[one-shot implementation for discussion, not for merging]: feat(midnight-evm): add dispatcher-based partitioned verifier flow for Poseidon and IVC proofs#3
Open
jtcoolen wants to merge 62 commits intoEYBlockchain:mainfrom
Conversation
Align generated verifier source with Solidity 0.8.30 in the EVM codegen template. - Change the emitted contract pragma in SolidityAssemblyCode from 0.8.19 to 0.8.30.
Adjust local EVM execution helpers so oversized verifier contracts can be deployed and profiled in simulation. - Add serde_json dependency used by EVM utility flows. - Silence non-critical solc stderr output during bytecode compilation. - Relax revm code-size and gas-limit constraints in deploy_and_call for high-bytecode verifier benchmarks.
jtcoolen
changed the title
jtcoolen
force-pushed
the
julian@sharded-contract
branch
from
889312f to
1b2f7df
Compare
…ally Vendor the halo2-lib workspace under vendor/halo2-lib and route both axiom-crypto and jtcoolen halo2-lib sources to local halo2-base/halo2-ecc paths. This commit keeps the raw upstream snapshot state before applying the halo2-base BLS patches.
Apply upstream halo2-base commit 360a9d3 to the vendored tree so blsFr implements ScalarField in utils::scalar_field_impls.
Apply upstream halo2-base commit f56347d after 360a9d3, including 6-limb blsFq ScalarField support and halo2curves revision pinning in the vendored halo2-lib metadata.
Preserve the local vendored fix by reconstructing from little-endian bytes instead of assuming a [u64;4] representation.
Refresh Cargo.lock so halo2-base/halo2-ecc and halo2curves-axiom resolve to the pinned fork revisions deterministically.
Vendor halo2-base sources from jtcoolen/halo2-lib@f56347d without local modifications for reproducible builds.
Replace the hardcoded [u64;4] conversion with byte-based reconstruction so wider scalar fields are handled safely.
Migrate SDK proving/verifying type aliases and generic bounds from Bn256 to Bls12 across halo2 and EVM entry points.
Generalize EVM loader point encoding for wider base fields and update transcript IO sizing to distinguish proof-byte and EVM-memory representations.
Serialize G2 points as eight 32-byte words and update the EVM pairing call interface to consume the expanded layout.
Switch generated runtime precompile identifiers and calldata/returndata sizing to BLS12-381 G1/G2 operation layouts.
Use Prague EIP-2537 precompile addresses for BLS12-381 add, MSM, and pairing operations.
Remove the temporary legacy c1,c0 env-toggle path and keep a single canonical ordering for EVM pairing inputs.
Adjust limb decomposition parameters for BLS12-381 base-field arithmetic compatibility in halo2-ecc.
Align pinned toolchain with revm/alloy dependency MSRV requirements used by the BLS runtime path.
Update local EVM execution config/error reporting for Prague precompiles and tighten transcript runtime handling for allocated scalar/ec-point memory layout.
Update Cargo.lock to match runtime dependency/resolution changes introduced by the Prague revm hardening and toolchain alignment.
Capture solc stderr and include actionable diagnostics when bytecode generation fails or emits no output.
… memory Harden EVM transcript absorption and decoding for identity points and non-contiguous memory sources. - Re-copy disjoint memory-backed scalars/points into contiguous transcript buffer when required. - Encode/decode point-at-infinity via EVM (0,0) sentinel consistently in native transcript flow. - Add regression tests for identity encoding/decoding behavior.
…ntics Optimize and harden EVM loader arithmetic paths used by generated verifiers. - Route multi-scalar multiplication through batched G1MSM precompile calls. - Add reusable staticcall helper, identity-safe constant point encoding, and zero-preserving scalar negation. - Rewrite batch inversion flow to be zero-safe for aliased inputs and deterministic in memory-backed execution.
Keep the original arithmetization gate shape while moving the example flow to BLS12-381 params and EVM artifact generation/verification.
Factor reusable Halo2 layout and expression helpers so protocol builders can share remapping and selector logic. - Add shared system::halo2::layout and system::halo2::expression modules. - Switch Halo2 compiler internals to those helpers where metadata layout is unchanged. - Replace iter::repeat_n with explicit repeat().take() and simplify native assertion control flow.
Extend PLONK protocol metadata so verifier flows can represent transcript/layout variants without overloading legacy fields. - Add committed-instance and transcript extension fields on PlonkProtocol. - Extend quotient metadata with chunk base and optional fixed chunk count. - Wire Halo2 compiler defaults for the new metadata and re-export protocol types cleanly.
Extend PLONK proof parsing so protocols can hash committed-instance prefixes, bind optional instance lengths, and parse transcript extensions. - Add read_with_committed_instances entrypoint and shared committed-instance absorption flow. - Parse trailing challenges and extra commitments declared by protocol metadata. - Support ZnMinusOne quotient recombination and account for extra commitments in query indexing.
Add deterministic unit tests for committed-instance transcript absorption and placeholder behavior. - Verify committed-prefix plus hashed-length ordering in transcript writes. - Verify deterministic errors for committed layout mismatches. - Verify placeholder extension preserves declared instance-column layout.
Model Midnight trashcans explicitly in the protocol builder and include them in quotient construction. - Add trash_constraints() to compress each trashcan constraint vector with trash_challenge. - Gate trash equalities by selector and bind them to dedicated trash witness evaluations. - Fold trash constraints into the quotient numerator after gate/permutation/lookup constraints so verifier query/evaluation ordering remains aligned.
…urve types Introduce reusable conversion helpers used by the adapter bundle/protocol builder boundary. - Add field conversion utilities for Midnight Fq/Fp/Fp2 into halo2 Fr/Fq/Fq2 with encoding-length validation. - Add G1/G2 affine mapping helpers that preserve identity handling and coordinate validity checks. - Add committed-instance normalization to enforce VK instance-column shape before proof parsing. - Introduce midnight_adapter module exports and shared MidnightCommitment/HaloAs type aliases.
…ier flow Provide a single typed container for Midnight params, VK, committed instances, scalar instances, and proof bytes. - Add constructors from materialized VK and VK bytes (RawBytesUnchecked) with shared validation path. - Build snark-verifier deciding key/protocol from Midnight artifacts, including committed-instance column expansion semantics. - Add shared run_snark_verifier_flow helper for transcript parsing + verification across native/EVM paths. - Add verifier-params G2 decoding helper and strict trailing-bytes checks for processed param encoding.
…ldata Expose EVM-facing helper methods on MidnightProofBundle to materialize deployable verifier artifacts. - Build an EvmLoader by replaying Midnight proof parsing/verification with EVM transcript semantics. - Expose Solidity source generation, deployment bytecode compilation, and calldata encoding helpers. - Gate optional local revm deployment/call verification behind the revm feature. - Ensure committed-instance points are loaded only when present to preserve runtime code shape.
Add an SDK example that exercises the Midnight adapter from proof artifacts to generated EVM verifier outputs. - Add midnight_poseidon_evm example and transcript support helpers. - Wire example output handling for Solidity, bytecode, and calldata artifacts. - Update standard_plonk example wiring and gitignore entries required by generated assets.
Introduce reusable solc invocation paths for deployment and runtime bytecode generation. Persist emitted runtime statement blocks in SolidityAssemblyCode for later partitioning.
Extract reusable EVM codegen helpers for limb packing, point copying, sized staticcalls, and cached modexp inversion input setup. Remove dead BLS12-381 G1Add precompile path and keep behavior-focused helper refactors isolated from sharding feature additions.
Add sharded verifier artifact/manifest types and implement statement-range partitioning with compile-time EVM code-size checks. Emit dispatcher and shard Solidity/bytecode artifacts from EvmLoader and export the new artifact interfaces.
Normalize deploy/call match-arm formatting and interpolate reason/output values directly in error strings. Keep runtime behavior unchanged while reducing noise before introducing the unrolled-sharded executor path.
Add a revm execution path that deploys verifier shards, deploys the dispatcher with encoded shard addresses, and invokes verification calldata. Export the new unrolled-sharded deploy/call helper through evm util re-exports.
Add SDK APIs to produce unrolled-sharded verifier artifacts and execute sharded verifier calls in revm. Register the midnight_ivc_evm example target for reproducible sharded verifier flow usage.
Keep branch buildable after dropping e641f5b by replacing the remaining staticcall_with_lengths use in ec_point_multi_scalar_mul.
jtcoolen
force-pushed
the
julian@sharded-contract
branch
from
1b2f7df to
bc24c57
Compare
…arded runtime What: - Add transcript-focused tests in `snark-verifier/src/system/halo2/transcript/evm.rs`. - Add an IR-level guard that verifies transcript challenge checks are emitted into generated sharded Solidity artifacts. - Add revm-backed tests for per-operation Rust vs Solidity transcript trace matching and for sharded-contract transcript equivalence, including a negative control. Why: - We need stronger confidence that transcript semantics stay aligned between native Rust verification and generated EVM verifier code. - This catches regressions at both codegen/IR stage and runtime deployment stage. How: - Build deterministic scalar/identity-point transcript scenarios. - Compare challenge/hash evolution step-by-step for Rust and Solidity execution. - Inject explicit challenge equality checks into generated EVM loader output and assert pass/fail behavior in revm. Reproduce: - `cargo test -p snark-verifier --features revm -- --nocapture` - `cargo clippy -p snark-verifier --lib --tests --features revm -- -D warnings` Extent: - 1 file changed: `snark-verifier/src/system/halo2/transcript/evm.rs` Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
…, and sharded verifiers What: - Add a comprehensive `midnight_adapter::evm` test module under `snark-verifier-sdk`. - Build deterministic Midnight Poseidon proofs and collect the complete Rust verifier Fiat-Shamir challenge sequence. - Parse generated EVM verifier runtime to locate challenge stores, inject equality checks against Rust challenges, and assert behavior for: - unrolled Solidity verifier execution, - unrolled-sharded dispatcher+shard execution, - negative controls with a mutated challenge. - Extend coverage to a small case matrix: `(repeats=1, k=6, seed=7)`, `(1,6,11)`, `(4,8,7)`. Why: - We needed stronger end-to-end confidence that generated Solidity verifier flows preserve the same FS transcript as native Rust verification, not just a single-path sanity check. - The negative controls ensure the test actually detects transcript divergence. How: - Reuse `MidnightProofBundle` path to build verifier loaders from real proof artifacts. - Instrument the generated EVM program by appending transcript equality assertions at challenge memory locations. - Execute both unrolled and sharded verifiers in revm with the same calldata and validate pass/fail expectations. Reproduce: - `cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm midnight_poseidon_full_fiat_shamir_transcript_matches_rust_and_sharded_solidity -- --nocapture` - `cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm -- --nocapture` - `cargo clippy -p snark-verifier-sdk --lib --tests --features midnight,loader_evm,revm -- -D warnings` Extent: - 1 file changed: `snark-verifier-sdk/src/midnight_adapter/evm.rs` Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
What:
- Extend `snark-verifier-sdk/src/midnight_adapter/evm.rs` transcript tests to compare full Fiat-Shamir trace events, not only challenge vectors.
- Add trace event capture (`Absorb`, `Squeeze{hash,challenge}`) for a new `TracingMidnightEvmHash` used in Midnight verifier runs.
- Add native snark-verifier transcript wrapper that records the same full event stream and asserts recomputed hash->challenge consistency.
- Verify Midnight trace == snark-verifier trace, then enforce those expected challenges in both unrolled and sharded EVM verifier execution (plus mutated negative controls).
Why:
- Challenge-only checks can miss divergence in absorb ordering/bytes while still producing partial signals.
- Full event-stream equivalence gives stronger guarantees that transcript semantics match between Midnight verifier, Rust verifier flow, and generated Solidity verifier execution.
How:
- Instrument Midnight transcript hash implementation to store deterministic per-step events.
- Instrument native transcript wrapper to record absorbed bytes, squeeze hashes, and reduced challenges.
- Convert both into a common trace model and compare for exact equality before executing EVM verifiers.
- Keep existing multi-case matrix and both positive/negative execution checks.
Reproduce:
- `cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm midnight_poseidon_full_fiat_shamir_transcript_matches_rust_and_sharded_solidity -- --nocapture`
- `cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm -- --nocapture`
- `cargo clippy -p snark-verifier-sdk --lib --tests --features midnight,loader_evm,revm -- -D warnings`
Extent:
- 1 file changed: `snark-verifier-sdk/src/midnight_adapter/evm.rs`
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
What: - Vendors midnight-proofs v0.7.0 into vendor/midnight-proofs and patches crates-io resolution via Cargo.toml. - Exposes verifier-side trace internals needed by downstream tests (public fields/clone derives on verifier trace structs). - Adds plonk::prepare_with_trace returning VerifierAlgebraicTrace with parsed trace, sampled challenges, intermediate evaluations, and query count. Why: - We need deterministic access to Midnight verifier internals to compare Rust and Midnight verifier variable-level behavior, not only FS transcript squeezes. How: - Switched dependency to local path patch in root Cargo.toml. - Added a trace-producing verification path in vendor/midnight-proofs/src/plonk/verifier.rs. - Updated related verifier submodules (lookup/permutation/trash/vanishing/traces) to expose the data needed for assertions. Reproduce: - cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm midnight_poseidon_full_fiat_shamir_transcript_matches_rust_and_sharded_solidity -- --nocapture - cargo clippy -p snark-verifier-sdk --lib --tests --features midnight,loader_evm,revm -- -D warnings Extent: - 81 files changed, ~25.9k insertions (full crate vendor + trace API exposure). Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
…fier What: - Extends midnight_adapter EVM tests to collect a full verifier-variable trace from Midnight via prepare_with_trace. - Collects Rust-side verifier variables from PlonkProof parsing/verification. - Adds deterministic equivalence checks for challenge sequence, opening challenge (z == x), and ordered evaluation-read stream. - Preserves existing transcript equality checks and unrolled/sharded Solidity positive+negative controls. Why: - FS transcript equality alone can miss verifier-internal divergence. - This adds coverage for internal verifier state that directly drives algebraic checks and opening preparation. How: - Uses CircuitTranscript<TracingMidnightEvmHash> + vendor trace API to obtain Midnight verifier internals. - Replays snark-verifier parsing path with tracing transcript to extract corresponding Rust-side variables. - Normalizes values to EVM byte encoding and compares field-by-field in the test harness. Reproduce: - cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm midnight_poseidon_full_fiat_shamir_transcript_matches_rust_and_sharded_solidity -- --nocapture - cargo clippy -p snark-verifier-sdk --lib --tests --features midnight,loader_evm,revm -- -D warnings Extent: - 1 file changed in snark-verifier-sdk/src/midnight_adapter/evm.rs (+197/-36). Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
… trace What: - Extends the Midnight EVM transcript equivalence harness to parse challenge-store pointers from generated Solidity assembly. - Adds assembly extraction for both unrolled and sharded Solidity outputs. - Adds explicit assertion that assembly-derived challenge-store pointers match runtime-emitted challenge-store pointers before injecting runtime checks. - Keeps existing positive/negative revm execution checks for unrolled and sharded verifier paths. Why: - Runtime-only checks verify behavior, but do not directly validate that the IR→Solidity assembly pass preserves transcript challenge-store structure. - This closes that gap by binding assembly artifacts to the runtime trace points used for challenge assertions. How: - Added parsers for the pattern mstore(<ptr>, mod(hash, f_q)) in Solidity source and runtime blocks. - Added assert_assembly_trace_ptrs_match_runtime to compare normalized pointer sets. - Updated loader builders to perform assembly-vs-runtime validation first, then inject expected challenge checks on a fresh loader instance. Reproduce: - cargo test -p snark-verifier-sdk --lib --features midnight,loader_evm,revm midnight_poseidon_full_fiat_shamir_transcript_matches_rust_and_sharded_solidity -- --nocapture - cargo clippy -p snark-verifier-sdk --lib --tests --features midnight,loader_evm,revm -- -D warnings Extent: - 1 file changed: snark-verifier-sdk/src/midnight_adapter/evm.rs - 98 insertions, 9 deletions. Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Switch unrolled sharding from delegatecall to explicit state-carrying call semantics so memory-dependent shards remain sound, and harden dispatcher behavior for empty shard sets. Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
What: - add an ignored integration test at snark-verifier-sdk/tests/midnight_ivc_sharded_calldata_fuzz.rs - generate a real Midnight IVC bundle, build unrolled-sharded verifier artifacts, and deploy/call them in revm - assert baseline calldata verifies, then fuzz-mutate calldata bits and assert every mutated case fails Why: - lock in the sharded verifier safety invariant that invalid calldata must not verify - prevent regressions of the prior sharding bug where cross-shard state loss could make invalid inputs pass How: - reuse the IVC circuit/proof flow from the example to produce realistic artifacts and calldata - run deterministic fuzzing (ChaCha8Rng seed=7, 12 single-bit mutations) - validate failures via deploy_unrolled_sharded_and_call returning Err Reproduce: - cargo test -p snark-verifier-sdk --test midnight_ivc_sharded_calldata_fuzz --features midnight,loader_evm,revm -- --ignored --nocapture Extent: - test-only change, one new integration test file, no production code changes Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
What: - add snark-verifier-sdk/tests/midnight_keccak_transcript_alignment.rs - verify challenge outputs from MidnightEvmHash match snark-verifier EvmTranscript under EVM encoding semantics for scalar/ec-point absorbs Why: - transcript divergence across Midnight/native and generated Solidity semantics can silently break verification - this adds a direct regression guard on Fiat-Shamir challenge consistency at the SDK boundary How: - compute expected challenges with Midnight transcript hash (MidnightEvmHash) - replay identical absorbs/squeezes through EvmTranscript on NativeLoader - compare both challenge scalars after deterministic field repr conversion Reproduce: - cargo test -p snark-verifier-sdk --test midnight_keccak_transcript_alignment --features midnight,loader_evm -- --nocapture Extent: - test-only change; one new integration test file; no production code changes Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
What: - refactor IVC fuzz test to reuse generated artifacts via OnceLock cache - add structure-aware rejection corpus (zeroed/truncated/swapped payload variants) - add unrolled-vs-sharded differential verdict parity test on shared mutation corpus - add bytecode tampering checks for shard and dispatcher deployments Why: - single bit-flip fuzzing alone is a narrow guard and can miss acceptance-edge regressions - we need stronger guarantees that sharded verification rejects malformed calldata, stays behaviorally aligned with unrolled verification, and fails under artifact tampering How: - introduce helpers for artifact generation and acceptance checks (unrolled + sharded) - split mutations into rejection-required vs parity-only corpora - run multiple ignored slow tests that deploy artifacts in revm and assert explicit outcomes Reproduce: - cargo test -p snark-verifier-sdk --test midnight_ivc_sharded_calldata_fuzz --features midnight,loader_evm,revm -- --ignored --nocapture Extent: - test-only changes in one file: snark-verifier-sdk/tests/midnight_ivc_sharded_calldata_fuzz.rs - no production verifier/runtime code changes Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[Only the last 19 commits apply, the first commits come from #1 and #2]
Fixes https://github.com/EYBlockchain/Moonlight/issues/39
Summary
This PR introduces and hardens a dispatcher-based partitioned (referred to as unrolled-sharded below) verifier path for Midnight EVM examples, so we can run benchmarks even when a single unrolled verifier contract would exceed EVM deployment/runtime size limits.
truncate_scalar_to_128in the EVM loader.EvmLoader::code_mut()accessor required by transcript/decider code paths after history cleanup.Design / implementation details
What changed (core)
New sharded artifact types were added so codegen can return dispatcher + shards + sizing metadata:
snark-verifier/src/loader/evm/code.rs:8snark-verifier/src/loader/evm/code.rs:31SolidityAssemblyCodestarted tracking emitted runtime blocks (runtime_blocks) in addition to the flat runtime string, enabling splitting:snark-verifier/src/loader/evm/code.rs:54snark-verifier/src/loader/evm/code.rs:89Sharding algorithm
Implemented in
EvmLoader::unrolled_sharded_verifier_artifacts():snark-verifier/src/loader/evm/loader.rs:393Enforces EVM limits (24,576 runtime via EIP-170, 49,152 initcode via EIP-3860) and starts from coarse 64-statement groups:
snark-verifier/src/loader/evm/loader.rs:34snark-verifier/src/loader/evm/loader.rs:36Flow
Key functions
snark-verifier/src/loader/evm/loader.rs:267snark-verifier/src/loader/evm/loader.rs:283snark-verifier/src/loader/evm/loader.rs:324snark-verifier/src/loader/evm/loader.rs:357Contract architecture
Each shard is generated as its own Solidity fallback contract that executes only its statement range and returns a 32-byte success flag:
snark-verifier/src/loader/evm/loader.rs:107A dispatcher contract stores shard addresses and loops through them with
delegatecall, bubbling revert data and checking returned success:snark-verifier/src/loader/evm/loader.rs:136Deployment / execution path (REVM)
New REVM helper deploys all shard contracts, ABI-encodes
address[]constructor args for dispatcher, deploys dispatcher, then calls it with verifier calldata:snark-verifier/src/loader/evm/util/executor.rs:123snark-verifier/src/loader/evm/util/executor.rs:227compile_solidity_runtimewas added so runtime size can be checked during partitioning:snark-verifier/src/loader/evm/util.rs:112Public API exposure
Re-exports added for sharded artifacts and deploy helper:
snark-verifier/src/loader/evm.rs:7snark-verifier/src/loader/evm.rs:14SDK added:
snark-verifier-sdk/src/midnight_adapter/evm.rs:35snark-verifier-sdk/src/midnight_adapter/evm.rs:66Validation / adoption via examples
Poseidon example switched to writing dispatcher+shard artifacts and using sharded REVM verification:
snark-verifier-sdk/examples/midnight_poseidon_evm.rs:30snark-verifier-sdk/examples/midnight_poseidon_evm.rs:235New IVC example was added to stress large verifier code and compare unrolled vs sharded deployability against EIP limits:
snark-verifier-sdk/examples/midnight_ivc_evm.rs:403snark-verifier-sdk/examples/midnight_ivc_evm.rs:558Why
Monolithic unrolled IVC verifier bytecode exceeds EVM deploy limits, so on-chain-compatible benchmarking must use sharding.
Unrolled-sharded keeps dispatcher/shards deployable while preserving verifier semantics and giving realistic gas measurements.
Testing
1) Poseidon
cd snark-verifier-clean RUN_REVM=1 \ MIDNIGHT_EVM_MODE=unrolled-sharded \ MIDNIGHT_ARTIFACT_DIR=/tmp/midnight_poseidon_unrolled_sharded \ cargo +1.88.0 run --release \ --example midnight_poseidon_evm \ --features midnight,loader_evm,revm \ -p snark-verifier-sdk2) IVC
Note that the verifier contract does not check the final accumulator yet.
cd snark-verifier-clean RUN_REVM=1 \ MIDNIGHT_EVM_OUT_DIR=/tmp/midnight_ivc_unrolled_sharded \ cargo +1.88.0 run --release \ --example midnight_ivc_evm \ --features midnight,loader_evm,revm,truncated-challenges \ -p snark-verifier-sdk