<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Apr 3, 2015 at 11:48 AM, Michael Hamburg <span dir="ltr"><<a href="mailto:mike@shiftleft.org" target="_blank">mike@shiftleft.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div class="h5"><span style="color:rgb(34,34,34)">It may be that if your tool chooses carefully the optimization passes — or even avoids most of them entirely — you could get constant-time operation. But I don’t know enough about LLVM’s codegen to be sure one way or the other. At least until recently, though, it was absolutely terrible at things like add-with-carry intrinsics. (Not necessarily making them variable time, but lowering add; addc to add; setc; zext; add; add.)</span><br></div></div><span class="HOEnZb"><font color="#888888"><div><br></div><div>— Mike</div></font></span></div></blockquote></div><br>I asked the Rust developers to ask the LLVM developers if it's possible to have LLVM produce guaranteed constant time code. I wasn't privy to the conversation, but my understanding is the tl;dr: was "no"<br clear="all"><div><br></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div></div>