|
Boost : |
Subject: Re: [boost] [xint] Boost.XInt formal review
From: Nevin Liber (nevin_at_[hidden])
Date: 2011-03-11 12:28:25
On 10 March 2011 18:24, Chad Nelson <chad.thecomfychair_at_[hidden]> wrote:
>
> Airtight security is a hard problem that requires massive amounts of
> time and attention to get right, and is best reserved for programs that
> absolutely require it.
>
Forget about airtight. What guarantees are you making that the memory has
been zeroed in the presence of an aggressive optimizer?
For instance (reworded from recent C++0x committee discussions), the
following:
struct EraseOnDtor
{
~EraseOnDtor() {s .assign(s.size(), '\0'); }
std::string s;
};
is not guaranteed to zero the string on destruction, because the call to
assign can be optimized out since it has no observable behavior when the
string is immediately destroyed afterwards.
This stuff is hard to get right. You are better off not implementing it.
-- Nevin ":-)" Liber <mailto:nevin_at_[hidden]> (847) 691-1404
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk