feat: perform constant sha256 compressions at compile-time

TomAFrench · TomAFrench · commit 92ef10298127 · 2025-03-03T18:21:00.000Z
diff --git a/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs b/compiler/noirc_evaluator/src/ssa/ir/instruction/call.rs
@@ -610,7 +610,9 @@ fn simplify_black_box_func(
                 "ICE: `BlackBoxFunc::RANGE` calls should be transformed into a `Instruction::Cast`"
             )
         }
-        BlackBoxFunc::Sha256Compression => SimplifyResult::None, //TODO(Guillaume)
+        BlackBoxFunc::Sha256Compression => {
+            blackbox::simplify_sha256_compression(dfg, arguments, block, call_stack)
+        }
         BlackBoxFunc::AES128Encrypt => SimplifyResult::None,
     }
 }
diff --git a/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs b/compiler/noirc_evaluator/src/ssa/ir/instruction/call/blackbox.rs
@@ -1,5 +1,6 @@
 use std::sync::Arc;
 
+use acvm::blackbox_solver::sha256_compression;
 use acvm::{BlackBoxFunctionSolver, BlackBoxResolutionError, FieldElement, acir::AcirField};
 
 use crate::ssa::ir::call_stack::CallStackId;
@@ -233,6 +234,54 @@ pub(super) fn simplify_poseidon2_permutation(
     }
 }
 
+pub(super) fn simplify_sha256_compression(
+    dfg: &mut DataFlowGraph,
+    arguments: &[ValueId],
+    block: BasicBlockId,
+    call_stack: CallStackId,
+) -> SimplifyResult {
+    match (dfg.get_array_constant(arguments[0]), dfg.get_array_constant(arguments[1])) {
+        (Some((state, _)), Some((msg_blocks, _)))
+            if array_is_constant(dfg, &state) && array_is_constant(dfg, &msg_blocks) =>
+        {
+            let Some(mut state) = state
+                .iter()
+                .map(|id| {
+                    dfg.get_numeric_constant(*id)
+                        .expect("value id from array should point at constant")
+                        .try_to_u32()
+                })
+                .collect::<Option<Vec<u32>>>()
+                .map(|vec| <[u32; 8]>::try_from(vec).unwrap())
+            else {
+                return SimplifyResult::None;
+            };
+
+            let Some(msg_blocks) = msg_blocks
+                .iter()
+                .map(|id| {
+                    dfg.get_numeric_constant(*id)
+                        .expect("value id from array should point at constant")
+                        .try_to_u32()
+                })
+                .collect::<Option<Vec<u32>>>()
+                .map(|vec| <[u32; 16]>::try_from(vec).unwrap())
+            else {
+                return SimplifyResult::None;
+            };
+
+            sha256_compression(&mut state, &msg_blocks);
+
+            let new_state = state.into_iter().map(FieldElement::from);
+            let typ = NumericType::Unsigned { bit_size: 32 };
+            let result_array = make_constant_array(dfg, new_state, typ, block, call_stack);
+
+            SimplifyResult::SimplifiedTo(result_array)
+        }
+        _ => SimplifyResult::None,
+    }
+}
+
 pub(super) fn simplify_hash(
     dfg: &mut DataFlowGraph,
     arguments: &[ValueId],
@@ -308,7 +357,7 @@ pub(super) fn simplify_signature(
 
 #[cfg(feature = "bn254")]
 #[cfg(test)]
-mod test {
+mod multi_scalar_mul {
     use crate::ssa::Ssa;
     use crate::ssa::opt::assert_normalized_ssa_equals;
 
@@ -395,3 +444,32 @@ mod test {
         assert_normalized_ssa_equals(ssa, expected_src);
     }
 }
+
+#[cfg(test)]
+mod sha256_compression {
+    use crate::ssa::Ssa;
+    use crate::ssa::opt::assert_normalized_ssa_equals;
+
+    #[test]
+    fn is_optimized_out_with_constant_arguments() {
+        let src = r#"
+            acir(inline) fn main f0 {
+              b0():
+                v0 = make_array [u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0] : [u32; 8]
+                v1 = make_array [u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0] : [u32; 16]
+                v2 = call sha256_compression(v0, v1) -> [u32; 8]
+                return v2
+            }"#;
+        let ssa = Ssa::from_str_simplifying(src).unwrap();
+        let expected_src = r#"
+            acir(inline) fn main f0 {
+              b0():
+                v1 = make_array [u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0] : [u32; 8]
+                v2 = make_array [u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0, u32 0] : [u32; 16]
+                v11 = make_array [u32 2091193876, u32 1113340840, u32 3461668143, u32 3254913767, u32 3068490961, u32 2551409935, u32 2927503052, u32 3205228454] : [u32; 8]
+                return v11
+            }
+            "#;
+        assert_normalized_ssa_equals(ssa, expected_src);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -610,7 +610,9 @@ fn simplify_black_box_func(`
`610`	`610`	"ICE: `BlackBoxFunc::RANGE` calls should be transformed into a `Instruction::Cast`"
`611`	`611`	`)`
`612`	`612`	`}`
`613`		`- BlackBoxFunc::Sha256Compression => SimplifyResult::None, //TODO(Guillaume)`
	`613`	`+ BlackBoxFunc::Sha256Compression => {`
	`614`	`+ blackbox::simplify_sha256_compression(dfg, arguments, block, call_stack)`
	`615`	`+ }`
`614`	`616`	`BlackBoxFunc::AES128Encrypt => SimplifyResult::None,`
`615`	`617`	`}`
`616`	`618`	`}`