On 09/12/2025 18:00, Thiago Macieira via Std-Proposals wrote:
> On Tuesday, 9 December 2025 03:39:52 Pacific Standard Time David Brown via Std-
> Proposals wrote:
>> A test implementation (considering only small, simple types) of
>> "hide_value" for gcc and clang could be :
>>
>> T hide_value(T x)
>> {
>> __asm__ volatile ("" : "+g" "" (x));
>> }
>
> Just FYI, I've needed this before, in other contexts. Admittedly, our code is
> very niche and this is often tied to assembly in one way or another. But it's
> not just cryptography that would use it.
>
> In our case, our objective is to make the same computation multiple times,
> over and over again, and verify that it's the same every time. Unfortunately,
> sometimes the compiler realises it *is* the same computation and eliminates
> the "multiple times" part of it, resulting in a loop over memcmp()...
>
>

I've used this construct myself a few times, which is why I am familiar
with it. It was not for cryptography, but for odd things in embedded
systems where I was mixing things from the C code with things generated
at link time or runtime, so the compiler thought it knew some details of
the data that were not actually valid.

I have no real idea if it would be possible to specify something like
this as a proposal for C and/or C++.