On Fri, Nov 08, 2002 at 08:35:06AM -0500, Patrick Chkoreff wrote: > That's an interesting idea. You'd take the pointer returned by alloca and > pass it to memset. How could the optimizer possibly know that the pointer
With GCC, it's a builtin, so it will know. > I was thinking the only way to really stymie the optimizer might be to have > the program flow depend on something read from a file! You could have a > file with a single 0 word in it. At the beginning of your program, just > one time, you say this: I'm afraid optimizations could remove this too. The point, if I understand it correctly, is that operations on memory have, from the compiler's POV, a zero lifetime, since the block is freed just afterwards. So, whether you write zero or anything else there, this write can be discarded, since it's not used afterwards. Dead write, kind of. However, a compiler could not remove the file read, but it could merely not copy the data to your buffer, if the libc fread you use happens to pre-read into an internal buffer. The read would be done, but the data not forwarded to the buffer you gave. Hence, no overwrite of the key. while (!is_all_memory_zero(ptr)) zero_memory(ptr); This reads the memory afterwards, so compilers might be less careless in removing this code. Sophisticated code flow analysis would still see that nopthing depends on this code, and still remove it. I'm thinking the best way to do this portably is to *not* free the key data. Just zero it, and leave it alone. As a global variable, maybe. That way, its lifetime is infinite (except for purists :)) and the compiler has to zero it. -- Vincent Penquerc'h
