zinc_uair/

lib.rs

//! UAIR description tools.

pub mod collect_scalars;
pub mod constraint_counter;
pub mod degree_counter;
pub mod do_nothing_builder;
pub mod dummy_semiring;
pub mod ideal;
pub mod ideal_collector;
pub mod lookup_types;

use crypto_primitives::Semiring;
use std::borrow::Cow;
use zinc_poly::{
    mle::DenseMultilinearExtension,
    univariate::{binary::BinaryPoly, dense::DensePolynomial},
};
use zinc_utils::{UNCHECKED, add, from_ref::FromRef, mul_by_scalar::MulByScalar, sub};

use crate::ideal::{Ideal, IdealCheck};

pub use lookup_types::{LookupColumnSpec, LookupTableType};

/// The abstract interface to constraint building logic.
/// In essence it allows to create constraints modulo ideals.
pub trait ConstraintBuilder {
    /// The expressions the constraint builder operates on.
    /// It is opaque from the PoV of an AIR apart from
    /// the fact that arithmetic operations are available on it
    /// and one can check if an expression is in an ideal.
    type Expr: Semiring;
    /// The type of ideals used by the constraint builder.
    type Ideal: Ideal + IdealCheck<Self::Expr>;

    /// Add a constraint saying that `expr` belongs to the ideal `ideal`.
    fn assert_in_ideal(&mut self, expr: Self::Expr, ideal: &Self::Ideal);

    /// Add a constraint saying that `expr` is equal to zero which is
    /// the same as saying that `expr` belongs to the zero ideal.
    fn assert_zero(&mut self, expr: Self::Expr);
}

/// Specifies a shifted column
/// `ShiftSpec { source_col: 0, shift_amount: 3 }` means
/// "virtual column whose row i is the value of column 0 at row i+3
/// (zero-padded beyond trace length)."
///
/// Multiple ShiftSpecs may reference the same source_col with
/// different shift amounts.
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
pub struct ShiftSpec {
    /// Index of the committed column in the flattened trace
    /// (binary_poly || arbitrary_poly || int, same indexing as
    /// TraceRow::from_slice_with_layout).
    source_col: usize,
    /// Number of rows to shift by.
    shift_amount: usize,
}

impl ShiftSpec {
    pub fn new(source_col: usize, shift_amount: usize) -> Self {
        assert!(shift_amount > 0, "shift must be non-zero");
        Self {
            source_col,
            shift_amount,
        }
    }

    pub fn source_col(&self) -> usize {
        self.source_col
    }

    pub fn shift_amount(&self) -> usize {
        self.shift_amount
    }
}

// ---------------------------------------------------------------------------
// BitOp virtual columns
// ---------------------------------------------------------------------------

/// An entry-wise `R`-linear endomorphism of the bounded-degree coefficient
/// module `R^{<W}[X]` (cf. Section 2.1.1 of the Zinc+ paper) that defines a
/// virtual column.
///
/// Per Lemma 2.3, any `R`-linear coordinate-wise map on `R^{<W}[X]` commutes
/// with multilinear extension over the row hypercube. Consequently the column
/// `T(v)` need not be committed: the prover materializes it during the
/// constraint-aggregation sumcheck, and the verifier reconstructs its MLE
/// evaluation at the final point `r_0` by applying `T` to the source
/// column's lifted opening, its `W` `F_q`-coefficients, directly.
///
/// `Rot(c)` admits an alternative description as multiplication by `X^{W-c}`
/// modulo `X^W - 1`, i.e. as an endomorphism of `R[X]/(X^W - 1)`. `ShR(c)` is
/// pure zero-padding on coefficient indices and is *not* a quotient-ring
/// operation; both, however, are `R`-linear maps on `R^{<W}[X]` and fall
/// under the same Lemma 2.3 frame.
///
/// Bit-ops are defined only on binary_poly source columns.
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
pub enum BitOp {
    /// Right-rotation by `c` bit positions. The result's coefficient at
    /// position `i` is the source's at `(i + c) mod W`, where `W` is the
    /// cell width.
    Rot(usize),
    /// Right-shift by `c` bit positions. The result's coefficient at
    /// position `i` is the source's at `i + c` if `i + c < W`, else zero.
    ShR(usize),
}

impl BitOp {
    /// The rotation / shift count.
    pub fn count(&self) -> usize {
        match self {
            BitOp::Rot(c) | BitOp::ShR(c) => *c,
        }
    }
}

/// Specifies a bit-op virtual column.
///
/// `BitOpSpec { source_col: 0, op: BitOp::ShR(3) }` declares a virtual column
/// whose row `i` is `ShR^3` applied entry-wise to the `i`-th cell of column 0.
///
/// `source_col` must reference a binary_poly column; bit-ops are only defined
/// on bit-polynomial cells, i.e. elements of `R^{<W}[X]` with `{0,1}`
/// coefficients.
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
pub struct BitOpSpec {
    /// Flat index of the binary_poly source column. Uses the same
    /// `binary_poly || arbitrary_poly || int` indexing as `ShiftSpec`.
    source_col: usize,
    /// The bit-op applied entry-wise to the source column.
    op: BitOp,
}

impl BitOpSpec {
    pub fn new(source_col: usize, op: BitOp) -> Self {
        assert!(op.count() > 0, "bit-op count must be non-zero");
        Self { source_col, op }
    }

    pub fn source_col(&self) -> usize {
        self.source_col
    }

    pub fn op(&self) -> BitOp {
        self.op
    }
}

// ---------------------------------------------------------------------------
// Column layout types
// ---------------------------------------------------------------------------

/// Column counts per type (binary_poly, arbitrary_poly, int).
/// Shared internals for the semantic newtype wrappers (Total, Public, Virtual,
/// Witness)
#[derive(Clone, Debug, Default)]
pub struct ColumnLayout {
    num_binary_poly_cols: usize,
    num_arbitrary_poly_cols: usize,
    num_int_cols: usize,
}

impl ColumnLayout {
    pub fn new(
        num_binary_poly_cols: usize,
        num_arbitrary_poly_cols: usize,
        num_int_cols: usize,
    ) -> Self {
        Self {
            num_binary_poly_cols,
            num_arbitrary_poly_cols,
            num_int_cols,
        }
    }

    pub fn num_binary_poly_cols(&self) -> usize {
        self.num_binary_poly_cols
    }

    pub fn num_arbitrary_poly_cols(&self) -> usize {
        self.num_arbitrary_poly_cols
    }

    pub fn num_int_cols(&self) -> usize {
        self.num_int_cols
    }

    /// Maximum number of columns across the three types.
    pub fn max_cols(&self) -> usize {
        [
            self.num_binary_poly_cols,
            self.num_arbitrary_poly_cols,
            self.num_int_cols,
        ]
        .into_iter()
        .max()
        .expect("the iterator is not empty")
    }

    /// The sum of the numbers of columns across all types.
    #[allow(clippy::arithmetic_side_effects)]
    pub fn cols(&self) -> usize {
        self.num_binary_poly_cols + self.num_arbitrary_poly_cols + self.num_int_cols
    }
}

macro_rules! column_layout_wrapper {
    ($(#[$meta:meta])* $name:ident) => {
        $(#[$meta])*
        #[derive(Clone, Debug, Default)]
        pub struct $name(ColumnLayout);

        impl $name {
            pub fn new(num_binary_poly_cols: usize, num_arbitrary_poly_cols: usize, num_int_cols: usize) -> Self {
                Self(ColumnLayout::new(num_binary_poly_cols, num_arbitrary_poly_cols, num_int_cols))
            }

            pub fn num_binary_poly_cols(&self) -> usize { self.0.num_binary_poly_cols() }
            pub fn num_arbitrary_poly_cols(&self) -> usize { self.0.num_arbitrary_poly_cols() }
            pub fn num_int_cols(&self) -> usize { self.0.num_int_cols() }
            pub fn max_cols(&self) -> usize { self.0.max_cols() }
            pub fn cols(&self) -> usize { self.0.cols() }
            pub fn as_column_layout(&self) -> &ColumnLayout { &self.0 }
        }
    };
}

column_layout_wrapper!(/// Layout of all trace columns (public + witness) per type.
    TotalColumnLayout);
column_layout_wrapper!(/// Layout of the public column subset.
    PublicColumnLayout);
column_layout_wrapper!(/// Layout of the virtual (shifted/down) columns.
    VirtualColumnLayout);
column_layout_wrapper!(/// Layout of the witness (total minus public) columns.
    WitnessColumnLayout);

// ---------------------------------------------------------------------------
// UairSignature
// ---------------------------------------------------------------------------

/// The signature of a UAIR.
///
/// Public columns precede witness columns within each type group.
/// The flattened trace ordering is:
/// `[pub_bin, wit_bin, pub_arb, wit_arb, pub_int, wit_int]`.
#[derive(Clone, Debug)]
pub struct UairSignature {
    /// Column-type layout of all (public + witness) columns.
    total_cols: TotalColumnLayout,
    /// Public column subset.
    public_cols: PublicColumnLayout,
    /// Witness column counts (total minus public) per type.
    witness_cols: WitnessColumnLayout,
    /// Shifted columns info sorted by `source_col`.
    shifts: Vec<ShiftSpec>,
    /// Bit-op virtual column specs, in insertion order. Each spec references a
    /// binary_poly source column and contributes one extra entry to the
    /// binary_poly slice of the down row, appended after the shifted entries.
    bit_op_specs: Vec<BitOpSpec>,
    /// Column-type layout of the down row (shifted virtuals + bit-op virtuals).
    down_cols: VirtualColumnLayout,
    /// Lookup specifications: which trace columns are constrained against
    /// which table types.
    lookup_specs: Vec<LookupColumnSpec>,
}

impl UairSignature {
    /// Create a new signature, sorting `shifts` by `source_col`.
    pub fn new(
        total_cols: TotalColumnLayout,
        public_cols: PublicColumnLayout,
        mut shifts: Vec<ShiftSpec>,
        lookup_specs: Vec<LookupColumnSpec>,
    ) -> Self {
        for (name, pub_n, tot_n) in [
            (
                "binary_poly",
                public_cols.num_binary_poly_cols(),
                total_cols.num_binary_poly_cols(),
            ),
            (
                "arbitrary_poly",
                public_cols.num_arbitrary_poly_cols(),
                total_cols.num_arbitrary_poly_cols(),
            ),
            ("int", public_cols.num_int_cols(), total_cols.num_int_cols()),
        ] {
            assert!(
                pub_n <= tot_n,
                "public {name}_cols ({pub_n}) > total ({tot_n})"
            );
        }

        let num_cols = total_cols.cols();
        for spec in &shifts {
            assert!(
                spec.source_col() < num_cols,
                "ShiftSpec source_col {} out of range (total_cols = {}). \
                 source_col uses flat indexing: binary_poly || arbitrary_poly || int.",
                spec.source_col(),
                num_cols,
            );
        }

        shifts.sort_by_key(|spec| spec.source_col());
        let down_cols = Self::compute_down_layout(&total_cols, &shifts, &[]);
        let witness_cols = WitnessColumnLayout::new(
            sub!(
                total_cols.num_binary_poly_cols(),
                public_cols.num_binary_poly_cols()
            ),
            sub!(
                total_cols.num_arbitrary_poly_cols(),
                public_cols.num_arbitrary_poly_cols()
            ),
            sub!(total_cols.num_int_cols(), public_cols.num_int_cols()),
        );

        Self {
            total_cols,
            public_cols,
            shifts,
            bit_op_specs: Vec::new(),
            down_cols,
            witness_cols,
            lookup_specs,
        }
    }

    /// Attach bit-op virtual column specs to the signature.
    ///
    /// Each spec must reference a binary_poly source column; bit-ops are only
    /// defined on bit-polynomial cells. `cell_width` is the shared coefficient
    /// width `W` of those cells, and every bit-op count must satisfy
    /// `0 < count < W`.
    ///
    /// # Down-row ordering invariant
    ///
    /// Bit-op virtuals slot into the `binary_poly` slice of the down
    /// `TraceRow`, *after* the shifted-binary entries and *before* any
    /// non-binary entries. The full ordering of the down row is:
    ///
    /// ```text
    /// [shifted_binary_poly..., bit_op_binary_poly..., shifted_arbitrary_poly..., shifted_int...]
    /// ```
    ///
    /// This keeps `down` consistent with `ColumnLayout`'s
    /// `binary_poly || arbitrary_poly || int` partitioning. Materialization
    /// code in CPR / mp_eval must respect this order; appending bit-op evals
    /// at the tail of `down_evals` would silently misalign constraint indices
    /// on mixed-type shift UAIRs.
    ///
    /// Insertion order of `bit_op_specs` determines the position of each
    /// bit-op virtual within its sub-slice.
    pub fn with_bit_op_specs(mut self, cell_width: usize, bit_op_specs: Vec<BitOpSpec>) -> Self {
        let binary_poly_end = self.total_cols.num_binary_poly_cols();
        for spec in &bit_op_specs {
            assert!(
                spec.source_col() < binary_poly_end,
                "BitOpSpec source_col {} is not a binary_poly column \
                 (binary_poly_end = {}). Bit-ops are only defined on the \
                 cell ring F_2[X]/(X^W).",
                spec.source_col(),
                binary_poly_end,
            );
            assert!(
                spec.op().count() < cell_width,
                "BitOpSpec count {} out of range (must satisfy 0 < count < {})",
                spec.op().count(),
                cell_width,
            );
        }
        self.bit_op_specs = bit_op_specs;
        self.down_cols =
            Self::compute_down_layout(&self.total_cols, &self.shifts, &self.bit_op_specs);
        self
    }

    pub fn lookup_specs(&self) -> &[LookupColumnSpec] {
        &self.lookup_specs
    }

    fn compute_down_layout(
        total_cols: &TotalColumnLayout,
        shifts: &[ShiftSpec],
        bit_op_specs: &[BitOpSpec],
    ) -> VirtualColumnLayout {
        let binary_poly_end = total_cols.num_binary_poly_cols();
        let arbitrary_poly_end = add!(binary_poly_end, total_cols.num_arbitrary_poly_cols());
        let mut num_binary_poly = 0usize;
        let mut num_arbitrary_poly = 0usize;
        let mut num_int = 0usize;
        for spec in shifts {
            if spec.source_col() < binary_poly_end {
                num_binary_poly = add!(num_binary_poly, 1);
            } else if spec.source_col() < arbitrary_poly_end {
                num_arbitrary_poly = add!(num_arbitrary_poly, 1);
            } else {
                num_int = add!(num_int, 1);
            }
        }
        num_binary_poly = add!(num_binary_poly, bit_op_specs.len());
        VirtualColumnLayout::new(num_binary_poly, num_arbitrary_poly, num_int)
    }

    pub fn total_cols(&self) -> &TotalColumnLayout {
        &self.total_cols
    }

    pub fn public_cols(&self) -> &PublicColumnLayout {
        &self.public_cols
    }

    /// Witness column counts (total minus public) per type.
    pub fn witness_cols(&self) -> &WitnessColumnLayout {
        &self.witness_cols
    }

    pub fn shifts(&self) -> &[ShiftSpec] {
        &self.shifts
    }

    /// Bit-op virtual column specs, in insertion order. Each spec contributes
    /// one binary_poly entry to the down row, appended after the shifted
    /// entries.
    pub fn bit_op_specs(&self) -> &[BitOpSpec] {
        &self.bit_op_specs
    }

    /// Column-type layout of the down row (shifted virtuals + bit-op virtuals).
    pub fn down_cols(&self) -> &VirtualColumnLayout {
        &self.down_cols
    }

    /// Build correctly-sized dummy up and down `TraceRow`s for static
    /// analysis (constraint counting, degree counting, scalar/ideal
    /// collection).
    pub fn dummy_rows<T: Clone>(&self, val: T) -> (Vec<T>, Vec<T>) {
        let up_size = self.total_cols.cols();
        let down_size = self.down_cols.cols();
        (vec![val.clone(); up_size], vec![val; down_size])
    }
}

// ---------------------------------------------------------------------------
// UairTrace
// ---------------------------------------------------------------------------

/// The trace of a UAIR execution (pre-projection).
/// If owned, it contains the full trace, otherwise it contains a view on the
/// full trace (e.g. only public columns).
#[derive(Debug, Clone, Default)]
pub struct UairTrace<
    'a,
    PolyCoeff: Clone,
    Int: Clone,
    const BINARY_POLY_DEGREE_PLUS_ONE: usize,
    const ARBITRARY_POLY_DEGREE_PLUS_ONE: usize,
> {
    pub binary_poly: Cow<'a, [DenseMultilinearExtension<BinaryPoly<BINARY_POLY_DEGREE_PLUS_ONE>>]>,
    pub arbitrary_poly: Cow<
        'a,
        [DenseMultilinearExtension<DensePolynomial<PolyCoeff, ARBITRARY_POLY_DEGREE_PLUS_ONE>>],
    >,
    pub int: Cow<'a, [DenseMultilinearExtension<Int>]>,
}

impl<PolyCoeff: Clone, Int: Clone, const DB: usize, const DA: usize>
    UairTrace<'static, PolyCoeff, Int, DB, DA>
{
    /// Returns a sub-trace containing only public columns.
    /// Returned trace is borrowed from the full trace.
    pub fn public(&self, sig: &UairSignature) -> UairTrace<'_, PolyCoeff, Int, DB, DA> {
        let p = sig.public_cols();
        UairTrace {
            binary_poly: Cow::Borrowed(&self.binary_poly[0..p.num_binary_poly_cols()]),
            arbitrary_poly: Cow::Borrowed(&self.arbitrary_poly[0..p.num_arbitrary_poly_cols()]),
            int: Cow::Borrowed(&self.int[0..p.num_int_cols()]),
        }
    }

    /// Returns a sub-trace containing only witness columns.
    /// Returned trace is borrowed from the full trace.
    pub fn witness(&self, sig: &UairSignature) -> UairTrace<'_, PolyCoeff, Int, DB, DA> {
        let p = sig.public_cols();
        UairTrace {
            binary_poly: Cow::Borrowed(&self.binary_poly[p.num_binary_poly_cols()..]),
            arbitrary_poly: Cow::Borrowed(&self.arbitrary_poly[p.num_arbitrary_poly_cols()..]),
            int: Cow::Borrowed(&self.int[p.num_int_cols()..]),
        }
    }
}

// ---------------------------------------------------------------------------
// TraceRow
// ---------------------------------------------------------------------------

/// A view on a row of the trace.
/// Contains references to cells of the trace
/// of all types lying in the same trace row.
#[derive(Clone, Copy)]
pub struct TraceRow<'a, Expr> {
    pub binary_poly: &'a [Expr],
    pub arbitrary_poly: &'a [Expr],
    pub int: &'a [Expr],
}

impl<'a, Expr> TraceRow<'a, Expr> {
    /// Given a slice that represents a raw row of the trace,
    /// creates a `TraceRow` from it.
    /// Subdivides the slice according to the given column layout.
    #[allow(clippy::arithmetic_side_effects)]
    pub fn from_slice_with_layout(row: &'a [Expr], layout: &ColumnLayout) -> Self {
        let num_binary_poly = layout.num_binary_poly_cols();
        let num_arbitrary_poly = layout.num_arbitrary_poly_cols();
        Self {
            binary_poly: &row[0..num_binary_poly],
            arbitrary_poly: &row[num_binary_poly..num_binary_poly + num_arbitrary_poly],
            int: &row[num_binary_poly + num_arbitrary_poly..],
        }
    }
}

// ---------------------------------------------------------------------------
// Uair trait
// ---------------------------------------------------------------------------

/// The trait that a universal AIR description has to implement.
/// This must include all the constraint description logic of an UAIR.
///
/// One type might implement different UAIR logics for different underlying
/// semirings hence the generic type parameter.
pub trait Uair: Clone {
    /// The ideal type the AIR operates with.
    /// Since a `ConstraintBuilder` is "opaque" for a `Uair`
    /// a `Uair` has to have a means to create ideals
    /// so ideals are fixed by this associated types.
    /// At the `constrain*` methods a `Uair` is given
    /// a way to convert its own ideals into builder's ideals
    /// via the `FromRef` trait.
    type Ideal: Ideal;

    /// The type of scalars of the UAIR.
    /// For now, we assume they are of
    /// the type "arbitrary polynomials".
    // Note: This is usually Z_32[X] (i.e. DensePolynomial<Ring, 32>), but according
    // to @agareta, this in not always the case.
    type Scalar: Semiring;

    /// Signature of the UAIR.
    ///
    /// TODO: Consider caching the signature to avoid recomputing it at every
    /// call site. Currently negligible since shifts are small (e.g. ~12 for
    /// SHA/ECDSA), but may matter if signatures grow more expensive to
    /// construct.
    fn signature() -> UairSignature;

    /// A general method for describing constraints.
    ///
    /// # Arguments
    /// - `b`: a builder encapsulating the constraint storing logic. Its type
    ///   `B` has to have compatible `B::Ideal` with the `Self::Ideal`, i.e. it
    ///   must implement `FromRef<Self::Ideal>` trait.
    /// - `up`: a `TraceRow` of expressions representing the current row of
    ///   UAIR.
    /// - `down`: a `TraceRow` of expressions representing the shifted (down)
    ///   row of the UAIR. Its layout matches `UairSignature::down()`, which may
    ///   have fewer columns than `up` when only a subset of columns are
    ///   shifted.
    /// - `from_ref`: a closure that turns the underlying ring `R` into
    ///   `B::Expr`. Sometimes (e.g. when dealing with random fields) it is
    ///   convenient to provide a closure instead of a `FromRef` implementation.
    /// - `mbs`: a closure that allows to multiply expressions by `R`. Same
    ///   rationale as for `from_ref`.
    fn constrain_general<B, FromR, MulByScalar, IFromR>(
        b: &mut B,
        up: TraceRow<B::Expr>,
        down: TraceRow<B::Expr>,
        from_ref: FromR,
        mbs: MulByScalar,
        ideal_from_ref: IFromR,
    ) where
        B: ConstraintBuilder,
        FromR: Fn(&Self::Scalar) -> B::Expr,
        MulByScalar: Fn(&B::Expr, &Self::Scalar) -> Option<B::Expr>,
        IFromR: Fn(&Self::Ideal) -> B::Ideal;

    // Same as `constrain_general` but `from_ref` and `mbs`
    // come from the trait implementations.
    fn constrain<B>(b: &mut B, up: TraceRow<B::Expr>, down: TraceRow<B::Expr>)
    where
        B: ConstraintBuilder,
        B::Expr: FromRef<Self::Scalar> + for<'b> MulByScalar<&'b Self::Scalar>,
        B::Ideal: FromRef<Self::Ideal>,
    {
        Self::constrain_general(
            b,
            up,
            down,
            B::Expr::from_ref,
            |x, y| B::Expr::mul_by_scalar::<UNCHECKED>(x, y),
            B::Ideal::from_ref,
        )
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    fn signature_with_mixed_shifts() -> UairSignature {
        UairSignature::new(
            TotalColumnLayout::new(2, 1, 1),
            PublicColumnLayout::new(0, 0, 0),
            vec![
                ShiftSpec::new(0, 1),
                ShiftSpec::new(2, 1),
                ShiftSpec::new(3, 1),
            ],
            vec![],
        )
    }

    #[test]
    fn bit_op_specs_extend_binary_down_layout() {
        let specs = vec![
            BitOpSpec::new(1, BitOp::ShR(3)),
            BitOpSpec::new(0, BitOp::Rot(2)),
        ];
        let sig = signature_with_mixed_shifts().with_bit_op_specs(8, specs.clone());

        assert_eq!(sig.bit_op_specs(), specs);
        assert_eq!(sig.bit_op_specs()[0].source_col(), 1);
        assert_eq!(sig.bit_op_specs()[0].op(), BitOp::ShR(3));
        assert_eq!(sig.bit_op_specs()[0].op().count(), 3);
        assert_eq!(sig.down_cols().num_binary_poly_cols(), 3);
        assert_eq!(sig.down_cols().num_arbitrary_poly_cols(), 1);
        assert_eq!(sig.down_cols().num_int_cols(), 1);
    }

    #[test]
    fn empty_bit_op_specs_keep_shift_only_down_layout() {
        let sig = signature_with_mixed_shifts().with_bit_op_specs(8, vec![]);

        assert!(sig.bit_op_specs().is_empty());
        assert_eq!(sig.down_cols().num_binary_poly_cols(), 1);
        assert_eq!(sig.down_cols().num_arbitrary_poly_cols(), 1);
        assert_eq!(sig.down_cols().num_int_cols(), 1);
    }

    #[test]
    #[should_panic(expected = "bit-op count must be non-zero")]
    fn bit_op_spec_rejects_zero_count() {
        let _ = BitOpSpec::new(0, BitOp::Rot(0));
    }

    #[test]
    #[should_panic(expected = "is not a binary_poly column")]
    fn bit_op_specs_reject_non_binary_source() {
        let _ = signature_with_mixed_shifts()
            .with_bit_op_specs(8, vec![BitOpSpec::new(2, BitOp::ShR(1))]);
    }

    #[test]
    #[should_panic(expected = "out of range")]
    fn bit_op_specs_reject_count_at_cell_width() {
        let _ = signature_with_mixed_shifts()
            .with_bit_op_specs(8, vec![BitOpSpec::new(0, BitOp::Rot(8))]);
    }
}