A third party "source code checker" tool warned about this line in
golang.org/x/crypto/ed25519/internal/edwards25519:
https://github.com/golang/crypto/blob/master/ed25519/internal/edwards25519/edwards25519.go#L1379. Briefly, here s12 is assigned and then never read again.
s0 += s12 * 666643
s1 += s12 * 470296
s2 += s12 * 654183
s3 -= s12 * 997805
s4 += s12 * 136657
s5 -= s12 * 683901
s12 = 0
It was flagged as an "ineffective variable assignment." The Go code is a port of the ed25519 implementation of SUPERCOP, a C project:
https://bench.cr.yp.to/supercop.html (download the source and grep for sc_reduce; the implementation is in crypto_sign/ed25519/ref10/sc_reduce.c). The C code features the same zeroing
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
If I run a simple program like that through "go tool compile -S", it looks like the last zero assignment gets optimized away. Which makes me wonder about it? Surely the GCC compiler makes the same optimization for the C implementation in supercop.
The fact that this is cryptography code makes me pause. Was the intent to zero the value in memory? If so it seems like it's ineffective. Or maybe it was left over from a block above it, where it's set back to zero before being reassigned. Or maybe it's necessary to ensure that all inputs are constant time.
I guess I am worried that the optimization affects the cryptographic correctness of the code, or potentially exposes values in memory that the program isn't supposed to expose. But maybe I'm reading too much into what the code is doing.