feat: remove total logs len from pre tail kernels + add to L1

barretenberg/cpp/src/barretenberg/vm/avm_trace/aztec_constants.hpp

@@ -116,15 +116,15 @@ const size_t PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH =
     MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL + MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL + 1 +
     (L2_TO_L1_MESSAGE_LENGTH * MAX_NEW_L2_TO_L1_MSGS_PER_CALL) + 2 +
     (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_CALL) + (LOG_HASH_LENGTH * MAX_ENCRYPTED_LOGS_PER_CALL) +
-    (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + 2 + HEADER_LENGTH + TX_CONTEXT_LENGTH;
+    (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + HEADER_LENGTH + TX_CONTEXT_LENGTH;
 const size_t PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH =
     CALL_CONTEXT_LENGTH + 2 + (READ_REQUEST_LENGTH * MAX_NULLIFIER_READ_REQUESTS_PER_CALL) +
     (READ_REQUEST_LENGTH * MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL) +
     (CONTRACT_STORAGE_UPDATE_REQUEST_LENGTH * MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL) +
     (CONTRACT_STORAGE_READ_LENGTH * MAX_PUBLIC_DATA_READS_PER_CALL) + MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL +
     (NOTE_HASH_LENGTH * MAX_NEW_NOTE_HASHES_PER_CALL) + (NULLIFIER_LENGTH * MAX_NEW_NULLIFIERS_PER_CALL) +
     (L2_TO_L1_MESSAGE_LENGTH * MAX_NEW_L2_TO_L1_MSGS_PER_CALL) + 2 + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) +
-    1 + HEADER_LENGTH + GLOBAL_VARIABLES_LENGTH + AZTEC_ADDRESS_LENGTH + /* revert_code */ 1 + 2 * GAS_LENGTH +
+    HEADER_LENGTH + GLOBAL_VARIABLES_LENGTH + AZTEC_ADDRESS_LENGTH + /* revert_code */ 1 + 2 * GAS_LENGTH +
     /* transaction_fee */ 1;
 const size_t PRIVATE_CALL_STACK_ITEM_LENGTH =
     AZTEC_ADDRESS_LENGTH + FUNCTION_DATA_LENGTH + PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH;
@@ -149,15 +149,15 @@ const size_t PRIVATE_ACCUMULATED_DATA_LENGTH =
     (SCOPED_NOTE_HASH_LENGTH * MAX_NEW_NOTE_HASHES_PER_TX) + (SCOPED_NULLIFIER_LENGTH * MAX_NEW_NULLIFIERS_PER_TX) +
     (MAX_NEW_L2_TO_L1_MSGS_PER_TX * SCOPED_L2_TO_L1_MESSAGE_LENGTH) +
     (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_TX) + (LOG_HASH_LENGTH * MAX_ENCRYPTED_LOGS_PER_TX) +
-    (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_TX) + 2 + (CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX) +
+    (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_TX) + (CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX) +
     (CALL_REQUEST_LENGTH * MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX);
 const size_t PRIVATE_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH =
     1 + VALIDATION_REQUESTS_LENGTH + PRIVATE_ACCUMULATED_DATA_LENGTH + COMBINED_CONSTANT_DATA_LENGTH +
     CALL_REQUEST_LENGTH + AZTEC_ADDRESS_LENGTH;
 const size_t PUBLIC_ACCUMULATED_DATA_LENGTH =
     (MAX_NEW_NOTE_HASHES_PER_TX * NOTE_HASH_LENGTH) + (MAX_NEW_NULLIFIERS_PER_TX * NULLIFIER_LENGTH) +
     (MAX_NEW_L2_TO_L1_MSGS_PER_TX * 1) + (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_TX) +
-    (MAX_ENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH) + (MAX_UNENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH) + 2 +
+    (MAX_ENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH) + (MAX_UNENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH) +
     (MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX * PUBLIC_DATA_UPDATE_REQUEST_LENGTH) +
     (MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX * CALL_REQUEST_LENGTH) + GAS_LENGTH;
 const size_t PUBLIC_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH =

l1-contracts/src/core/libraries/ConstantsGen.sol

@@ -148,7 +148,7 @@ library Constants {
     + (L2_TO_L1_MESSAGE_LENGTH * MAX_NEW_L2_TO_L1_MSGS_PER_CALL) + 2
     + (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_CALL)
     + (LOG_HASH_LENGTH * MAX_ENCRYPTED_LOGS_PER_CALL)
-    + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + 2 + HEADER_LENGTH + TX_CONTEXT_LENGTH;
+    + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + HEADER_LENGTH + TX_CONTEXT_LENGTH;
   uint256 internal constant PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH = CALL_CONTEXT_LENGTH + 2
     + (READ_REQUEST_LENGTH * MAX_NULLIFIER_READ_REQUESTS_PER_CALL)
     + (READ_REQUEST_LENGTH * MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL)
@@ -157,7 +157,7 @@ library Constants {
     + MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL + (NOTE_HASH_LENGTH * MAX_NEW_NOTE_HASHES_PER_CALL)
     + (NULLIFIER_LENGTH * MAX_NEW_NULLIFIERS_PER_CALL)
     + (L2_TO_L1_MESSAGE_LENGTH * MAX_NEW_L2_TO_L1_MSGS_PER_CALL) + 2
-    + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + 1 + HEADER_LENGTH + GLOBAL_VARIABLES_LENGTH
+    + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_CALL) + HEADER_LENGTH + GLOBAL_VARIABLES_LENGTH
     + AZTEC_ADDRESS_LENGTH /* revert_code */ + 1 + 2 * GAS_LENGTH /* transaction_fee */ + 1;
   uint256 internal constant PRIVATE_CALL_STACK_ITEM_LENGTH =
     AZTEC_ADDRESS_LENGTH + FUNCTION_DATA_LENGTH + PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH;
@@ -186,7 +186,7 @@ library Constants {
     + (MAX_NEW_L2_TO_L1_MSGS_PER_TX * SCOPED_L2_TO_L1_MESSAGE_LENGTH)
     + (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_TX)
     + (LOG_HASH_LENGTH * MAX_ENCRYPTED_LOGS_PER_TX) + (LOG_HASH_LENGTH * MAX_UNENCRYPTED_LOGS_PER_TX)
-    + 2 + (CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX)
+    + (CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX)
     + (CALL_REQUEST_LENGTH * MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX);
   uint256 internal constant PRIVATE_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = 1
     + VALIDATION_REQUESTS_LENGTH + PRIVATE_ACCUMULATED_DATA_LENGTH + COMBINED_CONSTANT_DATA_LENGTH
@@ -196,7 +196,7 @@ library Constants {
   ) + (MAX_NEW_NULLIFIERS_PER_TX * NULLIFIER_LENGTH) + (MAX_NEW_L2_TO_L1_MSGS_PER_TX * 1)
     + (NOTE_LOG_HASH_LENGTH * MAX_NOTE_ENCRYPTED_LOGS_PER_TX)
     + (MAX_ENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH) + (MAX_UNENCRYPTED_LOGS_PER_TX * LOG_HASH_LENGTH)
-    + 2 + (MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX * PUBLIC_DATA_UPDATE_REQUEST_LENGTH)
+    + (MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX * PUBLIC_DATA_UPDATE_REQUEST_LENGTH)
     + (MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX * CALL_REQUEST_LENGTH) + GAS_LENGTH;
   uint256 internal constant PUBLIC_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = VALIDATION_REQUESTS_LENGTH
     + PUBLIC_ACCUMULATED_DATA_LENGTH + PUBLIC_ACCUMULATED_DATA_LENGTH + COMBINED_CONSTANT_DATA_LENGTH

l1-contracts/src/core/libraries/Errors.sol

@@ -51,6 +51,9 @@ library Errors {
   error Registry__RollupNotRegistered(address rollup); // 0xa1fee4cf
   error Registry__RollupAlreadyRegistered(address rollup); // 0x3c34eabf
 
+  //TxsDecoder
+  error TxsDecoder__InvalidLogsLength(uint256 expected, uint256 actual); // 0x829ca981
+
   // HeaderLib
   error HeaderLib__InvalidHeaderSize(uint256 expected, uint256 actual); // 0xf3ccb247
 

l1-contracts/src/core/libraries/decoders/TxsDecoder.sol

@@ -3,6 +3,7 @@
 pragma solidity >=0.8.18;
 
 // Libraries
+import {Errors} from "../Errors.sol";
 import {Constants} from "../ConstantsGen.sol";
 import {Hash} from "../Hash.sol";
 
@@ -53,6 +54,8 @@ library TxsDecoder {
     uint256 nullifier;
     uint256 l2ToL1Msgs;
     uint256 publicData;
+    uint256 encryptedLogsLength;
+    uint256 unencryptedLogsLength;
   }
 
   struct Counts {
@@ -66,6 +69,9 @@ library TxsDecoder {
   struct ConsumablesVars {
     bytes32[] baseLeaves;
     bytes baseLeaf;
+    uint256 kernelNoteEncryptedLogsLength;
+    uint256 kernelEncryptedLogsLength;
+    uint256 kernelUnencryptedLogsLength;
     bytes32 noteEncryptedLogsHash;
     bytes32 encryptedLogsHash;
     bytes32 unencryptedLogsHash;
@@ -148,9 +154,38 @@ library TxsDecoder {
          * Compute encrypted and unencrypted logs hashes corresponding to the current leaf.
          * Note: will advance offsets by the number of bytes processed.
          */
-        (vars.noteEncryptedLogsHash, offset) = computeKernelLogsHash(offset, _body, true);
-        (vars.encryptedLogsHash, offset) = computeKernelLogsHash(offset, _body, false);
-        (vars.unencryptedLogsHash, offset) = computeKernelLogsHash(offset, _body, false);
+        offsets.encryptedLogsLength = offset;
+        offset += 0x20;
+        offsets.unencryptedLogsLength = offset;
+        offset += 0x20;
+
+        (vars.noteEncryptedLogsHash, offset, vars.kernelNoteEncryptedLogsLength) =
+          computeKernelLogsHash(offset, _body, true);
+        (vars.encryptedLogsHash, offset, vars.kernelEncryptedLogsLength) =
+          computeKernelLogsHash(offset, _body, false);
+        (vars.unencryptedLogsHash, offset, vars.kernelUnencryptedLogsLength) =
+          computeKernelLogsHash(offset, _body, false);
+
+        // We throw to ensure that the byte len we charge for DA gas in the kernels matches the actual chargable log byte len
+        // Without this check, the user may provide the kernels with a lower log len than reality
+        if (
+          uint256(bytes32(slice(_body, offsets.encryptedLogsLength, 0x20)))
+            != vars.kernelNoteEncryptedLogsLength + vars.kernelEncryptedLogsLength
+        ) {
+          revert Errors.TxsDecoder__InvalidLogsLength(
+            uint256(bytes32(slice(_body, offsets.encryptedLogsLength, 0x20))),
+            vars.kernelNoteEncryptedLogsLength + vars.kernelEncryptedLogsLength
+          );
+        }
+        if (
+          uint256(bytes32(slice(_body, offsets.unencryptedLogsLength, 0x20)))
+            != vars.kernelUnencryptedLogsLength
+        ) {
+          revert Errors.TxsDecoder__InvalidLogsLength(
+            uint256(bytes32(slice(_body, offsets.unencryptedLogsLength, 0x20))),
+            vars.kernelUnencryptedLogsLength
+          );
+        }
 
         // Insertions are split into multiple `bytes.concat` to work around stack too deep.
         vars.baseLeaf = bytes.concat(
@@ -185,6 +220,10 @@ library TxsDecoder {
               Constants.PUBLIC_DATA_WRITES_NUM_BYTES_PER_BASE_ROLLUP
             )
           ),
+          bytes.concat(
+            slice(_body, offsets.encryptedLogsLength, 0x20),
+            slice(_body, offsets.unencryptedLogsLength, 0x20)
+          ),
           bytes.concat(vars.noteEncryptedLogsHash, vars.encryptedLogsHash, vars.unencryptedLogsHash)
         );
 
@@ -194,7 +233,7 @@ library TxsDecoder {
       // We pad base leaves with hashes of empty tx effect.
       for (uint256 i = numTxEffects; i < vars.baseLeaves.length; i++) {
         // Value taken from tx_effect.test.ts "hash of empty tx effect matches snapshot" test case
-        vars.baseLeaves[i] = hex"00543e0a6642ffeb8039296861765a53407bba62bd1c97ca43374de950bbe0a7";
+        vars.baseLeaves[i] = hex"009f12fb98ebbf4e5deef4cf51ade63094a795b891880217958b226707c95f43";
       }
     }
 
@@ -207,13 +246,12 @@ library TxsDecoder {
    * @param _body - The L2 block calldata.
    * @return The hash of the logs and offset in a block after processing the logs.
    * @dev We have logs preimages on the input and we need to perform the same hashing process as is done in the app
-   *      circuit (hashing the logs) and in the kernel circuit (accumulating the logs hashes). In each iteration of
-   *      kernel, the kernel computes a hash of the previous iteration's logs hash (the hash in the previous kernel's
-   *      public inputs) and the current iteration private circuit public inputs logs hash.
+   *      circuit (hashing the logs) and in the kernel circuit (accumulating the logs hashes). The tail kernel
+   *      circuit flat hashes all the app log hashes.
    *
    *      E.g. for resulting logs hash of a kernel with 3 iterations would be computed as:
    *
-   *        kernelPublicInputsLogsHash = sha256(sha256(sha256(I1_LOGS), sha256(I2_LOGS)), sha256(I3_LOGS))
+   *        kernelPublicInputsLogsHash = sha256((sha256(I1_LOGS), sha256(I2_LOGS)), sha256(I3_LOGS))
    *
    *      where I1_LOGS, I2_LOGS and I3_LOGS are logs emitted in the first, second and third function call.
    *
@@ -229,17 +267,22 @@ library TxsDecoder {
    *        I1_LOGS_LEN (i) is the length of the logs in the first iteration.
    *        I1_LOGS are all the logs emitted in the first iteration.
    *        I2_LOGS_LEN (j) ...
+   * @dev The circuit outputs a total logs len based on the byte length that the user pays DA gas for.
+   *      In terms of the encoding above, this is the raw log length (i, j, or k) + 4 for each log.
+   *      For the example above, kernelLogsLength = (i + 4) + (j + 4) + (k + 4). Since we already track
+   *      the total remainingLogsLength, we just remove the bytes holding function logs length.
    *
    * @dev Link to a relevant discussion:
    *      https://discourse.aztec.network/t/proposal-forcing-the-sequencer-to-actually-submit-data-to-l1/426/9
    */
   function computeKernelLogsHash(uint256 _offsetInBlock, bytes calldata _body, bool noteLogs)
     internal
     pure
-    returns (bytes32, uint256)
+    returns (bytes32, uint256, uint256)
   {
     uint256 offset = _offsetInBlock;
     uint256 remainingLogsLength = read4(_body, offset);
+    uint256 kernelLogsLength = remainingLogsLength;
     offset += 0x4;
 
     bytes memory flattenedLogHashes; // The hash input
@@ -253,6 +296,8 @@ library TxsDecoder {
       // Decrease remaining logs length by this privateCircuitPublicInputsLogs's length (len(I?_LOGS)) and 4 bytes for I?_LOGS_LEN
       remainingLogsLength -= (privateCircuitPublicInputLogsLength + 0x4);
 
+      kernelLogsLength -= 0x4;
+
       while (privateCircuitPublicInputLogsLength > 0) {
         uint256 singleCallLogsLength = read4(_body, offset);
         offset += 0x4;
@@ -268,7 +313,7 @@ library TxsDecoder {
 
     // Not having a 0 value hash for empty logs causes issues with empty txs used for padding.
     if (flattenedLogHashes.length == 0) {
-      return (0, offset);
+      return (0, offset, 0);
     }
 
     // padded to MAX_LOGS * 32 bytes
@@ -284,7 +329,7 @@ library TxsDecoder {
 
     bytes32 kernelPublicInputsLogsHash = Hash.sha256ToField(flattenedLogHashes);
 
-    return (kernelPublicInputsLogsHash, offset);
+    return (kernelPublicInputsLogsHash, offset, kernelLogsLength);
   }
 
   /**

l1-contracts/test/decoders/Decoders.t.sol

@@ -174,9 +174,11 @@ contract DecodersTest is DecoderBase {
     bytes memory iterationLogsLength = hex"00000000"; // 4 empty bytes indicating that length of this iteration's logs is 0
     bytes memory encodedLogs = abi.encodePacked(kernelLogsLength, iterationLogsLength);
 
-    (bytes32 logsHash, uint256 bytesAdvanced) = txsHelper.computeKernelLogsHash(encodedLogs);
+    (bytes32 logsHash, uint256 bytesAdvanced, uint256 logsLength) =
+      txsHelper.computeKernelLogsHash(encodedLogs);
 
     assertEq(bytesAdvanced, encodedLogs.length, "Advanced by an incorrect number of bytes");
+    assertEq(logsLength, 0, "Incorrect logs length");
     assertEq(logsHash, bytes32(0), "Incorrect logs hash");
   }
 
@@ -190,7 +192,8 @@ contract DecodersTest is DecoderBase {
     // Note: 00000004 is the length of 1 log within function logs
     bytes memory encodedLogs =
       abi.encodePacked(hex"0000000c00000008", hex"00000004", firstFunctionCallLogs);
-    (bytes32 logsHash, uint256 bytesAdvanced) = txsHelper.computeKernelLogsHash(encodedLogs);
+    (bytes32 logsHash, uint256 bytesAdvanced, uint256 logsLength) =
+      txsHelper.computeKernelLogsHash(encodedLogs);
 
     bytes32 privateCircuitPublicInputsLogsHashFirstCall = Hash.sha256ToField(firstFunctionCallLogs);
 
@@ -202,6 +205,8 @@ contract DecodersTest is DecoderBase {
     );
 
     assertEq(bytesAdvanced, encodedLogs.length, "Advanced by an incorrect number of bytes");
+    // We take 8 as the user does not pay for the gas of the overall len (hex"0000002400000008")
+    assertEq(logsLength, encodedLogs.length - 8, "Incorrect logs length");
     assertEq(logsHash, referenceLogsHash, "Incorrect logs hash");
   }
 
@@ -222,7 +227,8 @@ contract DecodersTest is DecoderBase {
       hex"00000010",
       secondFunctionCallLogs
     );
-    (bytes32 logsHash, uint256 bytesAdvanced) = txsHelper.computeKernelLogsHash(encodedLogs);
+    (bytes32 logsHash, uint256 bytesAdvanced, uint256 logsLength) =
+      txsHelper.computeKernelLogsHash(encodedLogs);
 
     bytes32 referenceLogsHashFromIteration1 = Hash.sha256ToField(firstFunctionCallLogs);
 
@@ -238,6 +244,8 @@ contract DecodersTest is DecoderBase {
     );
 
     assertEq(bytesAdvanced, encodedLogs.length, "Advanced by an incorrect number of bytes");
+    // We take 12 as the user does not pay for the gas of the function logs len bytes (hex"00000014") or overall len (hex"0000002400000008")
+    assertEq(logsLength, encodedLogs.length - 12, "Incorrect logs length");
     assertEq(logsHash, referenceLogsHashFromIteration2, "Incorrect logs hash");
   }
 
@@ -263,7 +271,8 @@ contract DecodersTest is DecoderBase {
       hex"00000010",
       thirdFunctionCallLogs
     );
-    (bytes32 logsHash, uint256 bytesAdvanced) = txsHelper.computeKernelLogsHash(encodedLogs);
+    (bytes32 logsHash, uint256 bytesAdvanced, uint256 logsLength) =
+      txsHelper.computeKernelLogsHash(encodedLogs);
 
     bytes32 referenceLogsHashFromIteration1 = Hash.sha256ToField(firstFunctionCallLogs);
 
@@ -281,6 +290,9 @@ contract DecodersTest is DecoderBase {
     );
 
     assertEq(bytesAdvanced, encodedLogs.length, "Advanced by an incorrect number of bytes");
+    // We take 16 as the user does not pay for the gas of the function logs len bytes (hex"00000014"),
+    // empty logs len bytes (hex"00000000") or overall len (hex"0000002400000008")
+    assertEq(logsLength, encodedLogs.length - 16, "Incorrect logs length");
     assertEq(logsHash, referenceLogsHashFromIteration3, "Incorrect logs hash");
   }
 

l1-contracts/test/decoders/helpers/TxsDecoderHelper.sol

@@ -13,7 +13,7 @@ contract TxsDecoderHelper {
   function computeKernelLogsHash(bytes calldata _kernelLogs)
     external
     pure
-    returns (bytes32, uint256)
+    returns (bytes32, uint256, uint256)
   {
     return TxsDecoder.computeKernelLogsHash(0, _kernelLogs, false);
   }