https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69976
--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> --- (In reply to David Malcolm from comment #5) > From a user's perspective, would this be better as a property of the data > (or of its *type*), rather than of the function? i.e. have the user mark > the on-stack buffer as security-sensitive, rather than mark the function as > a whole? > > i.e. something like > > char __attribute__((security_sensitive)) buf[16]; > > Then the compiler could: > (a) "do the right thing" for any functions containing such data: e.g. > automatically clear the array after the last use, and > (b) issue an error if the user tries to create a global variable of such a > type, and > (c) potentially suppress various optimizations on the data But even if you clear the sensitive data from the stack array, it might still live in the registers from which you stored the sensitive data into that array etc. I think per-function is better here over per-data.
