feat: merge-train/barretenberg (#19541)

BEGIN_COMMIT_OVERRIDE
chore: Improve Chonk debug info (#19538)
chore: translator non-native and decomp relations audit (#19081)
chore: add safety to derive_generators and tweak pedersen scope (#19525)
fix: ci-barretenberg-full mode fixes (#19466)
test: use WASM backend for bbjs-test acir tests (#19529)
fix: use absolute path in run_test.sh for CI
fix: use env_objects in bb-external library
fix: completeness issue in cycle scalar constructor from bigfield
(#19475)
chore: review a few minor files for ultra/mega audit (#19513)
END_COMMIT_OVERRIDE

Author: AztecBot

barretenberg/acir_tests/bbjs-test/src/index.ts

@@ -24,12 +24,12 @@ async function generateProof({
   oracleHash?: string;
   multiThreaded?: boolean;
 }) {
-  const { UltraHonkBackend, Barretenberg } = await import('@aztec/bb.js');
+  const { UltraHonkBackend, Barretenberg, BackendType } = await import('@aztec/bb.js');
 
   logger.debug(`Generating proof for ${bytecodePath}...`);
   const circuitArtifact = await fs.readFile(bytecodePath);
   const bytecode = JSON.parse(circuitArtifact.toString()).bytecode;
-  const bb = await Barretenberg.new({ threads: multiThreaded ? 8 : 1 });
+  const bb = await Barretenberg.new({ threads: multiThreaded ? 8 : 1, backend: BackendType.Wasm });
   const backend = new UltraHonkBackend(bytecode, bb);
 
   const witness = await fs.readFile(witnessPath);
@@ -62,9 +62,9 @@ async function generateProof({
 }
 
 async function verifyProof({ directory }: { directory: string }) {
-  const { UltraHonkVerifierBackend, Barretenberg } = await import('@aztec/bb.js');
+  const { UltraHonkVerifierBackend, Barretenberg, BackendType } = await import('@aztec/bb.js');
 
-  const bb = await Barretenberg.new({ threads: 1 });
+  const bb = await Barretenberg.new({ threads: 1, backend: BackendType.Wasm });
   const verifier = new UltraHonkVerifierBackend(bb);
 
   const proof = await fs.readFile(proofPath(directory));

barretenberg/cpp/scripts/audit/audit_scopes/pedersen_hash_audit_scope.md

@@ -8,14 +8,7 @@ Commit hash: 4a956ceb179c2fe855e4f1fd78f2594e7fc3f5ea
 #### Native implementation
 1. ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.hpp```
 2. ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.cpp```
-3. ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.hpp```
-4. ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/c_bind.cpp```
-
-#### Tests
-5. ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.test.cpp```
-    - Test vectors for Pedersen hash implementation
-
-
+3. ```barretenberg/cpp/src/barretenberg/crypto/generators/generator_data.hpp```
 
 ### Summary of the module
 
@@ -39,6 +32,9 @@ Key features:
 - Uses precomputed generator points for efficiency
 - Based on the hardness of the discrete logarithm problem
 
+#### Tests
+- ```barretenberg/cpp/src/barretenberg/crypto/pedersen_hash/pedersen.test.cpp```
+
 ### Documentation
 
 Pedersen commitments: https://en.wikipedia.org/wiki/Commitment_scheme#Pedersen_commitment

barretenberg/cpp/scripts/audit/audit_scopes/ultra_mega_builder_audit_scope.md

@@ -20,7 +20,7 @@ Note: Paths relative to `aztec-packages/barretenberg/cpp/src/barretenberg`
 7. `honk/execution_trace/execution_trace_block.hpp`
 8. `honk/execution_trace/ultra_execution_trace.hpp`
 9. `honk/execution_trace/mega_execution_trace.hpp`
-10. `honk/execution_trace/gate_data.hpp` (TO BE REVIEWED)
+10. `honk/execution_trace/gate_data.hpp`
 
 ### Relations (Ultra)
 11. `relations/ultra_arithmetic_relation.hpp`
@@ -41,7 +41,7 @@ Note: Paths relative to `aztec-packages/barretenberg/cpp/src/barretenberg`
 22. `stdlib_circuit_builders/plookup_tables/plookup_tables.hpp`
 23. `stdlib_circuit_builders/plookup_tables/plookup_tables.cpp`
 24. `stdlib_circuit_builders/plookup_tables/types.hpp`
-25. `stdlib_circuit_builders/plookup_tables/dummy.hpp` (TO BE REVIEWED)
+25. `stdlib_circuit_builders/plookup_tables/dummy.hpp`
 26. `stdlib/primitives/plookup/plookup.hpp`
 27. `stdlib/primitives/plookup/plookup.cpp`
 

barretenberg/cpp/src/CMakeLists.txt

@@ -205,6 +205,19 @@ add_library(
     ${BARRETENBERG_TARGET_OBJECTS}
 )
 
+# bb-external: A complete static library for external consumers (e.g. barretenberg-rs).
+# Includes everything from libbarretenberg.a plus env and vm2_stub.
+# This provides a single library file that external bindings can link against.
+if(NOT WASM)
+    add_library(
+        bb-external
+        STATIC
+        ${BARRETENBERG_TARGET_OBJECTS}
+        $<TARGET_OBJECTS:env_objects>
+        $<TARGET_OBJECTS:vm2_stub>
+    )
+endif()
+
 if(WASM)
     # When building this wasm "executable", we include the wasi module but exclude the env module.
     # That's because we expect this wasm to be run as a wasi "reactor" and for the host environment

barretenberg/cpp/src/barretenberg/chonk/chonk.cpp

@@ -601,13 +601,19 @@ void Chonk::update_native_verifier_accumulator(const VerifierInputs& queue_entry
         }
     }
 
-    if (!queue_entry.is_kernel) {
-        native_verifier_accum_hash = native_verifier_accum.hash_with_origin_tagging(*verifier_transcript);
-    }
-
     info("Chonk accumulate: prover and verifier accumulators match: ",
          prover_accumulator.compare_with_verifier_claim(native_verifier_accum) ? "true" : "false");
-    info("Chonk accumulate: hash of verifier accumulator computed natively ", native_verifier_accum_hash);
+
+    // Update the native verifier accumulator hash if we are accumulating an app (i.e. the previous circuit was a
+    // kernel) or if the last app has been accumulated (i.e. the current circuit is the tail kernel)
+    bool update_verifier_accum_hash = is_previous_circuit_a_kernel || has_last_app_been_accumulated;
+    if (update_verifier_accum_hash) {
+        native_verifier_accum_hash = native_verifier_accum.hash_with_origin_tagging(*verifier_transcript);
+        info("Chonk accumulate: hash of verifier accumulator computed natively set in previous kernel IO: ",
+             native_verifier_accum_hash);
+    }
+    has_last_app_been_accumulated = num_circuits_accumulated + 1 == num_circuits - 4;
+    is_previous_circuit_a_kernel = queue_entry.is_kernel;
 
     info("======= END OF DEBUGGING INFO FOR NATIVE FOLDING STEP =======");
 }

barretenberg/cpp/src/barretenberg/chonk/chonk.hpp

@@ -141,6 +141,8 @@ class Chonk : public IVCBase {
 #ifndef NDEBUG
     VerifierAccumulator native_verifier_accum; //  native verifier accumulator used in prover folding
     FF native_verifier_accum_hash; // hash of the native verifier accumulator when entering recursive verification
+    bool is_previous_circuit_a_kernel = true;
+    bool has_last_app_been_accumulated = false;
 #endif
 
     // PARALLEL QUEUES: These two queues must stay synchronized.

barretenberg/cpp/src/barretenberg/dsl/acir_format/range_constraint.hpp

@@ -1,5 +1,5 @@
 // === AUDIT STATUS ===
-// internal:    { status: Planned, auditors: [Luke, Raju], commit: }
+// internal:    { status: Complete, auditors: [Luke, Raju], commit: }
 // external_1:  { status: not started, auditors: [], commit: }
 // external_2:  { status: not started, auditors: [], commit: }
 // =====================

barretenberg/cpp/src/barretenberg/ecc/groups/group.hpp

@@ -88,6 +88,18 @@ template <typename Fq_, typename Fr_, typename Params> class group {
                                                                 const size_t num_generators,
                                                                 const size_t starting_index = 0)
     {
+        // Safety: domain_separator_bytes is indexed via &domain_separator_bytes[0] below.
+        // An empty domain separator would be UB and also defeats domain separation.
+        BB_ASSERT(!domain_separator_bytes.empty(), "derive_generators: domain_separator_bytes must be non-empty");
+
+        // We serialize the generator index into 4 bytes (uint32_t). Ensure we never silently truncate.
+        if (num_generators > 0) {
+            BB_ASSERT(starting_index <= static_cast<size_t>(UINT32_MAX),
+                      "derive_generators: starting_index exceeds uint32 range");
+            BB_ASSERT(num_generators <= (static_cast<size_t>(UINT32_MAX) - starting_index + 1),
+                      "derive_generators: starting_index + num_generators exceeds uint32 range");
+        }
+
         std::vector<affine_element> result;
         const auto domain_hash = blake3::blake3s_constexpr(&domain_separator_bytes[0], domain_separator_bytes.size());
         std::vector<uint8_t> generator_preimage;

barretenberg/cpp/src/barretenberg/honk/execution_trace/gate_data.hpp

@@ -1,18 +1,16 @@
 // === AUDIT STATUS ===
-// internal:    { status: Planned, auditors: [Luke], commit: }
+// internal:    { status: Complete, auditors: [Luke], commit: }
 // external_1:  { status: not started, auditors: [], commit: }
 // external_2:  { status: not started, auditors: [], commit: }
 // =====================
 
 #pragma once
-#include "barretenberg/common/serialize.hpp"
 #include "barretenberg/ecc/curves/bn254/fr.hpp"
 #include <cstdint>
 
-// TODO(#557): The field-specific aliases for gates should be removed and the type could be explicit when this
-// structures are used to avoid having foo_gate and foo_gate_grumpkin (i.e. use foo_gate<field> instead). Moreover, we
-// need to ensure the read/write functions handle grumpkin gates as well.
 namespace bb {
+
+// 3-wire addition gate: a*a_scaling + b*b_scaling + c*c_scaling + const_scaling = 0
 template <typename FF> struct add_triple_ {
     uint32_t a;
     uint32_t b;
@@ -23,6 +21,7 @@ template <typename FF> struct add_triple_ {
     FF const_scaling;
 };
 
+// 4-wire addition gate: a*a_scaling + b*b_scaling + c*c_scaling + d*d_scaling + const_scaling = 0
 template <typename FF> struct add_quad_ {
     uint32_t a;
     uint32_t b;
@@ -34,6 +33,8 @@ template <typename FF> struct add_quad_ {
     FF d_scaling;
     FF const_scaling;
 };
+
+// 4-wire mul-add gate: a*b*mul_scaling + a*a_scaling + b*b_scaling + c*c_scaling + d*d_scaling + const_scaling = 0
 template <typename FF> struct mul_quad_ {
     uint32_t a;
     uint32_t b;
@@ -46,14 +47,8 @@ template <typename FF> struct mul_quad_ {
     FF d_scaling;
     FF const_scaling;
 };
-template <typename FF> struct mul_triple_ {
-    uint32_t a;
-    uint32_t b;
-    uint32_t c;
-    FF mul_scaling;
-    FF c_scaling;
-    FF const_scaling;
-};
+
+// Arithmetic gate with standard selector naming: q_m*a*b + q_l*a + q_r*b + q_o*c + q_c = 0
 template <typename FF> struct arithmetic_triple_ {
     uint32_t a;
     uint32_t b;
@@ -66,7 +61,10 @@ template <typename FF> struct arithmetic_triple_ {
 
     friend bool operator==(arithmetic_triple_<FF> const& lhs, arithmetic_triple_<FF> const& rhs) = default;
 };
+
 using arithmetic_triple = arithmetic_triple_<bb::fr>;
+
+// Goblin ECCVM operation: stores op type, point coordinates (split into limbs), and scalar
 struct ecc_op_tuple {
     uint32_t op;
     uint32_t x_lo;
@@ -78,52 +76,7 @@ struct ecc_op_tuple {
     bool return_is_infinity;
 };
 
-template <typename B, typename FF> inline void read(B& buf, arithmetic_triple_<FF>& constraint)
-{
-    using serialize::read;
-    read(buf, constraint.a);
-    read(buf, constraint.b);
-    read(buf, constraint.c);
-    read(buf, constraint.q_m);
-    read(buf, constraint.q_l);
-    read(buf, constraint.q_r);
-    read(buf, constraint.q_o);
-    read(buf, constraint.q_c);
-}
-template <typename B, typename FF> inline void write(B& buf, arithmetic_triple_<FF> const& constraint)
-{
-    using serialize::write;
-    write(buf, constraint.a);
-    write(buf, constraint.b);
-    write(buf, constraint.c);
-    write(buf, constraint.q_m);
-    write(buf, constraint.q_l);
-    write(buf, constraint.q_r);
-    write(buf, constraint.q_o);
-    write(buf, constraint.q_c);
-}
-
-template <typename FF> struct fixed_group_add_quad_ {
-    uint32_t a;
-    uint32_t b;
-    uint32_t c;
-    uint32_t d;
-    FF q_x_1;
-    FF q_x_2;
-    FF q_y_1;
-    FF q_y_2;
-};
-template <typename FF> struct fixed_group_init_quad_ {
-    FF q_x_1;
-    FF q_x_2;
-    FF q_y_1;
-    FF q_y_2;
-};
-template <typename FF> struct accumulator_triple_ {
-    std::vector<uint32_t> left;
-    std::vector<uint32_t> right;
-    std::vector<uint32_t> out;
-};
+// Embedded curve point addition: (x1, y1) + sign_coefficient * (x2, y2) = (x3, y3)
 template <typename FF> struct ecc_add_gate_ {
     uint32_t x1;
     uint32_t y1;
@@ -133,19 +86,22 @@ template <typename FF> struct ecc_add_gate_ {
     uint32_t y3;
     FF sign_coefficient;
 };
+
+// Embedded curve point doubling: 2 * (x1, y1) = (x3, y3)
 template <typename FF> struct ecc_dbl_gate_ {
     uint32_t x1;
     uint32_t y1;
     uint32_t x3;
     uint32_t y3;
 };
 
+// Databus lookup gate: reads value at index from calldata/returndata
 template <typename FF> struct databus_lookup_gate_ {
     uint32_t index;
     uint32_t value;
 };
 
-/* External gate data for poseidon2 external round*/
+// External gate data for poseidon2 external round
 template <typename FF> struct poseidon2_external_gate_ {
     uint32_t a;
     uint32_t b;
@@ -154,7 +110,7 @@ template <typename FF> struct poseidon2_external_gate_ {
     size_t round_idx;
 };
 
-/* Internal gate data for poseidon2 internal round*/
+// Internal gate data for poseidon2 internal round
 template <typename FF> struct poseidon2_internal_gate_ {
     uint32_t a;
     uint32_t b;

barretenberg/cpp/src/barretenberg/relations/delta_range_constraint_relation.hpp

@@ -9,15 +9,23 @@
 
 namespace bb {
 
+/**
+ * @brief Delta Range Constraint Relation for efficient range checks
+ *
+ * @details This relation enables efficient range proofs by enforcing that consecutive wire values differ by at most 3.
+ * When witnesses are sorted in ascending order, constraining adjacent differences to be in {0, 1, 2, 3} proves that
+ * the full range of values lies within a bounded interval.
+ *
+ */
 template <typename FF_> class DeltaRangeConstraintRelationImpl {
   public:
     using FF = FF_;
 
     static constexpr std::array<size_t, 4> SUBRELATION_PARTIAL_LENGTHS{
-        6, // range constrain sub-relation 1
-        6, // range constrain sub-relation 2
-        6, // range constrain sub-relation 3
-        6  // range constrain sub-relation 4
+        6, // sub-relation 1: D_0 = w_2 - w_1
+        6, // sub-relation 2: D_1 = w_3 - w_2
+        6, // sub-relation 3: D_2 = w_4 - w_3
+        6  // sub-relation 4: D_3 = w_1_shifst - w_4
     };
 
     /**
@@ -41,13 +49,13 @@ template <typename FF_> class DeltaRangeConstraintRelationImpl {
      *
      * @param evals transformed to `evals + C(in(X)...)*scaling_factor`
      * @param in an std::array containing the fully extended Univariate edges.
-     * @param parameters contains beta, gamma, and public_input_delta, ....
+     * @param parameters unused
      * @param scaling_factor optional term to scale the evaluation before adding to evals.
      */
     template <typename ContainerOverSubrelations, typename AllEntities, typename Parameters>
     inline static void accumulate(ContainerOverSubrelations& accumulators,
                                   const AllEntities& in,
-                                  const Parameters&,
+                                  BB_UNUSED const Parameters&,
                                   const FF& scaling_factor)
     {
         using Accumulator = std::tuple_element_t<0, ContainerOverSubrelations>;