feat(avm): fuzzer toradixbe (#19208)

To Radix BE for the fuzzer. Contains a method to generate the toradix
"smartly" since there are many ways for it to fail early

I folded the PR that was previously on top of this as it contained some
fixes for toradixBE. That PR also had a bunch more stuff for
L1L2MsgExists and MOV

Author: IlyasRidhuan

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/instruction.hpp

@@ -485,6 +485,15 @@ struct NULLIFIEREXISTS_Instruction {
     MSGPACK_FIELDS(nullifier_address, contract_address_address, result_address);
 };
 
+/// @brief L1TOL2MSGEXISTS: Check if a L1 to L2 message exists
+/// M[result_address] = L1TOL2MSGEXISTS(M[msg_hash_address], M[leaf_index_address])
+struct L1TOL2MSGEXISTS_Instruction {
+    ParamRef msg_hash_address;   // FF: the message hash
+    ParamRef leaf_index_address; // U64: leaf index in the message tree
+    AddressRef result_address;   // result (U1)
+    MSGPACK_FIELDS(msg_hash_address, leaf_index_address, result_address);
+};
+
 /// @brief EMITNOTEHASH: M[note_hash_offset] = note_hash; emit note hash to the note hash tree
 struct EMITNOTEHASH_Instruction {
     AddressRef note_hash_address; // absolute address where the note hash will be stored
@@ -624,6 +633,18 @@ struct SHA256COMPRESSION_Instruction {
     MSGPACK_FIELDS(state_address, input_address, dst_address);
 };
 
+/// @brief TORADIXBE: Convert a field element to a vector of limbs in big-endian radix representation
+/// M[dst_address:dst_address+num_limbs] = to_radix_be(M[value_address], radix, num_limbs)
+struct TORADIXBE_Instruction {
+    ParamRef value_address;       // FF: value to convert
+    ParamRef radix_address;       // U32: the radix/base
+    ParamRef num_limbs_address;   // U32: number of output limbs
+    ParamRef output_bits_address; // U1: whether output is bits
+    AddressRef dst_address;       // destination for limbs
+    bool is_output_bits;          // known at generation time for memory tracking (U1 if true, U8 if false)
+    MSGPACK_FIELDS(value_address, radix_address, num_limbs_address, output_bits_address, dst_address, is_output_bits);
+};
+
 using FuzzInstruction = std::variant<ADD_8_Instruction,
                                      FDIV_8_Instruction,
                                      SET_8_Instruction,
@@ -667,6 +688,7 @@ using FuzzInstruction = std::variant<ADD_8_Instruction,
                                      GETENVVAR_Instruction,
                                      EMITNULLIFIER_Instruction,
                                      NULLIFIEREXISTS_Instruction,
+                                     L1TOL2MSGEXISTS_Instruction,
                                      EMITNOTEHASH_Instruction,
                                      NOTEHASHEXISTS_Instruction,
                                      CALLDATACOPY_Instruction,
@@ -679,7 +701,8 @@ using FuzzInstruction = std::variant<ADD_8_Instruction,
                                      ECADD_Instruction,
                                      POSEIDON2PERM_Instruction,
                                      KECCAKF1600_Instruction,
-                                     SHA256COMPRESSION_Instruction>;
+                                     SHA256COMPRESSION_Instruction,
+                                     TORADIXBE_Instruction>;
 
 template <class... Ts> struct overloaded : Ts... {
     using Ts::operator()...;
@@ -841,6 +864,10 @@ inline std::ostream& operator<<(std::ostream& os, const FuzzInstruction& instruc
                 os << "NULLIFIEREXISTS_Instruction " << arg.nullifier_address << " " << arg.contract_address_address
                    << " " << arg.result_address;
             },
+            [&](L1TOL2MSGEXISTS_Instruction arg) {
+                os << "L1TOL2MSGEXISTS_Instruction " << arg.msg_hash_address << " " << arg.leaf_index_address << " "
+                   << arg.result_address;
+            },
             [&](EMITNOTEHASH_Instruction arg) {
                 os << "EMITNOTEHASH_Instruction " << arg.note_hash_address << " " << arg.note_hash;
             },
@@ -886,6 +913,11 @@ inline std::ostream& operator<<(std::ostream& os, const FuzzInstruction& instruc
                 os << "SHA256COMPRESSION_Instruction " << arg.state_address << " " << arg.input_address << " "
                    << arg.dst_address;
             },
+            [&](TORADIXBE_Instruction arg) {
+                os << "TORADIXBE_Instruction " << arg.value_address << " " << arg.radix_address << " "
+                   << arg.num_limbs_address << " " << arg.output_bits_address << " " << arg.dst_address << " "
+                   << arg.is_output_bits;
+            },
             [&](auto) { os << "Unknown instruction"; },
         },
         instruction);

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/program_block.cpp

@@ -1494,6 +1494,62 @@ void ProgramBlock::process_sha256compression_instruction(SHA256COMPRESSION_Instr
     }
 }
 
+void ProgramBlock::process_l1tol2msgexists_instruction(L1TOL2MSGEXISTS_Instruction instruction)
+{
+    auto msg_hash_operand = memory_manager.get_resolved_address_and_operand_16(instruction.msg_hash_address);
+    auto leaf_index_operand = memory_manager.get_resolved_address_and_operand_16(instruction.leaf_index_address);
+    auto result_operand = memory_manager.get_resolved_address_and_operand_16(instruction.result_address);
+
+    if (!msg_hash_operand.has_value() || !leaf_index_operand.has_value() || !result_operand.has_value()) {
+        return;
+    }
+
+    preprocess_memory_addresses(msg_hash_operand.value().first);
+    preprocess_memory_addresses(leaf_index_operand.value().first);
+    preprocess_memory_addresses(result_operand.value().first);
+
+    auto l1tol2msgexists_instruction = bb::avm2::testing::InstructionBuilder(bb::avm2::WireOpCode::L1TOL2MSGEXISTS)
+                                           .operand(msg_hash_operand.value().second)
+                                           .operand(leaf_index_operand.value().second)
+                                           .operand(result_operand.value().second)
+                                           .build();
+    instructions.push_back(l1tol2msgexists_instruction);
+    memory_manager.set_memory_address(bb::avm2::MemoryTag::U1, result_operand.value().first.absolute_address);
+}
+
+void ProgramBlock::process_toradixbe_instruction(TORADIXBE_Instruction instruction)
+{
+    auto value_operand = memory_manager.get_resolved_address_and_operand_16(instruction.value_address);
+    auto radix_operand = memory_manager.get_resolved_address_and_operand_16(instruction.radix_address);
+    auto num_limbs_operand = memory_manager.get_resolved_address_and_operand_16(instruction.num_limbs_address);
+    auto output_bits_operand = memory_manager.get_resolved_address_and_operand_16(instruction.output_bits_address);
+    auto dst_operand = memory_manager.get_resolved_address_and_operand_16(instruction.dst_address);
+
+    if (!value_operand.has_value() || !radix_operand.has_value() || !num_limbs_operand.has_value() ||
+        !output_bits_operand.has_value() || !dst_operand.has_value()) {
+        return;
+    }
+
+    preprocess_memory_addresses(value_operand.value().first);
+    preprocess_memory_addresses(radix_operand.value().first);
+    preprocess_memory_addresses(num_limbs_operand.value().first);
+    preprocess_memory_addresses(output_bits_operand.value().first);
+    preprocess_memory_addresses(dst_operand.value().first);
+
+    auto toradixbe_instruction = bb::avm2::testing::InstructionBuilder(bb::avm2::WireOpCode::TORADIXBE)
+                                     .operand(dst_operand.value().second)
+                                     .operand(value_operand.value().second)
+                                     .operand(radix_operand.value().second)
+                                     .operand(num_limbs_operand.value().second)
+                                     .operand(output_bits_operand.value().second)
+                                     .build();
+    instructions.push_back(toradixbe_instruction);
+
+    // Use is_output_bits to determine the output memory tag
+    auto output_tag = instruction.is_output_bits ? bb::avm2::MemoryTag::U1 : bb::avm2::MemoryTag::U8;
+    memory_manager.set_memory_address(output_tag, dst_operand.value().first.absolute_address);
+}
+
 void ProgramBlock::finalize_with_return(uint8_t return_size,
                                         MemoryTagWrapper return_value_tag,
                                         uint16_t return_value_offset_index)
@@ -1682,6 +1738,10 @@ void ProgramBlock::process_instruction(FuzzInstruction instruction)
             [this](SHA256COMPRESSION_Instruction instruction) {
                 return this->process_sha256compression_instruction(instruction);
             },
+            [this](L1TOL2MSGEXISTS_Instruction instruction) {
+                return this->process_l1tol2msgexists_instruction(instruction);
+            },
+            [this](TORADIXBE_Instruction instruction) { return this->process_toradixbe_instruction(instruction); },
             [](auto) { throw std::runtime_error("Unknown instruction"); },
         },
         instruction);

barretenberg/cpp/src/barretenberg/avm_fuzzer/fuzz_lib/program_block.hpp

@@ -110,6 +110,8 @@ class ProgramBlock {
     void process_poseidon2perm_instruction(POSEIDON2PERM_Instruction instruction);
     void process_keccakf1600_instruction(KECCAKF1600_Instruction instruction);
     void process_sha256compression_instruction(SHA256COMPRESSION_Instruction instruction);
+    void process_l1tol2msgexists_instruction(L1TOL2MSGEXISTS_Instruction instruction);
+    void process_toradixbe_instruction(TORADIXBE_Instruction instruction);
 
   public:
     std::vector<ProgramBlock*> successors;

barretenberg/cpp/src/barretenberg/avm_fuzzer/mutations/configuration.hpp

@@ -237,6 +237,8 @@ enum class InstructionGenerationOptions {
     SET_64,
     SET_128,
     SET_FF,
+    MOV_8,
+    MOV_16,
     ADD_16,
     SUB_16,
     MUL_16,
@@ -258,6 +260,7 @@ enum class InstructionGenerationOptions {
     GETENVVAR,
     EMITNULLIFIER,
     NULLIFIEREXISTS,
+    L1TOL2MSGEXISTS,
     EMITNOTEHASH,
     NOTEHASHEXISTS,
     CALLDATACOPY,
@@ -271,9 +274,10 @@ enum class InstructionGenerationOptions {
     POSEIDON2PERM,
     KECCAKF1600,
     SHA256COMPRESSION,
+    TORADIXBE,
 };
 
-using InstructionGenerationConfig = WeightedSelectionConfig<InstructionGenerationOptions, 54>;
+using InstructionGenerationConfig = WeightedSelectionConfig<InstructionGenerationOptions, 58>;
 
 constexpr InstructionGenerationConfig BASIC_INSTRUCTION_GENERATION_CONFIGURATION = InstructionGenerationConfig({
     { InstructionGenerationOptions::ADD_8, 1 },
@@ -296,6 +300,8 @@ constexpr InstructionGenerationConfig BASIC_INSTRUCTION_GENERATION_CONFIGURATION
     { InstructionGenerationOptions::SET_64, 1 },
     { InstructionGenerationOptions::SET_128, 1 },
     { InstructionGenerationOptions::SET_FF, 1 },
+    { InstructionGenerationOptions::MOV_8, 1 },
+    { InstructionGenerationOptions::MOV_16, 1 },
     { InstructionGenerationOptions::ADD_16, 1 },
     { InstructionGenerationOptions::SUB_16, 1 },
     { InstructionGenerationOptions::MUL_16, 1 },
@@ -317,6 +323,7 @@ constexpr InstructionGenerationConfig BASIC_INSTRUCTION_GENERATION_CONFIGURATION
     { InstructionGenerationOptions::GETENVVAR, 1 },
     { InstructionGenerationOptions::EMITNULLIFIER, 1 },
     { InstructionGenerationOptions::NULLIFIEREXISTS, 1 },
+    { InstructionGenerationOptions::L1TOL2MSGEXISTS, 1 },
     { InstructionGenerationOptions::EMITNOTEHASH, 1 },
     { InstructionGenerationOptions::NOTEHASHEXISTS, 1 },
     { InstructionGenerationOptions::CALLDATACOPY, 1 },
@@ -330,6 +337,7 @@ constexpr InstructionGenerationConfig BASIC_INSTRUCTION_GENERATION_CONFIGURATION
     { InstructionGenerationOptions::POSEIDON2PERM, 1 },
     { InstructionGenerationOptions::KECCAKF1600, 1 },
     { InstructionGenerationOptions::SHA256COMPRESSION, 1 },
+    { InstructionGenerationOptions::TORADIXBE, 1 },
 });
 
 enum class SStoreMutationOptions { src_address, result_address, slot };
@@ -367,6 +375,15 @@ constexpr NullifierExistsMutationConfig BASIC_NULLIFIER_EXISTS_MUTATION_CONFIGUR
     { NullifierExistsMutationOptions::result_address, 1 },
 });
 
+enum class L1ToL2MsgExistsMutationOptions { msg_hash_address, leaf_index_address, result_address };
+using L1ToL2MsgExistsMutationConfig = WeightedSelectionConfig<L1ToL2MsgExistsMutationOptions, 3>;
+
+constexpr L1ToL2MsgExistsMutationConfig BASIC_L1TOL2MSGEXISTS_MUTATION_CONFIGURATION = L1ToL2MsgExistsMutationConfig({
+    { L1ToL2MsgExistsMutationOptions::msg_hash_address, 1 },
+    { L1ToL2MsgExistsMutationOptions::leaf_index_address, 1 },
+    { L1ToL2MsgExistsMutationOptions::result_address, 1 },
+});
+
 enum class EmitNoteHashMutationOptions { note_hash_address, note_hash };
 using EmitNoteHashMutationConfig = WeightedSelectionConfig<EmitNoteHashMutationOptions, 2>;
 
@@ -473,6 +490,25 @@ constexpr SuccessCopyMutationConfig BASIC_SUCCESSCOPY_MUTATION_CONFIGURATION = S
     { SuccessCopyMutationOptions::dst_address, 1 },
 });
 
+enum class ToRadixBEMutationOptions {
+    value_address,
+    radix_address,
+    num_limbs_address,
+    output_bits_address,
+    dst_address,
+    is_output_bits
+};
+using ToRadixBEMutationConfig = WeightedSelectionConfig<ToRadixBEMutationOptions, 6>;
+
+constexpr ToRadixBEMutationConfig BASIC_TORADIXBE_MUTATION_CONFIGURATION = ToRadixBEMutationConfig({
+    { ToRadixBEMutationOptions::value_address, 1 },
+    { ToRadixBEMutationOptions::radix_address, 1 },
+    { ToRadixBEMutationOptions::num_limbs_address, 1 },
+    { ToRadixBEMutationOptions::output_bits_address, 1 },
+    { ToRadixBEMutationOptions::dst_address, 1 },
+    { ToRadixBEMutationOptions::is_output_bits, 1 },
+});
+
 enum class ReturnOptionsMutationOptions { return_size, return_value_tag, return_value_offset_index };
 
 using ReturnOptionsMutationConfig = WeightedSelectionConfig<ReturnOptionsMutationOptions, 3>;