fix: incorrect calc of surfeit related value in EmulatedFpVar
#157
Conversation
yuxqiu
requested review from
z-tech,
Pratyush and
mmagician
and removed request for
a team
yuxqiu
changed the title
EmulatedFpVar
|
Thank you for the PR! @weikengchen is the better reviewer for this |
|
cc @weikengchen could you take a look at this. |
|
@yuxqiu Could you update the PR? @weikengchen could you take a look at this? |
Sure. It is done now. |
|
Let me double check the formula... |
|
can you find a test case that will fail or like provide calculations on why? |
|
I think unless there is a case when the original implementation does fall short, we will not change the circuit---the arkworks-rs library has been used in a lot of projects, and if you want to change the circuit, it would just "force" a lot of the projects to fork the old circuit and continue to use it. Therefore, I still believe that you need to present a counterexample. |
That makes perfect sense. I’ll need a few days to prepare a test case and will get back to you once it’s ready. |
|
@weikengchen It’s all set for review now. |
|
Great job. Let me take a look. |
|
@weikengchen did you get a chance to look at this? |
|
would be great to have someone else to take a careful look |
|
hm @weikengchen who would be a good reviewer for this code? I am not familiar with this part of the codebase. |
Description
Currently, the following invariant is not maintained when computing
num_of_additions_over_normal_forminsub_without_reduceandprod_of_num_of_additionsinmul_without_reduceAllocatedEmulatedFpVar, no limb has a value > (num_of_additions_over_normal_form + 1) * (2^{bits_per_limb} - 1).AllocatedMulResultVar, no limb has a value > (prod_of_num_of_additions + 1) * (2^{bits_per_limb} - 1).More specifically, these values are currently underestimated.
This will result in generating constraints in
group_and_check_equalitythat can't be satisfied, since thesurfeitvalue is used to determine how many limbs to put into a group. For example, in my overload, underestimating thesurfeitvalue resulted in putting one more limb value in a group, which resulted in an overflow inlet eqn_left = left_total_limb + pad_limb + &carry_in - right_total_limb;and madeeqn_left. conditional_enforce_equal(&eqn_right, &Boolean::<BaseF>::TRUE)not satisfiable.The patch also fixed the
overhead!macro, which did not computeceil(log2(x))correctly.Since it's not easy to create test cases that will trigger the constraint system to be unsatisfied, I've just added two tests to ensure that the above invariant is satisfied. Hopefully these two test cases will also help people contribute to this part of the library in the future by documenting the invariant used throughout the implementation.
A few more questions
I'm not sure why in
post_add_reducethe reduction is only performed when2 * params.bits_per_limb + surfeit + 1 >= BaseF::MODULUS_BIT_SIZE. I think that checking thatparams.bits_per_limb + some constant >= BaseF::MODULUS_BIT_SIZEis sufficient. This similar pattern is also present insub_without_reduce. If there is no particular reason, I think we can fix it to accurately reflect the upper bounds of the bit size.Currently, the
addandadd_constantimplementations inAllocatedMulResultVardon't seem to reduce the results whenprod_of_num_of_additionsis large enough. This seems to be an issue that needs to be fixed.Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
Pendingsection inCHANGELOG.mdFiles changedin the Github PR explorer