,-,*,/ operators require Field or U* operands".to_owned(), + )), + _ => Ok((Basic(bt.clone()), Basic(bt))), + }, + ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => match &bt { + Boolean(_) => { + let mut expr_walker = ZExpressionTyper::new(self); + let lty = self.type_expression(&mut be.left, &mut expr_walker)?; + let rty = self.type_expression(&mut be.right, &mut expr_walker)?; + match (<y, &rty) { + (Some(lt), None) if matches!(lt, Basic(_)) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => + Ok((lty.clone().unwrap(), lty.unwrap())), + (None, Some(rt)) if matches!(rt, Basic(_)) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => + Ok((rty.clone().unwrap(), rty.unwrap())), + (Some(lt), Some(rt)) if (matches!(lt, Basic(_)) && matches!(rt, Basic(_))) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => { + let lty = lty.unwrap(); + let rty = rty.unwrap(); + self.eq_type(<y, &rty) + .map_err(|e| + ZVisitorError(format!( + "ZStatementWalker: got differing types {:?}, {:?} for lhs, rhs of expr:\n{}\n{}", + <y, + &rty, + e.0, + span_to_string(&be.span), + ))) + .map(|_| (lty, rty)) + } + (None, None) => Err(ZVisitorError(format!( + "ZStatementWalker: could not infer type of binop:\n{}", + span_to_string(&be.span), + ))), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: unknown error in binop typing:\n{}", + span_to_string(&be.span), + ))), + } + .and_then(|(lty, rty)| if matches!(&be.op, ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte) && matches!(lty, Basic(Boolean(_))) { + Err(ZVisitorError(format!( + "ZStatementWalker: >,>=,<,<= operators cannot be applied to Bool:\n{}", + span_to_string(&be.span), + ))) + } else { + Ok((lty, rty)) + }) + } + _ => Err(ZVisitorError( + "ZStatementWalker: comparison and equality operators output Bool".to_owned(), + )), + }, + ast::BinaryOperator::Pow => match &bt { + // XXX does POW operator really require U32 RHS? + Field(_) => Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))), + _ => Err(ZVisitorError( + "ZStatementWalker: pow operator must take Field LHS and U32 RHS".to_owned(), + )), + }, + }?; + self.unify_expression(lt, &mut be.left)?; + self.unify_expression(rt, &mut be.right) + } + + fn unify_unary( + &self, + ty: ast::Type<'ast>, + ue: &mut ast::UnaryExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, Type::*, UnaryOperator::*}; + + // remaining unary operators can only take Basic types + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: unary operators require Basic operands:\n{}", + span_to_string(&ue.span), + ))); + }; + + let ety = match &ue.op { + Pos(_) | Neg(_) => match &bt { + Boolean(_) => Err(ZVisitorError( + "ZStatementWalker: +,- unary operators require Field or U* operands" + .to_string(), + )), + _ => Ok(Basic(bt)), + }, + Not(_) => match &bt { + Field(_) => Err(ZVisitorError( + "ZStatementWalker: ! unary operator requires U* or Bool operand".to_string(), + )), + _ => Ok(Basic(bt)), + }, + }?; + + self.unify_expression(ety, &mut ue.expression) + } + + fn unify_literal( + &self, + ty: ast::Type<'ast>, + le: &mut ast::LiteralExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, LiteralExpression::*, Type::*}; + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: literal expressions must yield basic types:\n{}", + span_to_string(le.span()), + ))); + }; + + match le { + BooleanLiteral(_) => { + if let Boolean(_) = &bt { + Ok(()) + } else { + Err(ZVisitorError(format!( + "ZStatementWalker: expected {:?}, found BooleanLiteral:\n{}", + &bt, + span_to_string(le.span()), + ))) + } + } + HexLiteral(hle) => { + use ast::HexNumberExpression as HNE; + match &hle.value { + HNE::U8(_) if matches!(&bt, U8(_)) => Ok(()), + HNE::U16(_) if matches!(&bt, U16(_)) => Ok(()), + HNE::U32(_) if matches!(&bt, U32(_)) => Ok(()), + HNE::U64(_) if matches!(&bt, U64(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: HexLiteral seemed to want type {:?}:\n{}", + &bt, + span_to_string(&hle.span), + ))), + } + } + DecimalLiteral(dle) => { + use ast::DecimalSuffix as DS; + match &dle.suffix { + Some(ds) => match (ds, &bt) { + (DS::Field(_), Field(_)) => Ok(()), + (DS::U8(_), U8(_)) => Ok(()), + (DS::U16(_), U16(_)) => Ok(()), + (DS::U32(_), U32(_)) => Ok(()), + (DS::U64(_), U64(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: DecimalLiteral wanted {:?} found {:?}:\n{}", + &bt, + ds, + span_to_string(&dle.span), + ))), + }, + None => match &bt { + Boolean(_) => Err(ZVisitorError(format!( + "ZStatementWalker: DecimalLiteral wanted Bool:\n{}", + span_to_string(&dle.span), + ))), + Field(_) => Ok(DS::Field(ast::FieldSuffix { span: dle.span })), + U8(_) => Ok(DS::U8(ast::U8Suffix { span: dle.span })), + U16(_) => Ok(DS::U16(ast::U16Suffix { span: dle.span })), + U32(_) => Ok(DS::U32(ast::U32Suffix { span: dle.span })), + U64(_) => Ok(DS::U64(ast::U64Suffix { span: dle.span })), + } + .map(|ds| { + dle.suffix.replace(ds); + }), + } + } + } + } + + fn walk_accesses( + &self, + mut ty: ast::Type<'ast>, + accs: &[T], + f: F, + ) -> ZResult> + where + F: Fn(&T) -> ZResult>, + { + use ast::Type; + use MSAccRef::*; + let mut acc_dim_offset = 0; + for acc in accs { + if matches!(ty, Type::Basic(_)) { + return Err(ZVisitorError( + "ZStatementWalker: tried to walk accesses into a Basic type".to_string(), + )); + } + ty = self.canon_type(ty)?; + ty = match f(acc)? { + Select(aacc) => { + if let Type::Array(aty) = ty { + use ast::RangeOrExpression::*; + match &aacc.expression { + Range(_) => Type::Array(aty), + Expression(_) => { + if aty.dimensions.len() - acc_dim_offset > 1 { + acc_dim_offset += 1; + Type::Array(aty) + } else { + acc_dim_offset = 0; + bos_to_type(aty.ty) + } + } + } + } else { + return Err(ZVisitorError( + "ZStatementWalker: tried to access an Array as a Struct".to_string(), + )); + } + } + Dot(macc) => { + match ty { + // XXX(unimpl) LHS of definitions must make generics explicit + Type::Struct(sty) => { + self.get_struct_or_type(&sty.id.value)? + .expect("type aliases should have been flattened already") + .fields + .iter() + .find(|f| { + if let ast::IdentifierOrDecimal::Identifier(id) = &macc.inner { + f.id.identifier.value == id.value + } else { + false + } + }) + .ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: struct {} has no member {}", + &sty.id.value, + if let ast::IdentifierOrDecimal::Identifier(id) = &macc.inner { + &id.value + } else { + "non-identifier" + } + )) + }) + .map(|f| f.id.ty.clone())? + }, + Type::Tuple(tty) => { + if let ast::IdentifierOrDecimal::Decimal(idx) = &macc.inner { + let idx_val = idx.span.as_str().parse::().map_err(|_| { + ZVisitorError("Invalid tuple index".to_string()) + })?; + if idx_val < tty.elements.len() { + tty.elements[idx_val].clone() + } else { + return Err(ZVisitorError(format!( + "Tuple index {} out of bounds (tuple has {} elements)", + idx_val, + tty.elements.len() + ))); + } + } else { + return Err(ZVisitorError( + "ZStatementWalker: tuple access must use a decimal index".to_string(), + )); + } + }, + _ => return Err(ZVisitorError(format!( + "ZStatementWalker: dot notation can only be used with structs or tuples, found {:?}", + ty + ))), + } + } + } + } + + // handle any dimensional readjustments we've delayed + if acc_dim_offset > 0 { + ty = if let Type::Array(mut aty) = ty { + Type::Array(ast::ArrayType { + ty: aty.ty, + dimensions: aty.dimensions.drain(acc_dim_offset..).collect(), + span: aty.span, + }) + } else { + unreachable!("acc_dim_offset != 0 when ty not Array"); + } + } + + Ok(ty) + } + + fn get_function(&self, id: &str) -> ZResult<&ast::FunctionDefinition<'ast>> { + self.zgen + .get_function(id) + .ok_or_else(|| ZVisitorError(format!("ZStatementWalker: undeclared function {id}"))) + } + + fn get_struct_or_type( + &self, + id: &str, + ) -> ZResult, &ast::TypeDefinition<'ast>>> { + self.zgen + .get_struct_or_type(id) + .map(|(m, _)| m) + .ok_or_else(|| { + ZVisitorError(format!("ZStatementWalker: undeclared struct type {id}.\nNOTE: If {id} is a struct behind an imported type alias, its definition\n must also be imported into the module where the alias is used.")) + }) + } + + fn const_defined(&self, id: &str) -> bool { + self.zgen.const_defined(id) + } + + fn generic_defined(&self, id: &str) -> bool { + // XXX(perf) if self.gens is long this could be improved with a HashSet. + // Realistically, a function will have a small number of generic params. + self.gens.iter().any(|g| g.value == id) + } + + fn var_defined(&self, id: &str) -> bool { + self.vars.iter().rev().any(|v| v.contains_key(id)) + } + + fn lookup_var(&self, nm: &str) -> Option> { + self.vars.iter().rev().find_map(|v| v.get(nm).cloned()) + } + + fn lookup_type(&self, id: &ast::IdentifierExpression<'ast>) -> ZResult> { + if self.generic_defined(&id.value) { + // generics are always U32 + Ok(ast::Type::Basic(ast::BasicType::U32(ast::U32Type { + span: id.span, + }))) + } else if let Some(t) = self.zgen.const_ty_lookup_(&id.value) { + Ok(t.clone()) + } else { + self.lookup_var(&id.value).ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: identifier {} undefined", + &id.value + )) + }) + } + } + + fn apply_varonly(&mut self, nm: &str, f: F) -> ZResult + where + F: FnOnce(&mut Self, &str) -> R, + { + if self.generic_defined(nm) { + Err(ZVisitorError(format!( + "ZStatementWalker: attempted to shadow generic {nm}" + ))) + } else if self.const_defined(nm) { + Err(ZVisitorError(format!( + "ZStatementWalker: attempted to shadow const {nm}" + ))) + } else { + Ok(f(self, nm)) + } + } + + fn lookup_type_varonly(&mut self, nm: &str) -> ZResult>> { + self.apply_varonly(nm, |s, nm| s.lookup_var(nm)) + } + + fn insert_var(&mut self, nm: &str, ty: ast::Type<'ast>) -> ZResult>> { + self.apply_varonly(nm, |s, nm| { + s.vars.last_mut().unwrap().insert(nm.to_string(), ty) + }) + } + + fn push_scope(&mut self) { + self.vars.push(HashMap::new()); + } + + fn pop_scope(&mut self) { + self.vars.pop(); + } + + // shallow canonicalization: flatten down to the first Basic, Array, or non-alias Struct + fn canon_type(&self, ty: ast::Type<'ast>) -> ZResult> { + use ast::Type::*; + match ty { + Basic(b) => Ok(ast::Type::Basic(b)), + Array(a) => Ok(ast::Type::Array(a)), + Struct(s) => match self.get_struct_or_type(&s.id.value)? { + Ok(_) => Ok(ast::Type::Struct(s)), + Err(tydef) => self.canon_type(tydef.ty.clone()), + }, + Tuple(t) => Ok(ast::Type::Tuple(t)), + } + } +} + +impl<'ast> ZVisitorMut<'ast> for ZStatementWalker<'ast, '_> { + fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { + // XXX(unimpl) multi-return statements not supported + if self.rets.len() > 1 { + return Err(ZVisitorError( + "ZStatementWalker: multi-returns not supported".to_owned(), + )); + } + + if let Some(expr) = ret.expression.as_mut() { + self.unify(self.rets.first().cloned(), expr)?; + } + walk_return_statement(self, ret) + } + + fn visit_assertion_statement( + &mut self, + asrt: &mut ast::AssertionStatement<'ast>, + ) -> ZVisitorResult { + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { + span: asrt.span, + })); + self.unify(Some(bool_ty), &mut asrt.expression)?; + walk_assertion_statement(self, asrt) + } + + fn visit_iteration_statement( + &mut self, + iter: &mut ast::IterationStatement<'ast>, + ) -> ZVisitorResult { + self.visit_type(&mut iter.index.ty)?; + + self.push_scope(); // { + self.insert_var(&iter.index.identifier.value, iter.index.ty.clone())?; + self.visit_identifier_expression(&mut iter.index.identifier)?; + + // type propagation for index expressions + self.unify(Some(iter.index.ty.clone()), &mut iter.from)?; + self.visit_expression(&mut iter.from)?; + self.unify(Some(iter.index.ty.clone()), &mut iter.to)?; + self.visit_expression(&mut iter.to)?; + + iter.statements + .iter_mut() + .try_for_each(|s| self.visit_statement(s))?; + + self.pop_scope(); // } + self.visit_span(&mut iter.span) + } + + fn visit_definition_statement( + &mut self, + def: &mut ast::DefinitionStatement<'ast>, + ) -> ZVisitorResult { + // XXX(unimpl) no L<-R generic inference right now. + // REVISIT: if LHS is generic typed identifier and RHS has complete type, infer L<-R? + self.visit_typed_identifier_or_assignee(&mut def.lhs)?; + + // unify lhs and rhs + let ty_accs = match &def.lhs { + ast::TypedIdentifierOrAssignee::Assignee(a) => { + let (na, acc) = (&a.id.value, a.accesses.as_ref()); + self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) + } + ast::TypedIdentifierOrAssignee::TypedIdentifier(ti) => { + let (na, acc) = (&ti.identifier.value, &[][..]); + self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) + } + }; + + if let Ok(Some((ty, accs))) = ty_accs { + let ty = self.walk_accesses(ty, accs, aacc_to_msacc)?; + self.unify(Some(ty), &mut def.expression)?; + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: found expression with no LHS:\n{}", + span_to_string(&def.span), + ))); + } + self.visit_expression(&mut def.expression)?; + self.visit_span(&mut def.span) + } + + fn visit_assignee(&mut self, asgn: &mut ast::Assignee<'ast>) -> ZVisitorResult { + if !self.var_defined(&asgn.id.value) { + Err(ZVisitorError(format!( + "ZStatementWalker: assignment to undeclared variable {}", + &asgn.id.value + ))) + } else { + walk_assignee(self, asgn) + } + } + + fn visit_typed_identifier(&mut self, ti: &mut ast::TypedIdentifier<'ast>) -> ZVisitorResult { + ZConstLiteralRewriter::new(None).visit_type(&mut ti.ty)?; + self.insert_var(&ti.identifier.value, ti.ty.clone())?; + walk_typed_identifier(self, ti) + } + + fn visit_range_or_expression( + &mut self, + roe: &mut ast::RangeOrExpression<'ast>, + ) -> ZVisitorResult { + use ast::RangeOrExpression::*; + match roe { + Range(r) => self.visit_range(r), + Expression(e) => self.visit_array_index_expression(e), + } + } + + fn visit_array_index_expression(&mut self, e: &mut ast::Expression<'ast>) -> ZVisitorResult { + let mut zty = ZExpressionTyper::new(self); + if self.type_expression(e, &mut zty)?.is_none() { + let mut zrw = ZConstLiteralRewriter::new(Some(Ty::Field)); + zrw.visit_expression(e)?; + } + self.visit_expression(e) + } + + fn visit_range(&mut self, rng: &mut ast::Range<'ast>) -> ZVisitorResult { + let mut zty = ZExpressionTyper::new(self); + let fty = rng + .from + .as_mut() + .map(|fexp| self.type_expression(&mut fexp.0, &mut zty)) + .transpose()? + .flatten(); + let tty = rng + .to + .as_mut() + .map(|texp| self.type_expression(&mut texp.0, &mut zty)) + .transpose()? + .flatten(); + match (fty, tty) { + (None, None) => { + let mut zrw = ZConstLiteralRewriter::new(Some(Ty::Field)); + rng.from + .as_mut() + .map(|fexp| zrw.visit_expression(&mut fexp.0)) + .transpose()?; + rng.to + .as_mut() + .map(|texp| zrw.visit_expression(&mut texp.0)) + .transpose()?; + Ok(()) + } + (Some(fty), None) => rng + .to + .as_mut() + .map(|texp| self.unify_expression(fty, &mut texp.0)) + .unwrap_or(Ok(())), + (None, Some(tty)) => rng + .from + .as_mut() + .map(|fexp| self.unify_expression(tty, &mut fexp.0)) + .unwrap_or(Ok(())), + (Some(fty), Some(tty)) => self.eq_type(&fty, &tty).map_err(|e| { + ZVisitorError(format!( + "typing Range: {}\n{}", + e.0, + span_to_string(&rng.span), + )) + }), + }?; + self.visit_span(&mut rng.span) + } +} + +enum MSAccRef<'a, 'ast> { + Select(&'a ast::ArrayAccess<'ast>), + Dot(&'a ast::DotAccess<'ast>), +} + +fn aacc_to_msacc<'a, 'ast>(i: &'a ast::AssigneeAccess<'ast>) -> ZResult> { + use ast::AssigneeAccess::*; + Ok(match i { + Select(t) => MSAccRef::Select(t), + Dot(t) => MSAccRef::Dot(t), + }) +} + +fn acc_to_msacc<'a, 'ast>(i: &'a ast::Access<'ast>) -> ZResult> { + use ast::Access::*; + match i { + Select(t) => Ok(MSAccRef::Select(t)), + Dot(t) => Ok(MSAccRef::Dot(t)), + Call(t) => Err(ZVisitorError(format!( + "Illegal fn call:\n{}", + span_to_string(&t.span), + ))), + } +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs new file mode 100644 index 000000000..49e814bed --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs @@ -0,0 +1,41 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::{ZVisitorMut, ZVisitorResult}; + +use std::collections::HashMap; +use zokrates_curly_pest_ast as ast; + +pub(super) struct ZExpressionRewriter<'ast> { + gvmap: HashMap>, +} + +impl<'ast> ZExpressionRewriter<'ast> { + pub fn new(gvmap: HashMap>) -> Self { + Self { gvmap } + } +} + +impl<'ast> ZVisitorMut<'ast> for ZExpressionRewriter<'ast> { + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + use ast::Expression::*; + match expr { + Ternary(te) => self.visit_ternary_expression(te), + Binary(be) => self.visit_binary_expression(be), + Unary(ue) => self.visit_unary_expression(ue), + Postfix(pe) => self.visit_postfix_expression(pe), + Literal(le) => self.visit_literal_expression(le), + InlineArray(iae) => self.visit_inline_array_expression(iae), + InlineStruct(ise) => self.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => self.visit_array_initializer_expression(aie), + Identifier(ie) => { + if let Some(e) = self.gvmap.get(&ie.value) { + *expr = e.clone(); + Ok(()) + } else { + self.visit_identifier_expression(ie) + } + } + IfElse(ie) => self.visit_if_else_expression(ie), + } + } +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs new file mode 100644 index 000000000..f78bdc0f7 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -0,0 +1,368 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::eqtype::*; +use super::super::{bos_to_type, ZResult, ZVisitorError, ZVisitorMut, ZVisitorResult}; +use super::ZStatementWalker; + +use zokrates_curly_pest_ast as ast; + +pub(super) struct ZExpressionTyper<'ast, 'ret, 'wlk> { + walker: &'wlk ZStatementWalker<'ast, 'ret>, + ty: Option>, +} + +impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { + pub fn new(walker: &'wlk ZStatementWalker<'ast, 'ret>) -> Self { + Self { walker, ty: None } + } + + pub fn take(&mut self) -> ZResult>> { + self.ty + .take() + .map(|t| self.walker.canon_type(t)) + .transpose() + } + + fn visit_identifier_expression_t( + &mut self, + ie: &ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.walker.lookup_type(ie).map(|t| { + self.ty.replace(t); + }) + } + + fn arrayize( + &self, + ty: ast::Type<'ast>, + cnt: ast::Expression<'ast>, + spn: &ast::Span<'ast>, + ) -> ast::ArrayType<'ast> { + use ast::Type::*; + match ty { + Array(mut aty) => { + aty.dimensions.insert(0, cnt); + aty + } + Basic(bty) => ast::ArrayType { + ty: ast::BasicOrStructOrTupleType::Basic(bty), + dimensions: vec![cnt], + span: *spn, + }, + Struct(sty) => ast::ArrayType { + ty: ast::BasicOrStructOrTupleType::Struct(sty), + dimensions: vec![cnt], + span: *spn, + }, + Tuple(tt) => ast::ArrayType { + ty: ast::BasicOrStructOrTupleType::Tuple(tt), + dimensions: vec![cnt], + span: *spn, + }, + } + } +} + +impl<'ast> ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + use ast::Expression::*; + if self.ty.is_some() { + return Err(ZVisitorError( + "ZExpressionTyper: type found at expression entry?".to_string(), + )); + } + match expr { + Ternary(te) => self.visit_ternary_expression(te), + Binary(be) => self.visit_binary_expression(be), + Unary(ue) => self.visit_unary_expression(ue), + Postfix(pe) => self.visit_postfix_expression(pe), + Identifier(ie) => self.visit_identifier_expression_t(ie), + Literal(le) => self.visit_literal_expression(le), + InlineArray(iae) => self.visit_inline_array_expression(iae), + InlineStruct(ise) => self.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => self.visit_array_initializer_expression(aie), + IfElse(_) | InlineTuple(_) => todo!("IfElse and InlineTuple are not supported"), + } + } + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.visit_expression(&mut te.consequence)?; + let ty2 = self.take()?; + self.visit_expression(&mut te.alternative)?; + let ty3 = self.take()?; + match (ty2, ty3) { + (Some(t), None) => self.ty.replace(t), + (None, Some(t)) => self.ty.replace(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + self.ty.replace(t2) + } + (None, None) => None, + }; + Ok(()) + } + + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { + self.visit_expression(&mut ie.consequence)?; + let ty2 = self.take()?; + self.visit_expression(&mut ie.alternative)?; + let ty3 = self.take()?; + match (ty2, ty3) { + (Some(t), None) => self.ty.replace(t), + (None, Some(t)) => self.ty.replace(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + self.ty.replace(t2) + } + (None, None) => None, + }; + Ok(()) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + use ast::{BasicType::*, Type::*}; + assert!(self.ty.is_none()); + match &be.op { + ast::BinaryOperator::Or + | ast::BinaryOperator::And + | ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => { + self.ty + .replace(Basic(Boolean(ast::BooleanType { span: be.span }))); + } + ast::BinaryOperator::Pow => { + self.ty + .replace(Basic(Field(ast::FieldType { span: be.span }))); + } + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift + | ast::BinaryOperator::Add + | ast::BinaryOperator::Sub + | ast::BinaryOperator::Mul + | ast::BinaryOperator::Div + | ast::BinaryOperator::Rem => { + self.visit_expression(&mut be.left)?; + let ty_l = self.take()?; + self.visit_expression(&mut be.right)?; + let ty_r = self.take()?; + if let Some(ty) = match (ty_l, ty_r) { + (Some(t), None) => Some(t), + (None, Some(t)) => Some(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + Some(t2) + } + (None, None) => None, + } { + if !matches!(&ty, Basic(_)) { + return Err(ZVisitorError( + "ZExpressionTyper: got non-Basic type for a binop".to_string(), + )); + } + if matches!(&ty, Basic(Boolean(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Bool for a binop that cannot support it" + .to_string(), + )); + } + if matches!( + &be.op, + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift + ) && matches!(&ty, Basic(Field(_))) + { + return Err(ZVisitorError( + "ZExpressionTyper: got Field for a binop that cannot support it" + .to_string(), + )); + } + self.ty.replace(ty); + } + } + }; + Ok(()) + } + + fn visit_unary_expression(&mut self, ue: &mut ast::UnaryExpression<'ast>) -> ZVisitorResult { + use ast::{BasicType::*, Type::*, UnaryOperator::*}; + assert!(self.ty.is_none()); + self.visit_expression(&mut ue.expression)?; + self.ty = self.take()?; // canonicalize + match &ue.op { + Pos(_) | Neg(_) => { + if let Some(ty) = &self.ty { + if !matches!(ty, Basic(_)) || matches!(ty, Basic(Boolean(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Bool or non-Basic for unary op".to_string(), + )); + } + } + } + Not(_) => { + if let Some(ty) = &self.ty { + if !matches!(ty, Basic(_)) || matches!(ty, Basic(Field(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Field or non-Basic for unary !".to_string(), + )); + } + } + } + } + Ok(()) + } + + fn visit_boolean_literal_expression( + &mut self, + ble: &mut ast::BooleanLiteralExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.ty.replace(ast::Type::Basic(ast::BasicType::Boolean( + ast::BooleanType { span: ble.span }, + ))); + Ok(()) + } + + fn visit_decimal_suffix(&mut self, ds: &mut ast::DecimalSuffix<'ast>) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::{BasicType::*, DecimalSuffix as DS, Type::*}; + match ds { + DS::U8(s) => self.ty.replace(Basic(U8(ast::U8Type { span: s.span }))), + DS::U16(s) => self.ty.replace(Basic(U16(ast::U16Type { span: s.span }))), + DS::U32(s) => self.ty.replace(Basic(U32(ast::U32Type { span: s.span }))), + DS::U64(s) => self.ty.replace(Basic(U64(ast::U64Type { span: s.span }))), + DS::Field(s) => self + .ty + .replace(Basic(Field(ast::FieldType { span: s.span }))), + }; + Ok(()) + } + + fn visit_hex_number_expression( + &mut self, + hne: &mut ast::HexNumberExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::{BasicType::*, HexNumberExpression as HNE, Type::*}; + match hne { + HNE::U8(s) => self.ty.replace(Basic(U8(ast::U8Type { span: s.span }))), + HNE::U16(s) => self.ty.replace(Basic(U16(ast::U16Type { span: s.span }))), + HNE::U32(s) => self.ty.replace(Basic(U32(ast::U32Type { span: s.span }))), + HNE::U64(s) => self.ty.replace(Basic(U64(ast::U64Type { span: s.span }))), + }; + Ok(()) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::Type::*; + + self.visit_expression(&mut aie.value)?; + if let Some(ty) = self.take()? { + let ty = self.arrayize(ty, aie.count.as_ref().clone(), &aie.span); + self.ty.replace(Array(ty)); + } + Ok(()) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + // XXX(unimpl) we don't monomorphize struct type here... OK? + self.visit_identifier_expression_t(&ise.ty) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + assert!(!iae.expressions.is_empty()); + + let mut acc_ty = None; + let mut acc_len = 0; + iae.expressions + .iter_mut() + .try_for_each::<_, ZVisitorResult>(|soe| { + self.visit_spread_or_expression(soe)?; + if let Some(ty) = self.take()? { + let (nty, nln) = if matches!(soe, ast::SpreadOrExpression::Expression(_)) { + Ok((ty, 1)) + } else if let ast::Type::Array(mut at) = ty { + assert!(!at.dimensions.is_empty()); + let len = self.walker.zgen.const_usize_(&at.dimensions[0])?; + if at.dimensions.len() == 1 { + Ok((bos_to_type(at.ty), len)) + } else { + at.dimensions.remove(0); + Ok((ast::Type::Array(at), len)) + } + } else { + Err(format!( + "ZExpressionTyper: Spread expression: expected array, got {ty:?}" + )) + }?; + + if let Some(acc) = &acc_ty { + eq_type(acc, &nty, self.walker.zgen)?; + } else { + acc_ty.replace(nty); + } + acc_len += nln; + Ok(()) + } else if matches!(soe, ast::SpreadOrExpression::Expression(_)) { + // assume expression type is OK, just increment count + acc_len += 1; + Ok(()) + } else { + Err(ZVisitorError(format!( + "ZExpressionTyper: Could not type SpreadOrExpression::Spread {soe:#?}", + ))) + } + })?; + + self.ty = acc_ty.map(|at| { + ast::Type::Array(self.arrayize( + at, + ast::Expression::Literal(ast::LiteralExpression::HexLiteral( + ast::HexLiteralExpression { + value: ast::HexNumberExpression::U32(ast::U32NumberExpression { + value: format!("{acc_len:04x}"), + span: iae.span, + }), + span: iae.span, + }, + )), + &iae.span, + )) + }); + Ok(()) + } + + fn visit_postfix_expression( + &mut self, + pfe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.ty.replace(self.walker.get_postfix_ty(pfe, None)?); + Ok(()) + } +} diff --git a/src/front/zsharpcurly/zvisit/zvmut.rs b/src/front/zsharpcurly/zvisit/zvmut.rs new file mode 100644 index 000000000..6ec2a08e9 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zvmut.rs @@ -0,0 +1,516 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::walkfns::*; +use super::ZVisitorResult; + +use zokrates_curly_pest_ast as ast; + +pub trait ZVisitorMut<'ast>: Sized { + fn visit_file(&mut self, file: &mut ast::File<'ast>) -> ZVisitorResult { + walk_file(self, file) + } + + fn visit_pragma(&mut self, pragma: &mut ast::Pragma<'ast>) -> ZVisitorResult { + walk_pragma(self, pragma) + } + + fn visit_curve(&mut self, curve: &mut ast::Curve<'ast>) -> ZVisitorResult { + walk_curve(self, curve) + } + + fn visit_span(&mut self, _span: &mut ast::Span<'ast>) -> ZVisitorResult { + Ok(()) + } + + fn visit_symbol_declaration( + &mut self, + sd: &mut ast::SymbolDeclaration<'ast>, + ) -> ZVisitorResult { + walk_symbol_declaration(self, sd) + } + + fn visit_eoi(&mut self, _eoi: &mut ast::EOI) -> ZVisitorResult { + Ok(()) + } + + fn visit_import_directive( + &mut self, + import: &mut ast::ImportDirective<'ast>, + ) -> ZVisitorResult { + walk_import_directive(self, import) + } + + fn visit_main_import_directive( + &mut self, + mimport: &mut ast::MainImportDirective<'ast>, + ) -> ZVisitorResult { + walk_main_import_directive(self, mimport) + } + + fn visit_from_import_directive( + &mut self, + fimport: &mut ast::FromImportDirective<'ast>, + ) -> ZVisitorResult { + walk_from_import_directive(self, fimport) + } + + fn visit_raw_string(&mut self, is: &mut ast::RawString<'ast>) -> ZVisitorResult { + walk_raw_string(self, is) + } + + fn visit_import_symbol(&mut self, is: &mut ast::ImportSymbol<'ast>) -> ZVisitorResult { + walk_import_symbol(self, is) + } + + fn visit_identifier_expression( + &mut self, + ie: &mut ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + walk_identifier_expression(self, ie) + } + + fn visit_constant_definition( + &mut self, + cnstdef: &mut ast::ConstantDefinition<'ast>, + ) -> ZVisitorResult { + walk_constant_definition(self, cnstdef) + } + + fn visit_struct_definition( + &mut self, + structdef: &mut ast::StructDefinition<'ast>, + ) -> ZVisitorResult { + walk_struct_definition(self, structdef) + } + + fn visit_type_definition( + &mut self, + structdef: &mut ast::TypeDefinition<'ast>, + ) -> ZVisitorResult { + walk_type_definition(self, structdef) + } + + fn visit_struct_field(&mut self, structfield: &mut ast::StructField<'ast>) -> ZVisitorResult { + walk_struct_field(self, structfield) + } + + fn visit_function_definition( + &mut self, + fundef: &mut ast::FunctionDefinition<'ast>, + ) -> ZVisitorResult { + walk_function_definition(self, fundef) + } + + fn visit_parameter(&mut self, param: &mut ast::Parameter<'ast>) -> ZVisitorResult { + walk_parameter(self, param) + } + + fn visit_visibility(&mut self, vis: &mut ast::Visibility) -> ZVisitorResult { + walk_visibility(self, vis) + } + + fn visit_public_visibility(&mut self, _pu: &mut ast::PublicVisibility) -> ZVisitorResult { + Ok(()) + } + + fn visit_private_visibility(&mut self, _pr: &mut ast::PrivateVisibility) -> ZVisitorResult { + Ok(()) + } + + fn visit_type(&mut self, ty: &mut ast::Type<'ast>) -> ZVisitorResult { + walk_type(self, ty) + } + + fn visit_basic_type(&mut self, bty: &mut ast::BasicType<'ast>) -> ZVisitorResult { + walk_basic_type(self, bty) + } + + fn visit_field_type(&mut self, fty: &mut ast::FieldType<'ast>) -> ZVisitorResult { + walk_field_type(self, fty) + } + + fn visit_boolean_type(&mut self, bty: &mut ast::BooleanType<'ast>) -> ZVisitorResult { + walk_boolean_type(self, bty) + } + + fn visit_u8_type(&mut self, u8ty: &mut ast::U8Type<'ast>) -> ZVisitorResult { + walk_u8_type(self, u8ty) + } + + fn visit_u16_type(&mut self, u16ty: &mut ast::U16Type<'ast>) -> ZVisitorResult { + walk_u16_type(self, u16ty) + } + + fn visit_u32_type(&mut self, u32ty: &mut ast::U32Type<'ast>) -> ZVisitorResult { + walk_u32_type(self, u32ty) + } + + fn visit_u64_type(&mut self, u64ty: &mut ast::U64Type<'ast>) -> ZVisitorResult { + walk_u64_type(self, u64ty) + } + + fn visit_array_type(&mut self, aty: &mut ast::ArrayType<'ast>) -> ZVisitorResult { + walk_array_type(self, aty) + } + + fn visit_basic_or_struct_type( + &mut self, + bsty: &mut ast::BasicOrStructOrTupleType<'ast>, + ) -> ZVisitorResult { + walk_basic_or_struct_or_tuple_type(self, bsty) + } + + fn visit_struct_type(&mut self, sty: &mut ast::StructType<'ast>) -> ZVisitorResult { + walk_struct_type(self, sty) + } + + fn visit_tuple_type(&mut self, sty: &mut ast::TupleType<'ast>) -> ZVisitorResult { + walk_tuple_type(self, sty) + } + + fn visit_explicit_generics(&mut self, eg: &mut ast::ExplicitGenerics<'ast>) -> ZVisitorResult { + walk_explicit_generics(self, eg) + } + + fn visit_constant_generic_value( + &mut self, + cgv: &mut ast::ConstantGenericValue<'ast>, + ) -> ZVisitorResult { + walk_constant_generic_value(self, cgv) + } + + fn visit_literal_expression( + &mut self, + lexpr: &mut ast::LiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_literal_expression(self, lexpr) + } + + fn visit_decimal_literal_expression( + &mut self, + dle: &mut ast::DecimalLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_decimal_literal_expression(self, dle) + } + + fn visit_decimal_number(&mut self, dn: &mut ast::DecimalNumber<'ast>) -> ZVisitorResult { + walk_decimal_number(self, dn) + } + + fn visit_decimal_suffix(&mut self, ds: &mut ast::DecimalSuffix<'ast>) -> ZVisitorResult { + walk_decimal_suffix(self, ds) + } + + fn visit_u8_suffix(&mut self, u8s: &mut ast::U8Suffix<'ast>) -> ZVisitorResult { + walk_u8_suffix(self, u8s) + } + + fn visit_u16_suffix(&mut self, u16s: &mut ast::U16Suffix<'ast>) -> ZVisitorResult { + walk_u16_suffix(self, u16s) + } + + fn visit_u32_suffix(&mut self, u32s: &mut ast::U32Suffix<'ast>) -> ZVisitorResult { + walk_u32_suffix(self, u32s) + } + + fn visit_u64_suffix(&mut self, u64s: &mut ast::U64Suffix<'ast>) -> ZVisitorResult { + walk_u64_suffix(self, u64s) + } + + fn visit_field_suffix(&mut self, fs: &mut ast::FieldSuffix<'ast>) -> ZVisitorResult { + walk_field_suffix(self, fs) + } + + fn visit_boolean_literal_expression( + &mut self, + ble: &mut ast::BooleanLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_boolean_literal_expression(self, ble) + } + + fn visit_hex_literal_expression( + &mut self, + hle: &mut ast::HexLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_hex_literal_expression(self, hle) + } + + fn visit_hex_number_expression( + &mut self, + hne: &mut ast::HexNumberExpression<'ast>, + ) -> ZVisitorResult { + walk_hex_number_expression(self, hne) + } + + fn visit_u8_number_expression( + &mut self, + u8e: &mut ast::U8NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u8_number_expression(self, u8e) + } + + fn visit_u16_number_expression( + &mut self, + u16e: &mut ast::U16NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u16_number_expression(self, u16e) + } + + fn visit_u32_number_expression( + &mut self, + u32e: &mut ast::U32NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u32_number_expression(self, u32e) + } + + fn visit_u64_number_expression( + &mut self, + u64e: &mut ast::U64NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u64_number_expression(self, u64e) + } + + fn visit_underscore(&mut self, u: &mut ast::Underscore<'ast>) -> ZVisitorResult { + walk_underscore(self, u) + } + + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + walk_expression(self, expr) + } + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + walk_ternary_expression(self, te) + } + + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { + walk_if_else_expression(self, ie) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + walk_binary_expression(self, be) + } + + fn visit_binary_operator(&mut self, _bo: &mut ast::BinaryOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_unary_expression(&mut self, ue: &mut ast::UnaryExpression<'ast>) -> ZVisitorResult { + walk_unary_expression(self, ue) + } + + fn visit_unary_operator(&mut self, uo: &mut ast::UnaryOperator) -> ZVisitorResult { + walk_unary_operator(self, uo) + } + + fn visit_pos_operator(&mut self, _po: &mut ast::PosOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_neg_operator(&mut self, _po: &mut ast::NegOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_not_operator(&mut self, _po: &mut ast::NotOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_assign_operator(&mut self, _ao: &mut ast::AssignOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_assign_constrain_operator( + &mut self, + _aco: &mut ast::AssignConstrainOperator, + ) -> ZVisitorResult { + Ok(()) + } + + fn visit_postfix_expression( + &mut self, + pe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + walk_postfix_expression(self, pe) + } + + fn visit_access(&mut self, acc: &mut ast::Access<'ast>) -> ZVisitorResult { + walk_access(self, acc) + } + + fn visit_call_access(&mut self, ca: &mut ast::CallAccess<'ast>) -> ZVisitorResult { + walk_call_access(self, ca) + } + + fn visit_arguments(&mut self, args: &mut ast::Arguments<'ast>) -> ZVisitorResult { + walk_arguments(self, args) + } + + fn visit_array_access(&mut self, aa: &mut ast::ArrayAccess<'ast>) -> ZVisitorResult { + walk_array_access(self, aa) + } + + fn visit_array_index_expression( + &mut self, + index: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + walk_expression(self, index) + } + + fn visit_range_or_expression( + &mut self, + roe: &mut ast::RangeOrExpression<'ast>, + ) -> ZVisitorResult { + walk_range_or_expression(self, roe) + } + + fn visit_range(&mut self, rng: &mut ast::Range<'ast>) -> ZVisitorResult { + walk_range(self, rng) + } + + fn visit_from_expression(&mut self, from: &mut ast::FromExpression<'ast>) -> ZVisitorResult { + walk_from_expression(self, from) + } + + fn visit_to_expression(&mut self, to: &mut ast::ToExpression<'ast>) -> ZVisitorResult { + walk_to_expression(self, to) + } + + fn visit_dot_access(&mut self, ma: &mut ast::DotAccess<'ast>) -> ZVisitorResult { + walk_dot_access(self, ma) + } + + fn visit_identifier_or_decimal( + &mut self, + ido: &mut ast::IdentifierOrDecimal<'ast>, + ) -> ZVisitorResult { + walk_identifier_or_decimal(self, ido) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_array_expression(self, iae) + } + + fn visit_spread_or_expression( + &mut self, + soe: &mut ast::SpreadOrExpression<'ast>, + ) -> ZVisitorResult { + walk_spread_or_expression(self, soe) + } + + fn visit_spread(&mut self, spread: &mut ast::Spread<'ast>) -> ZVisitorResult { + walk_spread(self, spread) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_struct_expression(self, ise) + } + + fn visit_inline_struct_member( + &mut self, + ism: &mut ast::InlineStructMember<'ast>, + ) -> ZVisitorResult { + walk_inline_struct_member(self, ism) + } + + fn visit_inline_tuple_expression( + &mut self, + ite: &mut ast::InlineTupleExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_tuple_expression(self, ite) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + walk_array_initializer_expression(self, aie) + } + + fn visit_statement(&mut self, stmt: &mut ast::Statement<'ast>) -> ZVisitorResult { + walk_statement(self, stmt) + } + + fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { + walk_return_statement(self, ret) + } + + fn visit_definition_statement( + &mut self, + def: &mut ast::DefinitionStatement<'ast>, + ) -> ZVisitorResult { + walk_definition_statement(self, def) + } + + fn visit_assembly_statement( + &mut self, + asm: &mut ast::AssemblyStatement<'ast>, + ) -> ZVisitorResult { + walk_assembly_statement(self, asm) + } + + fn visit_assembly_statement_inner( + &mut self, + inner: &mut ast::AssemblyStatementInner<'ast>, + ) -> ZVisitorResult { + walk_assembly_statement_inner(self, inner) + } + + fn visit_assembly_assignment( + &mut self, + a: &mut ast::AssemblyAssignment<'ast>, + ) -> ZVisitorResult { + walk_assembly_assignment(self, a) + } + + fn visit_assembly_constraint( + &mut self, + c: &mut ast::AssemblyConstraint<'ast>, + ) -> ZVisitorResult { + walk_assembly_constraint(self, c) + } + + fn visit_typed_identifier_or_assignee( + &mut self, + tioa: &mut ast::TypedIdentifierOrAssignee<'ast>, + ) -> ZVisitorResult { + walk_typed_identifier_or_assignee(self, tioa) + } + + fn visit_typed_identifier(&mut self, ti: &mut ast::TypedIdentifier<'ast>) -> ZVisitorResult { + walk_typed_identifier(self, ti) + } + + fn visit_assignee(&mut self, asgn: &mut ast::Assignee<'ast>) -> ZVisitorResult { + walk_assignee(self, asgn) + } + + fn visit_assignment_operator(&mut self, ao: &mut ast::AssignmentOperator) -> ZVisitorResult { + walk_assignment_operator(self, ao) + } + + fn visit_assignee_access(&mut self, acc: &mut ast::AssigneeAccess<'ast>) -> ZVisitorResult { + walk_assignee_access(self, acc) + } + + fn visit_assertion_statement( + &mut self, + asrt: &mut ast::AssertionStatement<'ast>, + ) -> ZVisitorResult { + walk_assertion_statement(self, asrt) + } + + fn visit_iteration_statement( + &mut self, + iter: &mut ast::IterationStatement<'ast>, + ) -> ZVisitorResult { + walk_iteration_statement(self, iter) + } +} diff --git a/src/ir/opt/link.rs b/src/ir/opt/link.rs index 96feccbe0..e368e5579 100644 --- a/src/ir/opt/link.rs +++ b/src/ir/opt/link.rs @@ -45,7 +45,7 @@ pub fn link_one(callee: &Computation, values: Vec) -> Term { ) } -impl<'f> Linker<'f> { +impl Linker<'_> { /// Ensure that a totally linked version of `name` is in the cache. fn link_all(&mut self, name: &str) { if !self.cache.contains_key(name) { @@ -66,7 +66,7 @@ impl<'f> Linker<'f> { /// Rewrites a term, inlining function calls along the way. /// /// Assumes that the callees are already inlined. Panics otherwise. -impl<'f> RewritePass for Linker<'f> { +impl RewritePass for Linker<'_> { fn visit Vec>( &mut self, _computation: &mut Computation, diff --git a/src/ir/term/dist.rs b/src/ir/term/dist.rs index 002d53da8..0032dddd8 100644 --- a/src/ir/term/dist.rs +++ b/src/ir/term/dist.rs @@ -267,7 +267,7 @@ impl rand::distributions::Distribution for UniformBitVector { pub(crate) struct UniformFieldV<'a>(&'a FieldT); -impl<'a> rand::distributions::Distribution for UniformFieldV<'a> { +impl rand::distributions::Distribution for UniformFieldV<'_> { fn sample(&self, rng: &mut R) -> FieldV { self.0.random_v(rng) } @@ -275,7 +275,7 @@ impl<'a> rand::distributions::Distribution for UniformFieldV<'a> { pub(crate) struct UniformValue<'a>(pub &'a Sort); -impl<'a> rand::distributions::Distribution for UniformValue<'a> { +impl rand::distributions::Distribution for UniformValue<'_> { fn sample(&self, rng: &mut R) -> Value { match self.0 { Sort::Bool => Value::Bool(rng.gen()), @@ -313,7 +313,9 @@ impl rand::distributions::Distribution for FixedSizeDist { } } +/// Test helpers for dist. #[cfg(test)] +/// Utilities for random testing. pub mod test { use super::*; @@ -322,7 +324,9 @@ pub mod test { use rand::distributions::Distribution; use rand::SeedableRng; + /// PureBool struct for testing. #[derive(Clone, Debug)] + /// A random term with only Boolean descendents and values for its variables. pub struct PureBool(pub Term, pub FxHashMap); impl Arbitrary for PureBool { @@ -352,7 +356,9 @@ pub mod test { } } + /// ArbitraryTerm struct for testing. #[derive(Clone)] + /// A random term and values for its variables. pub struct ArbitraryTerm(pub Term); impl std::fmt::Debug for ArbitraryTerm { diff --git a/src/ir/term/fmt.rs b/src/ir/term/fmt.rs index 4df16d977..7575a37b6 100644 --- a/src/ir/term/fmt.rs +++ b/src/ir/term/fmt.rs @@ -281,7 +281,7 @@ impl<'a, 'b> IrFormatter<'a, 'b> { } } -impl<'a, 'b> Write for IrFormatter<'a, 'b> { +impl Write for IrFormatter<'_, '_> { fn write_str(&mut self, s: &str) -> FmtResult { self.writer.write_str(s) } @@ -509,7 +509,7 @@ impl DisplayIr for FieldV { let omit_field = f.cfg.hide_field || f.default_field .as_ref() - .map_or(false, |field| field == &self.ty()); + .is_some_and(|field| field == &self.ty()); let mut i = self.i(); let mod_bits = self.modulus().significant_bits(); if i.significant_bits() + 1 >= mod_bits { @@ -666,13 +666,13 @@ fn fmt_term_with_bindings(t: &Term, f: &mut IrFormatter) -> FmtResult { Ok(()) } -impl<'a> Display for IrWrapper<'a, Term> { +impl Display for IrWrapper<'_, Term> { fn fmt(&self, f: &mut Formatter) -> FmtResult { write!(f, "{self:?}") } } -impl<'a> Debug for IrWrapper<'a, Term> { +impl Debug for IrWrapper<'_, Term> { fn fmt(&self, f: &mut Formatter) -> FmtResult { let cfg = IrCfg::from_circ_cfg(); let f = &mut IrFormatter::new(f, &cfg); diff --git a/src/ir/term/text/mod.rs b/src/ir/term/text/mod.rs index cbd470961..58c81030a 100644 --- a/src/ir/term/text/mod.rs +++ b/src/ir/term/text/mod.rs @@ -94,7 +94,7 @@ enum TokTree<'src> { use TokTree::*; -impl<'src> Display for TokTree<'src> { +impl Display for TokTree<'_> { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { match self { Leaf(_, l) => write!(f, "{}", from_utf8(l).unwrap()), @@ -115,7 +115,7 @@ impl<'src> Display for TokTree<'src> { } } -impl<'src> Debug for TokTree<'src> { +impl Debug for TokTree<'_> { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { match self { Leaf(_, l) => write!(f, "{}", from_utf8(l).unwrap()), diff --git a/src/target/r1cs/bellman.rs b/src/target/r1cs/bellman.rs index 4a7429d00..f7e8ae529 100644 --- a/src/target/r1cs/bellman.rs +++ b/src/target/r1cs/bellman.rs @@ -72,7 +72,7 @@ pub(super) fn get_modulus() -> Integer { /// bellman prover. pub struct SynthInput<'a>(&'a ProverData, Option<&'a FxHashMap>); -impl<'a, F: PrimeField> Circuit for SynthInput<'a> { +impl Circuit for SynthInput<'_> { #[track_caller] fn synthesize(self, cs: &mut CS) -> std::result::Result<(), SynthesisError> where diff --git a/src/target/r1cs/trans.rs b/src/target/r1cs/trans.rs index 43aec59df..4c7f8868a 100644 --- a/src/target/r1cs/trans.rs +++ b/src/target/r1cs/trans.rs @@ -1166,7 +1166,9 @@ pub fn to_r1cs(cs: &Computation, cfg: &CircCfg) -> R1cs { converter.r1cs } +/// Test helpers for r1cs trans. #[cfg(test)] +/// Tests for this module. pub mod test { use super::*; diff --git a/third_party/ZoKratesCurly/LICENSE b/third_party/ZoKratesCurly/LICENSE new file mode 100644 index 000000000..65c5ca88a --- /dev/null +++ b/third_party/ZoKratesCurly/LICENSE @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. diff --git a/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock b/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock new file mode 100644 index 000000000..f358e1be7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock @@ -0,0 +1,189 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "block-buffer" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +dependencies = [ + "block-padding", + "byte-tools", + "byteorder", + "generic-array", +] + +[[package]] +name = "block-padding" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +dependencies = [ + "byte-tools", +] + +[[package]] +name = "byte-tools" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "digest" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "fake-simd" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" + +[[package]] +name = "generic-array" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd" +dependencies = [ + "typenum", +] + +[[package]] +name = "glob" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" + +[[package]] +name = "maplit" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" + +[[package]] +name = "opaque-debug" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" + +[[package]] +name = "pest" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53" +dependencies = [ + "ucd-trie", +] + +[[package]] +name = "pest_derive" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "pest_meta" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" +dependencies = [ + "maplit", + "pest", + "sha-1", +] + +[[package]] +name = "proc-macro2" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quote" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "864d3e96a899863136fc6e99f3d7cae289dafe43bf2c5ac19b70df7210c0a145" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "sha-1" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "syn" +version = "1.0.86" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a65b3f4ffa0092e9887669db0eae07941f023991ab58ea44da8fe8e2d511c6b" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "typenum" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" + +[[package]] +name = "ucd-trie" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "zokrates_parser" +version = "0.2.4" +dependencies = [ + "glob", + "pest", + "pest_derive", +] diff --git a/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml new file mode 100644 index 000000000..698c285ae --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "zokrates_parser" +version = "0.3.5" +authors = ["JacobEberhardt "] +edition = "2018" + +[dependencies] +pest = "=2.4" +pest_derive = "2.0" + +[dev-dependencies] +glob = "0.2" diff --git a/third_party/ZoKratesCurly/zokrates_parser/README.md b/third_party/ZoKratesCurly/zokrates_parser/README.md new file mode 100644 index 000000000..e6aa3301e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/README.md @@ -0,0 +1,3 @@ +# zokrates_parser + +Formal grammar specification of the ZoKrates DSL in PEG (Pest). diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md new file mode 100644 index 000000000..ced5138bf --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md @@ -0,0 +1,4 @@ +### ZoKrates Ace Mode (Syntax Highlighting for Ace/Brace) + +[Ace](https://ace.c9.io/) Edit Mode for [ZoKrates DSL](https://github.com/Zokrates/ZoKrates). +Compatible with browserify version of the ace editor, [brace](https://www.npmjs.com/package/brace). \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js new file mode 100644 index 000000000..9778609bd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js @@ -0,0 +1,121 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Distributed under the BSD license: + * + * Copyright (c) 2019, Ajax.org B.V. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of Ajax.org B.V. nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL AJAX.ORG B.V. BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ***** END LICENSE BLOCK ***** */ + +ace.define("ace/mode/zokrates_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"], function(acequire, exports, module) { + "use strict"; + + var oop = acequire("../lib/oop"); + var TextHighlightRules = acequire("./text_highlight_rules").TextHighlightRules; + + var ZoKratesHighlightRules = function () { + + var keywords = ( + "assert|as|bool|byte|const|def|do|else|endfor|export|false|field|for|if|then|fi|import|from|in|private|public|return|struct|true|u8|u16|u32|u64" + ); + + var keywordMapper = this.createKeywordMapper({ + "keyword": keywords + }, "identifier"); + + var decimalInteger = "(?:(?:[1-9]\\d*)|(?:0))"; + var decimalSuffix = "(?:_?(?:f|u(?:8|16|32|64)))?"; + var hexInteger = "(?:0[xX][\\dA-Fa-f]+)"; + var integer = "(?:" + decimalInteger + decimalSuffix + "|" + hexInteger + ")\\b"; + + this.$rules = { + "start": [ + { + token: "comment", // single line comment + regex: "\\/\\/.*$" + }, { + token: "comment", // multi line comment + regex: "\\/\\*", + next: "comment" + }, { + token: "string", // single line + regex: '["](?:(?:\\\\.)|(?:[^"\\\\]))*?["]' + }, { + token: "constant.numeric", // integer + regex: integer + }, { + token: keywordMapper, + regex: "[a-zA-Z_$][a-zA-Z0-9_$]*\\b" + }, { + token: "keyword.operator", + regex: "\\+|\\-|\\*\\*?|\\/|\\|\\|?|&&?|\\^|!|<>?|<=|=>|==|!=|=" + }, { + token: "punctuation", + regex: ",|:|;" + }, { + token: "lparen", + regex: "[[({]" + }, { + token: "rparen", + regex: "[\\])}]" + }, { + token: "text", + regex: "\\s+" + } + ], + "comment": [ + { + token: "comment", // closing comment + regex: "\\*\\/", + next: "start" + }, { + defaultToken: "comment" + } + ] + }; + }; + + oop.inherits(ZoKratesHighlightRules, TextHighlightRules); + + exports.ZoKratesHighlightRules = ZoKratesHighlightRules; +}); + +ace.define("ace/mode/zokrates",["require","exports","module","ace/lib/oop","ace/mode/text","ace/mode/zokrates_highlight_rules"], function(acequire, exports, module) { + "use strict"; + + var oop = acequire("../lib/oop"); + var TextMode = acequire("./text").Mode; + var ZoKratesHighlightRules = acequire("./zokrates_highlight_rules").ZoKratesHighlightRules; + + var Mode = function () { + this.HighlightRules = ZoKratesHighlightRules; + }; + oop.inherits(Mode, TextMode); + + (function () { + this.$id = "ace/mode/zokrates"; + }).call(Mode.prototype); + + exports.Mode = Mode; +}); diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json new file mode 100644 index 000000000..0fc3979da --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json @@ -0,0 +1,17 @@ +{ + "name": "ace-mode-zokrates", + "version": "1.0.4", + "description": "Ace Mode for ZoKrates DSL", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [ + "zokrates", + "ace", + "mode", + "brace" + ], + "author": "Darko Macesic", + "license": "LGPL" +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs new file mode 100644 index 000000000..eb61ce2d8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs @@ -0,0 +1,337 @@ +#![allow(clippy::upper_case_acronyms)] // we allow uppercase acronyms because the pest derive generates WHITESPACE and COMMENT which have special meaning in pest + +extern crate pest; +#[macro_use] +extern crate pest_derive; + +use pest::error::Error; +use pest::iterators::Pairs; +use pest::Parser; + +#[derive(Parser)] +#[grammar = "zokrates.pest"] +struct ZoKratesParser; + +#[allow(clippy::result_large_err)] +pub fn parse(input: &str) -> Result, Error> { + ZoKratesParser::parse(Rule::file, input) +} + +#[cfg(test)] +mod tests { + use super::*; + use pest::*; + + mod examples { + use super::*; + + #[test] + fn examples_dir() { + use glob::glob; + use std::fs; + use std::io::Read; + // Traverse all .zok files in examples dir + for entry in + glob("../zokrates_cli/examples/**/*.zok").expect("Failed to read glob pattern") + { + match entry { + Ok(path) => { + if path.to_str().unwrap().contains("error") { + continue; + } + + println!("Parsing {:?}", path.display()); + let mut file = fs::File::open(path).unwrap(); + + let mut data = String::new(); + file.read_to_string(&mut data).unwrap(); + + assert!(ZoKratesParser::parse(Rule::file, &data).is_ok()); + } + Err(e) => panic!("{:?}", e), + } + } + } + } + + mod rules { + use super::*; + + // TODO: uncomment these tests once https://github.com/pest-parser/pest/pull/493 is resolved + + // #[test] + // fn parse_valid_identifier() { + // parses_to! { + // parser: ZoKratesParser, + // input: "valididentifier_01", + // rule: Rule::identifier, + // tokens: [ + // identifier(0, 18) + // ] + // }; + // } + + // #[test] + // fn parse_parameter_list() { + // parses_to! { + // parser: ZoKratesParser, + // input: "def foo(field[P] a) -> (field, field): return 1 + // ", + // rule: Rule::function_definition, + // tokens: [ + // function_definition(0, 54, [ + // identifier(4, 7), + // identifier(8, 9), + // identifier(11, 12), + // // parameter_list is not created (silent rule) + // parameter(14, 24, [ + // ty(14, 23, [ + // ty_array(14, 23, [ + // ty_basic_or_struct(14, 19, [ + // ty_basic(14, 19, [ + // ty_field(14, 19) + // ]) + // ]), + // expression(20, 21, [ + // term(20, 21, [ + // primary_expression(20, 21, [ + // identifier(20, 21) + // ]) + // ]) + // ]) + // ]) + // ]), + // identifier(23, 24) + // ]), + // // type_list is not created (silent rule) + // ty(30, 35, [ + // ty_basic(30, 35, [ + // ty_field(30, 35) + // ]) + // ]), + // ty(37, 42, [ + // ty_basic(37, 42, [ + // ty_field(37, 42) + // ]) + // ]), + // statement(45, 54, [ + // return_statement(45, 53, [ + // expression(52, 53, [ + // term(52, 53, [ + // primary_expression(52, 53, [ + // literal(52, 53, [ + // decimal_literal(52, 53, [ + // decimal_number(52, 53) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_single_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"a = foo::<_>(x) + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 28, [ + // definition_statement(0, 15, [ + // optionally_typed_assignee(0, 2, [ + // assignee(0, 2, [ + // identifier(0, 1) + // ]) + // ]), + // expression(4, 15, [ + // term(4, 15, [ + // postfix_expression(4, 15, [ + // identifier(4, 7), + // access(7, 15, [ + // call_access(7, 15, [ + // explicit_generics(7, 12, [ + // constant_generics_value(10, 11, [ + // underscore(10, 11) + // ]) + // ]), + // arguments(13, 14, [ + // expression(13, 14, [ + // term(13, 14, [ + // primary_expression(13, 14, [ + // identifier(13, 14) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_field_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"field a = foo() + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 28, [ + // definition_statement(0, 15, [ + // optionally_typed_assignee(0, 8, [ + // ty(0, 5, [ + // ty_basic(0, 5, [ + // ty_field(0, 5) + // ]) + // ]), + // assignee(6, 8, [ + // identifier(6, 7) + // ]) + // ]), + // expression(10, 15, [ + // term(10, 15, [ + // postfix_expression(10, 15, [ + // identifier(10, 13), + // access(13, 15, [ + // call_access(13, 15, [ + // arguments(14, 14) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_u8_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"u32 a = foo() + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 26, [ + // definition_statement(0, 13, [ + // optionally_typed_assignee(0, 6, [ + // ty(0, 3, [ + // ty_basic(0, 3, [ + // ty_u32(0, 3) + // ]) + // ]), + // assignee(4, 6, [ + // identifier(4, 5) + // ]) + // ]), + // expression(8, 13, [ + // term(8, 13, [ + // postfix_expression(8, 13, [ + // identifier(8, 11), + // access(11, 13, [ + // call_access(11, 13, [ + // arguments(12, 12) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_invalid_identifier() { + // fails_with! { + // parser: ZoKratesParser, + // input: "0_invalididentifier", + // rule: Rule::identifier, + // positives: vec![Rule::identifier], + // negatives: vec![], + // pos: 0 + // }; + // } + + // #[test] + // fn parse_struct_def() { + // parses_to! { + // parser: ZoKratesParser, + // input: "struct Foo { field foo\n field[2] bar } + // ", + // rule: Rule::ty_struct_definition, + // tokens: [ + // ty_struct_definition(0, 39, [ + // identifier(7, 10), + // struct_field(13, 22, [ + // ty(13, 18, [ + // ty_basic(13, 18, [ + // ty_field(13, 18) + // ]) + // ]), + // identifier(19, 22) + // ]), + // struct_field(24, 36, [ + // ty(24, 33, [ + // ty_array(24, 33, [ + // ty_basic_or_struct(24, 29, [ + // ty_basic(24, 29, [ + // ty_field(24, 29) + // ]) + // ]), + // expression(30, 31, [ + // term(30, 31, [ + // primary_expression(30, 31, [ + // literal(30, 31, [ + // decimal_literal(30, 31, [ + // decimal_number(30, 31) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]), + // identifier(33, 36) + // ]) + // ]) + // ] + // }; + // } + + #[test] + fn parse_invalid_identifier_because_keyword() { + fails_with! { + parser: ZoKratesParser, + input: "def", + rule: Rule::identifier, + positives: vec![Rule::identifier], + negatives: vec![], + pos: 0 + }; + } + + #[test] + fn parse_for_loop() { + let input = "for u32 i in 0..3 { c = c + a[i]; }"; + + let parse = ZoKratesParser::parse(Rule::iteration_statement, input); + assert!(parse.is_ok()); + } + } +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore new file mode 100644 index 000000000..7483f4eee --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore @@ -0,0 +1 @@ +*.tmLanguage.json \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore new file mode 100644 index 000000000..f369b5e55 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore @@ -0,0 +1,4 @@ +.vscode/** +.vscode-test/** +.gitignore +vsc-extension-quickstart.md diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md new file mode 100644 index 000000000..afef5e74c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md @@ -0,0 +1,7 @@ +## [0.0.2] - 2021-03-01 + +- Add new syntax for ZoKrates 0.7.1 + +## [0.0.1] - 2021-03-01 + +- Initial release \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md new file mode 100644 index 000000000..15f478b0c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md @@ -0,0 +1,13 @@ +# ZoKrates Syntax Highlighter + +This is a Textmate-based syntax highlighter for the [ZoKrates language](https://zokrates.github.io) in VSCode. + +## Development + +This project expect the syntax to be provided as a JSON file (see `syntaxes`). +As working with a YAML file instead is easier, it can make sense to convert to that and back. +VSCode offers a command `Convert to {JSON, YAML}-tmLanguage File` that achieves that. + +## Release process + +This extension is currently released manually to the VSCode extension marketplace. \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json new file mode 100644 index 000000000..158e13c35 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json @@ -0,0 +1,28 @@ +{ + "comments": { + // symbol used for single line comment. Remove this entry if your language does not support line comments + "lineComment": "//", + // symbols used for start and end a block comment. Remove this entry if your language does not support block comments + "blockComment": ["/*", "*/"] + }, + // symbols used as brackets + "brackets": [ + ["{", "}"], + ["[", "]"], + ["(", ")"] + ], + // symbols that are auto closed when typing + "autoClosingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""] + ], + // symbols that can be used to surround a selection + "surroundingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""] + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json new file mode 100644 index 000000000..3693426e7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json @@ -0,0 +1,36 @@ +{ + "name": "zokrates", + "displayName": "zokrates", + "description": "Syntax highlighting for the ZoKrates language", + "publisher": "zokrates", + "repository": "https://github.com/ZoKrates/ZoKrates", + "version": "0.1.0", + "engines": { + "vscode": "^1.53.0" + }, + "categories": [ + "Programming Languages" + ], + "contributes": { + "languages": [ + { + "id": "zokrates", + "aliases": [ + "ZoKrates", + "zokrates" + ], + "extensions": [ + ".zok" + ], + "configuration": "./language-configuration.json" + } + ], + "grammars": [ + { + "language": "zokrates", + "scopeName": "source.zok", + "path": "./syntaxes/zokrates.tmLanguage.json" + } + ] + } +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json new file mode 100644 index 000000000..c55cadb37 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json @@ -0,0 +1,637 @@ +{ + "$schema": "https://raw.githubusercontent.com/martinring/tmlanguage/master/tmlanguage.json", + "name": "ZoKrates", + "fileTypes": [ + "zok" + ], + "scopeName": "source.zok", + "patterns": [ + { + "comment": "attributes", + "name": "meta.attribute.zokrates", + "begin": "(#)(\\!?)(\\[)", + "beginCaptures": { + "1": { + "name": "punctuation.definition.attribute.zokrates" + }, + "2": { + "name": "keyword.operator.attribute.inner.zokrates" + }, + "3": { + "name": "punctuation.brackets.attribute.zokrates" + } + }, + "end": "\\]", + "endCaptures": { + "0": { + "name": "punctuation.brackets.attribute.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + } + ] + }, + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#types" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#variables" + } + ], + "repository": { + "comments": { + "patterns": [ + { + "comment": "line comments", + "name": "comment.line.double-slash.zokrates", + "match": "\\s*//.*" + } + ] + }, + "block-comments": { + "patterns": [ + { + "comment": "empty block comments", + "name": "comment.block.zokrates", + "match": "/\\*\\*/" + }, + { + "comment": "block comments", + "name": "comment.block.zokrates", + "begin": "/\\*(?!\\*)", + "end": "\\*/", + "patterns": [ + { + "include": "#block-comments" + } + ] + } + ] + }, + "constants": { + "patterns": [ + { + "comment": "ALL CAPS constants", + "name": "constant.other.caps.zokrates", + "match": "\\b[A-Z]{2}[A-Z0-9_]*\\b" + }, + { + "comment": "decimal integers and floats", + "name": "constant.numeric.decimal.zokrates", + "match": "\\b\\d[\\d_]*(?:u128|u16|u32|u64|u8|f)?\\b" + }, + { + "comment": "hexadecimal integers", + "name": "constant.numeric.hex.zokrates", + "match": "\\b0x[\\da-fA-F_]+\\b" + }, + { + "comment": "booleans", + "name": "constant.language.bool.zokrates", + "match": "\\b(true|false)\\b" + } + ] + }, + "imports": { + "patterns": [ + { + "comment": "explicit import statement", + "name": "meta.import.explicit.zokrates", + "match": "\\b(from)\\s+(\\\".*\\\")(import)\\s+([A-Za-z0-9_]+)\\s+((as)\\s+[A-Za-z0-9_]+)?\\b", + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#strings" + } + ] + }, + { + "comment": "main import statement", + "name": "meta.import.explicit.zokrates", + "match": "\\b(import)\\s+(\\\".*\\\")\\s+((as)\\s+[A-Za-z0-9_]+)?\\b", + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#strings" + } + ] + } + ] + }, + "constant-definitions": { + "patterns": [ + { + "comment": "constant definition", + "name": "constant.definition.zokrates", + "match": "\\b(const)\\s+([A-Za-z0-9_]+)\\s+([A-Za-z0-9_]+)\\s+=\\s+(?:.+)\\b", + "captures": { + "1": { + "name": "keyword.other.const.zokrates" + }, + "2": { + "name": "entity.name.type.zokrates" + }, + "3": { + "name": "entity.name.constant.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + } + ] + }, + "functions": { + "patterns": [ + { + "comment": "function definition", + "name": "meta.function.definition.zokrates", + "begin": "\\b(def)\\s+([A-Za-z0-9_]+)((\\()|(<))", + "beginCaptures": { + "1": { + "name": "keyword.other.def.zokrates" + }, + "2": { + "name": "entity.name.function.zokrates" + }, + "4": { + "name": "punctuation.brackets.round.zokrates" + }, + "5": { + "name": "punctuation.brackets.angle.zokrates" + } + }, + "end": "\\:|;", + "endCaptures": { + "0": { + "name": "keyword.punctuation.colon.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "function/method calls, chaining", + "name": "meta.function.call.zokrates", + "begin": "([A-Za-z0-9_]+)(\\()", + "beginCaptures": { + "1": { + "name": "entity.name.function.zokrates" + }, + "2": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "end": "\\)", + "endCaptures": { + "0": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "function/method calls with turbofish", + "name": "meta.function.call.zokrates", + "begin": "([A-Za-z0-9_]+)(?=::<.*>\\()", + "beginCaptures": { + "1": { + "name": "entity.name.function.zokrates" + } + }, + "end": "\\)", + "endCaptures": { + "0": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + } + ] + }, + "keywords": { + "patterns": [ + { + "comment": "argument visibility", + "name": "keyword.visibility.zokrates", + "match": "\\b(public|private)\\b" + }, + { + "comment": "control flow keywords", + "name": "keyword.control.zokrates", + "match": "\\b(do|else|for|do|endfor|if|then|fi|return|assert)\\b" + }, + { + "comment": "storage keywords", + "name": "storage.type.zokrates", + "match": "\\b(struct)\\b" + }, + { + "comment": "const", + "name": "keyword.other.const.zokrates", + "match": "\\bconst\\b" + }, + { + "comment": "def", + "name": "keyword.other.def.zokrates", + "match": "\\bdef\\b" + }, + { + "comment": "import keywords", + "name": "keyword.other.import.zokrates", + "match": "\\b(import|from|as)\\b" + }, + { + "comment": "logical operators", + "name": "keyword.operator.logical.zokrates", + "match": "(\\^|\\||\\|\\||&|&&|<<|>>|!)(?!=)" + }, + { + "comment": "single equal", + "name": "keyword.operator.assignment.equal.zokrates", + "match": "(?])=(?!=|>)" + }, + { + "comment": "comparison operators", + "name": "keyword.operator.comparison.zokrates", + "match": "(=(=)?(?!>)|!=|<=|(?=)" + }, + { + "comment": "math operators", + "name": "keyword.operator.math.zokrates", + "match": "(([+%]|(\\*(?!\\w)))(?!=))|(-(?!>))|(/(?!/))" + }, + { + "comment": "less than, greater than (special case)", + "match": "(?:\\b|(?:(\\))|(\\])|(\\})))[ \\t]+([<>])[ \\t]+(?:\\b|(?:(\\()|(\\[)|(\\{)))", + "captures": { + "1": { + "name": "punctuation.brackets.round.zokrates" + }, + "2": { + "name": "punctuation.brackets.square.zokrates" + }, + "3": { + "name": "punctuation.brackets.curly.zokrates" + }, + "4": { + "name": "keyword.operator.comparison.zokrates" + }, + "5": { + "name": "punctuation.brackets.round.zokrates" + }, + "6": { + "name": "punctuation.brackets.square.zokrates" + }, + "7": { + "name": "punctuation.brackets.curly.zokrates" + } + } + }, + { + "comment": "dot access", + "name": "keyword.operator.access.dot.zokrates", + "match": "\\.(?!\\.)" + }, + { + "comment": "ranges, range patterns", + "name": "keyword.operator.range.zokrates", + "match": "\\.{2}(=|\\.)?" + }, + { + "comment": "colon", + "name": "keyword.operator.colon.zokrates", + "match": ":(?!:)" + }, + { + "comment": "dashrocket, skinny arrow", + "name": "keyword.operator.arrow.skinny.zokrates", + "match": "->" + } + ] + }, + "types": { + "patterns": [ + { + "comment": "numeric types", + "match": "(?", + "endCaptures": { + "0": { + "name": "punctuation.brackets.angle.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "primitive types", + "name": "entity.name.type.primitive.zokrates", + "match": "\\b(bool)\\b" + }, + { + "comment": "struct declarations", + "match": "\\b(struct)\\s+([A-Z][A-Za-z0-9]*)\\b", + "captures": { + "1": { + "name": "storage.type.zokrates" + }, + "2": { + "name": "entity.name.type.struct.zokrates" + } + } + }, + { + "comment": "types", + "name": "entity.name.type.zokrates", + "match": "\\b[A-Z][A-Za-z0-9]*\\b(?!!)" + } + ] + }, + "punctuation": { + "patterns": [ + { + "comment": "comma", + "name": "punctuation.comma.zokrates", + "match": "," + }, + { + "comment": "parentheses, round brackets", + "name": "punctuation.brackets.round.zokrates", + "match": "[()]" + }, + { + "comment": "square brackets", + "name": "punctuation.brackets.square.zokrates", + "match": "[\\[\\]]" + }, + { + "comment": "angle brackets", + "name": "punctuation.brackets.angle.zokrates", + "match": "(?]" + } + ] + }, + "strings": { + "patterns": [ + { + "comment": "double-quoted strings and byte strings", + "name": "string.quoted.double.zokrates", + "begin": "(b?)(\")", + "beginCaptures": { + "1": { + "name": "string.quoted.byte.raw.zokrates" + }, + "2": { + "name": "punctuation.definition.string.zokrates" + } + }, + "end": "\"", + "endCaptures": { + "0": { + "name": "punctuation.definition.string.zokrates" + } + } + }, + { + "comment": "double-quoted raw strings and raw byte strings", + "name": "string.quoted.double.zokrates", + "begin": "(b?r)(#*)(\")", + "beginCaptures": { + "1": { + "name": "string.quoted.byte.raw.zokrates" + }, + "2": { + "name": "punctuation.definition.string.raw.zokrates" + }, + "3": { + "name": "punctuation.definition.string.zokrates" + } + }, + "end": "(\")(\\2)", + "endCaptures": { + "1": { + "name": "punctuation.definition.string.zokrates" + }, + "2": { + "name": "punctuation.definition.string.raw.zokrates" + } + } + } + ] + }, + "variables": { + "patterns": [ + { + "comment": "variables", + "name": "variable.other.zokrates", + "match": "\\b(?\()' + beginCaptures: + '1': {name: entity.name.function.zokrates} + end: \) + endCaptures: + '0': {name: punctuation.brackets.round.zokrates} + patterns: + - {include: '#block-comments'} + - {include: '#comments'} + - {include: '#keywords'} + - {include: '#constants'} + - {include: '#functions'} + - {include: '#punctuation'} + - {include: '#strings'} + - {include: '#types'} + - {include: '#variables'} + keywords: + patterns: + - + comment: 'argument visibility' + name: keyword.visibility.zokrates + match: \b(public|private)\b + - + comment: 'control flow keywords' + name: keyword.control.zokrates + match: \b(for|in|if|else|return|assert|log)\b + - + comment: 'storage keywords' + name: storage.type.zokrates + match: \b(struct)\b + - + comment: 'const keyword' + name: keyword.other.const.zokrates + match: \b(const)\b + - + comment: 'type keyword' + name: keyword.other.type.zokrates + match: \b(type)\b + - + comment: 'def keyword' + name: keyword.other.def.zokrates + match: \b(def)\b + - + comment: 'import keywords' + name: keyword.other.import.zokrates + match: \b(import|from|as)\b + - + comment: 'logical operators' + name: keyword.operator.logical.zokrates + match: '(\^|\||\|\||&|&&|<<|>>|!)(?!=)' + - + comment: 'mut' + name: "storage.modifier.mut.zokrates" + match: \b(mut)\b + - + comment: 'single equal' + name: keyword.operator.assignment.equal.zokrates + match: '(?])=(?!=|>)' + - + comment: 'comparison operators' + name: keyword.operator.comparison.zokrates + match: '(=(=)?(?!>)|!=|<=|(?=)' + - + comment: 'math operators' + name: keyword.operator.math.zokrates + match: '(([+%]|(\*(?!\w)))(?!=))|(-(?!>))|(/(?!/))' + - + comment: 'less than, greater than (special case)' + match: '(?:\b|(?:(\))|(\])|(\})))[ \t]+([<>])[ \t]+(?:\b|(?:(\()|(\[)|(\{)))' + captures: + '1': {name: punctuation.brackets.round.zokrates} + '2': {name: punctuation.brackets.square.zokrates} + '3': {name: punctuation.brackets.curly.zokrates} + '4': {name: keyword.operator.comparison.zokrates} + '5': {name: punctuation.brackets.round.zokrates} + '6': {name: punctuation.brackets.square.zokrates} + '7': {name: punctuation.brackets.curly.zokrates} + - + comment: 'dot access' + name: keyword.operator.access.dot.zokrates + match: '\.(?!\.)' + - + comment: 'ranges, range patterns' + name: keyword.operator.range.zokrates + match: '\.{2}(=|\.)?' + - + comment: colon + name: keyword.operator.colon.zokrates + match: ':(?!:)' + - + comment: 'dashrocket, skinny arrow' + name: keyword.operator.arrow.skinny.zokrates + match: '->' + types: + patterns: + - + comment: 'numeric types' + match: '(?' + endCaptures: + '0': {name: punctuation.brackets.angle.zokrates} + patterns: + - {include: '#block-comments'} + - {include: '#comments'} + - {include: '#keywords'} + - {include: '#punctuation'} + - {include: '#types'} + - {include: '#variables'} + - + comment: 'primitive types' + name: entity.name.type.primitive.zokrates + match: \b(bool)\b + - + comment: 'struct declarations' + match: '\b(struct)\s+([A-Z][A-Za-z0-9]*)\b' + captures: + '1': {name: storage.type.zokrates} + '2': {name: entity.name.type.struct.zokrates} + - + comment: types + name: entity.name.type.zokrates + match: '\b[A-Z][A-Za-z0-9]*\b(?!!)' + punctuation: + patterns: + - + comment: comma + name: punctuation.comma.zokrates + match: ',' + - + comment: 'curly braces' + name: punctuation.brackets.curly.zokrates + match: '[{}]' + - + comment: 'parentheses, round brackets' + name: punctuation.brackets.round.zokrates + match: '[()]' + - + comment: 'semicolon' + name: punctuation.semi.zokrates + match: ';' + - + comment: 'square brackets' + name: punctuation.brackets.square.zokrates + match: '[\[\]]' + - + comment: 'angle brackets' + name: punctuation.brackets.angle.zokrates + match: '(?]' + strings: + patterns: + - + comment: 'double-quoted strings and byte strings' + name: string.quoted.double.zokrates + begin: '(b?)(")' + beginCaptures: + '1': {name: string.quoted.byte.raw.zokrates} + '2': {name: punctuation.definition.string.zokrates} + end: '"' + endCaptures: + '0': {name: punctuation.definition.string.zokrates} + - + comment: 'double-quoted raw strings and raw byte strings' + name: string.quoted.double.zokrates + begin: '(b?r)(#*)(")' + beginCaptures: + '1': {name: string.quoted.byte.raw.zokrates} + '2': {name: punctuation.definition.string.raw.zokrates} + '3': {name: punctuation.definition.string.zokrates} + end: '(")(\2)' + endCaptures: + '1': {name: punctuation.definition.string.zokrates} + '2': {name: punctuation.definition.string.raw.zokrates} + variables: + patterns: + - + comment: variables + name: variable.other.zokrates + match: '\b(?" ~ ty)? ~ block_statement } +const_definition = {"const" ~ typed_identifier ~ "=" ~ expression } +type_definition = {"type" ~ identifier ~ constant_generics_declaration? ~ "=" ~ ty } +constant_generics_declaration = _{ "<" ~ constant_generics_list ~ ">" } +constant_generics_list = _{ identifier ~ ("," ~ identifier)* } + +parameter_list = _{(parameter ~ ("," ~ parameter)*)?} +parameter = { vis? ~ ty ~ _mut? ~ identifier } + +// basic types +ty_field = {"field"} +ty_bool = {"bool"} +ty_u8 = {"u8"} +ty_u16 = {"u16"} +ty_u32 = {"u32"} +ty_u64 = {"u64"} +ty_basic = { ty_field | ty_bool | ty_u8 | ty_u16 | ty_u32 | ty_u64 } +ty_basic_or_struct_or_tuple = { ty_basic | ty_struct | ty_tuple } +ty_array = { ty_basic_or_struct_or_tuple ~ ("[" ~ expression ~ "]")+ } +ty = { ty_array | ty_basic | ty_struct | ty_tuple } +// tuples +ty_tuple = { "(" ~ (ty_tuple_multiple_inner | ty_tuple_single_inner | ty_tuple_empty_inner ) ~ ")" } +ty_tuple_empty_inner = _{ "" } +ty_tuple_single_inner = _{ ty ~ "," } +ty_tuple_multiple_inner = _{ ty ~ ("," ~ ty)+ ~ ","? } +// structs +ty_struct = { identifier ~ explicit_generics? } +// type definitions +ty_struct_definition = { "struct" ~ identifier ~ constant_generics_declaration? ~ "{" ~ struct_field_list ~ "}" } +struct_field_list = _{ (struct_field ~ semicolon)* } +struct_field = { typed_identifier } + +vis_private = {"private"} +vis_public = {"public"} +vis = { vis_private | vis_public } +_mut = {"mut"} + + +// Statements +statement = { (iteration_statement | asm_statement // does not require semicolon + | ((log_statement + |return_statement + | definition_statement + | assertion_statement + ) ~ semicolon)) } + +log_statement = { "log" ~ "(" ~ quoted_string ~ "," ~ expression_list ~ ")"} +block_statement = _{ "{" ~ statement* ~ "}" } +iteration_statement = { "for" ~ typed_identifier ~ "in" ~ expression ~ ".." ~ expression ~ block_statement } +return_statement = { "return" ~ expression? } +definition_statement = { typed_identifier_or_assignee ~ "=" ~ expression } +assertion_statement = {"assert" ~ "(" ~ expression ~ ("," ~ quoted_string)? ~ ")"} + +op_asm_assign = @{"<--"} +op_asm_assign_constrain = @{"<=="} +op_asm = { op_asm_assign | op_asm_assign_constrain } + +asm_assignment = { assignee ~ op_asm ~ expression } +asm_constraint = { expression ~ "===" ~ expression } + +asm_statement_inner = { (asm_assignment | asm_constraint) ~ semicolon } +asm_statement = { "asm" ~ "{" ~ NEWLINE* ~ asm_statement_inner* ~ NEWLINE* ~ "}" } + +typed_identifier_or_assignee = { typed_identifier | assignee } + +// Expressions +expression_list = _{(expression ~ ("," ~ expression)*)?} + +expression = { unaried_term ~ (op_binary ~ unaried_term)* } +unaried_term = { op_unary? ~ powered_term } +powered_term = { postfixed_term ~ (op_pow ~ exponent_expression)? } +postfixed_term = { term ~ access* } +term = { ("(" ~ expression ~ ")") | inline_tuple_expression | inline_struct_expression | if_else_expression | primary_expression | inline_array_expression | array_initializer_expression } +spread = { "..." ~ expression } +range = { from_expression? ~ ".." ~ to_expression? } +from_expression = { expression } +to_expression = { expression } + +inline_tuple_expression = { "(" ~ (inline_tuple_multiple_expression_inner | inline_tuple_single_expression_inner | inline_tuple_empty_expression_inner) ~ ")" } +inline_tuple_empty_expression_inner = _{ "" } +inline_tuple_single_expression_inner = _{ expression ~ "," } +inline_tuple_multiple_expression_inner = _{ expression ~ ("," ~ expression)+ ~ ","? } + +block_expression = _{ "{" ~ statement* ~ expression ~ "}" } +if_else_expression = { "if" ~ expression ~ block_expression ~ "else" ~ block_expression } + +access = { array_access | call_access | dot_access } +array_access = { "[" ~ range_or_expression ~ "]" } +call_access = { ("::" ~ explicit_generics)? ~ "(" ~ arguments ~ ")" } +arguments = { expression_list } +explicit_generics = { "<" ~ constant_generics_values ~ ">" } +constant_generics_values = _{ constant_generics_value ~ ("," ~ constant_generics_value)* } +constant_generics_value = { literal | identifier | underscore } +underscore = { "_" } +dot_access = { "." ~ identifier_or_decimal } +identifier_or_decimal = { identifier | decimal_number } + +primary_expression = { identifier | literal } + +inline_struct_expression = { identifier ~ "{" ~ inline_struct_member_list ~ "}" } +inline_struct_member_list = _{(inline_struct_member ~ ("," ~ inline_struct_member)*)? ~ ","? } +inline_struct_member = { identifier ~ ":" ~ expression } + +inline_array_expression = { "[" ~ inline_array_inner ~ "]" } +inline_array_inner = _{(spread_or_expression ~ ("," ~ spread_or_expression)*)?} +spread_or_expression = { spread | expression } +range_or_expression = { range | expression } + +exponent_expression = { "(" ~ expression ~ ")" | primary_expression } +array_initializer_expression = { "[" ~ expression ~ semicolon ~ expression ~ "]" } + +// End Expressions + + +typed_identifier = { ty ~ _mut? ~ identifier } +assignee = { identifier ~ assignee_access* } +assignee_access = { array_access | dot_access } +identifier = @{ ((!keyword ~ ASCII_ALPHA) | (keyword ~ (ASCII_ALPHANUMERIC | "_"))) ~ (ASCII_ALPHANUMERIC | "_")* } + +// Literals for all types + +literal = { hex_literal | decimal_literal | boolean_literal } + +decimal_literal = ${ decimal_number ~ ("_"? ~ decimal_suffix)? } +decimal_number = @{ "0" | ASCII_NONZERO_DIGIT ~ ASCII_DIGIT* } +decimal_suffix = { decimal_suffix_u8 | decimal_suffix_u16 | decimal_suffix_u32 | decimal_suffix_u64 | decimal_suffix_field } +decimal_suffix_u8 = { "u8" } +decimal_suffix_u16 = { "u16" } +decimal_suffix_u32 = { "u32" } +decimal_suffix_u64 = { "u64" } +decimal_suffix_field = { "f" } + +boolean_literal = { "true" | "false" } + +hex_literal = !{ "0x" ~ hex_number } +hex_number = { hex_number_u64 | hex_number_u32 | hex_number_u16 | hex_number_u8 } +hex_number_u8 = { ASCII_HEX_DIGIT{2} } +hex_number_u16 = { ASCII_HEX_DIGIT{4} } +hex_number_u32 = { ASCII_HEX_DIGIT{8} } +hex_number_u64 = { ASCII_HEX_DIGIT{16} } + +// Operators + +op_or = @{"||"} +op_and = @{"&&"} +op_bit_xor = {"^"} +op_bit_and = {"&"} +op_bit_or = {"|"} +op_equal = @{"=="} +op_not_equal = @{"!="} +op_lt = {"<"} +op_lte = @{"<="} +op_gt = {">"} +op_gte = @{">="} +op_add = {"+"} +op_sub = {"-"} +op_mul = {"*"} +op_div = {"/"} +op_rem = {"%"} +op_pow = @{"**"} +op_not = {"!"} +op_neg = {"-"} +op_pos = {"+"} +op_left_shift = @{"<<"} +op_right_shift = @{">>"} +op_ternary = {"?" ~ expression ~ ":"} + +// `op_pow` is *not* in `op_binary` because its precedence is handled in this parser rather than down the line in precedence climbing +op_binary = _ { op_or | op_and | op_bit_xor | op_bit_and | op_bit_or | op_left_shift | op_right_shift | op_equal | op_not_equal | op_lte | op_lt | op_gte | op_gt | op_add | op_sub | op_mul | op_div | op_rem | op_ternary } +op_unary = { op_pos | op_neg | op_not } + +WHITESPACE = _{ " " | "\t" | "\\" | COMMENT | NEWLINE } +COMMENT = _{ ("/*" ~ (!"*/" ~ ANY)* ~ "*/") | ("//" ~ (!NEWLINE ~ ANY)*) } + +// the ordering of reserved keywords matters: if "as" is before "assert", then "assert" gets parsed as (as)(sert) and incorrectly +// accepted +keyword = @{ + "log"|"assert"|"as"|"bool"|"const"|"def"|"else"|"false"|"field"|"for"|"if"|"import"|"from"| + "in"|"mut"|"private"|"public"|"return"|"struct"|"true"|"type"|"u8"|"u16"|"u32"|"u64" +} diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock new file mode 100644 index 000000000..1a309f7de --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock @@ -0,0 +1,440 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "autocfg" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" + +[[package]] +name = "backtrace" +version = "0.3.63" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "block-buffer" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +dependencies = [ + "block-padding", + "byte-tools", + "byteorder", + "generic-array", +] + +[[package]] +name = "block-padding" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +dependencies = [ + "byte-tools", +] + +[[package]] +name = "byte-tools" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cc" +version = "1.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "digest" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "either" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" + +[[package]] +name = "failure" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" +dependencies = [ + "backtrace", + "failure_derive", +] + +[[package]] +name = "failure_derive" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", + "synstructure", +] + +[[package]] +name = "fake-simd" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" + +[[package]] +name = "from-pest" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aba9389cedcba1fb3a2aa2ed00f584f2606bce8e0106614a17327a24513bc60f" +dependencies = [ + "pest", + "void", +] + +[[package]] +name = "generic-array" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd" +dependencies = [ + "typenum", +] + +[[package]] +name = "gimli" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" + +[[package]] +name = "glob" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" + +[[package]] +name = "itertools" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" +dependencies = [ + "either", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.107" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbe5e23404da5b4f555ef85ebed98fb4083e55a00c317800bc2a50ede9f3d219" + +[[package]] +name = "maplit" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" + +[[package]] +name = "memchr" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" + +[[package]] +name = "miniz_oxide" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b" +dependencies = [ + "adler", + "autocfg", +] + +[[package]] +name = "object" +version = "0.27.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9" +dependencies = [ + "memchr", +] + +[[package]] +name = "opaque-debug" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" + +[[package]] +name = "pest" +version = "2.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ab62d2fa33726dbe6321cc97ef96d8cde531e3eeaf858a058de53a8a6d40d8f" +dependencies = [ + "thiserror", + "ucd-trie", +] + +[[package]] +name = "pest-ast" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fbf404899169771dd6a32c84248b83cd67a26cc7cc957aac87661490e1227e4" +dependencies = [ + "itertools", + "proc-macro2 0.4.30", + "quote 0.6.13", + "single", + "syn 0.15.44", +] + +[[package]] +name = "pest_derive" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", +] + +[[package]] +name = "pest_meta" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" +dependencies = [ + "maplit", + "pest", + "sha-1", +] + +[[package]] +name = "proc-macro2" +version = "0.4.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" +dependencies = [ + "unicode-xid 0.1.0", +] + +[[package]] +name = "proc-macro2" +version = "1.0.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +dependencies = [ + "unicode-xid 0.2.2", +] + +[[package]] +name = "quote" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" +dependencies = [ + "proc-macro2 0.4.30", +] + +[[package]] +name = "quote" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05" +dependencies = [ + "proc-macro2 1.0.32", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" + +[[package]] +name = "sha-1" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "single" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd5add732a1ab689845591a1b50339cf5310b563e08dc5813c65991f30369ea2" +dependencies = [ + "failure", +] + +[[package]] +name = "syn" +version = "0.15.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" +dependencies = [ + "proc-macro2 0.4.30", + "quote 0.6.13", + "unicode-xid 0.1.0", +] + +[[package]] +name = "syn" +version = "1.0.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2afee18b8beb5a596ecb4a2dce128c719b4ba399d34126b9e4396e3f9860966" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "unicode-xid 0.2.2", +] + +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", + "unicode-xid 0.2.2", +] + +[[package]] +name = "thiserror" +version = "1.0.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", +] + +[[package]] +name = "typenum" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" + +[[package]] +name = "ucd-trie" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" + +[[package]] +name = "unicode-xid" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "void" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" + +[[package]] +name = "zokrates_parser" +version = "0.2.4" +dependencies = [ + "pest", + "pest_derive", +] + +[[package]] +name = "zokrates_pest_ast" +version = "0.2.3" +dependencies = [ + "from-pest", + "glob", + "lazy_static", + "pest", + "pest-ast", + "zokrates_parser", +] diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml new file mode 100644 index 000000000..025891085 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "zokrates_pest_ast" +version = "0.3.3" +authors = ["schaeff "] +edition = "2018" + +[dependencies] +zokrates_parser = { version = "0.3.0", path = "../zokrates_parser" } +pest = "=2.4" +pest-ast = "=0.3.3" +from-pest = "0.3.1" +lazy_static = "1.3.0" + +[dev-dependencies] +glob = "0.2" diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/README.md b/third_party/ZoKratesCurly/zokrates_pest_ast/README.md new file mode 100644 index 000000000..a572d275f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/README.md @@ -0,0 +1,3 @@ +# zokrates_pest_ast + +ZoKrates AST generation based on pest output. \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs new file mode 100644 index 000000000..c3bbe8cfd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs @@ -0,0 +1,1563 @@ +// disable a clippy lint as pest_ast generates improper code +#![allow(clippy::clone_on_copy)] + +use from_pest::FromPest; +use pest::error::Error as PestError; +use pest::iterators::Pairs; +use std::fmt; +use zokrates_parser::parse; +use zokrates_parser::Rule; +#[macro_use] +extern crate lazy_static; + +pub use ast::{ + Access, Arguments, ArrayAccess, ArrayInitializerExpression, ArrayType, AssemblyStatement, + AssemblyStatementInner, AssertionStatement, Assignee, AssigneeAccess, AssignmentOperator, + BasicOrStructOrTupleType, BasicType, BinaryExpression, BinaryOperator, CallAccess, + ConstantDefinition, ConstantGenericValue, DecimalLiteralExpression, DecimalNumber, + DecimalSuffix, DefinitionStatement, ExplicitGenerics, Expression, FieldType, File, + FromExpression, FunctionDefinition, HexLiteralExpression, HexNumberExpression, + IdentifierExpression, IdentifierOrDecimal, IfElseExpression, ImportDirective, ImportSymbol, + InlineArrayExpression, InlineStructExpression, InlineStructMember, InlineTupleExpression, + IterationStatement, LiteralExpression, LogStatement, Parameter, PostfixExpression, Range, + RangeOrExpression, ReturnStatement, Span, Spread, SpreadOrExpression, Statement, + StructDefinition, StructField, SymbolDeclaration, TernaryExpression, ToExpression, Type, + TypeDefinition, TypedIdentifier, TypedIdentifierOrAssignee, UnaryExpression, UnaryOperator, + Underscore, Visibility, Pragma, Curve, EOI, MainImportDirective, FromImportDirective, + RawString, PublicVisibility, PrivateVisibility, BooleanType, U8Type, U16Type, U32Type, U64Type, + StructType, TupleType, U8Suffix, U16Suffix, U32Suffix, U64Suffix, FieldSuffix, + BooleanLiteralExpression, U8NumberExpression, U16NumberExpression, U32NumberExpression, U64NumberExpression, + PosOperator, NegOperator, NotOperator, DotAccess, AssemblyAssignment, AssemblyConstraint, + AssignOperator, AssignConstrainOperator +}; + +mod ast { + use from_pest::ConversionError; + use from_pest::FromPest; + use from_pest::Void; + use pest::iterators::{Pair, Pairs}; + use pest::prec_climber::{Assoc, Operator, PrecClimber}; + pub use pest::Span; + use pest_ast::FromPest; + use zokrates_parser::Rule; + + lazy_static! { + static ref PREC_CLIMBER: PrecClimber = build_precedence_climber(); + } + + // based on https://docs.python.org/3/reference/expressions.html#operator-precedence + fn build_precedence_climber() -> PrecClimber { + PrecClimber::new(vec![ + Operator::new(Rule::op_ternary, Assoc::Right), + Operator::new(Rule::op_or, Assoc::Left), + Operator::new(Rule::op_and, Assoc::Left), + Operator::new(Rule::op_lt, Assoc::Left) + | Operator::new(Rule::op_lte, Assoc::Left) + | Operator::new(Rule::op_gt, Assoc::Left) + | Operator::new(Rule::op_gte, Assoc::Left) + | Operator::new(Rule::op_not_equal, Assoc::Left) + | Operator::new(Rule::op_equal, Assoc::Left), + Operator::new(Rule::op_bit_or, Assoc::Left), + Operator::new(Rule::op_bit_xor, Assoc::Left), + Operator::new(Rule::op_bit_and, Assoc::Left), + Operator::new(Rule::op_left_shift, Assoc::Left) + | Operator::new(Rule::op_right_shift, Assoc::Left), + Operator::new(Rule::op_add, Assoc::Left) | Operator::new(Rule::op_sub, Assoc::Left), + Operator::new(Rule::op_mul, Assoc::Left) + | Operator::new(Rule::op_div, Assoc::Left) + | Operator::new(Rule::op_rem, Assoc::Left), + ]) + } + + // Create an Expression from left and right terms and an operator + // Precondition: `pair` MUST be a binary operator + fn infix_rule<'ast>( + lhs: Box>, + pair: Pair<'ast, Rule>, + rhs: Box>, + ) -> Box> { + // a + b spans from the start of a to the end of b + let (start, _) = lhs.span().split(); + let (_, end) = rhs.span().split(); + let span = start.span(&end); + + Box::new(match pair.as_rule() { + Rule::op_add => Expression::binary(BinaryOperator::Add, lhs, rhs, span), + Rule::op_sub => Expression::binary(BinaryOperator::Sub, lhs, rhs, span), + Rule::op_mul => Expression::binary(BinaryOperator::Mul, lhs, rhs, span), + Rule::op_div => Expression::binary(BinaryOperator::Div, lhs, rhs, span), + Rule::op_rem => Expression::binary(BinaryOperator::Rem, lhs, rhs, span), + Rule::op_equal => Expression::binary(BinaryOperator::Eq, lhs, rhs, span), + Rule::op_not_equal => Expression::binary(BinaryOperator::NotEq, lhs, rhs, span), + Rule::op_lte => Expression::binary(BinaryOperator::Lte, lhs, rhs, span), + Rule::op_lt => Expression::binary(BinaryOperator::Lt, lhs, rhs, span), + Rule::op_gte => Expression::binary(BinaryOperator::Gte, lhs, rhs, span), + Rule::op_gt => Expression::binary(BinaryOperator::Gt, lhs, rhs, span), + Rule::op_or => Expression::binary(BinaryOperator::Or, lhs, rhs, span), + Rule::op_and => Expression::binary(BinaryOperator::And, lhs, rhs, span), + Rule::op_bit_xor => Expression::binary(BinaryOperator::BitXor, lhs, rhs, span), + Rule::op_bit_and => Expression::binary(BinaryOperator::BitAnd, lhs, rhs, span), + Rule::op_bit_or => Expression::binary(BinaryOperator::BitOr, lhs, rhs, span), + Rule::op_right_shift => Expression::binary(BinaryOperator::RightShift, lhs, rhs, span), + Rule::op_left_shift => Expression::binary(BinaryOperator::LeftShift, lhs, rhs, span), + Rule::op_ternary => Expression::ternary( + lhs, + Box::new(Expression::from_pest(&mut pair.into_inner()).unwrap()), + rhs, + span, + ), + _ => unreachable!(), + }) + } + + // Create an Expression from an `expression`. `build_factor` turns each term into an `Expression` and `infix_rule` turns each (Expression, operator, Expression) into an Expression + pub fn climb(pair: Pair) -> Box { + PREC_CLIMBER.climb(pair.into_inner(), build_factor, infix_rule) + } + + // Create an Expression from a `unaried_term`. + // Precondition: `pair` MUST be a `unaried_term` + fn build_factor(pair: Pair) -> Box { + Box::new(Expression::from( + UnariedTerm::from_pest(&mut Pairs::single(pair)).unwrap(), + )) + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::file))] + pub struct File<'ast> { + pub pragma: Option>, + pub declarations: Vec>, + pub eoi: EOI, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::pragma))] + pub struct Pragma<'ast> { + pub curve: Curve<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::curve))] + pub struct Curve<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub name: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::symbol_declaration))] + pub enum SymbolDeclaration<'ast> { + Import(ImportDirective<'ast>), + Constant(ConstantDefinition<'ast>), + Struct(StructDefinition<'ast>), + Type(TypeDefinition<'ast>), + Function(FunctionDefinition<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_struct_definition))] + pub struct StructDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub fields: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::struct_field))] + pub struct StructField<'ast> { + pub id: TypedIdentifier<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::function_definition))] + pub struct FunctionDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub parameters: Vec>, + pub return_type: Option>, + pub statements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::const_definition))] + pub struct ConstantDefinition<'ast> { + pub id: TypedIdentifier<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::type_definition))] + pub struct TypeDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub ty: Type<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::import_directive))] + pub enum ImportDirective<'ast> { + Main(MainImportDirective<'ast>), + From(FromImportDirective<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::main_import_directive))] + pub struct MainImportDirective<'ast> { + pub source: QString<'ast>, + pub alias: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::import_symbol))] + pub struct ImportSymbol<'ast> { + pub id: IdentifierExpression<'ast>, + pub alias: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::from_import_directive))] + pub struct FromImportDirective<'ast> { + pub source: QString<'ast>, + pub symbols: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty))] + pub enum Type<'ast> { + Basic(BasicType<'ast>), + Array(ArrayType<'ast>), + Struct(StructType<'ast>), + Tuple(TupleType<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_basic))] + pub enum BasicType<'ast> { + Field(FieldType<'ast>), + Boolean(BooleanType<'ast>), + U8(U8Type<'ast>), + U16(U16Type<'ast>), + U32(U32Type<'ast>), + U64(U64Type<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_field))] + pub struct FieldType<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_array))] + pub struct ArrayType<'ast> { + pub ty: BasicOrStructOrTupleType<'ast>, + pub dimensions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_basic_or_struct_or_tuple))] + pub enum BasicOrStructOrTupleType<'ast> { + Struct(StructType<'ast>), + Basic(BasicType<'ast>), + Tuple(TupleType<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_bool))] + pub struct BooleanType<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_u8))] + pub struct U8Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_u16))] + pub struct U16Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_u32))] + pub struct U32Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_u64))] + pub struct U64Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::ty_struct))] + pub struct StructType<'ast> { + pub id: IdentifierExpression<'ast>, + pub explicit_generics: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_tuple))] + pub struct TupleType<'ast> { + pub elements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::parameter))] + pub struct Parameter<'ast> { + pub visibility: Option, + pub ty: Type<'ast>, + pub mutable: Option, + pub id: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::vis))] + pub enum Visibility { + Public(PublicVisibility), + Private(PrivateVisibility), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::vis_public))] + pub struct PublicVisibility {} + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::vis_private))] + pub struct PrivateVisibility {} + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::statement))] + pub enum Statement<'ast> { + Return(ReturnStatement<'ast>), + Definition(DefinitionStatement<'ast>), + Assertion(AssertionStatement<'ast>), + Iteration(IterationStatement<'ast>), + Log(LogStatement<'ast>), + Assembly(AssemblyStatement<'ast>), + } + + impl<'ast> Statement<'ast> { + pub fn span(&self) -> &Span<'ast> { + match self { + Statement::Return(x) => &x.span, + Statement::Definition(x) => &x.span, + Statement::Assertion(x) => &x.span, + Statement::Iteration(x) => &x.span, + Statement::Log(x) => &x.span, + Statement::Assembly(x) => &x.span, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::log_statement))] + pub struct LogStatement<'ast> { + pub format_string: QString<'ast>, + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::definition_statement))] + pub struct DefinitionStatement<'ast> { + pub lhs: TypedIdentifierOrAssignee<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::string))] + pub struct RawString<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::quoted_string))] + pub struct QString<'ast> { + pub raw: RawString<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::assertion_statement))] + pub struct AssertionStatement<'ast> { + pub expression: Expression<'ast>, + pub message: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::iteration_statement))] + pub struct IterationStatement<'ast> { + pub index: TypedIdentifier<'ast>, + pub from: Expression<'ast>, + pub to: Expression<'ast>, + pub statements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::return_statement))] + pub struct ReturnStatement<'ast> { + pub expression: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm))] + pub enum AssignmentOperator { + Assign(AssignOperator), + AssignConstrain(AssignConstrainOperator), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm_assign))] + pub struct AssignOperator; + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm_assign_constrain))] + pub struct AssignConstrainOperator; + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_assignment))] + pub struct AssemblyAssignment<'ast> { + pub assignee: Assignee<'ast>, + pub operator: AssignmentOperator, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_constraint))] + pub struct AssemblyConstraint<'ast> { + pub lhs: Expression<'ast>, + pub rhs: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_statement_inner))] + pub enum AssemblyStatementInner<'ast> { + Assignment(AssemblyAssignment<'ast>), + Constraint(AssemblyConstraint<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_statement))] + pub struct AssemblyStatement<'ast> { + pub inner: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Eq, Clone)] + pub enum BinaryOperator { + BitXor, + BitAnd, + BitOr, + RightShift, + LeftShift, + Or, + And, + Add, + Sub, + Mul, + Div, + Rem, + Eq, + NotEq, + Lt, + Gt, + Lte, + Gte, + Pow, + } + + #[derive(Debug, PartialEq, Clone)] + pub enum Expression<'ast> { + Ternary(TernaryExpression<'ast>), + IfElse(IfElseExpression<'ast>), + Binary(BinaryExpression<'ast>), + Unary(UnaryExpression<'ast>), + Postfix(PostfixExpression<'ast>), + Identifier(IdentifierExpression<'ast>), + Literal(LiteralExpression<'ast>), + InlineArray(InlineArrayExpression<'ast>), + InlineStruct(InlineStructExpression<'ast>), + InlineTuple(InlineTupleExpression<'ast>), + ArrayInitializer(ArrayInitializerExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::term))] + pub enum Term<'ast> { + Expression(Expression<'ast>), + InlineStruct(InlineStructExpression<'ast>), + IfElse(IfElseExpression<'ast>), + Primary(PrimaryExpression<'ast>), + InlineArray(InlineArrayExpression<'ast>), + InlineTuple(InlineTupleExpression<'ast>), + ArrayInitializer(ArrayInitializerExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::postfixed_term))] + pub struct PostfixedTerm<'ast> { + pub base: Term<'ast>, + pub accesses: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, Clone, PartialEq)] + pub struct PostfixExpression<'ast> { + pub base: Box>, + pub accesses: Vec>, + pub span: Span<'ast>, + } + + impl<'ast> From> for Expression<'ast> { + fn from(t: PostfixedTerm<'ast>) -> Self { + let base = Expression::from(t.base); + let accesses = t.accesses; + if accesses.is_empty() { + base + } else { + Expression::Postfix(PostfixExpression { + base: Box::new(base), + accesses, + span: t.span, + }) + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::powered_term))] + struct PoweredTerm<'ast> { + base: PostfixedTerm<'ast>, + op: Option, + exponent: Option>, + #[pest_ast(outer())] + span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_pow))] + struct PowOperator; + + impl<'ast> From> for Expression<'ast> { + fn from(t: PoweredTerm<'ast>) -> Self { + let base = Expression::from(t.base); + + match t.exponent { + Some(exponent) => Expression::Binary(BinaryExpression { + op: BinaryOperator::Pow, + left: Box::new(base), + right: Box::new(exponent.into()), + span: t.span, + }), + None => base, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::unaried_term))] + struct UnariedTerm<'ast> { + op: Option, + expression: PoweredTerm<'ast>, + #[pest_ast(outer())] + span: Span<'ast>, + } + + impl<'ast> From> for Expression<'ast> { + fn from(t: UnariedTerm<'ast>) -> Self { + let expression = Expression::from(t.expression); + + match t.op { + Some(sign) => Expression::Unary(UnaryExpression { + op: sign, + expression: Box::new(expression), + span: t.span, + }), + None => expression, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_unary))] + pub enum UnaryOperator { + Pos(PosOperator), + Neg(NegOperator), + Not(NotOperator), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_pos))] + pub struct PosOperator; + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_neg))] + pub struct NegOperator; + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_not))] + pub struct NotOperator; + + impl<'ast> From> for Expression<'ast> { + fn from(t: Term<'ast>) -> Self { + match t { + Term::Expression(e) => e, + Term::IfElse(e) => Expression::IfElse(e), + Term::Primary(e) => e.into(), + Term::InlineArray(e) => Expression::InlineArray(e), + Term::InlineTuple(e) => Expression::InlineTuple(e), + Term::InlineStruct(e) => Expression::InlineStruct(e), + Term::ArrayInitializer(e) => Expression::ArrayInitializer(e), + } + } + } + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::primary_expression))] + pub enum PrimaryExpression<'ast> { + Identifier(IdentifierExpression<'ast>), + Literal(LiteralExpression<'ast>), + } + + impl<'ast> From> for Expression<'ast> { + fn from(e: PrimaryExpression<'ast>) -> Self { + match e { + PrimaryExpression::Literal(c) => Expression::Literal(c), + PrimaryExpression::Identifier(i) => Expression::Identifier(i), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::exponent_expression))] + pub enum ExponentExpression<'ast> { + Expression(Expression<'ast>), + Primary(PrimaryExpression<'ast>), + } + + impl<'ast> From> for Expression<'ast> { + fn from(e: ExponentExpression<'ast>) -> Self { + match e { + ExponentExpression::Expression(e) => e, + ExponentExpression::Primary(e) => e.into(), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::spread_or_expression))] + pub enum SpreadOrExpression<'ast> { + Spread(Spread<'ast>), + Expression(Expression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::spread))] + pub struct Spread<'ast> { + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::range_or_expression))] + pub enum RangeOrExpression<'ast> { + Range(Range<'ast>), + Expression(Expression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::range))] + pub struct Range<'ast> { + pub from: Option>, + pub to: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::from_expression))] + pub struct FromExpression<'ast>(pub Expression<'ast>); + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::to_expression))] + pub struct ToExpression<'ast>(pub Expression<'ast>); + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_array_expression))] + pub struct InlineArrayExpression<'ast> { + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_struct_expression))] + pub struct InlineStructExpression<'ast> { + pub ty: IdentifierExpression<'ast>, + pub members: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_tuple_expression))] + pub struct InlineTupleExpression<'ast> { + pub elements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_struct_member))] + pub struct InlineStructMember<'ast> { + pub id: IdentifierExpression<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::array_initializer_expression))] + pub struct ArrayInitializerExpression<'ast> { + pub value: Box>, + pub count: Box>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::typed_identifier_or_assignee))] + pub enum TypedIdentifierOrAssignee<'ast> { + Assignee(Assignee<'ast>), + TypedIdentifier(TypedIdentifier<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::_mut))] + pub struct Mutable {} + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::typed_identifier))] + pub struct TypedIdentifier<'ast> { + pub ty: Type<'ast>, + pub mutable: Option, + pub identifier: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::access))] + pub enum Access<'ast> { + Call(CallAccess<'ast>), + Select(ArrayAccess<'ast>), + Dot(DotAccess<'ast>), + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::assignee_access))] + pub enum AssigneeAccess<'ast> { + Select(ArrayAccess<'ast>), + Dot(DotAccess<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::call_access))] + pub struct CallAccess<'ast> { + pub explicit_generics: Option>, + pub arguments: Arguments<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::explicit_generics))] + pub struct ExplicitGenerics<'ast> { + pub values: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::constant_generics_value))] + pub enum ConstantGenericValue<'ast> { + Value(LiteralExpression<'ast>), + Identifier(IdentifierExpression<'ast>), + Underscore(Underscore<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::underscore))] + pub struct Underscore<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::arguments))] + pub struct Arguments<'ast> { + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::array_access))] + pub struct ArrayAccess<'ast> { + pub expression: RangeOrExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::dot_access))] + pub struct DotAccess<'ast> { + pub inner: IdentifierOrDecimal<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::identifier_or_decimal))] + pub enum IdentifierOrDecimal<'ast> { + Identifier(IdentifierExpression<'ast>), + Decimal(DecimalNumber<'ast>), + } + + #[derive(Debug, PartialEq, Clone)] + pub struct BinaryExpression<'ast> { + pub op: BinaryOperator, + pub left: Box>, + pub right: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Clone)] + pub struct UnaryExpression<'ast> { + pub op: UnaryOperator, + pub expression: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Clone)] + pub struct TernaryExpression<'ast> { + pub condition: Box>, + pub consequence: Box>, + pub alternative: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::if_else_expression))] + pub struct IfElseExpression<'ast> { + pub condition: Box>, + pub consequence_statements: Vec>, + pub consequence: Box>, + pub alternative_statements: Vec>, + pub alternative: Box>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + impl<'ast> Expression<'ast> { + pub fn if_else( + condition: Box>, + consequence: Box>, + alternative: Box>, + span: Span<'ast>, + ) -> Self { + Expression::IfElse(IfElseExpression { + condition, + consequence_statements: vec![], + consequence, + alternative_statements: vec![], + alternative, + span, + }) + } + + pub fn ternary( + condition: Box>, + consequence: Box>, + alternative: Box>, + span: Span<'ast>, + ) -> Self { + Expression::Ternary(TernaryExpression { + condition, + consequence, + alternative, + span, + }) + } + + pub fn binary( + op: BinaryOperator, + left: Box>, + right: Box>, + span: Span<'ast>, + ) -> Self { + Expression::Binary(BinaryExpression { + op, + left, + right, + span, + }) + } + + pub fn span(&self) -> &Span<'ast> { + match self { + Expression::Binary(b) => &b.span, + Expression::Identifier(i) => &i.span, + Expression::Literal(c) => c.span(), + Expression::Ternary(t) => &t.span, + Expression::IfElse(ie) => &ie.span, + Expression::Postfix(p) => &p.span, + Expression::InlineArray(a) => &a.span, + Expression::InlineStruct(s) => &s.span, + Expression::InlineTuple(t) => &t.span, + Expression::ArrayInitializer(a) => &a.span, + Expression::Unary(u) => &u.span, + } + } + } + + impl<'ast> FromPest<'ast> for Expression<'ast> { + type Rule = Rule; + type FatalError = Void; + + // We implement AST creation manually here for Expression + // `pest` should yield an `expression` which we can generate AST with, based on precedence rules + fn from_pest(pest: &mut Pairs<'ast, Rule>) -> Result> { + // get a clone to "try" to match + let mut clone = pest.clone(); + // advance by one pair in the clone, if none error out, `pest` is still the original + let pair = clone.next().ok_or(::from_pest::ConversionError::NoMatch)?; + // this should be an expression + match pair.as_rule() { + Rule::expression => { + // we can replace `pest` with the clone we tried with and got pairs from to create the AST + *pest = clone; + Ok(*climb(pair)) + } + _ => Err(ConversionError::NoMatch), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::literal))] + pub enum LiteralExpression<'ast> { + DecimalLiteral(DecimalLiteralExpression<'ast>), + BooleanLiteral(BooleanLiteralExpression<'ast>), + HexLiteral(HexLiteralExpression<'ast>), + } + + impl<'ast> LiteralExpression<'ast> { + pub fn span(&self) -> &Span<'ast> { + match self { + LiteralExpression::DecimalLiteral(n) => &n.span, + LiteralExpression::BooleanLiteral(c) => &c.span, + LiteralExpression::HexLiteral(h) => &h.span, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix))] + pub enum DecimalSuffix<'ast> { + U8(U8Suffix<'ast>), + U16(U16Suffix<'ast>), + U32(U32Suffix<'ast>), + U64(U64Suffix<'ast>), + Field(FieldSuffix<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u8))] + pub struct U8Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u16))] + pub struct U16Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u32))] + pub struct U32Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u64))] + pub struct U64Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_field))] + pub struct FieldSuffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_number))] + pub struct DecimalNumber<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::decimal_literal))] + pub struct DecimalLiteralExpression<'ast> { + pub value: DecimalNumber<'ast>, + pub suffix: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::boolean_literal))] + pub struct BooleanLiteralExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_literal))] + pub struct HexLiteralExpression<'ast> { + pub value: HexNumberExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_number))] + pub enum HexNumberExpression<'ast> { + U8(U8NumberExpression<'ast>), + U16(U16NumberExpression<'ast>), + U32(U32NumberExpression<'ast>), + U64(U64NumberExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_number_u8))] + pub struct U8NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_number_u16))] + pub struct U16NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_number_u32))] + pub struct U32NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::hex_number_u64))] + pub struct U64NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::identifier))] + pub struct IdentifierExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::assignee))] + pub struct Assignee<'ast> { + pub id: IdentifierExpression<'ast>, // a + pub accesses: Vec>, // [42 + x].foo[7] + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + fn span_into_str(span: Span) -> String { + span.as_str().to_string() + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::EOI))] + #[allow(clippy::upper_case_acronyms)] + pub struct EOI; +} + +struct Prog<'ast>(ast::File<'ast>); + +impl<'ast> From> for Prog<'ast> { + fn from(mut pairs: Pairs<'ast, Rule>) -> Prog<'ast> { + Prog(ast::File::from_pest(&mut pairs).unwrap()) + } +} + +#[derive(PartialEq, Eq, Clone, Debug)] +pub struct Error(PestError); + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "{}", self.0) + } +} + +#[allow(clippy::result_large_err)] +pub fn generate_ast(input: &str) -> Result { + let parse_tree = parse(input).map_err(Error)?; + Ok(Prog::from(parse_tree).0) +} + +#[cfg(test)] +mod tests { + use super::ast::*; + use super::*; + use pest::Span; + + #[test] + fn examples() { + use glob::glob; + use std::fs; + use std::io::Read; + // Traverse all .zok files in examples dir + for entry in glob("../zokrates_cli/examples/**/*.zok").expect("Failed to read glob pattern") + { + match entry { + Ok(path) => { + if path.to_str().unwrap().contains("error") { + continue; + } + println!("Parsing {:?}", path.display()); + let mut file = fs::File::open(path).unwrap(); + let mut data = String::new(); + file.read_to_string(&mut data).unwrap(); + let _res = generate_ast(&data).unwrap(); + } + Err(e) => println!("{:?}", e), + } + } + } + + impl<'ast> Expression<'ast> { + pub fn add(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Add, Box::new(left), Box::new(right), span) + } + + pub fn mul(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Mul, Box::new(left), Box::new(right), span) + } + + pub fn pow(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Pow, Box::new(left), Box::new(right), span) + } + } + + #[test] + fn one_plus_one() { + let source = r#" + import "foo"; + + def main() -> field { + return 1 + 1; + } +"#; + assert_eq!( + generate_ast(source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() + }, + alias: None, + span: Span::new(source, 9, 21).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(source, 36, 40).unwrap() + }, + parameters: vec![], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), + statements: vec![Statement::Return(ReturnStatement { + expression: Some(Expression::add( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + value: DecimalNumber { + span: Span::new(source, 73, 74).unwrap() + }, + suffix: None, + span: Span::new(source, 73, 74).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + value: DecimalNumber { + span: Span::new(source, 77, 78).unwrap() + }, + suffix: None, + span: Span::new(source, 77, 78).unwrap() + } + )), + Span::new(source, 73, 78).unwrap() + )), + span: Span::new(source, 66, 78).unwrap(), + })], + span: Span::new(source, 32, 89).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(source, 0, 90).unwrap() + }) + ); + } + + #[test] + fn precedence() { + let source = r#" + import "foo"; + + def main() -> field { + return 1 + 2 * 3 ** 4; + } +"#; + assert_eq!( + generate_ast(source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() + }, + alias: None, + span: Span::new(source, 9, 21).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(source, 36, 40).unwrap() + }, + parameters: vec![], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), + statements: vec![Statement::Return(ReturnStatement { + expression: Some(Expression::add( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 73, 74).unwrap() + }, + span: Span::new(source, 73, 74).unwrap() + } + )), + Expression::mul( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 77, 78).unwrap() + }, + span: Span::new(source, 77, 78).unwrap() + } + )), + Expression::pow( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 81, 82).unwrap() + }, + span: Span::new(source, 81, 82).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 86, 87).unwrap() + }, + span: Span::new(source, 86, 87).unwrap() + } + )), + Span::new(source, 81, 87).unwrap() + ), + Span::new(source, 77, 87).unwrap() + ), + Span::new(source, 73, 87).unwrap() + )), + span: Span::new(source, 66, 87).unwrap(), + })], + span: Span::new(source, 32, 98).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(source, 0, 99).unwrap() + }) + ); + } + + #[test] + fn ternary() { + let source = r#" + import "foo"; + + def main() -> field { + return 1 ? 2 : 3; + } +"#; + assert_eq!( + generate_ast(source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() + }, + alias: None, + span: Span::new(source, 9, 21).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(source, 36, 40).unwrap() + }, + parameters: vec![], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), + statements: vec![Statement::Return(ReturnStatement { + expression: Some(Expression::ternary( + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 73, 74).unwrap() + }, + span: Span::new(source, 73, 74).unwrap() + } + ))), + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 77, 78).unwrap() + }, + span: Span::new(source, 77, 78).unwrap() + } + ))), + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 81, 82).unwrap() + }, + span: Span::new(source, 81, 82).unwrap() + } + ))), + Span::new(source, 73, 82).unwrap() + )), + span: Span::new(source, 66, 82).unwrap(), + })], + span: Span::new(source, 32, 93).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(source, 0, 94).unwrap() + }) + ); + } + + #[test] + fn parentheses() { + let source = r#"def main() -> field { return 1; } +"#; + assert_eq!( + generate_ast(source), + Ok(File { + pragma: None, + declarations: vec![SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(source, 4, 8).unwrap() + }, + parameters: vec![], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 14, 19).unwrap() + }))), + statements: vec![Statement::Return(ReturnStatement { + expression: Some(Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(source, 29, 30).unwrap() + }, + span: Span::new(source, 29, 30).unwrap() + } + ))), + span: Span::new(source, 22, 30).unwrap(), + })], + span: Span::new(source, 0, 33).unwrap(), + })], + eoi: EOI {}, + span: Span::new(source, 0, 34).unwrap() + }) + ); + } + + #[test] + fn playground() { + let source = r#" + import "foo" as bar; + + struct Foo { + field[2] foo; + Bar bar; + } + + def main

(private field[Q] a) -> bool[234 + 6] { + field a = 1; + a[32 + x][55] = foo::(y); + for field i in 0..3 { + assert(a == 1 + 2 + 3 + 4 + 5 + 6 + 6 + 7 + 8 + 4 + 5 + 3 + 4 + 2 + 3); + } + assert(a.member == 1); + return a; + } +"#; + let res = generate_ast(source); + assert!(res.is_ok()); + } + + #[test] + fn tuples() { + let source = r#"struct Foo { + field a; + } + + def foo() -> (field, field) { + return (1, 2); + } + + def main((field, field) a, (field,) b) -> (Foo,)[2] { + (field, field) c = foo(); + return [(Foo {a: a.0},); 2]; + } +"#; + let res = generate_ast(source); + assert!(res.is_ok()); + } +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml new file mode 100644 index 000000000..24763e3f2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "zokrates_stdlib" +version = "0.3.3" +authors = ["Stefan Deml ", "schaeff "] +edition = "2018" + +[dev-dependencies] +zokrates_test = { version = "0.2", path = "../zokrates_test" } + +[build-dependencies] +fs_extra = "1.1.0" +zokrates_test_derive = { version = "0.0", path = "../zokrates_test_derive" } + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/build.rs b/third_party/ZoKratesCurly/zokrates_stdlib/build.rs new file mode 100644 index 000000000..cb2dd02cd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/build.rs @@ -0,0 +1,19 @@ +use fs_extra::copy_items; +use fs_extra::dir::CopyOptions; +use std::env; +use zokrates_test_derive::write_tests; + +fn main() { + // export stdlib folder to OUT_DIR + export_stdlib(); + + // generate tests + write_tests("./tests/tests/"); +} + +fn export_stdlib() { + let out_dir = env::var("OUT_DIR").unwrap(); + let mut options = CopyOptions::new(); + options.overwrite = true; + copy_items(&["stdlib"], out_dir, &options).unwrap(); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs b/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs @@ -0,0 +1 @@ + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok new file mode 100644 index 000000000..b38f2e37f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok @@ -0,0 +1,144 @@ +// This file contains dummy definitions of builtins +// that are used for typechecking + +def get_field_size() -> u32 { + return 0u32; +} + +//def get_field_modulus() -> integer { +// return 0; +//} + +const u32 FIELD_SIZE_IN_BITS = get_field_size(); +//const integer FIELD_MODULUS = get_field_modulus(); + +// XXX(unimpl) +// sha256round + +// XXX(unimpl) +// snark_verify_bls12_377 as verify + +// Dummy function +def main() -> bool { + return false; +} + +def u64_from_bits(bool[64] a) -> u64 { + return 0u64; +} + +def u32_from_bits(bool[32] a) -> u32 { + return 0u32; +} + +def u16_from_bits(bool[16] a) -> u16 { + return 0u16; +} + +def u8_from_bits(bool[8] a) -> u8 { + return 0u8; +} + +def u64_to_bits(u64 a) -> bool[64] { + return [false; 64]; +} + +def u32_to_bits(u32 a) -> bool[32] { + return [false; 32]; +} + +def u16_to_bits(u16 a) -> bool[16] { + return [false; 16]; +} + +def u8_to_bits(u8 a) -> bool[8] { + return [false; 8]; +} + +def unpack(field i) -> bool[N] { + return [false; N]; +} + +def bit_array_le(bool[N] a, bool[N] b) -> bool { + return false; +} + +def u8_to_field(u8 i) -> field { + return 0f; +} + +def u16_to_field(u16 i) -> field { + return 0f; +} + +def u32_to_field(u32 i) -> field { + return 0f; +} + +def u64_to_field(u64 i) -> field { + return 0f; +} + +def u8_to_u64(u8 i) -> u64 { + return 0u64; +} + +def u16_to_u64(u16 i) -> u64 { + return 0u64; +} + +def u32_to_u64(u32 i) -> u64 { + return 0u64; +} + +def u8_to_u32(u8 i) -> u32 { + return 0u32; +} + +def u16_to_u32(u16 i) -> u32 { + return 0u32; +} + +def u8_to_u16(u8 i) -> u16 { + return 0u16; +} + +def field_to_bool_unsafe(field i) -> bool { + return true; +} + +//def int_to_bits(integer i) -> bool[N] { +// return [false; N]; +//} + +//def int_size(integer i) -> u32 { +// return 0u32; +//} + +// The output is sampled uniformly and independently of the inputs +def sample_challenge(field[N] x) -> field { + return 0; +} + +// Return a key in x that matches y +def reverse_lookup(field[N] x, field y) -> field { + return 0; +} + +// Check that x contains a value equal to y; the result is only assertable. +def value_in_array(field y, field[N] x) -> bool { + return true; +} + +// Find inverse of a mod b +//def int_modinv(integer a, integer b) -> integer { +// return 0; +//} + +//def integer_to_field(integer a) -> field { +// return 0; +//} + +//def field_to_integer(field a) -> integer { +// return 0; +//} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok new file mode 100644 index 000000000..e06fd3cb5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok @@ -0,0 +1,37 @@ +#pragma curve bn128 + +// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub +// Note: parameters will be updated soon to be more compatible with zCash's implementation + +struct BabyJubJubParams { + field JUBJUB_C; + field JUBJUB_A; + field JUBJUB_D; + field MONT_A; + field MONT_B; + field[2] INFINITY; + field Gu; + field Gv; +} + +const BabyJubJubParams BABYJUBJUB_PARAMS = BabyJubJubParams { + // Order of the curve for reference: 21888242871839275222246405745257275088614511777268538073601725287587578984328 + JUBJUB_C: 8, // Cofactor + JUBJUB_A: 168700, // Coefficient A + JUBJUB_D: 168696, // Coefficient D + + // Montgomery parameters + MONT_A: 168698, + MONT_B: 1, + + // Point at infinity + INFINITY: [0, 1], + + // Generator + Gu: 16540640123574156134436876038791482806971768689494387082833631921987005038935, + Gv: 20819045374670962167435360035096875258406992893633759881276124905556507972311 +}; + +def main() -> BabyJubJubParams { + return BABYJUBJUB_PARAMS; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok new file mode 100644 index 000000000..843f6f924 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok @@ -0,0 +1,20 @@ +from "ecc/babyjubjubParams" import BabyJubJubParams; + +// Add two points on a twisted Edwards curve +// Curve parameters are defined with the last argument +// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves +def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> field[2] { + + field a = context.JUBJUB_A; + field d = context.JUBJUB_D; + + field u1 = pt1[0]; + field v1 = pt1[1]; + field u2 = pt2[0]; + field v2 = pt2[1]; + + field uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2); + field vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2); + + return [uOut, vOut]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok new file mode 100644 index 000000000..1959f5740 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok @@ -0,0 +1,21 @@ +import "utils/pack/bool/nonStrictUnpack256" as unpack256; + +// Compress JubJub Curve Point to 256bit array using big endianness bit order +// Python reference code from pycrypto: +// def compress(self): +// x = self.x.n +// y = self.y.n +// return int.to_bytes(y | ((x & 1) << 255), 32, "big") + +def main(field[2] pt) -> bool[256] { + field x = pt[0]; + field y = pt[1]; + + bool[256] xBits = unpack256(x); + bool[256] mut yBits = unpack256(y); + + bool sign = xBits[255]; + yBits[0] = sign; + + return yBits; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok new file mode 100644 index 000000000..62fcd1eb6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok @@ -0,0 +1,9 @@ +// Negate a point on an Edwards curve +// Curve parameters are defined with the last argument +// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2 +def main(field[2] pt) -> field[2] { + field u = pt[0]; + field v = pt[1]; + + return [-u, v]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok new file mode 100644 index 000000000..d2d824014 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok @@ -0,0 +1,17 @@ +from "ecc/babyjubjubParams" import BabyJubJubParams; + +// Check if a point is on a twisted Edwards curve +// Curve parameters are defined with the last argument +// See appendix 3.3.1 of Zcash protocol specification: +// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf +def main(field[2] pt, BabyJubJubParams context) -> bool { + field a = context.JUBJUB_A; + field d = context.JUBJUB_D; + + field uu = pt[0] * pt[0]; + field vv = pt[1] * pt[1]; + field uuvv = uu * vv; + + assert(a * uu + vv == 1 + d * uuvv); + return true; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok new file mode 100644 index 000000000..c6913126f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok @@ -0,0 +1,26 @@ +import "ecc/edwardsAdd" as add; +import "ecc/edwardsScalarMult" as multiply; +import "utils/pack/bool/nonStrictUnpack256" as unpack256; +from "ecc/babyjubjubParams" import BabyJubJubParams; + +// Verifies that the point is not one of the low-order points. +// If any of the points is multiplied by the cofactor, the resulting point +// will be infinity. +// Returns true if the point is not one of the low-order points, false otherwise. +// Curve parameters are defined with the last argument +// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166 +def main(field[2] pt, BabyJubJubParams context) -> bool { + field cofactor = context.JUBJUB_C; + assert(cofactor == 8); + + // Co-factor currently hard-coded to 8 for efficiency reasons + // See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391 + // Generic code: + // bool[256] cofactorExponent = unpack256(cofactor); + // field[2] ptExp = multiply(cofactorExponent, pt, context); + field[2] mut ptExp = add(pt, pt, context); // 2*pt + ptExp = add(ptExp, ptExp, context); // 4*pt + ptExp = add(ptExp, ptExp, context); // 8*pt + + return !(ptExp[0] == 0 && ptExp[1] == 1); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok new file mode 100644 index 000000000..1d7dec693 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok @@ -0,0 +1,26 @@ +import "ecc/edwardsAdd" as add; +import "ecc/edwardsOnCurve" as onCurve; +from "ecc/babyjubjubParams" import BabyJubJubParams; + +// Function that implements scalar multiplication for a fixed base point +// Curve parameters are defined with the last argument +// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain +// curve parameters. +// Note that the exponent array is not check to be boolean in this gadget +// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 +def main(bool[256] exponent, field[2] pt, BabyJubJubParams context) -> field[2] { + field[2] infinity = context.INFINITY; + + field[2] mut doubledP = pt; + field[2] mut accumulatedP = infinity; + + for u32 i in 0..256 { + u32 j = 255 - i; + field[2] candidateP = add(accumulatedP, doubledP, context); + accumulatedP = exponent[j] ? candidateP : accumulatedP; + doubledP = add(doubledP, doubledP, context); + } + + assert(onCurve(accumulatedP, context)); + return accumulatedP; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok new file mode 100644 index 000000000..840457307 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -0,0 +1,28 @@ +import "ecc/edwardsAdd" as add; +import "ecc/edwardsScalarMult" as multiply; +import "utils/pack/bool/nonStrictUnpack256" as unpack256; +from "ecc/babyjubjubParams" import BabyJubJubParams; + +/// Verifies match of a given public/private keypair. +/// +/// Checks if the following equation holds for the provided keypair: +/// pk = sk*G +/// where G is the chosen base point of the subgroup +/// and * denotes scalar multiplication in the subgroup +/// +/// Arguments: +/// pk: Curve point. Public key. +/// sk: Field element. Private key. +/// context: Curve parameters (including generator G) used to create keypair. +/// +/// Returns: +/// Return true for pk/sk being a valid keypair, false otherwise. +def main(field[2] pk, field sk, BabyJubJubParams context) -> bool { + field[2] G = [context.Gu, context.Gv]; + + bool[256] skBits = unpack256(sk); + field[2] ptExp = multiply(skBits, G, context); + + bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1]; + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok new file mode 100644 index 000000000..5a934642b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok @@ -0,0 +1,30 @@ +from "EMBED" import FIELD_SIZE_IN_BITS; + +const field FIELD_MIN = 0; +const field FIELD_MAX = -1; + +// Tests if `a` is divisible by `q`. +// `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). +// Q the field modulus. `q` is interpreted as an unsigned integer +// in [0, Q). +def s_divisible(field a, field q) -> bool { + field neg_a = -a; + bool is_neg = a > neg_a; + field to_rem = if is_neg { neg_a } else { a }; + field rem = to_rem % q; + return rem == 0; +} + +// Computes `a mod q`. +// `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). +// Q the field modulus. `q` is interpreted as an unsigned integer +// in [0, Q). The return value is in [0, q). +def s_remainder(field a, field q) -> field { + field neg_a = -a; + bool is_neg = a > neg_a; + field to_rem = if is_neg { neg_a } else { a }; + field rem = to_rem % q; + field neg_rem = if rem == 0 { 0 } else { q - rem }; + field res = if is_neg { neg_rem } else { rem }; + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok new file mode 100644 index 000000000..f0b301a8b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok @@ -0,0 +1,5 @@ +import "hashes/blake2/blake2s_p" as blake2s_p; + +def main(u32[K][16] input) -> u32[8] { + return blake2s_p(input, [0; 2]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok new file mode 100644 index 000000000..628566aa6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok @@ -0,0 +1,117 @@ +// https://tools.ietf.org/html/rfc7693 + +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; + +// Initialization Vector, section 2.6. +const u32[8] IV = [ + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +]; + +// Message Schedule SIGMA, section 2.7. +const u32[10][16] SIGMA = [ + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], + [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3], + [11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4], + [7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8], + [9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13], + [2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9], + [12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11], + [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10], + [6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5], + [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0] +]; + +// right rotation +def rotr32(u32 x) -> u32 { + return (x >> N) | (x << (32 - N)); +} + +// change endianness +def swap_u32(u32 val) -> u32 { + return (val << 24) | \ + ((val << 8) & 0x00ff0000) | \ + ((val >> 8) & 0x0000ff00) | \ + ((val >> 24) & 0x000000ff); +} + + +def mixing_g(u32[16] mut v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> u32[16] { + v[a] = (v[a] + v[b] + x); + v[d] = rotr32::<16>(v[d] ^ v[a]); + v[c] = (v[c] + v[d]); + v[b] = rotr32::<12>(v[b] ^ v[c]); + v[a] = (v[a] + v[b] + y); + v[d] = rotr32::<8>(v[d] ^ v[a]); + v[c] = (v[c] + v[d]); + v[b] = rotr32::<7>(v[b] ^ v[c]); + return v; +} + +def blake2s_compression(u32[8] mut h, u32[16] m, u32[2] t, bool last) -> u32[8] { + u32[16] mut v = [...h, ...IV]; + + v[12] = v[12] ^ t[0]; + v[13] = v[13] ^ t[1]; + v[14] = last ? v[14] ^ 0xFFFFFFFF : v[14]; + + for u32 i in 0..10 { + u32[16] s = SIGMA[i]; + v = mixing_g(v, 0, 4, 8, 12, m[s[0]], m[s[1]]); + v = mixing_g(v, 1, 5, 9, 13, m[s[2]], m[s[3]]); + v = mixing_g(v, 2, 6, 10, 14, m[s[4]], m[s[5]]); + v = mixing_g(v, 3, 7, 11, 15, m[s[6]], m[s[7]]); + v = mixing_g(v, 0, 5, 10, 15, m[s[8]], m[s[9]]); + v = mixing_g(v, 1, 6, 11, 12, m[s[10]], m[s[11]]); + v = mixing_g(v, 2, 7, 8, 13, m[s[12]], m[s[13]]); + v = mixing_g(v, 3, 4, 9, 14, m[s[14]], m[s[15]]); + } + + for u32 i in 0..8 { + h[i] = h[i] ^ v[i] ^ v[i + 8]; + } + + return h; +} + +def main(u32[K][16] mut input, u32[2] p) -> u32[8] { + u32[8] mut h = [ + IV[0] ^ 0x01010000 ^ 0x00000020, + IV[1], + IV[2], + IV[3], + IV[4], + IV[5], + IV[6] ^ swap_u32(p[0]), + IV[7] ^ swap_u32(p[1]) + ]; + + u32 mut t0 = 0; + u32 mut t1 = 0; + + // change endianness of inputs from big endian to little endian + for u32 i in 0..K { + for u32 j in 0..16 { + input[i][j] = swap_u32(input[i][j]); + } + } + + for u32 i in 0..K-1 { + t0 = (i + 1) * 64; + t1 = t0 == 0 ? t1 + 1 : t1; + h = blake2s_compression(h, input[i], [t0, t1], false); + } + + t0 = t0 + 64; + t1 = t0 == 0 ? t1 + 1 : t1; + + h = blake2s_compression(h, input[K - 1], [t0, t1], true); + + // change endianness of output from little endian to big endian + for u32 i in 0..8 { + h[i] = swap_u32(h[i]); + } + + return h; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok new file mode 100644 index 000000000..0b0df961f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[28] { + return keccak::<_, 28>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok new file mode 100644 index 000000000..9e8dfc4d3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[32] { + return keccak::<_, 32>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok new file mode 100644 index 000000000..0f6767781 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[48] { + return keccak::<_, 48>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok new file mode 100644 index 000000000..1d475635f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[64] { + return keccak::<_, 64>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok new file mode 100644 index 000000000..08dca6c1b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok @@ -0,0 +1,161 @@ +// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf +// based on keccak-f[1600] permutation + +import "utils/casts/u8_to_bits"; +import "utils/casts/u8_from_bits"; +import "utils/casts/u64_to_bits"; +import "utils/casts/u64_from_bits"; + +const u32[24] RHO = [ + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 +]; + +const u32[24] PI = [ + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 +]; + +const u64[24] RC = [ + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, + 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, + 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, + 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, + 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, + 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 +]; + +// left rotation +def rotl64(u64 x, u32 n) -> u64 { + return ((x << n) | (x >> (64 - n))); +} + +// change endianness +def swap_u64(u64 mut val) -> u64 { + val = ((val << 8) & 0xFF00FF00FF00FF00) | ((val >> 8) & 0x00FF00FF00FF00FF); + val = ((val << 16) & 0xFFFF0000FFFF0000) | ((val >> 16) & 0x0000FFFF0000FFFF); + return (val << 32) | (val >> 32); +} + +// compression function +def keccakf(u64[25] mut st) -> u64[25] { + u64[5] mut bc = [0; 5]; + u64 mut t = 0; + + for u32 i in 0..25 { + st[i] = swap_u64(st[i]); + } + + for u32 r in 0..24 { + // theta + for u32 i in 0..5 { + bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20]; + } + + for u32 i in 0..5 { + t = bc[(i + 4) % 5] ^ rotl64(bc[(i + 1) % 5], 1); + for u32 j in 0..5 { + st[(j * 5) + i] = st[(j * 5) + i] ^ t; + } + } + + t = st[1]; + + // rho pi + for u32 i in 0..24 { + u32 j = PI[i]; + bc[0] = st[j]; + st[j] = rotl64(t, RHO[i]); + t = bc[0]; + } + + // chi + for u32 i in 0..5 { + for u32 j in 0..5 { + bc[j] = st[(i * 5) + j]; + } + for u32 j in 0..5 { + u32 p = (i * 5) + j; + st[p] = st[p] ^ (!bc[(j + 1) % 5] & bc[(j + 2) % 5]); + } + } + + // iota + st[0] = st[0] ^ RC[r]; + } + + for u32 i in 0..25 { + st[i] = swap_u64(st[i]); + } + + return st; +} + +def u64_from_u8_array(u8[8] input) -> u64 { + bool[64] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]), + ...u8_to_bits(input[4]), + ...u8_to_bits(input[5]), + ...u8_to_bits(input[6]), + ...u8_to_bits(input[7]) + ]; + return u64_from_bits(bits); +} + +def u64_to_u8_array(u64 input) -> u8[8] { + bool[64] bits = u64_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]), + u8_from_bits(bits[32..40]), + u8_from_bits(bits[40..48]), + u8_from_bits(bits[48..56]), + u8_from_bits(bits[56..64]) + ]; +} + +def to_bytes(u64[25] input) -> u8[200] { + u8[200] mut output = [0; 200]; + for u32 i in 0..25 { + u8[8] t = u64_to_u8_array(input[i]); + for u32 j in 0..8 { + output[i * 8 + j] = t[j]; + } + } + return output; +} + +def from_bytes(u8[200] input) -> u64[25] { + u64[25] mut output = [0; 25]; + for u32 i in 0..25 { + output[i] = u64_from_u8_array(input[i*8..i*8+8]); + } + return output; +} + +def main(u8[N] mut input, u8 delim) -> u8[W] { + u8[200] mut b = [0; 200]; + u32 rate = 200 - (2 * W); + u32 mut pt = 0; + + // update + for u32 i in 0..N { + b[pt] = b[pt] ^ input[i]; + pt = (pt + 1) % rate; + b = pt == 0 ? to_bytes(keccakf(from_bytes(b))) : b; + } + + // finalize + b[pt] = b[pt] ^ delim; + b[rate - 1] = b[rate - 1] ^ 0x80; + b = to_bytes(keccakf(from_bytes(b))); + + return b[..W]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok new file mode 100644 index 000000000..f9ea58904 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok @@ -0,0 +1,112 @@ +const field[91] C = [ + 0, + 20888961410941983456478427210666206549300505294776164667214940546594746570981, + 15265126113435022738560151911929040668591755459209400716467504685752745317193, + 8334177627492981984476504167502758309043212251641796197711684499645635709656, + 1374324219480165500871639364801692115397519265181803854177629327624133579404, + 11442588683664344394633565859260176446561886575962616332903193988751292992472, + 2558901189096558760448896669327086721003508630712968559048179091037845349145, + 11189978595292752354820141775598510151189959177917284797737745690127318076389, + 3262966573163560839685415914157855077211340576201936620532175028036746741754, + 17029914891543225301403832095880481731551830725367286980611178737703889171730, + 4614037031668406927330683909387957156531244689520944789503628527855167665518, + 19647356996769918391113967168615123299113119185942498194367262335168397100658, + 5040699236106090655289931820723926657076483236860546282406111821875672148900, + 2632385916954580941368956176626336146806721642583847728103570779270161510514, + 17691411851977575435597871505860208507285462834710151833948561098560743654671, + 11482807709115676646560379017491661435505951727793345550942389701970904563183, + 8360838254132998143349158726141014535383109403565779450210746881879715734773, + 12663821244032248511491386323242575231591777785787269938928497649288048289525, + 3067001377342968891237590775929219083706800062321980129409398033259904188058, + 8536471869378957766675292398190944925664113548202769136103887479787957959589, + 19825444354178182240559170937204690272111734703605805530888940813160705385792, + 16703465144013840124940690347975638755097486902749048533167980887413919317592, + 13061236261277650370863439564453267964462486225679643020432589226741411380501, + 10864774797625152707517901967943775867717907803542223029967000416969007792571, + 10035653564014594269791753415727486340557376923045841607746250017541686319774, + 3446968588058668564420958894889124905706353937375068998436129414772610003289, + 4653317306466493184743870159523234588955994456998076243468148492375236846006, + 8486711143589723036499933521576871883500223198263343024003617825616410932026, + 250710584458582618659378487568129931785810765264752039738223488321597070280, + 2104159799604932521291371026105311735948154964200596636974609406977292675173, + 16313562605837709339799839901240652934758303521543693857533755376563489378839, + 6032365105133504724925793806318578936233045029919447519826248813478479197288, + 14025118133847866722315446277964222215118620050302054655768867040006542798474, + 7400123822125662712777833064081316757896757785777291653271747396958201309118, + 1744432620323851751204287974553233986555641872755053103823939564833813704825, + 8316378125659383262515151597439205374263247719876250938893842106722210729522, + 6739722627047123650704294650168547689199576889424317598327664349670094847386, + 21211457866117465531949733809706514799713333930924902519246949506964470524162, + 13718112532745211817410303291774369209520657938741992779396229864894885156527, + 5264534817993325015357427094323255342713527811596856940387954546330728068658, + 18884137497114307927425084003812022333609937761793387700010402412840002189451, + 5148596049900083984813839872929010525572543381981952060869301611018636120248, + 19799686398774806587970184652860783461860993790013219899147141137827718662674, + 19240878651604412704364448729659032944342952609050243268894572835672205984837, + 10546185249390392695582524554167530669949955276893453512788278945742408153192, + 5507959600969845538113649209272736011390582494851145043668969080335346810411, + 18177751737739153338153217698774510185696788019377850245260475034576050820091, + 19603444733183990109492724100282114612026332366576932662794133334264283907557, + 10548274686824425401349248282213580046351514091431715597441736281987273193140, + 1823201861560942974198127384034483127920205835821334101215923769688644479957, + 11867589662193422187545516240823411225342068709600734253659804646934346124945, + 18718569356736340558616379408444812528964066420519677106145092918482774343613, + 10530777752259630125564678480897857853807637120039176813174150229243735996839, + 20486583726592018813337145844457018474256372770211860618687961310422228379031, + 12690713110714036569415168795200156516217175005650145422920562694422306200486, + 17386427286863519095301372413760745749282643730629659997153085139065756667205, + 2216432659854733047132347621569505613620980842043977268828076165669557467682, + 6309765381643925252238633914530877025934201680691496500372265330505506717193, + 20806323192073945401862788605803131761175139076694468214027227878952047793390, + 4037040458505567977365391535756875199663510397600316887746139396052445718861, + 19948974083684238245321361840704327952464170097132407924861169241740046562673, + 845322671528508199439318170916419179535949348988022948153107378280175750024, + 16222384601744433420585982239113457177459602187868460608565289920306145389382, + 10232118865851112229330353999139005145127746617219324244541194256766741433339, + 6699067738555349409504843460654299019000594109597429103342076743347235369120, + 6220784880752427143725783746407285094967584864656399181815603544365010379208, + 6129250029437675212264306655559561251995722990149771051304736001195288083309, + 10773245783118750721454994239248013870822765715268323522295722350908043393604, + 4490242021765793917495398271905043433053432245571325177153467194570741607167, + 19596995117319480189066041930051006586888908165330319666010398892494684778526, + 837850695495734270707668553360118467905109360511302468085569220634750561083, + 11803922811376367215191737026157445294481406304781326649717082177394185903907, + 10201298324909697255105265958780781450978049256931478989759448189112393506592, + 13564695482314888817576351063608519127702411536552857463682060761575100923924, + 9262808208636973454201420823766139682381973240743541030659775288508921362724, + 173271062536305557219323722062711383294158572562695717740068656098441040230, + 18120430890549410286417591505529104700901943324772175772035648111937818237369, + 20484495168135072493552514219686101965206843697794133766912991150184337935627, + 19155651295705203459475805213866664350848604323501251939850063308319753686505, + 11971299749478202793661982361798418342615500543489781306376058267926437157297, + 18285310723116790056148596536349375622245669010373674803854111592441823052978, + 7069216248902547653615508023941692395371990416048967468982099270925308100727, + 6465151453746412132599596984628739550147379072443683076388208843341824127379, + 16143532858389170960690347742477978826830511669766530042104134302796355145785, + 19362583304414853660976404410208489566967618125972377176980367224623492419647, + 1702213613534733786921602839210290505213503664731919006932367875629005980493, + 10781825404476535814285389902565833897646945212027592373510689209734812292327, + 4212716923652881254737947578600828255798948993302968210248673545442808456151, + 7594017890037021425366623750593200398174488805473151513558919864633711506220, + 18979889247746272055963929241596362599320706910852082477600815822482192194401, + 13602139229813231349386885113156901793661719180900395818909719758150455500533 +]; + +def main(field x_in, field k) -> field { + field mut t = 0; + field[R] mut t2 = [0; R]; + field[R] mut t4 = [0; R]; + field[R] mut t6 = [0; R]; + field[R] mut t7 = [0; R]; // we define t7 length +1 to avoid conditional branching + + for u32 i in 0..R { + u32 i2 = i == 0 ? 0 : i - 1; + t = i == 0 ? k + x_in : k + t7[i2] + C[i]; + t2[i] = t * t; + t4[i] = t2[i] * t2[i]; + t6[i] = t4[i] * t2[i]; + t7[i] = t6[i] * t; + } + + return t6[R - 1] * t + k; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok new file mode 100644 index 000000000..cf77a5748 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok @@ -0,0 +1,5 @@ +import "hashes/mimc7/mimc7"; + +def main(field x_in, field k) -> field { + return mimc7::<20>(x_in, k); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok new file mode 100644 index 000000000..f887ce738 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok @@ -0,0 +1,250 @@ +// MiMCFeistel configured with 220 rounds + +const u32 R = 220; +const field[R] IV = [ + 0, + 7120861356467848435263064379192047478074060781135320967663101236819528304084, + 5024705281721889198577876690145313457398658950011302225525409148828000436681, + 17980351014018068290387269214713820287804403312720763401943303895585469787384, + 19886576439381707240399940949310933992335779767309383709787331470398675714258, + 1213715278223786725806155661738676903520350859678319590331207960381534602599, + 18162138253399958831050545255414688239130588254891200470934232514682584734511, + 7667462281466170157858259197976388676420847047604921256361474169980037581876, + 7207551498477838452286210989212982851118089401128156132319807392460388436957, + 9864183311657946807255900203841777810810224615118629957816193727554621093838, + 4798196928559910300796064665904583125427459076060519468052008159779219347957, + 17387238494588145257484818061490088963673275521250153686214197573695921400950, + 10005334761930299057035055370088813230849810566234116771751925093634136574742, + 11897542014760736209670863723231849628230383119798486487899539017466261308762, + 16771780563523793011283273687253985566177232886900511371656074413362142152543, + 749264854018824809464168489785113337925400687349357088413132714480582918506, + 3683645737503705042628598550438395339383572464204988015434959428676652575331, + 7556750851783822914673316211129907782679509728346361368978891584375551186255, + 20391289379084797414557439284689954098721219201171527383291525676334308303023, + 18146517657445423462330854383025300323335289319277199154920964274562014376193, + 8080173465267536232534446836148661251987053305394647905212781979099916615292, + 10796443006899450245502071131975731672911747129805343722228413358507805531141, + 5404287610364961067658660283245291234008692303120470305032076412056764726509, + 4623894483395123520243967718315330178025957095502546813929290333264120223168, + 16845753148201777192406958674202574751725237939980634861948953189320362207797, + 4622170486584704769521001011395820886029808520586507873417553166762370293671, + 16688277490485052681847773549197928630624828392248424077804829676011512392564, + 11878652861183667748838188993669912629573713271883125458838494308957689090959, + 2436445725746972287496138382764643208791713986676129260589667864467010129482, + 1888098689545151571063267806606510032698677328923740058080630641742325067877, + 148924106504065664829055598316821983869409581623245780505601526786791681102, + 18875020877782404439294079398043479420415331640996249745272087358069018086569, + 15189693413320228845990326214136820307649565437237093707846682797649429515840, + 19669450123472657781282985229369348220906547335081730205028099210442632534079, + 5521922218264623411380547905210139511350706092570900075727555783240701821773, + 4144769320246558352780591737261172907511489963810975650573703217887429086546, + 10097732913112662248360143041019433907849917041759137293018029019134392559350, + 1720059427972723034107765345743336447947522473310069975142483982753181038321, + 6302388219880227251325608388535181451187131054211388356563634768253301290116, + 6745410632962119604799318394592010194450845483518862700079921360015766217097, + 10858157235265583624235850660462324469799552996870780238992046963007491306222, + 20241898894740093733047052816576694435372877719072347814065227797906130857593, + 10165780782761211520836029617746977303303335603838343292431760011576528327409, + 2832093654883670345969792724123161241696170611611744759675180839473215203706, + 153011722355526826233082383360057587249818749719433916258246100068258954737, + 20196970640587451358539129330170636295243141659030208529338914906436009086943, + 3180973917010545328313139835982464870638521890385603025657430208141494469656, + 17198004293191777441573635123110935015228014028618868252989374962722329283022, + 7642160509228669138628515458941659189680509753651629476399516332224325757132, + 19346204940546791021518535594447257347218878114049998691060016493806845179755, + 11501810868606870391127866188394535330696206817602260610801897042898616817272, + 3113973447392053821824427670386252797811804954746053461397972968381571297505, + 6545064306297957002139416752334741502722251869537551068239642131448768236585, + 5203908808704813498389265425172875593837960384349653691918590736979872578408, + 2246692432011290582160062129070762007374502637007107318105405626910313810224, + 11760570435432189127645691249600821064883781677693087773459065574359292849137, + 5543749482491340532547407723464609328207990784853381797689466144924198391839, + 8837549193990558762776520822018694066937602576881497343584903902880277769302, + 12855514863299373699594410385788943772765811961581749194183533625311486462501, + 5363660674689121676875069134269386492382220935599781121306637800261912519729, + 13162342403579303950549728848130828093497701266240457479693991108217307949435, + 916941639326869583414469202910306428966657806899788970948781207501251816730, + 15618589556584434434009868216186115416835494805174158488636000580759692174228, + 8959562060028569701043973060670353733575345393653685776974948916988033453971, + 16390754464333401712265575949874369157699293840516802426621216808905079127650, + 168282396747788514908709091757591226095443902501365500003618183905496160435, + 8327443473179334761744301768309008451162322941906921742120510244986704677004, + 17213012626801210615058753489149961717422101711567228037597150941152495100640, + 10394369641533736715250242399198097296122982486516256408681925424076248952280, + 17784386835392322654196171115293700800825771210400152504776806618892170162248, + 16533189939837087893364000390641148516479148564190420358849587959161226782982, + 18725396114211370207078434315900726338547621160475533496863298091023511945076, + 7132325028834551397904855671244375895110341505383911719294705267624034122405, + 148317947440800089795933930720822493695520852448386394775371401743494965187, + 19001050671757720352890779127693793630251266879994702723636759889378387053056, + 18824274411769830274877839365728651108434404855803844568234862945613766611460, + 12771414330193951156383998390424063470766226667986423961689712557338777174205, + 11332046574800279729678603488745295198038913503395629790213378101166488244657, + 9607550223176946388146938069307456967842408600269548190739947540821716354749, + 8756385288462344550200229174435953103162307705310807828651304665320046782583, + 176061952957067086877570020242717222844908281373122372938833890096257042779, + 12200212977482648306758992405065921724409841940671166017620928947866825250857, + 10868453624107875516866146499877130701929063632959660262366632833504750028858, + 2016095394399807253596787752134573207202567875457560571095586743878953450738, + 21815578223768330433802113452339488275704145896544481092014911825656390567514, + 4923772847693564777744725640710197015181591950368494148029046443433103381621, + 1813584943682214789802230765734821149202472893379265320098816901270224589984, + 10810123816265612772922113403831964815724109728287572256602010709288980656498, + 1153669123397255702524721206511185557982017410156956216465120456256288427021, + 5007518659266430200134478928344522649876467369278722765097865662497773767152, + 2511432546938591792036639990606464315121646668029252285288323664350666551637, + 32883284540320451295484135704808083452381176816565850047310272290579727564, + 10484856914279112612610993418405543310546746652738541161791501150994088679557, + 2026733759645519472558796412979210009170379159866522399881566309631434814953, + 14731806221235869882801331463708736361296174006732553130708107037190460654379, + 14740327483193277147065845135561988641238516852487657117813536909482068950652, + 18787428285295558781869865751953016580493190547148386433580291216673009884554, + 3804047064713122820157099453648459188816376755739202017447862327783289895072, + 16709604795697901641948603019242067672006293290826991671766611326262532802914, + 11061717085931490100602849654034280576915102867237101935487893025907907250695, + 2821730726367472966906149684046356272806484545281639696873240305052362149654, + 17467794879902895769410571945152708684493991588672014763135370927880883292655, + 1571520786233540988201616650622796363168031165456869481368085474420849243232, + 10041051776251223165849354194892664881051125330236567356945669006147134614302, + 3981753758468103976812813304477670033098707002886030847251581853700311567551, + 4365864398105436789177703571412645548020537580493599380018290523813331678900, + 2391801327305361293476178683853802679507598622000359948432171562543560193350, + 214219368547551689972421167733597094823289857206402800635962137077096090722, + 18192064100315141084242006659317257023098826945893371479835220462302399655674, + 15487549757142039139328911515400805508248576685795694919457041092150651939253, + 10142447197759703415402259672441315777933858467700579946665223821199077641122, + 11246573086260753259993971254725613211193686683988426513880826148090811891866, + 6574066859860991369704567902211886840188702386542112593710271426704432301235, + 11311085442652291634822798307831431035776248927202286895207125867542470350078, + 20977948360215259915441258687649465618185769343138135384346964466965010873779, + 792781492853909872425531014397300057232399608769451037135936617996830018501, + 5027602491523497423798779154966735896562099398367163998686335127580757861872, + 14595204575654316237672764823862241845410365278802914304953002937313300553572, + 13973538843621261113924259058427434053808430378163734641175100160836376897004, + 16395063164993626722686882727042150241125309409717445381854913964674649318585, + 8465768840047024550750516678171433288207841931251654898809033371655109266663, + 21345603324471810861925019445720576814602636473739003852898308205213912255830, + 21171984405852590343970239018692870799717057961108910523876770029017785940991, + 10761027113757988230637066281488532903174559953630210849190212601991063767647, + 6678298831065390834922566306988418588227382406175769592902974103663687992230, + 4993662582188632374202316265508850988596880036291765531885657575099537176757, + 18364168158495573675698600238443218434246806358811328083953887470513967121206, + 3506345610354615013737144848471391553141006285964325596214723571988011984829, + 248732676202643792226973868626360612151424823368345645514532870586234380100, + 10090204501612803176317709245679152331057882187411777688746797044706063410969, + 21297149835078365363970699581821844234354988617890041296044775371855432973500, + 16729368143229828574342820060716366330476985824952922184463387490091156065099, + 4467191506765339364971058668792642195242197133011672559453028147641428433293, + 8677548159358013363291014307402600830078662555833653517843708051504582990832, + 1022951765127126818581466247360193856197472064872288389992480993218645055345, + 1888195070251580606973417065636430294417895423429240431595054184472931224452, + 4221265384902749246920810956363310125115516771964522748896154428740238579824, + 2825393571154632139467378429077438870179957021959813965940638905853993971879, + 19171031072692942278056619599721228021635671304612437350119663236604712493093, + 10780807212297131186617505517708903709488273075252405602261683478333331220733, + 18230936781133176044598070768084230333433368654744509969087239465125979720995, + 16901065971871379877929280081392692752968612240624985552337779093292740763381, + 146494141603558321291767829522948454429758543710648402457451799015963102253, + 2492729278659146790410698334997955258248120870028541691998279257260289595548, + 2204224910006646535594933495262085193210692406133533679934843341237521233504, + 16062117410185840274616925297332331018523844434907012275592638570193234893570, + 5894928453677122829055071981254202951712129328678534592916926069506935491729, + 4947482739415078212217504789923078546034438919537985740403824517728200332286, + 16143265650645676880461646123844627780378251900510645261875867423498913438066, + 397690828254561723549349897112473766901585444153303054845160673059519614409, + 11272653598912269895509621181205395118899451234151664604248382803490621227687, + 15566927854306879444693061574322104423426072650522411176731130806720753591030, + 14222898219492484180162096141564251903058269177856173968147960855133048449557, + 16690275395485630428127725067513114066329712673106153451801968992299636791385, + 3667030990325966886479548860429670833692690972701471494757671819017808678584, + 21280039024501430842616328642522421302481259067470872421086939673482530783142, + 15895485136902450169492923978042129726601461603404514670348703312850236146328, + 7733050956302327984762132317027414325566202380840692458138724610131603812560, + 438123800976401478772659663183448617575635636575786782566035096946820525816, + 814913922521637742587885320797606426167962526342166512693085292151314976633, + 12368712287081330853637674140264759478736012797026621876924395982504369598764, + 2494806857395134874309386694756263421445039103814920780777601708371037591569, + 16101132301514338989512946061786320637179843435886825102406248183507106312877, + 6252650284989960032925831409804233477770646333900692286731621844532438095656, + 9277135875276787021836189566799935097400042171346561246305113339462708861695, + 10493603554686607050979497281838644324893776154179810893893660722522945589063, + 8673089750662709235894359384294076697329948991010184356091130382437645649279, + 9558393272910366944245875920138649617479779893610128634419086981339060613250, + 19012287860122586147374214541764572282814469237161122489573881644994964647218, + 9783723818270121678386992630754842961728702994964214799008457449989291229500, + 15550788416669474113213749561488122552422887538676036667630838378023479382689, + 15016165746156232864069722572047169071786333815661109750860165034341572904221, + 6506225705710197163670556961299945987488979904603689017479840649664564978574, + 10796631184889302076168355684722130903785890709107732067446714470783437829037, + 19871836214837460419845806980869387567383718044439891735114283113359312279540, + 20871081766843466343749609089986071784031203517506781251203251608363835140622, + 5100105771517691442278432864090229416166996183792075307747582375962855820797, + 8777887112076272395250620301071581171386440850451972412060638225741125310886, + 5300440870136391278944213332144327695659161151625757537632832724102670898756, + 1205448543652932944633962232545707633928124666868453915721030884663332604536, + 5542499997310181530432302492142574333860449305424174466698068685590909336771, + 11028094245762332275225364962905938096659249161369092798505554939952525894293, + 19187314764836593118404597958543112407224947638377479622725713735224279297009, + 17047263688548829001253658727764731047114098556534482052135734487985276987385, + 19914849528178967155534624144358541535306360577227460456855821557421213606310, + 2929658084700714257515872921366736697080475676508114973627124569375444665664, + 15092262360719700162343163278648422751610766427236295023221516498310468956361, + 21578580340755653236050830649990190843552802306886938815497471545814130084980, + 1258781501221760320019859066036073675029057285507345332959539295621677296991, + 3819598418157732134449049289585680301176983019643974929528867686268702720163, + 8653175945487997845203439345797943132543211416447757110963967501177317426221, + 6614652990340435611114076169697104582524566019034036680161902142028967568142, + 19212515502973904821995111796203064175854996071497099383090983975618035391558, + 18664315914479294273286016871365663486061896605232511201418576829062292269769, + 11498264615058604317482574216318586415670903094838791165247179252175768794889, + 10814026414212439999107945133852431304483604215416531759535467355316227331774, + 17566185590731088197064706533119299946752127014428399631467913813769853431107, + 14016139747289624978792446847000951708158212463304817001882956166752906714332, + 8242601581342441750402731523736202888792436665415852106196418942315563860366, + 9244680976345080074252591214216060854998619670381671198295645618515047080988, + 12216779172735125538689875667307129262237123728082657485828359100719208190116, + 10702811721859145441471328511968332847175733707711670171718794132331147396634, + 6479667912792222539919362076122453947926362746906450079329453150607427372979, + 15117544653571553820496948522381772148324367479772362833334593000535648316185, + 6842203153996907264167856337497139692895299874139131328642472698663046726780, + 12732823292801537626009139514048596316076834307941224506504666470961250728055, + 6936272626871035740815028148058841877090860312517423346335878088297448888663, + 17297554111853491139852678417579991271009602631577069694853813331124433680030, + 16641596134749940573104316021365063031319260205559553673368334842484345864859, + 7400481189785154329569470986896455371037813715804007747228648863919991399081, + 2273205422216987330510475127669563545720586464429614439716564154166712854048, + 15162538063742142685306302282127534305212832649282186184583465569986719234456, + 5628039096440332922248578319648483863204530861778160259559031331287721255522, + 16085392195894691829567913404182676871326863890140775376809129785155092531260, + 14227467863135365427954093998621993651369686288941275436795622973781503444257, + 18224457394066545825553407391290108485121649197258948320896164404518684305122, + 274945154732293792784580363548970818611304339008964723447672490026510689427, + 11050822248291117548220126630860474473945266276626263036056336623671308219529, + 2119542016932434047340813757208803962484943912710204325088879681995922344971, + 0 +]; + +def main(field xL_in, field xR_in, field k) -> field[2] { + field[R] mut t2 = [0; R]; + field[R] mut t4 = [0; R]; + field[R] mut xL = [0; R]; + field[R] mut xR = [0; R]; + + field mut t = 0; + field mut c = 0; + + for u32 i in 0..R { + u32 j = i == 0 ? 0 : i - 1; + + c = IV[i]; + t = i == 0 ? k + xL_in : k + xL[j] + c; + + t2[i] = t * t; + t4[i] = t2[i] * t2[i]; + + xL[i] = i < R - 1 ? (i == 0 ? xR_in + t4[i] * t : xR[j] + t4[i] * t) : xL[j]; + xR[i] = i < R - 1 ? (i == 0 ? xL_in : xL[j]) : xR[j] + t4[i] * t; + } + + return [xL[R - 1], xR[R - 1]]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok new file mode 100644 index 000000000..c78b0d051 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok @@ -0,0 +1,20 @@ +import "./mimcFeistel" as MiMCFeistel; + +def main(field[nInputs] ins, field k) -> field[nOutputs] { + field[nInputs + nOutputs - 1][2] mut S = [[0; 2]; nInputs + nOutputs - 1]; + field[nOutputs] mut outs = [0; nOutputs]; + + for u32 i in 0..nInputs { + u32 j = i == 0 ? 0 : i - 1; + S[i] = i == 0 ? MiMCFeistel(ins[0], 0, k) : MiMCFeistel(S[j][0] + ins[i], S[j][1], k); + } + + outs[0] = S[nInputs - 1][0]; + + for u32 i in 0..(nOutputs - 1) { + S[nInputs + i] = MiMCFeistel(S[nInputs + i - 1][0], S[nInputs + i - 1][1], k); + outs[i + 1] = S[nInputs + i][0]; + } + + return outs; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok new file mode 100644 index 000000000..b3024f10d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -0,0 +1,36 @@ +import "./512bitBool.zok" as pedersen; +import "utils/casts/u32_to_bits" as to_bits; +import "utils/casts/u32_from_bits" as from_bits; + +def main(u32[16] inputs) -> u32[8] { + bool[512] e = [ + ...to_bits(inputs[0]), + ...to_bits(inputs[1]), + ...to_bits(inputs[2]), + ...to_bits(inputs[3]), + ...to_bits(inputs[4]), + ...to_bits(inputs[5]), + ...to_bits(inputs[6]), + ...to_bits(inputs[7]), + ...to_bits(inputs[8]), + ...to_bits(inputs[9]), + ...to_bits(inputs[10]), + ...to_bits(inputs[11]), + ...to_bits(inputs[12]), + ...to_bits(inputs[13]), + ...to_bits(inputs[14]), + ...to_bits(inputs[15]) + ]; + + bool[256] aC = pedersen(e); + return [ + from_bits(aC[0..32]), + from_bits(aC[32..64]), + from_bits(aC[64..96]), + from_bits(aC[96..128]), + from_bits(aC[128..160]), + from_bits(aC[160..192]), + from_bits(aC[192..224]), + from_bits(aC[224..256]) + ]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok new file mode 100644 index 000000000..0c1c3da96 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok @@ -0,0 +1,715 @@ +import "utils/multiplexer/lookup3bitSigned" as sel3s; +import "utils/multiplexer/lookup2bit" as sel2; +import "ecc/edwardsAdd" as add; +import "ecc/edwardsCompress" as edwardsCompress; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +from "ecc/babyjubjubParams" import BabyJubJubParams; + +// Code to export generators used in this example: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np + +// #%% +// entropy = np.random.bytes(64) +// hasher = PedersenHasher("test") +// hasher.hash_bytes(entropy) +// print(hasher.dsl_code) + +def main(bool[512] inputs) -> bool[256] { + bool[513] e = [ + ...inputs, + false + ]; + + field[2] mut a = BABYJUBJUB_PARAMS.INFINITY; // Infinity + field mut cx = 0; + field mut cy = 0; + + // Round 0 + cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977, 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]); + cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639, 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 1 + cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728, 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]); + cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908, 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 2 + cx = sel3s([e[6], e[7], e[8]], [13312232735691933658355691628172862856002099081831058080743469900077389848112, 19327977014594608605244544461851908604127577374373936700152837514516831827340, 5965720943494263185596399776343244990255258211404706922145440547143467603204, 11103963817151340664968920805661885925719434417460707046799768750046118166436]); + cy = sel2([e[6], e[7]], [13997829888819279202328839701908695991998552542771378089573544166678617234314, 13691878221338656794058835175667599549759724338245021721239544263931121101102, 706995887987748628352958611569702130644716818339521451078302067359882016752, 15519367213943391783104357888987456282196269996908068205680088855765566529720]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 3 + cx = sel3s([e[9], e[10], e[11]], [3514614172108804338031132171140068954832144631243755202685348634084887116595, 21412073555057635706619028382831866089835908408883521913045888015461883281372, 471607086653490738521346129178778785664646799897580486044670851346383461743, 10847495464297569158944970563387929708762967645792327184202073895773051681481]); + cy = sel2([e[9], e[10]], [15464894923367337880246198022819299804461472054752016232660084768002214822896, 12567819427817222147810760128898363854788230435988968217407844445582977743495, 12262870457786134457367539925912446664295463121045105711733382320777142547504, 18045012503832343228779780686530560760323693867512598336456499973983304678718]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 4 + cx = sel3s([e[12], e[13], e[14]], [15118628380960917951049569119912548662747322287644759811263888312919249703276, 16598886614963769408191675395388471256601718506085533073063821434952573740600, 18985834203956331009360396769407075613873303527461874103999130837255502328872, 4433382535573345454766736182894234755024333432764634149565968221321851794725]); + cy = sel2([e[12], e[13]], [20910093482714196883913434341954530700836700132902516503233669201436063149009, 1519565901492557479831267649363202289903292383838537677400586534724780525304, 10041416515147137792479948105907931790389702515927709045015890740481960188846, 14765380703378616132649352585549040264662795611639979047816682374423451525367]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 5 + cx = sel3s([e[15], e[16], e[17]], [12047448614322625640496087488290723061283996543855169192549742347740217312911, 4511402808301687111378591744698422835937202088514472343139677982999770140261, 12163443309105839408816984443621255269615222157093914420088948521258519452383, 3481629181674207202258216324378273648482838926623855453371874690866818821960]); + cy = sel2([e[15], e[16]], [16179347143471683729835238045770641754106645772730542840306059882771262928390, 1330606780692172668576026668607748751348574609524694619904517828208139587545, 21047796364446011793075955655871569603152857270194799075248022968227548164989, 19676582441619193608410544431560207171545714550092005317667230665261246116642]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 6 + cx = sel3s([e[18], e[19], e[20]], [12701245173613054114260668542643518710151543759808175831262148773821226772548, 18376560769194320940844431278184909327980744436343482850507604422674089850707, 2108750731998522594975480214785919514173920126687735114472940765769183959289, 8345688345972355310911106597696772464487464098975129504776508629148304380440]); + cy = sel2([e[18], e[19]], [6893882093554801220855651573375911275440312424798351852776449414399981870319, 10206179889544308860397247082680802082921236707029342452958684549094240474070, 20690576727949006946449925807058663187909753260538825130322359335830578756980, 934097825986417774187883244964416516816295235495828890679674782707274540176]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 7 + cx = sel3s([e[21], e[22], e[23]], [2944698428855471170284815781705687753367479016293091716206788980482046638948, 13677149007138113141214051970478824544363893133343069459792025336510743485579, 8778584537362078914166751980528033062427878768812683022653464796527206882567, 14187573305341020255138644844606451353103636392771375201751096173736574567883]); + cy = sel2([e[21], e[22]], [17360101552805013843890050881314712134389035043192466182420273655548320239406, 15585069751456986750767880753875189652981026069625633386060310449606941883984, 14103016602951516262329001181468262879087099584460171406752641724802127444882, 20246884593862204796710227582734862797721958090111806492549002716706329529389]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 8 + cx = sel3s([e[24], e[25], e[26]], [14561966822440683665541629338358038450751192033904756806839710397580365916408, 9033289676904424897161301113716021195450524279682799709206671901182123388512, 3130553029765252517071677341132737863162584406047933071036994763690628383497, 478748220028687672909774713203680223481010996519205842697362525656305870550]); + cy = sel2([e[24], e[25]], [2103279357051120614300268561700949519576521616178686690761693996681299230890, 20408096719725376095564479959189425244640061563902110565713028117867143533071, 10602190247054189080928144476332888853804880952034975460420247853133904008108, 8904086690633759655814572723164827369823592560037992353159979088242240507753]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 9 + cx = sel3s([e[27], e[28], e[29]], [6226499033652114521979121779728984801913588832404495199289210905837818402723, 8038917508002636084872059181598756897599119789741848736002584943229165162988, 2277325821476302201179031013369476744187798789480148846137091219460796268467, 967514222774662330369300003456258491278184516505205753272628639669418183698]); + cy = sel2([e[27], e[28]], [7443974969385276473096219793909172323973358085935860096061435962537700448286, 16080381380787087259419052592465179031841607813350912826860291224363330298665, 7197183980134554514649915487783920553359271769991651108349414168397349372685, 15259375744392791676426881929656094304768076565231411137199656518314416373020]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 10 + cx = sel3s([e[30], e[31], e[32]], [7079401365241105225661961622760419818013463250349580158302569256283647306129, 14357098412862251375028337875874646262567035230486208703024315026944432279497, 12132744267560027693690759266151433597852816079588628241106105645480008053825, 16149669420758195925157542983134397690644755714433681232247094526660232442631]); + cy = sel2([e[30], e[31]], [11050535702333135359874644130653446287886435768224627066379760227644857448025, 2102777351898195104147031754958199443749204333224032175429214522075012926330, 4445288497276728579279429434033072747592184765171167503126978668105350002482, 2895400734738526057690008272958539309751728639263619269043890651038357187575]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 11 + cx = sel3s([e[33], e[34], e[35]], [20192636532359225751119979205906307972955330178954709766736232115035084682472, 804195338747219623697418198937917828717652612397835452095971237574002648345, 6394431494852440399081028203192653448308162012036135765292083934292810191518, 11939476767684237945975176292664687849983867031644620074465117021204214089848]); + cy = sel2([e[33], e[34]], [17748517956264309916268005941322895780280007418421226047127160997826331847601, 19497513174101598882802026674952900838989414265369078336475842766531805130216, 5620469644231252504463650386222007834239202862082473485080174711171599148975, 5516661986429427386078472422851029350005420782971768428739820651749444868271]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 12 + cx = sel3s([e[36], e[37], e[38]], [1324920405111324350836746707883938204858273081019435873511569172015916187999, 15384225309297147198449617653578330654472159141743407174794062987091000857662, 9920404264935487368096005007182799973436766546149561065368669780566156587060, 15254057056535397961799214335179813200885132815863068943475012547021698517077]); + cy = sel2([e[36], e[37]], [16984705452766649815073644511059333480190120433850502120324063182300137456908, 18046160220855048074367913256918233739227589113215101142291000275961918974523, 13094718066881673586455686749880972268909309391825129019088029831712146780775, 17556146601257932451584708078305104848786797650062537873707738860847250565143]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 13 + cx = sel3s([e[39], e[40], e[41]], [10184781845128697471817965179509651550812478664395958690225791623061609959495, 5456125639262884825452992858423500073570690895733609235845616173174729575569, 2442835875584110487966438996784695688123609547017380844898154175948468234967, 1507509649954376860384651590722437356078107662975164713418836301939281575419]); + cy = sel2([e[39], e[40]], [12481681651435870984379558646813686612408709833154117210578901875084149402369, 11152008367598826226940260746556525580820232821082556208512958435351250898503, 7567915483885326926315083960846242855523572023844618551872662303018722806760, 20394803059296859730298132333424950360853695629226621934657959417500478188961]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 14 + cx = sel3s([e[42], e[43], e[44]], [10680962982327504072121608021689834159178144997131600234373184928312768469752, 2399077467035346531560164705357209055497431901223015425246039711757880798964, 3423125451159866822107483111524543716819043967842944968651561023348340629866, 9942880027482137313328709914157120920632734642771778240985776643385937071731]); + cy = sel2([e[42], e[43]], [4698845013673361363032641974440465619959991809676353365742268606915462346702, 16130578759626193985851427947711894136403468334125608062505774040115700327331, 15972516792261738383725187984065495328469263202118598475958253769706945995080, 7601042727654430423755752301100987459144576573414967660631298823059519301944]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 15 + cx = sel3s([e[45], e[46], e[47]], [559099661340368706731458173062937049444139592208939239637572972395409815235, 1445905511768661496314996877214005625534188630127375321650145036638654136508, 12558069540132067621925302006222579198925455408763618011362743955646129467625, 19809789628385980249290251944250230372682953514057413790020001670501854917090]); + cy = sel2([e[45], e[46]], [10744092763718531253355077100374662669098109929848484460119044326894952631009, 3973362040829593578154878010051739631231888449967620092704468180671355813892, 1362015208311760378785201188340495520529554642363760051915563618841646945115, 11588368620504227678083366267185871581602064602621931713732756924598104334083]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 16 + cx = sel3s([e[48], e[49], e[50]], [1678013963086824122518234712588270403106471527976328603364788331772512526348, 19217446816753374280163957047166499363370322773252755452762764797217084855190, 18251775792701212313037978569776264038974809413837373677702565241405411946778, 7791054681559787609111187809686247485256130898718509173169053332755413410611]); + cy = sel2([e[48], e[49]], [2187428842929094383038114367392650175780437811274194322303902357941058607339, 8626132368431980635626323475901790012728207722636477570331410763937692048466, 113795593186630447648084123083495614901087109757474270136294009546464903517, 3911253907085777766524239918145094862050185692851156691146764655435644911738]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 17 + cx = sel3s([e[51], e[52], e[53]], [12873968423948310899392467568104977730716801401622261861937368089215309803500, 12347009456329688755313379291270351313162786795095345538842244121034639964166, 1453033777281838070082852447488517173632198407446735454517038916605079634444, 11282290315868048695472900994602235661536258445850718305682561140328404797725]); + cy = sel2([e[51], e[52]], [8139007031385157566567411468459940290231498857090568363629902873306461631248, 9142412231629797319569179103935970351107774720462787670615972830568683805984, 12672100925996181868477785977558380430714799944709260345359951721012123501095, 16494953398584179618210238266126209360371451946684386111530845235540890038134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 18 + cx = sel3s([e[54], e[55], e[56]], [7778254495039611795685039895928787457435875136389165268120013630439201169232, 18978376692784498976711790251498129273567483356717340918869164950830208175147, 6786343960634025784864145941287160961224170404722122001422161703472545445301, 963142484718869013546386102939529863406065949253846087785240390647819147126]); + cy = sel2([e[54], e[55]], [7284679595773642123118330714484999203099307921555787993734753019057231440983, 11863181578147413903879545253723831525079414688349285572164796614141056912840, 14506820856835670503131551890617399661938603609062325089041733284980790009293, 4347670008275218338032617206784753933320201662996772040726919225863771514568]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 19 + cx = sel3s([e[57], e[58], e[59]], [3630756302007400417952089805331380555952289748859891438940570770932527475452, 4733072488758626584177720052077496914661792393101658203493985364120366268281, 4526910185101338883574479225992287789853409001566403159278561225375682298543, 4955992755917650287600423903671744997417781344631255784951922382765227784141]); + cy = sel2([e[57], e[58]], [16596280733402230599955345374089507399680037832193751466748596443674569931646, 6390381659733151443695336725554471564240651107616043093647301732553182081233, 17125093365984505488419430885232358010204128822674623886572872558984812477756, 7907776458440631594337279500574606181494889317898652109149850067084027888619]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 20 + cx = sel3s([e[60], e[61], e[62]], [13428507160783248146944378848829437095621758280249270905793449036777555016842, 10292076501843933688687976934900220205880058108224904881677407523508189156342, 766857404192368568735095124452313950539381046754211726072981073742394879383, 19929977262929097751573344897093024390473135465066154321364399543253519251540]); + cy = sel2([e[60], e[61]], [16698341695430068847582701171147088836738454320587148532489385958997389524692, 15892936434362954902510964691481568586089663041057258511149661842770672240332, 7940515703899915602011570921990242082041971424425808524102519499134803569591, 6891504197906111172381550323513759741804319972496414093225387272302697012664]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 21 + cx = sel3s([e[63], e[64], e[65]], [9001788585918405588944162583417858847457169702891113291878897002187678929577, 6471893763677472946002018028525448192731896031469219164732421705849786414080, 6872696243264239672878286181725922526028148800020555100207514569826971690256, 6457059076269833003010871598305386357557482703463879737255688784535353986402]); + cy = sel2([e[63], e[64]], [2208441895306047741608356002988212098270630744976300198681224594148576837458, 18524825154497781981405149991295652940946623352876024366965123296382603920630, 4474085805150211658090190066955902897001661633303260299025041221776891523378, 7848328793479881488968680696062292137496770320699466501151951135248413225123]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 22 + cx = sel3s([e[66], e[67], e[68]], [9370960127159127445266474449258070389736162441470427007490084241211557822341, 14965609177224099035387154934147530900281499783229343066828915253839198476726, 10228455969106022490302521106014422994204231909208186519000062372321621002715, 329501376630941941063220737355314017862421104304435198239389326959464907258]); + cy = sel2([e[66], e[67]], [10405035931558887078762806053185283924863039263200495982754625705264574757491, 15502133231749593338314160389347860966662224717441686478526316588882854824409, 16159781620881884595657183508560936205420303661972673108699575582908291222745, 11627201183429653135859532750162240837549070563304757137644487859075461689878]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 23 + cx = sel3s([e[69], e[70], e[71]], [9435538689621391149659891449161022313817917158768482063316123517911261629051, 20034929826130067090642639519998781717754864739607562909796887703087596572733, 2387945787036487514595261230908460627602020385539203589000341684029816345462, 14287010417915184144199881651073103018750205011354171060170509879133644433324]); + cy = sel2([e[69], e[70]], [3766822724536031967241092846229703633913210151222385593884505545907921188272, 15647190524611689022349999926088308537492889236313676989549224633916679679521, 12082040904926878889054967598271733538467180307938292871588544645957948546982, 18694076414086475523793644660947803814318698157437774233969783951279622080580]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 24 + cx = sel3s([e[72], e[73], e[74]], [5859172856191457066677368896012140820864205253768332100482413148381377691822, 4109040705512320821322629424016219907769924434419769556997996401827477205364, 20898133598840700569835017147086534068242670333567622549169818027799138688520, 2562111968303466794360830608662119102867266861457203102917042145665851057610]); + cy = sel2([e[72], e[73]], [4836009713585714465496581912154882382453931120914721557804515434755336832208, 15143499611233432306382398214139440479742818510304232326049564749513747791130, 19356118393311375462052662305789820240618686111711161337705029468367145040988, 5688481852857742015073912476996667522213010914545901826896160233670889226775]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 25 + cx = sel3s([e[75], e[76], e[77]], [4623242138639627730014370601705308411725596532862597538813607327046410321312, 20015154717710755506154819006635497782515667453025611627915382742560093423171, 3514612823502534944140986983282927838609295377065173960376131742886885892219, 20191997625806343264590099369325683216271615998169853765554784065039674586670]); + cy = sel2([e[75], e[76]], [6538526769564699401600543915225940144078494544354769810309083421131300518775, 9118555176257537603156148628736012723504563452923782011591078402032233615522, 12815558970989336318868652718709831589595442899079588636818966291960853991023, 7703616604462929360855592091876031952747180200478430464323567906544600168109]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 26 + cx = sel3s([e[78], e[79], e[80]], [7426207409769264985012540642921370782277366662985635838803842004294008785185, 5999778250617485918891782298009709493035045140093544961901833503446031905913, 14130927440165985043471103750344848991689715792245153118451423398655300689873, 3796482870456559450471870663226834834712024906775762338643689176551263991246]); + cy = sel2([e[78], e[79]], [16458635168452867431186476181702908205218256620571557119181621733008943007186, 2408736441388526903801723805189252326923776373802231905332653169285504488507, 4539189593448662319023898529532785456602052593687554864880479361284144700884, 6490484418842862735983085938727562049587933870197049726191839108647357897041]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 27 + cx = sel3s([e[81], e[82], e[83]], [9274793422641213328277630692090429447322754602554792362167389139799628719939, 18213562677024477140777501284013103092531757860081519011108723177266099803615, 5928914343334640962747136863911294731157726634392529232872962806197144988571, 17364692793332784962323580622297080260599290963212510860189969183095513710617]); + cy = sel2([e[81], e[82]], [2125001664000799929029867649528637137680130729147235858348667725168119291610, 15787194912569598784093233335743719308944830093009287397433562464152875584662, 17778173794489364127449950674919162836220066518510591114146982109869842663244, 18328553264273479562530008673792097214292102347103296244385349755449098608225]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 28 + cx = sel3s([e[84], e[85], e[86]], [13710259114758767844337497139752382122951774216678047790125818858626546865590, 3343610505090632166881693615831990684789904804852523835888323130512752436557, 11550335352408668215051239093872906070657140182660747433535878335227749182418, 21793892863650948729507322696305982607072336532791041097212359516991274087980]); + cy = sel2([e[84], e[85]], [11846136982947366289908137269088548542970460276305965388699657623060915691485, 14439612735106182034303100596819001121085745615069593580210956482903072588413, 11243378354558219750264654469308879862376787156599458648274627817471028307109, 1416613801077957126034351583571856403044235139983509507026555602579721659100]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 29 + cx = sel3s([e[87], e[88], e[89]], [16898533007964698268976570330413504736326631860509774315700399063143612293661, 19762411747110048388233897239023416141949331694011759548598869652948167421240, 11749964437081939283728905999710450041654325285452589389081577137553602604162, 16314155164640857713960417655857498051596153632474886680423284957133775223285]); + cy = sel2([e[87], e[88]], [19301014021919583977567348438857464752913991729661145830439339193394619822674, 4081042960569737826610743202667127127506276066439423960421657857551695871422, 14520831020919654323745478654766278220911435521609622705053803095115677276928, 10347543397607839527923790122253286529883327940351684415635401368115385858121]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 30 + cx = sel3s([e[90], e[91], e[92]], [184222443282411811008485293978090987184574946550463281113036487016967683795, 4323925196392247451702039714921386345420807454721539995370304513020371659426, 2346825777983317939724845287942565740027799801885272779028341294742495881964, 3497425097320782814346947506403058330145264032565372769682636446824270312453]); + cy = sel2([e[90], e[91]], [13850322095814274715426304026104710047724256505475254494587134658322670671529, 11511819464672461161880080290029237185728360968222698390620899743097045452336, 8068296678016129536739401811575622149523917897086227154769231758295218255268, 10263809994502353117991909442849926729413925087877766198113026233378613424956]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 31 + cx = sel3s([e[93], e[94], e[95]], [8995760760295995916308082490351740974639094331313720900267671545759667549796, 11019493928623991376174717464416885911906134873939034428175124701672655752839, 14017581177532816290320938368540191606560126820406006677979240977503063555845, 5992767544073504039822155308781253229334004182511050716159238341577147193720]); + cy = sel2([e[93], e[94]], [19514976680591593876219573359164805119998241765130948583982557052811782267484, 16839145730766072636625126513480100227916490562760284965681235183731245254947, 1021292692554672699619028273609664837317397089685876358558294458673381089032, 19705834660126914988160966717581159186486910721909298688364547098333399879621]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 32 + cx = sel3s([e[96], e[97], e[98]], [2527638437523893015660301196665088766965588386392795314680197258969354623363, 1138471124880305373267488994599338604626881130398552196301155187554578496993, 18796280357765998280755689911684961342287093510307513491082157499389652187596, 17845424627755166990290252831103404879406229534320972756944316138691932923261]); + cy = sel2([e[96], e[97]], [19210721144465266426749734142673856566947869352583355496554030705736452071361, 14313930380744847001650971451811594041740544882894516063775993860263195402168, 21025107892840987725102949502655791789935181032924916608477285415225533245973, 3555509537083802658278452964512402851284368794121767087246797342866139363946]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 33 + cx = sel3s([e[99], e[100], e[101]], [15846792621646742652974245065938230651829248095884295067743275618391603947137, 252268672903219503110064676037004166486655891926695090023400798499584132445, 19530459807361347014390846162868811023755147873522489974990781147946076957319, 6779173153401014221878658847395058091689669042378445736327791547741105926579]); + cy = sel2([e[99], e[100]], [13124560942345768357314581178595700674622208923899518932907915338485045148127, 19427900801187548763760894641856199686412861734645157290016060446141874396762, 10578265528433465376709803300626505953445780532420709942597293441366167803051, 2814357683688249343045032287308948679662030207205739212100871663137250686972]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 34 + cx = sel3s([e[102], e[103], e[104]], [9161164860624082016500689976633279187120278305601384250238486553068325633742, 3594465641083658357640727503005755820863340547313408576898849399984296404007, 19745546026637204577602881915206827000693868119693662890799396502208696901732, 18116250696909523241042661347132525872828324429923244627289119813508105665938]); + cy = sel2([e[102], e[103]], [13685063021736046635507535227140671955502404587270095297507854657927533098685, 21481850865118949667886934355577641333398731968912180643307092533138863580900, 4539145198976864585367021826448478029652078179409326031693175016758410731544, 17461973876416788164599136875394849349337761082750935487057356278682772411162]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 35 + cx = sel3s([e[105], e[106], e[107]], [13763732875937305178862849318112327966371606623409616602363024527079535241003, 7146728911382113235576196126361394323865045988036623175328726379662117800087, 13957018179677684863250069220406779871369347949049594304698838627334319400324, 2983130106134530061974606593769911479536904265326576922594002168086009867582]); + cy = sel2([e[105], e[106]], [15902927258231569893737955890837667742457214947649307818302524420399149241212, 5394027336566373776896911094388660738090625577337970061356832815458464701108, 5175259754491075858870829756483758144360263281431531384832593797283930411109, 14151565798137996208654994826049340981954317623288904943712618832232605861595]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 36 + cx = sel3s([e[108], e[109], e[110]], [3511208839914156996602850728297722115315702089624058744395068873552707949103, 17785314838779826411805999953134869098297432649970533754606824062794244465005, 19568380235187862245567915799143793188430865272594403468605211965296271194922, 8968217637384711708369798047935037549991275897411766158377778716106218907618]); + cy = sel2([e[108], e[109]], [9113093883676083424918242033136578270322417571556449454840754893578163802387, 15195400406105586498427391734410887774383134313041084245786188708846588107061, 10391623490262978616498794103188417653962360594423044385370483010810406454393, 262198447430650388196958319338915798147458757989176286529479967365139093614]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 37 + cx = sel3s([e[111], e[112], e[113]], [11522295231047132260758343744179190547608150890072723735296048871441325064339, 6417300850099046536319790332124930285535196168151466782463281196540309297983, 19137291956859275825926699344301804549568562573423342909926469403211747707345, 2774443339156228722046927543564067034026765236710736809480294993459012359549]); + cy = sel2([e[111], e[112]], [10997633658189180813501132314065688584832302881630691645920837501861598079973, 11230602434226993956802641296087754248529927465162671110571036062223097035285, 62131588140380451567557177282839666875193860544849125919004473298285110712, 10450442472445392653150568721579575112681026302736591474982185692600259786523]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 38 + cx = sel3s([e[114], e[115], e[116]], [13408931465122001423751414891302829165042502658140645208130973182525808774770, 12919550455861565687920656314018840423444710872112059576718885637461594199393, 8902156077182438987081535936092318477847851529427670854791439040325983142815, 10551142139308027026174282362670932774470751296642556552082094389923387853839]); + cy = sel2([e[114], e[115]], [9267742985382681478817853200119409918969418222977519894367804134923874406267, 19027179442258820884726400809066833518658247567670360715860243154343698445860, 18038603127894002689531978859178109088479567097675385814346786297731217235404, 14150146649091182389991766732798336665028567292472735778013325601175132243538]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 39 + cx = sel3s([e[117], e[118], e[119]], [6540890698262697218677202035403667770177820101154223149908034301445959517274, 435497241504544923461214042595209510655313029058197261483355541334388444061, 12972419969438465538309509757262343703702203355603454637962110103300326018994, 6669959829681253734882192282716498450739929798663147573799606668374867628160]); + cy = sel2([e[117], e[118]], [2642034845320222085946302229307945658183260378358994660373441270519802248925, 14736341083198246245608013213787697485596965707560872888430876049025049794937, 4329454540840640926293454385395213780440355759242417354895666807552226740059, 13390807756542084619965526671660454489274096296730210772303889980314835989796]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 40 + cx = sel3s([e[120], e[121], e[122]], [3375661072576892623715175468380800047905893262660913295358697027074087217513, 5069202507845220698620539676049456933089654255996130713693017872693588276345, 307360032529211257870367390878851528397463530836715039216723323169226021440, 98081915276387897864111573201930613825497393423677224354881280134376446888]); + cy = sel2([e[120], e[121]], [8987539541637688797931012030256009083390767313291834963652110291129797020941, 17901947618091300697708370389296420066544823878914604900411880276648078042269, 10639219577401234864823685175468874052621402569992677814844863434253512890795, 13240331547980137691596357784155019878384406802888737259354896076218619627328]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 41 + cx = sel3s([e[123], e[124], e[125]], [9662184175454991631880218147488300829920024817382740712599708905755708816803, 17771020629416708231961523003444615645037663660747267683766850455503462282265, 14494133870721701214401742677540032810309496543890589653927595534007509078658, 16561168866198605810694591274909829276030780262733890202994760647724957996711]); + cy = sel2([e[123], e[124]], [16632142917625566129622048663670437511136716491293457317746859226945397089536, 18400270017828347077622860778898029123047396355399577145984944065126581795849, 8353334605287102455944569500604056116678191817084945684486328539838325378046, 12147075225903504606648888869906750158496142784038841529413244301117587609138]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 42 + cx = sel3s([e[126], e[127], e[128]], [20252038718269174556829574777069549258100538764143309785207012647062643184902, 19438750079062162172414919070069193686275943617816957878302458952613247286975, 2739523700389893370248547110285910821118647890992955640060929464309561828074, 18986163209792052202203221314221453057559857704913672555327882100075093616752]); + cy = sel2([e[126], e[127]], [1949203652074521007058676904301415827566224382778317340432698169556879788463, 4017921177690528677848183821427142247358574441895228503258380087834359360501, 10532220115833479369586881444322308530349489476356817032718755221032796227335, 20767633640647488765234831415684490207979213320475813611233243261000228414020]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 43 + cx = sel3s([e[129], e[130], e[131]], [13929197264592281054662634434397205757522163835293158725199610804948038924930, 18983630674546465400919161958500748450652609469567091049588112148279229509416, 21298720061922244441608259922072286340766498728629540286898859613690667559954, 1255771444824172694387038994365972934222854858110644765629654650968093841237]); + cy = sel2([e[129], e[130]], [20928589942441069163400310179733448745002695258624629275677130484867901611592, 20945151313192869288039616217247173168964585800167278953053768079971885757820, 13394130995265898710013904122336137332320804034657805114241934415456940879520, 8345380486550648681305351465341710151021284756322349929795845243989999089313]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 44 + cx = sel3s([e[132], e[133], e[134]], [20820962511183569148336349677594457306122370638840390080208640481304634109972, 21271204223521868772910817161761075423625575552213963956907846089587689594662, 10733658208915381791180435538254458430504966830986768682084274021501716755708, 3213872100717631866873070659546947812880485326599459130685149408092349854866]); + cy = sel2([e[132], e[133]], [18802948623154501291575097526503171935564067914914679326677986205652424463305, 18671196065143385675890877955428696189287618414074487330442057564568301653630, 17500512499632911097527623128158674292347613137609268450560746154383855656852, 10140717739675826292242942694935483711727546989965783109636404988746901047250]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 45 + cx = sel3s([e[135], e[136], e[137]], [14908874845345243542374913242177817956756346686642792660468745914078612972964, 6494892024924675012540500602558430897039227451488331729419886431227425262471, 19660118982815103063271284609401904064050204952733042875484811495633642263876, 10404140614423982473417062438060653585074743419249328530274575800693260655367]); + cy = sel2([e[135], e[136]], [5109688569541183345813508363367270401129385455666732942384933494548859595681, 6488452587861781859966899732568514074249818909310744177483425914897141192195, 19759144330570995637436877834773866770106917696169828968224667729682932948543, 19372158643071160860924236286390794017939077735118276297478085704446653404487]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 46 + cx = sel3s([e[138], e[139], e[140]], [1154476465911192808082307928347900064111325728833428891094393674593800812900, 6647319020085089760145868568636007917712315513936955502164154733998378717177, 12584569464684026880899751873241162942166450853083376779447501714905643756083, 14243280142991602029691394563175478833697759877979687578140951697024930901167]); + cy = sel2([e[138], e[139]], [6461899930945412323497751736369894620103555271239754245787726192367462376648, 11218209351589240489615573530963044202098579836550413344228327749253510456169, 20533060824796367399322624999408451192171574545415433951669661225068106752784, 11799997625790604641690313275280372066913716290701708574743226300595877165728]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 47 + cx = sel3s([e[141], e[142], e[143]], [3106120971963814637086817095821216892657807437909030172048489357608690908664, 19983788499223635315597700897580134177379185544458724791602486120287361195709, 20011311503290782295958825256275853340402122848359336349363185226433870439371, 17061518479999755720537296647402074631690029621158571296727706119729187756044]); + cy = sel2([e[141], e[142]], [11655780578227604806047758025034240629153798954712964172707380870816316797993, 622054523287271568164593718522127794491026889292924398674394690726823527200, 16135285950085594062254918487673085571627312978983012587993350339361155816604, 16823182833153464340537049615227906529068252572342151311965980898836651237386]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 48 + cx = sel3s([e[144], e[145], e[146]], [20374356410965803131887119977813187747682102078262988894186807366145009893312, 16140790886679277390055909624981354111468382311692868339667095804914180995816, 5269708933005858910719244518715051229221686961187992215177561544872857207052, 17003669964193566226265890987693478032205879390270724431641892912757008513023]); + cy = sel2([e[144], e[145]], [15298182760377768633156209223343487909782393543670382286190369588693664098885, 15694313374278606393252570906724471325000910752891934797182427274800382725179, 20211423855194801900153066955584657931131527051780164510917465106404910099513, 15455288363376670716062020330944532534047008363514636685826622499678373390425]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 49 + cx = sel3s([e[147], e[148], e[149]], [14165004713755765453589527153323887724160944086658242248604905215519807263185, 301131970962481505862420187551701457358785403147894839379498410579773149817, 20703780629190814394908582715811669803434202446164042946560257906844612159868, 12367443634404793487462362639029662097550355799821945744713867599113535990920]); + cy = sel2([e[147], e[148]], [20401715072789557220769413113920881979690352159560582443280493351937640089943, 9512744351810164617160144481900582699060463555523641782334998030336637339295, 19997026788203221539856525472799656962300551306251956395441891331721763269878, 4420107516401930587358239495168429945976230331917756712920657983670672632753]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 50 + cx = sel3s([e[150], e[151], e[152]], [8103748105126096403620617531109165346111017883414253359146860083465308290054, 14803748343013980101691104453457628404765420707022107332787520877316491921572, 6553189032217952509828188229822974795796651131494012230703062173727191718256, 14488140647832162063035434131927730449663617866962750748399561354722976225897]); + cy = sel2([e[150], e[151]], [6900602880532330473224374524196761198151861405485326291615150754345009304151, 1513115647408875522957756488493462370777248725072062752756727843920832160085, 14896301840535712091808125164986771300932651268478608922083726618785610993431, 18048817115801653510192862998462822947761670069362294686696577131702147477504]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 51 + cx = sel3s([e[153], e[154], e[155]], [382543238316875203894587902417533689378617036331411163099475938996384971274, 9619454944964330535387495829359535093743583319913348616872361595592109685167, 6081261874729821958303230238004699407225832699063899155741932401034312247576, 3156137884201329913786702605630625537320273632812696416791152392474314037759]); + cy = sel2([e[153], e[154]], [4793004393185972052681267640894832507973895495734257655931836941627180322533, 12524126851245821931846984936446041288760976334671736634358685272033969216980, 6277340058786227516467028124755004985063566609742747175031180490042372405740, 6981569030046806591634476164525159834865090256544287529201527685109358245562]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 52 + cx = sel3s([e[156], e[157], e[158]], [7242980429824960501440666232145028986161691674990466362832703971174936796830, 8045674190780012690331364750465564303458553754280502177743436741257674712579, 11260599103741407968666669605286104777635431193927929500939820855376897097946, 18466264932289657017935069178634633780361979903681010210726608765753592098197]); + cy = sel2([e[156], e[157]], [2313823382391584526084833833122921512331314230217820828722208559851046887792, 10089801374498501989652677350203014944991951797848003015280234323125565001040, 17328843896403558624774477961071623822106890748911687259696765820336743222251, 9096128104648798569037169791537313868030583174665566146242611146033775655076]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 53 + cx = sel3s([e[159], e[160], e[161]], [14129501557712467097681133312480956681237794589418881140932742431414452181802, 14215253979300894109266393937905007744674886266134853669970409340633353105422, 5101954416353969027375336730301151965881345391948426977373049227857281866232, 14576353231486654843487902119173617652532372118230138091256904812874365465828]); + cy = sel2([e[159], e[160]], [8967890713970048745032869372462848543847652746940083058618452105243173038725, 6265601060440963621915827684472693851147234848878380918293598569151688236174, 640827344679117882936589383352750227742240703205324868948399729377934123492, 9724475542168570127797711494687143027178927970205326782155651202256929792882]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 54 + cx = sel3s([e[162], e[163], e[164]], [5456157947126010471455582105823966618048439614862840203794276433144936442303, 21043218890179638595653930578748044093798652379401035786184926212259053133276, 1927155268257451951778867733460386031395807546286255979317875653435797662494, 2742904689169248143495331827109449907113748836918731412006506067439664106654]); + cy = sel2([e[162], e[163]], [9440520397717291873292501513394144011971438675685104804031688857727475979708, 4417998885632129975756353073742958617120204855631898102096412742879398656621, 21718244289007192530526626848367390261419399428442075984244560471039861817138, 8877177915758141474927139565405950662745390581859900899551672907102924557478]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 55 + cx = sel3s([e[165], e[166], e[167]], [14850732473677774396477975866215714018387310838284937771253941847508860390570, 15346251439912975799100173523179670100616030950715800206631108275859894555954, 9806744113621004413976521475016417033548532640900224199389230684453784278689, 21096603979133316753091339975348990230540836494614368335651248862844085270520]); + cy = sel2([e[165], e[166]], [11812452402407343928752680921354215607515699690942611270817873638995622443255, 6279013985783386608484242724725362666241553499782119548714289191679033556648, 19001277736410456807324578202368992701796359861619482537978016830870842626762, 14081519926521914451511625869848591232696520686473918498999632052868953710854]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 56 + cx = sel3s([e[168], e[169], e[170]], [13157890071808158704354468737847471048810392369152727364639634059504126884874, 8008722424616547903294828680672771630855086822683412918399539174241338981774, 18594694810411494426945160098830123105355833500416479749049639533195702072502, 3003039638546974941710738006242011804553647552380262745534233703293489168909]); + cy = sel2([e[168], e[169]], [893279927671356626449601197530638356692800493991878277093322197544680454846, 13710236865890222581902901564951693313216932700203676104342205227571583021557, 11991140728188265308988894689292592177761583244141205754043533415013439187396, 7408159576060936012801497750876509797959683640624248586584358220473720101773]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 57 + cx = sel3s([e[171], e[172], e[173]], [20379496501734200220097501155104742700678033944324898621914782326376426827694, 5628902661740155176800052287728775683561775403751721906542502141173662773805, 6649334930850298644282280075473454376493217119135753313843458230202317946465, 13953386616146853105384995231337773651826685901371822028427880819484312577968]); + cy = sel2([e[171], e[172]], [6312536910770269621417292581781438152243262819530627194840110225345012746549, 6128625960467547051042766267966540761259574034224991328868848127157477007514, 2178504154437332931470309748598630309367590073987406533802402874933913898875, 10049120191768569519993419401578117655266529530568527176008678950298967775522]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 58 + cx = sel3s([e[174], e[175], e[176]], [14193197030749382932133736734505537242924559995077781886176225169837220402133, 2565010016572214675455233006763278152319972391059007175692722972374012019501, 20022269140157840221511080273245661956116845958170472382643581298431129105222, 15951592620529204477279907750991493798200861674998832536410750610279414881478]); + cy = sel2([e[174], e[175]], [10015961841973388881391587018151977950817576225746650865142918877894543270446, 10962609190943341745700082387389939598903593214578149618076217369020441344245, 10875728650787073188338824979727792178460025858689164586811311106195554874546, 8704250736813220528338393230481759654328677814076110220308209376595986509914]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 59 + cx = sel3s([e[177], e[178], e[179]], [21185904177969045625821216347084191287459806531017721293624058180265336503811, 1250611256248923800378335492392268625608584743125298517147184362502718557754, 4732901842829850758626640836087921620095030893254064254821493648172485065995, 4686012912505407137434711885457531064310116778761775095814150050521297721079]); + cy = sel2([e[177], e[178]], [21681922300753515822840018285496181872470481450737464910861242457369823926925, 8250546098596619229605270054781796306579374634169772718113961166155976799791, 19064654253935902908485961089200674782438523882800790190859631804189001729500, 7893084863238812828005589178028293328994403260619345443806395973318698162130]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 60 + cx = sel3s([e[180], e[181], e[182]], [14071560871369419892033259843192185467358801846474749773427241883409830032328, 9559459046618636497241065316366978002044190960713451216793292122894012900863, 13031319565545666906249801044337083380860313201803429372439840529717343742035, 20069400641162643493898109922008601219601618686364720341639616051841829074334]); + cy = sel2([e[180], e[181]], [8710777380190521326883551341251426052007249230093350101154473409247609882825, 10439377650670164179707163339178975058403688089785136107598148495986084488509, 20130072726000251358667317961033491205160472226244307309389477611437739154303, 17216059825244204015919013637129845877195519789582013765405196142334767977705]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 61 + cx = sel3s([e[183], e[184], e[185]], [20777314589605673759170070653370407645867665889025835324139659856710113131826, 17380793433135473426803899659206730936771330488910864786997506181753180852018, 9135535394443552083655851762956576299400389583070951313661035134759057889658, 19259342468126216922767538099314197508403261200862162612026099962268769453780]); + cy = sel2([e[183], e[184]], [2644721599238941245572401477946144870669550581359063534170381908963477379532, 12369176861935895868206428376006904712013007036288222495431735574326142454609, 17367574625533031619575225680253098966157776114681359698904430545328078639283, 21794479452176520273231597892096817659539111123775968164861961429589103329517]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 62 + cx = sel3s([e[186], e[187], e[188]], [11749872627669176692285695179399857264465143297451429569602068921530882657945, 31939593233430950996158270398727464286178387866161404769182205304632811436, 6016890150518491477122345305716423891405612103278736006824977752295838970965, 10857254852618093631105790010825256882158099527623146563961929227148379359444]); + cy = sel2([e[186], e[187]], [2495745987765795949478491016197984302943511277003077751830848242972604164102, 6997914616631605853238336322733192620418492595988404136191499921296408710465, 6173428954671571373132804754825927617043378457799815000168451967196664752847, 9007836187082518685036356739793187792845982511088020304887245789556567564055]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 63 + cx = sel3s([e[189], e[190], e[191]], [5139361255050232661773452561726452928115803730344567411456642256556217045338, 18849283619433745348738480276785423370734769795033289874458118507070173353564, 8448578350964247311518616492977206693278225803594287158372550008714482924618, 9689086950770336907190180706142608582993499523814136266854852845122214734392]); + cy = sel2([e[189], e[190]], [14036051510959474100046039284978060652197630794277473374328558492372137493500, 16611708132761924749528167866816090876717761056993928787802780141779996313373, 830643686092782069152588625317289527987176650776268015346372712951408738404, 7124577892782407025863252010240336830171667706358033009166413008136074540762]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 64 + cx = sel3s([e[192], e[193], e[194]], [7037199118537155369331275916815326054696699996573020862644806346516390510132, 15801832773874273151484928140234822912161499004629735400320792200594998558674, 20529919447890597649764739102616587236240564012012882223198985848792346137419, 15587579342628673804059001440002406839596944474602936992474297171186661645909]); + cy = sel2([e[192], e[193]], [13107688056462500445700480209995877016295689081542565992250464593152667593220, 2950999836230463387014662253708191376901146777669866592618407913815214817829, 4910645882425237270468350930391794068554002250789220952036477599584216368730, 3842197005807929553563656299566067039385580918555124491435963737335985608367]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 65 + cx = sel3s([e[195], e[196], e[197]], [5946112335249256697077095359378565725733629742750694340878812663903909175901, 19030634249222736450152769682445487635301904450722490014396919999971262563725, 20272077332559936653726679368964023857291782018546895109417787179027229259529, 4325773325239231432990045180370600024086140077952119719002873860984820794777]); + cy = sel2([e[195], e[196]], [7559787099338642680034184654424868894988928943730034769673486129058256478240, 14955054800505659097184643689663447282484820948805633199847088945313706647256, 20527315092050743721874398127103128550881291654522271023332206474058940158292, 9254615232744118309709861811378827051213745889996697483998530345751148041402]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 66 + cx = sel3s([e[198], e[199], e[200]], [41373522534463253583709483090344938032869463670116114182911184041610044395, 123058269904779894306385100149700584700988943576532400555257363214064615908, 2188259327903131136942811179577591848088244960706164332041753317001971084806, 5677272600001855408525885379297081872841669910685379249005421935936405438326]); + cy = sel2([e[198], e[199]], [1812970364913777725848745565574644898635129603904027984751613694625700239455, 6325479481133126048154398075474627535983053143312386360869927669212098083218, 13018920334214076613442336156617958094802950850259563883918734414290288034687, 11007863126994999194753256186448493793850907406765917922947224071691321773988]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 67 + cx = sel3s([e[201], e[202], e[203]], [19366353265983664793480214800587120487923062015491759603977854723148315579274, 13009712389497066149642205706505053720391552889715847781477674095579012684216, 7540090586243428109828867879678893096981460680323209865296583411528024312326, 16312880719251887899651071843693753472207446322138586240016038563189666076704]); + cy = sel2([e[201], e[202]], [10425762558101863677692090103799691698591185440858290129753641015260969124568, 19889759528114345474077603906066211135049113446169104039752988610769598108616, 10189577411425365730046714422122931951193107064366232919940491025624263274830, 19402847860324611226251435664012558569374211845205502575728141649693622181131]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 68 + cx = sel3s([e[204], e[205], e[206]], [15647575844595805283124278572298605369081553302159286302039104118434564547757, 11119588224460846619648329471078205852940427394545403397495758589586019867123, 11531502595396972280500527673404404955773795456604503116176223280757803701142, 8880302652736630728773712083983401143315564427649676162399333300472018402820]); + cy = sel2([e[204], e[205]], [18121989769429113110431033241130632527148185431169035091659247063715924437727, 20873727571773157361636727287434618496229040659202161464546752313173048350714, 20691117161323169072636575178583071560333787206766658873639451682743014282486, 8341316767034979343476640425183870254531797329971610276320314018660072501097]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 69 + cx = sel3s([e[207], e[208], e[209]], [15099126396506559307312697471585164108461593918632286769972271267945539855806, 19719992822745709208744805037389314455441129806628318848823336999297717461102, 2498623947360180463813005839687911187525292314091943320262937967401409761873, 6773513521666107580427042608663114222160509705880285715315137855519926605076]); + cy = sel2([e[207], e[208]], [11185464183896587792324099270269738719144599552792757002841466742562118002961, 17962378754832909648632213279341274522205662106198070463591287770511029247082, 9572883626752796327156744085207279145562604122052196885537416403686418306743, 849739335033117039567862203783008236118271414428303942526044722712316390134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 70 + cx = sel3s([e[210], e[211], e[212]], [5586425841805464495367763159434170408121119147683098906675715851224959199555, 2275887592294698256371035540589451793263643729528648494997423042939590025265, 21623018362589173579186020601617142922337607155324626054728009524185014872882, 6470935377837087985284657580709150204914393986124872780110914178120147824883]); + cy = sel2([e[210], e[211]], [18977748529759410811480134751116373952642146764796083016667926272252310801539, 15415054474257926323577643558627142211566179025425425674112343915385225979379, 10178696720359974033063364767044087765079200964723755314869211737985682962880, 2751262919149939488788372835165540688204591943865442185170575019042791606144]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 71 + cx = sel3s([e[213], e[214], e[215]], [8067396068830332270789178613335432253659758303711969642714931687060160381303, 8639011650360344590794984878540401640139910601923862912593792315052343319076, 11233915498048422123675368878285943174009257862418242010192825609765986035356, 14474288438243449444797392475230229280689019808482654245523987676777400402951]); + cy = sel2([e[213], e[214]], [1109389204114118726338211511183391561882818362713716952828416479757048480713, 20658495580821728113676289889282525822016081521980495256710356417074439523320, 5734616557338566574377893898300784804059511397655030429323489999855673254133, 7694030151585859685333610687574701561418848021817379115721565206849330185976]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 72 + cx = sel3s([e[216], e[217], e[218]], [14694205333290671963708923368506587408024223912051732033761240288927263651380, 16846840700984603406007084554481852964137248522784508429412010549513323188912, 13176399412773372610094105377631574988462669519590170596472033646615482615262, 2687848140625094867763341291336975245615611233615607599401834736964978577349]); + cy = sel2([e[216], e[217]], [9656049051507081163863869851380474393220762381365090138663873299937439711626, 16257833452680722743254377629669121273261457821544261762335781528496650481193, 6465537052899418297534883094198381748729828452125250541158965933076691478294, 709697610986733714785106299677092114124154955937070541190663241187641683175]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 73 + cx = sel3s([e[219], e[220], e[221]], [12368397247649882906953915991250714931614715588424094368585746160811998953306, 18782888042679815293214947449937714827609414183597755427793821090364126288476, 14980906670860851104998617553690749074165805207013703141953243482569349981523, 6579728809126224271038924161669519472291072114357057900231021883849035745958]); + cy = sel2([e[219], e[220]], [813793955589589118694666569995091571992486583635127942664119751723536369919, 7944299604444967298799338830762202580774561040186193713045849824532426689590, 10002642178009570948907228870686621440930898426698423035982221525801621370935, 8479337223317874954343670583381865510386888037444628897905418707487375421325]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 74 + cx = sel3s([e[222], e[223], e[224]], [7187732531650016705045248947412886871494880941757180032721434029527647591174, 21429737681997573327768382790700665701419541321736653106996131182050077581533, 11836369351087123833634897021408898134248512107687639835461193259880629295891, 19132784475506243814038464623366364810380933540097619300595341694560215897043]); + cy = sel2([e[222], e[223]], [7505964932526905326140236282846132917485872002527800757209057356562826370965, 7446191000078603169082551991705097881255381261806164450828019975914186121730, 20501368217451607884813098738754813918145802982055856468691458112065708320700, 12111360534733555932929570216465933882611889545473508372687771008732927246750]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 75 + cx = sel3s([e[225], e[226], e[227]], [11880592453253678945312808709337779570677968939895786745513483795196121148239, 15885465855717299709344092447684246292163545547216436459368792952573638150871, 15785265541005027154032372858808930773051366971093462129449868653918773012805, 18569197812514885943202170611076608358219751234067371040250790526837986392838]); + cy = sel2([e[225], e[226]], [19319714983097503154896952315362236888483358620825042533226116711980128027594, 16203396727641772481371087324762669694595077074099718953937599120235089562441, 8069072007055358551280258194912706575285364270109077890462380604843344248137, 14879918508369225877688675007526587407926006842700210091106836056129459129297]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 76 + cx = sel3s([e[228], e[229], e[230]], [4665897628623235203637312232323957679483103295583092141578808282040205079719, 13624944208440724520944284383225072602905876122550187793344788447894380752405, 13240065107073736104958720757918020581159288509346627802839384665867212601652, 5404872141819776433203748684385984691445987755176034496638153799038857512389]); + cy = sel2([e[228], e[229]], [20713846021060085908071105513304556412817630308151607438714049866357354550752, 12308156363070414998141304956459569678321247441462175945058420898750569812289, 7869135919638822130359819523186642202243136255410646018113662355856102696554, 18106721900555088660857020092432838491684499647468676099930405315728768226404]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 77 + cx = sel3s([e[231], e[232], e[233]], [18212889377782903846034117170355855193339291343619773736161614903123505780500, 5724371935927035469891307360583032289870105083635885948626519084327837492412, 15018564556029978781532805643572668082137657619876811702006326742091833640503, 1980690392504623526106436839420486135508948878537486163191798777558809427629]); + cy = sel2([e[231], e[232]], [14150007145691261709583376556777715716099818143565185837820917588114159379297, 20022624235079706615759218203483775626475427851084411515081825296526003331089, 3653600812499303949236693031235500821149221426419723829534939359247593779698, 17687818220966506140783793822520601258809092691114698078370817997514472088683]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 78 + cx = sel3s([e[234], e[235], e[236]], [20014362392122060372382978901186124374461219393111624832280409989286374019151, 7678149165067745993890478281145655203076154350573466295728882151032664933813, 3225698435546178867794794576435022149554488042976954865856749306115721077662, 11309031064526492555710928277445241789558140050876975815061803061421298770441]); + cy = sel2([e[234], e[235]], [3781524301363795687584984812832316590367643113392401377547409393858835211208, 14954378542264966404669454369751236758988379152056658083888298000396867621936, 1762346050163239223923110798598502612894079706374187891044283390513959164382, 4511820337785812086858556857918524260240820667203320876468844848816354037596]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 79 + cx = sel3s([e[237], e[238], e[239]], [9734499467834650890192498500298459962067559704398257089549121433441674087115, 5215135617552133686060655322881340267001697536486897440412599806944209294580, 4188240743485809003397687109987123955188618656835900004447532212211334022150, 10646753846009034357734238656245532993332944314059322522045789305478499710981]); + cy = sel2([e[237], e[238]], [4354361275489184569727883669567924050940590772506719250562939951242102459556, 11812679101253609883065116716426172392592451529279171373836703114919477018303, 15938685241828674681356945591247179905945286496762161102822537588243702016335, 2396399767043799129388585002615296373717040489521252489057941017313192676808]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 80 + cx = sel3s([e[240], e[241], e[242]], [9547054830379311239093093214427099367592481292385809745992166194109928893132, 15809211758984123203744250589992081971737344928666499432318524828207451637502, 2317605133926452505125489082200124096354438531853199813212363802981648616781, 11720218057191867199121604823871387192503455956722025424220873115151171617846]); + cy = sel2([e[240], e[241]], [13627319622459471863286677434492810110443625239619395014230589374758547978269, 1429116229161069264517866355097922507661063351137334983223517731193665190730, 8760550298269703331457356635709373772631633074463698514870757469189354319951, 1695059580774200437965405056230849147697820569205516838038543601601027611172]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 81 + cx = sel3s([e[243], e[244], e[245]], [5462734684060346793723051717116621327144354637585189012464556861789633254735, 1574368603481037100592052661337337694471748163849816976465511323905498090898, 21017620690824743015216528248522045704369427405753453300912995325024062710748, 335774257251677761852834523904277348100779994383726453798657085528043830396]); + cy = sel2([e[243], e[244]], [19956048369873968081515874523485925798105246605761695905870795560621002747577, 9838187823381646970305000918713399614038197140004128824046441620722100628627, 9761598443789947780667845618272433395258577614354457312915153694570906468084, 5678382193061301565104967410106463714669588791192144419019555111526838349597]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 82 + cx = sel3s([e[246], e[247], e[248]], [14120934246971429747829618071104732571014495017644755746350410437296386191831, 6321525285327330824512104449106606616844709114576208465479970358050873874349, 9828948304711234867338016094087396323909457869737239406325931677882463208355, 18078003119304519959309175940845224181126936983821549690560235900824217790962]); + cy = sel2([e[246], e[247]], [20946993100078048703890437478651577253995893117657499778417778292965813281806, 14356404021232332461217625395600664517715960389258731685389867303545696108853, 2810577432005044954032138045179699447584646279814848461184496089430514835598, 8767040452903340993130881597424027588451974218686780194782289690479045090015]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 83 + cx = sel3s([e[249], e[250], e[251]], [10074124480658003038181060843544012751655263682971006047574974839001332519369, 12077899488247602319223956898393373607365192976733626340271805296106145121355, 16135938726601100366620437452815649119119591825429317780601932003124015669028, 8179818941824323394614877573129531443686047058703515433852568295536575458823]); + cy = sel2([e[249], e[250]], [6742523042997173838799423244280133352249230789995302906545025471831316165384, 20571270140927253125417728386763981919687051926731085366043566448009069227191, 923263495309221023264076470401516657594260797987069910555955234338720881738, 10846387476002903807347429282866412191160400241233297902208546470305682775632]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 84 + cx = sel3s([e[252], e[253], e[254]], [9734317150772506967195863825775613184177780587009303743393397724706924797808, 11208201130011695436334652728584169313726840614571295516236997046457697153324, 1222680486642983364052833343811429934453835860106899436901212790725638894713, 12019238493894483056724448289009076436822742112482573063847552596048227585627]); + cy = sel2([e[252], e[253]], [21086552119896541186107689532205383551960199801453516689016972250104900583432, 3056767815025727154134820681013380076250249612276183869180162238277626532027, 8232281317297626211055636489579107493658454229617058760791605403582002142140, 14549672514437654184453326941604694948116368249587796119338038904533837120165]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 85 + cx = sel3s([e[255], e[256], e[257]], [19897146034704593618377175099239959996606643851373776355482440566659528393713, 13567220274372260527197800746127305934893509881083589343644604005840555405371, 19175080795372179131749429828665039169211560827471558543841205575231867635965, 6917449549804522032498038894724900459329834531091410689621076525743611296938]); + cy = sel2([e[255], e[256]], [12223657826278264815494051932052421695129917274617530304443478482578919678308, 8295548603728936503708692859047908287111164162226375098145740427985958712611, 6607229719664137890140258196376647042900642854569636028419328459816951119658, 14110421155257010376968111292134385106023449978845823063864491477811661996253]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 86 + cx = sel3s([e[258], e[259], e[260]], [8185677100333640041421355126903921619342273914070568426300075868606141405021, 1670466886055998857358105826250955310011203741639197041742892893805477021056, 671638389102335040808130453738616724135371178235871000115155863725237535561, 15155007602444057841308084879571465766457754342497255444459746080732112337898]); + cy = sel2([e[258], e[259]], [5730721122742653576294802609542803235749403433458024692842251665338778112357, 14898703166129675283863893661050084311561656604196737234704191900969087474133, 2459074141813559460216507737311533957327810551114696579502401763839835381335, 15516107503085209346875467061340145906150528515154791297494671889511125291207]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 87 + cx = sel3s([e[261], e[262], e[263]], [13654034957145907815962106285631017905892861670471883127206658577251723739165, 8633158844589460452837721754446206625865140330878411953122575379370751622485, 10232722293127899126024059808155635562748968165573438955077544464410325913567, 15328263964181874734867171882863588382257876665732200627067485961683406281267]); + cy = sel2([e[261], e[262]], [14648234277430895067547661111448501238234630914838612427562971477472564218927, 12394752068682518494797840832073763890437175762631359486643184011399642941695, 19427382571659868487644833684469199967640111942906298364811415181281091481616, 182598521940883711045871251162735110551301299145061787687905605212153955957]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 88 + cx = sel3s([e[264], e[265], e[266]], [10625366736090949097208784405733508126867531010210504034282606844498242195460, 5745457912443473561064508106222759378152708028067817946740487826967842596074, 19720099885004155494384241598041924024056522066497340576395346816817691557959, 4411557748754390593675263772383003703921572549170163035845149756207936580167]); + cy = sel2([e[264], e[265]], [14732913015624058203205922728424826465278063568996784510238321594483738024116, 8539999814473505400128567752428776172019356440581684960088711125461388816752, 8671134805346361443739204337860301475415660510460401138135319415884938499794, 12889649495366374604591900250806268552879620119403975808021738180701264567775]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 89 + cx = sel3s([e[267], e[268], e[269]], [8424620995080153959855099087384460880708718787657472234234125992142104413784, 1213413054380708818479960383614577938132447492306231448400493113424770669073, 17993616645286674150803280096391639271887381916203322164869533675674274690369, 153030618728554031479557843767027262505356544554897273649773418701874030937]); + cy = sel2([e[267], e[268]], [8774350273413061850499929377371854983526435316805379820854063460345613579740, 160874859222003480689240665151063301233791348742268400199413950144629148606, 3864981636983763871420661536128329698816776138190284810024785475130342429509, 8927799801878514388025533121285392339945739901708290822291826043102309328947]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 90 + cx = sel3s([e[270], e[271], e[272]], [8559837035180670877234803295116293964077309001575836599087921933374799946149, 18335809791652365585369283816437201104065890639760635850904865621132150615442, 20223042693949477624057496950714682763488956308852238106089638364544757819336, 956531986282862630457073126978994765430652506058410664783115436243377137130]); + cy = sel2([e[270], e[271]], [839500690449928047855071514156387100713350925422279056462945330783580827563, 16644736196961833445797352798716804869773621626799896168771841453493474463773, 604545836161644183235683876796430911898168138926947606928620724963455977159, 13372011982201734306725124438714782615028067496534473713140957917136368058903]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 91 + cx = sel3s([e[273], e[274], e[275]], [2094128027031828157560092686172909842260483168819281235210539106189673022187, 14831470033363035728579660771199958641838096197597230010879786959469055433282, 14580113677826055589909107333827815551732916495147612562237413782243389891044, 21457439024195964947733246659608329461028391228550531897929776149059108022400]); + cy = sel2([e[273], e[274]], [11349460624897126395359735030876451695289908168621129531254166231469594999395, 19428708736392770387243553726555356520800900418277262898221664159221843559913, 4432119977004888069457445133143529511285856348699582219607694824086497898807, 9160542608356323143471297830883618199584611885676024272763585312451903134897]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 92 + cx = sel3s([e[276], e[277], e[278]], [4354759259287077683606602421630609654573093874872166313972356669642414450557, 13648951383939395268518611670175324834705441295145081802011558222046663990635, 14109063296906889436525684297777423342039664400074253643711178181120772454442, 7920829805332901764517739207944367186855755092397343817260945923718690867274]); + cy = sel2([e[276], e[277]], [215179997319049227050677351252505122489806707992988193421803248841509506088, 15514289571504865101354424086151224801481680739860239328031576438563705370521, 5904618612526890474103927634405504783798865056645457180704237978103781216311, 5748211772814574948909294216861178264766343013494657271260147929020820008781]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 93 + cx = sel3s([e[279], e[280], e[281]], [8507753630181199902479216321724505843375506218865451254864654248120523505482, 9450124212352501425016224885075456626937137054710829941179274211424392402188, 14617760695968479875555170000896560124384001439628509056518085157675385430999, 11259792651191057957240332532512267993084988584437199185342993378682410436972]); + cy = sel2([e[279], e[280]], [10815868200773974736475276546832667321164179489094422703987813447328543028788, 270750089909256057588643640569447562301277634245971255743235422454022028456, 12525264811662854133497240150104162834870195408235601736200987821770575683753, 21492322023082787855062324449039977497952909569982074113097211015628539637105]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 94 + cx = sel3s([e[282], e[283], e[284]], [13109291774440010508838814834344208104350382843329321595606001193219335478061, 18178081082215000330236621415683992037792438414607902561151998975591610672159, 1825689425393769600328701494994687539687903068590739461592021486333291661266, 7793684058500310840246186772109776829776364159558184911962167538064855177290]); + cy = sel2([e[282], e[283]], [12538966751785809241486764416198217361134417700423840996157483469862141526006, 18918692038570377322252840249784989027502652471358614978414943590808682898821, 10739840318098234656669579810873413661071494114926975536918927404574756289141, 19177195314890990393062332918745346394029203576215723513167013054282705104509]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 95 + cx = sel3s([e[285], e[286], e[287]], [10225920463059329189289679689043403756461771898061631555012236633674500607894, 19821058226025589223575559712382894896410588163797548720897159700660021786692, 4342530929634070742874132949165242936564090903607131574088848141363806195244, 5402483411262228419126012059406829285695506472234034454332016959299908934815]); + cy = sel2([e[285], e[286]], [14845268720181506270843668435047795143673881800644972711347963164805203292028, 13672974733920510644893233723674603797496603310630434825704649796138313401676, 6411707949262855152252009198588056473458716851460397006471717726058983234993, 18779680229580121519443328584313676056219616039194596697158403462222387132381]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 96 + cx = sel3s([e[288], e[289], e[290]], [4836760236524137019788853323648085337078365119204570171912328851849081302469, 17868028324749251162769441309905628927317218753130618155651317995445082462075, 1772933343466453031175704703581215603932939906355841484695391914536709138761, 3546600638749568273439745161679319484611182076185127936908592367054940973889]); + cy = sel2([e[288], e[289]], [15727462261854339392836033936665994570356817309630572739663218192786419709049, 1337461376408438722980356088847283448049292537148264126525086899131501823829, 12238707625348281750296588592788256417660177170554983893114345282873428793086, 15525437884516977515442248737754366741726151193578138245479811700230576818338]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 97 + cx = sel3s([e[291], e[292], e[293]], [20126221763126240993614454578144859888701958472483256034667342833856637405284, 19699064573618103786080175406330154847584332570598813466503995653274429215656, 5989506922601319310850294681562133253116809072854033597983216925515271522735, 1000911579713616921402553874631906432389325985380989857769833587362794312630]); + cy = sel2([e[291], e[292]], [20063374408209966489810045113711694748195105838875731221209079272072900704065, 9194215440981146522641296536570335847038564333573070389731736048602585014353, 9856108459841119062384164372572927792749846793172495377480072007040372623532, 16456996545907573633695460898581306270452076960241899452978065386508672788709]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 98 + cx = sel3s([e[294], e[295], e[296]], [335301756618437339439144029360964383534478515390448989496515998200065120560, 8900295787747118853873347685755889791679080209434225159052383890249026687118, 7128354610803275364524320321498051406687079176221803083268519268078181474486, 10587524605383993790235166395264599817111999691721750015186077104713345396025]); + cy = sel2([e[294], e[295]], [5048381480643837407413881593434054866090196361251156389103862466064034755870, 5633507321470690754598569732643608340435754341640194463936636395149026354734, 14155759183302230320588700447409830028824433982845500795956824041195173925296, 8029144329154622500871732803176023714578210937344495829905950083327660868243]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 99 + cx = sel3s([e[297], e[298], e[299]], [4778598962832696072676642978625204359871247189399816084941520023705687820799, 1041656446764385248839445285580789894072064765593570151992974139621577464190, 16604772736533716135897718386428759521995904068172209060160905451073360508438, 5434449975739162120230503825057718004673241312353068784008427484008820677975]); + cy = sel2([e[297], e[298]], [6056883361340614567315212379835078890341975776819628834401238537031161511515, 12948572080347797369632667255105735306309789288527345335385584655912071062991, 2047203431451992701474247296709372094572802843600017662927813418631212656090, 4132565694324682855622172238297326586214736771195057409015171400249163749388]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 100 + cx = sel3s([e[300], e[301], e[302]], [6916961985409927380628327393774423923434707859806165446564471158322143896430, 5992074540412063352415311056228455935293166060283849428112990098777744329018, 15928943908823412922424046027263578805013830577468518797177611363337136608209, 9165805262654590321870254579036281540959358923531526687992873621654142568029]); + cy = sel2([e[300], e[301]], [19113997592137471372275504986229466743101683336744251847362311356790431849943, 14004712182695079610522706143578502649621084194457654873685315715331271860709, 19337382334092833222650792928980596008310896977712987991984497026496963328127, 19598147310295874176650103171586127283815601834965516057565002042355878900904]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 101 + cx = sel3s([e[303], e[304], e[305]], [10948634109523663410073892096301229908363974454242026292710198013874268733721, 15429431087099938206375989354827088309373134102432374989679474148007045226404, 15424933350139202912640857850279200342934439164947473620816895024212952340734, 7249326591094430300092421476233168005480477057146500206388167575638063334006]); + cy = sel2([e[303], e[304]], [13978844239437491612582517692269818179489578402023377256168376965218369369939, 2030861900932117628118671150363276958527364035939087076359289004302891739342, 15817916211331592751911789779171300716227893840209480318007078572691072662437, 11627409307299027242340485688430280907603952564355973323102745520536413654480]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 102 + cx = sel3s([e[306], e[307], e[308]], [18995578047969205917336954191535061050094635635378379108624715348396977983189, 4225372875497776800681698864198574622710499387413704002947025943614195612470, 17351437921298308953512714184518159189123423974926314714485788395814969849744, 8648037604000808882689040136601171409077000943524268908332163815927078223586]); + cy = sel2([e[306], e[307]], [13847262887662907650775044616657488013627923118617883909535158774246706595453, 16327475809001511779800793713087994795688106377254965385366798254360171531485, 9662682437808722890180813130657795806130406684446667889065062080930078837985, 2502962306844881519115529360019706751646009100590601561262014681428188719652]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 103 + cx = sel3s([e[309], e[310], e[311]], [15920090333582846150341817050024564335649064112537068561935372152494077145209, 5605643430930274732542971456995927736808851585930096579266761796229766916419, 16417626123069839752924241752177228747744623168825833393208640134299321885615, 10047503027147056454952493773282171263110464519924564641292405110762258997532]); + cy = sel2([e[309], e[310]], [17200096279975283058225939790642290750952306062383335630123644381672038262866, 9789126042032908977600199303915152601153926597218655498907321898754260478045, 8000890408406693601499028261723138327296400099255905955307073434675924377491, 4588804177243916206243160261751431868697632792491002746485364561078105548339]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 104 + cx = sel3s([e[312], e[313], e[314]], [17405833224461846119127359023602459766899246377474167154738658246656617261320, 17497966949182265924717994126031328897613192226672854325764486326873236644838, 18112601253331073769860162727184645241197911130662557597456857637926799952771, 18917984642138666446882277898695258545411024830699319452174655151221791211048]); + cy = sel2([e[312], e[313]], [2379006936139604897517171125029127132096844925377650383092744055973319489305, 12749848257678287712950295235536433677019860991481258729313170570275169590140, 19636804280533422414605179875456610832289030857729756765481423873607782896032, 1918232436869295272222782754406246415048195875894409329377075908962690232744]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 105 + cx = sel3s([e[315], e[316], e[317]], [12917351824629483440622737030529674983967542988637720886395195031194160632079, 8841322465723154205678020011172362816775587975165151786897606627457187155545, 14002729598867581256643018976730132585331390790166577050573493502425421127182, 15268061642248917754819598857052007481406516866069427006418085798086854466171]); + cy = sel2([e[315], e[316]], [16674117998706559220643814233136742237729068875288271911312504301619597199572, 15156988565931490695937923747057400310765196912391035444903438612244254494193, 10444568487973458741284119360757120950097746658650645740311119491238200646302, 385547467860345680569692008987772843718726855128251196487129380665836896693]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 106 + cx = sel3s([e[318], e[319], e[320]], [11485514708661668839797104792911993330100465395538998907154500209956717209980, 2378564891356297882391172511058064121371341057541144541265151112602629407486, 15431113736930357829525054375951018432490410667610553241393471463868088483568, 15128200972190674116782495538728842150282218770763850888538540847691112710086]); + cy = sel2([e[318], e[319]], [9353349283824572334689034791316525426505799181965760097150790472211583538470, 2565250682258865603262212838934596650511603775929760392607203509225620090349, 19046693709474252308020355261538860605259941620276924614654553264840108783324, 15978910116968143273641610096037639009526883121076925418594134134597880991636]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 107 + cx = sel3s([e[321], e[322], e[323]], [12732753810746517185428320079630798046136898905138090354428070504022561261129, 14570979590504848605419638850092710612576634760731998010991154705829891960303, 7081876654999237785822068068775175823259789900038464857602167050792131983158, 11911397750859796885754857056361505572472692036239385315518934824432070976827]); + cy = sel2([e[321], e[322]], [18703753174721947326863540292822225800192529767109903887849391280378615950879, 19613778040124100165889220227898498533129133505873538625549588791740345005884, 15039820717144729975607443780109118368904218216499993640810787891283371396202, 7893305471806697580362861198809218871446498187812275173987543199956558198521]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 108 + cx = sel3s([e[324], e[325], e[326]], [4396441250850868966014141809834014631796411613521413364533261157108807304791, 16836648497150572549121598580118959226192434996387135129991940567405870268725, 19465159793724690099931261171165210166819967882352842855510624454147581274670, 18758053793437253746142721581116755417112792746753684636213054094477781477382]); + cy = sel2([e[324], e[325]], [2981405188098805378415778407831807030725264692497108694734382487084076855210, 20469108288868835484927940943356623938045830438424196869633899618683134613519, 933161936100801959708943470285929527457537321589386575156679532348625637985, 269411351035529607018992916380602655161076148137839318392666564540836404599]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 109 + cx = sel3s([e[327], e[328], e[329]], [18448980711993048271679830178954781281796619509660919482566515137849326949705, 19744948717433186245821639271216553763028577858032707139265783707853921912155, 19819689638742986969009459074952228930363474994050981268236002838584672060867, 16852310388498099768769862489306840010510354704163417110628769300551675410617]); + cy = sel2([e[327], e[328]], [13538295481673593444396948705042001770075594914797407330259513771278632533788, 14779507856773747214980057665178562325159137267699293184545672938786460137545, 18422483889209125213732972603904783756680200857795267276573963126785961918198, 4225410028652447730956912638069668360808266049871102249949930413024208501463]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 110 + cx = sel3s([e[330], e[331], e[332]], [8789386218557174287787274081526754120821582438440596481230009033085305168336, 19604730670978725971286378588091820043225493993475360080974783305559899794334, 5754400819903612415922678283536801620301085919072204701407326554289862247, 8133367062275595631112870441047385208403330263311352404563334748971640119238]); + cy = sel2([e[330], e[331]], [14711352054903619189890311113670897561016852508413508359380114647296690234759, 15505081148609421707654891794900819606599284654426944331953154100271365747946, 10498745521808868190882616751430118808278388180031887838543438537592782154020, 14283723444930116423678497723705206282538086486601870839003576853131844860728]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 111 + cx = sel3s([e[333], e[334], e[335]], [16410879947793378178852309134034691965068173351773904636443113803287073468165, 2459742793248426443467557681746013841012911230130900204552944771295773437965, 14148653292536659971692314351826075143664660164844520450779907656237062521024, 3823568337665129538914482600317854425115614575078537531810182911935066246893]); + cy = sel2([e[333], e[334]], [13525280335627612179489028500357999227382280656020782481971742893960563718069, 13906986326008385599879221793305773429690045797230325194617940541283670975066, 17928827609489859058711914379940226888033289004797111427100202351646756410052, 7751873896780721346657011057490735623065509677587909473561532470621436328656]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 112 + cx = sel3s([e[336], e[337], e[338]], [6360670162449266467030644276184864100593477111108480032796373772347480922189, 6238026479435781753480651584008291445457129357178771800497280501659229824509, 14372912505742790548866622516086728314858808340582492719789600777407852624706, 2504355035079143757819920622529907675398702401030398889002491033376003993290]); + cy = sel2([e[336], e[337]], [14257529111287275777165336596087530152135443364949890695933859730727871380736, 362630247512640601958597579829458123399369864147591061426591055098065517091, 17799973102921706872164223253101644481160962872432375782799635148100439645882, 16292554915278539427322523921562887226516459098783274424269678044297404132797]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 113 + cx = sel3s([e[339], e[340], e[341]], [10885915218940734071225780147170174316285574070557833147925199753671864395970, 16952199638513201931184233985077369412021694081253114169931799009969944845190, 6579022618957621849920927439620464464347948481098737101648586523931683396941, 8954730328909621308689740172956171586217761959578457105814991014419829084276]); + cy = sel2([e[339], e[340]], [11029057981581926429073650712620964484769971154264787930046960173769123662678, 14057756519867963926667557918235357382317971790756175535573262066939972782226, 14508105580605381633693926053140229084417508695027158358695356916669309852365, 8985315555716651207654399675191261186115135312348808559060054412234307291987]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 114 + cx = sel3s([e[342], e[343], e[344]], [9591625063099557813317657356201310094684652614430671855551305338577894715651, 21710627476302748728292369634413673464477226906421695181551559967392730749884, 10189696652015358480306279349674126142601586910844054141319090928400967920492, 14575448555178809619615329760249104735737622500547600222673171666044253032327]); + cy = sel2([e[342], e[343]], [13661097518448111362501604180288489621905168345464166181035334250815558586292, 6541927678640542532346030316589325212935454830056081625698359290342280209696, 19655534040611331062875671654696954076416928174908705322979343601347718766841, 18893407984789248251370377180059349323487262100431967496838185583910928677618]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 115 + cx = sel3s([e[345], e[346], e[347]], [18886312892727437565309004732784060353326028914324367568840970250261109059822, 4969806713830542782459289156960092729650598975239889678453184524343618399703, 16622981471374298426508813360547940582831388597832992696194782397307736766285, 17207217606628134149600916884515052475396230199786007830822049511835023327746]); + cy = sel2([e[345], e[346]], [20097067895510901824034782908594630518461908899922907976633298936904395310483, 7549705567086856493177008201999701185795474113091244286639270279144087122600, 6359914741562734059777896085058461481450840152242223222499923214787802554266, 4523686415566243191697029234004097207393002925819292838991423859908963592134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 116 + cx = sel3s([e[348], e[349], e[350]], [9611980085915454916721710377398516249069657290776790665729578385653465657608, 2808629496317279665377941162907583528406102092075003683612652910715356989065, 5146801454146059628396374424703327885864890381251241815068083494646287896482, 9712822633793199870569132733680515369277288793857035023884821044404624931246]); + cy = sel2([e[348], e[349]], [12531050708955702438977554896456788618229483698488185884652134859969233228127, 7759740123661798513430229604959580258805004199555419745903987161601748379417, 12676630374277918228347114736241248443643025357735194824989982902529942631987, 7957263793605029493947914798589160413665834659013858298537818906355583201202]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 117 + cx = sel3s([e[351], e[352], e[353]], [1741783015222897367309800534949631760951606605798891132137371646304340462458, 15753951377666759323512681415584732767525844411650049393938120048851867306800, 11318371057965241278094291737048639440256637452901941620275041654781038395027, 9043834682180335510097190442699980857932890158044577184782692529141130240824]); + cy = sel2([e[351], e[352]], [163811524362553669200342941603136686901966525127089114473510248213711571683, 20253563341205755839890642239029020576032044419644567576263861445077574198624, 1129293390247992239629138633531986375671761935795719290973869330578475352706, 12864200497534810115296604114235985076138506691530959360993894765742849428715]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 118 + cx = sel3s([e[354], e[355], e[356]], [19845239752872171546325855177077796460784181475810291663797620022786920823647, 13524819092286579506826904337550390593582530067994137276480823345309729489925, 6812066149319989921217367650719188106577252681936159930531352608504453614106, 7222950523682776178187164591717978364824407709855563372464941677077475909161]); + cy = sel2([e[354], e[355]], [10413380090476979012716640518612591288231919255093118763710930970879877622297, 13124406349881024599134718908760433545313158896610258373843772982921905937617, 10544285464977662192736078007137407440374594005235468167522962555324745898878, 4262511480267656654185538760448950673777806215660569720854482040852407424457]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 119 + cx = sel3s([e[357], e[358], e[359]], [21840644145325684882015312401601386817913954005861480185552664536266852358123, 17245795366378478445622830709744244736981686761608208515847580487483274745119, 13807005991933596253278252430914713127227144098393113439031517565273756047729, 7508257045596568083350722191515656587852775770850324460219207057837744147846]); + cy = sel2([e[357], e[358]], [8473655227220833354585864220301666825011510607427101884196854510787991763100, 12360766780968617496459580910362246207458173665456601955392871687431450155437, 16167977026195109940196928407142099851728373085986722415539043108707307260209, 198020065443013508235269047245522994471757343128188653900779810305583184096]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 120 + cx = sel3s([e[360], e[361], e[362]], [408538855946993109150255210001390137328762855947155164309686603040268044308, 9956106896094805762100856187967638241058986877712947272175178827260922476691, 10413057148806203104120616811444687722773209463542545789320471445420824622479, 11902530720628689665925185225980720963660904880464037650526790156354563593259]); + cy = sel2([e[360], e[361]], [1479997830732538227417547327573357263920837878818360220214252494202287418999, 14987839414386761194654231515173353164503075512219993482548242568337943854755, 21713504951370328462347781999791817908891510961297311340202728964936620298516, 20863127910126532592439656993995677084099363872120709138917554483343369113988]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 121 + cx = sel3s([e[363], e[364], e[365]], [16909060815089078676939420644976457427406147473547024017569298235433420995548, 13780618743481311116310648367060473410410597997822855004264478650194424563904, 2732495529118703111995546569867225395498452112166729675036576016860030980932, 13122008905793271330592610678764878579485569855365858119720314545298458579129]); + cy = sel2([e[363], e[364]], [9691045028169014905240668289132134803037917344396639164551352440947925851528, 3058069811496358922966440231506430818794592620746845318344939704361344313857, 5622098116652966523875299529800829301718212684029447361840034988407307855810, 7183269074283900923163991117263230892311528827769843151316519486217947924186]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 122 + cx = sel3s([e[366], e[367], e[368]], [20571623498624005071141088211057092924213194074152586837454876463843418144025, 14097761035973961045955839030064191145683851652701331413184120292691554339371, 4700343263415821617058086844751479864993855871131720446111591033305616384725, 15018715227933376511503870740434993985805930984246159457731592079602230709953]); + cy = sel2([e[366], e[367]], [16001479421972757821409642160488722706981473283972847385882762682377724905156, 16084059586346766494553050527349239192146155351545756557596881128274718933483, 15099192410657454417038148697642033151361229914558920712490911402249873000238, 6321931552493003117300598295325862984882362303961074819842172524617810976022]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 123 + cx = sel3s([e[369], e[370], e[371]], [9888014007610840933022906589732806947017424423907994528302713554488676542739, 8913934326838155827928873892003131738033383847534784434581587200177151201442, 11175569252941365912268295578620074710236065357166442341964835896122343271089, 14897216243038767404517178131890350534529367853478353360851740975433826101343]); + cy = sel2([e[369], e[370]], [15251452715683470293001422999667336542311051361914428663773647008481320118023, 13776813195393840721224885537714951191622587841642219673672717728440679190719, 109393055477786022036855578884727112792551641118563108378161158873180208830, 4672879465153093973501790898266208077997221906104002063988725461236876037213]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 124 + cx = sel3s([e[372], e[373], e[374]], [11201877561392804928547433284377926158320532448010089457664943460838007583898, 14898313039936563609742185951856291683792301837166735453885728355621976660447, 271087861779394868518887048853047396941902217944929345703753181641065491942, 4441061173173027475223782298768839441149677456214218957851727123779445089634]); + cy = sel2([e[372], e[373]], [17554707027223374526818340909253875671094356182527312776837442099008513816809, 20394478950504145529480516245504739970884923781915405632423034600555134724554, 16722605284146576015540826794584204150250626411625717127438407440061496436970, 18186321490023557384895834600063402151493085858585827781091438725428737294598]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 125 + cx = sel3s([e[375], e[376], e[377]], [8041169655049264647027531522783115313651111026520000925526843693578880103225, 14515227610041424277087375692958559713914998916629738058046674629183188354305, 19607007966889476958718540412171510858381328905787578252786377727252482454742, 2784733087979918000560628875496578392394872735862389774966301201852627273440]); + cy = sel2([e[375], e[376]], [16996116430274827689271070440218340032465717731948638724397047789367189212654, 1334527779675942376452476259926180292226498546209192760351592699867703388666, 2040984273885096997446285553479523685705477968103260410171803510149440153201, 1362381113387759937979242007199225976741286448134891397298462226220340605980]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 126 + cx = sel3s([e[378], e[379], e[380]], [19334565048001467439446889504730002771044189757270166846813098304840682799995, 12950908278008251424596267965839781465537497199604011584300739900170800951940, 21595247577936157693500985718654956851081515776736906827009279412148715287229, 15215490137474227465600889880755209339274086672218612829479984354294020155457]); + cy = sel2([e[378], e[379]], [11177666514768283886285136134046021748603781779508224469021361511080086667157, 19019917071840025176852012694579443932947880720292648245869222295962307004975, 4637723565271538497699679545822400204099231070875646671160251633445655525972, 17666228617432733285346663026898759021573050617000716798909504211448351974426]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 127 + cx = sel3s([e[381], e[382], e[383]], [10764100134342681938975151936530775454161936697333679961141539476099641645903, 16887585392329741143712714812495679688982136908448490321095843300899468374984, 17732836192725467148065242235309558107289861496038148884513643994394428900356, 1445275363508375975763521380916891145219085429516411016928665376398954093593]); + cy = sel2([e[381], e[382]], [19850691100864531393976360616243718992492409320965998539447518686463634627384, 11041690436464044133197365654525664032353519287590211059695239069687237542566, 12282683178748394297470306056106686277334235538468988533692942720363799093795, 21342615132598490749588725326967212830166119543678585183102318245731915882892]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 128 + cx = sel3s([e[384], e[385], e[386]], [7984775939876417845202037337929702281039643807160799398396389954446436630245, 11385355274910748832054888360458973063107383418973550712148639893241354902280, 1459026779105998101465829026524789739182470402517704469029876736898952870477, 13412666792048974377925483462948441322790663427949756029941851541794367956141]); + cy = sel2([e[384], e[385]], [11644088529951120466123058306783377782553679447618569394424538939634266570688, 3423766185322892807020818425845766412060736093511436910964946420904954554780, 4248997486365074893462023447486954255437098681775520477410894095041115503490, 13508520946233121439054409300327739993661203591041357972218149016790406863855]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 129 + cx = sel3s([e[387], e[388], e[389]], [5565157198993964726485879908963280627890845525340341493437203971709365228330, 7321058630137598328136197614874359518495943608220094707772133348409941566403, 7424926497991627209495812948930411917848701932818206777924739403931504666904, 2952280234707044917845773867363672510563637804197143708410321227590096039398]); + cy = sel2([e[387], e[388]], [16047978233091600592523116252839158499254716982332498268149527514947495047441, 3013461674923738179146278200182113922630443185951298626004001204030842783133, 21733406038088991240575501132398939052212396619770619197864537159847335678397, 9758173327391957613571828756022551933369392423107899686458119829785341358149]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 130 + cx = sel3s([e[390], e[391], e[392]], [724617195994552100441707186007100945318061137735042194166321801565168264994, 21457482305994995060621698878673403410439584990848189791210666985898821778689, 12733018351677357535096192491479720026355634001914123270202692797811692793469, 17876157828650849091584102879830086520321631185862731111337702980715729860154]); + cy = sel2([e[390], e[391]], [1941243639179655563586549731833523575056282199989602716546318426577162114198, 7186671745389328078718719957510862463188189283547797342924706384031236512232, 181655793349501388675021326982297619804658251127556562657041847324134931318, 17955220324559325573119985254939537965603633897040077737890918084344489169000]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 131 + cx = sel3s([e[393], e[394], e[395]], [20917363825188238552045899784153496987535745925685770873105753565860443082365, 4540090524117153259059229343653410962125958868702729157110889632173091362337, 19931748170703315405614719529478161068009956569206884593254142678501117968416, 2400060542928241404744010463507020801241694851019173560965950546401444426082]); + cy = sel2([e[393], e[394]], [1745736425002501661522536470728945366618822522645696668197436988525466413140, 3366347972505547411030140128225789817592493957844838153202867496815084725868, 13538672659394937012305631615026094764214309199641714104321427476435723762022, 5730310969197975636538358956003546448924042719236605822193245706535947879790]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 132 + cx = sel3s([e[396], e[397], e[398]], [12673489410414637838905637938820402546181123854591818062100393889121109718668, 2399760455052989852989301770450241617652861646522026007293921167342274767344, 20212599267512455026947565441242728025855774594658042161574807775907652589242, 8096283485634551421043683037450718803162713602325821677928898619562706870069]); + cy = sel2([e[396], e[397]], [2273218791680662828916671149332560291571458847138066661294611637128783792792, 8189321225342615133315741008578315746871762722980986965249683543300354337817, 15342161105292713352374449802912175534449400959133109035836260415735518836755, 18075013689729624974967362235212984989450911765049481574404064991547015443791]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 133 + cx = sel3s([e[399], e[400], e[401]], [1596291013949010721288060595532569432608538778619836480784785471074053165112, 6808491683819461025655595089437806112418825101974851283793281398274802390485, 364241503925827187366795904611796342209607893955620582589568264631586955422, 16490550871285168246186419126591524969189857825357227166657318003550977024941]); + cy = sel2([e[399], e[400]], [7862378404177401992071889396713852447802454946236648304807328682371781930090, 507291250759269099980701396020232970806066743976022636589996988193601483784, 10744127551738752560827414410584235701822856001225517338822143012287884858602, 18241779151498711099077315181629505156252250432591841498036131464452558240559]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 134 + cx = sel3s([e[402], e[403], e[404]], [13383782376835328120051264492485947246229335501182593669024066132006083860995, 6829659109797487915393241205795046921708391483622784165963215585089039907693, 9316519590383340417002353253254231934003449806173856616162378794199227402893, 13002922510988749141229072125743986091046064285797312111247897533544865920246]); + cy = sel2([e[402], e[403]], [1452388014885069534714863742557414467294079407912495717272255602231974271039, 5900502409092025397559171952410984687860230521181044855453255892660864354438, 10043095963739821148582141213281494171132379314509020019652213752752234376602, 9999295030621233000765070897582529515356078631699063530749343953422947829219]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 135 + cx = sel3s([e[405], e[406], e[407]], [13165533527694513928104129943149460933916076941607396715443729707678633985673, 20294369464168299590806576821399517301857816000499415634107985306452722815938, 6067645363539607688922626118164207320418666861212948609146588413602170467017, 119932367132867885429975847232185792475931817114142487620518936723703313296]); + cy = sel2([e[405], e[406]], [17238425515895072477563840544058923640858290538130746390995636765338905591675, 20628042696308823655110673878535950075986980894297665479048269813590306242580, 11749486899455580256560135562925052584441889327031335669536847121302580177052, 16957619631025354458723169845456497220362554006891490260455748609237426050971]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 136 + cx = sel3s([e[408], e[409], e[410]], [7326992374695153334569399469397596928696501586886381702972942656080738560504, 4198555626333615585226486302590784054103224208504401294485393840072962221472, 18288510281806332963207620050180295922486954421289661405933207406160563376204, 19378648346334975363564386629109544268031565617795572270340255835354171953065]); + cy = sel2([e[408], e[409]], [3441991977044037545935620478935168226411039028254665140927991316702138513190, 7980022316348851053079344973315144435710609854183180078433220232446348072790, 10703403289781310156812833248447222548151317595810496437901793212311982317063, 16301246072292511450557090225826608132244132307038997545230147196603338285964]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 137 + cx = sel3s([e[411], e[412], e[413]], [4380971751033847027929691061398944531722909263311553031455521197665070771642, 1958998764514462202561805635784673640011091472752464180193064104296547581169, 16607632498550062722823535936950763735998138401664871177932105851574722673362, 18107842395238833528194122400147411460295339366691168281515267029707554163796]); + cy = sel2([e[411], e[412]], [16794605741797752486161164743285493892529567663448780177764044251817860406839, 627364605348057780240790756195705309805910423716172983190978634837740895756, 15938340690702031578469687601244712133164105954943969813204470601233395408177, 1337728022058609756453976167140964506743665540101352471912041874198880786028]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 138 + cx = sel3s([e[414], e[415], e[416]], [4325450975911066881724043517797022496124195434220888316197251865366294339361, 16239262892194658073042878979066943080253388067983326658313518038231343725333, 3224923392579231188607529005374853676842589239602348970956358059045513499844, 18711810040957806004127569353264972856236116117792057333129328498567653245337]); + cy = sel2([e[414], e[415]], [18556589125306655880844231674670238467511897504977535323905816448582480367724, 14450907030938846250134541582271892920169763336845349109491176054829079021938, 5489164165718004081061600001298776199757130654902992957321875892970948684039, 3404126456231281994449938636645452663538090331489692208486381139765931389947]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 139 + cx = sel3s([e[417], e[418], e[419]], [3049906494165633773067493912990013841965806179225048735919293547905816967010, 2425405604681482172566807394598240014734338608183001729881716084701331638207, 21560391195338031738549905898033672840916947395960523186297949490337780382461, 10640880946275949996544592530048605056441276931537882586193904453232482475238]); + cy = sel2([e[417], e[418]], [1139270967545262231620743596254789040950691396231510347534297369410226811042, 20852287956575668107697863776884710196273757688539515338600627283890571581133, 17188605966302742252765339963794720668370341043552053263753117294010969693650, 19246586050423626713095252320183688353765457408019346352862271422811659317777]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 140 + cx = sel3s([e[420], e[421], e[422]], [19942746034266536069392101170115851306620344112551007974939114086497358930858, 15726708481134151732276229872451366695420040201434018827381159241014716358033, 3452250047812572894016965388138239348795538732265416477858038566576272340399, 732825901760241932909222883465959257672029209130800755766287912812473135470]); + cy = sel2([e[420], e[421]], [5234335526367392822375043936890479400588416815383747301372644960641216357795, 16682782393317738699538698600037172468451638588454521003611347304172554322239, 4800939729460682232720559307513657730880675292200605768084865538547688695396, 13002618796997179002671199181852958465089986403190513123030050511152310206971]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 141 + cx = sel3s([e[423], e[424], e[425]], [4345203866646269633300579468877411954334981515932585752657225898484243906660, 18369957391582635573293322493321958485207102003892958136897534329158731684885, 20673831086732472000273127370905823039882723856850376643114084876980363716192, 2498213507326390169362081908041456736901489034606083564552630396661416090091]); + cy = sel2([e[423], e[424]], [19711785928362785984568609948298550809737208754846854010480265206080190724688, 11436630733281926268922633177556600595162960771369546050376297927685306050908, 7773194831659524501769470153758921383337560398544153003929463015874290745463, 8133306555008250199402612262687855812899186562206213570420163947809045175265]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 142 + cx = sel3s([e[426], e[427], e[428]], [13604959715661441436052939762464429298226713418171390314110026091418525209941, 771054573202666486644315008474869467749501529120937703475279735897998473318, 10650739155896636131407567213077995361727149157766675911133814003745320974607, 21082274336612203666519840927907859383019309974047946161440422017817660726149]); + cy = sel2([e[426], e[427]], [9106634253925907822997376723908848470389744101982447244238790923479221740587, 7324910184007890101804849358851153077116609835592182327277588695666568522132, 9210749700131521931808418873690269098719063379384664590576822932928021903283, 12373345790154524492998539937744274645461345882077071841080883186883404184026]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 143 + cx = sel3s([e[429], e[430], e[431]], [12272981972646946567553896730199881959247853499104488943992635249117595393209, 17484113948306348142106921779441669789323552473173221235726133380929727014173, 15117556748390824311921483809280404911428464810641842112990732230853500342878, 18738665459003240153367275566837691463796036422817751002779294781153509048410]); + cy = sel2([e[429], e[430]], [12840198036955871442566173317906222816787870441489199428401326600711994709214, 13447048657087191261352674553209997835888060694120420289379298057286058954919, 11085124394828809185369563175800089294678889500629428639251047427113804175136, 20040932616180013985013159566209210337758333701488325181237556234029685365086]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 144 + cx = sel3s([e[432], e[433], e[434]], [3005593847772820450050205074163314509976806377772621088836578637506564062913, 2910567614812792758847544159495544141576095133298651646543717734234356651464, 8630893570634023334653627900758492588201195084156991103796478188432785900122, 20068438612873289533893462991408376904784837411837844241529573433855826118434]); + cy = sel2([e[432], e[433]], [17258587025904856892544250820556722922327972240440200527118380921147955645556, 9839944666562674042904466515196204595921896101136113309540898758440523509232, 382264312380680546118029507176039576064064377468124376294215202312670233326, 16859633470889096937094854459393230196320754799783499045789361347337904723211]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 145 + cx = sel3s([e[435], e[436], e[437]], [21553262056684585969628674122764109775958361035991194009613252605155913211334, 15282636750399879299317591027894754559134990135454294656134105963760417995544, 4066930541781809252860144352581968840798983673586834922803928000950012716773, 17266825085778436273993504052249489036678132768169211810048007631121526004292]); + cy = sel2([e[435], e[436]], [14469270633466381305852216281125837079646617198515099740000541993840798471084, 16980111987593030332881454298183054033228595894840772569146266548134494583283, 15118688184376333116924615779850360769477969453186921964192734694461085893102, 4748807943449256265621737370336238625547081211863390407052811770007138872316]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 146 + cx = sel3s([e[438], e[439], e[440]], [11763347508086007810977359866267798246514404258245360557926263268200652076963, 8663905006927572311188991703236656874376542152827973004022578290253373528008, 2952845374549988741320721621283121797914244173004620545437372716814928986849, 17071883097921153691621062529879599274949735278299892231358334236565401545899]); + cy = sel2([e[438], e[439]], [14706162498378202954074913829047629685039231677186626739445882650545999503202, 1719746349330736449674857345290037499267579249273019799523377364214790913723, 21616731410397798448193163892890526448374926979106286339849727909287686706845, 11446919769449393256780992769707214683226878212422736672766658759052425409242]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 147 + cx = sel3s([e[441], e[442], e[443]], [4356994949172878276640972387865792898708144237321291982532719592191935134502, 9058912028451204788275313382642068418310841490274106696805181452416351257146, 15190160120915818686650557755704440198069036613617930484645880424887234233075, 9960154561010441532105561845082645172957096392270554555453954413006726871798]); + cy = sel2([e[441], e[442]], [14574692378125259586817945291111936727424704391123959334117252195469092200764, 9224728228539828897416026999778106548490158473228676095012930511474594231477, 1760463507739730034367125481096536174852992494939001755761219582349351757169, 17340078450196530212205314520279311841731993777309479440929707007860057490354]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 148 + cx = sel3s([e[444], e[445], e[446]], [21880820504467716634106664909402072165472960350877194774465177915127008092893, 11747606579643600398471099307152208653405848363842457205852065247815894902054, 19027263041564841350573847395951723454691080012198506245692747602145336686229, 5632682422077314837831565983660289273448221389165648008167925020530588300924]); + cy = sel2([e[444], e[445]], [5182168744456816656485869911241149693404052223082761825064601932558781730740, 2685937932147288674316610675212322222716444961674715249218650895750571659552, 1912852125196207140975649985472776011293820313776376659814516409955251806791, 18263958114524880676274451483937610105571465623681831140376587635788141241088]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 149 + cx = sel3s([e[447], e[448], e[449]], [8936781701927368370215210870827508937678765478808217533286287559934624784681, 5108431664028439851662340341125863641795570652264053957564019035084276122804, 12999653496005517730722186355139904948504508219343877303366358022761375044402, 19179622495081980573635923134343351242929014436693872859625873727501193848932]); + cy = sel2([e[447], e[448]], [4623029543859886044767307470074323247069187031547412019261660683452990785239, 9857015684855568488276378660083416741199186578332924215590492662945432272825, 5242391447932956625671668911434466570194372869876929059550830464880164528131, 14646928672286452058469223988095085156895208600523868135204725017248298504143]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 150 + cx = sel3s([e[450], e[451], e[452]], [7946459614521142644206204774850419894186577869297360917934350740375926112382, 11530085592691934773947896113217121596676226719554558175458752626759168307130, 12291215261278045612022495371137973264064622535432110273152233125306665396787, 4442266885858584741818610179233325487185053295954810407262511211378152048331]); + cy = sel2([e[450], e[451]], [20393528966549387266343193152712146799161036298032725317477228673291507957942, 1831259860608244620805838343666664146008857962101286629882205237950513972028, 2581270768505724914793947599867596421087089340177029937008824731251155270286, 1824038414762784797700995677077189626495506231241155951144255369814082278582]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 151 + cx = sel3s([e[453], e[454], e[455]], [16996326686259093178712301719114535464147004200933701699216923172711169217776, 10135668620867881915901635109225909232593721615476228193005378643989870282190, 12684696285143358527008494835928613367424428569071148860201922633463847362163, 19520340433574445384932755965450431313046400213079154403779893187900476007389]); + cy = sel2([e[453], e[454]], [10879703765081907416589976314120373073533854885503210038919805342729980088501, 3042952377945780941440480619239495862925076770257741464841490662991367990723, 20568201167449878452522309826171296534890589395210499691162182782776592901489, 2515435614825363087293388949409937340469196878839891206929432371588941120828]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 152 + cx = sel3s([e[456], e[457], e[458]], [5948355082391370971277814822201259570199411254972015395356071689733858457870, 14435295688288574008552320445654835668230448171821339773392204385711009673498, 4555707692840173328761632986080641237899354311390885658902712711385985152474, 21377793559898523325502642621273525075966615158530502938404139072744665720725]); + cy = sel2([e[456], e[457]], [18781938632634665629392534748457372928296731257744451684662925940692495070899, 20870582266287640319635222130472633641883455183531701982867810507045631654099, 6255001622610081365809867580322152519018111820804890853975941295493185079617, 11444903546950465193484459453464362458126976218066241321940461471249831055834]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 153 + cx = sel3s([e[459], e[460], e[461]], [4801783634053958699406131208260321653724147389806778300442394152288266622390, 13657947007455887667569605985083889328718870615545221619668723775205747840135, 177598511756923881728697053947837521554079408931967588956714727282062478754, 1374290142752108446259268973165307183295759382785138144661109763848127727476]); + cy = sel2([e[459], e[460]], [10503832530625380631086165586158401732075983866290617431349835924922749109699, 8383317413774803586670187834721088561764237477263859389570115631886656905028, 2834233504802602126712103599378293010472650755759227696185340490923006971103, 17330582798076118742935459828744886802843487551551606246519220146369990307779]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 154 + cx = sel3s([e[462], e[463], e[464]], [5093610893249308867168031458336741939196884648123926997975341654608609426830, 12248279767532955250746877738475030196514076889129781370472666862024900770669, 5043009492124624507652527263244758360087085758651362799261288863076362039187, 16591909200159417412409462652077399999824413751859530227695887196356321679228]); + cy = sel2([e[462], e[463]], [10952612598118313917631759693602817846928839860096429550603703046117049639522, 2884939241145303979172401496138136665819626424676215132904685536232137032921, 21092145374321584925227081195844245213760374840107123770724422721835988876958, 5499840197627421265036310285493143039360364243394878011782966367266344217732]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 155 + cx = sel3s([e[465], e[466], e[467]], [3794104339739491010449122661216407115137782001618163380131794160705537757426, 7514419529276933284458458535371966876401883528785013067210805765651582633130, 2534189532451386749189970776179117832798970009395742348348119108287813471216, 5610243014937776775874159841646817951854662385825951664842167532212856045068]); + cy = sel2([e[465], e[466]], [12842968623255283384772731210441087433561383555541999360200972373794310794093, 10823437952973686303915120116380996262045441725571077692704581218749963605907, 21253964658659775229061107104903539871763760188604842330476347939642955209002, 1745535366815989039402026181267179197840739481539734000808670009580269211142]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 156 + cx = sel3s([e[468], e[469], e[470]], [3459245219635302288341483992140272707638915493010622274381776793623419230591, 9849021255480129732487752167924340739614806540698786580158805033907788030853, 3255308487469886623287718398314898379309460957968181729113829918571419337145, 15359614079733122216507425018253600855203543497608695539122606260839625565617]); + cy = sel2([e[468], e[469]], [17415928452277952995861857592997544802223350915817518744596816398543561612106, 9999856236606156376100952785476675300524456948913069129769906530665355058037, 17734497746752242925262857913765409819203458581088950917188119245918082092030, 6881580842463060802624074515204787264906621652045323766233447264566499944530]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 157 + cx = sel3s([e[471], e[472], e[473]], [634964597278986129282215293208138156361395902716873910540311662219517773576, 310253852479958835592393232442887907344502522183801152945448588489452412569, 384881480274621505303330466062621612997526527075542749162723700081976881288, 11767445114097831765826464678890553621483551558949563523534328471079851963281]); + cy = sel2([e[471], e[472]], [17203635141310737823252743409317633065422478971915442288649227045499339781109, 2545094457118912372548408336893899649182443951551613850781196845141738637170, 8609139198776064973664903858401535131314034007074283879284230416121615542308, 20092107484372320312567981037155807130829118997137612522175958096520972507336]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 158 + cx = sel3s([e[474], e[475], e[476]], [20098437969178934435495041700635313630962028038875583770224318127835756299529, 311104306589906971684844795811359683864786473908061989245919427082915904714, 5007249687217418940511624233021226494914521342148545152148356064906320432035, 9785851145981523672688289938894315309424412779439726667571213830109657407900]); + cy = sel2([e[474], e[475]], [877613904095171787446316454384924363436490179245069691113043218080238972652, 15255392602742007855606168874483544819258797919038984937824266131810915403967, 3482868076428758563707184390706074120455579821747810434457575250407348632455, 5737555899585712614112644175034540180519345050397396205967955592318835422324]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 159 + cx = sel3s([e[477], e[478], e[479]], [17889638686175315317941901427709143202478522471798280927986774735210637820526, 4586587171981050785204495209615167868746399227792813638212786811256473778221, 1864752565757236746122736751796835904389046064841800598816325031089096557478, 13943403942544820674673437343502779310324858400636923221774342029216604251440]); + cy = sel2([e[477], e[478]], [17728898667133884634264046347611298588924985692465583707491826367590591819161, 18365428070394378833051912713200271982753415548931989923757430748929339745094, 13355801165885814561827651110098104649674895992244923613944279081535896494292, 12718254346735593182641856097514926990330253814732909832265502852628068735026]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 160 + cx = sel3s([e[480], e[481], e[482]], [17159516188699622404527134263356371503443962451842558111890221401200764258125, 19697000438877661546696672369476849653861527230741461549059757921200307256689, 8082602544025295110701438493605046299287009032703969632384937719700791606339, 5936552380580117855548116310401989958728171511356588061450350806482980900531]); + cy = sel2([e[480], e[481]], [288697205606498046198642124865852628925547477970007319079115715396675917499, 11438994931015502912944770174743669059446783563412696311667974558402876489825, 2713576975757110627428489368530113978475830565467996635364633792472336700891, 20023822454992925006561366839036620580908513505208980493011483098957399405656]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 161 + cx = sel3s([e[483], e[484], e[485]], [11476903323853344813827041345787850966667514952865946400953029235796901464022, 15662688482882450089332164944545567115920791913333567306810233998084574572841, 16165244090421658682362860955446523155721204004465368156540492359518946703685, 13233236504179066734589049314166320998745790229936719431495551951291164368688]); + cy = sel2([e[483], e[484]], [21544495907681885621399294493301860022991247894450553860102494438499516461036, 15070356063300726246376329439697612629246560015487953180041607494107482212328, 10932308314438454016363769449242767120417784090441698745502660483728820506459, 15142440904746497443767345573381088273730091577283493618193631903901402378371]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 162 + cx = sel3s([e[486], e[487], e[488]], [6740469135284996394159167279126920754449900660887428959259136317440159292867, 1951789672920637712186229138057234008172951294439716801691622239946406362446, 10614706090196653889949286489862565736131644495539213256761186995450585212820, 20219336380099606710973890974478494924791931389585459347005405927908068729651]); + cy = sel2([e[486], e[487]], [12559437556228574824459283742977065667884462966124147526010574650373707978536, 11353250997656326728675199688614508617263787972463605193791786351817731868528, 9955679877407075213882986027032271351625902587325271136145291798547578901197, 7587664180577472344145946155058239620135123893989614056504418351234639990359]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 163 + cx = sel3s([e[489], e[490], e[491]], [11683193590608313373089435698057644614965227085254736967478627707109364481009, 5373593679075319624506848608700634791297845735799356231319125589754901432010, 14330496678432059141319543266495924665988744049796260830269932610430618839231, 16147138941500612947680025577703299264094926996519490683694344514795650552030]); + cy = sel2([e[489], e[490]], [14089407095672561058133609212857713657125336981293206062798215054918146117895, 5921405729554308485753035966317904019193857886291312338471036342984958996974, 14219166018565381341875979253176613205499868708487414627746489465729919459602, 9173206043848059861761039827886516664018988512989876666692360758637877840001]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 164 + cx = sel3s([e[492], e[493], e[494]], [12391241461796318677666973225906912103063953603374991439355987755433936571792, 11342324255021537810533271600486943249554637261483201032733188357979300928906, 6762143596567875242093282841823575455167081327592834568853990326935018728741, 1729094316763263611553329689516612131095524285732807879509329720064037980971]); + cy = sel2([e[492], e[493]], [6256323253756510425990684148198273229283967340029341825763386143854418092931, 608479563301898577121898469798459144789668559311173727644698121661161535370, 16118965412641868779259712849902459712114606105053804845952965420804403776265, 5207196556914412218334602277590189653542873808697180315162104560234636073976]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 165 + cx = sel3s([e[495], e[496], e[497]], [12090834415198821488072985841187199896460619427268475889346428879276625683876, 20435352555053416469114817994605784220258558984767053371686545934216871498097, 7919766463107746640570694574991853522177141706128568812747727580994437010928, 18791819403195060520893758220974368558662433382958799315116210085990602330263]); + cy = sel2([e[495], e[496]], [11186634643432676423242372187246648742599522445001126220151236883458565017089, 730264789631663387855933585769199256797088038637783970560657523730947722943, 9789319816975923274967045544277604801648452652703289939384714401867885689451, 20390569650377326057430918388837541684089995685084097630788684319064176189296]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 166 + cx = sel3s([e[498], e[499], e[500]], [9073477014345643942359994649331122800736234440180113066690071117218958686221, 17848891043122277658033397684650904021333601784635518417727821688552518594475, 8394455238188958480130266174842497177830879983439478526032000789572056999540, 3969215253795918818810265899749520158876595254756141389552909935321879395990]); + cy = sel2([e[498], e[499]], [15421230006761899572959376594938017439120427450367920423701622807634638005218, 691759570775251457416249989322179808019152722619656278259527490301863241777, 19687896560656750069557210923004770524699515901561346847457425701096560281307, 13013403796046695153969709190889488389508063704805702465177729278466953096077]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 167 + cx = sel3s([e[501], e[502], e[503]], [17605212659450062681090282709904508607567301109002577655966314961623397498778, 20706453518066591671344075213608634140534260809172831962434708646209603184096, 20530641835252913976176823270868884490574732596806683216254892843407024651486, 19512520336574558609801187648395617364107060095538444150298099264798316486399]); + cy = sel2([e[501], e[502]], [18088283300102077232647028354145534410326244238430555546504288886091850910025, 19624767204537830958950503358240075916787006780432673880401115874844576604739, 13389739174441700308398229420122777340874705736681526274430502297758537243393, 2768660518118504029156154123602101814256009402463064802144883490594220059578]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 168 + cx = sel3s([e[504], e[505], e[506]], [3898901470837850662399020072718316987511815396623761376502150466549773974269, 20681259404330431411774484706350104535474957110888110413896201115382255532278, 12146860081497614316907871444885755439616687087776665508013517962132514932126, 10103366418676857183019670163194546750004223272088526675082633522057697832251]); + cy = sel2([e[504], e[505]], [18552945270636575492780160887690665046683842994616480518496617903497833044944, 16280318807141467057522946128901953503954886894473765482004622686048871784896, 16511259671446150110679883995503700110523460228865394020432354340848786592304, 11820015885519382016829607197866756084707670961286078960070207041832708513141]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 169 + cx = sel3s([e[507], e[508], e[509]], [6124403322044682705571649214069113177521499060664580284884665715951975035077, 3806547960677312456106393355578152447583324120952390972170284549005371006887, 12796416634735923176681417392847285391386920336707070519873332365264500996292, 18113312677912280033934533469627761267183403533244965210112870702471687667512]); + cy = sel2([e[507], e[508]], [18191174947339798787646910619446409943766046946921136035021645191602921923040, 16559060177998758852323304784771936179434931576336411584121379336820727372618, 13858115732979799183025726471151602712224733686530960054365665740611187232029, 9933192519609817862698304326029579651414877338671776883175639003837130283966]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 170 + cx = sel3s([e[510], e[511], e[512]], [3342564788366736273905106071612128667477972061160313630133110787799686301495, 13766193863701503939885263345152684798552605679140222504700163745347162493183, 18523279471468319520962369406962457727155204375043681943707151819380964978377, 8094164074569624021939357073285075790695279643883973800173037824312344195506]); + cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093, 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + + return edwardsCompress(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok new file mode 100644 index 000000000..5800127a0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok @@ -0,0 +1,2076 @@ +const field[6][497] POSEIDON_C = [ + [ + 4417881134626180770308697923359573201005643519861877412381846989312604493735, + 5433650512959517612316327474713065966758808864213826738576266661723522780033, + 13641176377184356099764086973022553863760045607496549923679278773208775739952, + 17949713444224994136330421782109149544629237834775211751417461773584374506783, + 13765628375339178273710281891027109699578766420463125835325926111705201856003, + 19179513468172002314585757290678967643352171735526887944518845346318719730387, + 5157412437176756884543472904098424903141745259452875378101256928559722612176, + 535160875740282236955320458485730000677124519901643397458212725410971557409, + 1050793453380762984940163090920066886770841063557081906093018330633089036729, + 10665495010329663932664894101216428400933984666065399374198502106997623173873, + 19965634623406616956648724894636666805991993496469370618546874926025059150737, + 13007250030070838431593222885902415182312449212965120303174723305710127422213, + 16877538715074991604507979123743768693428157847423939051086744213162455276374, + 18211747749504876135588847560312685184956239426147543810126553367063157141465, + 18151553319826126919739798892854572062191241985315767086020821632812331245635, + 19957033149976712666746140949846950406660099037474791840946955175819555930825, + 3469514863538261843186854830917934449567467100548474599735384052339577040841, + 989698510043911779243192466312362856042600749099921773896924315611668507708, + 12568377015646290945235387813564567111330046038050864455358059568128000172201, + 20856104135605479600325529349246932565148587186338606236677138505306779314172, + 8206918720503535523121349917159924938835810381723474192155637697065780938424, + 1309058477013932989380617265069188723120054926187607548493110334522527703566, + 14076116939332667074621703729512195584105250395163383769419390236426287710606, + 10153498892749751942204288991871286290442690932856658983589258153608012428674, + 18202499207234128286137597834010475797175973146805180988367589376893530181575, + 12739388830157083522877690211447248168864006284243907142044329113461613743052, + 15123358710467780770838026754240340042441262572309759635224051333176022613949, + 19925004701844594370904593774447343836015483888496504201331110250494635362184, + 10352416606816998476681131583320899030072315953910679608943150613208329645891, + 10567371822366244361703342347428230537114808440249611395507235283708966113221, + 5635498582763880627392290206431559361272660937399944184533035305989295959602, + 11866432933224219174041051738704352719163271639958083608224676028593315904909, + 5795020705294401441272215064554385591292330721703923167136157291459784140431, + 9482202378699252817564375087302794636287866584767523335624368774856230692758, + 4245237636894546151746468406560945873445548423466753843402086544922216329298, + 12000500941313982757584712677991730019124834399479314697467598397927435905133, + 7596790274058425558167520209857956363736666939016807569082239187494363541787, + 2484867918246116343205467273440098378820186751202461278013576281097918148877, + 18312645949449997391810445935615409295369169383463185688973803378104013950190, + 15320686572748723004980855263301182130424010735782762814513954166519592552733, + 12618438900597948888520621062416758747872180395546164387827245287017031303859, + 17438141672027706116733201008397064011774368832458707512367404736905021019585, + 6374197807230665998865688675365359100400438034755781666913068586172586548950, + 2189398913433273865510950346186699930188746169476472274335177556702504595264, + 6268495580028970231803791523870131137294646402347399003576649137450213034606, + 17896250365994900261202920044129628104272791547990619503076839618914047059275, + 13692156312448722528008862371944543449350293305158722920787736248435893008873, + 15234446864368744483209945022439268713300180233589581910497691316744177619376, + 1572426502623310766593681563281600503979671244997798691029595521622402217227, + 80103447810215150918585162168214870083573048458555897999822831203653996617, + 8228820324013669567851850635126713973797711779951230446503353812192849106342, + 5375851433746509614045812476958526065449377558695752132494533666370449415873, + 12115998939203497346386774317892338270561208357481805380546938146796257365018, + 9764067909645821279940531410531154041386008396840887338272986634350423466622, + 8538708244538850542384936174629541085495830544298260335345008245230827876882, + 7140127896620013355910287215441004676619168261422440177712039790284719613114, + 14297402962228458726038826185823085337698917275385741292940049024977027409762, + 6667115556431351074165934212337261254608231545257434281887966406956835140819, + 20226761165244293291042617464655196752671169026542832236139342122602741090001, + 12038289506489256655759141386763477208196694421666339040483042079632134429119, + 19027757334170818571203982241812412991528769934917288000224335655934473717551, + 16272152964456553579565580463468069884359929612321610357528838696790370074720, + 2500392889689246014710135696485946334448570271481948765283016105301740284071, + 8595254970528530312401637448610398388203855633951264114100575485022581946023, + 11635945688914011450976408058407206367914559009113158286982919675551688078198, + 614739068603482619581328040478536306925147663946742687395148680260956671871, + 18692271780377861570175282183255720350972693125537599213951106550953176268753, + 4987059230784976306647166378298632695585915319042844495357753339378260807164, + 21851403978498723616722415377430107676258664746210815234490134600998983955497, + 9830635451186415300891533983087800047564037813328875992115573428596207326204, + 4842706106434537116860242620706030229206345167233200482994958847436425185478, + 6422235064906823218421386871122109085799298052314922856340127798647926126490, + 4564364104986856861943331689105797031330091877115997069096365671501473357846, + 1944043894089780613038197112872830569538541856657037469098448708685350671343, + 21179865974855950600518216085229498748425990426231530451599322283119880194955, + 14296697761894107574369608843560006996183955751502547883167824879840894933162, + 12274619649702218570450581712439138337725246879938860735460378251639845671898, + 16371396450276899401411886674029075408418848209575273031725505038938314070356, + 3702561221750983937578095019779188631407216522704543451228773892695044653565, + 19721616877735564664624984774636557499099875603996426215495516594530838681980, + 6383350109027696789969911008057747025018308755462287526819231672217685282429, + 20860583956177367265984596617324237471765572961978977333122281041544719622905, + 5766390934595026947545001478457407504285452477687752470140790011329357286275, + 4043175758319898049344746138515323336207420888499903387536875603879441092484, + 15579382179133608217098622223834161692266188678101563820988612253342538956534, + 1864640783252634743892105383926602930909039567065240010338908865509831749824, + 15943719865023133586707144161652035291705809358178262514871056013754142625673, + 2326415993032390211558498780803238091925402878871059708106213703504162832999, + 19995326402773833553207196590622808505547443523750970375738981396588337910289, + 5143583711361588952673350526320181330406047695593201009385718506918735286622, + 15436006486881920976813738625999473183944244531070780793506388892313517319583, + 16660446760173633166698660166238066533278664023818938868110282615200613695857, + 4966065365695755376133119391352131079892396024584848298231004326013366253934, + 20683781957411705574951987677641476019618457561419278856689645563561076926702, + 17280836839165902792086432296371645107551519324565649849400948918605456875699, + 17045635513701208892073056357048619435743564064921155892004135325530808465371, + 17055032967194400710390142791334572297458033582458169295920670679093585707295, + 15727174639569115300068198908071514334002742825679221638729902577962862163505, + 1001755657610446661315902885492677747789366510875120894840818704741370398633, + 18638547332826171619311285502376343504539399518545103511265465604926625041234, + 6751954224763196429755298529194402870632445298969935050224267844020826420799, + 3526747115904224771452549517614107688674036840088422555827581348280834879405, + 15705897908180497062880001271426561999724005008972544196300715293701537574122, + 574386695213920937259007343820417029802510752426579750428758189312416867750, + 15973040855000600860816974646787367136127946402908768408978806375685439868553, + 20934130413948796333037139460875996342810005558806621330680156931816867321122, + 6918585327145564636398173845411579411526758237572034236476079610890705810764, + 14158163500813182062258176233162498241310167509137716527054939926126453647182, + 4164602626597695668474100217150111342272610479949122406544277384862187287433, + 12146526846507496913615390662823936206892812880963914267275606265272996025304, + 10153527926900017763244212043512822363696541810586522108597162891799345289938, + 13564663485965299104296214940873270349072051793008946663855767889066202733588, + 5612449256997576125867742696783020582952387615430650198777254717398552960096, + 12151885480032032868507892738683067544172874895736290365318623681886999930120, + 380452237704664384810613424095477896605414037288009963200982915188629772177, + 9067557551252570188533509616805287919563636482030947363841198066124642069518, + 21280306817619711661335268484199763923870315733198162896599997188206277056900, + 5567165819557297006750252582140767993422097822227408837378089569369734876257, + 10411936321072105429908396649383171465939606386380071222095155850987201580137, + 21338390051413922944780864872652000187403217966653363270851298678606449622266, + 12156296560457833712186127325312904760045212412680904475497938949653569234473, + 4271647814574748734312113971565139132510281260328947438246615707172526380757, + 9061738206062369647211128232833114177054715885442782773131292534862178874950, + 10134551893627587797380445583959894183158393780166496661696555422178052339133, + 8932270237664043612366044102088319242789325050842783721780970129656616386103, + 3339412934966886386194449782756711637636784424032779155216609410591712750636, + 9704903972004596791086522314847373103670545861209569267884026709445485704400, + 17467570179597572575614276429760169990940929887711661192333523245667228809456, + ...[0; 369] + ], + [ + 6745197990210204598374042828761989596302876299545964402857411729872131034734, + 426281677759936592021316809065178817848084678679510574715894138690250139748, + 4014188762916583598888942667424965430287497824629657219807941460227372577781, + 21328925083209914769191926116470334003273872494252651254811226518870906634704, + 19525217621804205041825319248827370085205895195618474548469181956339322154226, + 1402547928439424661186498190603111095981986484908825517071607587179649375482, + 18320863691943690091503704046057443633081959680694199244583676572077409194605, + 17709820605501892134371743295301255810542620360751268064484461849423726103416, + 15970119011175710804034336110979394557344217932580634635707518729185096681010, + 9818625905832534778628436765635714771300533913823445439412501514317783880744, + 6235167673500273618358172865171408902079591030551453531218774338170981503478, + 12575685815457815780909564540589853169226710664203625668068862277336357031324, + 7381963244739421891665696965695211188125933529845348367882277882370864309593, + 14214782117460029685087903971105962785460806586237411939435376993762368956406, + 13382692957873425730537487257409819532582973556007555550953772737680185788165, + 2203881792421502412097043743980777162333765109810562102330023625047867378813, + 2916799379096386059941979057020673941967403377243798575982519638429287573544, + 4341714036313630002881786446132415875360643644216758539961571543427269293497, + 2340590164268886572738332390117165591168622939528604352383836760095320678310, + 5222233506067684445011741833180208249846813936652202885155168684515636170204, + 7963328565263035669460582454204125526132426321764384712313576357234706922961, + 1394121618978136816716817287892553782094854454366447781505650417569234586889, + 20251767894547536128245030306810919879363877532719496013176573522769484883301, + 141695147295366035069589946372747683366709960920818122842195372849143476473, + 15919677773886738212551540894030218900525794162097204800782557234189587084981, + 2616624285043480955310772600732442182691089413248613225596630696960447611520, + 4740655602437503003625476760295930165628853341577914460831224100471301981787, + 19201590924623513311141753466125212569043677014481753075022686585593991810752, + 12116486795864712158501385780203500958268173542001460756053597574143933465696, + 8481222075475748672358154589993007112877289817336436741649507712124418867136, + 5181207870440376967537721398591028675236553829547043817076573656878024336014, + 1576305643467537308202593927724028147293702201461402534316403041563704263752, + 2555752030748925341265856133642532487884589978209403118872788051695546807407, + 18840924862590752659304250828416640310422888056457367520753407434927494649454, + 14593453114436356872569019099482380600010961031449147888385564231161572479535, + 20826991704411880672028799007667199259549645488279985687894219600551387252871, + 9159011389589751902277217485643457078922343616356921337993871236707687166408, + 5605846325255071220412087261490782205304876403716989785167758520729893194481, + 1148784255964739709393622058074925404369763692117037208398835319441214134867, + 20945896491956417459309978192328611958993484165135279604807006821513499894540, + 229312996389666104692157009189660162223783309871515463857687414818018508814, + 21184391300727296923488439338697060571987191396173649012875080956309403646776, + 21853424399738097885762888601689700621597911601971608617330124755808946442758, + 12776298811140222029408960445729157525018582422120161448937390282915768616621, + 7556638921712565671493830639474905252516049452878366640087648712509680826732, + 19042212131548710076857572964084011858520620377048961573689299061399932349935, + 12871359356889933725034558434803294882039795794349132643274844130484166679697, + 3313271555224009399457959221795880655466141771467177849716499564904543504032, + 15080780006046305940429266707255063673138269243146576829483541808378091931472, + 21300668809180077730195066774916591829321297484129506780637389508430384679582, + 20480395468049323836126447690964858840772494303543046543729776750771407319822, + 10034492246236387932307199011778078115444704411143703430822959320969550003883, + 19584962776865783763416938001503258436032522042569001300175637333222729790225, + 20155726818439649091211122042505326538030503429443841583127932647435472711802, + 13313554736139368941495919643765094930693458639277286513236143495391474916777, + 14606609055603079181113315307204024259649959674048912770003912154260692161833, + 5563317320536360357019805881367133322562055054443943486481491020841431450882, + 10535419877021741166931390532371024954143141727751832596925779759801808223060, + 12025323200952647772051708095132262602424463606315130667435888188024371598063, + 2906495834492762782415522961458044920178260121151056598901462871824771097354, + 19131970618309428864375891649512521128588657129006772405220584460225143887876, + 8896386073442729425831367074375892129571226824899294414632856215758860965449, + 7748212315898910829925509969895667732958278025359537472413515465768989125274, + 422974903473869924285294686399247660575841594104291551918957116218939002865, + 6398251826151191010634405259351528880538837895394722626439957170031528482771, + 18978082967849498068717608127246258727629855559346799025101476822814831852169, + 19150742296744826773994641927898928595714611370355487304294875666791554590142, + 12896891575271590393203506752066427004153880610948642373943666975402674068209, + 9546270356416926575977159110423162512143435321217584886616658624852959369669, + 2159256158967802519099187112783460402410585039950369442740637803310736339200, + 8911064487437952102278704807713767893452045491852457406400757953039127292263, + 745203718271072817124702263707270113474103371777640557877379939715613501668, + 19313999467876585876087962875809436559985619524211587308123441305315685710594, + 13254105126478921521101199309550428567648131468564858698707378705299481802310, + 1842081783060652110083740461228060164332599013503094142244413855982571335453, + 9630707582521938235113899367442877106957117302212260601089037887382200262598, + 5066637850921463603001689152130702510691309665971848984551789224031532240292, + 4222575506342961001052323857466868245596202202118237252286417317084494678062, + 2919565560395273474653456663643621058897649501626354982855207508310069954086, + 6828792324689892364977311977277548750189770865063718432946006481461319858171, + 2245543836264212411244499299744964607957732316191654500700776604707526766099, + 19602444885919216544870739287153239096493385668743835386720501338355679311704, + 8239538512351936341605373169291864076963368674911219628966947078336484944367, + 15053013456316196458870481299866861595818749671771356646798978105863499965417, + 7173615418515925804810790963571435428017065786053377450925733428353831789901, + 8239211677777829016346247446855147819062679124993100113886842075069166957042, + 15330855478780269194281285878526984092296288422420009233557393252489043181621, + 10014883178425964324400942419088813432808659204697623248101862794157084619079, + 14014440630268834826103915635277409547403899966106389064645466381170788813506, + 3580284508947993352601712737893796312152276667249521401778537893620670305946, + 2559754020964039399020874042785294258009596917335212876725104742182177996988, + 14898657953331064524657146359621913343900897440154577299309964768812788279359, + 2094037260225570753385567402013028115218264157081728958845544426054943497065, + 18051086536715129874440142649831636862614413764019212222493256578581754875930, + 21680659279808524976004872421382255670910633119979692059689680820959727969489, + 13950668739013333802529221454188102772764935019081479852094403697438884885176, + 9703845704528288130475698300068368924202959408694460208903346143576482802458, + 12064310080154762977097567536495874701200266107682637369509532768346427148165, + 16970760937630487134309762150133050221647250855182482010338640862111040175223, + 9790997389841527686594908620011261506072956332346095631818178387333642218087, + 16314772317774781682315680698375079500119933343877658265473913556101283387175, + 82044870826814863425230825851780076663078706675282523830353041968943811739, + 21696416499108261787701615667919260888528264686979598953977501999747075085778, + 327771579314982889069767086599893095509690747425186236545716715062234528958, + 4606746338794869835346679399457321301521448510419912225455957310754258695442, + 64499140292086295251085369317820027058256893294990556166497635237544139149, + 10455028514626281809317431738697215395754892241565963900707779591201786416553, + 10421411526406559029881814534127830959833724368842872558146891658647152404488, + 18848084335930758908929996602136129516563864917028006334090900573158639401697, + 13844582069112758573505569452838731733665881813247931940917033313637916625267, + 13488838454403536473492810836925746129625931018303120152441617863324950564617, + 15742141787658576773362201234656079648895020623294182888893044264221895077688, + 6756884846734501741323584200608866954194124526254904154220230538416015199997, + 7860026400080412708388991924996537435137213401947704476935669541906823414404, + 7871040688194276447149361970364037034145427598711982334898258974993423182255, + 20758972836260983284101736686981180669442461217558708348216227791678564394086, + 21723241881201839361054939276225528403036494340235482225557493179929400043949, + 19428469330241922173653014973246050805326196062205770999171646238586440011910, + 7969200143746252148180468265998213908636952110398450526104077406933642389443, + 10950417916542216146808986264475443189195561844878185034086477052349738113024, + 18149233917533571579549129116652755182249709970669448788972210488823719849654, + 3729796741814967444466779622727009306670204996071028061336690366291718751463, + 5172504399789702452458550583224415301790558941194337190035441508103183388987, + 6686473297578275808822003704722284278892335730899287687997898239052863590235, + 19426913098142877404613120616123695099909113097119499573837343516470853338513, + 5120337081764243150760446206763109494847464512045895114970710519826059751800, + 5055737465570446530938379301905385631528718027725177854815404507095601126720, + 14235578612970484492268974539959119923625505766550088220840324058885914976980, + 653592517890187950103239281291172267359747551606210609563961204572842639923, + 5507360526092411682502736946959369987101940689834541471605074817375175870579, + 7864202866011437199771472205361912625244234597659755013419363091895334445453, + 21294659996736305811805196472076519801392453844037698272479731199885739891648, + 13767183507040326119772335839274719411331242166231012705169069242737428254651, + 810181532076738148308457416289197585577119693706380535394811298325092337781, + 14232321930654703053193240133923161848171310212544136614525040874814292190478, + 16796904728299128263054838299534612533844352058851230375569421467352578781209, + 16256310366973209550759123431979563367001604350120872788217761535379268327259, + 19791658638819031543640174069980007021961272701723090073894685478509001321817, + 7046232469803978873754056165670086532908888046886780200907660308846356865119, + 16001732848952745747636754668380555263330934909183814105655567108556497219752, + 9737276123084413897604802930591512772593843242069849260396983774140735981896, + 11410895086919039954381533622971292904413121053792570364694836768885182251535, + 19098362474249267294548762387533474746422711206129028436248281690105483603471, + 11013788190750472643548844759298623898218957233582881400726340624764440203586, + 2206958256327295151076063922661677909471794458896944583339625762978736821035, + 7171889270225471948987523104033632910444398328090760036609063776968837717795, + 2510237900514902891152324520472140114359583819338640775472608119384714834368, + 8825275525296082671615660088137472022727508654813239986303576303490504107418, + 1481125575303576470988538039195271612778457110700618040436600537924912146613, + 16268684562967416784133317570130804847322980788316762518215429249893668424280, + 4681491452239189664806745521067158092729838954919425311759965958272644506354, + 3131438137839074317765338377823608627360421824842227925080193892542578675835, + 7930402370812046914611776451748034256998580373012248216998696754202474945793, + 8973151117361309058790078507956716669068786070949641445408234962176963060145, + 10223139291409280771165469989652431067575076252562753663259473331031932716923, + 2232089286698717316374057160056566551249777684520809735680538268209217819725, + 16930089744400890347392540468934821520000065594669279286854302439710657571308, + 21739597952486540111798430281275997558482064077591840966152905690279247146674, + 7508315029150148468008716674010060103310093296969466203204862163743615534994, + 11418894863682894988747041469969889669847284797234703818032750410328384432224, + 10895338268862022698088163806301557188640023613155321294365781481663489837917, + 18644184384117747990653304688839904082421784959872380449968500304556054962449, + 7414443845282852488299349772251184564170443662081877445177167932875038836497, + 5391299369598751507276083947272874512197023231529277107201098701900193273851, + 10329906873896253554985208009869159014028187242848161393978194008068001342262, + 4711719500416619550464783480084256452493890461073147512131129596065578741786, + 11943219201565014805519989716407790139241726526989183705078747065985453201504, + 4298705349772984837150885571712355513879480272326239023123910904259614053334, + 9999044003322463509208400801275356671266978396985433172455084837770460579627, + 4908416131442887573991189028182614782884545304889259793974797565686968097291, + 11963412684806827200577486696316210731159599844307091475104710684559519773777, + 20129916000261129180023520480843084814481184380399868943565043864970719708502, + 12884788430473747619080473633364244616344003003135883061507342348586143092592, + 20286808211545908191036106582330883564479538831989852602050135926112143921015, + 16282045180030846845043407450751207026423331632332114205316676731302016331498, + 4332932669439410887701725251009073017227450696965904037736403407953448682093, + 11105712698773407689561953778861118250080830258196150686012791790342360778288, + 21853934471586954540926699232107176721894655187276984175226220218852955976831, + 9807888223112768841912392164376763820266226276821186661925633831143729724792, + 13411808896854134882869416756427789378942943805153730705795307450368858622668, + 17906847067500673080192335286161014930416613104209700445088168479205894040011, + 14554387648466176616800733804942239711702169161888492380425023505790070369632, + 4264116751358967409634966292436919795665643055548061693088119780787376143967, + 2401104597023440271473786738539405349187326308074330930748109868990675625380, + 12251645483867233248963286274239998200789646392205783056343767189806123148785, + 15331181254680049984374210433775713530849624954688899814297733641575188164316, + 13108834590369183125338853868477110922788848506677889928217413952560148766472, + 6843160824078397950058285123048455551935389277899379615286104657075620692224, + 10151103286206275742153883485231683504642432930275602063393479013696349676320, + 7074320081443088514060123546121507442501369977071685257650287261047855962224, + 11413928794424774638606755585641504971720734248726394295158115188173278890938, + 7312756097842145322667451519888915975561412209738441762091369106604423801080, + 7181677521425162567568557182629489303281861794357882492140051324529826589361, + 15123155547166304758320442783720138372005699143801247333941013553002921430306, + 13409242754315411433193860530743374419854094495153957441316635981078068351329, + ...[0; 302] + ], + [ + 11633431549750490989983886834189948010834808234699737327785600195936805266405, + 17353750182810071758476407404624088842693631054828301270920107619055744005334, + 11575173631114898451293296430061690731976535592475236587664058405912382527658, + 9724643380371653925020965751082872123058642683375812487991079305063678725624, + 20936725237749945635418633443468987188819556232926135747685274666391889856770, + 6427758822462294912934022562310355233516927282963039741999349770315205779230, + 16782979953202249973699352594809882974187694538612412531558950864304931387798, + 8979171037234948998646722737761679613767384188475887657669871981433930833742, + 5428827536651017352121626533783677797977876323745420084354839999137145767736, + 507241738797493565802569310165979445570507129759637903167193063764556368390, + 6711578168107599474498163409443059675558516582274824463959700553865920673097, + 2197359304646916921018958991647650011119043556688567376178243393652789311643, + 4634703622846121403803831560584049007806112989824652272428991253572845447400, + 17008376818199175111793852447685303011746023680921106348278379453039148937791, + 18430784755956196942937899353653692286521408688385681805132578732731487278753, + 4573768376486344895797915946239137669624900197544620153250805961657870918727, + 5624865188680173294191042415227598609140934495743721047183803859030618890703, + 8228252753786907198149068514193371173033070694924002912950645971088002709521, + 17586714789554691446538331362711502394998837215506284064347036653995353304693, + 12985198716830497423350597750558817467658937953000235442251074063454897365701, + 13480076116139680784838493959937969792577589073830107110893279354229821035984, + 480609231761423388761863647137314056373740727639536352979673303078459561332, + 19503345496799249258956440299354839375920540225688429628121751361906635419276, + 16837818502122887883669221005435922946567532037624537243846974433811447595173, + 5492108497278641078569490709794391352213168666744080628008171695469579703581, + 11365311159988448419785032079155356000691294261495515880484003277443744617083, + 13876891705632851072613751905778242936713392247975808888614530203269491723653, + 10660388389107698747692475159023710744797290186015856503629656779989214850043, + 18876318870401623474401728758498150977988613254023317877612912724282285739292, + 15543349138237018307536452195922365893694804703361435879256942490123776892424, + 2839988449157209999638903652853828318645773519300826410959678570041742458201, + 7566039810305694135184226097163626060317478635973510706368412858136696413063, + 6344830340705033582410486810600848473125256338903726340728639711688240744220, + 12475357769019880256619207099578191648078162511547701737481203260317463892731, + 13337401254840718303633782478677852514218549070508887338718446132574012311307, + 21161869193849404954234950798647336336709035097706159414187214758702055364571, + 20671052961616073313397254362345395594858011165315285344464242404604146448678, + 2772189387845778213446441819361180378678387127454165972767013098872140927416, + 3339032002224218054945450150550795352855387702520990006196627537441898997147, + 14919705931281848425960108279746818433850049439186607267862213649460469542157, + 17056699976793486403099510941807022658662936611123286147276760381688934087770, + 16144580075268719403964467603213740327573316872987042261854346306108421013323, + 15582343953927413680541644067712456296539774919658221087452235772880573393376, + 17528510080741946423534916423363640132610906812668323263058626230135522155749, + 3190600034239022251529646836642735752388641846393941612827022280601486805721, + 8463814172152682468446984305780323150741498069701538916468821815030498611418, + 16533435971270903741871235576178437313873873358463959658178441562520661055273, + 11845696835505436397913764735273748291716405946246049903478361223369666046634, + 18391057370973634202531308463652130631065370546571735004701144829951670507215, + 262537877325812689820791215463881982531707709719292538608229687240243203710, + 2187234489894387585309965540987639130975753519805550941279098789852422770021, + 19189656350920455659006418422409390013967064310525314160026356916172976152967, + 15839474183930359560478122372067744245080413846070743460407578046890458719219, + 1805019124769763805045852541831585930225376844141668951787801647576910524592, + 323592203814803486950280155834638828455175703393817797003361354810251742052, + 9780393509796825017346015868945480913627956475147371732521398519483580624282, + 14009429785059642386335012561867511048847749030947687313594053997432177705759, + 13749550162460745037234826077137388777330401847577727796245150843898019635981, + 19497187499283431845443758879472819384797584633472792651343926414232528405311, + 3708428802547661961864524194762556064568867603968214870300574294082023305587, + 1339414413482882567499652761996854155383863472782829777976929310155400981782, + 6396261245879814100794661157306877072718690153118140891315137894471052482309, + 2069661495404347929962833138824526893650803079024564477269192079629046031674, + 15793521554502133342917616035884588152451122589545915605459159078589855944361, + 17053424498357819626596285492499512504457128907932827007302385782133229252374, + 13658536470391360399708067455536748955260723760813498481671323619545320978896, + 21546095668130239633971575351786704948662094117932406102037724221634677838565, + 21411726238386979516934941789127061362496195649331822900487557574597304399109, + 1944776378988765673004063363506638781964264107780425928778257145151172817981, + 15590719714223718537172639598316570285163081746016049278954513732528516468773, + 1351266421179051765004709939353170430290500926943038391678843253157009556309, + 6772476224477167317130064764757502335545080109882028900432703947986275397548, + 10670120969725161535937685539136065944959698664551200616467222887025111751992, + 4731853626374224678749618809759140702342195350742653173378450474772131006181, + 14473527495914528513885847341981310373531349450901830749157165104135412062812, + 16937191362061486658876740597821783333355021670608822932942683228741190786143, + 5656559696428674390125424316117443507583679061659043998559560535270557939546, + 8897648276515725841133578021896617755369443750194849587616503841335248902806, + 14938684446722672719637788054570691068799510611164812175626676768545923371470, + 15284149043690546115252102390417391226617211133644099356880071475803043461465, + 2623479025068612775740107497276979457946709347831661908218182874823658838107, + 6809791961761836061129379546794905411734858375517368211894790874813684813988, + 2417620338751920563196799065781703780495622795713803712576790485412779971775, + 4445143310792944321746901285176579692343442786777464604312772017806735512661, + 1429019233589939118995503267516676481141938536269008901607126781291273208629, + 19874283200702583165110559932895904979843482162236139561356679724680604144459, + 13426632171723830006915194799390005513190035492503509233177687891041405113055, + 10582332261829184460912611488470654685922576576939233092337240630493625631748, + 21233753931561918964692715735079738969202507286592442257083521969358109931739, + 15570526832729960536088203016939646235070527502823725736220985057263010426410, + 9379993197409194016084018867205217180276068758980710078281820842068357746159, + 20771047769547788232530761122022227554484215799917531852224053856574439035591, + 20468066117407230615347036860121267564735050776924839007390915936603720868039, + 5488458379783632930817704196671117722181776789793038046303454621235628350505, + 1394272944960494549436156060041871735938329188644910029274839018389507786995, + 5147716541319265558364686380685869814344975511061045836883803841066664401308, + 14583556014436264794011679557180458872925270147116325433110111823036572987256, + 11881598145635709076820802010238799308467020773223027240974808290357539410246, + 1566675577370566803714158020143436746360531503329117352692311127363508063658, + 212097210828847555076368799807292486212366234848453077606919035866276438405, + 7447795983723838393344606913699113402588250391491430720006009618589586043349, + 7626475329478847982857743246276194948757851985510858890691733676098590062312, + 148936322117705719734052984176402258788283488576388928671173547788498414614, + 15456385653678559339152734484033356164266089951521103188900320352052358038156, + 18207029603568083031075933940507782729612798852390383193518574746240484434885, + 2783356767974552799246444090988849933848968900471538294757665724820698962027, + 2721136724873145834448711197875719736776242904173494370334510875996324906822, + 2101139679159828164567502977338446902934095964116292264803779234163802308621, + 8995221857405946029753863203034191016106353727035116779995228902499254557482, + 502050382895618998241481591846956281507455925731652006822624065608151015665, + 4998642074447347292230083981705092465562944918178587362047610976950173759150, + 9349925422548495396957991080641322437286312278286826683803695584372829655908, + 11780347248050333407713097022607360765169543706092266937432199545936788840710, + 17875657248128792902343900636176628524337469245418171053476833541334867949063, + 10366707960411170224546487410133378396211437543372531210718212258701730218585, + 16918708725327525329474486073529093971911689155838787615544405646587858805834, + 18845394288827839099791436411179859406694814287249240544635770075956540806104, + 9838806160073701591447223014625214979004281138811495046618998465898136914308, + 10285680425916086863571101560978592912547567902925573205991454216988033815759, + 1292119286233210185026381033809498665433650491423040630240164455269575958565, + 2665524343601461489082054230426835550060387413710679950970616347092017688857, + 13502286133892103192305476866434484921895765252706158317341618311553476426306, + 686854655578191041672292972738875170071982317195092845673566320025160026512, + 9315942923163981372372434957632152754092082859001311184186702151150554806508, + 17166793131238158480636170455452575971861309825745828685724097210995239015581, + 4443784618760852757287735236046535266034706880634443644576653970979377878608, + 21470445782021672615018345703580059646973568891521510437236903770708690160080, + 6932852445473908850835611723958058203645654625170962537129706393570586565567, + 17078326120157725640173982185667969009350208542843294226397809921509565607842, + 19251873001736801921864956728611772738233338338726553113352118847732921831266, + 13062907978694932362695258750558734366820802962383346229947907261606619788585, + 16576609187793673559170206379939616900133457644695219057683704871664434872406, + 17140499059660867342372156843620845644831519603574612796639429147195776838516, + 16226688173010504218547945848523900236290532501559570164276462499487632388445, + 2806068123803905806401128967330263340459046260107112845068533446899070326517, + 17788735370835052317224182711467216134690146479710634688273650370951230404901, + 9840665370904113434661468973557421114403401847108482949465899631150766783733, + 17357287363046228581837055771327121704742940914150998420465281177406182088510, + 8956082469997974864521346025916496675956939495318858500685756691488425559998, + 10583741436561099911914917245130852199607666337956354910388730829023746895549, + 15241902639811607164983030447109332729761435946009172128089506810551693978973, + 10889882303914055687481932975789161945462141459528413507160087442461090813788, + 19789561133254944544821898921133697408237804586549835559829396563401674817160, + 20741336668287037026472434608739333171202674306575625457456116338034432647230, + 17864073449995977742930566850933082711031717858550870842712972350665650521079, + 6017691253505466300212182439349954426085752315661098358839308909771637792741, + 5209125836207196173669497054522582922896061838702136844305036341250990710540, + 8138726312837322624537330169363664364899441867118983214176695868443641051381, + 15491983986041746833254372934846748393213690608865689646440909282144232382678, + 5054332867608171303802774230688792431028169804536607979111644888500809938980, + 15427030776591294577308915282298854681562344215287630895931797573417982096417, + 21754057982677295571284116502193272661309010996970316384923307174180521790164, + 16265286590463120486705206231835953324076688991892805307349612983237844034032, + 17679791107777049796013011282788633179411040182820636236163074053597517790779, + 4281652562868629887097957174897458165728741859103571825874408386197225591996, + 9168010397863299719604788533602757515513214141450093775967322808686129400625, + 17584182367226175071087689123358883902969885218985589531538416263709138156515, + 15671512310414658663135385639435845966109237059155734764323312289873534719186, + 10536294659491685326297777845632759824567028904726211134518740400643540109527, + 13431319759608247201135260841651365578663315527795431484765940626659812285319, + 9584697124715190200241839387725546204368618031045071660911490086723434692561, + 5180327104839158483066851400960171505063442195966219343315555549982472660055, + 18888217223053385111625483360538133292128748730565502371803782424772027937822, + 19535732913737027522540340630296365525208404217634392013266346283017745945894, + 8577759627886344995887423695190093296190181539234301534326157005220006624466, + 16793670928407147476673650839110019799844249677846432113010280456483595763987, + 13926032620965299897272071104154310460519723329016284975305942957859374938463, + 4794697578055472890255676575927616606591024075768967985031137397587590174501, + 3529566190782060578446859853852791941913086545101307988176595267965876143250, + 3975008029239568933166738482470827494289192118694622729549964538823092192163, + 17739094873244464728483944474780943281491793683051033330476367597242349886622, + 7367136451127531266518046223598095299278392589059366687082785080179161005418, + 11175297939460631138047404082172242706491354303440776362693987984031241399771, + 21687543815463985355165197827968086406938428974327951792877419032069230058777, + 21156136641989461785420005321350884477682466566148802533375726181416623358719, + 17347558768803521970212188258074365309929638984714303299899732035040892048478, + 16293716234695956076322008955071091921491953458541407305955104663269677475740, + 4206144021605871396668976569508168522675546062304959729829228403361714668567, + 19988050626299122864942213847548542155670073758974734015174045163059179151544, + 747972634423324369570795147739377097591383105262743308036321386836856106229, + 4612470951309047869982067912468200581649949743307592869671537990797895413707, + 9630852913694079049153027193127278569487291430069466630362958024525616303220, + 17941539917430916523930519432495442476511211427972760202450248798031711471474, + 20332911350443969653703295317915788278109458962706923653715140186132935894113, + 21764801803055897327474057344100833670291402543384934706514147201527191846513, + 18792043166429470991157980448329308661526906138700725174612608941551872082876, + 12308177224490762720061048892842527800271687977085172836705858261595655154325, + 6234555076867437297776538521925679658360922070165740193866337972293380196151, + 4651047048822067434403056477377459986292934655827821636179452835839127581305, + 4762047093602693619418269784972874862577325737690375448572644958129932507374, + 12373514879531674477721132062882065826558811149582829246378921774344318418269, + 452512704634345955634014968317367844987135264395068376894497483188243356523, + 21642936370936057063268550589361090955573362743817395689260298777690935495218, + 16170209200627740434842090607802586195654207376087117044989637541681675086276, + 11682826760471401430136435257946377996085824742031456481961511737883954750045, + 20628055165039718158878805520495324869838279647796500565701893698896698211929, + 16438375313036818694140277721632185529697783132872683043559674569424388375143, + 4855690425141732729622202649174026736476144238882856677953515240716341676853, + 11680269552161854836013784579325442981497075865007420427279871128110023581360, + 7052688838948398479718163301866620773458411881591190572311273079833122884040, + 10339199500986679207942447430230758709198802637648680544816596214595887890122, + 16310974164366557619327768780809157500356605306298690718711623172209302167675, + 4572051236178600578566286373491186377601851723137133424312445102215267283375, + 20933392620931420860078756859763708025350478446661033451436796955762857910093, + 10145870387395991071594748880090507240612313913083518483680901820696866812598, + 11173854866888110108878560284050142518686158431744851782991510385755602063727, + 3895357290105797542988795070918100785105415165483657264407967118738833241858, + 16358886674154007883356717944805100413481233709808000948036974385803613296849, + 10544067501284177518983466437755150442726536257903869254459488412549270232123, + 10495171258604974589451578238018388630585794890815982293891430761424812600427, + 13820724103604550843562070971473423552484851063169471886037640613650155173554, + 2334954333435579600152488915208745055087482119087065911968347050969338669409, + 15100284614446277058846085121308897497066957549089629374506920751044105723791, + 8493821960754696376711287628276980042183127459347650448500304251148421115590, + 18612435536889941393944858783110719304584209891406420832295898519317994950798, + 362101794940079733974215941991047456600874474038781578925062694203564740952, + 11020033081956343850903875701444955317664141075326494650405276926536449284939, + 9396289482656518627529185765935649373549564165735162258912975312413185691167, + 6879055176150676925438486069371149089824290576271090206945130252868108043422, + 12466610601804566637227883322591924115458766539177061670432424956205788935144, + 6570302110526154075173287644133038486970998888099669190857256824048085590052, + 20997862990590350605775941983360263378441519274215787225587679916056749626824, + 2642485040919927233352421501444361753154137311893617974318977215281720542724, + 18832940311494549247524002614969382413324906834787422940144532352384742506504, + 18751288968473015103659806087408412890105261892140397690496125593160830694164, + 13938622158186434739533995447553824444480420613323252752005511269934155122652, + 12878982657080117316101160964182202074759312554860119090514406868768962707099, + 13757859113119127982418426758782225628393556023865807897214601826218702003247, + 11817871682869491875135867072669251115204978941736982465520516648114811792373, + 11336448548896065624515261709306933490181794458266726453198857687608284871020, + 194970717714150352477887371297168267861902418496792228400198694925721020795, + 4999282817977533227652305360183045040853565298259070645110453061034932285549, + 17094174197873140035316532568922652294881600587639905417701074492648767414173, + 8484251464872873032022789624790167173458682056313339863651348894878144808746, + 10260366716129057466862964875306868898686918428814373470382979997177852668590, + 549263552864476084904464374701167884060947403076520259964592729731619317724, + 10052714818439832487575851829190658679562445501271745818931448693381812170889, + 1735373362835209096342827192021124337509188507323448903608623506589963950966, + 7998373949540733111485892137806629484517602009122941425332571732658301689428, + 9035170288660659483243066011612158174896974797912618405030929911180945246244, + 6458619567307414386633203375143968061892762498463026121155477954682976784731, + 12314261817227551876673777186352972884847144237148169773300066404053441924532, + 19869454329688183813243851218196625862680921049019496233616575272637276975230, + 20326917073492686652690019138603910654692396590122884746951129061818467704300, + 20403270805536666081472738304916561119325397964511536801752236086414818653063, + 2865941730880218719188224311916978807415673142487507504983320505748719154068, + 20614246027521726470902405957496110178017768563127335842405314212897493119848, + 12060194341463088508348622863463208827312128863463014006529428845777217660299, + 1128906798719793375274166820235650701301189774851381709919492584451845983197, + 19670876372911656158743764425809421400123168087389888660308456184201759209723, + 5647230694522866559497222129254930524469944430191328619422533907417776118543, + 318629082509194371490189248876734616088516535434806492900653650176451776632, + 13685970881538585172319228162662520285656571966985351768743970447782846353365, + 8283840607829148567836919316142994745766280854211662326632930274668867638198, + 8968895518159422029900464138741638511289476298837958524156654785428413265371, + 10061801991000917366002570579819627134666386452411986168205986791283562415829, + ...[0; 241] + ], + [ + 6652655389322448471317061533546982911992554640679550674058582942754771150993, + 2411464732857349694082092299330329691469354396507353145272547491824343787723, + 21491443688002139478732659842894153142870918973450440713149176834049574486740, + 20196926676989483530222124573030747187074792043523478381149800153065505592963, + 12986278951352369831003505493892366673723882190521699331613883287145355738793, + 21126146258242782643168619000295062005037298340836817770565977031890883232034, + 15509665795506578582538177431401381655815033647735781734613703976071034655246, + 6989769181472743404364681671283889685042701491627165526899522083327752110839, + 7062179885254277466334896166987547257487047183881628199983668518000910197987, + 13842521112365108087725039904948872289730786568469683976372377853164252494752, + 3830559505943186272618534143266118508463381443414165428900505002474439179836, + 17704863473432653834041116667846189591617394753001613253930974854399793083900, + 875580502229441633079974792778818749112423694973231971690365132230865385439, + 1971134273535892826573832061354985059300866001765691176219451252512658771248, + 4865738840363990164915013008693722144676933915103280504727326977328013515878, + 1148603338028060679975883868174895825055359423662532941509525326937127571764, + 17506086433923270253695698017062834613463718526046463655503742220257039588796, + 21580033018107258179208198773211859664893072138803756118939260252922297665067, + 15411900706973212043830142913959920716501447427702082030760032355626616412240, + 12219699506725448409610279620972339448030565224304464695714944121760832152291, + 4525719544192047521328360848269156485222470829314314216955024799558286708479, + 19667371373588322336224317159113441765198420040800065314868656839300028747331, + 18916925604689704279265158984702141998345424765142129953154245912230835240445, + 12789343981741773931665143789673052782408749041041266509485929045869073416222, + 3094428508959717445577232225505810354980663487713729230015754183012845687401, + 18544590634480965569098056786078005630500574069468005220462377474861119476492, + 20990087440247450018723844204951613913840993427110495085701200965767234569705, + 17552251989761134508416634118845221324472178264364440017634233349418103869223, + 21000797802575507763447855752602183842956182733750968489641741136166640639409, + 19292751508591545849778577901067988044973302547209758604667395356943370737868, + 18314088316445539319869442180584299715533304874169767778761887632882728399870, + 15003745150856597539000559910957155642193629735521291045949652201905498569732, + 7839443900003691950104175747634267110464104444913379977500178134209666299140, + 13568305490393393394812598233983935295266242465548739772708079888867621061127, + 6453005227995051361096639028742707098785560656441339640433794156400437698140, + 1420171596348195609536167209221442141824294918625468780931400849866478645240, + 8347329128252205996443084339884155586061343024498283583400215109265013719709, + 7893774494551056447960817286805128884970061671041428326788899872964096959040, + 8970476243368194065341537088653900235777512204874037182428362347342487241690, + 239049405935404678508864874854718951364753739466303321590415544572014148257, + 15772878921699764223771017074289335629553777447709755479885293350677783703695, + 5416082112919155131434995906647355834510201879607888732259087164602171650389, + 4384524908062410354304345761652962203632712291085564157560146286207296352050, + 4210984612917608245844011498198864216639269565627982123611519493203177283139, + 18816442907032290878644773027005263628136050677095986565400687355912498966559, + 21443510232279945782338486087712914668515437675585863788610958361560172084515, + 3234314779308300525339049581669531363375743827111579883853941968586490182859, + 11029499234949696730080035941750777601416171837281021031653841244636590396063, + 11145210633226924132308292113124660576759662647204939721872338908644906571564, + 4583160563963432761409369246361117506465307518522062239686649163525543782173, + 9813992026757562966842771727657080117609486122615087352428596024939855084450, + 10084171857039480706430282187972782725948479260179367780776125786119489581409, + 3874212709197875589640151274548083098712939093643165182881681226579903752816, + 21595542491397091124739711708612983479307589335640792812157875295064235960610, + 2068530815441314105493629066002923150651375034543842424822712297257260726954, + 2673459852071215292298131389250564595426361004231758522146794940265552265806, + 8591046256746588406353455230465605224309754008961178558834659065898923355164, + 1020055192431352394776887540248098706183934464205704158014904833376067287118, + 11085709480582865378042656141271006552092494690130782253913953070642865919312, + 5673844083530503489429922596812992664928167369104420134641855283771127716005, + 10492199162275168254265892158402955076490959375050993042712629236807564461542, + 2280843393156259739329331366624245275580688891778782679394848304764573859886, + 6807797027131305026345508953353882265754363485246407959111359919046340709440, + 12692191384043938397944633973317584101723715998700063415107128429315536223446, + 19818676957110967644349139912613239435706480354664804036688552936554140369382, + 18055602608192644695569077694296748842203151828348990995792087204755925787339, + 20934555391215769430553078793246717148484784880715746179415906355043590089450, + 11420705181439111353998210442417752592951340005396931802449360401461783159557, + 19878854521263746227125001670931867821366047088989510542865511663910116386085, + 8568201846715449867087132677683368912214864824182424933182820310911278496552, + 19198701614488576617610339232794062430644024620523684127268879880793305460015, + 15262122764244854433806270478871594904740306012582364033343126589996733802868, + 6412758421155818207287638337822550233376667015263373809976157264137577776202, + 17371585001641430978766734501830788427263945848682170096055857509304472649262, + 20262970042379497707724791203314262108784948621691331141565359315001027736581, + 3859750447119748295302212198327542106766447958113540005985799287718502362717, + 1172269945800307665458943534144481495673510885455899148864236015097947176746, + 8164247467959680477306326470118519335673181279975551434197731340070491876250, + 4513977811114181395323888111232002391599397736872779927267726121435887238972, + 1075250595927474080680862736233039825365918646878264905022213616210377518447, + 18658420120424372681792175914064174056413842231969276203770574969914576681364, + 17769673440848360838244654765103041739044212539359630263894092078288342647801, + 4319086204044362848967484441065231939136453667264715596505827197873119273506, + 11221173270629292820060668122527062274557317856738971635698169204652845111606, + 8635411372759272135249379415383299350267629947167809163276219879514948820576, + 926977621651476360285369760355547766944001783780761167546467658394097283069, + 17702143780592866375901805387463459229828093905183622296234691441436877570082, + 629612289140842594504574984021125242351317893847688437087866691775821981724, + 19990548577495092294245865870717186004301934545721835081514347926537975465539, + 7124830628609719908679298707909792306162298058570958688501370177898647946696, + 14620227791860703231425817538142948793892390269806790476396226159679984968174, + 18495581997440241868332244230687799183899751339442721677540757155760745277888, + 16922065056093401385376103551657968760602009001905886435813054626317776258714, + 9969610601962874779035054685661667941954971427956866645694064022029705170229, + 15281641269114187762159685323068136816556739502211864119670902056596295644116, + 12114994625438879103001132949163961965524612903017200394727056658298824651596, + 4840986177718281128440833017205097196672382395936939379498412745183060615212, + 12847307562796769659308999092658905656250954898192781948610713494470441775991, + 20290096217351155282642224215178246911041509999959311313223857240001143893317, + 16151664509646153154405691138084115125600386733136285504828908979176781265710, + 13848845391482751436287906247470303487958950799995701248612703022979890932133, + 6335716166231441585596963683321661194889815181545222079376536449814718259931, + 1824302750039354704619545544386637317858342555634601563660279997221547953768, + 11327469654081586239268713126961534952233559223228327222485848924908493444712, + 10077703415170135154603829433031861799853903739210136452726077323833067256620, + 16368073884579385814331927334821006319227867093692644942500207970751483237405, + 10621580796499573269115131164341885791299038227955222944695715163010783205295, + 2099241376651019397894434242565225315652133572870234550073686122343103853816, + 17104632243449417396641550271977294699471083572885397875525767745512335891599, + 1935453754847256492223646005402770357836971113012418013930273797463411526183, + 7492761611332930896292052363224494314920390056637668407353957465667515477934, + 16836705924460095689555600825174696605443212968244843485187771119291716736958, + 16995495500678141665340056658079449793587669420913589967848082091551329904176, + 16097379973857697753436437302681608056543122759719328497348770844548177814262, + 17476569537128329379528694049566216604638194592812108658767104922628767500420, + 17997217989870184804787026924935938133194070033518938653831611194683423549591, + 17573343771046232580761295935281170028624495346579002725814597714902588657750, + 2450087639204541254902859018960918562514681200270997307467560465282168310665, + 17288084325555056222618040923753050382954155896826087372317882602328092535440, + 21837047676579063581498107773514419735425738753079336764356909012851439336687, + 370061273472837873736743292149368449614309676635341873070086681342317566380, + 420725183996224279379885018872359102189091670793820517618337092091910692771, + 4966571645678139143731798992823327185758562224229132271884647901363447388530, + 5039558223429273757296118284876763395391635773837549121798873235133698166026, + 14663152729953724779401067486012084029581847325524052152795817923033297673686, + 7201040456590575809960214033959496417566605177095808543357813677845263237276, + 16872945504528960415453618286121813996587432836152082188694652370255998768595, + 4914824783780909279212078186433590922437371437384817332713271291839616026466, + 17503018483514413315464207189113334433424965178631599286655188843769810245465, + 4087750571011463387872022799241315348852213278729592692674275176152296405923, + 4006961923780091252337105595934918049936238157468198971234322013673884171131, + 4481908842184366902145805444001507554481032302978790080019710161108326487967, + 13532316826436461968093937893872910736305115143550039673102602344678825540956, + 11602986656925867325907196773754426955346837006705269228226729102186031417465, + 15306992574062791537454541745213815567999895856471097922112648012979731636068, + 4497571735611504561173050536899411999551839050319538712220770383407135602945, + 2571242673174714867278075260451133687893879636121064640779554188161591611843, + 7070272070524747733177730083966686149849667613589868731851816020060781720851, + 1308310289745495626002351437755820460104812708071634598163946330870933261232, + 9483468192990391193401121929514821570714432121414330663623018046165053411090, + 7317568349845215930675847155716598288688799068821709820024570206796617676748, + 1918505733423704616434273602054555051755671749253598966287072464475922854850, + 15158168161084905689406532256983805923258003804476527617207287404280855731962, + 6855540174355511438343304861678411868002455139032857270673849263857877330771, + 5989863238360846166935911112885654223487221280254816980802479355446167746774, + 20283337058688740322296928691341300752003492063748410749625272920572074851396, + 18957132189629332408653055312790838576277703952267542471751593810468444454136, + 15764518568966520670995753676429154315765754748131847346608706222194564055358, + 7192524197002826721654253762628934164676539329903087107420445743247046038858, + 142950766663597487919643890566358241353679421113406309294925836697585309311, + 15012262168187689680572958978610204856600235635916074406168861726626292993057, + 20795666834671497603181209610179324236645779324677512349797033323222380300794, + 12650341271833683789775531792948185319868795529390391267833516836256688318306, + 5597700232877580665749288204589530549415282468176625525368428476461504532052, + 20949303924691159143653175365242293984396858344688574262804199947001630916385, + 10746523145835332938672833282581864816136388045771578294905302886974358762209, + 4998982766221590779170630035756820066555357949247521575936385387288356143784, + 6936999580131731861735955554005106460473097800566952971315565150681540640020, + 6670695360676548472482680016233507548657051302712214051977034166870814430578, + 12210816592786563975173850937247594401582085430897698766795696447223454826466, + 14933901149105284237676334791785996160108290333321693498322435129559137152007, + 3848529433916624869590379003597911090976938589461403388133685310398004369431, + 12778805225074604003024964969486878839359935515509480774809299341511161183802, + 3288267180428684202786697419666969564766921974531343432588030535602163038467, + 1272672432174256751826350693883913844502039730140570583479554071765667798207, + 21130828804874452930669244946376257892693846272313548250936991077452679117587, + 21254559353072473881932828401787134230282801383134765683324465204971002861493, + 4116075860631781527931204624078712926526805345818156200756399332393348685924, + 17435888597009729827411190999389277840088354756277916760187756022854497211746, + 15837398163415665169712832984380121382150588321621493928953938599666110830812, + 17988638446757562417082379159769772097890681265659458369075768452342579854303, + 8144561030363576879343874888624208577604401139613622673042754207987577727758, + 20020299925602421262203305284307419339160247406220693128040712457114283033661, + 2945951415037890626891130390523013930737768652394758977777336357159436605764, + 1505954324723537402640844232704189835623922400329086438898375859826553573763, + 11851584491756305117491374581845512067704002072833714119284164514457248861803, + 14471204965036278214508938537949717553799007630471016532866101610339050785912, + 7163557293233604902868673807221391042191134560333950452577270522828534690707, + 17291625782465108601367695465389799786592304061550212130987221355832952230827, + 10240907112109243116543462081552827576656826251172050843989873656917271396422, + 20702261919346727858635106264046787321170414155594199951578791234276181642650, + 16678253307828004252292273162411388452019952018258857370242272543091326285541, + 19810917631941180098047817620026253706643400683524412974923209268916769874447, + 3357220165225360610202375608872621445880880830154732998557832689480921421791, + 4392285438534542495332422274902727975330102148971785438164412161504066619105, + 14642025133729666610167675086855441462580619607677226879159952689184960379911, + 18142623439987890999821892559271093087005885278955082040377769578204898750505, + 11769399023330099592616157336702104329646487200891911089287290893650532639221, + 7261353756299584174448625214367175510387913706095214313669922259027644778060, + 10406994568199070863112470594593301582798997458844791396920771226539013327304, + 7475277967562870216712397220016587384793504784585573136176313471517144184018, + 9598064630327104406929367986473441777975480987434868213697837347643980267620, + 21137410002545951849752865514437404724653771608225272412595423069852350320648, + 12345612867231779996383303763804719815752861524077922121654106906093103051400, + 16461750199070055335468534730937701659470268635084522644824623393184528879703, + 7829250842543018165409887731515254191943527926556191989558018633300783421935, + 19801151644322693878208767560968285812646931156576102755771403150148125880648, + 808770634664491371274943928223981161442027957963181999892266696287962813461, + 2298122748772261447929855283951027113218922003687701626762072351622993276571, + 17407798064458858450209051887305178872029674498718760624162479511390762310526, + 18585562277464562541666582720366573863334618817908062612923861658144918595030, + 733976598693219656339731904831283238690050114241501938501377743874139460889, + 11316063986696838098122262534148335669847478050407756877728672233736962269417, + 17614529714381496379478130066245111825610297227468263851608027100133421612826, + 12110694197729365219340374599835523099651939156213930558791147158357810646901, + 4337343008663255658976574468931581484970687989356019720784093082313510905405, + 1379188959674402095268172673987199124815512095460112504778179157481327937561, + 3116148242507754420428768481157196067508084836097458698846114802493377512591, + 13306507137873332434793374848948087993544118494881134631519748904811343155566, + 18496878480807017010077624766326681523549495609998881196570603040242554712562, + 3940126764022508707486095199473913866137718790062498893812401335738707507732, + 10030078765792498033316282784150304209584388923549357286679864120250994473810, + 18519871685760382462428068450331593474924737719734568498029727699878543899254, + 12599428893576891013523136950822667754415283296587096197120138265392279834128, + 16038578953099895530943034305356008247313649524436132877362941968861459073483, + 14319233878082524834510736727226054073026413911339853399113450188859080424272, + 13710161613540579690732775978855380876556751245265568031703536595040993113748, + 14958726446649273856607176275240008023824615720456760403465034344703779274727, + 20935428111942360630758629263346308597806819928838924586682307174931367773605, + 5826394436548487315966647466017047216786257295199620110266250301500717796281, + 31401797997389676486806123612280306684597605608110075525648021056710776011, + 10784171495708237485952707518956314344821522727746927291389338644844400581452, + 11604345371765580191117799693565193618158448665352599382713281103552305960442, + 1378145039624937931836538950217364481423707761527018494355648047365613434790, + 10284294167221806561993937798090888689421933711157676807977401896199778472860, + 8233695574758520342808807499924062869636681352769371531557726871630696672029, + 6570581391072134029876349038190171593169496519436674767949949730275868319732, + 4026501263908027819614805027945064360196399012004574117767831931274788631138, + 21091098569404004244061462065218203986433580687172854429523306262593782053656, + 20711772916118045406356429185975897495222240215931761100801599257137350834799, + 3165519312799351250309462589160165591299333587158531489859211268084164422251, + 16470663723473939739601217501478624726068461799539012562455639586886033078064, + 15672299304945968727435591100602007503785845873606917887638890765525875123857, + 21393538327627889838198844493522533627143658125568123117776524944297103649079, + 7688819203734248199049004650451546300187194458173935784579101984183800649342, + 6609663518412297884695057080546416278366560290439222127471462938252865438638, + 3476303650597281786976907813110835564442121684386467570637538230409080744769, + 20633582549754495054832414039299188930065286005370053173386561254823483851717, + 18067076834611402459142612082327591538480657933568191619109271502102126814407, + 157209609820117793892254328219308970217366919934739036156851508233236414461, + 1848396116513925340973398423998379465460554039715233953825786874352442451413, + 188642786730195655565401615804782553245486295156304142809552609651873793325, + 540089254487190924787439362270708251103955915909358626209177199653451469720, + 12796274768956950589847157187031845061404119522843128177103898080653493269942, + 1785666356337148874573621868025910291826158842346617719666738769156993598966, + 20649919247042517528354490854561347316237285929352042389729444382153378749538, + 9568390566108569727471722677925269460696523515877621230569682954652430518787, + 8590683334740232786825518158771304803451657249486419816607179533515442407283, + 9321198393538172042803957409292145345834077448228642847843261373640165958582, + 3651905214805616378360839954289447530035139753215923648216350128870943481828, + 1324345422558073117779462079218851558068746895262914344818945294328678893083, + 6666363895154434021620869731925915051086919707989020578203743660669796175288, + 9850757893972463103359995012900314323213006625927501272997539940766979170137, + 10214293226445704940138790188111862069675188797488928722469679760666574484266, + 16862124085118494177559484642483513597285992646267864845521573612482278871023, + 9172340118369291059693735314505606817316211450324955429310200429408035954801, + 1968992755714619414656181112336357119271845800144345284299978250769356388249, + 17192498940296212027365280042755701662136570107224000496521552617655679821443, + 10063385968535643122430064779260670089120686456635080613693015398478175344193, + 20101961459945738562625328882763768836449780661345042148985756598106706734632, + 12704305975772252539534386080950631076046431529894091327218544197389260775334, + 3008242816727585639441748210631464697850194693570485141354082562181236010097, + 7797705698071555811456747812384107102104184812467361013142453143842134807658, + 19323240331433203844038522035479659453946066968727795017745942269828428751105, + 1698137797127320576751729191866734754105401103859852376273763815257758421427, + 17656850887825900397821271738817912328294075224643535784810269137125067875996, + 20755447986835730799031196367323817361150623932048563112034040627213597261325, + 6221130271964372280138992636208062417325313096379273438539556580491430711297, + 11042709376363248213366896208587241517252100440844476816212498352999929578287, + 987361321094619571176752720390429919723900732295551211263814448408232028205, + 15077982986114392945859048373768437818569856001604485167476360943078774679228, + 6278894644165961404521866714059972066255652200107181684047812674333675794053, + 2649747800006903047073625320829560088088800522557851927539477888486006072675, + 2636278052351769676017824297717609512488651850924228608531372135635042762078, + 816232991472315395984098922575496846552245086608787214581606973359616326446, + 14372687274434205592004117128588852491871014819273428668840779210928924573820, + 7351401720390274950322621121981079413650308506660552567079785209176949174210, + 10275293929161727274572318228903710245677747557851999483919909420098936352013, + 14869686444606195206734119702227763209172799407142930791211203702643805341518, + 937617196362766626935279232045712623531859540210120280128165029613358941709, + 21331527351771920568751070369057714014285398281585036009305608379072813379081, + 4305436470381074948146072259605215282335211631970525440530773004228212378618, + 5894273721571292784412707230481346442881109207745969297947253583203466014760, + 6512250441044591603946512492071171861967500633638753443182294740883123881284, + 20863871952569294813936866452848141274047362082838805921071316386912981651979, + 18788566662709810970880679984141390717017951403407913908833463086244783373013, + 7784927597396249543149135503684024377171301321636804832597181795981969626201, + 13818519831569592521516488188127966399245767953522268350556654747680372036664, + 10515208647860053151690062640705322684876580250632027862984821874343071549235, + 797604926079325807488629085866693514275115789253871397971708541758696512985, + 8741784289526985522570446847275649913333939699807282742190607491216732972386, + 20966712704043418981047968701828936463778140093909973286855779694780086635828, + 11359697297415630167449040380538108774924967116147664240213257348125754475868, + 8070907838094569287067982462230761680706116783989613960066342967469297961118, + 1868550288036217638713133945402464194193242298015503906068429633793800456561, + 198709459347510170000840600179608479136663571567208109852828485236018304733, + 1601154135701845545733926027872374554514541574822026314034696802419388627041, + 4363994778006302991481199477873248350039564117453810275561422974475581105893, + 773054378219982710451611471050404495804413666789496412742983455527754059148, + 5209426340109575519362014651321132459061755868557415513439993327176584352934, + 16124961412020675839394907565568143713078242978522632778625312854364651991011, + 20812496670075231301471694692369245988519082317145989298573032859079075730004, + 3312489967581906638742585802390894285073229440039144559060030129184388053832, + 2967475373447822846542676378804990140732835322255774209561143670843223463335, + 19744585401442299381952694102570931935735276268739851233412754166721728873141, + 20026293345566344685499234599699178313754630774489046573312844763673073616936, + 2611303659034102517884318354550433047021831422518437228002960700934925644951, + 6230291832603218406134986471162106408091661326026848531605999413028246206577, + 9126162046556730019959291776456914453189657463686708035601186672661595109020, + 18827736146609035067773173111376739253733288103277133456626928961785293662143, + 2328703958261360872869074208611873245571971231035163763965210852182760438390, + 13796410059666172174899788866809560044715551934510722965495280798363043241416, + 1593663256684781552813616365605526150610454082601584196604084376715746899324, + 1565874145189898288764434737762721576951043839540107044892767693968417810945, + 8709849304563896945461696717753976956465219721409993781555147204068634555572, + 2994256803561260177499267243802460581941891553208150783951937342406846377191, + 10452746656507347152042187616753027475507881362159944564077673851918869542550, + 20130580998875572619695450234900655050996104101008767761546912649074040426200, + 18926933358104691474037431437316089682088433006245222723356764715400831411716, + 3783551594057498940671877156409957274854990650480535806320220142873170375307, + 7919031943604095374667473717154511882451510130166237539514111182596247372692, + 14518552587329209714850286012780632801030157943402419401997576700600952906519, + 4770764028263701271241862755569969531641408032906982530346384375773459918490, + 10866502826034731763529371496585294375373238783964914673031891984092997621879, + 4234148117462322266937279401468367908013627589417699250592523530383852950379, + 10747942066055887965185603234524367638106812660210378090215017248140719240336, + 2587411532912868255102795810490361867789634574022411742057853375399270197531, + 17350061113113681344498080520518808976916692173267298878258722510332360424059, + 16490282364669098969805528215926442920328903121380947471680517193373377657129, + 9274691782659584680377375192682066090127280485689527337429804211265749864190, + 7630965482352419767782717986075793694403609453648729580916814032587325374653, + 9483872310024003776681196467845329825094379763716541754956796450187787638623, + 12182966986735661215639970080491757244218854808156498220088212871061979325833, + 1853790963611367149183440339188924598268644281518961106776656221408171642714, + 17425077915972423995335545370701802959607559878032910147159424242864219303096, + 14571075346526399549826264845894977639678567831720652860528738036970272895919, + 5627701855249158721927849603102149698163511782011562166637339712383551336091, + 3620805686755372260289125555061886982808014642356719556961142525373021656729, + 11556995641752009899073583627136467840237831247117281278719511600076965602980, + 18960242154096055221658318882298412299294886669455506299567210308762501113202, + ...[0; 157] + ], + [ + 9174141306060971809979631725764298697615039980311809306145004207410652431953, + 4847693924685156250211477469465516228032151306221739650606132660616428517315, + 19669833054057639609249840291533340493211768292967819468538893000195036768991, + 19800508893433268850924828171290876015556093796000695603651522426066333836892, + 8244699449852279148780456022144420353408196866113049322676048275081354214716, + 1563672068712965454176533719400672258364596155638916268717470967009721945171, + 12723223712027468580318230235559705540011996847167975439677647504573149248849, + 19944398841194165937952509356635863229327574447452745793253427406349161295763, + 21218058308392585368594275702746106483411305671883946244077923955757637296177, + 18442884961885927579732373746933397748806426938144021013884176466434407012116, + 11138408360119814115926439449668526422561003790198269766757675305576549475808, + 12724564576884231109847024566806896391934587839830522481308995309797961575379, + 4897733190252075532660075013731462724561461746919488679609618967302541674417, + 4797748331306263412471031924618974997396620231469532262170060449304337691527, + 8626839560132907403537141283531395025838110825355541158539075100658769738351, + 6096293906324574249636975851522292408228519044739444932687579741964974917617, + 2351617695830568421216396081605990689071283678701192113347036659596049514149, + 3045682390398203085155257535118136303069379656645406266260961816947178911890, + 6935829264874515341379952008241845470659188886156484974987865751370715745075, + 19847439266968955911971997829840067368072860877451092633069920565944933744280, + 12795097343831149148337906863235678514689648096503928066579129201713661539889, + 10424580232112390318877053133877999442988769389050776486274146627765228950235, + 11651452649618223740363812212607761589812354035139843126315028745587570714609, + 21307929358023177131550002602820591970791247513576735567457471459920519084552, + 2579908580162153663820021562014873149811195641589016321720930006635393981680, + 8198198178555784054784079137247244121807775986273563786249987394640289859893, + 17176088986876377315956611075288620878117708836881362200541916957398026761276, + 671389874397910339333118510595007038137908096657753354622355890021074216004, + 19161949137729278558310070194809106779119877882343914445178348849980058405327, + 10827554013954037091657804154642286174226562252063767377995268439458401752538, + 11693672899474469123468133710607776304784343543318650064064636202512816205843, + 7026547767612627656560992117440221331093280829523426249915938274837157551621, + 14422968137896343032446633683271253661000603582016449215470992885331170459671, + 7685352543184863430081115767111935982586458632527708735083385591291346555502, + 14089009391529192464370954954330128327830078875414722902347666490457756695535, + 8424161061743752192085022963953944100289245618074575727145394775891645849043, + 9809236779073852557054640507912802523501426410996355424610807253990040160483, + 14100245203768962710288059230665566265892855964739454261791429988929622355986, + 7775683622333704945225255741567928967674629526812606133980425422182282014012, + 8739247215686497264451630351996892836638898510934389758205488381695687859658, + 9431876969679115468275053745264413939426444105271849398322497961102606290132, + 257914055321743732506701382989022126153391940932933566664491918941925247878, + 21801414068435960590201256257290267142214176965736081788536576642934903066059, + 9465495933537134443327560834432669768951376466867005153580146079082722525723, + 7862366214258716333873810314803222267215825847232397599183717032713290878315, + 10701164906390193792620967030790214270231326273599373762943959252633779929633, + 11951628827727068395937910010248864431667047516686609553745879936868276916066, + 14268744039571470490378560085356767818183790841094115879980723591887874138419, + 14468215915818797151199796266933432577607248341385185700017147731054148927023, + 1523824033338639123415809477892820349580561577160869448927791050266158538520, + 13559991428776910947424645696251487328999214391124402586267086012691140984198, + 18151203063828433535061866995346135260543721730169485344610433976436663085882, + 13436242600153492361692256644258899977135098134175123174795293078081801647137, + 9384556671429507406657070680351030238568956203341356106463890924933167416522, + 20321079285577981781556986944841048777999006905303986053275199507771332527205, + 13510502130738135726695195328780836716597947131948116750163533622597187969844, + 20903049289119144354363108865308751668897757360882852151457514926552553533040, + 5611953645512225417723205546533389174830971368309601830751921473015551069534, + 8816886019615642422040038431962872654062471314244185285424018745071289038220, + 16751828354835345790163611999302863949792305206769993810746019449909446216365, + 10421654749141018171116296259626916395875529220250947127973888230084671091757, + 6065225315766552671037285757918350882361743810888619479819895087632281975681, + 5737755346739850738724717271213687543479332312420206954339242459110768587128, + 14770522272891919220644639305274656491731294860310497013287297810648680944682, + 2777394791070450473479179489594969793054480209411136328689318984981401732197, + 10039559932930709555975364107098145624058027439566384376771787183526929807647, + 20757756003754261934858081777796652436155530474748550156383127600004580439167, + 13253166894715452480712170898662712132411702335275401581167208877688374856806, + 2037004052447343668129085129987646907388123739343356363273464870501805506884, + 21829471491172175426560705585746893969222010633542962882847909490991398830669, + 5130395545419191392223692116621486075405299333195732914002649716762739787586, + 20333821730990393095934147177227294218344864602777744425090741435432040213391, + 13629653802252084129446975515814037702423511189484562534040643669977716900228, + 18489091892360842692678715136565494502607711254719045543684163289077857041829, + 21380328601365035012832876315565064374684993115210423862017233170195286906080, + 2280052193465635727584791148501382679094142036232980037838088033232747821762, + 21415541711468815972744677841317235994302058341802530962394281077076174148777, + 17146992672828650459975820445250769505470616910596779130798889014378635881076, + 21676475584514120109058208398560066698690773910598518925936412952356431597439, + 18337052978997482578725645166749278142628133291693686105612531426715865276143, + 14864089429815580405957698645045711801464462794754089671996837547347950054532, + 10834607317840698149140890207826430113987295440254355899459691878793978994131, + 1157143498448645320415276909137008396665083714591338741616893578930275511205, + 5027542104048754930085470328670427788489455916338375169351586496298129661248, + 1922685817237874482932428650501872692326329693528175054457715565489676406535, + 3071473720617798005831658342971536643616129392641449174655528578463370685788, + 21091078808046042460442535848913779439792606439995062001271357804782672390627, + 19773167374024045118471391738750949555178717045037157435777574972149053404157, + 6418695831178793575992210834992785624340084513619644969535805236049937971859, + 6317875495482489567338519005308431806047606843913867465201005132273298011425, + 18001249545956637376455848019549801116909661454019565655561439372098476761813, + 15530167556609139699164228289904946047951254183080358784988008899829027775935, + 8702757129830652230304011519426558036441096750485189115358314568895250616455, + 6369986882953061252605652398893489899416599935424066958291402945530517772170, + 6842894437627604179732847187262933342846269043996061072487488027804029200046, + 20951621154051947571647917571547811655800779287153833018533872651413529893817, + 1219277535080749134805291725937516331501172121638812333911793209536894469364, + 11704605822590166851511022757496386950530399074796545751042566537118336773236, + 5983427701962592508775640503988144495847156070437130549832329402380170245893, + 20169091361583397776908351163571343158517532527313940288212943504015977979442, + 3347733015762117176159731683196584632702931062411889821726902331981723958255, + 16217509027282489850987935065936382820558307489954122630844029918951230268972, + 10781269196927764524006466217779648732772805761839205677745819812868343369087, + 10568911823766972365218731330080733630028238366288098114239172953421915095075, + 5568774544682750792074131352530555554984876659733959079036284517928264996437, + 17854353469028651373397049175548228061144941710027186166132671198740388767529, + 6573034112757039329551886086829829282007989555105157401271097204633906940776, + 14069627287078359391137554212536883450595451640858724555679971658981340584258, + 21119713641590541511025673864154852875977162278614553796484277752677323191505, + 12802116677235410441672624559825044917295689876859311183079161588690810005363, + 16037054471696658545113065872215787085337497333273419984439267709950724531124, + 11698654309680908244303850432833183602706804558317993513795996394673734185716, + 15147889780127043019188099948246961619198549928908180192590946633702778981583, + 3657342516407201801006680507925024451922115018712017224805778401726428603983, + 19776786467141868744713630352693556348834540992018636838044610844396164981103, + 7980994848490005281733955776875257044050741738176865989521982608944874160873, + 12415191330803073018395217955802011585094769098717180100014182475381600382452, + 9300986814650530426668152137665814177758578011365736727321578452726378799933, + 4412208980274764197258090802604347599791567698589180187154608728755887977460, + 2582317668924231956058541757507620542434237159213236485179804217989764223164, + 19860814395849792324574773787600734118308975251437485131415273418632757301303, + 2765909129639570206766170018363951893338720647679193401532780051354569922989, + 5402210382809272147099442645489124829067576777592680891367494969197685281513, + 21011104174655621871977821285307554463403659856745964274018020456838460357574, + 7018364707286303918877589672878574811337524823085078243421192184715151775983, + 136380103284908296988715215087018020601815024625535396780012012453684253071, + 15953315437474610448052466140270091879233956524793052736202793153707558909889, + 5912305909658884889781037379491781973092020933879206417274479331390062715252, + 21575635295587180789566592951559325743281772394055590203112195979769645712827, + 1541325805478255472079288730846072146731241030100908414806224735345400173350, + 17207219201921814683730773200330679841907450967511507012179337438654141678023, + 18266907794578843029196926509122804272900478710738403531664855427655744759655, + 1204224895193276222782842236712348692319665277014183965830735736728887994581, + 4023246588034712778784328407820569751989619386134504404739514704773521558127, + 9064437981037864995763386367268294611921404895425171966596873454090899491243, + 18733802217274421976148972926716884457128521840010001893311936746027998476583, + 684088380644531080099595788833220377905013807951051638705160997709156627273, + 11994830816367980341637110785269531718699655485484715851375754143223090344544, + 1831724566362300629700078416489434571462666430381219293205871349415506993475, + 476710745682537342427691635955087951551678644045621275039835625280220347951, + 3586272766499559446129476613035465343616602918105042144185864609818186807939, + 21220348736799044560439132291243370111879983677197111626309132298278891334631, + 13683795063599185801186093771702503913590598475095473714851383723199050309401, + 16118007386401646906425171859166434660243697555307927508268622819509657450614, + 20930641024767526790605168032291665313905337763598128831404465184891980632233, + 8098646212401100552303711812039666794078834386731698810205195111722330322418, + 11585783577173465460243373201831086724911159484415020913089605532852648999143, + 6939053275662244505087635417541857793206828446247848992283188764105131966721, + 12798043540382494855660472922674138947867597503468216532170157050160462426199, + 20713389801600667412553956346192236970217099413304167366340548074880917096741, + 8708207547232102069057776099666995672015399188924281674772351753887161579745, + 16016293152251662056020528248861487281148011452459422778601663166015837379163, + 14324897997637439510797191208789711173129460994362368408063402682894248793270, + 5652996184880208428967511742390474289004021508049280419259474250332590598159, + 9877106633097964013050071703002221796318046172981334418310092241450453368579, + 5385816971548914185604875069230499528103133871233951354186676373318036241822, + 8683091293306949708478955451280670950858818602696102489349595054818146782362, + 16854975838650963077652189417311897888852709425835763860743171659164792100482, + 2485160816649177905834265823672532710299580013309324666453183278408904845122, + 13571692148185502188613896013359942531817915076247598483272449919094247957149, + 11899399615412173136098732970606292047945698835588882297719609812145308198009, + 16827672312681684936590464376780346837611857292837989006980972390576065571472, + 15588237822592586948064701827497915157359094833395277985658706133691498343174, + 18356642512438827417103800170157877145465512961188328254773957819312191285168, + 21642368145757804795143182901389223409544979732781450480847315495418822041608, + 13104082060493963869934085622104709047787444250961437496674916673804812287386, + 1561532086277971111804773016487251313460788916643968126116038406859074212104, + 2718320602791009266532615731130512762296058687816604986701989820504700684864, + 6182683520717583142027400659687593712743548729948584058329789905227082638908, + 5757242145794370726637363237313640925174531077560764545993554185332488520899, + 13688467192244237790806289073845563960119021610896694359815485764764608925981, + 12528461541936459922472167643986446262977222390263675720335825628163511159437, + 4897268894447399415795897967133432014527122426051771866816059363418177665482, + 764332419588242767884018802335623760055144509861323437945071732931233600264, + 11755468878196093893190753985692714003062307843033761257593209352165323938879, + 6006022813561851182403581780143813226749481175437001910923100661321563995672, + 13901542382190510449243772206670622017835690746895066410475076631498053123535, + 17648853891656481911225897080296737974064729032668806126284849597245044343224, + 15106333841965710929952896897521673254279668876709612770907537801609875568099, + 20899315415025260484895459315726322363345188136910564549344894025053466430346, + 1409310408943258102775009950750654615881913956151269414096059752250092035807, + 3899088673345731523976816322438172722785832982334214339521575164464706226294, + 21406686765584824639201351330529610299177537976609066339927938099572420696135, + 9121591670793901722224770893633585291275002987585289305307167711146944200595, + 10711764678410479049841945177317023555168593838022414378232020467195337241279, + 6599257303974597452501135281719536074294806740553273627128065549267140155175, + 2142616913275380526921597026822750992917222975992774063376747381991404337593, + 16361086527663411948363284957489078505159658832010445114438602510508720771278, + 17122647864721668762640781848678028227021534122268561738445496382823789619088, + 21708018685042482318786273055293241752114005312590172460099480713746031274624, + 8303630654111760473056607545365338851734309857718959193970615705292826806179, + 3658686547507488906491014260011151850549759409901579684176172268581462329020, + 7720024124908065424512743488999250878143598904717873371853608249805302871508, + 8805244918657836956533473437651380347005779399042661429698187314657501156241, + 6303681354794120075893215838935586592706844702088252970663343726024171795351, + 21512507181643408509426104627003618425209526633080701556628608990726677651135, + 11835373417333287523801757951049679177935522717858158305516568595764125190183, + 13059698839045014411602727811400239840163533672024084777768305507840091151855, + 17635240655824524168378284083397931667938326555447077097306236826752492079430, + 3374412791113107178205006579112630099131939030015047870738873452427211677886, + 649711083340882271985565833699379436167716866997851102439037906608755280128, + 20002805138014565226408902156524463368767807620908543995020210484077706418135, + 11071355197960433041624284534649121637702414580710232237233568479006159191217, + 1105441595020980635809093220782460032826849883993030969714432603468135735502, + 9652765957610682812348919340146799318537766051849796416434577860126024594091, + 19248299650856496267902926731608572596705132576830681367365128976226233392929, + 15285802367070100569572399512275861017714681455564415244982064571963339715277, + 19970416835730683993734843405673457882587154729456022607061085470691843864556, + 1017865638757684714433500504002748241987153668285974836527484933462490771227, + 17284848056169793253916338792235498052654877955690514601079806604278964099314, + 11718277105372928962350331838305733149270432706448484259807630484543527733952, + 6670793378364949883511003949124179112275066568088468958915163969545409700112, + 17088789393958965094855662340742013087397643056458490270185660553870734946796, + 1930788514812600942005320214284180860980345276633471423966020111188605196111, + 8844343159753729614645407314580317697758296041737296276765583948670245312842, + 16657939543606018325703787748629433167511611178952563626096990460124133990109, + 15333343644239485619497914931918504163396626751908652058758135581206765801100, + 16533875915742793452819179569144271760125646811168930162441077117553849625884, + 19679534317472082858641184998487299940737032844519038845860980362664393659234, + 16385719932525604857740698205965045007053424961009717093945644387917936681719, + 14490521084213123170781774542655088188106794646066074998587858678154251198444, + 6386781978322405984893078797365492485297499058328348606653460996474947075858, + 17508047533433736707046937662428611868296556965172642086594091783148965906980, + 14904597000414815084666285064575232635645852687797347860862157463159487771060, + 14979972442969995336727018758631782107138089738395941038626891064816880204567, + 5299243186271864957800928637599294208954109271450189950375274196644046222516, + 16189884555052883188473617525411302750109401983487269295700675997730645714379, + 1645560170870292006287241616671417605853047420339675073261660626733726665673, + 17866745974872498136933906591373095763114066893081150553715211393380040095383, + 5744849574386643500716045532645657520001448510343827372577217716983339773799, + 14021966200238971589811034967347517039341058556783068950884921208853167419283, + 1201178089866013320759085637098781870734315826415474628546655403142858044361, + 5875644793836087035760988842421852197052681650818034527831700615895391179258, + 10875065950479466897559006840696567433921014267247530366235539292597441428702, + 2221662399199449388725697795500999209427453463134383582414172135385907744785, + 9758513532658579204941116584445291102215928928145103503086996542188799521709, + 20879593323317766577775570558015407573466986714590017262168011643343469361329, + 17225846522404915080676699509636264825833159640824918876741681229188434930856, + 15189442986691997434021855855358620506645387296294217783597931695143376252483, + 15973617135551858849206811241799666696907820418171736027820254766840973764431, + 11888113439449420418408437784450952639345990804839507528208325036625374967083, + 12365920814385241227394825974928370916184942218042429533600397623369545597697, + 11966175169612449906889690852332416255478894176917636726028104087408060623141, + 11163554022908212145274813635928762748847331295589087669583554722521180712379, + 15273476004030808005186443499782264987539818978741159793745891769358221570633, + 2013969196885866182480519514425192091338553670034650196068995589691938248955, + 5008975446746271526106846692137145404766553748264648461545948417006052208130, + 3926749194225734582453671614337621250954608160208554883789519551411469033731, + 1635544156808471185144068767649088695307748439189898784051754434524720057896, + 17144944482517962143604430553750908864860079758005337246916094084534304051981, + 13823503533305241872793740090687668844401004819859520464168798913603662683770, + 16335911272023134851779534303717879370955813837529588982953758998930285394340, + 14467284210444150699969889681308566002886261365990840091849371665183151060295, + 10578205764525658336257882813734672799527733392763965031628376897794294290414, + 18771425328697137255453620743509164311086906349726510394566012237817674245865, + 21804626093983212038528370352039806004465345685985435415809095637323683466452, + 12056805308954301132385034564357716323176447186932453788072119595595483786736, + 14307195735327805282612857510308008767450554777122724855715789120735513378827, + 6848201070063637295416045855906784325422580350462489495889308309540335269587, + 631364713487758647973016689203003205602593076699875191323345338325349259049, + 16214655556434201961140525501007839859074077768660052713461045928979956365067, + 20940788212183642266181811368870506130164462254923655617893660245551698033523, + 8257440848494309435270838240795567828478627302119374684511017376568090372435, + 13701089242130867705897643891164147923878521147124165292045879194108024940909, + 6895272953337895406509859406973110417619874994579965619097329249292199573333, + 530437169778092455975584310016745919549274205817234464915791595041990209639, + 9008612822403008353420189298381046023002474279157557733428254452507266389025, + 14863423501786052071018008300345884780479084379412157784789951872243409629758, + 20091026239041315645045502002997446404106877721183777765607724358538559881231, + 11103877261161399045807234470901399725912406134008627937945079980590775715243, + 21529163495181909351665093277427712610965764606448489357319207727176092439794, + 19540446772694448035410067193880900774391072899517686330271100773183944540294, + 17549510450820803306426739851959754252204444648959723652883552677325100583689, + 12252518814610348662318155253547558779974557529822012236107550517806390105567, + 8058115132085119666951861652409945532276905989404523986413207631657437321956, + 15916100116790431839835734530362130437167135501074855072245598938219364570910, + 14256533476494466694764843270015662315303617568641801280831873052211753536970, + 17865471381417606502707639037418669122823481329049436020149405646709537112534, + 14015711483636570179335132940981982618090553643653746531174110949872682031017, + 6075776171664976866533080327142904134938121198707020111533599997509054627652, + 6357981809351565370498807027309828058036389418343890944791766504532174516243, + 15145296985037303761634018005118672316118004891352906450983918852209191841446, + 2473672396516437070485250176897956191104549656554290725379242542480862701754, + 11059085933391482002269653121188853142706883316754376424538662772943167665341, + 14804069155713123448375113552227724310276294677318593116834685772120057819258, + 10146378656966122923223443263705119557842694560695035707977826044606938090895, + 21828309590915152213768434346306434851424116996828875020020066586363340244814, + 15568879616082229996551157805731419126872501425454775741945679993142071548779, + 17504079509060638501918729619244098692140123800571022969294759717277257664716, + 2998311560047298465700351970612785742605093777116697796464434026101441410385, + 20229972737818088327107446854254558628041027965197447598027135778783710740259, + 14884874200763033520375899992902136897590350894844904733314191389520252900641, + 9619409751736964504139815024141276029474791187139050183491749032619248817404, + 11534029087676783672833531415041588991838838078174102967049055562568798961925, + 17106297093375816944137015955705541133308466659538554159312635106186252148471, + 21676736161168806529097919794022110433487869702564846859065695507460463414524, + 12596447704589377083704857810305080195761099125652005594925931498073219198049, + 310943124066162607352831846280730445558498286205117614171844835745706684432, + 16013029710570597613246104892930389004941711962070683476555063566372534206859, + 14282564976066063966062366540992448474634085812789771416509095817495183298269, + 20757241092771652500911491636894210910134068426068355089789205706892703219255, + 17084251309147907751212619949757520468224028014308500329099194408342072624132, + 14680350698112448759886861002622963534698534998651150537754386791270019720748, + 17739512731440543100681958009173086667000199263945053345384367808940651002571, + 8967486063900234709994801661246451094429250620940593387993430620369318619734, + 3906067814916986286272005884942051451306945488494283077675304366798199289520, + 2517004675157816404807349457307096161030587393097616279110332574293494030636, + 9995302877359286298434340810356550712107485295049220989690824504445305103587, + 12849909876017357260683411536833847986127911582040960825577300322066595609115, + 18074515800779889507358182860997188274134395074469953155084226981497567860114, + 6692811728183968363967959295970424292426462800383828091752006855360167264617, + 17859827663908740084792157440799065184931609649811664442236242315795442091367, + 12243409340804252499520308602187370739653046835019551522661290645230850934962, + 3009118420068966587115224335717185828292538080040896739662684632413054772046, + 15856202298588272962175258696610233941787471472716811521132004805327415486141, + 7549804594729480554341356998842376772514802673462970334329441043324983960866, + 6390806437030742378988258255983502109201709511321162596105974797942236431761, + 17370236522182003753669946647208335160124999930136364231371998757664000198520, + 2261672244214630177095236704932243497157963117166120717011661647779055001646, + 17325026196605130064689259977831126468940872193987407658419640959345091161632, + 3631641025220845885502691330008982895233731506600778684638817282531001457735, + 8656561399441987116927438675277763317789561532507396244334062468892541066084, + 4069166732330197412844703565599514109399373916243310212229125901351402003915, + 19808198732373520522982274785888742523226720967259539531129335924093928174880, + 8555796834031869022510134190573521699378201702450788201649007358450530423866, + 17759660636058865290579521740750449606781204755231964378855563896473545202303, + 1335826395218609619260020055566056869243760115287254209950063597653055872566, + 21596200365241795669701682696176077888309278223833581800772036945674858315765, + 12619752319673193899296833725747186284394167228468888029626464753793997178599, + 17420588547980145067421969830249755561311178399975476925894947008643385243007, + 10337481272389772505654575850886249605422739785111225132545740838911222864209, + 17928431631046752749930349099366498612885288622404560316665023363985966878427, + 3075798659324203306711977985120251896073145961913793478792728028765206521425, + 4639500613932181914847461422373341918892878975546430906324216810326467690534, + 15396322795715441250300995201889120935591602515487993982711884319616897970533, + 6391276937505284102735701938724106665734769352007891548547667448647832351929, + 6811373320779057384916660178551330838095673247430496448933336925226142036083, + 6590973140323934807800215988687710942074412987201753370126190631819398102173, + 19364648614154949386936259588484266535262135334799266379433252509193375956715, + 4702754284612371917466042550086249683933140314858807272591351280832918881874, + 1081036249074169248236179367049085684430282426446509768147097371368406374049, + 18548093223441988703029589168425055383154624592689171393242936199350770119589, + 11098999608073377668352846814752381891400020647878345005629685447730764310163, + 16001262992680194260590639872321865154716987495605624862471107193457192704714, + 21696229443869118415905915570780926763029898831113534481730746953640692230062, + 11716215712634983607563947056324900205144202447594949676250978337464771243867, + 1778908113733035314726603632369389424542091991692308812147944884836647395775, + 4019081204388123040098634987844274011285321286777408246805308194144238418480, + 3473266952388383063447927231564219811787341139731701190625605897592140631276, + 10457881304788072618845101933412333126160339089704353596608910674508961127232, + 14926101732700077295531234099443522459232814784151318061435025890154852791802, + 4036967072197259618286839959572768559469665646019907384624959071646231971399, + 12776716624632228928613396031717959431597335742467953143594165782617234803915, + 18894783424164609284436913400522166453255844750192864579927645453695213022195, + 6303809107919167113924303987533838414137996606980561570652539716097058487126, + 4729698693443803882717817492985796053343431875965792864932005291979914613160, + 1645790034267553926884568714540144778649055395816210525904813567839945991808, + 8138260225269705405100573121045873922755899939885385491610389913906979427176, + 680936760009829486282006800072001712155424246576949107399338687767760991887, + 17240357869291182045663678468827695873425113788704614245279840174870850373113, + 19100963939745621863641468371111320143895293700517367016077996431570157414340, + 16188989656090417148189510820963186890780289777598053654241741803194118100843, + 18027402882394597868782011288920739982398714370069420860949975937357531046151, + 17780529984916796963712255733293310230026423072958099290880849386941451922559, + 20004531511171838591303710792081846238092292916166965045929062171308088520097, + 13855731634251510230399834192704620793850325654395687428672253016405315169901, + 16872938837392115669581040432902657478544143723662502779821325505282093696739, + 2541555081244462826761076743762714962901590548271316707071685417008817634653, + 5136424039269088350807839181761422963254683236279333039713142751702136147963, + 19216238128964101420135465007632926445321991494181045543846024053552797518994, + 18868537488540023742258053821537824724371813776839672880900985865823137839953, + 18246710415801024039719497716350501105591286880983169809863166130543617917249, + 20608694004331631709610739723463009412162748201282986294016482926528443868949, + 11318113915971658853560322943565673154831611543653209084299774855226816037778, + 16240989418312335385576389959938922684406585560688799437547298624184839261343, + 16171299673760267132909753100946681733778389681324959987573199154235691694977, + 8036823955656422391918380552495301547890420665617977624790236120392727764522, + 20269862530534739231936251654244170650781428788816658397167110617927916774329, + 2368678892744667199202318323282128737449992006513656480477288092472671147090, + 4618078962163037429845764284139891171861860687111566735174912070413086829215, + 12695350627501306162901105159009497730633599768443844225981772758225613194238, + 16356283146491744069785034066388746989409816380917535719898337817088223419024, + 6407893217596287850421377738867081146106659458551198123106454022096864887316, + 18168868018352364136212098098453930600797374324006271488950341490483455519349, + 18352629174410142476418438008157117497168118524562206830585500251463010761689, + 4344169393287991961961456515301754172943022039566219343212376057129143739343, + 19424839806870716108478074501405697296961947409763509419111261767390677718987, + 5796037897847804302272999466834285170265203646465480652521088328457333766863, + 17402105801450379889120987010453669096275392789725153915905747267778100864362, + 15540989618743824352651126288511222263828123668208146479603617243655978402205, + 945810410725426921570254447269595873973858272778720657523509910503434094174, + 6962323734045776666289031609372270190654631739266635759799844631053633876675, + 11382945272742312954364642163371436855283161775445664525053938433459897196647, + 18940251871958826726849623572811640436342841713786099464305053400421580490631, + 13969540696178305383564753026163726563325318478290740131984853424331762285147, + 4841983966001277917879506889862519614692143906356361564304719688757862622407, + 8939049562492171082419559182596894186639203815268680721033389307282239000385, + 19265363396776097866041313346787101192508520582744521467413665478819721956884, + 337106861429123598189388456471513480497137213511877011021531147545809512194, + 251367482782327915297484770356856386307188967585026711663629212746150191478, + 19506616511267234489421548744907283107923549136620297132842391511025844759064, + 20633589633280372440758096707466273580151526293980868749421563697429194761212, + 18833062060138888612708634036427140134887774731041742144004707524569102994071, + 2927291160590267909596732410727396533948837350308818016906834558527125752899, + 7095572562193114209617459307511041110255341231707924363346373597653253806883, + 14274988113217913224290208839851596837329960221329537670822013510325939323091, + 9965830780560026128320556230399915681196410289456547935188741323403719404039, + 10333365845496980935202034863900757172839454015352626511769637076650624839070, + ...[0; 89] + ], + [ + 15193892625865514930501893609026366493846449603945567488151250645948827690215, + 8655680243784803430516500496316192098841666200175185895457692057709359214457, + 11710807066713707084726423334946631888369490193496350458331067367713412617049, + 15442364818086019103203999366702499670382575019009657513015496640703659810202, + 1358747428976145481402682338881091555771254635226375581638965497131373838774, + 15658002471767984962034589730824699545808755102240624650914676102923421241582, + 6420480504329990097173256112095253518339231893829818344055438052479612135029, + 15457172495394305353698644252424643614748461590123908880271021612601244389162, + 5745943350537490600340174787616110056830333091917248931684290284533019091654, + 3877253492903478989342845512796806320713689655633086736499730391667425329322, + 11257677301507982757739320943403112189613848490812422490591766717141506751601, + 16906586852467953445509312290627525856126394969718997799028223470195783329296, + 15263589725854108297280528692120758129000336125328939290924952731952242586386, + 21735940039489460025710098364749096267519151075908323637361429746399161905338, + 20023056608360522105358681147781839024069418874082333862551226466128829664291, + 5677500725280079960679484373333947430817198394184436922575072427342643665917, + 3080516739494460477657748111767941482024045797587058388950619118994388252853, + 21486496065617100719537932626843898998311175055335457507845650282870586541596, + 5371049178920102602305531530023787518286335086323221270202212974241707302466, + 3074817222296007572297581554183445947239252698770067839721345984255386069425, + 19180807038569629573914331337874446591506172622522351734982093457681161813141, + 16937785199372956273358037645552299688842385008757508130180245705952406225194, + 1688218397616770248184651775433764527272029131542529408516364801909017591719, + 16315958669815317541884966612581197291281164499674338063931623110684590850347, + 6218230753007070123505625054833158632732536069700963073464625252554943737669, + 17774528060285257656595928889288330429565059134928074258373583886985960212139, + 16197131592052727313460949906369199026477758140133103701908949020106767192893, + 13418604038232148873269488320329340508522225417123160144993642839875173062296, + 7265658443160253752317166706266927598319661172006072732797351716897681315157, + 17200150079219747370109251547638276280610591698078334228421747259741754887, + 8627121890622175767416692555014275717515106888840919734160364408960047296494, + 14546964505431549758350267964924534495477687922558528647552728692912697049247, + 17132720822762740343718421124251772119916072270451579802112353604446214831761, + 234333065870376500756753915306346778417056884715946003873280290982247600083, + 18375643491701271245209094287106352436174133929245169725584150600992143374298, + 5158448692161567615645197008737390561357077078129599243188536485308363800282, + 614161645152783610732075198073600394068518413590650990586931263981193439341, + 12661793104597977909223565537293318966803153852970198322604479648383643541371, + 13041905650419760925682179803296711066088286278603171065755078690359168540579, + 15006023590144168506070897325649191051975999212058008674224953860265667513015, + 4983349941266961584317889823965291023669365981564144622292227613558024302012, + 482274340065333833495445682213681402212945945150526736364263233985449810602, + 3966893131006556898236790392613869798057510088913626163333804949895810673044, + 20923301526284527685000591080290190641416245135554916208054502046381491809443, + 20838692384005825835959734210506718428443540957544929066941550833051093000166, + 8282357714606447781782716442854085217089572080066047419459610560432999443766, + 5410651444876169088887579490283094453001167796545260026969919887357676973543, + 15276966646285075387317940436655285872037988805762800567413073418506412856419, + 15066911464727337689573664613158712498015597773345106524271610486257089622849, + 14583790985054968382519116885383608902981814292128186470697458065499359610203, + 12059090796146479535492139954279038037217093044815277624197659219529427760034, + 7273811886044732271171500579064359282424476926867187108258957006777685922641, + 1463086899665237074608503061872751147444637332808872866814340325832200880984, + 4403177494620214359779479537027014449448686844655371530169401219256448130398, + 10860968418848589590932601250051274256181778387706764281989724391784015147562, + 5268786978207139542368199165627108325282167169564314266747401266496556301775, + 10683355823176907476704511935094343405052640940909677712096702771871787224727, + 12998090263935761477316698114799901126086030852595294916463464609721875730852, + 21401280461419124637791689956622923839426783908187419462727763377498739154778, + 9827224472048063173905906705579289843819400982583185823840008976971109664519, + 6215804144039763858354471461864183189301201862376216122255322421321775987311, + 15461308489200344015891625455653488930440613755785081602434124530381300882814, + 19336334695450889400681207491394600659946256404722006637851709906131899294790, + 1712331165786355540802697725399423752392267480553199895882357858951999960061, + 18153038525983970702748717571053178456148003321236490384959117581005013333018, + 1080183517033034908031748897211289245459330899463186432840251241943892326023, + 8948022108193679628295152361559653763100984324221629445749311939820327674857, + 9553342289560502306921915013446606435600388298465288181461633559299564421155, + 12714965617376828547637017050548818007690047452402682720666099310241001848988, + 10945704657865102635748104464461970844653553427083981539165832149959193156197, + 17511714411688352203059545713591160825310809755917403629838415797949261359373, + 9253691969419856285051096287845246422848295397226841130282244592511676512433, + 12218945350859454581754463621617733341764245716874083264842931063272433793037, + 15268139709971695434346690496076067658968455677120655340969837725391575270485, + 7948825129295102283421620705853168119104356217418364837218892682579042520651, + 6887299291348589691868712194070626390224806410428583073294593431810559288717, + 3610235157455454109573625364057240708256027358184031380521552355839155549623, + 16532488069063334064099666525339953823111673083177894678898823509406678724969, + 19317517725107761280217103201908049748015068578935276576200982249386084367574, + 14980901224290526859762385599553818204548992110637275324411078408232697158492, + 7741797285700915051013289492475875831764653137095445146268474269974647962596, + 11964233864746181868467810392101989052496076326472717372132104394243614334823, + 12746657111181947224582102380049766839578185276220682311596480990298620200286, + 6408726946032901840418309506578019708113712492100046332894630652186614300568, + 20959261828945984489015610988397031913577918654575078054490013338416801523934, + 3173674599420546165852740604987014294355430358334465189504551707066179193914, + 16110281513253204315524614633789708146700074483476149119440509845258215816735, + 17135377580103690088853370572199271964414896742342749305424508776150797285064, + 1405769920008485935711505753346340073052795087429311991287498566024570212365, + 19088073362945853867763169651582894739272002359692597239222895238839593467749, + 19897231284455588615416169252449008151349728648961637517447194842672488184146, + 20476415629812014715153863754869742189693986277342067785614833846523246536739, + 11074321446706734150375041020583051611133090415774365192315805856051215270782, + 15231367549323128694183572409135806408519505225209496441892541205465727777072, + 10515952069292929457050921929301902464262874744159361114100398880194109971971, + 3216370118771824418364829250073852356774095079734089790620447714552849459645, + 1940445924652458480775282556203659335417827058983719042726494187979000691704, + 7899310668555694144370607061960060230071621529123669746309839400642332452086, + 3125410912833939638823760577011271607678545358020637189655641109813198731542, + 2980079409624774815878860133121670095839651294537928173829312563570356348730, + 3766498515736372882285796238406751547889526137955288498682767455795237989580, + 21751217522789414135074956130080241003845828660310903627224390345319859795839, + 4947229586642010378772262640583556676497656670779800090478805824039760706318, + 2168676839236948809859825591626629233985269801981092020040909992251312517552, + 21172906642114648036685108008020762271569381607092920279879047961076646303327, + 882675742500939602754673078407141697482716600335919344527751158504426951699, + 20942968937722199705624825492102184647835614761458159157410261242387423597787, + 21880640497503102067412608072166388563991106464538369680846671301780353850077, + 17593472026567804917122179982860735087124786197105685847979050530954084564297, + 4492875530722152383516030266828166766820778742874238188105265500984280376666, + 6799763500412433367637987497601148507907071065930142757525839585946238894092, + 7812331664758167657763399273963290017340604299019483750344476103319142702775, + 2222332747647756867926707541092465789402467819000336747029352557749400316077, + 20438798382149666667185974604464532451975024544676922060351031604444896151494, + 16155157103796724378615022758633778903205872772589663310774455593497441785913, + 20281325298063880945091623185126257485818350714264176365501683813650871716911, + 4922178080989486450454493110764936742315495846015561426329316977670113220071, + 19579063976700768282784922967523980346960151903154507737857728349662090787824, + 2458828873355000645851832396764221987760639423132968569631493912353159373462, + 21166618206785010755521994106737991950548963896649678270059527421944129497211, + 9131643699583013708059191290958290089892787165715294157378879201986981390031, + 1820371114511473946932363841206094088983972935646887524223011276305844153307, + 7264184404232663540867032945940974372967974872966180860960243405462016972362, + 11228656105550475045610757902396386402555430893045183008968975441800824215261, + 7151503559113638565935009743218857812859208253653498318591469659718664783964, + 16876040581364499037941813142092448836399042253618385783944016186340703846779, + 10334125383426918152464737478646460879481305348617711177774418125714273980769, + 18900559046103390399749767994653107625464807708680067464279674225251110804100, + 18685667289312169245526749652972366835289568864080726348092618145885982989561, + 19970582871354083670567197978171723431124602481748785146813441774826500485907, + 15873472427137024971035326229485784626398898771525077832924901475242073457867, + 9090803292122260583635467396769157643561973206888822931647063181944243467413, + 10156295009710074552070572489422360071526675259143523597882131082376797944708, + 18600630374968456966046654667577076758720435487386724419578803020365834014000, + 21292291483064245088298314957584631356250347533568992016547598449487977536460, + 2784266893057214755054197979675795184619614089277590464548240934105557638370, + 21206743389683892419024645604723431382001453245850423743581664552645211926469, + 7915761821775326316473924816837591351530533394717381318596295803119061411675, + 21881095237485064870468603451853549262304643738646051878343976465227744077912, + 2011784725603622472271597952122938645154942022107573948889667939904597454410, + 21059869383015715705096974077910228193608826877524913363323189378554601804559, + 13660545486380051482020817701263881806531607595506890631732662177505270213284, + 10831091042775967380899180760062457635694790868286967266013231823406639854653, + 149288128407476550494800886735600251983375852319258454101603889073198917321, + 4032475033542195421623899365282946172767274020529645277615759958662043553317, + 17860535012887415629230166789742533149365132198763199254812432302158542514395, + 611194463774512114860065022851497908950074400927073001695280142990812150583, + 5518364261187313845085346561539515049557757056751872639492957432879259341390, + 783263978868449790737487156609432867806742277074765259237378374864740012575, + 19059339826992310300213673274315612374137067865428300882729551175173242291657, + 3179709304184015397125565132235783368222831063701934511986753856772139349894, + 10954198701843076039176000728742415722273043852061382139560487789741501275316, + 16411266672500930935370066093245284646483148609897099268661795671514664627451, + 14614816948231085620934132277599546641612327229810158468490195811014141518325, + 2458257206135880430320027516329707989817636936777744813891328347210486074414, + 13549483340434455515002570470395006683062583844603627042649952800864870013910, + 14465927800403373425828183741641078057513049263889255157342086762479739044711, + 4039391352709218793104596256671892882216573882631238721514928981154171136548, + 12750457082077152291009387792121930725761848879916565703854704756389714536037, + 20703941646953337308096638741387402857948436803334980867971163138332859477843, + 20148755487317949638981041809982361196106823990400472213765926589941031736503, + 19035096428824471222963574043396024781574056587456391309795571372815435282399, + 13597108420431213178364236660710194375344287228654817880431599113069659963625, + 16737817219786305757887002253067607822378794077688837656791543060369162185533, + 5164935079689729145670846016031605160169301936105766707946436049006171651941, + 21653381930704765824477248798502813954284378782353810890869232482999795586793, + 2062605478140760101860087118379474541965619844748678233207247884294051836812, + 6841505950265078437298089354417829781031272459823272323626556598403583002674, + 18723551101558427097952125661588457059960574026361073828482106612260297969553, + 7898804490983679270754258611113569895515918945891808074921872907759024464249, + 10882278698112390755842292529204069263813359338030917602809789513528936860051, + 19447560013395173052961224723195565400117958329259001072560983848146677205053, + 6251288025262210726686494480483550276704856797649458538460443509657307219922, + 13176666617050786358406074057104742181338809005466316548399895981897535342946, + 20703225796049910173111490454489910459787604528779911406172217267261190895618, + 20336720518722954780604743873837334696992422089627753769439653667292899832714, + 21420427865372074512365684526694872695798980614525900481233709853915806389425, + 2498895690812694987926199054702295457557454143930759961192198950277119149872, + 18753512301709603592612141197073246313430368834576850495154922324845448997662, + 13229612292359498096055458608547157785066962647476451239567069089111704445000, + 2690879919643532184588441383789963956137193400890598777054187145581183393168, + 14142396602342548413722428497204107502988046500369932366351553161157672540408, + 20448725195660080278132534867269279218381543910636641344871383714386318629041, + 2559459540570011016181396098001618067535109329950570139376049832813577592045, + 2209294835847631004298393339896770055851570184195462947318472391473531519454, + 14610669112573509857774678749257346364319969641690596877040685661582231189775, + 15281088465087253563674405311018738676067395725444151577815750152538449780965, + 8600553033773805414817363397077178137667131851961144771667772828459236208319, + 2748346039979601666392027583251905158817539034260921486084376270967628661657, + 6854960712378511006304629447898292218014632388505703802374806527561178043857, + 20207552563190343462280438839438087615024485494479390954719687107061991587248, + 10281541252271366635718295778088948309847900730867531177275273130071062184625, + 18855605847424121529776135453072696981767402526737712879984848146282568841809, + 4160214035780913418097601322951078913381556877408879904436917334405689553255, + 2122867135885631508183413043949777333811557914428796322029495785048111325437, + 18793959580906171893053069386015945646795465354959679615181136313144978078417, + 1043591673717355695648236328597936528752358227297053230241551190351813693314, + 15686469257015275311444450012704351019335987785561570672026138336552980987277, + 14048856209379833670666148034655599475317994357805584661156301746235313941815, + 1011563953969880478397969933799483261900428580241502003261587014788238280391, + 19240556623066672446907714818724971233422104071815927265423017590508305430997, + 2121904286573815063480388650799381683473766736407678915747169455786741101182, + 6724437969134367395210139771738563153857495313330774537559578422672993498270, + 20206855573383441961836932177838081339503382415601366823182724056749038447809, + 3659051978213562322887447057085386386485486575515693147713900345497451171308, + 21246119528547168535908718411570119652856799993958321864163737649108920924448, + 10446114322905404392321651684574668727564081327779662579984472408056125404335, + 10052242287865403393859620372179811039720807230902452334457123873762222543944, + 6373462744579965543231173757071025010089494620309953425653057223643612177083, + 11716070974813426833631730493593924834405915845847679294742728105127112594434, + 6451284530793440411577197006976867289209413848762574411101073727224316913966, + 20143217291446069633369261481904349401356557325260758866598205109039367201468, + 7741896897172494958877302103827661518814930985518070029789560123401964418102, + 7414486245715284930410091802521351113719159777210731898112598211035848096490, + 6480506916211642204624111742530825907262535747743645014149694168805302825019, + 18349725066341807634895742572304899830893334427067633858521634672944685466440, + 1838291082333887710851505844271184097051704051003105078056248035350245616867, + 19201915197596065583046168024521824662441686729039260890206806469763190071269, + 11253788423541320580105520117231178489492440242200599071301755928628199128159, + 6048832714406694444296771635481934823208451249770515560893368035838759154821, + 6398008918881249487422929614611145638894557821587972164243877575640548705346, + 7013037564266297435879776776659289982125632651326438965546874242685502904730, + 5942504790082366811245813670914617310604940200824079289270465669331434165301, + 14344789199380317440464969138686896230070901882253997360605407637865754361287, + 19920212380356573378521292048728904573841049083972983190424200459025557666792, + 8983390577894750782268266038315113359711163721228398686939390484499979421166, + 14953991148867572055684497824790735528852361750007063016470842397064705671772, + 5592033578501586280289038012647352732276003389059749788953239057845882297561, + 14076883072716069263619564306953450824526010844333044566762059693672378725675, + 11108270411921226463443318601950168860230077781212396032908932369105145901793, + 3681277588815101350213324449908372578846563884174807724121308021640034446476, + 7194753190480156904207319938161903897566477363779122267985209483435838216959, + 21241255448366937244332942306324590869759761073985963892514045368815880517382, + 6203071960722514588958553813186803009742459823360660333787981951206442471249, + 19041823565851118046937769551785013706136778514067168239416647071096062639366, + 4928136619692555022185087228378238193895894009623071873887735418398682287593, + 16266329364886004534411977872528706660422476743809029518681886596981922182359, + 8814684891729998059175829142248330760704444206534875755023421115211106199303, + 11072277000652722690981202459933101924925520292174200155471966778637063588914, + 15889576313969861857250394875354819627977602318110620311480656842740292435237, + 6934515229262494305594741689326968268143898236690173897991110238064230886755, + 16212991575388366798683594066983659236103186124339324856776288894513503543244, + 21100508914867482363389012032457112622475533432309937238082785660233880354422, + 10381104469089401657446748653199843213201270332853172509558263968565255702795, + 8849389605935865968361613766905708889092097013638425059146677490704442276611, + 4826404934194100291623537890117339503344940312401101713754206109744511979962, + 9981819567268652304810465083896863711149056310505889216307212434682251812603, + 16218484218588441290424553684558267080330286201433140852298971691458926313766, + 21317661296916247018967238829275056855142711494630067664736600708605437812892, + 19523923008662567951910986132173659591346561824926093935331274289896011695634, + 21439241836891927940168832009944210084078628922824257988298290967895179737163, + 3818036890597976956138669961319975835941979944306305168232209375279960168960, + 10212547715001519604442389033695156945619060410131175896383181616280631586732, + 956283172524544133830416114111944076629240232397666924807554743752464221045, + 8545109273807246425343308224167362024331960554428088718932211551700420545275, + 5647769597708100114837534314408246331518385631750569421373379085922684908872, + 21776221280695269311212391423788179027868152904973644113087833004348746215729, + 15989020831232836203074762591626149244364214836699154611339161287030952623233, + 9384665943619921791886218744024370375464874104981653298499433530463000935024, + 15469006121097295841026542766455781293432005131673839148320165243166330403027, + 16103671377537767724271717097892044266704736999841135349844319906338275108222, + 842367229428650719054831004741080336526228967970570607897528985803108607790, + 8752325400224955775788313769797750158375262384121380328719514077259567119347, + 4803861091350023344885030428100876947830986453029412601567992550504530969575, + 7917553047944370948250445233027936387189889293110390303835890604428798853681, + 16378323148632546424902611135263436821435778030958161546757828745002247975096, + 19873719885630097137106352132870659633926425645300622070145979694717581586592, + 20324790419158243246762098227260178678767896786893299456278167341205663612964, + 4358908354524026935988729716331497263147669784003421920394531784876541301801, + 14403952632095852077754539203207047943619815438482171213105824864831554185165, + 16410713482142323347391147127545553384558868490870150984280601225023662513809, + 7304216341846662695189617252648753140769311862815448449926830269690397729157, + 16792943782280077475956215580025612636120139194657275471595325031090407485768, + 18494329391227402645175320826355306995912366111176422593669423022411884295357, + 3277597348237827068690736756050060740435013727549848360800059544123155276133, + 9396765756719511114743964794180256605700037182617127755220919249774110852382, + 5637053961584389263881381098869862042993858662768294676971865632259649027245, + 1752142832257643043564515360000718468888861086573246457619082905919623770956, + 14504506574384680785750882507533398260948836347427103366421836731538357314790, + 18947994518078004413210940685748534988014581551965984303066903086446389273117, + 8931855168578615387850254663107425567403115805663142600825724478150698936342, + 10982092525200624040399870568387498905840578524691489797530932831401946309626, + 4738907023206802373255186532236849256768509848242049657234258536668430260775, + 10888145285628319545262252531874405309329869513560101920454793431198094714989, + 4767721624212785367044047554655794533816937807005608600525762243335180089923, + 4054394679973840378112083329204220302222586590732553688297938891619998137578, + 15390471663419625573793381445844013245022413344196724396864223784781333233143, + 690498740448849288977645176879593806019080276382495160049117613302192708860, + 3326968907274045758110436838010900592335267522219473049427145975873344598768, + 19461545874830130561487975864151403334363998126023624462211037468138940028328, + 2255249425919459031033123095731665691066980364231819200773725596456576056043, + 17139538647342063569964264947811360956712827863014723985947727876623459280539, + 262834317961189780923232082352297808796511874872711860311746704570027370416, + 17784213646586812350819691264737755884800773322574478474130308351003659945289, + 9206479615073686723914227166450906925650471865894639492301222855979337534393, + 5955379232184076713510750681781395826148323482009739159408415185190732125682, + 16345512244217240951729073298135981012471478596479891072149124888060645303490, + 20053701095030547796310908765544502773063879272854547881438596069907281565287, + 11519146559536679602608982593432194283609736022486509747046459824035493513614, + 10868663839942247532249591973192159672852196011910414460124452013501564199585, + 12668355291693420029179738224611760713369106517542315102687346083105601320689, + 4091011252347209563858280520339886760216002486858313383741839652119084430270, + 11416347683590132388448480763970462739172261435271326798646502987745949753371, + 4462763980178675172541782335457125059884067698347130082276003539434128058577, + 21728891122467658477520865529973242372850367356840114983386033432316519759391, + 9556106604731806817435679463077765288658189491612307664294729425381901530224, + 5086982973132652080709554654284904229374030594786774699435814748257879554118, + 2278505454992311041650060186856758463754878439802195559533882189615578260695, + 16123495070352975934848591912315341924608875638550779884194576881433498909405, + 13177225503435100563531015597038445430211235761527278782674200718068329833622, + 11626932451843299545922103072142674578946680165802341368625957942237790110177, + 8872973246419344365802198448930136062421718851114220299577394844231810068090, + 11920016786052130191738519934437207519332291620474831138559948859328822621221, + 2773753221970604083383541092979093729869734021029185810064937974430862835870, + 1194583082499114147792330367943150006952486615245506995832323057119894886077, + 15293312601348482070373672684782686300692505365845870624263228679370968807837, + 2292156760291800990693425534213440357167359161992251338587906324724034592198, + 20920049766730284147153707151387304988393631464951398563908410768221002588086, + 3587899345078220957148828249287269521408604837648269936718299413697642586126, + 5857527906708110948691023855516662527925762284342493618496858248142623857037, + 18312267494676788897591109008609888960798722042916784593521762607767538629817, + 18354455618287562133438807735729369657256664914390381320892039403006410339493, + 18594037435499535688023807489676900345345731643180370940972090155512943637000, + 6361231157299815359812386352981667048590510979947935475914610076041390336883, + 6503045850716008738909204934356093641022474278658078426701342798380459107813, + 15826908470360778431798326530563200301151807861414464213699967513881040969457, + 913167165738148713876672473302437265273760468892350716109373788573860454641, + 5163418960719047707254162004625467116036830361107107814320243058319914687515, + 1852750695670141634014249062360862036043602867770163972096325792863710036947, + 16164029969996795952250343426848596535809001568622155377829217918121790073916, + 42291476149937488089591434144089904529405222471677684973768504172369443350, + 1329340386229357940610579826659090359930768580941108555938139535621252899508, + 14087936453397725507000489457270864434699508074557952952329368237400407748133, + 11454917885298514922755456675259734718428103879515668717779418480236210705323, + 17749966508430836878443008025013283275306943216523661550528505419303121693213, + 16617298839486771009961431205770630163409905047728421465641369616889696635464, + 5622873871440608391107520706189063847917690892897751818294742462879871297589, + 13537715561706278379083684257583804567523085149672090320983273122424669242274, + 12609629910090871112615676094781247031353826207267723991911250780907380059468, + 11881347692420971451998583525696964339513193164613288356598017302547676912004, + 3620434358220496198439193226313617496907852030586214671337652678218740406153, + 16586456872124455799862826347901525401871594428044067424833235946565396779382, + 19602593015746956165116919928045364895525104709835703557292833702385934632182, + 2465427491077301663150648330772125184470808854603184374760649420983178107738, + 12521323976712195518272978277895155774288446093713549157148428964880747896725, + 361951232333654306694462853852464888974834703718677826403016226307188397185, + 20048343816024297162848487251896481827914904696805156112188099141327595641104, + 997638030405613623344188782838773314122493364653596616029491564227193697621, + 10932007654988104622042938184134556963651043067553327861790671211490960094259, + 47171599193060570819891696279547021610376047998583333086685382152080932821, + 14669115378939104862697280661831896914139331878760241858539421915983017116504, + 17868874372855679948405169936193924176514630305572838555185339642210810710203, + 10178296575837129106771098084407669500326673901243393867574658658064222502028, + 11497182727976130924559852428316615034304736115488257034951588831868596612725, + 18847036158089242140209840241495282890278502700082131513222116906134183113862, + 15514518995390761662346743876733004358408187550386554449789531199638765348953, + 11474102901522012346251529527050392650125347221410246734211005177721289856415, + 6612195415835443084676700243243174090072629504450965229103970796390091290688, + 11572474094368358234669561324969692616275099241307798860733942350364532366113, + 3855324911963410548772360326122995145790506408472649961229511965629894550308, + 8802640003128749594245736338745752744580147773009816234644244502373660889677, + 15676839305513015047736600040932186843826469281853634239081282896349443894145, + 11124722103091011602185413968164672678635980457394627450785290630813993266691, + 15087674670944618980358596427703842917302233637812357643695687556421910213028, + 457555060782651847600218200815104907046227486293278645126081160142069992497, + 5340353060455057701755599760342180989590806327490432497082435572367648024359, + 3289809733259936118731355294329652879189400852472418229718273887860572748363, + 1821386174933044868215348232606758690922944887434531299978498726875279584854, + 17399236630582894158137572250502674699298844870791766041927951699287421557453, + 16772722824042046255416248879357647708113647471330900665176012648038469814744, + 331374066696126093678097185404981758791664151917354547180452342655690460271, + 5482079579065945934120471179616600325379965440378196448353560421120276746028, + 11861638874356162254375133266687016527365630872709665703116365332534843803431, + 19751278476934230895840638614095718373810690662562196455711240141902305648888, + 21017623330912840225230534280017695045717261514215145256795880310933667407841, + 9692530233397639077769939390011937602190121885296235066426091743618448584134, + 7914031992737639503490179289412369887137436318696390718781298556229610513180, + 5046304088054212585035723354298412694927209198400753780585596829596665931980, + 12735457541003664856181534137486291132119134214862779086936585300598349629287, + 8144204472889944485922664106370529127382213990656088602566223875490414163362, + 5526161442679804982165840590640681348630369336752481706044759543203459722566, + 4665464612431440885211271075488840033628676516298384234452346107374012633528, + 8451965709652752887539585363308640999657377914501438391781526068371105983117, + 18990458193856163728406448194111866469438835810342179114684453609893347662421, + 14602960690767985987882800342208585041637986661619503513589079723840776294824, + 294650277854196485752526848096008214721988745350555311479128101695333774927, + 9930361494944692931597991649915857642608730961125454734483697613693272941776, + 17972565769620820679641368732920396905240248490243886868922250461473059009007, + 11842743032528966560856860268344505094861546674985872961254820091273444880060, + 2260251491209762630871337015316066081541066308706934094017641769176593121838, + 21336986809148977544823484666876006147697590184356254785752148187171367963063, + 15637234083283356311249527335446193685599985235080555266374006156231977517227, + 7637477891046186378249227336975234440873859617986704147458186423096226771577, + 10435340982947407847927678888878882924793449778165415690957335683641419176012, + 21071574044063633264442120715854514033847137356154103023224485568597330648075, + 20085745552872944745120547909310789275453780111307008151203836541147270866122, + 2369255222739182549768488367357061329939116877812397072967912842660453854658, + 3320710154094663715463854219978294133429318041799642537800174050047893035878, + 2437552820481788519744888712380245016748276158860265401041560980354471184914, + 6687580113987208531705167517979176727449238324356562435678492283111952291541, + 13835828959457330678345759960614663723017667326485961761361157914420441377430, + 1823843951353887792473925888956554516299304358703549730900495356152013614424, + 18229384804985230011714562427207966412342158903455811854157839446374012856695, + 4983049472282717134994110428470567601005310848076496400503178535459679438524, + 2047051967230753763135778305592853785901616983565528680886843131244871631064, + 17059505494771925862841990046823342770591010831955480339095397897088168520686, + 5845823714127413134610517798305104245114036685335948729450609519089263487144, + 19810252752845594230307894817800427820113926573704856490871938876757561680148, + 20741340243371419379519807725035036726040739024854919427690724405113594586449, + 17305746835229988220561638584011917989169628535378748397361130724475478785704, + 16273970657972145440112726408308019138099820274904080726219726815138597785735, + 4927605725478881247988642936459897069651251926499343645614635597380235002430, + 4076655226193629464789557616268492785057128805549395585385432329518368497686, + 18134767316186963456589895259454813585756254459227058992203617493951135964914, + 20798436806114056077588608064161229365173163847083955162560624566238528904361, + 8811900287453512972593412116532745098600991077158875340182906101108258578231, + 1611466530857794066271650650204918615746591649578992581483080164777650137733, + 19520757346022691586967284723955378385034675472244175822936613026597514818901, + 8258287931139503595713718829279050060190693609290797346704848518381891359704, + 13807143439443425137076128013998009581746894329904809421858222329599144124143, + 2034200548964915935625429760202284220693125881760822084201315022529206424506, + 20594375914400911567795140472107624446159181622166676420027082349633992663301, + 17773828019575037451999782968066986504577459910353828196403976545023426528432, + 10645884969014005687699860915213473815514464399964009808411811895545112650817, + 3135829883501342672772973577699379927756997243617424917654928164800203666496, + 21807676600134151299257078976418813484444183016737321278512745883771478511369, + 14168063038909284721702678019083222059818438340503980617872573468231611140141, + 19022539506931505257153342575586362988716958060936788031721967221986624233067, + 919797128086310623571009200546035983274688764270933413427846490906074137487, + 10651353481391913627770814216074873532920753703051075188645774021198634943682, + 21601553598752750925049978818528421110707879819831249175157596816870100048288, + 9544964974935674319204796617933096476421551193682156030394816088243121582636, + 17113833205578964054057051521784698139661258340576694677296240312431808476286, + 9889647672195559279745677506312894570402108521106900082889976819798270827735, + 16028191999932520938901585234936954312994452706490572504997534210876573833649, + 19224701772787524647172128751148104366752057774529591812815327738829591289117, + 8065294760892477625290114823800398061529770004833832691347498933238361039736, + 8385011404987806129246014860479833290406969218526611328586242951296814426438, + 17626526623257098006524211054563886193098683828265081734658432468695686509315, + 9760584950604786147191288118087660976225563461953070125437519145090832114537, + 3282956645059793949082172795607530130101621492305193365378997603911833418463, + 3788543541342252822847978185963388795825378340921321139695221828685330606335, + 5728277403393912877393143174229934529937061751983246730506397742038949251701, + 20532577038632159357383817240596922896191478140446876998140515404169184846609, + 6138500779693128517529525961343097735306947649093633133232282430353593175172, + 16387038830089541476468870208162294639575042754761542956218362331966004300870, + 10184264376398708852688445921404363179240954227345322711923845040842165453208, + 12576299651793170522912156101640799825541149618303513174146382191633847258859, + 1340015400080181141720946234858756484323564628916867888877667239334982793481, + 733959369856163480135680991009606990817015555938726628110611986599242143578, + 11467033813562140192244869512537566463715027496952375979909160849747976831918, + 4619667645046391146577435774790188488541561222783010406420406869960248783331, + 58552761198135931030902257754896948615688045302818928845814661296914920622, + 1199849881730507352706524556330002080538296688430736582840314007371442152147, + 7124502590511184113044595527748024819132713282667933641439666531514739645089, + 8623660134669459112474551498616256867375253975034970808437732784494772311361, + 12655669439191191182341423414424342421477486764113555800095493091893820045534, + 18432703875775002490514477493898870315422995231506677048275960580528644904682, + 15467220287938881354678249472400749704814316816035426814619089032223454845193, + 2851120240492392321044027263769720216640877441121430445737594074121655318176, + 20519914249934881206828098454303256358482675671718589102535780334267934987941, + 17275124961392392047135728713829752470490098022504524438869454049765356211723, + 3323710067527231515807603961736782048796606296990840839366613937968342331886, + 4468708240622802562056471128793253296493002925988003094771284205007772045098, + 9006494818135081033869830730030943407240565201693254355620348420258773924028, + 2624130417875598753127999576825019766166727976335690685433712946223008520912, + 164131399455376615654870570697119442360078693174350746600132391198500093412, + 14931668887432843139264972187415200544679230597820424081936926034478502874299, + 1638753880783574431267395352024193675000113296497173968722590753809640941864, + 15505380865926802396097545843811910443367233632805651511272732002583232431557, + 17973744614207669251901495093091561913998272050499760575282030108740677066624, + 6137688223696761009295745609563284204827706564566466060484103844265403078408, + 14774243062532823236792831566222119634320864630838624098798648826842418775856, + 15864970393171078370207775103899428499600152663946379517190945807315353544891, + 19010063123357565300336230971672519561204810737546730911549311353159512986740, + 12607162829921425080830052984475623157169603642577010527391007035133383807243, + 17803108634879437217723652777640120469990779759700458421844361066182881628345, + 10065874953507223318296028499872542865030107611981933577973812883589535269142, + 3276471432535144390388324850641020151392959100393035635141206272558418581928, + 7532054601401798035926415744768772852833516520318445183340725930886329458991, + 18893822928119227829016544343228228897166113682019317256005502643243867377334, + 15940597493253236451533839310728876441657428995464658827726295547815292644378, + 4268009387843764409267791203070919313017052533005657826253994943184768120896, + 21611251949238422413354051947529388972078300717392131751061464498329326474580, + 12516447001729804412674006874184731098280474050775388553768469608793631490618, + 49838549447142926741568525697026885045023997277705726329780325103507790978, + 19763902910323896567698991616245963026306943100978479625077573937114135803058, + 12029297973430627253212633299020402005457460023136429653800185001711727387314, + 17676997725594777991384952086633589048516371093397126876621255518370680168503, + 10567543371894667303450346380722020266352683222046730266924342174164712049360, + 14583364850544999818712646438016435003942847076919084667364987497592599663937, + 17348091487238815837308569582101875357715798351834275089190053280855958465528, + 8743083090296259283603789316855921930102444739264013461469099560398359267240, + 15114064505647935792598848256320570567717917317803629185764147361301698519005, + 18332675991829764561879941291908436508530604635608341316693114747813051532006, + 1757567731797951053080580099911774643896363235228742197150882457231133285549, + 6526388717947413328592956348507481629843816325885832861915399601868279124246 + ] + ]; + +const field[6][7][7] POSEIDON_M = [ + [ + [ + 2910766817845651019878574839501801340070030115151021261302834310722729507541, + 19727366863391167538122140361473584127147630672623100827934084310230022599144, + 0, 0, 0, 0, 0 + ], + [ + 5776684794125549462448597414050232243778680302179439492664047328281728356345, + 8348174920934122550483593999453880006756108121341067172388445916328941978568, + 0, 0, 0, 0, 0 + ], + ...[[0; 7]; 5] + ], + [ + [ + 7511745149465107256748700652201246547602992235352608707588321460060273774987, + 10370080108974718697676803824769673834027675643658433702224577712625900127200, + 19705173408229649878903981084052839426532978878058043055305024233888854471533, + 0, 0, 0, 0 + ], + [ + 18732019378264290557468133440468564866454307626475683536618613112504878618481, + 20870176810702568768751421378473869562658540583882454726129544628203806653987, + 7266061498423634438633389053804536045105766754026813321943009179476902321146, + 0, 0, 0, 0 + ], + [ + 9131299761947733513298312097611845208338517739621853568979632113419485819303, + 10595341252162738537912664445405114076324478519622938027420701542910180337937, + 11597556804922396090267472882856054602429588299176362916247939723151043581408, + 0, 0, 0, 0 + ], + ...[[0; 7]; 4] + ], + [ + [ + 16023668707004248971294664614290028914393192768609916554276071736843535714477, + 17849615858846139011678879517964683507928512741474025695659909954675835121177, + 1013663139540921998616312712475594638459213772728467613870351821911056489570, + 13211800058103802189838759488224684841774731021206389709687693993627918500545, + 0, 0, 0 + ], + [ + 19204974983793400699898444372535256207646557857575315905278218870961389967884, + 3722304780857845144568029505892077496425786544014166938942516810831732569870, + 11920634922168932145084219049241528148129057802067880076377897257847125830511, + 6085682566123812000257211683010755099394491689511511633947011263229442977967, + 0, 0, 0 + ], + [ + 14672613178263529785795301930884172260797190868602674472542654261498546023746, + 20850178060552184587113773087797340350525370429749200838012809627359404457643, + 7082289538076771741936674361200789891432311337766695368327626572220036527624, + 1787876543469562003404632310460227730887431311758627706450615128255538398187, + 0, 0, 0 + ], + [ + 21407770160218607278833379114951608489910182969042472165261557405353704846967, + 16058955581309173858487265533260133430557379878452348481750737813742488209262, + 593311177550138061601452020934455734040559402531605836278498327468203888086, + 341662423637860635938968460722645910313598807845686354625820505885069260074, + 0, 0, 0 + ], + ...[[0; 7]; 3] + ], + [ + [ + 16789463359527776692258765063233607350971630674230623383979223533600140787105, + 17179611066821656668705197789232102741366879862607190942874777813024566441829, + 18653277315487164762584377009009109585010878033606596417396490909822722930739, + 7373070639853668650581790286343199505413793790160702463077019294817051722180, + 4823864393442908763804841692709014014130031798360007432734996408628916373879, + 0, 0 + ], + [ + 19196309854577132760746782449135315310664418272926255500908899397538686486585, + 18123132816088485879885148351452823314623055244145916622592591084094232513914, + 18436594886553181913092702411547018228276047601279727265790147051821171174455, + 15167500404313194506503404655898040457721633218143681920692711693000769735187, + 9437986152015460505719924283993842205604222075968464846270136901243896809793, + 0, 0 + ], + [ + 21445376105821232747280055223032050399373725161014449207033808524504027971613, + 49684738714301073369749035791061182456037935161360748355432247732088942674, + 9826409059947591908303145327284336313371973037536805760095514429930589897515, + 8494798325496773219358794086647759478982958403252584257436898618394561204124, + 21251937175072447337747316555423152807036003235223125066270735279039060889959, + 0, 0 + ], + [ + 5539100337780919206842837176908516952801756637410959104376645017856664270896, + 6297628909516159190915174165284309160976659474973668336571577778869958189934, + 12792263637464508665199868777503118105486490400267592501708855807938962470650, + 17254685306085558791725544672172906900581495686070720065168939143671412445514, + 3590396502942934679818900672232030233017710909687947858184099000783280809247, + 0, 0 + ], + [ + 19055249881366445073616526879263250763682650596233071589085239500077496415637, + 7367697936402141224946246030743627391716576575953707640061577218995381577033, + 1322791522030759131093883057746095061798181102708855007233180025036972924046, + 20456741074925985565499300081580917471340328842103779922028754640077047587707, + 9059147312071680695674575245237100802111605600478121517359780850134328696420, + 0, 0 + ], + ...[[0; 7]; 2] + ], + [ + [ + 8266021233794274332054729525918686051968756165685671155584565440479247355160, + 7947823415909040438587565055355894256799314737783432792935458921778371169026, + 16508811191852041977017821887204137955816331040385276110261643892701458724933, + 1804800467126006102677564831888710635194614232739335985819349312754063580223, + 11189892034806587650995829160516587240879881493093022855087765921356611070470, + 20567450145123179140729389574352706949280207113956641415022972885523439610844, + 0 + ], + [ + 4666756311257455192796774305229624459258864488677689058174087310651786875914, + 11389253665835451896363091846189307652796786468610595637047377864063404843117, + 18793736599347263150867965517898541872137378991464725717839931503944801692688, + 4206344588923325482680116848820594823631536459347642329098796888497153867720, + 1739462481670645248707834504605096139894257554120906850613041004917967456145, + 18514227342636266640333254638454588508118462110178719555586534011641424431745, + 0 + ], + [ + 17887039315911403193186866703775654467672391491657957999455462537283842145802, + 2824959020572825365047639014537190268717891749361604043531643698340708119767, + 12521547103713919592301476538318318223836047611311454785951907894055964264287, + 8658146183671258251984364885894342376430874614261222570603159082682815800788, + 154390145585284450772861151318029820117470958184878116158462181541183085587, + 7593705166056392393963956710828665339496927193740869686529339432486182720653, + 0 + ], + [ + 5529559239163081088908568555890212324771345012509269613465629182165427812002, + 3729910453162885538930719732708124491456460687048972152311428493400220125686, + 11942815243552870715777415109008273807076911177089425348095503288499102855779, + 498938524453430895689241565973888863905147713935369405079343247530256066618, + 3976257517234324421403708035200810671331954932478384823208414346189926720724, + 723540703523219510043977323240437576248315561543814629392162302024056718473, + 0 + ], + [ + 13306548824219676333032339487546407241767961556934015003605485324283250885682, + 7970147269291664639740298762956131361316495463191268382513594527221399186752, + 20633313939958767604804835838065337107615699351647541991788258289962727735454, + 17162090859520817529294904484646695645841022315617926715432606252643123848792, + 9181379842957190051440498041153333325098774266789773971685141362947015398641, + 7051606617662816798224904133351061549832959857069896192072217769241273559278, + 0 + ], + [ + 16619522548478824222688310091434959542211899852679631815023615875678448806029, + 14965311177811968100298579672135357167599499478246106482433786066289128683961, + 9792733250919070275775594069208673385381167169182805600474820364274865306108, + 2069253833779081039049908513863485270550301879399727430830923273191877809560, + 15847298987712771667136245955631872888473964330474501593909263901393348546986, + 12244443532166430060291409356011430759892629145539185535677568234713942157668, + 0 + ], + [0; 7] + ], + [ + [ + 19332164824128329382868318451458022991369413618825711961282217322674570624669, + 12346323761995603285640868741615937712088302657627126374070962894016296466118, + 3913895681115272361294397190916803190924061797587910478563401817340941991811, + 7048322889096718105055545382948709082135086733564574465991576956878202831861, + 10375086910057323893637057154182902576957472442368661576421122036461645295833, + 12765622911241487148932810040772504127756393086809438933166282251044289864727, + 266900212758702307861826326591090138389415348463003233900705815890364224151 + ], + [ + 14435131616556129905356866638030823183270286404767286105643513738132789033353, + 5780976801287540146775934937953368730928109502001687434229528186520268917700, + 1618320442446662026869390273942730786145909339107736579759397243640902802126, + 3818399583522206096165108192531271582827953520684743806492664825009577810261, + 11764506724346386316602508039052965575734225646587104133777798242528580374987, + 2414215974836165993714858157462355581258152126063378817495129367240311967136, + 17609437036230923129211608175600293197801044251801590649435913902851695334081 + ], + [ + 363438080029711424794236047863047716381155074181485245036621530063262917196, + 535766679023716739184211613469394818313893958493710642899297971974381051070, + 5305068908469731303772738758164870877638068032868328180355958394150421214337, + 10807632568240507366657354568432178961148417327580695024415275247652313539292, + 15964415873358391713354948903242729080763777490509563223190335273158191600135, + 20700362719972015883260687302741075186857660623182772413609788566925949033885, + 10135127975676256977820296631533839366076919827597067890970660746228807376456 + ], + [ + 4251490167543116819728642817282216847143714366441358372252125244838181656331, + 7745587495915033527847242564710473705100826890903278244320948416581724663023, + 11741113129223221800185946819924457344647035336264986754437921049066977440806, + 11630296782890656599545188109639399768829653360050213193782325240600583381364, + 16861140446185941149398487176581839232380972247302922484807333229513905651035, + 365879246117123675211400356410703684399715291171114630107795112994207447819, + 21725607857580053522363567649763546934441685061337033780528788383243719579033 + ], + [ + 9222866548596464928765000608129177609426964853736257576074550520759533736918, + 10261578281201197531384003420612639018011405529775212563256392340336951230146, + 15644037447921591571869862919382888810859308861783088910843592577202362807673, + 12752004188139535619565478547449108772137477456363099481095747591698702436636, + 4205805109630387448825516813913983509046636797101589615147198457314360427718, + 21047095155106717901091873146599497621258071512562421967648909471775919992713, + 15624165295872926124160584750951090817255240214488120310950503163805737026315 + ], + [ + 15064589937731741958666763896598138037875460434244947486199623542160035749721, + 1801577872277160959016940766173040841160105238799805406938450020949902989173, + 2896766420608048344829901127120623317655260981420052771341833288256800199953, + 12828791469509204618898135640019714232831708508424682785876476343251730674999, + 21363471986981372923191391880511344708743312828234098289107697080824665183315, + 21372706354350795416381912271616633829725494570576895047490974943034914894898, + 16006531510217730955981102005088687858079561573088629102219485906666961331083 + ], + [ + 2389357602244845938251345005183369360523566673990464798041306722747500447645, + 15275955107196234672088664710679934029171843237458844492987233368659104714648, + 8038797517535218686870517662905230585331773059774130312418943649247287196930, + 17923922393436914864421862212181654800719733137689602673604754147078808030201, + 12890519745320143484176500044628647247549456778462652469313611980363507314914, + 8058516556024397257577081553178859094042894928866720408652077334516681924252, + 768425396034382182896247252731538808045254601036758108993106260984310129743 + ] + ] + ]; \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok new file mode 100644 index 000000000..1b0e00775 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok @@ -0,0 +1,62 @@ +// https://eprint.iacr.org/2019/458.pdf + +from "./constants.zok" import POSEIDON_C, POSEIDON_M; + +def ark(field[N] mut state, field[497] c, u32 it) -> field[N] { + for u32 i in 0..N { + state[i] = state[i] + c[it + i]; + } + return state; +} + +def sbox(field[N] mut state, u32 f, u32 p, u32 r) -> field[N] { + state[0] = state[0]**5; + for u32 i in 1..N { + state[i] = ((r < f/2) || (r >= f/2 + p)) ? state[i]**5 : state[i]; + } + return state; +} + +def mix(field[N] state, field[7][7] m) -> field[N] { + field[N] mut out = [0; N]; + for u32 i in 0..N { + field mut acc = 0; + for u32 j in 0..N { + acc = acc + (state[j] * m[i][j]); + } + out[i] = acc; + } + return out; +} + +def main(field[N] inputs) -> field { + assert(N > 0 && N <= 6); // max 6 inputs + + u32 t = N + 1; + u32[8] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63]; + + u32 f = 8; + u32 p = rounds_p[(t - 2)]; + + // Constants are padded with zeroes to the maximum value calculated by + // t * (f + p) = 497, where `t` (number of inputs + 1) is a max of 7. + // This is done to keep the function generic, as resulting array size depends on `t` + // and we do not want callers passing down constants. + // This should be revisited once compiler limitations are gone. + + field[497] c = POSEIDON_C[t - 2]; + field[7][7] m = POSEIDON_M[t - 2]; + + field[t] mut state = [0; t]; + for u32 i in 1..t { + state[i] = inputs[i - 1]; + } + + for u32 r in 0..f+p { + state = ark(state, c, r * t); + state = sbox(state, f, p, r); + state = mix(state, m); + } + + return state[0]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok new file mode 100644 index 000000000..fa4acaee0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok @@ -0,0 +1,10 @@ +import "./sha256" as sha256; + +// A function that takes 4 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8] { + u32[8] res = sha256([[...a, ...b], [...c, ...d]]); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok new file mode 100644 index 000000000..b2e50eb0d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok @@ -0,0 +1,33 @@ +import "./1536bit" as sha256; + +// A function that takes four u32[8] array as input, concatenates them, pads the result, +// and returns the sha256 output as a u32[8] +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8] { + + // Hash is computed on the full 1024bit block size + // padding does not fit in the first two blocks + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ]; + + u32[8] dummyblock2 = [ \ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000400 + ]; + + return sha256(a, b, c, d, dummyblock1, dummyblock2); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok new file mode 100644 index 000000000..2cc6b204e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok @@ -0,0 +1,10 @@ +import "./sha256" as sha256; + +// A function that takes 6 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> u32[8] { + u32[8] res = sha256([[...a, ...b], [...c, ...d], [...e, ...f]]); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok new file mode 100644 index 000000000..e7fca109b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok @@ -0,0 +1,22 @@ +import "./512bit" as sha256; + +// A function that takes a u32[8] array as input, pads it, +// and returns the sha256 output as a u32[8] +def main(u32[8] a) -> u32[8] { + + // Hash is computed on 256 bits of input + // padding fits in the remaining 256 bits of the first block + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000100 + ]; + + return sha256(a, dummyblock1); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok new file mode 100644 index 000000000..36496da92 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok @@ -0,0 +1,9 @@ +import "./sha256" as sha256; + +// A function that takes 2 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b) -> u32[8] { + return sha256([[...a, ...b]]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok new file mode 100644 index 000000000..903f6e14e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok @@ -0,0 +1,20 @@ +import "../../utils/pack/u32/pack128" as pack128; +import "../../utils/pack/u32/unpack128" as unpack128; +import "./512bitPadded" as sha256; + +// A function that takes an array of 4 field elements as input, unpacks each of them to 128 +// bits (big endian), concatenates them and applies sha256. +// It then returns an array of two field elements, each representing 128 bits of the result. +def main(field[4] preimage) -> field[2] { + u32[4] a_bits = unpack128(preimage[0]); + u32[4] b_bits = unpack128(preimage[1]); + u32[4] c_bits = unpack128(preimage[2]); + u32[4] d_bits = unpack128(preimage[3]); + + u32[8] lhs = [...a_bits, ...b_bits]; + u32[8] rhs = [...c_bits, ...d_bits]; + + u32[8] r = sha256(lhs, rhs); + + return [pack128(r[0..4]), pack128(r[4..8])]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok new file mode 100644 index 000000000..6999b8b21 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok @@ -0,0 +1,33 @@ +import "./1024bit" as sha256; + +// A function that takes 2 u32[8] arrays as inputs, concatenates them, pads them, +// and returns their sha256 hash as a u32[8] +def main(u32[8] a, u32[8] b) -> u32[8] { + + // Hash is computed on the full 512bit block size + // padding does not fit in the primary block + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ]; + + u32[8] dummyblock2 = [ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000200 + ]; + + return sha256(a, b, dummyblock1, dummyblock2); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok new file mode 100644 index 000000000..c4b13b7ea --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok @@ -0,0 +1,14 @@ +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; + +// A function that takes 4 bool[256] arrays as inputs +// and applies 2 rounds of sha256 compression. +// It returns an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> bool[256] { + + bool[256] IV = IVconstants(); + bool[256] digest1 = sha256(a, b, IV); + bool[256] digest2 = sha256(c, d, digest1); + + return digest2; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok new file mode 100644 index 000000000..a4bd52e09 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok @@ -0,0 +1,17 @@ +import "./1536bit" as sha256; + +// Take two bool[256] arrays as input +// and returns their sha256 full round output as an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> bool[256] { + + // Hash is computed on the full 1024bit block size + // padding does not fit in the first two blocks + // add dummy block (single "1" followed by "0" + total length) + bool[256] dummyblock1 = [true, ...[false; 255]]; + + // Total length of message is 1024 bits: 0b10000000000 + bool[256] dummyblock2 = [...[false; 245], true, ...[false; 10]]; + + bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok new file mode 100644 index 000000000..511b2a539 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok @@ -0,0 +1,15 @@ +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; + +// A function that takes 6 bool[256] arrays as inputs +// and applies 3 rounds of sha256 compression. +// It returns an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> bool[256] { + + bool[256] IV = IVconstants(); + bool[256] digest1 = sha256(a, b, IV); + bool[256] digest2 = sha256(c, d, digest1); + bool[256] digest3 = sha256(e, f, digest2); + + return digest3; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok new file mode 100644 index 000000000..5dd8bd516 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok @@ -0,0 +1,14 @@ +import "./512bit" as sha256; + +// A function that takes 1 bool[256] array as input +// and returns the sha256 full round output as an array of 256 bool. +def main(bool[256] a) -> bool[256] { + + // Hash is computed on 256 bits of input + // padding fits in the remaining 256 bits of the first block + // add dummy block (single "true" followed by "false" + total length) + bool[256] dummyblock1 = [true, ...[false; 246], true, ...[false; 8]]; + + bool[256] digest = sha256(a, dummyblock1); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok new file mode 100644 index 000000000..3d6d9ce43 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok @@ -0,0 +1,11 @@ +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; + +// A function that takes 2 bool[256] arrays as inputs +// and returns their sha256 compression function as an array of 256 bool. +// No padding is being applied +def main(bool[256] a, bool[256] b) -> bool[256] { + bool[256] IV = IVconstants(); + bool[256] digest = sha256(a, b, IV); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok new file mode 100644 index 000000000..6d596d264 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok @@ -0,0 +1,24 @@ +import "../../../utils/pack/bool/pack128" as pack128; +import "../../../utils/pack/bool/unpack128" as unpack128; +import "./512bitPadded" as sha256; + +// A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 +// bits (big endian), concatenates them and applies sha256. +// It then returns an array of two field elements, each representing 128 bits of the result. +def main(field[4] preimage) -> field[2] { + + bool[128] a = unpack128(preimage[0]); + bool[128] b = unpack128(preimage[1]); + bool[128] c = unpack128(preimage[2]); + bool[128] d = unpack128(preimage[3]); + + bool[256] lhs = [...a, ...b]; + bool[256] rhs = [...c, ...d]; + + bool[256] r = sha256(lhs, rhs); + + field res0 = pack128(r[..128]); + field res1 = pack128(r[128..]); + + return [res0, res1]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok new file mode 100644 index 000000000..6b19a0263 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok @@ -0,0 +1,17 @@ +import "./1024bit" as sha256; + +// A function that takes 2 bool[256] arrays as inputs +// and returns their sha256 full round output as an array of 256 bool. +def main(bool[256] a, bool[256] b) -> bool[256] { + + // Hash is computed on the full 512bit block size + // padding does not fit in the primary block + // add dummy block (single "1" followed by "0" + total length) + bool[256] dummyblock1 = [true, ...[false; 255]]; + + // Total length of message is 512 bits: 0b1000000000 + bool[256] dummyblock2 = [...[false; 246], true, ...[false; 9]]; + + bool[256] digest = sha256(a, b, dummyblock1, dummyblock2); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok new file mode 100644 index 000000000..99e650600 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok @@ -0,0 +1,15 @@ +// SHA-256 is specified in FIPS 180-3 and initial values are listed in section 5.3.3 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +def main() -> bool[256] { + bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true]; + bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true]; + bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false]; + bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false]; + bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true]; + bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false]; + bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true]; + bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true]; + + bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7]; + return IV; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok new file mode 100644 index 000000000..b3f2e7aa5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok @@ -0,0 +1,10 @@ +#pragma curve bn128 + +from "EMBED" import sha256round; + +// a and b is NOT checked to be 0 or 1 +// the return value is checked to be 0 or 1 +// IV vector is checked to be of type bool +def main(bool[256] a, bool[256] b, bool[256] IV) -> bool[256] { + return sha256round([...a, ...b], IV); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok new file mode 100644 index 000000000..e7850f85d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok @@ -0,0 +1,21 @@ +import "./shaRound" as shaRound; + +// Initial values, FIPS 180-3, section 5.3.3 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +const u32[8] IV = [ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +]; + +// A function that takes N u32[16] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied +def main(u32[N][16] a) -> u32[8] { + u32[8] mut current = IV; + + for u32 i in 0..N { + current = shaRound(a[i], current); + } + + return current; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok new file mode 100644 index 000000000..60dea9885 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok @@ -0,0 +1,48 @@ +import "hashes/sha256/sha256"; +import "utils/casts/u8_to_bits"; +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; + +// A padding function that takes a bool[L] array as input and pads it to 512-bit blocks +def pad(bool[L] m) -> u32[M][16] { + u32 length = L + 64 + 1; + assert(length / 512 + 1 == M); + + u32 r = length % 512; + u32 k = 512 - r; + bool[M * 512] result_in_bits = [...m, true, ...[false; k + 32], ...u32_to_bits(L)]; + u32[M][16] mut result = [[0; 16]; M]; + + for u32 i in 0..M { + for u32 j in 0..16 { + u32 start = i * 512 + j * 32; + u32 end = start + 32; + result[i][j] = u32_from_bits(result_in_bits[start..end]); + } + } + return result; +} + +// A function that takes a bool[N] array as input, pads it, +// and returns the sha256 output as a u32[8] +def sha256Padded(bool[N] input) -> u32[8] { + u32 block_count = (N + 64 + 1) / 512 + 1; + u32[block_count][16] padded = pad(input); + return sha256(padded); +} + +// A function that takes a u8[N] array as input, pads it, +// and returns the sha256 output as a u32[8] +def main(u8[N] input) -> u32[8] { + u32 L = N * 8; + bool[L] mut input_bits = [false; L]; + + for u32 i in 0..N { + bool[8] bits = u8_to_bits(input[i]); + for u32 j in 0..8 { + input_bits[i * 8 + j] = bits[j]; + } + } + + return sha256Padded(input_bits); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok new file mode 100644 index 000000000..3c42903fe --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok @@ -0,0 +1,98 @@ +// FIPS 180-3, section 4.2.2 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +const u32[64] K = [ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +]; + +def rotr32(u32 x) -> u32 { + return (x >> N) | (x << (32 - N)); +} + +def extend(u32[64] w, u32 i) -> u32 { + u32 s0 = rotr32::<7>(w[i-15]) ^ rotr32::<18>(w[i-15]) ^ (w[i-15] >> 3); + u32 s1 = rotr32::<17>(w[i-2]) ^ rotr32::<19>(w[i-2]) ^ (w[i-2] >> 10); + return w[i-16] + s0 + w[i-7] + s1; +} + +def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32 { + // ch := (e and f) xor ((not e) and g) + u32 ch = (e & f) ^ ((!e) & g); + + // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) + u32 S1 = rotr32::<6>(e) ^ rotr32::<11>(e) ^ rotr32::<25>(e); + + // temp1 := h + S1 + ch + k + w + return h + S1 + ch + k + w; +} + +def temp2(u32 a, u32 b, u32 c) -> u32 { + // maj := (a and b) xor (a and c) xor (b and c) + u32 maj = (a & b) ^ (a & c) ^ (b & c); + + // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) + u32 S0 = rotr32::<2>(a) ^ rotr32::<13>(a) ^ rotr32::<22>(a); + + // temp2 := S0 + maj + return S0 + maj; +} + +// A function that computes one round of the SHA256 compression function given an input and the current value of the hash +// this is used by other components however many times needed +def main(u32[16] input, u32[8] current) -> u32[8] { + u32 mut h0 = current[0]; + u32 mut h1 = current[1]; + u32 mut h2 = current[2]; + u32 mut h3 = current[3]; + u32 mut h4 = current[4]; + u32 mut h5 = current[5]; + u32 mut h6 = current[6]; + u32 mut h7 = current[7]; + + u32[64] mut w = [...input, ...[0u32; 48]]; + + for u32 i in 16..64 { + w[i] = extend(w, i); + } + + u32 mut a = h0; + u32 mut b = h1; + u32 mut c = h2; + u32 mut d = h3; + u32 mut e = h4; + u32 mut f = h5; + u32 mut g = h6; + u32 mut h = h7; + + for u32 i in 0..64 { + u32 t1 = temp1(e, f, g, h, K[i], w[i]); + u32 t2 = temp2(a, b, c); + + h = g; + g = f; + f = e; + e = d + t1; + d = c; + c = b; + b = a; + a = t1 + t2; + } + + h0 = h0 + a; + h1 = h1 + b; + h2 = h2 + c; + h3 = h3 + d; + h4 = h4 + e; + h5 = h5 + f; + h6 = h6 + g; + h7 = h7 + h; + + return [h0, h1, h2, h3, h4, h5, h6, h7]; +} + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok new file mode 100644 index 000000000..daca1ed66 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[28] { + return keccak::<_, 28>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok new file mode 100644 index 000000000..55eb5d73f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[32] { + return keccak::<_, 32>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok new file mode 100644 index 000000000..acd07e3f5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[48] { + return keccak::<_, 48>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok new file mode 100644 index 000000000..0ab6bab27 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[64] { + return keccak::<_, 64>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok new file mode 100644 index 000000000..d78aabf72 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok @@ -0,0 +1,4 @@ +// Concatenate two u32[8] arrays in an order defined by a boolean selector +def main(bool selector, u32[8] lhs, u32[8] rhs) -> u32[16] { + return selector ? [...rhs, ...lhs] : [...lhs, ...rhs]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok new file mode 100644 index 000000000..e6e2f8069 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok @@ -0,0 +1,51 @@ +import "hashes/sha256/1024bitPadded" as sha256; +import "ecc/edwardsScalarMult" as scalarMult; +import "ecc/edwardsAdd" as add; +import "utils/pack/bool/nonStrictUnpack256" as unpack256bool; +import "utils/pack/u32/nonStrictUnpack256" as unpack256u; +import "ecc/edwardsOnCurve" as onCurve; +import "ecc/edwardsOrderCheck" as orderCheck; +from "ecc/babyjubjubParams" import BabyJubJubParams; +import "utils/casts/u32_8_to_bool_256"; + +/// Verifies an EdDSA Signature. +/// +/// Checks the correctness of a given EdDSA Signature (R,S) for the provided +/// public key A and message (M0, M1). +/// This python repo provides the tooling for creating valid signatures: +/// https://github.com/Zokrates/pycrypto +/// +/// For more information see: +/// https://en.wikipedia.org/wiki/EdDSA +/// https://eprint.iacr.org/2015/677.pdf +/// +/// Arguments: +/// R: Curve point. Hidden version of the per-message nonce. +/// S: Field element. Signature to be verified. +/// A: Curve point. Public part of the key used to create S. +/// M0: 256bit array. First 256bits of the message used to create S . +/// M1: 256bit array. Trailing 256bits of the message used to create S . +/// context: Curve parameters used to create S. +/// +/// Returns: +/// Return true for S being a valid EdDSA Signature, false otherwise. +def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> bool { + field[2] G = [context.Gu, context.Gv]; + + // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline + assert(onCurve(R, context)); // throws if R is not on curve + assert(orderCheck(R, context)); + + u32[8] Rx = unpack256u(R[0]); + u32[8] Ax = unpack256u(A[0]); + bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1)); + + bool[256] sBits = unpack256bool(S); + field[2] lhs = scalarMult(sBits, G, context); + + field[2] AhRAM = scalarMult(hRAM, A, context); + field[2] rhs = add(R, AhRAM, context); + + bool out = rhs[0] == lhs[0] && rhs[1] == lhs[1]; + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok new file mode 100644 index 000000000..f4b6e2ad5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok @@ -0,0 +1,56 @@ +#pragma curve bw6_761 + +from "EMBED" import snark_verify_bls12_377 as verify; + +struct ProofInner { + field[2] a; + field[2][2] b; + field[2] c; +} + +struct Proof { + ProofInner proof; + field[N] inputs; +} + +struct VerificationKey { + field[2][2] h; + field[2] g_alpha; + field[2][2] h_beta; + field[2] g_gamma; + field[2][2] h_gamma; + field[N][2] query; // input length + 1 +} + +def flat(field[N][2] input) -> field[F] { + assert(F == N * 2); + field[F] mut out = [0; F]; + for u32 i in 0..N { + for u32 j in 0..2 { + out[(i * 2) + j] = input[i][j]; + } + } + return out; +} + +def main(Proof proof, VerificationKey vk) -> bool { + assert(Q == N + 1); // query length (Q) should be N + 1 + field[8] flat_proof = [ + ...proof.proof.a, + ...flat::<2, 4>(proof.proof.b), + ...proof.proof.c + ]; + + u32 two_Q = 2 * Q; + + field[16 + (2 * Q)] flat_vk = [ + ...flat::<2, 4>(vk.h), + ...vk.g_alpha, + ...flat::<2, 4>(vk.h_beta), + ...vk.g_gamma, + ...flat::<2, 4>(vk.h_gamma), + ...flat::(vk.query) + ]; + + return verify(proof.inputs, flat_proof, flat_vk); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok new file mode 100644 index 000000000..6cfe6aee6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok @@ -0,0 +1,532 @@ +from "EMBED" import u64_to_bits, u32_to_bits, u16_to_bits, u8_to_bits, u8_from_bits, u16_from_bits, u32_from_bits, u64_from_bits; + +// Cast a boolean array of size 8 to an 8-bit unsigned integer (u8) +def cast(bool[8] input) -> u8 { + return u8_from_bits(input); +} + +// Cast a boolean array of size N to an array of 8-bit unsigned integers (u8) of size P +// The following condition must be true `N == 8 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u8[P] { + assert(N == 8 * P); + u8[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u8_from_bits(input[i * 8..(i + 1) * 8]); + } + return r; +} + +// Cast a boolean array of size 16 to a 16-bit unsigned integer (u16) +def cast(bool[16] input) -> u16 { + return u16_from_bits(input); +} + +// Cast a boolean array of size N to an array of 16-bit unsigned integers (u16) of size P +// The following condition must be true `N == 16 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u16[P] { + assert(N == 16 * P); + u16[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u16_from_bits(input[i * 16..(i + 1) * 16]); + } + return r; +} + +// Cast a boolean array of size 32 to a 32-bit unsigned integer (u32) +def cast(bool[32] input) -> u32 { + return u32_from_bits(input); +} + +// Cast a boolean array of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 32 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u32[P] { + assert(N == 32 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u32_from_bits(input[i * 32..(i + 1) * 32]); + } + return r; +} + +// Cast a boolean array of size 64 to a 64-bit unsigned integer (u64) +def cast(bool[64] input) -> u64 { + return u64_from_bits(input); +} + +// Cast a boolean array of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 64 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u64[P] { + assert(N == 64 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u64_from_bits(input[i * 64..(i + 1) * 64]); + } + return r; +} + +// Cast an 8-bit unsigned integer (u8) to a boolean array of size 8 (bool[8]) +def cast(u8 input) -> bool[8] { + return u8_to_bits(input); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to a boolean array of size P +// The following condition must be true `P == 8 * N`, otherwise the cast will fail +def cast(u8[N] input) -> bool[P] { + assert(P == 8 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[8] bits = u8_to_bits(input[i]); + for u32 j in 0..8 { + r[i * 8 + j] = bits[j]; + } + } + return r; +} + +// Cast an 8-bit unsigned integer (u8) to a field element +def cast(u8 input) -> field { + bool[8] bits = u8_to_bits(input); + field mut r = 0; + for u32 i in 0..8 { + u32 exponent = 8 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 8-bit unsigned integers (u8) to an array of field elements +def cast(u8[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 16-bit unsigned integer (u16) +def cast(u8 input) -> u16 { + bool[8] bits = u8_to_bits(input); + return u16_from_bits([...[false; 8], ...bits]); +} + +// Cast an array of two 8-bit unsigned integers (u8[2]) to a 16-bit unsigned integer (u16) +def cast(u8[2] input) -> u16 { + bool[16] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]) + ]; + return u16_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 16-bit unsigned integers (u16) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u16[P] { + assert(N == 2 * P); + u16[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 32-bit unsigned integer (u32) +def cast(u8 input) -> u32 { + bool[8] bits = u8_to_bits(input); + return u32_from_bits([...[false; 24], ...bits]); +} + +// Cast an array of four 8-bit unsigned integers (u8[4]) to a 32-bit unsigned integer (u32) +def cast(u8[4] input) -> u32 { + bool[32] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]) + ]; + return u32_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 4 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u32[P] { + assert(N == 4 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 4..(i + 1) * 4]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 64-bit unsigned integer (u64) +def cast(u8 input) -> u64 { + bool[8] bits = u8_to_bits(input); + return u64_from_bits([...[false; 56], ...bits]); +} + +// Cast an array of eight 8-bit unsigned integers (u8[8]) to a 64-bit unsigned integer (u64) +def cast(u8[8] input) -> u64 { + bool[64] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]), + ...u8_to_bits(input[4]), + ...u8_to_bits(input[5]), + ...u8_to_bits(input[6]), + ...u8_to_bits(input[7]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 8 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u64[P] { + assert(N == 8 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 8..(i + 1) * 8]); + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to a boolean array of size 16 (bool[16]) +def cast(u16 input) -> bool[16] { + return u16_to_bits(input); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to a boolean array of size P +// The following condition must be true `P == 16 * N`, otherwise the cast will fail +def cast(u16[N] input) -> bool[P] { + assert(P == 16 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[16] bits = u16_to_bits(input[i]); + for u32 j in 0..16 { + r[i * 16 + j] = bits[j]; + } + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to a field element +def cast(u16 input) -> field { + bool[16] bits = u16_to_bits(input); + field mut r = 0; + for u32 i in 0..16 { + u32 exponent = 16 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 16-bit unsigned integers (u16) to an array of field elements +def cast(u16[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to an array of two 8-bit unsigned integers (u8[2]) +def cast(u16 input) -> u8[2] { + bool[16] bits = u16_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]) + ]; +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u16[N] input) -> u8[P] { + assert(P == 2 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} + +// Upcast a 16-bit unsigned integer (u16) to a 32-bit unsigned integer (u32) +def cast(u16 input) -> u32 { + bool[16] bits = u16_to_bits(input); + return u32_from_bits([...[false; 16], ...bits]); +} + +// Cast an array of two 16-bit unsigned integers (u16[2]) to a 32-bit unsigned integer (u32) +def cast(u16[2] input) -> u32 { + bool[32] bits = [ + ...u16_to_bits(input[0]), + ...u16_to_bits(input[1]) + ]; + return u32_from_bits(bits); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u16[N] input) -> u32[P] { + assert(N == 2 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Upcast a 16-bit unsigned integer (u16) to a 64-bit unsigned integer (u64) +def cast(u16 input) -> u64 { + bool[16] bits = u16_to_bits(input); + return u64_from_bits([...[false; 48], ...bits]); +} + +// Cast an array of four 16-bit unsigned integers (u16[4]) to a 64-bit unsigned integer (u64) +def cast(u16[4] input) -> u64 { + bool[64] bits = [ + ...u16_to_bits(input[0]), + ...u16_to_bits(input[1]), + ...u16_to_bits(input[2]), + ...u16_to_bits(input[3]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 4 * P`, otherwise the cast will fail +def cast(u16[N] input) -> u64[P] { + assert(N == 4 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 4..(i + 1) * 4]); + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to a boolean array of size 32 (bool[32]) +def cast(u32 input) -> bool[32] { + return u32_to_bits(input); +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to a boolean array of size P +// The following condition must be true `P == 32 * N`, otherwise the cast will fail +def cast(u32[N] input) -> bool[P] { + assert(P == 32 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[32] bits = u32_to_bits(input[i]); + for u32 j in 0..32 { + r[i * 32 + j] = bits[j]; + } + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to a field element +def cast(u32 input) -> field { + bool[32] bits = u32_to_bits(input); + field mut r = 0; + for u32 i in 0..32 { + u32 exponent = 32 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 32-bit unsigned integers (u32) to an array of field elements +def cast(u32[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to an array of four 8-bit unsigned integers (u8[4]) +def cast(u32 input) -> u8[4] { + bool[32] bits = u32_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]) + ]; +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 4 * N`, otherwise the cast will fail +def cast(u32[N] input) -> u8[P] { + assert(P == 4 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[4] t = cast(input[i]); + for u32 j in 0..4 { + r[i * 4 + j] = t[j]; + } + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to an array of two 16-bit unsigned integers (u16[2]) +def cast(u32 input) -> u16[2] { + bool[32] bits = u32_to_bits(input); + return [ + u16_from_bits(bits[0..16]), + u16_from_bits(bits[16..32]) + ]; +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 16-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u32[N] input) -> u16[P] { + assert(P == 2 * N); + u16[P] mut r = [0; P]; + for u32 i in 0..N { + u16[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} + +// Upcast a 32-bit unsigned integer (u32) to a 64-bit unsigned integer (u64) +def cast(u32 input) -> u64 { + bool[32] bits = u32_to_bits(input); + return u64_from_bits([...[false; 32], ...bits]); +} + +// Cast an array of two 32-bit unsigned integers (u32[2]) to a 64-bit unsigned integer (u64) +def cast(u32[2] input) -> u64 { + bool[64] bits = [ + ...u32_to_bits(input[0]), + ...u32_to_bits(input[1]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u32[N] input) -> u64[P] { + assert(N == 2 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to a boolean array of size 64 (bool[64]) +def cast(u64 input) -> bool[64] { + return u64_to_bits(input); +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to a boolean array of size P +// The following condition must be true `P == 64 * N`, otherwise the cast will fail +def cast(u64[N] input) -> bool[P] { + assert(P == 64 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[64] bits = u64_to_bits(input[i]); + for u32 j in 0..64 { + r[i * 64 + j] = bits[j]; + } + } + return r; +} + +// Cast 64-bit unsigned integer (u64) to a field element +def cast(u64 input) -> field { + bool[64] bits = u64_to_bits(input); + field mut r = 0; + for u32 i in 0..64 { + u32 exponent = 64 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 64-bit unsigned integers (u64) to an array of field elements +def cast(u64[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 8 8-bit unsigned integers (u8[8]) +def cast(u64 input) -> u8[8] { + bool[64] bits = u64_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]), + u8_from_bits(bits[32..40]), + u8_from_bits(bits[40..48]), + u8_from_bits(bits[48..56]), + u8_from_bits(bits[56..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 8 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u8[P] { + assert(P == 8 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[8] t = cast(input[i]); + for u32 j in 0..8 { + r[i * 8 + j] = t[j]; + } + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 4 16-bit unsigned integers (u16[4]) +def cast(u64 input) -> u16[4] { + bool[64] bits = u64_to_bits(input); + return [ + u16_from_bits(bits[0..16]), + u16_from_bits(bits[16..32]), + u16_from_bits(bits[32..48]), + u16_from_bits(bits[48..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 16-bit unsigned integers of size P +// The following condition must be true `P == 4 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u16[P] { + assert(P == 4 * N); + u16[P] mut r = [0; P]; + for u32 i in 0..N { + u16[4] t = cast(input[i]); + for u32 j in 0..4 { + r[i * 4 + j] = t[j]; + } + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 2 32-bit unsigned integers (u32[2]) +def cast(u64 input) -> u32[2] { + bool[64] bits = u64_to_bits(input); + return [ + u32_from_bits(bits[0..32]), + u32_from_bits(bits[32..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 32-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u32[P] { + assert(P == 2 * N); + u32[P] mut r = [0; P]; + for u32 i in 0..N { + u32[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok new file mode 100644 index 000000000..1aa332e4c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok @@ -0,0 +1,2 @@ +def main(bool[1024] input) -> (bool[256], bool[256], bool[256], bool[256]): + return input[0..256], input[256..512], input[512..768], input[768..1024] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok new file mode 100644 index 000000000..12ee4cb75 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok @@ -0,0 +1,6 @@ +import "./bool_array_to_u32_array" as bool_to_u32; + +def main(bool[128] bits) -> u32[4] { + u32[4] res = bool_to_u32(bits); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok new file mode 100644 index 000000000..1e8b2ad59 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok @@ -0,0 +1,6 @@ +import "./bool_array_to_u32_array" as bool_to_u32; + +def main(bool[256] bits) -> u32[8] { + u32[8] res = bool_to_u32(bits); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok new file mode 100644 index 000000000..e04ffda99 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok @@ -0,0 +1,15 @@ +from "EMBED" import u32_from_bits; + +// convert an array of bool to an array of u32 +// the sizes must match (one u32 for 32 bool) otherwise an error will happen +def main(bool[N] bits) -> u32[P] { + assert(N == 32 * P); + + u32[P] mut res = [0; P]; + + for u32 i in 0..P { + res[i] = u32_from_bits(bits[32 * i..32 * (i + 1)]); + } + + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok new file mode 100644 index 000000000..ffa15094b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok @@ -0,0 +1,8 @@ +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u16_from_bits"; + +def main(field input) -> u16 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u16_from_bits(bits[FIELD_SIZE_IN_BITS-16..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok new file mode 100644 index 000000000..02be679d9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok @@ -0,0 +1,8 @@ +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u32_from_bits"; + +def main(field input) -> u32 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u32_from_bits(bits[FIELD_SIZE_IN_BITS-32..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok new file mode 100644 index 000000000..6c50e6ae8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok @@ -0,0 +1,8 @@ +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u64_from_bits"; + +def main(field input) -> u64 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u64_from_bits(bits[FIELD_SIZE_IN_BITS-64..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok new file mode 100644 index 000000000..dcb0db06c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok @@ -0,0 +1,8 @@ +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u8_from_bits"; + +def main(field input) -> u8 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u8_from_bits(bits[FIELD_SIZE_IN_BITS-8..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok new file mode 100644 index 000000000..48c7fa663 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u16_from_bits; + +def main(bool[16] a) -> u16 { + return u16_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok new file mode 100644 index 000000000..928c36a04 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u16_to_bits; + +def main(u16 a) -> bool[16] { + return u16_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok new file mode 100644 index 000000000..181b3b730 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok @@ -0,0 +1,11 @@ +from "EMBED" import u16_to_bits; + +def main(u16 i) -> field { + bool[16] bits = u16_to_bits(i); + field mut res = 0; + for u32 j in 0..16 { + u32 exponent = 16 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok new file mode 100644 index 000000000..ba4c641d5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok @@ -0,0 +1,5 @@ +from "EMBED" import u16_to_u32; + +def main(u16 a) -> u32 { + return u16_to_u32(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok new file mode 100644 index 000000000..2ff0923b3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok @@ -0,0 +1,5 @@ +from "EMBED" import u16_to_u64; + +def main(u16 a) -> u64 { + return u16_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok new file mode 100644 index 000000000..2bbdcf2ab --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok @@ -0,0 +1,6 @@ +import "./u32_array_to_bool_array" as to_bool_array; + +def main(u32[4] input) -> bool[128] { + bool[128] res = to_bool_array(input); + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok new file mode 100644 index 000000000..798c26006 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok @@ -0,0 +1,6 @@ +import "./u32_array_to_bool_array" as to_bool_array; + +def main(u32[8] input) -> bool[256] { + bool[256] res = to_bool_array(input); + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok new file mode 100644 index 000000000..1fa4e9798 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok @@ -0,0 +1,16 @@ +from "EMBED" import u32_to_bits; + +def main(u32[N] input) -> bool[P] { + assert(P == 32 * N); + + bool[P] mut res = [false; P]; + + for u32 i in 0..N { + bool[32] bits = u32_to_bits(input[i]); + for u32 j in 0..32 { + res[i * 32 + j] = bits[j]; + } + } + + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok new file mode 100644 index 000000000..3b8bc3584 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u32_from_bits; + +def main(bool[32] a) -> u32 { + return u32_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok new file mode 100644 index 000000000..921031a0f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u32_to_bits; + +def main(u32 a) -> bool[32] { + return u32_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok new file mode 100644 index 000000000..a643f832e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok @@ -0,0 +1,11 @@ +from "EMBED" import u32_to_bits; + +def main(u32 i) -> field { + bool[32] bits = u32_to_bits(i); + field mut res = 0; + for u32 j in 0..32 { + u32 exponent = 32 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok new file mode 100644 index 000000000..b221f17e9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok @@ -0,0 +1,5 @@ +from "EMBED" import u32_to_u64; + +def main(u32 a) -> u64 { + return u32_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok new file mode 100644 index 000000000..3672f9669 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u64_from_bits; + +def main(bool[64] a) -> u64 { + return u64_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok new file mode 100644 index 000000000..6e83d83cd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u64_to_bits; + +def main(u64 a) -> bool[64] { + return u64_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok new file mode 100644 index 000000000..a928b6e49 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok @@ -0,0 +1,11 @@ +from "EMBED" import u64_to_bits; + +def main(u64 i) -> field { + bool[64] bits = u64_to_bits(i); + field mut res = 0; + for u32 j in 0..64 { + u32 exponent = 64 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok new file mode 100644 index 000000000..f48f99243 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u8_from_bits; + +def main(bool[8] a) -> u8 { + return u8_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok new file mode 100644 index 000000000..ae87dca16 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok @@ -0,0 +1,5 @@ +from "EMBED" import u8_to_bits; + +def main(u8 a) -> bool[8] { + return u8_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok new file mode 100644 index 000000000..22c3b24ad --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok @@ -0,0 +1,11 @@ +from "EMBED" import u8_to_bits; + +def main(u8 i) -> field { + bool[8] bits = u8_to_bits(i); + field mut res = 0; + for u32 j in 0..8 { + u32 exponent = 8 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok new file mode 100644 index 000000000..8da09a526 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok @@ -0,0 +1,5 @@ +from "EMBED" import u8_to_u16; + +def main(u8 a) -> u16 { + return u8_to_u16(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok new file mode 100644 index 000000000..a50b27f9d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok @@ -0,0 +1,5 @@ +from "EMBED" import u8_to_u32; + +def main(u8 a) -> u32 { + return u8_to_u32(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok new file mode 100644 index 000000000..7f6f3cf0b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok @@ -0,0 +1,5 @@ +from "EMBED" import u8_to_u64; + +def main(u8 a) -> u64 { + return u8_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok new file mode 100644 index 000000000..7c9ec079c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok @@ -0,0 +1,5 @@ +// One-bit window lookup table using one constraint +def main(bool selector, field[2] target) -> field { + field out = selector ? target[1] : target[0]; + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok new file mode 100644 index 000000000..29f8d526d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok @@ -0,0 +1,7 @@ +// Two-bit window lookup table using one constraint +// Maps the bits `b` to a list of field elements `c` +def main(bool[2] b, field[4] c) -> field { + field alpha = c[1] - c[0] + (b[1] ? (c[3] - c[2] - c[1] + c[0]) : 0); + field out = (b[0] ? alpha : 0) + c[0] - (b[1] ? (0 - c[2] + c[0]) : 0); + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok new file mode 100644 index 000000000..332050464 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok @@ -0,0 +1,9 @@ +import "./lookup2bit" as lookup; + +// Three-bit window lookup (2bits + signature bit) in 2bit table +// using two constraints. Maps the bits `b` to a list of constants `c` +def main(bool[3] b, field[4] c) -> field { + field alpha = lookup([b[0], b[1]], c); + field out = alpha - 2 * (b[2] ? alpha : 0); + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok new file mode 100644 index 000000000..c0f0b81c7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok @@ -0,0 +1,11 @@ +#pragma curve bn128 + +import "./unpack_unchecked"; + +// Unpack a field element as 256 big-endian bits +// Note: uniqueness of the output is not guaranteed +// For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` +def main(field i) -> bool[256] { + bool[254] b = unpack_unchecked(i); + return [false, false, ...b]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok new file mode 100644 index 000000000..1c5cee508 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok @@ -0,0 +1,8 @@ +def main(bool[N] bits) -> field { + field mut out = 0; + for u32 j in 0..N { + u32 i = N - (j + 1); + out = out + (bits[i] ? 2 ** j : 0); + } + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok new file mode 100644 index 000000000..0001d8827 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok @@ -0,0 +1,8 @@ +#pragma curve bn128 + +import "./pack" as pack; + +// pack 128 big-endian bits into one field element +def main(bool[128] bits) -> field { + return pack(bits); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok new file mode 100644 index 000000000..c84ff0c29 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok @@ -0,0 +1,10 @@ +#pragma curve bn128 + +import "./pack" as pack; + +// pack 256 big-endian bits into one field element +// Note: This is not a injective operation as `p` is smaller than `2**256 - 1` for bn128 +// For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` +def main(bool[256] bits) -> field { + return pack(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok new file mode 100644 index 000000000..dbfba7b71 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok @@ -0,0 +1,12 @@ +import "./unpack_unchecked.zok"; +from "field" import FIELD_SIZE_IN_BITS; +from "EMBED" import bit_array_le; + +// Unpack a field element as N big endian bits +def main(field i) -> bool[N] { + bool[N] res = unpack_unchecked(i); + assert(N >= FIELD_SIZE_IN_BITS \ + ? bit_array_le(res, [...[false; N - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) \ + : true); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok new file mode 100644 index 000000000..e6b81c012 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok @@ -0,0 +1,8 @@ +import "./unpack" as unpack; + +// Unpack a field element as 128 big-endian bits +// If the input is larger than `2**128 - 1`, the output is truncated. +def main(field i) -> bool[128] { + bool[128] res = unpack(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok new file mode 100644 index 000000000..7dcf9c794 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok @@ -0,0 +1,8 @@ +import "./unpack" as unpack; + +// Unpack a field element as 256 big-endian bits +// If the input is larger than `2**256 - 1`, the output is truncated. +def main(field i) -> bool[256] { + bool[256] res = unpack::<256>(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok new file mode 100644 index 000000000..73b5b64d0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok @@ -0,0 +1,8 @@ +from "EMBED" import unpack; + +// Unpack a field element as N big endian bits without checking for overflows +// This does *not* guarantee a single output: for example, 0 can be decomposed as 0 or as P and this function does not enforce either +def main(field i) -> bool[N] { + bool[N] res = unpack(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 000000000..37311a5cf --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,11 @@ +#pragma curve bn128 + +import "../bool/nonStrictUnpack256" as unpack; +import "../../casts/bool_256_to_u32_8" as from_bits; + +// Unpack a field element as a u32[8] (big-endian) +// Note: uniqueness of the output is not guaranteed +// For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` +def main(field i) -> u32[8] { + return from_bits(unpack(i)); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok new file mode 100644 index 000000000..0c8f4538a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok @@ -0,0 +1,8 @@ +import "../../casts/u32_array_to_bool_array" as to_bits; +import "../bool/pack"; + +// pack N big-endian bits into one field element +def main(u32[N] input) -> field { + bool[N * 32] bits = to_bits(input); + return pack(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok new file mode 100644 index 000000000..dafc51985 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok @@ -0,0 +1,6 @@ +import "./pack" as pack; + +// pack 128 big-endian bits into one field element +def main(u32[4] input) -> field { + return pack(input); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok new file mode 100644 index 000000000..74c4a3d3f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok @@ -0,0 +1,19 @@ +import "../../casts/u32_to_bits"; +import "../bool/pack256"; + +// pack 256 big-endian bits into one field element +// Note: This is not a injective operation as `p` is smaller than `2**256 - 1 for bn128 +// For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` +def main(u32[8] input) -> field { + bool[256] bits = [ + ...u32_to_bits(input[0]), + ...u32_to_bits(input[1]), + ...u32_to_bits(input[2]), + ...u32_to_bits(input[3]), + ...u32_to_bits(input[4]), + ...u32_to_bits(input[5]), + ...u32_to_bits(input[6]), + ...u32_to_bits(input[7]) + ]; + return pack256(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok new file mode 100644 index 000000000..88aed4217 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok @@ -0,0 +1,10 @@ +#pragma curve bn128 + +import "../bool/unpack128" as unpack; +import "../../casts/bool_128_to_u32_4" as from_bits; + +// Unpack a field element as 128 big-endian bits +// Precondition: the input is smaller or equal to `2**128 - 1` +def main(field i) -> u32[4] { + return from_bits(unpack(i)); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs b/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs new file mode 100644 index 000000000..0471b27ab --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs @@ -0,0 +1 @@ +include!(concat!(env!("OUT_DIR"), "/tests.rs")); diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json new file mode 100644 index 000000000..606cf381c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsAdd.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok new file mode 100644 index 000000000..17e97a329 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok @@ -0,0 +1,36 @@ +import "ecc/edwardsAdd" as add; +import "ecc/edwardsNegate" as neg; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testDoubleViaAdd() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + field[2] out = add(G, G, BABYJUBJUB_PARAMS); + + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830); + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831); + + return true; +} + +def testIdentities() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + field[2] inf = BABYJUBJUB_PARAMS.INFINITY; + + assert(G == add(G, inf, BABYJUBJUB_PARAMS)); + + field[2] nG = neg(G); + field[2] nGaddG = add(G, nG, BABYJUBJUB_PARAMS); + + assert(inf == nGaddG); + + return true; +} + +def main() { + assert(testDoubleViaAdd()); + assert(testIdentities()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json new file mode 100644 index 000000000..a6d986972 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsCompress.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok new file mode 100644 index 000000000..0a3a5df70 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok @@ -0,0 +1,19 @@ +import "ecc/edwardsCompress" as edwardsCompress; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testCompress() -> bool { + field Gu = BABYJUBJUB_PARAMS.Gu; + field Gv = BABYJUBJUB_PARAMS.Gv; + + bool[256] Gcompressed = edwardsCompress([Gu, Gv]); + + assert(Gcompressed == [true, false, true, false, true, true, true, false, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, true, true, true, false, false, false, true, true, false, true, false, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, false, true, true, false, true, false, true, false, true, false, true, true, false, false, false, false, false, true, true, true, true, true, true, true, false, false, true, true, false, true, false, true, false, false, true, true, true, false, true, false, true, false, false, true, true, true, false, true, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, true, false, false, false, true, false, false, true, true, false, true, false, false, true, false, false, false, true, true, false, true, true, true, false, true, true, false, false, false, true, true, true, true, false, true, true, true, true, true, true, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, true, false, true, true, true]); + return true; +} + +def main() { + assert(testCompress()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json new file mode 100644 index 000000000..936ae4431 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsOnCurve.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok new file mode 100644 index 000000000..527dfe18f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok @@ -0,0 +1,17 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/edwardsOnCurve" as onCurve; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOnCurveTrue() -> bool { + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830; + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831; + + assert(onCurve([testU, testV], BABYJUBJUB_PARAMS)); + return true; +} + +def main() { + assert(testOnCurveTrue()); // onCurve throws for false + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json new file mode 100644 index 000000000..a22c24724 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsOrderCheck.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok new file mode 100644 index 000000000..3ae977481 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok @@ -0,0 +1,30 @@ +import "ecc/edwardsOrderCheck" as orderCheck; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOrderCheckTrue() -> bool { + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830; + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831; + + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS); + assert(out); + + return true; +} + +def testOrderCheckFalse() -> bool { + field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326; + field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543; + + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS); + assert(!out); + + return true; +} + +def main() { + assert(testOrderCheckFalse()); + assert(testOrderCheckTrue()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json new file mode 100644 index 000000000..55857dde5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsScalarMult.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok new file mode 100644 index 000000000..132729244 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok @@ -0,0 +1,94 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/edwardsScalarMult" as mul; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testCyclic() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // exp = JUBJUB_E + 1 + bool[256] exp = [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, true, false, true, true, false, false, true, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, false, true, false, false, true, true, false, false, true, true, true, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, false, true, true, true, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, true, false, false, true, false, false, true, true, false, true, true, true, true, false, false, false, true, false, false, true]; + + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS); + assert(G == out); + + return true; +} + +def testMul2() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // exp == 2 + bool[256] exp = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false]; + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS); + + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830); + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831); + + return true; +} + +def testAssociativity() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false]; + + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false]; + + // c = 7890 + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, true, true, false, true, true, false, true, false, false, true, false]; + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS); + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS); + field[2] Gabc = mul(c, Gab, BABYJUBJUB_PARAMS); + + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS); + field[2] Gbc = mul(c, Gb, BABYJUBJUB_PARAMS); + field[2] Gbca = mul(a, Gbc, BABYJUBJUB_PARAMS); + + field[2] Gc = mul(c, G, BABYJUBJUB_PARAMS); + field[2] Gca = mul(a, Gc, BABYJUBJUB_PARAMS); + field[2] Gcab = mul(b, Gca, BABYJUBJUB_PARAMS); + + assert(Gabc == Gbca); + assert(Gbca == Gcab); + assert(Gabc == Gcab); + + return true; +} + +def testMultiplicative() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false]; + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false]; + + // ab = a*b = 7006652 + bool[256] ab = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, false, true, false, true, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, false, false]; + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS); + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS); + + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS); + field[2] Gba = mul(a, Gb, BABYJUBJUB_PARAMS); + + field[2] Gmab = mul(ab, G, BABYJUBJUB_PARAMS); + + assert(Gab == Gba); + assert(Gba == Gmab); + assert(Gab == Gmab); + + return true; +} + +def main() { + assert(testMul2()); + assert(testCyclic()); + assert(testAssociativity()); + assert(testMultiplicative()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json new file mode 100644 index 000000000..d08778bfd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/proofOfOwnership.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok new file mode 100644 index 000000000..76ea81467 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok @@ -0,0 +1,30 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/proofOfOwnership" as proofOfOwnership; +import "ecc/edwardsScalarMult" as multiply; + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOwnershipTrue() -> bool { + field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]; + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025; + + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS); + + assert(out); + return true; +} + +def testOwnershipFalse() -> bool { + field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]; + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025; + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS); + + assert(!out); + return true; +} + +def main() { + assert(testOwnershipTrue()); + assert(testOwnershipFalse()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json new file mode 100644 index 000000000..a84eafe29 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json @@ -0,0 +1,22 @@ +{ + "entry_point": "./tests/tests/field.zok", + "max_constraint_count": 3, + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [ + "0", + "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "254" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok new file mode 100644 index 000000000..e30fb1f5a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok @@ -0,0 +1,5 @@ +from "field" import FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS; + +def main() -> (field, field, u32) { + return (FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json new file mode 100644 index 000000000..d31aff4da --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_1024bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok new file mode 100644 index 000000000..f03f572e2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok @@ -0,0 +1,18 @@ +import "hashes/blake2/blake2s"; + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 32) +// >>> digest.hexdigest() +// '4858b8174f8f5851ddac0507003b2490f42c33df8362770c5e79b770c84ffdb4' + +def main() { + u32[8] h = blake2s::<2>([[0x12345678; 16]; 2]); // 2 * 16 * 32 = 1024 bit input + assert(h == [ + 0x4858B817, 0x4F8F5851, 0xDDAC0507, 0x003B2490, + 0xF42C33DF, 0x8362770C, 0x5E79B770, 0xC84FFDB4 + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json new file mode 100644 index 000000000..068ae94fb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_1536bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok new file mode 100644 index 000000000..4ff3f5225 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok @@ -0,0 +1,18 @@ +import "hashes/blake2/blake2s"; + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 48) +// >>> digest.hexdigest() +// '879043503b04cab2f3c0d7a4bb01c1db74c238c49887da84e8a619893092b6e2' + +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 3]); // 3 * 16 * 32 = 1536 bit input + assert(h == [ + 0x87904350, 0x3B04CAB2, 0xF3C0D7A4, 0xBB01C1DB, + 0x74C238C4, 0x9887DA84, 0xE8A61989, 0x3092B6E2 + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json new file mode 100644 index 000000000..1a1a46f35 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok new file mode 100644 index 000000000..bdf14b899 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok @@ -0,0 +1,18 @@ +import "hashes/blake2/blake2s"; + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 16) +// >>> digest.hexdigest() +// '52af1aec3e6663bcc759d55fc7557fbb2f710219f0de138b1b52c919f5c94415' + +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 1]); // 16 * 32 = 512 bit input + assert(h == [ + 0x52AF1AEC, 0x3E6663BC, 0xC759D55F, 0xC7557FBB, + 0x2F710219, 0xF0DE138B, 0x1B52C919, 0xF5C94415 + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json new file mode 100644 index 000000000..d4317e598 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_8192bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok new file mode 100644 index 000000000..54123b796 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok @@ -0,0 +1,18 @@ +import "hashes/blake2/blake2s"; + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 256) +// >>> digest.hexdigest() +// 'b41c4704f49df139039bbc91c6e23a84198ffedc78d0b677e8b2a6a57f3460e8' + +def main() { + u32[8] h = blake2s::<16>([[0x12345678; 16]; 16]); // 16 * 16 * 32 = 8192 bit input + assert(h == [ + 0xB41C4704, 0xF49DF139, 0x039BBC91, 0xC6E23A84, + 0x198FFEDC, 0x78D0B677, 0xE8B2A6A5, 0x7F3460E8 + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json new file mode 100644 index 000000000..6f595f878 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_p.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok new file mode 100644 index 000000000..0db078219 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok @@ -0,0 +1,18 @@ +import "hashes/blake2/blake2s_p" as blake2s; + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s(person=b'\x12\x34\x56\x78\x00\x00\x00\x00') +// >>> digest.update(b'\x12\x34\x56\x78' * 16) +// >>> digest.hexdigest() +// '780105bc9ca7633b1f289b3d1558dece65e04ac23f88e711dc29600fa3e0258a' + +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 1], [0x12345678, 0]); + assert(h == [ + 0x780105BC, 0x9CA7633B, 0x1F289B3D, 0x1558DECE, + 0x65E04AC2, 0x3F88E711, 0xDC29600F, 0xA3E0258A + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json new file mode 100644 index 000000000..ff4d0881c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/224bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok new file mode 100644 index 000000000..aa84831fa --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok @@ -0,0 +1,47 @@ +import "hashes/keccak/224bit" as keccak224; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '69d40b3f7b3118a1fb193b518a70f279348e4f0835553f37d85f436a' + + u8[28] h1 = keccak224::<1>([0x2a]); + assert(h1 == [ + 0x69, 0xd4, 0x0b, 0x3f, 0x7b, 0x31, 0x18, 0xa1, 0xfb, 0x19, 0x3b, 0x51, 0x8a, 0x70, + 0xf2, 0x79, 0x34, 0x8e, 0x4f, 0x08, 0x35, 0x55, 0x3f, 0x37, 0xd8, 0x5f, 0x43, 0x6a + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '463b45a39816aeba7c62a75aed7acaaf11f7646217512a2f992ddce0' + + u8[28] h2 = keccak224::<8>([0x2a; 8]); + assert(h2 == [ + 0x46, 0x3b, 0x45, 0xa3, 0x98, 0x16, 0xae, 0xba, 0x7c, 0x62, 0xa7, 0x5a, 0xed, 0x7a, + 0xca, 0xaf, 0x11, 0xf7, 0x64, 0x62, 0x17, 0x51, 0x2a, 0x2f, 0x99, 0x2d, 0xdc, 0xe0 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '25f3ecfebabe99686282f57f5c9e1f18244cfee2813d33f955aae568' + + u8[28] h3 = keccak224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x25, 0xf3, 0xec, 0xfe, 0xba, 0xbe, 0x99, 0x68, 0x62, 0x82, 0xf5, 0x7f, 0x5c, 0x9e, + 0x1f, 0x18, 0x24, 0x4c, 0xfe, 0xe2, 0x81, 0x3d, 0x33, 0xf9, 0x55, 0xaa, 0xe5, 0x68 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json new file mode 100644 index 000000000..1011d369c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/256bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok new file mode 100644 index 000000000..7c89001cd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok @@ -0,0 +1,47 @@ +import "hashes/keccak/256bit" as keccak256; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '04994f67dc55b09e814ab7ffc8df3686b4afb2bb53e60eae97ef043fe03fb829' + + u8[32] h1 = keccak256::<1>([0x2a]); + assert(h1 == [ + 0x04, 0x99, 0x4f, 0x67, 0xdc, 0x55, 0xb0, 0x9e, 0x81, 0x4a, 0xb7, 0xff, 0xc8, 0xdf, 0x36, 0x86, + 0xb4, 0xaf, 0xb2, 0xbb, 0x53, 0xe6, 0x0e, 0xae, 0x97, 0xef, 0x04, 0x3f, 0xe0, 0x3f, 0xb8, 0x29 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '4d57ecea94f7735c23ae7c02845a500a815c21fc6d6046d2d7d518fad6bebf89' + + u8[32] h2 = keccak256::<8>([0x2a; 8]); + assert(h2 == [ + 0x4d, 0x57, 0xec, 0xea, 0x94, 0xf7, 0x73, 0x5c, 0x23, 0xae, 0x7c, 0x02, 0x84, 0x5a, 0x50, 0x0a, + 0x81, 0x5c, 0x21, 0xfc, 0x6d, 0x60, 0x46, 0xd2, 0xd7, 0xd5, 0x18, 0xfa, 0xd6, 0xbe, 0xbf, 0x89 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad' + + u8[32] h3 = keccak256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x47, 0x17, 0x32, 0x85, 0xa8, 0xd7, 0x34, 0x1e, 0x5e, 0x97, 0x2f, 0xc6, 0x77, 0x28, 0x63, 0x84, + 0xf8, 0x02, 0xf8, 0xef, 0x42, 0xa5, 0xec, 0x5f, 0x03, 0xbb, 0xfa, 0x25, 0x4c, 0xb0, 0x1f, 0xad + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json new file mode 100644 index 000000000..69a760b04 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/384bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok new file mode 100644 index 000000000..a7d07cddb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok @@ -0,0 +1,49 @@ +import "hashes/keccak/384bit" as keccak384; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '53403c11270822eebdccc9aca81e0582996de74333909598a4e4c409967fb9da14a1506264996c855eb5d9a42fd21a08' + + u8[48] h1 = keccak384::<1>([0x2a]); + assert(h1 == [ + 0x53, 0x40, 0x3c, 0x11, 0x27, 0x08, 0x22, 0xee, 0xbd, 0xcc, 0xc9, 0xac, 0xa8, 0x1e, 0x05, 0x82, + 0x99, 0x6d, 0xe7, 0x43, 0x33, 0x90, 0x95, 0x98, 0xa4, 0xe4, 0xc4, 0x09, 0x96, 0x7f, 0xb9, 0xda, + 0x14, 0xa1, 0x50, 0x62, 0x64, 0x99, 0x6c, 0x85, 0x5e, 0xb5, 0xd9, 0xa4, 0x2f, 0xd2, 0x1a, 0x08 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'ec7216058c28201daeb6fd1599b81fdbd40e229b31bea3b6b3190f21db81b01baf3d000e40801ab59551133efbac6cce' + + u8[48] h2 = keccak384::<8>([0x2a; 8]); + assert(h2 == [ + 0xec, 0x72, 0x16, 0x05, 0x8c, 0x28, 0x20, 0x1d, 0xae, 0xb6, 0xfd, 0x15, 0x99, 0xb8, 0x1f, 0xdb, + 0xd4, 0x0e, 0x22, 0x9b, 0x31, 0xbe, 0xa3, 0xb6, 0xb3, 0x19, 0x0f, 0x21, 0xdb, 0x81, 0xb0, 0x1b, + 0xaf, 0x3d, 0x00, 0x0e, 0x40, 0x80, 0x1a, 0xb5, 0x95, 0x51, 0x13, 0x3e, 0xfb, 0xac, 0x6c, 0xce + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '65fc99339a2a40e99d3c40d695b22f278853ca0f925cde4254bcae5e22ece47e6441f91b6568425adc9d95b0072eb49f' + + u8[48] h3 = keccak384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x65, 0xfc, 0x99, 0x33, 0x9a, 0x2a, 0x40, 0xe9, 0x9d, 0x3c, 0x40, 0xd6, 0x95, 0xb2, 0x2f, 0x27, + 0x88, 0x53, 0xca, 0x0f, 0x92, 0x5c, 0xde, 0x42, 0x54, 0xbc, 0xae, 0x5e, 0x22, 0xec, 0xe4, 0x7e, + 0x64, 0x41, 0xf9, 0x1b, 0x65, 0x68, 0x42, 0x5a, 0xdc, 0x9d, 0x95, 0xb0, 0x07, 0x2e, 0xb4, 0x9f + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json new file mode 100644 index 000000000..580febef0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok new file mode 100644 index 000000000..fcd1d9054 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok @@ -0,0 +1,52 @@ +import "hashes/keccak/512bit" as keccak512; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // 'a470459552991801eca017c8bfeedb376469c9b642a2cca455a3271c5751ad3be53d9f4ddce99613515e954bd3d80d218a2f43f953141ec6bdcaf7ba4a4bad67' + + u8[64] h1 = keccak512::<1>([0x2a]); + assert(h1 == [ + 0xa4, 0x70, 0x45, 0x95, 0x52, 0x99, 0x18, 0x01, 0xec, 0xa0, 0x17, 0xc8, 0xbf, 0xee, 0xdb, 0x37, + 0x64, 0x69, 0xc9, 0xb6, 0x42, 0xa2, 0xcc, 0xa4, 0x55, 0xa3, 0x27, 0x1c, 0x57, 0x51, 0xad, 0x3b, + 0xe5, 0x3d, 0x9f, 0x4d, 0xdc, 0xe9, 0x96, 0x13, 0x51, 0x5e, 0x95, 0x4b, 0xd3, 0xd8, 0x0d, 0x21, + 0x8a, 0x2f, 0x43, 0xf9, 0x53, 0x14, 0x1e, 0xc6, 0xbd, 0xca, 0xf7, 0xba, 0x4a, 0x4b, 0xad, 0x67 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '91e7b4ca7569fb43a180354878bcd807578e207c0dec866d7bc7569d86996a86bce7bd05ab32138797693e76882475a819352919cd81585110e5dfb1c8710337' + + u8[64] h2 = keccak512::<8>([0x2a; 8]); + assert(h2 == [ + 0x91, 0xe7, 0xb4, 0xca, 0x75, 0x69, 0xfb, 0x43, 0xa1, 0x80, 0x35, 0x48, 0x78, 0xbc, 0xd8, 0x07, + 0x57, 0x8e, 0x20, 0x7c, 0x0d, 0xec, 0x86, 0x6d, 0x7b, 0xc7, 0x56, 0x9d, 0x86, 0x99, 0x6a, 0x86, + 0xbc, 0xe7, 0xbd, 0x05, 0xab, 0x32, 0x13, 0x87, 0x97, 0x69, 0x3e, 0x76, 0x88, 0x24, 0x75, 0xa8, + 0x19, 0x35, 0x29, 0x19, 0xcd, 0x81, 0x58, 0x51, 0x10, 0xe5, 0xdf, 0xb1, 0xc8, 0x71, 0x03, 0x37 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '3ee2b40047b8060f68c67242175660f4174d0af5c01d47168ec20ed619b0b7c42181f40aa1046f39e2ef9efc6910782a998e0013d172458957957fac9405b67d' + + u8[64] h3 = keccak512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x3e, 0xe2, 0xb4, 0x00, 0x47, 0xb8, 0x06, 0x0f, 0x68, 0xc6, 0x72, 0x42, 0x17, 0x56, 0x60, 0xf4, + 0x17, 0x4d, 0x0a, 0xf5, 0xc0, 0x1d, 0x47, 0x16, 0x8e, 0xc2, 0x0e, 0xd6, 0x19, 0xb0, 0xb7, 0xc4, + 0x21, 0x81, 0xf4, 0x0a, 0xa1, 0x04, 0x6f, 0x39, 0xe2, 0xef, 0x9e, 0xfc, 0x69, 0x10, 0x78, 0x2a, + 0x99, 0x8e, 0x00, 0x13, 0xd1, 0x72, 0x45, 0x89, 0x57, 0x95, 0x7f, 0xac, 0x94, 0x05, 0xb6, 0x7d + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json new file mode 100644 index 000000000..1b6ebc0f3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/keccak.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok new file mode 100644 index 000000000..f216119e6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok @@ -0,0 +1,44 @@ +import "hashes/keccak/keccak"; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x7a\x6f\x6b\x72\x61\x74\x65\x73') + // >>> digest.hexdigest() + // 'ca85d1976d40dcb6ca3becc8c6596e83c0774f4185cf016a05834f5856a37f39' + + u8[32] h1 = keccak::<_, 32>([0x7a, 0x6f, 0x6b, 0x72, 0x61, 0x74, 0x65, 0x73], 0x01); + assert(h1 == [ + 0xca, 0x85, 0xd1, 0x97, 0x6d, 0x40, 0xdc, 0xb6, 0xca, 0x3b, 0xec, 0xc8, 0xc6, 0x59, 0x6e, 0x83, + 0xc0, 0x77, 0x4f, 0x41, 0x85, 0xcf, 0x01, 0x6a, 0x05, 0x83, 0x4f, 0x58, 0x56, 0xa3, 0x7f, 0x39 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 135) + // >>> digest.hexdigest() + // '723e2ae02ca8d8fb45dca21e5f6369c4f124da72f217dca5e657a4bbc69b917d' + + u8[32] h2 = keccak::<_, 32>([0x2a; 135], 0x01); + assert(h2 == [ + 0x72, 0x3e, 0x2a, 0xe0, 0x2c, 0xa8, 0xd8, 0xfb, 0x45, 0xdc, 0xa2, 0x1e, 0x5f, 0x63, 0x69, 0xc4, + 0xf1, 0x24, 0xda, 0x72, 0xf2, 0x17, 0xdc, 0xa5, 0xe6, 0x57, 0xa4, 0xbb, 0xc6, 0x9b, 0x91, 0x7d + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 136) + // >>> digest.hexdigest() + // 'e60d5160227cb1b8dc8547deb9c6a2c5e6c3306a1ca155611a73ed2c2324bfc0' + + u8[32] h3 = keccak::<_, 32>([0x2a; 136], 0x01); + assert(h3 == [ + 0xe6, 0x0d, 0x51, 0x60, 0x22, 0x7c, 0xb1, 0xb8, 0xdc, 0x85, 0x47, 0xde, 0xb9, 0xc6, 0xa2, 0xc5, + 0xe6, 0xc3, 0x30, 0x6a, 0x1c, 0xa1, 0x55, 0x61, 0x1a, 0x73, 0xed, 0x2c, 0x23, 0x24, 0xbf, 0xc0 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json new file mode 100644 index 000000000..36dab4ca5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/mimc7/mimc7.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok new file mode 100644 index 000000000..d76f377e7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok @@ -0,0 +1,16 @@ +import "hashes/mimc7/mimc7"; + +def main() { + assert(mimc7::<10>(0, 0) == 6004544488495356385698286530147974336054653445122716140990101827963729149289); + assert(mimc7::<10>(100, 0) == 2977550761518141183167168643824354554080911485709001361112529600968315693145); + + assert(mimc7::<20>(0, 0) == 19139739902058628561064841933381604453445216873412991992755775746150759284829); + assert(mimc7::<20>(100, 0) == 8623418512398828792274158979964869393034224267928014534933203776818702139758); + + assert(mimc7::<50>(0, 0) == 3049953358280347916081509186284461274525472221619157672645224540758481713173); + assert(mimc7::<50>(100, 0) == 18511388995652647480418174218630545482006454713617579894396683237092568946789); + + assert(mimc7::<90>(0, 0) == 20281265111705407344053532742843085357648991805359414661661476832595822221514); + assert(mimc7::<90>(100, 0) == 1010054095264022068840870550831559811104631937745987065544478027572003292636); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json new file mode 100644 index 000000000..4bd338f48 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json @@ -0,0 +1,31 @@ +{ + "entry_point": "./tests/tests/hashes/mimcSponge/mimcFeistel.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3"] + }, + "output": { + "Ok": { + "value": [ + "18444058245820418255538785847032978363886102372504864086197416499869253008979", + "2646733164649743153031645792459389637917704265581895142760676293265176296759" + ] + } + } + }, + { + "input": { + "values": ["0", "0", "0"] + }, + "output": { + "Ok": { + "value": [ + "14543742788565021628577424853847564376151732847602780516906950225481254681152", + "21165881269406212375659499083070944693027168220143204011932538650149052385959" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok new file mode 100644 index 000000000..6a13df874 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok @@ -0,0 +1,5 @@ +import "hashes/mimcSponge/mimcFeistel" as mimcFeistel; + +def main(field a, field b, field c) -> field[2] { + return mimcFeistel(a, b, c); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json new file mode 100644 index 000000000..714f712c5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/mimcSponge/mimcSponge.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok new file mode 100644 index 000000000..5f822bf05 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok @@ -0,0 +1,15 @@ +import "hashes/mimcSponge/mimcSponge" as mimcSponge; + +def main() { + assert(mimcSponge::<_, 3>([1, 2], 3) == [ + 20225509322021146255705869525264566735642015554514977326536820959638320229084, + 13871743498877225461925335509899475799121918157213219438898506786048812913771, + 21633608428713573518356618235457250173701815120501233429160399974209848779097 + ]); + assert(mimcSponge::<_, 3>([0, 0], 0) == [ + 20636625426020718969131298365984859231982649550971729229988535915544421356929, + 6046202021237334713296073963481784771443313518730771623154467767602059802325, + 16227963524034219233279650312501310147918176407385833422019760797222680144279 + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json new file mode 100644 index 000000000..953c7dba1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/pedersen/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok new file mode 100644 index 000000000..08df1b549 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok @@ -0,0 +1,24 @@ +//Python code used to create test vector: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np +// +// entropy = np.random.bytes(64) +// print(entropy) +// # b'\x17\xd2\xe6\xd9\\t\xe9|K\xf6\x0c\xc0\xc6\xa6\xb4\x17\xba\xfcT\xe9 \\\x80\x80&\x1fBD\x964\xd6\xdf\x8e\x7f^\x06j)n\xcf\x1d\xc1\x83\x8cy\x1c\x8fZ\xee\x9e\xca3!\x00\xf1\x89\xc9k\x02\x88\xc6\xb1P\x1f' +// hasher = PedersenHasher("test") +// digest = hasher.hash_bytes(entropy) +// +// entropy_bits = bitstring.BitArray(bytes=entropy).bin +// digest_bits = bitstring.BitArray(bytes=digest.compress()).bin + +import "hashes/pedersen/512bit" as pedersen; + +def main() { + u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f]; + + u32[8] d = pedersen(e); + assert(d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json new file mode 100644 index 000000000..7229d9aa0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/pedersen/512bitBool.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok new file mode 100644 index 000000000..f27c91c3c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok @@ -0,0 +1,8 @@ +import "hashes/pedersen/512bitBool" as pedersen; + +def main() { + bool[512] input = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + bool[256] res = [true, false, true, false, true, true, true, false, true, false, false, false, true, true, false, true, false, true, false, false, true, false, false, true, true, false, true, false, true, true, true, false, false, true, true, false, true, true, false, false, false, true, false, false, false, true, false, false, false, true, false, true, false, true, true, false, true, false, false, false, false, false, true, true, false, true, true, true, true, false, true, true, false, true, false, false, true, false, true, false, true, true, true, true, true, true, false, true, false, false, true, true, false, true, true, false, true, false, false, false, true, true, false, true, false, true, false, true, true, false, true, true, true, true, true, false, true, true, true, false, true, false, true, false, false, true, false, true, false, false, false, true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, false, false, false, false, false, false, true, true, true, true, true, true, true, false, true, true, false, false, true, false, true, false, true, true, false, true, true, true, false, true, true, true, false, true, true, true, true, false, false, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, true, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, true, true, true, true, true, true]; + assert(pedersen(input) == res); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json new file mode 100644 index 000000000..d199fc4e0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json @@ -0,0 +1,25 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_1.zok", + "tests": [ + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "value": "18586133768512220936620570745912940619677854269274689475585506675881198879027" + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "value": "12326503012965816391338144612242952408728683609716147019497703475006801258307" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok new file mode 100644 index 000000000..19fc1d733 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field i) -> field { + field output = poseidon([i]); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json new file mode 100644 index 000000000..1b9e3ee6e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_2.zok", + "tests": [ + { + "input": { + "values": [["1", "2"]] + }, + "output": { + "Ok": { + "value": "7853200120776062878684798364095072458815029376092732009249414926327459813530" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok new file mode 100644 index 000000000..75c935c4e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field[2] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json new file mode 100644 index 000000000..7edbd6166 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_3.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3"]] + }, + "output": { + "Ok": { + "value": "6542985608222806190361240322586112750744169038454362455181422643027100751666" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok new file mode 100644 index 000000000..6bb1acb3c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field[3] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json new file mode 100644 index 000000000..c83d20366 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_4.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4"]] + }, + "output": { + "Ok": { + "value": "18821383157269793795438455681495246036402687001665670618754263018637548127333" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok new file mode 100644 index 000000000..44cb09d7d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field[4] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json new file mode 100644 index 000000000..52316c887 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json @@ -0,0 +1,35 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_5.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4", "5"]] + }, + "output": { + "Ok": { + "value": "6183221330272524995739186171720101788151706631170188140075976616310159254464" + } + } + }, + { + "input": { + "values": [["1", "2", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "1018317224307729531995786483840663576608797660851238720571059489595066344487" + } + } + }, + { + "input": { + "values": [["3", "4", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "5811595552068139067952687508729883632420015185677766880877743348592482390548" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok new file mode 100644 index 000000000..1476b1d28 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field[5] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json new file mode 100644 index 000000000..9887ef923 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json @@ -0,0 +1,35 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_6.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4", "5", "6"]] + }, + "output": { + "Ok": { + "value": "20400040500897583745843009878988256314335038853985262692600694741116813247201" + } + } + }, + { + "input": { + "values": [["1", "2", "0", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "15336558801450556532856248569924170992202208561737609669134139141992924267169" + } + } + }, + { + "input": { + "values": [["3", "4", "0", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "12263118664590987767234828103155242843640892839966517009184493198782366909018" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok new file mode 100644 index 000000000..4e55883a3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok @@ -0,0 +1,6 @@ +import "hashes/poseidon/poseidon" as poseidon; + +def main(field[6] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json new file mode 100644 index 000000000..ccc952855 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/1024bitPadded.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok new file mode 100644 index 000000000..9a7ba8c45 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok @@ -0,0 +1,29 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'efa41ca4a5c76b495d55dfdbf9175320404b3c8048b38eb1873aa6633a363883' + +// bin(int(digest, 16)) +// # '0b1110111110100100000111001010010010100101110001110110101101001001010111010101010111011111110110111111100100010111010100110010000001000000010010110011110010000000010010001011001110001110101100011000011100111010101001100110001100111010001101100011100010000011' +import "hashes/sha256/1024bitPadded" as sha256; + +def main() { + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; + + u32[8] digest = sha256(a, b, c, d); + assert(digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json new file mode 100644 index 000000000..c3a95a334 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok new file mode 100644 index 000000000..5a00082ac --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok @@ -0,0 +1,9 @@ +import "hashes/sha256/256bitPadded" as sha256; + +def main() { + u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89]; + u32[8] digest = sha256(a); + + assert(digest == [0x16d947ca, 0x4831aee7, 0x6999aa28, 0x20e5c3b4, 0x8171bf49, 0x27241da9, 0xebe644df, 0x9b690df0]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json new file mode 100644 index 000000000..1f846cf58 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok new file mode 100644 index 000000000..6894e26b5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/512bit" as sha256; + +def main() { + u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89]; + u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917]; + + u32[8] digest = sha256(a, b); + assert(digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json new file mode 100644 index 000000000..c89de0966 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json @@ -0,0 +1,19 @@ +{ + "entry_point": "./stdlib/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [["0", "0", "0", "5"]] + }, + "output": { + "Ok": { + "value": [ + "263561599766550617289250058199814760685", + "65303172752238645975888084098459749904" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok new file mode 100644 index 000000000..a62c661f7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok @@ -0,0 +1,32 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10' + +// int(digest[:32], 16) +// # 263561599766550617289250058199814760685 +// int(digest[32:], 16) +// # 65303172752238645975888084098459749904 + +import "hashes/sha256/512bitPacked" as sha256packed; + +def main() { + field a = 0; + field b = 0; + field c = 0; + field d = 5; + + field[2] h = sha256packed([a, b, c, d]); + + assert(h[0] == 263561599766550617289250058199814760685); + assert(h[1] == 65303172752238645975888084098459749904); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json new file mode 100644 index 000000000..29ef1e9c0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json new file mode 100644 index 000000000..195788b83 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok new file mode 100644 index 000000000..cb9a9c4e1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok @@ -0,0 +1,25 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10' + +// bin(int(digest, 16)) +// # '0b1100011001001000000111100010001011000101111111110100000101100100101011110110100000001011100011001111101010100101111010001110110100110001001000001110111011111111100010011100010011110011000001111100010010100110111110101010101011100000010110011100111000010000' +import "hashes/sha256/512bitPadded" as sha256; + +def main() { + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; + + u32[8] digest = sha256(a, b); + assert(digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json new file mode 100644 index 000000000..6b61c3cd8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/1024bitPadded.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok new file mode 100644 index 000000000..4a01daa25 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok @@ -0,0 +1,13 @@ +import "hashes/sha256/embed/1024bitPadded" as sha256; + +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + + bool[256] digest = sha256(a, b, c, d); + assert(digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json new file mode 100644 index 000000000..b545b4330 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok new file mode 100644 index 000000000..319e61db7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok @@ -0,0 +1,8 @@ +import "hashes/sha256/embed/256bitPadded" as sha256; + +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] digest = sha256(a); + assert(digest == [false, true, true, false, false, true, true, false, false, true, true, false, true, false, false, false, false, true, true, true, true, false, true, false, true, false, true, false, true, true, false, true, true, true, true, true, true, false, false, false, false, true, true, false, false, false, true, false, true, false, true, true, true, true, false, true, false, true, true, true, false, true, true, true, false, true, true, false, true, true, false, false, true, false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, false, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, false, false, true, true, true, true, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, false, false, false, false, true, false, false, false, true, false, false, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, false, false, false, true, false, true, false, true, true, false, true, true, true, false, true, true, true, false, false, false, true, false, false, false, true, true, false, false, true, true, true, false, true, true, false, false, true, true, true, false, false, true, false, false, false, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, false, true, false, false, false, true, true, true, false, true, false, false, false, false, true, true, false, true, false, true, false, true, true, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, false, true, false, true]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json new file mode 100644 index 000000000..b6ad807a0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok new file mode 100644 index 000000000..2f4e8c20b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/embed/512bit" as sha256; + +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + + bool[256] digest = sha256(a, b); + assert(digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json new file mode 100644 index 000000000..59a1d87b6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok new file mode 100644 index 000000000..19f4526fe --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok @@ -0,0 +1,15 @@ +import "hashes/sha256/embed/512bitPacked" as sha256packed; + +def main() { + field a = 0; + field b = 0; + field c = 0; + field d = 5; + + field[2] h = sha256packed([a, b, c, d]); + + assert(h[0] == 263561599766550617289250058199814760685); + assert(h[1] == 65303172752238645975888084098459749904); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json new file mode 100644 index 000000000..e0b064d46 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok new file mode 100644 index 000000000..2da380b34 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/embed/512bitPadded" as sha256; + +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + + bool[256] digest = sha256(a, b); + assert(digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json new file mode 100644 index 000000000..aee827d32 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/sha256Padded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok new file mode 100644 index 000000000..fffedb570 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok @@ -0,0 +1,37 @@ +import "hashes/sha256/sha256Padded"; + +// NIST FIPS 180-2 Test Vectors, section "Secure Hashing" - SHA-256 +// https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values +// https://csrc.nist.gov/csrc/media/publications/fips/180/2/archive/2002-08-01/documents/fips180-2.pdf + +def main() { + // abc + u8[3] v1 = [0x61, 0x62, 0x63]; + u32[8] h1 = sha256Padded(v1); + assert(h1 == [0xba7816bf, 0x8f01cfea, 0x414140de, 0x5dae2223, 0xb00361a3, 0x96177a9c, 0xb410ff61, 0xf20015ad]); + + // abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + u8[56] v2 = [ + 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, 0x64, 0x65, 0x66, 0x67, 0x65, + 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, + 0x6b, 0x6c, 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, 0x6d, 0x6e, 0x6f, + 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + u32[8] h2 = sha256Padded(v2); + assert(h2 == [0x248d6a61, 0xd20638b8, 0xe5c02693, 0x0c3e6039, 0xa33ce459, 0x64ff2167, 0xf6ecedd4, 0x19db06c1]); + + // abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu + u8[112] v3 = [ + 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x63, + 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x65, 0x66, + 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x67, 0x68, 0x69, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x69, 0x6a, 0x6b, 0x6c, + 0x6d, 0x6e, 0x6f, 0x70, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, + 0x73, 0x74, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75 + ]; + u32[8] h3 = sha256Padded(v3); + assert(h3 == [0xcf5b16a7, 0x78af8380, 0x036ce59e, 0x7b049237, 0x0b249b11, 0xe8f07a51, 0xafac4503, 0x7afee9d1]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json new file mode 100644 index 000000000..bd7172c60 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/224bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok new file mode 100644 index 000000000..2f45f2958 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok @@ -0,0 +1,47 @@ +import "hashes/sha3/224bit" as sha3_224; + +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> digest = SHA3_224.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // 'b588579919b3947381b5d6260797296695f30ef82b5a204ec00840e5' + + u8[28] h1 = sha3_224::<1>([0x2a]); + assert(h1 == [ + 0xb5, 0x88, 0x57, 0x99, 0x19, 0xb3, 0x94, 0x73, 0x81, 0xb5, 0xd6, 0x26, 0x07, 0x97, + 0x29, 0x66, 0x95, 0xf3, 0x0e, 0xf8, 0x2b, 0x5a, 0x20, 0x4e, 0xc0, 0x08, 0x40, 0xe5 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> digest = SHA3_224.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'e6005b22af6b0f068cf6b158a607ad5ca1b21ca85f2470e6af4b4ca0' + + u8[28] h2 = sha3_224::<8>([0x2a; 8]); + assert(h2 == [ + 0xe6, 0x00, 0x5b, 0x22, 0xaf, 0x6b, 0x0f, 0x06, 0x8c, 0xf6, 0xb1, 0x58, 0xa6, 0x07, + 0xad, 0x5c, 0xa1, 0xb2, 0x1c, 0xa8, 0x5f, 0x24, 0x70, 0xe6, 0xaf, 0x4b, 0x4c, 0xa0 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_224.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // 'dfb7f18c77e928bb56faeb2da27291bd790bc1045cde45f3210bb6c5' + + u8[28] h3 = sha3_224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0xdf, 0xb7, 0xf1, 0x8c, 0x77, 0xe9, 0x28, 0xbb, 0x56, 0xfa, 0xeb, 0x2d, 0xa2, 0x72, + 0x91, 0xbd, 0x79, 0x0b, 0xc1, 0x04, 0x5c, 0xde, 0x45, 0xf3, 0x21, 0x0b, 0xb6, 0xc5 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json new file mode 100644 index 000000000..f600266be --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/256bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok new file mode 100644 index 000000000..b15c9b4c0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok @@ -0,0 +1,47 @@ +import "hashes/sha3/256bit" as sha3_256; + +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> digest = SHA3_256.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '82283b4b030589a7aa0ca28b8e933ac0bd89738a0df509806c864366deec31d7' + + u8[32] h1 = sha3_256::<1>([0x2a]); + assert(h1 == [ + 0x82, 0x28, 0x3b, 0x4b, 0x03, 0x05, 0x89, 0xa7, 0xaa, 0x0c, 0xa2, 0x8b, 0x8e, 0x93, 0x3a, 0xc0, + 0xbd, 0x89, 0x73, 0x8a, 0x0d, 0xf5, 0x09, 0x80, 0x6c, 0x86, 0x43, 0x66, 0xde, 0xec, 0x31, 0xd7 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> digest = SHA3_256.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '02794645c5d54624a86e237cda0cbe980075f3908ccb00fd67befd2a0bbe0b35' + + u8[32] h2 = sha3_256::<8>([0x2a; 8]); + assert(h2 == [ + 0x02, 0x79, 0x46, 0x45, 0xc5, 0xd5, 0x46, 0x24, 0xa8, 0x6e, 0x23, 0x7c, 0xda, 0x0c, 0xbe, 0x98, + 0x00, 0x75, 0xf3, 0x90, 0x8c, 0xcb, 0x00, 0xfd, 0x67, 0xbe, 0xfd, 0x2a, 0x0b, 0xbe, 0x0b, 0x35 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_256.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '644bcc7e564373040999aac89e7622f3ca71fba1d972fd94a31c3bfbf24e3938' + + u8[32] h3 = sha3_256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x64, 0x4b, 0xcc, 0x7e, 0x56, 0x43, 0x73, 0x04, 0x09, 0x99, 0xaa, 0xc8, 0x9e, 0x76, 0x22, 0xf3, + 0xca, 0x71, 0xfb, 0xa1, 0xd9, 0x72, 0xfd, 0x94, 0xa3, 0x1c, 0x3b, 0xfb, 0xf2, 0x4e, 0x39, 0x38 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json new file mode 100644 index 000000000..1b700d7a8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/384bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok new file mode 100644 index 000000000..13812fddd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok @@ -0,0 +1,50 @@ +import "hashes/sha3/384bit" as sha3_384; + +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> digest = SHA3_384.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '386f0e977e65e7609217714a7cd450e145efbc645ad7c7c78d6c9f12b52cb4df22729b2330b7f5267bac9a5750d9130e' + + u8[48] h1 = sha3_384::<1>([0x2a]); + assert(h1 == [ + 0x38, 0x6f, 0x0e, 0x97, 0x7e, 0x65, 0xe7, 0x60, 0x92, 0x17, 0x71, 0x4a, 0x7c, 0xd4, 0x50, 0xe1, + 0x45, 0xef, 0xbc, 0x64, 0x5a, 0xd7, 0xc7, 0xc7, 0x8d, 0x6c, 0x9f, 0x12, 0xb5, 0x2c, 0xb4, 0xdf, + 0x22, 0x72, 0x9b, 0x23, 0x30, 0xb7, 0xf5, 0x26, 0x7b, 0xac, 0x9a, 0x57, 0x50, 0xd9, 0x13, 0x0e + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> digest = SHA3_384.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'b5e5109aa62d1633ca3b4c8fcf90b71192b7ebbca1159a65546be6bea5a53f748c513f97556e86d3516b3f9384ff4380' + + u8[48] h2 = sha3_384::<8>([0x2a; 8]); + assert(h2 == [ + 0xb5, 0xe5, 0x10, 0x9a, 0xa6, 0x2d, 0x16, 0x33, 0xca, 0x3b, 0x4c, 0x8f, 0xcf, 0x90, 0xb7, 0x11, + 0x92, 0xb7, 0xeb, 0xbc, 0xa1, 0x15, 0x9a, 0x65, 0x54, 0x6b, 0xe6, 0xbe, 0xa5, 0xa5, 0x3f, 0x74, + 0x8c, 0x51, 0x3f, 0x97, 0x55, 0x6e, 0x86, 0xd3, 0x51, 0x6b, 0x3f, 0x93, 0x84, 0xff, 0x43, 0x80 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_384.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '83bff28dde1b1bf5810071c6643c08e5b05bdb836effd70b403ea8ea0a634dc4997eb1053aa3593f590f9c63630dd90b' + + u8[48] h3 = sha3_384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x83, 0xbf, 0xf2, 0x8d, 0xde, 0x1b, 0x1b, 0xf5, 0x81, 0x00, 0x71, 0xc6, 0x64, 0x3c, 0x08, 0xe5, + 0xb0, 0x5b, 0xdb, 0x83, 0x6e, 0xff, 0xd7, 0x0b, 0x40, 0x3e, 0xa8, 0xea, 0x0a, 0x63, 0x4d, 0xc4, + 0x99, 0x7e, 0xb1, 0x05, 0x3a, 0xa3, 0x59, 0x3f, 0x59, 0x0f, 0x9c, 0x63, 0x63, 0x0d, 0xd9, 0x0b + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json new file mode 100644 index 000000000..ee03b48ef --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok new file mode 100644 index 000000000..163285486 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok @@ -0,0 +1,53 @@ +import "hashes/sha3/512bit" as sha3_512; + +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> digest = SHA3_512.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '0f8e235b563113abb8a914eb6efc4a31280f1d2341920dfb88bdd20a00d7e47d601a353e5821142acf0dd9ec53bfe4bfe9a2a16f98933142e1c6938c8939b3a0' + + u8[64] h1 = sha3_512::<1>([0x2a]); + assert(h1 == [ + 0x0f, 0x8e, 0x23, 0x5b, 0x56, 0x31, 0x13, 0xab, 0xb8, 0xa9, 0x14, 0xeb, 0x6e, 0xfc, 0x4a, 0x31, + 0x28, 0x0f, 0x1d, 0x23, 0x41, 0x92, 0x0d, 0xfb, 0x88, 0xbd, 0xd2, 0x0a, 0x00, 0xd7, 0xe4, 0x7d, + 0x60, 0x1a, 0x35, 0x3e, 0x58, 0x21, 0x14, 0x2a, 0xcf, 0x0d, 0xd9, 0xec, 0x53, 0xbf, 0xe4, 0xbf, + 0xe9, 0xa2, 0xa1, 0x6f, 0x98, 0x93, 0x31, 0x42, 0xe1, 0xc6, 0x93, 0x8c, 0x89, 0x39, 0xb3, 0xa0 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> digest = SHA3_512.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '5e908c2962bcd38fddd1ae4ed4c44eb3396cad53eb36564881979435e18a8e71eda1cbea2fe0fc6ded0672756312b12f8dad38e7528af173ea10095a28cd5555' + + u8[64] h2 = sha3_512::<8>([0x2a; 8]); + assert(h2 == [ + 0x5e, 0x90, 0x8c, 0x29, 0x62, 0xbc, 0xd3, 0x8f, 0xdd, 0xd1, 0xae, 0x4e, 0xd4, 0xc4, 0x4e, 0xb3, + 0x39, 0x6c, 0xad, 0x53, 0xeb, 0x36, 0x56, 0x48, 0x81, 0x97, 0x94, 0x35, 0xe1, 0x8a, 0x8e, 0x71, + 0xed, 0xa1, 0xcb, 0xea, 0x2f, 0xe0, 0xfc, 0x6d, 0xed, 0x06, 0x72, 0x75, 0x63, 0x12, 0xb1, 0x2f, + 0x8d, 0xad, 0x38, 0xe7, 0x52, 0x8a, 0xf1, 0x73, 0xea, 0x10, 0x09, 0x5a, 0x28, 0xcd, 0x55, 0x55 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_512.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '840006653e9ac9e95117a15c915caab81662918e925de9e004f774ff82d7079a40d4d27b1b372657c61d46d470304c88c788b3a4527ad074d1dccbee5dbaa99a' + + u8[64] h3 = sha3_512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x84, 0x00, 0x06, 0x65, 0x3e, 0x9a, 0xc9, 0xe9, 0x51, 0x17, 0xa1, 0x5c, 0x91, 0x5c, 0xaa, 0xb8, + 0x16, 0x62, 0x91, 0x8e, 0x92, 0x5d, 0xe9, 0xe0, 0x04, 0xf7, 0x74, 0xff, 0x82, 0xd7, 0x07, 0x9a, + 0x40, 0xd4, 0xd2, 0x7b, 0x1b, 0x37, 0x26, 0x57, 0xc6, 0x1d, 0x46, 0xd4, 0x70, 0x30, 0x4c, 0x88, + 0xc7, 0x88, 0xb3, 0xa4, 0x52, 0x7a, 0xd0, 0x74, 0xd1, 0xdc, 0xcb, 0xee, 0x5d, 0xba, 0xa9, 0x9a + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json new file mode 100644 index 000000000..a6578d5c0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/utils/256bitsDirectionHelper.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok new file mode 100644 index 000000000..39b225e3f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -0,0 +1,39 @@ +//Python code used to create test vector: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np +// +// entropy = np.random.bytes(64) +// print(entropy) +// # b'\x17\xd2\xe6\xd9\\t\xe9|K\xf6\x0c\xc0\xc6\xa6\xb4\x17\xba\xfcT\xe9 \\\x80\x80&\x1fBD\x964\xd6\xdf\x8e\x7f^\x06j)n\xcf\x1d\xc1\x83\x8cy\x1c\x8fZ\xee\x9e\xca3!\x00\xf1\x89\xc9k\x02\x88\xc6\xb1P\x1f' +// hasher = PedersenHasher("test") +// digest = hasher.hash_bytes(entropy) +// +// entropy_bits = bitstring.BitArray(bytes=entropy).bin +// digest_bits = bitstring.BitArray(bytes=digest.compress()).bin + +import "hashes/utils/256bitsDirectionHelper" as direction; + +def left() -> bool { + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]; + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]; + + u32[16] out = direction(false, a, b); + assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]); + return true; +} + +def right() -> bool { + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]; + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]; + + u32[16] out = direction(true, a, b); + assert(out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]); + return true; +} + +def main() { + assert(left()); + assert(right()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json new file mode 100644 index 000000000..bea9daf72 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/signatures/verifyEddsa.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok new file mode 100644 index 000000000..607bd2eee --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok @@ -0,0 +1,20 @@ +import "signatures/verifyEddsa" as verifyEddsa; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; + +// Code to create test case: +// https://github.com/Zokrates/pycrypto +def main() { + field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]; + field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045; + + // Public Key + field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]; + + u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; + + bool isVerified = verifyEddsa(R, S, A, M0, M1, BABYJUBJUB_PARAMS); + assert(isVerified); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json new file mode 100644 index 000000000..c3f7a2dd0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json @@ -0,0 +1,102 @@ +{ + "entry_point": "./tests/tests/snark/gm17.zok", + "curves": ["Bw6_761"], + "tests": [ + { + "input": { + "values": [ + { + "proof": { + "a": [ + "0x01441e34fd88112583831de068e3bdf67d7a5b020c9650e4dc8e3dd0cf92f62b32668dd4654ddc63fe5293a542756a27", + "0x013d7b6097a6ae8534909cb2f2ec2e39f3ccbe8858db0285e45619131db37f84b1c88fbb257a7b8e8944a926bb41aa66" + ], + "b": [ + [ + "0x00dcf8242e445213da28281aab32bcf47268bf16624dbca7c828cfbb0e8000bad94926272cba0cd5e9a959cf4e969c7c", + "0x00b570276d40ae06ac3feb5db65b37acf1eabd16e1c588d01c553b1a60e5d007d9202a8ad2b6405e521b3eec84772521" + ], + [ + "0x00acbeabed6267316420b73b9eba39e8c51080b8b507857478a54c0fc259b17eec2921253a15445e2ec3c130706398b0", + "0x019b579a061cbc4aed64351d87ba96c071118ef3fd645e630c18986e284de5ffc8a48ea94eeb3bdc8807d62d366e223f" + ] + ], + "c": [ + "0x004c93c20cd43f8b7818fcc4ece38243779bedb8b874702df4d6968b75cbe2e6831ab38475e2f0c7bc170171580198df", + "0x0177a560e5f6ae87f07aeff2dcdb1e0737b4810aeba8a5ba1bc4c5d0e89f268aae142ab5327afbde8e8bad869702aad3" + ] + }, + "inputs": [ + "0x0000000000000000000000000000000000000000000000000000000000000001", + "0x0000000000000000000000000000000000000000000000000000000000000002", + "0x0000000000000000000000000000000000000000000000000000000000000003" + ] + }, + { + "h": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "g_alpha": [ + "0x004b7af9ab6ef9061adb5ed7ba12e9cd41f508ac758c25c5e629d871a1b980e5242149b522b20c57808fae97cb76b971", + "0x0196c16d89a7cccbb8f15775da22c01d5ec45b384829bcaad91b324a482676558d3d6d41f675966b5d22537f4ed77903" + ], + "h_beta": [ + [ + "0x014d2d0bcfa272334efbc589dc263c3f2a5d2711f9a0d5fbb3c2ad1b7eebe93459aeee6e1c8bc02041945313aec93d8a", + "0x0054800f89ebbbd924328a7782fdbb5260b56059901a06e6ad58c4a7df96018e5ea1c5ffd28ed0dd0139dcced6bde7e8" + ], + [ + "0x00ca4e270e5fe79ff2a5432daf6e9e5aa22aebf6521a7d3c5ef97d981b05ea93043c6307b47e8a3e00ace9c987fb725e", + "0x010cb8f97a5d586777e4f7ca8a0ce4465c0de02951cb8ccca43403b1a669e523c1163ebc9ce7d10edf583894fad70341" + ] + ], + "g_gamma": [ + "0x003fa4d4d1fe1a9bb62e704b5ac76a514e4aaf53cfcbd12cb55aa7afecf2c12ce9346737b5594ee872700178748e9ed1", + "0x018975a2eb9de8a1982d076b56bb86b5214f89cff897d492e16dcdc1eca2a692eb9f0af5183585ba4aee9d78af2ab570" + ], + "h_gamma": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "query": [ + [ + "0x00dbcc84391e078ae2fa7b5dc8478651b945e155505332a55e5b7be4de52ce83450bbf94f1da270c012104d394b22fda", + "0x002dc3039f7236d31fceaa6d8e13d33a5850984193f70c0abfe20a1f4540f59987e49cb0cc2722f1dccb47f1012d38c8" + ], + [ + "0x00db1bc3a431619ca74564c8a734592151a5fc2d8bfa750d4ffb94126bdaed83dce86bcdc8f966dca3066f67c61c897c", + "0x00e97f2f6c94a2676dd3c8646a45684cfd66a644644c1fc8ee5cf2ab4e322a5a82a9f9872ec9e8c7f3f1a9ddf38f2e53" + ], + [ + "0x008f4c292ba1ae0fa22613e0afaa075796b21a935e591fb8e8b32fa7c0fe0ecda25d5575e1e2b178d5a4bfb8e89f9d36", + "0x017cb6aca4e2d1027ab429a2a7d6b8f6e13dfeb427b7eaf9b6e3ca22554fae39f45ee0854098c9753cca04b46f3388d0" + ], + [ + "0x0168740e2d9cab168df083dd1d340de23d5055f4eed63c87811e94a5bf9c492658c6c58ccb1a48bb153cbe9aa8d98c8d", + "0x005b7c28b57504562c1d38a5ba9c67a59c696dc2e51b3c50d96e75e2f399f9106f08f6846d553d32e58b8131ad997fc1" + ] + ] + } + ] + }, + "output": { + "Ok": { + "value": true + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok new file mode 100644 index 000000000..1eb9e8756 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok @@ -0,0 +1,58 @@ +// verify a snark +// to reproduce the test cases: +// +// 1. Create a program +// ```zokrates +// def main(field a, field b) -> field { +// return a + b; +// } +// ``` +// +// 2. Compile it to bls12_377 +// ```sh +// zokrates compile -i program.zok --curve bls12_377 +// ``` +// +// 3. Run a trusted setup for gm17 +// ```sh +// zokrates setup --proving-scheme gm17 --backend ark +// ``` +// +// 4. Execute the program and generate a proof +// ```sh +// zokrates compute-witness -a 1 2 +// zokrates generate-proof --proving-scheme gm17 --backend ark +// ``` +// +// 5. Generate the test case +// +// ```sh +// cat > gm17.json << EOT +// { +// "entry_point": "./tests/tests/snark/gm17.zok", +// "curves": ["Bw6_761"], +// "tests": [ +// { +// "input": { +// "values": [ +// $(cat proof.json && echo ", " && cat verification.key) +// ] +// }, +// "output": { +// "Ok": { +// "values": ["1"] +// } +// } +// } +// ] +// } +// EOT +// ``` +// +// `gm17.json` can then be used as a test for this code file + +from "snark/gm17" import main as verify, Proof, VerificationKey; + +def main(Proof<3> proof, VerificationKey<4> vk) -> bool { + return verify(proof, vk); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json new file mode 100644 index 000000000..c325f9c38 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/bool.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok new file mode 100644 index 000000000..102d90535 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok @@ -0,0 +1,47 @@ +from "utils/casts.zok" import cast; + +// bool[8] -> u8 +// bool[N] -> u8[P] +// bool[16] -> u16 +// bool[N] -> u16[P] +// bool[32] -> u32 +// bool[N] -> u32[P] +// bool[64] -> u64 +// bool[N] -> u64[P] + +def main() { + bool[8] bits = [true, false, true, false, true, false, true, false]; + + // bool[8] -> u8 + u8 v0 = cast(bits); + assert(v0 == 0xAA); + + // bool[16] -> u8[2] + u8[2] v1 = cast([...bits, ...[true; 8]]); + assert(v1 == [0xAA, 0xFF]); + + // bool[16] -> u16 + u16 v2 = cast([...bits, ...[true; 8]]); + assert(v2 == 0xAAFF); + + // bool[32] -> u16[2] + u16[2] v3 = cast([...bits, ...[true; 8], ...[false; 8], ...[true; 8]]); + assert(v3 == [0xAAFF, 0x00FF]); + + // bool[32] -> u32 + u32 v4 = cast([...bits, ...[true; 8], ...[false; 8], ...[true; 8]]); + assert(v4 == 0xAAFF00FF); + + // bool[64] -> u32[2] + u32[2] v5 = cast([...bits, ...[false; 16], ...[true; 8], ...[true; 24], ...[false; 8]]); + assert(v5 == [0xAA0000FF, 0xFFFFFF00]); + + // bool[64] -> u64 + u64 v6 = cast([...bits, ...[false; 24], ...[true; 8], ...[false; 24]]); + assert(v6 == 0xAA000000FF000000); + + // bool[128] -> u64[2] + u64[2] v7 = cast([...bits, ...[false; 56], ...[true; 56], ...[false; 8]]); + assert(v7 == [0xAA00000000000000, 0xFFFFFFFFFFFFFF00]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json new file mode 100644 index 000000000..e5225799d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json @@ -0,0 +1,59 @@ +{ + "entry_point": "./tests/tests/utils/casts/field_to_uint.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "18446744073709551616", + "18446744073709551658", + "0", + "1", + "4294967295", + "4294967296", + "4294967338", + "0", + "1", + "65535", + "65536", + "65578", + "0", + "1", + "255", + "256", + "298" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "1", + "18446744073709551615", + "0", + "42", + "0", + "1", + "4294967295", + "0", + "42", + "0", + "1", + "65535", + "0", + "42", + "0", + "1", + "255", + "0", + "42" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok new file mode 100644 index 000000000..6d9b5b58f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok @@ -0,0 +1,20 @@ +import "utils/casts/field_to_u64"; +import "utils/casts/field_to_u32"; +import "utils/casts/field_to_u16"; +import "utils/casts/field_to_u8"; + +def main(field[5] a, field[5] b, field[5] c, field[5] d) -> (u64[5], u32[5], u16[5], u8[5]) { + u64[5] mut e = [0; 5]; + u32[5] mut f = [0; 5]; + u16[5] mut g = [0; 5]; + u8[5] mut h = [0; 5]; + + for u32 i in 0..5 { + e[i] = field_to_u64(a[i]); + f[i] = field_to_u32(b[i]); + g[i] = field_to_u16(c[i]); + h[i] = field_to_u8(d[i]); + } + + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json new file mode 100644 index 000000000..c5ce52310 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json @@ -0,0 +1,33 @@ +{ + "entry_point": "./tests/tests/utils/casts/to_bits.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + }, + "output": { + "Ok": { + "values": [ + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "1", "0", "1", "0", "1", "0" + ] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok new file mode 100644 index 000000000..f53126dcb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok @@ -0,0 +1,19 @@ +import "utils/casts/u64_to_bits" +import "utils/casts/u32_to_bits" +import "utils/casts/u16_to_bits" +import "utils/casts/u8_to_bits" + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (bool[4][64], bool[4][32], bool[4][16], bool[4][8]): + bool[4][64] e = [[false; 64]; 4] + bool[4][32] f = [[false; 32]; 4] + bool[4][16] g = [[false; 16]; 4] + bool[4][8] h = [[false; 8]; 4] + + for u32 i in 0..4 do + e[i] = u64_to_bits(a[i]) + f[i] = u32_to_bits(b[i]) + g[i] = u16_to_bits(c[i]) + h[i] = u8_to_bits(d[i]) + endfor + + return e, f, g, h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json new file mode 100644 index 000000000..bde8f288d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/casts/to_field.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + }, + "output": { + "Ok": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok new file mode 100644 index 000000000..3c3fe61f5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok @@ -0,0 +1,19 @@ +import "utils/casts/u64_to_field" +import "utils/casts/u32_to_field" +import "utils/casts/u16_to_field" +import "utils/casts/u8_to_field" + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (field[4], field[4], field[4], field[4]): + field[4] e = [0; 4] + field[4] f = [0; 4] + field[4] g = [0; 4] + field[4] h = [0; 4] + + for u32 i in 0..4 do + e[i] = u64_to_field(a[i]) + f[i] = u32_to_field(b[i]) + g[i] = u16_to_field(c[i]) + h[i] = u8_to_field(d[i]) + endfor + + return e, f, g, h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json new file mode 100644 index 000000000..af8c3b321 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u16.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok new file mode 100644 index 000000000..6e11659d3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok @@ -0,0 +1,64 @@ +from "utils/casts.zok" import cast; + +// u16 -> bool[16] +// u16[N] -> bool[P] +// u16 -> field +// u16[N] -> field[N] +// u16 -> u8[2] +// u16[N] -> u8[P] +// u16 -> u32 +// u16[2] -> u32 +// u16[N] -> u32[P] +// u16 -> u64 +// u16[4] -> u64 +// u16[N] -> u64[P] + +def main() { + // u16 -> bool[16] + bool[16] v0 = cast(0xFFFF); + assert(v0 == [true; 16]); + + // u16[N] -> bool[P] + bool[32] v1 = cast([0xFFFF, 0x00FF]); + assert(v1 == [...[true; 16], ...[false; 8], ...[true; 8]]); + + // u16 -> field + field v2 = cast(0x1234); + assert(v2 == 4660); + + field[2] v3 = cast([0x1234, 0x5678]); + assert(v3 == [4660, 22136]); + + // u16 -> u8[2] + u8[2] v4 = cast(0x1234); + assert(v4 == [0x12, 0x34]); + + // u16[N] -> u8[P] + u8[4] v5 = cast([0x1234, 0x5678]); + assert(v5 == [0x12, 0x34, 0x56, 0x78]); + + // u16 -> u32 + u32 v6 = cast(0xFFFF); + assert(v6 == 0x0000FFFF); + + // u16[2] -> u32 + u32 v7 = cast([0x1234, 0x5678]); + assert(v7 == 0x12345678); + + // u16[4] -> u32[2] + u32[2] v8 = cast([0x1234, 0x5678, 0x8765, 0x4321]); + assert(v8 == [0x12345678, 0x87654321]); + + // u16 -> u64 + u64 v9 = cast(0xFFFF); + assert(v9 == 0x000000000000FFFF); + + // u16[4] -> u64 + u64 v10 = cast([0x1234, 0x5678, 0x8765, 0x4321]); + assert(v10 == 0x1234567887654321); + + // u16[8] -> u64[2] + u64[2] v11 = cast([0xFFFF; 8]); + assert(v11 == [0xFFFFFFFFFFFFFFFF; 2]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json new file mode 100644 index 000000000..56ba8e2c3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u32.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok new file mode 100644 index 000000000..66bb72ddc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok @@ -0,0 +1,61 @@ +from "utils/casts.zok" import cast; + +// u32 -> bool[32] +// u32[N] -> bool[P] +// u32 -> field +// u32[N] -> field[N] +// u32 -> u8[4] +// u32[N] -> u8[P] +// u32 -> u16[2] +// u32[N] -> u16[P] +// u32 -> u64 +// u32[2] -> u64 +// u32[N] -> u64[P] + +def main() { + // u32 -> bool[32] + bool[32] v0 = cast(0x0000FFFF); + assert(v0 == [...[false; 16], ...[true; 16]]); + + // u32[2] -> bool[64] + bool[64] v1 = cast([0x0000FFFF, 0xFFFFFFFF]); + assert(v1 == [...[false; 16], ...[true; 16], ...[true; 32]]); + + // u32 -> field + field v2 = cast(0x12345678); + assert(v2 == 305419896); + + // u32[2] -> field[2] + field[2] v3 = cast([0x12345678, 0x87654321]); + assert(v3 == [305419896, 2271560481]); + + // u32 -> u8[4] + u8[4] v4 = cast(0x12345678); + assert(v4 == [0x12, 0x34, 0x56, 0x78]); + + // u32[2] -> u8[8] + u8[8] v5 = cast([0x12345678, 0x87654321]); + assert(v5 == [0x12, 0x34, 0x56, 0x78, 0x87, 0x65, 0x43, 0x21]); + + // u32 -> u16[2] + u16[2] v6 = cast(0x12345678); + assert(v6 == [0x1234, 0x5678]); + + // u32[2] -> u16[4] + u16[4] v7 = cast([0x12345678, 0x87654321]); + assert(v7 == [0x1234, 0x5678, 0x8765, 0x4321]); + + // u32 -> u64 + u64 v8 = cast(0x12345678); + assert(v8 == 0x0000000012345678); + + // u32[2] -> u64 + u64 v9 = cast([0x12345678, 0x87654321]); + assert(v9 == 0x1234567887654321); + + // u32[4] -> u64[2] + u64[2] v10 = cast([0x12345678, 0x00000000, 0x00000000, 0x87654321]); + assert(v10 == [0x1234567800000000, 0x0000000087654321]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json new file mode 100644 index 000000000..230850b2e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u64.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok new file mode 100644 index 000000000..f32c3586c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok @@ -0,0 +1,58 @@ +from "utils/casts.zok" import cast; + +// u64 -> bool[64] +// u64[N] -> bool[P] +// u64 -> field +// u64[N] -> field[N] +// u64 -> u8[8] +// u64[N] -> u8[P] +// u64 -> u16[4] +// u64[N] -> u16[P] +// u64 -> u32[2] +// u64[N] -> u32[P] + +def main() { + // u64 -> bool[64] + bool[64] v0 = cast(0x0000FFFF0000FFFF); + assert(v0 == [...[false; 16], ...[true; 16], ...[false; 16], ...[true; 16]]); + + // u64[2] -> bool[128] + bool[128] v1 = cast([0x0000000000000000, 0xFFFFFFFFFFFFFFFF]); + assert(v1 == [...[false; 64], ...[true; 64]]); + + // u64 -> field + field v2 = cast(0x0000FFFF0000FFFF); + assert(v2 == 281470681808895); + + // u64[2] -> field[2] + field[2] v3 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v3 == [281470681808895, 18446462603027742720]); + + // u64 -> u8[8] + u8[8] v4 = cast(0x0000FFFF0000FFFF); + assert(v4 == [0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF]); + + // u64[2] -> u8[16] + u8[16] v5 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v5 == [ + 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, + 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00 + ]); + + // u64 -> u16[4] + u16[4] v6 = cast(0x0000FFFF0000FFFF); + assert(v6 == [0x0000, 0xFFFF, 0x0000, 0xFFFF]); + + // u64[2] -> u16[8] + u16[8] v7 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v7 == [0x0000, 0xFFFF, 0x0000, 0xFFFF, 0xFFFF, 0x0000, 0xFFFF, 0x0000]); + + // u64 -> u32[2] + u32[2] v8 = cast(0x0000FFFF0000FFFF); + assert(v8 == [0x0000FFFF, 0x0000FFFF]); + + // u64[2] -> u32[4] + u32[4] v9 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v9 == [0x0000FFFF, 0x0000FFFF, 0xFFFF0000, 0xFFFF0000]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json new file mode 100644 index 000000000..66eddd8b9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u8.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok new file mode 100644 index 000000000..2b72beaec --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok @@ -0,0 +1,70 @@ +from "utils/casts.zok" import cast; + +// u8 -> bool[8] +// u8[N] -> bool[P] +// u8 -> field +// u8[N] -> field[N] +// u8 -> u16 +// u8[2] -> u16 +// u8[N] -> u16[P] +// u8 -> u32 +// u8[4] -> u32 +// u8[N] -> u32[P] +// u8 -> u64 +// u8[8] -> u64 +// u8[N] -> u64[P] + +def main() { + // u8 -> bool[8] + bool[8] v0 = cast(0xFF); + assert(v0 == [true; 8]); + + // u8[2] -> bool[16] + bool[16] v1 = cast([0xFF, 0x00]); + assert(v1 == [...[true; 8], ...[false; 8]]); + + // u8 -> field + field v2 = cast(0xFF); + assert(v2 == 255f); + + // u8[2] -> field[2] + field[2] v3 = cast([0x2A, 0xFF]); + assert(v3 == [42f, 255f]); + + // u8 -> u16 + u16 v4 = cast(0xFF); + assert(v4 == 0x00FF); + + // u8[2] -> u16 + u16 v5 = cast([0x2A, 0xFF]); + assert(v5 == 0x2AFF); + + // u8[4] -> u16[2] + u16[2] v6 = cast([0x2A, 0xFF, 0xFF, 0xFE]); + assert(v6 == [0x2AFF, 0xFFFE]); + + // u8 -> u32 + u32 v7 = cast(0xFF); + assert(v7 == 0x000000FF); + + // u8[4] -> u32 + u32 v8 = cast([0x2A, 0xFF, 0xFF, 0xFE]); + assert(v8 == 0x2AFFFFFE); + + // u8[8] -> u32[2] + u32[2] v9 = cast([0x2A, 0xFF, 0xFF, 0xFE, 0x00, 0xFF, 0xFF, 0xFE]); + assert(v9 == [0x2AFFFFFE, 0x00FFFFFE]); + + // u8 -> u64 + u64 v10 = cast(0xFF); + assert(v10 == 0x00000000000000FF); + + // u8[8] -> u64 + u64 v11 = cast([0x2A, 0xFF, 0xFF, 0xFE, 0x00, 0xFF, 0xFF, 0xFE]); + assert(v11 == 0x2AFFFFFE00FFFFFE); + + // u8[16] -> u64[2] + u64[2] v12 = cast([...[0x00; 7], 0xFF, ...[0xFF; 8]]); + assert(v12 == [0x00000000000000FF, 0xFFFFFFFFFFFFFFFF]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json new file mode 100644 index 000000000..e2cf3f3ec --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json @@ -0,0 +1,515 @@ +{ + "entry_point": "./tests/tests/utils/casts/uint_to_bits.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok new file mode 100644 index 000000000..0408b66ac --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok @@ -0,0 +1,20 @@ +import "utils/casts/u64_to_bits"; +import "utils/casts/u32_to_bits"; +import "utils/casts/u16_to_bits"; +import "utils/casts/u8_to_bits"; + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (bool[4][64], bool[4][32], bool[4][16], bool[4][8]) { + bool[4][64] mut e = [[false; 64]; 4]; + bool[4][32] mut f = [[false; 32]; 4]; + bool[4][16] mut g = [[false; 16]; 4]; + bool[4][8] mut h = [[false; 8]; 4]; + + for u32 i in 0..4 { + e[i] = u64_to_bits(a[i]); + f[i] = u32_to_bits(b[i]); + g[i] = u16_to_bits(c[i]); + h[i] = u8_to_bits(d[i]); + } + + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json new file mode 100644 index 000000000..62028faa1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json @@ -0,0 +1,51 @@ +{ + "entry_point": "./tests/tests/utils/casts/uint_to_field.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok new file mode 100644 index 000000000..ccc389c5d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok @@ -0,0 +1,20 @@ +import "utils/casts/u64_to_field"; +import "utils/casts/u32_to_field"; +import "utils/casts/u16_to_field"; +import "utils/casts/u8_to_field"; + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (field[4], field[4], field[4], field[4]) { + field[4] mut e = [0; 4]; + field[4] mut f = [0; 4]; + field[4] mut g = [0; 4]; + field[4] mut h = [0; 4]; + + for u32 i in 0..4 { + e[i] = u64_to_field(a[i]); + f[i] = u32_to_field(b[i]); + g[i] = u16_to_field(c[i]); + h[i] = u8_to_field(d[i]); + } + + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json new file mode 100644 index 000000000..4e6856d45 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup1bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok new file mode 100644 index 000000000..964675998 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok @@ -0,0 +1,23 @@ +import "utils/multiplexer/lookup1bit" as lookup; + +def left() -> bool { + bool sel = false; // left + field[2] t = [0, 1]; + + assert(0 == lookup(sel, t)); + return true; +} + +def right() -> bool { + bool sel = true; // right + field[2] t = [0, 1]; + + assert(1 == lookup(sel, t)); + return true; +} + +def main() { + assert(left()); + assert(right()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json new file mode 100644 index 000000000..aa0fc9c83 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup2bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok new file mode 100644 index 000000000..d9a11e347 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok @@ -0,0 +1,41 @@ +import "utils/multiplexer/lookup2bit" as lookup; + +def first() -> bool { + bool[2] sel = [false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} + +def second() -> bool { + bool[2] sel = [true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(1 == lookup(sel, t)); + return true; +} + +def third() -> bool { + bool[2] sel = [false, true]; + field[4] t = [0, 1, 2, 3]; + + assert(2 == lookup(sel, t)); + return true; +} + +def fourth() -> bool { + bool[2] sel = [true, true]; + field[4] t = [0, 1, 2, 3]; + + assert(3 == lookup(sel, t)); + return true; +} + +def main() { + assert(first()); + assert(second()); + assert(third()); + assert(fourth()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json new file mode 100644 index 000000000..5710ba935 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup3bitSigned.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok new file mode 100644 index 000000000..cb83fdb95 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok @@ -0,0 +1,80 @@ +import "utils/multiplexer/lookup3bitSigned" as lookup; + +def first() -> bool { + bool[3] sel = [false, false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} + +def firstNeg() -> bool { + bool[3] sel = [false, false, true]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} + +def second() -> bool { + bool[3] sel = [true, false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(1 == lookup(sel, t)); + return true; +} + +def secondNeg() -> bool { + bool[3] sel = [true, false, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 1; + assert(out == lookup(sel, t)); + return true; +} + +def third() -> bool { + bool[3] sel = [false, true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(2 == lookup(sel, t)); + return true; +} + +def thirdNeg() -> bool { + bool[3] sel = [false, true, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 2; + assert(out == lookup(sel, t)); + return true; +} + +def fourth() -> bool { + bool[3] sel = [true, true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(3 == lookup(sel, t)); + return true; +} + +def fourthNeg() -> bool { + bool[3] sel = [true, true, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 3; + assert(out == lookup(sel, t)); + return true; +} + +def main() { + assert(first()); + assert(firstNeg()); + assert(second()); + assert(secondNeg()); + assert(third()); + assert(thirdNeg()); + assert(fourth()); + assert(fourthNeg()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json new file mode 100644 index 000000000..dc6f88bd7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok new file mode 100644 index 000000000..9cd9694ad --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok @@ -0,0 +1,33 @@ +import "utils/pack/bool/nonStrictUnpack256" as unpack256; + +def testFive() -> bool { + bool[256] b = unpack256(5); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + return true; +} + +def testZero() -> bool { + bool[256] b = unpack256(0); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + +def testLarge() -> bool { + bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + assert(b == [false, false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + return true; +} + +def testMax() -> bool { + bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + assert(b == [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + assert(testLarge()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json new file mode 100644 index 000000000..3ed3b7352 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok new file mode 100644 index 000000000..45fefa572 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok @@ -0,0 +1,32 @@ +import "utils/pack/bool/pack128" as pack128; + +def testFive() -> bool { + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + field n = pack128(b); + + assert(5 == n); + return true; +} + +def testZero() -> bool { + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + field n = pack128(b); + + assert(0 == n); + return true; +} + +def testMax() -> bool { + bool[128] b = [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]; + field n = pack128(b); + + assert(340282366920938463463374607431768211455 == n); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json new file mode 100644 index 000000000..90a23c09a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok new file mode 100644 index 000000000..64b41f3a0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok @@ -0,0 +1,26 @@ +import "utils/pack/bool/unpack128" as unpack128; + +def testFive() -> bool { + bool[128] b = unpack128(5); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + return true; +} + +def testZero() -> bool { + bool[128] b = unpack128(0); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + +def testMax() -> bool { + bool[128] b = unpack128(340282366920938463463374607431768211455); + assert(b == [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json new file mode 100644 index 000000000..b28e20e53 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/unpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok new file mode 100644 index 000000000..7dba47549 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok @@ -0,0 +1,19 @@ +import "utils/pack/bool/unpack256" as unpack256; + +def testFive() -> bool { + bool[256] b = unpack256(5); + assert(b == [...[false; 253], true, false, true]); + return true; +} + +def testZero() -> bool { + bool[256] b = unpack256(0); + assert(b == [false; 256]); + return true; +} + + def main() { + assert(testFive()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json new file mode 100644 index 000000000..00815fc75 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 000000000..4a865fb6e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,33 @@ +import "utils/pack/u32/nonStrictUnpack256" as unpack256; + +def testFive() -> bool { + u32[8] b = unpack256(5); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]); + return true; +} + +def testZero() -> bool { + u32[8] b = unpack256(0); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]); + return true; +} + +def testLarge() -> bool { + u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); + return true; +} + +def testMax() -> bool { + u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + assert(testLarge()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json new file mode 100644 index 000000000..d1ff17c73 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok new file mode 100644 index 000000000..4b1f1d3d3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok @@ -0,0 +1,32 @@ +import "utils/pack/u32/pack128" as pack128; + +def testFive() -> bool { + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005]; + field n = pack128(b); + + assert(5 == n); + return true; +} + +def testZero() -> bool { + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000]; + field n = pack128(b); + + assert(0 == n); + return true; +} + +def testMax() -> bool { + u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]; + field n = pack128(b); + + assert(2**128 - 1 == n); + return true; +} + +def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json new file mode 100644 index 000000000..3203010b9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok new file mode 100644 index 000000000..270eaacc4 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok @@ -0,0 +1,26 @@ +import "utils/pack/u32/unpack128" as unpack128; + +def testFive() -> bool { + u32[4] b = unpack128(5); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005]); + return true; +} + +def testZero() -> bool { + u32[4] b = unpack128(0); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000]); + return true; +} + +def testMax() -> bool { + u32[4] b = unpack128(2**128 - 1); + assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +}