From 033ebac6629f314b162af7b76e4d95fe87fd17db Mon Sep 17 00:00:00 2001
From: Hanno Becker <beckphan@amazon.co.uk>
Date: Tue, 2 Jul 2024 04:57:10 +0100
Subject: [PATCH] Add warning & TODO regarding potential introduction of branch

scalar_signed_to_unsigned_q_16() uses the expression `(r < 0)`
for the extraction of the sign-bit, which is prone to compilers
turning them into a branch.

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
---
 mlkem/poly.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mlkem/poly.c b/mlkem/poly.c
index 288a20f4e..458a09432 100644
--- a/mlkem/poly.c
+++ b/mlkem/poly.c
@@ -110,6 +110,7 @@ uint16_t scalar_signed_to_unsigned_q_16 (int16_t c)
     int32_t r = (int32_t) c;
 
     // Add Q if r is negative
+    // TODO, WARNING: This needs to be protected from the compiler introducing a branch.
     int32_t factor = (r < 0); // 1 if r < 0; 0 if r >= 0
     r = r + (factor * KYBER_Q);