Stream: project-inline-asm

Topic: crypto motivations


Chris Beck (May 11 2020 at 03:25, on Zulip):

Hi, I recently read a thread in rustlang forum about "Should we ever stabilize inline assembly?" and some of the related threads. One motivation for stabilizing it that didn't appear in the discussion is that it can greatly help in successfully implementing constant-time code, which can be really important for cryptography: for example, see these links: https://software.intel.com/security-software-guidance/insights/guidelines-mitigating-timing-side-channels-against-cryptographic-implementations , https://www.chosenplaintext.ca/open-source/rust-timing-shield/security , https://github.com/dalek-cryptography/subtle/blob/master/src/lib.rs#L144 . One question I would have for cranelift folks is, if I don't have inline asm, is there any way that I can be sure I will get "CMOV" as opposed to a branch at some critical place in my program? Or would they want me to simply use out-of-line assembly .S files? Thanks for all your hard work on this feature and I hope your proposal is successful

Amanieu (May 11 2020 at 07:33, on Zulip):

I don't think cranelift will ever support inline assembly, but in the future rustc may be able to automatically translate inline assembly into calls to external assembler files. This was taken into account for the design of the asm! RFC.

bjorn3 (May 11 2020 at 09:16, on Zulip):

Currently the only places where Cranelift turns a non-branching instruction into a branching one are some float instructions and select I think. Cranelift has support for cmov, but it only emits it for ifselect with 32bit or 64bit ints. At the moment it is missing an optimization to go from icmp + select to ifcmp + ifselect, which means that cmov isn't actually used by cg_clif (a Cranelift backend for rustc of mine).

Chris Beck (May 12 2020 at 03:07, on Zulip):

thank you!

Last update: Jun 05 2020 at 23:10UTC