chore: expanded bigfield tests (veridise report) (#16802)

suyash67 · web-flow · commit f21d35e77c89 · 2025-09-19T02:16:35.000+05:30
As per the suggestion of adding more tests and including several edge
cases, we have added multiple more test cases with critical edge cases
and multiple witness-constant configurations.
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp
@@ -939,6 +939,9 @@ template <typename Builder, typename T> class bigfield {
 
     static_assert(PROHIBITED_LIMB_BITS < MAXIMUM_LIMB_SIZE_THAT_WOULDNT_OVERFLOW);
 
+    // For testing purposes only
+    friend class bigfield_test_access;
+
   private:
     /**
      * @brief Get the witness indices of the (normalized) binary basis limbs
@@ -1123,6 +1126,31 @@ template <typename Builder, typename T> class bigfield {
 
 }; // namespace stdlib
 
+// NOTE: For testing private functions in bigfield
+class bigfield_test_access {
+  public:
+    template <typename bigfield>
+    static void unsafe_evaluate_multiply_add(const bigfield& input_left,
+                                             const bigfield& input_to_mul,
+                                             const std::vector<bigfield>& to_add,
+                                             const bigfield& input_quotient,
+                                             const std::vector<bigfield>& input_remainders)
+    {
+        bigfield::unsafe_evaluate_multiply_add(input_left, input_to_mul, to_add, input_quotient, input_remainders);
+    }
+
+    template <typename bigfield>
+    static void unsafe_evaluate_multiple_multiply_add(const std::vector<bigfield>& input_left,
+                                                      const std::vector<bigfield>& input_right,
+                                                      const std::vector<bigfield>& to_add,
+                                                      const bigfield& input_quotient,
+                                                      const std::vector<bigfield>& input_remainders)
+    {
+        bigfield::unsafe_evaluate_multiple_multiply_add(
+            input_left, input_right, to_add, input_quotient, input_remainders);
+    }
+};
+
 template <typename C, typename T> inline std::ostream& operator<<(std::ostream& os, bigfield<T, C> const& v)
 {
     return os << v.get_value();
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_edge_cases.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_edge_cases.test.cpp
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp
@@ -81,6 +81,7 @@ bigfield<Builder, T>::bigfield(const field_t<Builder>& low_bits_in,
     // if maximum_bitlength is set, this supercedes can_overflow
     if (maximum_bitlength > 0) {
         BB_ASSERT_GT(maximum_bitlength, 3 * NUM_LIMB_BITS);
+        BB_ASSERT_LTE(maximum_bitlength, 4 * NUM_LIMB_BITS);
         num_last_limb_bits = maximum_bitlength - (3 * NUM_LIMB_BITS);
     }
     // We create the high limb values similar to the low limb ones above
@@ -519,7 +520,9 @@ bigfield<Builder, T> bigfield<Builder, T>::operator-(const bigfield& other) cons
     if (other.is_constant()) {
         uint512_t right = other.get_value() % modulus_u512;
         uint512_t neg_right = (modulus_u512 - right) % modulus_u512;
-        return operator+(bigfield(ctx, uint256_t(neg_right.lo)));
+        bigfield summand = bigfield(ctx, uint256_t(neg_right.lo));
+        summand.set_origin_tag(OriginTag(other.get_origin_tag()));
+        return operator+(summand);
     }
 
     /**
@@ -1506,7 +1509,7 @@ bigfield<Builder, T> bigfield<Builder, T>::msub_div(const std::vector<bigfield>&
     for (auto& element : to_sub) {
         new_tag = OriginTag(new_tag, element.get_origin_tag());
     }
-    // Gett he context
+    // Get the context
     Builder* ctx = divisor.context;
     if (ctx == NULL) {
         for (auto& el : mul_left) {
@@ -1628,10 +1631,9 @@ bigfield<Builder, T> bigfield<Builder, T>::conditional_select(const bigfield& ot
 {
     // If the predicate is constant, the conditional selection can be done out of circuit
     if (predicate.is_constant()) {
-        if (predicate.get_value()) {
-            return other;
-        }
-        return *this;
+        bigfield result = predicate.get_value() ? other : *this;
+        result.set_origin_tag(OriginTag(get_origin_tag(), other.get_origin_tag(), predicate.get_origin_tag()));
+        return result;
     }
 
     // If both elements are the same, we can just return one of them
@@ -2237,8 +2239,11 @@ void bigfield<Builder, T>::unsafe_evaluate_multiply_add(const bigfield& input_le
     const auto [lo_idx, hi_idx] = ctx->evaluate_non_native_field_multiplication(witnesses);
 
     bb::fr neg_prime = -bb::fr(uint256_t(target_basis.modulus));
-    field_t<Builder>::evaluate_polynomial_identity(
-        left.prime_basis_limb, to_mul.prime_basis_limb, quotient.prime_basis_limb * neg_prime, -remainder_prime_limb);
+    field_t<Builder>::evaluate_polynomial_identity(left.prime_basis_limb,
+                                                   to_mul.prime_basis_limb,
+                                                   quotient.prime_basis_limb * neg_prime,
+                                                   -remainder_prime_limb,
+                                                   "bigfield: prime limb identity failed");
 
     field_t lo = field_t<Builder>::from_witness_index(ctx, lo_idx) + borrow_lo;
     field_t hi = field_t<Builder>::from_witness_index(ctx, hi_idx);
@@ -2251,8 +2256,14 @@ void bigfield<Builder, T>::unsafe_evaluate_multiply_add(const bigfield& input_le
                                        static_cast<size_t>(carry_hi_msb),
                                        static_cast<size_t>(carry_lo_msb));
     } else {
-        ctx->decompose_into_default_range(hi.get_normalized_witness_index(), carry_hi_msb);
-        ctx->decompose_into_default_range(lo.get_normalized_witness_index(), carry_lo_msb);
+        ctx->decompose_into_default_range(hi.get_normalized_witness_index(),
+                                          carry_hi_msb,
+                                          Builder::DEFAULT_PLOOKUP_RANGE_BITNUM,
+                                          "bigfield: carry_hi too large");
+        ctx->decompose_into_default_range(lo.get_normalized_witness_index(),
+                                          carry_lo_msb,
+                                          Builder::DEFAULT_PLOOKUP_RANGE_BITNUM,
+                                          "bigfield: carry_lo too large");
     }
 }
 
@@ -2527,7 +2538,8 @@ void bigfield<Builder, T>::unsafe_evaluate_multiple_multiply_add(const std::vect
     field_t<Builder>::evaluate_polynomial_identity(left[0].prime_basis_limb,
                                                    right[0].prime_basis_limb,
                                                    quotient.prime_basis_limb * neg_prime,
-                                                   -remainder_prime_limb);
+                                                   -remainder_prime_limb,
+                                                   "bigfield: prime limb identity failed");
 
     field_t lo = field_t<Builder>::from_witness_index(ctx, lo_1_idx) + borrow_lo;
     field_t hi = field_t<Builder>::from_witness_index(ctx, hi_1_idx);
@@ -2550,8 +2562,14 @@ void bigfield<Builder, T>::unsafe_evaluate_multiple_multiply_add(const std::vect
                                        static_cast<size_t>(carry_hi_msb),
                                        static_cast<size_t>(carry_lo_msb));
     } else {
-        ctx->decompose_into_default_range(hi.get_normalized_witness_index(), carry_hi_msb);
-        ctx->decompose_into_default_range(lo.get_normalized_witness_index(), carry_lo_msb);
+        ctx->decompose_into_default_range(hi.get_normalized_witness_index(),
+                                          carry_hi_msb,
+                                          Builder::DEFAULT_PLOOKUP_RANGE_BITNUM,
+                                          "bigfield: carry_hi too large");
+        ctx->decompose_into_default_range(lo.get_normalized_witness_index(),
+                                          carry_lo_msb,
+                                          Builder::DEFAULT_PLOOKUP_RANGE_BITNUM,
+                                          "bigfield: carry_hi too large");
     }
 }
 
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/curves/secp256k1.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/curves/secp256k1.hpp
@@ -21,6 +21,20 @@ template <typename CircuitType> struct secp256k1 {
     using fr = ::bb::secp256k1::fr;
     using g1 = ::bb::secp256k1::g1;
 
+    // Native types
+    using ScalarFieldNative = ::bb::secp256k1::fr;
+    using BaseFieldNative = ::bb::secp256k1::fq;
+    using GroupNative = ::bb::secp256k1::g1;
+    using ElementNative = GroupNative::element;
+    using AffineElementNative = GroupNative::affine_element;
+
+    // Stdlib types
+    using ScalarField = bigfield<CircuitType, typename ::bb::secp256k1::FrParams>;
+    using BaseField = bigfield<CircuitType, typename ::bb::secp256k1::FqParams>;
+    using Group = element<CircuitType, BaseField, ScalarField, GroupNative>;
+    using Element = Group;
+    using AffineElement = Group;
+
     using Builder = CircuitType;
     using witness_ct = witness_t<Builder>;
     using public_witness_ct = public_witness_t<Builder>;
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/curves/secp256r1.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/curves/secp256r1.hpp
@@ -21,6 +21,20 @@ template <typename CircuitType> struct secp256r1 {
     using fr = bb::secp256r1::fr;
     using g1 = bb::secp256r1::g1;
 
+    // Native types
+    using ScalarFieldNative = ::bb::secp256r1::fr;
+    using BaseFieldNative = ::bb::secp256r1::fq;
+    using GroupNative = ::bb::secp256r1::g1;
+    using ElementNative = GroupNative::element;
+    using AffineElementNative = GroupNative::affine_element;
+
+    // Stdlib types
+    using ScalarField = bigfield<CircuitType, typename ::bb::secp256r1::FrParams>;
+    using BaseField = bigfield<CircuitType, typename ::bb::secp256r1::FqParams>;
+    using Group = element<CircuitType, BaseField, ScalarField, GroupNative>;
+    using Element = Group;
+    using AffineElement = Group;
+
     using Builder = CircuitType;
     using witness_ct = witness_t<Builder>;
     using public_witness_ct = public_witness_t<Builder>;
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field.cpp
@@ -1075,7 +1075,8 @@ field_t<Builder> field_t<Builder>::select_from_three_bit_table(const std::array<
  * @brief Constrain a + b + c + d to be equal to 0
  */
 template <typename Builder>
-void field_t<Builder>::evaluate_linear_identity(const field_t& a, const field_t& b, const field_t& c, const field_t& d)
+void field_t<Builder>::evaluate_linear_identity(
+    const field_t& a, const field_t& b, const field_t& c, const field_t& d, const std::string& msg)
 {
     Builder* ctx = validate_context(a.context, b.context, c.context, d.context);
 
@@ -1084,6 +1085,10 @@ void field_t<Builder>::evaluate_linear_identity(const field_t& a, const field_t&
         return;
     }
 
+    if (a.get_value() + b.get_value() + c.get_value() + d.get_value() != bb::fr::zero()) {
+        ctx->failure(msg);
+    }
+
     // validate that a + b + c + d = 0
     bb::fr const_scaling = a.additive_constant + b.additive_constant + c.additive_constant + d.additive_constant;
 
@@ -1105,10 +1110,8 @@ void field_t<Builder>::evaluate_linear_identity(const field_t& a, const field_t&
  * by creating a `big_mul_gate`.
  */
 template <typename Builder>
-void field_t<Builder>::evaluate_polynomial_identity(const field_t& a,
-                                                    const field_t& b,
-                                                    const field_t& c,
-                                                    const field_t& d)
+void field_t<Builder>::evaluate_polynomial_identity(
+    const field_t& a, const field_t& b, const field_t& c, const field_t& d, const std::string& msg)
 {
     if (a.is_constant() && b.is_constant() && c.is_constant() && d.is_constant()) {
         ASSERT((a.get_value() * b.get_value() + c.get_value() + d.get_value()).is_zero());
@@ -1117,6 +1120,10 @@ void field_t<Builder>::evaluate_polynomial_identity(const field_t& a,
 
     Builder* ctx = validate_context(a.context, b.context, c.context, d.context);
 
+    if ((a.get_value() * b.get_value() + c.get_value() + d.get_value()) != bb::fr::zero()) {
+        ctx->failure(msg);
+    }
+
     // validate that a * b + c + d = 0
     bb::fr mul_scaling = a.multiplicative_constant * b.multiplicative_constant;
     bb::fr a_scaling = a.multiplicative_constant * b.additive_constant;
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field.hpp
@@ -373,8 +373,16 @@ template <typename Builder_> class field_t {
                                                const bool_t<Builder>& t1,
                                                const bool_t<Builder>& t0);
 
-    static void evaluate_linear_identity(const field_t& a, const field_t& b, const field_t& c, const field_t& d);
-    static void evaluate_polynomial_identity(const field_t& a, const field_t& b, const field_t& c, const field_t& d);
+    static void evaluate_linear_identity(const field_t& a,
+                                         const field_t& b,
+                                         const field_t& c,
+                                         const field_t& d,
+                                         const std::string& msg = "field_t::evaluate_linear_identity");
+    static void evaluate_polynomial_identity(const field_t& a,
+                                             const field_t& b,
+                                             const field_t& c,
+                                             const field_t& d,
+                                             const std::string& msg = "field_t::evaluate_polynomial_identity");
 
     static field_t accumulate(const std::vector<field_t>& input);
 
diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.cpp
@@ -1682,10 +1682,10 @@ void UltraCircuitBuilder_<ExecutionTrace>::range_constrain_two_limbs(const uint3
 
     for (size_t i = 0; i < 5; i++) {
         if (lo_masks[i] != 0) {
-            create_new_range_constraint(lo_sublimbs[i], lo_masks[i]);
+            create_new_range_constraint(lo_sublimbs[i], lo_masks[i], "ultra_circuit_builder: sublimb of low too large");
         }
         if (hi_masks[i] != 0) {
-            create_new_range_constraint(hi_sublimbs[i], hi_masks[i]);
+            create_new_range_constraint(hi_sublimbs[i], hi_masks[i], "ultra_circuit_builder: sublimb of hi too large");
         }
     }
 };

Original file line number	Diff line number	Diff line change
`@@ -1682,10 +1682,10 @@ void UltraCircuitBuilder_<ExecutionTrace>::range_constrain_two_limbs(const uint3`
`1682`	`1682`
`1683`	`1683`	`for (size_t i = 0; i < 5; i++) {`
`1684`	`1684`	`if (lo_masks[i] != 0) {`
`1685`		`- create_new_range_constraint(lo_sublimbs[i], lo_masks[i]);`
	`1685`	`+ create_new_range_constraint(lo_sublimbs[i], lo_masks[i], "ultra_circuit_builder: sublimb of low too large");`
`1686`	`1686`	`}`
`1687`	`1687`	`if (hi_masks[i] != 0) {`
`1688`		`- create_new_range_constraint(hi_sublimbs[i], hi_masks[i]);`
	`1688`	`+ create_new_range_constraint(hi_sublimbs[i], hi_masks[i], "ultra_circuit_builder: sublimb of hi too large");`
`1689`	`1689`	`}`
`1690`	`1690`	`}`
`1691`	`1691`	`};`