I'd love if this could make it into Rust... but I'm wondering if it'd be a bit of a burden on the creators of alternative backends (e.g. Cranelift), since if they implemented it naively, they would be unsuitable for compiling cryptographic code using it.
> but I'm wondering if it'd be a bit of a burden on the creators of alternative backends (e.g. Cranelift)
Technically any new feature that requires backend support is an additional burden on backend devs. There's nothing special about constant-time builtins in this respect.
> since if they implemented it naively
Strictly speaking, whether an implementation is naive is independent of whether it is correct. An implementation that purports to be constant time while not actually being constant time is wrong, no matter how naive or sophisticated the implementation may be.
