[libc-commits] [libc] [libc][c23] add memset_explicit (PR #83577)

Aaron Ballman via libc-commits libc-commits at lists.llvm.org
Thu Mar 7 07:52:31 PST 2024


AaronBallman wrote:

> Until the standard says we must memset differently then I'm not willing to accept the complexity of doing something different in our memset to support `memset_explicit`.

If you are saying that you want `memset_explicit` to behave like `memset` with a compiler barrier in the initial patch and then do additional security hardening in follow-up work, that sounds reasonable to me.

If you are saying that you want `memset_explicit` to behave like `memset` until the standard changes: as the community's WG14 rep, I don't think this is a reasonable stance to take. I explained in the RFC why your belief that the standard should be prescriptive here is not feasible. IMO, this is not in the best interests of users who want this functionality, and I'd like you to reconsider your position or at least provide significant justification for why you think a security related feature should be implemented in a way that's almost indistinguishable from malicious conformance. (Note, specific concerns like "I don't think we should do <this piece> because <this reason>" are absolutely fine by me. But "we won't make this any different from `memset` until the standard changes" is what I'm pushing back on, if that's what you're actually pushing for.)

Btw, if you'd like, I'm happy to hop in a call to discuss further so we can get on the same page more quickly.

https://github.com/llvm/llvm-project/pull/83577


More information about the libc-commits mailing list