feat: OpenVmHalo2Verifier (#1549)

This PR adds a new verifier contract generation that wraps the original
`snark-verifier` output (via inheritance). The goal of this wrapper
`OpenVmHalo2Verifier` is to expose a more friendly interface to users
that cleanly separates out the guest program public values.
`OpenVmHalo2Verifier` exposes the following interface:

```solidity
interface IOpenVmHalo2Verifier {
    function verify(bytes calldata publicValues, bytes calldata proofData, bytes32 appExeCommit, bytes32 appVmCommit)
        external
        view;
}
```

- `publicValues`: The bytes revealed in the OpenVM guest program packed
together.
- `proofData`: Defined as `abi.encodePacked(KZG accumulators,
publicValuesSuffix)`
- `appExeCommit`: The commitment to the OpenVM application executable
whose execution is being verified.
- `appVmCommit`: The commitment to the VM configuration (aka
`leaf_exe_commit`)

Once received, the proof is constructed into the format expected by
`snark-verifier`. The expected format is
`abi.encodePacked(proofData[0:0x180], appExeCommit, appVmExeCommit,
publicValuesPayload, proofData[0x180:])` where `publicValuesPayload` is
a memory payload with each byte in `publicValues` separated into its own
`bytes32` word.

Since `OpenVmHalo2Verifier` inherits the `snark-verifier` output, the
proof is forwarded via self-call.

## Verifier Generation

The smart contract is written as a template that does not compile in
isolation. During generation, the OpenVM SDK will fill out the maximum
amount of public values and the OpenVM version with which the generation
happened.

Given an output folder, the relevant contracts are written into the
following folder structure:

```
halo2/
├── interfaces/
│   └── IOpenVmHalo2Verifier.sol
├── OpenVmHalo2Verifier.sol
├── Halo2Verifier.sol
```

`cargo openvm setup` will now generate this output directly into the
`~/.openvm/` dir.

Closes INT-3710

Author: HrikB

crates/sdk/Cargo.toml

@@ -8,6 +8,7 @@ repository.workspace = true
 license.workspace = true
 
 [dependencies]
+
 p3-fri = { workspace = true }
 openvm-algebra-circuit = { workspace = true }
 openvm-algebra-transpiler = { workspace = true }

crates/sdk/src/lib.rs

@@ -1,4 +1,11 @@
-use std::{fs::read, marker::PhantomData, path::Path, sync::Arc};
+use std::{
+    env,
+    fs::{create_dir_all, read, write},
+    marker::PhantomData,
+    path::Path,
+    process::Command,
+    sync::Arc,
+};
 
 #[cfg(feature = "evm-verify")]
 use alloy_sol_types::sol;
@@ -43,6 +50,10 @@ use snark_verifier_sdk::{evm::gen_evm_verifier_sol_code, halo2::aggregation::Agg
 
 use crate::{
     config::AggConfig,
+    fs::{
+        EVM_HALO2_VERIFIER_BASE_NAME, EVM_HALO2_VERIFIER_INTERFACE_NAME,
+        EVM_HALO2_VERIFIER_PARENT_NAME,
+    },
     keygen::{AggProvingKey, AggStarkProvingKey},
     prover::{AppProver, StarkProver},
 };
@@ -540,3 +551,48 @@ impl<E: StarkFriEngine<SC>> GenericSdk<E> {
         Ok(gas_cost)
     }
 }
+
+/// We will split the output by whitespace and look for the following
+/// sequence:
+/// [
+///     ...
+///     "=======",
+///     "OpenVmHalo2Verifier.sol:OpenVmHalo2Verifier",
+///     "=======",
+///     "Binary:"
+///     "[compiled bytecode]"
+///     ...
+/// ]
+///
+/// Once we find "OpenVmHalo2Verifier.sol:OpenVmHalo2Verifier," we can skip
+/// to the appropriate offset to get the compiled bytecode.
+fn extract_binary(output: &[u8], contract_name: &str) -> Vec<u8> {
+    let split = split_by_ascii_whitespace(output);
+    let contract_name_bytes = contract_name.as_bytes();
+
+    for i in 0..split.len().saturating_sub(3) {
+        if split[i] == contract_name_bytes {
+            return hex::decode(split[i + 3]).expect("Invalid hex in Binary");
+        }
+    }
+
+    panic!("Contract '{}' not found", contract_name);
+}
+
+fn split_by_ascii_whitespace(bytes: &[u8]) -> Vec<&[u8]> {
+    let mut split = Vec::new();
+    let mut start = None;
+    for (idx, byte) in bytes.iter().enumerate() {
+        if byte.is_ascii_whitespace() {
+            if let Some(start) = start.take() {
+                split.push(&bytes[start..idx]);
+            }
+        } else if start.is_none() {
+            start = Some(idx);
+        }
+    }
+    if let Some(last) = start {
+        split.push(&bytes[last..]);
+    }
+    split
+}