[PATCH] D26872: Outliner: Add MIR-level outlining pass
Sean Silva via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Feb 24 13:38:01 PST 2017
silvas added a comment.
Also, this pass will almost surely introduce timing side-channel attacks into cryptography code (code that would otherwise by "constant time" and needs to be for security).
I'm not sure how heavily we care about this security aspect as a community, but I'm a slightly wary of having this on by default at any optimization level due to this issue. E.g. a size-constrained program for a secure processing element on a phone recompiles with this option and it silently breaks the security of the entire device. Hopefully the folks programming the secure element have some sort of testing to avoid this or at least have all critical primitives written in asm (or done by a hardware peripheral).
I can't think of any other optimizations we have that would move a program away from being "constant time"; is there any precedent?
https://reviews.llvm.org/D26872
More information about the llvm-commits
mailing list