HOL-Light: Avoid hardcoded lengths in HOL-Light proof scripts

Previously, the HOL-Light proof scripts contained various hardcoded
constants related to the length of the code under proof, as well as
the lengths of preamble and postamble (stack spill and restore).

This commit replaces those hardcoded numerals with symbolic definitions.
As a result, SLOTHY re-optimization should now no longer require a proof
script change beyond the update of the byte code which is done by `autogen`
already.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>

Author: hanno-becker

proofs/hol_light/arm/proofs/mlkem_intt.ml

@@ -547,6 +547,32 @@ let mlkem_intt_mc = define_assert_from_elf
 
 let MLKEM_INTT_EXEC = ARM_MK_EXEC_RULE mlkem_intt_mc;;
 
+(* ------------------------------------------------------------------------- *)
+(* Code length constants                                                     *)
+(* ------------------------------------------------------------------------- *)
+
+let LENGTH_MLKEM_INTT_MC =
+  REWRITE_CONV[mlkem_intt_mc] `LENGTH mlkem_intt_mc`
+  |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+let MLKEM_INTT_PREAMBLE_LENGTH = new_definition
+  `MLKEM_INTT_PREAMBLE_LENGTH = 20`;;
+
+let MLKEM_INTT_POSTAMBLE_LENGTH = new_definition
+  `MLKEM_INTT_POSTAMBLE_LENGTH = 24`;;
+
+let MLKEM_INTT_CORE_START = new_definition
+  `MLKEM_INTT_CORE_START = MLKEM_INTT_PREAMBLE_LENGTH`;;
+
+let MLKEM_INTT_CORE_END = new_definition
+  `MLKEM_INTT_CORE_END = LENGTH mlkem_intt_mc - MLKEM_INTT_POSTAMBLE_LENGTH`;;
+
+let LENGTH_SIMPLIFY_CONV =
+  REWRITE_CONV[LENGTH_MLKEM_INTT_MC;
+              MLKEM_INTT_CORE_START; MLKEM_INTT_CORE_END;
+              MLKEM_INTT_PREAMBLE_LENGTH; MLKEM_INTT_POSTAMBLE_LENGTH] THENC
+  NUM_REDUCE_CONV THENC REWRITE_CONV [ADD_0];;
+
 let intt_constants = define
  `intt_constants z_12345 z_67 s <=>
         (!i. i < 80
@@ -564,16 +590,16 @@ let intt_constants = define
 let MLKEM_INTT_CORRECT = prove
  (`!a z_12345 z_67 x pc.
       ALL (nonoverlapping (a,512))
-          [(word pc,0x828); (z_12345,160); (z_67,768)]
+          [(word pc,LENGTH mlkem_intt_mc); (z_12345,160); (z_67,768)]
       ==> ensures arm
            (\s. aligned_bytes_loaded s (word pc) mlkem_intt_mc /\
-                read PC s = word (pc + 0x14) /\
+                read PC s = word (pc + MLKEM_INTT_CORE_START) /\
                 C_ARGUMENTS [a; z_12345; z_67] s /\
                 intt_constants z_12345 z_67 s /\
                 !i. i < 256
                     ==> read(memory :> bytes16(word_add a (word(2 * i)))) s =
                         x i)
-           (\s. read PC s = word(pc + 0x810) /\
+           (\s. read PC s = word(pc + MLKEM_INTT_CORE_END) /\
                 !i. i < 256
                     ==> let zi =
                          read(memory :> bytes16(word_add a (word(2 * i)))) s in
@@ -582,6 +608,7 @@ let MLKEM_INTT_CORRECT = prove
            (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
             MAYCHANGE [Q8; Q9; Q10; Q11; Q12; Q13; Q14; Q15] ,,
             MAYCHANGE [memory :> bytes(a,512)])`,
+  CONV_TAC LENGTH_SIMPLIFY_CONV THEN
   MAP_EVERY X_GEN_TAC
    [`a:int64`; `z_12345:int64`; `z_67:int64`; `x:num->int16`; `pc:num`] THEN
   REWRITE_TAC[MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI; C_ARGUMENTS;
@@ -662,7 +689,7 @@ let MLKEM_INTT_SUBROUTINE_CORRECT = prove
       aligned 16 stackpointer /\
       ALLPAIRS nonoverlapping
        [(a,512); (word_sub stackpointer (word 64),64)]
-       [(word pc,0x828); (z_12345,160); (z_67,768)] /\
+       [(word pc,LENGTH mlkem_intt_mc); (z_12345,160); (z_67,768)] /\
       nonoverlapping (a,512) (word_sub stackpointer (word 64),64)
       ==> ensures arm
            (\s. aligned_bytes_loaded s (word pc) mlkem_intt_mc /\
@@ -683,6 +710,7 @@ let MLKEM_INTT_SUBROUTINE_CORRECT = prove
            (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
             MAYCHANGE [memory :> bytes(a,512);
                        memory :> bytes(word_sub stackpointer (word 64),64)])`,
+  CONV_TAC LENGTH_SIMPLIFY_CONV THEN
   let TWEAK_CONV =
     REWRITE_CONV[intt_constants] THENC
     ONCE_DEPTH_CONV let_CONV THENC
@@ -692,5 +720,5 @@ let MLKEM_INTT_SUBROUTINE_CORRECT = prove
   REWRITE_TAC[fst MLKEM_INTT_EXEC] THEN
   CONV_TAC TWEAK_CONV THEN
   ARM_ADD_RETURN_STACK_TAC ~pre_post_nsteps:(5,5) MLKEM_INTT_EXEC
-   (REWRITE_RULE[fst MLKEM_INTT_EXEC] (CONV_RULE TWEAK_CONV MLKEM_INTT_CORRECT))
+   (REWRITE_RULE[fst MLKEM_INTT_EXEC] (CONV_RULE TWEAK_CONV (CONV_RULE LENGTH_SIMPLIFY_CONV MLKEM_INTT_CORRECT)))
     `[D8; D9; D10; D11; D12; D13; D14; D15]` 64);;

proofs/hol_light/arm/proofs/mlkem_ntt.ml

@@ -346,6 +346,33 @@ let mlkem_ntt_mc = define_assert_from_elf
 
 let MLKEM_NTT_EXEC = ARM_MK_EXEC_RULE mlkem_ntt_mc;;
 
+(* ------------------------------------------------------------------------- *)
+(* Code length constants                                                     *)
+(* ------------------------------------------------------------------------- *)
+
+
+let LENGTH_MLKEM_NTT_MC =
+  REWRITE_CONV[mlkem_ntt_mc] `LENGTH mlkem_ntt_mc`
+  |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+let MLKEM_NTT_PREAMBLE_LENGTH = new_definition
+  `MLKEM_NTT_PREAMBLE_LENGTH = 20`;;
+
+let MLKEM_NTT_POSTAMBLE_LENGTH = new_definition
+  `MLKEM_NTT_POSTAMBLE_LENGTH = 24`;;
+
+let MLKEM_NTT_CORE_START = new_definition
+  `MLKEM_NTT_CORE_START = MLKEM_NTT_PREAMBLE_LENGTH`;;
+
+let MLKEM_NTT_CORE_END = new_definition
+  `MLKEM_NTT_CORE_END = LENGTH mlkem_ntt_mc - MLKEM_NTT_POSTAMBLE_LENGTH`;;
+
+let LENGTH_SIMPLIFY_CONV =
+  REWRITE_CONV[LENGTH_MLKEM_NTT_MC;
+              MLKEM_NTT_CORE_START; MLKEM_NTT_CORE_END;
+              MLKEM_NTT_PREAMBLE_LENGTH; MLKEM_NTT_POSTAMBLE_LENGTH] THENC
+  NUM_REDUCE_CONV THENC REWRITE_CONV [ADD_0];;
+
 let ntt_constants = define
  `ntt_constants z_12345 z_67 s <=>
         (!i. i < 80
@@ -362,16 +389,16 @@ let ntt_constants = define
 let MLKEM_NTT_CORRECT = prove
  (`!a z_12345 z_67 x pc.
       ALL (nonoverlapping (a,512))
-          [(word pc,0x504); (z_12345,160); (z_67,768)]
+          [(word pc,LENGTH mlkem_ntt_mc); (z_12345,160); (z_67,768)]
       ==> ensures arm
            (\s. aligned_bytes_loaded s (word pc) mlkem_ntt_mc /\
-                read PC s = word (pc + 0x14) /\
+                read PC s = word (pc + MLKEM_NTT_CORE_START) /\
                 C_ARGUMENTS [a; z_12345; z_67] s /\
                 ntt_constants z_12345 z_67 s /\
                 !i. i < 256
                     ==> read(memory :> bytes16(word_add a (word(2 * i)))) s =
                         x i)
-           (\s. read PC s = word(pc + 0x4ec) /\
+           (\s. read PC s = word(pc + MLKEM_NTT_CORE_END) /\
                 ((!i. i < 256 ==> abs(ival(x i)) <= &8191)
                  ==> !i. i < 256
                          ==> let zi =
@@ -381,6 +408,7 @@ let MLKEM_NTT_CORRECT = prove
            (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
             MAYCHANGE [Q8; Q9; Q10; Q11; Q12; Q13; Q14; Q15] ,,
             MAYCHANGE [memory :> bytes(a,512)])`,
+  CONV_TAC LENGTH_SIMPLIFY_CONV THEN
   MAP_EVERY X_GEN_TAC
    [`a:int64`; `z_12345:int64`; `z_67:int64`; `x:num->int16`; `pc:num`] THEN
   REWRITE_TAC[MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI; C_ARGUMENTS;
@@ -466,7 +494,7 @@ let MLKEM_NTT_SUBROUTINE_CORRECT = prove
       aligned 16 stackpointer /\
       ALLPAIRS nonoverlapping
        [(a,512); (word_sub stackpointer (word 64),64)]
-       [(word pc,0x504); (z_12345,160); (z_67,768)] /\
+       [(word pc,LENGTH mlkem_ntt_mc); (z_12345,160); (z_67,768)] /\
       nonoverlapping (a,512) (word_sub stackpointer (word 64),64)
       ==> ensures arm
            (\s. aligned_bytes_loaded s (word pc) mlkem_ntt_mc /\
@@ -488,6 +516,7 @@ let MLKEM_NTT_SUBROUTINE_CORRECT = prove
            (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
             MAYCHANGE [memory :> bytes(a,512);
                        memory :> bytes(word_sub stackpointer (word 64),64)])`,
+  CONV_TAC LENGTH_SIMPLIFY_CONV THEN
   let TWEAK_CONV =
     REWRITE_CONV[ntt_constants] THENC
     ONCE_DEPTH_CONV let_CONV THENC
@@ -497,5 +526,5 @@ let MLKEM_NTT_SUBROUTINE_CORRECT = prove
   REWRITE_TAC[fst MLKEM_NTT_EXEC] THEN
   CONV_TAC TWEAK_CONV THEN
   ARM_ADD_RETURN_STACK_TAC ~pre_post_nsteps:(5,5) MLKEM_NTT_EXEC
-   (REWRITE_RULE[fst MLKEM_NTT_EXEC] (CONV_RULE TWEAK_CONV MLKEM_NTT_CORRECT))
+   (REWRITE_RULE[fst MLKEM_NTT_EXEC] (CONV_RULE TWEAK_CONV (CONV_RULE LENGTH_SIMPLIFY_CONV MLKEM_NTT_CORRECT)))
     `[D8; D9; D10; D11; D12; D13; D14; D15]` 64);;

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml

@@ -217,6 +217,17 @@ let basemul2_odd = define
 
 let poly_basemul_acc_montgomery_cached_k2_EXEC = ARM_MK_EXEC_RULE poly_basemul_acc_montgomery_cached_k2_mc;;
 
+(* ------------------------------------------------------------------------- *)
+(* Code length constants                                                     *)
+(* ------------------------------------------------------------------------- *)
+
+let LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K2_MC =
+  REWRITE_CONV[poly_basemul_acc_montgomery_cached_k2_mc] `LENGTH poly_basemul_acc_montgomery_cached_k2_mc`
+  |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+let LENGTH_SIMPLIFY_CONV =
+  REWRITE_CONV[LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K2_MC];;
+
 (* ------------------------------------------------------------------------- *)
 (* Hacky tweaking conversion to write away non-free state component reads.   *)
 (* ------------------------------------------------------------------------- *)
@@ -314,6 +325,7 @@ let poly_basemul_acc_montgomery_cached_k2_GOAL = `forall srcA srcB srcBt dst x0
  (* ------------------------------------------------------------------------- *)
 
 let poly_basemul_acc_montgomery_cached_k2_SPEC = prove(poly_basemul_acc_montgomery_cached_k2_GOAL,
+     CONV_TAC LENGTH_SIMPLIFY_CONV THEN
      REWRITE_TAC [MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI;
        MODIFIABLE_SIMD_REGS;
        NONOVERLAPPING_CLAUSES; ALL; C_ARGUMENTS; fst poly_basemul_acc_montgomery_cached_k2_EXEC] THEN

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml

@@ -277,6 +277,17 @@ let basemul3_odd = define
 
  let poly_basemul_acc_montgomery_cached_k3_EXEC = ARM_MK_EXEC_RULE poly_basemul_acc_montgomery_cached_k3_mc;;
 
+ (* ------------------------------------------------------------------------- *)
+ (* Code length constants                                                     *)
+ (* ------------------------------------------------------------------------- *)
+
+ let LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K3_MC =
+   REWRITE_CONV[poly_basemul_acc_montgomery_cached_k3_mc] `LENGTH poly_basemul_acc_montgomery_cached_k3_mc`
+   |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+ let LENGTH_SIMPLIFY_CONV =
+   REWRITE_CONV[LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K3_MC];;
+
  (* ------------------------------------------------------------------------- *)
  (* Hacky tweaking conversion to write away non-free state component reads.   *)
  (* ------------------------------------------------------------------------- *)
@@ -378,6 +389,7 @@ let basemul3_odd = define
   (* ------------------------------------------------------------------------- *)
 
  let poly_basemul_acc_montgomery_cached_k3_SPEC = prove (poly_basemul_acc_montgomery_cached_k3_GOAL,
+       CONV_TAC LENGTH_SIMPLIFY_CONV THEN
        REWRITE_TAC [MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI;
         MODIFIABLE_SIMD_REGS;
         NONOVERLAPPING_CLAUSES; ALL; C_ARGUMENTS; fst poly_basemul_acc_montgomery_cached_k3_EXEC] THEN

proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml

@@ -336,6 +336,16 @@ let basemul4_odd = define
 
   let poly_basemul_acc_montgomery_cached_k4_EXEC = ARM_MK_EXEC_RULE poly_basemul_acc_montgomery_cached_k4_mc;;
 
+ (* ------------------------------------------------------------------------- *)
+ (* Code length constants                                                     *)
+ (* ------------------------------------------------------------------------- *)
+
+ let LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K4_MC =
+   REWRITE_CONV[poly_basemul_acc_montgomery_cached_k4_mc] `LENGTH poly_basemul_acc_montgomery_cached_k4_mc`
+   |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+ let LENGTH_SIMPLIFY_CONV =
+   REWRITE_CONV[LENGTH_POLY_BASEMUL_ACC_MONTGOMERY_CACHED_K4_MC];;
 
  (* ------------------------------------------------------------------------- *)
  (* Hacky tweaking conversion to write away non-free state component reads.   *)
@@ -444,6 +454,7 @@ let basemul4_odd = define
    (* ------------------------------------------------------------------------- *)
 
   let poly_basemul_acc_montgomery_cached_k4_SPEC = prove(poly_basemul_acc_montgomery_cached_k4_GOAL,
+        CONV_TAC LENGTH_SIMPLIFY_CONV THEN
         REWRITE_TAC [MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI;
          MODIFIABLE_SIMD_REGS;
          NONOVERLAPPING_CLAUSES; ALL; C_ARGUMENTS; fst poly_basemul_acc_montgomery_cached_k4_EXEC] THEN

proofs/hol_light/arm/proofs/mlkem_poly_mulcache_compute.ml

@@ -49,6 +49,17 @@ let poly_mulcache_compute_mc = define_assert_from_elf
 
 let poly_mulcache_compute_EXEC = ARM_MK_EXEC_RULE poly_mulcache_compute_mc;;
 
+(* ------------------------------------------------------------------------- *)
+(* Code length constants                                                     *)
+(* ------------------------------------------------------------------------- *)
+
+let LENGTH_POLY_MULCACHE_COMPUTE_MC =
+  REWRITE_CONV[poly_mulcache_compute_mc] `LENGTH poly_mulcache_compute_mc`
+  |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+let LENGTH_SIMPLIFY_CONV =
+  REWRITE_CONV[LENGTH_POLY_MULCACHE_COMPUTE_MC];;
+
 (* ------------------------------------------------------------------------- *)
 (* Specification                                                             *)
 (* ------------------------------------------------------------------------- *)
@@ -97,6 +108,7 @@ let poly_mulcache_compute_GOAL = `forall pc src dst zetas zetas_twisted x y retu
 (* ------------------------------------------------------------------------- *)
 
 let poly_mulcache_compute_SPEC = prove(poly_mulcache_compute_GOAL,
+    CONV_TAC LENGTH_SIMPLIFY_CONV THEN
     REWRITE_TAC [MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI;
       NONOVERLAPPING_CLAUSES; ALL; C_ARGUMENTS; fst poly_mulcache_compute_EXEC;
       have_mulcache_zetas] THEN

proofs/hol_light/arm/proofs/mlkem_poly_reduce.ml

@@ -97,6 +97,32 @@ let mlkem_poly_reduce_mc = define_assert_from_elf
 
 let MLKEM_POLY_REDUCE_EXEC = ARM_MK_EXEC_RULE mlkem_poly_reduce_mc;;
 
+(* ------------------------------------------------------------------------- *)
+(* Code length constants                                                     *)
+(* ------------------------------------------------------------------------- *)
+
+let LENGTH_MLKEM_POLY_REDUCE_MC =
+  REWRITE_CONV[mlkem_poly_reduce_mc] `LENGTH mlkem_poly_reduce_mc`
+  |> CONV_RULE (RAND_CONV LENGTH_CONV);;
+
+let MLKEM_POLY_REDUCE_PREAMBLE_LENGTH = new_definition
+  `MLKEM_POLY_REDUCE_PREAMBLE_LENGTH = 0`;;
+
+let MLKEM_POLY_REDUCE_POSTAMBLE_LENGTH = new_definition
+  `MLKEM_POLY_REDUCE_POSTAMBLE_LENGTH = 4`;;
+
+let MLKEM_POLY_REDUCE_CORE_START = new_definition
+  `MLKEM_POLY_REDUCE_CORE_START = MLKEM_POLY_REDUCE_PREAMBLE_LENGTH`;;
+
+let MLKEM_POLY_REDUCE_CORE_END = new_definition
+  `MLKEM_POLY_REDUCE_CORE_END = LENGTH mlkem_poly_reduce_mc - MLKEM_POLY_REDUCE_POSTAMBLE_LENGTH`;;
+
+let LENGTH_SIMPLIFY_CONV =
+  REWRITE_CONV[LENGTH_MLKEM_POLY_REDUCE_MC;
+              MLKEM_POLY_REDUCE_CORE_START; MLKEM_POLY_REDUCE_CORE_END;
+              MLKEM_POLY_REDUCE_PREAMBLE_LENGTH; MLKEM_POLY_REDUCE_POSTAMBLE_LENGTH] THENC
+  NUM_REDUCE_CONV THENC REWRITE_CONV [ADD_0] ;;
+
 (* ------------------------------------------------------------------------- *)
 (* Some lemmas, tactics etc.                                                 *)
 (* ------------------------------------------------------------------------- *)
@@ -122,21 +148,22 @@ let overall_lemma = prove
 
 let MLKEM_POLY_REDUCE_CORRECT = prove
  (`!a x pc.
-        nonoverlapping (word pc,0x124) (a,512)
+        nonoverlapping (word pc,LENGTH mlkem_poly_reduce_mc) (a,512)
         ==> ensures arm
              (\s. aligned_bytes_loaded s (word pc) mlkem_poly_reduce_mc /\
-                  read PC s = word pc /\
+                  read PC s = word (pc + MLKEM_POLY_REDUCE_CORE_START) /\
                   C_ARGUMENTS [a] s /\
                   !i. i < 256
                       ==> read(memory :> bytes16(word_add a (word(2 * i)))) s =
                           x i)
-             (\s. read PC s = word(pc + 0x120) /\
+             (\s. read PC s = word(pc + MLKEM_POLY_REDUCE_CORE_END) /\
                   !i. i < 256
                       ==> ival(read(memory :> bytes16
                                  (word_add a (word(2 * i)))) s) =
                           ival(x i) rem &3329)
              (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
               MAYCHANGE [memory :> bytes(a,512)])`,
+  CONV_TAC LENGTH_SIMPLIFY_CONV THEN
   MAP_EVERY X_GEN_TAC [`a:int64`; `x:num->int16`; `pc:num`] THEN
   REWRITE_TAC[MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI; C_ARGUMENTS;
               NONOVERLAPPING_CLAUSES] THEN
@@ -187,7 +214,7 @@ let MLKEM_POLY_REDUCE_CORRECT = prove
 
 let MLKEM_POLY_REDUCE_SUBROUTINE_CORRECT = prove
  (`!a x pc returnaddress.
-        nonoverlapping (word pc,0x124) (a,512)
+        nonoverlapping (word pc,LENGTH mlkem_poly_reduce_mc) (a,512)
         ==> ensures arm
              (\s. aligned_bytes_loaded s (word pc) mlkem_poly_reduce_mc /\
                   read PC s = word pc /\
@@ -203,10 +230,12 @@ let MLKEM_POLY_REDUCE_SUBROUTINE_CORRECT = prove
                           ival(x i) rem &3329)
              (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,,
               MAYCHANGE [memory :> bytes(a,512)])`,
+ CONV_TAC LENGTH_SIMPLIFY_CONV THEN
  let TWEAK_CONV =
     ONCE_DEPTH_CONV EXPAND_CASES_CONV THENC
     ONCE_DEPTH_CONV NUM_MULT_CONV THENC
-    PURE_REWRITE_CONV [WORD_ADD_0] in
+    PURE_REWRITE_CONV [WORD_ADD_0]
+     in
   CONV_TAC TWEAK_CONV THEN
   ARM_ADD_RETURN_NOSTACK_TAC MLKEM_POLY_REDUCE_EXEC
-   (CONV_RULE TWEAK_CONV MLKEM_POLY_REDUCE_CORRECT));;
+   (CONV_RULE TWEAK_CONV (CONV_RULE LENGTH_SIMPLIFY_CONV MLKEM_POLY_REDUCE_CORRECT)));;