Rijndael

[Matthew Fluet]

> We definitely need an implementation.  And not just set ourselves the (low)
> hurdle of being the best ML implementation, but being competitive with C.
> 
> >From comp.lang.ml.
> 
> > Rijndael requires use of true 32 bit (i.e not 31 bit) numbers
> > and rotate instructions. While it is true that ANSI-C does not
> > have rotate instructions and instead one uses the following
> > construct instead: 
> >  
> >         #define rol(x) ((x)>>31 | ((x) <<1)

Interesting.  I'm pretty sure that the native backend could handle it, in
either of two ways.  A non-standard extension to the WORD signature with
rol : word * Word.word -> word
ror : word * Word.word -> word
and corresponding Word_rol and Word_ror primitives would be translated
just like the Word_lshift and Word_rshift primitives.  The backend already
supports rol,ror,rcl,rcr instructions (because they look just like shift
instructions), so it would be literally no work at all.

Alternatively, I'm pretty sure a peephole optimization could capture
something like the rol above, as long as the CPS optimizations didn't
manipulate it too much.  Of course, the penalty of more peephole
optimizations is longer compile times.