SDCC has some optimizations that could make the instructions executed depend on the data, even when there is no such visible dependency in the C source. Consider e.g. a division of a signed integer by a power of two. This tends to get optimized into a conditional addition followed by a right shift. But not the runtime, energy consumption, etc depend on the value being divided. This introduces side-channels that can be used for attacks on (e.g. cryptographic) secrets.
We should introduce a command-line option and #pragma to disable such optimizations, initially for machine-independent optimizations. This would make SDCC more suitable as a compiler for applications that use cryptography.
Log in to post a comment.
