Add macro define_verify_openvm_stark for stark verification

Author: nyunyunyunyu

Cargo.lock

@@ -140,6 +140,7 @@ openvm-native-circuit = { path = "extensions/native/circuit", default-features =
 openvm-native-compiler = { path = "extensions/native/compiler", default-features = false }
 openvm-native-compiler-derive = { path = "extensions/native/compiler/derive", default-features = false }
 openvm-native-recursion = { path = "extensions/native/recursion", default-features = false }
+openvm-native-transpiler = { path = "extensions/native/transpiler", default-features = false }
 openvm-keccak256-circuit = { path = "extensions/keccak256/circuit", default-features = false }
 openvm-keccak256-transpiler = { path = "extensions/keccak256/transpiler", default-features = false }
 openvm-keccak256-guest = { path = "extensions/keccak256/guest", default-features = false }

Cargo.toml

@@ -25,6 +25,7 @@ openvm-pairing-transpiler = { workspace = true }
 openvm-native-circuit = { workspace = true }
 openvm-native-compiler = { workspace = true }
 openvm-native-recursion = { workspace = true, features = ["static-verifier"] }
+openvm-native-transpiler = { workspace = true }
 openvm-rv32im-circuit = { workspace = true }
 openvm-rv32im-transpiler = { workspace = true }
 openvm-transpiler = { workspace = true }

crates/sdk/Cargo.toml

@@ -24,6 +24,7 @@ use openvm_native_circuit::{
     CastFExtension, CastFExtensionExecutor, CastFExtensionPeriphery, Native, NativeExecutor,
     NativePeriphery,
 };
+use openvm_native_transpiler::LongFormTranspilerExtension;
 use openvm_pairing_circuit::{
     PairingExtension, PairingExtensionExecutor, PairingExtensionPeriphery,
 };
@@ -138,6 +139,9 @@ impl SdkVmConfig {
         if self.sha256.is_some() {
             transpiler = transpiler.with_extension(Sha256TranspilerExtension);
         }
+        if self.native.is_some() {
+            transpiler = transpiler.with_extension(LongFormTranspilerExtension);
+        }
         if self.rv32m.is_some() {
             transpiler = transpiler.with_extension(Rv32MTranspilerExtension);
         }

crates/sdk/src/config/global.rs

@@ -126,6 +126,16 @@ pub fn reveal_u32(x: u32, index: usize) {
     println!("reveal {} at byte location {}", x, index * 4);
 }
 
+/// Store u32 `x` to the native address `native_addr` as 4 field element in byte.
+#[allow(unused_variables)]
+#[inline(always)]
+pub fn store_u32_to_native(native_addr: u32, x: u32) {
+    #[cfg(target_os = "zkvm")]
+    openvm_rv32im_guest::store_to_native!(native_addr, x);
+    #[cfg(not(target_os = "zkvm"))]
+    panic!("store_to_native_u32 cannot run on non-zkVM platforms");
+}
+
 /// A no-alloc writer to print to stdout on host machine for debugging purposes.
 pub struct Writer;
 

crates/toolchain/openvm/src/io/mod.rs

@@ -29,6 +29,8 @@ pub mod utils;
 
 #[cfg(not(target_os = "zkvm"))]
 pub mod host;
+#[cfg(target_os = "zkvm")]
+pub mod verify_stark;
 
 #[cfg(target_os = "zkvm")]
 core::arch::global_asm!(include_str!("memset.s"));

crates/toolchain/openvm/src/lib.rs

@@ -0,0 +1,42 @@
+/// Define a function with the given name that verifies an OpenVM Stark proof.
+#[macro_export]
+macro_rules! define_verify_openvm_stark {
+    ($fn_name: ident, $asm_folder: literal, $asm_filename: literal) => {
+        pub fn $fn_name(app_exe_commit: &[u32; 8], app_vm_commit: &[u32; 8], user_pvs: &[u32]) {
+            // The memory location for the start of the heap.
+            const HEAP_START_ADDRESS: u32 = 1 << 24;
+            const FIELDS_PER_U32: u32 = 4;
+            const FILENAME: &str = $asm_filename;
+            // Construct the hint key
+            let hint_key: alloc::vec::Vec<u8> = FILENAME
+                .as_bytes()
+                .iter()
+                .cloned()
+                .chain(app_exe_commit.iter().flat_map(|x| x.to_le_bytes()))
+                .chain(app_vm_commit.iter().flat_map(|x| x.to_le_bytes()))
+                .chain(user_pvs.iter().flat_map(|x| x.to_le_bytes()))
+                .collect();
+            openvm::io::hint_load_by_key(&hint_key);
+            // Store the expected public values into the beginning of the native heap.
+            let mut native_addr = HEAP_START_ADDRESS;
+            for &x in app_exe_commit {
+                openvm::io::store_u32_to_native(native_addr, x);
+                native_addr += FIELDS_PER_U32;
+            }
+            for &x in app_vm_commit {
+                openvm::io::store_u32_to_native(native_addr, x);
+                native_addr += FIELDS_PER_U32;
+            }
+            for &x in user_pvs {
+                openvm::io::store_u32_to_native(native_addr, x);
+                native_addr += FIELDS_PER_U32;
+            }
+            // Assumption: the asm file should be generated by SDK. The code block should:
+            // 1. Increase the heap pointer in order to avoid overwriting expected public values.
+            // 2. Hint a stark proof from the input stream
+            // 3. Verify the proof
+            // 4. Compare the public values with the expected ones. Panic if not equal.
+            unsafe { core::arch::asm!(include_str!(concat!($asm_folder, "/", $asm_filename)),) }
+        }
+    };
+}

crates/toolchain/openvm/src/verify_stark.rs

@@ -72,6 +72,10 @@ the guest must take care to validate all data and account for behavior in cases
 | printstr    | I   | 0001011     | 011    | 0x1       | Tries to convert `[rd..rd + rs1]_2` to UTF-8 string and print to host stdout. Will print error message if conversion fails.                                                |
 | hintrandom  | I   | 0001011     | 011    | 0x2       | Resets the hint stream to `4 * rd` random bytes from `rand::rngs::OsRng` on the host.                                                                                      |
 
+| RISC-V Inst  | FMT | opcode[6:0] | funct3  | funct7  | RISC-V description and notes                                                                                                    |
+|--------------|-----|-------------|---------|---------|---------------------------------------------------------------------------------------------------------------------------------|
+| nativestorew | R   | 0001011     | 111     | 2       | Stores the 4-byte word `rs1` at address `rd` in native address space. The address `rd` must be aligned to a 4-byte boundary. |
+
 ## Keccak Extension
 
 | RISC-V Inst | FMT | opcode[6:0] | funct3 | funct7 | RISC-V description and notes                |

docs/specs/RISCV.md

@@ -31,47 +31,48 @@ In the tables below, we provide the mapping between the `LocalOpcode` and `Phant
 
 #### Instructions
 
-| VM Extension | `LocalOpcode` | ISA Instruction |
-| ------------- | ---------- | ------------- |
-| RV32IM | `BaseAluOpcode::ADD` | ADD_RV32 |
-| RV32IM | `BaseAluOpcode::SUB` | SUB_RV32 |
-| RV32IM | `BaseAluOpcode::XOR` | XOR_RV32 |
-| RV32IM | `BaseAluOpcode::OR` | OR_RV32 |
-| RV32IM | `BaseAluOpcode::AND` | AND_RV32 |
-| RV32IM | `ShiftOpcode::SLL` | SLL_RV32 |
-| RV32IM | `ShiftOpcode::SRL` | SRL_RV32 |
-| RV32IM | `ShiftOpcode::SRA` | SRA_RV32 |
-| RV32IM | `LessThanOpcode::SLT` | SLT_RV32 |
-| RV32IM | `LessThanOpcode::SLTU` | SLTU_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::LOADB` | LOADB_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::LOADH` | LOADH_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::LOADW` | LOADW_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::LOADBU` | LOADBU_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::LOADHU` | LOADHU_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::STOREB` | STOREB_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::STOREH` | STOREH_RV32 |
-| RV32IM | `Rv32LoadStoreOpcode::STOREW` | STOREW_RV32 |
-| RV32IM | `BranchEqualOpcode::BEQ` | BEQ_RV32 |
-| RV32IM | `BranchEqualOpcode::BNE` | BNE_RV32 |
-| RV32IM | `BranchLessThanOpcode::BLT` | BLT_RV32 |
-| RV32IM | `BranchLessThanOpcode::BGE` | BGE_RV32 |
-| RV32IM | `BranchLessThanOpcode::BLTU` | BLTU_RV32 |
-| RV32IM | `BranchLessThanOpcode::BGEU` | BGEU_RV32 |
-| RV32IM | `Rv32JalLuiOpcode::JAL` | JAL_RV32 |
-| RV32IM | `Rv32JalrOpcode::JALR` | JALR_RV32 |
-| RV32IM | `Rv32JalLuiOpcode::LUI` | LUI_RV32 |
-| RV32IM | `Rv32AuipcOpcode::AUIPC` | AUIPC_RV32 |
-| RV32IM | `MulOpcode::MUL` | MUL_RV32 |
-| RV32IM | `MulHOpcode::MULH` | MULH_RV32 |
-| RV32IM | `MulHOpcode::MULHSU` | MULHSU_RV32 |
-| RV32IM | `MulHOpcode::MULHU` | MULHU_RV32 |
-| RV32IM | `DivRemOpcode::DIV` | DIV_RV32 |
-| RV32IM | `DivRemOpcode::DIVU` | DIVU_RV32 |
-| RV32IM | `DivRemOpcode::REM` | REM_RV32 |
-| RV32IM | `DivRemOpcode::REMU` | REMU_RV32 |
+| VM Extension | `LocalOpcode` | ISA Instruction  |
+| ------------- | ---------- |------------------|
+| RV32IM | `BaseAluOpcode::ADD` | ADD_RV32         |
+| RV32IM | `BaseAluOpcode::SUB` | SUB_RV32         |
+| RV32IM | `BaseAluOpcode::XOR` | XOR_RV32         |
+| RV32IM | `BaseAluOpcode::OR` | OR_RV32          |
+| RV32IM | `BaseAluOpcode::AND` | AND_RV32         |
+| RV32IM | `ShiftOpcode::SLL` | SLL_RV32         |
+| RV32IM | `ShiftOpcode::SRL` | SRL_RV32         |
+| RV32IM | `ShiftOpcode::SRA` | SRA_RV32         |
+| RV32IM | `LessThanOpcode::SLT` | SLT_RV32         |
+| RV32IM | `LessThanOpcode::SLTU` | SLTU_RV32        |
+| RV32IM | `Rv32LoadStoreOpcode::LOADB` | LOADB_RV32       |
+| RV32IM | `Rv32LoadStoreOpcode::LOADH` | LOADH_RV32       |
+| RV32IM | `Rv32LoadStoreOpcode::LOADW` | LOADW_RV32       |
+| RV32IM | `Rv32LoadStoreOpcode::LOADBU` | LOADBU_RV32      |
+| RV32IM | `Rv32LoadStoreOpcode::LOADHU` | LOADHU_RV32      |
+| RV32IM | `Rv32LoadStoreOpcode::STOREB` | STOREB_RV32      |
+| RV32IM | `Rv32LoadStoreOpcode::STOREH` | STOREH_RV32      |
+| RV32IM | `Rv32LoadStoreOpcode::STOREW` | STOREW_RV32      |
+| RV32IM | `BranchEqualOpcode::BEQ` | BEQ_RV32         |
+| RV32IM | `BranchEqualOpcode::BNE` | BNE_RV32         |
+| RV32IM | `BranchLessThanOpcode::BLT` | BLT_RV32         |
+| RV32IM | `BranchLessThanOpcode::BGE` | BGE_RV32         |
+| RV32IM | `BranchLessThanOpcode::BLTU` | BLTU_RV32        |
+| RV32IM | `BranchLessThanOpcode::BGEU` | BGEU_RV32        |
+| RV32IM | `Rv32JalLuiOpcode::JAL` | JAL_RV32         |
+| RV32IM | `Rv32JalrOpcode::JALR` | JALR_RV32        |
+| RV32IM | `Rv32JalLuiOpcode::LUI` | LUI_RV32         |
+| RV32IM | `Rv32AuipcOpcode::AUIPC` | AUIPC_RV32       |
+| RV32IM | `MulOpcode::MUL` | MUL_RV32         |
+| RV32IM | `MulHOpcode::MULH` | MULH_RV32        |
+| RV32IM | `MulHOpcode::MULHSU` | MULHSU_RV32      |
+| RV32IM | `MulHOpcode::MULHU` | MULHU_RV32       |
+| RV32IM | `DivRemOpcode::DIV` | DIV_RV32         |
+| RV32IM | `DivRemOpcode::DIVU` | DIVU_RV32        |
+| RV32IM | `DivRemOpcode::REM` | REM_RV32         |
+| RV32IM | `DivRemOpcode::REMU` | REMU_RV32        |
 | RV32IM | `Rv32HintStoreOpcode::HINT_STOREW` | HINT_STOREW_RV32 |
 | RV32IM | `Rv32HintStoreOpcode::HINT_BUFFER` | HINT_BUFFER_RV32 |
-| RV32IM | Pseudo-instruction for `STOREW_RV32` | REVEAL_RV32 |
+| RV32IM | Pseudo-instruction for `STOREW_RV32` | REVEAL_RV32      |
+| RV32IM | Pseudo-instruction for `STOREW_RV32` | NATIVE_STOREW    |   |
 
 #### Phantom Sub-Instructions
 

docs/specs/isa-table.md

@@ -81,6 +81,21 @@ macro_rules! reveal {
     };
 }
 
+/// Store rs1 to [[rd]]_4.
+#[macro_export]
+macro_rules! store_to_native {
+    ($rd:ident, $rs1:ident) => {
+        openvm_custom_insn::custom_insn_r!(
+            opcode = openvm_rv32im_guest::SYSTEM_OPCODE,
+            funct3 = openvm_rv32im_guest::NATIVE_STOREW_FUNCT3,
+            funct7 = openvm_rv32im_guest::NATIVE_STOREW_FUNCT7,
+            rd = In $rd,
+            rs1 = In $rs1,
+            rs2 = In $rs1,
+        )
+    };
+}
+
 /// Print UTF-8 string encoded as bytes to host stdout for debugging purposes.
 #[inline(always)]
 pub fn print_str_from_bytes(str_as_bytes: &[u8]) {

extensions/rv32im/guest/src/io.rs

@@ -14,6 +14,8 @@ pub const SYSTEM_OPCODE: u8 = 0x0b;
 pub const CSR_OPCODE: u8 = 0b1110011;
 pub const RV32_ALU_OPCODE: u8 = 0b0110011;
 pub const RV32M_FUNCT7: u8 = 0x01;
+pub const NATIVE_STOREW_FUNCT3: u8 = 0b111;
+pub const NATIVE_STOREW_FUNCT7: u32 = 2;
 
 pub const TERMINATE_FUNCT3: u8 = 0b000;
 pub const HINT_FUNCT3: u8 = 0b001;

extensions/rv32im/guest/src/lib.rs

@@ -6,7 +6,8 @@ use openvm_instructions::{
 };
 use openvm_rv32im_guest::{
     PhantomImm, CSRRW_FUNCT3, CSR_OPCODE, HINT_BUFFER_IMM, HINT_FUNCT3, HINT_STOREW_IMM,
-    PHANTOM_FUNCT3, REVEAL_FUNCT3, RV32M_FUNCT7, RV32_ALU_OPCODE, SYSTEM_OPCODE, TERMINATE_FUNCT3,
+    NATIVE_STOREW_FUNCT3, NATIVE_STOREW_FUNCT7, PHANTOM_FUNCT3, REVEAL_FUNCT3, RV32M_FUNCT7,
+    RV32_ALU_OPCODE, SYSTEM_OPCODE, TERMINATE_FUNCT3,
 };
 use openvm_stark_backend::p3_field::PrimeField32;
 use openvm_transpiler::{
@@ -155,9 +156,6 @@ impl<F: PrimeField32> TranspilerExtension<F> for Rv32IoTranspilerExtension {
         if opcode != SYSTEM_OPCODE {
             return None;
         }
-        if funct3 != HINT_FUNCT3 && funct3 != REVEAL_FUNCT3 {
-            return None;
-        }
 
         let instruction = match funct3 {
             HINT_FUNCT3 => {
@@ -198,6 +196,23 @@ impl<F: PrimeField32> TranspilerExtension<F> for Rv32IoTranspilerExtension {
                     (dec_insn.imm < 0) as isize,
                 ))
             }
+            NATIVE_STOREW_FUNCT3 => {
+                // NATIVE_STOREW is a pseudo-instruction for STOREW_RV32 a,b,0,1,4
+                let dec_insn = RType::new(instruction_u32);
+                if dec_insn.funct7 != NATIVE_STOREW_FUNCT7 {
+                    return None;
+                }
+                Some(Instruction::large_from_isize(
+                    Rv32LoadStoreOpcode::STOREW.global_opcode(),
+                    (RV32_REGISTER_NUM_LIMBS * dec_insn.rs1) as isize,
+                    (RV32_REGISTER_NUM_LIMBS * dec_insn.rd) as isize,
+                    0,
+                    1,
+                    4,
+                    1,
+                    0,
+                ))
+            }
             _ => return None,
         };