wycheproof VS JDK

I failed to notice the relevant Wycheproof test vectors because they weren’t listed on the front page (they still aren’t).

When I wrote the Monocypher cryptographic library, I didn't really know how to write serous tests. With some help, I eventually got something pretty good, with 100% code and path coverage, that test every possible input lengths as well as obscure corner cases I stole from various places (most notably Whycheproof).

"GitHub - google/wycheproof: Project Wycheproof tests crypto libraries against known attacks." https://github.com/google/wycheproof

Thankfully, Curve25519 is much easier to implement, with much fewer death traps than short Weierstraß curves. For X25519, just follow DJB’s advice from ECC Hacks https://www.youtube.com/watch?v=vEt-D8xZmgE and make sure your arithmetic is up to snuff (constant time arithmetic is actually the hard part, by default I strongly suggest you steal it from the ref10 implementation).

For EdDSA, just follow the relevant explicit formulas, avoid clever (but dangerous) tricks such as converting to Montgomery form and back, and test with Wycheproof’s Ed25519 test vectors. https://github.com/google/wycheproof/blob/master/testvectors...

Have you tested all your applicable components against the Wycheproof test vectors and passed?

I felt out of the loop, thinking that Zero VM was some kind of new distro for OpenJDK but chasing <https://packages.debian.org/sid/openjdk-22-jre-zero#:~:text=...> to <https://sources.debian.org/src/openjdk-11/11.0.23%2B9-1/debi...> lead me to https://github.com/openjdk/jdk/tree/jdk-22-ga/src/hotspot/cp...

It seems that it's a specific CPU target for the Hotspot JIT for non-mainstream architectures (or for research purposes, as I saw mentioned once)

Completely gutted from the OpenJDK, last I checked. See here for the culprit PR: https://github.com/openjdk/jdk/pull/18688

> Yes, they're changing one aspect of signal handler use to work around this problem. They're not stopping the use of signal handlers in general. Hotspot continues to use signals for efficiency in general. See https://github.com/openjdk/jdk/blob/9059727df135dc90311bd476...

This whole thread is about SIGSEGV, and specifically their SIGSEGV handling. However, catching normal signals is not about efficiency.

Some of their exception handling is still odd: There is no reason for a program that receives SIGILL to ever attempt continuing. But others is fine, like catching SIGFPE to just forward an exception to the calling code.

(Sure, you could construct an argument to say that this is for efficiency if you considered the alternative to be implementing floating point in software so that all exceptions exist in user-space, but hardware floating point is the norm and such alternative would be wholly unreasonable.)

> The wonderful thing about choosing not to care about facts is having whatever opinions you want.

I appreciate the irony of you making such statement, proudly thinking that your opinion equals fact, and therefore any other opinion is not.

This discussion is nothing but subjective opinion vs. subjective opinion. Facts are (hopefully, as I can only speak for myself) inputs to both our opinions, but no opinion about "good" or "bad", "nasty" or not can ever be objective. Objective code quality does not exist.

I remember talking to Brendan about the PreserveFramePointer patch during my first months at Netflix in 2015. As of JDK 21, unfortunately it is no longer a general purpose solution for the JVM, because it prevents a fast path being taken for stack thawing for virtual threads: https://github.com/openjdk/jdk/blob/d32ce65781c1d7815a69ceac...