Skip to content

Add CBMC scaffolding + CI and initial (trivial) sha2_256_init proof#16

Merged
mkannwischer merged 3 commits into
mainfrom
cbmc
Jul 11, 2025
Merged

Add CBMC scaffolding + CI and initial (trivial) sha2_256_init proof#16
mkannwischer merged 3 commits into
mainfrom
cbmc

Conversation

@mkannwischer
Copy link
Copy Markdown
Contributor

@mkannwischer mkannwischer commented Jul 10, 2025
edited
Loading

This PR adds everything that is needed to get started with CBMC proofs:

  • A nix setup allowing local development of CBMC proofs (type nix develop)
  • The CBMC starter kit that takes care of all the boilerplate for the build
  • An initial proof for sha2_256_init - which is trivial
  • A CI setup that build the nix environment (and stores it to cache) and then runs the CBMC proofs in CI

For getting started with CBMC take a look at the mlkem-native Proof Guide.

For inspiration about how to prove code, both the proofs in mlkem-native and mldsa-native are great resources.

@mkannwischer mkannwischer force-pushed the cbmc branch 2 times, most recently from ceffc0f to 02567d4 Compare July 10, 2025 15:04
@mkannwischer
nix: Add initial setup borrowed from mlkem-native (trimmed down)
7afba09 
This add a nix development setup that includes dependencies required for
developing CBMC proofs.
I have excluded various things from the mlkem-native setup that we can
consider adding later
 - HOL-Light (including s2n-bignum proof infrastructure)
 - SLOTHY
 - Valgrind (including the KyberSlash paches)
 - Big-endian cross compilers

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
@mkannwischer
Add CBMC starter kit and initial (trivial) sha2_256_init proof
f9f6373 
Setup heavily based on mlkem-native.
Also see https://github.com/model-checking/cbmc-starter-kit

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
@mkannwischer
Add CBMC proofs to CI
c2da259 
The setup is closely following mlkem-native (which makes it slightly more
elaborate than we need right now, but it will make it easier in the future
to align the functonality).

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
@mkannwischer mkannwischer marked this pull request as ready for review July 10, 2025 15:31
@mkannwischer mkannwischer requested a review from mjosaarinen July 10, 2025 15:32
@mkannwischer mkannwischer merged commit 6079933 into main Jul 11, 2025
13 checks passed
@mkannwischer mkannwischer deleted the cbmc branch July 11, 2025 03:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjosaarinen mjosaarinen Awaiting requested review from mjosaarinen

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mkannwischer