I guess people are just going to keep discovering that you can't really make a C compiler do constant time

@regehr Do you think it would be possible to make a special-purpose optimization mode that only makes changes which are "safe" for cryptographic code? Or is that too underspecified/hard of a problem?

@rachelplusplus there's some work in this direction in the LLVM community!

https://discourse.llvm.org/t/rfc-constant-time-coding-support/87781

"Can it be fair to require the average programmer to understand inline assembly, or any of these other inherently obtuse obfuscation techniques?"

can it be fair for the average programmer (if they don't understand this stuff) to just not write code where timing channels matter? who even writes these articles

@regehr I would be interested to see the same article focused on CompCert instead. Otherwise, cryptographers might need to... roll their own assembly? Crazy idea in 2026 if true

@ashguy CompCert absolutely makes no promises about this, and (in most cases) neither does the hardware -- which absolutely matters

people who care about this need to work in actual solutions, not faith-based efforts like obfuscating the code

@secretasianman it's really bad

@rygorous sure, and the right answer is to figure out real solutions (as seems to be happening in LLVM, for constant time), not complaining about the optimizer

@rygorous don't worry the LLMs will do this asm rewriting for us

@rygorous @regehr Regarding diffing, the thread I had with John the other day got me thinking about using FileCheck for that kind of thing and I want to try it out, but I suspect the problem is that it's either too loose or too strict in terms of the matching depending on how many matches you specify, across compilers. Either way, too much work on maintain.

@regehr What about fractions?

@dabeaz

@rygorous @regehr And ABI-related bugs can be much more insidious than I once thought, since they're not guaranteed to actually crash as one might expect. They can just lurk there as vulnerabilities, potentially causing crashes in totally unrelated code:

https://randomascii.wordpress.com/2022/11/21/please-restore-our-registers-when-youre-done-with-them/

@regehr even the best programmers in the world struggle with this kind of stuff, ffs...

@rygorous @regehr Petition to rename to -fun-math.

@rygorous @regehr -fhonor-yahweh -fhonor-buddha -fhonor-brahma just to be safe. You need all the help you can get with -ffast-math.

@rygorous

well, if the problems are important enough, something like this:

https://discourse.llvm.org/t/rfc-constant-time-coding-support/87781

@regehr all I will say to that is eyup

@rygorous @pervognsen aw, look at all the little nans and infs flying and being free!!!

@kaoudis I've not been paying too much attention to the LLVM effort-- anything interesting going on there? or should I just dig into the discourse?

@regehr @rygorous My first thought was, if this is meant for the far future, assuming they retain our current warning symbol for radiation seems a bit hopeful.