Boost :

Subject: Re: [boost] [xint] Boost.XInt formal review
From: Nevin Liber (nevin_at_[hidden])
Date: 2011-03-11 12:28:25

• Next message: Mathias Gaunard: "Re: [boost] [XInt] Some after thoughts"
• Previous message: Stewart, Robert: "Re: [boost] [Filesystem.v3] Request to rename imbue to something else like global_locale"
• In reply to: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Next in thread: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"

On 10 March 2011 18:24, Chad Nelson <chad.thecomfychair_at_[hidden]> wrote:

>
> Airtight security is a hard problem that requires massive amounts of
> time and attention to get right, and is best reserved for programs that
> absolutely require it.
>

Forget about airtight. What guarantees are you making that the memory has
been zeroed in the presence of an aggressive optimizer?

For instance (reworded from recent C++0x committee discussions), the
following:

struct EraseOnDtor
{
    ~EraseOnDtor() {s .assign(s.size(), '\0'); }

    std::string s;
};

is not guaranteed to zero the string on destruction, because the call to
assign can be optimized out since it has no observable behavior when the
string is immediately destroyed afterwards.

This stuff is hard to get right. You are better off not implementing it.

-- 
 Nevin ":-)" Liber  <mailto:nevin_at_[hidden]>  (847) 691-1404

• Next message: Mathias Gaunard: "Re: [boost] [XInt] Some after thoughts"
• Previous message: Stewart, Robert: "Re: [boost] [Filesystem.v3] Request to rename imbue to something else like global_locale"
• In reply to: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Next in thread: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk