feat!: Use BigInt instead of FieldElement in the compiler to be able to detect overflows/underflows

[asterite]

Description

Problem

Resolves #4631

Summary

Throughout the compiler, integer values are represented using FieldElement, starting at the tokenization level. If an integer value is larger than modulus, it's silently truncated (or, well, wrapped, I guess). To be able to detect that this happens we can't keep FieldElement at this level: we have to carry the unmodified integer up until we do the type range check. So, this PR changes tokens to carry a BigInt value. This BigInt is then passed to HirLiteral and even reaching the Literal enum in the monomorphization phase. Eventually, the BigInt is turned into a FieldElement right when it's needed (right after we do the type range check).

Then, this PR also enhances the type range check logic: now that we can have values that overflow the largest Field's value, we check that. But also, the previous code only checked for maximum positive values. For example, for u8 it would check that the value was less than 256. But for i8 it would check the same thing. This PR changes that check to verify it's in -128..=127 (and similarly for other integer types).

Additional Context

None.

Documentation*

Check one:

• No documentation needed.
• Documentation included in this PR.
• [For Experimental Features] Documentation to be submitted in a separate PR.

PR Checklist*

• I have tested the changes locally.
• I have formatted the changes with Prettier and/or cargo fmt on default settings.

[asterite]

💭 Is this correct?

[asterite]

💭 I wonder if there's a way to do this without allocating the min and max big ints. BigInt can only be compared with other big ints...

[TomAFrench]

One quick solution would be to use a OnceCell so that we only need to allocate a single bigint and reuse that for all other integers of the same bitsize

[asterite]

Same here, I wonder if there's a way to avoid creating this BigInt.

[TomAFrench]

This can be a simple global for the time being.

[asterite]

What's the way to declare global variables in Rust?

[TomAFrench]

const MODULUS: BigInt = blah

[asterite]

Thanks!

I tried it:

    const MODULUS: BigInt = BigInt::from_biguint(Sign::Plus, FieldElement::modulus());

but I get this error:

cannot call non-const fn `num_bigint::BigInt::from_biguint` in constants
calls in constants are limited to constant functions, tuple structs and tuple variants

[asterite]

Let me know if it's okay to add these helper functions. We could also inline them.

[asterite]

Probably not for this PR, but there's a similar error that triggers in another part of the compiler that looks like this:

The literal 2⁸ cannot fit into u8 which has range 0..=255

This is really nice because you immediately know what are the min/max values. We could do the same here too.

[asterite]

Let me know if there's a way to do this in another way. If not, we can remove this TODO.

[asterite]

This is gone from here, but a similar check/conversion is done later on.

[asterite]

I'm never too sure about introducing an utils module. It's probably better to put functions next to their types, but I wasn't sure if adding them to where FieldElement is was okay. There's also a function that operates on BigInt and we don't own that one. That said, I also see some other utils.rs files in the repo, so maybe it's fine :-)

[asterite]

I'm sure there's a better way to do this, probably iterating the be/le bytes... but I wanted to wait for a review before changing this.

[TomAFrench]

pub fn truncate_big_int_to_u128(big_int: &BigInt) -> u128 {
    let bigint_bytes = big_uint.to_bytes_le();
    let u128_bytes: [u8; 16] = bigint_bytes[0..16].try_into().unwrap();
    u128::from_le_bytes(u128_bytes)
}

This should work (up to dealing with endianness issues)

[TomAFrench]

Alternatively

pub fn truncate_big_int_to_u128(big_int: &BigInt) -> u128 {
    let bigint_u64_le_iter = big_uint.iter_u64_digits();
    let low = bigint_u64_le_iter.next().unwrap_or(0) as u128;
    let high = bigint_u64_le_iter.next().unwrap_or(0) as u128;
    high << 64 + low
}

[asterite]

I tried both approached but they fail the test I just wrote. I'll use those as a base code, I'm sure it's almost there (but I'll switch to the lsp PR now)

[asterite]

I guess this PR is a breaking change... but I guess a good one?

[vezenovm]

Yeah even though we refactored is_bn254 to not rely on p == 0 other programs may rely on this functionality.

[TomAFrench]

Have spotted a couple of cases where we're mapping from bigints to fields a bit strangely. Will do another deeper review in a bit.

[TomAFrench]

One quick solution would be to use a OnceCell so that we only need to allocate a single bigint and reuse that for all other integers of the same bitsize

[TomAFrench]

This can be a simple global for the time being.

[TomAFrench]

The canonical field representation is the range [0,p) so it seems odd to allow negative values. Will come back to this.

[asterite]

Good point. However, there's some code that uses negative field values, like this one:

noir/test_programs/compile_success_empty/unary_operators/src/main.nr

Line 2 in 6936a52

let x = -1;

So I was thinking we can at least allow negative values if they are in the range [-p, 0] (or [-p + 1, 0]?). But anything outside [-p, p] is a clear error (maybe?)

[TomAFrench]

pub fn truncate_big_int_to_u128(big_int: &BigInt) -> u128 {
    let bigint_bytes = big_uint.to_bytes_le();
    let u128_bytes: [u8; 16] = bigint_bytes[0..16].try_into().unwrap();
    u128::from_le_bytes(u128_bytes)
}

This should work (up to dealing with endianness issues)

[TomAFrench]

Alternatively

pub fn truncate_big_int_to_u128(big_int: &BigInt) -> u128 {
    let bigint_u64_le_iter = big_uint.iter_u64_digits();
    let low = bigint_u64_le_iter.next().unwrap_or(0) as u128;
    let high = bigint_u64_le_iter.next().unwrap_or(0) as u128;
    high << 64 + low
}

[TomAFrench]

Suggested change

	num-traits = "0.2.19"
	num-traits.workspace = true

We've defined a version to use across the workspace in the root Cargo.toml. Can you replace all the other instances with this?

[TomAFrench]

This is going to map the integer -1 to the field element 1 when it should instead be mapped to p-1.

[asterite]

Ah, good catch. I pushed a commit to fix this.

[TomAFrench]

Suggested change

	pub mod utils;
	pub(crate) mod utils;

I don't think we need to make this public.

[asterite]

The issue is that those are used in aztec_macros and noirc_evaluator.

[asterite]

I've been thinking more about this PR and how to approach this problem.

I think that, at the lexer level, if an integer token is larger than the maximum field element, we can give a compile error. That's assuming field elements will always be bigger than the maximum value of u64. Then we can keep storing values as FieldElement. We still have to remember if the value was positive or negative, but we are already doing that.

So, I'll close the PR and later next week open another PR, but let me know otherwise!

[asterite]

I just checked in Rust, and if you have a program like this:

fn main() {
    let x = 1243982734987234328947293847298347982374982374982374987324;
}

the error is:

integer literal is too large
value exceeds limit of 340282366920938463463374607431768211455

that's 2**128, so I think they do this too: at the lexer level they already limit the maximum integer, regardless of its destination. I'll do the same :-)

[TomAFrench]

Hmm, yeah that makes sense. That's a nice simplification.

[asterite]

Related: #449