|
Boost : |
Subject: Re: [boost] [xint] Boost.XInt formal review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2011-03-12 02:23:08
On Sat, 12 Mar 2011 00:51:31 -0600
Nevin Liber <nevin_at_[hidden]> wrote:
>> That was brought up during the review this week. I plan to implement
>> much safer zeroing code than is presently in there now,
>
> How? Short of platform-specific extensions (which basically inhibit
> the optimizer) or waiting around for the next C standard (with
> memset_s), I'm not seeing it.
<https://groups.google.com/group/boost-list/msg/fea48e8173d6b411>
>> and provide a way for people to add their own if they feel that my
>> implementation is insufficient.
>
> Either you are making a guarantee or you aren't. If you aren't, it
> worse than not doing anything at all, as it gives people a false sense
> of security.
As you yourself noted above, anything I do is limited by being
platform-specific, of necessity. I can make plenty of guarantees, but
only for the specific platforms and compilers I have access to. For
everything else, the person using the library will have to check that
the implementation does what it's intended to do, a point I will make
abundantly clear.
>>> This stuff is hard to get right. You are better off not
>>> implementing it.
>>
>> On the contrary. It's *because* it's hard to get right that it
>> belongs in a library.
>
> By experts (and even they aren't perfect). When non-experts do it, we
> get vulnerabilities.
If an expert comes forward and volunteers his services, I'll gladly
accept them. Until then, if someone wants that feature, either they get
it from the library or they write it themselves. I don't have a great
deal of knowledge on the subject, but the odds are high that they have
even less than I do, so your argument is exactly the reason it should
be in there.
-- Chad Nelson Oak Circle Software, Inc. * * *
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk