Add Runtime dispatch based on custom CPU capabilities function #607
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
willieyz
changed the title
willieyz
force-pushed
the
runtime-dispatch
branch
5 times, most recently
from
6332a01 to
b0ac532
Compare
This was referenced Nov 4, 2025
willieyz
force-pushed
the
runtime-dispatch
branch
22 times, most recently
from
74996f5 to
3e7a817
Compare
hanno-becker
requested changes
Nov 20, 2025
Contributor
hanno-becker
left a comment
hanno-becker
left a comment
There was a problem hiding this comment.
Thanks a lot @willieyz for all your work!
Overall, it looks good, but there are a few points we may want to refine:
- As @mkannwischer mentions, some SHA3 guards in the AArch64 FIPS202 are unnecessary.
- We need documentation in the native backend that the decision whether to fall back or not must not depend on the input data. This is part of the contract between frontend and backend.
- There is a lot of duplicated post-conditions now which we may want to remove.
mkannwischer
requested changes
Nov 20, 2025
Contributor
The next step is going to be to hoist out the C versions to separate functions to unblock the backend unit tests. |
willieyz
force-pushed
the
runtime-dispatch
branch
from
7cd48f2 to
714c943
Compare
mkannwischer
requested changes
Nov 21, 2025
Contributor
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thanks @willieyz. Two small changes and then I think this is good to go.
willieyz
force-pushed
the
runtime-dispatch
branch
3 times, most recently
from
315c4ef to
ac5ced9
Compare
mkannwischer
approved these changes
Nov 21, 2025
Contributor
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thank you @willieyz. This is a great improvement and will enable integrating the x86_64 backend into AWS-LC eventually.
willieyz
force-pushed
the
runtime-dispatch
branch
from
ac5ced9 to
bda2e6b
Compare
…te_bitrev_to_custom) - Change mld_ntt_native() return type from void to int - Add runtime capability checking with fallback support - Implement dispatch logic in mld_poly_ntt() to try native first, fallback to C - Add MLD_NATIVE_FUNC_SUCCESS/FALLBACK return codes - Add mld_sys_check_capability() for system capability detection - Add test configuration for AVX2, static ON/OFF, add to CI test. Signed-off-by: willieyz <willie.zhao@chelpis.com>
…a4_native) Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
The inputs to chknorm are potentially secret. However, it is fine (and unavoidable) to leak if chknorm return 0 or 1 (i.e., if all coeffs are within bound or not). The declassification of that currently happens in sign.c. However, for the run-time dispatch we require to branch depending on whether mld_poly_chknorm_native returns MLD_NATIVE_FUNC_FALLBACK (-1) or not to signal that the platform does not have the required capabilities to run the native code (and we should hence fallback to the C code). This commit adds a declassification of (ret == FALLBACK) which is sufficient to make this code pass the constant time tests. The declassification of the actual value (0/1) remains in sign.c to be consistent with the C implementation. Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
…native) Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com> add changes Signed-off-by: willieyz <willie.zhao@chelpis.com>
hanno-becker
force-pushed
the
runtime-dispatch
branch
from
bda2e6b to
23a88fc
Compare
hanno-becker
approved these changes
Nov 21, 2025
Contributor
hanno-becker
left a comment
hanno-becker
left a comment
There was a problem hiding this comment.
Thank you @willieyz, this is great. LGTM
This was referenced Nov 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR made following changes:
CBMC-related changes, including adding the CBMC proof for sys_check_capability, will be added in a separate PR (tracked by issue #723).
Additional changes discovered during PR progress, related with
mld_poly_chknorm:mld_poly_chknormhas been adjusted to properly signal fallback, instead of directly using 0 or -1.This distinction allows the runtime to detect when to fallback to the C implementation.
(ret == FALLBACK)to make this code pass the constant time tests.