> On Sep 9, 2015, at 12:36 PM, Zack Weinberg <za...@panix.com> wrote:
>
> ...
> I think the ideal feature addition to address this would be
>
> void safe(void)
> {
> struct key __attribute__((sensitive)) k = get_key();
> use_key(k);
> }
That certainly is a cleaner answer. What is attractive about it is that it
expresses the need for variables (data) to be given different treatment, rather
than expecting the programmer to code that special treatment in every place
where that data becomes dead. It's also likely to be a whole lot harder to
implement, unfortunately.
Then again, suppose all you had is explicit_bzero, and an annotation on the
data saying it's sensitive. Can static code analyzers take care of the rest?
If so, this sort of thing doesn't need to be in the compiler.
paul
