Use consistent architecture identifier

Use `aarch64` and `x86_64` consistently, removing uses of `arm` and `x86`,
most notably the HOL-Light proof directories.

While testing, noticed a missing bytecode dump for the native `tomont`
implementation on x86_64 and added it to x86_64/proofs/dump_bytecode.ml.

Also, noticed that ASM simplification from mlkem -> proofs/hol_light
was so far only done for the native architecture in scripts/autogen.
This is adjusted to run whenever a cross-compiler is available, matching
the behavior of autogen for the simplification from dev -> mlkem.

Signed-off-by: Hanno Becker <[email protected]>

Author: hanno-becker

.github/workflows/hol_light.yml

@@ -9,12 +9,12 @@ on:
     branches: ["main"]
     paths:
      - '.github/workflows/hol_light.yml'
-     - 'proofs/hol_light/arm/Makefile'
-     - 'proofs/hol_light/arm/**/*.S'
-     - 'proofs/hol_light/arm/**/*.ml'
-     - 'proofs/hol_light/x86/Makefile'
-     - 'proofs/hol_light/x86/**/*.S'
-     - 'proofs/hol_light/x86/**/*.ml'
+     - 'proofs/hol_light/aarch64/Makefile'
+     - 'proofs/hol_light/aarch64/**/*.S'
+     - 'proofs/hol_light/aarch64/**/*.ml'
+     - 'proofs/hol_light/x86_64/Makefile'
+     - 'proofs/hol_light/x86_64/**/*.S'
+     - 'proofs/hol_light/x86_64/**/*.ml'
      - 'flake.nix'
      - 'flake.lock'
      - 'nix/hol_light/*'
@@ -23,12 +23,12 @@ on:
     branches: ["main"]
     paths:
       - '.github/workflows/hol_light.yml'
-      - 'proofs/hol_light/arm/Makefile'
-      - 'proofs/hol_light/arm/**/*.S'
-      - 'proofs/hol_light/arm/**/*.ml'
-      - 'proofs/hol_light/x86/Makefile'
-      - 'proofs/hol_light/x86/**/*.S'
-      - 'proofs/hol_light/x86/**/*.ml'
+      - 'proofs/hol_light/aarch64/Makefile'
+      - 'proofs/hol_light/aarch64/**/*.S'
+      - 'proofs/hol_light/aarch64/**/*.ml'
+      - 'proofs/hol_light/x86_64/Makefile'
+      - 'proofs/hol_light/x86_64/**/*.S'
+      - 'proofs/hol_light/x86_64/**/*.ml'
       - 'flake.nix'
       - 'flake.lock'
       - 'nix/hol_light/*'
@@ -70,8 +70,8 @@ jobs:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           nix-shell: 'hol_light'
           script: |
-            make -C proofs/hol_light/arm mlkem/mlkem_poly_tobytes.o
-            echo 'needs "arm/proofs/mlkem_poly_tobytes.ml";;' | hol.sh
+            make -C proofs/hol_light/aarch64 mlkem/mlkem_poly_tobytes.o
+            echo 'needs "aarch64/proofs/mlkem_poly_tobytes.ml";;' | hol.sh
   hol_light_proofs:
     needs: [ hol_light_bytecode ]
     strategy:
@@ -135,7 +135,7 @@ jobs:
           done
 
           # Always re-run upon change to nix files for HOL-Light
-          if [[ "$changed_files" == *"nix/"* ]] || [[ "$changed_files" == *"hol_light.yml"* ]] || [[ "$changed_files" == *"flake"* ]] || [[ "$changed_files" == *"proofs/hol_light/arm/Makefile"* ]]; then
+          if [[ "$changed_files" == *"nix/"* ]] || [[ "$changed_files" == *"hol_light.yml"* ]] || [[ "$changed_files" == *"flake"* ]] || [[ "$changed_files" == *"proofs/hol_light/aarch64/Makefile"* ]]; then
             run_needed=1
           fi
 
@@ -178,8 +178,8 @@ jobs:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           nix-shell: 'hol_light'
           script: |
-            make -C proofs/hol_light/x86 mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.o
-            echo 'needs "x86/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml";;' | hol.sh
+            make -C proofs/hol_light/x86_64 mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.o
+            echo 'needs "x86_64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml";;' | hol.sh
   hol_light_proofs_x86_64:
     needs: [ hol_light_bytecode_x86_64 ]
     strategy:
@@ -237,7 +237,7 @@ jobs:
           done
 
           # Always re-run upon change to nix files for HOL-Light
-          if [[ "$changed_files" == *"nix/"* ]] || [[ "$changed_files" == *"hol_light.yml"* ]] || [[ "$changed_files" == *"flake"* ]] || [[ "$changed_files" == *"proofs/hol_light/x86/Makefile"* ]]; then
+          if [[ "$changed_files" == *"nix/"* ]] || [[ "$changed_files" == *"hol_light.yml"* ]] || [[ "$changed_files" == *"flake"* ]] || [[ "$changed_files" == *"proofs/hol_light/x86_64/Makefile"* ]]; then
             run_needed=1
           fi
 

BIBLIOGRAPHY.md

@@ -27,8 +27,8 @@ source code and documentation.
   - [dev/x86_64/src/ntt.S](dev/x86_64/src/ntt.S)
   - [mlkem/src/native/x86_64/src/intt.S](mlkem/src/native/x86_64/src/intt.S)
   - [mlkem/src/native/x86_64/src/ntt.S](mlkem/src/native/x86_64/src/ntt.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_intt.S](proofs/hol_light/x86/mlkem/mlkem_intt.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_ntt.S](proofs/hol_light/x86/mlkem/mlkem_ntt.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_intt.S](proofs/hol_light/x86_64/mlkem/mlkem_intt.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_ntt.S](proofs/hol_light/x86_64/mlkem/mlkem_ntt.S)
 
 ### `FIPS140_3_IG`
 
@@ -145,8 +145,8 @@ source code and documentation.
   - [mlkem/src/fips202/native/aarch64/src/keccak_f1600_x1_v84a_asm.S](mlkem/src/fips202/native/aarch64/src/keccak_f1600_x1_v84a_asm.S)
   - [mlkem/src/fips202/native/aarch64/src/keccak_f1600_x2_v84a_asm.S](mlkem/src/fips202/native/aarch64/src/keccak_f1600_x2_v84a_asm.S)
   - [proofs/hol_light/README.md](proofs/hol_light/README.md)
-  - [proofs/hol_light/arm/mlkem/keccak_f1600_x1_v84a.S](proofs/hol_light/arm/mlkem/keccak_f1600_x1_v84a.S)
-  - [proofs/hol_light/arm/mlkem/keccak_f1600_x2_v84a.S](proofs/hol_light/arm/mlkem/keccak_f1600_x2_v84a.S)
+  - [proofs/hol_light/aarch64/mlkem/keccak_f1600_x1_v84a.S](proofs/hol_light/aarch64/mlkem/keccak_f1600_x1_v84a.S)
+  - [proofs/hol_light/aarch64/mlkem/keccak_f1600_x2_v84a.S](proofs/hol_light/aarch64/mlkem/keccak_f1600_x2_v84a.S)
 
 ### `KyberSlash`
 
@@ -198,11 +198,11 @@ source code and documentation.
   - [mlkem/src/native/aarch64/src/polyvec_basemul_acc_montgomery_cached_asm_k4.S](mlkem/src/native/aarch64/src/polyvec_basemul_acc_montgomery_cached_asm_k4.S)
   - [mlkem/src/poly.c](mlkem/src/poly.c)
   - [mlkem/src/poly_k.c](mlkem/src/poly_k.c)
-  - [proofs/hol_light/arm/mlkem/mlkem_intt.S](proofs/hol_light/arm/mlkem/mlkem_intt.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_ntt.S](proofs/hol_light/arm/mlkem/mlkem_ntt.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.S](proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k3.S](proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k3.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k4.S](proofs/hol_light/arm/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k4.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_intt.S](proofs/hol_light/aarch64/mlkem/mlkem_intt.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_ntt.S](proofs/hol_light/aarch64/mlkem/mlkem_ntt.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.S](proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k2.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k3.S](proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k3.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k4.S](proofs/hol_light/aarch64/mlkem/mlkem_poly_basemul_acc_montgomery_cached_k4.S)
 
 ### `REF`
 
@@ -263,13 +263,13 @@ source code and documentation.
   - [mlkem/src/native/x86_64/src/nttunpack.S](mlkem/src/native/x86_64/src/nttunpack.S)
   - [mlkem/src/native/x86_64/src/reduce.S](mlkem/src/native/x86_64/src/reduce.S)
   - [mlkem/src/native/x86_64/src/tomont.S](mlkem/src/native/x86_64/src/tomont.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_frombytes.S](proofs/hol_light/x86/mlkem/mlkem_frombytes.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_intt.S](proofs/hol_light/x86/mlkem/mlkem_intt.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_ntt.S](proofs/hol_light/x86/mlkem/mlkem_ntt.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_reduce.S](proofs/hol_light/x86/mlkem/mlkem_reduce.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_tobytes.S](proofs/hol_light/x86/mlkem/mlkem_tobytes.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_tomont.S](proofs/hol_light/x86/mlkem/mlkem_tomont.S)
-  - [proofs/hol_light/x86/mlkem/mlkem_unpack.S](proofs/hol_light/x86/mlkem/mlkem_unpack.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_frombytes.S](proofs/hol_light/x86_64/mlkem/mlkem_frombytes.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_intt.S](proofs/hol_light/x86_64/mlkem/mlkem_intt.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_ntt.S](proofs/hol_light/x86_64/mlkem/mlkem_ntt.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_reduce.S](proofs/hol_light/x86_64/mlkem/mlkem_reduce.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_tobytes.S](proofs/hol_light/x86_64/mlkem/mlkem_tobytes.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_tomont.S](proofs/hol_light/x86_64/mlkem/mlkem_tomont.S)
+  - [proofs/hol_light/x86_64/mlkem/mlkem_unpack.S](proofs/hol_light/x86_64/mlkem/mlkem_unpack.S)
 
 ### `SLOTHY`
 
@@ -305,8 +305,8 @@ source code and documentation.
   - [mlkem/src/native/aarch64/README.md](mlkem/src/native/aarch64/README.md)
   - [mlkem/src/native/aarch64/src/intt.S](mlkem/src/native/aarch64/src/intt.S)
   - [mlkem/src/native/aarch64/src/ntt.S](mlkem/src/native/aarch64/src/ntt.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_intt.S](proofs/hol_light/arm/mlkem/mlkem_intt.S)
-  - [proofs/hol_light/arm/mlkem/mlkem_ntt.S](proofs/hol_light/arm/mlkem/mlkem_ntt.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_intt.S](proofs/hol_light/aarch64/mlkem/mlkem_intt.S)
+  - [proofs/hol_light/aarch64/mlkem/mlkem_ntt.S](proofs/hol_light/aarch64/mlkem/mlkem_ntt.S)
 
 ### `clangover`
 

README.md

@@ -63,7 +63,7 @@ in the source code. See [proofs/cbmc](proofs/cbmc) for details.
 
 All AArch64 assembly is proved functionally correct at the object-code level. This uses the [HOL-Light](https://github.com/jrh13/hol-light)
 interactive theorem prover and the [s2n-bignum](https://github.com/awslabs/s2n-bignum/) verification infrastructure (which includes a model of the
-relevant parts of the Arm architecture). See [proofs/hol_light/arm](proofs/hol_light/arm) for details.
+relevant parts of the Arm architecture). See [proofs/hol_light/aarch64](proofs/hol_light/aarch64) for details.
 
 ## Security
 

dev/aarch64_clean/src/arith_native_aarch64.h

@@ -35,7 +35,7 @@ extern const uint8_t mlk_rej_uniform_table[];
 void mlk_ntt_asm(int16_t p[256], const int16_t twiddles12345[80],
                  const int16_t twiddles56[384])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_ntt.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_ntt.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   requires(array_abs_bound(p, 0, MLKEM_N, 8192))
@@ -51,7 +51,7 @@ __contract__(
 void mlk_intt_asm(int16_t p[256], const int16_t twiddles12345[80],
                   const int16_t twiddles56[384])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_intt.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_intt.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   requires(twiddles12345 == mlk_aarch64_invntt_zetas_layer12345)
@@ -65,7 +65,7 @@ __contract__(
 #define mlk_poly_reduce_asm MLK_NAMESPACE(poly_reduce_asm)
 void mlk_poly_reduce_asm(int16_t p[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_reduce.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_reduce.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   assigns(memory_slice(p, sizeof(int16_t) * MLKEM_N))
@@ -75,7 +75,7 @@ __contract__(
 #define mlk_poly_tomont_asm MLK_NAMESPACE(poly_tomont_asm)
 void mlk_poly_tomont_asm(int16_t p[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_tomont.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_tomont.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   assigns(memory_slice(p, sizeof(int16_t) * MLKEM_N))
@@ -88,7 +88,7 @@ void mlk_poly_mulcache_compute_asm(int16_t cache[128],
                                    const int16_t zetas[128],
                                    const int16_t zetas_twisted[128])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_mulcache_compute.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_mulcache_compute.ml */
 __contract__(
   requires(memory_no_alias(cache, sizeof(int16_t) * (MLKEM_N / 2)))
   requires(memory_no_alias(mlk_poly, sizeof(int16_t) * MLKEM_N))
@@ -101,7 +101,7 @@ __contract__(
 #define mlk_poly_tobytes_asm MLK_NAMESPACE(poly_tobytes_asm)
 void mlk_poly_tobytes_asm(uint8_t r[384], const int16_t a[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_tobytes.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_tobytes.ml */
 __contract__(
   requires(memory_no_alias(r, MLKEM_POLYBYTES))
   requires(memory_no_alias(a, sizeof(int16_t) * MLKEM_N))
@@ -115,7 +115,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k2(
     int16_t r[256], const int16_t a[512], const int16_t b[512],
     const int16_t b_cache[256])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -132,7 +132,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k3(
     int16_t r[256], const int16_t a[768], const int16_t b[768],
     const int16_t b_cache[384])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -149,7 +149,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k4(
     int16_t r[256], const int16_t a[1024], const int16_t b[1024],
     const int16_t b_cache[512])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -164,7 +164,7 @@ __contract__(
 uint64_t mlk_rej_uniform_asm(int16_t r[256], const uint8_t *buf,
                              unsigned buflen, const uint8_t table[2048])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_rej_uniform.ml. */
+ * in proofs/hol_light/aarch64/proofs/mlkem_rej_uniform.ml. */
 __contract__(
     requires(buflen % 24 == 0)
     requires(memory_no_alias(buf, buflen))

dev/aarch64_opt/src/arith_native_aarch64.h

@@ -34,7 +34,7 @@ extern const uint8_t mlk_rej_uniform_table[];
 void mlk_ntt_asm(int16_t p[256], const int16_t twiddles12345[80],
                  const int16_t twiddles56[384])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_ntt.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_ntt.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   requires(array_abs_bound(p, 0, MLKEM_N, 8192))
@@ -50,7 +50,7 @@ __contract__(
 void mlk_intt_asm(int16_t p[256], const int16_t twiddles12345[80],
                   const int16_t twiddles56[384])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_intt.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_intt.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   requires(twiddles12345 == mlk_aarch64_invntt_zetas_layer12345)
@@ -64,7 +64,7 @@ __contract__(
 #define mlk_poly_reduce_asm MLK_NAMESPACE(poly_reduce_asm)
 void mlk_poly_reduce_asm(int16_t p[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_reduce.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_reduce.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   assigns(memory_slice(p, sizeof(int16_t) * MLKEM_N))
@@ -74,7 +74,7 @@ __contract__(
 #define mlk_poly_tomont_asm MLK_NAMESPACE(poly_tomont_asm)
 void mlk_poly_tomont_asm(int16_t p[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_tomont.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_tomont.ml */
 __contract__(
   requires(memory_no_alias(p, sizeof(int16_t) * MLKEM_N))
   assigns(memory_slice(p, sizeof(int16_t) * MLKEM_N))
@@ -87,7 +87,7 @@ void mlk_poly_mulcache_compute_asm(int16_t cache[128],
                                    const int16_t zetas[128],
                                    const int16_t zetas_twisted[128])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_mulcache_compute.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_mulcache_compute.ml */
 __contract__(
   requires(memory_no_alias(cache, sizeof(int16_t) * (MLKEM_N / 2)))
   requires(memory_no_alias(mlk_poly, sizeof(int16_t) * MLKEM_N))
@@ -100,7 +100,7 @@ __contract__(
 #define mlk_poly_tobytes_asm MLK_NAMESPACE(poly_tobytes_asm)
 void mlk_poly_tobytes_asm(uint8_t r[384], const int16_t a[256])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_poly_tobytes.ml */
+ * in proofs/hol_light/aarch64/proofs/mlkem_poly_tobytes.ml */
 __contract__(
   requires(memory_no_alias(r, MLKEM_POLYBYTES))
   requires(memory_no_alias(a, sizeof(int16_t) * MLKEM_N))
@@ -114,7 +114,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k2(
     int16_t r[256], const int16_t a[512], const int16_t b[512],
     const int16_t b_cache[256])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k2.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -131,7 +131,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k3(
     int16_t r[256], const int16_t a[768], const int16_t b[768],
     const int16_t b_cache[384])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k3.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -148,7 +148,7 @@ void mlk_polyvec_basemul_acc_montgomery_cached_asm_k4(
     int16_t r[256], const int16_t a[1024], const int16_t b[1024],
     const int16_t b_cache[512])
 /* This must be kept in sync with the HOL-Light specification in
- * proofs/hol_light/arm/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml.
+ * proofs/hol_light/aarch64/proofs/mlkem_poly_basemul_acc_montgomery_cached_k4.ml.
  */
 __contract__(
     requires(memory_no_alias(r, sizeof(int16_t) * MLKEM_N))
@@ -163,7 +163,7 @@ __contract__(
 uint64_t mlk_rej_uniform_asm(int16_t r[256], const uint8_t *buf,
                              unsigned buflen, const uint8_t table[2048])
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/arm/proofs/mlkem_rej_uniform.ml. */
+ * in proofs/hol_light/aarch64/proofs/mlkem_rej_uniform.ml. */
 __contract__(
     requires(buflen % 24 == 0)
     requires(memory_no_alias(buf, buflen))