implement Blake2s opcode in runner

.github/workflows/rust.yml

@@ -46,6 +46,7 @@ jobs:
           cairo_bench_programs,
           cairo_proof_programs,
           cairo_test_programs,
+          cairo_stwo_exclusive_programs,
           cairo_1_test_contracts,
           cairo_2_test_contracts,
         ]
@@ -124,6 +125,12 @@ jobs:
         path: ${{ env.CAIRO_PROGRAMS_PATH }}
         key: cairo_test_programs-cache-${{ hashFiles('cairo_programs/**/*.cairo', 'examples/wasm-demo/src/array_sum.cairo') }}
         fail-on-cache-miss: true
+    - name: Fetch cairo stwo exclusive programs
+      uses: actions/cache/restore@v3
+      with:
+        path: ${{ env.CAIRO_PROGRAMS_PATH }}
+        key: cairo_stwo_exclusive_programs-cache-${{ hashFiles('cairo_programs/**/*.cairo', 'examples/wasm-demo/src/array_sum.cairo') }}
+        fail-on-cache-miss: true
     - name: Fetch proof programs
       uses: actions/cache/restore@v3
       with:
@@ -486,6 +493,9 @@ jobs:
         - program-target: cairo_test_programs
           programs-dir: cairo_programs
           extra-args: '--cairo_pie_output {program}.rs.pie.zip'
+        - program-target: cairo_stwo_exclusive_programs
+          programs-dir: cairo_programs
+          extra-args: '--cairo_pie_output {program}.rs.pie.zip'
     name: Compute memory and execution traces with cairo-vm
     needs: [ build-programs, build-release ]
     runs-on: ubuntu-22.04

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 #### Upcoming Changes
 
+* feat: implement `Blake2s` opcode in VM [#1927](https://github.com/lambdaclass/cairo-vm/pull/1927)
+
 * feat: add the field `opcode_extension` to the structure of `Instruction` [#1933](https://github.com/lambdaclass/cairo-vm/pull/1933)
 
 * fix(BREAKING): Fix no trace padding flow in proof mode [#1909](https://github.com/lambdaclass/cairo-vm/pull/1909)

Makefile

@@ -82,6 +82,10 @@ CAIRO_RS_MEM:=$(patsubst $(TEST_DIR)/%.json, $(TEST_DIR)/%.rs.memory, $(COMPILED
 CAIRO_RS_TRACE:=$(patsubst $(TEST_DIR)/%.json, $(TEST_DIR)/%.rs.trace, $(COMPILED_TESTS))
 CAIRO_RS_PIE:=$(patsubst $(TEST_DIR)/%.json, $(TEST_DIR)/%.rs.pie.zip, $(COMPILED_TESTS))
 
+STWO_EXCLUSIVE_DIR=cairo_programs/stwo_exclusive_programs
+STWO_EXCLUSIVE_FILES:=$(wildcard $(STWO_EXCLUSIVE_DIR)/*.cairo)
+COMPILED_STWO_EXCLUSIVE_TESTS:=$(patsubst $(STWO_EXCLUSIVE_DIR)/%.cairo, $(STWO_EXCLUSIVE_DIR)/%.json, $(STWO_EXCLUSIVE_FILES))
+
 BENCH_DIR=cairo_programs/benchmarks
 BENCH_FILES:=$(wildcard $(BENCH_DIR)/*.cairo)
 COMPILED_BENCHES:=$(patsubst $(BENCH_DIR)/%.cairo, $(BENCH_DIR)/%.json, $(BENCH_FILES))
@@ -249,6 +253,7 @@ check:
 
 cairo_test_programs: $(COMPILED_TESTS) $(COMPILED_BAD_TESTS) $(COMPILED_NORETROCOMPAT_TESTS) $(COMPILED_PRINT_TESTS) $(COMPILED_MOD_BUILTIN_TESTS) $(COMPILED_SECP_CAIRO0_HINTS) $(COMPILED_KZG_DA_CAIRO0_HINTS)
 cairo_proof_programs: $(COMPILED_PROOF_TESTS) $(COMPILED_MOD_BUILTIN_PROOF_TESTS)
+cairo_stwo_exclusive_programs: $(COMPILED_STWO_EXCLUSIVE_TESTS)
 cairo_bench_programs: $(COMPILED_BENCHES)
 cairo_1_test_contracts: $(CAIRO_1_COMPILED_CASM_CONTRACTS)
 cairo_2_test_contracts: $(CAIRO_2_COMPILED_CASM_CONTRACTS)

cairo_programs/stwo_exclusive_programs/blake2s_opcode_test.cairo

@@ -0,0 +1,164 @@
+%builtins range_check bitwise
+
+from starkware.cairo.common.alloc import alloc
+from starkware.cairo.common.cairo_blake2s.blake2s import STATE_SIZE_FELTS, INPUT_BLOCK_FELTS, _get_sigma
+from starkware.cairo.common.cairo_blake2s.packed_blake2s import N_PACKED_INSTANCES, blake2s_compress
+from starkware.cairo.common.cairo_builtins import BitwiseBuiltin
+
+const COUNTER = 128;
+const U32_MASK = 0xffffffff;
+
+// Tests the Blake2s opcode runner using a preexisting implementation within the repo as reference.
+// The initial state, a random message of 64 bytes and counter are used as input.
+// Both the opcode and the reference implementation are run on the same inputs and then their outputs are compared.
+// Before comparing the outputs, it is verified that the opcode runner has written the output to the correct location.
+func main{range_check_ptr, bitwise_ptr: BitwiseBuiltin*}() {
+    alloc_locals;
+
+    let (local random_message) = alloc();
+    assert random_message[0] =  930933030;
+    assert random_message[1] =  1766240503;
+    assert random_message[2] =  3660871006;
+    assert random_message[3] =  388409270;
+    assert random_message[4] =  1948594622;
+    assert random_message[5] =  3119396969;
+    assert random_message[6] =  3924579183;
+    assert random_message[7] =  2089920034;
+    assert random_message[8] =  3857888532;
+    assert random_message[9] =  929304360;
+    assert random_message[10] =  1810891574;
+    assert random_message[11] =  860971754;
+    assert random_message[12] =  1822893775;
+    assert random_message[13] =  2008495810;
+    assert random_message[14] =  2958962335;
+    assert random_message[15] =  2340515744;
+
+    let (local input_state) = alloc();
+    // Set the initial state to IV (IV[0] is modified).
+    assert input_state[0] = 0x6B08E647;  // IV[0] ^ 0x01010020 (config: no key, 32 bytes output).
+    assert input_state[1] = 0xBB67AE85;
+    assert input_state[2] = 0x3C6EF372;
+    assert input_state[3] = 0xA54FF53A;
+    assert input_state[4] = 0x510E527F;
+    assert input_state[5] = 0x9B05688C;
+    assert input_state[6] = 0x1F83D9AB;
+    assert input_state[7] = 0x5BE0CD19;
+    static_assert STATE_SIZE_FELTS == 8;
+
+    // Use the packed blake2s_compress to compute the output of the first instance.
+    let (sigma) = _get_sigma();
+    let (local cairo_output) = alloc();
+    blake2s_compress(
+        h=input_state,
+        message=random_message,
+        t0=COUNTER,
+        f0=0,
+        sigma=sigma,
+        output=cairo_output,
+    );
+
+    // Unpack the first instance of the blake2s_compress output (extract the first 32 bits).
+    assert bitwise_ptr[0].x = cairo_output[0];
+    assert bitwise_ptr[0].y = U32_MASK;
+    assert bitwise_ptr[1].x = cairo_output[1];
+    assert bitwise_ptr[1].y = U32_MASK;
+    assert bitwise_ptr[2].x = cairo_output[2];
+    assert bitwise_ptr[2].y = U32_MASK;
+    assert bitwise_ptr[3].x = cairo_output[3];
+    assert bitwise_ptr[3].y = U32_MASK;
+    assert bitwise_ptr[4].x = cairo_output[4];
+    assert bitwise_ptr[4].y = U32_MASK;
+    assert bitwise_ptr[5].x = cairo_output[5];
+    assert bitwise_ptr[5].y = U32_MASK;
+    assert bitwise_ptr[6].x = cairo_output[6];
+    assert bitwise_ptr[6].y = U32_MASK;
+    assert bitwise_ptr[7].x = cairo_output[7];
+    assert bitwise_ptr[7].y = U32_MASK;
+
+    // Run the blake2s opcode runner on the same inputs and store its output.
+    let vm_output = run_blake2s(
+        dst=COUNTER,
+        op0=input_state,
+        op1=random_message,
+    );
+
+    // Verify that the opcode runner has written the 8 felts to the correct location.
+    tempvar check_nonempty = vm_output[0];
+    tempvar check_nonempty = vm_output[1];
+    tempvar check_nonempty = vm_output[2];
+    tempvar check_nonempty = vm_output[3];
+    tempvar check_nonempty = vm_output[4];
+    tempvar check_nonempty = vm_output[5];
+    tempvar check_nonempty = vm_output[6];
+    tempvar check_nonempty = vm_output[7];
+
+    // Compare the vm_output to the blake2s_compress first instance output.
+    assert vm_output[0] = bitwise_ptr[0].x_and_y;
+    assert vm_output[1] = bitwise_ptr[1].x_and_y;
+    assert vm_output[2] = bitwise_ptr[2].x_and_y;
+    assert vm_output[3] = bitwise_ptr[3].x_and_y;
+    assert vm_output[4] = bitwise_ptr[4].x_and_y;
+    assert vm_output[5] = bitwise_ptr[5].x_and_y;
+    assert vm_output[6] = bitwise_ptr[6].x_and_y;
+    assert vm_output[7] = bitwise_ptr[7].x_and_y;
+
+    let bitwise_ptr = bitwise_ptr + BitwiseBuiltin.SIZE * STATE_SIZE_FELTS;
+
+    return ();
+}
+
+// Forces the runner to execute the Blake2s with the given operands.
+// op0 is a pointer to an array of 8 felts as u32 integers of the state.
+// op1 is a pointer to an array of 16 felts as u32 integers of the messsage.
+// dst is a felt representing a u32 of the counter.
+// ap contains a pointer to an array of 8 felts as u32 integers of the output state.
+// Those values are stored within addresses fp-5, fp-4 and fp-3 respectively.
+// An instruction encoding is built from offsets -5, -4, -3 and flags which are all 0 except for
+// those denoting uses of fp as the base for operand addresses and flag_opcode_blake (16th flag).
+// The instruction is then written to [pc] and the runner is forced to execute Blake2s.
+func run_blake2s(
+    dst: felt,
+    op0: felt*,
+    op1: felt*,
+) -> felt* {
+    alloc_locals;
+
+    // Set the offsets for the operands.
+    let offset0 = (2**15)-5;
+    let offset1 = (2**15)-4;
+    let offset2 = (2**15)-3;
+    static_assert dst == [fp -5];
+    static_assert op0 == [fp -4];
+    static_assert op1 == [fp -3];
+
+    // Set the flags for the instruction.
+    let flag_dst_base_fp = 1;
+    let flag_op0_base_fp = 1;
+    let flag_op1_imm = 0;
+    let flag_op1_base_fp = 1;
+    let flag_op1_base_ap = 0;
+    let flag_res_add = 0;
+    let flag_res_mul = 0;
+    let flag_PC_update_jump = 0;
+    let flag_PC_update_jump_rel = 0;
+    let flag_PC_update_jnz = 0;
+    let flag_ap_update_add = 0;
+    let flag_ap_update_add_1 = 0;
+    let flag_opcode_call = 0;
+    let flag_opcode_ret = 0;
+    let flag_opcode_assert_eq = 0;
+    let flag_opcode_blake2s = 1;
+
+    // Build the instruction encoding.
+    let flag_num = flag_dst_base_fp+flag_op0_base_fp*(2**1)+flag_op1_imm*(2**2)+flag_op1_base_fp*(2**3)+flag_opcode_blake2s*(2**15);
+    let instruction_num = offset0 + offset1*(2**16) + offset2*(2**32) + flag_num*(2**48);
+    static_assert instruction_num==9226608988349300731;
+
+    // Write the instruction to [pc] and point [ap] to the designated output.
+    let (local vm_output) = alloc();
+    assert [ap] = cast(vm_output, felt);
+    dw 9226608988349300731;
+
+    let vm_output = cast([ap], felt*);
+    return vm_output;
+}

vm/src/tests/cairo_run_test.rs

@@ -568,6 +568,14 @@ fn blake2s_integration_tests() {
     run_program_simple(program_data.as_slice());
 }
 
+#[test]
+#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
+fn blake2s_opcode_test() {
+    let program_data =
+        include_bytes!("../../../cairo_programs/stwo_exclusive_programs/blake2s_opcode_test.json");
+    run_program_simple(program_data.as_slice());
+}
+
 #[test]
 #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
 fn relocate_segments() {

vm/src/types/instruction.rs

@@ -80,6 +80,7 @@ pub enum Opcode {
 #[derive(Clone, Debug, Copy, PartialEq, Eq)]
 pub enum OpcodeExtension {
     Stone,
+    Blake,
 }
 
 impl Instruction {

vm/src/vm/decoding/decoder.rs

@@ -100,6 +100,21 @@ pub fn decode_instruction(encoded_instr: u64) -> Result<Instruction, VirtualMach
 
     let opcode_extension = match opcode_extension_num {
         0 => OpcodeExtension::Stone,
+        1 => {
+            if opcode != Opcode::NOp {
+                return Err(VirtualMachineError::OpcodeExtensionClash(
+                    opcode_num,
+                    opcode_extension_num,
+                ));
+            };
+            if (op1_addr != Op1Addr::FP && op1_addr != Op1Addr::AP)
+                || res != Res::Op1
+                || pc_update != PcUpdate::Regular
+            {
+                return Err(VirtualMachineError::InvalidBlake2sFlags(flags));
+            };
+            OpcodeExtension::Blake
+        }
         _ => {
             return Err(VirtualMachineError::InvalidOpcodeExtension(
                 opcode_extension_num,
@@ -392,4 +407,16 @@ mod decoder_test {
         let error = decode_instruction(0x1104800180018001);
         assert_matches!(error, Err(VirtualMachineError::InvalidOpcode(1)));
     }
+
+    #[test]
+    #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
+    fn decode_opcode_extension_clash() {
+        // opcode_extension|   opcode|ap_update|pc_update|res_logic|op1_src|op0_reg|dst_reg
+        //               15| 14 13 12|    11 10|  9  8  7|     6  5|4  3  2|      1|      0
+        //            Blake|     CALL|     Add2|  JumpRel|      Op1|     FP|     FP|     FP
+        //                1   0  0  1      0  0   0  1  0      0  0 0  0  1       0       0
+        //  1001 0001 0000 0100 = 0x9104; off0 = 1, off1 = 1
+        let error = decode_instruction(0x9104800180018001);
+        assert_matches!(error, Err(VirtualMachineError::OpcodeExtensionClash(1, 1)));
+    }
 }

vm/src/vm/errors/memory_errors.rs

@@ -101,6 +101,8 @@ pub enum MemoryError {
     UnrelocatedMemory,
     #[error("Malformed public memory")]
     MalformedPublicMemory,
+    #[error("Expected u32 valued Felt252, found {0}")]
+    ExpectedU32(Box<Felt252>),
 }
 
 #[derive(Debug, PartialEq, Eq, Error)]

vm/src/vm/errors/vm_errors.rs

@@ -34,8 +34,6 @@ pub enum VirtualMachineError {
     MainScopeError(#[from] ExecScopeError),
     #[error(transparent)]
     Other(anyhow::Error),
-    #[error("Instruction MSB should be 0")]
-    InstructionNonZeroHighBit,
     #[error("Instruction should be an int")]
     InvalidInstructionEncoding,
     #[error("Invalid op1_register value: {0}")]
@@ -78,6 +76,8 @@ pub enum VirtualMachineError {
     InvalidOpcode(u64),
     #[error("Invalid opcode extension value: {0}")]
     InvalidOpcodeExtension(u64),
+    #[error("Nonzero opcode value: {0} and nonzero opcode extension value: {1}")]
+    OpcodeExtensionClash(u64, u64),
     #[error("This is not implemented")]
     NotImplemented,
     #[error("Inconsistent auto-deduction for {}, expected {}, got {:?}", (*.0).0, (*.0).1, (*.0).2)]
@@ -138,6 +138,12 @@ pub enum VirtualMachineError {
     RelocationNotFound(usize),
     #[error("{} batch size is not {}", (*.0).0, (*.0).1)]
     ModBuiltinBatchSize(Box<(BuiltinName, usize)>),
+    #[error("Blake2s opcode invalid operand: op{0} does not point to {1} u32 numbers.")]
+    Blake2sInvalidOperand(u8, u8),
+    #[error("Blake2s expected to be an integer.")]
+    Blake2sInvalidCounter,
+    #[error("Blake2s opcode invalid flags {0}")]
+    InvalidBlake2sFlags(u64),
 }
 
 #[cfg(test)]