#include "barretenberg/stdlib/primitives/field/field_utils.hpp"
#include "barretenberg/circuit_checker/circuit_checker.hpp"
#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp"
#include <gtest/gtest.h>

Functions
	TYPED_TEST_SUITE (FieldUtilsTests, CircuitTypes)

	TYPED_TEST (FieldUtilsTests, ValidateSplitRejectsModulus)
	Test that validate_split_in_field_unsafe rejects value == modulus.

	TYPED_TEST (FieldUtilsTests, ValidateSplitAcceptsModulusMinusOne)
	Test that validate_split_in_field_unsafe accepts modulus - 1.

	TYPED_TEST (FieldUtilsTests, SplitUniqueRejectsModulus)
	Test that split_unique rejects value == modulus.

	TYPED_TEST (FieldUtilsTests, SplitUniqueMaxValue)
	Test split_unique with maximum valid value.

	TYPED_TEST (FieldUtilsTests, ValidateSplitConstantLoWitnessHiRejectsModulus)
	Test validate_split_in_field_unsafe rejects modulus with constant lo and witness hi.

	TYPED_TEST (FieldUtilsTests, ValidateSplitWitnessLoConstantHiRejectsModulus)
	Test validate_split_in_field_unsafe rejects modulus with witness lo and constant hi.

	TYPED_TEST (FieldUtilsTests, ValidateSplitRejectsModulusWithCorruptedBorrowZero)
	Test that the constraint rejects value == modulus even with corrupted borrow witness.

Function Documentation

◆ TYPED_TEST() [1/7]

TYPED_TEST	(	FieldUtilsTests	,
		SplitUniqueMaxValue
	)

Test split_unique with maximum valid value.

Definition at line 123 of file field_utils.test.cpp.

◆ TYPED_TEST() [2/7]

TYPED_TEST	(	FieldUtilsTests	,
		SplitUniqueRejectsModulus
	)

Test that split_unique rejects value == modulus.

Definition at line 94 of file field_utils.test.cpp.

◆ TYPED_TEST() [3/7]

TYPED_TEST	(	FieldUtilsTests	,
		ValidateSplitAcceptsModulusMinusOne
	)

Test that validate_split_in_field_unsafe accepts modulus - 1.

The maximum valid value should be field_modulus - 1

Definition at line 59 of file field_utils.test.cpp.

◆ TYPED_TEST() [4/7]

TYPED_TEST	(	FieldUtilsTests	,
		ValidateSplitConstantLoWitnessHiRejectsModulus
	)

Test validate_split_in_field_unsafe rejects modulus with constant lo and witness hi.

Regression test for audit finding: when lo is constant but hi is a witness, the borrow value must still be constrained to be boolean. Previously, the range constraint was skipped if lo was constant, allowing malicious provers to use non-boolean borrow values to bypass the field validation check.

Definition at line 159 of file field_utils.test.cpp.

◆ TYPED_TEST() [5/7]

TYPED_TEST	(	FieldUtilsTests	,
		ValidateSplitRejectsModulus
	)

Test that validate_split_in_field_unsafe rejects value == modulus.

This is a soundness bug: when lo + hi * 2^lo_bits == field_modulus, both hi_diff and lo_diff equal 0, which passes the range checks but should be rejected.

Definition at line 25 of file field_utils.test.cpp.

◆ TYPED_TEST() [6/7]

TYPED_TEST	(	FieldUtilsTests	,
		ValidateSplitRejectsModulusWithCorruptedBorrowZero
	)

Test that the constraint rejects value == modulus even with corrupted borrow witness.

This test manually builds the constraint logic with a corrupted borrow value (set to 0 when it should be 1) to verify that the constraint equation itself is sound. A malicious prover cannot bypass the check by choosing an arbitrary borrow value.

Before the fix, with constraint: lo_diff = r_lo - lo + borrow * 2^lo_bits

Setting borrow=0 with lo=r_lo gave lo_diff=0, which passed the range check (BUG)

After the fix, with constraint: lo_diff = (r_lo - 1) - lo + borrow * 2^lo_bits

Setting borrow=0 with lo=r_lo gives lo_diff=-1, which fails the range check (FIXED)
Setting borrow=1 with lo=r_lo gives lo_diff=2^lo_bits - 1, but then hi_diff=-1 fails

Definition at line 234 of file field_utils.test.cpp.

◆ TYPED_TEST() [7/7]

TYPED_TEST	(	FieldUtilsTests	,
		ValidateSplitWitnessLoConstantHiRejectsModulus
	)

Test validate_split_in_field_unsafe rejects modulus with witness lo and constant hi.

Symmetric case to the above test.

Definition at line 192 of file field_utils.test.cpp.

◆ TYPED_TEST_SUITE()

TYPED_TEST_SUITE	(	FieldUtilsTests	,
		CircuitTypes
	)

Functions