Hoist default C backend into separate functions(mld_poly_use_hint_c)

Signed-off-by: willieyz <willie.zhao@chelpis.com>

Author: willieyz

mldsa/src/poly_kl.c

@@ -33,6 +33,7 @@
  * within a single compilation unit. */
 #define mld_rej_eta MLD_ADD_PARAM_SET(mld_rej_eta)
 #define mld_poly_decompose_c MLD_ADD_PARAM_SET(mld_poly_decompose_c)
+#define mld_poly_use_hint_c MLD_ADD_PARAM_SET(mld_poly_use_hint_c)
 /* End of parameter set namespacing */
 
 
@@ -123,40 +124,21 @@ unsigned int mld_poly_make_hint(mld_poly *h, const mld_poly *a0,
   return s;
 }
 
-MLD_INTERNAL_API
-void mld_poly_use_hint(mld_poly *b, const mld_poly *a, const mld_poly *h)
+MLD_STATIC_TESTABLE void mld_poly_use_hint_c(mld_poly *b, const mld_poly *a,
+                                             const mld_poly *h)
+__contract__(
+  requires(memory_no_alias(a,  sizeof(mld_poly)))
+  requires(memory_no_alias(b, sizeof(mld_poly)))
+  requires(memory_no_alias(h, sizeof(mld_poly)))
+  requires(array_bound(a->coeffs, 0, MLDSA_N, 0, MLDSA_Q))
+  requires(array_bound(h->coeffs, 0, MLDSA_N, 0, 2))
+  assigns(memory_slice(b, sizeof(mld_poly)))
+  ensures(array_bound(b->coeffs, 0, MLDSA_N, 0, (MLDSA_Q-1)/(2*MLDSA_GAMMA2)))
+)
 {
   unsigned int i;
   mld_assert_bound(a->coeffs, MLDSA_N, 0, MLDSA_Q);
   mld_assert_bound(h->coeffs, MLDSA_N, 0, 2);
-#if defined(MLD_USE_NATIVE_POLY_USE_HINT_88) && MLD_CONFIG_PARAMETER_SET == 44
-  {
-    int ret;
-    /* TODO: proof */
-    ret = mld_poly_use_hint_88_native(b->coeffs, a->coeffs, h->coeffs);
-    if (ret == MLD_NATIVE_FUNC_SUCCESS)
-    {
-      mld_assert_bound(b->coeffs, MLDSA_N, 0,
-                       (MLDSA_Q - 1) / (2 * MLDSA_GAMMA2));
-      return;
-    }
-  }
-#elif defined(MLD_USE_NATIVE_POLY_USE_HINT_32) && \
-    (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87)
-  {
-    int ret;
-    /* TODO: proof */
-    ret = mld_poly_use_hint_32_native(b->coeffs, a->coeffs, h->coeffs);
-    if (ret == MLD_NATIVE_FUNC_SUCCESS)
-    {
-      mld_assert_bound(b->coeffs, MLDSA_N, 0,
-                       (MLDSA_Q - 1) / (2 * MLDSA_GAMMA2));
-      return;
-    }
-  }
-#endif /* !(MLD_USE_NATIVE_POLY_USE_HINT_88 && MLD_CONFIG_PARAMETER_SET == 44) \
-          && MLD_USE_NATIVE_POLY_USE_HINT_32 && (MLD_CONFIG_PARAMETER_SET ==   \
-          65 || MLD_CONFIG_PARAMETER_SET == 87) */
 
   for (i = 0; i < MLDSA_N; ++i)
   __loop__(
@@ -169,6 +151,38 @@ void mld_poly_use_hint(mld_poly *b, const mld_poly *a, const mld_poly *h)
   mld_assert_bound(b->coeffs, MLDSA_N, 0, (MLDSA_Q - 1) / (2 * MLDSA_GAMMA2));
 }
 
+MLD_INTERNAL_API
+void mld_poly_use_hint(mld_poly *b, const mld_poly *a, const mld_poly *h)
+{
+#if defined(MLD_USE_NATIVE_POLY_USE_HINT_88) && MLD_CONFIG_PARAMETER_SET == 44
+  int ret;
+  mld_assert_bound(a->coeffs, MLDSA_N, 0, MLDSA_Q);
+  mld_assert_bound(h->coeffs, MLDSA_N, 0, 2);
+  /* TODO: proof */
+  ret = mld_poly_use_hint_88_native(b->coeffs, a->coeffs, h->coeffs);
+  if (ret == MLD_NATIVE_FUNC_SUCCESS)
+  {
+    mld_assert_bound(b->coeffs, MLDSA_N, 0, (MLDSA_Q - 1) / (2 * MLDSA_GAMMA2));
+    return;
+  }
+#elif defined(MLD_USE_NATIVE_POLY_USE_HINT_32) && \
+    (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87)
+  int ret;
+  mld_assert_bound(a->coeffs, MLDSA_N, 0, MLDSA_Q);
+  mld_assert_bound(h->coeffs, MLDSA_N, 0, 2);
+  /* TODO: proof */
+  ret = mld_poly_use_hint_32_native(b->coeffs, a->coeffs, h->coeffs);
+  if (ret == MLD_NATIVE_FUNC_SUCCESS)
+  {
+    mld_assert_bound(b->coeffs, MLDSA_N, 0, (MLDSA_Q - 1) / (2 * MLDSA_GAMMA2));
+    return;
+  }
+#endif /* !(MLD_USE_NATIVE_POLY_USE_HINT_88 && MLD_CONFIG_PARAMETER_SET == 44) \
+          && MLD_USE_NATIVE_POLY_USE_HINT_32 && (MLD_CONFIG_PARAMETER_SET ==   \
+          65 || MLD_CONFIG_PARAMETER_SET == 87) */
+  mld_poly_use_hint_c(b, a, h);
+}
+
 /*************************************************
  * Name:        mld_rej_eta
  *
@@ -880,6 +894,7 @@ void mld_polyw1_pack(uint8_t r[MLDSA_POLYW1_PACKEDBYTES], const mld_poly *a)
  * Don't modify by hand -- this is auto-generated by scripts/autogen. */
 #undef mld_rej_eta
 #undef mld_poly_decompose_c
+#undef mld_poly_use_hint_c
 #undef POLY_UNIFORM_ETA_NBLOCKS
 #undef POLY_UNIFORM_ETA_NBLOCKS
 #undef POLY_UNIFORM_GAMMA1_NBLOCKS

proofs/cbmc/poly_use_hint/Makefile

@@ -20,7 +20,7 @@ PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
 PROJECT_SOURCES += $(SRCDIR)/mldsa/src/poly_kl.c
 
 CHECK_FUNCTION_CONTRACTS=$(MLD_NAMESPACE)poly_use_hint
-USE_FUNCTION_CONTRACTS=mld_use_hint
+USE_FUNCTION_CONTRACTS=mld_poly_use_hint_c
 APPLY_LOOP_CONTRACTS=on
 USE_DYNAMIC_FRAMES=1
 

proofs/cbmc/poly_use_hint_c/Makefile

@@ -0,0 +1,55 @@
+# Copyright (c) The mldsa-native project authors
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+include ../Makefile_params.common
+
+HARNESS_ENTRY = harness
+HARNESS_FILE = poly_use_hint_c_harness
+
+# This should be a unique identifier for this proof, and will appear on the
+# Litani dashboard. It can be human-readable and contain spaces if you wish.
+PROOF_UID = poly_use_hint_c
+
+DEFINES +=
+INCLUDES +=
+
+REMOVE_FUNCTION_BODY +=
+UNWINDSET +=
+
+PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
+PROJECT_SOURCES += $(SRCDIR)/mldsa/src/poly_kl.c
+
+CHECK_FUNCTION_CONTRACTS=mld_poly_use_hint_c
+USE_FUNCTION_CONTRACTS=mld_use_hint
+APPLY_LOOP_CONTRACTS=on
+USE_DYNAMIC_FRAMES=1
+
+# Disable any setting of EXTERNAL_SAT_SOLVER, and choose SMT backend instead
+EXTERNAL_SAT_SOLVER=
+CBMCFLAGS=--smt2
+
+FUNCTION_NAME = mld_poly_use_hint_c
+
+# If this proof is found to consume huge amounts of RAM, you can set the
+# EXPENSIVE variable. With new enough versions of the proof tools, this will
+# restrict the number of EXPENSIVE CBMC jobs running at once. See the
+# documentation in Makefile.common under the "Job Pools" heading for details.
+# EXPENSIVE = true
+
+# This function is large enough to need...
+CBMC_OBJECT_BITS = 8
+
+# If you require access to a file-local ("static") function or object to conduct
+# your proof, set the following (and do not include the original source file
+# ("mldsa/poly.c") in PROJECT_SOURCES).
+# REWRITTEN_SOURCES = $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i
+# include ../Makefile.common
+# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_SOURCE = $(SRCDIR)/mldsa/src/poly.c
+# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_FUNCTIONS = foo bar
+# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_OBJECTS = baz
+# Care is required with variables on the left-hand side: REWRITTEN_SOURCES must
+# be set before including Makefile.common, but any use of variables on the
+# left-hand side requires those variables to be defined. Hence, _SOURCE,
+# _FUNCTIONS, _OBJECTS is set after including Makefile.common.
+
+include ../Makefile.common

proofs/cbmc/poly_use_hint_c/poly_use_hint_c_harness.c

@@ -0,0 +1,15 @@
+// Copyright (c) The mldsa-native project authors
+// SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+#include "poly_kl.h"
+
+// Prototype for the function under test
+#define mld_poly_use_hint_c MLD_ADD_PARAM_SET(mld_poly_use_hint_c)
+void mld_poly_use_hint_c(mld_poly *b, mld_poly *a, mld_poly *h);
+
+
+void harness(void)
+{
+  mld_poly *a, *b, *h;
+  mld_poly_use_hint_c(b, a, h);
+}