I guess people are just going to keep discovering that you can't really make a C compiler do constant time
-
I guess people are just going to keep discovering that you can't really make a C compiler do constant time
https://www.theregister.com/2026/02/09/compilers_undermine_encryption/
@regehr Do you think it would be possible to make a special-purpose optimization mode that only makes changes which are "safe" for cryptographic code? Or is that too underspecified/hard of a problem?
-
@regehr Do you think it would be possible to make a special-purpose optimization mode that only makes changes which are "safe" for cryptographic code? Or is that too underspecified/hard of a problem?
@rachelplusplus there's some work in this direction in the LLVM community!
https://discourse.llvm.org/t/rfc-constant-time-coding-support/87781
-
I guess people are just going to keep discovering that you can't really make a C compiler do constant time
https://www.theregister.com/2026/02/09/compilers_undermine_encryption/
"Can it be fair to require the average programmer to understand inline assembly, or any of these other inherently obtuse obfuscation techniques?"
can it be fair for the average programmer (if they don't understand this stuff) to just not write code where timing channels matter? who even writes these articles
-
I guess people are just going to keep discovering that you can't really make a C compiler do constant time
https://www.theregister.com/2026/02/09/compilers_undermine_encryption/
@regehr I would be interested to see the same article focused on CompCert instead. Otherwise, cryptographers might need to... roll their own assembly? Crazy idea in 2026 if true
-
@regehr I would be interested to see the same article focused on CompCert instead. Otherwise, cryptographers might need to... roll their own assembly? Crazy idea in 2026 if true
@ashguy CompCert absolutely makes no promises about this, and (in most cases) neither does the hardware -- which absolutely matters
people who care about this need to work in actual solutions, not faith-based efforts like obfuscating the code
-
@secretasianman it's really bad
-
@rygorous sure, and the right answer is to figure out real solutions (as seems to be happening in LLVM, for constant time), not complaining about the optimizer
-
@rygorous don't worry the LLMs will do this asm rewriting for us
-
@rygorous @regehr Regarding diffing, the thread I had with John the other day got me thinking about using FileCheck for that kind of thing and I want to try it out, but I suspect the problem is that it's either too loose or too strict in terms of the matching depending on how many matches you specify, across compilers. Either way, too much work on maintain.
-
"Can it be fair to require the average programmer to understand inline assembly, or any of these other inherently obtuse obfuscation techniques?"
can it be fair for the average programmer (if they don't understand this stuff) to just not write code where timing channels matter? who even writes these articles
@regehr What about fractions?
-
@regehr What about fractions?
-
@rygorous @regehr And ABI-related bugs can be much more insidious than I once thought, since they're not guaranteed to actually crash as one might expect. They can just lurk there as vulnerabilities, potentially causing crashes in totally unrelated code:
https://randomascii.wordpress.com/2022/11/21/please-restore-our-registers-when-youre-done-with-them/
-
"Can it be fair to require the average programmer to understand inline assembly, or any of these other inherently obtuse obfuscation techniques?"
can it be fair for the average programmer (if they don't understand this stuff) to just not write code where timing channels matter? who even writes these articles
@regehr even the best programmers in the world struggle with this kind of stuff, ffs...
-
-
-
well, if the problems are important enough, something like this:
https://discourse.llvm.org/t/rfc-constant-time-coding-support/87781
-
I guess people are just going to keep discovering that you can't really make a C compiler do constant time
https://www.theregister.com/2026/02/09/compilers_undermine_encryption/
@regehr all I will say to that is eyup
-
@rygorous @pervognsen aw, look at all the little nans and infs flying and being free!!!
-
@kaoudis I've not been paying too much attention to the LLVM effort-- anything interesting going on there? or should I just dig into the discourse?
-
@rygorous @pervognsen aw, look at all the little nans and infs flying and being free!!!
