sys: Prefix capability enum values with architecture

BIBLIOGRAPHY.md

@@ -7,6 +7,26 @@
 This file lists the citations made throughout the mldsa-native 
 source code and documentation.
 
+### `AAPCS32`
+
+* Procedure Call Standard for the Arm Architecture (AAPCS32)
+* Author(s):
+  - Arm Limited
+* URL: https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst
+* Referenced from:
+  - [test/abicheck/README.md](test/abicheck/README.md)
+  - [test/abicheck/armv81m/abicheck_armv81m.c](test/abicheck/armv81m/abicheck_armv81m.c)
+
+### `AAPCS64`
+
+* Procedure Call Standard for the Arm 64-bit Architecture (AAPCS64)
+* Author(s):
+  - Arm Limited
+* URL: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
+* Referenced from:
+  - [test/abicheck/README.md](test/abicheck/README.md)
+  - [test/abicheck/aarch64/abicheck_aarch64.c](test/abicheck/aarch64/abicheck_aarch64.c)
+
 ### `ACVP`
 
 * Automated Cryptographic Validation Protocol (ACVP) Server
@@ -16,6 +36,16 @@ source code and documentation.
 * Referenced from:
   - [README.md](README.md)
 
+### `ArmARMv8M`
+
+* Armv8-M Architecture Reference Manual (DDI 0553)
+* Author(s):
+  - Arm Limited
+* URL: https://developer.arm.com/documentation/ddi0553/latest/
+* Referenced from:
+  - [test/abicheck/README.md](test/abicheck/README.md)
+  - [test/abicheck/armv81m/abicheck_armv81m.c](test/abicheck/armv81m/abicheck_armv81m.c)
+
 ### `AutoCorrode`
 
 * AutoCorrode software verification framework for Isabelle/HOL
@@ -347,6 +377,19 @@ source code and documentation.
   - [proofs/hol_light/aarch64/mldsa/intt_aarch64_asm.S](proofs/hol_light/aarch64/mldsa/intt_aarch64_asm.S)
   - [proofs/hol_light/aarch64/mldsa/ntt_aarch64_asm.S](proofs/hol_light/aarch64/mldsa/ntt_aarch64_asm.S)
 
+### `SysVAMD64`
+
+* System V Application Binary Interface — AMD64 Architecture Processor Supplement
+* Author(s):
+  - Michael Matz
+  - Jan Hubička
+  - Andreas Jaeger
+  - Mark Mitchell
+* URL: https://gitlab.com/x86-psABIs/x86-64-ABI
+* Referenced from:
+  - [test/abicheck/README.md](test/abicheck/README.md)
+  - [test/abicheck/x86_64/abicheck_x86_64.c](test/abicheck/x86_64/abicheck_x86_64.c)
+
 ### `libmceliece`
 
 * libmceliece implementation of Classic McEliece

BIBLIOGRAPHY.yml

@@ -204,3 +204,31 @@
   name: Project Wycheproof
   author: Community Cryptography Specification Project
   url: https://github.com/C2SP/wycheproof
+
+- id: AAPCS64
+  short: AAPCS64
+  name: "Procedure Call Standard for the Arm 64-bit Architecture (AAPCS64)"
+  author: Arm Limited
+  url: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
+
+- id: AAPCS32
+  short: AAPCS32
+  name: "Procedure Call Standard for the Arm Architecture (AAPCS32)"
+  author: Arm Limited
+  url: https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst
+
+- id: SysVAMD64
+  short: System V AMD64 psABI
+  name: "System V Application Binary Interface — AMD64 Architecture Processor Supplement"
+  author:
+  - Matz, Michael
+  - Hubička, Jan
+  - Jaeger, Andreas
+  - Mitchell, Mark
+  url: https://gitlab.com/x86-psABIs/x86-64-ABI
+
+- id: ArmARMv8M
+  short: Armv8-M ARM
+  name: "Armv8-M Architecture Reference Manual (DDI 0553)"
+  author: Arm Limited
+  url: https://developer.arm.com/documentation/ddi0553/latest/

Makefile

@@ -18,7 +18,7 @@
 	clean quickcheck check-defined-CYCLES \
 	size_44 size_65 size_87 size \
 	run_size_44 run_size_65 run_size_87 run_size \
-	host_info
+	host_info abicheck run_abicheck
 
 SHELL := /usr/bin/env bash
 .DEFAULT_GOAL := build
@@ -47,7 +47,7 @@ quickcheck: test
 build: func kat acvp wycheproof
 	$(Q)echo "  Everything builds fine!"
 
-test: run_kat run_func run_acvp run_wycheproof run_unit run_alloc run_rng_fail
+test: run_kat run_func run_acvp run_wycheproof run_unit run_alloc run_rng_fail run_abicheck
 	$(Q)echo "  Everything checks fine!"
 
 run_kat_44: kat_44
@@ -247,6 +247,22 @@ run_size: \
 	run_size_65 \
 	run_size_87
 
+# ABI checker: verifies each assembly kernel preserves the callee-saved
+# registers its platform calling convention requires. Needs OPT=1 (the native
+# .S kernels are only assembled then), and on x86_64 also relies on
+# MLD_SYSV_ABI_SUPPORTED because the call stub is hand-written SysV asm.
+# Unsupported targets get an empty registry and exit success, so this builds
+# and runs cleanly on every arch (e.g. riscv64) with no explicit allowlist.
+ifeq ($(OPT),1)
+abicheck: $(ABICHECK_DIR)/bin/abicheck
+
+run_abicheck: abicheck
+	$(W) $(ABICHECK_DIR)/bin/abicheck
+else
+abicheck:
+run_abicheck:
+endif
+
 # Display host and compiler feature detection information
 # Shows which architectural features are supported by both the compiler and host CPU
 # Usage: make host_info [AUTO=0|1] [CROSS_PREFIX=...]

dev/aarch64_clean/src/intt_aarch64_asm.S

@@ -27,6 +27,33 @@
 
 /* AArch64 ML-DSA inverse NTT following @[NeonNTT], @[SLOTHY_Paper], and @[NeonNTT_Autoformalised] */
 
+/*yaml
+  Name: intt_aarch64_asm
+  Description: AArch64 ML-DSA inverse NTT
+  Signature: void mld_intt_aarch64_asm(int32_t *r, const int32_t *zetas_l78, const int32_t *zetas_l123456)
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: read/write
+      c_parameter: int32_t *r
+      description: Input/output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 1536
+      permissions: read-only
+      c_parameter: const int32_t *zetas_l78
+      description: Twiddle factors for layers 7-8 (384 x int32_t)
+    x2:
+      type: buffer
+      size_bytes: 640
+      permissions: read-only
+      c_parameter: const int32_t *zetas_l123456
+      description: Twiddle factors for layers 1-6 (160 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) && \
     !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)

dev/aarch64_clean/src/mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm.S

@@ -2,6 +2,33 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
+/*yaml
+  Name: polyvecl_pointwise_acc_montgomery_l4_aarch64_asm
+  Description: AArch64 pointwise multiply-accumulate of length-4 polynomial vectors
+  Signature: void mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm(int32_t *r, const int32_t a[4][256], const int32_t b[4][256])
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: write-only
+      c_parameter: int32_t *r
+      description: Output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 4096
+      permissions: read-only
+      c_parameter: const int32_t a[4][256]
+      description: Input polynomial vector a (4 x 256 x int32_t)
+    x2:
+      type: buffer
+      size_bytes: 4096
+      permissions: read-only
+      c_parameter: const int32_t b[4][256]
+      description: Input polynomial vector b (4 x 256 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
            (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLDSA_L == 4)

dev/aarch64_clean/src/mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm.S

@@ -2,6 +2,33 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
+/*yaml
+  Name: polyvecl_pointwise_acc_montgomery_l5_aarch64_asm
+  Description: AArch64 pointwise multiply-accumulate of length-5 polynomial vectors
+  Signature: void mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm(int32_t *r, const int32_t a[5][256], const int32_t b[5][256])
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: write-only
+      c_parameter: int32_t *r
+      description: Output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 5120
+      permissions: read-only
+      c_parameter: const int32_t a[5][256]
+      description: Input polynomial vector a (5 x 256 x int32_t)
+    x2:
+      type: buffer
+      size_bytes: 5120
+      permissions: read-only
+      c_parameter: const int32_t b[5][256]
+      description: Input polynomial vector b (5 x 256 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
            (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLDSA_L == 5)

dev/aarch64_clean/src/mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm.S

@@ -2,6 +2,33 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
+/*yaml
+  Name: polyvecl_pointwise_acc_montgomery_l7_aarch64_asm
+  Description: AArch64 pointwise multiply-accumulate of length-7 polynomial vectors
+  Signature: void mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm(int32_t *r, const int32_t a[7][256], const int32_t b[7][256])
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: write-only
+      c_parameter: int32_t *r
+      description: Output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 7168
+      permissions: read-only
+      c_parameter: const int32_t a[7][256]
+      description: Input polynomial vector a (7 x 256 x int32_t)
+    x2:
+      type: buffer
+      size_bytes: 7168
+      permissions: read-only
+      c_parameter: const int32_t b[7][256]
+      description: Input polynomial vector b (7 x 256 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED) && \
            (defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLDSA_L == 7)

dev/aarch64_clean/src/ntt_aarch64_asm.S

@@ -27,6 +27,33 @@
 
 /* AArch64 ML-DSA forward NTT following @[NeonNTT], @[SLOTHY_Paper], and @[NeonNTT_Autoformalised] */
 
+/*yaml
+  Name: ntt_aarch64_asm
+  Description: AArch64 ML-DSA forward NTT
+  Signature: void mld_ntt_aarch64_asm(int32_t *r, const int32_t *zetas_l123456, const int32_t *zetas_l78)
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: read/write
+      c_parameter: int32_t *r
+      description: Input/output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 576
+      permissions: read-only
+      c_parameter: const int32_t *zetas_l123456
+      description: Twiddle factors for layers 1-6 (144 x int32_t)
+    x2:
+      type: buffer
+      size_bytes: 1536
+      permissions: read-only
+      c_parameter: const int32_t *zetas_l78
+      description: Twiddle factors for layers 7-8 (384 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) && \
     !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)

dev/aarch64_clean/src/pointwise_montgomery_aarch64_asm.S

@@ -2,6 +2,27 @@
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
+/*yaml
+  Name: poly_pointwise_montgomery_aarch64_asm
+  Description: AArch64 pointwise Montgomery multiplication of two polynomials
+  Signature: void mld_poly_pointwise_montgomery_aarch64_asm(int32_t *a, const int32_t *b)
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: read/write
+      c_parameter: int32_t *a
+      description: Input/output polynomial (256 x int32_t)
+    x1:
+      type: buffer
+      size_bytes: 1024
+      permissions: read-only
+      c_parameter: const int32_t *b
+      description: Input polynomial (256 x int32_t)
+*/
+
 #include "../../../common.h"
 #if defined(MLD_ARITH_BACKEND_AARCH64) &&                                      \
     (!defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API) || \

dev/aarch64_clean/src/poly_caddq_aarch64_asm.S

@@ -2,6 +2,21 @@
  * Copyright (c) The mldsa-native project authors
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
+/*yaml
+  Name: poly_caddq_aarch64_asm
+  Description: AArch64 conditional addition of q to each coefficient
+  Signature: void mld_poly_caddq_aarch64_asm(int32_t *a)
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: read/write
+      c_parameter: int32_t *a
+      description: Input/output polynomial (256 x int32_t)
+*/
+
 #include "../../../common.h"
 
 #if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)

dev/aarch64_clean/src/poly_chknorm_aarch64_asm.S

@@ -2,6 +2,26 @@
  * Copyright (c) The mldsa-native project authors
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
+/*yaml
+  Name: poly_chknorm_aarch64_asm
+  Description: AArch64 infinity-norm bound check on polynomial coefficients
+  Signature: int mld_poly_chknorm_aarch64_asm(const int32_t *a, int32_t B)
+  ABI:
+    Architecture: aarch64
+    CallingConvention: AAPCS64
+    x0:
+      type: buffer
+      size_bytes: 1024
+      permissions: read-only
+      c_parameter: const int32_t *a
+      description: Input polynomial (256 x int32_t)
+    x1:
+      type: scalar
+      c_parameter: int32_t B
+      description: Norm bound
+      test_with: 131072  # representative non-negative bound (1 << 17)
+*/
+
 #include "../../../common.h"
 
 #if defined(MLD_ARITH_BACKEND_AARCH64) && !defined(MLD_CONFIG_MULTILEVEL_NO_SHARED)