#include <sha256_trace.hpp>

Public Member Functions
void	process (const simulation::EventEmitterInterface< simulation::Sha256CompressionEvent >::Container &events, TraceContainer &trace)
	Process the SHA-256 compression events and populate the relevant columns in the trace.

Static Public Attributes
static const InteractionDefinition	interactions

Private Member Functions
void	into_limbs_with_witness (const uint64_t, const uint8_t b, Column col_lhs, Column col_rhs, TraceContainer &trace) const
	Decompose a value into high and low limbs at a given bit position and write them to the trace.

uint32_t	ror_with_witness (const uint32_t val, const uint8_t shift, Column col_result, Column col_rhs, TraceContainer &trace) const
	Perform a 32-bit right rotation and insert the result and rhs limb into the trace.

uint32_t	shr_with_witness (const uint32_t val, const uint8_t shift, Column col_lhs, Column col_rhs, TraceContainer &trace) const
	Perform a 32-bit right shift and insert the limb decomposition into the trace.

uint32_t	compute_w_with_witness (const std::array< uint32_t, 16 > &prev_w_helpers, TraceContainer &trace) const
	Compute the message schedule word w[j] for a non-input round and insert witness data into the trace.

std::array< uint32_t, 8 >	compute_compression_with_witness (const std::array< uint32_t, 8 > &state, uint32_t round_w, uint32_t round_constant, TraceContainer &trace) const
	Perform one round of the SHA-256 compression function and insert all witness data into the trace.

void	set_helper_cols (const std::array< uint32_t, 16 > &prev_w_helpers, TraceContainer &trace) const
	Set the 16 message-schedule helper columns (w0..w15) at the current row.

void	set_init_state_cols (const std::array< uint32_t, 8 > &init_state, TraceContainer &trace) const
	Set the 8 initial-state columns (init_a..init_h) at the current row.

void	set_state_cols (const std::array< uint32_t, 8 > &state, TraceContainer &trace) const
	Set the 8 round-state columns (a..h) at the current row.

void	compute_sha256_output (const std::array< uint32_t, 8 > &out_state, const std::array< uint32_t, 8 > &init_state, TraceContainer &trace) const
	Compute the final SHA-256 output (init_state + final_round_state mod 2^32) and write to the trace.

Private Attributes
uint32_t	row = 1

Detailed Description

Definition at line 14 of file sha256_trace.hpp.

Member Function Documentation

◆ compute_compression_with_witness()

std::array< uint32_t, 8 > bb::avm2::tracegen::Sha256TraceBuilder::compute_compression_with_witness	(	const std::array< uint32_t, 8 > &	state,
		uint32_t	round_w,
		uint32_t	round_constant,
		TraceContainer &	trace
	)		const

private

Perform one round of the SHA-256 compression function and insert all witness data into the trace.

Computes S0, S1, ch, maj, temp1, temp2, and the updated state for a single SHA-256 round. All intermediate values (rotations, bitwise ops, modular additions) are written to the trace.

Parameters

state	The 8-element state array [a, b, c, d, e, f, g, h] at the start of this round.
round_w	The message schedule word w[i] for this round.
round_constant	The SHA-256 round constant k[i] for this round.
trace	The trace container to populate.

Returns: The updated 8-element state array after this round.

Definition at line 249 of file sha256_trace.cpp.

◆ compute_sha256_output()

void bb::avm2::tracegen::Sha256TraceBuilder::compute_sha256_output	(	const std::array< uint32_t, 8 > &	out_state,
		const std::array< uint32_t, 8 > &	init_state,
		TraceContainer &	trace
	)		const

private

Compute the final SHA-256 output (init_state + final_round_state mod 2^32) and write to the trace.

Parameters

out_state	The 8-element state array after the final (64th) compression round.
init_state	The 8-element initial hash state before compression.
trace	The trace container to populate with the output limb decompositions.

Definition at line 352 of file sha256_trace.cpp.

◆ compute_w_with_witness()

uint32_t bb::avm2::tracegen::Sha256TraceBuilder::compute_w_with_witness	(	const std::array< uint32_t, 16 > &	prev_w_helpers,
		TraceContainer &	trace
	)		const

private

Compute the message schedule word w[j] for a non-input round and insert witness data into the trace.

Implements w[j] = w[j-16] + s0 + w[j-7] + s1 where s0 and s1 are computed from rotations and shifts of previous w values, with all intermediate results recorded as trace columns.

Parameters

prev_w_helpers	The 16 most recent w values (sliding window), indexed 0..15.
trace	The trace container to populate.

Returns: The computed w value for this round (reduced modulo 2^32).

Definition at line 188 of file sha256_trace.cpp.

◆ into_limbs_with_witness()

void bb::avm2::tracegen::Sha256TraceBuilder::into_limbs_with_witness	(	const uint64_t	a,
		const uint8_t	b,
		Column	col_lhs,
		Column	col_rhs,
		TraceContainer &	trace
	)		const

private

Decompose a value into high and low limbs at a given bit position and write them to the trace.

Parameters

a	The value to decompose.
b	The bit position at which to split (low limb has b bits).
col_lhs	The column for the high limb (a >> b).
col_rhs	The column for the low limb (a & (2^b - 1)).
trace	The trace container to populate.

Precondition: b must satisfy b < 64. A value >= 64 would cause undefined behavior per the C++ standard for 64-bit operands (a >> b and 1 << b). This is an internal helper; all callers pass either fixed SHA-256 rotation/shift amounts (2, 3, 6, 7, 10, 11, 13, 17, 18, 19, 22, 25) or the literal 32 for modular reduction, so this precondition is always satisfied.

Definition at line 119 of file sha256_trace.cpp.

◆ process()

void bb::avm2::tracegen::Sha256TraceBuilder::process	(	const simulation::EventEmitterInterface< simulation::Sha256CompressionEvent >::Container &	events,
		TraceContainer &	trace
	)

Process the SHA-256 compression events and populate the relevant columns in the trace.

Events are emitted in the following flavors:

Normal execution: state has 8 valid U32 elements, input has 16 valid U32 elements, output contains the computed compression result. Produces 65 rows (64 rounds + 1 final).
Address out-of-range error: one or more of state/input/output address ranges exceed the maximum memory address. Produces 1 row with error flags set.
Invalid state tag error: at least one state element has a non-U32 tag. State is fully loaded but invalid. Produces 1 row with batched tag check and error flags.
Invalid input tag error: state is valid but an input element has a non-U32 tag. Input contains elements up to and including the first invalid one. Produces rows for each input element loaded (up to 16), with error flags propagated.

Parameters

events	Container of Sha256CompressionEvent to process.
trace	The trace container to populate.

Definition at line 381 of file sha256_trace.cpp.

◆ ror_with_witness()

uint32_t bb::avm2::tracegen::Sha256TraceBuilder::ror_with_witness	(	const uint32_t	val,
		const uint8_t	shift,
		Column	col_result,
		Column	col_rhs,
		TraceContainer &	trace
	)		const

private

Perform a 32-bit right rotation and insert the result and rhs limb into the trace.

Only the rotation result and the low limb (rhs) are written. The high limb (lhs) is algebraically eliminated in PIL via the combined rotation constraint: X = Y * 2^a - rhs * (2^32 - 1)

Parameters

val	The 32-bit value to rotate.
shift	The number of bits to rotate right.
col_result	The column for the rotation result.
col_rhs	The column for the low limb of the decomposition (range-checked in PIL).
trace	The trace container to populate.

Returns: The rotated 32-bit value.

Precondition: shift must satisfy 0 < shift < 32. A shift >= 32 causes undefined behavior per the C++ standard for 32-bit operands. A shift == 0 also causes undefined behavior because the reconstruction val << (32 - shift) becomes a left shift by 32. This is an internal helper; all callers use fixed SHA-256 rotation amounts (2, 6, 7, 11, 13, 17, 18, 19, 22, 25), so this precondition is always satisfied.

Definition at line 146 of file sha256_trace.cpp.

◆ set_helper_cols()

void bb::avm2::tracegen::Sha256TraceBuilder::set_helper_cols	(	const std::array< uint32_t, 16 > &	prev_w_helpers,
		TraceContainer &	trace
	)		const

private

Set the 16 message-schedule helper columns (w0..w15) at the current row.

Parameters

prev_w_helpers	The 16 previous w helper values for this round.
trace	The trace container to populate.

Definition at line 76 of file sha256_trace.cpp.

◆ set_init_state_cols()

void bb::avm2::tracegen::Sha256TraceBuilder::set_init_state_cols	(	const std::array< uint32_t, 8 > &	init_state,
		TraceContainer &	trace
	)		const

private

Set the 8 initial-state columns (init_a..init_h) at the current row.

Parameters

init_state	The 8 initial hash state values (propagated unchanged across all rows).
trace	The trace container to populate.

Definition at line 100 of file sha256_trace.cpp.

◆ set_state_cols()

void bb::avm2::tracegen::Sha256TraceBuilder::set_state_cols	(	const std::array< uint32_t, 8 > &	state,
		TraceContainer &	trace
	)		const

private

Set the 8 round-state columns (a..h) at the current row.

Parameters

state	The 8 state values for this round.
trace	The trace container to populate.

Definition at line 88 of file sha256_trace.cpp.

◆ shr_with_witness()

uint32_t bb::avm2::tracegen::Sha256TraceBuilder::shr_with_witness	(	const uint32_t	val,
		const uint8_t	shift,
		Column	col_lhs,
		Column	col_rhs,
		TraceContainer &	trace
	)		const

private

Perform a 32-bit right shift and insert the limb decomposition into the trace.

The shift result is the high limb (col_lhs = val >> shift), written by into_limbs_with_witness.

Parameters

val	The 32-bit value to shift.
shift	The number of bits to shift right.
col_lhs	The column for the high limb of the decomposition (shift result).
col_rhs	The column for the low limb of the decomposition (discarded bits).
trace	The trace container to populate.

Returns: The shifted 32-bit value.

Precondition: shift must satisfy shift < 32. A shift >= 32 would cause undefined behavior per the C++ standard for 32-bit operands. This is an internal helper; all callers use fixed SHA-256 shift amounts (3, 10), so this precondition is always satisfied.

Definition at line 170 of file sha256_trace.cpp.

Member Data Documentation

◆ interactions

const InteractionDefinition bb::avm2::tracegen::Sha256TraceBuilder::interactions

static

Definition at line 19 of file sha256_trace.hpp.

◆ row

uint32_t bb::avm2::tracegen::Sha256TraceBuilder::row = 1

private

Definition at line 22 of file sha256_trace.hpp.

The documentation for this class was generated from the following files:

src/barretenberg/vm2/tracegen/sha256_trace.hpp
src/barretenberg/vm2/tracegen/sha256_trace.cpp

Public Member Functions

Static Public Attributes

Private Member Functions

Private Attributes

Detailed Description

Member Function Documentation

◆ compute_compression_with_witness()

◆ compute_sha256_output()

◆ compute_w_with_witness()

◆ into_limbs_with_witness()

◆ process()

◆ ror_with_witness()

◆ set_helper_cols()

◆ set_init_state_cols()

◆ set_state_cols()

◆ shr_with_witness()

Member Data Documentation

◆ interactions

◆ row