refactor: swap Goldilocks re-export to the Felt type unified for off-chain and on-chain code

[greenhat]

Close #771

This PR swaps the p3_goldilocks::Goldilocks as Felt re-export to the wrapper Felt(p3_goldilocks::Goldilocks) type for non-Miden targets. For the Miden target Felt(f32) is compiled (see explanation in #771).
Besides that Word type is changed to have the WIT-compatible shape (struct with a named field).

All Felt methods and implemented traits are delegating everything to the underlying Goldilocks type and its trait implementations. So the Felt should be 100% API equivalent to the Goldilocks type and can be used as a drop-in replacement. This allows us to release it as a v0.22.x patch version so that it can be included in VM v0.21 release. That's why I made this PR against the main branch.

The corresponding PR in the VM repo that updates VM to the version of miden-crypto from this branch is 0xMiden/miden-vm#2649.

The corresponding PR in the compiler repo migrating to the miden-field crate from this PR is 0xMiden/compiler#923

In the follow-up PRs:

• Remove the Serializable/Deserializable impl for Goldilocks in the miden-serde-utils crate (via refactor: swap Goldilocks re-export to the Felt type unified for off-chain and on-chain code #819 (comment))

[huitseeker]

Some concerns with unsafe conversions, and questions inline.

[huitseeker]

The cast from &(Felt, Felt, Felt, Felt) to &[Felt; 4] indeed assumes identical memory layout, but Rust does not guarantee tuple layout. This could lead to UB if the compiler changes layout.

I'd suggest adding compile-time assertions like const_assert!(size_of::<(Felt, Felt, Felt, Felt)>() == size_of::<[Felt; 4]>()); at least (and a proptest) to verify the assumption of equivalence at build (/test) time.

[greenhat]

Thank you! I converted the Word type to have named fields instead of a tuple and added a test with a roundtrip in 0e06cae.

[huitseeker]

words_as_elements casts &[Word] to &[Felt] via raw pointer. With #[repr(C, align(16))] on Word, this assumes no padding between elements and specific field ordering. Suggest adding const_assert! checks for size and alignment, or using the safe words_as_elements_iter instead where performance allows.

[greenhat]

Addressed above in #819 (comment)

[huitseeker]

The new miden-field crate has no tests. Since this is cryptographic code used throughout the codebase, consider adding unit tests for both the native and WASM implementations to ensure correctness of field operations.

[bobbinth]

I'm not sure adding tests for miden target would be possible here since implementation of these methods would be delegated to compiler intrinsics. IIUC, this would require the whole compiler pipeline to be present. So, maybe a better places for these is in the compiler repo?

For native implementation, I think the main thing we'd be testing is that we didn't mix up delegated function calls. Maybe there is a way to add a couple of tests which would run all (most?) operations on some random elements and make sure we get the same result for Felt and native Goldilocks?

[greenhat]

The miden target tests for Felt are living in the compiler repo since they are implemented in the compiler intrinsics which mostly delegate to the VM ops. We have a proptest test suite where we test individual ops and they are also covered in the integration test suite where we are compiling and running some contracts.

For native implementation, the only thing worth testing is that we're delegating properly to the underlying Goldilocks implementation. I'll come up with something.

[huitseeker]

Would it not be possible to use:

  #[repr(C)]
  pub struct Word {
      a: Felt,
      b: Felt,
      c: Felt,
      d: Felt,
  }

from a WIT PoV, or do you need the tuple?

Because that is layout-compatible with [Felt; 4].

[greenhat]

Thank you! From the WIT it does not have to be a tuple, so I changed it to your suggestion.

[bobbinth]

Looks good! Thank you! Not a full review yet, but I left some comments inline.

[bobbinth]

Could this not be just:

pub fn rand_u64() -> u64 {
    rand::random()
}

And if so, maybe we can just use rand::random() instead of this function directly?

[greenhat]

Sure. I also planned to convert the existing tests to proptest in this PR as well. Although it might be better to do it in the new PR.

[bobbinth]

I did a very cursory review of this file.

[greenhat]

Thank you for the review! I've gone through all the review notes and implemented some of them right away and put the rest in the TODO in the PR desc. I'll be going through the TODO and will ping you when I'm done.

The notable change that I made after the @huitseeker review was to move the Word type to the miden-field crate. To avoid compiling miden-crypto and its dependencies for the miden (on-chain) target.

I organized the commits addressing the review notes to make it easier to review so I suggest reviewing the changes on a per-commit basis.

[huitseeker]

On wasm+miden, word! still expands to Word::parse, but parse is behind cfg(not(all(target_family = "wasm", miden))). I think that breaks compile for on-chain users. Please gate word! for this target or add a Miden-safe parse path.

[huitseeker]

Small: Word::reversed() has no direct test. A short round-trip test would lock the behavior.

[greenhat]

Done in a897b5b

[greenhat]

On wasm+miden, word! still expands to Word::parse, but parse is behind cfg(not(all(target_family = "wasm", miden))). I think that breaks compile for on-chain users. Please gate word! for this target or add a Miden-safe parse path.

Thank you! Done in 04f5af6

[greenhat]

I addressed all the review notes and this PR is ready.

Since my last comment at #819 (comment) I did (notable):

• Added impl Arbitrary for Felt;
• Tests the native Felt properly delegating everything to the underlying Goldilocks implementation;
• Converted the tests to proptest in miden-field/src/word/tests.rs;
• Tested this branch in the VM chore: update miden-crypto (with unified Felt type) miden-vm#2649 and compiler Switch to the miden-field from miden-crypto repo compiler#923 branches;

I tried to structure the commits for reviewing so I suggest reviewing the changes on a per-commit basis.

[huitseeker]

Most everything looks good, I think we're just missing the NEG_ONE, thank you!

[huitseeker]

The native implementation has NEG_ONE constant but this WASM implementation is missing it. This could cause compilation failures for code that expects it to be available. Should we add it for API parity?

[greenhat]

Good catch! But since Felt for miden target is a wrapper on f32 there is no way to encode the 2^64 - 2^32 using the Rust const because it'd involve a call to the compiler intrinsics.

[huitseeker]

nit: This accepts any value (even empty string) for MIDENC_TARGET_IS_MIDEN_VM. Consider checking for a non-empty value, true or 1 to avoid accidentally triggering the miden target when the variable is set but empty.

[greenhat]

Good catch! Thanks! Done in 7e5a2cb

[huitseeker]

nit: Consider adding compile-time assertions to verify that size_of::<Word>() == 4 * size_of::<Felt>() and that fields have no padding. This would catch layout changes at compile time rather than risking UB. The static_assertions crate or a simple const _: () = assert!(...) could work here.

[greenhat]

Added in 59dadc1

[greenhat]

Most everything looks good, I think we're just missing the NEG_ONE, thank you!

Thank you! I addressed all your notes.

[huitseeker]

Thanks a bunch!

[bobbinth]

Looks good! Thank you! I left one question inline.