C++ Logo

sg12

Advanced search

Re: [SG12] p1315 secure_clear

From: Ville Voutilainen <ville.voutilainen_at_[hidden]>
Date: Thu, 30 Apr 2020 23:11:03 +0300
On Thu, 30 Apr 2020 at 22:35, Richard Smith via SG12
<sg12_at_[hidden]> wrote:
> 1) I think what you're suggesting is less different from adding a standard attribute than you're suggesting. Implementations cannot entirely ignore standard attributes; they are still required to implement the checks that the attributes are applied to the right kind of entity and reject if not, and perform whatever other checks are described in the specification for the attribute. An implementation that completely ignores a standard attribute (skips it without even parsing and validating it) does not conform to the standard containing that attribute, at least for all of the existing attributes. The situation with your keyword would be largely the same; the only difference is what happens in the case where an (old or non-conforming) implementation that has not implemented the proposal in question sees the attribute: does it reject due to hitting a keyword it's never heard of, or does it (probably silently) ignore it? Maybe that's an argument in favor of a non-attribute, but you can get the same result by checking for __has_cpp_attribute and #erroring if it's unavailable, which I'd expect libraries to do anyway, so I think it's a weak argument, and maybe too weak to justify adding a keyword.

That seemed a good argument to me to make constinit a keyword. It
can't then be semi-silently ignored,
because ignoring it was deemed bad. I'm not qualified to make a call
on the badness of ignoring a request
to not leak secrets, but it seems remotely plausible that accepting
such a request and then leaking
secrets all over the place is irksome to say the least. I don't have
all that clear ideas how to avoid that
irk.

Received on 2020-04-30 15:14:14