Implement procedure for hashing arbitrary number of values

CHANGELOG.md

@@ -7,6 +7,8 @@
 
 #### Stdlib
 - Added `init_no_padding` procedure to `std::crypto::hashes::native` (#1313).
+- [BREAKING] `native` module was renamed to the `pro`, `hash_memory` procedure was renamed to the `hash_memory_words` (#1368).
+- Added `hash_memory` procedure to `std::crypto::hashes::rpo` (#1368).
 
 #### VM Internals
 - Removed unused `find_lone_leaf()` function from the Advice Provider (#1262).

air/src/constraints/chiplets/hasher/mod.rs

@@ -101,9 +101,9 @@ pub fn get_transition_constraint_count() -> usize {
 /// Enforces constraints for the hasher chiplet.
 ///
 /// - The `hasher_flag` determines if the hasher chiplet is currently enabled. It should be
-/// computed by the caller and set to `Felt::ONE`
+///   computed by the caller and set to `Felt::ONE`
 /// - The `transition_flag` indicates whether this is the last row this chiplet's execution trace,
-/// and therefore the constraints should not be enforced.
+///   and therefore the constraints should not be enforced.
 pub fn enforce_constraints<E: FieldElement<BaseField = Felt>>(
     frame: &EvaluationFrame<E>,
     periodic_values: &[E],

air/src/constraints/stack/field_ops/mod.rs

@@ -188,7 +188,7 @@ pub fn enforce_incr_constraints<E: FieldElement>(
 /// enforced:
 /// - The top element should be a binary. It is enforced as a general constraint.
 /// - The first element of the next frame should be a binary not of the first element of
-/// the current frame. s0` + s0 = 1.
+///   the current frame. s0` + s0 = 1.
 pub fn enforce_not_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],
@@ -207,7 +207,7 @@ pub fn enforce_not_constraints<E: FieldElement>(
 /// Enforces constraints of the AND operation. The AND operation computes the bitwise and of the
 /// first two elements in the current trace. Therefore, the following constraints are enforced:
 /// - The top two element in the current frame of the stack should be binary. s0^2 - s0 = 0,
-/// s1^2 - s1 = 0. The top element is binary or not is enforced as a general constraint.
+///   s1^2 - s1 = 0. The top element is binary or not is enforced as a general constraint.
 /// - The first element of the next frame should be a binary and of the first two elements in the
 ///   current frame. s0` - s0 * s1 = 0.
 pub fn enforce_and_constraints<E: FieldElement>(
@@ -234,7 +234,7 @@ pub fn enforce_and_constraints<E: FieldElement>(
 /// Enforces constraints of the OR operation. The OR operation computes the bitwise or of the
 /// first two elements in the current trace. Therefore, the following constraints are enforced:
 /// - The top two element in the current frame of the stack should be binary. s0^2 - s0 = 0,
-/// s1^2 - s1 = 0. The top element is binary or not is enforced as a general constraint.
+///   s1^2 - s1 = 0. The top element is binary or not is enforced as a general constraint.
 /// - The first element of the next frame should be a binary or of the first two elements in the
 ///   current frame. s0` - ( s0 + s1 - s0 * s1 ) = 0.
 pub fn enforce_or_constraints<E: FieldElement>(
@@ -324,7 +324,7 @@ pub fn enforce_eqz_constraints<E: FieldElement>(
 ///   constraint.
 /// - The exp value in the next frame should be the square of exp value in the current frame.
 /// - The accumulation value in the next frame is the product of the accumulation value in the
-/// current frame and the value which needs to be included in this turn.
+///   current frame and the value which needs to be included in this turn.
 /// - The b value is right shifted by 1 bit.
 pub fn enforce_expacc_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,

air/src/constraints/stack/op_flags/mod.rs

@@ -100,7 +100,7 @@ impl<E: FieldElement> OpFlags<E> {
     /// - composite flag for the stack if the stack has been shifted to the right.
     /// - composite flag if the current operation being executed is a control flow operation or not.
     /// - composite flag if the current operation being executed has a binary element constraint on
-    /// the top element in the stack.
+    ///   the top element in the stack.
     pub fn new(frame: &EvaluationFrame<E>) -> Self {
         // intermediary array to cache the value of intermediate flags.
         let mut degree7_op_flags = [E::ZERO; NUM_DEGREE_7_OPS];

air/src/constraints/stack/overflow/mod.rs

@@ -93,7 +93,7 @@ pub fn enforce_stack_depth_constraints<E: FieldElement>(
 /// Enforces constraints on the overflow flag h0. Therefore, the following constraints
 /// are enforced:
 /// - If overflow table has values, then, h0 should be set to ONE, otherwise it should
-/// be ZERO.
+///   be ZERO.
 pub fn enforce_overflow_flag_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],
@@ -108,9 +108,9 @@ pub fn enforce_overflow_flag_constraints<E: FieldElement>(
 
 /// Enforces constraints on the bookkeeping index `b1`. The following constraints are enforced:
 /// - In the case of a right shift operation, the next b1 index should be updated with current
-/// `clk` value.
+///   `clk` value.
 /// - In the case of a left shift operation, the last stack item should be set to ZERO when the
-/// depth of the stack is 16.
+///   depth of the stack is 16.
 pub fn enforce_overflow_index_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],

air/src/constraints/stack/stack_manipulation/mod.rs

@@ -94,7 +94,7 @@ pub fn enforce_pad_constraints<E: FieldElement>(
 /// at depth n in the stack and pushes the copy onto the stack, whereas MOVUPn opearation moves the
 /// element at depth n to the top of the stack. Therefore, the following constraints are enforced:
 /// - The top element in the next frame should be equal to the element at depth n in the
-/// current frame. s0` - sn = 0.
+///   current frame. s0` - sn = 0.
 pub fn enforce_dup_movup_n_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],
@@ -245,7 +245,7 @@ pub fn enforce_swapwx_constraints<E: FieldElement>(
 /// Enforces constraints of the MOVDNn operation. The MOVDNn operation moves the top element
 /// to depth n in the stack. Therefore, the following constraints are enforced:
 /// - The top element in the current frame should be equal to the element at depth n in the
-/// next frame. s0 - sn` = 0.
+///   next frame. s0 - sn` = 0.
 pub fn enforce_movdnn_constraints<E: FieldElement>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],

air/src/constraints/stack/u32_ops/mod.rs

@@ -120,7 +120,7 @@ pub fn enforce_u32split_constraints<E: FieldElement<BaseField = Felt>>(
 /// elements in the current trace of the stack. Therefore, the following constraints are
 /// enforced:
 /// - The aggregation of limbs from the helper registers is equal to the sum of the top two
-/// element in the stack.
+///   element in the stack.
 pub fn enforce_u32add_constraints<E: FieldElement<BaseField = Felt>>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],
@@ -141,7 +141,7 @@ pub fn enforce_u32add_constraints<E: FieldElement<BaseField = Felt>>(
 /// elements in the current trace of the stack. Therefore, the following constraints are
 /// enforced:
 /// - The aggregation of limbs from the helper registers is equal to the sum of the top three
-/// elements in the stack.
+///   elements in the stack.
 pub fn enforce_u32add3_constraints<E: FieldElement<BaseField = Felt>>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],
@@ -290,9 +290,9 @@ pub fn enforce_check_element_validity<E: FieldElement<BaseField = Felt>>(
 /// are aggregated correctly or not. Therefore, the following constraints are enforced:
 /// - The aggregation of lower two lower 16-bits limbs in the helper registers is equal to the
 ///   second
-/// element in the next row.
+///   element in the next row.
 /// - The aggregation of lower two upper 16-bits limbs in the helper registers is equal to the first
-/// element in the next row.
+///   element in the next row.
 pub fn enforce_limbs_agg<E: FieldElement<BaseField = Felt>>(
     frame: &EvaluationFrame<E>,
     result: &mut [E],

assembly/src/assembler/mod.rs

@@ -77,12 +77,12 @@ pub enum ArtifactKind {
 /// </div>
 ///
 /// * If you have a single executable module you want to compile, just call [Assembler::compile] or
-/// [Assembler::compile_ast], depending on whether you have source code in raw or parsed form.
+///   [Assembler::compile_ast], depending on whether you have source code in raw or parsed form.
 ///
 /// * If you want to link your executable to a few other modules that implement supporting
-/// procedures, build the assembler with them first, using the various builder methods on
-/// [Assembler], e.g. [Assembler::with_module], [Assembler::with_library], etc. Then, call
-/// [Assembler::compile] or [Assembler::compile_ast] to get your compiled program.
+///   procedures, build the assembler with them first, using the various builder methods on
+///   [Assembler], e.g. [Assembler::with_module], [Assembler::with_library], etc. Then, call
+///   [Assembler::compile] or [Assembler::compile_ast] to get your compiled program.
 pub struct Assembler {
     /// The global [ModuleGraph] for this assembler. All new [AssemblyContext]s inherit this graph
     /// as a baseline.

assembly/src/assembler/module_graph/rewrites/module.rs

@@ -18,8 +18,8 @@ use crate::{
 /// added to a [ModuleGraph]. These rewrites include:
 ///
 /// * Resolving, at least partially, all of the invocation targets in procedures of the module, and
-/// rewriting those targets as concretely as possible OR as phantom calls representing procedures
-/// referenced by MAST root for which we have no definition.
+///   rewriting those targets as concretely as possible OR as phantom calls representing procedures
+///   referenced by MAST root for which we have no definition.
 pub struct ModuleRewriter<'a, 'b: 'a> {
     resolver: &'a NameResolver<'b>,
     module_id: ModuleIndex,

assembly/src/ast/module.rs

@@ -46,11 +46,11 @@ pub enum ModuleKind {
     /// A kernel is like a library module, but is special in a few ways:
     ///
     /// * Its code always executes in the root context, so it is stateful in a way that normal
-    /// libraries cannot replicate. This can be used to provide core services that would otherwise
-    /// not be possible to implement.
+    ///   libraries cannot replicate. This can be used to provide core services that would otherwise
+    ///   not be possible to implement.
     ///
     /// * The procedures exported from the kernel may be the target of the `syscall` instruction,
-    /// and in fact _must_ be called that way.
+    ///   and in fact _must_ be called that way.
     ///
     /// * Kernels may not use `syscall` or `call` instructions internally.
     Kernel = 2,
@@ -294,7 +294,7 @@ impl Module {
     ///
     /// * The module was constructed in-memory via AST structures, and not derived from source code.
     /// * The module was serialized without debug info, and then deserialized. Without debug info,
-    /// the source code is lost when round-tripping through serialization.
+    ///   the source code is lost when round-tripping through serialization.
     pub fn source_file(&self) -> Option<Arc<SourceFile>> {
         self.source_file.clone()
     }

assembly/src/ast/visit.rs

@@ -22,16 +22,15 @@
 //! of the visitor, but here are some examples:
 //!
 //! 1. When implementing a visitor that performs constant folding/propagation, you need to visit the
-//! operands of an expression before the operator, in order to determine whether it is possible to
-//! fold, and if so, what the actual values of the operands are. As a result, this is implemented as
-//! a postorder visitor, so that the AST node corresponding to the expression is rewritten after all
-//! of it's children.
+//!    operands of an expression before the operator, in order to determine whether it is possible
+//!    to fold, and if so, what the actual values of the operands are. As a result, this is
+//!    implemented as a postorder visitor, so that the AST node corresponding to the expression is
+//!    rewritten after all of it's children.
 //!
 //! 2. When implementing an analysis based on lexical scope, it is necessary to "push down" context
-//!    from
-//! the root to the leaves of the AST - the context being the contents of each AST nodes inherited
-//! scope. As a result, this is implemented as a preorder traversal, so that the context at each
-//! node can be computed before visiting the children of that node.
+//!    from the root to the leaves of the AST - the context being the contents of each AST nodes
+//!    inherited scope. As a result, this is implemented as a preorder traversal, so that the
+//!    context at each node can be computed before visiting the children of that node.
 //!
 //! In both cases, the implementor must call the free function corresponding to the _current_ AST
 //! node at the appropriate point (i.e. before/after executing the logic for the node), so that the

processor/src/chiplets/mod.rs

@@ -37,43 +37,44 @@ mod tests;
 /// chiplet selectors.
 ///
 /// The module's trace can be thought of as 5 stacked chiplet segments in the following form:
-/// * Hasher segment: contains the trace and selector for the hasher chiplet *
-/// This segment fills the first rows of the trace up to the length of the hasher `trace_len`.
-/// - column 0: selector column with values set to ZERO
-/// - columns 1-17: execution trace of hash chiplet
+/// * Hasher segment: contains the trace and selector for the hasher chiplet.\
+///   This segment fills the first rows of the trace up to the length of the hasher `trace_len`.
+///   - column 0: selector column with values set to ZERO
+///   - columns 1-17: execution trace of hash chiplet
 ///
-/// * Bitwise segment: contains the trace and selectors for the bitwise chiplet *
-/// This segment begins at the end of the hasher segment and fills the next rows of the trace for
-/// the `trace_len` of the bitwise chiplet.
-/// - column 0: selector column with values set to ONE
-/// - column 1: selector column with values set to ZERO
-/// - columns 2-14: execution trace of bitwise chiplet
-/// - columns 15-17: unused columns padded with ZERO
+/// * Bitwise segment: contains the trace and selectors for the bitwise chiplet.\
+///   This segment begins at the end of the hasher segment and fills the next rows of the trace for
+///   the `trace_len` of the bitwise chiplet.
+///   - column 0: selector column with values set to ONE
+///   - column 1: selector column with values set to ZERO
+///   - columns 2-14: execution trace of bitwise chiplet
+///   - columns 15-17: unused columns padded with ZERO
 ///
-/// * Memory segment: contains the trace and selectors for the memory chiplet *
-/// This segment begins at the end of the bitwise segment and fills the next rows of the trace for
-/// the `trace_len` of the memory chiplet.
-/// - column 0-1: selector columns with values set to ONE
-/// - column 2: selector column with values set to ZERO
-/// - columns 3-14: execution trace of memory chiplet
-/// - columns 15-17: unused column padded with ZERO
+/// * Memory segment: contains the trace and selectors for the memory chiplet.\
+///   This segment begins at the end of the bitwise segment and fills the next rows of the trace for
+///   the `trace_len` of the memory chiplet.
+///   - column 0-1: selector columns with values set to ONE
+///   - column 2: selector column with values set to ZERO
+///   - columns 3-14: execution trace of memory chiplet
+///   - columns 15-17: unused column padded with ZERO
 ///
-/// * Kernel ROM segment: contains the trace and selectors for the kernel ROM chiplet *
-/// This segment begins at the end of the memory segment and fills the next rows of the trace for
-/// the `trace_len` of the kernel ROM chiplet.
-/// - column 0-2: selector columns with values set to ONE
-/// - column 3: selector column with values set to ZERO
-/// - columns 4-9: execution trace of kernel ROM chiplet
-/// - columns 10-17: unused column padded with ZERO
+/// * Kernel ROM segment: contains the trace and selectors for the kernel ROM chiplet.\
+///   This segment begins at the end of the memory segment and fills the next rows of the trace for
+///   the `trace_len` of the kernel ROM chiplet.
+///   - column 0-2: selector columns with values set to ONE
+///   - column 3: selector column with values set to ZERO
+///   - columns 4-9: execution trace of kernel ROM chiplet
+///   - columns 10-17: unused column padded with ZERO
 ///
-/// * Padding segment: unused *
-/// This segment begins at the end of the kernel ROM segment and fills the rest of the execution
-/// trace minus the number of random rows. When it finishes, the execution trace should have
-/// exactly enough rows remaining for the specified number of random rows.
-/// - columns 0-3: selector columns with values set to ONE
-/// - columns 3-17: unused columns padded with ZERO
+/// * Padding segment: unused.\
+///   This segment begins at the end of the kernel ROM segment and fills the rest of the execution
+///   trace minus the number of random rows. When it finishes, the execution trace should have
+///   exactly enough rows remaining for the specified number of random rows.
+///   - columns 0-3: selector columns with values set to ONE
+///   - columns 3-17: unused columns padded with ZERO
 ///
 /// The following is a pictorial representation of the chiplet module:
+/// ```text
 ///             +---+-------------------------------------------------------+-------------+
 ///             | 0 |                   |                                   |-------------|
 ///             | . |  Hash chiplet     |       Hash chiplet                |-------------|
@@ -111,6 +112,7 @@ mod tests;
 ///             | . | . | . | . |---------------------------------------------------------|
 ///             | 1 | 1 | 1 | 1 |---------------------------------------------------------|
 ///             +---+---+---+---+---------------------------------------------------------+
+/// ```
 pub struct Chiplets {
     /// Current clock cycle of the VM.
     clk: u32,

processor/src/decoder/mod.rs

@@ -309,7 +309,7 @@ where
 ///   of these columns contains a single binary value, which together form a single opcode.
 /// * Hasher state columns h0 through h7. These are multi purpose columns used as follows:
 ///   - When starting decoding of a new code block (e.g., via JOIN, SPLIT, LOOP, SPAN operations)
-///    these columns are used for providing inputs for the current block's hash computations.
+///     these columns are used for providing inputs for the current block's hash computations.
 ///   - When finishing decoding of a code block (i.e., via END operation), these columns are used to
 ///     record the result of the hash computation.
 ///   - Inside a SPAN block, the first two columns are used to keep track of un-executed operations

processor/src/host/advice/injectors/dsa.rs

@@ -10,7 +10,7 @@ use super::super::{ExecutionError, Felt, Word};
 /// 2. The expanded public key represented as the coefficients of a polynomial of degree < 512.
 /// 3. The signature represented as the coefficients of a polynomial of degree < 512.
 /// 4. The product of the above two polynomials in the ring of polynomials with coefficients
-/// in the Miden field.
+///    in the Miden field.
 ///
 /// # Errors
 /// Will return an error if either:

processor/src/operations/comb_ops.rs

@@ -45,17 +45,17 @@ where
     /// Here:
     ///
     /// 1. Ti for i in 0..=7 stands for the the value of the i-th trace polynomial for the current
-    ///  query i.e. T_i(x).
+    ///    query i.e. T_i(x).
     /// 2. (p0, p1) stands for an extension field element accumulating the values for the quotients
-    ///  with common denominator (x - z).
+    ///    with common denominator (x - z).
     /// 3. (r0, r1) stands for an extension field element accumulating the values for the quotients
-    ///  with common denominator (x - gz).
+    ///    with common denominator (x - gz).
     /// 4. x_addr is the memory address from which we are loading the Ti's using the MSTREAM
-    ///  instruction.
+    ///    instruction.
     /// 5. z_addr is the memory address to the i-th OOD evaluations at z and gz
-    ///  i.e. T_i(z):= (T_i(z)0, T_i(z)1) and T_i(gz):= (T_i(gz)0, T_i(gz)1).
+    ///    i.e. T_i(z):= (T_i(z)0, T_i(z)1) and T_i(gz):= (T_i(gz)0, T_i(gz)1).
     /// 6. a_addr is the memory address of the i-th random element alpha_i used in batching
-    ///  the trace polynomial quotients.
+    ///    the trace polynomial quotients.
     ///
     /// The instruction also makes use of the helper registers to hold the values of T_i(z), T_i(gz)
     /// and alpha_i during the course of its execution.