Merged
Conversation
## Summary Zig cc injects DWARF debug info into every object file by default, even in Release (-O3) mode. This inflates the barretenberg build directory from **2.8 GB to 14.0 GB** (5x blowup). Adding `-g0` to suppress this brings zig builds in line with system clang builds. ### Key numbers (measured on 186-core machine with full AVM build): | Artifact | Before (-g0) | After (-g0) | Reduction | |----------|-------------|-------------|-----------| | Total build dir | 14.0 GB | 2.8 GB | **80%** | | libvm2.a | 1,406 MB | 219 MB | 84% | | bb-avm | 1,271 MB | 182 MB | 86% | | prover.cpp.o | 486 MB | 31 MB | 94% | ### What this changes - Adds `"CFLAGS": "-g0", "CXXFLAGS": "-g0"` to the `clang20` preset (native zig builds) - Adds the same to the `zig-base` preset (all cross-compilation presets inherit from this) - Presets that intentionally use `-g` (tracy, debug, xray) override these flags as expected ### What it does NOT change - Machine code output is identical (verified: .text sections are byte-for-byte the same) - Incremental builds are fully preserved - Build time improves marginally (5m29s → 5m06s) Full analysis: https://gist.github.com/AztecBot/5c919316852d4d66095d0eefaa1a7c00 ClaudeBox log: http://ci.aztec-labs.com/1a779e17d1e4caac-2
Collaborator
Author
|
🤖 Auto-merge enabled after 4 hours of inactivity. This PR will be merged automatically once all checks pass. |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Fixes a flaky test failure that dequeued #21084 from the merge queue. The test `triggers tx collection for missing txs from mined blocks` in `p2p_client.test.ts` was flaky because `client.start()` kicks off a background block stream that processes the initial 100 blocks. This background work could complete before the test overrides the `hasTxs` mock, so `startCollecting` gets called for block 100 with the default mock (making all txs look "missing"). **Fix**: Drain the initial background sync with an explicit `sync()` call before setting up the test scenario, and clear stale mock calls with `mockClear()` before the assertion sync. ClaudeBox log: http://ci.aztec-labs.com/5c9e693e161264ba-1
…#20988) - Replace `ITERATE_OVER_DOMAIN_START` and `ITERATE_OVER_DOMAIN_END` macros with a `parallel_for` loop in `ifft()` - The macro was only used in `ifft()`. Replacing it with an inline loop makes the control flow clearer and allows removing the unused header. - Delete the now-unused `iterate_over_domain.hpp` - Address race condition in `try_allocate_file_backed` in `backing_memory.hpp` - Remove old improvement note in `barycentric.hpp`, as it is addressed in PR [#20585](#20585)
…#20352) Added domain separation for the multiset equality check, as a matter of good hygiene. --------- Co-authored-by: notnotraju <raju@aztec-labs.com>
johnathan79717
pushed a commit
that referenced
this pull request
Mar 4, 2026
Fixes a flaky test failure that dequeued #21084 from the merge queue. The test `triggers tx collection for missing txs from mined blocks` in `p2p_client.test.ts` was flaky because `client.start()` kicks off a background block stream that processes the initial 100 blocks. This background work could complete before the test overrides the `hasTxs` mock, so `startCollecting` gets called for block 100 with the default mock (making all txs look "missing"). **Fix**: Drain the initial background sync with an explicit `sync()` call before setting up the test scenario, and clear stale mock calls with `mockClear()` before the assertion sync. ClaudeBox log: http://ci.aztec-labs.com/5c9e693e161264ba-1
…#21113) Adds SHA-256 chunk hash verification for BN254 CRS downloads, combining the best of #21087 and #20864. - **8MB chunks** (131K points each, 257 hashes embedded at compile time) - **Parallel verification** with atomic early-exit on first mismatch - **`std::span`-based** hashing (zero per-chunk allocation) - Retains fast first-element sanity check before full hash verification - Covers partial last chunk (64-byte tail) so every downloaded byte is verified - Primary/fallback CDN URLs with HTTP Range requests --------- Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com>
In `bb`, we use the scalar splitting for a few fields: the base and scalar fields of BN254, as well as the scalar field of secp256k1. Formerly, in the latter, we used a "384-bit" shift. This is unnecessary: rounding was not the main difference. (The difference is in the former fields, the scalar splitting can be taken to both have 128 bits; for `secp256k1::fr`, neither statement is true, and indeed the scalars can have as many as 129 bits. In this branch, then, we return field elements.) The interfaces have been unified, as much as they can. Also improves on the literate documentation, in particular, on a brief explanation of why the GLV lattice basis for `bn254::fq` and `bn254::fr` are so close. --------- Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds unique ID to each OriginTag using an atomic counter. Intended to make debugging and tracking individual tags easier.
### 🧾 Audit Context First part of the audit of `ecc/curves`. This PR is concerned with curve fields: we restructure testing, standardise struct format, and add some more constant checks. ### 🛠️ Changes Made - Refactor field params structs so that they all have the same format - Refactor testing: move some testing to generic field testing, standardise testing for all field params struct, add tests for constants ### ✅ Checklist - [X] Audited all methods of the relevant module/class - [ ] Audited the interface of the module/class with other (relevant) components - [ ] Documented existing functionality and any changes made (as per Doxygen requirements) - [ ] Resolved and/or closed all issues/TODOs pertaining to the audited files - [ ] Confirmed and documented any security or other issues found (if applicable) - [X] Verified that tests cover all critical paths (and added tests if necessary) - [ ] Updated audit tracking for the files audited (check the start of each file you audited) ### 📌 Notes for Reviewers
Update bootstrap to use new CMake configuration
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 5, 2026
BEGIN_COMMIT_OVERRIDE fix: add -g0 to zig presets to eliminate 11GB debug info bloat (#21071) fix: resolve flaky p2p_client test race condition on ARM64 (#21088) chore: remove domain iteration macros and address backing memory race (#20988) fix: [ECCVM] added domain separation for the multiset equality check. (#20352) feat: hybrid CRS hash verification — 8MB chunks, parallel, span-based (#21113) chore: unify splitting scalars interface (#20805) chore: add a unique id to each origin tag (#20924) chore: Native curve audit (#20936) chore: Update bootstrap in test vk haven't changed script (#21153) END_COMMIT_OVERRIDE
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
The `FromMontgomeryForm` test in `general_field.test.cpp` (added by #20936) was comparing raw limbs after `from_montgomery_form()`, expecting exactly `{1, 0, 0, 0}`. However, the WASM Montgomery multiplication returns coarse results in `[0, 2p)`, so `from_montgomery_form(one())` can return `p+1` instead of `1` — both represent the same field element, but the raw limbs differ. This caused `ecc_tests` to fail in WASM builds (`FieldTest/0.FromMontgomeryForm` for BN254 Fq and `FieldTest/1.FromMontgomeryForm` for BN254 Fr), which dequeued merge-train/barretenberg PR #21084 from the merge queue. Fix: use `from_montgomery_form_reduced()` for base fields to ensure full reduction to `[0, p)` before raw limb comparison. Extension fields already use `from_montgomery_form_reduced()` internally on their components, so they are unaffected. ClaudeBox log: http://ci.aztec-labs.com/5f9c459fdf9e2366-1
similar to how it's done in hmac, we should make sure we remove secret randomness that are no longer from memory. resolves: AztecProtocol/barretenberg#895 --------- Co-authored-by: sergei iakovenko <105737703+iakovenkos@users.noreply.github.com> Co-authored-by: ledwards2225 <98505400+ledwards2225@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: AztecBot <tech@aztecprotocol.com>
On Ubuntu 22 (glibc 2.35), stock clangd auto-detects the target triple as `native-unknown-linux-gnu.2.35`. Newer clang versions validate the version component more strictly and reject `.2.35` as invalid, producing: ``` Version '.2.35' in target triple 'native-unknown-linux-gnu.2.35' is invalid clang(drv_triple_version_invalid) ``` This adds a `Diagnostics: Suppress` entry to the existing `.clangd` config to silence this diagnostic. It only affects the clangd language server (IDE), not the actual build which uses zig clang. ClaudeBox log: http://ci.aztec-labs.com/01115b8f744a5b49-4 Co-authored-by: ludamad <adam.domurad@gmail.com>
Optimise new claim calculation by avoiding allocating new zero polynomials. Closes AztecProtocol/barretenberg#1604
## Summary - Adds a "Quick Start" section to the barretenberg README for non-C++ users - Covers three paths: pre-built binary via bbup, bootstrap.sh build, and Docker - Documents Zig requirement for default bootstrap and `NATIVE_PRESET=default` fallback for standard Clang - Merges duplicate "Bootstrap" section into Quick Start - Closes AztecProtocol/barretenberg#1438 (part 2)
Implements `ChonkBatchVerifier` for batch verifying Chonk proofs.
- Only batches IPA MSM (via newly added `IPA::batch_reduce_verify()`)
(Note IPA is ~90% of verification time)
- Adds `bbapi::ChonkBatchVerify` - ready to be integrated into the TS
Batching is done by replacing $N$ single IPA verifier checks of the
form:
$$C_0 = \langle a_0 \vec{s}, \vec{G} \rangle + a_0 b_0 u \cdot G$$
with a batched check of the form (with $\alpha$ chosen randomly by the
verifier):
$$\sum_i \alpha^i C_{0,i} = \langle \sum_i \alpha^i a_{0,i} \vec{s_i},
\vec{G} \rangle + \left(\sum_i \alpha^i a_{0,i} b_{0,i} u_i\right) \cdot
G$$
See below for relevant benchmarks
Collaborator
Author
|
🤖 Auto-merge enabled after 4 hours of inactivity. This PR will be merged automatically once all checks pass. |
# Conflicts: # barretenberg/cpp/CMakePresets.json
## Summary - Rust build script was linking `libstdc++` on Linux, but barretenberg is built with Clang/libc++ (`std::__1::` ABI) - This caused undefined reference errors at link time for `cargo test --release --features ffi` - Fix: link `libc++` on all platforms since barretenberg uses Clang/libc++ everywhere Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…or to be 0. (#20849) in the transcript table, no-ops force the next accumulator to be 0. No new subrelations --------- Co-authored-by: notnotraju <raju@aztec-labs.com>
…0) (#21201) ## Summary - Resolves merge conflict in `barretenberg/cpp/CMakePresets.json` between merge-train/barretenberg and next - Keeps next's zig wrapper scripts (`zig-cc.sh`/`zig-c++.sh`) for cross-platform support - Preserves merge-train's `-g0` CFLAGS/CXXFLAGS to eliminate debug info bloat
… != 0` (#20858) The `transcript_input2` used a hardcoded `transcript_pc - 1` which assumed `z1_zero == 0` whenever `z2_zero == 0`. This made the circuit unsatisfiable when `z1_zero == 1` and `z2_zero == 0`. Replace with `transcript_pc -lookup_first` so the pc offset adapts correctly. --------- Co-authored-by: notnotraju <raju@aztec-labs.com>
…er (#21206) ## Summary - After #21179 optimized `compute_new_claim()` to move polynomials instead of copying, `virtual_size()` on accumulator polynomials no longer reliably equals the accumulator's dyadic size. - `HypernovaDeciderProver::construct_proof` used `virtual_size()` to create a `CommitmentKey`, which could request 2^21 CRS points — exceeding the WASM default of 2^20. - Fix: use `end_index()` to compute the tightest CRS size for the `CommitmentKey`, while passing `dyadic_size` to `PolynomialBatcher` and `ShpleminiProver` which need the multilinear domain size. ## Test plan - [x] `hypernova_tests` pass (9/9) - [x] `chonk_tests` pass (25/25) - [ ] CI chonk integration tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
BEGIN_COMMIT_OVERRIDE
fix: add -g0 to zig presets to eliminate 11GB debug info bloat (#21071)
fix: resolve flaky p2p_client test race condition on ARM64 (#21088)
chore: remove domain iteration macros and address backing memory race (#20988)
fix: [ECCVM] added domain separation for the multiset equality check. (#20352)
feat: hybrid CRS hash verification — 8MB chunks, parallel, span-based (#21113)
chore: unify splitting scalars interface (#20805)
chore: add a unique id to each origin tag (#20924)
chore: Native curve audit (#20936)
chore: Update bootstrap in test vk haven't changed script (#21153)
fix: use reduced form in WASM FromMontgomeryForm test (#21164)
chore: erase ephemeral secrets from memory in schnorr and aes (#21106)
chore: suppress clangd target triple version diagnostic (#21180)
feat: Optimise new claim calculation (#21179)
docs: add Quick Start build instructions to barretenberg README (#20951)
feat: batched chonk verification (#21083)
fix: link libc++ instead of libstdc++ for Rust FFI on Linux (#21203)
fix: [ECCVM] in the transcript table, no-ops force the next accumulator to be 0. (#20849)
fix: resolve merge-train conflict with next (zig wrapper scripts + -g0) (#21201)
fix: [ECCVM] rare edge case completeness issue when
z1 == 0butz2 != 0(#20858)fix: use actual data extent for CommitmentKey in HypernovaDeciderProver (#21206)
END_COMMIT_OVERRIDE