fix(avm): AVM gadget fuzzers fixes#22745
Merged
Merged
Conversation
IlyasRidhuan
approved these changes
Apr 28, 2026
MirandaWood
force-pushed
the
mw/avm-ecc-fuzzer-fix
branch
from
a76c688 to
ed831c6
Compare
MirandaWood
added a commit
that referenced
this pull request
May 12, 2026
…#22921) This branch solely contains the changes needed to remove the `is_infinite` flag from our `StandardAffinePoint` C++ wrapper. Now, we check whether `x` and `y` are zero to assign an `inf` underlying point. Will close [Foundation AVM Issue 17](https://linear.app/aztec-foundation/issue/AVM-17/remove-is-inf-flag-from-avms-standardaffinepoint) --- Stack: - #22745 - #22564 - `mw/avm-rem-inf-point-wrapper` <-- here - #22795 - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 12, 2026
…y) (#22795) This branch includes the changes to remove the `is_infinite` flag from our point representation and conceptually treating a point as infinite iff its coordinates are `(0, 0)`. It only contains logic changes within the AVM for the above and does not touch the opcode - this is in a lower PR - so the **CI will probably fail**. Will close [Foundation AVM Issue 18](https://linear.app/aztec-foundation/issue/AVM-18/remove-is-inf-flag-from-resulting-ec-points-in-avm-circuits) --- Stack: - #22745 - #22564 - #22921 - `mw/avm-explore-remove-is-inf` <-- here - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 13, 2026
…#22945) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature. The actual EC logic changes come above this PR in the stack, and any changes outside the AVM will be below. For ease of review, I've separated into commits: - **feat: remove inf flags from ecadd opcode - ec flow only** Isolated to the EC flow only (does not change registers so non avm tests will fail) - f**eat: rem infs from fuzzer (only gadget fuzzer tested)** Isolated fixes to get the fuzzer(s) compiling Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the following PR #23031 with ts/rs changes will fully close it). Note that the opcode mismatches that in ts so **CI will fail** until #23031 is merged into this branch! --- Stack: - #22745 - #22564 - #22921 - #22795 - `mw/avm-rem-inf-opcode-ecadd` <-- here - #23031
MirandaWood
added a commit
that referenced
this pull request
May 15, 2026
… AVM only) (#23031) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature which reside outside `vm2`. This includes the transpiler, ts simulator, and anything required in ACIR. Note that ACIR and noir's black box still use [the flags](https://github.com/AztecProtocol/aztec-packages/blob/b30fe8f401d7af45148071924b22b3f377750eaf/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp#L34) and represent points by a[ triple of elements.](https://github.com/noir-lang/noir/blob/bc4a37e2994ebc7d44ae98be81e18606b2231c61/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs#L98) Since this touches both private and public execution, I think it's out of scope of this task to update these. Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the previous PR with AVM changes will close the initial portion) --- Stack: - #22745 - #22564 - #22921 - #22795 - #22945 - `mw/avm-rem-inf-opcode-ecadd-ext` <-- here
MirandaWood
added a commit
that referenced
this pull request
May 15, 2026
…#22921) This branch solely contains the changes needed to remove the `is_infinite` flag from our `StandardAffinePoint` C++ wrapper. Now, we check whether `x` and `y` are zero to assign an `inf` underlying point. Will close [Foundation AVM Issue 17](https://linear.app/aztec-foundation/issue/AVM-17/remove-is-inf-flag-from-avms-standardaffinepoint) --- Stack: - #22745 - #22564 - `mw/avm-rem-inf-point-wrapper` <-- here - #22795 - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 15, 2026
…y) (#22795) This branch includes the changes to remove the `is_infinite` flag from our point representation and conceptually treating a point as infinite iff its coordinates are `(0, 0)`. It only contains logic changes within the AVM for the above and does not touch the opcode - this is in a lower PR - so the **CI will probably fail**. Will close [Foundation AVM Issue 18](https://linear.app/aztec-foundation/issue/AVM-18/remove-is-inf-flag-from-resulting-ec-points-in-avm-circuits) --- Stack: - #22745 - #22564 - #22921 - `mw/avm-explore-remove-is-inf` <-- here - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 15, 2026
…#22945) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature. The actual EC logic changes come above this PR in the stack, and any changes outside the AVM will be below. For ease of review, I've separated into commits: - **feat: remove inf flags from ecadd opcode - ec flow only** Isolated to the EC flow only (does not change registers so non avm tests will fail) - f**eat: rem infs from fuzzer (only gadget fuzzer tested)** Isolated fixes to get the fuzzer(s) compiling Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the following PR Note that the opcode mismatches that in ts so **CI will fail** until --- Stack: - #22745 - #22564 - #22921 - #22795 - `mw/avm-rem-inf-opcode-ecadd` <-- here - #23031
MirandaWood
added a commit
that referenced
this pull request
May 15, 2026
… AVM only) (#23031) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature which reside outside `vm2`. This includes the transpiler, ts simulator, and anything required in ACIR. Note that ACIR and noir's black box still use [the flags](https://github.com/AztecProtocol/aztec-packages/blob/b30fe8f401d7af45148071924b22b3f377750eaf/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp#L34) and represent points by a[ triple of elements.](https://github.com/noir-lang/noir/blob/bc4a37e2994ebc7d44ae98be81e18606b2231c61/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs#L98) Since this touches both private and public execution, I think it's out of scope of this task to update these. Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the previous PR with AVM changes will close the initial portion) --- Stack: - #22745 - #22564 - #22921 - #22795 - #22945 - `mw/avm-rem-inf-opcode-ecadd-ext` <-- here
MirandaWood
added a commit
that referenced
this pull request
May 16, 2026
…#22921) This branch solely contains the changes needed to remove the `is_infinite` flag from our `StandardAffinePoint` C++ wrapper. Now, we check whether `x` and `y` are zero to assign an `inf` underlying point. Will close [Foundation AVM Issue 17](https://linear.app/aztec-foundation/issue/AVM-17/remove-is-inf-flag-from-avms-standardaffinepoint) --- Stack: - #22745 - #22564 - `mw/avm-rem-inf-point-wrapper` <-- here - #22795 - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 16, 2026
…y) (#22795) This branch includes the changes to remove the `is_infinite` flag from our point representation and conceptually treating a point as infinite iff its coordinates are `(0, 0)`. It only contains logic changes within the AVM for the above and does not touch the opcode - this is in a lower PR - so the **CI will probably fail**. Will close [Foundation AVM Issue 18](https://linear.app/aztec-foundation/issue/AVM-18/remove-is-inf-flag-from-resulting-ec-points-in-avm-circuits) --- Stack: - #22745 - #22564 - #22921 - `mw/avm-explore-remove-is-inf` <-- here - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 16, 2026
…#22945) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature. The actual EC logic changes come above this PR in the stack, and any changes outside the AVM will be below. For ease of review, I've separated into commits: - **feat: remove inf flags from ecadd opcode - ec flow only** Isolated to the EC flow only (does not change registers so non avm tests will fail) - f**eat: rem infs from fuzzer (only gadget fuzzer tested)** Isolated fixes to get the fuzzer(s) compiling Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the following PR Note that the opcode mismatches that in ts so **CI will fail** until --- Stack: - #22745 - #22564 - #22921 - #22795 - `mw/avm-rem-inf-opcode-ecadd` <-- here - #23031
MirandaWood
added a commit
that referenced
this pull request
May 16, 2026
… AVM only) (#23031) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature which reside outside `vm2`. This includes the transpiler, ts simulator, and anything required in ACIR. Note that ACIR and noir's black box still use [the flags](https://github.com/AztecProtocol/aztec-packages/blob/b30fe8f401d7af45148071924b22b3f377750eaf/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp#L34) and represent points by a[ triple of elements.](https://github.com/noir-lang/noir/blob/bc4a37e2994ebc7d44ae98be81e18606b2231c61/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs#L98) Since this touches both private and public execution, I think it's out of scope of this task to update these. Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the previous PR with AVM changes will close the initial portion) --- Stack: - #22745 - #22564 - #22921 - #22795 - #22945 - `mw/avm-rem-inf-opcode-ecadd-ext` <-- here
MirandaWood
added a commit
that referenced
this pull request
May 18, 2026
…#22921) This branch solely contains the changes needed to remove the `is_infinite` flag from our `StandardAffinePoint` C++ wrapper. Now, we check whether `x` and `y` are zero to assign an `inf` underlying point. Will close [Foundation AVM Issue 17](https://linear.app/aztec-foundation/issue/AVM-17/remove-is-inf-flag-from-avms-standardaffinepoint) --- Stack: - #22745 - #22564 - `mw/avm-rem-inf-point-wrapper` <-- here - #22795 - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 18, 2026
…y) (#22795) This branch includes the changes to remove the `is_infinite` flag from our point representation and conceptually treating a point as infinite iff its coordinates are `(0, 0)`. It only contains logic changes within the AVM for the above and does not touch the opcode - this is in a lower PR - so the **CI will probably fail**. Will close [Foundation AVM Issue 18](https://linear.app/aztec-foundation/issue/AVM-18/remove-is-inf-flag-from-resulting-ec-points-in-avm-circuits) --- Stack: - #22745 - #22564 - #22921 - `mw/avm-explore-remove-is-inf` <-- here - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 18, 2026
…#22945) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature. The actual EC logic changes come above this PR in the stack, and any changes outside the AVM will be below. For ease of review, I've separated into commits: - **feat: remove inf flags from ecadd opcode - ec flow only** Isolated to the EC flow only (does not change registers so non avm tests will fail) - f**eat: rem infs from fuzzer (only gadget fuzzer tested)** Isolated fixes to get the fuzzer(s) compiling Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the following PR Note that the opcode mismatches that in ts so **CI will fail** until --- Stack: - #22745 - #22564 - #22921 - #22795 - `mw/avm-rem-inf-opcode-ecadd` <-- here - #23031
MirandaWood
added a commit
that referenced
this pull request
May 18, 2026
… AVM only) (#23031) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature which reside outside `vm2`. This includes the transpiler, ts simulator, and anything required in ACIR. Note that ACIR and noir's black box still use [the flags](https://github.com/AztecProtocol/aztec-packages/blob/b30fe8f401d7af45148071924b22b3f377750eaf/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp#L34) and represent points by a[ triple of elements.](https://github.com/noir-lang/noir/blob/bc4a37e2994ebc7d44ae98be81e18606b2231c61/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs#L98) Since this touches both private and public execution, I think it's out of scope of this task to update these. Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the previous PR with AVM changes will close the initial portion) --- Stack: - #22745 - #22564 - #22921 - #22795 - #22945 - `mw/avm-rem-inf-opcode-ecadd-ext` <-- here
MirandaWood
added a commit
that referenced
this pull request
May 18, 2026
### Update Will also close [Foundation AVM Issue 13](https://linear.app/aztec-foundation/issue/AVM-13/enforce-canonical-point-at-infinity-representation) Note that this is currently being used as a base for removing the flag from AVM's point representation ([Foundation AVM Issue 14](https://linear.app/aztec-foundation/issue/AVM-14/remove-is-inf-flag-from-avm-ec-point-representation)): - ~#22745 (in merge train) - #23342 (ACIR changes from #23155 for removing `inf`) - #22564 <-- here - #22921 ✅ - #22795 ✅ - #22945 ✅ - #23031 ✅ **Everything in this branch has been reviewed**, see above PRs for individual work ⬆️ ### [OLD] Overview Will close [AVM-248](https://linear.app/aztec-labs/issue/AVM-248/enforce-canonical-point-at-infinity-representation) As a kind of stopgap before removing the `is_infinite` flag completely from the AVM ([AVM-266](https://linear.app/aztec-labs/issue/AVM-266/remove-is-inf-flag-from-ec-point-representation)), we now follow Noir behaviour more closely by deriving `is_inf` from coordinates inside the circuits ( `(x, y) == (0, 0) ? is_inf == true`). This replaces previous logic remapping points to (0, 0) from `is_inf`. This method relies on the on curve check (for `(0, 0) ==> is_inf `) and some new relations enforcing coordinates (for `is_inf ==> (0, 0)`) rather than (more expensive) error handling. However this does mean that the former will fail with an on curve error whereas the latter will simply fail a relation.
MirandaWood
added a commit
that referenced
this pull request
May 20, 2026
…#22921) This branch solely contains the changes needed to remove the `is_infinite` flag from our `StandardAffinePoint` C++ wrapper. Now, we check whether `x` and `y` are zero to assign an `inf` underlying point. Will close [Foundation AVM Issue 17](https://linear.app/aztec-foundation/issue/AVM-17/remove-is-inf-flag-from-avms-standardaffinepoint) --- Stack: - #22745 - #22564 - `mw/avm-rem-inf-point-wrapper` <-- here - #22795 - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 20, 2026
…y) (#22795) This branch includes the changes to remove the `is_infinite` flag from our point representation and conceptually treating a point as infinite iff its coordinates are `(0, 0)`. It only contains logic changes within the AVM for the above and does not touch the opcode - this is in a lower PR - so the **CI will probably fail**. Will close [Foundation AVM Issue 18](https://linear.app/aztec-foundation/issue/AVM-18/remove-is-inf-flag-from-resulting-ec-points-in-avm-circuits) --- Stack: - #22745 - #22564 - #22921 - `mw/avm-explore-remove-is-inf` <-- here - #22945 - #23031
MirandaWood
added a commit
that referenced
this pull request
May 20, 2026
…#22945) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature. The actual EC logic changes come above this PR in the stack, and any changes outside the AVM will be below. For ease of review, I've separated into commits: - **feat: remove inf flags from ecadd opcode - ec flow only** Isolated to the EC flow only (does not change registers so non avm tests will fail) - f**eat: rem infs from fuzzer (only gadget fuzzer tested)** Isolated fixes to get the fuzzer(s) compiling Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the following PR Note that the opcode mismatches that in ts so **CI will fail** until --- Stack: - #22745 - #22564 - #22921 - #22795 - `mw/avm-rem-inf-opcode-ecadd` <-- here - #23031
MirandaWood
added a commit
that referenced
this pull request
May 20, 2026
… AVM only) (#23031) This branch includes the changes to remove the `is_infinite` flags from the ECADD opcode fn signature which reside outside `vm2`. This includes the transpiler, ts simulator, and anything required in ACIR. Note that ACIR and noir's black box still use [the flags](https://github.com/AztecProtocol/aztec-packages/blob/b30fe8f401d7af45148071924b22b3f377750eaf/barretenberg/cpp/src/barretenberg/dsl/acir_format/ec_operations.hpp#L34) and represent points by a[ triple of elements.](https://github.com/noir-lang/noir/blob/bc4a37e2994ebc7d44ae98be81e18606b2231c61/acvm-repo/bn254_blackbox_solver/src/embedded_curve_ops.rs#L98) Since this touches both private and public execution, I think it's out of scope of this task to update these. Will partially close [Foundation AVM Issue 19](https://linear.app/aztec-foundation/issue/AVM-19/) (the previous PR with AVM changes will close the initial portion) --- Stack: - #22745 - #22564 - #22921 - #22795 - #22945 - `mw/avm-rem-inf-opcode-ecadd-ext` <-- here
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This brings a couple of small fixes so we can build the coverage tool and use the ecc fuzzer.
Now
run_fuzzer.sh coverage <gadget>works again 🎉AffinePoint::serialize_from_bufferthrows if the point is not on the curve (part of chore: fixes in ecc/group internal audit #21920), the ecc fuzzer (which deliberately constructs and tests points not on the curve) must use a custom deserializer which doesn't throw.