Conversation
Contributor
CBMC Results (ML-KEM-768)Full Results (187 proofs)
|
Contributor
CBMC Results (ML-KEM-512)Full Results (187 proofs)
|
Contributor
CBMC Results (ML-KEM-1024)Full Results (187 proofs)
|
L-series
changed the title
L-series
force-pushed
the
HOL-Light-CI
branch
2 times, most recently
from
724e0b1 to
9a3e91a
Compare
Contributor
Author
|
Modified the two remaining occurences of _MEMSAFE to _SAFE in order to fit the expected format for aarch proofs. |
L-series
force-pushed
the
HOL-Light-CI
branch
2 times, most recently
from
25cad96 to
3e258d8
Compare
mkannwischer
requested changes
Apr 2, 2026
Contributor
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thanks @L-series - I left a couple of comments.
This PR actually takes another approach that I had in mind: I thought that after running each HOL-Light proof we check for the expected theorems to be present.
The approach implemented here is more like a linter. But I support the addition!
The -a flag is highly appreciated - thank you!
scripts/check-theorems
Outdated
| [[ $ARCH == "x86_64" && $routine == "mlkem_rej_uniform" ]] && suffixes=("CORRECT") | ||
|
|
||
| for sfx in "${suffixes[@]}"; do | ||
| if ! grep -q "_${sfx}" "$PROOFS_DIR/${routine}.ml"; then |
Contributor
There was a problem hiding this comment.
can you actually grep for {suffix} = prove or {suffix} = time prove?
Contributor
Author
There was a problem hiding this comment.
Done, however please note that I modified some of the proofs as they included double whitespaces before the = prove. I opted for this as it seems cleaner than having a more complicated regexp. As an aside, perhaps there is some tool to apply standard formatting onto the *.ml files?
This commit introduces two new flags to the hol_light command of the tests script. The first allows user specification of which architecture to run/list the proofs for and the second allows for entering the nix cross-compilation devshell for that architecture. If either are not passed, the behavior is unchanged. Signed-off-by: Andreas Hatziiliou <andreas.hatziiliou@savoirfairelinux.com>
We add a check to the linting script called check-theorems that ensures that all HOL-Light proofs provide the expected set of theorems depending on the architecture. Signed-off-by: Andreas Hatziiliou <andreas.hatziiliou@savoirfairelinux.com>
Contributor
Author
Thank you for the review! Indeed, the idea I had in mind was that one should avoid using compute on proofs which do not contain the required theorems. However, I see now that there is still value running the HOL CI even if the routine is only partially proven. |
mkannwischer
requested changes
Apr 3, 2026
Contributor
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thanks @L-series for the changes! I'm happy with the overall approach now.
Two comments still need to be addressed. Thank you!
| if [[ $arch == "x86_64" && ${routine} == "mlkem_rej_uniform" ]]; then | ||
| suffixes=("CORRECT") | ||
| elif [[ $arch == "x86_64" ]]; then | ||
| suffixes+=("SUBROUTINE_CORRECT" "NOIBT_SUBROUTINE_CORRECT" "NOIBT_SUBROUTINE_SAFE") |
Contributor
There was a problem hiding this comment.
I tried removing the SUBROUTINE_SAFE proof from the mlkem_poly_compress_d4.ml proof and the script did not catch it. Is that because NOIBT_SUBROUTINE_SAFE matches the SUBROUTINE_SAFE suffix? That should be fixed.
We can actually check the full theorem name, not just the suffix. It should be possible to derive the theorem names from the file names - we should enforce that and adjust theorem names where needed.
Comment on lines
+308
to
+309
| if [[ $arch == "x86_64" && ${routine} == "mlkem_rej_uniform" ]]; then | ||
| suffixes=("CORRECT") |
Contributor
There was a problem hiding this comment.
Why is there this exceptions? There are memory safety proofs for this routine?
mkannwischer
reviewed
Apr 3, 2026
| (* ========================================================================= *) | ||
|
|
||
| let MLKEM_REJ_UNIFORM_MEMSAFE = prove | ||
| let MLKEM_REJ_UNIFORM_SAFE = prove |
Contributor
There was a problem hiding this comment.
This was intentionally named this way and I would prefer to keep it like that because we do not have any constant time proofs at this time.
Can you implement it as: if mlkem_rej_uniform then MEMSAFE else SAFE? That would be better, I believe.
Contributor
|
@L-series, gentle ping. Could you please adjust this PR so we can get this merged? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit aims to resolve the two following issues:
testsscript to allow cross-platform proof checking #1585Note that the
check-theoremsscript will currently fail the HOL-Light CI because for AArch, the naming convention for the memory safety proof (usually _SAFE) is not respected inmlkem_rej_uniform(it uses _MEMSAFE). @hanno-becker please advise if I should modify this.