Armv8.1-M: Add CFI directives for stack unwinding by mkannwischer · Pull Request #1558 · pq-code-package/mlkem-native

mkannwischer · 2026-02-09T14:04:55Z

Extend scripts/cfify with Armv8.1-M architecture support, handling
push/pop, vpush/vpop, sub/add sp, and bx lr.
Enable cfify for armv81m in scripts/autogen.

Resolves Armv8.1-M: Extend cfify for the Armv8.1-M backend #1517

Neither r3 nor r12 is callee-saved according to AAPCS. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

Extend scripts/cfify with Armv8.1-M architecture support, handling push/pop, vpush/vpop, sub/add sp, and bx lr. Enable cfify for armv81m in scripts/autogen. - Resolves #1517 Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

oqs-bot · 2026-02-09T14:24:41Z

CBMC Results (ML-KEM-512)

Full Results (151 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	1191s	1232s	-3.3%
`mlk_indcpa_keypair_derand`	✅	183s	190s	-4%
`mlk_indcpa_enc`	✅	161s	163s	-1%
`mlk_keccak_squeezeblocks_x4`	✅	151s	167s	-10%
`mlk_rej_uniform_c`	✅	75s	85s	-12%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	45s	41s	+10%
`mlk_poly_rej_uniform`	✅	42s	43s	-2%
`poly_ntt_native`	✅	27s	27s	+0%
`mlk_polyvec_add`	✅	26s	25s	+4%
`mlk_ntt_layer`	✅	22s	22s	+0%
`polyvec_basemul_acc_montgomery_cached_native`	✅	21s	21s	+0%
`keccakf1600x4_permute_native_x4`	✅	19s	18s	+6%
`mlk_poly_reduce_native`	✅	15s	17s	-12%
`mlk_indcpa_dec`	✅	10s	11s	-9%
`mlk_poly_sub`	✅	10s	9s	+11%
`mlk_keccak_absorb_once_x4`	✅	9s	8s	+12%
`mlk_ntt_butterfly_block`	✅	9s	9s	+0%
`mlk_poly_rej_uniform_x4`	✅	9s	8s	+12%
`mlk_keccak_squeeze_once`	✅	8s	7s	+14%
`mlk_keccak_squeezeblocks`	✅	7s	8s	-12%
`mlk_poly_frombytes_native`	✅	7s	10s	-30%
`poly_frombytes_native_x86_64`	✅	7s	4s	+75%
`mlk_poly_frommsg`	✅	6s	7s	-14%
`keccakf1600_permute_native`	✅	5s	5s	+0%
`kem_dec`	✅	5s	4s	+25%
`mlk_fqmul`	✅	5s	7s	-29%
`mlk_keccakf1600x4_xor_bytes`	✅	5s	2s	+150%
`mlk_poly_frombytes_c`	✅	5s	1s	+400%
`mlk_poly_getnoise_eta1_4x`	✅	5s	3s	+67%
`poly_getnoise_eta1122_4x_native`	✅	5s	3s	+67%
`kem_check_pk`	✅	4s	6s	-33%
`kem_enc`	✅	4s	2s	+100%
`mlk_check_pct`	✅	4s	4s	+0%
`mlk_invntt_layer`	✅	4s	6s	-33%
`mlk_keccak_absorb_once`	✅	4s	5s	-20%
`mlk_keccakf1600_permute`	✅	4s	4s	+0%
`mlk_poly_cbd_eta1`	✅	4s	4s	+0%
`mlk_poly_frombytes`	✅	4s	4s	+0%
`mlk_poly_mulcache_compute`	✅	4s	1s	+300%
`mlk_polymat_permute_bitrev_to_custom`	✅	4s	5s	-20%
`mlk_polyvec_compress_du`	✅	4s	4s	+0%
`mlk_scalar_signed_to_unsigned_q`	✅	4s	2s	+100%
`mlk_shake256x4`	✅	4s	4s	+0%
`ntt_native_aarch64`	✅	4s	1s	+300%
`ntt_native_x86_64`	✅	4s	2s	+100%
`poly_reduce_native_x86_64`	✅	4s	1s	+300%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	4s	1s	+300%
`keccak_f1600_x4_native_aarch64_v84a`	✅	3s	2s	+50%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	3s	3s	+0%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	3s	2s	+50%
`kem_check_sk`	✅	3s	3s	+0%
`kem_enc_derand`	✅	3s	4s	-25%
`mlk_barrett_reduce`	✅	3s	2s	+50%
`mlk_ct_cmask_nonzero_u8`	✅	3s	1s	+200%
`mlk_ct_get_optblocker_u32`	✅	3s	2s	+50%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	3s	2s	+50%
`mlk_keccakf1600_xor_bytes`	✅	3s	3s	+0%
`mlk_keccakf1600x4_extract_bytes`	✅	3s	2s	+50%
`mlk_montgomery_reduce`	✅	3s	2s	+50%
`mlk_poly_decompress_du`	✅	3s	2s	+50%
`mlk_poly_getnoise_eta1122_4x`	✅	3s	5s	-40%
`mlk_poly_getnoise_eta1_4x_native`	✅	3s	2s	+50%
`mlk_poly_tobytes_native`	✅	3s	2s	+50%
`mlk_poly_tomsg`	✅	3s	2s	+50%
`mlk_polyvec_decompress_du`	✅	3s	4s	-25%
`mlk_polyvec_invntt_tomont`	✅	3s	2s	+50%
`mlk_polyvec_ntt`	✅	3s	2s	+50%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	3s	2s	+50%
`mlk_polyvec_tobytes`	✅	3s	2s	+50%
`mlk_scalar_compress_d10`	✅	3s	4s	-25%
`mlk_scalar_compress_d5`	✅	3s	2s	+50%
`mlk_scalar_decompress_d5`	✅	3s	2s	+50%
`mlk_shake256`	✅	3s	2s	+50%
`nttunpack_native_x86_64`	✅	3s	3s	+0%
`poly_mulcache_compute_native_aarch64`	✅	3s	4s	-25%
`poly_mulcache_compute_native_x86_64`	✅	3s	4s	-25%
`rej_uniform_native`	✅	3s	3s	+0%
`rej_uniform_native_aarch64`	✅	3s	2s	+50%
`rej_uniform_native_x86_64`	✅	3s	2s	+50%
`sys_check_capability`	✅	3s	1s	+200%
`intt_native_x86_64`	✅	2s	4s	-50%
`keccak_f1600_x1_native_aarch64`	✅	2s	1s	+100%
`kem_keypair`	✅	2s	1s	+100%
`mlk_ct_cmov_zero`	✅	2s	2s	+0%
`mlk_ct_get_optblocker_i32`	✅	2s	2s	+0%
`mlk_ct_sel_int16`	✅	2s	3s	-33%
`mlk_ct_sel_uint8`	✅	2s	2s	+0%
`mlk_gen_matrix`	✅	2s	2s	+0%
`mlk_gen_matrix_serial`	✅	2s	3s	-33%
`mlk_keccakf1600_extract_bytes`	✅	2s	1s	+100%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	2s	2s	+0%
`mlk_keccakf1600x4_permute`	✅	2s	2s	+0%
`mlk_poly_add`	✅	2s	2s	+0%
`mlk_poly_cbd_eta2`	✅	2s	2s	+0%
`mlk_poly_compress_du`	✅	2s	3s	-33%
`mlk_poly_getnoise_eta2`	✅	2s	2s	+0%
`mlk_poly_invntt_tomont`	✅	2s	2s	+0%
`mlk_poly_invntt_tomont_c`	✅	2s	3s	-33%
`mlk_poly_mulcache_compute_c`	✅	2s	3s	-33%
`mlk_poly_mulcache_compute_native`	✅	2s	4s	-50%
`mlk_poly_ntt`	✅	2s	3s	-33%
`mlk_poly_reduce`	✅	2s	2s	+0%
`mlk_poly_reduce_c`	✅	2s	2s	+0%
`mlk_poly_tobytes`	✅	2s	3s	-33%
`mlk_poly_tobytes_c`	✅	2s	2s	+0%
`mlk_poly_tomont`	✅	2s	2s	+0%
`mlk_poly_tomont_c`	✅	2s	2s	+0%
`mlk_poly_tomont_native`	✅	2s	2s	+0%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	2s	3s	-33%
`mlk_polyvec_mulcache_compute`	✅	2s	2s	+0%
`mlk_polyvec_tomont`	✅	2s	4s	-50%
`mlk_rej_uniform`	✅	2s	4s	-50%
`mlk_scalar_compress_d1`	✅	2s	3s	-33%
`mlk_scalar_decompress_d11`	✅	2s	1s	+100%
`mlk_sha3_256`	✅	2s	1s	+100%
`mlk_shake128_absorb_once`	✅	2s	1s	+100%
`mlk_shake128_squeezeblocks`	✅	2s	5s	-60%
`mlk_shake128x4_absorb_once`	✅	2s	1s	+100%
`mlk_value_barrier_i32`	✅	2s	2s	+0%
`mlk_value_barrier_u32`	✅	2s	3s	-33%
`mlk_value_barrier_u8`	✅	2s	3s	-33%
`poly_invntt_tomont_native`	✅	2s	3s	-33%
`poly_tobytes_native_aarch64`	✅	2s	2s	+0%
`poly_tobytes_native_x86_64`	✅	2s	3s	-33%
`poly_tomont_native_aarch64`	✅	2s	4s	-50%
`poly_tomont_native_x86_64`	✅	2s	2s	+0%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	2s	4s	-50%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	2s	3s	-33%
`intt_native_aarch64`	✅	1s	2s	-50%
`keccak_f1600_x1_native_aarch64_v84a`	✅	1s	2s	-50%
`kem_keypair_derand`	✅	1s	3s	-67%
`mlk_ct_cmask_neg_i16`	✅	1s	2s	-50%
`mlk_ct_cmask_nonzero_u16`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_u8`	✅	1s	2s	-50%
`mlk_ct_memcmp`	✅	1s	1s	+0%
`mlk_matvec_mul`	✅	1s	2s	-50%
`mlk_poly_compress_dv`	✅	1s	3s	-67%
`mlk_poly_decompress_dv`	✅	1s	1s	+0%
`mlk_poly_ntt_c`	✅	1s	1s	+0%
`mlk_polyvec_frombytes`	✅	1s	3s	-67%
`mlk_polyvec_permute_bitrev_to_custom`	✅	1s	3s	-67%
`mlk_polyvec_reduce`	✅	1s	2s	-50%
`mlk_scalar_compress_d11`	✅	1s	2s	-50%
`mlk_scalar_compress_d4`	✅	1s	2s	-50%
`mlk_scalar_decompress_d10`	✅	1s	3s	-67%
`mlk_scalar_decompress_d4`	✅	1s	2s	-50%
`mlk_sha3_512`	✅	1s	3s	-67%
`mlk_shake128x4_squeezeblocks`	✅	1s	2s	-50%
`poly_reduce_native_aarch64`	✅	1s	1s	+0%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	1s	2s	-50%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	1s	2s	-50%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	1s	3s	-67%

oqs-bot · 2026-02-09T14:25:06Z

CBMC Results (ML-KEM-768)

Full Results (151 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	1380s	1424s	-3.1%
`mlk_indcpa_keypair_derand`	✅	255s	254s	+0%
`mlk_indcpa_enc`	✅	199s	217s	-8%
`mlk_keccak_squeezeblocks_x4`	✅	163s	160s	+2%
`mlk_rej_uniform_c`	✅	70s	81s	-14%
`polyvec_basemul_acc_montgomery_cached_native`	✅	55s	61s	-10%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	49s	54s	-9%
`mlk_poly_rej_uniform`	✅	37s	37s	+0%
`poly_ntt_native`	✅	37s	34s	+9%
`mlk_polyvec_add`	✅	31s	30s	+3%
`keccakf1600x4_permute_native_x4`	✅	20s	19s	+5%
`mlk_ntt_layer`	✅	19s	24s	-21%
`mlk_indcpa_dec`	✅	18s	17s	+6%
`mlk_poly_reduce_native`	✅	15s	16s	-6%
`mlk_keccak_absorb_once_x4`	✅	10s	9s	+11%
`mlk_ntt_butterfly_block`	✅	10s	10s	+0%
`mlk_poly_sub`	✅	10s	11s	-9%
`mlk_keccak_squeezeblocks`	✅	9s	8s	+12%
`kem_dec`	✅	8s	6s	+33%
`mlk_fqmul`	✅	8s	7s	+14%
`mlk_poly_frombytes_native`	✅	8s	9s	-11%
`mlk_poly_rej_uniform_x4`	✅	8s	7s	+14%
`keccakf1600_permute_native`	✅	6s	6s	+0%
`mlk_keccak_squeeze_once`	✅	6s	8s	-25%
`mlk_poly_frommsg`	✅	6s	7s	-14%
`mlk_polymat_permute_bitrev_to_custom`	✅	6s	8s	-25%
`mlk_gen_matrix`	✅	5s	6s	-17%
`mlk_invntt_layer`	✅	5s	5s	+0%
`mlk_keccak_absorb_once`	✅	5s	3s	+67%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	5s	3s	+67%
`nttunpack_native_x86_64`	✅	5s	3s	+67%
`mlk_barrett_reduce`	✅	4s	2s	+100%
`mlk_ct_cmask_nonzero_u16`	✅	4s	1s	+300%
`mlk_gen_matrix_serial`	✅	4s	6s	-33%
`mlk_keccakf1600_permute`	✅	4s	3s	+33%
`mlk_poly_compress_du`	✅	4s	4s	+0%
`mlk_poly_frombytes_c`	✅	4s	2s	+100%
`mlk_poly_ntt`	✅	4s	3s	+33%
`mlk_poly_ntt_c`	✅	4s	4s	+0%
`mlk_polyvec_ntt`	✅	4s	2s	+100%
`mlk_scalar_decompress_d5`	✅	4s	3s	+33%
`mlk_sha3_512`	✅	4s	2s	+100%
`mlk_shake128x4_absorb_once`	✅	4s	2s	+100%
`mlk_shake256x4`	✅	4s	5s	-20%
`poly_frombytes_native_x86_64`	✅	4s	4s	+0%
`poly_getnoise_eta1122_4x_native`	✅	4s	2s	+100%
`poly_invntt_tomont_native`	✅	4s	2s	+100%
`poly_tomont_native_aarch64`	✅	4s	2s	+100%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	4s	2s	+100%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	4s	4s	+0%
`keccak_f1600_x4_native_aarch64_v84a`	✅	3s	2s	+50%
`kem_check_pk`	✅	3s	4s	-25%
`kem_check_sk`	✅	3s	4s	-25%
`kem_keypair`	✅	3s	3s	+0%
`kem_keypair_derand`	✅	3s	1s	+200%
`mlk_check_pct`	✅	3s	3s	+0%
`mlk_ct_cmask_nonzero_u8`	✅	3s	2s	+50%
`mlk_keccakf1600x4_permute`	✅	3s	2s	+50%
`mlk_poly_cbd_eta2`	✅	3s	3s	+0%
`mlk_poly_getnoise_eta1_4x`	✅	3s	5s	-40%
`mlk_poly_getnoise_eta2`	✅	3s	3s	+0%
`mlk_poly_invntt_tomont`	✅	3s	2s	+50%
`mlk_poly_mulcache_compute`	✅	3s	3s	+0%
`mlk_poly_mulcache_compute_c`	✅	3s	4s	-25%
`mlk_poly_tobytes_c`	✅	3s	3s	+0%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	3s	2s	+50%
`mlk_polyvec_compress_du`	✅	3s	3s	+0%
`mlk_polyvec_decompress_du`	✅	3s	4s	-25%
`mlk_polyvec_frombytes`	✅	3s	1s	+200%
`mlk_polyvec_permute_bitrev_to_custom`	✅	3s	2s	+50%
`mlk_scalar_decompress_d4`	✅	3s	2s	+50%
`mlk_scalar_signed_to_unsigned_q`	✅	3s	4s	-25%
`mlk_shake256`	✅	3s	2s	+50%
`mlk_value_barrier_i32`	✅	3s	3s	+0%
`mlk_value_barrier_u32`	✅	3s	1s	+200%
`ntt_native_x86_64`	✅	3s	2s	+50%
`poly_mulcache_compute_native_aarch64`	✅	3s	3s	+0%
`poly_reduce_native_x86_64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	3s	1s	+200%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	3s	3s	+0%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	3s	3s	+0%
`rej_uniform_native_x86_64`	✅	3s	3s	+0%
`sys_check_capability`	✅	3s	1s	+200%
`intt_native_aarch64`	✅	2s	2s	+0%
`keccak_f1600_x1_native_aarch64`	✅	2s	4s	-50%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	2s	2s	+0%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	2s	2s	+0%
`kem_enc`	✅	2s	2s	+0%
`kem_enc_derand`	✅	2s	2s	+0%
`mlk_ct_cmask_neg_i16`	✅	2s	2s	+0%
`mlk_ct_get_optblocker_i32`	✅	2s	1s	+100%
`mlk_ct_memcmp`	✅	2s	5s	-60%
`mlk_ct_sel_int16`	✅	2s	3s	-33%
`mlk_ct_sel_uint8`	✅	2s	4s	-50%
`mlk_keccakf1600_extract_bytes`	✅	2s	2s	+0%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	2s	2s	+0%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	2s	1s	+100%
`mlk_matvec_mul`	✅	2s	1s	+100%
`mlk_montgomery_reduce`	✅	2s	1s	+100%
`mlk_poly_add`	✅	2s	1s	+100%
`mlk_poly_cbd_eta1`	✅	2s	5s	-60%
`mlk_poly_compress_dv`	✅	2s	5s	-60%
`mlk_poly_decompress_du`	✅	2s	3s	-33%
`mlk_poly_frombytes`	✅	2s	1s	+100%
`mlk_poly_getnoise_eta1122_4x`	✅	2s	2s	+0%
`mlk_poly_getnoise_eta1_4x_native`	✅	2s	3s	-33%
`mlk_poly_invntt_tomont_c`	✅	2s	2s	+0%
`mlk_poly_tomont`	✅	2s	2s	+0%
`mlk_poly_tomont_c`	✅	2s	3s	-33%
`mlk_poly_tomont_native`	✅	2s	3s	-33%
`mlk_poly_tomsg`	✅	2s	3s	-33%
`mlk_polyvec_invntt_tomont`	✅	2s	3s	-33%
`mlk_polyvec_mulcache_compute`	✅	2s	3s	-33%
`mlk_polyvec_reduce`	✅	2s	3s	-33%
`mlk_polyvec_tomont`	✅	2s	1s	+100%
`mlk_rej_uniform`	✅	2s	2s	+0%
`mlk_scalar_compress_d1`	✅	2s	2s	+0%
`mlk_scalar_compress_d10`	✅	2s	2s	+0%
`mlk_scalar_compress_d5`	✅	2s	1s	+100%
`mlk_scalar_decompress_d10`	✅	2s	2s	+0%
`mlk_scalar_decompress_d11`	✅	2s	3s	-33%
`mlk_shake128_squeezeblocks`	✅	2s	1s	+100%
`mlk_shake128x4_squeezeblocks`	✅	2s	3s	-33%
`mlk_value_barrier_u8`	✅	2s	3s	-33%
`ntt_native_aarch64`	✅	2s	3s	-33%
`poly_mulcache_compute_native_x86_64`	✅	2s	1s	+100%
`poly_reduce_native_aarch64`	✅	2s	1s	+100%
`poly_tobytes_native_aarch64`	✅	2s	1s	+100%
`poly_tobytes_native_x86_64`	✅	2s	4s	-50%
`poly_tomont_native_x86_64`	✅	2s	2s	+0%
`rej_uniform_native_aarch64`	✅	2s	3s	-33%
`intt_native_x86_64`	✅	1s	3s	-67%
`keccak_f1600_x1_native_aarch64_v84a`	✅	1s	3s	-67%
`mlk_ct_cmov_zero`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_u32`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_u8`	✅	1s	4s	-75%
`mlk_keccakf1600_xor_bytes`	✅	1s	2s	-50%
`mlk_keccakf1600x4_extract_bytes`	✅	1s	3s	-67%
`mlk_keccakf1600x4_xor_bytes`	✅	1s	1s	+0%
`mlk_poly_decompress_dv`	✅	1s	1s	+0%
`mlk_poly_mulcache_compute_native`	✅	1s	3s	-67%
`mlk_poly_reduce`	✅	1s	3s	-67%
`mlk_poly_reduce_c`	✅	1s	1s	+0%
`mlk_poly_tobytes`	✅	1s	3s	-67%
`mlk_poly_tobytes_native`	✅	1s	2s	-50%
`mlk_polyvec_tobytes`	✅	1s	3s	-67%
`mlk_scalar_compress_d11`	✅	1s	1s	+0%
`mlk_scalar_compress_d4`	✅	1s	2s	-50%
`mlk_sha3_256`	✅	1s	3s	-67%
`mlk_shake128_absorb_once`	✅	1s	4s	-75%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	1s	2s	-50%
`rej_uniform_native`	✅	1s	2s	-50%

oqs-bot · 2026-02-09T14:44:36Z

CBMC Results (ML-KEM-1024)

Full Results (151 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	2671s	2514s	+6.2%
`mlk_indcpa_enc`	✅	1493s	1270s	+18%
`mlk_indcpa_keypair_derand`	✅	207s	222s	-7%
`mlk_keccak_squeezeblocks_x4`	✅	148s	154s	-4%
`polyvec_basemul_acc_montgomery_cached_native`	✅	114s	127s	-10%
`mlk_rej_uniform_c`	✅	65s	72s	-10%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	56s	58s	-3%
`mlk_poly_rej_uniform`	✅	31s	33s	-6%
`mlk_poly_decompress_dv`	✅	22s	22s	+0%
`poly_ntt_native`	✅	22s	26s	-15%
`keccakf1600x4_permute_native_x4`	✅	19s	21s	-10%
`mlk_ntt_layer`	✅	17s	26s	-35%
`mlk_indcpa_dec`	✅	16s	20s	-20%
`mlk_poly_reduce_native`	✅	15s	17s	-12%
`mlk_polyvec_ntt`	✅	13s	16s	-19%
`mlk_polyvec_add`	✅	12s	11s	+9%
`mlk_keccak_absorb_once_x4`	✅	11s	8s	+38%
`mlk_poly_compress_du`	✅	10s	7s	+43%
`mlk_poly_sub`	✅	10s	11s	-9%
`mlk_gen_matrix`	✅	8s	7s	+14%
`mlk_keccak_squeeze_once`	✅	8s	6s	+33%
`mlk_keccak_squeezeblocks`	✅	8s	9s	-11%
`mlk_ntt_butterfly_block`	✅	8s	9s	-11%
`mlk_poly_frombytes_native`	✅	8s	10s	-20%
`mlk_poly_rej_uniform_x4`	✅	8s	8s	+0%
`keccakf1600_permute_native`	✅	7s	6s	+17%
`mlk_gen_matrix_serial`	✅	6s	6s	+0%
`poly_frombytes_native_x86_64`	✅	6s	4s	+50%
`kem_check_pk`	✅	5s	4s	+25%
`mlk_fqmul`	✅	5s	5s	+0%
`mlk_poly_mulcache_compute_c`	✅	5s	1s	+400%
`mlk_polyvec_permute_bitrev_to_custom`	✅	5s	2s	+150%
`mlk_shake256x4`	✅	5s	4s	+25%
`mlk_value_barrier_u32`	✅	5s	1s	+400%
`mlk_value_barrier_u8`	✅	5s	5s	+0%
`poly_tobytes_native_x86_64`	✅	5s	4s	+25%
`kem_dec`	✅	4s	5s	-20%
`mlk_ct_get_optblocker_u32`	✅	4s	3s	+33%
`mlk_invntt_layer`	✅	4s	6s	-33%
`mlk_keccak_absorb_once`	✅	4s	3s	+33%
`mlk_keccakf1600_permute`	✅	4s	5s	-20%
`mlk_poly_frommsg`	✅	4s	7s	-43%
`mlk_poly_ntt`	✅	4s	4s	+0%
`mlk_poly_tomont_native`	✅	4s	3s	+33%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	4s	3s	+33%
`mlk_polyvec_compress_du`	✅	4s	2s	+100%
`mlk_polyvec_mulcache_compute`	✅	4s	2s	+100%
`mlk_scalar_compress_d5`	✅	4s	4s	+0%
`poly_mulcache_compute_native_aarch64`	✅	4s	2s	+100%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	4s	1s	+300%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	4s	2s	+100%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	4s	1s	+300%
`keccak_f1600_x1_native_aarch64`	✅	3s	5s	-40%
`keccak_f1600_x1_native_aarch64_v84a`	✅	3s	2s	+50%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	3s	3s	+0%
`kem_check_sk`	✅	3s	2s	+50%
`kem_enc_derand`	✅	3s	4s	-25%
`mlk_barrett_reduce`	✅	3s	2s	+50%
`mlk_check_pct`	✅	3s	3s	+0%
`mlk_ct_cmov_zero`	✅	3s	1s	+200%
`mlk_ct_sel_int16`	✅	3s	2s	+50%
`mlk_keccakf1600_extract_bytes`	✅	3s	1s	+200%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	3s	2s	+50%
`mlk_keccakf1600x4_extract_bytes`	✅	3s	1s	+200%
`mlk_keccakf1600x4_permute`	✅	3s	1s	+200%
`mlk_matvec_mul`	✅	3s	2s	+50%
`mlk_poly_cbd_eta1`	✅	3s	1s	+200%
`mlk_poly_decompress_du`	✅	3s	4s	-25%
`mlk_poly_frombytes_c`	✅	3s	2s	+50%
`mlk_poly_getnoise_eta1_4x`	✅	3s	3s	+0%
`mlk_poly_mulcache_compute`	✅	3s	2s	+50%
`mlk_poly_reduce_c`	✅	3s	4s	-25%
`mlk_poly_tobytes_c`	✅	3s	2s	+50%
`mlk_poly_tomsg`	✅	3s	3s	+0%
`mlk_polymat_permute_bitrev_to_custom`	✅	3s	6s	-50%
`mlk_polyvec_decompress_du`	✅	3s	2s	+50%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	3s	5s	-40%
`mlk_polyvec_tomont`	✅	3s	4s	-25%
`mlk_scalar_compress_d1`	✅	3s	2s	+50%
`mlk_scalar_decompress_d10`	✅	3s	3s	+0%
`mlk_scalar_decompress_d4`	✅	3s	2s	+50%
`mlk_sha3_256`	✅	3s	3s	+0%
`mlk_shake128_squeezeblocks`	✅	3s	2s	+50%
`ntt_native_aarch64`	✅	3s	3s	+0%
`nttunpack_native_x86_64`	✅	3s	2s	+50%
`poly_getnoise_eta1122_4x_native`	✅	3s	2s	+50%
`poly_invntt_tomont_native`	✅	3s	3s	+0%
`poly_mulcache_compute_native_x86_64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	3s	3s	+0%
`rej_uniform_native_aarch64`	✅	3s	3s	+0%
`intt_native_aarch64`	✅	2s	2s	+0%
`intt_native_x86_64`	✅	2s	4s	-50%
`keccak_f1600_x4_native_aarch64_v84a`	✅	2s	1s	+100%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	2s	1s	+100%
`kem_enc`	✅	2s	3s	-33%
`kem_keypair`	✅	2s	2s	+0%
`mlk_ct_cmask_neg_i16`	✅	2s	2s	+0%
`mlk_ct_cmask_nonzero_u16`	✅	2s	3s	-33%
`mlk_ct_cmask_nonzero_u8`	✅	2s	2s	+0%
`mlk_ct_get_optblocker_i32`	✅	2s	3s	-33%
`mlk_ct_get_optblocker_u8`	✅	2s	3s	-33%
`mlk_ct_memcmp`	✅	2s	2s	+0%
`mlk_ct_sel_uint8`	✅	2s	1s	+100%
`mlk_keccakf1600_xor_bytes`	✅	2s	2s	+0%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	2s	2s	+0%
`mlk_keccakf1600x4_xor_bytes`	✅	2s	2s	+0%
`mlk_montgomery_reduce`	✅	2s	2s	+0%
`mlk_poly_compress_dv`	✅	2s	1s	+100%
`mlk_poly_frombytes`	✅	2s	2s	+0%
`mlk_poly_getnoise_eta1_4x_native`	✅	2s	5s	-60%
`mlk_poly_getnoise_eta2`	✅	2s	3s	-33%
`mlk_poly_invntt_tomont`	✅	2s	3s	-33%
`mlk_poly_mulcache_compute_native`	✅	2s	2s	+0%
`mlk_poly_tomont`	✅	2s	1s	+100%
`mlk_poly_tomont_c`	✅	2s	2s	+0%
`mlk_polyvec_frombytes`	✅	2s	2s	+0%
`mlk_polyvec_invntt_tomont`	✅	2s	4s	-50%
`mlk_polyvec_reduce`	✅	2s	3s	-33%
`mlk_polyvec_tobytes`	✅	2s	2s	+0%
`mlk_rej_uniform`	✅	2s	2s	+0%
`mlk_scalar_compress_d10`	✅	2s	3s	-33%
`mlk_scalar_decompress_d5`	✅	2s	3s	-33%
`mlk_sha3_512`	✅	2s	3s	-33%
`mlk_shake128_absorb_once`	✅	2s	3s	-33%
`mlk_shake128x4_squeezeblocks`	✅	2s	2s	+0%
`mlk_shake256`	✅	2s	2s	+0%
`mlk_value_barrier_i32`	✅	2s	2s	+0%
`poly_reduce_native_x86_64`	✅	2s	4s	-50%
`poly_tomont_native_aarch64`	✅	2s	1s	+100%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	2s	3s	-33%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	2s	2s	+0%
`rej_uniform_native`	✅	2s	4s	-50%
`rej_uniform_native_x86_64`	✅	2s	2s	+0%
`kem_keypair_derand`	✅	1s	2s	-50%
`mlk_poly_add`	✅	1s	3s	-67%
`mlk_poly_cbd_eta2`	✅	1s	3s	-67%
`mlk_poly_getnoise_eta1122_4x`	✅	1s	3s	-67%
`mlk_poly_invntt_tomont_c`	✅	1s	4s	-75%
`mlk_poly_ntt_c`	✅	1s	2s	-50%
`mlk_poly_reduce`	✅	1s	2s	-50%
`mlk_poly_tobytes`	✅	1s	3s	-67%
`mlk_poly_tobytes_native`	✅	1s	2s	-50%
`mlk_scalar_compress_d11`	✅	1s	2s	-50%
`mlk_scalar_compress_d4`	✅	1s	2s	-50%
`mlk_scalar_decompress_d11`	✅	1s	2s	-50%
`mlk_scalar_signed_to_unsigned_q`	✅	1s	3s	-67%
`mlk_shake128x4_absorb_once`	✅	1s	3s	-67%
`ntt_native_x86_64`	✅	1s	2s	-50%
`poly_reduce_native_aarch64`	✅	1s	2s	-50%
`poly_tobytes_native_aarch64`	✅	1s	4s	-75%
`poly_tomont_native_x86_64`	✅	1s	2s	-50%
`sys_check_capability`	✅	1s	1s	+0%

Extend scripts/cfify with Armv8.1-M architecture support, handling push/pop, vpush/vpop, sub/add sp, and bx lr. Enable cfify for armv81m in scripts/autogen. Also removes pushing/poping r3 and r12 in keccak_f1600_x4_mve_asm - they do not have to be preserved according ot the AAPCS. - Ports pq-code-package/mlkem-native#1558 Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

mkannwischer added 2 commits February 9, 2026 22:02

Armv8.1-M: Remove unused r3 and r12 from push/pop in Keccak x4

bc1f313

Neither r3 nor r12 is callee-saved according to AAPCS. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

mkannwischer added the needs-mldsa-native-port label Feb 9, 2026

mkannwischer marked this pull request as ready for review February 10, 2026 01:57

mkannwischer requested a review from a team as a code owner February 10, 2026 01:57

mkannwischer mentioned this pull request Feb 11, 2026

Armv8.1-M: Add CFI directives for stack unwinding pq-code-package/mldsa-native#961

Draft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Armv8.1-M: Add CFI directives for stack unwinding #1558

Armv8.1-M: Add CFI directives for stack unwinding #1558
mkannwischer wants to merge 2 commits intomainfrom
armv8-cfify

mkannwischer commented Feb 9, 2026

oqs-bot commented Feb 9, 2026

oqs-bot commented Feb 9, 2026

oqs-bot commented Feb 9, 2026

Labels

2 participants

Conversation

mkannwischer commented Feb 9, 2026

oqs-bot commented Feb 9, 2026

CBMC Results (ML-KEM-512)

oqs-bot commented Feb 9, 2026

CBMC Results (ML-KEM-768)

oqs-bot commented Feb 9, 2026

CBMC Results (ML-KEM-1024)

Labels

2 participants