Rewrite some of the x86 backend implementations to broadcast

16-bit constants instead of loading them from memory.

This significantly simplifies the formal verification effort.

Signed-off-by: Dusan Kostic <dkostic@protonmail.com>

Author: dkostic

dev/x86_64/meta.h

@@ -84,7 +84,7 @@ static MLK_INLINE int mlk_poly_reduce_native(int16_t data[MLKEM_N])
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_reduce_avx2(data, mlk_qdata);
+  mlk_reduce_avx2(data);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 
@@ -121,7 +121,7 @@ static MLK_INLINE int mlk_polyvec_basemul_acc_montgomery_cached_k2_native(
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_polyvec_basemul_acc_montgomery_cached_asm_k2(r, a, b, b_cache, mlk_qdata);
+  mlk_polyvec_basemul_acc_montgomery_cached_asm_k2(r, a, b, b_cache);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 2 */
@@ -136,7 +136,7 @@ static MLK_INLINE int mlk_polyvec_basemul_acc_montgomery_cached_k3_native(
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_polyvec_basemul_acc_montgomery_cached_asm_k3(r, a, b, b_cache, mlk_qdata);
+  mlk_polyvec_basemul_acc_montgomery_cached_asm_k3(r, a, b, b_cache);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 3 */
@@ -151,7 +151,7 @@ static MLK_INLINE int mlk_polyvec_basemul_acc_montgomery_cached_k4_native(
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_polyvec_basemul_acc_montgomery_cached_asm_k4(r, a, b, b_cache, mlk_qdata);
+  mlk_polyvec_basemul_acc_montgomery_cached_asm_k4(r, a, b, b_cache);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 #endif /* MLK_CONFIG_MULTILEVEL_WITH_SHARED || MLKEM_K == 4 */
@@ -164,7 +164,7 @@ static MLK_INLINE int mlk_poly_tobytes_native(uint8_t r[MLKEM_POLYBYTES],
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_ntttobytes_avx2(r, a, mlk_qdata);
+  mlk_ntttobytes_avx2(r, a);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 
@@ -176,7 +176,7 @@ static MLK_INLINE int mlk_poly_frombytes_native(
     return MLK_NATIVE_FUNC_FALLBACK;
   }
 
-  mlk_nttfrombytes_avx2(r, a, mlk_qdata);
+  mlk_nttfrombytes_avx2(r, a);
   return MLK_NATIVE_FUNC_SUCCESS;
 }
 

dev/x86_64/src/arith_native_x86_64.h

@@ -31,7 +31,7 @@ void mlk_invntt_avx2(int16_t *r, const int16_t *mlk_qdata);
 void mlk_nttunpack_avx2(int16_t *r);
 
 #define mlk_reduce_avx2 MLK_NAMESPACE(reduce_avx2)
-void mlk_reduce_avx2(int16_t *r, const int16_t *mlk_qdata);
+void mlk_reduce_avx2(int16_t *r);
 
 #define mlk_poly_mulcache_compute_avx2 MLK_NAMESPACE(poly_mulcache_compute_avx2)
 void mlk_poly_mulcache_compute_avx2(int16_t *out, const int16_t *in,
@@ -42,32 +42,27 @@ void mlk_poly_mulcache_compute_avx2(int16_t *out, const int16_t *in,
 void mlk_polyvec_basemul_acc_montgomery_cached_asm_k2(int16_t *r,
                                                       const int16_t *a,
                                                       const int16_t *b,
-                                                      const int16_t *b_cache,
-                                                      const int16_t *qdata);
+                                                      const int16_t *b_cache);
 
 #define mlk_polyvec_basemul_acc_montgomery_cached_asm_k3 \
   MLK_NAMESPACE(polyvec_basemul_acc_montgomery_cached_asm_k3)
 void mlk_polyvec_basemul_acc_montgomery_cached_asm_k3(int16_t *r,
                                                       const int16_t *a,
                                                       const int16_t *b,
-                                                      const int16_t *b_cache,
-                                                      const int16_t *qdata);
+                                                      const int16_t *b_cache);
 
 #define mlk_polyvec_basemul_acc_montgomery_cached_asm_k4 \
   MLK_NAMESPACE(polyvec_basemul_acc_montgomery_cached_asm_k4)
 void mlk_polyvec_basemul_acc_montgomery_cached_asm_k4(int16_t *r,
                                                       const int16_t *a,
                                                       const int16_t *b,
-                                                      const int16_t *b_cache,
-                                                      const int16_t *qdata);
+                                                      const int16_t *b_cache);
 
 #define mlk_ntttobytes_avx2 MLK_NAMESPACE(ntttobytes_avx2)
-void mlk_ntttobytes_avx2(uint8_t *r, const int16_t *a,
-                         const int16_t *mlk_qdata);
+void mlk_ntttobytes_avx2(uint8_t *r, const int16_t *a);
 
 #define mlk_nttfrombytes_avx2 MLK_NAMESPACE(nttfrombytes_avx2)
-void mlk_nttfrombytes_avx2(int16_t *r, const uint8_t *a,
-                           const int16_t *mlk_qdata);
+void mlk_nttfrombytes_avx2(int16_t *r, const uint8_t *a);
 
 #define mlk_tomont_avx2 MLK_NAMESPACE(tomont_avx2)
 void mlk_tomont_avx2(int16_t *r, const int16_t *mlk_qdata);

dev/x86_64/src/compress_avx2.c

@@ -28,14 +28,16 @@
 #include "arith_native_x86_64.h"
 #include "consts.h"
 
+/* check-magic: 20159 == round(2^26/MLKEM_Q) */
+#define MLK_AVX2_V 20159
+
 #if defined(MLK_CONFIG_MULTILEVEL_WITH_SHARED) || (MLKEM_K == 2 || MLKEM_K == 3)
 void mlk_poly_compress_d4_avx2(uint8_t r[MLKEM_POLYCOMPRESSEDBYTES_D4],
                                const int16_t *MLK_RESTRICT a)
 {
   unsigned int i;
   __m256i f0, f1, f2, f3;
-  const __m256i v = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XV]);
+  const __m256i v = _mm256_set1_epi16(MLK_AVX2_V);
   const __m256i shift1 = _mm256_set1_epi16(1 << 9);
   const __m256i mask = _mm256_set1_epi16(15);
   const __m256i shift2 = _mm256_set1_epi16((16 << 8) + 1);
@@ -75,8 +77,8 @@ void mlk_poly_decompress_d4_avx2(int16_t *MLK_RESTRICT r,
   unsigned int i;
   __m128i t;
   __m256i f;
-  const __m256i q = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XQ]);
+  const __m256i q = _mm256_set1_epi16(MLKEM_Q);
+
   const __m256i shufbidx =
       _mm256_set_epi8(7, 7, 7, 7, 6, 6, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 3, 3, 3,
                       3, 2, 2, 2, 2, 1, 1, 1, 1, 0, 0, 0, 0);
@@ -101,8 +103,7 @@ void mlk_poly_compress_d10_avx2(uint8_t r[MLKEM_POLYCOMPRESSEDBYTES_D10],
   unsigned int i;
   __m256i f0, f1, f2;
   __m128i t0, t1;
-  const __m256i v = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XV]);
+  const __m256i v = _mm256_set1_epi16(MLK_AVX2_V);
   const __m256i v8 = _mm256_slli_epi16(v, 3);
   const __m256i off = _mm256_set1_epi16(15);
   const __m256i shift1 = _mm256_set1_epi16(1 << 12);
@@ -187,8 +188,7 @@ void mlk_poly_compress_d5_avx2(uint8_t r[MLKEM_POLYCOMPRESSEDBYTES_D5],
   unsigned int i;
   __m256i f0, f1;
   __m128i t0, t1;
-  const __m256i v = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XV]);
+  const __m256i v = _mm256_set1_epi16(MLK_AVX2_V);
   const __m256i shift1 = _mm256_set1_epi16(1 << 10);
   const __m256i mask = _mm256_set1_epi16(31);
   const __m256i shift2 = _mm256_set1_epi16((32 << 8) + 1);
@@ -230,8 +230,7 @@ void mlk_poly_decompress_d5_avx2(int16_t *MLK_RESTRICT r,
   __m128i t;
   __m256i f;
   int16_t ti;
-  const __m256i q = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XQ]);
+  const __m256i q = _mm256_set1_epi16(MLKEM_Q);
   const __m256i shufbidx =
       _mm256_set_epi8(9, 9, 9, 8, 8, 8, 8, 7, 7, 6, 6, 6, 6, 5, 5, 5, 4, 4, 4,
                       3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 0, 0, 0);
@@ -262,8 +261,7 @@ void mlk_poly_compress_d11_avx2(uint8_t r[MLKEM_POLYCOMPRESSEDBYTES_D11],
   unsigned int i;
   __m256i f0, f1, f2;
   __m128i t0, t1;
-  const __m256i v = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XV]);
+  const __m256i v = _mm256_set1_epi16(MLK_AVX2_V);
   const __m256i v8 = _mm256_slli_epi16(v, 3);
   const __m256i off = _mm256_set1_epi16(36);
   const __m256i shift1 = _mm256_set1_epi16(1 << 13);
@@ -334,8 +332,7 @@ void mlk_poly_decompress_d11_avx2(
 {
   unsigned int i;
   __m256i f;
-  const __m256i q = _mm256_load_si256(
-      (__m256i *)&mlk_qdata[MLK_AVX2_BACKEND_DATA_OFFSET_16XQ]);
+  const __m256i q = _mm256_set1_epi16(MLKEM_Q);
   const __m256i shufbidx =
       _mm256_set_epi8(13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 6, 5, 5, 4, 4, 3, 10,
                       9, 9, 8, 7, 6, 6, 5, 5, 4, 3, 2, 2, 1, 1, 0);
@@ -385,3 +382,7 @@ MLK_EMPTY_CU(avx2_poly_compress)
 
 #endif /* !(MLK_ARITH_BACKEND_X86_64_DEFAULT && \
           !MLK_CONFIG_MULTILEVEL_NO_SHARED) */
+
+/* To facilitate single-compilation-unit (SCU) builds, undefine all macros.
+ * Don't modify by hand -- this is auto-generated by scripts/autogen. */
+#undef MLK_AVX2_V