From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5137 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: thoughts on reallocarray, explicit_bzero? Date: Mon, 19 May 2014 12:58:57 -0400 Message-ID: <20140519165857.GQ507@brightrain.aerifal.cx> References: <20140519153130.GA519@muslin> <20140519162556.GY12324@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1400518756 21753 80.91.229.3 (19 May 2014 16:59:16 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 19 May 2014 16:59:16 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-5142-gllmg-musl=m.gmane.org@lists.openwall.com Mon May 19 18:59:10 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1WmQu5-0000Xd-U2 for gllmg-musl@plane.gmane.org; Mon, 19 May 2014 18:59:10 +0200 Original-Received: (qmail 13848 invoked by uid 550); 19 May 2014 16:59:09 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 13839 invoked from network); 19 May 2014 16:59:09 -0000 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:5137 Archived-At: On Mon, May 19, 2014 at 06:45:08PM +0200, Daniel Cegiełka wrote: > 2014-05-19 18:25 GMT+02:00 Szabolcs Nagy : > > > i don't see how the openbsd explicit_bzero stops the > > compiler to do optimizations.. > > > > (i guess they rely on that their gcc does not do lto > > or that libc is dynamic linked and the compiler has no > > 'explicit_bzero' builtin, neither of which is a great > > solution..) > > > > the usual approach to this is volatile function pointer: > > > > static void *(*volatile force_memset)(void,int,size_t) = memset; > > > > in general in c one cannot be sure that the secret bits > > are not leaked somewhere since the languge spec cannot > > give such guarantees > > > > that said either the volatile funcptr or actually reusing > > the memory such that it cannot be optimized away works in > > practice > > first version: > > void explicit_bzero(void * const b, const size_t l) > { > volatile unsigned char *p = (volatile unsigned char *) b; > size_t i = (size_t) 0U; > > while (i < l) { > p[i++] = 0U; > } > } > > Of course, if someone has better ideas... I'm very curious :) I'm pretty sure this does not work. The volatile pointer cast (which BTW is not necessary; it happens implicitly) does not, as far as I can tell, mean "access the object via an overlapped volatile object". Rather, it just means that the compiler cannot _automatically_ assume the pointed-to object is non-volatile. It's still free to determine via other means (e.g. inter-procedural analysis/LTO/etc.) that the pointed-to object is non-volatile (and of course, in cases where this matters, that its lifetime is ending) and thereby optimize out the whole thing as dead code. Rich