On the cr.yp.to blog, the post “Clang vs. Clang: You’re making Clang angry” discusses the issue of compiler “optimizations” leading to bugs and security risks. Compiler writers shift blame to language standards rather than taking responsibility. Cryptographers face challenges with compilers introducing leaks, impacting security. Benchmarking shows AVX2 implementation surpasses compiler “optimizations” in performance. The blog critiques the negligible impact of compiler advances on computing power, with bugs and risks outweighing benefits. Timecop tools scan for conditional branches derived from secrets in compiled code. The post highlights the need for constant-time code and offers solutions to address compiler-induced timing leaks. Compiler “optimizations” are scrutinized for their impact on code functionality and security.
https://blog.cr.yp.to/20240803-clang.html