My understanding is that for crypto specifically it constant-time algorithms matter due to security implications, and those are only available when you use specific branchless assembly instructions, so it's not just performance
charcircuit•56m ago
CPUs do not guarantee that branchless instructions always take the same amount of time.
Arnavion•54m ago
CPUs guarantee what they guarantee, and if they guarantee that a certain instruction takes an operand-independent time then it does.
For example a RISC-V CPU implementing the Zkt extension is required to implement a whole bunch of logical and arithmetic integer operations with operand-independent timing. This includes the two "branchless move" instructions from the Zicond extension, czero.eqz and czero.nez.
foobiekr•50m ago
Just to pick nits, the important thing is basically no secret-dependent { branches, loop bounds checks, memory accesses }. This is a lot more complex than simple "constant time."
cyberax•1h ago
Remember that Go actually compiles the code to machine code directly, so it needs to have an assembler for its compiler. And if you have it, then why not make it available?
Stratoscope•23m ago
> Go actually compiles the code to machine code directly
True.
> so it needs to have an assembler for its compiler.
No, it doesn't need an assembler for this. As you said correctly, it compiles to machine code directly.
While it was once fairly common to use assembly as an intermediate step, very few or any modern compilers do that. They just compile directly to binary machine code.
Go does have a -S flag to generate assembly language so you can review the generated code more easily. But that assembly code isn't part of the compilation pipeline, it's just optional output for human review.
foobiekr•49m ago
Sometimes you need assembly. There's nothing shocking here other than Go doing this well when it's a gap for most languages.
jasonthorsness•2h ago
nu11ptr•1h ago
pjmlp•1h ago
For all my complaints about Go's design, that is certainly one that I appreciate.
Thaxll•1h ago
https://go.dev/wiki/AssemblyPolicy
https://github.com/golang/go/tree/master/src/crypto/internal...
nasretdinov•1h ago
charcircuit•56m ago
Arnavion•54m ago
For example a RISC-V CPU implementing the Zkt extension is required to implement a whole bunch of logical and arithmetic integer operations with operand-independent timing. This includes the two "branchless move" instructions from the Zicond extension, czero.eqz and czero.nez.
foobiekr•50m ago
cyberax•1h ago
Stratoscope•23m ago
True.
> so it needs to have an assembler for its compiler.
No, it doesn't need an assembler for this. As you said correctly, it compiles to machine code directly.
While it was once fairly common to use assembly as an intermediate step, very few or any modern compilers do that. They just compile directly to binary machine code.
Go does have a -S flag to generate assembly language so you can review the generated code more easily. But that assembly code isn't part of the compilation pipeline, it's just optional output for human review.
foobiekr•49m ago