[cfe-dev] Security fail (memset being optimized away)

Keane, Erich via cfe-dev cfe-dev at lists.llvm.org
Thu Jan 3 08:45:53 PST 2019

In my experience, most of the assumptions PEOPLE make about what Volatile means is incorrect.  The compiler is doing what it is allowed to.

Check out: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1152r0.html 
JF's paper has a pretty solid explanation of what volatile really means (as well as ways we can fix it).

-----Original Message-----
From: cfe-dev [mailto:cfe-dev-bounces at lists.llvm.org] On Behalf Of myLC at gmx.de via cfe-dev
Sent: Thursday, January 3, 2019 8:43 AM
To: cfe-dev at lists.llvm.org
Subject: [cfe-dev] Security fail (memset being optimized away)

On Jan 3 8:31, Keane Erich wrote:
 > I believe that solution is able to be optimized out as well  > (see the comment in the C99 solution).
 > memset_s (C11)  and SecureZeroMemory (MSVC) are the two  > standards compliant ways that guarantee they won't be  > optimized out.

It doesn't quench my curiosity, though. ;-) What about other (your own) functions?

Isn't it a bug, if a compiler takes false assumptions on volatiles? This would mean that it doesn't work, even though it really should (which, of course, is of little help in the real world).

cfe-dev mailing list
cfe-dev at lists.llvm.org

More information about the cfe-dev mailing list