feat: merge-train/avm (#22059)

BEGIN_COMMIT_OVERRIDE
fix(avm)!: data copy read padding (#21921)
fix(avm)!: sha256 pre-audit (#22001)
END_COMMIT_OVERRIDE

Author: jeanmon

barretenberg/cpp/pil/vm2/data_copy.pil

@@ -55,30 +55,29 @@ include "gt.pil";
  * context (using dst_context_id).
  * - M[src_addr]: aka value[0] (the first value read from the src context)
  *     - the memory tag is ignored for these reads
- * - M[src_addr + data_index_upper_bound - 1]: aka value[data_index_upper_bound - 1] (the last value read from the src context)
- *     - data_index_upper_bound is derived from the copy_size, see pil relations for an explanation
+ * - M[src_addr + clamped_read_index_upper_bound - 1]: aka value[clamped_read_index_upper_bound - 1] (the last value read from the src context)
+ *     - clamped_read_index_upper_bound is derived from the copy_size, see pil relations for an explanation
  *     - the memory tag is ignored for these reads
  * - M[dst_addr]: aka output[0] (the first value written to the dst context)
  *     - guaranteed by this gadget to be FF
  * - M[dst_addr + copy_size - 1]: aka output[copy_size - 1] (the last value written to the dst context)
  *     - guaranteed by this gadget to be FF
  *
  * ERROR HANDLING:
- * There is one type of potential errors that is checked: memory out of range accesses
- * They are checked simultaneously and are part of the same temporality group.
- * - src_out_of_range_err: if the read address is out of range
- * - dst_out_of_range_err: if the write address is out of range
- * - err: if either of the above errors is set
- * If there are no errors, we read and write the calldata/returndata from the parent/child context to the current context
+ * There is one type of error: dst_out_of_range_err (write address exceeds memory).
+ * Source out-of-range reads are NOT errors. Instead, reads that would exceed the memory space
+ * are clamped and the remaining writes are zero-padded. This is consistent with top-level
+ * calldata copy behavior where reads past the data boundary return 0.
+ *
  * COMPUTING AMOUNT OF DATA TO READ
- * We need to ensure that we do not read outside the bounds designated by the parent/child context for their respective data.
- * this data_index_upper_bound is computed via min(data_size, copy_size + copy_offset).
+ * We first compute read_index_upper_bound = min(data_size, copy_size + copy_offset).
+ * If src_addr + read_index_upper_bound > AVM_MEMORY_SIZE, we clamp to (AVM_MEMORY_SIZE - src_addr).
  *
  * READING / WRITING DATA
  * At each row, the i-th data is simultaneously read from the parent/child and written into the current context
  * For top level calldatacopy, the data is retrieved from the calldata column instead of memory.
- * The number of reads that are performed is (data_index_upper_bound - copy_offset), while the number of writes is copy_size
- * If the data_index_upper_bound < copy_offset, the number of reads is constrained to be 0.
+ * The number of reads that are performed is (clamped_read_index_upper_bound - copy_offset), while the number of writes is copy_size
+ * If the clamped_read_index_upper_bound < copy_offset, the number of reads is constrained to be 0.
  * If num_reads < copy_size, the remaining (copy_size - num_reads) rows are designated as padding rows.
  * padding rows are constrained to have the value = 0.
  *
@@ -103,7 +102,7 @@ include "gt.pil";
  *     src_context_id, dst_context_id,
  *     copy_size, offset, dst_addr,
  *     src_addr, src_data_size,
- *     err
+ *     dst_out_of_range_err
  * }
  *
  * Usage: RD COPY
@@ -120,7 +119,7 @@ include "gt.pil";
  *     src_context_id, dst_context_id,
  *     copy_size, offset, dst_addr,
  *     src_addr, src_data_size,
- *     err
+ *     dst_out_of_range_err
  * };
  *
  * Inputs:
@@ -134,7 +133,7 @@ include "gt.pil";
  * @column src_data_size The size of the data in the parent/child context.
  *
  * Output:
- * @column err The error flag.
+ * @column dst_out_of_range_err The error flag (only dst out of range is an error).
  *
  * Multi-rows computation:
  * 1) Happy path: number of rows = copy_size
@@ -247,12 +246,12 @@ namespace data_copy;
     // Computing the src index upper bound
     //////////////////////////////////////
     // Computing the read count, i.e. the number of elements that will be read from the src data.
-    // We compute the data index upper bound using min(offset + copy_size, src_data_size)
-    // This ensures that we cannot read pass the designated data address assigned by the parent/child
+    // We first compute read_index_upper_bound = min(offset + copy_size, src_data_size).
+    // This ensures that we cannot read past the designated data address assigned by the parent/child.
     // The min operation is essentially checking the comparison of the following
     // 1) (offset + copy_size) > src_data_size or
     // 2) (offset + copy_size) <= src_data_size
-    // if (1) then data_index_upper_bound = src_data_size, otherwise data_index_upper_bound = (offset + copy_size)
+    // if (1) then read_index_upper_bound = src_data_size, otherwise read_index_upper_bound = (offset + copy_size)
     pol commit offset_plus_size;
     offset_plus_size = sel_start * (offset + copy_size);
     pol commit offset_plus_size_is_gt; // @boolean (by lookup into gt)
@@ -265,41 +264,56 @@ namespace data_copy;
     in
     gt.sel_others { gt.input_a, gt.input_b, gt.res };
 
-    // Set data_index_upper_bound based on the conditions (1) or (2) from above
-    pol commit data_index_upper_bound;
-    data_index_upper_bound = sel_start * ((src_data_size - offset_plus_size) * offset_plus_size_is_gt + offset_plus_size);
+    // Read index upper bound: min(offset + copy_size, src_data_size)
+    pol READ_INDEX_UPPER_BOUND = (src_data_size - offset_plus_size) * offset_plus_size_is_gt + offset_plus_size;
 
     //////////////////////////////
-    // Error Handling
+    // Src Address Range Clamping
     //////////////////////////////
-    // Errors on whether the read or write addresses are out of range in memory. (provided that sel_start == 1).
-    pol commit src_out_of_range_err; // @boolean (by lookup into gt)
-    pol commit dst_out_of_range_err; // @boolean (by lookup into gt)
+    // If the src read addresses exceed the memory space (src_addr + read_index_upper_bound > AVM_MEMORY_SIZE),
+    // we clamp its value so that reads stay within memory bounds (`clamped_read_index_upper_bound`).
+    // Out-of-range reads return 0 (padding). This is NOT an error — it is consistent with top-level
+    // calldata copy behavior where reads past the data boundary return 0.
 
     // AVM_MEMORY_SIZE == AVM_HIGHEST_MEM_ADDRESS + 1.
-    pol commit mem_size; // todo: While we do not support constants
+    pol commit mem_size; // Lookup constant support: We need this temporarily while we do not allow for aliases in the lookup tuple
     sel_start * (mem_size - constants.AVM_MEMORY_SIZE) = 0;
 
-    // To check that the read and write addresses are within range, we compare the upper bound
-    // of the read/write addresses to the memory size. Working with upper bounds is easier than
-    // working with the highest read/write address as we avoid an underflow when src_addr/dst_addr
-    // and copy_size/data_index_upper_bound are both zero.
-    // Example: src_addr = AVM_HIGHEST_MEM_ADDRESS, data_index_upper_bound = 1 is perfectly valid
-    // and read_addr_upper_bound = AVM_HIGHEST_MEM_ADDRESS + 1 <= AVM_MEMORY_SIZE.
-    // An out-of-range error is raised when read_addr_upper_bound/write_addr_upper_bound > AVM_MEMORY_SIZE.
+    pol commit src_reads_exceed_mem; // @boolean (by lookup into gt) — clamping flag
 
-    // Note that for a top-level call, src_addr == 0 (enforced in context.pil (#[CD_OFFSET_ENQUEUED_CALL_IS_ZERO]))
-    // and src_out_of_range_err == 0.
-    pol commit read_addr_upper_bound;
-    read_addr_upper_bound = sel_start * (src_addr + data_index_upper_bound);
+    pol commit read_addr_upper_bound; // the upper bound of the address that is accessed
+    read_addr_upper_bound = sel_start * (src_addr + READ_INDEX_UPPER_BOUND);
     // Preconditions to `gt` gadget require both inputs to be bounded by 2^128.
-    // `read_addr_upper_bound` = src_addr + data_index_upper_bound (former is U32, latter is < 2^33, so < 2^34).
+    // `read_addr_upper_bound` = src_addr + read_index_upper_bound (former is U32, latter is < 2^33, so < 2^34).
     // `mem_size` = AVM_MEMORY_SIZE = 2^32.
+    // Note that for a top-level call, src_addr == 0 (enforced in context.pil (#[CD_OFFSET_ENQUEUED_CALL_IS_ZERO]))
+    // and src_reads_exceed_mem == 0.
     #[CHECK_SRC_ADDR_IN_RANGE]
-    sel_start { read_addr_upper_bound, mem_size, src_out_of_range_err }
+    sel_start { read_addr_upper_bound, mem_size, src_reads_exceed_mem }
     in
     gt.sel_others { gt.input_a, gt.input_b, gt.res };
 
+    // Clamp clamped_read_index_upper_bound at (mem_size - src_addr) when src reads exceed memory.
+    // When src_reads_exceed_mem == 0: clamped_read_index_upper_bound = read_index_upper_bound
+    // When src_reads_exceed_mem == 1: clamped_read_index_upper_bound = mem_size - src_addr
+    // (mem_size - src_addr >= 1 since src_addr is U32 < AVM_MEMORY_SIZE)
+    //
+    // This is a data index (not a memory address). Valid range: [0, min(src_data_size, mem_size - src_addr)].
+    // - Lower bound: 0 when copy_size == 0 or src_data_size == 0.
+    // - Upper bound without clamping: min(offset + copy_size, src_data_size) <= src_data_size (U32).
+    // - Upper bound with clamping: min(read_index_upper_bound, mem_size - src_addr) <= mem_size - src_addr <= mem_size (U32).
+    // Used to compute reads_left = max(0, clamped - offset), which determines how many rows
+    // are real memory/column reads vs. zero-padded writes.
+    pol commit clamped_read_index_upper_bound;
+    clamped_read_index_upper_bound = sel_start * (READ_INDEX_UPPER_BOUND * (1 - src_reads_exceed_mem) + (mem_size - src_addr) * src_reads_exceed_mem);
+
+    //////////////////////////////
+    // Error Handling
+    //////////////////////////////
+    // Only dst address out of range is an error. Src out of range is handled by clamping reads (see above).
+    // Only constrained on start row
+    pol commit dst_out_of_range_err; // @boolean (by lookup into gt)
+
     pol commit write_addr_upper_bound;
     write_addr_upper_bound = sel_start * (dst_addr + copy_size);
     // Preconditions to `gt` gadget require both inputs to be bounded by 2^128.
@@ -310,16 +324,11 @@ namespace data_copy;
     in
     gt.sel_others { gt.input_a, gt.input_b, gt.res };
 
-    // Consolidate the errors
-    // Underconstrained for non-starting rows (sel_start = 0).
-    pol commit err; // @boolean (by definition)
-    err = 1 - (1 - dst_out_of_range_err) * (1 - src_out_of_range_err);
-
     //////////////////////////////
     // Control flow management
     //////////////////////////////
     pol commit sel_start_no_err; // @boolean (by definition)
-    sel_start_no_err = sel_start * (1 - err);
+    sel_start_no_err = sel_start * (1 - dst_out_of_range_err);
 
     pol commit sel_write_count_is_zero; // @boolean
     sel_write_count_is_zero * (1 - sel_write_count_is_zero) = 0;
@@ -339,29 +348,29 @@ namespace data_copy;
     SEL_PERFORM_COPY * (WRITE_COUNT_MINUS_ONE * (sel_end * (1 - write_count_minus_one_inv) + write_count_minus_one_inv) - 1 + sel_end) = 0;
 
     #[END_ON_ERR] // sel_end = 1 if error
-    sel_start * err * (sel_end - 1) = 0;
+    sel_start * dst_out_of_range_err * (sel_end - 1) = 0;
 
     pol commit reads_left; // Number of reads of the src data, if reads_left = 0 but copy_size != 0 then it is a padding row
-    // src data elements are read from indices [offset, data_index_upper_bound), therefore reads_left = data_index_upper_bound - offset
-    // We need to be careful that data_index_upper_bound - offset does not underflow (i.e. when offset > data_index_upper_bound, reads_left = 0)
+    // src data elements are read from indices [offset, clamped_read_index_upper_bound), therefore reads_left = clamped_read_index_upper_bound - offset
+    // We need to be careful that clamped_read_index_upper_bound - offset does not underflow (i.e. when offset > clamped_read_index_upper_bound, reads_left = 0)
     // We test that condition here
-    pol commit data_index_upper_bound_gt_offset; // @boolean (by lookup into gt)
+    pol commit sel_has_reads; // @boolean (by lookup into gt)
     // Preconditions to `gt` gadget require both inputs to be bounded by 2^128.
-    // `data_index_upper_bound` is at most `src_data_size` which is U32. `offset` is U32.
-    #[DATA_INDEX_UPPER_BOUND_GT_OFFSET]
-    sel_start_no_err { data_index_upper_bound, offset, data_index_upper_bound_gt_offset }
+    // `clamped_read_index_upper_bound` is at most `src_data_size` which is U32. `offset` is U32.
+    #[SEL_HAS_READS]
+    sel_start_no_err { clamped_read_index_upper_bound, offset, sel_has_reads }
     in
     gt.sel_others { gt.input_a, gt.input_b, gt.res };
 
-    // If data_index_upper_bound_gt_offset = 0 (i.e. when offset >= data_index_upper_bound), reads_left = 0
-    // otherwise, reads_left = data_index_upper_bound - offset
+    // If sel_has_reads = 0 (i.e. when offset >= clamped_read_index_upper_bound), reads_left = 0
+    // otherwise, reads_left = clamped_read_index_upper_bound - offset
     #[INIT_READS_LEFT]
-    sel_start_no_err * (1 - sel_write_count_is_zero) * (reads_left - (data_index_upper_bound - offset) * data_index_upper_bound_gt_offset) = 0;
+    sel_start_no_err * (1 - sel_write_count_is_zero) * (reads_left - (clamped_read_index_upper_bound - offset) * sel_has_reads) = 0;
 
     //////////////////////////////
     // Execute Data Copy
     //////////////////////////////
-    // Most of these relations are either gated explicitly by err, end, or LATCH_CONDITION.
+    // Most of these relations are either gated explicitly by dst_out_of_range_err, end, or LATCH_CONDITION.
     // ===== Writing to dst_context_id =====
     pol commit sel_mem_write; // @boolean (by definition, see SEL_PERFORM_COPY)
     sel_mem_write = SEL_PERFORM_COPY; // We write if there is no error and copy_size != 0
@@ -402,7 +411,8 @@ namespace data_copy;
     sel * (1 - padding) * (1 - sel_end) * (reads_left' - reads_left + 1) = 0;
     pol commit padding; // @boolean If we write, padding = 1 iff reads_left = 0
     padding * (1 - padding) = 0;
-    pol commit reads_left_inv;
+    pol commit reads_left_inv; //@zero-check
+    // padding = 1  iff reads_left = 0
     #[PADDING_CONDITION]
     SEL_PERFORM_COPY * (reads_left * (padding * (1 - reads_left_inv) + reads_left_inv) - 1 + padding) = 0;
 
@@ -443,7 +453,7 @@ namespace data_copy;
     #[CD_COPY_COLUMN]
     cd_copy_col_read = SEL_PERFORM_COPY * (1 - padding) * is_top_level * sel_cd_copy;
 
-    // The calldata trace starts at index = 1 (TODO: We need this temporarily while we dont allow for aliases in the lookup tuple):
+    // Lookup constant support: The calldata trace starts at index = 1. We need this temporarily while we do not allow for aliases in the lookup tuple.
     pol commit read_addr_plus_one;
     read_addr_plus_one = cd_copy_col_read * (read_addr + 1);
 

barretenberg/cpp/pil/vm2/execution.pil

@@ -952,7 +952,7 @@ sel_exec_dispatch_calldata_copy {
         data_copy.src_context_id, data_copy.dst_context_id,
         data_copy.copy_size, data_copy.offset, data_copy.dst_addr,
         data_copy.src_addr, data_copy.src_data_size,
-        data_copy.err
+        data_copy.dst_out_of_range_err
 };
 
 #[DISPATCH_TO_RD_COPY]
@@ -967,7 +967,7 @@ sel_exec_dispatch_returndata_copy {
         data_copy.src_context_id, data_copy.dst_context_id,
         data_copy.copy_size, data_copy.offset, data_copy.dst_addr,
         data_copy.src_addr, data_copy.src_data_size,
-        data_copy.err
+        data_copy.dst_out_of_range_err
 };
 
 // SET DISPATCHING