Incorrect explanation of Unsafe usages

[KaiserKarel]

trafficstars

https://github.com/dalek-cryptography/subtle/blob/b4b070c3faf87cb8f324bd0ed0a5e5ec32d3a5b0/src/lib.rs#L223 remarks that u8 is neither Send nor Sync, however u8 has auto-trait implementations for both: https://doc.rust-lang.org/std/primitive.u8.html#impl-Sync

[dsprenkels]

I think a good point is being raised here. I am not sure whether the documentation changed in the meantime, or whether I missed something last time. However, we could update the comment with new argumentation following the current requirements for volatile reads:

• https://doc.rust-lang.org/core/ptr/fn.read_volatile.html#safety
• https://doc.rust-lang.org/core/ptr/index.html#safety

[tarcieri]

IIUC it's bad to mix volatile and non-volatile operations.

The current implementation seems to be built on a non-volatile read (to load the user-provided u8) but does not make any use of volatile writes.

It seems like it would be better to use volatile_write to write the value to the Choice, and volatile_read to retrieve it, making Choice something of a VolatileCell type, although even that doesn't provide a proper abstraction when used with references, and without Pin it may change locations with moves.

Some other options include cmov-like predication instructions as well as #96