diff options
Diffstat (limited to 'src/third_party/fiat/p256_32.h')
| -rw-r--r-- | src/third_party/fiat/p256_32.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/third_party/fiat/p256_32.h b/src/third_party/fiat/p256_32.h index faaa0b04..638eb5d9 100644 --- a/src/third_party/fiat/p256_32.h +++ b/src/third_party/fiat/p256_32.h @@ -77,7 +77,13 @@ static void fiat_p256_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, ui static void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { fiat_p256_uint1 x1 = (!(!arg1)); uint32_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - uint32_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + // Note this line has been patched from the synthesized code to add value + // barriers. + // + // Clang recognizes this pattern as a select. While it usually transforms it + // to a cmov, it sometimes further transforms it into a branch, which we do + // not want. + uint32_t x3 = ((value_barrier_u32(x2) & arg3) | (value_barrier_u32(~x2) & arg2)); *out1 = x3; } |