libcrux icon indicating copy to clipboard operation
libcrux copied to clipboard
verified publisher icon cryspen

[secrets] Check constant-time assembly on CI

Open jschneider-bensch opened this issue 4 months ago • 2 comments

  • How should the check work?
  • Is it useful to check on toy code vs actual application?

jschneider-bensch avatar Aug 21 '25 15:08 jschneider-bensch

quoting from #1094:

Right. I think it will be difficult to perform such checks if the function is inlined because it will be hard to isolate the code, but you are right that this would be closer to what we actually want to check. I would expect that the compiler would optimize small examples more aggressively because it can infer more stuff, that's why I thought we could do it that way. Maybe a mix would be good:

  • have a cfg_attr that enables inline(never). In that assembly of real code, isolate the function and make the checks.
  • have some small examples compiled with inlining and check in the assembly that this is as expected.

That way we are maybe convinced that we are constant time with inline(always) for most code.

But before we go all that length we should probably measure what the perf impact of not inlining is :)

keks avatar Aug 21 '25 15:08 keks

This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days.

github-actions[bot] avatar Nov 16 '25 01:11 github-actions[bot]