chore: rename all instances of partial proof and guest pvs

Author: HrikB

src/OpenVmHalo2Verifier.sol

@@ -9,23 +9,23 @@ type MemoryPointer is uint256;
 /// @notice This contract provides a thin wrapper around the Halo2 verifier
 /// outputted by `snark-verifier`, exposing a more user-friendly interface.
 contract OpenVmHalo2Verifier is Halo2Verifier, IOpenVmHalo2Verifier {
-    /// @dev Invalid partial proof length
-    error InvalidPartialProofLength();
+    /// @dev Invalid proof data length
+    error InvalidProofDataLength();
 
-    /// @dev Invalid guest PVs length
-    error InvalidGuestPvsLength();
+    /// @dev Invalid public values length
+    error InvalidPublicValuesLength();
 
     /// @dev Proof verification failed
     error ProofVerificationFailed();
 
-    /// @dev The length of the partial proof, in bytes
-    uint256 private constant PARTIAL_PROOF_LENGTH = (12 + 43) * 32;
+    /// @dev The length of the proof data, in bytes
+    uint256 private constant PROOF_DATA_LENGTH = (12 + 43) * 32;
 
-    /// @dev The length of the guest PVs, in bytes. This value is set by OpenVM.
-    uint256 private constant GUEST_PVS_LENGTH = 32;
+    /// @dev The length of the public values, in bytes. This value is set by OpenVM.
+    uint256 private constant PUBLIC_VALUES_LENGTH = 32;
 
     /// @dev The length of the full proof, in bytes
-    uint256 private constant FULL_PROOF_LENGTH = (12 + 2 + GUEST_PVS_LENGTH + 43) * 32;
+    uint256 private constant FULL_PROOF_LENGTH = (12 + 2 + PUBLIC_VALUES_LENGTH + 43) * 32;
 
     /// @dev The leaf verifier commitment. This value is set by OpenVM.
     bytes32 public constant LEAF_EXE_COMMIT =
@@ -37,25 +37,25 @@ contract OpenVmHalo2Verifier is Halo2Verifier, IOpenVmHalo2Verifier {
     /// @notice A wrapper that constructs the proof into the right format for
     /// use with the `snark-verifier` verification.
     ///
-    /// @dev This function assumes that `guestPvs` encodes one `bytes32`
+    /// @dev This function assumes that `publicValues` encodes one `bytes32`
     /// hash which is the hash of the public values.
     ///
     /// The verifier expected proof format is:
     /// proof[..12 * 32]: KZG accumulators
     /// proof[12 * 32..13 * 32]: app exe commit
     /// proof[13 * 32..14 * 32]: leaf exe commit
-    /// proof[14 * 32..(14 + GUEST_PVS_LENGTH) * 32]: guestPvs[0..GUEST_PVS_LENGTH]
-    /// proof[(14 + GUEST_PVS_LENGTH) * 32..]: Guest PVs Suffix
+    /// proof[14 * 32..(14 + PUBLIC_VALUES_LENGTH) * 32]: publicValues[0..PUBLIC_VALUES_LENGTH]
+    /// proof[(14 + PUBLIC_VALUES_LENGTH) * 32..]: Public Values Suffix
     ///
     /// @param publicValues The PVs revealed by the OpenVM guest program.
-    /// @param proofData All components of the proof except the Guest PVs,
+    /// @param proofData All components of the proof except the public values,
     /// leaf and app exe commits. The expected format is:
     /// `abi.encodePacked(kzgAccumulators, proofSuffix)`
     /// @param appExeCommit The commitment to the OpenVM application executable whose execution
     /// is being verified.
     function verify(bytes calldata publicValues, bytes calldata proofData, bytes32 appExeCommit) external view {
-        if (publicValues.length != GUEST_PVS_LENGTH) revert InvalidGuestPvsLength();
-        if (proofData.length != PARTIAL_PROOF_LENGTH) revert InvalidPartialProofLength();
+        if (publicValues.length != PUBLIC_VALUES_LENGTH) revert InvalidPublicValuesLength();
+        if (proofData.length != PROOF_DATA_LENGTH) revert InvalidProofDataLength();
 
         // We will format the public values and construct the full proof payload
         // below.
@@ -79,14 +79,14 @@ contract OpenVmHalo2Verifier is Halo2Verifier, IOpenVmHalo2Verifier {
     //
     /// ```solidity
     /// bytes memory proof =
-    ///     abi.encodePacked(partialProof[0:0x180], appExeCommit, leafExeCommit, guestPvsPayload, partialProof[0x180:]);
+    ///     abi.encodePacked(proofData[0:0x180], appExeCommit, leafExeCommit, publicValuesPayload, proofData[0x180:]);
     /// ```
     //
-    /// where `guestPvsPayload` is a memory payload with each byte in
-    /// `guestPvs` separated into its own `bytes32` word.
+    /// where `publicValuesPayload` is a memory payload with each byte in
+    /// `publicValues` separated into its own `bytes32` word.
     ///
     /// This function does not clean the memory it allocates. Since it is the
-    /// only memory allocation that occurs in the call frame, so we know that
+    /// only memory allocation that occurs in the call frame, we know that
     /// the memory region was not written to before.
     ///
     /// @return proofPtr Memory pointer to the beginning of the constructed
@@ -104,8 +104,8 @@ contract OpenVmHalo2Verifier is Halo2Verifier, IOpenVmHalo2Verifier {
         // proof[..0x180]: KZG accumulators
         // proof[0x180..0x1a0]: app exe commit
         // proof[0x1a0..0x1c0]: leaf exe commit
-        // proof[0x1c0..(0x1c0 + GUEST_PVS_LENGTH * 32)]: guestPvs[0..GUEST_PVS_LENGTH]
-        // proof[(0x1c0 + GUEST_PVS_LENGTH * 32)..]: Guest PVs Suffix
+        // proof[0x1c0..(0x1c0 + PUBLIC_VALUES_LENGTH * 32)]: publicValues[0..PUBLIC_VALUES_LENGTH]
+        // proof[(0x1c0 + PUBLIC_VALUES_LENGTH * 32)..]: Public Values Suffix
 
         /// @solidity memory-safe-assembly
         assembly {
@@ -121,20 +121,20 @@ contract OpenVmHalo2Verifier is Halo2Verifier, IOpenVmHalo2Verifier {
             mstore(add(proofPtr, 0x180), appExeCommit)
             mstore(add(proofPtr, 0x1a0), leafExeCommit)
 
-            // Copy the Guest PVs Suffix (length 43 * 32 = 0x560) into the
-            // end of the memory buffer, leaving GUEST_PVS_LENGTH words in
-            // between for the guestPvsPayload.
+            // Copy the Public Values Suffix (length 43 * 32 = 0x560) into the
+            // end of the memory buffer, leaving PUBLIC_VALUES_LENGTH words in
+            // between for the publicValuesPayload.
             //
             // Begin copying from the end of the KZG accumulators in the
             // calldata buffer (0x180)
-            let suffixProofOffset := add(0x1c0, shl(5, GUEST_PVS_LENGTH))
+            let suffixProofOffset := add(0x1c0, shl(5, PUBLIC_VALUES_LENGTH))
             calldatacopy(add(proofPtr, suffixProofOffset), add(proofData.offset, 0x180), 0x560)
 
-            // Copy each byte of the guestPvs into the proof. It copies the
-            // most significant bytes of guestPvs first.
-            let guestPvsMemOffset := add(add(proofPtr, 0x1c0), 0x1f)
-            for { let i := 0 } iszero(eq(i, GUEST_PVS_LENGTH)) { i := add(i, 1) } {
-                calldatacopy(add(guestPvsMemOffset, shl(5, i)), add(publicValues.offset, i), 0x01)
+            // Copy each byte of the public values into the proof. It copies the
+            // most significant bytes of public values first.
+            let publicValuesMemOffset := add(add(proofPtr, 0x1c0), 0x1f)
+            for { let i := 0 } iszero(eq(i, PUBLIC_VALUES_LENGTH)) { i := add(i, 1) } {
+                calldatacopy(add(publicValuesMemOffset, shl(5, i)), add(publicValues.offset, i), 0x01)
             }
         }
     }

test/OpenVmHalo2Verifier.t.sol

@@ -5,53 +5,53 @@ import { OpenVmHalo2Verifier, MemoryPointer } from "../src/OpenVmHalo2Verifier.s
 import { Test, console2, safeconsole as console } from "forge-std/Test.sol";
 
 contract OpenVmHalo2VerifierTest is Test, OpenVmHalo2Verifier {
-    bytes partialProof;
+    bytes proofData;
 
     bytes private constant kzgAccumulators =
         hex"000000000000000000000000000000000000000000d1437a9bb9ac3c1a16992c00000000000000000000000000000000000000000021a9ab5617c2d7d6ccf9af0000000000000000000000000000000000000000000008ba19dc0f462a92dc0900000000000000000000000000000000000000000025694ae0246cb4b406b0970000000000000000000000000000000000000000004ec055f528761bb24e7098000000000000000000000000000000000000000000000b0dcb882b8af688ddc4000000000000000000000000000000000000000000e7eb1b7903923438cc8b54000000000000000000000000000000000000000000af1197617343468c85c9d6000000000000000000000000000000000000000000002d22b55036423bb4c266000000000000000000000000000000000000000000280255aa13e24534841355000000000000000000000000000000000000000000bcffb01f01132cb2ea1eb20000000000000000000000000000000000000000000000c69662a512b8d21501";
     bytes private constant suffix =
         hex"2775c493e84b4ea63465d98b4666134e274cd3d66eaf6b59a6dbeddb594de2091ae1f48e567caf12f2b888d339ba7f99ab4603cf008397276d562f67ad058c9410cc4bdb94e881438afc407093d722a48089d5784437d52a4bafc6e9819bf4e00bec156cd36cb7f7883d9ed0196b4f2ce825b2b579a08ec670d0b8708d476f610d620bbaac86de1c27ad5dfce81d3479c72e603025c1b3dc30559150467c1680022031fdd52469b8884250650abf7fb3c5a38018c285e3412d266f937aa0ef2c0d07838c09f45be93e8c0f653eddcb3565cb6c124dca1433684aba18f8cb58802af17390906939ca5d7f37bcd2f02f5138c9afcdd6ebe543dbbee0f775e1c40d2722ddbd7b4c08aba7a4f7ebd96b801afb946e453e69ea9ce118d47f6408b21914042c2f38028b0c160541d4fadb04a1a5b647cc8569247377be8202a468b1cb279b82a31e702f57385e36f7734f6b391d6a50fd14d09e0c30eab5cc4c8c6e5029bd146dea01b1b317ec886eaef10e4752867f6a0f88f20ba6e23b5a842e930d2883c12cbcf1306cedc382aa0207cb33cf01435390660f944e69687fb16ce7180c474460f997bd0efff02754973fd493cda33c7b364b89997409dbac35ca54f01b74498360f00fbf7092e589de2020641a954a27c92b862303dad302f258c9530c729d2baeccb32dbce5bf1ddc0758529f020b75806fd0b3cdf61670d88027e5028badbe0381b6eb6b68955284be0f85de4865ffcde32a8ce08182fe3cd433e91074bce48f7cb8295e8af1d1d9ccacce4490506e7adc9b29e88aba93f1b207ed28328bfe9f6cf3b6d3547bdb430f48898f78fa6c3e18234c855e0a52bb78c5d0131533e4a471a039c7cab0f266daf91f1834589a624400edc4398e7e828f582c07aa42c25d1b672cfb45eac915f8c4dbafd3205c29100c2992d45affacb9f19020535efdc88776c1c3aca1260df676ddfe99782c48ec29d38eea6b12f06d536702d6164196e22b4e348c9afe0c8f5572b4651c01cc00314a2291cc27e1763a762c1e3fbb8e98f1b99abdfdfa786508d7cc44df1d5d02f934bf3014a36090e464273f4d8c1b7877eb0b290223dac7d9cf81ec17f791d11aa4a1b68f9693796e7b0a8e03eceb1e616b44d174568825ffaca4cbeb4c4aab4e0e9c6723385e3cdeca273c175f927edc0111bc70e928bb1082a6b835e3ce1e3ed65c0dff86922d451806fb038d5521c9ba7fa99d60dc5f69d561b00799c6daa0ea4e43a3d33a456b2b19ed25f31ceebf094342dc5da14ef72395949b799483d059a7e65a246a8f45ad1c48b3b8a76fb17dc5a80bfe5d7900a9870397d653644d404cde9ab38c8b4aea0d3e6682eb89cfb1f50e1e5a8140543232c48d76b947416ee9950c0f5dc11b200e5bf99a7434f8174b56d22164d8b76bf640310d52d589a046d53b117d2bf3f9112b7a7fce911175c9801442086a89b0973b4d957ae8e947879c51835ef64fa027cbfabaddc03997a2b92fd79f0973f694696f56543e83a8f19119473ebff740014caa87269b99c0adf301358c2f3776c760068bf7b596de58dc752d758e7ed3224cbc8d6edda7bc8c4547db51d9c78ce44a178a6e03cae750dfbe643acd08972f5ae0952cd44c62797787661c879af3a7330a53b23bcdd93aa7e3d61039d95622a882f24f6ecd1fc5400d4c8abf867ec3d5a2de8388fa8d6d1026227c6716a002cbf4a89570842bd00a4c0fda5a055473d973f1115d49e77fef7a69fee3131803e935eaeea4bf493566a48ab82e4bf8c3552cc58376974341021ce82f09f4081ddbcbab8b9c65979a5643d145e8fd093cd3769a353c8c9f58830719ec0683c422b28a02f74ca326db6911af0e9bc67cb42007a65ad3e8942d823ba0c31ae2c322f45f1f54aca1193f948c49885fee5960695994cb73b2f572a8ac2be49192b5";
     bytes32 appExeCommit = bytes32(0x0063802e02e9f8db01adecac53ea5c1db95bdbacf7800b9e29e27527cfd2613b);
-    bytes32 guestPvsHash = bytes32(uint256(0));
+    bytes32 publicValues = bytes32(uint256(0));
 
     uint256 private constant FULL_PROOF_WORDS = (12 + 2 + 32 + 43);
 
     uint256 private constant FULL_PROOF_LENGTH = (12 + 2 + 32 + 43) * 32;
 
     function setUp() public {
-        partialProof = abi.encodePacked(kzgAccumulators, suffix);
+        proofData = abi.encodePacked(kzgAccumulators, suffix);
     }
 
     function test_verifyProof() public view {
-        this.verify(abi.encodePacked(guestPvsHash), partialProof, appExeCommit);
+        this.verify(abi.encodePacked(publicValues), proofData, appExeCommit);
     }
 
     function test_proofFormat() public view {
-        this.constructAndCheckProof(abi.encodePacked(guestPvsHash), partialProof, appExeCommit);
+        this.constructAndCheckProof(abi.encodePacked(publicValues), proofData, appExeCommit);
     }
 
-    function testFuzz_proofFormat(uint256 partialProofSeed, bytes32 _guestPvsHash, bytes32 _appExeCommit) public {
-        vm.assume(_guestPvsHash != bytes32(0));
+    function testFuzz_proofFormat(uint256 proofDataSeed, bytes32 _publicValues, bytes32 _appExeCommit) public {
+        vm.assume(_publicValues != bytes32(0));
         vm.assume(_appExeCommit != bytes32(0));
 
-        bytes memory _partialProof = new bytes(55 * 32);
+        bytes memory _proofData = new bytes(55 * 32);
         for (uint256 i = 0; i < 55 * 32; ++i) {
-            bytes1 _byte = bytes1(uint8(uint256(keccak256(abi.encodePacked(partialProofSeed, i)))));
-            _partialProof[i] = _byte;
+            bytes1 _byte = bytes1(uint8(uint256(keccak256(abi.encodePacked(proofDataSeed, i)))));
+            _proofData[i] = _byte;
         }
 
-        partialProof = _partialProof;
-        guestPvsHash = _guestPvsHash;
+        proofData = _proofData;
+        publicValues = _publicValues;
         appExeCommit = _appExeCommit;
 
         test_proofFormat();
     }
 
-    function constructAndCheckProof(bytes calldata _guestPvs, bytes calldata _partialProof, bytes32 _appExeCommit)
+    function constructAndCheckProof(bytes calldata _publicValues, bytes calldata _proofData, bytes32 _appExeCommit)
         external
         view
     {
-        MemoryPointer proofPtr = _constructProof(_guestPvs, _partialProof, _appExeCommit);
+        MemoryPointer proofPtr = _constructProof(_publicValues, _proofData, _appExeCommit);
 
         // _constructProof will return a pointer to memory that will hold the
         // proof data in a block of size FULL_PROOF_LENGTH. However, this won't
@@ -91,35 +91,45 @@ contract OpenVmHalo2VerifierTest is Test, OpenVmHalo2Verifier {
     }
 
     function checkProofFormat(bytes calldata proof) external view {
-        bytes memory partialProofExpected = partialProof;
+        bytes memory proofDataExpected = proofData;
 
         bytes memory _kzgAccumulators = proof[0:0x180];
-        bytes memory guestPvsSuffix = proof[0x5c0:];
-        bytes memory _partialProof = abi.encodePacked(_kzgAccumulators, guestPvsSuffix);
-        require(keccak256(_partialProof) == keccak256(partialProofExpected), "Partial proof mismatch");
+        bytes memory publicValuesSuffix = proof[0x5c0:];
+        bytes memory _proofData = abi.encodePacked(_kzgAccumulators, publicValuesSuffix);
+        require(keccak256(_proofData) == keccak256(proofDataExpected), "Proof data mismatch");
 
         bytes memory _appExeCommit = proof[0x180:0x1a0];
         bytes memory _leafExeCommit = proof[0x1a0:0x1c0];
 
         require(bytes32(_appExeCommit) == appExeCommit, "App exe commit mismatch");
         require(bytes32(_leafExeCommit) == LEAF_EXE_COMMIT, "Leaf exe commit mismatch");
 
-        bytes32 guestPvsHashExpected = guestPvsHash;
-        bytes calldata _guestPvsHash = proof[0x1c0:0x5c0];
+        bytes32 publicValuesExpected = publicValues;
+        bytes calldata _publicValues = proof[0x1c0:0x5c0];
         for (uint256 i = 0; i < 32; ++i) {
-            uint256 expected = uint256(uint8(guestPvsHashExpected[i]));
-            uint256 actual = uint256(bytes32(_guestPvsHash[i * 32:(i + 1) * 32]));
-            require(expected == actual, "Guest PVs hash mismatch");
+            uint256 expected = uint256(uint8(publicValuesExpected[i]));
+            uint256 actual = uint256(bytes32(_publicValues[i * 32:(i + 1) * 32]));
+            require(expected == actual, "Public values mismatch");
         }
     }
 
-    function test_RevertWhen_InvalidPartialProofLength() public {
-        vm.expectRevert(abi.encodeWithSelector(OpenVmHalo2Verifier.InvalidPartialProofLength.selector));
-        this.verify(abi.encodePacked(guestPvsHash), hex"aa", appExeCommit);
+    function test_RevertWhen_InvalidProofDataLength() public {
+        vm.expectRevert(abi.encodeWithSelector(OpenVmHalo2Verifier.InvalidProofDataLength.selector));
+        this.verify(abi.encodePacked(publicValues), hex"aa", appExeCommit);
     }
 
-    function test_RevertWhen_InvalidGuestPvsLength() public {
-        vm.expectRevert(abi.encodeWithSelector(OpenVmHalo2Verifier.InvalidGuestPvsLength.selector));
-        this.verify(partialProof, hex"aa", appExeCommit);
+    function test_RevertWhen_InvalidPublicValuesLength() public {
+        vm.expectRevert(abi.encodeWithSelector(OpenVmHalo2Verifier.InvalidPublicValuesLength.selector));
+        this.verify(proofData, hex"aa", appExeCommit);
+    }
+
+    function test_RevertWhen_ProofVerificationFailed() public {
+        bytes memory corruptedKzgAccumulators = kzgAccumulators;
+        corruptedKzgAccumulators[0] = bytes1(uint8(0x01));
+
+        bytes memory corruptedProofData = abi.encodePacked(corruptedKzgAccumulators, suffix);
+
+        vm.expectRevert(abi.encodeWithSelector(OpenVmHalo2Verifier.ProofVerificationFailed.selector));
+        this.verify(abi.encodePacked(publicValues), corruptedProofData, appExeCommit);
     }
 }