feature(sierra): Added BoundedIntGuarantee and verify libfunc.

[orizi]

Summary

Adds support for BoundedIntGuarantee type and bounded_int_guarantee_verify libfunc to the Cairo Sierra language. This introduces a non-duplicatable, non-droppable guarantee type that must be verified through range checks to be consumed, currently supporting u32 bounds (0 to 2^32-1).

---

Type of change

Please check one:

• Bug fix (fixes incorrect behavior)
• New feature
• Performance improvement
• Documentation change with concrete technical impact
• Style, wording, formatting, or typo-only change

---

Why is this change needed?

This change introduces a new type system feature that allows for compile-time guarantees about integer bounds that must be verified at runtime. The BoundedIntGuarantee type provides a way to represent values that are guaranteed to be within specific bounds, but unlike regular BoundedInt types, these guarantees must be explicitly verified through the bounded_int_guarantee_verify libfunc before the value can be used.

---

What was the behavior or documentation before?

Before this change, only BoundedInt types existed, which were duplicatable and droppable. There was no mechanism for creating non-duplicatable guarantees that required explicit verification.

---

What is the behavior or documentation after?

After this change:

• A new BoundedIntGuarantee<MIN, MAX> type is available that is non-duplicatable and non-droppable
• The bounded_int_guarantee_verify libfunc can be used to verify these guarantees, consuming the guarantee and performing range checks
• The verification has an AP change cost of 1 and a gas cost of 3 steps with 2 range checks
• Currently only u32 bounds (0 to 2^32-1) are supported for guarantees

---

Related issue or discussion (if any)

---

Additional context

The implementation includes:

• Type system integration for the new guarantee type
• CASM generation for the verification libfunc that performs range checks using validate_ge and validate_lt
• Cost analysis showing the verification requires 3 steps and 2 range checks
• Integration with the allowed libfuncs list for Starknet classes
• Test coverage demonstrating the functionality with u32 bounds

---

Note

Medium Risk
Introduces a new core type and libfunc that affect Sierra type specialization, CASM generation, and cost/AP accounting; mistakes could lead to incorrect verification or mispriced execution. Scope is limited (currently u32-only) and covered by an e2e test.

Overview
Adds a new core Sierra type BoundedIntGuarantee<MIN, MAX> (non-drop/non-dup) and wires it into the core type hierarchy and type sizing.

Introduces bounded_int_guarantee_verify under the bounded-int module, with signature/specialization restricted to the u32 bounds case, and adds CASM lowering that enforces the bounds via validate_ge/validate_lt range checks.

Updates AP-change and gas-cost models for the new libfunc, exposes the shared cast-range-check helpers (validate_ge/validate_lt), allows the libfunc in Starknet’s all.json, and adds an e2e test fixture for the new verification path.

^{Written by Cursor Bugbot for commit b519f15. This will update automatically on new commits. Configure here.}

[reviewable-StarkWare]

This change is 

[orizi]

• Added e2e tests of blake improvement. #9780
• feature(sierra): Added guarantee version for blake libfuncs. #9779
• feature(sierra): Added a split fn from u128 to u32 guarantees. #9778
• feature(sierra): Added BoundedIntGuarantee and verify libfunc. #9777 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[ilyalesokhin-starkware]

crates/cairo-lang-sierra-ap-change/src/core_libfunc_ap_change.rs line 437 at r1 (raw file):

            }
            BoundedIntConcreteLibfunc::GuaranteeVerify(_) => {
                vec![ApChange::Known(1)]

It depends on the range because of maybe_tempvar, right?

Code quote:

  vec![ApChange::Known(1)]

[ilyalesokhin-starkware]

@ilyalesokhin-starkware reviewed 5 files and all commit messages.
Reviewable status: 5 of 9 files reviewed, 2 unresolved discussions (waiting on orizi).

[orizi]

@orizi made 1 comment and resolved 1 discussion.
Reviewable status: 5 of 9 files reviewed, 1 unresolved discussion (waiting on ilyalesokhin-starkware).

---

crates/cairo-lang-sierra-ap-change/src/core_libfunc_ap_change.rs line 437 at r1 (raw file):

Previously, ilyalesokhin-starkware wrote…

It depends on the range because of maybe_tempvar, right?

Done

[orizi]

@orizi resolved 1 discussion.
Reviewable status: 3 of 9 files reviewed, 1 unresolved discussion (waiting on ilyalesokhin-starkware).

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[orizi]

@orizi resolved 1 discussion.
Reviewable status: 2 of 9 files reviewed, 1 unresolved discussion (waiting on ilyalesokhin-starkware).

[ilyalesokhin-starkware]

@ilyalesokhin-starkware reviewed 6 files and all commit messages, made 1 comment, and resolved 1 discussion.
Reviewable status: 8 of 9 files reviewed, all discussions resolved.

[orizi]

@orizi reviewed 1 file.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on orizi).