feat: add row usages to chunk proof, and refactor prover codes (#1314)

* change keccak degree for agg circuit

* fix agg keccak rows

* fix config

* disable some agg tests

* avoid to regen WitnessBlock when chunk proof can be loaded

* add type ChunkProvingTask and BatchProvingTask

* fix

* clean deps

* try

* Revert "try"

This reverts commit c671eef.

* Revert "clean deps"

This reverts commit 7993665.

* get_step_reported_error return err instead of panic

* add row usage to chunk proof

* use BatchProvingTask

* done

* rename ChunkHash to ChunkInfo as golang side

* more on renaming ChunkHash to ChunkInfo as golang side

* fmt

* fmt

* update comments

* lint

* make ChunkProvingTask.chunk_info optional

* upgrade workspace Cargo.toml version to v0.11.0

* add ChunkProvingTask::from(Vec<BlockTrace>)

* simplify codes about proof and add some comments

* super circuit prover can return snark

.rustfmt.toml

@@ -0,0 +1 @@
+wrap_comments = false

Cargo.toml

@@ -17,7 +17,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.1.0"
+version = "0.11.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 

aggregator/src/batch.rs

@@ -6,7 +6,7 @@ use ethers_core::utils::keccak256;
 
 use crate::{
     blob::{BatchData, PointEvaluationAssignments},
-    chunk::ChunkHash,
+    chunk::ChunkInfo,
 };
 
 #[derive(Default, Debug, Clone)]
@@ -23,7 +23,7 @@ pub struct BatchHash<const N_SNARKS: usize> {
     /// chunks with padding.
     /// - the first [0..number_of_valid_chunks) are real ones
     /// - the last [number_of_valid_chunks, N_SNARKS) are padding
-    pub(crate) chunks_with_padding: Vec<ChunkHash>,
+    pub(crate) chunks_with_padding: Vec<ChunkInfo>,
     /// The batch data hash:
     /// - keccak256([chunk.hash for chunk in batch])
     pub(crate) data_hash: H256,
@@ -41,7 +41,7 @@ pub struct BatchHash<const N_SNARKS: usize> {
 
 impl<const N_SNARKS: usize> BatchHash<N_SNARKS> {
     /// Build Batch hash from an ordered list of #N_SNARKS of chunks.
-    pub fn construct(chunks_with_padding: &[ChunkHash]) -> Self {
+    pub fn construct(chunks_with_padding: &[ChunkInfo]) -> Self {
         assert_eq!(
             chunks_with_padding.len(),
             N_SNARKS,
@@ -111,7 +111,7 @@ impl<const N_SNARKS: usize> BatchHash<N_SNARKS> {
         let preimage = chunks_with_padding
             .iter()
             .take(number_of_valid_chunks)
-            .flat_map(|chunk_hash| chunk_hash.data_hash.0.iter())
+            .flat_map(|chunk_info| chunk_info.data_hash.0.iter())
             .cloned()
             .collect::<Vec<_>>();
         let batch_data_hash = keccak256(preimage);

aggregator/src/blob.rs

@@ -1,6 +1,6 @@
 use crate::{
     aggregation::{interpolate, witgen::init_zstd_encoder, BLS_MODULUS},
-    BatchHash, ChunkHash,
+    BatchHash, ChunkInfo,
 };
 
 use eth_types::{ToBigEndian, H256, U256};
@@ -173,7 +173,7 @@ impl<const N_SNARKS: usize> BatchData<N_SNARKS> {
         N_BATCH_BYTES + Self::n_rows_digest()
     }
 
-    pub(crate) fn new(num_valid_chunks: usize, chunks_with_padding: &[ChunkHash]) -> Self {
+    pub(crate) fn new(num_valid_chunks: usize, chunks_with_padding: &[ChunkInfo]) -> Self {
         assert!(num_valid_chunks > 0);
         assert!(num_valid_chunks <= N_SNARKS);
 

aggregator/src/chunk.rs

@@ -8,14 +8,15 @@ use zkevm_circuits::witness::Block;
 
 #[derive(Default, Debug, Clone, Deserialize, Serialize)]
 /// A chunk is a set of continuous blocks.
-/// A ChunkHash consists of 5 hashes, representing the changes incurred by this chunk of blocks:
+/// ChunkInfo is metadata of chunk, with following fields:
 /// - state root before this chunk
 /// - state root after this chunk
 /// - the withdraw root after this chunk
 /// - the data hash of this chunk
 /// - the tx data hash of this chunk
+/// - flattened L2 tx bytes
 /// - if the chunk is padded (en empty but valid chunk that is padded for aggregation)
-pub struct ChunkHash {
+pub struct ChunkInfo {
     /// Chain identifier
     pub chain_id: u64,
     /// state root before this chunk
@@ -33,7 +34,7 @@ pub struct ChunkHash {
     pub is_padding: bool,
 }
 
-impl ChunkHash {
+impl ChunkInfo {
     /// Construct by a witness block.
     pub fn from_witness_block(block: &Block, is_padding: bool) -> Self {
         // <https://github.com/scroll-tech/zkevm-circuits/blob/25dd32aa316ec842ffe79bb8efe9f05f86edc33e/bus-mapping/src/circuit_input_builder.rs#L690>
@@ -121,9 +122,9 @@ impl ChunkHash {
         H256(keccak256(&self.tx_bytes))
     }
 
-    /// Sample a chunk hash from random (for testing)
+    /// Sample a chunk info from random (for testing)
     #[cfg(test)]
-    pub(crate) fn mock_random_chunk_hash_for_testing<R: rand::RngCore>(r: &mut R) -> Self {
+    pub(crate) fn mock_random_chunk_info_for_testing<R: rand::RngCore>(r: &mut R) -> Self {
         use eth_types::Address;
         use ethers_core::types::TransactionRequest;
         use rand::{
@@ -194,7 +195,7 @@ impl ChunkHash {
 
     /// Build a padded chunk from previous one
     #[cfg(test)]
-    pub(crate) fn mock_padded_chunk_hash_for_testing(previous_chunk: &Self) -> Self {
+    pub(crate) fn mock_padded_chunk_info_for_testing(previous_chunk: &Self) -> Self {
         assert!(
             !previous_chunk.is_padding,
             "previous chunk is padded already"

aggregator/src/lib.rs

@@ -27,7 +27,7 @@ mod tests;
 pub use self::core::extract_proof_and_instances_with_pairing_check;
 pub use aggregation::*;
 pub use batch::BatchHash;
-pub use chunk::ChunkHash;
+pub use chunk::ChunkInfo;
 pub use compression::*;
 pub use constants::MAX_AGG_SNARKS;
 pub(crate) use constants::*;

aggregator/src/tests/aggregation.rs

@@ -8,7 +8,7 @@ use snark_verifier_sdk::{gen_pk, gen_snark_shplonk, verify_snark_shplonk, Circui
 
 use crate::{
     aggregation::AggregationCircuit, batch::BatchHash, constants::MAX_AGG_SNARKS, layer_0,
-    tests::mock_chunk::MockChunkCircuit, ChunkHash,
+    tests::mock_chunk::MockChunkCircuit, ChunkInfo,
 };
 
 // See https://github.com/scroll-tech/zkevm-circuits/pull/1311#issuecomment-2139559866
@@ -141,13 +141,13 @@ fn build_new_aggregation_circuit<const N_SNARKS: usize>(
     let params = gen_srs(k0);
 
     let mut chunks_without_padding = (0..num_real_chunks)
-        .map(|_| ChunkHash::mock_random_chunk_hash_for_testing(&mut rng))
+        .map(|_| ChunkInfo::mock_random_chunk_info_for_testing(&mut rng))
         .collect_vec();
     for i in 0..num_real_chunks - 1 {
         chunks_without_padding[i + 1].prev_state_root = chunks_without_padding[i].post_state_root;
     }
     let padded_chunk =
-        ChunkHash::mock_padded_chunk_hash_for_testing(&chunks_without_padding[num_real_chunks - 1]);
+        ChunkInfo::mock_padded_chunk_info_for_testing(&chunks_without_padding[num_real_chunks - 1]);
     let chunks_with_padding = [
         chunks_without_padding,
         vec![padded_chunk; N_SNARKS - num_real_chunks],

aggregator/src/tests/mock_chunk.rs

@@ -13,7 +13,7 @@ use zkevm_circuits::{table::KeccakTable, util::Challenges};
 
 use crate::{
     constants::{ACC_LEN, DIGEST_LEN},
-    ChunkHash, RlcConfig, LOG_DEGREE,
+    ChunkInfo, RlcConfig, LOG_DEGREE,
 };
 
 /// This config is used to compute RLCs for bytes.
@@ -36,11 +36,11 @@ pub struct MockConfig {
 pub(crate) struct MockChunkCircuit {
     // This circuit has an accumulator if it has already gone through compression
     pub(crate) has_accumulator: bool,
-    pub(crate) chunk: ChunkHash,
+    pub(crate) chunk: ChunkInfo,
 }
 
 impl MockChunkCircuit {
-    pub(crate) fn new(has_accumulator: bool, chunk: ChunkHash) -> Self {
+    pub(crate) fn new(has_accumulator: bool, chunk: ChunkInfo) -> Self {
         MockChunkCircuit {
             has_accumulator,
             chunk,
@@ -54,11 +54,11 @@ impl MockChunkCircuit {
         has_accumulator: bool,
         is_padding: bool,
     ) -> Self {
-        let chunk = ChunkHash::mock_random_chunk_hash_for_testing(r);
+        let chunk = ChunkInfo::mock_random_chunk_info_for_testing(r);
         Self {
             has_accumulator,
             chunk: if is_padding {
-                ChunkHash::mock_padded_chunk_hash_for_testing(&chunk)
+                ChunkInfo::mock_padded_chunk_info_for_testing(&chunk)
             } else {
                 chunk
             },

bus-mapping/src/circuit_input_builder/input_state_ref.rs

@@ -1654,7 +1654,7 @@ impl<'a> CircuitInputStateRef<'a> {
         }
 
         if let Some(error) = step.error {
-            return Ok(Some(get_step_reported_error(&step.op, error)));
+            return Ok(Some(get_step_reported_error(&step.op, error)?));
         }
 
         let call = self.call()?;

bus-mapping/src/error.rs

@@ -180,8 +180,11 @@ pub enum ExecError {
 }
 
 // TODO: Move to impl block.
-pub(crate) fn get_step_reported_error(op: &OpcodeId, error: GethExecError) -> ExecError {
-    match error {
+pub(crate) fn get_step_reported_error(
+    op: &OpcodeId,
+    error: GethExecError,
+) -> Result<ExecError, Error> {
+    Ok(match error {
         GethExecError::OutOfGas | GethExecError::GasUintOverflow => {
             // NOTE: We report a GasUintOverflow error as an OutOfGas error
             let oog_err = match op {
@@ -218,6 +221,12 @@ pub(crate) fn get_step_reported_error(op: &OpcodeId, error: GethExecError) -> Ex
         GethExecError::StackOverflow { .. } => ExecError::StackOverflow,
         GethExecError::StackUnderflow { .. } => ExecError::StackUnderflow,
         GethExecError::WriteProtection => ExecError::WriteProtection,
-        _ => panic!("Unknown GethExecStep.error: {error}"),
-    }
+        _ => {
+            log::error!("Unknown GethExecStep.error: {error}");
+            let err_msg = format!("Unknown GethExecStep.error: {op:?} {error}");
+            return Err(Error::InvalidGethExecTrace(Box::leak(
+                err_msg.into_boxed_str(),
+            )));
+        }
+    })
 }

prover/src/aggregator.rs

@@ -1,6 +1,6 @@
 mod prover;
 mod verifier;
 
-pub use self::prover::Prover;
+pub use self::prover::{check_chunk_hashes, Prover};
 pub use aggregator::{BatchHash, MAX_AGG_SNARKS};
 pub use verifier::Verifier;