CBMC: Simplify specification for native basemul implementations

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>

Author: hanno-becker

dev/aarch64_clean/src/arith_native_aarch64.h

@@ -63,7 +63,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 2 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 2 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 2 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -81,7 +81,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 3 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 3 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 3 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -99,7 +99,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 4 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 4 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 4 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 

dev/aarch64_opt/src/arith_native_aarch64.h

@@ -63,7 +63,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 2 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 2 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 2 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -81,7 +81,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 3 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 3 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 3 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -99,7 +99,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 4 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 4 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 4 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 

mlkem/native/aarch64/src/arith_native_aarch64.h

@@ -63,7 +63,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 2 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 2 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 2 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 2 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -81,7 +81,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 3 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 3 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 3 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 3 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 
@@ -99,7 +99,7 @@ __contract__(
     requires(memory_no_alias(a, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b, sizeof(int16_t) * 4 * MLKEM_N))
     requires(memory_no_alias(b_cache, sizeof(int16_t) * 4 * (MLKEM_N / 2)))
-    requires(array_bound(a, 0, 4 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
+    requires(array_abs_bound(a, 0, 4 * MLKEM_N, MLKEM_UINT12_LIMIT + 1))
     assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 

mlkem/native/api.h

@@ -242,17 +242,7 @@ __contract__(
   requires(memory_no_alias(a, sizeof(int16_t) * 2 * MLKEM_N))
   requires(memory_no_alias(b, sizeof(int16_t) * 2 * MLKEM_N))
   requires(memory_no_alias(b_cache, sizeof(int16_t) * 2 * (MLKEM_N / 2)))
-  /* Because of https://github.com/diffblue/cbmc/issues/8570, we can't
-   * just use a single flattened array_bound(...) here.
-   *
-   * Once fixed, change to:
-   * ```
-   * requires(array_bound(a, 0, 2 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
-   * ```
-   */
-  requires(forall(kN, 0, 2,					  \
-              array_bound(&((int16_t(*)[MLKEM_N])(a))[kN][0], 0, MLKEM_N, \
-			  0, MLKEM_UINT12_LIMIT)))
+  requires(array_bound(a, 0, 2 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
   assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 2 */
@@ -285,17 +275,7 @@ __contract__(
   requires(memory_no_alias(a, sizeof(int16_t) * 3 * MLKEM_N))
   requires(memory_no_alias(b, sizeof(int16_t) * 3 * MLKEM_N))
   requires(memory_no_alias(b_cache, sizeof(int16_t) * 3 * (MLKEM_N / 2)))
-  /* Because of https://github.com/diffblue/cbmc/issues/8570, we can't
-   * just use a single flattened array_bound(...) here.
-   *
-   * Once fixed, change to:
-   * ```
-   * requires(array_bound(a, 0, 3 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
-   * ```
-   */
-  requires(forall(kN, 0, 3,					  \
-              array_bound(&((int16_t(*)[MLKEM_N])(a))[kN][0], 0, MLKEM_N, \
-			  0, MLKEM_UINT12_LIMIT)))
+  requires(array_bound(a, 0, 3 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
   assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 3 */
@@ -328,17 +308,7 @@ __contract__(
   requires(memory_no_alias(a, sizeof(int16_t) * 4 * MLKEM_N))
   requires(memory_no_alias(b, sizeof(int16_t) * 4 * MLKEM_N))
   requires(memory_no_alias(b_cache, sizeof(int16_t) * 4 * (MLKEM_N / 2)))
-  /* Because of https://github.com/diffblue/cbmc/issues/8570, we can't
-   * just use a single flattened array_bound(...) here.
-   *
-   * Once fixed, change to:
-   * ```
-   * requires(array_bound(a, 0, 4 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
-   * ```
-   */
-  requires(forall(kN, 0, 4,					  \
-              array_bound(&((int16_t(*)[MLKEM_N])(a))[kN][0], 0, MLKEM_N, \
-			  0, MLKEM_UINT12_LIMIT)))
+  requires(array_bound(a, 0, 4 * MLKEM_N, 0, MLKEM_UINT12_LIMIT))
   assigns(memory_slice(r, sizeof(int16_t) * MLKEM_N))
 );
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 4 */

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml

@@ -378,7 +378,8 @@ let poly_basemul_acc_montgomery_cached_k2_SPEC = prove(poly_basemul_acc_montgome
     CONV_TAC INT_RING
 );;
 
-(* NOTE: This needs to be kept in sync with the CBMC spec in native/api.h *)
+(* NOTE: This needs to be kept in sync with the CBMC spec in
+ * mlkem/native/aarch64/src/arith_native_aarch64.h *)
 let poly_basemul_acc_montgomery_cached_k2_SPEC' = prove(
    `forall srcA srcB srcBt dst x0 y0 y0t x1 y1 y1t pc returnaddress stackpointer.
       aligned 16 stackpointer /\

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml

@@ -442,7 +442,8 @@ let basemul3_odd = define
     CONV_TAC INT_RING
   );;
 
- (* NOTE: This needs to be kept in sync with the CBMC spec in native/api.h *)
+ (* NOTE: This needs to be kept in sync with the CBMC spec in
+  * mlkem/native/aarch64/src/arith_native_aarch64.h *)
  let poly_basemul_acc_montgomery_cached_k3_SPEC' = prove(
     `forall srcA srcB srcBt dst x0 y0 y0t x1 y1 y1t x2 y2 y2t pc returnaddress stackpointer.
        aligned 16 stackpointer /\

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml

@@ -508,7 +508,8 @@ let basemul4_odd = define
     CONV_TAC INT_RING
    );;
 
-  (* NOTE: This needs to be kept in sync with the CBMC spec in native/api.h *)
+  (* NOTE: This needs to be kept in sync with the CBMC spec in
+   * mlkem/native/aarch64/src/arith_native_aarch64.h *)
   let poly_basemul_acc_montgomery_cached_k4_SPEC' = prove(
      `forall srcA srcB srcBt dst x0 y0 y0t x1 y1 y1t x2 y2 y2t x3 y3 y3t pc returnaddress stackpointer.
         aligned 16 stackpointer /\