Refactor constraint system

proof-systems/src/gm17/prover.rs

@@ -11,50 +11,11 @@ use crate::gm17::r1cs_to_sap::R1CStoSAP;
 
 use r1cs_core::{ConstraintSynthesizer, SynthesisError, ConstraintSystem, SynthesisMode};
 
-// use smallvec::SmallVec;
-
 use std::{
     ops::AddAssign,
     sync::Arc,
 };
 
-// type CoeffVec<T> = SmallVec<[T; 2]>;
-//
-// #[inline]
-// fn eval<E: PairingEngine>(
-//     lc: &LinearCombination<E::Fr>,
-//     constraints: &mut [CoeffVec<(E::Fr, Index)>],
-//     input_assignment: &[E::Fr],
-//     aux_assignment: &[E::Fr],
-//     this_constraint: usize,
-// ) -> E::Fr {
-//     let mut acc = E::Fr::zero();
-//
-//     for &(index, coeff) in lc.as_ref() {
-//         let mut tmp;
-//
-//         match index.get_unchecked() {
-//             Index::Input(i) => {
-//                 constraints[this_constraint].push((coeff, Index::Input(i)));
-//                 tmp = input_assignment[i];
-//             },
-//             Index::Aux(i) => {
-//                 constraints[this_constraint].push((coeff, Index::Aux(i)));
-//                 tmp = aux_assignment[i];
-//             },
-//         }
-//
-//         if coeff.is_one() {
-//             acc.add_assign(&tmp);
-//         } else {
-//             tmp.mul_assign(&coeff);
-//             acc.add_assign(&tmp);
-//         }
-//     }
-//
-//     acc
-// }
-
 pub fn create_random_proof<E, C, R>(
     circuit: C,
     params: &Parameters<E>,

r1cs/core/Cargo.toml

@@ -20,4 +20,5 @@ license = "MIT/Apache-2.0"
 [dependencies]
 algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "sc_testnet_2" }
 smallvec = { version = "1.6.1" }
-radix_trie = {version = "0.2.1"}
+radix_trie = { version = "0.2.1" }
+rand = { version = "0.8.4" }

r1cs/core/src/constraint_system.rs

@@ -1,6 +1,6 @@
 use std::marker::PhantomData;
 use algebra::Field;
-use radix_trie::{Trie, TrieCommon};
+use radix_trie::Trie;
 
 use crate::{Index, Variable, LinearCombination, SynthesisError};
 
@@ -74,9 +74,6 @@ pub trait ConstraintSystemAbstract<F: Field>: Sized {
     /// Output the number of constraints in the system.
     fn num_constraints(&self) -> usize;
 
-    /// Prints the list of named object currently registered into the constraint system.
-    fn print_named_objects(&self);
-
     /// Returns an Option containing the name of the first constraint which is not satisfied
     /// or None if all the constraints are satisfied.
     fn which_is_unsatisfied(&self) -> Option<&str>;
@@ -99,8 +96,9 @@ pub trait ConstraintSystemAbstract<F: Field>: Sized {
 #[derive(Debug, Clone)]
 pub struct ConstraintSystem<F: Field> {
     /// The mode in which the constraint system is operating. `self` can either
-    /// be in setup mode (i.e., `self.mode == SynthesisMode::Setup`) or in
-    /// proving mode (i.e., `self.mode == SynthesisMode::Prove`). If we are
+    /// be in setup mode (i.e., `self.mode == SynthesisMode::Setup`), in
+    /// proving mode (i.e., `self.mode == SynthesisMode::Prove`), or in debug
+    /// mode (i.e. `self.mode == SynthesisMode::Debug`). If we are
     /// in proving mode, then we have the additional option of whether or
     /// not to construct the A, B, and C matrices of the constraint system
     /// (see below).
@@ -125,8 +123,15 @@ pub struct ConstraintSystem<F: Field> {
     pub bt: Vec<Vec<(F, Index)>>,
     /// `C` matrix of the R1CS.
     pub ct: Vec<Vec<(F, Index)>>,
+    /// A data structure for associating a name to variables, constraints and
+    /// namespaces registered into the constraint system. This is populated only
+    /// if `self.debug == true`.
     named_objects: Trie<String, NamedObject>,
+    /// A stack keeping track of the current namespace. This is populated only if
+    /// `self.debug == true`.
     current_namespace: Vec<String>,
+    /// A list of the constraint names. This is populated only if `self.debug
+    /// == true`.
     constraint_names: Vec<String>,
 }
 
@@ -144,6 +149,10 @@ pub enum SynthesisMode {
         /// the matrices as in the `Setup` case.
         construct_matrices: bool,
     },
+    /// Indicate to `ConstraintSystem` that it populate variable assignments,
+    /// generate constraint matrices and register names of variables, constraints
+    /// and namespaces
+    Debug,
 }
 
 #[derive(Debug, Clone)]
@@ -189,9 +198,11 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
         let index = self.num_aux;
         self.num_aux += 1;
 
-        let path = compute_path(&self.current_namespace, annotation().into());
-        let var = Variable::new_unchecked(Index::Aux(index));
-        self.set_named_obj(path, NamedObject::Var(var));
+        if self.is_in_debug_mode() {
+            let path = compute_path(&self.current_namespace, annotation().into());
+            let var = Variable::new_unchecked(Index::Aux(index));
+            self.set_named_obj(path, NamedObject::Var(var));
+        }
 
         if !self.is_in_setup_mode() {
             self.aux_assignment.push(f()?);
@@ -208,9 +219,11 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
         let index = self.num_inputs;
         self.num_inputs += 1;
 
-        let path = compute_path(&self.current_namespace, annotation().into());
-        let var = Variable::new_unchecked(Index::Input(index));
-        self.set_named_obj(path, NamedObject::Var(var));
+        if self.is_in_debug_mode() {
+            let path = compute_path(&self.current_namespace, annotation().into());
+            let var = Variable::new_unchecked(Index::Input(index));
+            self.set_named_obj(path, NamedObject::Var(var));
+        }
 
         if !self.is_in_setup_mode() {
             self.input_assignment.push(f()?);
@@ -226,11 +239,12 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
             LB: FnOnce(LinearCombination<F>) -> LinearCombination<F>,
             LC: FnOnce(LinearCombination<F>) -> LinearCombination<F>,
     {
-        let path = compute_path(&self.current_namespace, annotation().into());
-        let index = self.num_constraints;
-        self.set_named_obj(path.clone(), NamedObject::Constraint(index));
-
-        self.constraint_names.push(path.clone());
+        if self.is_in_debug_mode() {
+            let path = compute_path(&self.current_namespace, annotation().into());
+            let index = self.num_constraints;
+            self.set_named_obj(path.clone(), NamedObject::Constraint(index));
+            self.constraint_names.push(path.clone());
+        }
 
         if self.should_construct_matrices() {
             self.at.push(vec![]);
@@ -260,25 +274,24 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
             NR: Into<String>,
             N: FnOnce() -> NR
     {
-        let name = name_fn().into();
-        let path = compute_path(&self.current_namespace, name.clone());
-        self.set_named_obj(path.clone(), NamedObject::Namespace);
-        self.current_namespace.push(name);
+        if self.is_in_debug_mode() {
+            let name = name_fn().into();
+            let path = compute_path(&self.current_namespace, name.clone());
+            self.set_named_obj(path.clone(), NamedObject::Namespace);
+            self.current_namespace.push(name);
+        }
     }
     fn pop_namespace(&mut self) {
-        assert!(self.current_namespace.pop().is_some());
+        if self.is_in_debug_mode() {
+            assert!(self.current_namespace.pop().is_some());
+        }
     }
     fn get_root(&mut self) -> &mut Self::Root {
         self
     }
     fn num_constraints(&self) -> usize {
         self.num_constraints
     }
-    fn print_named_objects(&self) {
-        for (name, _) in self.named_objects.iter() {
-            println!("{}", name);
-        }
-    }
     fn which_is_unsatisfied(&self) -> Option<&str> {
         for i in 0..self.num_constraints {
             let mut a = Self::eval_lc(&self.at[i], &self.input_assignment, &self.aux_assignment);
@@ -293,13 +306,7 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
         None
     }
 
-    fn is_satisfied(&self) -> bool {
-        self.which_is_unsatisfied().is_none()
-    }
     fn set(&mut self, path: &str, to: F) {
-        if self.is_in_setup_mode() {
-            panic!("it is not possible to set the value of variables during setup.")
-        }
         match self.named_objects.get(path) {
             Some(&NamedObject::Var(ref v)) => match v.get_unchecked() {
                 Index::Input(index) => self.input_assignment[index] = to,
@@ -313,9 +320,6 @@ impl<F: Field> ConstraintSystemAbstract<F> for ConstraintSystem<F> {
         }
     }
     fn get(&mut self, path: &str) -> F {
-        if self.is_in_setup_mode() {
-            panic!("it is not possible to get the value of variables during setup.")
-        }
         match self.named_objects.get(path) {
             Some(&NamedObject::Var(ref v)) => match v.get_unchecked() {
                 Index::Input(index) => self.input_assignment[index],
@@ -370,8 +374,15 @@ impl<F: Field> ConstraintSystem<F> {
         match self.mode {
             SynthesisMode::Setup => true,
             SynthesisMode::Prove { construct_matrices } => construct_matrices,
+            SynthesisMode::Debug => true,
         }
     }
+
+    /// Check if the constraint system is in debug mode
+    pub fn is_in_debug_mode(&self) -> bool {
+        self.mode == SynthesisMode::Debug
+    }
+
     fn push_constraints(
         l: LinearCombination<F>,
         constraints: &mut [Vec<(F, Index)>],
@@ -495,9 +506,6 @@ impl<F: Field, CS: ConstraintSystemAbstract<F>> ConstraintSystemAbstract<F> for
         self.0.num_constraints()
     }
 
-    #[inline]
-    fn print_named_objects(&self) { self.0.print_named_objects(); }
-
     #[inline]
     fn which_is_unsatisfied(&self) -> Option<&str> { self.0.which_is_unsatisfied() }
 
@@ -581,9 +589,6 @@ impl<F: Field, CS: ConstraintSystemAbstract<F>> ConstraintSystemAbstract<F> for
         (**self).num_constraints()
     }
 
-    #[inline]
-    fn print_named_objects(&self) { (**self).print_named_objects(); }
-
     #[inline]
     fn which_is_unsatisfied(&self) -> Option<&str> { (**self).which_is_unsatisfied() }
 

r1cs/core/src/lib.rs

@@ -85,3 +85,76 @@ pub enum ConstraintVar<F: Field> {
     /// A wrapper around a `Variable`.
     Var(Variable),
 }
+
+/// Debug a circuit by looking for unsatisfied constraints.
+/// If the circuit is satisfied, return `Ok(None)`.
+/// If there are unsatisfied constraints, return `Ok(Some(name))`,
+/// where `name` is the name of the first unsatisfied constraint.
+pub fn debug_circuit<F: Field, C: ConstraintSynthesizer<F>>(circuit: C) -> Result<Option<String>, SynthesisError> {
+    let mut cs = ConstraintSystem::<F>::new();
+    cs.set_mode(SynthesisMode::Debug);
+    circuit.generate_constraints(&mut cs)?;
+    let unsatisfied_constraint = cs.which_is_unsatisfied();
+    match unsatisfied_constraint {
+        None => Ok(None),
+        Some(name) => Ok(Some(name.into())),
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use algebra::Field;
+    use algebra::fields::tweedle::fr::Fr;
+    use crate::{ConstraintSynthesizer, ConstraintSystemAbstract, debug_circuit, SynthesisError};
+    use rand;
+
+    struct MyCircuit<F: Field> {
+        a: Option<F>,
+        b: Option<F>,
+        c: Option<F>,
+    }
+
+    impl<F: Field> ConstraintSynthesizer<F> for MyCircuit<F> {
+        fn generate_constraints<CS: ConstraintSystemAbstract<F>>(self, cs: &mut CS) -> Result<(), SynthesisError> {
+            let a = cs.alloc(|| "a", || self.a.ok_or(SynthesisError::AssignmentMissing))?;
+            let b = cs.alloc(|| "b", || self.b.ok_or(SynthesisError::AssignmentMissing))?;
+            let c = cs.alloc(|| "c", || self.c.ok_or(SynthesisError::AssignmentMissing))?;
+            cs.enforce(||"multiplication constraint", |lc| lc + a, |lc| lc + b, |lc| lc + c);
+            Ok(())
+        }
+    }
+
+    #[test]
+    fn test_debug_circuit_satisfied() {
+        let a: Fr = rand::random();
+        let b: Fr = rand::random();
+        let mut c = a.clone();
+        c *= &b;
+        let circuit =
+            MyCircuit {
+                a: Some(a),
+                b: Some(b),
+                c: Some(c)
+            };
+        let unsatisfied_constraint = debug_circuit(circuit).unwrap();
+        assert!(unsatisfied_constraint.is_none());
+    }
+
+    #[test]
+    fn test_debug_circuit_unsatisfied() {
+        let a: Fr = rand::random();
+        let b: Fr = rand::random();
+        let mut c = a.clone();
+        c *= &b;
+        c += &b;
+        let circuit =
+            MyCircuit {
+                a: Some(a),
+                b: Some(b),
+                c: Some(c)
+            };
+        let unsatisfied_constraint = debug_circuit(circuit).unwrap();
+        assert!(unsatisfied_constraint.is_some());
+        assert_eq!(unsatisfied_constraint.unwrap(), "multiplication constraint");
+    }
+}

r1cs/gadgets/crypto/src/commitment/blake2s/mod.rs

@@ -121,12 +121,13 @@ mod test {
         },
         *,
     };
-    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem};
+    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem, SynthesisMode};
     use r1cs_std::prelude::*;
 
     #[test]
     fn commitment_gadget_test() {
         let mut cs = ConstraintSystem::<Fr>::new();
+        cs.set_mode(SynthesisMode::Debug);
 
         let input = [1u8; 32];
 

r1cs/gadgets/crypto/src/commitment/pedersen/mod.rs

@@ -201,14 +201,15 @@ mod test {
             CommitmentGadget,
     };
     use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve};
-    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem};
+    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem, SynthesisMode};
     use r1cs_std::{
         instantiated::jubjub::JubJubGadget, prelude::*,
     };
 
     #[test]
     fn commitment_gadget_test() {
         let mut cs = ConstraintSystem::<Fq>::new();
+        cs.set_mode(SynthesisMode::Debug);
 
         #[derive(Clone, PartialEq, Eq, Hash)]
         pub(super) struct Window;

r1cs/gadgets/crypto/src/crh/bowe_hopwood/mod.rs

@@ -157,7 +157,7 @@ mod test {
         FixedLengthCRHGadget,
     };
     use algebra::{curves::edwards_sw6::EdwardsProjective as Edwards, ProjectiveCurve};
-    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem};
+    use r1cs_core::{ConstraintSystemAbstract, ConstraintSystem, SynthesisMode};
     use r1cs_std::{
         alloc::AllocGadget, instantiated::edwards_sw6::EdwardsSWGadget, uint8::UInt8,
     };
@@ -192,6 +192,7 @@ mod test {
     fn crh_primitive_gadget_test() {
         let rng = &mut thread_rng();
         let mut cs = ConstraintSystem::<Fr>::new();
+        cs.set_mode(SynthesisMode::Debug);
 
         let (input, input_bytes) = generate_input(&mut cs, rng);
         println!("number of constraints for input: {}", cs.num_constraints());